Upgrade CONSUL DEMOCRACY installer to version 2.1.1

.github/workflows/debian.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        image: ["debian:buster", "debian:bullseye"]
+        image: ["debian:bullseye", "debian:bookworm"]
         rails_env: [staging, production]
     container:
       image: ${{ matrix.image }}
@@ -19,9 +19,7 @@ jobs:
       - name: Update system packages
         run: apt-get update -y
       - name: Install needed packages
-        run: apt-get install -y lsb-release sudo python3-pip openssh-server
-      - name: Install Ansible
-        run: pip3 install ansible
+        run: apt-get install -y lsb-release sudo python3-pip openssh-server ansible
       - name: Create hosts file
         run: echo "localhost ansible_connection=local ansible_user=root" > hosts
       - name: Generate dummy SSH key

.github/workflows/ubuntu.yml

@@ -7,11 +7,14 @@ on:
 
 jobs:
   ubuntu:
-    runs-on: ${{ matrix.os }}
+    runs-on: ${{ matrix.platforms.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04]
+        platforms: [
+          { os: "ubuntu-20.04", errbit: "True" },
+          { os: "ubuntu-22.04", errbit: "False"}
+        ]
         rails_env: [staging, production]
     steps:
       - uses: actions/checkout@v2
@@ -29,4 +32,4 @@ jobs:
       - name: Generate dummy SSH key
         run: ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
       - name: Run CONSUL DEMOCRACY installer
-        run: ansible-playbook consul.yml -i hosts --extra-vars "env=${{ matrix.rails_env }} domain=localhost errbit=True"
+        run: ansible-playbook consul.yml -i hosts --extra-vars "env=${{ matrix.rails_env }} domain=localhost errbit=${{ matrix.platforms.errbit }}"

README.md

@@ -1,4 +1,4 @@
-# CONSUL DEMOCRACY Installer ![Build status](https://github.com/consuldemocracy/installer/workflows/tests/badge.svg)
+# CONSUL DEMOCRACY Installer ![Build status on Ubuntu](https://github.com/consuldemocracy/installer/workflows/ubuntu/badge.svg)
 
 [CONSUL DEMOCRACY](https://github.com/consuldemocracy/consuldemocracy) installer for production environments
 
@@ -26,8 +26,9 @@ It will also create a `deploy` user to install these libraries
 A remote server with one of the supported distributions:
 
 - Ubuntu 20.04 x64
-- Debian Buster x64
+- Ubuntu 22.04 x64
 - Debian Bullseye x64
+- Debian Bookworm x64
 
 Access to a remote server via public ssh key without password.
 The default user is `deploy` but you can [use any user](#using-a-different-user-than-deploy) with sudo privileges.
@@ -103,12 +104,12 @@ To restart the server and deploy new code to the server we have to configure Cap
 
 Create your [fork](https://help.github.com/articles/fork-a-repo/)
 
-Setup locally for your [development environment](https://docs.consuldemocracy.org/docs/english-documentation/introduction/local_installation)
+Setup locally for your [development environment](https://docs.consuldemocracy.org/tech_docs/introduction-1/local_installation)
 
 Checkout the latest stable version:
 
 ```
-git checkout origin/2.0.1 -b stable
+git checkout origin/2.1.1 -b stable
 ```
 
 Create your `deploy-secrets.yml`
@@ -211,13 +212,13 @@ Using https instead of http is an important security configuration. Before you b
 
 Once you have that setup we need to configure the Installer to use your domain in the application.
 
