diff --git a/.github/workflows/ansible_lint.yml b/.github/workflows/ansible_lint.yml index 8c295695..55159e30 100644 --- a/.github/workflows/ansible_lint.yml +++ b/.github/workflows/ansible_lint.yml @@ -9,30 +9,11 @@ jobs: ansible_lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Lint Ansible Playbook - # TODO There's work to upgrade to 6.x - uses: ansible/ansible-lint-action@2878af4748adf988a42b3ad88a94051dba635fba + uses: ansible/ansible-lint@v25.9.2 with: - # FIXME - # Globbing is broken at the moment: - # https://github.com/ansible/ansible-lint-action/issues/30 - #targets: "ansible/*.{yaml,yml}" - targets: | - ansible/diagnostic.yml - ansible/flyway.yml - ansible/kaui.yml - ansible/kaui_json_logging.yml - ansible/killbill.yml - ansible/killbill_json_logging.yml - ansible/kpm.yml - ansible/migrations.yml - ansible/plugin.yml - ansible/tomcat.yml - ansible/tomcat_restart.yml - ansible/tomcat_stop.yml - args: "-x 204" - override-deps: | - ansible==2.10.7 - ansible-base==2.10.5 - ansible-lint==5.3.2 + working_directory: ansible/ + args: "-x 204,role-name --skip-list role-name[path],yaml[line-length]" + env: + ANSIBLE_LIBRARY: ${{ github.workspace }}/ansible/library diff --git a/ansible/README.md b/ansible/README.md index a7825830..81007d9b 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -53,15 +53,15 @@ ansible-playbook -i -e java_home=$TARGET_JAVA_HOME tomcat.yml For performance reasons, we recommend installing the Apache Tomcat native libraries. To do so, you need to pass a few more options to the playbook: -* `gnu_arch`: the target architecture (e.g. output of `dpkg-architecture --query DEB_BUILD_GNU_TYPE`). -* `apr_config_path`: the path to `apr-1-config` (you must install the Apache Portable Runtime Library separately, i.e. `libapr1-dev`). +* `tomcat_gnu_arch`: the target architecture (e.g. output of `dpkg-architecture --query DEB_BUILD_GNU_TYPE`). +* `tomcat_apr_config_path`: the path to `apr-1-config` (you must install the Apache Portable Runtime Library separately, i.e. `libapr1-dev`). * `tomcat_native_libdir`: output path where the libraries will be installed. You also need to install the OpenSSL library separately (e.g. `libssl-dev`). ``` -ansible-playbook -i -e java_home=$TARGET_JAVA_HOME -e apr_config_path=/usr/bin/apr-1-config -e gnu_arch=x86_64-linux-gnu -e tomcat_native_libdir=/usr/share/tomcat/native-jni-lib tomcat.yml +ansible-playbook -i -e java_home=$TARGET_JAVA_HOME -e tomcat_apr_config_path=/usr/bin/apr-1-config -e tomcat_gnu_arch=x86_64-linux-gnu -e tomcat_native_libdir=/usr/share/tomcat/native-jni-lib tomcat.yml ``` ## killbill.yml playbook @@ -153,7 +153,7 @@ To build upon these roles, you can create your own play, e.g.: include_role: name: killbill-cloud/ansible/roles/killbill - name: customize Kill Bill - import_tasks: roles/acme/tasks/main.yml + ansible.builtin.import_tasks: roles/acme/tasks/main.yml ``` Note that you need to have your own templates directory, containing your own templates. diff --git a/ansible/diagnostic.yml b/ansible/diagnostic.yml index 5e598cf8..5baaec2b 100644 --- a/ansible/diagnostic.yml +++ b/ansible/diagnostic.yml @@ -2,20 +2,20 @@ - name: Gather diagnostics hosts: all tasks: - - name: setup Ruby - import_tasks: roles/common/tasks/main.yml - - name: setup KPM - import_tasks: roles/kpm/tasks/main.yml - - name: gather diagnostics + - name: Setup Ruby + ansible.builtin.import_tasks: roles/common/tasks/main.yml + - name: Setup KPM + ansible.builtin.import_tasks: roles/kpm/tasks/main.yml + - name: Gather diagnostics killbill_diagnostics: kpm_path: "{{ kpm_path }}" - killbill_url: "{{ killbill_url|default('http://127.0.0.1:8080') }}" + killbill_url: "{{ killbill_url | default('http://127.0.0.1:8080') }}" killbill_web_path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT.war" - killbill_user: "{{ killbill_user|default('admin') }}" - killbill_password: "{{ killbill_password|default('password') }}" - killbill_api_key: "{{ killbill_api_key|default('bob') }}" - killbill_api_secret: "{{ killbill_api_secret|default('lazar') }}" - killbill_account: "{{ killbill_account|default('') }}" + killbill_user: "{{ killbill_user | default('admin') }}" + killbill_password: "{{ killbill_password | default('password') }}" + killbill_api_key: "{{ killbill_api_key | default('bob') }}" + killbill_api_secret: "{{ killbill_api_secret | default('lazar') }}" + killbill_account: "{{ killbill_account | default('') }}" bundles_dir: "{{ kb_plugins_dir }}" log_dir: "{{ catalina_base }}/logs" tags: diagnostics \ No newline at end of file diff --git a/ansible/flyway.yml b/ansible/flyway.yml index bbeed601..acb14c3e 100644 --- a/ansible/flyway.yml +++ b/ansible/flyway.yml @@ -2,7 +2,7 @@ - name: Install Flyway hosts: all tasks: - - name: setup Ruby - import_tasks: roles/common/tasks/main.yml - - name: install Flyway - import_tasks: roles/migrations/tasks/flyway.yml + - name: Setup Ruby + ansible.builtin.import_tasks: roles/common/tasks/main.yml + - name: Install Flyway + ansible.builtin.import_tasks: roles/migrations/tasks/flyway.yml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 1eaeccb4..1b562916 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -28,13 +28,16 @@ kb_config_dir: "{{ kb_install_dir }}/config" kb_plugins_dir: "{{ kb_install_dir }}/bundles" # kpm.yml file kpm_yml: "{{ kb_install_dir }}/kpm.yml" +killbill_kpm_yml: "{{ kb_install_dir }}/kpm.yml" +kaui_kpm_yml: "{{ kb_install_dir }}/kpm.yml" kaui_install_dir: /var/lib/kaui # For consistency as to where the sha1.yml is located kaui_plugins_dir: "{{ kaui_install_dir }}/bundles" flyway_install_dir: /opt -flyway: java -jar {{ flyway_install_dir }}/killbill-flyway.jar -url='{{ lookup('env','KILLBILL_DAO_URL') }}' -user={{ lookup('env','KILLBILL_DAO_USER') }} -password={{ lookup('env','KILLBILL_DAO_PASSWORD') }} +flyway: java -jar {{ flyway_install_dir }}/killbill-flyway.jar -url='{{ lookup('env', 'KILLBILL_DAO_URL') }}' -user={{ lookup('env', 'KILLBILL_DAO_USER') }} -password={{ lookup('env', 'KILLBILL_DAO_PASSWORD') }} + flyway_owner: root flyway_group: root diff --git a/ansible/java.yml b/ansible/java.yml index 68207705..cfb3bfd8 100644 --- a/ansible/java.yml +++ b/ansible/java.yml @@ -6,5 +6,5 @@ default_java_home: /usr/lib/jvm/java-11-openjdk-amd64 java_home: /usr/lib/jvm/default-java tasks: - - name: install Java - import_tasks: roles/tomcat/tasks/java.yml + - name: Install Java + ansible.builtin.import_tasks: roles/tomcat/tasks/java.yml diff --git a/ansible/kaui.yml b/ansible/kaui.yml index 2da45864..5662246a 100644 --- a/ansible/kaui.yml +++ b/ansible/kaui.yml @@ -2,11 +2,11 @@ - name: Deploy Kaui hosts: all vars: - kpm_yml: /var/lib/kaui/kpm.yml + kaui_kpm_yml: /var/lib/kaui/kpm.yml tasks: - - name: setup Ruby - import_tasks: roles/common/tasks/main.yml - - name: setup Tomcat - import_tasks: roles/tomcat/tasks/main.yml - - name: install Kaui - import_tasks: roles/kaui/tasks/main.yml + - name: Setup Ruby + ansible.builtin.import_tasks: roles/common/tasks/main.yml + - name: Setup Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/main.yml + - name: Install Kaui + ansible.builtin.import_tasks: roles/kaui/tasks/main.yml diff --git a/ansible/kaui_json_logging.yml b/ansible/kaui_json_logging.yml index ae14fb49..cad70b58 100644 --- a/ansible/kaui_json_logging.yml +++ b/ansible/kaui_json_logging.yml @@ -2,7 +2,7 @@ - name: Configure Tomcat JSON logging for Kaui hosts: all tasks: - - name: download third-party dependencies - import_tasks: roles/kaui/tasks/json_logging.yml - - name: enable Tomcat JSON logging - import_tasks: roles/tomcat/tasks/json_logging.yml + - name: Download third-party dependencies + ansible.builtin.import_tasks: roles/kaui/tasks/json_logging.yml + - name: Enable Tomcat JSON logging + ansible.builtin.import_tasks: roles/tomcat/tasks/json_logging.yml diff --git a/ansible/killbill.yml b/ansible/killbill.yml index 5999721b..81519ad3 100644 --- a/ansible/killbill.yml +++ b/ansible/killbill.yml @@ -2,9 +2,9 @@ - name: Deploy Kill Bill hosts: all tasks: - - name: setup Ruby - import_tasks: roles/common/tasks/main.yml - - name: setup Tomcat - import_tasks: roles/tomcat/tasks/main.yml - - name: install Kill Bill - import_tasks: roles/killbill/tasks/main.yml + - name: Setup Ruby + ansible.builtin.import_tasks: roles/common/tasks/main.yml + - name: Setup Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/main.yml + - name: Install Kill Bill + ansible.builtin.import_tasks: roles/killbill/tasks/main.yml diff --git a/ansible/killbill_json_logging.yml b/ansible/killbill_json_logging.yml index 03e7075f..8830ea86 100644 --- a/ansible/killbill_json_logging.yml +++ b/ansible/killbill_json_logging.yml @@ -2,5 +2,5 @@ - name: Configure Tomcat JSON logging for Kill Bill hosts: all tasks: - - name: enable Tomcat JSON logging - import_tasks: roles/tomcat/tasks/json_logging.yml + - name: Enable Tomcat JSON logging + ansible.builtin.import_tasks: roles/tomcat/tasks/json_logging.yml diff --git a/ansible/kpm.yml b/ansible/kpm.yml index 755e5522..b10f454a 100644 --- a/ansible/kpm.yml +++ b/ansible/kpm.yml @@ -2,5 +2,5 @@ - name: Deploy KPM hosts: all tasks: - - name: install KPM - import_tasks: roles/kpm/tasks/main.yml + - name: Install KPM + ansible.builtin.import_tasks: roles/kpm/tasks/main.yml diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 2f92b483..a134f58d 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -1,4 +1,7 @@ --- -- name: ansible_ruby_interpreter setup - set_fact: ansible_ruby_interpreter="{{ kpm_path }}/lib/ruby/bin/ruby" +- name: Setup Ansible ruby interpreter + ansible.builtin.set_fact: + ansible_ruby_interpreter: "{{ kpm_path }}/lib/ruby/bin/ruby" tags: common +# noqa: var-naming[no-role-prefix] +# Required for ansible-lint: variable must stay named 'ansible_ruby_interpreter' for Ansible to pick it up \ No newline at end of file diff --git a/ansible/roles/kaui/tasks/json_logging.yml b/ansible/roles/kaui/tasks/json_logging.yml index 0d245777..76d4a336 100644 --- a/ansible/roles/kaui/tasks/json_logging.yml +++ b/ansible/roles/kaui/tasks/json_logging.yml @@ -1,9 +1,10 @@ --- -- name: download Logstash third-party dependencies +- name: Download Logstash third-party dependencies become: true - get_url: + ansible.builtin.get_url: url: "{{ nexus_url }}/{{ nexus_repository }}/{{ item.group_path }}/{{ item.artifact_id }}/{{ item.version }}/{{ item.artifact_id }}-{{ item.version }}.jar" dest: "{{ item.dest }}" + mode: '0644' with_items: - group_path: com/fasterxml/jackson/core artifact_id: jackson-databind @@ -22,9 +23,12 @@ - logstash - download -- name: set correct permissions +- name: Set correct permissions become: true - file: path=/opt/{{ item.name }} owner={{ tomcat_owner }} group={{ tomcat_group }} + ansible.builtin.file: + path: "/opt/{{ item.name }}" + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" with_items: - name: jackson-databind.jar - name: jackson-core.jar @@ -33,8 +37,8 @@ - kaui-logback - logstash -- name: ensure Logstash third-party dependencies exist in the webapp - copy: +- name: Ensure Logstash third-party dependencies exist in the webapp + ansible.builtin.copy: src: "/opt/{{ item.name }}" dest: "{{ catalina_base }}/webapps/ROOT/WEB-INF/lib/{{ item.name }}" owner: "{{ tomcat_owner }}" diff --git a/ansible/roles/kaui/tasks/main.yml b/ansible/roles/kaui/tasks/main.yml index 13c47b65..1d8f32e5 100644 --- a/ansible/roles/kaui/tasks/main.yml +++ b/ansible/roles/kaui/tasks/main.yml @@ -1,15 +1,20 @@ --- -- name: ensure Kaui dirs exist +- name: Ensure Kaui dirs exist become: true - file: path={{ item }} state=directory owner={{ tomcat_owner }} group={{ tomcat_group }} mode=u=rwx,g=rx,o=rx + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + mode: u=rwx,g=rx,o=rx with_items: - "{{ kaui_install_dir }}" - "{{ kaui_plugins_dir }}" tags: kpm-install -- name: generate kpm.yml file if needed +- name: Generate kpm.yml file if needed become: true - template: + ansible.builtin.template: src: "kaui/kpm.yml.j2" dest: "{{ kaui_install_dir }}/kpm.yml" mode: u=rw,g=r,o=r @@ -20,9 +25,9 @@ tags: kpm-install # Generate Kaui-specific Tomcat configuration files based on environment variables -- name: generate Tomcat files +- name: Generate Tomcat files become: true - template: + ansible.builtin.template: src: "{{ item.src }}/{{ item.name }}.j2" dest: "{{ item.dest }}/{{ item.name }}" mode: "{{ item.mode }}" @@ -37,10 +42,10 @@ dest: "{{ catalina_base }}/bin" tags: tomcat -- name: check if a ROOT webapp is already installed - stat: +- name: Check if a ROOT webapp is already installed + ansible.builtin.stat: path: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT" - register: existing_webapp + register: kaui_existing_webapp tags: tomcat # Only run kpm install if there is no exploded webapp already. Otherwise, @@ -48,23 +53,27 @@ # and always download the war. # In practice, this means one cannot just update the version in the kpm.yml file # to update Kaui and re-run the role: one needs to first delete the ROOT directory. -- name: run KPM install +- name: Run KPM install become: true become_user: "{{ tomcat_owner }}" killbill: kpm_path: "{{ kpm_path }}" - kpm_yml: "{{ kpm_yml }}" - when: not existing_webapp.stat.exists + kpm_yml: "{{ kaui_kpm_yml }}" + when: not kaui_existing_webapp.stat.exists tags: kpm-install -- name: set correct permissions +- name: Set correct permissions become: true - file: path={{ kaui_install_dir }} owner={{ tomcat_owner }} group={{ tomcat_group }} recurse=yes + ansible.builtin.file: + path: "{{ kaui_install_dir }}" + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + recurse: yes tags: kpm-install - name: Create ROOT directory to unarchive the WAR become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT" state: directory mode: '0755' @@ -72,7 +81,7 @@ # Expand the WAR to speed up startup - name: Expand WAR file if not already done become: true - command: | + ansible.builtin.command: | "{{ java_home }}/bin/jar" -xf ../ROOT.war args: chdir: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT" @@ -82,7 +91,7 @@ # Generate logback configuration files based on environment variables - name: Copy logback.xml become: true - template: + ansible.builtin.template: src: "kaui/{{ item.name }}.j2" # Placing the logback.xml on the classpath of the webapp is the only way to support per-webapp configuration dest: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT/WEB-INF/classes/logback.xml" @@ -96,7 +105,7 @@ - name: Recursively change ownership for the expanded ROOT become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT" state: directory recurse: yes @@ -107,7 +116,7 @@ - name: Remove root archive become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT.war" state: absent tags: kaui-logback diff --git a/ansible/roles/killbill/tasks/main.yml b/ansible/roles/killbill/tasks/main.yml index 23158eec..d2993358 100644 --- a/ansible/roles/killbill/tasks/main.yml +++ b/ansible/roles/killbill/tasks/main.yml @@ -1,16 +1,21 @@ --- -- name: ensure Kill Bill dirs exist +- name: Ensure Kill Bill dirs exist become: true - file: path={{ item }} state=directory owner={{ tomcat_owner }} group={{ tomcat_group }} mode=u=rwx,g=rx,o=rx + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + mode: u=rwx,g=rx,o=rx with_items: - "{{ kb_config_dir }}" - "{{ kb_plugins_dir }}" tags: kpm-install # Generate Kill Bill placeholder configuration files -- name: generate Kill Bill files +- name: Generate Kill Bill files become: true - template: + ansible.builtin.template: src: "killbill/{{ item.name }}.j2" dest: "{{ kb_config_dir }}/{{ item.name }}" mode: u=rw,g=r,o=r @@ -22,9 +27,9 @@ - name: killbill.properties tags: kpm-install -- name: generate kpm.yml file if needed +- name: Generate kpm.yml file if needed become: true - template: + ansible.builtin.template: src: "killbill/kpm.yml.j2" dest: "{{ kb_install_dir }}/kpm.yml" mode: u=rw,g=r,o=r @@ -35,9 +40,9 @@ tags: kpm-install # Generate Kill Bill-specific Tomcat configuration files based on environment variables -- name: generate Tomcat files +- name: Generate Tomcat files become: true - template: + ansible.builtin.template: src: "{{ item.src }}/{{ item.name }}.j2" dest: "{{ item.dest }}/{{ item.name }}" mode: "{{ item.mode }}" @@ -52,10 +57,10 @@ dest: "{{ catalina_base }}/bin" tags: tomcat -- name: check if a ROOT webapp is already installed - stat: +- name: Check if a ROOT webapp is already installed + ansible.builtin.stat: path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT" - register: existing_webapp + register: killbill_existing_webapp tags: tomcat # Only run kpm install if there is no exploded webapp already. Otherwise, @@ -63,23 +68,27 @@ # and always download the war. # In practice, this means one cannot just update the version in the kpm.yml file # to update Kill Bill and re-run the role: one needs to first delete the ROOT directory. -- name: run KPM install +- name: Run KPM install become: true become_user: "{{ tomcat_owner }}" killbill: kpm_path: "{{ kpm_path }}" - kpm_yml: "{{ kpm_yml }}" - when: not existing_webapp.stat.exists + kpm_yml: "{{ killbill_kpm_yml }}" + when: not killbill_existing_webapp.stat.exists tags: kpm-install -- name: set correct permissions +- name: Set correct permissions become: true - file: path={{ kb_install_dir }} owner={{ tomcat_owner }} group={{ tomcat_group }} recurse=yes + ansible.builtin.file: + path: "{{ kb_install_dir }}" + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + recurse: yes tags: kpm-install - name: Create ROOT directory to unarchive the WAR become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT" state: directory mode: '0755' @@ -87,7 +96,7 @@ # Expand the WAR to speed up startup - name: Expand WAR file if not already done become: true - command: | + ansible.builtin.command: | "{{ java_home }}/bin/jar" -xf ../ROOT.war args: chdir: "{{ catalina_base }}/{{ kb_webapps }}/ROOT" @@ -97,7 +106,7 @@ # Generate logback configuration files based on environment variables - name: Copy logback.xml become: true - template: + ansible.builtin.template: src: "killbill/{{ item.name }}.j2" # Placing the logback.xml on the classpath of the webapp is the only way to support per-webapp configuration dest: "{{ catalina_base }}/{{ kb_webapps }}/ROOT/WEB-INF/classes/logback.xml" @@ -111,7 +120,7 @@ - name: Recursively change ownership for the expanded ROOT become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT" state: directory recurse: yes @@ -122,7 +131,7 @@ - name: Remove root archive become: true - file: + ansible.builtin.file: path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT.war" state: absent tags: killbill-logback diff --git a/ansible/roles/kpm/tasks/main.yml b/ansible/roles/kpm/tasks/main.yml index e7b775e0..cf211746 100644 --- a/ansible/roles/kpm/tasks/main.yml +++ b/ansible/roles/kpm/tasks/main.yml @@ -1,14 +1,14 @@ --- -- name: ensure KPM install dir exists +- name: Ensure KPM install dir exists become: true - file: + ansible.builtin.file: path: "{{ kpm_install_dir }}" state: directory mode: u=rwx,g=rx,o=rx tags: kpm -- name: download kpm release metadata - uri: +- name: Download kpm release metadata + ansible.builtin.uri: url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/installer/kpm/maven-metadata.xml" return_content: yes register: kpm_metadata @@ -16,21 +16,21 @@ tags: kpm # We don't use the xml module to avoid a dependency on lxml -- name: set kpm_version - set_fact: +- name: Set kpm_version + ansible.builtin.set_fact: # maven-metadata.xml is often confusing (wrong?) w.r.t. how and elements are populated. Just pick the last entry of kpm_version: "{{ kpm_metadata.content | regex_findall('(.