Add new role, 'debops.ansible'

parent 98696412
......@@ -84,6 +84,17 @@ stages:
# === Ansible roles === [[[1
# --- ansible --- [[[2
'ansible role':
<<: *test_role_1st_deps
variables:
JANE_TEST_PLAY: '${DEBOPS_PLAYBOOKS}/service/ansible.yml'
JANE_INVENTORY_GROUPS: 'debops_service_ansible'
JANE_DIFF_PATTERN: '.*/debops.ansible/.*'
JANE_LOG_PATTERN: '\[debops\.ansible\]'
# --- apache --- [[[2
'apache role':
......
......@@ -23,6 +23,9 @@ Added
- New DebOps roles:
- :ref:`debops.ansible`: install Ansible on a Debian/Ubuntu host using
Ansible.
- :ref:`debops.apt_mark`: set install state of APT packages (manual/auto) or
specify that particular packages should be held in their current state.
The role is included in the ``common.yml`` playbook.
......
......@@ -30,6 +30,8 @@
- include: gitlab.yml
- include: ansible.yml
- include: debops.yml
- include: debops_api.yml
......
../service/ansible.yml
\ No newline at end of file
---
- name: Install and configure Ansible
hosts: [ 'debops_service_ansible' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: debops.apt_preferences
tags: [ 'role::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ ansible__apt_preferences__dependent_list }}'
- role: debops.ansible
tags: [ 'role::ansible' ]
debops.ansible - Install Ansible on a Debian/Ubuntu host using Ansible
Copyright (C) 2018 Maciej Delmanowski <drybjed@gmail.com>
Copyright (C) 2018 DebOps https://debops.org/
This Ansible role is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# debops.ansible default variables
# ================================
# .. contents:: Sections
# :local:
# Installation, APT packages [[[
# ------------------------------
# .. envvar:: ansible__deploy_type [[[
#
# Select how Ansible should be installed by the role:
#
# - ``system``: install Ansible using current OS packages, possibly from the
# backports repository.
#
# - ``upstream``: install Ansible from the upstream APT repository on
# Launchpad (PPA, usable on Debian as well).
#
# - ``bootstrap``: install APT packages required for Ansible and build a local
# ``.deb`` package using the upstream GitHub repository.
#
ansible__deploy_type: '{{ "upstream"
if (ansible_distribution_release in
[ "wheezy", "jessie", "precise", "trusty", "xenial" ])
else "system" }}'
# ]]]
# .. envvar:: ansible__upstream_apt_key [[[
#
# The OpenPGP key of the Ansible upstream APT repository.
ansible__upstream_apt_key: '6125 E2A8 C77F 2818 FB7B D15B 93C4 A3FD 7BB9 C367'
# ]]]
# .. envvar:: ansible__upstream_apt_repository [[[
#
# The APT repository URI of the upstream Ansible repository.
ansible__upstream_apt_repository: 'deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main'
# ]]]
# .. envvar:: ansible__base_packages [[[
#
# List of APT packages to install for Ansible support.
ansible__base_packages:
- '{{ "ansible"
if (ansible__deploy_type in [ "system", "upstream" ])
else [] }}'
# ]]]
# .. envvar:: ansible__packages [[[
#
# List of additional APT packages to install with Ansible.
ansible__packages: []
# ]]]
# .. envvar:: ansible__bootstrap_version [[[
#
# Specify the :command:`git` repository branch, tag or commit id which should
# be used by the :command:`bootstrap-ansible` script to build the Ansible
# ``.deb`` package.
ansible__bootstrap_version: 'devel'
# ]]]
# ]]]
# Configuration for other Ansible roles [[[
# -----------------------------------------
# .. envvar:: ansible__apt_preferences__dependent_list [[[
#
# Configuration for the :ref:`debops.apt_preferences` Ansible role.
ansible__apt_preferences__dependent_list:
- package: 'ansible'
backports: [ "wheezy", "jessie", "stretch" ]
reason: 'Compatibility with upstream release'
by_role: 'debops_ansible'
state: '{{ "absent"
if (ansible__deploy_type == "upstream")
else "present" }}'
- package: 'ansible'
pin: 'release o=LP-PPA-ansible-ansible'
priority: '600'
by_role: 'debops_ansible'
filename: 'debops_ansible_upstream.pref'
reason: 'Recent version from upstream PPA'
state: '{{ "present"
if (ansible__deploy_type == "upstream")
else "absent" }}'
