OPSEXP-2880 Add audit-storage (plus initial collections refactoring)

.ansible-lint

@@ -1,8 +1,9 @@
 warn_list:
   - experimental  # make sure new rule are returned as warnings for progressive updates
-  - role-name[path]  # https://alfresco.atlassian.net/browse/OPSEXP-2157
 skip_list:
   - galaxy  # To remove when/if we push to Ansible galaxy
   - name[template]  # Allow Jinja templating inside task and play names
+  - role-name[path]  # OPSEXP-2157
+  - var-naming[no-role-prefix] # OPSEXP-2744
 exclude_paths:
  - molecule/

.envrc

@@ -8,6 +8,7 @@ export DTAS_VERSION=v1.5.3
 export MOLECULE_IT_ID=$(echo "$LOGNAME" | sha256sum | cut -c1-6)
 ANSIBLE_VAULT_PASSWORD_FILE=$(expand_path ./.vault_pass.txt)
 export ANSIBLE_VAULT_PASSWORD_FILE
+export PIPENV_MAX_DEPTH=6
 
 source_env_if_exists .env.credentials
 env_vars_required CLONE_GITHUB_TOKEN

.github/workflows/community.yml

@@ -35,15 +35,25 @@ jobs:
           - image: rockylinux/rockylinux:9.4
         role:
           - name: activemq
+            path: roles
           - name: common
+            path: collections/alfresco/platform/roles
           - name: elasticsearch
+            path: roles
           - name: identity
+            path: roles
           - name: java
+            path: collections/alfresco/platform/roles
           - name: nginx
+            path: roles
           - name: postgres
+            path: roles
           - name: search
+            path: roles
           - name: tomcat
+            path: roles
           - name: transformers
+            path: roles
     env:
       PY_COLORS: 1
       PYTHONUNBUFFERED: 1
@@ -74,7 +84,7 @@ jobs:
           timeout_minutes: 60
           max_attempts: 3
           retry_wait_seconds: 10
-          command: cd roles/${{ matrix.role.name }} && pipenv run molecule test
+          command: cd ${{ matrix.role.path }}/${{ matrix.role.name }} && pipenv run molecule test
 
   docker_integration:
     name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }}

.github/workflows/enteprise.yml

@@ -59,11 +59,19 @@ jobs:
           - image: rockylinux/rockylinux:9.4
         role:
           - name: adf_app
+            path: roles
           - name: search_enterprise
+            path: roles
           - name: repository
+            path: roles
           - name: sfs
+            path: roles
           - name: sync
+            path: roles
           - name: trouter
+            path: roles
+          - name: audit_storage
+            path: collections/alfresco/platform/roles
     steps:
       - name: Share var with further reusable workflows
         id: jobvars
@@ -99,7 +107,7 @@ jobs:
           timeout_minutes: 60
           max_attempts: 3
           retry_wait_seconds: 10
-          command: cd roles/${{ matrix.role.name }} && pipenv run molecule test
+          command: cd ${{ matrix.role.path }}/${{ matrix.role.name }} && pipenv run molecule test
 
   docker_integration:
     name: Test ${{ matrix.scenario.name }} scenario on ${{ matrix.molecule_distro.image }}

collections/alfresco/common/README.md

@@ -0,0 +1,3 @@
+# Ansible Collection - alfresco.common
+
+This collection provides a set of reusable roles maintained by Alfresco for use in Ansible playbooks.

collections/alfresco/common/galaxy.yml

@@ -0,0 +1,20 @@
+namespace: alfresco
+name: common
+description: Alfresco Common Collection
+
+version: 0.1.0-alpha.0
+
+readme: README.md
+authors:
+- Alfresco Ops Readiness <[email protected]>
+
+license:
+- Apache-2.0
+
+tags:
+  - systemd
+
+dependencies: {}
+
+repository: https://github.com/Alfresco/alfresco-ansible-deployment
+issues: https://github.com/Alfresco/alfresco-ansible-deployment/issues

collections/alfresco/common/meta/runtime.yml

@@ -0,0 +1,4 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+requires_ansible: '>=2.14.0'

collections/alfresco/common/plugins/README.md

@@ -0,0 +1,31 @@
+# Collections Plugins Directory
+
+This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that
+is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that
+would contain module utils and modules respectively.
+
+Here is an example directory of the majority of plugins currently supported by Ansible:
+
+```sh
+└── plugins
+    ├── action
+    ├── become
+    ├── cache
+    ├── callback
+    ├── cliconf
+    ├── connection
+    ├── filter
+    ├── httpapi
+    ├── inventory
+    ├── lookup
+    ├── module_utils
+    ├── modules
+    ├── netconf
+    ├── shell
+    ├── strategy
+    ├── terminal
+    ├── test
+    └── vars
+```
+
+A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible-core/2.15/plugins/plugins.html).

