1*912701f9SAndroid Build Coastguard Worker# Ansible for Survey Tool 2*912701f9SAndroid Build Coastguard Worker 3*912701f9SAndroid Build Coastguard WorkerThese are ansible scripts for setup and maintenance of the Survey Tool. 4*912701f9SAndroid Build Coastguard Worker 5*912701f9SAndroid Build Coastguard Worker## Scope 6*912701f9SAndroid Build Coastguard Worker 7*912701f9SAndroid Build Coastguard WorkerRight now, the test setup mostly controls OpenLiberty, but not the nginx proxy 8*912701f9SAndroid Build Coastguard Workerdue to public port issues (https). 9*912701f9SAndroid Build Coastguard Worker 10*912701f9SAndroid Build Coastguard Worker## Setup 11*912701f9SAndroid Build Coastguard Worker 12*912701f9SAndroid Build Coastguard Worker### Setup: Control system 13*912701f9SAndroid Build Coastguard Worker 14*912701f9SAndroid Build Coastguard WorkerThis is your local system, where you control the others from. 15*912701f9SAndroid Build Coastguard Worker 16*912701f9SAndroid Build Coastguard Worker- Install Ansible <https://ansible.com> 17*912701f9SAndroid Build Coastguard Worker- Install some prereqs: 18*912701f9SAndroid Build Coastguard Worker 19*912701f9SAndroid Build Coastguard Worker```shell 20*912701f9SAndroid Build Coastguard Workeransible-galaxy install -r requirements.yml 21*912701f9SAndroid Build Coastguard Worker``` 22*912701f9SAndroid Build Coastguard Worker 23*912701f9SAndroid Build Coastguard Worker- Make sure you can `ssh` into all of the needed systems. For example, 24*912701f9SAndroid Build Coastguard Worker`ssh cldr-ref.unicode.org` should succeed without needing a password. 25*912701f9SAndroid Build Coastguard Worker 26*912701f9SAndroid Build Coastguard Worker- You should be able to run `ansible all -m ping` and get something back 27*912701f9SAndroid Build Coastguard Workerlike the following: 28*912701f9SAndroid Build Coastguard Worker 29*912701f9SAndroid Build Coastguard Worker```shell 30*912701f9SAndroid Build Coastguard Workercldr-ref.unicode.org | SUCCESS => { 31*912701f9SAndroid Build Coastguard Worker "ansible_facts": { 32*912701f9SAndroid Build Coastguard Worker "discovered_interpreter_python": "/usr/bin/python" 33*912701f9SAndroid Build Coastguard Worker }, 34*912701f9SAndroid Build Coastguard Worker "changed": false, 35*912701f9SAndroid Build Coastguard Worker "ping": "pong" 36*912701f9SAndroid Build Coastguard Worker} 37*912701f9SAndroid Build Coastguard Worker``` 38*912701f9SAndroid Build Coastguard Worker 39*912701f9SAndroid Build Coastguard Worker### Setup: Managed systems 40*912701f9SAndroid Build Coastguard Worker 41*912701f9SAndroid Build Coastguard Worker- Install python3. Make sure `python --version` 42*912701f9SAndroid Build Coastguard Workeror `python3 --version` returns "Python 3…" 43*912701f9SAndroid Build Coastguard Worker 44*912701f9SAndroid Build Coastguard Worker- TODO: these shouldn't be needed, but they are. Here's the entire 45*912701f9SAndroid Build Coastguard Workerinstall command: 46*912701f9SAndroid Build Coastguard Worker 47*912701f9SAndroid Build Coastguard Worker```shell 48*912701f9SAndroid Build Coastguard Workersudo apt-get update && sudo apt-get install python3 python-apt python3-pymysql 49*912701f9SAndroid Build Coastguard Worker``` 50*912701f9SAndroid Build Coastguard Worker 51*912701f9SAndroid Build Coastguard Worker### Setup: surveytool keypair 52*912701f9SAndroid Build Coastguard Worker 53*912701f9SAndroid Build Coastguard WorkerCreate a RSA keypair with no password for the buildbot: 54*912701f9SAndroid Build Coastguard Worker 55*912701f9SAndroid Build Coastguard Worker```shell 56*912701f9SAndroid Build Coastguard Workermkdir -p ./local-vars 57*912701f9SAndroid Build Coastguard Workerssh-keygen -t rsa -b 4096 -f ./local-vars/surveytool -P '' -C 'surveytool deploy' 58*912701f9SAndroid Build Coastguard Worker``` 59*912701f9SAndroid Build Coastguard Worker 60*912701f9SAndroid Build Coastguard WorkerThe contents of the `local-vars/surveytool.pub` file is used for the 61*912701f9SAndroid Build Coastguard Worker`key:` parameter below in `local.yml`. The `local-vars/surveytool` 62*912701f9SAndroid Build Coastguard Workerprivate key is used in the secret `RSA_KEY_SURVEYTOOL`. 