-First, uncomment the `domain` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all) and update it with your domain name:
+First, uncomment the `domain` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all) and update it with your domain name:
 
 ```
 #domain: "your_domain.com"
 ```
 
-Next, uncomment the `letsencrypt_email` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all) and update it with a valid email address:
+Next, uncomment the `letsencrypt_email` variable in the [configuration file](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all) and update it with a valid email address:
 
 ```
 #letsencrypt_email: "[email protected]"
@@ -264,7 +265,7 @@ If you are on Ubuntu and would like to use its default `sudo` group instead of `
 deploy_group: sudo
 ```
 
-There are many more variables available check them out [here]((https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all))
+There are many more variables available check them out [here]((https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all))
 
 ## Other deployment options
 
@@ -294,7 +295,7 @@ If you do not have `root` access, you will need your system administrator to gra
 
 ## Using a different user than deploy
 
-Change the variable [deploy_user](https://github.com/consuldemocracy/installer/blob/2.0.1/group_vars/all#L12) to the username you would like to use.
+Change the variable [deploy_user](https://github.com/consuldemocracy/installer/blob/2.1.1/group_vars/all#L12) to the username you would like to use.
 
 ## Ansible Documentation
 

app.yml

@@ -18,6 +18,7 @@
   roles:
     - folder_structure
     - ruby
+    - nodejs
     - rails
     - email
     - queue

galaxy/yatesr.timezone/tasks/main.yml

@@ -1,2 +1,2 @@
 ---
-- include: timezone.yml
+- include_tasks: timezone.yml

group_vars/all

@@ -7,6 +7,9 @@ server_hostname: "{{ domain | default(ansible_default_ipv4.address) }}"
 # Server Timezone
 timezone: Europe/Madrid
 
+# Consul Democracy Timezone
+application_timezone: "{{ timezone }}"
+
 # General settings
 env: production
 deploy_user: deploy
@@ -34,6 +37,14 @@ database_user: "{{ deploy_user }}"
 database_password: "{{ deploy_user }}"
 database_hostname: "localhost"
 
+# Puma
+# If you use Capistrano to deploy, make sure the puma_service_unit_name
+# variable is the same as `:puma_service_unit_name` in Capistrano
+puma_service_unit_name: "puma_{{ app_name }}_{{ env }}"
+puma_config_file: "{{ release_dir }}/config/puma/{{ env }}.rb"
+puma_access_log: "{{ shared_dir }}/log/puma_access.log"
+puma_error_log: "{{ shared_dir }}/log/puma_error.log"
+
 #SMTP
 smtp_address:        "smtp.example.com"
 smtp_port:           25
@@ -45,6 +56,13 @@ smtp_authentication: "plain"
 #LetsEncrypt
 letsencrypt_email: "[email protected]"
 
+# Node.js
+fnm_dir: "{{ home_dir }}/.fnm"
+fnm_command: "export PATH=\"{{ fnm_dir }}/:$PATH\" && eval \"$(fnm env)\""
+
+# RVM
+rvm_command: "source {{ home_dir }}/.rvm/scripts/rvm"
+
 # Errbit
 errbit: False
 errbit_dir: "{{ home_dir }}/errbit"

roles/errbit/tasks/main.yml

@@ -35,7 +35,7 @@
     executable: /bin/bash
 
 - name: Install libv8-node for the right platform
-  shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && gem install libv8-node --version '{{ libv8_version.stdout }}' --platform x86_64-linux-libc"
+  shell: "{{ rvm_command }} && gem install libv8-node --version '{{ libv8_version.stdout }}' --platform x86_64-linux-libc"
   args:
     chdir: "{{ errbit_dir }}"
     executable: /bin/bash
@@ -48,13 +48,13 @@
     executable: /bin/bash
 
 - name: Install the mini_racer gem
-  shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && gem install mini_racer --version '{{ mini_racer_version.stdout }}'"
+  shell: "{{ rvm_command }} && gem install mini_racer --version '{{ mini_racer_version.stdout }}'"
   args:
     chdir: "{{ errbit_dir }}"
     executable: /bin/bash
 
 - name: Install Errbit dependencies
-  shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bundle install"
+  shell: "{{ rvm_command }} && bundle install"
   args:
     chdir: "{{ errbit_dir }}"
     executable: /bin/bash
@@ -81,7 +81,7 @@
 - when: not existing_secret_key_base.found
   block:
     - name: Generate secret key
-      shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rake secret"
+      shell: "{{ rvm_command }} && bin/rake secret"
       register: secret_key_base
       args:
         chdir: "{{ errbit_dir }}"
@@ -93,13 +93,13 @@
         line: "SECRET_KEY_BASE={{ secret_key_base.stdout }}"
 
