View Issue Details

IDProjectCategoryView StatusLast Update
0008567Talerdeployment and operationspublic2024-11-27 00:26
Reporterjavier.sepulveda Assigned Todvn  
PriorityurgentSeverityfeatureReproducibilityhave not tried
Status assignedResolutionopen 
Product Versiongit (master) 
Target Version1.0 
Summary0008567: Write Ansible playbook to deploy - Taler exchange (towards the taler-ops server)
DescriptionDesign requirements
==================
- No merchant
- No libeufin-bank
- Taler exchange (yes)
- Libeufin-nexus (yes)
- Even though this specific TalerOPS deployment is going to have the webserver and database together
in the same server, we will make the design of the playbook to have this at some extent separately, or at
the very least in a way that is easy to separate, before deployment against different servers.
- EBICS configuration
- Taler configurations
- Off-line keys setup
- Use Ansible "modules" as much as possible
- Avoid to include manually written .sh files if possible
- Use the regional currency script (old Netzbon), as a design guide (skipping the unnecessary parts).
- Javier will perform the initial playbook server requirements skeleton, to further on work in conjunction with Devan to add Taler components, and more specific Taler configurations.
Additional InformationA new GIT repository will be created as ansible-taler-exchange.git (or similar).
TagsNo tags attached.

Activities

javier.sepulveda

2024-03-06 09:06

administrator   ~0021714

New --public repository created okay. Added Devan, Grothoff and Dold.

ssh://git@git.taler.net/ansible-taler-exchange.git

javier.sepulveda

2024-03-11 12:59

administrator   ~0021839

In progress now. Already written a working skeleton. Tested against a test server for installing general packages.

javier.sepulveda

2024-04-19 10:07

administrator   ~0022277

https://git.taler.net/ansible-taler-exchange.git/tree/

Shared with Devan, Florian and Christian.

If feasible next Monday at 14:00 we will look at it together to see how Devan can include easily (trying
probably to avoid executing an external .sh file, and trying to do the most with Ansible) the specific Taler exchange configuration.

dvn

2024-04-25 17:44

developer   ~0022308

Nice work Javier.

There are some notes I have about the playbook so far:

## Consolidation/Simplification
I appreciate the approach of splitting things out into their constituent pieces, but I think that there are areas where this only adds complexity without much benefit. For example in the database role: https://git.taler.net/ansible-taler-exchange.git/tree/roles/database/tasks

I think the yaml files there could be merged into the main.yml, and that applies to all the other roles as well.

## Variables vs Ansible Facts
Your usage of variables makes sense in most instances, but I think we could replace some of them with ansible facts. Facts are basically host-set variables stored in files (by default under `/etc/ansible/facts.d/`) which ansible can reference. So the workflow would be something like: 1.) manually add a facts file on a host containing host-specific key/value pairs like passphrases 2.) run ansible playbook, which will consume those facts and use them as part of its roles

## Templates
This is more of a nitpick. Instead of creating custom directories based on the context to hold my template files, I prefer to just put them in `<role>/templates/`. Then they can just be referenced by their filename without specifying a path.
Another thing I like to do is leave off the `.j2` file extension. It's not required by ansible, and I'd rather have my editor not detect that it's a jinja file. I guess that's probably subjective, but like I said: nitpick.

javier.sepulveda

2024-04-29 11:54

administrator   ~0022314

Thank you very much Devan for your review and feedback for improvement.

If that is okay with you, I prefer to maintain the basic structure as is (for the moment), and even though makes sense your
approach of trying to merge all tasks of each role, within the same main.yml, I think having things separated in little tasks files,
doesn't do any harm for the moment, and at the very least for me right now, is easier to read.

###

In regard, of the facts.d approach, please go for it. I am not familiar with that Ansible feature, but I can understand
having additional information about destination servers can be worthwhile for the specific Taler needs, as I am aware you need to use there
some passphrases.

###

Lastly in regard of the use of templates, I think you are right. Using paths in Ansible is not practical and having to reference
these absolute paths sometimes prevents you from being able to use them from other locations, so please use them.

If you want we can speak further at 14:00 in the mumble call, and share this design approach with Florian and Christian.

