ansible/xoxys.redis
0
0
Fork 0
Code Issues Pull Requests Releases Activity

refactor: move to podman container setup #2

Closed
xoxys wants to merge 6 commits from podman into main
pull from: podman
merge into: ansible:main
Conversation 0 Commits 6 Files Changed 31 +206 -467
31 changed files with 206 additions and 467 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.drone.jsonnet
View File

@ -41,7 +41,7 @@ local PipelineLinting = {
},
};
local PipelineDeployment(scenario='centos7') = {
local PipelineDeployment(scenario='rocky9') = {
kind: 'pipeline',
name: 'testing-' + scenario,
platform: {
@ -115,8 +115,7 @@ local PipelineDocumentation = {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
depends_on: [
'testing-centos7',
'testing-rocky8',
'testing-rocky9',
],
};
@ -154,8 +153,7 @@ local PipelineNotification = {
[
PipelineLinting,
PipelineDeployment(scenario='centos7'),
PipelineDeployment(scenario='rocky8'),
PipelineDeployment(scenario='rocky9'),
PipelineDocumentation,
PipelineNotification,
]

42
.drone.yml
View File

@ -36,7 +36,7 @@ trigger:
---
kind: pipeline
name: testing-centos7
name: testing-rocky9
platform:
os: linux
@ -53,40 +53,7 @@ steps:
- name: ansible-molecule
image: thegeeklab/molecule:4
commands:
- molecule test -s centos7
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- linting
---
kind: pipeline
name: testing-rocky8
platform:
os: linux
arch: amd64
concurrency:
limit: 1
workspace:
base: /drone/src
path: ${DRONE_REPO_NAME}
steps:
- name: ansible-molecule
image: thegeeklab/molecule:4
commands:
- molecule test -s rocky8
- molecule test -s rocky9
environment:
HCLOUD_TOKEN:
from_secret: hcloud_token
@ -141,8 +108,7 @@ trigger:
- refs/pull/**
depends_on:
- testing-centos7
- testing-rocky8
- testing-rocky9
---
kind: pipeline
@ -182,6 +148,6 @@ depends_on:
---
kind: signature
hmac: dec6aa01a8f45bf0df631d884b32a8f54cbec15cf265d35df7e35c123f8bf106
hmac: 053e75bd2320d802f29f8332d78cdb4b2c838315d678b7d1dc687d58dadc097c
...

70
defaults/main.yml
View File

@ -1,30 +1,52 @@
---
# @var redis_packages:description: >
# Define a list of packages to install. The default packages depend on the OS version.
redis_image: "docker.io/library/redis:latest"
# @var redis_volumes:description: > Define required docker volumes.
# @end
# @var redis_packages:default: $ "_unset_"
# @var redis_volumes:example: >
# redis_volumes:
# - name: data
# # target location inside the container
# dest: /data
# type: volume
# @end
redis_volumes:
- name: "redis-data"
dest: /data
# @var redis_packages_extra:description: Can be used to install other dependency packages.
redis_packages_extra: []
# @var redis_network:description: >
# Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration.
# Otherwise, the network must already exist and the container will be attached to the network.
# @end
redis_network: "redis.network"
redis_network_ipv6_enabled: False
# @var redis_network_ipv6_subnet:value: $ "_unset_"
# @var redis_network_ipv6_subnet:example: $ "fd00:0:0:2::/64"
# @var redis_network_ipv6_gateway:value: $ "_unset_"
# @var redis_network_ipv6_gateway:example: $ "fd00:0:0:2::1"
redis_daemon: redis
# @var redis_network_ipv4_subnet:value: $ "_unset_"
# @var redis_network_ipv4_gateway:value: $ "_unset_"
redis_conf_path: /etc/redis.conf
redis_dbdir: /var/lib/redis
redis_logfile: /var/log/redis/redis.log
redis_pidfile: "/var/run/redis_{{ redis_port }}.pid"
# @var redis_exposed_ports:description: >
# Ports you want to publish outside of Docker. Redis is running on `6379` inside of the container.
# @end
redis_exposed_ports: []
redis_daemonize: "no"
redis_supervised: "no"
redis_cap_add: []
redis_cap_drop: []
redis_podman_args:
- --pids-limit=-1
- --health-cmd='["redis-cli ping | grep PONG"]'
- --health-interval=5s
- --health-timeout=5s
- --health-retries=6
- --health-on-failure=kill
redis_log_level: "notice"
redis_port: 6379
redis_bind_interface: 127.0.0.1
# @var redis_unixsocket:value: $ "_unset_"
redis_timeout: 300
redis_loglevel: "notice"
# @var redis_logfile:description: Can be used to change the redis log file path
redis_databases: 16
# @var redis_save:description: Set to an empty set to disable persistence (saving the DB to disk).
@ -34,19 +56,9 @@ redis_save:
- 60 10000
redis_rdbcompression: "yes"
redis_dbfilename: dump.rdb
# @var redis_dbdir:description: Can be used to change the redis dbdir path
redis_maxmemory: 0
redis_maxmemory_policy: "noeviction"
redis_maxmemory_samples: 5
redis_appendonly: "no"
redis_appendfsync: "everysec"
# @var redis_includes:description: Add extra include files for local configuration/overrides.
redis_includes: []
# @var redis_requirepass:description: Require authentication to Redis with a password.
# @var redis_requirepass:value: $ "_unset_"

