Multiple sites on the same hosts enhancements #54
Conversation
mamedin
requested review from
djjuhasz,
amayita,
scollazo,
hakamine,
DavidHume-ArtefactualSystems and
luisilara
There was a problem hiding this comment.
I'll try to summarize my added comments below:
- Example in README.md needs quick correction (either change /usr/share/nginx/atom in the first line with /use/share/nginx/test5, or change the "test5" in the other lines with "atom")
- Try to avoid defining
atom_extra_pathin defaults/main.yml (as it is not a variable whose value could be customized by the user) - task/cli_tools.yml is adding tasks that build the AtoM themes, but there are tasks that already do a similar thing in tasks/build.yml
- git task added in tasks/revision-dir.yml could fail if the repository has not been already cloned before?
- Is the "private" symlink needed?
For 2. and 4. I was thinking we could for example:
- In defaults/main.yml remove the atom_extra_path:"" declaration
- In tasks/main.yml, remove the
whenconditional for taskinclude: "revision-dir.yml" - Refactor revision_dir.yml for example like (haven't tested it):
- name: Get latest revision
shell: "git ls-remote {{ atom_repository_url }} {{ atom_repository_version }} | awk '{print $1}'"
register: latest_revision
- name: "Define atom_extra_path when using atom_revision_directory"
set_fact:
atom_extra_path: "atom-{{ latest_revision.stdout }}"
when:
atom_revision_directory is defined and atom_revision_directory|bool
- name: "Define atom_extra_path as empty when not using atom_revision_directory"
set_fact:
atom_extra_path: ""
when:
atom_revision_directory is undefined or not atom_revision_directory|bool
ad53093 to
a1084d5
Compare
|
Thanks very much for CR! I have changed the branch to include your suggestions. Using the summary points added by @hakamine in last comment:
|
|
@mamedin thank you for the fixes. I have a comment regarding the use of the "always" tag in role, the tasks will execute every time a playbook is run and there is no way to exclude them. For example, the following playbook: even if running the playbook with tag nginx (e.g. |
|
@mamedin @hakamine - I believe for atom_revision_directory style deploys of AtoM the private symlink is required for digital object access control (copyright etc.), at least was when originally set up, I'd have to recall which Hosted clients definitely used it (Mills?) and per my using this method for SFU this year, should be required. Or Miguel are you saying it would still be present if the boolean is set, just not going to do it in the role now (number 5. in your lists). |
I was thinking on moving the private symlink task to our |
|
Ups, wrong click! |
I'm going to change the always tag to the explicit list. Thanks Hector! |
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
2 times, most recently
from
454f422 to
83c699e
Compare
|
Hi!, branch updated again. Using again the summary points, these are the new changes: 2.- "always" tag changed on revision tasks, the tasks are using the big tag list instead. |
tasks/cli_tools.yml
Outdated
| @@ -0,0 +1,37 @@ | |||
| --- | |||
|
|
|||
| # Compile available themes | |||
There was a problem hiding this comment.
(Cosmetic) Having moved this section back to tasks/build.yml, should remove this comment line.
tasks/revision-dir.yml
Outdated
| register: "atom_revision_git_output" | ||
|
|
||
| - name: "Print revisions" | ||
| debug: "msg='current={{ atom_revision_git_output.before }} latest={{ atom_revision_git_output.after }}'" |
There was a problem hiding this comment.
In my tests, even with a previous revision these two results would be the same - but I think that might be because of the other issues we encountered. Hence my wondering @mamedin if you have gotten this output with different results yet. That is, atom_revision_git_output.before value via akin to what we used to keep in the latest file before a branch update, and atom_revision_git_output.after being the true current (which I assume the above first task does more efficiently than shell command "git ls-remote {{ atom_repository_url }} {{ atom_repository_version }} | awk '{print $1}'" did).
That said, I think as we discussed as long as .after is correct as used in the "Define atom_extra_path..." task below (so won't try to overwrite a previous or fallback revision directory) all is well...
There was a problem hiding this comment.
@hakamine - did you have a similar concern, I guess this relates to your refactor suggestion for revision-dir.yml on August 10 above?
There was a problem hiding this comment.
@DavidHume-ArtefactualSystems when I first saw the PR code I was concerned that maybe using git with "clone: no" and "update:no" would fail if there was no local repo. But re-checking the ansible docs, they provide a usage example of git with "clone: no" and "update:no", to "just get information about the repository whether or not it has already been cloned locally." therefore I think it should be good regarding my original concern. However, the problem you encountered seems to be a different issue.
