Move the setup of clickhouse into ansible

tf/environments/production/ansible/playbook.yml

@@ -6,6 +6,65 @@
   vars:
     clickhouse_reader_password: "{{ lookup('env', 'CLICKHOUSE_READER_PASSWORD') }}"
   tasks:
+    - name: install clickhouse requirements
+      tags: clickhouse
+      apt:
+        cache_valid_time: 86400
+        state: present
+        name:
+          - apt-transport-https
+          - ca-certificates
+          - dirmngr
+
+    - name: Create a temporary directory for GPG
+      ansible.builtin.tempfile:
+        state: directory
+      register: gnupg_temp_dir
+
+    - name: Import ClickHouse GPG key
+      ansible.builtin.command:
+        cmd: "gpg --no-default-keyring --keyring /usr/share/keyrings/clickhouse-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8919F6BD2B48D754"
+        chdir: "{{ gnupg_temp_dir.path }}"
+        creates: "/usr/share/keyrings/clickhouse-keyring.gpg"
+      environment:
+        GNUPGHOME: "{{ gnupg_temp_dir.path }}"
+
+    - name: Remove temporary directory
+      ansible.builtin.file:
+        path: "{{ gnupg_temp_dir.path }}"
+        state: absent
+
+    - name: Ensure the keyring is readable
+      ansible.builtin.file:
+        path: /usr/share/keyrings/clickhouse-keyring.gpg
+        mode: a+r
+
+    - name: Add ClickHouse repository
+      ansible.builtin.apt_repository:
+        repo: "deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb stable main"
+        state: present
+        filename: clickhouse
+
+    - name: Update the package cache
+      ansible.builtin.apt:
+        update_cache: yes
+
+    - name: Install ClickHouse server and client
+      ansible.builtin.apt:
+        name:
+          - clickhouse-server={{ clickhouse_pkg_ver }}
+          - clickhouse-client={{ clickhouse_pkg_ver }}
+          - clickhouse-common-static={{ clickhouse_pkg_ver }}
+        state: present
+      vars:
+        clickhouse_pkg_ver: 24.1.*
+
+    - name: Ensure ClickHouse service is started and enabled
+      ansible.builtin.systemd:
+        name: clickhouse-server
+        state: started
+        enabled: yes
+
     - name: Configure ClickHouse users from template
       template:
         src: templates/ooni_users.xml

tf/environments/production/main.tf

@@ -139,7 +139,12 @@ resource "aws_instance" "clickhouse_server_prod_tier1" {
     device_name     = local.clickhouse_device_name
   })
 
-  tags = local.tags
+  tags = merge(
+    local.tags,
+    {
+      Name = "clickhouse-${local.tags["Name"]}"
+    }
+  )
 }
 
 resource "aws_ebs_volume" "clickhouse_data_volume" {

tf/environments/production/templates/clickhouse-setup.sh

@@ -1,28 +1,11 @@
 #!/bin/bash
-export DEBIAN_FRONTEND=noninteractive
 sudo hostnamectl set-hostname --static ${hostname}
 
 # Install datadog agent
 DD_API_KEY=${datadog_api_key} DD_SITE="datadoghq.eu" bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/scripts/install_script_agent7.sh)"
 
-# Install clickhouse following the instructions at: https://clickhouse.com/docs/en/install
-sudo apt-get install -y apt-transport-https ca-certificates dirmngr
-GNUPGHOME=$(mktemp -d)
-sudo GNUPGHOME="$GNUPGHOME" gpg --no-default-keyring --keyring /usr/share/keyrings/clickhouse-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8919F6BD2B48D754
-sudo rm -rf "$GNUPGHOME"
-sudo chmod +r /usr/share/keyrings/clickhouse-keyring.gpg
-echo "deb [signed-by=/usr/share/keyrings/clickhouse-keyring.gpg] https://packages.clickhouse.com/deb stable main" | sudo tee \
-/etc/apt/sources.list.d/clickhouse.list
-sudo apt-get update
-sudo apt install -y clickhouse-server clickhouse-client
-sudo systemctl start clickhouse-server
-sudo systemctl enable clickhouse-server
-
-# Configure the ebs data volume
-sudo service clickhouse-server stop
 sudo mkfs.ext4 -q -F ${device_name}
 sudo mkdir -p /var/lib/clickhouse
 sudo mount ${device_name} /var/lib/clickhouse
 echo "${device_name} /var/lib/clickhouse ext4 defaults,nofail 0 2" | sudo tee -a /etc/fstab
-sudo chown -R clickhouse:clickhouse /var/lib/clickhouse
-sudo service clickhouse-server start
+sudo chown -R clickhouse:clickhouse /var/lib/clickhouse