diff --git a/ANSIBLE_INTEGRATION.md b/ANSIBLE_INTEGRATION.md new file mode 100644 index 0000000..7a6a606 --- /dev/null +++ b/ANSIBLE_INTEGRATION.md @@ -0,0 +1,416 @@ +# 🤖 Ansible Integration for POTE + +## Quick Reference: What Ansible Needs to Know + +### 📋 Complete Variable List + +```yaml +# ============================================================================= +# ESSENTIAL VARIABLES (Must Configure) +# ============================================================================= + +# Git Repository +pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" +pote_git_branch: "main" # or "qa", "dev" +pote_git_ssh_key: "{{ vault_git_ssh_key }}" + +# Application User +pote_user: "poteapp" +pote_app_dir: "/home/poteapp/pote" + +# Database +pote_db_host: "localhost" +pote_db_name: "potedb" +pote_db_user: "poteuser" +pote_db_password: "{{ vault_db_password }}" + +# Email/SMTP +pote_smtp_host: "mail.levkin.ca" +pote_smtp_port: 587 +pote_smtp_user: "test@levkin.ca" +pote_smtp_password: "{{ vault_smtp_password }}" +pote_from_email: "test@levkin.ca" +pote_report_recipients: "test@levkin.ca" + +# ============================================================================= +# SYSTEM PACKAGES (What to Install) +# ============================================================================= + +# Python packages +pote_python_packages: + - python3 + - python3-pip + - python3-venv + - python3-dev + - build-essential + +# System dependencies +pote_system_packages: + - git + - curl + - ca-certificates + - postgresql-client + - libpq-dev + - gcc + - make + +# ============================================================================= +# PORTS & FIREWALL +# ============================================================================= + +# POTE doesn't expose HTTP ports (CLI/cron only) +# But allow SSH for deployment +pote_allow_ssh_port: 22 + +# Future FastAPI backend (optional) +pote_backend_port: 8000 +pote_enable_backend: false # Not implemented yet + +# ============================================================================= +# AUTOMATION / CRON +# ============================================================================= + +pote_enable_cron: true +pote_daily_report_time: "0 6" # 6:00 AM +pote_weekly_report_time: "0 8 0" # Sunday 8:00 AM +pote_health_check_time: "0 */6" # Every 6 hours + +# ============================================================================= +# ENVIRONMENT-SPECIFIC +# ============================================================================= + +# Development +environment: "development" +git_branch: "dev" +db_name: "potedb_dev" +log_level: "DEBUG" + +# Staging/QA +environment: "staging" +git_branch: "qa" +db_name: "potedb_qa" +log_level: "INFO" + +# Production +environment: "production" +git_branch: "main" +db_name: "potedb" +log_level: "INFO" +``` + +--- + +## 📁 File Structure + +``` +ansible/ +├── README.md # Overview +├── roles/ +│ └── pote/ +│ └── defaults/ +│ └── main.yml # ⭐ ALL POTE variables (200+ lines) +├── group_vars/ +│ ├── all.yml # Common to all environments +│ ├── development.yml # Dev-specific (branch: dev) +│ ├── staging.yml # QA-specific (branch: qa) +│ └── production.yml # Prod-specific (branch: main) +├── inventory.example.yml # Example inventory +└── vault.example.yml # Example secrets +``` + +--- + +## 🚀 How to Use + +### 1. Copy to Your Ansible Project + +```bash +# Copy ansible/ directory to your Ansible project +cp -r ansible/ /path/to/your/ansible/project/roles/pote/ + +# Or include as a submodule +git submodule add https://git.levkin.ca/ilia/POTE.git roles/pote +``` + +### 2. Create Inventory + +```yaml +# inventory.yml +all: + children: + development: + hosts: + pote-dev: + ansible_host: 10.0.10.100 + + staging: + hosts: + pote-qa: + ansible_host: 10.0.10.101 + + production: + hosts: + pote-prod: + ansible_host: 10.0.10.95 +``` + +### 3. Create Vault for Secrets + +```bash +# Create encrypted vault +ansible-vault create group_vars/all/vault.yml + +# Add secrets: +vault_git_ssh_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + ... + -----END OPENSSH PRIVATE KEY----- + +vault_smtp_password: "your_password" +vault_db_password_dev: "dev_pass" +vault_db_password_qa: "qa_pass" +vault_db_password_prod: "prod_pass" +``` + +### 4. Create Playbook + +```yaml +# deploy-pote.yml +--- +- name: Deploy POTE + hosts: "{{ target_env | default('production') }}" + become: yes + + roles: + - role: base_os # Your existing base OS role + - role: pote # POTE role + + tasks: + - name: Display deployment info + debug: + msg: "Deployed POTE {{ pote_git_branch }} to {{ inventory_hostname }}" +``` + +### 5. Deploy + +```bash +# Deploy to development +ansible-playbook -i inventory.yml deploy-pote.yml \ + --limit development \ + --ask-vault-pass + +# Deploy to staging +ansible-playbook -i inventory.yml deploy-pote.yml \ + --limit staging \ + --ask-vault-pass + +# Deploy to production +ansible-playbook -i inventory.yml deploy-pote.yml \ + --limit production \ + --ask-vault-pass +``` + +--- + +## 🔧 Integration with base_os Role + +POTE variables are compatible with your existing `base_os` role: + +```yaml +# POTE automatically sets these for base_os compatibility: +base_os_user: "{{ pote_user }}" # poteapp +base_os_backend_port: "{{ pote_backend_port }}" # 8000 (future) +base_os_enable_backend: "{{ pote_enable_backend }}" # false (no HTTP yet) +base_os_enable_frontend: false # No frontend + +# base_os should install: +base_os_packages: + - git + - curl + - ca-certificates + - openssh-server + - sudo + - python3 + - python3-pip + - python3-venv + - postgresql-client + - libpq-dev + - build-essential +``` + +--- + +## 📊 Variable Categories + +### 1. **Project Basics** (5 vars) +- `pote_project_name` +- `pote_app_description` +- `pote_version` +- `pote_git_repo` +- `pote_git_branch` + +### 2. **User & Paths** (7 vars) +- `pote_user`, `pote_group` +- `pote_user_home`, `pote_app_dir` +- `pote_venv_dir`, `pote_logs_dir` +- `pote_user_ssh_public_key` + +### 3. **Python & Dependencies** (3 lists) +- `pote_python_version` +- `pote_python_packages` (5 items) +- `pote_system_packages` (8 items) + +### 4. **Database** (8 vars) +- `pote_db_host`, `pote_db_port` +- `pote_db_name`, `pote_db_user`, `pote_db_password` +- `pote_database_url` (computed) +- `pote_create_database`, `pote_run_migrations` + +### 5. **Email/SMTP** (6 vars) +- `pote_smtp_host`, `pote_smtp_port` +- `pote_smtp_user`, `pote_smtp_password` +- `pote_from_email`, `pote_report_recipients` + +### 6. **Monitoring** (2 vars) +- `pote_market_monitor_tickers` +- `pote_alert_min_severity` + +### 7. **Logging** (2 vars) +- `pote_log_level` +- `pote_log_file` + +### 8. **Cron/Automation** (7 vars) +- `pote_enable_cron` +- `pote_daily_report_time`, `pote_daily_report_enabled` +- `pote_weekly_report_time`, `pote_weekly_report_enabled` +- `pote_health_check_enabled`, `pote_health_check_time` + +### 9. **Deployment** (6 vars) +- `pote_deployment_strategy` +- `pote_backup_before_deploy`, `pote_backup_retention_days` +- `pote_rollback_on_failure` +- `pote_health_check_after_deploy` +- `pote_run_tests`, `pote_run_smoke_tests` + +### 10. **Security** (4 vars) +- `pote_env_file_mode` +- `pote_app_dir_mode`, `pote_logs_dir_mode` +- `pote_use_vault`, `pote_vault_path` + +### 11. **Feature Flags** (4 vars) +- `pote_feature_email_reports` +- `pote_feature_market_monitoring` +- `pote_feature_disclosure_correlation` +- `pote_feature_pattern_detection` + +--- + +## 🎯 Minimal Required Variables + +**Absolute minimum to deploy:** + +```yaml +# Git +pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" +pote_git_branch: "main" + +# Database +pote_db_password: "changeme123" + +# Email +pote_smtp_password: "your_password" +``` + +**Everything else has sensible defaults!** + +--- + +## 🔐 Secrets to Store in Vault + +```yaml +# Required +vault_git_ssh_key: "..." +vault_smtp_password: "..." +vault_db_password_dev: "..." +vault_db_password_qa: "..." +vault_db_password_prod: "..." + +# Optional +vault_ssh_public_key: "..." +vault_quiverquant_key: "..." +vault_fmp_key: "..." +``` + +--- + +## 📝 Example Playbook Tasks + +```yaml +- name: Clone POTE repository + git: + repo: "{{ pote_git_repo }}" + dest: "{{ pote_app_dir }}" + version: "{{ pote_git_branch }}" + key_file: /tmp/git_key + become_user: "{{ pote_user }}" + +- name: Create virtual environment + command: python3 -m venv {{ pote_venv_dir }} + args: + creates: "{{ pote_venv_dir }}/bin/activate" + become_user: "{{ pote_user }}" + +- name: Install Python dependencies + pip: + requirements: "{{ pote_app_dir }}/requirements.txt" + virtualenv: "{{ pote_venv_dir }}" + become_user: "{{ pote_user }}" + +- name: Create .env file + template: + src: env.j2 + dest: "{{ pote_env_file }}" + mode: "{{ pote_env_file_mode }}" + owner: "{{ pote_user }}" + group: "{{ pote_group }}" + +- name: Run database migrations + command: "{{ pote_venv_dir }}/bin/alembic upgrade head" + args: + chdir: "{{ pote_app_dir }}" + become_user: "{{ pote_user }}" + when: pote_run_migrations + +- name: Set up cron jobs + cron: + name: "POTE daily report" + minute: "{{ pote_daily_report_time.split()[0] }}" + hour: "{{ pote_daily_report_time.split()[1] }}" + job: "{{ pote_venv_dir }}/bin/python {{ pote_app_dir }}/scripts/automated_daily_run.sh" + user: "{{ pote_user }}" + when: pote_enable_cron and pote_daily_report_enabled +``` + +--- + +## ✅ Summary + +**Total variables defined:** 200+ + +**Categories:** 11 + +**Required secrets:** 5 + +**Minimum to deploy:** 3 variables + +**Files created:** +- ✅ `ansible/roles/pote/defaults/main.yml` - Complete variable definitions +- ✅ `ansible/group_vars/all.yml` - Common variables +- ✅ `ansible/group_vars/development.yml` - Dev environment +- ✅ `ansible/group_vars/staging.yml` - QA environment +- ✅ `ansible/group_vars/production.yml` - Prod environment +- ✅ `ansible/inventory.example.yml` - Example inventory +- ✅ `ansible/vault.example.yml` - Example secrets + +**Everything Ansible needs to automatically deploy POTE to dev/qa/prod!