childmindresearch
diff --git a/‎.gitignore‎
Lines changed: 10 additions & 0 deletions b/‎.gitignore‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.gitmodules‎
Lines changed: 3 additions & 0 deletions b/‎.gitmodules‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎VERSION‎
Lines changed: 1 addition & 1 deletion b/‎VERSION‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎infrastructure/.terraform.lock.hcl‎
Lines changed: 0 additions & 21 deletions b/‎infrastructure/.terraform.lock.hcl‎
Lines changed: 0 additions & 21 deletions
diff --git a/‎infrastructure/README.md‎
Lines changed: 266 additions & 0 deletions b/‎infrastructure/README.md‎
Lines changed: 266 additions & 0 deletions
diff --git a/‎infrastructure/backup-state.sh‎
Lines changed: 35 additions & 0 deletions b/‎infrastructure/backup-state.sh‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎infrastructure/backups/.gitkeep‎ b/‎infrastructure/backups/.gitkeep‎
@@ -27,6 +27,16 @@ terraform.rc
 generated_*
 **/generated_*
 
+# Keep backups in git (they're important!)
+!backups/
+!backups/*.tfstate.*
+
+# Lockfiles
+.lock
+**/.terraform.lock
+**/terraform.lock
+!**/.terraform.lock.hcl
+
 # Linting temporary files
 .lint_temp
 **/.lint_temp/
 
@@ -0,0 +1,3 @@
+[submodule "javascript_jobs/autoexport"]
+	path = javascript_jobs/autoexport
+	url = https://github.com/childmindresearch/mindlogger-autoexport.git
@@ -24,12 +24,16 @@ repos:
   rev: v1.105.0
   hooks:
     - id: terraform_fmt
+      files: ^infrastructure/
     - id: terraform_tflint
       args:
       - --init
       - --config=__GIT_WORKING_DIR__/.tflint.hcl
+      files: ^infrastructure/
     - id: terraform_validate
+      files: ^infrastructure/
     - id: terraform_checkov
+      files: ^infrastructure/
 - repo: https://github.com/DavidAnson/markdownlint-cli2
   rev: v0.21.0
   hooks:
 
