diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c90e0625e6..34c0515e89 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -77,26 +77,6 @@ jobs: status: "FAILURE (functional test $BROWSER)" color: danger - ansible_buildout_test: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Ansible buildout test - run: docker run -v ${GITHUB_WORKSPACE}:/openprescribing/ dockette/debian:buster /bin/bash -c "cd /openprescribing/ansible && bash test_playbook.sh" - env: - LANG: en_US.UTF-8 - - name: Notify slack failure - if: failure() - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: technoise - status: "FAILURE (ansible)" - color: danger - linting: runs-on: ubuntu-latest @@ -124,7 +104,7 @@ jobs: notify_slack: runs-on: ubuntu-latest - needs: [ unit_test , functional_tests , ansible_buildout_test, linting ] + needs: [ unit_test , functional_tests , linting ] steps: - name: Notify slack success diff --git a/README.md b/README.md index a1f99082cc..798245adb5 100644 --- a/README.md +++ b/README.md @@ -8,14 +8,11 @@ Information about data sources used on OpenPrescribing can be found [here](https # Set up the application -You can install the application dependencies either on bare metal, or -virtualised inside docker, or virtualbox (via vagrant). +You can install the application dependencies either on bare metal or +virtualised inside docker. Which to use? -* The vagrant route is probably the easiest. It creates a virtual - Debian server and then uses `ansible` to install all the dependencies - for you. * We currently deploy the site to production on bare metal, though we may well switch to using ansible in the medium term. Use this route if you don't want to mess around with virtualisation for some @@ -26,24 +23,12 @@ Which to use? environment. Use this route to reproduce the Github Actions test environment exactly (i.e. you probably don't want to use this route!) -## Using vagrant - -Requires [Vagrant](https://www.vagrantup.com/downloads.html) and [VirtualBox](https://www.virtualbox.org/wiki/Downloads) - -### Provision the vagrant box - - - cd openprescribing/ansible - vagrant up # invokes `vagrant provision` the first time it's run - -### Start the server - - vagrant ssh # also activates the virtualenv for you - python manage.py runserver_plus 0.0.0.0:8000 - -The application should then be accessible at -``http://127.0.0.1:3333/`` (using the vagrant-forwarded port) from a -web browser on the host computer. +Note: we used to have a set of Ansible scripts for configuring a Vagrant +box ready for local development but, while these were tested in CI, they +weren't being actively used and it turned out to be non-trivial to +get them to install Python 3.8; so we've removed them for now. See the +below PR if you want to investigate restoring them: +https://github.com/ebmdatalab/openprescribing/pull/3286 ## Using bare metal diff --git a/ansible/README.md b/ansible/README.md deleted file mode 100644 index fd88759e05..0000000000 --- a/ansible/README.md +++ /dev/null @@ -1,12 +0,0 @@ -There are two playbooks, `travis.yml` and `vagrant.yml`. - -The former is to install the app with a Travis docker environment, so -we can run integration tests there. It installs directly to the host -where it's running (i.e. a Travis docker container). - -The latter is for a developer to get a sandbox running within a -virtualbox. It installs over ssh. - -Both these playbooks set up the `environment` file by copying -`environment-sample` and doing a search-and-replace on any variables -defined as `envvars` in `ansible/vars.yml`. diff --git a/ansible/Vagrantfile b/ansible/Vagrantfile deleted file mode 100644 index b91d4fede4..0000000000 --- a/ansible/Vagrantfile +++ /dev/null @@ -1,69 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - - # define the box - config.vm.box = "debian/contrib-buster64" - - config.vm.hostname = "openprescribing" - - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. - config.vm.network :forwarded_port, host: 3333, guest: 8000 - # Required for NFS to work, pick any local IP - config.vm.network :private_network, ip: '192.168.50.50' - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - # config.vm.network "public_network" - # config.vm.network "private_network", type: "dhcp" - - config.vm.boot_timeout = 500 - - # If true, then any SSH connections made will enable agent forwarding. - # Default value: false - config.ssh.forward_agent = true - - # Set up synced folders. Use NFS for shared folders for better - # performance - config.vm.synced_folder "../", "/openprescribing", nfs: true - - config.vm.provider :virtualbox do |vb| - vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] - end - - # ansible provisioning - config.vm.provision "ansible_local" do |ansible| - ansible.pip_install_cmd = "curl https://bootstrap.pypa.io/get-pip.py | sudo python" - ansible.install_mode = "pip_args_only" - ansible.pip_args = "-r /openprescribing/ansible/vagrant_requirements.txt" - ansible.playbook = "vagrant.yml" - ansible.verbose = "vv" - end - - config.vm.provider "virtualbox" do |v| - # Use a quarter of available RAM - # Code from https://stefanwrobel.com/how-to-make-vagrant-performance-not-suck - host = RbConfig::CONFIG['host_os'] - - # Give VM 1/4 system memory - if host =~ /darwin/ - # sysctl returns Bytes and we need to convert to MB - mem = `sysctl -n hw.memsize`.to_i / 1024 - elsif host =~ /linux/ - # meminfo shows KB and we need to convert to MB - mem = `grep 'MemTotal' /proc/meminfo | sed -e 's/MemTotal://' -e 's/ kB//'`.to_i - elsif host =~ /mswin|mingw|cygwin/ - # Windows code via https://github.com/rdsubhas/vagrant-faster - mem = `wmic computersystem Get TotalPhysicalMemory`.split[1].to_i / 1024 - end - - mem = mem / 1024 / 4 - v.customize ["modifyvm", :id, "--memory", mem] - end -end diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg deleted file mode 100644 index 0bb702c035..0000000000 --- a/ansible/ansible.cfg +++ /dev/null @@ -1,3 +0,0 @@ -[defaults] -interpreter_python=/usr/bin/python3 -allow_world_readable_tmpfiles=True diff --git a/ansible/roles/app/tasks/main.yml b/ansible/roles/app/tasks/main.yml deleted file mode 100644 index 8eb84c3335..0000000000 --- a/ansible/roles/app/tasks/main.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- -- name: Setup Virtualenv and upgrade pip - pip: - state: latest - virtualenv: "{{ virtualenv_path }}" - name: - - pip - -- name: Upgrade setuptools - pip: - virtualenv: "{{ virtualenv_path }}" - name: - - setuptools==49.6.0 - -- name: install virtualenvwrapper - pip: - executable: pip3 - name: virtualenvwrapper - -- name: Create the .virtualenvs directory - become: yes - file: - state: directory - path: "{{ HOME }}/.virtualenvs" - owner: "{{ USER }}" - group: "{{ USER }}" - -- name: Connect virtualenvwrapper - file: - state: link - src: "{{ virtualenv_path }}" - path: "{{ HOME }}/.virtualenvs/openprescribing" - owner: "{{ USER }}" - group: "{{ USER }}" - -- name: Ensure cd to dir after workon - lineinfile: - dest: "{{ HOME }}/.virtualenvs/postactivate" - line: "cd {{ apps_root }}" - create: yes - mode: 0600 - -- name: Activate virtualenv on login - lineinfile: - dest: "{{ HOME }}/.bashrc" - line: "workon openprescribing" - -- name: Install requirements - pip: - virtualenv: "{{ virtualenv_path }}" - requirements: "{{ requirements_path }}" - -- name: Install jshint and less - become: yes - npm: - name: "{{ item }}" - path: "{{ apps_root }}/media/js" - global: yes - with_items: - - jshint - - less - -- name: Install browserify with version range (for browserify-shim) - become: yes - npm: - name: browserify - path: "{{ apps_root }}/media/js" - global: yes - version: '>= 2.3.0 <4' - -- name: Install packages based on package.json - npm: - path: "{{ apps_root }}/media/js" - -- name: Install ipdb - pip: - name: ipdb - virtualenv: "{{ virtualenv_path }}" - -- name: Make manage.py executable - file: - path: "{{ apps_root }}/manage.py" - mode: 0777 - -- name: Create environment file - copy: - remote_src: yes - src: "{{ repo_root }}/environment-sample" - dest: "{{ repo_root }}/environment" - force: yes - mode: 0660 - owner: "{{ USER }}" - -- name: Set up environment file - replace: - regexp: "{{ item.name }}=.*" - replace: "{{ item.name }}={{ item.content }}" - path: "{{ repo_root }}/environment" - with_items: "{{ envvars }}" - -- name: Django migrate - become: yes - become_user: "{{ USER }}" - shell: ". {{ virtualenv_path }}/bin/activate && ./manage.py migrate" - args: - chdir: "{{ apps_root }}" diff --git a/ansible/roles/setup/files/pg_hba.conf b/ansible/roles/setup/files/pg_hba.conf deleted file mode 100644 index b6114aea7c..0000000000 --- a/ansible/roles/setup/files/pg_hba.conf +++ /dev/null @@ -1,105 +0,0 @@ -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER 9ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", -# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that -# "password" sends passwords in clear text; "md5" is preferred since -# it sends encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the postmaster receives -# a SIGHUP signal. If you edit the file on a running system, you have -# to SIGHUP the postmaster for the changes to take effect. You can -# use "pg_ctl reload" to do that. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - - - - -# DO NOT DISABLE! -# If you change this first entry you will need to make sure that the -# database superuser can access the database using some other method. -# Noninteractive access to all databases is required during automatic -# maintenance (custom daily cronjobs, replication, and similar tasks). -# -# Database administrative login by Unix domain socket -local all postgres peer -local all all peer - -# TYPE DATABASE USER ADDRESS METHOD - -# "local" is for Unix domain socket connections only -local all all md5 - -# IPv4 local connections: -# Vagrant host -host all all 10.0.2.2/32 md5 -host all all 127.0.0.1/32 md5 - -# IPv6 local connections: -host all all ::1/128 md5 - -# Allow replication connections from localhost, by a user with the -# replication privilege. -#local replication postgres peer -#host replication postgres 127.0.0.1/32 md5 -#host replication postgres ::1/128 md5 diff --git a/ansible/roles/setup/files/postgresql.conf b/ansible/roles/setup/files/postgresql.conf deleted file mode 100644 index 85c3706c25..0000000000 --- a/ansible/roles/setup/files/postgresql.conf +++ /dev/null @@ -1,579 +0,0 @@ -# ----------------------------- -# PostgreSQL configuration file -# ----------------------------- -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pg_ctl reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# Memory units: kB = kilobytes Time units: ms = milliseconds -# MB = megabytes s = seconds -# GB = gigabytes min = minutes -# h = hours -# d = days - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -# The default values of these variables are driven from the -D command-line -# option or PGDATA environment variable, represented here as ConfigDir. - -data_directory = '/var/lib/postgresql/11/main' # use data in another directory - # (change requires restart) -hba_file = '/etc/postgresql/11/main/pg_hba.conf' # host-based authentication file - # (change requires restart) -ident_file = '/etc/postgresql/11/main/pg_ident.conf' # ident configuration file - # (change requires restart) - -# If external_pid_file is not explicitly set, no extra PID file is written. -external_pid_file = '/var/run/postgresql/11-main.pid' # write an extra PID file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTIONS AND AUTHENTICATION -#------------------------------------------------------------------------------ - -# - Connection Settings - - -listen_addresses = '*' # what IP address(es) to listen on; - # comma-separated list of addresses; - # defaults to 'localhost'; use '*' for all - # (change requires restart) -port = 5432 # (change requires restart) -max_connections = 100 # (change requires restart) -# Note: Increasing max_connections costs ~400 bytes of shared memory per -# connection slot, plus lock space (see max_locks_per_transaction). -#superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories - # (change requires restart) -#unix_socket_group = '' # (change requires restart) -#unix_socket_permissions = 0777 # begin with 0 to use octal notation - # (change requires restart) -#bonjour = off # advertise server via Bonjour - # (change requires restart) -#bonjour_name = '' # defaults to the computer name - # (change requires restart) - -# - Security and Authentication - - -#authentication_timeout = 1min # 1s-600s -ssl = true # (change requires restart) -#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers - # (change requires restart) -#ssl_renegotiation_limit = 512MB # amount of data between renegotiations -ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) -ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) -#ssl_ca_file = '' # (change requires restart) -#ssl_crl_file = '' # (change requires restart) -#password_encryption = on -#db_user_namespace = off - -# Kerberos and GSSAPI -#krb_server_keyfile = '' -#krb_srvname = 'postgres' # (Kerberos only) -#krb_caseins_users = off - -# - TCP Keepalives - -# see "man 7 tcp" for details - -#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; - # 0 selects the system default -#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; - # 0 selects the system default -#tcp_keepalives_count = 0 # TCP_KEEPCNT; - # 0 selects the system default - - -#------------------------------------------------------------------------------ -# RESOURCE USAGE (except WAL) -#------------------------------------------------------------------------------ - -# - Memory - - -shared_buffers = 128MB # min 128kB - # (change requires restart) -#temp_buffers = 8MB # min 800kB -#max_prepared_transactions = 0 # zero disables the feature - # (change requires restart) -# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory -# per transaction slot, plus lock space (see max_locks_per_transaction). -# It is not advisable to set max_prepared_transactions nonzero unless you -# actively intend to use prepared transactions. -#work_mem = 1MB # min 64kB -#maintenance_work_mem = 16MB # min 1MB -#max_stack_depth = 2MB # min 100kB - -# - Disk - - -#temp_file_limit = -1 # limits per-session temp file