From 8576020ffaebd22ac6fb140a9e29ca0510f0ecc6 Mon Sep 17 00:00:00 2001
From: himeshr <himeshl@samanvayfoundation.org>
Date: Wed, 8 Nov 2023 19:27:27 +0530
Subject: [PATCH] avniproject/avni-product#1427 | Deploy Metabase as docker
 container onto onpremise server using ansible

---
 configure/Makefile                            |   3 +
 configure/group_vars/basic_docker_vars.yml    |   9 ++
 configure/group_vars/metabase_docker_vars.yml |  18 +++
 .../group_vars/onpremise-secret-vars.yml.enc  | 138 +++++++++---------
 configure/group_vars/onpremise_vars.yml       |   8 +
 configure/inventory/onpremise                 |   5 +-
 configure/onpremise_metabase_servers.yml      |  19 +++
 configure/roles/docker/defaults/main.yml      |  10 ++
 configure/roles/docker/tasks/main.yml         |  78 ++++++++++
 configure/roles/metabase/defaults/main.yml    |   9 ++
 configure/roles/metabase/tasks/main.yml       |   5 +
 .../templates/metabase.docker.env.template.j2 |  11 ++
 12 files changed, 247 insertions(+), 66 deletions(-)
 create mode 100644 configure/group_vars/basic_docker_vars.yml
 create mode 100644 configure/group_vars/metabase_docker_vars.yml
 create mode 100644 configure/onpremise_metabase_servers.yml
 create mode 100644 configure/roles/docker/defaults/main.yml
 create mode 100644 configure/roles/docker/tasks/main.yml
 create mode 100644 configure/roles/metabase/defaults/main.yml
 create mode 100644 configure/roles/metabase/tasks/main.yml
 create mode 100644 configure/roles/metabase/templates/metabase.docker.env.template.j2

diff --git a/configure/Makefile b/configure/Makefile
index 62a3c6e..cbcd2b8 100644
--- a/configure/Makefile
+++ b/configure/Makefile
@@ -119,6 +119,9 @@ etl-prerelease: check-app-zip-path check-vault-pwd-file
 etl-prod: check-app-zip-path check-vault-pwd-file
 	APPLICATION_ZIP_PATH=$(app_zip_path) APPLICATION_ZIP_FILE_NAME=etl-1.0.0-SNAPSHOT.jar ansible-playbook prod_etl_servers.yml -i inventory/prod  --vault-password-file ${VAULT_PASSWORD_FILE}
 
+metabase-onpremise:
+	ansible-playbook onpremise_metabase_servers.yml -i inventory/onpremise  --vault-password-file ${VAULT_PASSWORD_FILE}
+
 deploy-etl-staging: check-app-zip-path check-vault-pwd-file
 	APPLICATION_ZIP_PATH=$(app_zip_path) APPLICATION_ZIP_FILE_NAME=etl-1.0.0-SNAPSHOT.jar ansible-playbook deploy_app_to_servers.yml -i inventory/staging  --vault-password-file ${VAULT_PASSWORD_FILE} \
 	--extra-vars '{"deploy_app_name":"etl","deploy_app_hosts":"etlservers","deploy_app_remote_user":"avni-etl-user","deploy_app_env":"staging","deploy_app_role":"etl_appserver","deploy_app_env_vars_file":"group_vars/staging_vars.yml","deploy_app_env_secret_vars_file":"group_vars/staging-secret-vars.yml.enc"}'
diff --git a/configure/group_vars/basic_docker_vars.yml b/configure/group_vars/basic_docker_vars.yml
new file mode 100644
index 0000000..27fdde7
--- /dev/null
+++ b/configure/group_vars/basic_docker_vars.yml
@@ -0,0 +1,9 @@
+---
+
+# basic vars
+project_name: avni
+letsencrypt_email: avni@samanvayfoundation.org
+avni_cache_dir: /var/cache/avni
+update_apt_cache: yes
+
+# container vars
\ No newline at end of file
diff --git a/configure/group_vars/metabase_docker_vars.yml b/configure/group_vars/metabase_docker_vars.yml
new file mode 100644
index 0000000..3b910b3
--- /dev/null
+++ b/configure/group_vars/metabase_docker_vars.yml
@@ -0,0 +1,18 @@
+---
+
+  metabase_container_name: metabase
+  metabase_container_image: metabase/metabase:v0.47.6
+#  Below image is for t4g instance type (arm64/v8) architecture
+#  metabase_container_image: iwalucas/metabase:latest
+  metabase_hostname: metabase
+  metabase_container_healthcheck_cmd: "curl --fail -I http://0.0.0.0:443/api/health || exit 1"
+  metabase_container_ports_mapping: "443:3000"
+  metabase_container_env_file: "/root/metabase_docker.env"
+  metabase_container_env_template_file: metabase.docker.env.template.j2
+
+  update_apt_cache: yes
+# Application settings.
