From 76b43fa22fe74e12152003ea1eda9a1dd62ed5cc Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Fri, 22 Nov 2024 15:47:48 +0100 Subject: [PATCH 01/16] stub the new structure --- .envrc | 1 + collections/alfresco/common/README.md | 3 + collections/alfresco/common/galaxy.yml | 68 ++++++++++ collections/alfresco/common/meta/runtime.yml | 52 ++++++++ collections/alfresco/common/plugins/README.md | 31 +++++ .../common/roles/systemd_service/README.md | 118 ++++++++++++++++++ .../roles/systemd_service/defaults/main.yml | 15 +++ .../roles/systemd_service/handlers/main.yml | 11 ++ .../systemd_service/meta/argument_specs.yml | 54 ++++++++ .../roles/systemd_service/meta/main.yml | 15 +++ .../molecule/default/converge.yml | 15 +++ .../molecule/default/molecule.yml | 15 +++ .../molecule/default/verify.yml | 26 ++++ .../roles/systemd_service/tasks/main.yml | 16 +++ .../templates/systemd-service.j2 | 31 +++++ .../roles/systemd_service/vars/main.yml | 2 + collections/alfresco/platform/README.md | 3 + collections/alfresco/platform/galaxy.yml | 68 ++++++++++ .../alfresco/platform/meta/runtime.yml | 52 ++++++++ .../alfresco/platform/plugins/README.md | 31 +++++ .../platform/roles/audit_storage/README.md | 38 ++++++ .../roles/audit_storage/defaults/main.yml | 7 ++ .../roles/audit_storage/handlers/main.yml | 2 + .../roles/audit_storage/meta/main.yml | 51 ++++++++ .../molecule/default/converge.yml | 7 ++ .../molecule/default/host_vars/instance.yml | 0 .../molecule/default/molecule.yml | 30 +++++ .../audit_storage/molecule/default/verify.yml | 52 ++++++++ .../roles/audit_storage/tasks/main.yml | 10 ++ .../roles/audit_storage/tests/inventory | 1 + .../roles/audit_storage/tests/test.yml | 5 + .../roles/audit_storage/vars/main.yml | 2 + .../platform/roles}/common/defaults/main.yml | 0 .../platform/roles}/common/handlers/main.yml | 0 .../platform/roles}/common/meta/main.yml | 0 .../common/molecule/default/converge.yml | 0 .../default/host_vars/common-instance.yml | 1 + .../common/molecule/default/molecule.yml | 0 .../molecule/default/tests/test_common.py | 0 .../roles}/common/tasks/check_upgrades.yml | 0 .../platform/roles}/common/tasks/main.yml | 0 .../platform/roles}/common/vars/Debian.yml | 0 .../platform/roles}/common/vars/RedHat.yml | 0 .../platform/roles}/common/vars/main.yml | 0 44 files changed, 833 insertions(+) create mode 100644 collections/alfresco/common/README.md create mode 100644 collections/alfresco/common/galaxy.yml create mode 100644 collections/alfresco/common/meta/runtime.yml create mode 100644 collections/alfresco/common/plugins/README.md create mode 100644 collections/alfresco/common/roles/systemd_service/README.md create mode 100644 collections/alfresco/common/roles/systemd_service/defaults/main.yml create mode 100644 collections/alfresco/common/roles/systemd_service/handlers/main.yml create mode 100644 collections/alfresco/common/roles/systemd_service/meta/argument_specs.yml create mode 100644 collections/alfresco/common/roles/systemd_service/meta/main.yml create mode 100644 collections/alfresco/common/roles/systemd_service/molecule/default/converge.yml create mode 100644 collections/alfresco/common/roles/systemd_service/molecule/default/molecule.yml create mode 100644 collections/alfresco/common/roles/systemd_service/molecule/default/verify.yml create mode 100644 collections/alfresco/common/roles/systemd_service/tasks/main.yml create mode 100644 collections/alfresco/common/roles/systemd_service/templates/systemd-service.j2 create mode 100644 collections/alfresco/common/roles/systemd_service/vars/main.yml create mode 100644 collections/alfresco/platform/README.md create mode 100644 collections/alfresco/platform/galaxy.yml create mode 100644 collections/alfresco/platform/meta/runtime.yml create mode 100644 collections/alfresco/platform/plugins/README.md create mode 100644 collections/alfresco/platform/roles/audit_storage/README.md create mode 100644 collections/alfresco/platform/roles/audit_storage/defaults/main.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/handlers/main.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/meta/main.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml rename roles/common/molecule/default/host_vars/common-instance.yml => collections/alfresco/platform/roles/audit_storage/molecule/default/host_vars/instance.yml (100%) create mode 100644 collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/tasks/main.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/tests/inventory create mode 100644 collections/alfresco/platform/roles/audit_storage/tests/test.yml create mode 100644 collections/alfresco/platform/roles/audit_storage/vars/main.yml rename {roles => collections/alfresco/platform/roles}/common/defaults/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/handlers/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/meta/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/molecule/default/converge.yml (100%) create mode 100644 collections/alfresco/platform/roles/common/molecule/default/host_vars/common-instance.yml rename {roles => collections/alfresco/platform/roles}/common/molecule/default/molecule.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/molecule/default/tests/test_common.py (100%) rename {roles => collections/alfresco/platform/roles}/common/tasks/check_upgrades.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/tasks/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/vars/Debian.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/vars/RedHat.yml (100%) rename {roles => collections/alfresco/platform/roles}/common/vars/main.yml (100%) diff --git a/.envrc b/.envrc index 86b658b02..a686b95c8 100644 --- a/.envrc +++ b/.envrc @@ -8,6 +8,7 @@ export DTAS_VERSION=v1.5.3 export MOLECULE_IT_ID=$(echo "$LOGNAME" | sha256sum | cut -c1-6) ANSIBLE_VAULT_PASSWORD_FILE=$(expand_path ./.vault_pass.txt) export ANSIBLE_VAULT_PASSWORD_FILE +export PIPENV_MAX_DEPTH=6 source_env_if_exists .env.credentials env_vars_required CLONE_GITHUB_TOKEN diff --git a/collections/alfresco/common/README.md b/collections/alfresco/common/README.md new file mode 100644 index 000000000..1f5e462f8 --- /dev/null +++ b/collections/alfresco/common/README.md @@ -0,0 +1,3 @@ +# Ansible Collection - alfresco.common + +This collection provides a set of reusable roles maintained by Alfresco for use in Ansible playbooks. diff --git a/collections/alfresco/common/galaxy.yml b/collections/alfresco/common/galaxy.yml new file mode 100644 index 000000000..561726fd4 --- /dev/null +++ b/collections/alfresco/common/galaxy.yml @@ -0,0 +1,68 @@ +### REQUIRED +# The namespace of the collection. This can be a company/brand/organization or product namespace under which all +# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with +# underscores or numbers and cannot contain consecutive underscores +namespace: alfresco + +# The name of the collection. Has the same character restrictions as 'namespace' +name: common + +# The version of the collection. Must be compatible with semantic versioning +version: 1.0.0 + +# The path to the Markdown (.md) readme file. This path is relative to the root of the collection +readme: README.md + +# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) +# @nicks:irc/im.site#channel' +authors: +- your name + + +### OPTIONAL but strongly recommended +# A short summary description of the collection +description: your collection description + +# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only +# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' +license: +- GPL-2.0-or-later + +# The path to the license file for the collection. This path is relative to the root of the collection. This key is +# mutually exclusive with 'license' +license_file: '' + +# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character +# requirements as 'namespace' and 'name' +tags: [] + +# Collections that this collection requires to be installed for it to be usable. The key of the dict is the +# collection label 'namespace.name'. The value is a version range +# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version +# range specifiers can be set and are separated by ',' +dependencies: {} + +# The URL of the originating SCM repository +repository: http://example.com/repository + +# The URL to any online docs +documentation: http://docs.example.com + +# The URL to the homepage of the collection/project +homepage: http://example.com + +# The URL to the collection issue tracker +issues: http://example.com/issue/tracker + +# A list of file glob-like patterns used to filter any files or directories that should not be included in the build +# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This +# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', +# and '.git' are always filtered. Mutually exclusive with 'manifest' +build_ignore: [] + +# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a +# list of MANIFEST.in style +# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key +# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive +# with 'build_ignore' +# manifest: null diff --git a/collections/alfresco/common/meta/runtime.yml b/collections/alfresco/common/meta/runtime.yml new file mode 100644 index 000000000..20f709edf --- /dev/null +++ b/collections/alfresco/common/meta/runtime.yml @@ -0,0 +1,52 @@ +--- +# Collections must specify a minimum required ansible version to upload +# to galaxy +# requires_ansible: '>=2.9.10' + +# Content that Ansible needs to load from another location or that has +# been deprecated/removed +# plugin_routing: +# action: +# redirected_plugin_name: +# redirect: ns.col.new_location +# deprecated_plugin_name: +# deprecation: +# removal_version: "4.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# removed_plugin_name: +# tombstone: +# removal_version: "2.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# become: +# cache: +# callback: +# cliconf: +# connection: +# doc_fragments: +# filter: +# httpapi: +# inventory: +# lookup: +# module_utils: +# modules: +# netconf: +# shell: +# strategy: +# terminal: +# test: +# vars: + +# Python import statements that Ansible needs to load from another location +# import_redirection: +# ansible_collections.ns.col.plugins.module_utils.old_location: +# redirect: ansible_collections.ns.col.plugins.module_utils.new_location + +# Groups of actions/modules that take a common set of options +# action_groups: +# group_name: +# - module1 +# - module2 diff --git a/collections/alfresco/common/plugins/README.md b/collections/alfresco/common/plugins/README.md new file mode 100644 index 000000000..587549227 --- /dev/null +++ b/collections/alfresco/common/plugins/README.md @@ -0,0 +1,31 @@ +# Collections Plugins Directory + +This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that +is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that +would contain module utils and modules respectively. + +Here is an example directory of the majority of plugins currently supported by Ansible: + +```sh +└── plugins + ├── action + ├── become + ├── cache + ├── callback + ├── cliconf + ├── connection + ├── filter + ├── httpapi + ├── inventory + ├── lookup + ├── module_utils + ├── modules + ├── netconf + ├── shell + ├── strategy + ├── terminal + ├── test + └── vars +``` + +A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.15/plugins/plugins.html). diff --git a/collections/alfresco/common/roles/systemd_service/README.md b/collections/alfresco/common/roles/systemd_service/README.md new file mode 100644 index 000000000..02cf5f87a --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/README.md @@ -0,0 +1,118 @@ +# systemd_service + +Install and configure systemd services + +## Table of content + +* [systemd\_service](#systemd_service) + * [Table of content](#table-of-content) + * [Requirements](#requirements) + * [Default