From aa0c43d547667646e6e3e822af45ee2500c5c1cb Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Thu, 16 Nov 2023 11:07:22 +0100 Subject: [PATCH 1/4] Add Linux support --- .ansible-lint | 10 ++++ .github/workflows/test.yml | 47 ++++++++++++++++++ .pre-commit-config.yaml | 6 +++ .yamllint | 33 +++++++++++++ defaults/main.yaml | 8 +++- handlers/main.yaml | 4 +- molecule/default/converge.yml | 7 +++ molecule/default/molecule.yml | 27 +++++++++++ molecule/default/verify.yml | 24 ++++++++++ tasks/install.yaml | 7 +++ tasks/main.yaml | 9 +++- tasks/service-Debian.yaml | 48 +++++++++++++++++++ tasks/service-FreeBSD.yaml | 29 +++++++++++ tasks/service.yaml | 32 ------------- templates/varnish.service.d/override.conf | 10 ++++ templates/varnishncsa.service.d/override.conf | 3 ++ 16 files changed, 268 insertions(+), 36 deletions(-) create mode 100644 .ansible-lint create mode 100644 .github/workflows/test.yml create mode 100644 .pre-commit-config.yaml create mode 100644 .yamllint create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml create mode 100644 tasks/install.yaml create mode 100644 tasks/service-Debian.yaml create mode 100644 tasks/service-FreeBSD.yaml delete mode 100644 tasks/service.yaml create mode 100644 templates/varnish.service.d/override.conf create mode 100644 templates/varnishncsa.service.d/override.conf diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..09987cd --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,10 @@ +--- +skip_list: + - 'risky-shell-pipe' + - 'role-name' + +warn_list: + - package-latest + - unnamed-task + - command-instead-of-shell + - no-handler diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..3429c27 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,47 @@ +--- +name: Test +run-name: Run molecule tests on the role +on: + push: + workflow_dispatch: + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies. + run: pip install yamllint ansible-lint ansible + + - name: Run ansible-lint + run: "ansible-lint" + + molecule: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install dependencies. + run: | + python -m pip install --upgrade pip + pip install ansible docker molecule molecule-plugins + sudo apt install rsync + + - name: Install Galaxy dependencies. + run: ansible-galaxy collection install community.docker community.mysql + + - name: Run molecule + run: "molecule test" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..53611d0 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,6 @@ +--- +repos: + - repo: https://github.com/ansible/ansible-lint.git + rev: v6.17.2 + hooks: + - id: ansible-lint diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/defaults/main.yaml b/defaults/main.yaml index bc783ff..2ed4744 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -1,9 +1,15 @@ --- varnish: + service_name: >- + {%- if ansible_system == 'Linux' -%} + varnish + {%- else -%} + varnishd + {%- endif -%} prefix: config: /usr/local/etc/varnish bind_addr: "localhost:8080" #logformat: '%h "%{X-Forwarded-For}i" %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" "%{Varnish:time_firstbyte}x" %{Varnish:handling}x "%{Content-Type}o" "%{Cookie}i"' logformat: > {"time": %{"%FT%T%z"}t, "remote_addr": "%h","remote_user": "%u","x_forwarded_for": "%{X-Forwarded-For}i","x_real_ip": "%{X-Real-IP}i","x_request_id": "%{X-Request-ID}i","hit_miss": "%{Varnish:hitmiss}x","body_bytes_sent": "%b","request_time": "%{Varnish:time_firstbyte}x","status": "%s","content_type": "%{Content-Type}o","request": "%r","host": "%{host}i","request_method": "%m","time_first_byte": "%{Varnish:time_firstbyte}x","handling": "%{Varnish:handling}x","http_referrer": "%{Referrer}i","http_user_agent": "%{User-agent}i"} - storage: malloc,512M \ No newline at end of file + storage: malloc,512M diff --git a/handlers/main.yaml b/handlers/main.yaml index 15f82fb..ace6113 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1,14 +1,14 @@ --- - name: Start Varnish service: - name: varnishd + name: "{{ varnish.service_name }}" state: started register: varnishd_service_result notify: Start Varnishncsa - name: Restart Varnish service: - name: varnishd + name: "{{ varnish.service_name }}" state: restarted when: not (varnishd_service_result is defined and varnishd_service_result.changed) notify: Restart Varnishncsa diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..564752b --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ansible-proserver-varnish" + ansible.builtin.include_role: + name: "ansible-proserver-varnish" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..c549054 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,27 