onionoo-backend: Complete stack for AWS test/dev instance

[defaults]

allow_world_readable_tmpfiles = true

---

- hosts: onionoo-backends

  user: admin

  vars:

    onionoo_version: 7.0-1.21.0

  pre_tasks:

    - name: get sudo password

      local_action: shell pass Tor/sudo/onionoo

      register: pass_output

      changed_when: False

    - name: store as ansible become password

      set_fact: ansible_become_password="{{ pass_output.stdout_lines[0] }}"

  roles:

    - onionoo-backend-sys

    - onionoo-backend

---

- name: install xfsprogs

  apt:

    update_cache: yes

    name: xfsprogs

    state: present

  become: yes

- name: install jdk

  apt:

    update_cache: yes

    name: default-jdk

    state: present

  become: yes

- name: format service volume

  filesystem:

    fstype: xfs

    device: /dev/xvdb

  become: yes

- name: add /srv to fstab

  mount:

    src: /dev/xvdb

    path: /srv

    fstype: xfs

    dump: 0

    passno: 2

    state: mounted

  become: yes

- name: create service directory

  file:

    path: /srv/onionoo.torproject.org

    state: directory

  become: yes

- name: link /home in /srv

  file:

    src: /home

    dest: /srv/home

    state: link

  become: yes

- name: link home directories /home

  file:

    src: "{{ item.src }}"

    dest: "{{ item.dest }}"

    state: link

    force: yes

  with_items:

    - { src: /home/onionoo, dest: /srv/onionoo.torproject.org/home }

    - { src: /home/onionoo-unpriv, dest: /srv/onionoo.torproject.org/home-unpriv }

  become: yes

- name: create onionoo account

  user:

    name: onionoo

    comment: "Onionoo Service User"

    uid: 1547

    state: present

  become: yes

- name: create runtime directory

  file:

    path: /srv/onionoo.torproject.org/onionoo

    owner: onionoo

    group: onionoo

    mode: 0755

    state: directory

  become: yes

- name: create onionoo-unpriv account

  user:

    name: onionoo-unpriv

    comment: "Onionoo Unpriv Service User"

    uid: 2075

    state: present

  become: yes

- name: enable lingering for onionoo and onionoo-unpriv

  shell: "loginctl enable-linger {{ item }}"

  with_items:

    - onionoo

    - onionoo-unpriv

  become: yes

    daemon_reload: yes

  become: true

  become_user: onionoo-unpriv

- name: check for out directory

  stat:

    path: "/srv/onionoo.torproject.org/onionoo/out"

  register: out_stat

- name: populate out directory with a single run

  shell: java -Xmx4g -Dsun.net.client.defaultConnectTimeout=60000 -Dsun.net.client.defaultReadTimeout=60000 -DLOGBASE=logs -cp onionoo-{{ onionoo_version }}.jar org.torproject.metrics.onionoo.cron.Main --single-run

  args:

    chdir: /srv/onionoo.torproject.org/onionoo

  when: out_stat.stat.exists == False

  become: yes

  become_user: onionoo

- name: start onionoo service

  systemd:

    scope: user

---

# CloudFormation Stack for Onionoo development instance

# This stack will only deploy on us-east-1 and will deploy in the Metrics VPC

# aws cloudformation deploy --region us-east-1 --stack-name `whoami`-onionoo-dev --template-file onionoo-dev.yml --parameter-overrides myKeyPair="irl yubikey 4"

AWSTemplateFormatVersion: 2010-09-09

Parameters:

  myKeyPair:

    Description: Amazon EC2 Key Pair

    Type: "AWS::EC2::KeyPair::KeyName"

Resources:

  Instance:

    Type: AWS::EC2::Instance

    Properties:

      AvailabilityZone: us-east-1a

      ImageId: ami-01db78123b2b99496

      InstanceType: t2.large

      SubnetId:

        Fn::ImportValue: !Sub 'MetricsSubnet'

      KeyName: !Ref myKeyPair

      SecurityGroupIds:

        - Fn::ImportValue: !Sub 'MetricsInternetSecurityGroup'

        - Fn::ImportValue: !Sub 'MetricsPingableSecurityGroup'

        - Fn::ImportValue: !Sub 'MetricsHTTPASecurityGroup'

  ServiceVolume:

    Type: AWS::EC2::Volume

    Properties: 

      AvailabilityZone: us-east-1a

      Size: 15

      VolumeType: gp2

  ServiceVolumeAttachment:

    Type: AWS::EC2::VolumeAttachment

    Properties:

      Device: /dev/sdb

      InstanceId: !Ref Instance

      VolumeId: !Ref ServiceVolume

Outputs:

  PublicIp:

    Description: "Instance public IP"

    Value: !GetAtt Instance.PublicIp