Merge pull request #2 from companieshouse/feature/initial-deployment-implementation

Tuxedo deployment script

Author: marcransome

ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+host_key_checking = False
+
+[inventory]
+enable_plugins = aws_ec2
+
+[ssh_connection]
+pipelining = True

deploy.yml

@@ -0,0 +1,8 @@
+---
+
+- hosts: aws_ec2
+  serial: 1
+  remote_user: centos
+  become: yes
+  roles:
+    - deploy

inventory/heritage_development_aws_ec2.yml

@@ -0,0 +1,12 @@
+plugin: aws_ec2
+boto_profile: heritage-development-eu-west-2
+
+regions:
+  - eu-west-2
+
+filters:
+  tag:Environment: development
+  tag:Service: tuxedo
+  tag:ServiceSubType: frontend
+
+hostnames: private-ip-address

inventory/heritage_staging_aws_ec2.yml

@@ -0,0 +1,12 @@
+plugin: aws_ec2
+boto_profile: heritage-staging-eu-west-2
+
+regions:
+  - eu-west-2
+
+filters:
+  tag:Environment: staging
+  tag:Service: tuxedo
+  tag:ServiceSubType: frontend
+
+hostnames: private-ip-address

requirements.yml

@@ -0,0 +1,5 @@
+---
+
+collections:
+- name: amazon.aws
+- name: community.hashi_vault

roles/deploy/defaults/main.yml

@@ -0,0 +1,56 @@
+---
+
+tuxedo_service_group: tuxedo
+tuxedo_service_users:
+  - ceu
+  - chd
+  - ewf
+  - xml
+
+tuxedo_service_user_id_minimum: 1010
+tuxedo_service_user_id_increment: 10
+tuxedo_service_ipc_key_start: 48000
+tuxedo_service_ipc_key_increment: 100
+tuxedo_service_domain_port_start: 38000
+tuxedo_service_domain_port_increment: 100
+
+tuxedo_service_config:
+  ceu:
+    gid: "{{ tuxedo_service_user_id_minimum + (0 * tuxedo_service_user_id_increment) | int }}"
+    uid: "{{ tuxedo_service_user_id_minimum + (0 * tuxedo_service_user_id_increment) | int }}"
+    ipc_key: "{{ tuxedo_service_ipc_key_start + (0 * tuxedo_service_ipc_key_increment) | int }}"
+    local_domain_port: "{{ tuxedo_service_domain_port_start + (0 * tuxedo_service_domain_port_increment) | int }}"
+    shared_memory_id: 5000
+    required_databases:
+      - chdata
+  chd:
+    gid: "{{ tuxedo_service_user_id_minimum + (1 * tuxedo_service_user_id_increment) | int }}"
+    uid:  "{{ tuxedo_service_user_id_minimum + (1 * tuxedo_service_user_id_increment) | int }}"
+    ipc_key: "{{ tuxedo_service_ipc_key_start + (1 * tuxedo_service_ipc_key_increment) | int }}"
+    local_domain_port: "{{ tuxedo_service_domain_port_start + (1 * tuxedo_service_domain_port_increment) | int }}"
+    shared_memory_id: 4000
+    required_databases:
+      - chdata
+  ewf:
+    gid: "{{ tuxedo_service_user_id_minimum + (2 * tuxedo_service_user_id_increment) | int }}"
+    uid: "{{ tuxedo_service_user_id_minimum + (2 * tuxedo_service_user_id_increment) | int }}"
+    ipc_key: "{{ tuxedo_service_ipc_key_start + (2 * tuxedo_service_ipc_key_increment) | int }}"
+    local_domain_port: "{{ tuxedo_service_domain_port_start + (2 * tuxedo_service_domain_port_increment) | int }}"
+    shared_memory_id: 2000
+    required_databases:
+      - bcd
+      - chdata
+      - ewf
+  xml:
+    gid: "{{ tuxedo_service_user_id_minimum + (3 * tuxedo_service_user_id_increment) | int }}"
+    uid: "{{ tuxedo_service_user_id_minimum + (3 * tuxedo_service_user_id_increment) | int }}"
+    ipc_key: "{{ tuxedo_service_ipc_key_start + (3 * tuxedo_service_ipc_key_increment) | int }}"
+    local_domain_port: "{{ tuxedo_service_domain_port_start + (3 * tuxedo_service_domain_port_increment) | int }}"
+    shared_memory_id: 3000
+    required_databases:
+      - bcd
+      - chdata
+      - xml
+
+deployment_dir: deployment
+rollback_dir: rollback