# ]]]
# ]]]
#!/bin/bash
# bootstrap-ansible: download and build Ansible on a Debian/Ubuntu host
# Copyright (C) 2014-2018 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2014-2018 DebOps https://debops.org/
# This program is free software; you can redistribute
# it and/or modify it under the terms of the
# GNU General Public License as published by the Free
# Software Foundation; either version 3 of the License,
# or (at your option) any later version.
#
# This program is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public
# License for more details.
#
# You should have received a copy of the GNU General
# Public License along with this program; if not,
# write to the Free Software Foundation, Inc., 59
# Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# An on-line copy of the GNU General Public License can
# be downloaded from the FSF web page at:
# https://www.gnu.org/copyleft/gpl.html
# Usage: ./bootstrap-ansible [branch] [build_directory]
set -o nounset -o pipefail -o errexit
readonly DEBIAN_VERSION="$(sed 's/\..*//' /etc/debian_version)"
ansible_branch="${1:-devel}"
build_dir="${2:-}"
if [ -z "${build_dir}" ] ; then
build_dir="$(mktemp -d)"
# shellcheck disable=SC2064
trap "rm -rf ${build_dir}" EXIT
fi
install_ansible_requirements () {
local -a apt_packages
apt_packages=( git devscripts cdbs debhelper dpkg-dev fakeroot sshpass \
asciidoc xmlto build-essential lsb-release )
apt_packages+=(
python-crypto \
python-cryptography \
python-httplib2 \
python-jinja2 \
python-nose \
python-paramiko \
python-passlib \
python-setuptools \
python-sphinx \
python-yaml
)
if [ "${DEBIAN_VERSION}" -gt 8 ] ; then
apt_packages+=( python-packaging )
fi
sudo apt-get --no-install-recommends -y install "${apt_packages[@]}"
}
build_ansible_deb () {
# Build Debian package
if [ -n "$(grep 'local_deb' Makefile || true)" ] ; then
LANG=C make local_deb
else
LANG=C make deb
fi
# Check if .deb package with new method is present
if [ -n "$(find deb-build/unstable/ -name "ansible_*_all.deb" 2>/dev/null)" ]; then
sudo dpkg -i deb-build/unstable/ansible_*_all.deb
# Otherwise, look for package generated with old method
elif [ -n "$(find .. -name "ansible_*_all.deb" 2>/dev/null)" ]; then
sudo dpkg -i ../ansible_*_all.deb
fi
}
bootstrap_ansible_deb () {
local ansible_branch
local build_dir
local ansible_git_repo
local ansible_source_dir
ansible_branch="${1:-devel}"
build_dir="${2:-$(mktemp -d)}"
ansible_git_repo="${3:-https://github.com/ansible/ansible}"
ansible_source_dir="ansible"
if [ ! -d "${build_dir}" ] ; then
mkdir -p "${build_dir}"
fi
cd "${build_dir}" || exit 1
if [ -d "${ansible_source_dir}" ] ; then
cd "${ansible_source_dir}" || exit 1
local old_git_checkout
local current_branch_name
local current_branch_name
local current_branch_name
old_git_checkout="$(git rev-parse HEAD)"
current_branch_name="$(git symbolic-ref HEAD 2>/dev/null)" ||
current_branch_name="(unnamed branch)" # detached HEAD
current_branch_name=${current_branch_name##refs/heads/}
if [ "${current_branch_name}" != "${ansible_branch}" ] ; then
git checkout "${ansible_branch}"
fi
git pull --quiet
git submodule update
local current_git_checkout
current_git_checkout="$(git rev-parse HEAD)"
if [ "${old_git_checkout}" != "${current_git_checkout}" ] ; then
build_ansible_deb
fi
else
install_ansible_requirements
git clone --branch "${ansible_branch}" --recursive "${ansible_git_repo}" "${ansible_source_dir}"
cd "${ansible_source_dir}" || exit 1
build_ansible_deb
fi
}
bootstrap_ansible_deb "${ansible_branch}" "${build_dir}"
---
dependencies: []
galaxy_info:
company: 'DebOps'
author: 'Maciej Delmanowski'
description: 'Install Ansible on Debian/Ubuntu host using Ansible'
license: 'GPL-3.0'
min_ansible_version: '2.4.0'
platforms:
- name: Debian
versions:
- wheezy
- jessie
- stretch
- buster