There was a problem hiding this comment.
Probably related to:
https://github.com/artefactual-labs/ansible-atom/blob/master/tasks/basic.yml#L3-L9
Using depth=1 is known problem.
There was a problem hiding this comment.
I tested the new changes on a client upgrade and it worked properly
- The
revision-dir.ymlimproves the commandshell: "git ls-remote {{ atom_repository_url }} {{ atom_repository_version }} | awk '{print $1}'"where in some cases it created the revision folder with the stdout with two lines eg.'atom-d6ffd39c150ebe74adb0bc9e7e8d84797ad8def2'$'\n''c017acb60e8dceeb6ec453e368381bf12bc940ad'/ - The new variable atom_git_pull_code_depth will produce a shallow clone, probably the default value could be set to 1 to avoid adding that variable to the playbook?
@luisilara The https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#omitting-parameters So the default value is And about setting 1 as default value, there's a comment in role about it: https://github.com/artefactual-labs/ansible-atom/blob/master/tasks/basic.yml#L3-L9 So I prefer to use the old default values for |
|
@mamedin I think the |
|
@mamedin @DavidHume-ArtefactualSystems What do you think about removing the |
Yes, it will be a nice change, but the problem is that we already have 25 config files with the We are going to change some other settings on upgrades, so if you agree I can change it. |
|
I have upgraded again the branch with these changes:
|
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
from
83c699e to
f8cdcc6
Compare
|
@mamedin I ran a test for an upgrade (deployed a branch, then did another deploy with a different code commit; strictly speaking it wasn't a branch update but a branch change), and I think I got the same problem that @DavidHume-ArtefactualSystems reported. The first time I tried the upgrade, the "before:" and "after:" commit hashes reported by the git task were the same (old commit). I had to run the playbook again so that the upgrade was completed, this time the git task reported "before:" and "after:" commit hashes were the same but the new commit (I am NOT using depth=1 BTW). So this meaning that in order to do an upgrade would need to run the playbook twice. Could it be a bug in the ansible git module? Could it be better to stick with the old way (using git ls-remote) ? |
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
from
f8cdcc6 to
0b3961d
Compare
Thanks! I could reproduce the issue when using different branches. I could fix it with git module but using 2 different tasks for getting the current and candidate revision. The I prefer to use the git module because the |
|
Thanks again for suggestions :) Branch updated again. The
|
When the `atom_revision_directory` variable is set to `yes`, a new `$atom_path/atom-COMMIT_ID` directory is created for every update and a `$atom_path/$atom_revision_directory_latest_symlink_dir` symlink is created pointing to the latest revision dir. For instance: ``` /usr/share/nginx/atom ├── atom-0134577b6ecd763dedf82a7eee4ddc35043c5345 ├── atom-1234567b6ecd763dedf92a7bad4ddc35043c5438 ├── atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 ├── downloads ├── private -> /usr/share/nginx/atom/src ├── src -> /usr/share/nginx/atom/atom-381f849b6ecd763dedf92a7bad43cc350a3c5439 └── uploads ```
New tasks have been added to create a symlink to a custom `downloads` directory in the same way we do for custom `upload` directories. The old uploads-dir tasks have been moved to symlink-dirs.yml task file.
Ensure `atom_uploads_symlink` and `atom_downloads_symlink` exist to avoid the following error when running the "Temporarily change ownership of site directory to be able to clone repo" task (and directory doesn't exist): ``` "Errno 2] No such file or directory: '/usr/share/nginx/atom-uploads'" ```
Create a symlink for digital object access control from `$atom_path/private` to `$atom_path/$atom_revision_directory_latest_symlink_dir` when `atom_private_symlink` and `atom_revision_directory` are `true`.
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
from
0b3961d to
95a93a3
Compare
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
from
95a93a3 to
cac3ec8
Compare
The new task file includes the following commands: - rebuild index - Update database - fix data: Rebuild nested-set and generate slugs - Compile all available themes The `search.yml` task file has been removed, and the "Update database" task has been moved to the new cli tasks file.
mamedin
force-pushed
the
dev/atom-site_enhancements
branch
from
cac3ec8 to
1f0277e
Compare
This PR adds:
Connects to #53 and #20