Variables](#default-variables) + * [systemd\_service\_additional\_options](#systemd_service_additional_options) + * [systemd\_service\_enabled](#systemd_service_enabled) + * [systemd\_service\_environment](#systemd_service_environment) + * [systemd\_service\_exec\_start](#systemd_service_exec_start) + * [systemd\_service\_exec\_stop](#systemd_service_exec_stop) + * [systemd\_service\_state](#systemd_service_state) + * [systemd\_service\_type](#systemd_service_type) + * [systemd\_service\_unit\_after](#systemd_service_unit_after) + * [systemd\_service\_unit\_description](#systemd_service_unit_description) + * [systemd\_service\_unit\_name](#systemd_service_unit_name) + * [systemd\_service\_user](#systemd_service_user) + * [systemd\_service\_working\_directory](#systemd_service_working_directory) + * [Dependencies](#dependencies) + * [License](#license) + * [Author](#author) + +--- + +## Requirements + +* Minimum Ansible version: `2.1` + +## Default Variables + +### systemd_service_additional_options + +```YAML +systemd_service_additional_options: {} +``` + +### systemd_service_enabled + +```YAML +systemd_service_enabled: true +``` + +### systemd_service_environment + +```YAML +systemd_service_environment: {} +``` + +### systemd_service_exec_start + +```YAML +systemd_service_exec_start: '' +``` + +### systemd_service_exec_stop + +```YAML +systemd_service_exec_stop: kill -15 $MAINPID +``` + +### systemd_service_state + +```YAML +systemd_service_state: started +``` + +### systemd_service_type + +```YAML +systemd_service_type: simple +``` + +### systemd_service_unit_after + +```YAML +systemd_service_unit_after: syslog.target network.target local-fs.target remote-fs.target + nss-lookup.target +``` + +### systemd_service_unit_description + +```YAML +systemd_service_unit_description: '' +``` + +### systemd_service_unit_name + +```YAML +systemd_service_unit_name: '' +``` + +### systemd_service_user + +```YAML +systemd_service_user: '' +``` + +### systemd_service_working_directory + +```YAML +systemd_service_working_directory: /tmp +``` + +## Dependencies + +None. + +## License + +Apache-2.0 + +## Author + +Alfresco Ops Readiness diff --git a/collections/alfresco/common/roles/systemd_service/defaults/main.yml b/collections/alfresco/common/roles/systemd_service/defaults/main.yml new file mode 100644 index 000000000..8ac453bf8 --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for systemd-service +systemd_service_unit_name: '' +systemd_service_unit_description: '' +systemd_service_unit_after: syslog.target network.target local-fs.target remote-fs.target nss-lookup.target + +systemd_service_type: simple +systemd_service_user: '' +systemd_service_environment: {} +systemd_service_exec_start: '' +systemd_service_exec_stop: kill -15 $MAINPID +systemd_service_working_directory: /tmp +systemd_service_additional_options: {} +systemd_service_state: started +systemd_service_enabled: true diff --git a/collections/alfresco/common/roles/systemd_service/handlers/main.yml b/collections/alfresco/common/roles/systemd_service/handlers/main.yml new file mode 100644 index 000000000..5cb38574b --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for systemd-service +- name: Reload systemd + ansible.builtin.systemd: + daemon_reload: true + +- name: Restart {{ systemd_service_unit_name }} + ansible.builtin.systemd: + name: "{{ systemd_service_unit_name }}" + state: restarted + when: systemd_service_state == 'started' diff --git a/collections/alfresco/common/roles/systemd_service/meta/argument_specs.yml b/collections/alfresco/common/roles/systemd_service/meta/argument_specs.yml new file mode 100644 index 000000000..473e6f568 --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/meta/argument_specs.yml @@ -0,0 +1,54 @@ +--- +argument_specs: + main: + short_description: Install a systemd service unit + description: | + This role installs a systemd service unit and starts it. + options: + systemd_service_unit_name: + type: str + description: Name of the systemd service unit + required: true + systemd_service_unit_description: + type: str + description: Description of the systemd service unit + required: true + systemd_service_unit_after: + type: str + description: List of systemd targets to start after (space separated) + systemd_service_type: + type: str + description: Type of the systemd service unit + default: simple + systemd_service_user: + type: str + description: User to run the systemd service as + required: true + systemd_service_environment: + type: dict + description: Environment variables to set for the systemd service unit + default: {} + systemd_service_exec_start: + type: str + description: Command to start the systemd service unit + required: true + systemd_service_exec_stop: + type: str + description: Command to stop the systemd service unit + default: kill -15 $MAINPID + systemd_service_working_directory: + type: str + description: Working directory for the systemd service unit + default: /tmp + systemd_service_additional_options: + type: dict + description: Additional options to set for the systemd service unit + default: {} + systemd_service_state: + type: str + description: Default state of the systemd service unit + default: started + systemd_service_enabled: + type: bool + description: Whether the systemd service unit should be enabled (started on boot) + default: true diff --git a/collections/alfresco/common/roles/systemd_service/meta/main.yml b/collections/alfresco/common/roles/systemd_service/meta/main.yml new file mode 100644 index 000000000..6469276df --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/meta/main.yml @@ -0,0 +1,15 @@ +galaxy_info: + author: Alfresco Ops Readiness + description: Install and configure systemd services + company: Hyland + + license: Apache-2.0 + + min_ansible_version: '2.1' + + galaxy_tags: + - systemd + - service + - configuration + +dependencies: [] diff --git a/collections/alfresco/common/roles/systemd_service/molecule/default/converge.yml b/collections/alfresco/common/roles/systemd_service/molecule/default/converge.yml new file mode 100644 index 000000000..ccc6447a6 --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/molecule/default/converge.yml @@ -0,0 +1,15 @@ +--- +- name: Converge + hosts: all + gather_facts: false + tasks: + - name: Include role + ansible.builtin.include_role: + name: systemd_service + vars: + systemd_service_unit_name: my-test-service + systemd_service_unit_description: My very cool service + systemd_service_exec_start: /bin/sleep infinity + systemd_service_environment: + MY_ENV_VAR: my_value + ANOTHER_ENV_VAR: another_value diff --git a/collections/alfresco/common/roles/systemd_service/molecule/default/molecule.yml b/collections/alfresco/common/roles/systemd_service/molecule/default/molecule.yml new file mode 100644 index 000000000..99d43051d --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/molecule/default/molecule.yml @@ -0,0 +1,15 @@ +--- +driver: + name: docker +platforms: + - name: instance + dockerfile: ../../../../../tests/Dockerfile-noprivs.j2 + image: rockylinux:9 + command: "/lib/systemd/systemd" + privileged: true + tmpfs: + - /run + - /run/lock + - /tmp + volume: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" diff --git a/collections/alfresco/common/roles/systemd_service/molecule/default/verify.yml b/collections/alfresco/common/roles/systemd_service/molecule/default/verify.yml new file mode 100644 index 000000000..01dca08fc --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/molecule/default/verify.yml @@ -0,0 +1,26 @@ +--- +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Check service is running + ansible.builtin.systemd: + name: my-test-service + state: started + + - name: Check service is enabled + ansible.builtin.systemd: + name: my-test-service + enabled: true + + - name: Check logs for warnings and errors + ansible.builtin.command: journalctl -u my-test-service -p 5 + register: journalctl_output + changed_when: false + + - name: Assert logs are clean + ansible.builtin.assert: + that: + - journalctl_output.stdout_lines[0] == '-- No entries --' + fail_msg: "Service logs contain warnings or errors: {{ journalctl_output.stdout }}" + quiet: true diff --git a/collections/alfresco/common/roles/systemd_service/tasks/main.yml b/collections/alfresco/common/roles/systemd_service/tasks/main.yml new file mode 100644 index 000000000..b2f3811ad --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/tasks/main.yml @@ -0,0 +1,16 @@ +--- +# tasks file for systemd-service +- name: Create systemd service + ansible.builtin.template: + src: systemd-service.j2 + dest: /etc/systemd/system/{{ systemd_service_unit_name }}.service + mode: "0644" + notify: + - Reload systemd + - Restart {{ systemd_service_unit_name }} + +- name: Start service + ansible.builtin.systemd: + name: "{{ systemd_service_unit_name }}" + state: "{{ systemd_service_state }}" + enabled: "{{ systemd_service_enabled }}" diff --git a/collections/alfresco/common/roles/systemd_service/templates/systemd-service.j2 b/collections/alfresco/common/roles/systemd_service/templates/systemd-service.j2 new file mode 100644 index 000000000..659a5506c --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/templates/systemd-service.j2 @@ -0,0 +1,31 @@ +[Unit] +Description={{ systemd_service_unit_description }} +After={{ systemd_service_unit_after }} + +[Service] +Type={{ systemd_service_type }} +{% if systemd_service_type == 'oneshot' %} +RemainAfterExit=yes +{% endif %} + +User={{ systemd_service_user }} + +{% for key, value in systemd_service_environment.items() %} +Environment="{{ key }}={{ value | replace('%', '%%') }}" +{% endfor %} + +ExecStart={{ systemd_service_exec_start }} +ExecStop={{ systemd_service_exec_stop }} + +Restart=on-failure +RestartSec=60 +SuccessExitStatus=143 + +WorkingDirectory={{ systemd_service_working_directory }} + +{% for key, value in systemd_service_additional_options.items() %} +{{ key }}={{ value }} +{% endfor %} + +[Install] +WantedBy=multi-user.target diff --git a/collections/alfresco/common/roles/systemd_service/vars/main.yml b/collections/alfresco/common/roles/systemd_service/vars/main.yml new file mode 100644 index 000000000..4523ba097 --- /dev/null +++ b/collections/alfresco/common/roles/systemd_service/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for systemd-service diff --git a/collections/alfresco/platform/README.md b/collections/alfresco/platform/README.md new file mode 100644 index 000000000..864a3bc10 --- /dev/null +++ b/collections/alfresco/platform/README.md @@ -0,0 +1,3 @@ +# Ansible Collection - alfresco.platform + +This collection provides a set of reusable roles to install Alfresco Content Services (work in progress). diff --git a/collections/alfresco/platform/galaxy.yml b/collections/alfresco/platform/galaxy.yml new file mode 100644 index 000000000..5b2340c2f --- /dev/null +++ b/collections/alfresco/platform/galaxy.yml @@ -0,0 +1,68 @@ +### REQUIRED +# The namespace of the collection. This can be a company/brand/organization or product namespace under which all +# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with +# underscores or numbers and cannot contain consecutive underscores +namespace: alfresco + +# The name of the collection. Has the same character restrictions as 'namespace' +name: platform + +# The version of the collection. Must be compatible with semantic versioning +version: 1.0.0 + +# The path to the Markdown (.md) readme file. This path is relative to the root of the collection +readme: README.md + +# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) +# @nicks:irc/im.site#channel' +authors: +- your name + + +### OPTIONAL but strongly recommended +# A short summary description of the collection +description: your collection description + +# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only +# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' +license: +- GPL-2.0-or-later + +# The path to the license file for the collection. This path is relative to the root of the collection. This key is +# mutually exclusive with 'license' +license_file: '' + +# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character +# requirements as 'namespace' and 'name' +tags: [] + +# Collections that this collection requires to be installed for it to be usable. The key of the dict is the +# collection label 'namespace.name'. The value is a version range +# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version +# range specifiers can be set and are separated by ',' +dependencies: {} + +# The URL of the originating SCM repository +repository: http://example.com/repository + +# The URL to any online docs +documentation: http://docs.example.com + +# The URL to the homepage of the collection/project +homepage: http://example.com + +# The URL to the collection issue tracker +issues: http://example.com/issue/tracker + +# A list of file glob-like patterns used to filter any files or directories that should not be included in the build +# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This +# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', +# and '.git' are always filtered. Mutually exclusive with 'manifest' +build_ignore: [] + +# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a +# list of MANIFEST.in style +# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key +# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive +# with 'build_ignore' +# manifest: null diff --git a/collections/alfresco/platform/meta/runtime.yml b/collections/alfresco/platform/meta/runtime.yml new file mode 100644 index 000000000..20f709edf --- /dev/null +++ b/collections/alfresco/platform/meta/runtime.yml @@ -0,0 +1,52 @@ +--- +# Collections must specify a minimum required ansible version to upload +# to galaxy +# requires_ansible: '>=2.9.10' + +# Content that Ansible needs to load from another location or that has +# been deprecated/removed +# plugin_routing: +# action: +# redirected_plugin_name: +# redirect: ns.col.new_location +# deprecated_plugin_name: +# deprecation: +# removal_version: "4.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# removed_plugin_name: +# tombstone: +# removal_version: "2.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# become: +# cache: +# callback: +# cliconf: +# connection: +# doc_fragments: +# filter: +# httpapi: +# inventory: +# lookup: +# module_utils: +# modules: +# netconf: +# shell: +# strategy: +# terminal: +# test: +# vars: + +# Python import statements that Ansible needs to load from another location +# import_redirection: +# ansible_collections.ns.col.plugins.module_utils.old_location: +# redirect: ansible_collections.ns.col.plugins.module_utils.new_location + +# Groups of actions/modules that take a common set of options +# action_groups: +# group_name: +# - module1 +# - module2 diff --git a/collections/alfresco/platform/plugins/README.md b/collections/alfresco/platform/plugins/README.md new file mode 100644 index 000000000..587549227 --- /dev/null +++ b/collections/alfresco/platform/plugins/README.md @@ -0,0 +1,31 @@ +# Collections Plugins Directory + +This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that +is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that +would contain module utils and modules respectively. + +Here is an example directory of the majority of plugins currently supported by Ansible: + +```sh +└── plugins + ├── action + ├── become + ├── cache + ├── callback + ├── cliconf + ├── connection + ├── filter + ├── httpapi + ├── inventory + ├── lookup + ├── module_utils + ├── modules + ├── netconf + ├── shell + ├── strategy + ├── terminal + ├── test + └── vars +``` + +A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.15/plugins/plugins.html). diff --git a/collections/alfresco/platform/roles/audit_storage/README.md b/collections/alfresco/platform/roles/audit_storage/README.md new file mode 100644 index 000000000..225dd44b9 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/collections/alfresco/platform/roles/audit_storage/defaults/main.yml b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml new file mode 100644 index 000000000..b634688b6 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for audit_storage +audit_storage_version: "1.0.0" +audit_storage_zip_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip +audit_storage_zip_sha1_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip.sha1 + +audit_storage_artifact_name: audit-storage diff --git a/collections/alfresco/platform/roles/audit_storage/handlers/main.yml b/collections/alfresco/platform/roles/audit_storage/handlers/main.yml new file mode 100644 index 000000000..5557d5647 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for audit_storage diff --git a/collections/alfresco/platform/roles/audit_storage/meta/main.yml b/collections/alfresco/platform/roles/audit_storage/meta/main.yml new file mode 100644 index 000000000..e014894eb --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/meta/main.yml @@ -0,0 +1,51 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: + - alfresco.platform.common diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml new file mode 100644 index 000000000..3246e2d8a --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include role" + ansible.builtin.include_role: + name: "audit_storage" diff --git a/roles/common/molecule/default/host_vars/common-instance.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/host_vars/instance.yml similarity index 100% rename from roles/common/molecule/default/host_vars/common-instance.yml rename to collections/alfresco/platform/roles/audit_storage/molecule/default/host_vars/instance.yml diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml new file mode 100644 index 000000000..acf4cc736 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: $MOLECULE_ROLE_IMAGE + dockerfile: ../../../../../../../tests/molecule/Dockerfile-noprivs.j2 + command: "/lib/systemd/systemd" + privileged: true + tmpfs: + - /run + - /run/lock + - /tmp + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - audit_storage +provisioner: + name: ansible + ansible_args: + - -e + - "@../../../../../../../tests/molecule/secrets.yml" + inventory: + links: + group_vars: ../../../../../../../group_vars + host_vars: host_vars +verifier: + name: ansible diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml new file mode 100644 index 000000000..f919f30ac --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml @@ -0,0 +1,52 @@ +--- +- name: Verify + hosts: search_enterprise + gather_facts: false + tasks: + - name: Populate service facts + ansible.builtin.service_facts: + + - name: Check that Elasticsearch Connector service is up and running + ansible.builtin.assert: + that: + - ansible_facts.services['elasticsearch-connector.service'] is defined + - ansible_facts.services['elasticsearch-connector.service'].state == 'running' + + - name: Get errors in the journal of Elasticsearch Connector service + become: true + ansible.builtin.command: + cmd: journalctl -u elasticsearch-connector.service + changed_when: false + register: error_log + + - name: Check logs for errors, warning and expected patterns + vars: + log_expected_regex: |- + Refreshing accepted content media-type cache, accepted type count: ([7-9]\d|[1-9]\d{2,})$ + ansible.builtin.assert: + that: + - not error_log.stdout | regex_search(' ERROR ') + - error_log.stdout | regex_search('{{ log_expected_regex }}') + msg: "{{ error_log.stdout }}" + + - name: Check that Elasticsearch Connector reindex is available + ansible.builtin.assert: + that: + - ansible_facts.services['elasticsearch-connector-reindex.service'] is defined + - ansible_facts.services['elasticsearch-connector-reindex.service'].state == 'inactive' + + - name: Retrieve contents of elasticsearch-connector-reindex.service + become: true + ansible.builtin.slurp: + src: /etc/systemd/system/elasticsearch-connector-reindex.service + register: service_file + + - name: Check reindex service contains the expected ExecStart line + become: true + vars: + service_file_content: "{{ service_file['content'] | b64decode }}" + expected_exec_start: "ExecStart=/opt/openjdk-{{ dependencies_version.java }}/bin/java -jar /opt/alfresco/enterprise-search-{{ search_enterprise.version }}/alfresco-elasticsearch-reindexing-{{ search_enterprise.version }}-app.jar --alfresco.reindex.concurrentProcessors=6" + ansible.builtin.assert: + that: + - "expected_exec_start in service_file_content" + msg: "{{ service_file_content }}" diff --git a/collections/alfresco/platform/roles/audit_storage/tasks/main.yml b/collections/alfresco/platform/roles/audit_storage/tasks/main.yml new file mode 100644 index 000000000..43d8ae224 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/tasks/main.yml @@ -0,0 +1,10 @@ +--- +# tasks file for audit_storage +- name: Download audit storage distribution {{ audit_storage_version }} + ansible.builtin.get_url: + url: "{{ audit_storage_zip_url }}" + dest: "{{ download_location }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.zip" + checksum: sha1:{{ lookup('url', audit_storage_zip_sha1_url, username=nexus_user, password=nexus_password) }} # pragma: allowlist secret + mode: "0644" + url_username: "{{ nexus_user }}" + url_password: "{{ nexus_password }}" diff --git a/collections/alfresco/platform/roles/audit_storage/tests/inventory b/collections/alfresco/platform/roles/audit_storage/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/collections/alfresco/platform/roles/audit_storage/tests/test.yml b/collections/alfresco/platform/roles/audit_storage/tests/test.yml new file mode 100644 index 000000000..b8eece9c8 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - audit_storage diff --git a/collections/alfresco/platform/roles/audit_storage/vars/main.yml b/collections/alfresco/platform/roles/audit_storage/vars/main.yml new file mode 100644 index 000000000..56eafb693 --- /dev/null +++ b/collections/alfresco/platform/roles/audit_storage/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for audit_storage diff --git a/roles/common/defaults/main.yml b/collections/alfresco/platform/roles/common/defaults/main.yml similarity index 100% rename from roles/common/defaults/main.yml rename to collections/alfresco/platform/roles/common/defaults/main.yml diff --git a/roles/common/handlers/main.yml b/collections/alfresco/platform/roles/common/handlers/main.yml similarity index 100% rename from roles/common/handlers/main.yml rename to collections/alfresco/platform/roles/common/handlers/main.yml diff --git a/roles/common/meta/main.yml b/collections/alfresco/platform/roles/common/meta/main.yml similarity index 100% rename from roles/common/meta/main.yml rename to collections/alfresco/platform/roles/common/meta/main.yml diff --git a/roles/common/molecule/default/converge.yml b/collections/alfresco/platform/roles/common/molecule/default/converge.yml similarity index 100% rename from roles/common/molecule/default/converge.yml rename to collections/alfresco/platform/roles/common/molecule/default/converge.yml diff --git a/collections/alfresco/platform/roles/common/molecule/default/host_vars/common-instance.yml b/collections/alfresco/platform/roles/common/molecule/default/host_vars/common-instance.yml new file mode 100644 index 000000000..146ddd8e0 --- /dev/null +++ b/collections/alfresco/platform/roles/common/molecule/default/host_vars/common-instance.yml @@ -0,0 +1 @@ +ansible_user: ansible diff --git a/roles/common/molecule/default/molecule.yml b/collections/alfresco/platform/roles/common/molecule/default/molecule.yml similarity index 100% rename from roles/common/molecule/default/molecule.yml rename to collections/alfresco/platform/roles/common/molecule/default/molecule.yml diff --git a/roles/common/molecule/default/tests/test_common.py b/collections/alfresco/platform/roles/common/molecule/default/tests/test_common.py similarity index 100% rename from roles/common/molecule/default/tests/test_common.py rename to