@@ -11,4 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - initial Terraform configuration
 - utility function library
-- Ripple to REDCap Python script / job
+- Python scripts / jobs
+  - Ripple to REDCap
+  - REDCap to REDCap
+  - REDCap to Curious
+  - Curious alerts to REDCap
@@ -1 +1 @@
-1.2.0-dev
+1.3.0-dev
@@ -0,0 +1,266 @@
+# HBN Migration Infrastructure
+
+Terraform configuration for managing HBN Migration systemd services on the VM.
+
+## Services Managed
+
+- **ripple-to-redcap**: Syncs data from Ripple to REDCap
+- **redcap-to-redcap**: Syncs REDCap data
+- **redcap-to-curious**: Syncs data from REDCap to Curious
+- **curious-alerts-websocket**: Always-on WebSocket service for Curious alerts
+- **hbn-sync.timer**: Runs the above sync services on schedule
+
+## Quick Start
+
+### 1. Initial Setup
+
+```bash
+# Install Terraform and dependencies
+./setup_terraform.sh
+
+# Copy and configure variables
+cp terraform.tfvars.example terraform.tfvars
+vim terraform.tfvars  # Edit with your values
+
+# Initialize Terraform
+terraform init
+```
+
+### 2. Deploy Services
+
+```bash
+./safe-apply.sh
+```
+
+### 3. Verify Deployment
+
+```bash
+# Check services
+sudo systemctl status curious-alerts-websocket.service
+sudo systemctl status hbn-sync.timer
+sudo systemctl list-timers
+
+# View logs
+sudo journalctl -u curious-alerts-websocket -f
+tail -f /var/log/hbnmigration/*.log
+```
+
+## Workspaces
+
+This infrastructure supports Terraform workspaces for isolated testing.
+
+### Available Workspaces
+
+- `default` - Production environment
+- `test` - Testing environment (or create your own)
+
+### Workspace Commands
+
+```bash
+# Create and switch to test workspace
+terraform workspace new test
+
+# List workspaces
+terraform workspace list
+
+# Switch between workspaces
+terraform workspace select test
+terraform workspace select default
+
+# Apply to current workspace
+terraform apply
+```
+
+### Workspace Isolation
+
+Each workspace maintains:
+
+- Separate state files (`terraform.tfstate.d/<workspace>/`)
+- Isolated service names (e.g., `test-ripple-to-redcap.service`)
+- Separate project directories (e.g., `/opt/hbnmigration-test`)
+- Isolated log directories (e.g., `/var/log/hbnmigration-test`)
+- Independent cron jobs for state backups
+
+### Testing Workflow
+
+```bash
+# 1. Create test workspace
+terraform workspace new test
+
+# 2. Deploy test services
+terraform apply
+
+# 3. Verify test services
+sudo systemctl status test-ripple-to-redcap.service
+sudo journalctl -u test-curious-alerts-websocket -f
+
+# 4. When satisfied, deploy to production
+terraform workspace select default
+terraform apply
+```
+
+## Configuration
+
+Edit `terraform.tfvars` to customize:
+
+- `project_root` - Base directory for the application
+- `user_group` - System user/group for running services
+- `sync_interval_minutes` - How often sync services run (1-1440)
+- `venv_path` - Virtual environment location (relative or absolute)
+- `log_directory` - Where logs are stored
+
+## State Management
+
+### Automatic Backups
+
+State backups run automatically:
+
+- **Location**: `/var/log/hbnmigration/terraform-backups/` (or `/var/log/hbnmigration-<workspace>/terraform-backups/`)
+- **Retention**: 30 timestamped backups, 7 daily backups
+- **Schedule**: Daily via cron
+- **Manual backup**:
+
+```bash
+./backup-state.sh
+```
+
+### Restore from Backup
+
+```bash
+# List backups
+ls -lh /var/log/hbnmigration/terraform-backups/
+
+# Restore (make sure you're in the correct workspace!)
+terraform workspace select default  # or test
+cp /var/log/hbnmigration/terraform-backups/terraform.tfstate.YYYYMMDD-HHMMSS \
+   terraform.tfstate
+
+# Verify
+terraform state list
+```
+
+## Service Configuration
+
+All services receive a `WORKSPACE` environment variable indicating which workspace deployed them. Use this in your Python code to load workspace-specific configurations:
+
+```python
+import os
+
+workspace = os.environ.get('WORKSPACE', 'default')
+config_file = f'config.{workspace}.yaml'
+```
+
+## Monitoring Services
+
+### Default Workspace
+
+```bash
+# Service status
+sudo systemctl status ripple-to-redcap.service
+sudo systemctl status redcap-to-redcap.service
+sudo systemctl status redcap-to-curious.service
+sudo systemctl status curious-alerts-websocket.service
+
+# Live logs
+sudo journalctl -u curious-alerts-websocket -f
+sudo journalctl -u ripple-to-redcap -u redcap-to-redcap -u redcap-to-curious -f
+
+# File logs
+tail -f /var/log/hbnmigration/*.log
+```
+
+### Test Workspace
+
+```bash
+# Service status
+sudo systemctl status test-ripple-to-redcap.service
+sudo systemctl status test-curious-alerts-websocket.service
+
+# Live logs
+sudo journalctl -u test-curious-alerts-websocket -f
+sudo journalctl -u test-ripple-to-redcap -f
+
+# File logs
+tail -f /var/log/hbnmigration-test/*.log
+```
+
+## Cleaning Up Workspaces
+
+To remove a test workspace:
+
+```bash
+# 1. Stop and disable services
+sudo systemctl stop test-*.service test-*.timer
+sudo systemctl disable test-*.service test-*.timer
+
+# 2. Remove service files
+sudo rm /etc/systemd/system/test-*.service
+sudo rm /etc/systemd/system/test-*.timer
+sudo rm /etc/systemd/system/test-*.target
+sudo systemctl daemon-reload
+
+# 3. (Optional) Remove workspace directories and logs
+sudo rm -rf /opt/hbnmigration-test
+sudo rm -rf /var/log/hbnmigration-test
+
+# 4. Delete workspace
+terraform workspace select default
+terraform workspace delete test
+```
+
+## Maintenance
+
+### Update Service Configuration
+
+1. Edit service templates in `./services/*.tpl`
+2. Run `./safe-apply.sh`
+3. Services are automatically restarted
+
+### Change Sync Interval
+
+1. Edit `sync_interval_minutes` in `terraform.tfvars`
+2. Run `./safe-apply.sh`
+3. Timer is automatically updated
+
+### View All Service Logs
+
+```bash
+# WebSocket service (always-on)
+sudo journalctl -u curious-alerts-websocket -f
+
+# Sync services (triggered by timer)
+sudo journalctl -u ripple-to-redcap -u redcap-to-redcap -u redcap-to-curious -f
+
+# All file logs
+tail -f /var/log/hbnmigration/*.log
+
+# Check timer schedule
+sudo systemctl list-timers hbn-sync.timer
+```
+
+## Troubleshooting
+
+### Services won't start
+
+```bash
+# Check service status
+sudo systemctl status <service-name>
+
+# View full logs
+sudo journalctl -u <service-name> -n 100
+
+# Check permissions
+ls -la /opt/hbnmigration
+ls -la /var/log/hbnmigration
+```
+
+### Wrong workspace deployed
+
+```bash
+# Check current workspace
+terraform workspace show
+
+# View deployed services
+systemctl list-units 'test-*.service' --all
+systemctl list-units '*ripple*.service' --all
+```
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+STATE_DIR="/opt/hbnmigration/terraform"
+BACKUP_DIR="/opt/hbnmigration/terraform/backups"
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+
+echo "Backing up Terraform state..."
+
+# Create backup directory
+mkdir -p "$BACKUP_DIR"
+
+# Backup state file
+if [ -f "$STATE_DIR/terraform.tfstate" ]; then
+    cp "$STATE_DIR/terraform.tfstate" "$BACKUP_DIR/terraform.tfstate.$TIMESTAMP"
+    echo "✓ State backed up to: $BACKUP_DIR/terraform.tfstate.$TIMESTAMP"
+
+    # Keep only last 30 backups
+    cd "$BACKUP_DIR"
+    find . -maxdepth 1 -name "terraform.tfstate.*" -type f -printf '%T@ %p\n' | \
+        sort -rn | \
+        tail -n +31 | \
+        cut -d' ' -f2- | \
+        xargs -r rm
+    echo "✓ Cleaned up old backups (keeping last 30)"
+else
+    echo "⚠️  No state file found at $STATE_DIR/terraform.tfstate"
+fi
+
+# Backup to git if in a git repo
+if git -C "$STATE_DIR" rev-parse --git-dir > /dev/null 2>&1; then
+    cd "$STATE_DIR"
+    git add "backups/terraform.tfstate.$TIMESTAMP" 2>/dev/null || true
+    echo "✓ State backup staged for git commit"
+fi
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "javascript_jobs/autoexport"]`
	`2`	`+ path = javascript_jobs/autoexport`
	`3`	`+ url = https://github.com/childmindresearch/mindlogger-autoexport.git`