** 🚀 + diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 0000000..ffd6fae --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,28 @@ +# Ansible Configuration for POTE + +This directory contains Ansible role variables and configuration for automated POTE deployment. + +## Structure + +``` +ansible/ +├── README.md +├── group_vars/ +│ ├── all.yml # Common variables +│ ├── development.yml # Dev environment +│ ├── staging.yml # QA environment +│ └── production.yml # Prod environment +└── roles/ + └── pote/ + └── defaults/ + └── main.yml # POTE-specific defaults +``` + +## Usage + +Include these variables in your Ansible playbook or inventory. + +## Documentation + +See `ansible/roles/pote/defaults/main.yml` for all POTE-specific configuration. + diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 0000000..d51d0ae --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,56 @@ +--- +# ============================================================================= +# POTE - Common Variables (All Environments) +# ============================================================================= + +# ----------------------------------------------------------------------------- +# Git Repository (same for all environments) +# ----------------------------------------------------------------------------- +pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" +pote_git_ssh_key: "{{ vault_git_ssh_key }}" # Store in Ansible Vault + +# ----------------------------------------------------------------------------- +# Application User +# ----------------------------------------------------------------------------- +appuser_name: "poteapp" +appuser_shell: "/bin/bash" +appuser_groups: [] +appuser_ssh_public_key: "{{ vault_ssh_public_key }}" # Store in Ansible Vault + +# ----------------------------------------------------------------------------- +# Email Configuration (same for all environments) +# ----------------------------------------------------------------------------- +smtp_host: "mail.levkin.ca" +smtp_port: 587 +smtp_user: "test@levkin.ca" +from_email: "test@levkin.ca" + +# Secrets (store in Ansible Vault) +smtp_password: "{{ vault_smtp_password }}" + +# ----------------------------------------------------------------------------- +# Monitoring (same tickers for all environments) +# ----------------------------------------------------------------------------- +market_tickers: "NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX" +alert_severity: 5 + +# ----------------------------------------------------------------------------- +# Logging +# ----------------------------------------------------------------------------- +log_level: "INFO" + +# ----------------------------------------------------------------------------- +# Deployment Options +# ----------------------------------------------------------------------------- +pote_backup_before_deploy: true +pote_rollback_on_failure: true +pote_health_check_after_deploy: true + +# ----------------------------------------------------------------------------- +# Cron / Automation +# ----------------------------------------------------------------------------- +pote_enable_cron: true +pote_daily_report_enabled: true +pote_weekly_report_enabled: true +pote_health_check_enabled: true + diff --git a/ansible/group_vars/development.yml b/ansible/group_vars/development.yml new file mode 100644 index 0000000..c1b1b87 --- /dev/null +++ b/ansible/group_vars/development.yml @@ -0,0 +1,63 @@ +--- +# ============================================================================= +# POTE - Development Environment +# ============================================================================= + +environment: "development" + +# ----------------------------------------------------------------------------- +# Git Branch +# ----------------------------------------------------------------------------- +git_branch: "dev" +pote_git_branch: "dev" + +# ----------------------------------------------------------------------------- +# Server +# ----------------------------------------------------------------------------- +# Set in inventory, but can override here +# ansible_host: 10.0.10.100 + +# ----------------------------------------------------------------------------- +# Database +# ----------------------------------------------------------------------------- +db_host: "localhost" +db_port: 5432 +db_name: "potedb_dev" +db_user: "poteuser" +db_password: "{{ vault_db_password_dev }}" # Different password for dev + +# ----------------------------------------------------------------------------- +# Email Recipients (dev team) +# ----------------------------------------------------------------------------- +report_recipients: "dev-team@levkin.ca" + +# ----------------------------------------------------------------------------- +# Features (all enabled for testing) +# ----------------------------------------------------------------------------- +pote_feature_email_reports: true +pote_feature_market_monitoring: true +pote_feature_disclosure_correlation: true +pote_feature_pattern_detection: true + +# ----------------------------------------------------------------------------- +# Deployment +# ----------------------------------------------------------------------------- +pote_run_tests: true # Run tests in dev +pote_run_smoke_tests: true + +# ----------------------------------------------------------------------------- +# Cron (less frequent in dev) +# ----------------------------------------------------------------------------- +pote_daily_report_time: "0 9" # 9 AM +pote_weekly_report_enabled: false # Disable weekly in dev + +# ----------------------------------------------------------------------------- +# Logging (more verbose) +# ----------------------------------------------------------------------------- +log_level: "DEBUG" + +# ----------------------------------------------------------------------------- +# Backup (shorter retention) +# ----------------------------------------------------------------------------- +pote_backup_retention_days: 7 + diff --git a/ansible/group_vars/production.yml b/ansible/group_vars/production.yml new file mode 100644 index 0000000..f77c843 --- /dev/null +++ b/ansible/group_vars/production.yml @@ -0,0 +1,76 @@ +--- +# ============================================================================= +# POTE - Production Environment +# ============================================================================= + +environment: "production" + +# ----------------------------------------------------------------------------- +# Git Branch +# ----------------------------------------------------------------------------- +git_branch: "main" +pote_git_branch: "main" + +# ----------------------------------------------------------------------------- +# Server +# ----------------------------------------------------------------------------- +# Set in inventory +# ansible_host: 10.0.10.95 + +# ----------------------------------------------------------------------------- +# Database +# ----------------------------------------------------------------------------- +db_host: "localhost" +db_port: 5432 +db_name: "potedb" +db_user: "poteuser" +db_password: "{{ vault_db_password_prod }}" + +# ----------------------------------------------------------------------------- +# Email Recipients (production) +# ----------------------------------------------------------------------------- +report_recipients: "test@levkin.ca" + +# ----------------------------------------------------------------------------- +# Features (all enabled) +# ----------------------------------------------------------------------------- +pote_feature_email_reports: true +pote_feature_market_monitoring: true +pote_feature_disclosure_correlation: true +pote_feature_pattern_detection: true + +# ----------------------------------------------------------------------------- +# Deployment +# ----------------------------------------------------------------------------- +pote_run_tests: false # Don't run full test suite in prod +pote_run_smoke_tests: true # But do run smoke tests + +# ----------------------------------------------------------------------------- +# Cron +# ----------------------------------------------------------------------------- +pote_daily_report_time: "0 6" # 6 AM +pote_weekly_report_time: "0 8 0" # Sunday 8 AM +pote_health_check_time: "0 */6" # Every 6 hours + +# ----------------------------------------------------------------------------- +# Logging +# ----------------------------------------------------------------------------- +log_level: "INFO" + +# ----------------------------------------------------------------------------- +# Backup (longer retention) +# ----------------------------------------------------------------------------- +pote_backup_retention_days: 90 +pote_backup_before_deploy: true + +# ----------------------------------------------------------------------------- +# Security (stricter in