Christian Grothoff

2024-06-26 19:07

manager   ~0022733

Dvn/Javier: What is left to do here? What are the next steps?

dvn

2024-06-26 19:35

developer   ~0022734

Well for me, I've just done a bit of cleanup and consolidation, but haven't really started expanding it out yet. As a side note, I realized that I don't have write access to the repo as my username appears to be wrongly configured in the gitolite conf. I've already notified Javier.

dvn

2024-06-26 20:11

developer   ~0022735

I've also worked on the setup of exchange. Using the regional-currency scripts in deployment.git as much as possible.

dvn

2024-06-27 18:00

developer   ~0022744

Working in this branch: https://git.taler.net/ansible-taler-exchange.git/log/?h=dev/devan-carpenter/development

dvn

2024-07-18 23:42

developer   ~0022831

Some updates:

In my branch I have this to the point where it can deploy things to the point of installing libeufin, the exchange, configuring them, and starting the services. It uses the regional-currency scripts in the deployment repo, as I mentioned above. However, these scripts expect libeufin-bank to be installed. Particularly when running libeufin-dbconfig it fails unless libeufin-bank is installed. Right now I'm just installing libeufin-bank to get past this, but that's not what we want, right? ONLY libeufin-nexus and not libeufin-bank, right?

I think it is time to diverge from the deployment.git scripts, copy them into this ansible repo, and begin modifying them to better fit the requirements.

Next up is configuring EBICS. Any advice or comments beyond what's written here? https://docs.taler.net/libeufin/nexus-manual.html#id8

dvn

2024-08-29 18:33

developer   ~0023107

Updates:

- The various Taler components are now split into their own roles. (Currently exchange and libeufin-nexus)
- dbconfig scripts are now used to setup databases instead of manual setup
- Unneeded packages are no longer installed
- Various misc. improvements
- There is a Containerfile in the project which can be run for testing. (Documentation on this is in progress).

dvn

2024-11-27 00:26

developer   ~0023760

Update for November, 2024:

  - Worked on making playbook idempotent
  - Implemented an ansible-pull role which sets up a periodic pull/run of the playbook on a given host
  - Updated README
  - Squashed commits on dev branch and merged into Master
  - Added configuration role and config files
  - Misc fixes

Handed over to Christian and he refactored to split component setup into their own roles and added Challenger, and additional changes here and there.

TODO list from Christian: https://git.taler.net/ansible-taler-exchange.git/tree/TODO

Issue History

Date Modified Username Field Change
2024-03-05 09:31 javier.sepulveda New Issue
2024-03-05 09:31 javier.sepulveda Status new => assigned
2024-03-05 09:31 javier.sepulveda Assigned To => javier.sepulveda
2024-03-05 09:32 javier.sepulveda Description Updated
2024-03-05 09:34 javier.sepulveda Description Updated
2024-03-06 09:06 javier.sepulveda Note Added: 0021714
2024-03-08 20:45 Christian Grothoff Priority normal => urgent
2024-03-08 20:45 Christian Grothoff Severity minor => feature
2024-03-08 20:45 Christian Grothoff Target Version => 0.11
2024-03-11 12:59 javier.sepulveda Note Added: 0021839
2024-04-19 10:07 javier.sepulveda Assigned To javier.sepulveda => dvn
2024-04-19 10:07 javier.sepulveda Status assigned => feedback
2024-04-19 10:07 javier.sepulveda Note Added: 0022277
2024-04-25 17:44 dvn Note Added: 0022308
2024-04-26 11:31 javier.sepulveda Assigned To dvn => javier.sepulveda
2024-04-29 11:54 javier.sepulveda Note Added: 0022314
2024-04-29 11:54 javier.sepulveda Assigned To javier.sepulveda => dvn
2024-05-13 21:22 Christian Grothoff Target Version 0.11 => 0.12
2024-06-26 19:07 Christian Grothoff Note Added: 0022733
2024-06-26 19:07 Christian Grothoff Target Version 0.12 => 0.13
2024-06-26 19:35 dvn Note Added: 0022734
2024-06-26 20:11 dvn Note Added: 0022735
2024-06-27 18:00 dvn Note Added: 0022744
2024-07-18 23:42 dvn Note Added: 0022831
2024-08-19 14:15 Christian Grothoff Product Version => git (master)
2024-08-19 14:15 Christian Grothoff Target Version 0.13 => 0.14
2024-08-19 14:50 dvn Status feedback => assigned
2024-08-29 18:33 dvn Note Added: 0023107
2024-10-06 23:59 Christian Grothoff Target Version 0.14 => 1.0
2024-11-27 00:26 dvn Note Added: 0023760