+  application_name: metabase
+  app_description: Avni metabase server
+  application_user: metabase
+  application_group: metabase
\ No newline at end of file
diff --git a/configure/group_vars/onpremise-secret-vars.yml.enc b/configure/group_vars/onpremise-secret-vars.yml.enc
index 94365bc..86f356f 100644
--- a/configure/group_vars/onpremise-secret-vars.yml.enc
+++ b/configure/group_vars/onpremise-secret-vars.yml.enc
@@ -1,66 +1,74 @@
 $ANSIBLE_VAULT;1.1;AES256
-39316638353764366235663835653062656530326134366236313938376266306365396237396462
-3733313630363330666538333632373939343235666532340a633562346432616534386264323338
-30396433656235613436646536633261336538353033366463656165643730623230646262386538
-3066323061663761320a396239353834343131643538613430333531663338336265313631396564
-62323734343637623261396431653733353462666632333561653836313962333036393862666130
-35336330353961323165363231633563396166633333386430383731353039613563323732646637
-61633237643264303335623332336135383032303833396435393061643635613339663335643864
-38333235663563313031376237613162663035346239613334393635306432383565366536376134
-66653064303439343031653664323133643165313031666231653039306366646333653365336165
-39353965383731336564333933313636626432346237613562656463373036653363353131663133
-31343462353735616638316166656363303966386137363033386261653861633231646635313239
-35323238653561336339356138373531303336396139376230346464646630336664383732373865
-37343433326236313036343634376565333363323433626238336365626561303561643431633139
-61636434396334383431326231346562366138386162653162346438383964633965646235303463
-32373261356363366665393036396231326363633761363730323736636238363332303761386637
-65353630636663633836373432646263393635663364646235303432316239303435646436663436
-66336539316139326631663130636366333535623433393336353763666339323734343366626430
-36393138363763663439656533636461343030623536346539316139346537643130356163633333
-39326637393530643466633732656530343536666533353461353639626130393561363865613635
-35643231373134323135636232613263303230373334366234393234633331616437313533636465
-33346465613865626466393137356136656665623534623563616430393431633836393233323031
-66323061636665623034363333376463616331623833653838386662643662663233316136643832
-39313638326462626362323766393232313031303564303961316633656638323862666566323364
-33323466613066663966313239623839393239373566333761376139643638346438306665393962
-61336163666333643964393239646638336532323434393865613236656664373839666166616661
-31383538643461636334313337353061323330633165633430366635386166653763626337663063
-66643265643162326335666333323366356239313263333366616362653233393765643932613935
-33306664343037313566633836336466383763343337363336303064363831646366323731316665
-31653563613737626233386431316266373436653333396435366361376463366365636137383937
-31623631343662333864306235386666646138393964626461346266343063343966346432333464
-37353832616633396538333862336433363237366536313531333765363738626438316564653239
-31356639333765333639663861363733376531306134653366643162313534633133633361323932
-32393130626431376533333239313735386335356561616530633364363863666231653938396230
-35616333663861666266323965653166616263646135343065396662643038646131656362633266
-31623633643136323132633030373538376634633531383234323033663663613939623765333861
-62643765336163663933333937633337366462643263393964383231373563353564663239323332
-30386463626562323362343234623937346161366265316263616332393732363736343666303433
-36613733636239656536346663323039663639356238646532613333653637666464616463373564
-37366430326331616366353237303962643061393863646137333562623563313137663831633438
-63613432346531303062383437623138306231326633396464643337656333616461613165643065
-65373462313232636163613935656165323838396462613161626433313263623763336265656437
-64353738383761373232316330313662613233356165376564346564666465343965373631613637
-39656634323837396330643731653531326530626436616131653436316163333837373361363638
-38356630663636653335396132376137333761643362613238626435383436663437316238343366
-39626332353465343964613430316232393835633131616436366564373432633662326535613963
-39366565666635646632363762316463383038373331326630646166643735333563393330663930
-63623363373234343533666235373562323333393266393434343634343230393731336265623664
-61616337613732303963316661373562333035303361346464666239653663393538333862383161
-62313235633463633537306464306363663433323839343134363838333962626231353133643366
-34653061343536396138376661316536336534393862346261383637306464636530313265383962