63*912701f9SAndroid Build Coastguard Worker 64*912701f9SAndroid Build Coastguard WorkerThen setup github secrets as shown: 65*912701f9SAndroid Build Coastguard Worker 66*912701f9SAndroid Build Coastguard Worker- `SMOKETEST_HOST` - 67*912701f9SAndroid Build Coastguard Worker hostname of smoketest 68*912701f9SAndroid Build Coastguard Worker- `SMOKETEST_PORT` - 69*912701f9SAndroid Build Coastguard Worker port of smoketest 70*912701f9SAndroid Build Coastguard Worker- `RSA_KEY_SURVEYTOOL` - 71*912701f9SAndroid Build Coastguard Worker contents of `local-vars/surveytool` (the secret key) 72*912701f9SAndroid Build Coastguard Worker- `SMOKETEST_KNOWNHOSTS` - 73*912701f9SAndroid Build Coastguard Worker run `ssh-keyscan smoketest.example.com` where _smoketest.example.com_ 74*912701f9SAndroid Build Coastguard Worker is the name of the smoketest server. Put the results into this 75*912701f9SAndroid Build Coastguard Worker secret. One of these lines should match `~/.ssh/known_hosts` on your 76*912701f9SAndroid Build Coastguard Worker own system when you ssh into smoketest. 77*912701f9SAndroid Build Coastguard Worker Try `grep -i smoke ~/.ssh/known_hosts` 78*912701f9SAndroid Build Coastguard Worker 79*912701f9SAndroid Build Coastguard WorkerCreate a folder "cldrbackup" inside local-vars 80*912701f9SAndroid Build Coastguard Worker```shell 81*912701f9SAndroid Build Coastguard Workermkdir -p ./local-vars/cldrbackup 82*912701f9SAndroid Build Coastguard Worker``` 83*912701f9SAndroid Build Coastguard Worker 84*912701f9SAndroid Build Coastguard WorkerAdd three files inside local-vars/cldrbackup-vars: id_rsa, id_rsa.pub, and known_hosts. These must correspond to the public key for cldrbackup on corp.unicode.org. Copy existing versions if you have them. Otherwise, create new ones with `ssh-keygen -t rsa` and copy the public key to corp.unicode.org with `ssh-copy-id -i ~/.ssh/id_rsa [email protected]` 85*912701f9SAndroid Build Coastguard Worker 86*912701f9SAndroid Build Coastguard Worker### Setup: Config file 87*912701f9SAndroid Build Coastguard Worker 88*912701f9SAndroid Build Coastguard Worker- Create a file `local-vars/local.yml` matching the example values in [test-local-vars/local.yml](test-local-vars/local.yml) but with secure passwords instead of `hunter42`, ...! 89*912701f9SAndroid Build Coastguard Worker 90*912701f9SAndroid Build Coastguard Worker```yaml 91*912701f9SAndroid Build Coastguard Workercldradmin_pw: hunter46 # needs to match cldradmin pw below 92*912701f9SAndroid Build Coastguard Workermysql_users: 93*912701f9SAndroid Build Coastguard Worker # this is the account used by the survey tool itself 94*912701f9SAndroid Build Coastguard Worker # password will match /var/lib/openliberty/usr/servers/cldr/server.env 95*912701f9SAndroid Build Coastguard Worker - name: surveytool 96*912701f9SAndroid Build Coastguard Worker host: localhost 97*912701f9SAndroid Build Coastguard Worker password: hunter42 98*912701f9SAndroid Build Coastguard Worker priv: 'cldrdb.*:ALL' 99*912701f9SAndroid Build Coastguard Worker # this is the account used for administrative tasks 100*912701f9SAndroid Build Coastguard Worker # password will match /home/cldradmin/.my.sql 101*912701f9SAndroid Build Coastguard Worker - name: cldradmin 102*912701f9SAndroid Build Coastguard Worker password: hunter46 103*912701f9SAndroid Build Coastguard Worker priv: 'cldrdb.*:ALL/*.*:PROCESS' 104*912701f9SAndroid Build Coastguard Worker append_privs: yes 105*912701f9SAndroid Build Coastguard Worker# this is the account used for deployment 106*912701f9SAndroid Build Coastguard Workersurveytooldeploy: 107*912701f9SAndroid Build Coastguard Worker # TODO: surveytooldeploy.password appears to be unused? 