View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008567 | Taler | deployment and operations | public | 2024-03-05 09:31 | 2024-04-29 11:54 |
| Reporter | javier.sepulveda | Assigned To | dvn | ||
| Priority | urgent | Severity | feature | Reproducibility | have not tried |
| Status | feedback | Resolution | open | ||
| Target Version | 0.11 | ||||
| Summary | 0008567: Write Ansible playbook to deploy - Taler exchange (towards the taler-ops server) | ||||
| Description | Design requirements ================== - No merchant - No libeufin-bank - Taler exchange (yes) - Libeufin-nexus (yes) - Even though this specific TalerOPS deployment is going to have the webserver and database together in the same server, we will make the design of the playbook to have this at some extent separately, or at the very least in a way that is easy to separate, before deployment against different servers. - EBICS configuration - Taler configurations - Off-line keys setup - Use Ansible "modules" as much as possible - Avoid to include manually written .sh files if possible - Use the regional currency script (old Netzbon), as a design guide (skipping the unnecessary parts). - Javier will perform the initial playbook server requirements skeleton, to further on work in conjunction with Devan to add Taler components, and more specific Taler configurations. | ||||
| Additional Information | A new GIT repository will be created as ansible-taler-exchange.git (or similar). | ||||
| Tags | No tags attached. | ||||
|
|
New --public repository created okay. Added Devan, Grothoff and Dold. ssh://git@git.taler.net/ansible-taler-exchange.git |
|
|
In progress now. Already written a working skeleton. Tested against a test server for installing general packages. |
|
|
https://git.taler.net/ansible-taler-exchange.git/tree/ Shared with Devan, Florian and Christian. If feasible next Monday at 14:00 we will look at it together to see how Devan can include easily (trying probably to avoid executing an external .sh file, and trying to do the most with Ansible) the specific Taler exchange configuration. |
|
|
Nice work Javier. There are some notes I have about the playbook so far: ## Consolidation/Simplification I appreciate the approach of splitting things out into their constituent pieces, but I think that there are areas where this only adds complexity without much benefit. For example in the database role: https://git.taler.net/ansible-taler-exchange.git/tree/roles/database/tasks I think the yaml files there could be merged into the main.yml, and that applies to all the other roles as well. ## Variables vs Ansible Facts Your usage of variables makes sense in most instances, but I think we could replace some of them with ansible facts. Facts are basically host-set variables stored in files (by default under `/etc/ansible/facts.d/`) which ansible can reference. So the workflow would be something like: 1.) manually add a facts file on a host containing host-specific key/value pairs like passphrases 2.) run ansible playbook, which will consume those facts and use them as part of its roles ## Templates This is more of a nitpick. Instead of creating custom directories based on the context to hold my template files, I prefer to just put them in `<role>/templates/`. Then they can just be referenced by their filename without specifying a path. Another thing I like to do is leave off the `.j2` file extension. It's not required by ansible, and I'd rather have my editor not detect that it's a jinja file. I guess that's probably subjective, but like I said: nitpick. |
|
|
Thank you very much Devan for your review and feedback for improvement. If that is okay with you, I prefer to maintain the basic structure as is (for the moment), and even though makes sense your approach of trying to merge all tasks of each role, within the same main.yml, I think having things separated in little tasks files, doesn't do any harm for the moment, and at the very least for me right now, is easier to read. ### In regard, of the facts.d approach, please go for it. I am not familiar with that Ansible feature, but I can understand having additional information about destination servers can be worthwhile for the specific Taler needs, as I am aware you need to use there some passphrases. ### Lastly in regard of the use of templates, I think you are right. Using paths in Ansible is not practical and having to reference these absolute paths sometimes prevents you from being able to use them from other locations, so please use them. If you want we can speak further at 14:00 in the mumble call, and share this design approach with Florian and Christian. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-03-05 09:31 | javier.sepulveda | New Issue | |
| 2024-03-05 09:31 | javier.sepulveda | Status | new => assigned |
| 2024-03-05 09:31 | javier.sepulveda | Assigned To | => javier.sepulveda |
| 2024-03-05 09:32 | javier.sepulveda | Description Updated | |
| 2024-03-05 09:34 | javier.sepulveda | Description Updated | |
| 2024-03-06 09:06 | javier.sepulveda | Note Added: 0021714 | |
| 2024-03-08 20:45 | Christian Grothoff | Priority | normal => urgent |
| 2024-03-08 20:45 | Christian Grothoff | Severity | minor => feature |
| 2024-03-08 20:45 | Christian Grothoff | Target Version | => 0.11 |
| 2024-03-11 12:59 | javier.sepulveda | Note Added: 0021839 | |
| 2024-04-19 10:07 | javier.sepulveda | Assigned To | javier.sepulveda => dvn |
| 2024-04-19 10:07 | javier.sepulveda | Status | assigned => feedback |
| 2024-04-19 10:07 | javier.sepulveda | Note Added: 0022277 | |
| 2024-04-25 17:44 | dvn | Note Added: 0022308 | |
| 2024-04-26 11:31 | javier.sepulveda | Assigned To | dvn => javier.sepulveda |
| 2024-04-29 11:54 | javier.sepulveda | Note Added: 0022314 | |
| 2024-04-29 11:54 | javier.sepulveda | Assigned To | javier.sepulveda => dvn |