collections/alfresco/platform/roles/common/molecule/default/tests/test_common.py diff --git a/roles/common/tasks/check_upgrades.yml b/collections/alfresco/platform/roles/common/tasks/check_upgrades.yml similarity index 100% rename from roles/common/tasks/check_upgrades.yml rename to collections/alfresco/platform/roles/common/tasks/check_upgrades.yml diff --git a/roles/common/tasks/main.yml b/collections/alfresco/platform/roles/common/tasks/main.yml similarity index 100% rename from roles/common/tasks/main.yml rename to collections/alfresco/platform/roles/common/tasks/main.yml diff --git a/roles/common/vars/Debian.yml b/collections/alfresco/platform/roles/common/vars/Debian.yml similarity index 100% rename from roles/common/vars/Debian.yml rename to collections/alfresco/platform/roles/common/vars/Debian.yml diff --git a/roles/common/vars/RedHat.yml b/collections/alfresco/platform/roles/common/vars/RedHat.yml similarity index 100% rename from roles/common/vars/RedHat.yml rename to collections/alfresco/platform/roles/common/vars/RedHat.yml diff --git a/roles/common/vars/main.yml b/collections/alfresco/platform/roles/common/vars/main.yml similarity index 100% rename from roles/common/vars/main.yml rename to collections/alfresco/platform/roles/common/vars/main.yml From 1c3ce5027acc6d40f3913c0928b10584f1216045 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Fri, 22 Nov 2024 15:57:55 +0100 Subject: [PATCH 02/16] fixup gha --- .github/workflows/community.yml | 12 +++++++++++- .../roles/common/molecule/default/molecule.yml | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/community.yml b/.github/workflows/community.yml index 56f20d8d4..947e7161f 100644 --- a/.github/workflows/community.yml +++ b/.github/workflows/community.yml @@ -35,15 +35,25 @@ jobs: - image: rockylinux/rockylinux:9.4 role: - name: activemq + path: roles - name: common + path: collections/alfresco/platform/roles - name: elasticsearch + path: roles - name: identity + path: roles - name: java + path: roles - name: nginx + path: roles - name: postgres + path: roles - name: search + path: roles - name: tomcat + path: roles - name: transformers + path: roles env: PY_COLORS: 1 PYTHONUNBUFFERED: 1 @@ -74,7 +84,7 @@ jobs: timeout_minutes: 60 max_attempts: 3 retry_wait_seconds: 10 - command: cd roles/${{ matrix.role.name }} && pipenv run molecule test + command: cd ${{ matrix.role.path }}/${{ matrix.role.name }} && pipenv run molecule test docker_integration: name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }} diff --git a/collections/alfresco/platform/roles/common/molecule/default/molecule.yml b/collections/alfresco/platform/roles/common/molecule/default/molecule.yml index bdc51600a..6cfd93a7a 100644 --- a/collections/alfresco/platform/roles/common/molecule/default/molecule.yml +++ b/collections/alfresco/platform/roles/common/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - name: common-instance image: $MOLECULE_ROLE_IMAGE - dockerfile: ../../../../tests/molecule/Dockerfile-noprivs.j2 + dockerfile: ../../../../../../../tests/molecule/Dockerfile-noprivs.j2 command: "/lib/systemd/systemd" privileged: true tmpfs: @@ -24,7 +24,7 @@ provisioner: pipelining: True inventory: links: - group_vars: ../../../../group_vars + group_vars: ../../../../../../../group_vars host_vars: host_vars verifier: name: testinfra From 8b70aaddcc3c29c00997598d9d83785eeb58e3f9 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 10:43:19 +0100 Subject: [PATCH 03/16] add common as galaxy dependency --- playbooks/acs.yml | 2 +- requirements.yml | 3 +++ roles/elasticsearch/meta/main.yml | 2 +- roles/identity/meta/main.yml | 2 +- roles/java/meta/main.yml | 2 +- roles/nginx/meta/main.yml | 2 +- roles/postgres/meta/main.yml | 2 +- 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/playbooks/acs.yml b/playbooks/acs.yml index 9ecfc26e0..6a60a05df 100644 --- a/playbooks/acs.yml +++ b/playbooks/acs.yml @@ -35,7 +35,7 @@ hosts: repository:identity:acc:adw gather_facts: false roles: - - role: "../roles/common" + - role: alfresco.platform.common tasks: - name: Set alfresco_url from first entry of known_urls vars: diff --git a/requirements.yml b/requirements.yml index 92ccbe192..289985183 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,6 +18,9 @@ collections: version: 8.2.1 - name: community.aws version: 8.0.0 + # Import all local collections + - source: ./collections/alfresco/ + type: subdirs roles: - name: geerlingguy.elasticsearch diff --git a/roles/elasticsearch/meta/main.yml b/roles/elasticsearch/meta/main.yml index faf2822aa..cbccccb2f 100644 --- a/roles/elasticsearch/meta/main.yml +++ b/roles/elasticsearch/meta/main.yml @@ -21,4 +21,4 @@ galaxy_info: galaxy_tags: [] dependencies: - - role: common + - role: alfresco.platform.common diff --git a/roles/identity/meta/main.yml b/roles/identity/meta/main.yml index 1a2f43588..4f8ae7842 100644 --- a/roles/identity/meta/main.yml +++ b/roles/identity/meta/main.yml @@ -21,4 +21,4 @@ galaxy_info: galaxy_tags: [] dependencies: - - role: common + - role: alfresco.platform.common diff --git a/roles/java/meta/main.yml b/roles/java/meta/main.yml index 3d12ca1ef..db2bbbc34 100644 --- a/roles/java/meta/main.yml +++ b/roles/java/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: common + - role: alfresco.platform.common diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml index 985cf520c..2f362ce77 100644 --- a/roles/nginx/meta/main.yml +++ b/roles/nginx/meta/main.yml @@ -15,4 +15,4 @@ galaxy_info: min_ansible_version: "2.12" galaxy_tags: [] dependencies: - - role: common + - role: alfresco.platform.common diff --git a/roles/postgres/meta/main.yml b/roles/postgres/meta/main.yml index 1736ca077..3d23e02e8 100644 --- a/roles/postgres/meta/main.yml +++ b/roles/postgres/meta/main.yml @@ -15,4 +15,4 @@ galaxy_info: min_ansible_version: "2.12" galaxy_tags: [] dependencies: - - role: common + - role: alfresco.platform.common From da386edc2b6ee171c8138933c0b9ef66eddf7331 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 11:24:00 +0100 Subject: [PATCH 04/16] remove legacy tests --- .../alfresco/platform/roles/audit_storage/tests/inventory | 1 - .../alfresco/platform/roles/audit_storage/tests/test.yml | 5 ----- 2 files changed, 6 deletions(-) delete mode 100644 collections/alfresco/platform/roles/audit_storage/tests/inventory delete mode 100644 collections/alfresco/platform/roles/audit_storage/tests/test.yml diff --git a/collections/alfresco/platform/roles/audit_storage/tests/inventory b/collections/alfresco/platform/roles/audit_storage/tests/inventory deleted file mode 100644 index 2fbb50c4a..000000000 --- a/collections/alfresco/platform/roles/audit_storage/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/collections/alfresco/platform/roles/audit_storage/tests/test.yml b/collections/alfresco/platform/roles/audit_storage/tests/test.yml deleted file mode 100644 index b8eece9c8..000000000 --- a/collections/alfresco/platform/roles/audit_storage/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - audit_storage From b8a387860ec07ef3644d3385fe3a04f6e0063ca6 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 12:22:03 +0100 Subject: [PATCH 05/16] fixup legacy pytest tests --- roles/activemq/molecule/default/tests/test_activemq.py | 4 ++-- roles/java/molecule/default/tests/test_java.py | 4 ++-- roles/nginx/molecule/default/tests/test_nginx.py | 4 ++-- roles/repository/molecule/default/tests/test_repository.py | 4 ++-- roles/search/molecule/default/tests/test_search.py | 6 +++--- roles/sfs/molecule/default/tests/test_sfs.py | 6 +++--- roles/sync/molecule/default/tests/test_sync.py | 4 ++-- roles/tomcat/molecule/default/tests/test_tomcat.py | 4 ++-- roles/transformers/molecule/default/tests/test_transform.py | 6 +++--- roles/trouter/molecule/default/tests/test_trouter.py | 6 +++--- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/roles/activemq/molecule/default/tests/test_activemq.py b/roles/activemq/molecule/default/tests/test_activemq.py index d953d3da6..cdfea9287 100644 --- a/roles/activemq/molecule/default/tests/test_activemq.py +++ b/roles/activemq/molecule/default/tests/test_activemq.py @@ -12,8 +12,8 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../java/vars/main.yml name=java_role" activemq_role = "file=../../vars/main.yml name=activemq_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" group_vars = "file=../../../../group_vars/all.yml name=group_vars" secrets_vars = "file=../../../../vars/secrets.yml name=secrets_vars" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] diff --git a/roles/java/molecule/default/tests/test_java.py b/roles/java/molecule/default/tests/test_java.py index 62e47cde1..808f55193 100644 --- a/roles/java/molecule/default/tests/test_java.py +++ b/roles/java/molecule/default/tests/test_java.py @@ -8,8 +8,8 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../../vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" group_vars = "file=../../../../group_vars/all.yml name=group_vars" ansible_vars = host.ansible( "include_vars", diff --git a/roles/nginx/molecule/default/tests/test_nginx.py b/roles/nginx/molecule/default/tests/test_nginx.py index 04959074f..ca0aa01ed 100644 --- a/roles/nginx/molecule/default/tests/test_nginx.py +++ b/roles/nginx/molecule/default/tests/test_nginx.py @@ -10,8 +10,8 @@ @pytest.fixture(scope="module") def get_ansible_vars(host): """Define get_ansible_vars""" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" nginx_vars = "file=../../vars/main.yml name=nginx_vars" distribution_name = host.ansible("setup")["ansible_facts"]["ansible_distribution"] distribution_version = host.ansible("setup")["ansible_facts"]["ansible_distribution_version"] diff --git a/roles/repository/molecule/default/tests/test_repository.py b/roles/repository/molecule/default/tests/test_repository.py index c01acb26f..7d8f4e1ef 100644 --- a/roles/repository/molecule/default/tests/test_repository.py +++ b/roles/repository/molecule/default/tests/test_repository.py @@ -17,8 +17,8 @@ def get_ansible_vars(host): repository_role = "file=../../vars/main.yml name=repository_role" tomcat_role = "file=../tomcat/vars/main.yml name=tomcat_role" java_role = "file=../java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" group_vars = "file=../../../../group_vars/all.yml name=group_vars" ansible_vars = host.ansible("include_vars", group_vars)["ansible_facts"]["group_vars"] ansible_vars.update(host.ansible("include_vars", common_defaults)["ansible_facts"]["common_defaults"]) diff --git a/roles/search/molecule/default/tests/test_search.py b/roles/search/molecule/default/tests/test_search.py index 65e73f0dc..c3e670757 100644 --- a/roles/search/molecule/default/tests/test_search.py +++ b/roles/search/molecule/default/tests/test_search.py @@ -12,9 +12,9 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" - common_hosts = "file=../../../common/defaults/main.yml name=common_hosts" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" + common_hosts = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_hosts" search_services = "file=../../vars/main.yml name=search_services" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] ansible_vars.update(host.ansible("include_vars", java_role)["ansible_facts"]["java_role"]) diff --git a/roles/sfs/molecule/default/tests/test_sfs.py b/roles/sfs/molecule/default/tests/test_sfs.py index c0a97951f..bb740ca0a 100644 --- a/roles/sfs/molecule/default/tests/test_sfs.py +++ b/roles/sfs/molecule/default/tests/test_sfs.py @@ -11,9 +11,9 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../roles/java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" - common_hosts = "file=../../../common/vars/hosts.yml name=common_hosts" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" + common_hosts = "file=../../../../collections/alfresco/platform/roles/common/vars/hosts.yml name=common_hosts" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] ansible_vars.update(host.ansible("include_vars", common_vars)["ansible_facts"]["common_vars"]) ansible_vars.update(host.ansible("include_vars", common_hosts)["ansible_facts"]["common_hosts"]) diff --git a/roles/sync/molecule/default/tests/test_sync.py b/roles/sync/molecule/default/tests/test_sync.py index 82bdfc8f5..83dbcab51 100644 --- a/roles/sync/molecule/default/tests/test_sync.py +++ b/roles/sync/molecule/default/tests/test_sync.py @@ -11,8 +11,8 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" common_hosts = "file=../../../../group_vars/all.yml name=common_hosts" syncservices = "file=../../vars/main.yml name=syncservices" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] diff --git a/roles/tomcat/molecule/default/tests/test_tomcat.py b/roles/tomcat/molecule/default/tests/test_tomcat.py index 7be4289c4..803c9c4cd 100644 --- a/roles/tomcat/molecule/default/tests/test_tomcat.py +++ b/roles/tomcat/molecule/default/tests/test_tomcat.py @@ -8,8 +8,8 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../java/vars/main.yml name=java_role" tomcat_role = "file=../../vars/main.yml name=tomcat_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" group_vars = "file=../../../../group_vars/all.yml name=group_vars" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] ansible_vars.update(host.ansible("include_vars", tomcat_role)["ansible_facts"]["tomcat_role"]) diff --git a/roles/transformers/molecule/default/tests/test_transform.py b/roles/transformers/molecule/default/tests/test_transform.py index 69625da7f..05f5b722e 100644 --- a/roles/transformers/molecule/default/tests/test_transform.py +++ b/roles/transformers/molecule/default/tests/test_transform.py @@ -11,9 +11,9 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" - common_hosts = "file=../../../common/vars/hosts.yml name=common_hosts" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" + common_hosts = "file=../../../../collections/alfresco/platform/roles/common/vars/hosts.yml name=common_hosts" transform_services = "file=../../vars/main.yml name=transform_services" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] ansible_vars.update(host.ansible("include_vars", java_role)["ansible_facts"]["java_role"]) diff --git a/roles/trouter/molecule/default/tests/test_trouter.py b/roles/trouter/molecule/default/tests/test_trouter.py index 1ace30fbf..8a0672125 100644 --- a/roles/trouter/molecule/default/tests/test_trouter.py +++ b/roles/trouter/molecule/default/tests/test_trouter.py @@ -11,9 +11,9 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../roles/java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" - common_hosts = "file=../../../common/vars/hosts.yml name=common_hosts" + common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" + common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" + common_hosts = "file=../../../../collections/alfresco/platform/roles/common/vars/hosts.yml name=common_hosts" ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] ansible_vars.update(host.ansible("include_vars", common_vars)["ansible_facts"]["common_vars"]) ansible_vars.update(host.ansible("include_vars", common_hosts)["ansible_facts"]["common_hosts"]) From b648ac6030d477b6b134dc35af715a23fbfc2b31 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 12:30:33 +0100 Subject: [PATCH 06/16] fixup pre-commit --- .ansible-lint | 3 +- .ansible-lint-ignore | 49 ------------------ collections/alfresco/common/meta/runtime.yml | 50 +------------------ .../alfresco/platform/meta/runtime.yml | 50 +------------------ .../roles/audit_storage/meta/main.yml | 48 ++++++------------ 5 files changed, 19 insertions(+), 181 deletions(-) delete mode 100644 .ansible-lint-ignore diff --git a/.ansible-lint b/.ansible-lint index 4d399f095..0b046a999 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,7 @@ warn_list: - experimental # make sure new rule are returned as warnings for progressive updates - - role-name[path] # https://alfresco.atlassian.net/browse/OPSEXP-2157 + - role-name[path] # OPSEXP-2157 + - var-naming[no-role-prefix] # OPSEXP-2744 skip_list: - galaxy # To remove when/if we push to Ansible galaxy - name[template] # Allow Jinja templating inside task and play names diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore deleted file mode 100644 index 91047955a..000000000 --- a/.ansible-lint-ignore +++ /dev/null @@ -1,49 +0,0 @@ -# https://hyland.atlassian.net/browse/OPSEXP-2744 -playbooks/acs.yml var-naming[no-role-prefix] -playbooks/search_replication.yml var-naming[no-role-prefix] -roles/postgres/vars/Debian.yml var-naming[no-role-prefix] -roles/postgres/vars/RedHat.yml var-naming[no-role-prefix] -roles/postgres/vars/RedHat8.yml var-naming[no-role-prefix] -roles/postgres/vars/RedHat9.yml var-naming[no-role-prefix] -roles/postgres/vars/Rocky8.yml var-naming[no-role-prefix] -roles/postgres/vars/Rocky9.yml var-naming[no-role-prefix] -roles/postgres/vars/Ubuntu20.yml var-naming[no-role-prefix] -roles/postgres/vars/Ubuntu22.yml var-naming[no-role-prefix] -roles/postgres/vars/Ubuntu18.yml var-naming[no-role-prefix] -roles/postgres/vars/main.yml var-naming[no-role-prefix] -roles/postgres/defaults/main.yml var-naming[no-role-prefix] -roles/transformers/vars/Debian.yml var-naming[no-role-prefix] -roles/transformers/vars/RedHat.yml var-naming[no-role-prefix] -roles/transformers/vars/RedHat8.yml var-naming[no-role-prefix] -roles/transformers/vars/RedHat9.yml var-naming[no-role-prefix] -roles/transformers/vars/Rocky8.yml var-naming[no-role-prefix] -roles/transformers/vars/Rocky9.yml var-naming[no-role-prefix] -roles/transformers/vars/Ubuntu20.yml var-naming[no-role-prefix] -roles/transformers/vars/Ubuntu22.yml var-naming[no-role-prefix] -roles/transformers/vars/Ubuntu18.yml var-naming[no-role-prefix] -roles/transformers/vars/main.yml var-naming[no-role-prefix] -roles/transformers/defaults/main.yml var-naming[no-role-prefix] -roles/repository/vars/Debian.yml var-naming[no-role-prefix] -roles/repository/vars/RedHat.yml var-naming[no-role-prefix] -roles/repository/vars/main.yml var-naming[no-role-prefix] -roles/repository/defaults/main.yml var-naming[no-role-prefix] -roles/search/vars/Debian.yml var-naming[no-role-prefix] -roles/search/vars/RedHat.yml var-naming[no-role-prefix] -roles/search/vars/main.yml var-naming[no-role-prefix] -roles/search/defaults/main.yml var-naming[no-role-prefix] -roles/trouter/vars/Debian.yml var-naming[no-role-prefix] -roles/trouter/vars/RedHat.yml var-naming[no-role-prefix] -roles/trouter/vars/main.yml var-naming[no-role-prefix] -roles/trouter/defaults/main.yml var-naming[no-role-prefix] -roles/sync/vars/Debian.yml var-naming[no-role-prefix] -roles/sync/vars/RedHat.yml var-naming[no-role-prefix] -roles/sync/vars/main.yml var-naming[no-role-prefix] -roles/sync/defaults/main.yml var-naming[no-role-prefix] -roles/sfs/vars/Debian.yml var-naming[no-role-prefix] -roles/sfs/vars/RedHat.yml var-naming[no-role-prefix] -roles/sfs/defaults/main.yml var-naming[no-role-prefix] -roles/nginx/defaults/main.yml var-naming[no-role-prefix] -roles/common/vars/Debian.yml var-naming[no-role-prefix] -roles/common/vars/RedHat.yml var-naming[no-role-prefix] -roles/common/vars/main.yml var-naming[no-role-prefix] -roles/common/defaults/main.yml var-naming[no-role-prefix] diff --git a/collections/alfresco/common/meta/runtime.yml b/collections/alfresco/common/meta/runtime.yml index 20f709edf..cbf39f305 100644 --- a/collections/alfresco/common/meta/runtime.yml +++ b/collections/alfresco/common/meta/runtime.yml @@ -1,52 +1,4 @@ --- # Collections must specify a minimum required ansible version to upload # to galaxy -# requires_ansible: '>=2.9.10' - -# Content that Ansible needs to load from another location or that has -# been deprecated/removed -# plugin_routing: -# action: -# redirected_plugin_name: -# redirect: ns.col.new_location -# deprecated_plugin_name: -# deprecation: -# removal_version: "4.0.0" -# warning_text: | -# See the porting guide on how to update your playbook to -# use ns.col.another_plugin instead. -# removed_plugin_name: -# tombstone: -# removal_version: "2.0.0" -# warning_text: | -# See the porting guide on how to update your playbook to -# use ns.col.another_plugin instead. -# become: -# cache: -# callback: -# cliconf: -# connection: -# doc_fragments: -# filter: -# httpapi: -# inventory: -# lookup: -# module_utils: -# modules: -# netconf: -# shell: -# strategy: -# terminal: -# test: -# vars: - -# Python import statements that Ansible needs to load from another location -# import_redirection: -# ansible_collections.ns.col.plugins.module_utils.old_location: -# redirect: ansible_collections.ns.col.plugins.module_utils.new_location - -# Groups of actions/modules that take a common set of options -# action_groups: -# group_name: -# - module1 -# - module2 +requires_ansible: '>=2.14.0' diff --git a/collections/alfresco/platform/meta/runtime.yml b/collections/alfresco/platform/meta/runtime.yml index 20f709edf..cbf39f305 100644 --- a/collections/alfresco/platform/meta/runtime.yml +++ b/collections/alfresco/platform/meta/runtime.yml @@ -1,52 +1,4 @@ --- # Collections must specify a minimum required ansible version to upload # to galaxy -# requires_ansible: '>=2.9.10' - -# Content that Ansible needs to load from another location or that has -# been deprecated/removed -# plugin_routing: -# action: -# redirected_plugin_name: -# redirect: ns.col.new_location -# deprecated_plugin_name: -# deprecation: -# removal_version: "4.0.0" -# warning_text: | -# See the porting guide on how to update your playbook to -# use ns.col.another_plugin instead. -# removed_plugin_name: -# tombstone: -# removal_version: "2.0.0" -# warning_text: | -# See the porting guide on how to update your playbook to -# use ns.col.another_plugin instead. -# become: -# cache: -# callback: -# cliconf: -# connection: -# doc_fragments: -# filter: -# httpapi: -# inventory: -# lookup: -# module_utils: -# modules: -# netconf: -# shell: -# strategy: -# terminal: -# test: -# vars: - -# Python import statements that Ansible needs to load from another location -# import_redirection: -# ansible_collections.ns.col.plugins.module_utils.old_location: -# redirect: ansible_collections.ns.col.plugins.module_utils.new_location - -# Groups of actions/modules that take a common set of options -# action_groups: -# group_name: -# - module1 -# - module2 +requires_ansible: '>=2.14.0' diff --git a/collections/alfresco/platform/roles/audit_storage/meta/main.yml b/collections/alfresco/platform/roles/audit_storage/meta/main.yml index e014894eb..157e3d462 100644 --- a/collections/alfresco/platform/roles/audit_storage/meta/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/meta/main.yml @@ -1,43 +1,25 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + author: Alfresco Ops Readiness + description: This role installs and configures the audit storage for Alfresco + company: Hyland Software # If the issue tracker for your role is not on github, uncomment the # next line and provide a value # issue_tracker_url: http://example.com/issue/tracker - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: Apache-2.0 - min_ansible_version: 2.1 + min_ansible_version: "2.12" - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 + platforms: + - name: Ubuntu + versions: + - bionic + - focal + - name: EL + versions: + - "8" + - "9" galaxy_tags: [] # List tags for your role here, one per line. A tag is a keyword that describes @@ -48,4 +30,4 @@ galaxy_info: # Maximum 20 tags per role. dependencies: - - alfresco.platform.common + - role: alfresco.platform.common From c04e0c095802532a6262db0c0ed0cff23827cc20 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 12:40:51 +0100 Subject: [PATCH 07/16] fix prerun-network-checks --- playbooks/prerun-network-checks.yml | 42 +++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/playbooks/prerun-network-checks.yml b/playbooks/prerun-network-checks.yml index 068f7351c..87b49e33c 100644 --- a/playbooks/prerun-network-checks.yml +++ b/playbooks/prerun-network-checks.yml @@ -12,8 +12,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check db connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -77,8 +79,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check repo connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -93,8 +97,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check activemq connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -109,8 +115,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check db connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -141,8 +149,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check repo connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -157,8 +167,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check repo connection ansible.builtin.include_tasks: "tasks/check_port.yml" @@ -173,8 +185,10 @@ become: true gather_facts: false tasks: - - name: Include common defaults - ansible.builtin.include_vars: ../roles/common/defaults/main.yml + - name: Include common role + ansible.builtin.include_role: + name: alfresco.platform.common + public: true - name: Check repo connection ansible.builtin.include_tasks: "tasks/check_port.yml" From 7bf4e3824e4534cbec8d47084b64b64431124046 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 14:20:40 +0100 Subject: [PATCH 08/16] avoid noise with lint warning which are not going to be fixed soon --- .ansible-lint | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 0b046a999..e3fea5017 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,9 +1,9 @@ warn_list: - experimental # make sure new rule are returned as warnings for progressive updates - - role-name[path] # OPSEXP-2157 - - var-naming[no-role-prefix] # OPSEXP-2744 skip_list: - galaxy # To remove when/if we push to Ansible galaxy - name[template] # Allow Jinja templating inside task and play names + - role-name[path] # OPSEXP-2157 + - var-naming[no-role-prefix] # OPSEXP-2744 exclude_paths: - molecule/ From c1ff84887a6041bfd6775637a0ead6cab5f8edba Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 15:30:17 +0100 Subject: [PATCH 09/16] make new audit-storage role working --- .github/workflows/community.yml | 2 +- .../roles/audit_storage/defaults/main.yml | 11 ++++ .../roles/audit_storage/meta/main.yml | 2 +- .../audit_storage/molecule/default/verify.yml | 47 ++---------------- .../roles/audit_storage/tasks/main.yml | 35 +++++++++++++ .../roles/audit_storage/vars/main.yml | 1 + .../alfresco/platform/roles}/java/README.md | 4 +- .../platform/roles}/java/defaults/main.yml | 0 .../platform/roles}/java/handlers/main.yml | 0 .../roles}/java/meta/argument_specs.yml | 0 .../platform/roles}/java/meta/main.yml | 0 .../roles}/java/molecule/default/converge.yml | 0 .../molecule/default/files/java-instance.p12 | Bin .../default/host_vars/java-instance.yml | 0 .../roles}/java/molecule/default/molecule.yml | 4 +- .../java/molecule/default/tests/test_java.py | 0 .../platform/roles}/java/tasks/keystores.yml | 0 .../platform/roles}/java/tasks/main.yml | 0 .../platform/roles}/java/templates/setenv.sh | 0 .../platform/roles}/java/vars/main.yml | 0 group_vars/all.yml | 4 ++ requirements.yml | 2 +- roles/activemq/meta/main.yml | 2 +- roles/repository/tasks/main.yml | 2 +- roles/search/meta/main.yml | 2 +- roles/search_enterprise/meta/main.yml | 2 +- roles/sfs/meta/main.yml | 2 +- roles/sfs/molecule/default/tests/test_sfs.py | 2 +- roles/sfs/tasks/main.yml | 2 +- roles/sync/meta/main.yml | 2 +- roles/tomcat/meta/main.yml | 2 +- roles/transformers/meta/main.yml | 2 +- roles/transformers/tasks/main.yml | 2 +- roles/trouter/meta/main.yml | 2 +- .../molecule/default/tests/test_trouter.py | 2 +- roles/trouter/tasks/main.yml | 2 +- 36 files changed, 76 insertions(+), 64 deletions(-) rename {roles => collections/alfresco/platform/roles}/java/README.md (95%) rename {roles => collections/alfresco/platform/roles}/java/defaults/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/handlers/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/meta/argument_specs.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/meta/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/molecule/default/converge.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/molecule/default/files/java-instance.p12 (100%) rename {roles => collections/alfresco/platform/roles}/java/molecule/default/host_vars/java-instance.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/molecule/default/molecule.yml (80%) rename {roles => collections/alfresco/platform/roles}/java/molecule/default/tests/test_java.py (100%) rename {roles => collections/alfresco/platform/roles}/java/tasks/keystores.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/tasks/main.yml (100%) rename {roles => collections/alfresco/platform/roles}/java/templates/setenv.sh (100%) rename {roles => collections/alfresco/platform/roles}/java/vars/main.yml (100%) diff --git a/.github/workflows/community.yml b/.github/workflows/community.yml index 947e7161f..217bb75be 100644 --- a/.github/workflows/community.yml +++ b/.github/workflows/community.yml @@ -43,7 +43,7 @@ jobs: - name: identity path: roles - name: java - path: roles + path: collections/alfresco/platform/roles - name: nginx path: roles - name: postgres diff --git a/collections/alfresco/platform/roles/audit_storage/defaults/main.yml b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml index b634688b6..616b662c4 100644 --- a/collections/alfresco/platform/roles/audit_storage/defaults/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml @@ -5,3 +5,14 @@ audit_storage_zip_url: https://nexus.alfresco.com/nexus/repository/enterprise-re audit_storage_zip_sha1_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip.sha1 audit_storage_artifact_name: audit-storage + +audit_storage_username: alfresco +audit_storage_group_name: alfresco + +audit_storage_default_environment: {} +audit_storage_environment: {} + +audit_storage_java_bin_path: /opt/openjdk-17.0.11/bin/java + +audit_storage_binaries_dir: "/opt/alfresco/audit-storage-{{ audit_storage_version }}" +audit_storage_config_dir: "/etc/alfresco/audit-storage" diff --git a/collections/alfresco/platform/roles/audit_storage/meta/main.yml b/collections/alfresco/platform/roles/audit_storage/meta/main.yml index 157e3d462..a1b236347 100644 --- a/collections/alfresco/platform/roles/audit_storage/meta/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/meta/main.yml @@ -30,4 +30,4 @@ galaxy_info: # Maximum 20 tags per role. dependencies: - - role: alfresco.platform.common + - role: alfresco.platform.java diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml index f919f30ac..7684625c1 100644 --- a/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml @@ -1,52 +1,13 @@ --- - name: Verify - hosts: search_enterprise + hosts: instance gather_facts: false tasks: - name: Populate service facts ansible.builtin.service_facts: - - name: Check that Elasticsearch Connector service is up and running + - name: Check that service is up and running ansible.builtin.assert: that: - - ansible_facts.services['elasticsearch-connector.service'] is defined - - ansible_facts.services['elasticsearch-connector.service'].state == 'running' - - - name: Get errors in the journal of Elasticsearch Connector service - become: true - ansible.builtin.command: - cmd: journalctl -u elasticsearch-connector.service - changed_when: false - register: error_log - - - name: Check logs for errors, warning and expected patterns - vars: - log_expected_regex: |- - Refreshing accepted content media-type cache, accepted type count: ([7-9]\d|[1-9]\d{2,})$ - ansible.builtin.assert: - that: - - not error_log.stdout | regex_search(' ERROR ') - - error_log.stdout | regex_search('{{ log_expected_regex }}') - msg: "{{ error_log.stdout }}" - - - name: Check that Elasticsearch Connector reindex is available - ansible.builtin.assert: - that: - - ansible_facts.services['elasticsearch-connector-reindex.service'] is defined - - ansible_facts.services['elasticsearch-connector-reindex.service'].state == 'inactive' - - - name: Retrieve contents of elasticsearch-connector-reindex.service - become: true - ansible.builtin.slurp: - src: /etc/systemd/system/elasticsearch-connector-reindex.service - register: service_file - - - name: Check reindex service contains the expected ExecStart line - become: true - vars: - service_file_content: "{{ service_file['content'] | b64decode }}" - expected_exec_start: "ExecStart=/opt/openjdk-{{ dependencies_version.java }}/bin/java -jar /opt/alfresco/enterprise-search-{{ search_enterprise.version }}/alfresco-elasticsearch-reindexing-{{ search_enterprise.version }}-app.jar --alfresco.reindex.concurrentProcessors=6" - ansible.builtin.assert: - that: - - "expected_exec_start in service_file_content" - msg: "{{ service_file_content }}" + - ansible_facts.services['alfresco-audit-storage'] is defined + - ansible_facts.services['alfresco-audit-storage'].state == 'running' diff --git a/collections/alfresco/platform/roles/audit_storage/tasks/main.yml b/collections/alfresco/platform/roles/audit_storage/tasks/main.yml index 43d8ae224..bbdc0f29e 100644 --- a/collections/alfresco/platform/roles/audit_storage/tasks/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/tasks/main.yml @@ -8,3 +8,38 @@ mode: "0644" url_username: "{{ nexus_user }}" url_password: "{{ nexus_password }}" + +- name: Install Audit Storage + become: true + block: + - name: Create directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ audit_storage_username }}" + group: "{{ audit_storage_group_name }}" + mode: "0755" + loop: + - "{{ audit_storage_binaries_dir }}" + - "{{ audit_storage_config_dir }}" + + - name: Extract distribution zip in binaries + ansible.builtin.unarchive: + src: "{{ download_location }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.zip" + dest: "{{ audit_storage_binaries_dir }}" + remote_src: true + creates: "{{ audit_storage_binaries_dir }}/README.md" + owner: "{{ audit_storage_username }}" + group: "{{ audit_storage_group_name }}" + + - name: Install service + ansible.builtin.include_role: + name: alfresco.common.systemd_service + vars: + systemd_service_unit_name: "alfresco-audit-storage" + systemd_service_unit_description: "Alfresco Audit Storage" + systemd_service_exec_start: "{{ audit_storage_java_bin_path }} -jar {{ audit_storage_artifact_path }}" + systemd_service_user: "{{ audit_storage_username }}" + systemd_service_environment: >- + {{ audit_storage_default_environment | + combine(audit_storage_environment) }} diff --git a/collections/alfresco/platform/roles/audit_storage/vars/main.yml b/collections/alfresco/platform/roles/audit_storage/vars/main.yml index 56eafb693..e9dcd2357 100644 --- a/collections/alfresco/platform/roles/audit_storage/vars/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/vars/main.yml @@ -1,2 +1,3 @@ --- # vars file for audit_storage +audit_storage_artifact_path: "{{ audit_storage_binaries_dir }}/alfresco-audit-storage-{{ audit_storage_version }}.jar" diff --git a/roles/java/README.md b/collections/alfresco/platform/roles/java/README.md similarity index 95% rename from roles/java/README.md rename to collections/alfresco/platform/roles/java/README.md index 6784726ed..868853d48 100644 --- a/roles/java/README.md +++ b/collections/alfresco/platform/roles/java/README.md @@ -33,7 +33,7 @@ Installing OpenJDK and importing a server certificate in the java keystore: - hosts: all - hosts: all roles: - - role: java + - role: alfresco.platform.java cert_containers: - path: snakeoil.p12 pass: dummy @@ -46,7 +46,7 @@ Installing OpenJDK, importing certificates and generating a security key: - hosts: all - hosts: all roles: - - role: java + - role: alfresco.platform.java cert_containers: - path: server-snakeoil.p12 pass: dummy diff --git a/roles/java/defaults/main.yml b/collections/alfresco/platform/roles/java/defaults/main.yml similarity index 100% rename from roles/java/defaults/main.yml rename to