private-attribution · eriktaubeneck · Jul 10, 2024 · Jul 5, 2024 · Jul 5, 2024 · Jul 5, 2024
diff --git a/README.md b/README.md
@@ -24,10 +24,10 @@ Host ipa
     User ec2-user
     IdentityFile ~/.ssh/<ssh_key.pem>
 ```
-4. Update the `draft/ansible/inventory.ini` file to only include a single host. (Unless you are running all 4 servers.)
-5. Provision your machine: `ansible-playbook -i ansible/inventory.ini ansible/provision.yaml`
+4. Update the `draft/sidecar/ansible/inventory.ini` file to only include a single host. (Unless you are running all 4 servers.)
+5. Provision your machine: `ansible-playbook -i sidecar/ansible/inventory.ini sidecar/ansible/provision.yaml`
 
-To deploy new changes in draft, run: `ansible-playbook -i ansible/inventory.ini ansible/deploy.yaml`
+To deploy new changes in draft, run: `ansible-playbook -i sidecar/ansible/inventory.ini sidecar/ansible/deploy.yaml`
 
 ### Generating TLS certs with Let's Encrypt
 
@@ -68,10 +68,10 @@ Once you know these:
 ### Run draft
 
 ```
-draft start-helper-sidecar --identity <identity> --root_domain example.com --config_path config
+draft start-helper-sidecar --identity <identity> --helper_domain helper.example.com --sidecar_domain sidecar.example.com --config_path config
 ```
 
-This will start the sidecar in the background. To confirm, visit `example.com/status`.
+This will start the sidecar in the background. To confirm, visit `sidecar.example.com/status`.
 
 
 ## Local Dev

diff --git a/etc/start_helper_sidecar.sh b/etc/start_helper_sidecar.sh
@@ -9,11 +9,10 @@ fi
 
 config_path=$1
 root_path=$2
-root_domain=$3
-helper_domain=$4
-sidecar_domain=$5
-helper_port=$6
-sidecar_port=$7
-identity=$8
+helper_domain=$3
+sidecar_domain=$4
+helper_port=$5
+sidecar_port=$6
+identity=$7
 
-nohup draft run-helper-sidecar --config_path "$config_path" --root_path "$root_path" --root_domain "$root_domain" --helper_domain "$helper_domain" --sidecar_domain "$sidecar_domain" --helper_port "$helper_port" --sidecar_port "$sidecar_port" --identity "$identity" > .draft/logs/helper_sidecar.log 2>&1 & echo $! > $pid_file
+nohup draft run-helper-sidecar --config_path "$config_path" --root_path "$root_path" --helper_domain "$helper_domain" --sidecar_domain "$sidecar_domain" --helper_port "$helper_port" --sidecar_port "$sidecar_port" --identity "$identity" > .draft/logs/helper_sidecar.log 2>&1 & echo $! > $pid_file
diff --git a/server/.prettierignore b/server/.prettierignore
@@ -10,7 +10,8 @@ coverage/*
 next.config.js
 tsconfig.json
 babel.config.js
-
+traefik/*
+ansible/*
 
 # Not JS
 README.md
diff --git a/server/ansible/deploy.yaml b/server/ansible/deploy.yaml
@@ -0,0 +1,44 @@
+- name: Deploy updates to Draft
+  hosts: all
+  tasks:
+
+    - name: Pull new commits from GitHub
+      git:
+        repo: 'https://github.com/private-attribution/draft.git'
+        dest: '{{ ansible_env.HOME }}/draft'
+        update: yes
+
+    - name: Install packages based on package-lock.json via npm
+      npm:
+        path: '{{ ansible_env.HOME}}/draft/server'
+        state: present
+        ci: true
+
+    - name: Load .env file
+      shell: >
+        aws secretsmanager get-secret-value
+        --secret-id {{ env_secret_id }}
+        --region {{ aws_region }}
+        --query SecretString
+        --output text |
+        jq -r 'to_entries|map("\(.key)=\"\(.value|tostring)\"")|.[]' >
+        .env
+      args:
+        chdir: '{{ ansible_env.HOME }}/draft/server'
+        executable: /bin/bash
+
+
+    - name: Rebuild draft website
+      shell: >
+        npm run build
+      args:
+        chdir: '{{ ansible_env.HOME }}/draft/server'
+        executable: /bin/bash
+
+
+    - name: Restart draft website
+      shell: >
+        npm run pm2-restart
+      args:
+        chdir: '{{ ansible_env.HOME }}/draft/server'
+        executable: /bin/bash
diff --git a/server/ansible/inventory.ini b/server/ansible/inventory.ini
@@ -0,0 +1,5 @@
+[myhosts]
+draft-ipa       draft_domain=draft.ipa-helper.dev       draft_port=3000     env_secret_id=prod-draft-env        aws_region=us-west-2
