chore: update ansible docker deployment steps (#2412)

feat: add steps to create ami image and push to marketplace

feat: add steps to publish ami image

chore: update github action changes

update github actions to assume role

Co-authored-by: Alon Peretz <[email protected]>

Author: pratapalakshmi

.github/workflows/packer-build-ami.yml

@@ -0,0 +1,43 @@
+name: Packer build AWS AMI's 
+on: 
+  workflow_dispatch:
+    branches:
+      - prod
+
+jobs:
+  plan:
+    environment: Terraform
+    defaults:
+      run:
+        working-directory: /home/runner/work/ballerine/deploy/aws_ami
+    runs-on: ubuntu-latest
+    name: Packer build Artifacts
+    steps:
+      - name: Checkout to Git
+        uses: actions/checkout@v2
+
+    - name: Assume Role
+      uses: ./
+      env:
+        ROLE_ARN: ${{ secrets.AWS_PACKER_ROLE }}
+        ROLE_SESSION_NAME: packersession
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        DURATION_SECONDS: 900
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: 1.8.7
+
+      - name: Run `packer init`
+        id: init
+        run: "packer init template.json.pkr.hcl"
+
+      - name: Run `packer validate`
+        id: validate
+        run: "packer validate template.json.pkr.hcl"
+
+      - name: Build AWS AMIs
+        run: "packer build template.json.pkr.hcl"

deploy/ansible/ballerine_playbook/README.md

@@ -99,7 +99,7 @@ You can run the ansible playbook with the following command
 
 ```bash
 cd ballerine/deploy/ansible/ballerine_playbook
-ansible-playbook -i inventory.txt ballerine-playbook.yml
+ansible-playbook -i inventory.txt ballerine-playbook.yml --skip-tags packer
 ```
 
 The command above will use the host information from the `inventory` file.
@@ -110,4 +110,4 @@ When it's all done, provided all went well and no parameters were changed, you s
 
 ## Make entries to the DNS server
 
-Make sure the appropriate entries for the url in DNS are created
+Make sure the appropriate entries for the url in DNS are created

deploy/ansible/ballerine_playbook/roles/setup-ballerine/defaults/main.yml

@@ -3,6 +3,10 @@
 docker_edition: 'ce'
 docker_package: 'docker-{{ docker_edition }}'
 docker_package_state: present
+default_user: ubuntu
+
+cloud_user: ballerine
+cloud_group: ballerine
 
 # Service options.
 docker_service_state: started

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/cleanup-packer-build.yml

@@ -0,0 +1,12 @@
+---
+- name: Remove sensitive credential (1)
+  shell: find / -name "authorized_keys" -exec rm -f {} \;
+  become: true
+
+- name: Remove sensitive credential (2)
+  shell: find /root/ /home/*/ -name .cvspass -exec rm -f {} \;
+  become: true
+
+- name: Restart rsyslog
+  shell: service rsyslog restart
+  become: true

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/clone-ballerine.yml

@@ -0,0 +1,9 @@
+---
+- name: Clone Ballerine
+  git:
+    repo: https://github.com/ballerine-io/ballerine.git
+    dest: "{{ install_dir }}"
+    version: dev
+    clone: yes
+    update: yes
+  ignore_errors: yes

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/deploy-ballerine.yml

@@ -0,0 +1,11 @@
+- name: Deploy Ballerine with localhost
+  shell: sudo docker-compose -f docker-compose-build.yml up -d
+  args:
+    chdir: "{{ install_dir }}/deploy"
+  when: vite_api_url == ""
+
+- name: Deploy Ballerine with custom Domain
+  shell: sudo docker-compose -f docker-compose-build-https.yml up -d
+  args:
+    chdir: "{{ install_dir }}/deploy"
+  when: vite_api_url != ""

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/install-docker.yml

@@ -24,15 +24,13 @@
       - libnss3-tools
     state: latest
   become: true
-  tags:
-    - always
+
 
 - name: Upgrade dist to apply security fixes
   ansible.builtin.apt:
     upgrade: dist
   become: true
-  tags:
-    - always
+
 
 - name: Ensure old versions of Docker are not installed
   package:

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/main.yml

@@ -3,8 +3,25 @@
   package_facts:
     manager: auto
 
-- include_tasks: install-docker.yml
+- import_tasks: install-docker.yml
 
 - import_tasks: start-docker.yml
 
+- import_tasks: clone-ballerine.yml
+
+- import_tasks: setup-init-config.yml
+  tags: packer
+
 - import_tasks: setup-ballerine.yml
+
+- import_tasks: setup-ballerine-runtime.yml
+  tags: packer
+
+- import_tasks: deploy-ballerine.yml
+  tags: deploy
+
+- import_tasks: setup-user-data.yml
+  tags: packer
+
+- import_tasks: cleanup-packer-build.yml
+  tags: packer

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine-runtime.yml

@@ -0,0 +1,39 @@
+- name: create runtime path folder
+  file:
+    dest: "{{ install_dir }}/scripts"
+    mode: 0755
+    recurse: yes
+    owner: "{{ cloud_user }}"
+    group: "{{ cloud_group }}"
+    state: directory
+
+- name: create boot script
+  template:
+    src: templates/boot.sh
+    dest: "{{ install_dir }}/scripts/boot.sh"
+    mode: 0755
+
+- name: create reboot entry job
+  cron:
+    name: "ballerine job"
+    special_time: reboot
+    user: "{{ cloud_user }}"
+    job: "{{ install_dir }}/scripts/boot.sh"
+
+- name: setup ssh key for ballerine user
+  copy:
+    src: templates/init-ssh.sh
+    dest: /var/lib/cloud/scripts/per-instance
+    mode: 0755
+    owner: "{{ cloud_user }}"
+    group: "{{ cloud_group }}"
+  become: true
+
+- name: setup ssh key for {{ default_user }} user
+  copy:
+    src: templates/init-ssh.sh
+    dest: /var/lib/cloud/scripts/per-instance
+    mode: 0755
+    owner: "{{ default_user }}"
+    group: "{{ cloud_group }}"
+  become: true

deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine.yml

@@ -1,4 +1,5 @@
 ---
+
 - name: Replace VITE URL for backoffice
   lineinfile:
     path: '~/ballerine/apps/backoffice-v2/.env.example'
@@ -33,16 +34,4 @@
   ansible.builtin.template:
     src: templates/Caddyfile.j2
     dest: "{{ install_dir }}/deploy/caddy/Caddyfile"
-  when: vite_api_url != ""
-
-- name: Deploy Ballerine up locally
-  shell: docker-compose -f docker-compose-build.yml up -d
-  args:
-    chdir: "{{ install_dir }}/deploy"
-  when: vite_api_url == ""
-
-- name: Deploy Ballerine up remote
-  shell: docker-compose -f docker-compose-build-https.yml up -d
-  args:
-    chdir: "{{ install_dir }}/deploy"
-  when: vite_api_url != ""
+  when: vite_api_url != ""