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: geerlingguy/docker-ubuntu2204-ansible + command: /lib/systemd/systemd + pre_build_image: true + privileged: true + cgroupns_mode: host + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} +verifier: + name: ansible +scenario: + name: default + test_sequence: + - destroy + - create + - converge + - verify diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..29e4694 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,24 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Check Varnish status + register: varnish_systemd + ansible.builtin.command: + cmd: systemctl status varnish + + - name: Check Varnishncsa status + register: varnishncsa_systemd + ansible.builtin.command: + cmd: systemctl status varnishncsa + + - name: Debug + debug: + var: varnish_systemd.stdout + + - name: Debug + debug: + var: varnishncsa_systemd.stdout diff --git a/tasks/install.yaml b/tasks/install.yaml new file mode 100644 index 0000000..4a8da01 --- /dev/null +++ b/tasks/install.yaml @@ -0,0 +1,7 @@ +- name: Install varnish + notify: + - Start Varnish + - Start Varnishncsa + ansible.builtin.apt: + name: varnish + update_cache: yes diff --git a/tasks/main.yaml b/tasks/main.yaml index 30fb8d3..a112b2f 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -1,2 +1,9 @@ --- -- import_tasks: service.yaml +- ansible.builtin.include_tasks: install.yaml + when: "ansible_system == 'Linux'" + +- ansible.builtin.include_tasks: service-Debian.yaml + when: "ansible_os_family == 'Debian'" + +- ansible.builtin.include_tasks: service-FreeBSD.yaml + when: "ansible_os_family == 'FreeBSD'" diff --git a/tasks/service-Debian.yaml b/tasks/service-Debian.yaml new file mode 100644 index 0000000..63c1fd5 --- /dev/null +++ b/tasks/service-Debian.yaml @@ -0,0 +1,48 @@ +--- +- name: Create systemd override folders + ansible.builtin.file: + path: /etc/systemd/system/{{ item }}.service.d + state: directory + owner: root + mode: "0755" + loop: + - varnish + - varnishncsa + +- name: Configure Varnish service override + notify: + - Restart Varnish + ansible.builtin.template: + dest: /etc/systemd/system/varnish.service.d/override.conf + src: varnish.service.d/override.conf + mode: "0644" + owner: root + +- name: Template a Varnishncsa wrapper script + notify: + - Restart Varnishncsa + ansible.builtin.copy: + content: | + #! /bin/sh + /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid -F {{ varnish.logformat | quote }} + dest: "/usr/local/bin/varnishncsa_systemd_wrapper" + mode: "0755" + owner: "root" + +- name: Configure Varnishncsa service override + notify: + - Restart Varnishncsa + ansible.builtin.template: + dest: /etc/systemd/system/varnishncsa.service.d/override.conf + src: varnishncsa.service.d/override.conf + mode: "0644" + owner: root + +- name: Enable services + loop: + - "{{ varnish.service_name }}" + - varnishncsa + ansible.builtin.systemd: + daemon_reload: yes + name: "{{ item }}" + enabled: yes diff --git a/tasks/service-FreeBSD.yaml b/tasks/service-FreeBSD.yaml new file mode 100644 index 0000000..4a03097 --- /dev/null +++ b/tasks/service-FreeBSD.yaml @@ -0,0 +1,29 @@ +--- +- name: Configure Varnish service + ansible.builtin.lineinfile: + path: "{{ item.rc_conf }}" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + create: yes + with_items: + - rc_conf: /usr/local/etc/rc.conf.d/varnishd + regexp: "^varnishd_listen=" + line: > + varnishd_listen={{ varnish.bind_addr | trim | quote }} + - rc_conf: /usr/local/etc/rc.conf.d/varnishd + regexp: "^varnishd_storage=" + line: > + varnishd_storage="{{ varnish.storage | trim | quote }}" + - rc_conf: /usr/local/etc/rc.conf.d/varnishncsa + regexp: "^varnishncsa_logformat=" + line: > + varnishncsa_logformat={{ varnish.logformat | trim | replace('"', '\"') | quote }} + notify: + - Restart Varnish + +- name: Enable service + notify: + - Start Varnish + ansible.builtin.service: + name: "{{ varnish.service_name }}" + enabled: yes diff --git a/tasks/service.yaml b/tasks/service.yaml deleted file mode 100644 index 34c0f93..0000000 --- a/tasks/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: Configure Varnish service - lineinfile: path="{{ item.rc_conf }}" regexp="{{ item.regexp }}" line="{{ item.line }}" create=yes - loop_control: - label: "{{ item.rc_conf }} {{ item.line }}" - with_items: - - rc_conf: /usr/local/etc/rc.conf.d/varnishd - regexp: "^varnishd_listen=" - line: > - varnishd_listen={{ varnish.bind_addr|trim|quote }} - - rc_conf: /usr/local/etc/rc.conf.d/varnishd - regexp: "^varnishd_storage=" - line: > - varnishd_storage="{{ varnish.storage|trim|quote }}" - - rc_conf: /usr/local/etc/rc.conf.d/varnishncsa - regexp: "^varnishncsa_logformat=" - line: > - varnishncsa_logformat={{ varnish.logformat|trim|replace('"', '\"')|quote }} - notify: - - Restart Varnish - -- name: Enable service - lineinfile: path="{{ rc_conf }}" regexp="^{{ item }}_enable=" line="{{ item }}_enable="YES"" - loop_control: - label: "{{ rc_conf }} service={{ item }}" - vars: - rc_conf: /etc/rc.conf - with_items: - - varnishd - - varnishncsa - notify: - - Start Varnish diff --git a/templates/varnish.service.d/override.conf b/templates/varnish.service.d/override.conf new file mode 100644 index 0000000..f6a1ea7 --- /dev/null +++ b/templates/varnish.service.d/override.conf @@ -0,0 +1,10 @@ +[Service] +ExecStart= +ExecStart=/usr/sbin/varnishd \ + -j unix,user=vcache \ + -F \ + -a :6081 \ + -T {{ varnish.bind_addr | trim }} \ + -f /etc/varnish/default.vcl \ + -S /etc/varnish/secret \ + -s {{ varnish.storage | trim }} diff --git a/templates/varnishncsa.service.d/override.conf b/templates/varnishncsa.service.d/override.conf new file mode 100644 index 0000000..da40054 --- /dev/null +++ b/templates/varnishncsa.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/local/bin/varnishncsa_systemd_wrapper From ff04a7ee1f7c98908e4776f9c10cbe4a1eb822d4 Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Thu, 16 Nov 2023 11:10:55 +0100 Subject: [PATCH 2/4] Apply linting suggestions --- handlers/main.yaml | 8 ++++---- molecule/default/verify.yml | 6 ++++-- tasks/service-FreeBSD.yaml | 2 ++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/handlers/main.yaml b/handlers/main.yaml index ace6113..20b1556 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1,26 +1,26 @@ --- - name: Start Varnish - service: + ansible.builtin.service: name: "{{ varnish.service_name }}" state: started register: varnishd_service_result notify: Start Varnishncsa - name: Restart Varnish - service: + ansible.builtin.service: name: "{{ varnish.service_name }}" state: restarted when: not (varnishd_service_result is defined and varnishd_service_result.changed) notify: Restart Varnishncsa - name: Start Varnishncsa - service: + ansible.builtin.service: name: varnishncsa state: started register: varnishncsa_service_result - name: Restart Varnishncsa - service: + ansible.builtin.service: name: varnishncsa state: restarted when: not (varnishncsa_service_result is defined and varnishncsa_service_result.changed) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 29e4694..10bbcc9 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -7,18 +7,20 @@ tasks: - name: Check Varnish status register: varnish_systemd + changed_when: no ansible.builtin.command: cmd: systemctl status varnish - name: Check Varnishncsa status register: varnishncsa_systemd + changed_when: no ansible.builtin.command: cmd: systemctl status varnishncsa - name: Debug - debug: + ansible.builtin.debug: var: varnish_systemd.stdout - name: Debug - debug: + ansible.builtin.debug: var: varnishncsa_systemd.stdout diff --git a/tasks/service-FreeBSD.yaml b/tasks/service-FreeBSD.yaml index 4a03097..10dcb0d 100644 --- a/tasks/service-FreeBSD.yaml +++ b/tasks/service-FreeBSD.yaml @@ -5,6 +5,8 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" create: yes + mode: "0755" + owner: "root" with_items: - rc_conf: /usr/local/etc/rc.conf.d/varnishd regexp: "^varnishd_listen=" From 63e7bf1d8fd393c678538ae77bd32cccfae8743e Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Thu, 16 Nov 2023 11:41:50 +0100 Subject: [PATCH 3/4] Adjust config path for Linux --- defaults/main.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/defaults/main.yaml b/defaults/main.yaml index 2ed4744..afa93b9 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -7,7 +7,12 @@ varnish: varnishd {%- endif -%} prefix: - config: /usr/local/etc/varnish + config: >- + {%- if ansible_system == 'Linux' -%} + /etc/varnish + {%- else -%} + /usr/local/etc/varnish + {%- endif -%} bind_addr: "localhost:8080" #logformat: '%h "%{X-Forwarded-For}i" %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" "%{Varnish:time_firstbyte}x" %{Varnish:handling}x "%{Content-Type}o" "%{Cookie}i"' logformat: > From 6952a96ff9187c06cd0759a5ec5ddbc794e6374c Mon Sep 17 00:00:00 2001 From: Wolfgang Date: Wed, 13 Dec 2023 16:43:10 +0100 Subject: [PATCH 4/4] Add meta --- meta/main.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 meta/main.yaml diff --git a/meta/main.yaml b/meta/main.yaml new file mode 100644 index 0000000..7561b53 --- /dev/null +++ b/meta/main.yaml @@ -0,0 +1,10 @@ +--- +dependencies: [] + +galaxy_info: + author: "Punkt.de" + license: "MIT" + description: "Varnish role for Proserver" + role_name: "proserver_varnish" + namespace: "punktde" + min_ansible_version: "2.15"