7
handlers/main.yml
View File

@ -1,10 +1,7 @@
---
- name: Restart Redis
service:
name: "{{ redis_daemon }}"
name: redis
state: restarted
daemon_reload: yes
enabled: yes
daemon_reload: True
listen: __redis_restart
become: True
become_user: root

8
meta/main.yml
View File

@ -14,10 +14,14 @@ galaxy_info:
# @end
description: Setup Redis server
license: MIT
min_ansible_version: #
min_ansible_version: "2.10"
platforms:
- name: EL
versions:
- 7
- "9"
galaxy_tags: []
dependencies: []
collections:
- xoxys.general
- community.general
- containers.podman

9
molecule/centos7/converge.yml
View File

@ -1,9 +0,0 @@
---
- name: Converge
hosts: all
vars:
redis_packages_extra:
- https://repo.ius.io/ius-release-el7.rpm
- https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
roles:
- role: xoxys.redis

24
molecule/centos7/molecule.yml
View File

@ -1,24 +0,0 @@
---
dependency:
name: galaxy
options:
role-file: molecule/requirements.yml
requirements-file: molecule/requirements.yml
env:
ANSIBLE_GALAXY_DISPLAY_PROGRESS: "false"
driver:
name: delegated
platforms:
- name: centos7-redis
image: centos-7
server_type: cx11
lint: |
/usr/local/bin/flake8
provisioner:
name: ansible
env:
ANSIBLE_FILTER_PLUGINS: ${ANSIBLE_FILTER_PLUGINS:-./plugins/filter}
ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-./library}
log: False
verifier:
name: testinfra

2
molecule/default
View File

@ -1 +1 @@
rocky8
rocky9

10
molecule/requirements.yml
View File

@ -1,6 +1,12 @@
---
collections:
- name: https://gitea.rknet.org/ansible/xoxys.general/releases/download/v2.1.1/xoxys-general-2.1.1.tar.gz
- name: https://gitea.rknet.org/ansible/xoxys.general
type: git
- name: community.general
- name: containers.podman
roles: []
roles:
- src: https://gitea.rknet.org/ansible/xoxys.podman
name: xoxys.podman
scm: git
version: main