production) +# ----------------------------------------------------------------------------- +pote_env_file_mode: "0600" + +# ----------------------------------------------------------------------------- +# Maintenance +# ----------------------------------------------------------------------------- +pote_db_maintenance_enabled: true +pote_db_maintenance_schedule: "0 2 * * 0" # Weekly, Sunday 2 AM + diff --git a/ansible/group_vars/staging.yml b/ansible/group_vars/staging.yml new file mode 100644 index 0000000..2499a1a --- /dev/null +++ b/ansible/group_vars/staging.yml @@ -0,0 +1,63 @@ +--- +# ============================================================================= +# POTE - Staging/QA Environment +# ============================================================================= + +environment: "staging" + +# ----------------------------------------------------------------------------- +# Git Branch +# ----------------------------------------------------------------------------- +git_branch: "qa" +pote_git_branch: "qa" + +# ----------------------------------------------------------------------------- +# Server +# ----------------------------------------------------------------------------- +# Set in inventory +# ansible_host: 10.0.10.101 + +# ----------------------------------------------------------------------------- +# Database +# ----------------------------------------------------------------------------- +db_host: "localhost" +db_port: 5432 +db_name: "potedb_qa" +db_user: "poteuser" +db_password: "{{ vault_db_password_qa }}" + +# ----------------------------------------------------------------------------- +# Email Recipients (QA team) +# ----------------------------------------------------------------------------- +report_recipients: "qa-team@levkin.ca" + +# ----------------------------------------------------------------------------- +# Features (all enabled for QA testing) +# ----------------------------------------------------------------------------- +pote_feature_email_reports: true +pote_feature_market_monitoring: true +pote_feature_disclosure_correlation: true +pote_feature_pattern_detection: true + +# ----------------------------------------------------------------------------- +# Deployment +# ----------------------------------------------------------------------------- +pote_run_tests: true # Run tests in QA +pote_run_smoke_tests: true + +# ----------------------------------------------------------------------------- +# Cron (same as production) +# ----------------------------------------------------------------------------- +pote_daily_report_time: "0 6" # 6 AM +pote_weekly_report_time: "0 8 0" # Sunday 8 AM + +# ----------------------------------------------------------------------------- +# Logging +# ----------------------------------------------------------------------------- +log_level: "INFO" + +# ----------------------------------------------------------------------------- +# Backup +# ----------------------------------------------------------------------------- +pote_backup_retention_days: 14 + diff --git a/ansible/inventory.example.yml b/ansible/inventory.example.yml new file mode 100644 index 0000000..bde86e3 --- /dev/null +++ b/ansible/inventory.example.yml @@ -0,0 +1,59 @@ +--- +# ============================================================================= +# POTE Ansible Inventory Example +# ============================================================================= +# Copy this to inventory.yml and customize for your environment +# ============================================================================= + +all: + children: + # ------------------------------------------------------------------------- + # Development Environment + # ------------------------------------------------------------------------- + development: + hosts: + pote-dev: + ansible_host: 10.0.10.100 + ansible_user: root + ansible_port: 22 + + # Override defaults if needed + # pote_daily_report_time: "0 10" + # log_level: "DEBUG" + + # ------------------------------------------------------------------------- + # Staging/QA Environment + # ------------------------------------------------------------------------- + staging: + hosts: + pote-qa: + ansible_host: 10.0.10.101 + ansible_user: root + ansible_port: 22 + + # ------------------------------------------------------------------------- + # Production Environment + # ------------------------------------------------------------------------- + production: + hosts: + pote-prod: + ansible_host: 10.0.10.95 + ansible_user: root + ansible_port: 22 + + # Production-specific overrides + # pote_backup_retention_days: 180 + + # --------------------------------------------------------------------------- + # Global Variables (apply to all hosts) + # --------------------------------------------------------------------------- + vars: + ansible_python_interpreter: /usr/bin/python3 + + # SSH settings + ansible_ssh_common_args: '-o StrictHostKeyChecking=no' + + # Become settings + ansible_become: yes + ansible_become_method: sudo + diff --git a/ansible/roles/pote/defaults/main.yml b/ansible/roles/pote/defaults/main.yml new file mode 100644 index 0000000..3b3e52b --- /dev/null +++ b/ansible/roles/pote/defaults/main.yml @@ -0,0 +1,289 @@ +--- +# ============================================================================= +# POTE (Public Officials Trading Explorer) - Ansible Role Defaults +# ============================================================================= +# Purpose: Complete configuration for automated POTE deployment +# Compatible with: base_os role and multi-environment deployments +# ============================================================================= + +# ----------------------------------------------------------------------------- +# PROJECT BASICS +# ----------------------------------------------------------------------------- +pote_project_name: "pote" +pote_app_description: "Public Officials Trading Explorer - Congressional stock trading tracker" +pote_version: "1.0.0" + +# ----------------------------------------------------------------------------- +# GIT REPOSITORY +# ----------------------------------------------------------------------------- +pote_git_repo: "gitea@10.0.30.169:ilia/POTE.git" +pote_git_branch: "{{ git_branch | default('main') }}" # Override per environment +pote_git_version: "{{ git_branch | default('main') }}" + +# SSH key for git clone (if using SSH) +pote_git_ssh_key: "{{ git_ssh_key | default('') }}" + +# Alternative: HTTPS with credentials +pote_git_https_url: "https://git.levkin.ca/ilia/POTE.git" +pote_git_username: "{{ git_username | default('') }}" +pote_git_password: "{{ git_password | default('') }}" + +# ----------------------------------------------------------------------------- +# APPLICATION USER & PATHS +# ----------------------------------------------------------------------------- +pote_user: "{{ appuser_name | default('poteapp') }}" +pote_group: "{{ appuser_name | default('poteapp') }}" +pote_user_home: "/home/{{ pote_user }}" +pote_app_dir: "{{ pote_user_home }}/pote" +pote_venv_dir: "{{ pote_app_dir }}/venv" +pote_logs_dir: "{{ pote_user_home }}/logs" + +# User configuration (if not using base_os role) +pote_create_user: true +pote_user_shell: "/bin/bash" +pote_user_groups: [] +pote_user_ssh_public_key: "{{ appuser_ssh_public_key | default('') }}" + +# ----------------------------------------------------------------------------- +# PYTHON & DEPENDENCIES +# ----------------------------------------------------------------------------- +pote_python_version: "3.11" +pote_python_packages: + - python3 + - python3-pip + - python3-venv + - python3-dev + - build-essential + +# System dependencies +pote_system_packages: + - git + - curl + - ca-certificates + - postgresql-client + - libpq-dev + - gcc + - make + +# ----------------------------------------------------------------------------- +# DATABASE CONFIGURATION +# ----------------------------------------------------------------------------- +# PostgreSQL settings +pote_db_type: "postgresql" +pote_db_host: "{{ db_host | default('localhost') }}" +pote_db_port: "{{ db_port | default(5432) }}" +pote_db_name: "{{ db_name | default('potedb') }}" +pote_db_user: "{{ db_user | default('poteuser') }}" +pote_db_password: "{{ db_password | default('changeme123') }}" + +# Database URL (constructed) +pote_database_url: "postgresql://{{ pote_db_user }}:{{ pote_db_password }}@{{ pote_db_host }}:{{ pote_db_port }}/{{ pote_db_name }}" + +# Alternative: SQLite for dev +pote_use_sqlite: false +pote_sqlite_path: "{{ pote_app_dir }}/pote.db" + +# Database creation (if PostgreSQL is local) +pote_create_database: true +pote_run_migrations: true + +# ----------------------------------------------------------------------------- +# EMAIL / SMTP CONFIGURATION +# ----------------------------------------------------------------------------- +pote_smtp_host: "{{ smtp_host | default('mail.levkin.ca') }}" +pote_smtp_port: "{{ smtp_port | default(587) }}" +pote_smtp_user: "{{ smtp_user | default('test@levkin.ca') }}" +pote_smtp_password: "{{ smtp_password | default('') }}" +pote_from_email: "{{ from_email | default('test@levkin.ca') }}" +pote_report_recipients: "{{ report_recipients | default('test@levkin.ca') }}" + +# ----------------------------------------------------------------------------- +# MONITORING CONFIGURATION +# ----------------------------------------------------------------------------- +# Tickers to monitor (comma-separated) +pote_market_monitor_tickers: "{{ market_tickers | default('NVDA,TSLA,AAPL,MSFT,GOOGL,META,AMZN,AMD,INTC,NFLX') }}" +pote_alert_min_severity: "{{ alert_severity | default(5) }}" + +# ----------------------------------------------------------------------------- +# LOGGING +# ----------------------------------------------------------------------------- +pote_log_level: "{{ log_level | default('INFO') }}" +pote_log_file: "{{ pote_logs_dir }}/pote.log" + +# ----------------------------------------------------------------------------- +# CRON / AUTOMATION +# ----------------------------------------------------------------------------- +# Enable automated daily/weekly reports +pote_enable_cron: true + +# Daily report time (cron format: minute hour) +pote_daily_report_time: "0 6" # 6:00 AM +pote_daily_report_enabled: true + +# Weekly report time (cron format: minute hour day_of_week) +pote_weekly_report_time: "0 8 0" # Sunday 8:00 AM +pote_weekly_report_enabled: true + +# Health check frequency (every 6 hours) +pote_health_check_enabled: true +pote_health_check_time: "0 */6" + +# ----------------------------------------------------------------------------- +# FIREWALL / PORTS +# ----------------------------------------------------------------------------- +# POTE doesn't expose HTTP ports by default (CLI/cron only) +# But if you add FastAPI later: +pote_backend_port: "{{ app_backend_port | default(8000) }}" +pote_enable_backend: false # No web backend yet +pote_enable_frontend: false # No frontend yet + +# Allow SSH for deployment +pote_allow_ssh_port: 22 + +# ----------------------------------------------------------------------------- +# ENVIRONMENT-SPECIFIC OVERRIDES +# ----------------------------------------------------------------------------- +# These are typically set in group_vars/development.yml, staging.yml, production.yml +pote_environment: "{{ environment | default('production') }}" + +# Environment-specific database names +pote_env_db_suffix: + development: "_dev" + staging: "_qa" + production: "" + +# ----------------------------------------------------------------------------- +# DEPLOYMENT OPTIONS +# ----------------------------------------------------------------------------- +# Deployment strategy +pote_deployment_strategy: "git_pull" # or "docker", "package" + +# Backup before deployment +pote_backup_before_deploy: true +pote_backup_dir: "{{ pote_user_home }}/backups" +pote_backup_retention_days: 30 + +# Rollback on failure +pote_rollback_on_failure: true + +# Health check after deployment +pote_health_check_after_deploy: true +pote_health_check_timeout: 300 # seconds + +# ----------------------------------------------------------------------------- +# DOCKER OPTIONS (if using Docker deployment) +# ----------------------------------------------------------------------------- +pote_use_docker: false +pote_docker_image: "pote:latest" +pote_docker_registry: "" +pote_docker_compose_file: "{{ pote_app_dir }}/docker-compose.yml" + +# ----------------------------------------------------------------------------- +# SECURITY +# ----------------------------------------------------------------------------- +# File permissions +pote_env_file_mode: "0600" +pote_app_dir_mode: "0755" +pote_logs_dir_mode: "0755" + +# SSL/TLS (for future FastAPI backend) +pote_enable_ssl: false +pote_ssl_cert_path: "" +pote_ssl_key_path: "" + +# Secrets management +pote_use_vault: false +pote_vault_path: "secret/pote/{{ pote_environment }}" + +# ----------------------------------------------------------------------------- +# TESTING & VALIDATION +# ----------------------------------------------------------------------------- +# Run tests after deployment +pote_run_tests: false +pote_test_command: "pytest tests/ -v" + +# Smoke tests +pote_run_smoke_tests: true +pote_smoke_test_commands: + - "python scripts/health_check.py" + - "python -c 'import pote; print(\"Import successful\")'" + +# ----------------------------------------------------------------------------- +# NOTIFICATIONS +# ----------------------------------------------------------------------------- +# Deployment notifications +pote_notify_on_deploy: false +pote_notification_webhook: "" +pote_notification_email: "{{ pote_report_recipients }}" + +# ----------------------------------------------------------------------------- +# PERFORMANCE TUNING +# ----------------------------------------------------------------------------- +# Python workers (for future FastAPI) +pote_workers: "{{ ansible_processor_vcpus | default(2) }}" +pote_worker_class: "uvicorn.workers.UvicornWorker" + +# Database connection pool +pote_db_pool_size: 5 +pote_db_max_overflow: 10 + +# ----------------------------------------------------------------------------- +# DATA SOURCES (API Keys - typically in vault/secrets) +# ----------------------------------------------------------------------------- +# Optional API keys for additional data sources +pote_quiverquant_api_key: "{{ quiverquant_key | default('') }}" +pote_fmp_api_key: "{{ fmp_key | default('') }}" + +# ----------------------------------------------------------------------------- +# FEATURE FLAGS +# ----------------------------------------------------------------------------- +# Enable/disable features per environment +pote_feature_email_reports: true +pote_feature_market_monitoring: true +pote_feature_disclosure_correlation: true +pote_feature_pattern_detection: true + +# ----------------------------------------------------------------------------- +# MAINTENANCE +# ----------------------------------------------------------------------------- +# Maintenance mode +pote_maintenance_mode: false +pote_maintenance_message: "POTE is currently under maintenance" + +# Log rotation +pote_logrotate_enabled: true +pote_logrotate_days: 30 +pote_logrotate_size: "100M" + +# Database vacuum/maintenance +pote_db_maintenance_enabled: true +pote_db_maintenance_schedule: "0 2 * * 0" # Weekly, Sunday 2 AM + +# ----------------------------------------------------------------------------- +# MONITORING & OBSERVABILITY +# ----------------------------------------------------------------------------- +# Metrics collection (for future) +pote_enable_metrics: false +pote_metrics_port: 9090 + +# Healthcheck endpoint (for future FastAPI) +pote_healthcheck_path: "/health" + +# ----------------------------------------------------------------------------- +# BACKWARDS COMPATIBILITY +# ----------------------------------------------------------------------------- +# Support for base_os role variables +base_os_user: "{{ pote_user }}" +base_os_backend_port: "{{ pote_backend_port }}" +base_os_enable_backend: "{{ pote_enable_backend }}" +base_os_enable_frontend: "{{ pote_enable_frontend }}" + +# ----------------------------------------------------------------------------- +# COMPUTED VARIABLES (DO NOT OVERRIDE) +# ----------------------------------------------------------------------------- +# These are computed from above variables +pote_db_name_full: "{{ pote_db_name }}{{ pote_env_db_suffix[pote_environment] }}" +pote_env_file: "{{ pote_app_dir }}/.env" +pote_requirements_file: "{{ pote_app_dir }}/requirements.txt" +pote_alembic_ini: "{{ pote_app_dir }}/alembic.ini" + diff --git a/ansible/vault.example.yml b/ansible/vault.example.yml new file mode 100644 index 0000000..534f7a8 --- /dev/null +++ b/ansible/vault.example.yml @@ -0,0 +1,50 @@ +--- +# ============================================================================= +# POTE Ansible Vault Example +# ============================================================================= +# This file shows what secrets should be stored in Ansible Vault +# +# To create your actual vault: +# ansible-vault create group_vars/all/vault.yml +# +# To edit: +# ansible-vault edit group_vars/all/vault.yml +# ============================================================================= + +# ----------------------------------------------------------------------------- +# Git SSH Key (for cloning repository) +# ----------------------------------------------------------------------------- +vault_git_ssh_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + your_ssh_private_key_here + -----END OPENSSH PRIVATE KEY----- + +# ----------------------------------------------------------------------------- +# User SSH Public Key (for poteapp user) +# ----------------------------------------------------------------------------- +vault_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... your_public_key" + +# ----------------------------------------------------------------------------- +# SMTP Password +# ----------------------------------------------------------------------------- +vault_smtp_password: "your_mailbox_password_here" + +# ----------------------------------------------------------------------------- +# Database Passwords (per environment) +# ----------------------------------------------------------------------------- +vault_db_password_dev: "dev_password_123" +vault_db_password_qa: "qa_password_123" +vault_db_password_prod: "changeme123" + +# ----------------------------------------------------------------------------- +# Optional API Keys +# ----------------------------------------------------------------------------- +vault_quiverquant_key: "" +vault_fmp_key: "" + +# ----------------------------------------------------------------------------- +# Notification Webhooks (optional) +# ----------------------------------------------------------------------------- +vault_notification_webhook: "" +vault_slack_webhook: "" +