Merge pull request #160 from nebari-dev/conda-store-version

Update conda-store, add redis, configure postgres, minio data directory

.github/workflows/kvm-test.yaml

@@ -24,14 +24,18 @@ jobs:
             ${{ runner.os }}-vagrant-
 
       - name: Install test dependencies.
-        run: sudo pip3 install ansible
+        run: pip install ansible
 
       - name: Install Ansible Dependencies
         working-directory: tests/ubuntu2004-singlenode
         run: |
           ansible-galaxy collection install community.general
           ansible-galaxy collection install ansible.posix
 
+      - name: Install Vagrant
+        run: |
+          brew tap hashicorp/tap
+          brew install hashicorp/tap/hashicorp-vagrant
       - name: Show Vagrant version
         run: vagrant --version
 

inventory.template/group_vars/all.yaml

@@ -47,3 +47,5 @@ postgres_users:
   - username: conda-store
     password: eIbmUditL4RbQm0YPeLozRme
     role: CREATEDB,CREATEROLE
+
+redis_password: 1XoRW/Vgz+LdKLXeh9uwdBrYPBJKhIJR

inventory.template/group_vars/hpc_master.yaml

@@ -11,6 +11,7 @@ munge_enabled: true
 mysql_enabled: true
 minio_enabled: true
 conda_store_enabled: true
+redis_enabled: true
 postgres_enabled: true
 nfs_server_enabled: true
 node_exporter_enabled: true

playbook.yaml

@@ -25,6 +25,7 @@
     - nfs
     - mysql
     - postgresql
+    - redis
     - minio
     - backups
     - traefik

roles/conda_store/defaults/main.yaml

@@ -1,6 +1,6 @@
 ---
 conda_store_enabled: false
-conda_store_version: 2024.1.1
+conda_store_version: 2024.3.1
 conda_store_port: "5000"
 conda_store_environment: environments/conda-store.yaml
 conda_store_prefix: /conda-store

roles/conda_store/templates/conda_store_config.py

@@ -12,6 +12,7 @@
 c.CondaStore.storage_class = S3Storage
 c.CondaStore.store_directory = "/opt/conda-store/conda-store/"
 c.CondaStore.database_url = "postgresql+psycopg2://{{ postgres_users[0].username }}:{{ postgres_users[0].password }}@localhost/{{ postgres_databases[0] }}"
+c.CondaStore.redis_url = f"redis://:{{ redis_password }}@localhost:6379/0"
 c.CondaStore.default_uid = 1000
 c.CondaStore.default_gid = 100
 c.CondaStore.default_permissions = "775"

roles/conda_store/templates/environments/conda-store.yaml

@@ -3,7 +3,6 @@ channels:
  - conda-forge
 dependencies:
   - python ==3.10
-  - conda-store-server=={{ conda_store_version }}
   # conda environment builds
   - conda ==23.5.2
   - python-docker
@@ -36,3 +35,6 @@ dependencies:
   - minio
   # installer
   - constructor
+  - pip:
+        # version 2024.3.1 is not on conda-forge unfortunately
+      - conda-store-server=={{ conda_store_version }}

roles/minio/defaults/main.yaml

@@ -8,3 +8,4 @@ minio_username: admin
 minio_password: mWdaGyPmNOApU93Vxk6sNTac
 minio_buckets:
   - conda-store
+minio_data_directory: /opt/conda-store/minio

roles/minio/tasks/minio.yaml

@@ -35,7 +35,7 @@
 - name: Ensure that minio data directory exists
   become: true
   ansible.builtin.file:
-    path: /var/lib/minio
+    path: "{{ minio_data_directory }}"
     state: directory
     mode: "0700"
     owner: minio
@@ -44,7 +44,7 @@
 - name: Ensure that minio buckets exist
   become: true
   ansible.builtin.file:
-    path: /var/lib/minio/{{ item }}
+    path: "{{ minio_data_directory }}/{{ item }}"
     state: directory
     mode: "0700"
     owner: minio
@@ -83,11 +83,11 @@
       AssertFileIsExecutable=/usr/local/bin/minio
 