     - name: Setup Errbit
-      shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rake errbit:bootstrap"
+      shell: "{{ rvm_command }} && RAILS_ENV={{ env }} bin/rake errbit:bootstrap"
       args:
         chdir: "{{ errbit_dir }}"
         executable: /bin/bash
 
     - name: Precompile Errbit assets
-      shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rake assets:precompile"
+      shell: "{{ rvm_command }} && RAILS_ENV={{ env }} bin/rake assets:precompile"
       args:
         chdir: "{{ errbit_dir }}"
         executable: /bin/bash
@@ -121,7 +121,7 @@
     enabled: true
 
 - name: Create app if it does not exist
-  shell: 'source /home/{{ deploy_user }}/.rvm/scripts/rvm && bin/rails runner -e {{ env }} "App.create(name: \"{{ domain }}\")"'
+  shell: '{{ rvm_command }} && bin/rails runner -e {{ env }} "App.create(name: \"{{ domain }}\")"'
   args:
     chdir: "{{ errbit_dir }}"
     executable: /bin/bash
@@ -146,7 +146,7 @@
     replace: '  errbit_host: "https://{{ errbit_domain }}"'
 
 - name: Restart CONSUL DEMOCRACY
-  shell: "source /home/{{ deploy_user }}/.rvm/scripts/rvm && RAILS_ENV={{ env }} bin/rails restart"
+  shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec bin/rails restart RAILS_ENV={{ env }}"
   args:
     chdir: "{{ release_dir }}"
     executable: /bin/bash

roles/errbit/templates/errbit.service

@@ -7,7 +7,7 @@ After=mongodb.service network.target
 Type=simple
 WorkingDirectory={{ errbit_dir }}
 Environment=RAILS_ENV={{ env }}
-ExecStart=/bin/bash -lc 'source {{ home_dir }}/.rvm/scripts/rvm && bundle exec puma -C {{ errbit_dir }}/config/puma.default.rb -e {{ env }}'
+ExecStart=/bin/bash -lc '{{ rvm_command }} && bundle exec puma -C {{ errbit_dir }}/config/puma.default.rb -e {{ env }}'
 Restart=always
 User={{ errbit_user }}
 Group={{ errbit_group }}

roles/folder_structure/tasks/main.yml

@@ -22,7 +22,7 @@
         state: directory
 
     - name: Create first release
-      shell: "git archive 2.0.1 | /usr/bin/env tar -x -f - -C {{ first_release_dir }}"
+      shell: "git archive 2.1.1 | /usr/bin/env tar -x -f - -C {{ first_release_dir }}"
       args:
         chdir: "{{ consul_dir }}/repo"
 

roles/nodejs/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: Install fnm
+  shell: |
+    curl -fsSL https://fnm.vercel.app/install | bash -s -- --install-dir "{{ fnm_dir }}"
+  args:
+    chdir: "{{ home_dir }}"
+    executable: /bin/bash
+    creates: "{{ fnm_dir }}/fnm"
+
+- name: Read Node.js version
+  shell: "cat .node-version"
+  args:
+    chdir: "{{ release_dir }}"
+  register: node_version
+
+- name: Install nodejs via fnm
+  shell: "{{ fnm_command }} && {{ rvm_command }} && fnm install {{ node_version.stdout }}"
+  args:
+    chdir: "{{ release_dir }}"
+    executable: /bin/bash
+  register: fnm_install_result
+  until: "fnm_install_result is not failed"
+  retries: 10
+  delay: 10
+
+- name: Install Node packages
+  shell: "{{ fnm_command }} && {{ rvm_command }} && fnm exec npm install --production"
+  args:
+    chdir: "{{ release_dir }}"
+    executable: /bin/bash

roles/postgresql/tasks/main.yml

@@ -17,17 +17,18 @@
 - become: true
   become_user: postgres
   block:
-    - name: Create PostgreSQL database
-      postgresql_db:
-        name: "{{ database_name }}"
-
     - name: Create PostgreSQL users
       postgresql_user:
+        state: present
         name: "{{ database_user }}"
         password: "{{ database_password }}"
-        db: "{{ database_name }}"
         encrypted: yes
-        priv: ALL
+
+    - name: Create PostgreSQL database
+      postgresql_db:
+        state: present
+        name: "{{ database_name }}"
+        owner: "{{ database_user }}"
 