*)') | last }}" when: kpm_version is undefined tags: kpm -- name: check if KPM is already installed - stat: +- name: Check if KPM is already installed + ansible.builtin.stat: path: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}/kpm" register: kpm_bin tags: kpm -- name: check if pre-built KPM exists for this arch - uri: +- name: Check if pre-built KPM exists for this arch + ansible.builtin.uri: url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/installer/kpm/{{ kpm_version }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}.tar.gz" method: HEAD register: kpm_arch_test @@ -38,20 +38,21 @@ when: not kpm_bin.stat.exists tags: kpm -- name: download noarch KPM +- name: Download noarch KPM become: true - get_url: + ansible.builtin.get_url: # Use the redirect API to support SNAPSHOT url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/installer/kpm/{{ kpm_version }}/kpm-{{ kpm_version }}-noarch.tar.gz" dest: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-noarch.tar.gz" owner: "{{ kpm_owner }}" group: "{{ kpm_group }}" + mode: '0644' when: not kpm_bin.stat.exists and kpm_arch_test.status >= 400 tags: kpm -- name: install noarch KPM +- name: Install noarch KPM become: true - unarchive: + ansible.builtin.unarchive: src: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-noarch.tar.gz" remote_src: True dest: "{{ kpm_install_dir }}" @@ -61,26 +62,31 @@ tags: kpm # To make things easier -- name: rename noarch KPM directory +- name: Rename noarch KPM directory become: true - command: "mv {{ kpm_install_dir }}/kpm-{{ kpm_version }}-noarch {{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" + ansible.builtin.command: + cmd: > + mv {{ kpm_install_dir }}/kpm-{{ kpm_version }}-noarch + {{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }} + creates: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" when: not kpm_bin.stat.exists and kpm_arch_test.status >= 400 tags: kpm -- name: download pre-built KPM +- name: Download pre-built KPM become: true - get_url: + ansible.builtin.get_url: # Use the redirect API to support SNAPSHOT url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/installer/kpm/{{ kpm_version }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}.tar.gz" dest: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}.tar.gz" owner: "{{ kpm_owner }}" group: "{{ kpm_group }}" + mode: '0644' when: not kpm_bin.stat.exists and kpm_arch_test.status < 400 tags: kpm -- name: install pre-built KPM +- name: Install pre-built KPM become: true - unarchive: + ansible.builtin.unarchive: src: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}.tar.gz" remote_src: True dest: "{{ kpm_install_dir }}" @@ -89,22 +95,29 @@ when: not kpm_bin.stat.exists and kpm_arch_test.status < 400 tags: kpm -- name: symlink install directory +- name: Symlink install directory become: true - file: src="{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" path="{{ kpm_path }}" state=link + ansible.builtin.file: + src: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" + path: "{{ kpm_path }}" + state: link tags: kpm # The first time KPM is run, a Gemfile.lock needs to written out -- name: initialize KPM +- name: Initialize KPM become: true - command: | + ansible.builtin.command: | "{{ kpm_path }}/kpm" version args: creates: "{{ kpm_path }}/lib/vendor/Gemfile.lock" tags: kpm # The individual files have the correct permissions already, but not the top directory -- name: set correct permissions +- name: Set correct permissions become: true - file: path="{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" owner={{ kpm_owner }} group={{ kpm_group }} recurse=yes + ansible.builtin.file: + path: "{{ kpm_install_dir }}/kpm-{{ kpm_version }}-linux-{{ ansible_architecture }}" + owner: "{{ kpm_owner }}" + group: "{{ kpm_group }}" + recurse: yes tags: kpm diff --git a/ansible/roles/migrations/tasks/flyway.yml b/ansible/roles/migrations/tasks/flyway.yml index ff5f4eb5..d3165661 100644 --- a/ansible/roles/migrations/tasks/flyway.yml +++ b/ansible/roles/migrations/tasks/flyway.yml @@ -1,43 +1,52 @@ --- -- name: ensure Flyway install dir exists +- name: Ensure Flyway install dir exists become: true - file: path={{ flyway_install_dir }} state=directory mode=u=rwx,g=rx,o=rx + ansible.builtin.file: + path: "{{ flyway_install_dir }}" + state: directory + mode: u=rwx,g=rx,o=rx tags: migrations # Note: we don't check the version but the binary is rarely updated -- name: check if Flyway is already installed - stat: +- name: Check if Flyway is already installed + ansible.builtin.stat: path: "{{ flyway_install_dir }}/killbill-flyway.jar" - register: flyway_bin + register: migrations_flyway_bin tags: migrations -- block: - - name: download killbill-flyway release metadata - uri: +- name: Download Kill Bill Flyway metadata + when: not migrations_flyway_bin.stat.exists + tags: migrations + block: + - name: Download killbill-flyway release metadata + ansible.builtin.uri: url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/killbill-util/maven-metadata.xml" return_content: yes - register: flyway_metadata - when: flyway_version is undefined + register: migrations_flyway_metadata + when: migrations_flyway_version is undefined tags: migrations # We don't use the xml module to avoid a dependency on lxml - - name: set flyway_version - set_fact: - flyway_version: "{{ flyway_metadata.content | regex_search('(.*)', '\\1') | first }}" - when: flyway_version is undefined + - name: Set migrations_flyway_version + ansible.builtin.set_fact: + migrations_flyway_version: "{{ migrations_flyway_metadata.content | regex_search('(.*)', '\\1') | first }}" + when: migrations_flyway_version is undefined tags: migrations - - name: install Flyway + - name: Install Flyway become: true # maven_artifact module requires xml on the host - get_url: - url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/killbill-util/{{ flyway_version }}/killbill-util-{{ flyway_version }}-flyway.jar" + ansible.builtin.get_url: + url: "{{ nexus_url }}/{{ nexus_repository }}/org/kill-bill/billing/killbill-util/{{ migrations_flyway_version }}/killbill-util-{{ migrations_flyway_version }}-flyway.jar" dest: "{{ flyway_install_dir }}/killbill-flyway.jar" + mode: '0644' tags: migrations - when: not flyway_bin.stat.exists - tags: migrations -- name: set correct permissions + +- name: Set correct permissions become: true - file: path="{{ flyway_install_dir }}/killbill-flyway.jar" owner={{ flyway_owner }} group={{ flyway_group }} + ansible.builtin.file: + path: "{{ flyway_install_dir }}/killbill-flyway.jar" + owner: "{{ flyway_owner }}" + group: "{{ flyway_group }}" tags: migrations diff --git a/ansible/roles/migrations/tasks/main.yml b/ansible/roles/migrations/tasks/main.yml index 48bc5f59..2b48119c 100644 --- a/ansible/roles/migrations/tasks/main.yml +++ b/ansible/roles/migrations/tasks/main.yml @@ -1,43 +1,45 @@ --- -- name: fetch all migrations +- name: Fetch all migrations killbill_migrations: kpm_path: "{{ kpm_path }}" bundles_dir: "{{ kb_plugins_dir }}" kaui_web_path: "{{ catalina_base }}/{{ kaui_webapps }}/ROOT.war" killbill_web_path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT.war" kpm_yml: "{{ kpm_yml }}" - gh_token: "{{ gh_token|default('') }}" - register: migrations + gh_token: "{{ gh_token | default('') }}" + register: migrations_result tags: migrations -- include_tasks: flyway.yml +- name: Include flyway.yml + ansible.builtin.include_tasks: flyway.yml vars: - flyway_version: "{{ migrations['migrations']['from'] }}" + migrations_flyway_version: "{{ migrations_result['migrations']['from'] }}" -- name: generate Flyway baseline tables - command: "{{ flyway }} -locations=filesystem:{{ item['dir'] }} -table={{ item['table'] }} baseline" +- name: Generate Flyway baseline tables + ansible.builtin.command: "{{ flyway }} -locations=filesystem:{{ item['dir'] }} -table={{ item['table'] }} baseline" with_items: - - "{{ migrations['migrations']['killbill'] }}" - - "{{ migrations['migrations']['plugins']['java'] }}" + - "{{ migrations_result['migrations']['killbill'] }}" + - "{{ migrations_result['migrations']['plugins']['java'] }}" when: item['dir'] is defined - register: baselineout - failed_when: baselineout.rc != 0 and 'as it already contains migrations' not in baselineout.stderr - changed_when: "'already initialized with' not in baselineout.stdout and 'as it already contains migrations' not in baselineout.stderr" + register: migrations_baselineout + failed_when: migrations_baselineout.rc != 0 and 'as it already contains migrations' not in migrations_baselineout.stderr + changed_when: "'already initialized with' not in migrations_baselineout.stdout and 'as it already contains migrations' not in migrations_baselineout.stderr" tags: migrations # We verify that all migrations can be generated before attempting to run them one by one -- name: validate SQL migrations for Kill Bill and Java plugins - command: "{{ flyway }} -locations=filesystem:{{ item['dir'] }} -table={{ item['table'] }} dryRunMigrate" +- name: Validate SQL migrations for Kill Bill and Java plugins + ansible.builtin.command: "{{ flyway }} -locations=filesystem:{{ item['dir'] }} -table={{ item['table'] }} dryRunMigrate" with_items: - - "{{ migrations['migrations']['killbill'] }}" - - "{{ migrations['migrations']['plugins']['java'] }}" + - "{{ migrations_result['migrations']['killbill'] }}" + - "{{ migrations_result['migrations']['plugins']['java'] }}" when: item['dir'] is defined changed_when: False - register: java_dry_run_migrations + register: migrations_java_dry_run_migrations tags: migrations # Run core migrations -- include_tasks: migrate.yml +- name: Run core migrations + ansible.builtin.include_tasks: migrate.yml loop: - "{{ migrations['migrations']['killbill'] }}" loop_control: @@ -45,8 +47,9 @@ when: migration['dir'] is defined # Run plugin migrations -- include_tasks: migrate.yml - loop: "{{ migrations['migrations']['plugins']['java']|flatten(levels=1) }}" +- name: Run plugin migrations + ansible.builtin.include_tasks: migrate.yml + loop: "{{ migrations['migrations']['plugins']['java'] | flatten(levels=1) }}" loop_control: loop_var: migration when: migration['dir'] is defined diff --git a/ansible/roles/migrations/tasks/migrate.yml b/ansible/roles/migrations/tasks/migrate.yml index 8617e8f1..c6312701 100644 --- a/ansible/roles/migrations/tasks/migrate.yml +++ b/ansible/roles/migrations/tasks/migrate.yml @@ -1,49 +1,61 @@ -- name: generate SQL migration - command: "{{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} dryRunMigrate" - register: java_dry_run_migrations - changed_when: java_dry_run_migrations.stdout_lines +- name: Generate SQL migration + ansible.builtin.command: "{{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} dryRunMigrate" + register: migrations_java_dry_run_migrations + changed_when: migrations_java_dry_run_migrations.stdout_lines tags: migrations -- name: check if there's nothing to do - debug: msg="No migration to run for {{ migration['from_tag'] }} -> {{ migration['to_tag'] }}" - when: java_dry_run_migrations.stdout.find("BEGIN;\nCOMMIT;") != -1 +- name: Check if there's nothing to do + ansible.builtin.debug: + msg: "No migration to run for {{ migration['from_tag'] }} -> {{ migration['to_tag'] }}" + when: migrations_java_dry_run_migrations.stdout.find("BEGIN;\nCOMMIT;") != -1 tags: migrations -- block: - - name: print migrations - debug: msg="{{ java_dry_run_migrations.stdout_lines }}" - when: java_dry_run_migrations.stdout_lines +- name: SQL migration + when: migrations_java_dry_run_migrations.stdout.find("BEGIN;\nCOMMIT;") == -1 + block: + - name: Print migrations + ansible.builtin.debug: + msg: "{{ migrations_java_dry_run_migrations.stdout_lines }}" + when: migrations_java_dry_run_migrations.stdout_lines tags: migrations - - name: prompt for SQL migration - pause: prompt='Should I run these migrations? Enter