Some more tweaks and some WIP changes on the documentation.

cluster-setup/deployment/create_backup_filesystem.yaml

@@ -4,9 +4,7 @@
   hosts: head
   vars:
     drive_identifiers:
-      - "ata-ST8000AS0002-1NA17Z_Z840VBQ5"
-      - "scsi-0ATA_WDC_WD2000FYYZ-0_WD-WMC1P0H2KH10"
-      - "scsi-0ATA_WDC_WD2000FYYZ-0_WD-WMC1P0H3J8XT"
+      - "ata-ST10000NM001G-2MW103_ZS51H7QX"
   tasks:
     - name: create a single partition on each of the physical volumes
       loop: "{{ drive_identifiers }}"

cluster-setup/deployment/roles/copy_users_and_groups/tasks/main.yml

@@ -79,3 +79,5 @@
     password: "{{ shadow_dict.dict[item.name]['passwd'] }}"
     group: "{{ item.name }}"
     groups: "{{ user_groups[item.name] | default([]) }}"
+    append: true
+    shell: "{{ default_shell }}"

cluster-setup/deployment/roles/head_node_networking/tasks/main.yml

@@ -1,7 +1,14 @@
 ---
 
 - name: set timezone
-  community.general.timezone: America/Vancouver
+  block:
+    - name: change the timezone
+      community.general.timezone:
+        name: America/Vancouver
+    - name: restart cron to reflect the new timezone
+      systemd:
+        name: cron
+        state: restarted
 
 - name: check if original /home has been renamed
   stat: path=/data/home

cluster-setup/deployment/roles/kive_node/tasks/main.yml

@@ -13,6 +13,7 @@
       - "{{ kive_python_package }}-distutils"
       - "{{ kive_python_package }}-venv"
       - "{{ kive_python_package }}-dev"
+      - "lib{{ kive_python_package }}-dev"
 
 - name: install pip for this version of Python
   become: true

cluster-setup/deployment/roles/kive_server/files/wsgi.load

@@ -0,0 +1 @@
+LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so

cluster-setup/deployment/roles/kive_server/tasks/main.yml

@@ -62,6 +62,33 @@
       - barman-cli
       - rsnapshot
 
+- name: fetch kive source code
+  become: true
+  git:
+    dest: "{{ kive_root }}"
+    repo: https://github.com/cfe-lab/Kive.git
+    version: "{{ kive_version | default('master') }}"
+    update: "{{ update_kive_source | default('no') }}"
+
+- name: set up the Kive Python virtualenv
+  become: true
+  block:
+    - name: create directory for virtualenv
+      file:
+        path: "{{ kive_venv }}"
+        state: directory
+    - name: copy requirements file to track changes
+      register: kive_requirements
+      copy:
+        dest: "{{ kive_venv }}/requirements.txt"
+        src: "{{ kive_root }}/requirements.txt"
+    - name: kive python dependencies
+      when: kive_requirements.changed
+      pip:
+        requirements: "{{ kive_root }}/requirements.txt"
+        virtualenv_command: "{{ kive_python_executable }} -m venv"
+        virtualenv: "{{ kive_venv }}"
+
 - name: install mod_wsgi from source
   become: true
   block:
@@ -96,7 +123,7 @@
       command:
         argv:
           - "/usr/local/src/mod_wsgi/configure"
-          - "--with-python={{ kive_venv }}/bin/python"
+          - "--with-python=/usr/bin/python3.7"
         chdir: "/usr/local/src/mod_wsgi"
         creates: "/usr/local/src/mod_wsgi/Makefile"
 
@@ -105,6 +132,11 @@
         chdir: "/usr/local/src/mod_wsgi"
         target: install
 
+    - name: add wsgi to the "modules available"
+      copy:
+        src: wsgi.load
+        dest: /etc/apache2/mods-available
+
     - name: enable the wsgi module in apache
       community.general.apache2_module:
         state: present
@@ -145,35 +177,6 @@
         group: root
 
 
-- name: fetch kive source code
-  become: true
-  git:
-    dest: "{{ kive_root }}"
-    repo: https://github.com/cfe-lab/Kive.git
-    version: "{{ kive_version | default('master') }}"
-    update: "{{ update_kive_source | default('no') }}"
-
-
-- name: install kive python dependencies
-  become: true
-  block:
-    - name: create directory for virtualenv
-      file:
-        path: "{{ kive_venv }}"
-        state: directory
-    - name: copy requirements file to track changes
-      register: kive_requirements
-      copy:
-        dest: "{{ kive_venv }}/requirements.txt"
-        src: "{{ kive_root }}/requirements.txt"
-    - name: kive python dependencies
-      when: kive_requirements.changed
-      pip:
-        requirements: "{{ kive_root }}/requirements.txt"
-        virtualenv_command: "{{ kive_python_executable }} -m venv"
-        virtualenv: "{{ kive_venv }}"
-
-
 - name: set up log purging
   become: true
   block:
@@ -284,7 +287,7 @@
       command:
         cmd: "a2ensite 001-kive-ssl"
 
-    - name: enable apache2
+    - name: enable and (re)start apache2
       systemd:
         name: apache2
         state: restarted
@@ -338,17 +341,18 @@
         rule: allow
         state: enabled
 
+- name: enable and start database service
+  become: true
+  systemd:
+    name: "postgresql@14-main"
+    state: started
+    enabled: true
+
 - name: configure postgres server
   become: true
   become_user: postgres
   block:
 
-    - name: start database service
-      systemd:
-        name: "postgresql"
-        state: started
-        enabled: true
-
     - name: add kive entries to pg_hba.conf
       block:
         - name: local connections
@@ -457,7 +461,7 @@
         chdir: "{{ kive_root }}/api/"
         creates: "{{ kive_root }}/api/build/"
     - name: collect kive's static files
-      notify: restart web server
+      # notify: restart web server
       environment:
         KIVE_STATIC_ROOT: "{{ kive_static_root }}"
       community.general.django_manage:
@@ -544,6 +548,17 @@
     owner: barman
     group: barman
 
+- name: barman passwords file
+  blockinfile:
+    path: /var/lib/barman/.pgpass
+    create: yes
+    owner: barman
+    group: barman
+    mode: u=rw,g=,o=
+    block: |
+      localhost:*:*:barman:{{ barman_password }}
+      localhost:*:*:streaming_barman:{{ streaming_barman_password }}
+
 - name: database backup kive config
   loop:
     - option: path_prefix
@@ -581,10 +596,10 @@
     option: "{{ item.option }}"
     value: "{{ item.value }}"
 
-- name: force a WAL switch to verify the WAL archiving process
-  become: true
-  become_user: barman
-  command: barman switch-wal --force --archive kive
+#- name: force a WAL switch to verify the WAL archiving process
+#  become: true
+#  become_user: barman
+#  command: barman switch-wal --force --archive kive
 
 - name: SSH keys
   block:
@@ -622,17 +637,6 @@
         user: postgres
         key: "{{ lookup('file', '/var/lib/barman/.ssh/id_rsa.pub') }}"
 
-- name: barman passwords file
-  blockinfile:
-    path: /var/lib/barman/.pgpass
-    create: yes
-    owner: barman
-    group: barman
-    mode: u=rw,g=,o=
-    block: |
-      localhost:*:*:barman:{{ barman_password }}
-      localhost:*:*:streaming_barman:{{ streaming_barman_password }}
-
 # This variable should be a JSON-formatted list of 2-lists, like
 # [["User One", "[email protected]"], ..., ["User N", "[email protected]"]]
 - name: parse admin e-mails from json

cluster-setup/deployment/roles/worker_node_networking/tasks/main.yml

@@ -1,7 +1,14 @@
 ---
 
 - name: set timezone
-  community.general.timezone: America/Vancouver
+  block:
+    - name: change the timezone
+      community.general.timezone:
+        name: America/Vancouver
+    - name: restart cron to reflect the new timezone
+      systemd:
+        name: cron
+        state: restarted
 
 - name: install NFS client software
   become: true