space - # in kB, or -1 for no limit - -# - Kernel Resource Usage - - -#max_files_per_process = 1000 # min 25 - # (change requires restart) -#shared_preload_libraries = '' # (change requires restart) - -# - Cost-Based Vacuum Delay - - -#vacuum_cost_delay = 0 # 0-100 milliseconds -#vacuum_cost_page_hit = 1 # 0-10000 credits -#vacuum_cost_page_miss = 10 # 0-10000 credits -#vacuum_cost_page_dirty = 20 # 0-10000 credits -#vacuum_cost_limit = 200 # 1-10000 credits - -# - Background Writer - - -#bgwriter_delay = 200ms # 10-10000ms between rounds -#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round -#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round - -# - Asynchronous Behavior - - -#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching - - -#------------------------------------------------------------------------------ -# WRITE AHEAD LOG -#------------------------------------------------------------------------------ - -# - Settings - - -#wal_level = minimal # minimal, archive, or hot_standby - # (change requires restart) -#fsync = on # turns forced synchronization on or off -#synchronous_commit = on # synchronization level; - # off, local, remote_write, or on -#wal_sync_method = fsync # the default is the first option - # supported by the operating system: - # open_datasync - # fdatasync (default on Linux) - # fsync - # fsync_writethrough - # open_sync -#full_page_writes = on # recover from partial page writes -#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers - # (change requires restart) -#wal_writer_delay = 200ms # 1-10000 milliseconds - -#commit_delay = 0 # range 0-100000, in microseconds -#commit_siblings = 5 # range 1-1000 - -# - Checkpoints - - -#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each -#checkpoint_timeout = 5min # range 30s-1h -#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 -#checkpoint_warning = 30s # 0 disables - -# - Archiving - - -#archive_mode = off # allows archiving to be done - # (change requires restart) -#archive_command = '' # command to use to archive a logfile segment - # placeholders: %p = path of file to archive - # %f = file name only - # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' -#archive_timeout = 0 # force a logfile segment switch after this - # number of seconds; 0 disables - - -#------------------------------------------------------------------------------ -# REPLICATION -#------------------------------------------------------------------------------ - -# - Sending Server(s) - - -# Set these on the master and on any standby that will send replication data. - -#max_wal_senders = 0 # max number of walsender processes - # (change requires restart) -#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables -#wal_sender_timeout = 60s # in milliseconds; 0 disables - -# - Master Server - - -# These settings are ignored on a standby server. - -#synchronous_standby_names = '' # standby servers that provide sync rep - # comma-separated list of application_name - # from standby(s); '*' = all -#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - -# - Standby Servers - - -# These settings are ignored on a master server. - -#hot_standby = off # "on" allows queries during recovery - # (change requires restart) -#max_standby_archive_delay = 30s # max delay before canceling queries - # when reading WAL from archive; - # -1 allows indefinite delay -#max_standby_streaming_delay = 30s # max delay before canceling queries - # when reading streaming WAL; - # -1 allows indefinite delay -#wal_receiver_status_interval = 10s # send replies at least this often - # 0 disables -#hot_standby_feedback = off # send info from standby to prevent - # query conflicts -#wal_receiver_timeout = 60s # time that receiver waits for - # communication from master - # in milliseconds; 0 disables - - -#------------------------------------------------------------------------------ -# QUERY TUNING -#------------------------------------------------------------------------------ - -# - Planner Method Configuration - - -#enable_bitmapscan = on -#enable_hashagg = on -#enable_hashjoin = on -#enable_indexscan = on -#enable_indexonlyscan = on -#enable_material = on -#enable_mergejoin = on -#enable_nestloop = on -#enable_seqscan = on -#enable_sort = on -#enable_tidscan = on - -# - Planner Cost Constants - - -#seq_page_cost = 1.0 # measured on an arbitrary scale -#random_page_cost = 4.0 # same scale as above -#cpu_tuple_cost = 0.01 # same scale as above -#cpu_index_tuple_cost = 0.005 # same scale as above -#cpu_operator_cost = 0.0025 # same scale as above -#effective_cache_size = 128MB - -# - Genetic Query Optimizer - - -#geqo = on -#geqo_threshold = 12 -#geqo_effort = 5 # range 1-10 -#geqo_pool_size = 0 # selects default based on effort -#geqo_generations = 0 # selects default based on effort -#geqo_selection_bias = 2.0 # range 1.5-2.0 -#geqo_seed = 0.0 # range 0.0-1.0 - -# - Other Planner Options - - -#default_statistics_target = 100 # range 1-10000 -#constraint_exclusion = partition # on, off, or partition -#cursor_tuple_fraction = 0.1 # range 0.0-1.0 -#from_collapse_limit = 8 -#join_collapse_limit = 8 # 1 disables collapsing of explicit - # JOIN clauses - - -#------------------------------------------------------------------------------ -# ERROR REPORTING AND LOGGING -#------------------------------------------------------------------------------ - -# - Where to Log - - -#log_destination = 'stderr' # Valid values are combinations of - # stderr, csvlog, syslog, and eventlog, - # depending on platform. csvlog - # requires logging_collector to be on. - -# This is used when logging to stderr: -#logging_collector = off # Enable capturing of stderr and csvlog - # into log files. Required to be on for - # csvlogs. - # (change requires restart) - -# These are only used if logging_collector is on: -#log_directory = 'pg_log' # directory where log files are written, - # can be absolute or relative to PGDATA -#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, - # can include strftime() escapes -#log_file_mode = 0600 # creation mode for log files, - # begin with 0 to use octal notation -#log_truncate_on_rotation = off # If on, an existing log file with the - # same name as the new log file will be - # truncated rather than appended to. - # But such truncation only occurs on - # time-driven rotation, not on restarts - # or size-driven rotation. Default is - # off, meaning append to existing files - # in all cases. -#log_rotation_age = 1d # Automatic rotation of logfiles will - # happen after that time. 0 disables. -#log_rotation_size = 10MB # Automatic rotation of logfiles will - # happen after that much log output. - # 0 disables. - -# These are relevant when logging to syslog: -#syslog_facility = 'LOCAL0' -#syslog_ident = 'postgres' - -# This is only relevant when logging to eventlog (win32): -#event_source = 'PostgreSQL' - -# - When to Log - - -#client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error - -#log_min_messages = warning # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic - -#log_min_error_statement = error # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic (effectively off) - -#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements - # and their durations, > 0 logs only - # statements running at least this number - # of milliseconds - - -# - What to Log - - -#debug_print_parse = off -#debug_print_rewritten = off -#debug_print_plan = off -#debug_pretty_print = on -#log_checkpoints = off -#log_connections = off -#log_disconnections = off -#log_duration = off -#log_error_verbosity = default # terse, default, or verbose messages -#log_hostname = off -log_line_prefix = '%t ' # special values: - # %a = application name - # %u = user name - # %d = database name - # %r = remote host and port - # %h = remote host - # %p = process ID - # %t = timestamp without milliseconds - # %m = timestamp with milliseconds - # %i = command tag - # %e = SQL state - # %c = session ID - # %l = session line number - # %s = session start timestamp - # %v = virtual transaction ID - # %x = transaction ID (0 if none) - # %q = stop here in non-session - # processes - # %% = '%' - # e.g. '<%u%%%d> ' -#log_lock_waits = off # log lock waits >= deadlock_timeout -#log_statement = 'none' # none, ddl, mod, all -#log_temp_files = -1 # log temporary files equal or larger - # than the specified size in kilobytes; - # -1 disables, 0 logs all temp files -log_timezone = 'UTC' - - -#------------------------------------------------------------------------------ -# RUNTIME STATISTICS -#------------------------------------------------------------------------------ - -# - Query/Index Statistics Collector - - -#track_activities = on -#track_counts = on -#track_io_timing = off -#track_functions = none # none, pl, all -#track_activity_query_size = 1024 # (change requires restart) -#update_process_title = on -#stats_temp_directory = 'pg_stat_tmp' - - -# - Statistics Monitoring - - -#log_parser_stats = off -#log_planner_stats = off -#log_executor_stats = off -#log_statement_stats = off - - -#------------------------------------------------------------------------------ -# AUTOVACUUM PARAMETERS -#------------------------------------------------------------------------------ - -#autovacuum = on # Enable autovacuum subprocess? 