5
molecule/rocky8/converge.yml
View File

@ -1,5 +0,0 @@
---
- name: Converge
hosts: all
roles:
- role: xoxys.redis

120
molecule/rocky8/create.yml
View File

@ -1,120 +0,0 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
no_log: "{{ molecule_no_log }}"
vars:
ssh_port: 22
ssh_user: root
ssh_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
tasks:
- name: Create SSH key
user:
name: "{{ lookup('env', 'USER') }}"
generate_ssh_key: true
ssh_key_file: "{{ ssh_path }}"
force: true
register: generated_ssh_key
- name: Register the SSH key name
set_fact:
ssh_key_name: "molecule-generated-{{ 12345 | random | to_uuid }}"
- name: Register SSH key for test instance(s)
hcloud_ssh_key:
name: "{{ ssh_key_name }}"
public_key: "{{ generated_ssh_key.ssh_public_key }}"
state: present
- name: Create molecule instance(s)
hcloud_server:
name: "{{ item.name }}"
server_type: "{{ item.server_type }}"
ssh_keys:
- "{{ ssh_key_name }}"
image: "{{ item.image }}"
location: "{{ item.location | default(omit) }}"
datacenter: "{{ item.datacenter | default(omit) }}"
user_data: "{{ item.user_data | default(omit) }}"
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
state: present
register: server
loop: "{{ molecule_yml.platforms }}"
async: 7200
poll: 0
- name: Wait for instance(s) creation to complete
async_status:
jid: "{{ item.ansible_job_id }}"
register: hetzner_jobs
until: hetzner_jobs.finished
retries: 300
loop: "{{ server.results }}"
- name: Create volume(s)
hcloud_volume:
name: "{{ item.name }}"
server: "{{ item.name }}"
location: "{{ item.location | default(omit) }}"
size: "{{ item.volume_size | default(10) }}"
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
state: "present"
loop: "{{ molecule_yml.platforms }}"
when: item.volume | default(False) | bool
register: volumes
async: 7200
poll: 0
- name: Wait for volume(s) creation to complete
async_status:
jid: "{{ item.ansible_job_id }}"
register: hetzner_volumes
until: hetzner_volumes.finished
retries: 300
when: volumes.changed
loop: "{{ volumes.results }}"
# Mandatory configuration for Molecule to function.
- name: Populate instance config dict
set_fact:
instance_conf_dict:
{
"instance": "{{ item.hcloud_server.name }}",
"ssh_key_name": "{{ ssh_key_name }}",
"address": "{{ item.hcloud_server.ipv4_address }}",
"user": "{{ ssh_user }}",
"port": "{{ ssh_port }}",
"identity_file": "{{ ssh_path }}",
"volume": "{{ item.item.item.volume | default(False) | bool }}",
}
loop: "{{ hetzner_jobs.results }}"
register: instance_config_dict
when: server.changed | bool
- name: Convert instance config dict to a list
set_fact:
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
when: server.changed | bool
- name: Dump instance config
copy:
content: |
# Molecule managed
{{ instance_conf | to_nice_yaml(indent=2) }}
dest: "{{ molecule_instance_config }}"
when: server.changed | bool
- name: Wait for SSH
wait_for:
port: "{{ ssh_port }}"
host: "{{ item.address }}"
search_regex: SSH
delay: 10
loop: "{{ lookup('file', molecule_instance_config) | from_yaml }}"
- name: Wait for VM to settle down
pause:
seconds: 30

78
molecule/rocky8/destroy.yml
View File

@ -1,78 +0,0 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
no_log: "{{ molecule_no_log }}"
tasks:
- name: Check existing instance config file
stat:
path: "{{ molecule_instance_config }}"
register: cfg
- name: Populate the instance config
set_fact:
instance_conf: "{{ (lookup('file', molecule_instance_config) | from_yaml) if cfg.stat.exists else [] }}"
- name: Destroy molecule instance(s)
hcloud_server:
name: "{{ item.instance }}"
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
state: absent
register: server
loop: "{{ instance_conf }}"
async: 7200
poll: 0
- name: Wait for instance(s) deletion to complete
async_status:
jid: "{{ item.ansible_job_id }}"
register: hetzner_jobs
until: hetzner_jobs.finished
retries: 300
loop: "{{ server.results }}"
- pause:
seconds: 5
- name: Destroy volume(s)
hcloud_volume:
name: "{{ item.instance }}"
server: "{{ item.instance }}"
api_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
state: "absent"
register: volumes
loop: "{{ instance_conf }}"
when: item.volume | default(False) | bool
async: 7200
poll: 0
- name: Wait for volume(s) deletion to complete
async_status:
jid: "{{ item.ansible_job_id }}"
register: hetzner_volumes
until: hetzner_volumes.finished
retries: 300
when: volumes.changed
loop: "{{ volumes.results }}"
- name: Remove registered SSH key
hcloud_ssh_key:
name: "{{ instance_conf[0].ssh_key_name }}"
state: absent
when: (instance_conf | default([])) | length > 0
# Mandatory configuration for Molecule to function.
- name: Populate instance config
set_fact:
instance_conf: {}
- name: Dump instance config
copy:
content: |
# Molecule managed
{{ instance_conf | to_nice_yaml(indent=2) }}
dest: "{{ molecule_instance_config }}"
when: server.changed | bool

15
molecule/rocky8/prepare.yml
View File

@ -1,15 +0,0 @@
---
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Bootstrap python for Ansible
raw: |
command -v python3 python || (
(test -e /usr/bin/dnf && sudo dnf install -y python3) ||
(test -e /usr/bin/apt && (apt -y update && apt install -y python-minimal)) ||
(test -e /usr/bin/yum && sudo yum -y -qq install python3) ||
echo "Warning: Python not boostrapped due to unknown platform."
)
become: true
changed_when: false

