Merge branch 't38273-extract-roles-reconfigurations' into 'main'

Extract roles reconfigurations | refs #38273 See merge request sys/ansible-public!62

Merge branch 't38273-extract-roles-reconfigurations' into 'main'
260eb985 · Antoine SCHILDKNECHT · b578cea5 · 192ee7a7 · 260eb985 · 260eb985
Commit 260eb985 authored 1 year ago by Antoine SCHILDKNECHT
--- a/roles/live/tasks/install.yml
+++ b/roles/live/tasks/install.yml
+---
+
+- name: Live packages installation
+  ansible.builtin.apt:
+    force_apt_get: true
+    install_recommends: false
+    name: "{{ live_packages }}"
+    state: present
+  register: apt_status
+  retries: 60
+  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
--- a/roles/live/tasks/main.yml
+++ b/roles/live/tasks/main.yml
 ---

- name: Live packages installation
-  ansible.builtin.apt:
-    force_apt_get: true
-    install_recommends: false
-    name: "{{ live_packages }}"
-    state: present
-  register: apt_status
-  retries: 60
-  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+- name: INSTALL
+  ansible.builtin.include_tasks:
+    file: "install.yml"
+    apply:
+      become: true
+      tags:
+        - install
+  tags:
+    - always

- name: TMPFS creation to store the live chunks
-  notify: restart nginx
-  ansible.posix.mount:
-    path: /var/tmp/nginx-rtmp
-    src: tmpfs
-    fstype: tmpfs
-    opts: defaults,size={{ live_tmpfs_size }}
-    state: mounted
+- name: BASE CONFIGURATION
+  ansible.builtin.include_tasks:
+    file: "base.yml"
+    apply:
+      become: true
+      tags:
+        - base
+  tags:
+    - always

-# not working with a tmpfs (mode=777, user=group=root)
-# - name: Changing the rights on the TMPFS directory
-#   notify: restart nginx
-#   ansible.builtin.file:
-#     path: /var/tmp/nginx-rtmp
-#     owner: nginx
-#     group: root
-#     mode: "0700"
-
- import_tasks: ../../shared/tasks/firewall_rules_files.yml  # noqa: name[missing]
-
- name: flush handlers
-  ansible.builtin.meta: flush_handlers
+- name: CONFIGURE
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+    apply:
+      become: true
+      tags:
+        - configure
+  tags:
+    - always

 ...
--- a/roles/live/vars/main.yml
+++ b/roles/live/vars/main.yml
 ---

+# Packages required for the group
 live_packages:
  - ubicast-live

-firewall_rules_files: ['http', 'rtmp']
+# Group firewall rules filename, see roles/shared/files/nftables/
+firewall_rules_files:
+  - http
+  - rtmp

 ...
--- a/roles/lxc/README.md
+++ b/roles/lxc/README.md
+# Lxc
+## Description
+
+Used by netcapture for LXC installation/configuration
+
+## Role Variables
+
+Available variables are listed below, along with the descriptions and the default values.
+
+`lxc_network_type`: LXC network type
+```
+lxc_network_type: "masquerade_bridge"
+```
--- a/roles/lxc/defaults/main.yml
+++ b/roles/lxc/defaults/main.yml
 ---

-# lxc_network_type possible value:
-#  - masquerade_bridge => independent private bridge
-#  - host_bridge => host shared network bridge
-lxc_network_type: masquerade_bridge
+# LXC network type
+lxc_network_type: "masquerade_bridge"

 ...
--- a/roles/lxc/tasks/base.yml
+++ b/roles/lxc/tasks/base.yml
+---
+
+- name: Host bridge configuration
+  when: lxc_network_type == 'host_bridge'
+  block:
+    - name: Masquerade bridge configuration disabling
+      notify: restart lxc-net
+      ansible.builtin.copy:
+        src: lxc-net.host_bridge
+        dest: /etc/default/lxc-net
+        mode: "644"
+
+    - name: Ask confirmation
+      ansible.builtin.pause:
+        prompt: |
+          -------------------------------------------------------------------------------------------
+          ! WARNING !
+          Host bridge configuration must be done manually, and named: br0
+          Documentation (section host device as bridge): https://wiki.debian.org/LXC/SimpleBridge
+          Continue (yes/no)
+          -------------------------------------------------------------------------------------------
+      register: confirm_continue
+      no_log: true
+
+    - name: check parm is null or invalid
+      ansible.builtin.fail:
+        msg: 'Installation aborted'
+      when: not ((confirm_continue.user_input | bool) or (confirm_continue.user_input | length == 0))
+
+- name: Masquerade bridge configuration
+  when: lxc_network_type == 'masquerade_bridge'
+  block:
+    - name: Container network configuration
+      notify: restart lxc-net
+      ansible.builtin.copy:
+        src: lxc-net.masquerade_bridge
+        dest: /etc/default/lxc-net
+        mode: "644"
+
+- name: Default container configuration
+  notify: restart lxc
+  ansible.builtin.template:
+    src: lxc-default.j2
+    dest: /etc/lxc/default.conf
+    mode: "644"
+
+...
--- a/roles/lxc/tasks/install.yml
+++ b/roles/lxc/tasks/install.yml
+---
+
+- name: LXC packages installation
+  ansible.builtin.apt:
+    force_apt_get: true
+    name:
+      - lxc
+      - lxcfs
+      - bridge-utils
+    state: present
+  register: apt_status
+  retries: 60
+  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
--- a/roles/lxc/tasks/main.yml
+++ b/roles/lxc/tasks/main.yml
 ---

