Merge pull request #90 from RNAcentral/cloud-nfs

Cloud nfs

.gitignore

@@ -6,6 +6,7 @@ terraform/terraform.tfstate.d/test/*.backup
 terraform/sequence_search_rsa
 terraform/sequence_search_rsa.pub
 terraform/.terraform
+terraform/current_state
 
 terraform_load_balancer/providers.tf
 terraform_load_balancer/terraform.tfstate.backup
@@ -14,14 +15,17 @@ terraform_load_balancer/load_balancer_rsa.pub
 terraform_load_balancer/.terraform
 
 __pycache__/
+.idea/
 *.pyc
 *.pyo
 *.retry
 
 ansible/hosts
+ansible/producer_latest.dump
 node_modules/
 ENV/
 sequence_search/consumer/hmmer-3.2.1/
 sequence_search/consumer/results
 sequence_search/consumer/queries
 sequence_search/consumer/databases
+sequence_search/monitor/.conf-file

README.md

@@ -30,13 +30,15 @@ running unit-tests on local machine only, it is not using any database or networ
 - [Terraform inventory](https://github.com/adammck/terraform-inventory)
 - [Virtual environment](https://virtualenv.pypa.io/en/latest/) with installed dependencies
 
-1. Generate `sequence_search_rsa` key:
+1. Create `terraform/providers.tf` using the `providers.tf.template` file.
+
+2. Generate `sequence_search_rsa` key:
 
   `cd terraform && ssh-keygen -t rsa -b 4096`
 
   See: https://help.github.com/en/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
 
-2. Follow steps in `redeploy.jenkinsfile`.
+3. Follow steps in `redeploy.jenkinsfile`.
 
   - Install SSH keys
   - Run `terraform init && terraform apply` to create the infrastructure
@@ -158,18 +160,16 @@ https://github.com/webpack/webpack.js.org/issues/1854.
 
 1. `pushd terraform_load_balancer; terraform apply; popd`
 
-2. Update IP address in `load_balancer.yml`, then run:
+2. Run the command bellow passing the IPs as variables on the command line:
 
     ```
     cd ansible_load_balancer
-    ansible-playbook -i hosts --private-key=../terraform_load_balancer/load_balancer_rsa load_balancer.yml
+    ansible-playbook -i hosts --private-key=../terraform_load_balancer/load_balancer_rsa --extra-vars "main_ip=main.ip.address fallback_ip=fallback.ip.address" load_balancer.yml
     ```
 
-The load balancer is an nginx server that proxies http requests to the
-currently selected producer machine's `8002` port. If you want to
-configure the ip and port of producer machine, go to `load_balancer.yml`
-playbook and change the `nginx_backend_ip` and `nginx_backend_port`
-variables.
+The load balancer is an nginx server that proxies http requests to the currently selected producer machine's `8002` 
+port. If you want to change the port of producer machine, go to `load_balancer.yml` playbook and change the 
+`nginx_backend_port` variable.
 
 If you want to update nginx configuration, make changes in
 `ansible_load_balancer/roles/ansible_load_balancer/templates/upstream.conf.js`.

ansible/consumers.yml

@@ -8,3 +8,5 @@
     ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
   roles:
     - {role: consumer, tags: 'consumer'}
+    - ssh
+    - iptables

ansible/download-sequences.yml

@@ -0,0 +1,17 @@
+- name: Download sequence database
+  hosts: producer
+  become: true
+  gather_facts: no
+  user: centos
+
+  tasks:
+    - name: Download compressed archive from RNAcentral FTP
+      get_url:
+        url: ftp://ftp.ebi.ac.uk/pub/databases/RNAcentral/current_release/sequences/.internal/sequence-database.fa.tar.gz
+        dest: /nfs/sequence-database.fa.tar.gz
+
+    - name: Uncompress the archive
+      shell: tar -xf sequence-database.fa.tar.gz
+      args:
+        chdir: /nfs
+        creates: /nfs/zwd.fasta

ansible/main.yml

@@ -0,0 +1,24 @@
+---
+- import_playbook: nfs-server.yml
+- import_playbook: nfs-client.yml
+- import_playbook: download-sequences.yml
+- import_playbook: postgres.yml
+- import_playbook: producer.yml
+
+
+- hosts: producer
+  gather_facts: Yes
+  remote_user: centos
+  become: true
+  become_method: sudo
+  vars:
+    ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
+  tasks:
+    - name: Drop the database and re-create it
+      shell:
+        chdir: /srv
+        cmd: ENVIRONMENT=PRODUCTION python3 -m sequence_search.db
+
+
+- import_playbook: consumers.yml
+- import_playbook: monitor.yml