-62373063373135666134383862643832653036633838333838363063323530383232666663666231
-66666532356339393761353930356237613139373036333862663837333238663438626637633062
-39666636326231303535303133616437323735316632386232633738323264363062313438373639
-36363934346136653636393133653736363936353862396638323336616432653632333233316135
-39626465663866663263336264633463313563616630393332626537373438353330373133313964
-37323462633237396233633962663262313465363566333739656261663934636532303163646665
-65356461393966336239323030323838316366623064356632326231666138353131666662346334
-36356365366566633130376237646534653962626163613136626462376139666565333938643133
-30343762376436656536656135663961376537313462643032656565653039386434663631346639
-30646132386436396262343039623763356638653834663663353232326166386264343033313436
-66343430613166316466323633346434303066303137343335666130653561656537616637393438
-38383131393432333033333061633963383064626363666630393733653831303836633932303764
-32623634343533373264346264633233303764336139393364356131643066633663653130353730
-63646434316462373263643635346165656236633934306361663233343332356563633831386334
-61316161393637623338353761363963653635343361343361326539643039393833
+39663935386666376561336636336131336138653935393764643637303861643831636266383133
+6665376162613134303439396538643763363737313938640a646438636536623038303039636636
+64383361313736616366616131353233396463366233663230613863636131366332623761353531
+3935623831326538610a663339663366313131323736343036316663363435333062383932386330
+65613633376265316439623330356362323462366264633036366139363639626130373931653130
+63643261346237316465356531353533636531393537326662616238333763373162393835313862
+65616132326132386664333631613239386233653938333565363332333437336266653663326464
+32336463306161303166396165613063386663313536383063663835646136343964396230376132
+32323931393232306365663036363932383666396235306665616533623731313861323230653666
+36663035306533396565376232313439363631666132636233386430626261656232613765313231
+32393634643836316339376137656235356538326137623337336637393132343736373030376664
+39656432646638316439313235373431356132306336383533376538316336613938353737666136
+62656532393362623137376434613635393466366437383835663461323738373231323038386233
+39313539386639336237303932316536343663643739616564386631386437613237653031303531
+34313330393136643336376533636331626163616464356162376563616534386331303037363731
+62663063653936633066363434323562613134376232363636653433346538373539303232623737
+32373632633630333138366661356361663434326636623066623732363366656465323939376262
+32353463346461663266313130373261356533373438396538633064386562653631333263646431
+66313337386265326165663233393266383035376431623361616563393563333062666664346535
+63653535366161623437393032353934383637356264356137633064353135646464316230646262
+34306632393232663763323839653539333231316634326536323363363939636462323236653930
+39653930346562666665353539346537613163303264653764616239376563376232373937323763
+35663432653164313561626564643064373366303464363431646566396361656464323362373330
+32373139663937623137626436306561346234333466636432353630313465616333363762376333
+65376532303032353433333632323961373665323139663665656333383561366264626534633864
+66303537613934396561303332316234316138623931316433626131373838386536343839616333
+33343436353230396236626263306336623338636466336161613937633962636136313934396164
+35373538376661386365386665633865653332303863636435343132373032376535623332666235
+66363136373164393936366438366162613333393363613931363166303730386234363735373365
+34353530356138333730326465373935373237653339393134353434303034323165666537383339
+34346166386336383630346437613065393139373134626232663465363264306133376363386235
+37623835643338646464306361306135393837366665323535386630623836663439356562343665
+34653965333431373437346662313664623336646531353930653037656362616365323966333362
+63333239373662373438356235373263366335646462343565646366626261663261636336376230
+38383333646461666136383437623734363330313161383264303536313263373838346338643430
+62363963363965653363636533343963306632393934633030646639363236633131343461626639
+38616535633430373866613239306533333935346234323732633931366433633230613763366262
+36373538343732643736306663663561353234353563613264353161333635613735353732663535
+39613734363464353536643763613831653333356135373439336262303633326634383266353337
+64633237613435326565316238303166333336656165313362653862393262643835386264313361
