diff --git a/.ansible-lint b/.ansible-lint index 85a3f6f54..4d399f095 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,4 +6,3 @@ skip_list: - name[template] # Allow Jinja templating inside task and play names exclude_paths: - molecule/ - - roles/helper_module/ diff --git a/.github/workflows/enteprise.yml b/.github/workflows/enteprise.yml index 6e65ad289..729958a13 100644 --- a/.github/workflows/enteprise.yml +++ b/.github/workflows/enteprise.yml @@ -115,6 +115,7 @@ jobs: - name: pki - name: elasticsearch - name: identity + - name: prerun_network_checks runner: - ubuntu-latest include: diff --git a/molecule/multimachine/converge.yml b/molecule/multimachine/converge.yml new file mode 100644 index 000000000..9cac0d72a --- /dev/null +++ b/molecule/multimachine/converge.yml @@ -0,0 +1,4 @@ +- name: Import the prerun-network-checks playbook + ansible.builtin.import_playbook: ../../playbooks/prerun-network-checks.yml +- name: Import the acs playbook + ansible.builtin.import_playbook: ../../playbooks/acs.yml diff --git a/molecule/multimachine/molecule.yml b/molecule/multimachine/molecule.yml index 4f928b384..3d27925ef 100644 --- a/molecule/multimachine/molecule.yml +++ b/molecule/multimachine/molecule.yml @@ -146,6 +146,5 @@ provisioner: hosts: ./hosts.yml playbooks: create: ../default/create.yml - converge: ../../playbooks/acs.yml destroy: ../default/destroy.yml verify: ../default/verify.yml diff --git a/molecule/prerun_network_checks/converge.yml b/molecule/prerun_network_checks/converge.yml new file mode 100644 index 000000000..4c987f298 --- /dev/null +++ b/molecule/prerun_network_checks/converge.yml @@ -0,0 +1,3 @@ +--- +- name: Run the playbook + ansible.builtin.import_playbook: ../../playbooks/prerun-network-checks.yml diff --git a/molecule/prerun_network_checks/host_vars/instance.yml b/molecule/prerun_network_checks/host_vars/instance.yml new file mode 100644 index 000000000..146ddd8e0 --- /dev/null +++ b/molecule/prerun_network_checks/host_vars/instance.yml @@ -0,0 +1 @@ +ansible_user: ansible diff --git a/molecule/prerun_network_checks/molecule.yml b/molecule/prerun_network_checks/molecule.yml new file mode 100644 index 000000000..a17ebf701 --- /dev/null +++ b/molecule/prerun_network_checks/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: $MOLECULE_ROLE_IMAGE + dockerfile: ../../tests/molecule/Dockerfile-noprivs.j2 + command: "/lib/systemd/systemd" + privileged: true + tmpfs: + - /run + - /run/lock + - /tmp + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - database + - activemq + - transformers + - search + - repository + - trusted_resource_consumers + - syncservice + - acc + - adw + - nginx + +provisioner: + name: ansible + config_options: + defaults: + pipelining: true + ansible_args: + - -e + - "@../../tests/test-ssl.yml" + inventory: + links: + group_vars: ../../group_vars + host_vars: host_vars +verifier: + name: ansible diff --git a/molecule/prerun_network_checks/prepare.yml b/molecule/prerun_network_checks/prepare.yml new file mode 100644 index 000000000..f19e1f23f --- /dev/null +++ b/molecule/prerun_network_checks/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare remote hosts + hosts: all + gather_facts: false + tasks: + - name: Make sure python3 is installed + package: + name: python3 + state: present + become: true diff --git a/roles/helper_modules/library/listen_port.py b/playbooks/library/listen_port.py similarity index 100% rename from roles/helper_modules/library/listen_port.py rename to playbooks/library/listen_port.py diff --git a/playbooks/prerun-network-checks.yml b/playbooks/prerun-network-checks.yml index 45ea85523..068f7351c 100644 --- a/playbooks/prerun-network-checks.yml +++ b/playbooks/prerun-network-checks.yml @@ -1,90 +1,105 @@ --- +# This playbook is used to run preliminary network checks for the hosts in the ACS deployment. +- name: Gather facts on all the hosts + hosts: all:!external + gather_facts: false + tasks: + - name: Gather facts + ansible.builtin.setup: + gather_subset: all_ipv4_addresses - name: Run preliminary network checks for repository hosts hosts: repository become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check db connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.database | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.database[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ db_host }}" checked_port: "{{ ports_cfg.postgres.sql }}" delegate_target: "{{ groups.database | first }}" - when: repo_db_url == "" + when: repo_db_url == "" and groups.database | default([]) | length > 0 - name: Check activemq connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ activemq_host }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 - name: Check search connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.search | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.search[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ solr_host }}" checked_port: "{{ ports_cfg.search.http }}" delegate_target: "{{ groups.search | first }}" when: groups.search | default([]) | length > 0 - name: Check sync connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.syncservice | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.syncservice[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ sync_host }}" checked_port: "{{ ports_cfg.sync.http }}" delegate_target: "{{ groups.syncservice | first }}" when: - groups.syncservice | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check sfs connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ sfs_host }}" checked_port: "{{ ports_cfg.sfs.http }}" delegate_target: "{{ groups.transformers | first }}" - when: acs.edition == "Enterprise" + when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0 - name: Check trouter connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ trouter_host }}" checked_port: "{{ ports_cfg.transformers.trouter }}" delegate_target: "{{ groups.transformers | first }}" - when: acs.edition == "Enterprise" + when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0 - name: Check tengine connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.transformers | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.transformers[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ ats_tengine_aio_host }}" checked_port: "{{ ports_cfg.transformers.tengine }}" delegate_target: "{{ groups.transformers | first }}" + when: groups.transformers | default([]) | length > 0 - name: Run preliminary network checks for search hosts hosts: search become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ repo_host }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for transformers hosts hosts: transformers become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check activemq connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ activemq_host }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 @@ -92,28 +107,31 @@ - name: Run preliminary network checks for syncservice hosts hosts: syncservice become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check db connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.database | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.database[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ db_host }}" checked_port: "{{ ports_cfg.postgres.sql }}" delegate_target: "{{ groups.database | first }}" - when: repo_db_url == "" + when: repo_db_url == "" and groups.database | default([]) | length > 0 - name: Check repo connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ repo_host }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Check activemq connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.activemq | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.activemq[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ activemq_host }}" checked_port: "{{ ports_cfg.activemq[activemq_protocol] }}" delegate_target: "{{ groups.activemq | first }}" when: groups.activemq | default([]) | length > 0 @@ -121,68 +139,74 @@ - name: Run preliminary network checks for acc hosts hosts: acc become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ repo_host }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for adw hosts hosts: adw become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ repo_host }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Run preliminary network checks for nginx hosts hosts: nginx become: true - roles: - - role: '../roles/helper_modules' + gather_facts: false tasks: + - name: Include common defaults + ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Check repo connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.repository | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.repository[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ repo_host }}" checked_port: "{{ ports_cfg.repository.http }}" delegate_target: "{{ groups.repository | first }}" + when: groups.repository | default([]) | length > 0 - name: Check sync connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.syncservice | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.syncservice[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ sync_host }}" checked_port: "{{ ports_cfg.sync.http }}" delegate_target: "{{ groups.syncservice | first }}" when: - groups.syncservice | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check acc connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.acc | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.acc[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ acc_host }}" checked_port: "{{ ports_cfg.acc.http }}" delegate_target: "{{ groups.acc | first }}" when: - groups.acc | default([]) | length > 0 - - acs.edition == "Enterprise" - name: Check adw connection - ansible.builtin.include_tasks: "../roles/helper_modules/tasks/check_port.yml" + ansible.builtin.include_tasks: "tasks/check_port.yml" vars: - checked_host: "{% if groups.adw | length == 0 %}127.0.0.1{% else %}{{ hostvars[groups.adw[0]].ansible_host | default('127.0.0.1') }}{% endif %}" + checked_host: "{{ adw_host }}" checked_port: "{{ ports_cfg.adw.http }}" delegate_target: "{{ groups.adw | first }}" when: - groups.adw | default([]) | length > 0 - - acs.edition == "Enterprise" diff --git a/roles/helper_modules/tasks/check_port.yml b/playbooks/tasks/check_port.yml similarity index 81% rename from roles/helper_modules/tasks/check_port.yml rename to playbooks/tasks/check_port.yml index 7d3509a4d..a5ae24430 100644 --- a/roles/helper_modules/tasks/check_port.yml +++ b/playbooks/tasks/check_port.yml @@ -1,8 +1,7 @@ - - name: Include common defaults - ansible.builtin.include_vars: ../../common/defaults/main.yml - - - name: Check connectivity - block: +- name: Check connectivity + tags: + - molecule-idempotence-notest + block: # This task needs to be retried in case a previous iteration still listens (default retry of 3 is fine as it aligns with async 10 of listen tasks) - name: Check if {{ checked_port }} already open on {{ delegate_target }} register: r_connect @@ -21,7 +20,7 @@ delegate_to: "{{ delegate_target }}" async: 10 poll: 0 - - name: Verify if {{ inventory_hostname }} can reach {{ delegate_target }}:{{ checked_port }} + - name: Verify if {{ delegate_target }} is reachable to {{ checked_host }}:{{ checked_port }} ansible.builtin.wait_for: host: "{{ checked_host }}" port: "{{ checked_port }}"