ansible/monitor.yml

@@ -0,0 +1,12 @@
+---
+- hosts: monitor
+  remote_user: centos
+  become: true
+  become_method: sudo
+  vars:
+    ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
+    floating_ip: "{{ lookup('pipe', 'cd ../terraform && terraform output floating_ip') }}"
+  roles:
+    - monitor
+    - ssh
+    - iptables

ansible/nfs-client.yml

@@ -0,0 +1,32 @@
+- name: NFS client installation and nfs server mount
+  vars:
+    ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
+    nfs_server_ip: 192.168.0.7
+    nfs_mount_path: "/nfs"
+  hosts: producer:consumers
+  become: true
+  gather_facts: no
+  user: centos
+
+  tasks:
+    - name: Upgrade all packages
+      yum: name=* state=latest
+
+    - name: Install yum dependencies
+      yum:
+        name:
+          - nfs-utils
+
+    - name: Create an nfs directory where to mount nfs server dir
+      file:
+        path: "{{ nfs_mount_path }}"
+        state: directory
+        mode: "u=r,g=r,o=rwx" # might need to change these privileges
+        recurse: yes
+
+    - name: Mount nfs server directory on clients
+      mount:
+        path: "{{ nfs_mount_path }}"
+        src: "{{ nfs_server_ip }}:/"
+        fstype: nfs
+        state: mounted

ansible/nfs-server.yml

@@ -0,0 +1,85 @@
+- name: NFS server installation and setup
+  hosts: nfs_server
+  vars:
+    ansible_python_interpreter: "/usr/bin/python3" # set ansible interpreter to python3
+    ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
+    network_ip: 192.168.0.0/24
+  become: true
+  gather_facts: no
+  user: ubuntu
+
+  tasks:
+    - name: Update and upgrade apt packages
+      apt:
+        upgrade: yes
+        update_cache: yes
+        cache_valid_time: 86400
+
+    - name: Update apt
+      apt:
+        update_cache: yes
+        state: present
+
+    - name: Install nfs on the compute instance
+      apt:
+        name: "{{ packages }}"
+        state: present
+      vars:
+        packages:
+        - python3-pip
+        - nfs-kernel-server
+
+    - name: Create the export nfs directory
+      file:
+        path: /nfs
+        state: directory
+        mode: "u=r,g=r,o=rwx"
+        recurse: yes
+
+    - name: Format the volume
+      filesystem:
+        fstype: xfs
+        dev: /dev/vdb
+
+    - name: Mount volume to nfs directory
+      mount:
+        path: /nfs
+        src: /dev/vdb
+        fstype: xfs
+        state: mounted
+
+    - name: Make nfs directory accessible to all
+      file:
+        path: /nfs
+        owner: nobody
+        group: nogroup
+
+    - name: chmod 777 equivalent
+      file:
+        path: /nfs
+        mode: u=rwX,g=rwX,o=rwX
+        recurse: yes
+
+    - name: Create exports file
+      lineinfile:
+        dest: /etc/exports
+        regexp: '^#*'
+        insertafter: '^#*'
+        line: "/nfs {{ network_ip }}(rw,sync,fsid=0,crossmnt,no_subtree_check,no_root_squash)"
+        owner: root
+        group: root
+        mode: 0644
+        state: present
+
+    - name: restart nfs server
+      service:
+        name: nfs-kernel-server
+        state: restarted
+
+    - name: Import ssh role
+      import_role:
+        name: ssh
+
+    - name: Import iptables role
+      import_role:
+        name: iptables

ansible/postgres.yml

@@ -68,4 +68,6 @@
       - '*'
 
   roles:
-    - postgresql
+    - postgresql
+    - ssh
+    - iptables

ansible/postgres_restore.yml

@@ -0,0 +1,13 @@
+---
+# Playbook to restore a PostgreSQL database from an archive file created by pg_dump
+- hosts: postgres
+  remote_user: centos
+  become: true
+  become_method: sudo
+  vars:
+    ansible_ssh_private_key_file: "../terraform/sequence_search_rsa"
+  tasks: 
+  - copy: src=producer_latest.dump dest=/tmp/producer_latest.dump mode=0777
+  - shell: pg_restore -U docker -c -n public -n pg_catalog -d producer /tmp/producer_latest.dump
+
+- import_playbook: consumers.yml

ansible/producer.yml

@@ -9,4 +9,6 @@
   roles:
     - {role: 'bastion-private-key', tags: 'bastion'}
 #    - {role: 'docker', tags: 'docker'}
-    - {role: 'producer', tags: 'producer'}
+    - {role: 'producer', tags: 'producer'}
+    - ssh
+    - iptables