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- bionic
galaxy_tags:
- ansible
---
- name: Add Ansible upstream APT key
apt_key:
id: '{{ ansible__upstream_apt_key | replace(" ","") }}'
state: 'present'
keyserver: '{{ ansible_local.core.keyserver
if (ansible_local|d() and ansible_local.core|d() and
ansible_local.core.keyserver)
else "hkp://pool.sks-keyservers.net" }}'
when: ansible__deploy_type == 'upstream'
- name: Add Ansible upstream APT repository
apt_repository:
repo: '{{ ansible__upstream_apt_repository }}'
state: 'present'
update_cache: True
when: ansible__deploy_type == 'upstream'
- name: Install required packages
package:
name: '{{ item }}'
state: 'present'
with_flattened:
- '{{ ansible__base_packages }}'
- '{{ ansible__packages }}'
- name: Bootstrap Ansible from source
script: 'script/bootstrap-ansible "{{ ansible__bootstrap_version }}"'
when: (ansible__deploy_type == 'bootstrap' and
(ansible_local is undefined or
(ansible_local.ansible is undefined or
not (ansible_local.ansible.installed|d())|bool or
(ansible_local.ansible.deploy_type|d(ansible__deploy_type) != 'bootstrap'))))
- name: Make sure that Ansible local fact directory exists
file:
path: '/etc/ansible/facts.d'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
- name: Save Ansible local facts
template:
src: 'etc/ansible/facts.d/ansible.fact.j2'
dest: '/etc/ansible/facts.d/ansible.fact'
owner: 'root'
group: 'root'
mode: '0755'
register: ansible__register_facts
- name: Re-read local facts if they have been modified
action: setup
when: ansible__register_facts is changed
#!/usr/bin/env python
# {{ ansible_managed }}
from __future__ import print_function
from json import loads, dumps
from sys import exit
import os
def cmd_exists(cmd):
return any(
os.access(os.path.join(path, cmd), os.X_OK)
for path in os.environ["PATH"].split(os.pathsep)
)
output = loads('''{{ {"installed": False,
"deploy_type": ansible__deploy_type}
| to_nice_json }}''')
output['installed'] = cmd_exists('ansible-playbook')
print(dumps(output, sort_keys=True, indent=4))
......@@ -66,6 +66,7 @@ Application services
These roles manage applications that provide services to other applications and
are not accessed directly by end users.
- :ref:`debops.ansible`
- :ref:`debops.apt_cacher_ng`
- :ref:`debops.debops` - install DebOps on other hosts
- :ref:`debops.debops_api`
......
Getting started
===============
.. contents::
:local:
Example inventory
-----------------
To install Ansible on a host, it needs to be added to a specific Ansible
inventory group:
.. code-block:: none
[debops_service_ansible]
hostname
Example playbook
----------------
If you are using this role without DebOps, here's an example Ansible playbook
that uses the ``debops.ansible`` role:
.. literalinclude:: ../../../../ansible/playbooks/service/ansible.yml
:language: yaml
Ansible tags
------------
You can use Ansible ``--tags`` or ``--skip-tags`` parameters to limit what
tasks are performed during Ansible run. This can be used after a host was first
configured to speed up playbook execution, when you are sure that most of the
configuration is already in the desired state.
Available role tags:
``role::ansible``
Main role tag, should be used in the playbook to execute all of the role
tasks as well as role dependencies.
.. _debops.ansible:
debops.ansible
==============
The ``debops.ansible`` role can be used to install Ansible on a Debian or
Ubuntu host. Ansible will be installed either from the OS repositories, from
Ansible upstream APT repository, or using a locally built ``.deb`` package.
.. toctree::
:maxdepth: 2
getting-started
defaults
Copyright
---------
.. literalinclude:: ../../../../ansible/roles/debops.ansible/COPYRIGHT
..
Local Variables:
mode: rst
ispell-local-dictionary: "american"
End:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment