punktDe · medanthelinium · Dec 13, 2023 · Nov 16, 2023 · Nov 16, 2023 · Nov 16, 2023
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,10 @@
+---
+skip_list:
+  - 'risky-shell-pipe'
+  - 'role-name'
+
+warn_list:
+  - package-latest
+  - unnamed-task
+  - command-instead-of-shell
+  - no-handler
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,47 @@
+---
+name: Test
+run-name: Run molecule tests on the role
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: pip install yamllint ansible-lint ansible
+
+      - name: Run ansible-lint
+        run: "ansible-lint"
+
+  molecule:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible docker molecule molecule-plugins
+          sudo apt install rsync
+
+      - name: Install Galaxy dependencies.
+        run: ansible-galaxy collection install community.docker community.mysql
+
+      - name: Run molecule
+        run: "molecule test"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+---
+repos:
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v6.17.2
+    hooks:
+      - id: ansible-lint
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,9 +1,20 @@
 ---
 varnish:
+  service_name: >-
+    {%- if ansible_system == 'Linux' -%}
+      varnish
+    {%- else -%}
+      varnishd
+    {%- endif -%}
   prefix:
-    config: /usr/local/etc/varnish
+    config: >-
+      {%- if ansible_system == 'Linux' -%}
+        /etc/varnish
+      {%- else -%}
+        /usr/local/etc/varnish
+      {%- endif -%}
   bind_addr: "localhost:8080"
   #logformat: '%h "%{X-Forwarded-For}i" %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" "%{Varnish:time_firstbyte}x" %{Varnish:handling}x "%{Content-Type}o" "%{Cookie}i"'
   logformat: >
     {"time": %{"%FT%T%z"}t, "remote_addr": "%h","remote_user": "%u","x_forwarded_for": "%{X-Forwarded-For}i","x_real_ip": "%{X-Real-IP}i","x_request_id": "%{X-Request-ID}i","hit_miss": "%{Varnish:hitmiss}x","body_bytes_sent": "%b","request_time": "%{Varnish:time_firstbyte}x","status": "%s","content_type": "%{Content-Type}o","request": "%r","host": "%{host}i","request_method": "%m","time_first_byte": "%{Varnish:time_firstbyte}x","handling": "%{Varnish:handling}x","http_referrer": "%{Referrer}i","http_user_agent": "%{User-agent}i"}
-  storage: malloc,512M
+  storage: malloc,512M
diff --git a/handlers/main.yaml b/handlers/main.yaml
@@ -1,26 +1,26 @@
 ---
 - name: Start Varnish
-  service:
-    name: varnishd
+  ansible.builtin.service:
+    name: "{{ varnish.service_name }}"
     state: started
   register: varnishd_service_result
   notify: Start Varnishncsa
 
 - name: Restart Varnish
-  service:
-    name: varnishd
+  ansible.builtin.service:
+    name: "{{ varnish.service_name }}"
     state: restarted
   when: not (varnishd_service_result is defined and varnishd_service_result.changed)
   notify: Restart Varnishncsa
 
 - name: Start Varnishncsa
-  service:
+  ansible.builtin.service:
     name: varnishncsa
     state: started
   register: varnishncsa_service_result
 