108*912701f9SAndroid Build Coastguard Worker password: hunter43 109*912701f9SAndroid Build Coastguard Worker # vap will match CLDR_VAP in /srv/st/config/cldr.properties 110*912701f9SAndroid Build Coastguard Worker vap: hunter44 111*912701f9SAndroid Build Coastguard Worker # testpw will match CLDR_TESTPW in /srv/st/config/cldr.properties 112*912701f9SAndroid Build Coastguard Worker testpw: hunter45 113*912701f9SAndroid Build Coastguard Worker oldversion: 39 114*912701f9SAndroid Build Coastguard Worker newversion: 40 115*912701f9SAndroid Build Coastguard Worker key: ssh-rsa … ( SSH key goes here) 116*912701f9SAndroid Build Coastguard Worker certbot_admin_email: [email protected] 117*912701f9SAndroid Build Coastguard Worker certbot_certs: 118*912701f9SAndroid Build Coastguard Worker - domains: 119*912701f9SAndroid Build Coastguard Worker - cldr-ref.unicode.org 120*912701f9SAndroid Build Coastguard Worker``` 121*912701f9SAndroid Build Coastguard Worker 122*912701f9SAndroid Build Coastguard Worker## Setup: cldrcc 123*912701f9SAndroid Build Coastguard Worker 124*912701f9SAndroid Build Coastguard Worker```shell 125*912701f9SAndroid Build Coastguard Workermkdir -p local-vars/cldrcc 126*912701f9SAndroid Build Coastguard Workerssh-keygen -t rsa -b 2048 -C 'CLDR Commit Checker' -f local-vars/cldrcc/id_rsa 127*912701f9SAndroid Build Coastguard Worker``` 128*912701f9SAndroid Build Coastguard Worker 129*912701f9SAndroid Build Coastguard Worker 130*912701f9SAndroid Build Coastguard Worker## Configure 131*912701f9SAndroid Build Coastguard Worker 132*912701f9SAndroid Build Coastguard WorkerRun the setup playbook. 133*912701f9SAndroid Build Coastguard Worker 134*912701f9SAndroid Build Coastguard Worker```shell 135*912701f9SAndroid Build Coastguard Workeransible-playbook --check setup-playbook.yml 136*912701f9SAndroid Build Coastguard Worker``` 137*912701f9SAndroid Build Coastguard Worker 138*912701f9SAndroid Build Coastguard WorkerThis is in dry run mode. When it looks good to you, take the 139*912701f9SAndroid Build Coastguard Worker`--check` out and run it again. 140*912701f9SAndroid Build Coastguard Worker 141*912701f9SAndroid Build Coastguard WorkerYou can also use the `-l cldr-smoke.unicode.org` option to limit 142*912701f9SAndroid Build Coastguard Workerthe operation to a single host. 143*912701f9SAndroid Build Coastguard Worker 144*912701f9SAndroid Build Coastguard Worker## Local Test 145*912701f9SAndroid Build Coastguard Worker 146*912701f9SAndroid Build Coastguard WorkerHere’s how to deploy the SurveyTool locally and try it out. 147*912701f9SAndroid Build Coastguard Worker 148*912701f9SAndroid Build Coastguard Worker### Build 149*912701f9SAndroid Build Coastguard Worker 150*912701f9SAndroid Build Coastguard WorkerYou need a server zipfile to deploy. This is a file such as `cldr-apps.zip`. When expanded, it contains a directory tree beginning with `wlp/`. 151*912701f9SAndroid Build Coastguard Worker 152*912701f9SAndroid Build Coastguard Worker#### Option A: Local Build 153*912701f9SAndroid Build Coastguard Worker 154*912701f9SAndroid Build Coastguard Worker- Prerequisites: See <https://cldr.unicode.org/development/maven> and follow instructions to be able to run `mvn package` as shown on that page. 155*912701f9SAndroid Build Coastguard Worker 156*912701f9SAndroid Build Coastguard Worker- You can then create a server zipfile locally with maven using these command (from the top `cldr/` directory). The first command does a full build of CLDR, but skips running tests. 157*912701f9SAndroid Build Coastguard Worker 158*912701f9SAndroid Build Coastguard Worker```shell 159*912701f9SAndroid Build Coastguard Workermvn --file=tools/pom.xml install -DskipTests=true 160*912701f9SAndroid Build Coastguard Workermvn --file=tools/pom.xml -pl cldr-apps liberty:package 161*912701f9SAndroid Build Coastguard Worker``` 162*912701f9SAndroid Build Coastguard Worker 163*912701f9SAndroid Build Coastguard Worker- The output file will be in `tools/cldr-apps/target/cldr-apps.zip` 164*912701f9SAndroid Build Coastguard Worker 165*912701f9SAndroid Build Coastguard Worker 166*912701f9SAndroid Build Coastguard Worker#### Option B: Download a Build 167*912701f9SAndroid Build Coastguard Worker 168*912701f9SAndroid Build Coastguard Worker- Server Builds are actually attached to each