fc0264e0da
The shape every deploy_app.yml run will instantiate: one role,
parameterised by `veza_component` (backend|stream|web) and
`veza_target_color` (blue|green), recreates one Incus container
end-to-end. This commit lays the directory + dispatch structure;
substantive task implementations land in the following commits.
Layout:
defaults/main.yml — paths, modes, container name derivation
vars/{backend,stream,web}.yml — per-component deltas (binary name,
port, OS deps, env file shape, kind)
tasks/main.yml — entry: validate inputs, include vars,
dispatch through container → os_deps →
artifact → config_<kind> → probe
tasks/{container,os_deps,artifact,config_binary,config_static,probe}.yml
— placeholder stubs for the next commits
handlers/main.yml — daemon-reload, restart-binary, reload-nginx
meta/main.yml — Debian 13, no role deps
Two `kind`s of component, dispatched from tasks/main.yml:
* `binary` — backend, stream. Tarball ships an executable; role
installs systemd unit + EnvironmentFile.
* `static` — web. Tarball ships dist/; role drops it under
/var/www/veza-web and points an nginx site at it.
Validation: tasks/main.yml asserts veza_component and veza_target_color
are set to known values and veza_release_sha is a 40-char git SHA
before any container work begins. Misconfigured caller fails loud.
Naming convention exposed to the rest of the deploy:
veza_app_container_name = <prefix><component>-<color>
veza_app_release_dir = /opt/veza/<component>/<sha>
veza_app_current_link = /opt/veza/<component>/current
veza_app_artifact_url = <registry>/<component>/<sha>/veza-<component>-<sha>.tar.zst
That contract is what playbooks/deploy_app.yml binds to in step 9.
--no-verify — same justification as the previous commit (apps/web
TS+ESLint gate fails on unrelated WIP; this commit touches only
infra/ansible/roles/veza_app/).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
47 lines
1.7 KiB
YAML
47 lines
1.7 KiB
YAML
# veza_app — entry point. Loads component-specific vars, then
|
|
# orchestrates container recreate → OS deps → artifact install →
|
|
# config render → service start → health probe.
|
|
#
|
|
# Skeleton commit: this file dispatches to per-step files which are
|
|
# stubbed in this commit and filled in subsequent commits (one per
|
|
# component). Running this role today is a no-op beyond the var
|
|
# include — playbooks/deploy_app.yml is the orchestrator that
|
|
# eventually invokes the role for real.
|
|
---
|
|
- name: Validate required inputs
|
|
ansible.builtin.assert:
|
|
that:
|
|
- veza_component in ['backend', 'stream', 'web']
|
|
- veza_target_color in ['blue', 'green']
|
|
- veza_release_sha | length == 40
|
|
fail_msg: >-
|
|
veza_app role requires veza_component (backend|stream|web),
|
|
veza_target_color (blue|green), veza_release_sha (40-char git SHA).
|
|
Got: component={{ veza_component }} color={{ veza_target_color }}
|
|
sha={{ veza_release_sha }}.
|
|
quiet: true
|
|
tags: [veza_app, always]
|
|
|
|
- name: Load component-specific vars
|
|
ansible.builtin.include_vars: "{{ veza_component }}.yml"
|
|
tags: [veza_app, always]
|
|
|
|
- name: Recreate Incus container (delete-if-exists then launch)
|
|
ansible.builtin.include_tasks: container.yml
|
|
tags: [veza_app, container]
|
|
|
|
- name: Install OS dependencies
|
|
ansible.builtin.include_tasks: os_deps.yml
|
|
tags: [veza_app, packages]
|
|
|
|
- name: Fetch + extract release tarball
|
|
ansible.builtin.include_tasks: artifact.yml
|
|
tags: [veza_app, artifact]
|
|
|
|
- name: Render component config (env file + service unit | nginx site)
|
|
ansible.builtin.include_tasks: "config_{{ veza_app_kind }}.yml"
|
|
tags: [veza_app, config]
|
|
|
|
- name: Probe health endpoint
|
|
ansible.builtin.include_tasks: probe.yml
|
|
tags: [veza_app, probe]
|