'on' - # requires track_counts to also be on. -#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and - # their durations, > 0 logs only - # actions running at least this number - # of milliseconds. -#autovacuum_max_workers = 3 # max number of autovacuum subprocesses - # (change requires restart) -#autovacuum_naptime = 1min # time between autovacuum runs -#autovacuum_vacuum_threshold = 50 # min number of row updates before - # vacuum -#autovacuum_analyze_threshold = 50 # min number of row updates before - # analyze -#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum -#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze -#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum - # (change requires restart) -#autovacuum_multixact_freeze_max_age = 400000000 # maximum Multixact age - # before forced vacuum - # (change requires restart) -#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for - # autovacuum, in milliseconds; - # -1 means use vacuum_cost_delay -#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for - # autovacuum, -1 means use - # vacuum_cost_limit - - -#------------------------------------------------------------------------------ -# CLIENT CONNECTION DEFAULTS -#------------------------------------------------------------------------------ - -# - Statement Behavior - - -#search_path = '"$user",public' # schema names -#default_tablespace = '' # a tablespace name, '' uses the default -#temp_tablespaces = '' # a list of tablespace names, '' uses - # only default tablespace -#check_function_bodies = on -#default_transaction_isolation = 'read committed' -#default_transaction_read_only = off -#default_transaction_deferrable = off -#session_replication_role = 'origin' -#statement_timeout = 0 # in milliseconds, 0 is disabled -#lock_timeout = 0 # in milliseconds, 0 is disabled -#vacuum_freeze_min_age = 50000000 -#vacuum_freeze_table_age = 150000000 -#vacuum_multixact_freeze_min_age = 5000000 -#vacuum_multixact_freeze_table_age = 150000000 -#bytea_output = 'hex' # hex, escape -#xmlbinary = 'base64' -#xmloption = 'content' - -# - Locale and Formatting - - -datestyle = 'iso, mdy' -#intervalstyle = 'postgres' -timezone = 'UTC' -#timezone_abbreviations = 'Default' # Select the set of available time zone - # abbreviations. Currently, there are - # Default - # Australia - # India - # You can create your own file in - # share/timezonesets/. -#extra_float_digits = 0 # min -15, max 3 -#client_encoding = sql_ascii # actually, defaults to database - # encoding - -# These settings are initialized by initdb, but they can be changed. -lc_messages = 'en_US.UTF-8' # locale for system error message - # strings -lc_monetary = 'en_US.UTF-8' # locale for monetary formatting -lc_numeric = 'en_US.UTF-8' # locale for number formatting -lc_time = 'en_US.UTF-8' # locale for time formatting - -# default configuration for text search -default_text_search_config = 'pg_catalog.english' - -# - Other Defaults - - -#dynamic_library_path = '$libdir' -#local_preload_libraries = '' - - -#------------------------------------------------------------------------------ -# LOCK MANAGEMENT -#------------------------------------------------------------------------------ - -#deadlock_timeout = 1s -#max_locks_per_transaction = 64 # min 10 - # (change requires restart) -# Note: Each lock table slot uses ~270 bytes of shared memory, and there are -# max_locks_per_transaction * (max_connections + max_prepared_transactions) -# lock table slots. -#max_pred_locks_per_transaction = 64 # min 10 - # (change requires restart) - - -#------------------------------------------------------------------------------ -# VERSION/PLATFORM COMPATIBILITY -#------------------------------------------------------------------------------ - -# - Previous PostgreSQL Versions - - -#array_nulls = on -#backslash_quote = safe_encoding # on, off, or safe_encoding -#default_with_oids = off -#escape_string_warning = on -#lo_compat_privileges = off -#quote_all_identifiers = off -#sql_inheritance = on -#standard_conforming_strings = on -#synchronize_seqscans = on - -# - Other Platforms and Clients - - -#transform_null_equals = off - - -#------------------------------------------------------------------------------ -# ERROR HANDLING -#------------------------------------------------------------------------------ - -#exit_on_error = off # terminate session on any error? -#restart_after_crash = on # reinitialize after backend crash? - - -#------------------------------------------------------------------------------ -# CONFIG FILE INCLUDES -#------------------------------------------------------------------------------ - -# These options allow settings to be loaded from files other than the -# default postgresql.conf. - -#include_dir = 'conf.d' # include files ending in '.conf' from - # directory 'conf.d' -#include_if_exists = 'exists.conf' # include file only if it exists -#include = 'special.conf' # include file - - -#------------------------------------------------------------------------------ -# CUSTOMIZED OPTIONS -#------------------------------------------------------------------------------ - -# Add settings for extensions here diff --git a/ansible/roles/setup/handlers/main.yml b/ansible/roles/setup/handlers/main.yml deleted file mode 100644 index 9c5f7b63b5..0000000000 --- a/ansible/roles/setup/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Restart Postgres - become: true - service: name=postgresql state=restarted diff --git a/ansible/roles/setup/tasks/main.yml b/ansible/roles/setup/tasks/main.yml deleted file mode 100644 index 7b5e9858e7..0000000000 --- a/ansible/roles/setup/tasks/main.yml +++ /dev/null @@ -1,228 +0,0 @@ ---- -- name: Install apt https transport - become: yes - apt: - pkg: apt-transport-https - state: present - -- name: Install gpg - become: yes - apt: - pkg: gpg - state: present - -- name: Add NodeSource apt signing key - become: yes - apt_key: - url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - state: present - -- name: Update Apt Cache - become: yes - apt: - update_cache: yes - -- name: Install system packages - become: yes - apt: - state: present - pkg: - - apt-transport-https - - ca-certificates - - binutils - - libproj-dev - - gdal-bin - - libgeoip1 - - libgeos-c1v5 - - git-core - - vim - - sudo - - screen - - supervisor - - libpq-dev - - python3-dev - - python3-pip - - python3-virtualenv - - python3-gdal - - emacs - - nginx - - build-essential - - libssl-dev - - libffi-dev - - unattended-upgrades - - libblas-dev - - liblapack-dev - - libatlas-base-dev - - gfortran - - libxml2-dev - - libxslt1-dev - - git - - virtualenvwrapper - - libfontconfig1 # for phantomjs - - libfontconfig1-dev - - firefox-esr - - xvfb - -- name: Add NodeSource 10.x apt repository - become: yes - apt_repository: - repo: 'deb https://deb.nodesource.com/node_10.x buster main' - update_cache: yes - mode: 0644 - -- name: Install nodejs - become: yes - apt: - state: present - pkg: - - nodejs - -- name: Add postgres apt key - become: yes - apt_key: - url: http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc - -- name: ensure postgres apt repository exists - become: yes - apt_repository: - repo: 'deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main' - update_cache: yes - mode: 0644 - -- name: Install database packages - become: yes - apt: - state: present - pkg: - - postgresql-11-postgis-2.5 - - postgresql-server-dev-11 # required for building pyscopg against correct postgres - - libpq-dev # Required for Ansible to interact with postgres - - python3-psycopg2 # Required for Ansible to interact with postgres - -- name: Create fabric group for automation - become: yes - group: - name: fabric - state: present - -- name: Add user to required groups - become: yes - user: - name: "{{ USER }}" - groups: www-data,fabric - -- name: Install virtualenv - become: yes - pip: - executable: pip3 - name: virtualenv - -- name: Allow password authentication for local socket users and allow connections other than localhost - become: yes - copy: - src: "{{ item }}" - dest: /etc/postgresql/11/main/{{ item }} - force: yes - with_items: - - pg_hba.conf - - postgresql.conf - notify: - - Restart Postgres - -- name: Ensure postgres running - become: yes - service: name=postgresql state=started - -- name: Allow password authentication for local socket users - become: yes - copy: src=pg_hba.conf dest=/etc/postgresql/11/main/pg_hba.conf force=yes - notify: - - Restart Postgres - -- name: Create Database - become: yes - # PostgreSQL will only allow users to login from the postgres account by default - become_user: postgres - postgresql_db: name={{ db_name }} - -- name: Add postgis extension - become: yes - become_user: postgres - postgresql_ext: name=postgis db={{ db_name }} - -- name: Create User - become: yes - become_user: postgres - postgresql_user: - name: "{{ db_user }}" - password: "{{ db_password }}" - state: present - role_attr_flags: SUPERUSER,CREATEDB - -- name: Give user permission for log folder - become: yes - file: - path: "{{ log_path }}" - state: directory - mode: 0777 - owner: "{{ USER }}" - recurse: yes - group: "{{ USER }}" - -- name: Download nvm - get_url: - url: https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh - dest: /tmp/install_nvm_0_33_8.sh - mode: 0644 - -- name: Install nvm - shell: > - sh /tmp/install_nvm_0_33_8.sh - -- name: Install node and set version - shell: > - /bin/bash -c "source ~/.nvm/nvm.sh && nvm install node" - -# use wget as ansible's get_url has some issues with ssl n OSX -# https://github.com/ansible/ansible/issues/33417 -- name: Get phantomjs - become: yes - get_url: - url: https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 - dest: /usr/local/share - mode: 0644 - -- name: Extract phantomjs - become: yes - unarchive: - remote_src: yes - src: /usr/local/share/phantomjs-2.1.1-linux-x86_64.tar.bz2 - dest: /usr/local/share - -- name: Symlink phantomjs - become: yes - file: - state: link - src: /usr/local/share/phantomjs-2.1.1-linux-x86_64/bin/phantomjs - path: /usr/local/bin/phantomjs - -- name: Get geckodriver - become: yes - get_url: - url: https://github.com/mozilla/geckodriver/releases/download/v0.16.1/geckodriver-v0.16.1-linux64.tar.gz - dest: /usr/local/share - mode: 0644 - -- name: Extract geckodriver - become: yes - unarchive: - remote_src: yes - src: /usr/local/share/geckodriver-v0.16.1-linux64.tar.gz - dest: /usr/local/share - -- name: Symlink geckodriver - become: yes - file: - state: link - src: /usr/local/share/geckodriver - path: /usr/local/bin/geckodriver diff --git a/ansible/test_playbook.sh b/ansible/test_playbook.sh deleted file mode 100755 index 04dc2d93fb..0000000000 --- a/ansible/test_playbook.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -set -e -o pipefail - -# Install ansible dependencies -cd /openprescribing/ansible -apt-get update && apt-get -qq -y install locales curl python3 python3-distutils python3-apt -curl https://bootstrap.pypa.io/pip/get-pip.py | python3 -echo "Downgrading setuptools to <50 for Debian/Ubuntu compatibility" -pip install setuptools==49.6.0 -/usr/local/bin/pip install -r vagrant_requirements.txt - -# Set up the locale we use in postgres -sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen && locale-gen - -# Run the playbook -/usr/local/bin/ansible-playbook travis.yml - -# Do minimal database-connection test -SKIP_NPM_BUILD=1 /openprescribing/venv/bin/python /openprescribing/openprescribing/manage.py test frontend.tests.test_models.SearchBookmarkTestCase - -# Check that gunicorn can start -CHECK_CONFIG=1 PORT=8000 /openprescribing/bin/gunicorn_start diff --git a/ansible/travis.yml b/ansible/travis.yml deleted file mode 100644 index 47d2b90a02..0000000000 --- a/ansible/travis.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: A play for installing locally, used for testing tasks in Travis - # The following two variables mean the app is installed directly in - # the Travis environment, as opposed to the default which installs - # over SSH to a remote host - hosts: 127.0.0.1 - connection: local - roles: - - roles/setup - - roles/app - vars_files: - - vars.yaml - tasks: - - name: Add the vagrant user - user: - name: "{{ USER }}" - shell: /bin/bash - state: present diff --git a/ansible/vagrant.yml b/ansible/vagrant.yml deleted file mode 100644 index 19a78ccd14..0000000000 --- a/ansible/vagrant.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- hosts: all - pre_tasks: - - name: 'install python3' - raw: sudo apt-get -y install python3-simplejson - roles: - - roles/setup - - roles/app - vars_files: - - vars.yaml diff --git a/ansible/vagrant_requirements.txt b/ansible/vagrant_requirements.txt deleted file mode 100644 index 56d51518e4..0000000000 --- a/ansible/vagrant_requirements.txt +++ /dev/null @@ -1,4 +0,0 @@ -ansible==4.4.0 -pyOpenSSL>=16.2.0 # needed for ansible -urllib3[secure] # needed for modern certificate verification -cffi>=1.6 # See https://github.com/nylas/sync-engine/pull/295 diff --git a/ansible/vars.yaml b/ansible/vars.yaml deleted file mode 100644 index 0268e7af1a..0000000000 --- a/ansible/vars.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -USER: vagrant -HOME: "/home/{{ USER }}" -db_user: dev -db_password: sdkjasdalskdax -db_name: openprescribing_dev -secret_key: sdjfhasiufqpiasln -repo_root: /openprescribing -django_settings_module: openprescribing.settings.production -virtualenv_path: "{{ repo_root }}/venv" -apps_root: "{{ repo_root }}/openprescribing" -requirements_path: "{{ repo_root }}/requirements.txt" -log_path: "{{ repo_root }}/logs" - -envvars: - - var: DJANGO_SETTINGS_MODULE - name: DJANGO_SETTINGS_MODULE - content: "{{ django_settings_module }}" - - var: VIRTUALENV_PATH - name: VIRTUALENV_PATH - content: "{{ virtualenv_path }}" - - var: DB_NAME - name: DB_NAME - content: "{{ db_name }}" - - var: DB_USER - name: DB_USER - content: "{{ db_user }}" - - var: DB_PASS - name: DB_PASS - content: "{{ db_password }}" - - var: DB_HOST - name: DB_HOST - content: "localhost" - - var: SECRET_KEY - name: SECRET_KEY - content: "{{ secret_key }}" diff --git a/environment-sample b/environment-sample index a22bc041fe..143a621eec 100644 --- a/environment-sample +++ b/environment-sample @@ -1,5 +1,5 @@ -## This isn't just an example file; it's used in our ansible buildouts -## and integration tests, so must be kept up to date. +## This isn't just an example file; it's used in our integration tests, so must +## be kept up to date. # Path to virtualenv VIRTUALENV_PATH=