diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..09987cd --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,10 @@ +--- +skip_list: + - 'risky-shell-pipe' + - 'role-name' + +warn_list: + - package-latest + - unnamed-task + - command-instead-of-shell + - no-handler diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..3429c27 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,47 @@ +--- +name: Test +run-name: Run molecule tests on the role +on: + push: + workflow_dispatch: + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies. + run: pip install yamllint ansible-lint ansible + + - name: Run ansible-lint + run: "ansible-lint" + + molecule: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies. + run: | + python -m pip install --upgrade pip + pip install ansible docker molecule molecule-plugins + sudo apt install rsync + + - name: Install Galaxy dependencies. + run: ansible-galaxy collection install community.docker community.mysql + + - name: Run molecule + run: "molecule test" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..53611d0 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +--- +repos: + - repo: https://github.com/ansible/ansible-lint.git + rev: v6.17.2 + hooks: + - id: ansible-lint diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/defaults/main.yaml b/defaults/main.yaml index bc783ff..afa93b9 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,9 +1,20 @@ --- varnish: + service_name: >- + {%- if ansible_system == 'Linux' -%} + varnish + {%- else -%} + varnishd + {%- endif -%} prefix: - config: /usr/local/etc/varnish + config: >- + {%- if ansible_system == 'Linux' -%} + /etc/varnish + {%- else -%} + /usr/local/etc/varnish + {%- endif -%} bind_addr: "localhost:8080" #logformat: '%h "%{X-Forwarded-For}i" %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" "%{Varnish:time_firstbyte}x" %{Varnish:handling}x "%{Content-Type}o" "%{Cookie}i"' logformat: > {"time": %{"%FT%T%z"}t, "remote_addr": "%h","remote_user": "%u","x_forwarded_for": "%{X-Forwarded-For}i","x_real_ip": "%{X-Real-IP}i","x_request_id": "%{X-Request-ID}i","hit_miss": "%{Varnish:hitmiss}x","body_bytes_sent": "%b","request_time": "%{Varnish:time_firstbyte}x","status": "%s","content_type": "%{Content-Type}o","request": "%r","host": "%{host}i","request_method": "%m","time_first_byte": "%{Varnish:time_firstbyte}x","handling": "%{Varnish:handling}x","http_referrer": "%{Referrer}i","http_user_agent": "%{User-agent}i"} - storage: malloc,512M \ No newline at end of file + storage: malloc,512M diff --git a/handlers/main.yaml b/handlers/main.yaml index 15f82fb..20b1556 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1,26 +1,26 @@ --- - name: Start Varnish - service: - name: varnishd + ansible.builtin.service: + name: "{{ varnish.service_name }}" state: started register: varnishd_service_result notify: Start Varnishncsa - name: Restart Varnish - service: - name: varnishd + ansible.builtin.service: + name: "{{ varnish.service_name }}" state: restarted when: not (varnishd_service_result is defined and varnishd_service_result.changed) notify: Restart Varnishncsa - name: Start Varnishncsa - service: + ansible.builtin.service: name: varnishncsa state: started register: varnishncsa_service_result - name: Restart Varnishncsa - service: + ansible.builtin.service: name: varnishncsa state: restarted when: not (varnishncsa_service_result is defined and varnishncsa_service_result.changed) diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..7561b53 --- /dev/null +++ b/meta/main.yaml @@ -0,0 +1,10 @@ +--- +dependencies: [] + +galaxy_info: + author: "Punkt.de" + license: "MIT" + description: "Varnish role for Proserver" + role_name: "proserver_varnish" + namespace: "punktde" + min_ansible_version: "2.15" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..564752b --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ansible-proserver-varnish" + ansible.builtin.include_role: + name: "ansible-proserver-varnish" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..c549054 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,27 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: geerlingguy/docker-ubuntu2204-ansible + command: /lib/systemd/systemd + pre_build_image: true + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} +verifier: + name: ansible +scenario: + name: default + test_sequence: + - destroy + - create + - converge + - verify diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..10bbcc9 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,26 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Check Varnish status + register: varnish_systemd + changed_when: no + ansible.builtin.command: + cmd: systemctl status varnish + + - name: Check Varnishncsa status + register: varnishncsa_systemd + changed_when: no + ansible.builtin.command: + cmd: systemctl status varnishncsa + + - name: Debug + ansible.builtin.debug: + var: varnish_systemd.stdout + + - name: Debug + ansible.builtin.debug: + var: varnishncsa_systemd.stdout diff --git a/tasks/install.yaml b/tasks/install.yaml new file mode 100644 index 0000000..4a8da01 --- /dev/null +++ b/tasks/install.yaml @@ -0,0 +1,7 @@ +- name: Install varnish + notify: + - Start Varnish + - Start Varnishncsa + ansible.builtin.apt: + name: varnish + update_cache: yes diff --git a/tasks/main.yaml b/tasks/main.yaml index 30fb8d3..a112b2f 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,2 +1,9 @@ --- -- import_tasks: service.yaml +- ansible.builtin.include_tasks: install.yaml + when: "ansible_system == 'Linux'" + +- ansible.builtin.include_tasks: service-Debian.yaml + when: "ansible_os_family == 'Debian'" + +- ansible.builtin.include_tasks: service-FreeBSD.yaml + when: "ansible_os_family == 'FreeBSD'" diff --git a/tasks/service-Debian.yaml b/tasks/service-Debian.yaml new file mode 100644 index 0000000..63c1fd5 --- /dev/null +++ b/tasks/service-Debian.yaml @@ -0,0 +1,48 @@ +--- +- name: Create systemd override folders + ansible.builtin.file: + path: /etc/systemd/system/{{ item }}.service.d + state: directory + owner: root + mode: "0755" + loop: + - varnish + - varnishncsa + +- name: Configure Varnish service override + notify: + - Restart Varnish + ansible.builtin.template: + dest: /etc/systemd/system/varnish.service.d/override.conf + src: varnish.service.d/override.conf + mode: "0644" + owner: root + +- name: Template a Varnishncsa wrapper script + notify: + - Restart Varnishncsa + ansible.builtin.copy: + content: | + #! /bin/sh + /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid -F {{ varnish.logformat | quote }} + dest: "/usr/local/bin/varnishncsa_systemd_wrapper" + mode: "0755" + owner: "root" + +- name: Configure Varnishncsa service override + notify: + - Restart Varnishncsa + ansible.builtin.template: + dest: /etc/systemd/system/varnishncsa.service.d/override.conf + src: varnishncsa.service.d/override.conf + mode: "0644" + owner: root + +- name: Enable services + loop: + - "{{ varnish.service_name }}" + - varnishncsa + ansible.builtin.systemd: + daemon_reload: yes + name: "{{ item }}" + enabled: yes diff --git a/tasks/service-FreeBSD.yaml b/tasks/service-FreeBSD.yaml new file mode 100644 index 0000000..10dcb0d --- /dev/null +++ b/tasks/service-FreeBSD.yaml @@ -0,0 +1,31 @@ +--- +- name: Configure Varnish service + ansible.builtin.lineinfile: + path: "{{ item.rc_conf }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + create: yes + mode: "0755" + owner: "root" + with_items: + - rc_conf: /usr/local/etc/rc.conf.d/varnishd + regexp: "^varnishd_listen=" + line: > + varnishd_listen={{ varnish.bind_addr | trim | quote }} + - rc_conf: /usr/local/etc/rc.conf.d/varnishd + regexp: "^varnishd_storage=" + line: > + varnishd_storage="{{ varnish.storage | trim | quote }}" + - rc_conf: /usr/local/etc/rc.conf.d/varnishncsa + regexp: "^varnishncsa_logformat=" + line: > + varnishncsa_logformat={{ varnish.logformat | trim | replace('"', '\"') | quote }} + notify: + - Restart Varnish + +- name: Enable service + notify: + - Start Varnish + ansible.builtin.service: + name: "{{ varnish.service_name }}" + enabled: yes diff --git a/tasks/service.yaml b/tasks/service.yaml deleted file mode 100644 index 34c0f93..0000000 --- a/tasks/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Configure Varnish service - lineinfile: path="{{ item.rc_conf }}" regexp="{{ item.regexp }}" line="{{ item.line }}" create=yes - loop_control: - label: "{{ item.rc_conf }} {{ item.line }}" - with_items: - - rc_conf: /usr/local/etc/rc.conf.d/varnishd - regexp: "^varnishd_listen=" - line: > - varnishd_listen={{ varnish.bind_addr|trim|quote }} - - rc_conf: /usr/local/etc/rc.conf.d/varnishd - regexp: "^varnishd_storage=" - line: > - varnishd_storage="{{ varnish.storage|trim|quote }}" - - rc_conf: /usr/local/etc/rc.conf.d/varnishncsa - regexp: "^varnishncsa_logformat=" - line: > - varnishncsa_logformat={{ varnish.logformat|trim|replace('"', '\"')|quote }} - notify: - - Restart Varnish - -- name: Enable service - lineinfile: path="{{ rc_conf }}" regexp="^{{ item }}_enable=" line="{{ item }}_enable="YES"" - loop_control: - label: "{{ rc_conf }} service={{ item }}" - vars: - rc_conf: /etc/rc.conf - with_items: - - varnishd - - varnishncsa - notify: - - Start Varnish diff --git a/templates/varnish.service.d/override.conf b/templates/varnish.service.d/override.conf new file mode 100644 index 0000000..f6a1ea7 --- /dev/null +++ b/templates/varnish.service.d/override.conf @@ -0,0 +1,10 @@ +[Service] +ExecStart= +ExecStart=/usr/sbin/varnishd \ + -j unix,user=vcache \ + -F \ + -a :6081 \ + -T {{ varnish.bind_addr | trim }} \ + -f /etc/varnish/default.vcl \ + -S /etc/varnish/secret \ + -s {{ varnish.storage | trim }} diff --git a/templates/varnishncsa.service.d/override.conf b/templates/varnishncsa.service.d/override.conf new file mode 100644 index 0000000..da40054 --- /dev/null +++ b/templates/varnishncsa.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/local/bin/varnishncsa_systemd_wrapper