From 0cfd4588dc1e05fc441f9c7299148a56b4acf831 Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Thu, 23 Sep 2021 16:41:54 -0600
Subject: [PATCH] paddles: Enable containerized deployment

Signed-off-by: Zack Cerza <zack@redhat.com>
---
 roles/paddles/defaults/main.yml        | 10 +++-
 roles/paddles/tasks/apt_systems.yml    | 10 ++++
 roles/paddles/tasks/main.yml           | 23 +++++++-
 roles/paddles/tasks/setup_db.yml       | 12 +++--
 roles/paddles/tasks/setup_docker.yml   | 72 ++++++++++++++++++++++++++
 roles/paddles/tasks/zypper_systems.yml |  5 ++
 roles/paddles/templates/nginx.conf     |  2 +-
 roles/paddles/vars/apt_systems.yml     |  6 +++
 8 files changed, 133 insertions(+), 7 deletions(-)
 create mode 100644 roles/paddles/tasks/setup_docker.yml

diff --git a/roles/paddles/defaults/main.yml b/roles/paddles/defaults/main.yml
index 2769873..85c3fc5 100644
--- a/roles/paddles/defaults/main.yml
+++ b/roles/paddles/defaults/main.yml
@@ -1,9 +1,17 @@
 ---
 paddles_user: paddles
+paddles_db_user: paddles
+paddles_port: 8080
+paddles_statsd_host: ""
+paddles_statsd_prefix: ""
+paddles_sentry_dsn: ""
+
+paddles_containerized: false
+paddles_container_image: quay.io/ceph-infra/paddles:latest
+paddles_container_replicas: 10
 
 paddles_repo: https://github.com/ceph/paddles.git
 paddles_branch: master
 
-paddles_port: 8080
 
 log_host: localhost
diff --git a/roles/paddles/tasks/apt_systems.yml b/roles/paddles/tasks/apt_systems.yml
index 4f3337d..a7974c1 100644
--- a/roles/paddles/tasks/apt_systems.yml
+++ b/roles/paddles/tasks/apt_systems.yml
@@ -12,3 +12,13 @@
     cache_valid_time: 600
   tags:
     - packages
+
+- name: Install docker packages
+  apt:
+    name: "{{ paddles_docker_packages|list }}"
+    state: latest
+    update_cache: yes
+    cache_valid_time: 600
+  when: paddles_containerized
+  tags:
+    - packages
diff --git a/roles/paddles/tasks/main.yml b/roles/paddles/tasks/main.yml
index 64e959f..2618951 100644
--- a/roles/paddles/tasks/main.yml
+++ b/roles/paddles/tasks/main.yml
@@ -18,9 +18,15 @@
   tags:
     - always
 
+- name: Set db_host
+  set_fact:
+    db_host: "{% if paddles_containerized %}{{ inventory_hostname }}{% else %}localhost{% endif %}"
+  tags:
+    - always
+
 - name: Set db_url
   set_fact:
-    db_url: "postgresql+psycopg2://{{ paddles_user }}:{{ db_pass }}@localhost/paddles"
+    db_url: "postgresql+psycopg2://{{ paddles_db_user }}:{{ db_pass }}@{{ db_host }}/paddles"
   no_log: true
   tags:
     - always
@@ -40,13 +46,26 @@
 
 # Set up the actual paddles project
 - import_tasks: setup_paddles.yml
+  when: not paddles_containerized
 
 # Set up the DB which paddles uses
 - import_tasks: setup_db.yml
+  tags:
+    - db
+
+# Set up docker if necessary
+- import_tasks: setup_docker.yml
+  when: paddles_containerized
+  tags:
+    - service
 
 # Configure the system to run paddles as a daemon
 - import_tasks: setup_service.yml
+  when: not paddles_containerized
+  tags:
+    - service
 
 # Configure nginx as a reverse proxy
 - import_tasks: nginx.yml
-  when: not ansible_distribution is search("openSUSE")
+  when:
+    - not ansible_distribution is search("openSUSE")
diff --git a/roles/paddles/tasks/setup_db.yml b/roles/paddles/tasks/setup_db.yml
index 0380f2e..d37d280 100644
--- a/roles/paddles/tasks/setup_db.yml
+++ b/roles/paddles/tasks/setup_db.yml
@@ -8,7 +8,7 @@
 - name: Set up access to the database
   postgresql_user:
     db: paddles
-    name: "{{ paddles_user }}"
+    name: "{{ paddles_db_user }}"
     password: "{{ db_pass }}"
   become_user: postgres
   when: create_db is changed
@@ -18,7 +18,9 @@
   args:
     chdir: "{{ paddles_repo_path }}"
   become_user: "{{ paddles_user }}"
-  when: create_db is changed
+  when:
+    - create_db is changed
+    - not paddles_containerized
 
 - name: Copy alembic config template to alembic.ini
   command: cp ./alembic.ini.in alembic.ini
@@ -27,16 +29,20 @@
     chdir: "{{ paddles_repo_path }}"
   register: alembic_ini
   become_user: "{{ paddles_user }}"
+  when: not paddles_containerized
 
