playbook-galaxy-stack.yaml

---

- name: Galaxy DB Servers
  hosts: galaxy_db_servers
  roles:
    # FIXME: bootstrap does users now
    # postgresql before users so that the postgres user exists for the group mod in users
    - role: galaxyproject.postgresql
    - role: galaxyproject.general.systemd
    - role: galaxyproject.general.users
    - role: galaxyproject.gxadmin
      tags: gxadmin
    - role: galaxyproject.postgresql_objects
      become: true
      become_user: postgres
  post_tasks:
    - name: Install PostgreSQL contrib package for pgcrypto
      ansible.builtin.dnf:
        name: "postgresql{{ __postgresql_version_dotless }}-contrib"
    - name: Install pgcrypto on Galaxy database
      community.postgresql.postgresql_ext:
        name: pgcrypto
        db: "galaxy_{{ galaxy_instance_codename }}"
      become: true
      become_user: postgres
  tags: postgres

- name: Galaxy Redis Servers
  hosts: galaxy_redis_servers
  roles:
    - geerlingguy.redis
  tags: redis

- name: Galaxy Servers
  hosts: galaxy_servers
  vars_files:
    # for tiaas_nginx_routes used by templates
    - "{{ playbook_dir }}/roles/galaxyproject.tiaas2/defaults/main.yml"
  pre_tasks:
    # Because loading the defaults above clears the tiaas_* vars in group_vars. set as a fact because vars is lower
    # precedence than vars_files
    - ansible.builtin.set_fact:
        tiaas_dir: "/srv/tiaas/{{ galaxy_instance_codename }}"
      when: galaxy_instance_codename is defined
    # Done before nginx is installed because it will fail to start if the module doesn't exist
    - name: Install NGINX upload module
      ansible.builtin.dnf:
        name: "{{ nginx_upload_module_url }}"
        disable_gpg_check: true
      when: nginx_upload_module_url is defined
    - name: Install NGINX zip module
      ansible.builtin.get_url:
        url: "{{ nginx_mod_zip_url }}"
        dest: /usr/lib64/nginx/modules/ngx_http_zip_module.so
        mode: 0755
      when: nginx_mod_zip_url is defined
    # This should not be necessary - it is /var/lib/nginx/tmp/proxy, and even setting proxy_temp_path doesn't fix it. I
    # think this is harcoded in the upload module somewhere since it was built from pkg-oss?
    - name: Create /var/cache/nginx/proxy_temp
      file:
        path: /var/cache/nginx/proxy_temp
        owner: "{{ galaxy_user }}"
        mode: "0755"
        state: directory
      when: nginx_upload_module_url is defined
    - name: Grant necessary access to NGINX in SELinux
      ansible.posix.seboolean:
        name: "{{ item }}"
        state: true
        persistent: true
      loop:
        - httpd_can_network_connect
        - httpd_use_fusefs
  roles:
    - role: galaxyproject.nginx
  post_tasks:
  tags: nginx

- name: Galaxy Servers
  hosts: galaxy_servers
  tasks:
    - name: Install PolicyKit rule for gxsrc systemctl privileges
      ansible.builtin.template:
        src: polkit/99-galaxy-server.rules.j2
        dest: /etc/polkit-1/rules.d/99-galaxy-server.rules
        owner: root
        group: root
        mode: "0644"
    - name: Install slurm-drmaa
      ansible.builtin.dnf:
        name: "{{ slurm_drmaa_rpm_url }}"
        disable_gpg_check: true
  tags: galaxy

- name: Deploy TIaaS
  hosts: tiaas_servers
  roles:
    - galaxyproject.tiaas2
  tags: tiaas

- name: Galaxy Tailnet
  hosts: galaxy_tailnet_hosts
  roles:
    - role: artis3n.tailscale