john
/
LinuxUpskillChallenge
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Day 4 - Installing software [Repeatably] #4

New Issue
Open
opened 2022-02-09 22:38:01 +00:00 by john · 2 comments
john commented 2022-02-09 22:38:01 +00:00
Owner
Copy Link

With Ansible:

  • Update repos and upgrade packages

First role or playbook for jupyterhub:

  • nodejs from install script
  • Python packages
  • nginx redirects
  • systemd unit files

Second role, for signupendpoint:

  • python packages
  • nginx redirects
  • systemd unit files
  • transfer code files (git clone?)

Universal elements:

  • nginx installed
  • certbot / acme - DNS strategy?

The hard part: nginx site configuration requires putting blocks into the right part of the file. Will this require custom python script?

With Ansible: * Update repos and upgrade packages First role or playbook for `jupyterhub`: * nodejs from install script * Python packages * nginx redirects * systemd unit files Second role, for `signupendpoint`: * python packages * nginx redirects * systemd unit files * transfer code files (`git clone`?) Universal elements: * nginx installed * certbot / acme - DNS strategy? The hard part: nginx site configuration requires putting blocks into the right part of the file. Will this require custom python script?
john commented 2022-02-10 15:38:37 +00:00
Author
Owner
Copy Link

Partial completion: 0ca44cc623

jupyterhubsrv.yml playbook makes strides towards completing these goals. All the Jupyterhub dependencies are installed, and the service comes up.

Still TBD:

  • nginx redirects - solution will probably use "include" directives, a standard nginx sites-available file, and an ansible-managed include file https://serverfault.com/questions/950857/use-include-in-nginx-server-block-but-where-to-save
  • DNS - prerequisite for signed SSL certs - may require a separate notebook, or script/API for bind config (to point some domain name at the node's IP)
  • letsencrypt / certbot - after DNS is configured, run the commands for unattended cert assignment

Lots of overlap for the 2nd playbook role, but unique elements will include:

  • gzip or create git repo for the program being installed
Partial completion: [0ca44cc623](/gitea/john/LinuxUpskillChallenge/commit/0ca44cc6236e0ca27781e4244608cfd638a22b29) `jupyterhubsrv.yml` playbook makes strides towards completing these goals. All the Jupyterhub dependencies are installed, and the service comes up. Still TBD: * nginx redirects - solution will probably use "include" directives, a standard nginx `sites-available` file, and an ansible-managed include file https://serverfault.com/questions/950857/use-include-in-nginx-server-block-but-where-to-save * DNS - prerequisite for signed SSL certs - may require a separate notebook, or script/API for bind config (to point some domain name at the node's IP) * letsencrypt / certbot - after DNS is configured, run the commands for unattended cert assignment Lots of overlap for the 2nd playbook role, but unique elements will include: * gzip or create git repo for the program being installed
john commented 2022-02-12 04:31:10 +00:00
Author
Owner
Copy Link

Draft notebook for nginx reverse proxy config is coming along, also acquired nginx configs to turn into templates.

I can't reliably run certbot and reverse proxy until DNS is automatically updated, which I think I can do, but is probably a larger problem than all the rest of issue 4. It will require at least some elements not native to Ansible (but Bash will probably suffice). Can I build roles that work for a no-DNS config?

The benefit there would be one Ansible playbook installs reverse proxies (regardless of DNS/certbot configuration) and another configures certbot (regardless of Nginx configuration being served).

Draft notebook for nginx reverse proxy config is coming along, also acquired nginx configs to turn into templates. I can't reliably run certbot and reverse proxy until DNS is automatically updated, which I think I can do, but is probably a larger problem than all the rest of issue 4. It will require at least some elements not native to Ansible (but Bash will probably suffice). Can I build roles that work for a no-DNS config? The benefit there would be one Ansible playbook installs reverse proxies (regardless of DNS/certbot configuration) and another configures certbot (regardless of Nginx configuration being served).
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: john/LinuxUpskillChallenge#4
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?