View Issue Details

IDProjectCategoryView StatusLast Update
0008567Talerdeployment and operationspublic2024-05-13 21:22
Reporterjavier.sepulveda Assigned Todvn  
PriorityurgentSeverityfeatureReproducibilityhave not tried
Status feedbackResolutionopen 
Target Version0.12 
Summary0008567: Write Ansible playbook to deploy - Taler exchange (towards the taler-ops server)
DescriptionDesign requirements
- No merchant
- No libeufin-bank
- Taler exchange (yes)
- Libeufin-nexus (yes)
- Even though this specific TalerOPS deployment is going to have the webserver and database together
in the same server, we will make the design of the playbook to have this at some extent separately, or at
the very least in a way that is easy to separate, before deployment against different servers.
- EBICS configuration
- Taler configurations
- Off-line keys setup
- Use Ansible "modules" as much as possible
- Avoid to include manually written .sh files if possible
- Use the regional currency script (old Netzbon), as a design guide (skipping the unnecessary parts).
- Javier will perform the initial playbook server requirements skeleton, to further on work in conjunction with Devan to add Taler components, and more specific Taler configurations.
Additional InformationA new GIT repository will be created as ansible-taler-exchange.git (or similar).
TagsNo tags attached.



2024-03-06 09:06

administrator   ~0021714

New --public repository created okay. Added Devan, Grothoff and Dold.



2024-03-11 12:59

administrator   ~0021839

In progress now. Already written a working skeleton. Tested against a test server for installing general packages.


2024-04-19 10:07

administrator   ~0022277

Shared with Devan, Florian and Christian.

If feasible next Monday at 14:00 we will look at it together to see how Devan can include easily (trying
probably to avoid executing an external .sh file, and trying to do the most with Ansible) the specific Taler exchange configuration.


2024-04-25 17:44

developer   ~0022308

Nice work Javier.

There are some notes I have about the playbook so far:

## Consolidation/Simplification
I appreciate the approach of splitting things out into their constituent pieces, but I think that there are areas where this only adds complexity without much benefit. For example in the database role:

I think the yaml files there could be merged into the main.yml, and that applies to all the other roles as well.

## Variables vs Ansible Facts
Your usage of variables makes sense in most instances, but I think we could replace some of them with ansible facts. Facts are basically host-set variables stored in files (by default under `/etc/ansible/facts.d/`) which ansible can reference. So the workflow would be something like: 1.) manually add a facts file on a host containing host-specific key/value pairs like passphrases 2.) run ansible playbook, which will consume those facts and use them as part of its roles

## Templates
This is more of a nitpick. Instead of creating custom directories based on the context to hold my template files, I prefer to just put them in `<role>/templates/`. Then they can just be referenced by their filename without specifying a path.
Another thing I like to do is leave off the `.j2` file extension. It's not required by ansible, and I'd rather have my editor not detect that it's a jinja file. I guess that's probably subjective, but like I said: nitpick.


2024-04-29 11:54

administrator   ~0022314

Thank you very much Devan for your review and feedback for improvement.

If that is okay with you, I prefer to maintain the basic structure as is (for the moment), and even though makes sense your
approach of trying to merge all tasks of each role, within the same main.yml, I think having things separated in little tasks files,
doesn't do any harm for the moment, and at the very least for me right now, is easier to read.


In regard, of the facts.d approach, please go for it. I am not familiar with that Ansible feature, but I can understand
having additional information about destination servers can be worthwhile for the specific Taler needs, as I am aware you need to use there
some passphrases.


Lastly in regard of the use of templates, I think you are right. Using paths in Ansible is not practical and having to reference
these absolute paths sometimes prevents you from being able to use them from other locations, so please use them.

If you want we can speak further at 14:00 in the mumble call, and share this design approach with Florian and Christian.

Issue History

Date Modified Username Field Change
2024-03-05 09:31 javier.sepulveda New Issue
2024-03-05 09:31 javier.sepulveda Status new => assigned
2024-03-05 09:31 javier.sepulveda Assigned To => javier.sepulveda
2024-03-05 09:32 javier.sepulveda Description Updated
2024-03-05 09:34 javier.sepulveda Description Updated
2024-03-06 09:06 javier.sepulveda Note Added: 0021714
2024-03-08 20:45 Christian Grothoff Priority normal => urgent
2024-03-08 20:45 Christian Grothoff Severity minor => feature
2024-03-08 20:45 Christian Grothoff Target Version => 0.11
2024-03-11 12:59 javier.sepulveda Note Added: 0021839
2024-04-19 10:07 javier.sepulveda Assigned To javier.sepulveda => dvn
2024-04-19 10:07 javier.sepulveda Status assigned => feedback
2024-04-19 10:07 javier.sepulveda Note Added: 0022277
2024-04-25 17:44 dvn Note Added: 0022308
2024-04-26 11:31 javier.sepulveda Assigned To dvn => javier.sepulveda
2024-04-29 11:54 javier.sepulveda Note Added: 0022314
2024-04-29 11:54 javier.sepulveda Assigned To javier.sepulveda => dvn
2024-05-13 21:22 Christian Grothoff Target Version 0.11 => 0.12