+
+[myhosts:vars]
+ansible_python_interpreter=/usr/bin/python3
diff --git a/server/ansible/provision.yaml b/server/ansible/provision.yaml
@@ -0,0 +1,132 @@
+- name: Setup Draft frontend
+  hosts: all
+  tasks:
+    - name: Store HOME directory
+      debug:
+        var: ansible_env.HOME
+
+    - name: Check if Node.js is installed
+      command: node --version
+      register: node_installed
+      failed_when: false
+      changed_when: false
+
+    - name: Install Node.js Package Manager
+      yum:
+        name: nodejs
+        state: latest
+      become: yes
+      when: node_installed.rc != 0
+
+    - name: Check if npm is installed
+      command: npm --version
+      register: npm_installed
+      failed_when: false
+      changed_when: false
+
+    - name: Install Node.js Package Manager
+      yum:
+        name: npm
+        state: latest
+      become: yes
+      when: npm_installed.rc != 0
+
+    - name: Check if Git is installed
+      command: git --version
+      register: git_installed
+      failed_when: false
+      changed_when: false
+
+    - name: Install Git
+      yum:
+        name: git
+        state: latest
+      become: yes
+      when: git_installed.rc != 0
+
+    - name: Clone repository if it doesn't exist
+      git:
+        repo: 'https://github.com/private-attribution/draft.git'
+        dest: '{{ ansible_env.HOME }}/draft'
+
+    - name: Install packages based on package-lock.json via npm
+      npm:
+        path: '{{ ansible_env.HOME}}/draft/server'
+        state: present
+        ci: true
+
+    - name: Check if Traefik is installed
+      command: '{{ ansible_env.HOME }}/draft/traefik version'
+      register: traefik_installed
+      failed_when: false
+      changed_when: false
+
+    - name: Download Traefik
+      get_url:
+        url: 'https://github.com/traefik/traefik/releases/download/v2.11.0/traefik_v2.11.0_linux_amd64.tar.gz'
+        dest: '{{ ansible_env.HOME }}/traefik_v2.11.0_linux_amd64.tar.gz'
+        checksum: 'sha256:7f31f1cc566bd094f038579fc36e354fd545cf899523eb507c3cfcbbdb8b9552'
+      when: traefik_installed.rc != 0
+
+    - name: Ensure extraction directory exists
+      file:
+        path: '{{ ansible_env.HOME }}/traefix_extract/'
+        state: directory
+
+    - name: Extract Traefik
+      unarchive:
+        src: '{{ ansible_env.HOME }}/traefik_v2.11.0_linux_amd64.tar.gz'
+        dest: '{{ ansible_env.HOME }}/traefix_extract/'
+        remote_src: yes
+      when: traefik_installed.rc != 0
+
+    - name: Copy Traefik binary into draft directory
+      copy:
+        src: '{{ ansible_env.HOME }}/traefix_extract/traefik'
+        dest: '{{ ansible_env.HOME }}/draft'
+        mode: '0775'
+        remote_src: yes
+
+    - name: Grant CAP_NET_BIND_SERVICE capability to traefik binary
+      command: 'setcap cap_net_bind_service=+ep {{ ansible_env.HOME }}/draft/traefik'
+      become: yes
+
+    - name: Create cert directory
+      file:
+        path: '{{ ansible_env.HOME }}/cert'
+        state: directory
+
+    - name: Load cert.pem file
+      shell: >
+        aws secretsmanager get-secret-value
+        --secret-id cert.pem
+        --region {{ aws_region }}
+        --query SecretString
+        --output text > cert.pem
+      args:
+        chdir: '{{ ansible_env.HOME }}/cert'
+        executable: /bin/bash
+
+
+    - name: Load key.pem file
+      shell: >
+        aws secretsmanager get-secret-value
+        --secret-id key.pem
+        --region {{ aws_region }}
+        --query SecretString
+        --output text > key.pem
+      args:
+        chdir: '{{ ansible_env.HOME }}/cert'
+        executable: /bin/bash
+
+    - name: start traefik and nextjs
+      shell: >
+        npm run pm2-start
+      environment:
+        CERT_DIR: '{{ ansible_env.HOME }}/cert/'
+        DRAFT_DOMAIN: '{{ draft_domain }}'
+        DRAFT_PORT: '{{ draft_port }}'
+
+      args:
+        chdir: '{{ ansible_env.HOME }}/draft/server'
+        executable: /bin/bash