yes or no' - register: should_continue - when: java_dry_run_migrations.stdout_lines is defined + - name: Prompt for SQL migration + ansible.builtin.pause: + prompt: 'Should I run these migrations? Enter yes or no' + register: migrations_should_continue + when: migrations_java_dry_run_migrations.stdout_lines is defined tags: migrations - - block: - - name: run SQL migration - command: "{{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} -validateOnMigrate=false migrate" - register: java_migrations + - name: Run migration + when: migrations_should_continue.user_input | bool + block: + - name: Run SQL migration + ansible.builtin.command: "{{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} -validateOnMigrate=false migrate" + register: migrations_flyway_result ignore_errors: True + changed_when: false tags: migrations - - debug: msg="{{ java_migrations.stdout_lines }}" - when: java_migrations.stdout_lines + - name: Show Flyway migration output (stdout) + ansible.builtin.debug: + msg: "{{ migrations_flyway_result.stdout_lines }}" + when: migrations_flyway_result.stdout_lines tags: migrations - - debug: msg="{{ java_migrations.stderr_lines }}" - when: java_migrations.stderr_lines + - name: Show Flyway migration output (stderr) + ansible.builtin.debug: + msg: "{{ migrations_flyway_result.stderr_lines }}" + when: migrations_flyway_result.stderr_lines tags: migrations - - name: fail the play if the schema_version table is corrupted - fail: msg="schema_version corrupted. Try running {{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} repair" - when: java_migrations.rc != 0 and 'contains a failed migration' in java_migrations.stderr + - name: Fail the play if the schema_version table is corrupted + ansible.builtin.fail: + msg: "schema_version corrupted. Try running {{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} repair" + when: migrations_flyway_result.rc != 0 and 'contains a failed migration' in migrations_flyway_result.stderr tags: migrations - - name: fail the play if the migrations did not succeed - fail: msg="Migrations failed. You need to fix the tables, adjust the schema_version table manually (i.e. insert a line for that migration or update the status to success) and run {{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} repair" - when: java_migrations.rc != 0 and 'contains a failed migration' not in java_migrations.stderr + - name: Fail the play if the migrations did not succeed + ansible.builtin.fail: + msg: "Migrations failed. You need to fix the tables, adjust the schema_version table manually (i.e. insert a line for that migration or update the status to success) and run {{ flyway }} -locations=filesystem:{{ migration['dir'] }} -table={{ migration['table'] }} repair" + when: migrations_flyway_result.rc != 0 and 'contains a failed migration' not in migrations_flyway_result.stderr tags: migrations - when: should_continue.user_input | bool - when: java_dry_run_migrations.stdout.find("BEGIN;\nCOMMIT;") == -1 diff --git a/ansible/roles/tomcat/tasks/install.yml b/ansible/roles/tomcat/tasks/install.yml index 0d588fca..08fad0ed 100644 --- a/ansible/roles/tomcat/tasks/install.yml +++ b/ansible/roles/tomcat/tasks/install.yml @@ -1,23 +1,23 @@ --- -- name: ensure Tomcat install dir exists +- name: Ensure Tomcat install dir exists become: true - file: + ansible.builtin.file: path: "{{ tomcat_install_dir }}" state: directory mode: u=rwx,g=rx,o=rx tags: install -- name: add Tomcat group +- name: Add Tomcat group become: true - group: + ansible.builtin.group: name: "{{ tomcat_group }}" state: present tags: install # Expect bash to be present -- we haven't tested the scripts with other shells -- name: add Tomcat user +- name: Add Tomcat user become: true - user: + ansible.builtin.user: name: "{{ tomcat_owner }}" comment: Kill Bill Tomcat owner group: "{{ tomcat_group }}" @@ -27,8 +27,8 @@ state: present tags: install -- name: download Tomcat release metadata - uri: +- name: Download Tomcat release metadata + ansible.builtin.uri: url: "{{ nexus_url }}/{{ nexus_repository }}/org/apache/tomcat/tomcat/maven-metadata.xml" return_content: yes register: tomcat_metadata @@ -36,15 +36,15 @@ tags: install # We don't use the xml module to avoid a dependency on lxml -- name: set tomcat_version - set_fact: +- name: Set tomcat_version + ansible.builtin.set_fact: tomcat_version: "{{ tomcat_metadata.content | regex_findall('(9.0.*)', '\\1') | last }}" when: tomcat_version is undefined tags: install -- name: install Tomcat +- name: Install Tomcat become: true - unarchive: + ansible.builtin.unarchive: src: "http://archive.apache.org/dist/tomcat/tomcat-9/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz" remote_src: True dest: "{{ tomcat_install_dir }}" @@ -53,20 +53,27 @@ tags: install # The individual files have the correct permissions already, but not the top directory -- name: set correct permissions +- name: Set correct permissions become: true - file: path="{{ tomcat_install_dir }}/apache-tomcat-{{ tomcat_version }}" owner={{ tomcat_owner }} group={{ tomcat_group }} recurse=yes + ansible.builtin.file: + path: "{{ tomcat_install_dir }}/apache-tomcat-{{ tomcat_version }}" + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + recurse: yes tags: install -- name: symlink install directory +- name: Symlink install directory become: true - file: src="{{ tomcat_install_dir }}/apache-tomcat-{{ tomcat_version }}" path="{{ catalina_home }}" state=link + ansible.builtin.file: + src: "{{ tomcat_install_dir }}/apache-tomcat-{{ tomcat_version }}" + path: "{{ catalina_home }}" + state: link tags: install -- name: set required Tomcat environment variables +- name: Set required Tomcat environment variables become: true become_user: "{{ tomcat_owner }}" - lineinfile: + ansible.builtin.lineinfile: line: "export {{ item.key }}={{ item.value }}" regexp: "^export {{ item.key }}=" path: "{{ tomcat_home }}/.profile" diff --git a/ansible/roles/tomcat/tasks/java.yml b/ansible/roles/tomcat/tasks/java.yml index 7f4e7822..415dbeb4 100644 --- a/ansible/roles/tomcat/tasks/java.yml +++ b/ansible/roles/tomcat/tasks/java.yml @@ -1,16 +1,16 @@ --- -- name: install java +- name: Install java become: true - package: > - name={{ item }} - state=present + ansible.builtin.package: + name: "{{ item }}" + state: present with_items: - "{{ java_package }}" tags: java -- name: set default Java +- name: Set default Java become: true - file: + ansible.builtin.file: src: "{{ item.src }}" dest: "{{ item.dest }}" state: link diff --git a/ansible/roles/tomcat/tasks/json_logging.yml b/ansible/roles/tomcat/tasks/json_logging.yml index cc67b92b..e5f70b22 100644 --- a/ansible/roles/tomcat/tasks/json_logging.yml +++ b/ansible/roles/tomcat/tasks/json_logging.yml @@ -1,23 +1,27 @@ --- -- name: download Logstash dependency +- name: Download Logstash dependency become: true - get_url: + ansible.builtin.get_url: url: "{{ nexus_url }}/{{ nexus_repository }}/net/logstash/logback/logstash-logback-encoder/6.4/logstash-logback-encoder-6.4.jar" dest: /opt/logstash-logback-encoder.jar + mode: '0644' tags: - killbill-logback - logstash - download -- name: set correct permissions +- name: Set correct permissions become: true - file: path=/opt/logstash-logback-encoder.jar owner={{ tomcat_owner }} group={{ tomcat_group }} + ansible.builtin.file: + path: /opt/logstash-logback-encoder.jar + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" tags: - killbill-logback - logstash -- name: ensure Logstash dependency exists in the webapp - copy: +- name: Ensure Logstash dependency exists in the webapp + ansible.builtin.copy: src: /opt/logstash-logback-encoder.jar dest: "{{ catalina_base }}/webapps/ROOT/WEB-INF/lib/logstash-logback-encoder.jar" owner: "{{ tomcat_owner }}" diff --git a/ansible/roles/tomcat/tasks/main.yml b/ansible/roles/tomcat/tasks/main.yml index 6f0c7827..ee2c4285 100644 --- a/ansible/roles/tomcat/tasks/main.yml +++ b/ansible/roles/tomcat/tasks/main.yml @@ -1,7 +1,12 @@ --- -- name: ensure Tomcat dirs exist +- name: Ensure Tomcat dirs exist become: true - file: path={{ catalina_base }}/{{ item }} state=directory owner={{ tomcat_owner }} group={{ tomcat_group }} mode=u=rwx,g=rx,o=rx + ansible.builtin.file: + path: "{{ catalina_base }}/{{ item }}" + state: directory + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + mode: u=rwx,g=rx,o=rx with_items: - bin - conf @@ -14,9 +19,9 @@ tags: tomcat # Generate Tomcat configuration files based on environment variables -- name: generate Tomcat files +- name: Generate Tomcat files become: true - template: + ansible.builtin.template: src: "{{ item.src }}/{{ item.name }}.j2" dest: "{{ item.dest }}/{{ item.name }}" mode: "{{ item.mode }}" diff --git a/ansible/roles/tomcat/tasks/native.yml b/ansible/roles/tomcat/tasks/native.yml index 22f04a92..1cca7d4b 100644 --- a/ansible/roles/tomcat/tasks/native.yml +++ b/ansible/roles/tomcat/tasks/native.yml @@ -1,108 +1,122 @@ --- -- name: set tomcat_native_libdir - set_fact: +- name: Set tomcat_native_libdir + ansible.builtin.set_fact: tomcat_native_libdir: "{{ catalina_home }}/native-jni-lib" when: tomcat_native_libdir is undefined tags: native -- name: check if native libaries are already built - stat: +- name: Check if native libaries are already built + ansible.builtin.stat: path: "{{ tomcat_native_libdir }}/libtcnative-1.so" - register: libtcnative + register: tomcat_libtcnative tags: native -- block: - - block: - - name: install toolchain - become: true - package: > - name={{ item }} - state=latest - with_items: - - dpkg-dev - - gcc - - libapr1-dev - - libssl-dev - - make - tags: native +- name: Build Tomcat native libraries + when: not tomcat_libtcnative.stat.exists + tags: native + block: - - name: find apr-1-config path - shell: which apr-1-config - register: apr_config_path_output + - name: Prepare build toolchain + when: tomcat_apr_config_path is undefined tags: native + block: + - name: Install toolchain + become: true + ansible.builtin.package: + name: "{{ item }}" + state: present + with_items: + - dpkg-dev + - gcc + - libapr1-dev + - libssl-dev + - make + tags: native - - name: set apr_config_path - set_fact: - apr_config_path: "{{ apr_config_path_output.stdout }}" - tags: native - when: apr_config_path is undefined - tags: native + - name: Find apr-1-config path + ansible.builtin.command: which apr-1-config + register: tomcat_apr_config_path_output + changed_when: false + tags: native - - block: - - name: find gnu_arch path - shell: dpkg-architecture --query DEB_BUILD_GNU_TYPE - register: gnu_arch_output - tags: native + - name: Set tomcat_apr_config_path + ansible.builtin.set_fact: + tomcat_apr_config_path: "{{ tomcat_apr_config_path_output.stdout }}" + tags: native - - name: set gnu_arch - set_fact: - gnu_arch: "{{ gnu_arch_output.stdout }}" + - name: Detect GNU architecture + when: tomcat_gnu_arch is undefined tags: native - when: gnu_arch is undefined - tags: native + block: + - name: Find tomcat_gnu_arch path + ansible.builtin.command: dpkg-architecture --query DEB_BUILD_GNU_TYPE + register: tomcat_gnu_arch_output + changed_when: false + tags: native + + - name: Set tomcat_gnu_arch + ansible.builtin.set_fact: + tomcat_gnu_arch: "{{ tomcat_gnu_arch_output.stdout }}" + tags: native - - name: create temporary build directory - tempfile: - state: directory - suffix: tomcat-native-build - register: workspace - tags: native + - name: Create temporary build directory + ansible.builtin.tempfile: + state: directory + suffix: tomcat-native-build + register: tomcat_workspace + tags: native - # become: true needed here as the user SSH'ing in might not be able to open /usr/share/tomcat/bin - - name: expand native libraries archive - become: true - unarchive: - src: "{{ catalina_home }}/bin/tomcat-native.tar.gz" - dest: "{{ workspace.path }}" - extra_opts: [--strip-components=1] - owner: "{{ ansible_user_id }}" - remote_src: yes - tags: native + # become: true needed here as the user SSH'ing in might not be able to open /usr/share/tomcat/bin + - name: Expand native libraries archive + become: true + ansible.builtin.unarchive: + src: "{{ catalina_home }}/bin/tomcat-native.tar.gz" + dest: "{{ tomcat_workspace.path }}" + extra_opts: [--strip-components=1] + owner: "{{ ansible_user_id }}" + remote_src: yes + tags: native - - name: configure native libraries - command: > - ./configure - --build="{{ gnu_arch }}" - --libdir="{{ tomcat_native_libdir }}" - --prefix="{{ catalina_home }}" - --with-apr="{{ apr_config_path }}" - --with-java-home="{{ java_home }}" - --with-ssl=yes - chdir="{{ workspace.path }}/native" - tags: native + - name: Configure native libraries + ansible.builtin.command: + cmd: > + ./configure + --build="{{ tomcat_gnu_arch }}" + --libdir="{{ tomcat_native_libdir }}" + --prefix="{{ catalina_home }}" + --with-apr="{{ tomcat_apr_config_path }}" + --with-java-home="{{ java_home }}" + --with-ssl=yes + chdir: "{{ tomcat_workspace.path }}/native" + changed_when: false + tags: native - - name: build native libraries - command: > - make all - chdir="{{ workspace.path }}/native" - tags: native + - name: Build native libraries + ansible.builtin.command: + cmd: make all + chdir: "{{ tomcat_workspace.path }}/native" + changed_when: false + tags: native - - name: install native libraries - become: true - command: > - make install - chdir="{{ workspace.path }}/native" - tags: native + - name: Install native libraries + become: true + ansible.builtin.command: + cmd: make install + chdir: "{{ tomcat_workspace.path }}/native" + changed_when: false + tags: native - - name: set correct permissions - become: true - file: path={{ tomcat_native_libdir }} owner={{ tomcat_owner }} group={{ tomcat_group }} recurse=yes - tags: install + - name: Set correct permissions + become: true + ansible.builtin.file: + path: "{{ tomcat_native_libdir }}" + owner: "{{ tomcat_owner }}" + group: "{{ tomcat_group }}" + recurse: yes + tags: install - - name: remove temporary directory - file: - path="{{ workspace.path }}" - state=absent - tags: native - when: not libtcnative.stat.exists - tags: native + - name: Remove temporary directory + ansible.builtin.file: + path: "{{ tomcat_workspace.path }}" + state: absent + tags: native diff --git a/ansible/roles/tomcat/tasks/restart.yml b/ansible/roles/tomcat/tasks/restart.yml index 8a07e12e..7763180e 100644 --- a/ansible/roles/tomcat/tasks/restart.yml +++ b/ansible/roles/tomcat/tasks/restart.yml @@ -1,28 +1,31 @@ --- -- include: stop.yml +- name: Stop Tomcat + ansible.builtin.include_tasks: stop.yml -- name: start Tomcat +- name: Start Tomcat become: true become_user: "{{ tomcat_owner }}" environment: CATALINA_BASE: "{{ catalina_base }}" CATALINA_PID: "{{ catalina_base }}/tomcat.pid" - command: "nohup {{ catalina_home }}/bin/catalina.sh start" + ansible.builtin.command: "nohup {{ catalina_home }}/bin/catalina.sh start" args: chdir: "{{ catalina_base }}" when: - catalina_home is defined - not tomcat_foreground + changed_when: false -- name: run Tomcat +- name: Run Tomcat become: true become_user: "{{ tomcat_owner }}" environment: CATALINA_BASE: "{{ catalina_base }}" CATALINA_PID: "{{ catalina_base }}/tomcat.pid" - command: "{{ catalina_home }}/bin/catalina.sh run" + ansible.builtin.command: "{{ catalina_home }}/bin/catalina.sh run" args: chdir: "{{ catalina_base }}" when: - catalina_home is defined - tomcat_foreground + changed_when: false \ No newline at end of file diff --git a/ansible/roles/tomcat/tasks/stop.yml b/ansible/roles/tomcat/tasks/stop.yml index 2e9bb8f7..b934f49c 100644 --- a/ansible/roles/tomcat/tasks/stop.yml +++ b/ansible/roles/tomcat/tasks/stop.yml @@ -1,52 +1,58 @@ --- -- name: check Tomcat PID file - stat: path="{{ catalina_base }}/tomcat.pid" +- name: Check Tomcat PID file + ansible.builtin.stat: + path: "{{ catalina_base }}/tomcat.pid" register: tomcat_pid when: - catalina_home is defined + changed_when: false tags: stop -- name: stop Tomcat (with PID file) +- name: Stop Tomcat (with PID file) become: true become_user: "{{ tomcat_owner }}" environment: CATALINA_BASE: "{{ catalina_base }}" CATALINA_PID: "{{ catalina_base }}/tomcat.pid" - command: "{{ catalina_home }}/bin/catalina.sh stop 30 -force" + ansible.builtin.command: "{{ catalina_home }}/bin/catalina.sh stop 30 -force" when: - catalina_home is defined - tomcat_pid is not defined or tomcat_pid.stat.exists + changed_when: false tags: stop -- name: stop Tomcat (without PID file) +- name: Stop Tomcat (without PID file) become: true become_user: "{{ tomcat_owner }}" environment: CATALINA_BASE: "{{ catalina_base }}" - command: "{{ catalina_home }}/bin/catalina.sh stop 30 -force" + ansible.builtin.command: "{{ catalina_home }}/bin/catalina.sh stop 30 -force" when: - catalina_home is defined - tomcat_pid is not defined or not tomcat_pid.stat.exists + changed_when: false tags: stop -- name: check if war file exists - stat: +- name: Check if war file exists + ansible.builtin.stat: path: "{{ catalina_base }}/{{ kb_webapps }}/ROOT.war" - register: war + register: tomcat_war tags: - tomcat_cleanup - stop -- name: clean up Tomcat deployment files +- name: Clean up Tomcat deployment files become: true become_user: "{{ tomcat_owner }}" - file: path={{ catalina_base }}/{{ item }} state=absent + ansible.builtin.file: + path: "{{ catalina_base }}/{{ item }}" + state: absent with_items: - "{{ kb_webapps }}/ROOT" - work/ when: - catalina_home is defined - - war.stat.exists + - tomcat_war.stat.exists tags: - tomcat_cleanup - stop diff --git a/ansible/tomcat.yml b/ansible/tomcat.yml index 1c3747a2..5541a7e8 100644 --- a/ansible/tomcat.yml +++ b/ansible/tomcat.yml @@ -2,10 +2,10 @@ - name: Deploy Tomcat hosts: all tasks: - - name: install Tomcat - import_tasks: roles/tomcat/tasks/install.yml - - name: install Tomcat native libraries - import_tasks: roles/tomcat/tasks/native.yml + - name: Install Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/install.yml + - name: Install Tomcat native libraries + ansible.builtin.import_tasks: roles/tomcat/tasks/native.yml when: java_home is defined - - name: setup Tomcat - import_tasks: roles/tomcat/tasks/main.yml + - name: Setup Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/main.yml diff --git a/ansible/tomcat_restart.yml b/ansible/tomcat_restart.yml index a462774a..5590b602 100644 --- a/ansible/tomcat_restart.yml +++ b/ansible/tomcat_restart.yml @@ -3,5 +3,5 @@ hosts: all become: yes tasks: - - name: restart Tomcat - import_tasks: roles/tomcat/tasks/restart.yml + - name: Restart Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/restart.yml diff --git a/ansible/tomcat_stop.yml b/ansible/tomcat_stop.yml index 66a02eda..df5666d8 100644 --- a/ansible/tomcat_stop.yml +++ b/ansible/tomcat_stop.yml @@ -3,5 +3,5 @@ hosts: all become: yes tasks: - - name: stop Tomcat - import_tasks: roles/tomcat/tasks/stop.yml + - name: Stop Tomcat + ansible.builtin.import_tasks: roles/tomcat/tasks/stop.yml