Merge pull request #5383 from pulibrary/dpulc-figgy

[DPUL Collections] Add configuration to access the Figgy Staging database for indexing.
pulibrary · Sep 25, 2024 · 917774b · 917774b
2 parents 9a5fe88 + de64298
commit 917774b
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 13 deletions.
diff --git a/group_vars/nomad/dpulc/staging.yml b/group_vars/nomad/dpulc/staging.yml
@@ -5,9 +5,14 @@ dpul_c_db_password: '{{ vault_dpul_c_db_password }}'
 dpul_c_postgres_host: 'lib-postgres-staging1.princeton.edu'
 dpul_c_postgres_version: '15'
 dpul_c_postgres_admin_user: "postgres"
+dpul_c_staging_figgy_db_host: "figgy-db-staging1.princeton.edu"
+dpul_c_staging_figgy_db_name: "figgy_staging"
+dpul_c_staging_figgy_db_password: "{{ vault_dpul_c_staging_figgy_db_password }}"
 dpul_c_nomad_env_vars:
  DB_NAME: '{{ dpul_c_db_name }}'
  DB_USER: '{{ dpul_c_db_user }}'
  DB_PASSWORD: '{{ dpul_c_db_password }}'
  POSTGRES_HOST: '{{ dpul_c_postgres_host }}'
  SECRET_KEY_BASE: '{{ vault_dpul_c_secret_key_base }}'
+ SOLR_URL: 'http://lib-solr8d-staging.princeton.edu:8983/solr/dpulc-staging'
+ FIGGY_DATABASE_URL: 'ecto://dpulc_staging:{{ dpul_c_staging_figgy_db_password }}@{{ dpul_c_staging_figgy_db_host }}/{{ dpul_c_staging_figgy_db_name }}'
diff --git a/group_vars/nomad/dpulc/vault.yml b/group_vars/nomad/dpulc/vault.yml
@@ -1,14 +1,17 @@
 $ANSIBLE_VAULT;1.1;AES256
-35383836303137343738353364386262666439666465343137363265613137646533336264613235
-3962633734366639323838663965383932356265653031360a386338393836396237316633623035
-32643966353837613634333737643064666536666464363363326435346436393963373862323339
-6239333839656564370a636366326664663039376462383538343065643765613961356261643762
-34353439653265313330336137383639386464616665376430623466303934326132373739626164
-39626464626363626338303036366636326439613433643461323830633263666330636634636539
-39373932343961656437303238353538363731393335393263346538326562613062656361303738
-66393237376136643465353864613731616336656634333439333238363665336535333265636139
-34346131393137333132386538383961336431323436353832366464663233353339663935643436
-61663836376265663732343337336233323436616234656332613763613366643434636633313632
-38636636633365356465646635316630663764376637666664386266643263636166383738393635
-34376365323432643835626436646565666539616237623036353930393137653164613537643762
-3936
+63636438363930626363653233343036616165326137643766666434353866366364353534393063
+6434383035643037393439353537356438393337316465630a346539343536373065316362353433
+38656261316139623364373064366439643937616466616230303538333235303562303035373364
+3461663163663461360a366134363531656234633663396235643962343530333964653733646136
+62373532356534643264336538386335346239343035666535646638333739316639316466633164
+62663761333136306463623861346665316165343561363461316664356233313630333630333433
+62626234623938663934643239653733366234636236386637396463663635386666643938313263
+37643038653238646363313537386162383634336365363066646432386134303630393563303765
+64636337653433393130343035373861396165623463333837333734356331323432346330663564
+35376362363338613862366561653233636661323662353036346165353732323635396364373065
+65333737313934346165336661633035666564306336626563643035633434333361336131333133
+35633631393236666236353033333439613335653562383766646334366337653430616538306633
+32373636636361316233336433326331663335323734363364376533353866363363333436363462
+35373539303333633936386162633336363330393032653733656233303630636665356664663834
+35333235383865323531303962653961356661373233353731303232363437633436376364646538
+39663432346562343637
diff --git a/roles/pul_nomad/tasks/dpul_c.yml b/roles/pul_nomad/tasks/dpul_c.yml
@@ -21,6 +21,31 @@
  become_user: '{{ dpul_c_postgres_admin_user }}'
  run_once: true
 
+- name: 'pul_nomad_dpulc | create figgy postgresql db user'
+ community.postgresql.postgresql_user:
+ name: 'dpulc_staging'
+ password: '{{ dpul_c_staging_figgy_db_password }}'
+ encrypted: true
+ state: 'present'
+ delegate_to: '{{ dpul_c_staging_figgy_db_host }}'
+ become: true
+ become_user: '{{ dpul_c_postgres_admin_user }}'
+ run_once: true
+
+- name: 'pul_nomad_dpulc | grant read privileges for read-only user'
+ delegate_to: '{{ dpul_c_staging_figgy_db_host }}'
+ become: true
+ become_user: '{{ dpul_c_postgres_admin_user }}'
+ run_once: true
+ community.postgresql.postgresql_privs:
+ database: '{{ dpul_c_staging_figgy_db_name }}'
+ state: present
+ privs: SELECT
+ type: table
+ objs: ALL_IN_SCHEMA
+ roles: 'dpulc_staging'
+ grant_option: true
+
 - name: 'pul_nomad_dpulc | ensure access to postgres server for client connections'
  ansible.builtin.lineinfile:
  path: '/etc/postgresql/{{ dpul_c_postgres_version }}/main/pg_hba.conf'
@@ -31,6 +56,16 @@
  when:
  - "nomad_node_role == 'client'"
 
+- name: 'pul_nomad_dpulc | ensure access to figgy postgres server for client connections'
+ ansible.builtin.lineinfile:
+ path: '/etc/postgresql/{{ dpul_c_postgres_version }}/main/pg_hba.conf'
+ line: 'host all all {{ ansible_default_ipv4.address }}/32 md5'
+ delegate_to: '{{ dpul_c_staging_figgy_db_host }}'
+ register: remote_figgy_postgres_configured
+ throttle: 1 # have this task run one machine at a time to avoid race condition
+ when:
+ - "nomad_node_role == 'client'"
+
 - name: 'pul_nomad_dpulc | reload postgresql'
  ansible.builtin.service:
  name: postgresql
@@ -39,6 +74,14 @@
  - remote_postgres_configured.changed
  delegate_to: '{{ dpul_c_postgres_host }}'
 
+- name: 'pul_nomad_dpulc | reload figgy postgresql'
+ ansible.builtin.service:
+ name: postgresql
+ state: reloaded
+ when:
+ - remote_postgres_configured.changed
+ delegate_to: '{{ dpul_c_staging_figgy_db_host }}'
+
 - name: 'pul_nomad_dpulc | add the application environment variables'
  ansible.builtin.shell:
  cmd: '/usr/local/bin/nomad var put -force nomad/jobs/dpulc-staging {{ dpul_c_nomad_env_vars.keys() | zip(dpul_c_nomad_env_vars.values()) | map("join", "=") | join(" ") }}'