     - name: Create the shared extensions schema
       postgresql_schema:

roles/puma/tasks/main.yml

@@ -7,29 +7,68 @@
     - "pids"
     - "sockets"
 
-- name: Check that puma is running
-  stat:
-    path: "{{ shared_dir }}/tmp/pids/puma.pid"
-  register: puma_process
-
-- name: Get running puma process
-  shell: "cat {{ shared_dir }}/tmp/pids/puma.pid"
-  register: running_process
-  when: puma_process.stat.exists == True
-
-- name: Kill running process
-  shell: "kill -QUIT {{ item }}"
-  with_items: "{{ running_process.stdout_lines }}"
-  when: puma_process.stat.exists == True
-
-- name: Start puma
-  shell: "source {{ home_dir }}/.rvm/scripts/rvm && bundle exec puma -C {{ release_dir }}/config/puma/{{ env }}.rb -e {{ env }} -d"
-  args:
-    chdir: "{{ release_dir }}"
-    executable: /bin/bash
-
-- name: Make sure Nginx has write access to the puma socket
-  shell: "chmod o+w tmp/sockets/*"
-  args:
-    chdir: "{{ release_dir }}"
-    executable: /bin/bash
+- name: Create systemd folder
+  file:
+    path: "{{ home_dir }}/.config/systemd/user"
+    state: directory
+
+- name: Copy Puma service file to the systemd folder
+  template:
+    src: "{{ playbook_dir }}/roles/puma/templates/puma.service"
+    dest: "{{ home_dir }}/.config/systemd/user/{{ puma_service_unit_name }}.service"
+
+- name: Copy Puma socket file to the systemd folder
+  template:
+    src: "{{ playbook_dir }}/roles/puma/templates/puma.socket"
+    dest: "{{ home_dir }}/.config/systemd/user/{{ puma_service_unit_name }}.socket"
+
+- name: Get distribution codename
+  shell: lsb_release -c --short
+  register: distro_codename
+
+- when: distro_codename.stdout == "focal" or distro_codename.stdout == "jammy" or not lookup("env", "CI")
+  block:
+    - name: Check if user has access to systemd while running ansible tasks
+      stat:
+        path: "/var/lib/systemd/linger/{{ deploy_user }}"
+      register: linger_enabled
+
+    - name: Enable systemd access if needed
+      command: "loginctl enable-linger {{ deploy_user }}"
+      when: not linger_enabled.stat.exists
+
+    - name: Get user UID
+      shell: "id -u"
+      register: current_uid
+
+    - name: Enable puma socket activation
+      systemd:
+        name: "{{ puma_service_unit_name }}.socket"
+        daemon_reload: true
+        enabled: true
+        state: started
+        scope: user
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ current_uid.stdout }}"
+
+    - name: Start puma
+      systemd:
+        name: "{{ puma_service_unit_name }}.service"
+        daemon_reload: true
+        enabled: true
+        state: started
+        scope: user
+      environment:
+        XDG_RUNTIME_DIR: "/run/user/{{ current_uid.stdout }}"
+
+    - name: Wait until Puma has created the socket
+      wait_for:
+        path: "{{ release_dir }}/tmp/sockets/puma.sock"
+        state: present
+        msg: Puma socket is not available
+
+    - name: Make sure Nginx has write access to the puma socket
+      shell: "chmod o+w tmp/sockets/*"
+      args:
+        chdir: "{{ release_dir }}"
+        executable: /bin/bash