- name: LXC packages installation
-  ansible.builtin.apt:
-    force_apt_get: true
-    name:
-      - lxc
-      - lxcfs
-      - bridge-utils
-    state: present
-  register: apt_status
-  retries: 60
-  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+- name: INSTALL
+  ansible.builtin.include_tasks:
+    file: "install.yml"
+    apply:
+      become: true
+      tags:
+        - install
+  tags:
+    - always

- name: Host bridge configuration
-  when: lxc_network_type == 'host_bridge'
-  block:
-    - name: Masquerade bridge configuration disabling
-      notify: restart lxc-net
-      ansible.builtin.copy:
-        src: lxc-net.host_bridge
-        dest: /etc/default/lxc-net
-        mode: "644"
-
-    - name: Ask confirmation
-      ansible.builtin.pause:
-        prompt: |
-          -------------------------------------------------------------------------------------------
-          ! WARNING !
-          Host bridge configuration must be done manually, and named: br0
-          Documentation (section host device as bridge): https://wiki.debian.org/LXC/SimpleBridge
-          Continue (yes/no)
-          -------------------------------------------------------------------------------------------
-      register: confirm_continue
-      no_log: true
-
-    - name: check parm is null or invalid
-      ansible.builtin.fail:
-        msg: 'Installation aborted'
-      when: not ((confirm_continue.user_input | bool) or (confirm_continue.user_input | length == 0))
-
- name: Masquerade bridge configuration
-  when: lxc_network_type == 'masquerade_bridge'
-  block:
-    - name: Container network configuration
-      notify: restart lxc-net
-      ansible.builtin.copy:
-        src: lxc-net.masquerade_bridge
-        dest: /etc/default/lxc-net
-        mode: "644"
-
- name: Default container configuration
-  notify: restart lxc
-  ansible.builtin.template:
-    src: lxc-default.j2
-    dest: /etc/lxc/default.conf
-    mode: "644"
+- name: BASE CONFIGURATION
+  ansible.builtin.include_tasks:
+    file: "base.yml"
+    apply:
+      become: true
+      tags:
+        - base
+  tags:
+    - always

 ...
--- a/roles/mediacache/README.md
+++ b/roles/mediacache/README.md
 # Mediacache
 ## Description

-The cache group is used to configure all hosts that will server as a proxy cache of live and/or vod.
+The Nudgis cache group is used to configure all hosts that will server as a proxy cache of live and/or vod.

 ## Role Variables


--- a/roles/mediacache/defaults/main.yml
+++ b/roles/mediacache/defaults/main.yml
 ---
+
+# URL of the Nudgis Cache vhost
 cache_domain: "cache.example.com"
+
+# URL of Nudgis Front cluster
 nudgis_front_domain: "nudgis.example.com"
-live_domain: "nudgis.example.com"

-# MediaCache data folder - for VOD
+# URL of the Nudgis Live cluster
+live_domain: "live.example.com"
+
+# Path of the folder to cache the VOD service data
 cache_vod_folder: "/var/cache/nginx/mediacache-vod"
-# MediaCache size in Gb - for VOD
+
+# Max size allowed for the VOD service data
 cache_vod_size: "1"

