From 9fb94a20d3f76a94d94391b58fa4797a3549aa8d Mon Sep 17 00:00:00 2001
From: Bas <bas.meijer@me.com>
Date: Tue, 3 Dec 2024 16:46:46 +0100
Subject: [PATCH] Pip venv (#9)

* virtualenv used by service

* userdel -r

* virtualenv creation

* service

* prompts

* ansible-core in venv

* de-couple

* Kubspray has transitive dependencies

* Ansible must be between 2.16.4 and 2.17.0 exclusive

* unused

* dependencies
---
 files/collections.yml                          |  3 ---
 files/requirements.txt                         |  1 +
 provision.yml                                  |  2 --
 roles/semaphore/tasks/absent.yml               |  5 +++++
 roles/semaphore/tasks/present.yml              |  7 +++++++
 roles/semaphore/templates/semaphore.service.j2 | 18 +++++++++++++-----
 6 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/files/collections.yml b/files/collections.yml
index 4cf8255..1bd9bfa 100644
--- a/files/collections.yml
+++ b/files/collections.yml
@@ -5,6 +5,3 @@ collections:
   - name: community.docker
   - name: community.general
   - name: community.postgresql
-  - name: kubernetes.core
-  - name: https://github.com/kubernetes-sigs/kubespray.git
-    type: git
diff --git a/files/requirements.txt b/files/requirements.txt
index 5419fff..a2be1a8 100644
--- a/files/requirements.txt
+++ b/files/requirements.txt
@@ -1,3 +1,4 @@
+ansible-core<2.17.0
 distlib
 docker
 jmespath
diff --git a/provision.yml b/provision.yml
index aa6af90..2d84baf 100755
--- a/provision.yml
+++ b/provision.yml
@@ -23,7 +23,6 @@
         msg: |
           run this shell command before this playbook:
           read -sp "Enter database password: " DB_PASS && export DB_PASS ; echo
-      no_log: true
 
   roles:
     - role: postgres
@@ -82,7 +81,6 @@
         msg: |
           run this shell command before this playbook:
           read -sp "Enter ssh key passphrase: " SSH_PASS && export SSH_PASS ; echo
-      no_log: true
 
   roles:
     - role: semaphore
diff --git a/roles/semaphore/tasks/absent.yml b/roles/semaphore/tasks/absent.yml
index 22df93f..57c6e99 100644
--- a/roles/semaphore/tasks/absent.yml
+++ b/roles/semaphore/tasks/absent.yml
@@ -43,6 +43,11 @@
     state: absent
     force: true
 
+- name: Remove home directory
+  ansible.builtin.file:
+    path: /home/semaphore
+    state: absent
+
 - name: Remove semaphore package
   ansible.builtin.package:
     name: semaphore
diff --git a/roles/semaphore/tasks/present.yml b/roles/semaphore/tasks/present.yml
index d52a15e..9b948c2 100644
--- a/roles/semaphore/tasks/present.yml
+++ b/roles/semaphore/tasks/present.yml
@@ -116,6 +116,13 @@
     - requirements.yml
     - collections.yml
 
+- name: Create python3.12 venv
+  become_user: semaphore
+  ansible.builtin.command: /usr/bin/python3.12 -m venv venv --upgrade-deps
+  args:
+    chdir: /home/semaphore
+    creates: /home/semaphore/venv
+
 - name: Deploy Semaphore Config
   become: true
   ansible.builtin.template:
diff --git a/roles/semaphore/templates/semaphore.service.j2 b/roles/semaphore/templates/semaphore.service.j2
index 5375746..ec22b9c 100644
--- a/roles/semaphore/templates/semaphore.service.j2
+++ b/roles/semaphore/templates/semaphore.service.j2
@@ -11,8 +11,7 @@ User=semaphore
 Group=semaphore
 Environment=LANG="en_US.UTF-8"
 Environment=LC_ALL="en_US.UTF-8"
-Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:~/.local/bin"
-ExecStart=/usr/bin/semaphore server --config /etc/semaphore/config.json
+Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 ExecStop=/bin/kill -s QUIT $MAINPID
 ExecReload=/bin/kill -s HUP $MAINPID
 Restart=always
@@ -21,10 +20,19 @@ WorkingDirectory=/home/semaphore
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier=semaphore
+ 
+# to auto-upgrade python modules at service startup
+ExecStartPre=/bin/bash -c 'source /home/semaphore/venv/bin/activate \
+                           && pip install --upgrade -r /home/semaphore/requirements.txt'
 
-ExecStartPre=/bin/bash -c 'pip3.12 install --upgrade --user -r /home/semaphore/requirements.txt'
-ExecStartPre=/bin/bash -c 'ansible-galaxy collection install -p /home/semaphore/tmp/.ansible/collections -r /home/semaphore/collections.yml'
-ExecStartPre=/bin/bash -c 'ansible-galaxy install -p /home/semaphore/tmp/.ansible/roles/ -r /home/semaphore/requirements.yml'
+# to auto-upgrade ansible collections and roles at service startup
+ExecStartPre=/bin/bash -c 'source /home/semaphore/venv/bin/activate \
+                           && ansible-galaxy collection install -r /home/semaphore/requirements.yml \
+                           && ansible-galaxy role install -r /home/semaphore/requirements.yml'
+
+# REPLACE THE EXISTING 'ExecStart'
+ExecStart=/bin/bash -c 'source /home/semaphore/venv/bin/activate \
+                        && /usr/bin/semaphore server --config /etc/semaphore/config.json'
 
 [Install]
 WantedBy=multi-user.target