roles/deploy/tasks/deploy.yml

@@ -0,0 +1,181 @@
+---
+
+- name: Retrieve service-specific database credentials from Hashicorp Vault
+  set_fact:
+    "{{ item }}_db_credentials": "{{ lookup('community.hashi_vault.hashi_vault', 'applications/heritage-{{ environment_name }}-eu-west-2/tuxedo/database/{{ item }}') }}"
+  no_log: True
+  loop: "{{ tuxedo_service_config[tuxedo_user].required_databases }}"
+
+- name: Set database credential variables for template population
+  set_fact:
+    "{{ item }}_database_password": "{{ vars[item + '_db_credentials']['database_password'] }}"
+    "{{ item }}_database_username": "{{ vars[item + '_db_credentials']['database_username'] }}"
+    "{{ item }}_database_tns_name": "{{ vars[item + '_db_credentials']['database_tns_name'] }}"
+  no_log: True
+  loop: "{{ tuxedo_service_config[tuxedo_user].required_databases }}"
+
+- name: Set additional variables for template population
+  set_fact:
+    private_host_address: "{{ inventory_hostname }}"
+    private_host_local_domain_port: "{{ tuxedo_service_config[tuxedo_user].local_domain_port }}"
+    service_name: "{{ tuxedo_user }}"
+    shared_memory_id: "{{ tuxedo_service_config[tuxedo_user].shared_memory_id }}"
+    tuxedo_domain_id: "{{ tuxedo_user | upper }}_{{ tuxedo_domain_id_suffix }}"
+    tuxedo_group_id: "{{ tuxedo_service_config[tuxedo_user].gid }}"
+    tuxedo_ipc_key: "{{ tuxedo_service_config[tuxedo_user].ipc_key }}"
+    tuxedo_local_domain_id: "{{ tuxedo_user | upper }}_{{ tuxedo_local_domain_suffix }}"
+    tuxedo_logical_machine_id: "{{ tuxedo_user | upper }}_{{ tuxedo_logical_machine_id_suffix }}"
+    tuxedo_machine_name: "{{ ansible_facts.hostname }}"
+    tuxedo_user_id: "{{ tuxedo_service_config[tuxedo_user].uid }}"
+  no_log: True
+
+- name: "{{ tuxedo_user }} : Create temporary directory for new {{ tuxedo_user }} deployment"
+  become_user: "{{ tuxedo_user }}"
+  tempfile:
+    state: directory
+  register: new_deployment_files
+
+- name: "{{ tuxedo_user }} : Copy application artefact files to temporary {{ tuxedo_user }} deployment directory"
+  become_user: "{{ tuxedo_user }}"
+  command: "cp -r {{ application_artefact_files.path }}/. {{ new_deployment_files.path }}"
+
+- name: "{{ tuxedo_user }} : Create empty log directory"
+  file:
+    path: "{{ new_deployment_files.path }}/logdir"
+    owner: "{{ tuxedo_user }}"
+    group: "{{ tuxedo_user }}"
+    mode: 0755
+    state: directory
+
+- name: "{{ tuxedo_user }} : Populate template config files"
+  template:
+    src: "{{ item }}"
+    dest: "{{ new_deployment_files.path }}/config//{{ item | basename | replace('.j2', '') }}"
+    owner: "{{ tuxedo_user }}"
+    group: "{{ tuxedo_user }}"
+    mode: 0644
+  with_fileglob:
+    - "{{ application_configs_path }}/{{ tuxedo_user }}/*.j2"
+  no_log: True
+
+- name: "{{ tuxedo_user }} : Find idx files for service"
+  find:
+    paths: "{{ new_deployment_files.path }}/idx/{{ tuxedo_user }}"
+    patterns: "*"
+  register: idx_configs
+
+- name: "{{ tuxedo_user }} : Assert idx files found"
+  assert:
+    that:
+      - idx_configs.files | length > 0
+    msg: "idx files must exist for service {{ tuxedo_user }} in artefact subdirectory idx/{{ tuxedo_user }}"
+
+- name: "{{ tuxedo_user }} : Copy idx files for service to config directory"
+  become_user: "{{ tuxedo_user }}"
+  command: "cp {{ item.path }} {{ new_deployment_files.path }}/config"
+  loop: "{{ idx_configs.files }}"
+
+- name: "{{ tuxedo_user }} : Set permissions for new deployment files"
+  file:
+    path: "{{ new_deployment_files.path }}"
+    owner: "{{ tuxedo_user }}"
+    group: "{{ tuxedo_user }}"
+    recurse: yes
+
+- name: "{{ tuxedo_user }} : Check state of {{ tuxedo_user }} current deployment directory"
+  stat:
+    path: "/home/{{ tuxedo_user }}/{{ deployment_dir }}"
+  register: current_deployment_files
+
+- name: "{{ tuxedo_user }} : Stop ngSrv services"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && ngsrv.sh stop"
+  args:
+    executable: /bin/bash
+  ignore_errors: yes
+  when: current_deployment_files.stat.exists
+
+- name: "{{ tuxedo_user }} : Stop Tuxedo services"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && tmshutdown -y"
+  args:
+    executable: /bin/bash
+  ignore_errors: yes
+  when: current_deployment_files.stat.exists
+
+- name: "{{ tuxedo_user }} : Clear IPC facilities"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && zapipc"
+  args:
+    executable: /bin/bash
+  when: current_deployment_files.stat.exists
+
+- name: "{{ tuxedo_user }} : Remove {{ tuxedo_user }} rollback directory if present"
+  file:
+    path: "/home/{{ tuxedo_user }}/{{ rollback_dir }}"
+    state: absent
+
+- name: "{{ tuxedo_user }} : Backup {{ tuxedo_user }} current deployment directory if one exists"
+  become_user: "{{ tuxedo_user }}"
+  command: "mv /home/{{ tuxedo_user }}/{{ deployment_dir }} /home/{{ tuxedo_user }}/{{ rollback_dir }}"
+  when: current_deployment_files.stat.exists
+
+- name: "{{ tuxedo_user }} : Install new deployment files"
+  become_user: "{{ tuxedo_user }}"
+  command: "mv {{ new_deployment_files.path }} /home/{{ tuxedo_user }}/{{ deployment_dir }}"
+
+- name: "{{ tuxedo_user }} : Lint Tuxedo ubbconfig file after variable population"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && tmloadcf -n ubbconfig"
+  args:
+    chdir: "/home/{{ tuxedo_user }}/{{ deployment_dir }}/config"
+    executable: /bin/bash
+  register: ubbconfig_lint
+
+- name: "{{ tuxedo_user }} : Assert Tuxedo ubbconfig lint success"
+  assert:
+    that:
+      - ubbconfig_lint.rc == 0
+    fail_msg: "Tuxedo ubbconfig file failed lint check"
+    success_msg: "Tuxedo ubbconfig file passed lint check"
+
+- name: "{{ tuxedo_user }} : Generate Tuxedo binary tuxconfig file"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && tmloadcf -y ubbconfig"
+  args:
+    chdir: "/home/{{ tuxedo_user }}/{{ deployment_dir }}/config"
+    executable: /bin/bash
+
+- name: "{{ tuxedo_user }} : Lint Tuxedo dmconfig file after variable population"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && dmloadcf -n dmconfig"
+  args:
+    chdir: "/home/{{ tuxedo_user }}/{{ deployment_dir }}/config"
+    executable: /bin/bash
+  register: dmconfig_lint
+
+- name: "{{ tuxedo_user }} : Assert Tuxedo dmconfig lint success"
+  assert:
+    that:
+      - dmconfig_lint.rc == 0
+    fail_msg: "Tuxedo dmconfig file failed lint check"
+    success_msg: "Tuxedo dmconfig file passed lint check"
+
+- name: "{{ tuxedo_user }} : Generate Tuxedo binary bdmconfig file"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && dmloadcf -y dmconfig"
+  args:
+    chdir: "/home/{{ tuxedo_user }}/{{ deployment_dir }}/config"
+    executable: /bin/bash
+
+- name: "{{ tuxedo_user }} : Start Tuxedo services"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && tmboot -y"
+  args:
+    executable: /bin/bash
+
+- name: "{{ tuxedo_user }} : Start ngSrv services"
+  become_user: "{{ tuxedo_user }}"
+  shell: "source $HOME/deployment/config/envfile && ngsrv.sh start"
+  args:
+    executable: /bin/bash