+30343336356334383530326233333766656239386331363537333662313264383362393861636230
+37393434386462663464373365393962303633376563626263356638623864366637613066303438
+31626465663131623164353066353435303134363563353163373064396334653764346439323064
+39643530653163623532333638353730323663346636313539623037383361313339356330326336
+33653435323436616261343931303235306161396138396161626339363232393330316164323362
+63393239333130373934623466316430646666623531363931366636343861653430393434303531
+33396332386633626137643034626161636238646437366237303236666665346666373436356233
+62313930326139623035643935306663333633616536623730636135316634613663383730303239
+35633263386230663662663830633433393937363862663833383830646438653137376563666562
+61613561363138653338626666333736313137336465666537386338303832663139636461616266
+34643362353733316164393836623465363431666130343239393039373762333062346261313361
+33336534616336376466363836383165653036326637623762363761386237643730373866623336
+33343636383865363731656530396434316464666236333064623761663834343131356435303632
+36633230643230376339393731373632393361613039323736336266343839626639633165383932
+62613739653934333732373961363261626130353435333966363933316534346233643766633030
+64386434346332373263353764306436336364636337343563303239633539643964653938343461
+31373161393763636633623564346165626161653939363339393166343236313533653737613965
+35643063626461326138663939646537376432646161343530663566326332643535353037376666
+61353038373263343039306133386237336466386532383839633333316463613039633233393339
+65393137633730636263346531666331303435363533653765366130623330346230336464346138
+65656331396666343763383035656330343030646665363464363233366263376530353931386662
+30343161393864656335336530633162373235643262333762343936616263383038343262626361
+65326235356137643434363161643238643237623834346265363232636132653436613237613334
+66623663643337343665326663643563326162303333333961323163616130616333323430633030
+62653930636665623031633962656664333435313235323030343665613239326236643565393462
+31343731373136646134656365623739376266373336376538393332373137326433376364316237
+37396565353263666236386135373238616331626662393062646431383832356337343834643262
+39393030393239346335323862626236663037376263636631656366643037333437396332646135
+38366665626431623037666339643738343237333138336262313232333066333466333861316631
+37393431613135383039323337336533643937396564313231373762633362313833373037633431
+63366337363334636166383366626238656232353037356139626631613236656237366634653131
+34366666373436333466623234306536363661373364376437613036613136363938313261666435
+62383634336361346435363132396565613163613637656166313531336333623366
diff --git a/configure/group_vars/onpremise_vars.yml b/configure/group_vars/onpremise_vars.yml
index 3d4d101..6fdc3f0 100644
--- a/configure/group_vars/onpremise_vars.yml
+++ b/configure/group_vars/onpremise_vars.yml
@@ -46,3 +46,11 @@ openchs_csp_allowed_hosts: "\"keycloak.security.lfe.avniproject.org minio.securi
 avni_enhanced_validation: "true"
 avni_blacklisted_urls_file_path: "/etc/avni_blacklisted_urls.json"
 avni_send_exception_in_response: "false"
+
+## Metabase properties
+mb_password_complexity: "strong"
+mb_password_length: "12"
+mb_jetty_port: "3000"
+mb_db_type: "postgres"
+mb_db_port: "5432"
+java_timezone: "Asia/Kolkata"
diff --git a/configure/inventory/onpremise b/configure/inventory/onpremise
index 30818bc..e2de1a4 100644
--- a/configure/inventory/onpremise
+++ b/configure/inventory/onpremise
@@ -11,4 +11,7 @@ keycloak.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansibl
 minio.security.lfe.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/lfe-infra.pem
 
 [test_server]
-test.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/openchs-infra.pem
\ No newline at end of file
+test.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/openchs-infra.pem
+
+[metabase_server]
+reporting-metabase.avniproject.org ansible_user=ubuntu ansible_port=22 ansible_ssh_private_key_file=~/.ssh/openchs-infra.pem
\ No newline at end of file
diff --git a/configure/onpremise_metabase_servers.yml b/configure/onpremise_metabase_servers.yml
new file mode 100644
index 0000000..9081770
--- /dev/null
+++ b/configure/onpremise_metabase_servers.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Configure Metabase server
+  hosts: metabase_server
+  become: yes
+  become_user: root
+  remote_user: "{{ application_user }}"
+  tags:
+    - metabase
+  vars:
+  vars_files:
+    - group_vars/basic_docker_vars.yml
