{"id":26179231,"url":"https://github.com/andersinno/passari-ansible","last_synced_at":"2026-01-28T20:37:58.061Z","repository":{"id":280991454,"uuid":"942012798","full_name":"andersinno/passari-ansible","owner":"andersinno","description":"Deploying Passari via Ansible","archived":false,"fork":false,"pushed_at":"2025-03-06T11:23:18.000Z","size":1426,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-03-06T12:24:09.364Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andersinno.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-03T12:35:41.000Z","updated_at":"2025-03-06T11:23:21.000Z","dependencies_parsed_at":"2025-03-06T12:34:39.187Z","dependency_job_id":null,"html_url":"https://github.com/andersinno/passari-ansible","commit_stats":null,"previous_names":["andersinno/passari-ansible"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andersinno%2Fpassari-ansible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andersinno%2Fpassari-ansible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andersinno%2Fpassari-ansible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andersinno%2Fpassari-ansible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andersinno","download_url":"https://codeload.github.com/andersinno/passari-ansible/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243119621,"owners_count":20239320,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-11T21:49:20.229Z","updated_at":"2026-01-28T20:37:58.053Z","avatar_url":"https://github.com/andersinno.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Passari Ansible\n\nAnsible playbooks to provision AlmaLinux 9 based hosts for system for\ndigital preservation with Passari.\n\n## Installing Ansible\n\nTo get started, install Ansible. On Fedora-based systems such\nAlmaLinux, you can run:\n\n    sudo dnf install ansible\n\nOn Debian-based systems, you can run:\n\n    sudo apt-get install ansible\n\nYou may also install Ansible using Python's Pip package manager and\nutilize the provided `requirements.txt` file. Use a separate virtual\nenvironment to avoid conflicts with system packages:\n\n    python3 -m venv .venv\n    source .venv/bin/activate\n    pip install -r requirements.txt\n\n## Configuration\n\nTo configure the Ansible playbooks, you need to create an inventory.\nThere is an example inventory in `inventory/example` which you can copy\nto e.g. `inventory/production` and modify as needed.\n\nThe inventory should contain the hosts that you want to provision and\nthe groups that they belong to. The groups are used to apply roles to\nthe hosts.\n\nThe inventory should also contain the variables that are used to\nconfigure the hosts. The variables are stored in the `group_vars` and\n`host_vars` directories.\n\n## Running the Playbooks\n\nWhen Ansible is installed, you can run the playbook by running:\n\n    ansible-playbook -J -i inventory/YOUR_INVENTORY site.yml\n\n### Testing the Playbooks with a Single Host\n\nIt's also possible to test the playbooks with a single host by using\nthe `inventory/example` inventory and defining the connection settings\nin `inventory/example/host_vars/example-host/connection.yml`.  There is\na template file in that directory that you can copy and modify.\n\nTo run the playbook with the example inventory, you can run:\n\n    ansible-playbook -i inventory/example site.yml\n\n## SSL certificates\n\nThis configuration uses so called dev cert by default.  It's a\nself-signed SSL certificate with a \"private\" key, which is stored\nunencrypted to this repository and therefore it's only good for\ndevelopment purposes.  For production, either enable the Let's Encrypt\nwith `letsencrypt_enabled` variable or define your custom SSL\ncertificate via `passari_web_ui_ssl_cert` variable and its key via\n`passari_web_ui_ssl_cert_key` variable. (Remember to store the key in an\nencrypted vault file.)\n\n### Generating SSL certificate and key\n\nTo generate a Certificate Signing Request (CSR) and a corresponding key\nuse the command:\n\n    openssl req -newkey rsa:2048 -nodes -keyout ssl.key -out ssl.csr\n\nThe CN field should have the domain name (FQDN) of the site.\n\nYou may check the CSR file contents with:\n\n    openssl req -text -noout \u003c ssl.csr\n\nThe key file is usable as is, but the CSR you should send for signing.\nWhen a CA has signed the CSR, they will send you the signed certificate.\nIf the signed certificate is in PEM format, i.e. a text file that starts\nwith `-----BEGIN CERTIFICATE-----`, then you can use copy-paste it as-is\nto the `settings.yml`. Just add indentation and use YAML's multiline\nsupport.  See the `passari_web_ui_dev_ssl_cert` for an example.  If the\nsigned cert is in a binary format (usually named *.cer) you may use the\nfollowing command to convert it to the PEM text format:\n\n    openssl x509 \u003c ssl.cer \u003e ssl.crt\n\nIt's also possible to self-sign the CSR, but that's only good for\ntesting purposes, since browsers will complain about self-signed certs.\nSelf-signing the CSR can be done with:\n\n    openssl x509 -signkey ssl.key -req -days 365 \u003c ssl.csr \u003e ssl.crt\n\n## Architecture\n\nThe Ansible playbooks are divided into roles which are used to provision\nthe hosts. The hosts belong to groups which define the roles that are\napplied to them.\n\nThe host groups are:\n\n- `workflow_workers`\n- `web_ui_hosts`\n- `database_hosts`\n- `backup_hosts`\n\nThe roles are:\n\n- `common`: Common packages and settings for all hosts\n- `passari_workflow`: Passari Workflow Worker\n- `passari_web_ui`: Passari Web User Interface\n- `validators`: Installs software used in the SIP validation\n- `passari_packages`: Installation packages for the Workflow and Web UI\n- `passari_user`: Create the user account for the Passari services\n- `python_install`: Provide another Python version (used for Passari)\n- `nginx`: Nginx web server for serving the Web UI\n- `uwsgi`: uWSGI application server for the Web UI\n- `letsencrypt`: Let's Encrypt CertBot for renewing TLS certificates\n- `postgresql`: PostgreSQL database for the web UI and Workflow\n- `redis`: Redis key-value store for the Workflow Workers\n- `passari_backup`: Backup the Passari database\n\nThe dependency tree of the host groups and roles is as follows. Note\nthat the `common` role is applied to all hosts, but it is not shown in\nthe graph.\n\n```mermaid\ngraph TD;\n    WW[workflow_workers];\n    WW --\u003e WF[passari_workflow];\n    WF --\u003e validators;\n    WF --\u003e passari_user;\n    WF --\u003e passari_packages;\n\n    WH[web_ui_hosts];\n    WH --\u003e WU[passari_web_ui];\n    WH --\u003e letsencrypt;\n    letsencrypt --\u003e nginx;\n    WU --\u003e passari_user;\n    WU --\u003e passari_packages;\n    WU --\u003e nginx;\n    WU --\u003e uwsgi;\n    uwsgi --\u003e nginx;\n    passari_packages --\u003e python_install;\n\n    DH[database_hosts];\n    DH --\u003e postgresql;\n    DH --\u003e redis;\n\n    backup_hosts --\u003e passari_backup;\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandersinno%2Fpassari-ansible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandersinno%2Fpassari-ansible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandersinno%2Fpassari-ansible/lists"}