collections/alfresco/platform/roles/java/defaults/main.yml diff --git a/roles/java/handlers/main.yml b/collections/alfresco/platform/roles/java/handlers/main.yml similarity index 100% rename from roles/java/handlers/main.yml rename to collections/alfresco/platform/roles/java/handlers/main.yml diff --git a/roles/java/meta/argument_specs.yml b/collections/alfresco/platform/roles/java/meta/argument_specs.yml similarity index 100% rename from roles/java/meta/argument_specs.yml rename to collections/alfresco/platform/roles/java/meta/argument_specs.yml diff --git a/roles/java/meta/main.yml b/collections/alfresco/platform/roles/java/meta/main.yml similarity index 100% rename from roles/java/meta/main.yml rename to collections/alfresco/platform/roles/java/meta/main.yml diff --git a/roles/java/molecule/default/converge.yml b/collections/alfresco/platform/roles/java/molecule/default/converge.yml similarity index 100% rename from roles/java/molecule/default/converge.yml rename to collections/alfresco/platform/roles/java/molecule/default/converge.yml diff --git a/roles/java/molecule/default/files/java-instance.p12 b/collections/alfresco/platform/roles/java/molecule/default/files/java-instance.p12 similarity index 100% rename from roles/java/molecule/default/files/java-instance.p12 rename to collections/alfresco/platform/roles/java/molecule/default/files/java-instance.p12 diff --git a/roles/java/molecule/default/host_vars/java-instance.yml b/collections/alfresco/platform/roles/java/molecule/default/host_vars/java-instance.yml similarity index 100% rename from roles/java/molecule/default/host_vars/java-instance.yml rename to collections/alfresco/platform/roles/java/molecule/default/host_vars/java-instance.yml diff --git a/roles/java/molecule/default/molecule.yml b/collections/alfresco/platform/roles/java/molecule/default/molecule.yml similarity index 80% rename from roles/java/molecule/default/molecule.yml rename to collections/alfresco/platform/roles/java/molecule/default/molecule.yml index c8909cca9..e88ea647e 100644 --- a/roles/java/molecule/default/molecule.yml +++ b/collections/alfresco/platform/roles/java/molecule/default/molecule.yml @@ -6,7 +6,7 @@ driver: platforms: - name: java-instance image: $MOLECULE_ROLE_IMAGE - dockerfile: ../../../../tests/molecule/Dockerfile-noprivs.j2 + dockerfile: ../../../../../../../tests/molecule/Dockerfile-noprivs.j2 command: "/lib/systemd/systemd" privileged: true tmpfs: @@ -22,7 +22,7 @@ provisioner: pipelining: True inventory: links: - group_vars: ../../../../group_vars + group_vars: ../../../../../../../group_vars host_vars: host_vars verifier: name: testinfra diff --git a/roles/java/molecule/default/tests/test_java.py b/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py similarity index 100% rename from roles/java/molecule/default/tests/test_java.py rename to collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py diff --git a/roles/java/tasks/keystores.yml b/collections/alfresco/platform/roles/java/tasks/keystores.yml similarity index 100% rename from roles/java/tasks/keystores.yml rename to collections/alfresco/platform/roles/java/tasks/keystores.yml diff --git a/roles/java/tasks/main.yml b/collections/alfresco/platform/roles/java/tasks/main.yml similarity index 100% rename from roles/java/tasks/main.yml rename to collections/alfresco/platform/roles/java/tasks/main.yml diff --git a/roles/java/templates/setenv.sh b/collections/alfresco/platform/roles/java/templates/setenv.sh similarity index 100% rename from roles/java/templates/setenv.sh rename to collections/alfresco/platform/roles/java/templates/setenv.sh diff --git a/roles/java/vars/main.yml b/collections/alfresco/platform/roles/java/vars/main.yml similarity index 100% rename from roles/java/vars/main.yml rename to collections/alfresco/platform/roles/java/vars/main.yml diff --git a/group_vars/all.yml b/group_vars/all.yml index 15f993d1e..1b1c4e142 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -78,6 +78,10 @@ acc: artifact_name: alfresco-control-center repository: "{{ nexus_repository.releases }}" version: 9.1.0 +audit_storage: + artifact_name: alfresco-audit-storage + repository: "{{ nexus_repository.enterprise_releases }}" + version: 1.0.0 supported_os: RedHat: versions: diff --git a/requirements.yml b/requirements.yml index 289985183..c29dec8e7 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,7 +18,7 @@ collections: version: 8.2.1 - name: community.aws version: 8.0.0 - # Import all local collections + # Import all local collections - bump the following number to invalidate gha cache: 2024112500 - source: ./collections/alfresco/ type: subdirs diff --git a/roles/activemq/meta/main.yml b/roles/activemq/meta/main.yml index 55d4b9863..1b73c908d 100644 --- a/roles/activemq/meta/main.yml +++ b/roles/activemq/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/repository/tasks/main.yml b/roles/repository/tasks/main.yml index edccbb9e2..69f885541 100644 --- a/roles/repository/tasks/main.yml +++ b/roles/repository/tasks/main.yml @@ -6,7 +6,7 @@ - name: Configure Java keystore ansible.builtin.include_role: - name: ../roles/java + name: alfresco.platform.java tasks_from: keystores when: repo_keystore vars: diff --git a/roles/search/meta/main.yml b/roles/search/meta/main.yml index 898536207..a1d372a00 100644 --- a/roles/search/meta/main.yml +++ b/roles/search/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/search_enterprise/meta/main.yml b/roles/search_enterprise/meta/main.yml index c8e4d2fcd..af5d9470d 100644 --- a/roles/search_enterprise/meta/main.yml +++ b/roles/search_enterprise/meta/main.yml @@ -21,4 +21,4 @@ galaxy_info: galaxy_tags: [] dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/sfs/meta/main.yml b/roles/sfs/meta/main.yml index 1908d73ae..7638cfee6 100644 --- a/roles/sfs/meta/main.yml +++ b/roles/sfs/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/sfs/molecule/default/tests/test_sfs.py b/roles/sfs/molecule/default/tests/test_sfs.py index bb740ca0a..ab1388c45 100644 --- a/roles/sfs/molecule/default/tests/test_sfs.py +++ b/roles/sfs/molecule/default/tests/test_sfs.py @@ -10,7 +10,7 @@ @pytest.fixture(scope="module") def get_ansible_vars(host): """Define get_ansible_vars""" - java_role = "file=../roles/java/vars/main.yml name=java_role" + java_role = "file=../../../../collections/alfresco/platform/roles/java/vars/main.yml name=java_role" common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" common_hosts = "file=../../../../collections/alfresco/platform/roles/common/vars/hosts.yml name=common_hosts" diff --git a/roles/sfs/tasks/main.yml b/roles/sfs/tasks/main.yml index 4c6f26868..834006fd8 100644 --- a/roles/sfs/tasks/main.yml +++ b/roles/sfs/tasks/main.yml @@ -2,7 +2,7 @@ # tasks file for sfs - name: Create Java keystore ansible.builtin.include_role: - name: ../roles/java + name: alfresco.platform.java tasks_from: keystores when: ats_keystore vars: diff --git a/roles/sync/meta/main.yml b/roles/sync/meta/main.yml index 8812459ae..65323c272 100644 --- a/roles/sync/meta/main.yml +++ b/roles/sync/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/tomcat/meta/main.yml b/roles/tomcat/meta/main.yml index 5cb3872e6..2d798e82f 100644 --- a/roles/tomcat/meta/main.yml +++ b/roles/tomcat/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/transformers/meta/main.yml b/roles/transformers/meta/main.yml index 7d1b51656..70d4cdfe5 100644 --- a/roles/transformers/meta/main.yml +++ b/roles/transformers/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/transformers/tasks/main.yml b/roles/transformers/tasks/main.yml index 34e443fff..1867bd928 100644 --- a/roles/transformers/tasks/main.yml +++ b/roles/transformers/tasks/main.yml @@ -10,7 +10,7 @@ - name: Configure Java keystore ansible.builtin.include_role: - name: ../roles/java + name: alfresco.platform.java tasks_from: keystores when: ats_keystore vars: diff --git a/roles/trouter/meta/main.yml b/roles/trouter/meta/main.yml index 8dc64f0c3..d7c9f29f4 100644 --- a/roles/trouter/meta/main.yml +++ b/roles/trouter/meta/main.yml @@ -16,4 +16,4 @@ galaxy_info: galaxy_tags: [] allow_duplicates: false dependencies: - - role: java + - role: alfresco.platform.java diff --git a/roles/trouter/molecule/default/tests/test_trouter.py b/roles/trouter/molecule/default/tests/test_trouter.py index 8a0672125..176290bc6 100644 --- a/roles/trouter/molecule/default/tests/test_trouter.py +++ b/roles/trouter/molecule/default/tests/test_trouter.py @@ -10,7 +10,7 @@ @pytest.fixture(scope="module") def get_ansible_vars(host): """Define get_ansible_vars""" - java_role = "file=../roles/java/vars/main.yml name=java_role" + java_role = "file=../../../../collections/alfresco/platform/roles/java/vars/main.yml name=java_role" common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" common_hosts = "file=../../../../collections/alfresco/platform/roles/common/vars/hosts.yml name=common_hosts" diff --git a/roles/trouter/tasks/main.yml b/roles/trouter/tasks/main.yml index 754a300ff..f343182d6 100644 --- a/roles/trouter/tasks/main.yml +++ b/roles/trouter/tasks/main.yml @@ -6,7 +6,7 @@ - name: Instanciate Java keystore ansible.builtin.include_role: - name: ../roles/java + name: alfresco.platform.java tasks_from: keystores when: ats_keystore vars: From 1da8830f4c9c90fee8f5d6cb0c58008542f795bd Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 17:01:41 +0100 Subject: [PATCH 10/16] fix java group vars --- .../platform/roles/java/molecule/default/tests/test_java.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py b/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py index 808f55193..1acb756a1 100644 --- a/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py +++ b/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py @@ -10,7 +10,7 @@ def get_ansible_vars(host): java_role = "file=../../vars/main.yml name=java_role" common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" - group_vars = "file=../../../../group_vars/all.yml name=group_vars" + group_vars = "file=../../../../../../../group_vars/all.yml name=group_vars" ansible_vars = host.ansible( "include_vars", java_role From 639b3de5253dbdd35824c791119d6b8ab8457803 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 17:58:30 +0100 Subject: [PATCH 11/16] fixup java tests --- .../platform/roles/java/molecule/default/tests/test_java.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py b/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py index 1acb756a1..3785720ae 100644 --- a/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py +++ b/collections/alfresco/platform/roles/java/molecule/default/tests/test_java.py @@ -8,8 +8,8 @@ def get_ansible_vars(host): """Define get_ansible_vars""" java_role = "file=../../vars/main.yml name=java_role" - common_vars = "file=../../../../collections/alfresco/platform/roles/common/vars/main.yml name=common_vars" - common_defaults = "file=../../../../collections/alfresco/platform/roles/common/defaults/main.yml name=common_defaults" + common_vars = "file=../../../common/vars/main.yml name=common_vars" + common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" group_vars = "file=../../../../../../../group_vars/all.yml name=group_vars" ansible_vars = host.ansible( "include_vars", From fda4040303252b1cd53f06e71b92d5d00f5e3f0b Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Mon, 25 Nov 2024 18:34:31 +0100 Subject: [PATCH 12/16] test with cdn mirror --- group_vars/all.yml | 10 +++++----- roles/activemq/defaults/main.