collections/alfresco/common/roles/systemd_service/README.md

@@ -0,0 +1,118 @@
+# systemd_service
+
+Install and configure systemd services
+
+## Table of content
+
+* [systemd\_service](#systemd_service)
+  * [Table of content](#table-of-content)
+  * [Requirements](#requirements)
+  * [Default Variables](#default-variables)
+    * [systemd\_service\_additional\_options](#systemd_service_additional_options)
+    * [systemd\_service\_enabled](#systemd_service_enabled)
+    * [systemd\_service\_environment](#systemd_service_environment)
+    * [systemd\_service\_exec\_start](#systemd_service_exec_start)
+    * [systemd\_service\_exec\_stop](#systemd_service_exec_stop)
+    * [systemd\_service\_state](#systemd_service_state)
+    * [systemd\_service\_type](#systemd_service_type)
+    * [systemd\_service\_unit\_after](#systemd_service_unit_after)
+    * [systemd\_service\_unit\_description](#systemd_service_unit_description)
+    * [systemd\_service\_unit\_name](#systemd_service_unit_name)
+    * [systemd\_service\_user](#systemd_service_user)
+    * [systemd\_service\_working\_directory](#systemd_service_working_directory)
+  * [Dependencies](#dependencies)
+  * [License](#license)
+  * [Author](#author)
+
+---
+
+## Requirements
+
+* Minimum Ansible version: `2.1`
+
+## Default Variables
+
+### systemd_service_additional_options
+
+```YAML
+systemd_service_additional_options: {}
+```
+
+### systemd_service_enabled
+
+```YAML
+systemd_service_enabled: true
+```
+
+### systemd_service_environment
+
+```YAML
+systemd_service_environment: {}
+```
+
+### systemd_service_exec_start
+
+```YAML
+systemd_service_exec_start: ''
+```
+
+### systemd_service_exec_stop
+
+```YAML
+systemd_service_exec_stop: kill -15 $MAINPID
+```
+
+### systemd_service_state
+
+```YAML
+systemd_service_state: started
+```
+
+### systemd_service_type
+
+```YAML
+systemd_service_type: simple
+```
+
+### systemd_service_unit_after
+
+```YAML
+systemd_service_unit_after: syslog.target network.target local-fs.target remote-fs.target
+  nss-lookup.target
+```
+
+### systemd_service_unit_description
+
+```YAML
+systemd_service_unit_description: ''
+```
+
+### systemd_service_unit_name
+
+```YAML
+systemd_service_unit_name: ''
+```
+
+### systemd_service_user
+
+```YAML
+systemd_service_user: ''
+```
+
+### systemd_service_working_directory
+
+```YAML
+systemd_service_working_directory: /tmp
+```
+
+## Dependencies
+
+None.
+
+## License
+
+Apache-2.0
+
+## Author
+
+Alfresco Ops Readiness

collections/alfresco/common/roles/systemd_service/defaults/main.yml

@@ -0,0 +1,15 @@
+---
+# defaults file for systemd-service
+systemd_service_unit_name: ''
+systemd_service_unit_description: ''
+systemd_service_unit_after: syslog.target network.target local-fs.target remote-fs.target nss-lookup.target
+
+systemd_service_type: simple
+systemd_service_user: ''
+systemd_service_environment: {}
+systemd_service_exec_start: ''
+systemd_service_exec_stop: kill -15 $MAINPID
+systemd_service_working_directory: /tmp
+systemd_service_additional_options: {}
+systemd_service_state: started
+systemd_service_enabled: true

collections/alfresco/common/roles/systemd_service/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+# handlers file for systemd-service
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Restart {{ systemd_service_unit_name }}
+  ansible.builtin.systemd:
+    name: "{{ systemd_service_unit_name }}"
+    state: restarted
+  when: systemd_service_state == 'started'

collections/alfresco/common/roles/systemd_service/meta/argument_specs.yml

@@ -0,0 +1,54 @@
+---
+argument_specs:
+  main:
+    short_description: Install a systemd service unit
+    description: |
+      This role installs a systemd service unit and starts it.
+    options:
+      systemd_service_unit_name:
+        type: str
+        description: Name of the systemd service unit
+        required: true
+      systemd_service_unit_description:
+        type: str
+        description: Description of the systemd service unit
+        required: true
+      systemd_service_unit_after:
+        type: str
+        description: List of systemd targets to start after (space separated)
+      systemd_service_type:
+        type: str
+        description: Type of the systemd service unit
+        default: simple
+      systemd_service_user:
+        type: str
+        description: User to run the systemd service as
+        required: true
+      systemd_service_environment:
+        type: dict
+        description: Environment variables to set for the systemd service unit
+        default: {}
+      systemd_service_exec_start:
+        type: str
+        description: Command to start the systemd service unit
+        required: true
+      systemd_service_exec_stop:
+        type: str
+        description: Command to stop the systemd service unit
+        default: kill -15 $MAINPID
+      systemd_service_working_directory:
+        type: str
+        description: Working directory for the systemd service unit
+        default: /tmp
+      systemd_service_additional_options:
+        type: dict
+        description: Additional options to set for the systemd service unit
+        default: {}
+      systemd_service_state:
+        type: str
+        description: Default state of the systemd service unit
+        default: started
+      systemd_service_enabled:
+        type: bool
+        description: Whether the systemd service unit should be enabled (started on boot)
+        default: true