Devops toy sba #176
Devops toy sba #176
Conversation
| @@ -0,0 +1,23 @@ | |||
| server { | |||
There was a problem hiding this comment.
I don't like hard-coding this. This likely should be another machine config in config/[machine] here or in learning-observer-flock.
| passwd.lo,root:root,644,/home/ubuntu/writing_observer/learning_observer/passwd.lo,"(Generally blank) passwords file" | ||
| lo.sh,ubuntu:ubuntu,744,/home/ubuntu/writing_observer/learning_observer/lo.sh,"Script to start Learning Observer with a nice process name" | ||
| systemd,root:root,644,/etc/systemd/system/learning_observer.service,"Systemd init script" | ||
| toy-sba.sh,ubuntu:ubuntu,744,/home/ubuntu/toy-sba/toy-sba.sh,"Script to start toy-sba" |
There was a problem hiding this comment.
This will break the system if we're not installing toy_sba, which is usually the case. See how this was handled for dynamic assessment
devops/tasks/orchlib/config.py
Outdated
| "git_username": "Your git username", | ||
| "git_pac": "Your git personal access token", | ||
| "openai_url": "currently https://canadaeast.api.cognitive.microsoft.com", | ||
| "openai_deployment_id": "currently PBrostGPT4", |
There was a problem hiding this comment.
You probably don't want this kind of information in a public git repo.
|
|
||
| def install_git_repos(ip): | ||
|
|
||
| git_username = orchlib.config.creds.get('git_username') |
There was a problem hiding this comment.
Should work if this is not set.
|
|
||
| git_username = orchlib.config.creds.get('git_username') | ||
| git_pac = orchlib.config.creds.get('git_pac') | ||
| openai_url = orchlib.config.creds.get('openai_url') |
There was a problem hiding this comment.
We don't require OpenAI to work. Most LO installs won't need it.
| git_pac = orchlib.config.creds.get('git_pac') | ||
| openai_url = orchlib.config.creds.get('openai_url') | ||
| openai_deployment_id = orchlib.config.creds.get('openai_deployment_id') | ||
| openai_api_key = orchlib.config.creds.get('openai_api_key') |
There was a problem hiding this comment.
All of this should be generic. We shouldn't hardcode to OpenAI or github.
| content = file.read() | ||
|
|
||
| # Replace placeholders with actual credentials | ||
| content = content.replace('{git_username}', git_username) |
There was a problem hiding this comment.
Once things are made generic, this is a content.format (or we should check if we're using a templating language like mustache; look at the other code). This kind of code is very bad and brittle.
| git clone https://github.com/ETS-Next-Gen/writing_observer.git | ||
| cd writing_observer/devops/ansible ; sudo ansible-playbook local.yaml | ||
|
|
||
| sudo apt update |
There was a problem hiding this comment.
We should not be installing anything with apt except for ansible and what's needed to run it. The machine config is managed with ansible.
| sudo apt-get -y install git ansible python3-pip python3-venv pipx | ||
|
|
||
| # Ensure pipx binaries are available in the PATH | ||
| python3 -m pipx ensurepath |
There was a problem hiding this comment.
Ditto for pip packages.
| cd | ||
|
|
||
| # Set system variables | ||
| export OPENAI_URL="{openai_url}" |
There was a problem hiding this comment.
Virtually everything in this file should be config somewhere, as opposed to hardcoding this to be specific to toy_sba. The only package we want a hard-coded install of is learning_observer.
| cd | ||
| echo . /usr/share/virtualenvwrapper/virtualenvwrapper.sh >> ~/.profile | ||
| source ~/.profile; mkvirtualenv learning_observer | ||
| source ~/.profile; |
There was a problem hiding this comment.
We do this two lines later.
| export WORKON_HOME=$HOME/.virtualenvs | ||
| source /usr/share/virtualenvwrapper/virtualenvwrapper.sh | ||
|
|
||
| source ~/.bashrc |
There was a problem hiding this comment.
This was already done when the shell started. I'm also not sure this persists.
| source /usr/share/virtualenvwrapper/virtualenvwrapper.sh | ||
|
|
||
| source ~/.bashrc | ||
| mkvirtualenv --version |
| pyyaml | ||
| fabric | ||
|
|
||
| unzip |
There was a problem hiding this comment.
Where is this used?
| sudo inv initialize [machine] | ||
| inv baseline [ip address] | ||
| inv gitrepos [ip address] | ||
| inv venv [ip address] |
There was a problem hiding this comment.
Why do these take the ip address instead of the machine?
| Copy the following into: ~/.ssh/authorized_keys | ||
|
|
||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCJ/ZWcQBJTXHHlmztnwY39sueZIR8CA5lKwBH9f7ra939sS/Gdgn1+OF/YUgFLC00GBtesuxMJB52xp2RaIxkrD56G1j64f3P1He22F8jdRUZ8+12PdhqtPsMD6eWofmyo5l2nNEwvQkwTQqQDRWQxuYBWmflHUKqyxPROSCCJXcq2gjVgvFcQZd8ZD24EKQAU3/T6lFwxeiOBNhD5EL6JQ/1Wc2kax9FNW+H8mVVPE+xhFQoGS/5phP2EoEA4EQ6Lpxc2AT68IsKPueKTK5vlpKl2qwt4u9UVT2aMeWapo/qXi1mJt8puBODkU28ygCK0LBQGr/SSbS+YRw16JXH5 | ||
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHmSeXMa7i6PxwTM/U/AHhVwSkWxni78hmxGs+MyZ28Ck6ndHRF5ex2JY/WZMHgJ5Z1ndOZ6riXmdex5gjjiKLpAYgyTR2Dl0aKo52+xIAK7OY6zs9WyV7XgOLDBzvoMewWFp3/2P88oVh2JEInzLe8hkl2npvW9/37ZL3+J9KAg9nQkFn6WPYH7hdJLqnmv25fabmZNsQmekXuz5jPuQbZ4n0zyLkbMxgmYPmgOlsHDO0Bomv9+gpffgWShkDwrXbasEg51OPZjbx/cssr383e0/dHGFPl0B+WRD7Pw796ehyFrE4HHC4nZYI2CS1iurfbPG8CtSUQM9xsAX7uZLl |
There was a problem hiding this comment.
Please include what the keys are.
…ditional tasks to do some of env fab script
pmitros
force-pushed
the
devops_toy_sba
branch
from
fd81ab9 to
1575b6b
Compare
2 participants
No description provided.