From 6b9ce4a0c21727bdfe136e27a27e8eee4851b631 Mon Sep 17 00:00:00 2001
From: Kaitlyn Parkhurst <symkat@symkat.com>
Date: Wed, 30 Nov 2022 04:35:48 -0800
Subject: [PATCH] More things.

---
 README.md                                     |  2 +-
 ansible/README.md                             |  3 +
 .../files/stripe-backend.service              | 12 +++
 .../roles/mjb-profile-panel/tasks/main.yml    |  4 +
 .../tasks/stripe-backend.yml                  | 29 ++++++
 .../mjb-role-webapp/templates/mjb.yml.j2      |  7 ++
 ansible/update-software.yml                   | 88 +++++++++++++++++++
 7 files changed, 144 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/mjb-profile-panel/files/stripe-backend.service
 create mode 100644 ansible/roles/mjb-profile-panel/tasks/stripe-backend.yml
 create mode 100644 ansible/update-software.yml

diff --git a/README.md b/README.md
index 62dc88e..3248a32 100644
--- a/README.md
+++ b/README.md
@@ -199,7 +199,7 @@ Before proceeding from this section, review the section checklist to ensure you
 
 ### Configure The Panel
 
-An initial admin account is created during the ansible installation.  The credentials for the admin account are in the `inventory.yml` file under `admin\_user:`.
+An initial admin account is created during the ansible installation.  The credentials for the admin account are in the `inventory.yml` file under `admin_user:`.
 
 Now that I have the admin account credentials, I can access the Servers tab at https://panel.mjb-stage.com/admin/servers
 
diff --git a/ansible/README.md b/ansible/README.md
index c275b11..55f1a8d 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -19,6 +19,9 @@ ansible-vault edit --vault-password-file .vault_password env/stage/vault.yml
 