18
molecule/rocky8/tests/test_default.py
View File

@ -1,18 +0,0 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
def test_redis_running_and_enabled(host):
redis = host.service("redis")
assert redis.is_running
assert redis.is_enabled
def test_redis_socket(host):
# Verify the socket is listening for redis traffic
assert host.socket("tcp://127.0.0.1:6379").is_listening

9
molecule/rocky9/converge.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
roles:
- role: xoxys.podman
- role: xoxys.redis
vars:
redis_exposed_ports:
- 127.0.0.1:6379:6379

0
molecule/centos7/create.yml → molecule/rocky9/create.yml
View File

1
molecule/rocky9/default Symbolic link
View File

@ -0,0 +1 @@
default

0
molecule/centos7/destroy.yml → molecule/rocky9/destroy.yml
View File

4
molecule/rocky8/molecule.yml → molecule/rocky9/molecule.yml
View File

@ -9,8 +9,8 @@ dependency:
driver:
name: delegated
platforms:
- name: rocky8-redis
image: rocky-8
- name: rocky9-redis
image: rocky-9
server_type: cx11
lint: |
/usr/local/bin/flake8

0
molecule/centos7/prepare.yml → molecule/rocky9/prepare.yml
View File

0
molecule/centos7/tests/test_default.py → molecule/rocky9/tests/test_default.py
View File

67
tasks/main.yml
View File

@ -1,15 +1,56 @@
---
- include_vars: "{{ var_files }}"
vars:
var_files: "{{ lookup('first_found', params, errors='ignore') }}"
params:
files:
- "{{ ansible_lsb.id | default('') | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version }}.yml"
- "{{ ansible_os_family | lower }}.yml"
paths:
- "vars"
when: var_files
- block:
- name: Create network specs
template:
src: etc/containers/systemd/redis.network.j2
dest: "/etc/containers/systemd/redis.network"
owner: root
group: root
mode: "0640"
when: redis_network | splitext | last == ".network"
notify: __redis_restart
- include_tasks: overwrites.yml
- include_tasks: setup.yml
- name: Create container volumes
containers.podman.podman_volume:
name: "{{ item.name }}"
options: "{{ item.options | default(omit) }}"
state: "{{ item.state | default('present') }}"
loop: "{{ redis_volumes }}"
loop_control:
label: "{{ item.name }}"
when: item.type | default("volume") | lower == "volume"
register: __redis_volumes_raw
- name: Register container volumes map
set_fact:
__redis_volumes_map: "{{ __redis_volumes_raw.results | json_query('[].volume') | items2dict(key_name='Name', value_name='Mountpoint') }}"
- name: Deploy redis env files
template:
src: "etc/containers/systemd/{{ item }}.j2"
dest: "/etc/containers/systemd/{{ item }}"
owner: root
group: root
mode: "0640"
loop:
- redis.env
- redis.sys.env
notify: __redis_restart
- name: Create container specs
template:
src: etc/containers/systemd/redis.container.j2
dest: "/etc/containers/systemd/redis.container"
owner: root
group: root
mode: "0640"
notify: __redis_restart
- name: Ensure service state
systemd:
name: "redis.service"
state: started
daemon_reload: True
enabled: True
become: True
become_user: root

5
tasks/overwrites.yml
View File

@ -1,5 +0,0 @@
---
- name: Define redis_packages
set_fact:
redis_packages: "{{ __redis_packages | list }}"
when: redis_packages is not defined

29
tasks/setup.yml
View File

@ -1,29 +0,0 @@
---
- block:
- name: Ensure dependencies are installed
package:
name: "{{ item }}"
state: present
loop: "{{ redis_packages_extra }}"
- name: Ensure Redis is installed
package:
name: "{{ item }}"
state: present
loop: "{{ redis_packages }}"
- name: Ensure Redis is configured
template:
src: etc/redis.conf.j2
dest: "{{ redis_conf_path }}"
mode: 0644
notify: __redis_restart
- name: Ensure Redis is up and running
service:
name: "{{ redis_daemon }}"
daemon_reload: yes
enabled: yes
state: started
become: True
become_user: root