-# MediaCache data folder - for live
+# Path of the folder to cache the Live service data
 cache_live_folder: "/var/cache/nginx/mediacache-live"
-# MediaCache size in Gb - for live
+
+# Max size allowed for the Live service data
 cache_live_size: "1"
+
 ...
--- a/roles/mediacache/tasks/base.yml
+++ b/roles/mediacache/tasks/base.yml
+---
+
+- name: Ensure /etc/munin/plugin-conf.d/ directory exist
+  ansible.builtin.file:
+    dest: /etc/munin/plugin-conf.d
+    state: directory
+    mode: "750"
+
+- name: Configure mediacache nginx monitoring plugin
+  ansible.builtin.copy:
+    content: |
+      [nginx_ubicast_multi]
+      env.path_filters *.ts *.m3u8
+    dest: /etc/munin/plugin-conf.d/nginx_ubicast_multi
+    mode: "644"
+
+- import_tasks: ../../shared/tasks/firewall_rules_files.yml  # noqa: name[missing]
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+...
--- a/roles/mediacache/tasks/configure.yml
+++ b/roles/mediacache/tasks/configure.yml
+---
+
+- name: CONFIGURE LOCALHOST NAME RESOLUTION
+  ansible.builtin.include_tasks: "configure/local-resolution.yml"
+  when:
+    - cache_domain is defined
+
+- name: CONFIGURE VOD FOLDER
+  ansible.builtin.include_tasks: "configure/vod.yml"
+  when:
+    - cache_vod_folder is defined
+    - cache_vod_size is defined
+
+- name: CONFIGURE LIVE FOLDER
+  ansible.builtin.include_tasks: "configure/live.yml"
+  when:
+    - cache_live_folder is defined
+    - cache_live_size is defined
+
+- name: CONFIGURE NUDGIS CACHE VHOST
+  ansible.builtin.include_tasks: "configure/nginx-vhost.yml"
+  when:
+    - cache_domain is defined
+
+- name: CONFIGURE VOD UPSTREAM DOMAIN
+  ansible.builtin.include_tasks: "configure/nginx-vod-upstream.yml"
+  when:
+    - nudgis_front_domain is defined
+
+- name: CONFIGURE LIVE UPSTREAM DOMAIN
+  ansible.builtin.include_tasks: "configure/nginx-live-upstream.yml"
+  when:
+    - live_domain is defined
+
+...
--- a/roles/mediacache/tasks/configure/live.yml
+++ b/roles/mediacache/tasks/configure/live.yml
+---
+
+- name: create mediacache live data directory
+  ansible.builtin.file:
+    dest: "{{ cache_live_folder }}"
+    state: directory
+    owner: nginx
+    group: root
+    mode: "0700"
+  when: live_domain is defined
+
+- name: fill the mediacache zones file - Live folder
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-zones.conf
+    regexp: /var/cache/nginx/mediacache-live
+    replace: "{{ cache_live_folder }}"
+
+- name: fill the mediacache zones file - Live folder size
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-zones.conf
+    regexp: (?P<key>keys_zone=mediacache-live.*max_size=).*(?P<unit>g)
+    replace: \g<key>{{ cache_live_size }}\g<unit>
+
+...
--- a/roles/mediacache/tasks/configure/local-resolution.yml
+++ b/roles/mediacache/tasks/configure/local-resolution.yml
+---
+
+- name: resolve domain name to localhost
+  ansible.builtin.lineinfile:
+    path: /etc/hosts
+    line: 127.0.1.1 {{ cache_domain }}
+    backup: true
+
+...
--- a/roles/mediacache/tasks/configure/nginx-live-upstream.yml
+++ b/roles/mediacache/tasks/configure/nginx-live-upstream.yml
+---
+
+- name: fill the nginx Live proxypass
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-proxy-live.conf
+    regexp: ^(proxy_pass)\s+.*(;)$
+    replace: \1 https://{{ live_domain }}\2
+
+...
--- a/roles/mediacache/tasks/configure/nginx-vhost.yml
+++ b/roles/mediacache/tasks/configure/nginx-vhost.yml
+---
+
+- name: fill the vhost file
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/nginx/sites-available/mediacache.conf
+    regexp: ^(\s+server_name)\s+.*(;)$
+    replace: \1 {{ cache_domain }}\2
+
+...
--- a/roles/mediacache/tasks/configure/nginx-vod-upstream.yml
+++ b/roles/mediacache/tasks/configure/nginx-vod-upstream.yml
+---
+
+- name: fill the nginx VOD proxypass
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-proxy-mediaserver.conf
+    regexp: ^(proxy_pass)\s+.*(;)$
+    replace: \1 https://{{ nudgis_front_domain }}\2
+
+...
--- a/roles/mediacache/tasks/configure/vod.yml
+++ b/roles/mediacache/tasks/configure/vod.yml
+---
+
+- name: create mediacache VOD data directory
+  ansible.builtin.file:
+    dest: "{{ cache_vod_folder }}"
+    state: directory
+    owner: nginx
+    group: root
+    mode: "0700"
+
+- name: fill the mediacache zones file - VOD folder
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-zones.conf
+    regexp: /var/cache/nginx/mediacache-vod
+    replace: "{{ cache_vod_folder }}"
+
+- name: fill the mediacache zones file - VOD folder size
+  notify: restart nginx
+  ansible.builtin.replace:
+    path: /etc/mediacache/nginx-zones.conf
+    regexp: (?P<key>keys_zone=mediacache-vod.*max_size=).*(?P<unit>g)
+    replace: \g<key>{{ cache_vod_size }}\g<unit>
+
+...
--- a/roles/mediacache/tasks/install.yml
+++ b/roles/mediacache/tasks/install.yml
+---
+
+- name: MediaCache packages installation
+  ansible.builtin.apt:
+    force_apt_get: true
+    install_recommends: false
+    name: "{{ cache_packages }}"
+    state: present
+  register: apt_status
+  retries: 60
+  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
--- a/roles/mediacache/tasks/main.yml
+++ b/roles/mediacache/tasks/main.yml
 ---