 # Running the playbook to ensure everything is setup:
 ansible-playbook -i env/stage/inventory.yml --vault-password-file .vault_password -e @env/stage/vault.yml site.yml
+
+# Updateing MJB Software & Restarting mjb.panel, mjb.worker, and mjb.certbot
+ansible-playbook -i env/stage/inventory.yml --vault-password-file .vault_password -e @env/stage/vault.yml update-software.yml
 ```
 
 
diff --git a/ansible/roles/mjb-profile-panel/files/stripe-backend.service b/ansible/roles/mjb-profile-panel/files/stripe-backend.service
new file mode 100644
index 0000000..3ea03c5
--- /dev/null
+++ b/ansible/roles/mjb-profile-panel/files/stripe-backend.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Stripe Backend Server
+After=network.target
+
+[Service]
+User=manager
+Group=manager
+WorkingDirectory=/home/manager/mjb/Web/script
+ExecStart=/usr/bin/gunicorn --workers 3 --bind 127.0.0.1:8000 stripe-backend:app
+
+[Install]
+WantedBy=multi-user.target
diff --git a/ansible/roles/mjb-profile-panel/tasks/main.yml b/ansible/roles/mjb-profile-panel/tasks/main.yml
index 55992ba..70b61fb 100644
--- a/ansible/roles/mjb-profile-panel/tasks/main.yml
+++ b/ansible/roles/mjb-profile-panel/tasks/main.yml
@@ -25,6 +25,10 @@
     group: manager
     mode: 0600
 
+- name: Support running stripe-backend
+  include_tasks:
+    file: stripe-backend.yml
+
 - name: Start & enable mjb.panel
   service:
     name: mjb.panel
diff --git a/ansible/roles/mjb-profile-panel/tasks/stripe-backend.yml b/ansible/roles/mjb-profile-panel/tasks/stripe-backend.yml
new file mode 100644
index 0000000..f915822
--- /dev/null
+++ b/ansible/roles/mjb-profile-panel/tasks/stripe-backend.yml
@@ -0,0 +1,29 @@
+- name: Install packages
+  apt:
+    name: [
+      'python3-pip',
+      'gunicorn',
+    ]
+    state: present
+
+- name: Install stripe-backend.service file.
+  copy:
+    dest: /etc/systemd/system/stripe-backend.service
+    src: "{{ role_path }}/files/stripe-backend.service"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install Python Packages 
+  shell: pip3 install "{{ item }}"
+  become: true
+  become_user: manager
+  with_items:
+    - "flask"
+    - "stripe"
+
+- name: Start Stripe Backend
+  service:
+    name: stripe-backend
+    state: restarted
+    enabled: true
diff --git a/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2 b/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
index bd51dd0..cdba86f 100644
--- a/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
+++ b/ansible/roles/mjb-role-webapp/templates/mjb.yml.j2
@@ -19,6 +19,13 @@ secrets:
   - {{ secret }}
 {% endfor %}
 
+stripe:
+    enable: {{ panel_config.stripe.enable }}
+    lookup_key: {{ panel_config.stripe.lookup_key }}
+    backend: {{ panel_config.stripe.backend }}
+    api_key: {{ panel_config.stripe.api_key }}
+    return_domain: https://{{ domain_name.panel }}
+
 register:
   # If a user clicks 'register' which system should they go to?
   default: {{ panel_config.register.default }}
diff --git a/ansible/update-software.yml b/ansible/update-software.yml
new file mode 100644
index 0000000..356b028
--- /dev/null
+++ b/ansible/update-software.yml
@@ -0,0 +1,88 @@
+- name: Update MJB Software
+  remote_user: root
+  hosts: 
+    - store
+    - buildservers
+    - panel
+    - certbot
+  vars:
+    ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no
+  tasks:
+    - name: "Get latest changes from {{ repo }}"
+      git:
+        repo: "{{ repo }}"
+        dest: /home/manager/mjb
+        accept_hostkey: true
+      become: true
+      become_user: manager
+    - name: Rebuild MJB::DB
+      shell: dzil build > /home/manager/.build-logs/mjb-db.log 2>&1
+      args:
+        chdir: /home/manager/mjb/DB
+      environment:
+        PATH:                '/home/manager/perl5/bin:/usr/local/bin:/usr/bin:/bin'
+        PERL5LIB:            '/home/manager/perl5/lib/perl5'
+        PERL_MB_OPT:         '--install_base "/home/manager/perl5"'
+        PERL_MM_OPT:         'INSTALL_BASE=/home/manager/perl5'
+        PERL_LOCAL_LIB_ROOT: '/home/manager/perl5'
+      become: true
+      become_user: manager
+
+    - name: Reinstall MJB::DB
+      shell: cpanm MJB-DB-*.tar.gz
+      args:
+        chdir: /home/manager/mjb/DB
+      environment:
+        PATH:                '/home/manager/perl5/bin:/usr/local/bin:/usr/bin:/bin'
+        PERL5LIB:            '/home/manager/perl5/lib/perl5'
+        PERL_MB_OPT:         '--install_base "/home/manager/perl5"'
+        PERL_MM_OPT:         'INSTALL_BASE=/home/manager/perl5'
+        PERL_LOCAL_LIB_ROOT: '/home/manager/perl5'
+      become: true
+      become_user: manager
+
+    - name: Clean MJB::DB
+      shell: dzil clean
+      args:
+        chdir: /home/manager/mjb/DB
+      environment:
+        PATH:                '/home/manager/perl5/bin:/usr/local/bin:/usr/bin:/bin'
+        PERL5LIB:            '/home/manager/perl5/lib/perl5'
+        PERL_MB_OPT:         '--install_base "/home/manager/perl5"'
+        PERL_MM_OPT:         'INSTALL_BASE=/home/manager/perl5'
+        PERL_LOCAL_LIB_ROOT: '/home/manager/perl5'
+      become: true
+      become_user: manager
+
+- name: Reload Panel Service
+  remote_user: root
+  hosts: panel
+  vars:
+    ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no
+  tasks:
+    - name: Restart mjb.panel
+      service:
+        name: mjb.panel
+        state: restarted
+
+- name: Reload Certbot Worker
+  remote_user: root
+  hosts: certbot
+  vars:
+    ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no
+  tasks:
+    - name: Restart mjb.certbot
+      service:
+        name: mjb.certbot
+        state: restarted
+
+- name: Reload Worker
+  remote_user: root
+  hosts: buildservers
+  vars:
+    ansible_ssh_common_args: -oControlMaster=auto -oControlPersist=60s -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no
+  tasks:
+    - name: Restart mjb.worker
+      service:
+        name: mjb.worker
+        state: restarted