       [Service]
-      WorkingDirectory=/var/lib/minio/
+      WorkingDirectory={{ minio_data_directory }}
       User=minio
       Group=minio
       EnvironmentFile=/etc/minio/minio.env
-      ExecStart=/usr/local/bin/minio server /var/lib/minio/ --address ":{{ minio_internal_port }}"
+      ExecStart=/usr/local/bin/minio server {{ minio_data_directory }} --address ":{{ minio_internal_port }}"
       Restart=always
       LimitNOFILE=65536
       TasksMax=infinity

roles/postgresql/defaults/main.yml

@@ -2,6 +2,9 @@
 postgres_enabled: false
 postgres_databases:
   - conda-store
+postgres_data_directory: /opt/conda-store/postgres/data/
+postgres_user: postgres
+postgres_version: 14
 
 postgres_users:
   - username: conda-store

roles/postgresql/tasks/postgresql.yaml

@@ -10,6 +10,28 @@
     state: latest
     cache_valid_time: 3600
 
+- name: Create the data directory
+  ansible.builtin.file:
+    path: "{{ postgres_data_directory }}"
+    owner: "{{ postgres_user }}"
+    group: "{{ postgres_user }}"
+    mode: "0700"
+    state: directory
+  become: true
+
+- name: Initialize the PostgreSQL database
+  ansible.builtin.command: sudo -u {{ postgres_user }} /usr/lib/postgresql/{{ postgres_version }}/bin/initdb -D {{ postgres_data_directory }}
+  args:
+    creates: "{{ postgres_data_directory }}/PG_VERSION"
+  become: true
+
+- name: Configure PostgreSQL to use the new data directory
+  ansible.builtin.lineinfile:
+    path: /etc/postgresql/{{ postgres_version }}/main/postgresql.conf
+    regexp: ^#?data_directory =
+    line: data_directory = '{{ postgres_data_directory }}'
+  become: true
+
 - name: Ensure PostgreSQL service is running
   ansible.builtin.systemd:
     name: postgresql

roles/redis/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+redis_enabled: false
+redis_port: 6379
+redis_password: 1XoRW/Vgz+LdKLXeh9uwdBrYPBJKhIJR
+redis_data_directory: /opt/conda-store/redis/

roles/redis/handlers/main.yaml

@@ -0,0 +1,9 @@
+---
+- name: Restart services redis
+  become: true
+  ansible.builtin.service:
+    name: "{{ item }}"
+    enabled: "yes"
+    state: restarted
+  with_items:
+    - redis

roles/redis/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Install redis
+  ansible.builtin.include_tasks: redis.yaml
+  when: redis_enabled

roles/redis/tasks/redis.yaml

@@ -0,0 +1,76 @@
+---
+- name: Remove existing Redis keyring file
+  ansible.builtin.file:
+    path: /usr/share/keyrings/redis-archive-keyring.gpg
+    state: absent
+  become: true
+
+- name: Add Redis GPG Key
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail  # See: https://ansible.readthedocs.io/projects/lint/rules/risky-shell-pipe/#correct-code
+      curl -fsSL https://packages.redis.io/gpg | sudo gpg --batch --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
+    executable: /bin/bash
+  become: true
+
+- name: Add Redis APT Repository
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail  # See: https://ansible.readthedocs.io/projects/lint/rules/risky-shell-pipe/#correct-code
+      echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
+    executable: /bin/bash
+  become: true
+
+- name: Ensure Redis data directory exists
+  ansible.builtin.file:
+    path: "{{ redis_data_directory }}"
+    state: directory
+    owner: redis
+    group: redis
+    mode: "0755"
+  become: true
+
+- name: Install redis
+  ansible.builtin.apt:
+    name: redis
+    state: present
+    update_cache: true
+  become: true
+
+- name: Copy the redis systemd service file
+  become: true
+  ansible.builtin.copy:
+    content: |
+      [Unit]
+      Description=Redis
+      After=syslog.target
+
+      [Service]
+      ExecStart=/usr/bin/redis-server /etc/redis/redis.conf
+      RestartSec=5s
+      Restart=on-success
+
+      [Install]
+      WantedBy=multi-user.target
+    dest: /etc/systemd/system/redis.service
+    owner: root
+    group: root
+    mode: "0644"
+  register: _redis_service
+
+- name: Ensure Redis Configuration
+  ansible.builtin.template:
+    src: templates/redis.conf.j2
+    dest: /etc/redis/redis.conf
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify: Restart services redis
+
+- name: Ensure Redis is started
+  ansible.builtin.service:
+    name: redis
+    state: started
+    enabled: "yes"
+  become: true