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 1b1c4e142..f5a52b838 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -187,17 +187,17 @@ use_custom_keystores: false dependencies_version: postgresql_connector: 42.6.1 postgres_major_version: 15 - activemq: 5.18.5 + activemq: 5.18.6 java: 17.0.11 java_build: 9 - tomcat: 10.1.25 + tomcat: 10.1.33 libreoffice: 7.2.5.1 pdf_renderer: 1.1 imagemagick: 7.1.0-16-ci-10 -apache_archive_url: https://archive.apache.org +apache_archive_url: https://dlcdn.apache.org java_major: "{{ dependencies_version.java | regex_search('^[0-9]+') }}" -tomcat_archive_url: "{{ apache_archive_url }}/dist/tomcat" -activemq_archive_url: "{{ apache_archive_url }}/dist/activemq" +tomcat_archive_url: "{{ apache_archive_url }}/tomcat" +activemq_archive_url: "{{ apache_archive_url }}/activemq" temurin_arch: "{{ 'x64' if ansible_architecture == 'x86_64' else ansible_architecture }}" dependencies_url: postgresql_connector: >- diff --git a/roles/activemq/defaults/main.yml b/roles/activemq/defaults/main.yml index 42951dc12..6554784af 100644 --- a/roles/activemq/defaults/main.yml +++ b/roles/activemq/defaults/main.yml @@ -9,4 +9,4 @@ activemq_environment: - -Xms128m - -Xmx1g - $ACTIVEMQ_OPTS -activemq_version: 5.18.5 +activemq_version: 5.18.6 From 2e080951680df6336c3cded54b705a2d1b91e234 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Tue, 26 Nov 2024 10:13:19 +0100 Subject: [PATCH 13/16] fixup audit-storage role and test it --- .github/workflows/enteprise.yml | 10 +++++++++- .../roles/audit_storage/defaults/main.yml | 18 ++++++++++++++++-- .../molecule/default/converge.yml | 8 ++++---- .../molecule/default/molecule.yml | 2 ++ .../platform/roles/audit_storage/vars/main.yml | 2 +- 5 files changed, 32 insertions(+), 8 deletions(-) diff --git a/.github/workflows/enteprise.yml b/.github/workflows/enteprise.yml index fcbe92c3e..563bfe30e 100644 --- a/.github/workflows/enteprise.yml +++ b/.github/workflows/enteprise.yml @@ -59,11 +59,19 @@ jobs: - image: rockylinux/rockylinux:9.4 role: - name: adf_app + path: roles - name: search_enterprise + path: roles - name: repository + path: roles - name: sfs + path: roles - name: sync + path: roles - name: trouter + path: roles + - name: audit_storage + path: collections/alfresco/platform/roles steps: - name: Share var with further reusable workflows id: jobvars @@ -99,7 +107,7 @@ jobs: timeout_minutes: 60 max_attempts: 3 retry_wait_seconds: 10 - command: cd roles/${{ matrix.role.name }} && pipenv run molecule test + command: cd ${{ matrix.role.path }}/${{ matrix.role.name }} && pipenv run molecule test docker_integration: name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }} diff --git a/collections/alfresco/platform/roles/audit_storage/defaults/main.yml b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml index 616b662c4..cf31a51bf 100644 --- a/collections/alfresco/platform/roles/audit_storage/defaults/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/defaults/main.yml @@ -4,12 +4,26 @@ audit_storage_version: "1.0.0" audit_storage_zip_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip audit_storage_zip_sha1_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip.sha1 -audit_storage_artifact_name: audit-storage +audit_storage_artifact_name: alfresco-audit-storage-app audit_storage_username: alfresco audit_storage_group_name: alfresco -audit_storage_default_environment: {} +audit_storage_broker_url: failover:(nio://localhost:61616)?timeout=3000 +audit_storage_broker_username: admin +audit_storage_broker_password: admin +audit_storage_opensearch_url: http://localhost:9200 +audit_storage_opensearch_username: '' +audit_storage_opensearch_password: '' + +audit_storage_default_environment: + SPRING_ACTIVEMQ_BROKERURL: "{{ audit_storage_broker_url }}" + SPRING_ACTIVEMQ_USER: "{{ audit_storage_broker_username }}" + SPRING_ACTIVEMQ_PASSWORD: "{{ audit_storage_broker_password }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI: "{{ audit_storage_opensearch_url }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME: "{{ audit_storage_opensearch_username }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD: "{{ audit_storage_opensearch_password }}" + AUDIT_EVENTINGESTION_URI: activemq:topic:alfresco.repo.event2 audit_storage_environment: {} audit_storage_java_bin_path: /opt/openjdk-17.0.11/bin/java diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml index 3246e2d8a..9b3233f3f 100644 --- a/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/converge.yml @@ -1,7 +1,7 @@ --- - name: Converge hosts: all - tasks: - - name: "Include role" - ansible.builtin.include_role: - name: "audit_storage" + roles: + - role: '../../../../../../../roles/activemq' + - role: '../../../../../../../roles/elasticsearch' + - role: alfresco.platform.audit_storage diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml index acf4cc736..de49f3e4e 100644 --- a/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/molecule.yml @@ -17,6 +17,8 @@ platforms: - "/sys/fs/cgroup:/sys/fs/cgroup:ro" groups: - audit_storage + - activemq + - elasticsearch provisioner: name: ansible ansible_args: diff --git a/collections/alfresco/platform/roles/audit_storage/vars/main.yml b/collections/alfresco/platform/roles/audit_storage/vars/main.yml index e9dcd2357..0e28f196c 100644 --- a/collections/alfresco/platform/roles/audit_storage/vars/main.yml +++ b/collections/alfresco/platform/roles/audit_storage/vars/main.yml @@ -1,3 +1,3 @@ --- # vars file for audit_storage -audit_storage_artifact_path: "{{ audit_storage_binaries_dir }}/alfresco-audit-storage-{{ audit_storage_version }}.jar" +audit_storage_artifact_path: "{{ audit_storage_binaries_dir }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.jar" From b16c49defbfafe73c6a397f7d3dd6ac896e9174e Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Tue, 26 Nov 2024 10:47:23 +0100 Subject: [PATCH 14/16] bump collections metadata --- collections/alfresco/common/galaxy.yml | 64 +++--------------------- collections/alfresco/platform/galaxy.yml | 64 +++--------------------- 2 files changed, 16 insertions(+), 112 deletions(-) diff --git a/collections/alfresco/common/galaxy.yml b/collections/alfresco/common/galaxy.yml index 561726fd4..fd6e27685 100644 --- a/collections/alfresco/common/galaxy.yml +++ b/collections/alfresco/common/galaxy.yml @@ -1,68 +1,20 @@ -### REQUIRED -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores namespace: alfresco - -# The name of the collection. Has the same character restrictions as 'namespace' name: common +description: Alfresco Common Collection -# The version of the collection. Must be compatible with semantic versioning -version: 1.0.0 +version: 0.1.0-alpha.0 -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' authors: -- your name - +- Alfresco Ops Readiness -### OPTIONAL but strongly recommended -# A short summary description of the collection -description: your collection description - -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: -- GPL-2.0-or-later - -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' -license_file: '' +- Apache-2.0 -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' -tags: [] +tags: + - systemd -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' dependencies: {} -# The URL of the originating SCM repository -repository: http://example.com/repository - -# The URL to any online docs -documentation: http://docs.example.com - -# The URL to the homepage of the collection/project -homepage: http://example.com - -# The URL to the collection issue tracker -issues: http://example.com/issue/tracker - -# A list of file glob-like patterns used to filter any files or directories that should not be included in the build -# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This -# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', -# and '.git' are always filtered. Mutually exclusive with 'manifest' -build_ignore: [] - -# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a -# list of MANIFEST.in style -# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key -# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive -# with 'build_ignore' -# manifest: null +repository: https://github.com/Alfresco/alfresco-ansible-deployment +issues: https://github.com/Alfresco/alfresco-ansible-deployment/issues diff --git a/collections/alfresco/platform/galaxy.yml b/collections/alfresco/platform/galaxy.yml index 5b2340c2f..15d2e5d2e 100644 --- a/collections/alfresco/platform/galaxy.yml +++ b/collections/alfresco/platform/galaxy.yml @@ -1,68 +1,20 @@ -### REQUIRED -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores namespace: alfresco - -# The name of the collection. Has the same character restrictions as 'namespace' name: platform +description: Alfresco Platform Collection -# The version of the collection. Must be compatible with semantic versioning -version: 1.0.0 +version: 0.1.0-alpha.0 -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' authors: -- your name - +- Alfresco Ops Readiness -### OPTIONAL but strongly recommended -# A short summary description of the collection -description: your collection description - -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: -- GPL-2.0-or-later - -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' -license_file: '' +- Apache-2.0 -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' -tags: [] +tags: + - alfresco -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' dependencies: {} -# The URL of the originating SCM repository -repository: http://example.com/repository - -# The URL to any online docs -documentation: http://docs.example.com - -# The URL to the homepage of the collection/project -homepage: http://example.com - -# The URL to the collection issue tracker -issues: http://example.com/issue/tracker - -# A list of file glob-like patterns used to filter any files or directories that should not be included in the build -# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This -# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', -# and '.git' are always filtered. Mutually exclusive with 'manifest' -build_ignore: [] - -# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a -# list of MANIFEST.in style -# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key -# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive -# with 'build_ignore' -# manifest: null +repository: https://github.com/Alfresco/alfresco-ansible-deployment +issues: https://github.com/Alfresco/alfresco-ansible-deployment/issues From 5fb50fd80898273b993fb6c0b40137fae06ea42b Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Tue, 26 Nov 2024 10:59:35 +0100 Subject: [PATCH 15/16] fixup verify --- .../platform/roles/audit_storage/molecule/default/verify.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml index 7684625c1..8cd7f029e 100644 --- a/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml +++ b/collections/alfresco/platform/roles/audit_storage/molecule/default/verify.yml @@ -9,5 +9,6 @@ - name: Check that service is up and running ansible.builtin.assert: that: - - ansible_facts.services['alfresco-audit-storage'] is defined - - ansible_facts.services['alfresco-audit-storage'].state == 'running' + - ansible_facts.services['alfresco-audit-storage.service'] is defined + - ansible_facts.services['alfresco-audit-storage.service'].state == 'running' + quiet: true From a55ffa2523376b3d78f100d8d46eb1dc5194f736 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Tue, 26 Nov 2024 11:57:34 +0100 Subject: [PATCH 16/16] split requirements --- requirements-local.yml | 4 ++++ requirements.yml | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 requirements-local.yml diff --git a/requirements-local.yml b/requirements-local.yml new file mode 100644 index 000000000..9ab7c5fa8 --- /dev/null +++ b/requirements-local.yml @@ -0,0 +1,4 @@ +collections: + # Import all local collections - bump the following number to invalidate gha cache: 2024112500 + - source: ./collections/alfresco/ + type: subdirs diff --git a/requirements.yml b/requirements.yml index c29dec8e7..911805751 100644 --- a/requirements.yml +++ b/requirements.yml @@ -18,10 +18,6 @@ collections: version: 8.2.1 - name: community.aws version: 8.0.0 - # Import all local collections - bump the following number to invalidate gha cache: 2024112500 - - source: ./collections/alfresco/ - type: subdirs - roles: - name: geerlingguy.elasticsearch version: 5.1.2