ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
203 lines
7.0 KiB
YAML
203 lines
7.0 KiB
YAML
---
|
|
# Conda/Anaconda installation
|
|
- name: Conda installation block
|
|
when: install_conda | default(false) | bool
|
|
tags: ['conda']
|
|
block:
|
|
- name: Check if conda is installed
|
|
ansible.builtin.stat:
|
|
path: "{{ conda_install_path }}/bin/conda"
|
|
register: conda_installed
|
|
|
|
- name: Download Anaconda installer
|
|
ansible.builtin.get_url:
|
|
url: https://repo.anaconda.com/archive/Anaconda3-2024.10-1-Linux-x86_64.sh
|
|
dest: /tmp/anaconda_installer.sh
|
|
mode: '0755'
|
|
when: not conda_installed.stat.exists
|
|
|
|
- name: Install Anaconda
|
|
ansible.builtin.shell: |
|
|
bash /tmp/anaconda_installer.sh -b -p {{ conda_install_path }}
|
|
args:
|
|
creates: "{{ conda_install_path }}/bin/conda"
|
|
when: not conda_installed.stat.exists
|
|
|
|
- name: Initialize conda for bash
|
|
ansible.builtin.shell: |
|
|
{{ conda_install_path }}/bin/conda init bash
|
|
args:
|
|
creates: "{{ ansible_env.HOME }}/.bashrc"
|
|
when: not conda_installed.stat.exists
|
|
failed_when: false
|
|
|
|
# Note: conda init zsh is skipped because conda initialization
|
|
# is already included in the custom .zshrc deployed by the shell role
|
|
# This prevents conda from overwriting our custom .zshrc configuration
|
|
|
|
- name: Clean up Anaconda installer
|
|
ansible.builtin.file:
|
|
path: /tmp/anaconda_installer.sh
|
|
state: absent
|
|
|
|
- name: Verify conda installation
|
|
ansible.builtin.command: "{{ conda_install_path }}/bin/conda --version"
|
|
register: conda_version
|
|
changed_when: false
|
|
|
|
- name: Display conda version
|
|
ansible.builtin.debug:
|
|
msg: "Conda version installed: {{ conda_version.stdout if conda_version.stdout is defined else 'Not checked in dry-run mode' }}"
|
|
|
|
# Jupyter Notebook installation
|
|
- name: Jupyter Notebook installation block
|
|
tags: ['jupyter']
|
|
when:
|
|
- install_conda | default(false) | bool
|
|
- install_jupyter | default(false) | bool
|
|
block:
|
|
- name: Check if Jupyter is installed
|
|
ansible.builtin.command: "{{ conda_install_path }}/bin/conda list jupyter"
|
|
register: jupyter_installed
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Install Jupyter Notebook and common packages via conda
|
|
ansible.builtin.shell: |
|
|
{{ conda_install_path }}/bin/conda install -y jupyter notebook ipython pandas numpy matplotlib scikit-learn
|
|
when: jupyter_installed.rc != 0 or 'jupyter' not in jupyter_installed.stdout
|
|
changed_when: true
|
|
|
|
- name: Create Jupyter config directory
|
|
ansible.builtin.file:
|
|
path: "{{ ansible_env.HOME }}/.jupyter"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Configure Jupyter Notebook
|
|
ansible.builtin.copy:
|
|
content: |
|
|
# Jupyter Notebook Configuration
|
|
c.NotebookApp.ip = '{{ "0.0.0.0" if jupyter_bind_all_interfaces | default(true) | bool else "localhost" }}'
|
|
c.NotebookApp.port = {{ jupyter_port | default(8888) }}
|
|
c.NotebookApp.open_browser = False
|
|
c.NotebookApp.allow_root = True
|
|
# Note: For security, set a password with: jupyter notebook password
|
|
dest: "{{ ansible_env.HOME }}/.jupyter/jupyter_notebook_config.py"
|
|
mode: '0644'
|
|
|
|
- name: Create systemd service for Jupyter Notebook
|
|
ansible.builtin.copy:
|
|
content: |
|
|
[Unit]
|
|
Description=Jupyter Notebook Server
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User={{ ansible_user_id }}
|
|
WorkingDirectory={{ ansible_env.HOME }}
|
|
ExecStart={{ conda_install_path }}/bin/jupyter notebook
|
|
Restart=on-failure
|
|
RestartSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
dest: /etc/systemd/system/jupyter-notebook.service
|
|
mode: '0644'
|
|
become: true
|
|
|
|
- name: Enable and start Jupyter Notebook service
|
|
ansible.builtin.systemd:
|
|
name: jupyter-notebook
|
|
enabled: true
|
|
state: started
|
|
daemon_reload: true
|
|
become: true
|
|
|
|
- name: Verify Jupyter installation
|
|
ansible.builtin.command: "{{ conda_install_path }}/bin/jupyter --version"
|
|
register: jupyter_version
|
|
changed_when: false
|
|
|
|
- name: Display Jupyter installation info
|
|
ansible.builtin.debug:
|
|
msg:
|
|
- "Jupyter version: {{ jupyter_version.stdout if jupyter_version.stdout is defined else 'Not checked in dry-run mode' }}"
|
|
- "Access Jupyter at: http://{{ ansible_host }}:{{ jupyter_port | default(8888) }}"
|
|
- "Set a password with: jupyter notebook password"
|
|
|
|
# R language installation
|
|
- name: R language installation block
|
|
when: install_r | default(false) | bool
|
|
tags: ['r', 'rstats']
|
|
block:
|
|
- name: Install R dependencies
|
|
ansible.builtin.apt:
|
|
name:
|
|
- dirmngr
|
|
- gnupg
|
|
- apt-transport-https
|
|
- ca-certificates
|
|
- software-properties-common
|
|
state: present
|
|
update_cache: false
|
|
become: true
|
|
|
|
- name: Fetch CRAN GPG key from keyserver
|
|
ansible.builtin.shell: |
|
|
gpg --keyserver keyserver.ubuntu.com --recv-key '95C0FAF38DB3CCAD0C080A7BDC78B2DDEABC47B7'
|
|
gpg --armor --export '95C0FAF38DB3CCAD0C080A7BDC78B2DDEABC47B7' | tee /etc/apt/trusted.gpg.d/cran_debian_key.asc
|
|
args:
|
|
creates: /etc/apt/trusted.gpg.d/cran_debian_key.asc
|
|
become: true
|
|
|
|
- name: Add CRAN repository
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb https://cloud.r-project.org/bin/linux/debian {{ ansible_distribution_release }}-cran40/"
|
|
state: present
|
|
filename: cran
|
|
update_cache: false
|
|
become: true
|
|
|
|
- name: Update apt cache after adding CRAN
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
become: true
|
|
retries: 2
|
|
delay: 2
|
|
|
|
- name: Install R packages
|
|
ansible.builtin.apt:
|
|
name: "{{ r_packages }}"
|
|
state: present
|
|
become: true
|
|
|
|
- name: Install common R packages via R (non-interactive)
|
|
ansible.builtin.shell: >
|
|
R --quiet --no-save -e "install.packages(c('IRkernel'), repos='https://cloud.r-project.org', Ncpus=4)"
|
|
environment:
|
|
R_LIBS_USER: "/usr/local/lib/R/site-library"
|
|
register: r_packages_install
|
|
changed_when: "'DONE' in r_packages_install.stdout or r_packages_install.rc == 0"
|
|
failed_when: false
|
|
async: 3600
|
|
poll: 30
|
|
|
|
- name: Install IRkernel for Jupyter
|
|
ansible.builtin.command: >
|
|
R -e "IRkernel::installspec(user = TRUE)"
|
|
when: install_jupyter | default(false) | bool
|
|
register: irkernel_install
|
|
changed_when: "'✔' in irkernel_install.stdout or 'successfully' in irkernel_install.stdout.lower()"
|
|
failed_when: false
|
|
|
|
- name: Verify R installation
|
|
ansible.builtin.command: R --version
|
|
register: r_version
|
|
changed_when: false
|
|
|
|
- name: Display R version
|
|
ansible.builtin.debug:
|
|
msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}"
|