- name: MediaCache packages installation
-  ansible.builtin.apt:
-    force_apt_get: true
-    install_recommends: false
-    name: "{{ cache_packages }}"
-    state: present
-  register: apt_status
-  retries: 60
-  until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-
- name: resolve domain name to localhost
-  ansible.builtin.lineinfile:
-    path: /etc/hosts
-    line: 127.0.1.1 {{ cache_domain }}
-    backup: true
-
- name: create mediacache VOD data directory
-  ansible.builtin.file:
-    dest: "{{ cache_vod_folder }}"
-    state: directory
-    owner: nginx
-    group: root
-    mode: "0700"
-
- name: create mediacache live data directory
-  ansible.builtin.file:
-    dest: "{{ cache_live_folder }}"
-    state: directory
-    owner: nginx
-    group: root
-    mode: "0700"
-  when: live_domain is defined
-
- name: fill the vhost file
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/nginx/sites-available/mediacache.conf
-    regexp: ^(\s+server_name)\s+.*(;)$
-    replace: \1 {{ cache_domain }}\2
-
- name: fill the mediacache zones file - VOD folder
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-zones.conf
-    regexp: /var/cache/nginx/mediacache-vod
-    replace: "{{ cache_vod_folder }}"
-
- name: fill the mediacache zones file - Live folder
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-zones.conf
-    regexp: /var/cache/nginx/mediacache-live
-    replace: "{{ cache_live_folder }}"
-
- name: fill the mediacache zones file - VOD folder size
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-zones.conf
-    regexp: (?P<key>keys_zone=mediacache-vod.*max_size=).*(?P<unit>g)
-    replace: \g<key>{{ cache_vod_size }}\g<unit>
-
- name: fill the mediacache zones file - Live folder size
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-zones.conf
-    regexp: (?P<key>keys_zone=mediacache-live.*max_size=).*(?P<unit>g)
-    replace: \g<key>{{ cache_live_size }}\g<unit>
-
- name: fill the nginx VOD proxypass
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-proxy-mediaserver.conf
-    regexp: ^(proxy_pass)\s+.*(;)$
-    replace: \1 https://{{ nudgis_front_domain }}\2
-
- name: fill the nginx Live proxypass
-  notify: restart nginx
-  ansible.builtin.replace:
-    path: /etc/mediacache/nginx-proxy-live.conf
-    regexp: ^(proxy_pass)\s+.*(;)$
-    replace: \1 https://{{ live_domain }}\2
-
-# MONITORING
-
- name: Ensure /etc/munin/plugin-conf.d/ directory exist
-  ansible.builtin.file:
-    dest: /etc/munin/plugin-conf.d
-    state: directory
-    mode: "750"
-
- name: Configure mediacache nginx monitoring plugin
-  ansible.builtin.copy:
-    content: |
-      [nginx_ubicast_multi]
-      env.path_filters *.ts *.m3u8
-    dest: /etc/munin/plugin-conf.d/nginx_ubicast_multi
-    mode: "644"
-
- import_tasks: ../../shared/tasks/firewall_rules_files.yml  # noqa: name[missing]
-
- name: flush handlers
-  ansible.builtin.meta: flush_handlers
+- name: INSTALL
+  ansible.builtin.include_tasks:
+    file: "install.yml"
+    apply:
+      become: true
+      tags:
+        - install
+  tags:
+    - always
+
+- name: BASE CONFIGURATION
+  ansible.builtin.include_tasks:
+    file: "base.yml"
+    apply:
+      become: true
+      tags:
+        - base
+  tags:
+    - always
+
+- name: CONFIGURE
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+    apply:
+      become: true
+      tags:
+        - configure
+  tags:
+    - always

 ...