 - name: Update alembic.ini
   lineinfile:
     dest: "{{ paddles_repo_path }}/alembic.ini"
     line: "sqlalchemy.url = {{ db_url }}"
     regexp: "^sqlalchemy.url = "
+  when: not paddles_containerized
 
 - name: Set the alembic revision
   shell: ./virtualenv/bin/alembic stamp head
   args:
     chdir: "{{ paddles_repo_path }}"
-  when: alembic_ini is changed
+  when:
+    - alembic_ini is changed
+    - not paddles_containerized
   become_user: "{{ paddles_user }}"
diff --git a/roles/paddles/tasks/setup_docker.yml b/roles/paddles/tasks/setup_docker.yml
new file mode 100644
index 0000000..a1cc50c
--- /dev/null
+++ b/roles/paddles/tasks/setup_docker.yml
@@ -0,0 +1,72 @@
+---
+- name: Add paddles_user to the docker group
+  user:
+    name: "{{ paddles_user }}"
+    append: yes
+    groups:
+      - docker
+
+- name: Install docker's python module
+  become_user: "{{ paddles_user }}"
+  pip:
+    name: docker
+    state: latest
+    executable: pip3
+    extra_args: --user
+
+- name: Init docker swarm
+  become_user: "{{ paddles_user }}"
+  docker_swarm:
+    state: present
+
+- name: Create secret for the database URL
+  become_user: "{{ paddles_user }}"
+  docker_secret:
+    name: paddles_sqlalchemy_url
+    data: "{{ db_url }}"
+
+- name: Pull the paddles container image
+  become_user: "{{ paddles_user }}"
+  docker_image:
+    name: "{{ paddles_container_image }}"
+    source: pull
+  register: image_pull
+
+- name: Create docker swarm service
+  become_user: "{{ paddles_user }}"
+  docker_swarm_service:
+    name: paddles
+    state: present
+    replicas: "{{ paddles_container_replicas }}"
+    update_config:
+      parallelism: 1
+      delay: 10s
+      monitor: 10s
+      failure_action: rollback
+    rollback_config:
+      order: start-first
+    image: "{{ paddles_container_image }}"
+    resolve_image: true
+    force_update: "{{ image_pull.changed }}"
+    publish:
+      - published_port: "{{ paddles_port }}"
+        target_port: 8080
+    logging:
+      driver: journald
+      options:
+        tag: paddles
+    env:
+      - "PADDLES_ADDRESS={{ paddles_address }}"
+      - "PADDLES_SERVER_HOST=0.0.0.0"
+      - "SENTRY_DSN={{ paddles_sentry_dsn }}"
+      - "PADDLES_STATSD_HOST={{ paddles_statsd_host }}"
+      - "PADDLES_STATSD_PREFIX={{ paddles_statsd_prefix }}"
+      - "GUNICORN_CMD_ARGS=--workers=2 --max-requests=10000"
+    secrets:
+      - secret_name: paddles_sqlalchemy_url
+        filename: "/run/secrets/paddles_sqlalchemy_url"
+    healthcheck:
+      test: ["CMD", "curl", "--fail", "http://localhost:8080"]
+      interval: 1m
+      timeout: 5s
+      start_period: 10s
diff --git a/roles/paddles/tasks/zypper_systems.yml b/roles/paddles/tasks/zypper_systems.yml
index a0be059..6f4a3ee 100644
--- a/roles/paddles/tasks/zypper_systems.yml
+++ b/roles/paddles/tasks/zypper_systems.yml
@@ -1,4 +1,9 @@
 ---
+- name: Fail on zypper systems if paddles_containerized is set
+  fail:
+    msg: "'paddles_containerized' is not yet supported on zypper systems"
+  when: paddles_containerized
+
 - name: Include package type specific vars.
   include_vars: "zypper_systems.yml"
   tags:
diff --git a/roles/paddles/templates/nginx.conf b/roles/paddles/templates/nginx.conf
index d2e68bb..1576f52 100644
--- a/roles/paddles/templates/nginx.conf
+++ b/roles/paddles/templates/nginx.conf
@@ -1,6 +1,6 @@
 server {
         server_name {{ inventory_hostname }};
-        listen {{ ansible_all_ipv4_addresses[0] }}:{{ paddles_port }};
+        listen 80;
         proxy_send_timeout 600;
         proxy_connect_timeout 240;
         location / {
diff --git a/roles/paddles/vars/apt_systems.yml b/roles/paddles/vars/apt_systems.yml
index 9df77dd..a28fe74 100644
--- a/roles/paddles/vars/apt_systems.yml
+++ b/roles/paddles/vars/apt_systems.yml
@@ -16,6 +16,12 @@ paddles_extra_packages:
   - nginx
   - liblz4-tool
 
+paddles_docker_packages:
+  - docker.io
+  # docker swarm needs the requests module
+  - python-requests
+  - python-docker
+
 # We need this so we can disable apache2 to get out of the way of nginx
 apache_service: 'apache2'
 
-- 
2.39.5