37
templates/etc/containers/systemd/redis.container.j2 Normal file
View File

@ -0,0 +1,37 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
[Install]
WantedBy=default.target
[Service]
Restart=on-failure
RestartSec=5s
EnvironmentFile=/etc/containers/systemd/redis.sys.env
[Container]
Image={{ redis_image }}
Exec=redis-server $REDIS_ARGS
EnvironmentFile=/etc/containers/systemd/redis.env
User=999
Group=999
{% for item in redis_volumes %}
Volume={{ item.name }}:{{ item.dest }}{{ ":" + item.opts if item.opts is defined else "" }}
{% endfor %}
{% if (redis_cap_add + redis_cap_drop) | length > 0 %}
{% if redis_cap_add | length > 0 %}
AddCapability={{ redis_cap_add | join(" ") }}
{% endif %}
{% if redis_cap_drop | length > 0 %}
DropCapability={{ redis_cap_drop | join(" ") }}
{% endif %}
{% endif %}
Network={{ redis_network }}
{% for item in redis_exposed_ports %}
PublishPort={{ item }}
{% endfor %}
{% for item in redis_podman_args %}
PodmanArgs={{ item }}
{% endfor %}

2
templates/etc/containers/systemd/redis.env.j2 Normal file
View File

@ -0,0 +1,2 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}

19
templates/etc/containers/systemd/redis.network.j2 Normal file
View File

@ -0,0 +1,19 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
[Network]
{% if redis_network_ipv4_subnet is defined %}
Subnet={{ redis_network_ipv4_subnet }}
{% endif %}
{% if redis_network_ipv4_gateway is defined %}
Gateway={{ redis_network_ipv4_gateway }}
{% endif %}
IPv6={{ redis_network_ipv6_enabled | bool | lower }}
{% if redis_network_ipv6_enabled | bool %}
{% if redis_network_ipv6_subnet is defined %}
Subnet={{ redis_network_ipv6_subnet }}
{% endif %}
{% if redis_network_ipv6_gateway is defined %}
Gateway={{ redis_network_ipv6_gateway }}
{% endif %}
{% endif %}
Label=app=redis

17
templates/etc/containers/systemd/redis.sys.env.j2 Normal file
View File

@ -0,0 +1,17 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
REDIS_ARGS=--timeout {{ redis_timeout }} --loglevel {{ redis_log_level }} --databases {{ redis_databases }} \
{% for save in redis_save %}
--save '{{ save }}'\
{% endfor %}
--rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }} \
--appendonly {{ redis_appendonly | bool | ternary("yes", "no") }} \
--appendfsync {{ redis_appendfsync }} \
--no-appendfsync-on-rewrite no \
{% if redis_requirepass is defined %}
--requirepass {{ redis_requirepass }} \
{% endif %}
{% for command in redis_disabled_commands %}
--rename-command '{{ command }} ""' \
{% endfor %}
--port 6379

61
templates/etc/redis.conf.j2
View File

@ -1,61 +0,0 @@
#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
daemonize {{ redis_daemonize | bool | ternary("yes", "no") }}
supervised {{ redis_supervised }}
pidfile {{ redis_pidfile }}
port {{ redis_port }}
bind {{ redis_bind_interface }}
{% if redis_unixsocket is defined and redis_unixsocket %}
unixsocket {{ redis_unixsocket }}
{% endif %}
timeout {{ redis_timeout }}
loglevel {{ redis_loglevel }}
logfile {{ redis_logfile }}
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# syslog-ident redis
# syslog-facility local0
databases {{ redis_databases }}
{% for save in redis_save %}
save {{ save }}
{% endfor %}
rdbcompression {{ redis_rdbcompression | bool | ternary("yes", "no") }}
dbfilename {{ redis_dbfilename }}
dir {{ redis_dbdir }}
# maxclients 128
{% if redis_maxmemory %}
maxmemory {{ redis_maxmemory }}
maxmemory-policy {{ redis_maxmemory_policy }}
maxmemory-samples {{ redis_maxmemory_samples }}
{% endif %}
appendonly {{ redis_appendonly | bool | ternary("yes", "no") }}
appendfsync {{ redis_appendfsync }}
no-appendfsync-on-rewrite no
{% if redis_includes %}
{% for include in redis_includes %}
include {{ include }}
{% endfor %}
{% endif %}
{% if redis_requirepass is defined and redis_requirepass %}
requirepass {{ redis_requirepass }}
{% endif %}
{% if redis_disabled_commands %}
{% for command in redis_disabled_commands %}
rename-command {{ command }} ""
{% endfor %}
{% endif %}

3
vars/redhat-7.yml
View File

@ -1,3 +0,0 @@
---
__redis_packages:
- redis6

3
vars/redhat-8.yml
View File

@ -1,3 +0,0 @@
---
__redis_packages:
- "@redis:6"