-
Notifications
You must be signed in to change notification settings - Fork 139
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #425 from gardar/refactor/role/_common
refactor: consolidate common tasks
- Loading branch information
Showing
244 changed files
with
2,009 additions
and
5,199 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
# Internal use only | ||
This role is for common tasks shared between roles and should not be used directly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
- name: "Restart {{ _common_service_name }}" | ||
# listen: "restart_service" | ||
become: true | ||
ansible.builtin.service: | ||
daemon_reload: true | ||
name: "{{ _common_service_name }}" | ||
state: restarted | ||
|
||
- name: "Reload {{ _common_service_name }}" | ||
# listen: "reload_service" | ||
become: true | ||
ansible.builtin.service: | ||
name: "{{ _common_service_name }}" | ||
state: reloaded |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
--- | ||
argument_specs: | ||
configure: | ||
short_description: "Internal only - common configuration tasks" | ||
description: "Internal only - selinux requirements" | ||
author: | ||
- "Prometheus Community" | ||
options: | ||
_common_service_name: | ||
description: | ||
- "Name of the system service (systemd)" | ||
- "Usually matches the role name" | ||
default: "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
_common_config_dir: | ||
description: "Path to directory to install configuration." | ||
default: "" | ||
_common_system_user: | ||
description: "System user for running the service." | ||
default: "" | ||
_common_system_group: | ||
description: "User group for the system user." | ||
default: "" | ||
_common_tls_server_config: | ||
description: "Configuration for TLS authentication." | ||
default: "" | ||
_common_http_server_config: | ||
description: "Configuration for HTTP/2 support." | ||
default: "" | ||
_common_common_basic_auth_users: | ||
description: "Dictionary of users and password for basic authentication. Passwords are automatically hashed with bcrypt." | ||
default: "" | ||
install: | ||
short_description: "Internal only - common installation tasks" | ||
description: "Internal only - selinux requirements" | ||
author: | ||
- "Prometheus Community" | ||
options: | ||
_common_binaries: | ||
description: "List of binaries to install" | ||
default: [] | ||
type: "list" | ||
elements: "str" | ||
_common_binary_install_dir: | ||
description: "Directory to install binaries" | ||
default: "" | ||
_common_binary_name: | ||
description: "Name of main binary" | ||
default: "{{ __common_binary_basename }}" | ||
_common_binary_unarchive_opts: | ||
description: "Extra options to pass to binary unarchive task" | ||
default: [] | ||
type: "list" | ||
elements: "str" | ||
_common_binary_url: | ||
description: "URL of the binaries to install" | ||
default: "" | ||
_common_checksums_url: | ||
description: "URL of the checksums file for the binaries" | ||
default: "" | ||
_common_config_dir: | ||
description: "Path to the configuration dir" | ||
default: "" | ||
_common_local_cache_path: | ||
description: "Local path to stash the archive and its extraction" | ||
default: "" | ||
_common_system_user: | ||
description: "System user for running the service." | ||
default: "" | ||
_common_system_group: | ||
description: "User group for the system user." | ||
default: "" | ||
preflight: | ||
short_description: "Internal only - common preflight tasks" | ||
description: "Internal only - selinux requirements" | ||
author: | ||
- "Prometheus Community" | ||
options: | ||
_common_dependencies: | ||
description: "Package dependencies to install" | ||
default: "{% if (ansible_pkg_mgr == 'apt') %}\ | ||
{{ ('python-apt' if ansible_python_version is version('3', '<') else 'python3-apt') }} | ||
{% else %}\ | ||
{% endif %}" | ||
selinux: | ||
short_description: "Internal only - common selinux configuration tasks" | ||
description: "Internal only - selinux requirements" | ||
author: | ||
- "Prometheus Community" | ||
options: | ||
_common_selinux_port: | ||
description: "Port to allow in SELinux" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
galaxy_info: | ||
author: "Prometheus Community" | ||
description: "Internal role for common tasks shared between roles" | ||
license: "Apache" | ||
min_ansible_version: "2.9" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
--- | ||
- name: "Validate invocation of _common role" | ||
ansible.builtin.assert: | ||
that: | ||
- "ansible_parent_role_names is defined" | ||
- "ansible_parent_role_names | default() | length > 0" | ||
fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." | ||
tags: | ||
- always | ||
|
||
- name: "Create systemd service unit {{ _common_service_name }}" | ||
ansible.builtin.template: | ||
src: "{{ _common_service_name }}.service.j2" | ||
dest: "/etc/systemd/system/{{ _common_service_name }}.service" | ||
owner: root | ||
group: root | ||
mode: 0644 | ||
become: true | ||
notify: | ||
- "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- configure | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" | ||
|
||
- name: "Create config dir {{ _common_config_dir }}" | ||
ansible.builtin.file: | ||
path: "{{ _common_config_dir }}" | ||
state: directory | ||
owner: "{{ _common_system_user }}" | ||
group: "{{ _common_system_group }}" | ||
mode: u+rwX,g+rwX,o=rX | ||
become: true | ||
notify: | ||
- "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" | ||
when: (_common_config_dir) | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- configure | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" | ||
|
||
- name: "Install web config for {{ _common_service_name }}" | ||
ansible.builtin.template: | ||
src: "web_config.yml.j2" | ||
dest: "{{ _common_config_dir }}/web_config.yml" | ||
owner: "{{ _common_system_user }}" | ||
group: "{{ _common_system_group }}" | ||
mode: 0644 | ||
become: true | ||
notify: | ||
- "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" | ||
when: "[_common_tls_server_config, _common_http_server_config, _common_basic_auth_users] | map('length') | select('>', 0) | list is any" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- configure | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_configure" | ||
|
||
# | ||
# - name: "Configure {{ _common_service_name }}" | ||
# ansible.builtin.template: | ||
# # src: "{{ ansible_parent_role_paths | first }}/templates/{{ _common_service_name }}.yml.j2" | ||
# src: "{{ _config_template | default(ansible_parent_role_paths | first ~ '/templates/' ~ _common_service_name ~ '.yml.j2') }}" | ||
# # dest: "/etc/{{ _common_service_name }}.yml" | ||
# dest: "{{ _config_dest | default('/etc/' ~ _common_service_name ~ '.yml') }}" | ||
# owner: "{{ _system_user }}" | ||
# group: "{{ _system_group }}" | ||
# mode: 0644 | ||
# notify: | ||
# - reload_service | ||
# when: (ansible_parent_role_paths | first '/templates/' _common_service_name '.yml.j2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
--- | ||
- name: "Validate invocation of _common role" | ||
ansible.builtin.assert: | ||
that: | ||
- "ansible_parent_role_names is defined" | ||
- "ansible_parent_role_names | default() | length > 0" | ||
fail_msg: "Error: The '_common' role is a internal role and cannot be invoked directly." | ||
tags: | ||
- always | ||
|
||
- name: "Create system group {{ _common_system_group }}" | ||
ansible.builtin.group: | ||
name: "{{ _common_system_group }}" | ||
system: true | ||
state: present | ||
become: true | ||
when: _common_system_group != "root" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- install | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" | ||
|
||
- name: "Create system user {{ _common_system_user }}" | ||
ansible.builtin.user: | ||
name: "{{ _common_system_user }}" | ||
system: true | ||
shell: "/usr/sbin/nologin" | ||
group: "{{ _common_system_group }}" | ||
home: "{{ _common_config_dir | default('/') }}" | ||
create_home: false | ||
become: true | ||
when: _common_system_user != "root" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- install | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" | ||
|
||
- name: "Create localhost binary cache path" | ||
ansible.builtin.file: | ||
path: "{{ _common_local_cache_path }}" | ||
state: directory | ||
mode: 0755 | ||
delegate_to: localhost | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- install | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" | ||
- download | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_download" | ||
|
||
- name: "Download binary {{ __common_binary_basename }}" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- install | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" | ||
- download | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_download" | ||
block: | ||
- name: "Get checksum list for {{ __common_binary_basename }}" | ||
ansible.builtin.set_fact: | ||
__common_binary_checksums: "{{ dict(lookup('url', _common_checksums_url, headers=__common_github_api_headers, wantlist=True) | ||
| map('regex_replace', '^([a-fA-F0-9]+)\\s+', 'sha256:\\1 ') | ||
| map('regex_findall', '^(sha256:[a-fA-F0-9]+)\\s+(.+)$') | map('flatten') | map('reverse')) }}" | ||
run_once: true | ||
when: (_common_checksums_url) | ||
|
||
- name: "Download {{ __common_binary_basename }}" | ||
ansible.builtin.get_url: | ||
url: "{{ _common_binary_url }}" | ||
dest: "{{ _common_local_cache_path }}/{{ _common_binary_name | default(__common_binary_basename) }}" | ||
headers: "{{ __common_github_api_headers }}" | ||
checksum: "{{ __common_binary_checksums[__common_binary_basename] | default(omit) }}" | ||
mode: 0644 | ||
register: __common_download | ||
until: __common_download is succeeded | ||
retries: 5 | ||
delay: 2 | ||
# run_once: true # <-- this can't be set due to multi-arch support | ||
delegate_to: localhost | ||
check_mode: false | ||
|
||
- name: "Unpack binary archive {{ __common_binary_basename }}" | ||
ansible.builtin.unarchive: | ||
src: "{{ _common_local_cache_path }}/{{ __common_binary_basename }}" | ||
dest: "{{ _common_local_cache_path }}" | ||
mode: 0755 | ||
list_files: true | ||
extra_opts: "{{ _common_binary_unarchive_opts | default(omit, true) }}" | ||
register: __common_unpack | ||
delegate_to: localhost | ||
check_mode: false | ||
when: __common_binary_basename is search('\.zip$|\.tar\.gz$') | ||
|
||
- name: "Propagate binaries" | ||
ansible.builtin.copy: | ||
src: "{{ _common_local_cache_path }}/{{ item }}" | ||
dest: "{{ _common_binary_install_dir }}/{{ item }}" | ||
mode: 0755 | ||
owner: root | ||
group: root | ||
loop: "{{ _common_binaries }}" | ||
become: true | ||
notify: | ||
- "{{ ansible_parent_role_names | first }} : Restart {{ _common_service_name }}" | ||
tags: | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}" | ||
- install | ||
- "{{ ansible_parent_role_names | first | regex_replace(ansible_collection_name ~ '.', '') }}_install" |
Oops, something went wrong.