 - name: Restart Varnishncsa
-  service:
+  ansible.builtin.service:
     name: varnishncsa
     state: restarted
   when: not (varnishncsa_service_result is defined and varnishncsa_service_result.changed)
diff --git a/meta/main.yaml b/meta/main.yaml
@@ -0,0 +1,10 @@
+---
+dependencies: []
+
+galaxy_info:
+  author: "Punkt.de"
+  license: "MIT"
+  description: "Varnish role for Proserver"
+  role_name: "proserver_varnish"
+  namespace: "punktde"
+  min_ansible_version: "2.15"
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include ansible-proserver-varnish"
+      ansible.builtin.include_role:
+        name: "ansible-proserver-varnish"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
+scenario:
+  name: default
+  test_sequence:
+    - destroy
+    - create
+    - converge
+    - verify
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -0,0 +1,26 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Check Varnish status
+      register: varnish_systemd
+      changed_when: no
+      ansible.builtin.command:
+        cmd: systemctl status varnish
+
+    - name: Check Varnishncsa status
+      register: varnishncsa_systemd
+      changed_when: no
+      ansible.builtin.command:
+        cmd: systemctl status varnishncsa
+
+    - name: Debug
+      ansible.builtin.debug:
+        var: varnish_systemd.stdout
+
+    - name: Debug
+      ansible.builtin.debug:
+        var: varnishncsa_systemd.stdout
diff --git a/tasks/install.yaml b/tasks/install.yaml
@@ -0,0 +1,7 @@
+- name: Install varnish
+  notify:
+    - Start Varnish
+    - Start Varnishncsa
+  ansible.builtin.apt:
+    name: varnish
+    update_cache: yes
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -1,2 +1,9 @@
 ---
-- import_tasks: service.yaml
+- ansible.builtin.include_tasks: install.yaml
+  when: "ansible_system == 'Linux'"
+
+- ansible.builtin.include_tasks: service-Debian.yaml
+  when: "ansible_os_family == 'Debian'"
+
+- ansible.builtin.include_tasks: service-FreeBSD.yaml
+  when: "ansible_os_family == 'FreeBSD'"
diff --git a/tasks/service-Debian.yaml b/tasks/service-Debian.yaml
@@ -0,0 +1,48 @@
+---
+- name: Create systemd override folders
+  ansible.builtin.file:
+    path: /etc/systemd/system/{{ item }}.service.d
+    state: directory
+    owner: root
+    mode: "0755"
+  loop:
+    - varnish
+    - varnishncsa
+
+- name: Configure Varnish service override
+  notify:
+    - Restart Varnish
+  ansible.builtin.template:
+    dest: /etc/systemd/system/varnish.service.d/override.conf
+    src: varnish.service.d/override.conf
+    mode: "0644"
+    owner: root
+
+- name: Template a Varnishncsa wrapper script
+  notify:
+    - Restart Varnishncsa
+  ansible.builtin.copy:
+    content: |
+      #! /bin/sh
+      /usr/bin/varnishncsa -a -w /var/log/varnish/varnishncsa.log -D -P /run/varnishncsa/varnishncsa.pid -F {{ varnish.logformat | quote }}
+    dest: "/usr/local/bin/varnishncsa_systemd_wrapper"
+    mode: "0755"
+    owner: "root"
+
+- name: Configure Varnishncsa service override
+  notify:
+    - Restart Varnishncsa
+  ansible.builtin.template:
+    dest: /etc/systemd/system/varnishncsa.service.d/override.conf
+    src: varnishncsa.service.d/override.conf
+    mode: "0644"
+    owner: root
+
+- name: Enable services
+  loop:
+    - "{{ varnish.service_name }}"
+    - varnishncsa
+  ansible.builtin.systemd:
+    daemon_reload: yes
+    name: "{{ item }}"
+    enabled: yes
diff --git a/tasks/service-FreeBSD.yaml b/tasks/service-FreeBSD.yaml
@@ -0,0 +1,31 @@
+---
+- name: Configure Varnish service
+  ansible.builtin.lineinfile:
+    path: "{{ item.rc_conf }}"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    create: yes
+    mode: "0755"
+    owner: "root"
+  with_items:
+    - rc_conf: /usr/local/etc/rc.conf.d/varnishd
+      regexp: "^varnishd_listen="
+      line: >
+        varnishd_listen={{ varnish.bind_addr | trim | quote }}
+    - rc_conf: /usr/local/etc/rc.conf.d/varnishd
+      regexp: "^varnishd_storage="
+      line: >
+        varnishd_storage="{{ varnish.storage | trim | quote }}"
+    - rc_conf: /usr/local/etc/rc.conf.d/varnishncsa
+      regexp: "^varnishncsa_logformat="
+      line: >
+        varnishncsa_logformat={{ varnish.logformat | trim | replace('"', '\"') | quote }}
+  notify:
+    - Restart Varnish
+
+- name: Enable service
+  notify:
+    - Start Varnish
+  ansible.builtin.service:
+    name: "{{ varnish.service_name }}"
+    enabled: yes
diff --git a/tasks/service.yaml b/tasks/service.yaml
diff --git a/templates/varnish.service.d/override.conf b/templates/varnish.service.d/override.conf
@@ -0,0 +1,10 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/varnishd \
+           -j unix,user=vcache \
+           -F \
+           -a :6081 \
+           -T {{ varnish.bind_addr | trim }} \
+           -f /etc/varnish/default.vcl \
+           -S /etc/varnish/secret \
+           -s {{  varnish.storage | trim }}
diff --git a/templates/varnishncsa.service.d/override.conf b/templates/varnishncsa.service.d/override.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/local/bin/varnishncsa_systemd_wrapper