+    - group_vars/metabase_docker_vars.yml
+    - group_vars/onpremise_vars.yml
+    - group_vars/onpremise-secret-vars.yml.enc
+  roles:
+    - base
+    - security
+    - metabase
diff --git a/configure/roles/docker/defaults/main.yml b/configure/roles/docker/defaults/main.yml
new file mode 100644
index 0000000..56290e4
--- /dev/null
+++ b/configure/roles/docker/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+
+  docker_container_name: "{{ app_container_name }}"
+  docker_container_image: "{{ app_container_image }}"
+  docker_hostname: "{{ app_hostname }}"
+  docker_container_healthcheck_cmd: "{{ app_container_healthcheck_cmd }}"
+  docker_container_ports_mapping: "{{ app_container_ports_mapping }}"
+  docker_container_env_file: "{{ app_container_env_file }}"
+  docker_container_env_template_file: "{{ app_container_env_template_file }}"
+
diff --git a/configure/roles/docker/tasks/main.yml b/configure/roles/docker/tasks/main.yml
new file mode 100644
index 0000000..f032d11
--- /dev/null
+++ b/configure/roles/docker/tasks/main.yml
@@ -0,0 +1,78 @@
+---
+
+- name: Install aptitude
+  apt:
+    name: aptitude
+    state: latest
+    update_cache: true
+
+- name: Install required system packages
+  apt:
+    update_cache: "{{ update_apt_cache }}"
+    state: latest
+    pkg:
+      - apt-transport-https
+      - ca-certificates
+      - python3-pip
+      - virtualenv
+      - python3-setuptools
+
+- name: Create cache dir for the rest
+  become: true
+  file:
+    state: directory
+    path: "{{ avni_cache_dir }}"
+    mode: 777
+
+- name: Add Docker GPG apt Key
+  apt_key:
+    url: https://download.docker.com/linux/ubuntu/gpg
+    state: present
+
+- name: Add Docker Repository
+  apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu focal stable
+    state: present
+
+- name: Update apt and install docker-ce
+  apt:
+    name: docker-ce
+    state: latest
+    update_cache: "{{ update_apt_cache }}"
+
+- name: Install Docker Module for Python
+  pip:
+    name: docker
+
+- name: Pull default Docker image
+  community.docker.docker_image:
+    name: "{{ docker_container_image }}"
+    source: pull
+
+- name: Set environment file for application
+  template:
+    src: "{{ docker_container_env_template_file }}"
+    dest: "{{ docker_container_env_file }}"
+    owner: root
+    group: root
+    mode: '755'
+
+- name: Create default containers
+  community.docker.docker_container:
+    name: "{{ docker_container_name }}"
+    image: "{{ docker_container_image }}"
+    detach: true
+    state: started
+    restart: true
+    ports:
+      # Publish container port 3000 as host port 3000
+      - "{{ docker_container_ports_mapping }}"
+    env_file: "{{ docker_container_env_file }}"
+    healthcheck:
+      test: "{{ docker_container_healthcheck_cmd }}"
+      interval: 15s
+      timeout: 5s
+      retries: 5
+
+
+
diff --git a/configure/roles/metabase/defaults/main.yml b/configure/roles/metabase/defaults/main.yml
new file mode 100644
index 0000000..7684527
--- /dev/null
+++ b/configure/roles/metabase/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+  app_container_name: "{{ metabase_container_name }}"
+  app_container_image: "{{ metabase_container_image }}"
+  app_hostname: "{{ metabase_hostname }}"
+  app_container_healthcheck_cmd: "{{ metabase_container_healthcheck_cmd }}"
+  app_container_ports_mapping: "{{ metabase_container_ports_mapping }}"
+  app_container_env_file: "{{ metabase_container_env_file }}"
+  app_container_env_template_file: "{{ metabase_container_env_template_file }}"
diff --git a/configure/roles/metabase/tasks/main.yml b/configure/roles/metabase/tasks/main.yml
new file mode 100644
index 0000000..174ba21
--- /dev/null
+++ b/configure/roles/metabase/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: "Deploy Metabase docker Container"
+  include_role:
+    name: docker
diff --git a/configure/roles/metabase/templates/metabase.docker.env.template.j2 b/configure/roles/metabase/templates/metabase.docker.env.template.j2
new file mode 100644
index 0000000..886aa1f
--- /dev/null
+++ b/configure/roles/metabase/templates/metabase.docker.env.template.j2
@@ -0,0 +1,11 @@
+MB_PASSWORD_COMPLEXITY={{ mb_password_complexity }}
+MB_PASSWORD_LENGTH={{ mb_password_length }}
+MB_JETTY_PORT={{ mb_jetty_port }}
+MB_DB_TYPE={{ mb_db_type }}
+MB_DB_PORT={{ mb_db_port }}
+JAVA_TIMEZONE={{ java_timezone }}
+
+MB_DB_DBNAME={{ mb_db_dbname }}
+MB_DB_USER={{ mb_db_user }}
+MB_DB_PASS={{ mb_db_pass }}
+MB_DB_HOST={{ mb_db_host }}
\ No newline at end of file