roles/deploy/tasks/main.yml

@@ -0,0 +1,59 @@
+---
+
+- name: Check required variables are set
+  assert:
+    that:
+      - environment_name is defined and environment_name | trim | length > 0
+      - application_artefact_path is defined and application_artefact_path | trim | length > 0
+      - application_configs_path is defined and application_configs_path | trim | length > 0
+      - snmp_host_address is defined and snmp_host_address | trim | length > 0
+      - alpha_key_url is defined and alpha_key_url | trim | length > 0
+      - xbrl_validator_url is defined and xbrl_validator_url | trim | length > 0
+      - tnep_url is defined and tnep_url | trim | length > 0
+      - xslt_transformer_url is defined and xslt_transformer_url | trim | length > 0
+    msg: "Required variable(s) empty or undefined"
+
+# The hostname is assumed to be in the format: i<instance-index>-frontend-tuxedo-<environment>
+- set_fact:
+     tuxedo_domain_id_suffix: "{{ ansible_facts.hostname | regex_replace('^i(\\d+)-frontend-tuxedo-([A-Za-z].*)$', 'INSTANCE_\\1_\\2_DOM') | upper }}"
+     tuxedo_logical_machine_id_suffix: "{{ ansible_facts.hostname | regex_replace('^i(\\d+)-frontend-tuxedo-([A-Za-z].*)$', 'INSTANCE_\\1_\\2_SRV') | upper }}"
+     tuxedo_local_domain_suffix: "{{ ansible_facts.hostname | regex_replace('^i(\\d+)-frontend-tuxedo-([A-Za-z].*)$', 'INSTANCE_\\1_\\2_LOD') | upper }}"
+
+- name: Using constructed variable suffixes
+  ansible.builtin.debug:
+    var: "{{ item }}"
+  loop:
+    - tuxedo_domain_id_suffix
+    - tuxedo_logical_machine_id_suffix
+    - tuxedo_local_domain_suffix
+
+- name: Create temporary directory for application artefact files
+  tempfile:
+    state: directory
+  register: application_artefact_files
+
+- name: Set permissions to allow service users to read from temporary directory
+  file:
+    path: "{{ application_artefact_files.path }}"
+    owner: root
+    group: "{{ tuxedo_service_group }}"
+    mode: 0755
+
+- name: Deploy and extract application arterfact
+  unarchive:
+    src: "{{ application_artefact_path }}"
+    dest: "{{ application_artefact_files.path }}"
+    remote_src: no
+    owner: root
+    group: "{{ tuxedo_service_group }}"
+    mode: 0755
+
+- include_tasks: deploy.yml
+  loop: "{{ tuxedo_service_users }}"
+  loop_control:
+    loop_var: tuxedo_user
+
+- name: Remove temporary directories
+  file:
+    path: "{{ application_artefact_files.path }}"
+    state: absent

roles/sshkey/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+
+- name: Retrieve SSH private key for AWS instance(s) from Hashicorp Vault
+  set_fact:
+    aws: "{{ lookup('community.hashi_vault.hashi_vault', 'applications/heritage-{{ environment_name }}-eu-west-2/tuxedo/aws') }}"
+  no_log: True
+
+- name: Ensure SSH directory exists
+  file:
+    path: /root/.ssh
+    owner: root
+    group: root
+    state: directory
+    mode: '0700'
+
+- name: Write SSH private key to Ansible controller
+  copy:
+    content: "{{ aws['ssh_private_key'] }}"
+    dest: /root/.ssh/ansible_remote
+  no_log: True
+
+- name: Set SSH private key permissions
+  file:
+    path: /root/.ssh/ansible_remote
+    owner: root
+    group: root
+    mode: '0600'

sshkey.yml

@@ -0,0 +1,5 @@
+---
+
+- hosts: localhost
+  roles:
+    - sshkey