action run in <https://github.com/unicode-org/cldr/actions/workflows/maven.yml>, look for an artifact entitled `cldr-apps-server` at the bottom of a run. 169*912701f9SAndroid Build Coastguard Worker 170*912701f9SAndroid Build Coastguard Worker- *Warning*: Clicking on this artifact will download a zipfile named `cldr-apps-server.zip` which _contains_ `cldr-apps.zip`. Double clicking or automatic downloading will often extract one too many levels of zipfiles. If you see a folder named `wlp` then you have extracted too much. From the command line you can unpack with `unzip cldr-apps-server.zip` which will extract `cldr-apps.zip`. 171*912701f9SAndroid Build Coastguard Worker 172*912701f9SAndroid Build Coastguard Worker### Deploy 173*912701f9SAndroid Build Coastguard Worker 174*912701f9SAndroid Build Coastguard Worker- install [vagrant](https://www.vagrantup.com) and some provider such as virtualbox or libvirt, see vagrant docs. 175*912701f9SAndroid Build Coastguard Worker 176*912701f9SAndroid Build Coastguard Worker- vagrant up! 177*912701f9SAndroid Build Coastguard Worker 178*912701f9SAndroid Build Coastguard Worker```shell 179*912701f9SAndroid Build Coastguard Worker# (this directory) 180*912701f9SAndroid Build Coastguard Workercd tools/scripts/ansible 181*912701f9SAndroid Build Coastguard Workervagrant up 182*912701f9SAndroid Build Coastguard Worker``` 183*912701f9SAndroid Build Coastguard Worker 184*912701f9SAndroid Build Coastguard Worker- To log into the new host, run `vagrant ssh` 185*912701f9SAndroid Build Coastguard Worker 186*912701f9SAndroid Build Coastguard Worker- To iterate, trying to reapply ansible, run `vagrant provision --provision-with=ansible` 187*912701f9SAndroid Build Coastguard Worker 188*912701f9SAndroid Build Coastguard Worker- to deploy your built server to this, use the following: 189*912701f9SAndroid Build Coastguard Worker 190*912701f9SAndroid Build Coastguard Worker```shell 191*912701f9SAndroid Build Coastguard Worker# Note 1: $(git rev-parse HEAD) just turns into a full git hash such as 72dda8d7386087bf6087de200b5edc002feca2f2, you can use an explicit hash instead. 192*912701f9SAndroid Build Coastguard Worker# Note 2: change ../../cldr-apps/target/cldr-apps.zip to point to your cldr-apps.zip file if moved 193*912701f9SAndroid Build Coastguard Workervagrant ssh -- sudo -u surveytool /usr/local/bin/deploy-to-openliberty.sh $(git rev-parse HEAD) < ../../cldr-apps/target/cldr-apps.zip 194*912701f9SAndroid Build Coastguard Worker``` 195*912701f9SAndroid Build Coastguard Worker 196*912701f9SAndroid Build Coastguard Worker- Now you should be able to login at <http://127.0.0.1:9081/cldr-apps/> 197*912701f9SAndroid Build Coastguard Worker 198*912701f9SAndroid Build Coastguard Worker- Use the user `admin@` and the password set in `surveytooldeploy.vap` above. 199*912701f9SAndroid Build Coastguard Worker 200*912701f9SAndroid Build Coastguard Worker- *Note*: <http://127.0.0.1:8880> will go to the nginx proxy, but it has login problems, see <https://unicode-org.atlassian.net/browse/CLDR-14321> 201*912701f9SAndroid Build Coastguard Worker 202*912701f9SAndroid Build Coastguard Worker### Operation 203*912701f9SAndroid Build Coastguard Worker 204*912701f9SAndroid Build Coastguard Worker- the mvn build and `deploy-to-openliberty.sh` steps above can be repeated to redeploy a new version of the server code 205*912701f9SAndroid Build Coastguard Worker- `vagrant ssh` to login and poke around at the server 206*912701f9SAndroid Build Coastguard Worker- `sudo nano /srv/st/config/cldr.properties` to edit the configuration file (will be created automatically at first ST boot, restart server to pickup changes). 207*912701f9SAndroid Build Coastguard Worker- `sudo journalctl -f` to watch server logs 208*912701f9SAndroid Build Coastguard Worker- `sudo systemctl restart openliberty@cldr` to restart the server 209*912701f9SAndroid Build Coastguard Worker- Logs are in `/var/log/openliberty/cldr` 210*912701f9SAndroid Build Coastguard Worker- `sudo -u cldradmin mysql cldrdb` will give you the raw SQL prompt 211