Merge branch 't38305-rework-base-role' into 'main'

Update inventories and extract base from roles meta | refs #38305 See merge request sys/ansible-public!53

Merge branch 't38305-rework-base-role' into 'main'
818a5316 · Antoine SCHILDKNECHT · a3432c6e · de25bc79 · 818a5316 · 818a5316
Commit 818a5316 authored 1 year ago by Antoine SCHILDKNECHT
--- a/inventories/example/ha/hosts
+++ b/inventories/example/ha/hosts
@@ -50,11 +50,6 @@ ha-db1
 ha-db2
 ha-dbw

-[postgres-ha]
-ha-db1
-ha-db2
-ha-dbw
-
 ; -- Meta groups (do not edit) --

 [munin_server:children]
@@ -86,3 +81,15 @@ mediaworker
 mirismanager
 msmonitor
 postgres
+
+[base:children]
+celerity
+live
+mediacache
+mediaimport
+mediaserver
+mediavault
+mediaworker
+mirismanager
+msmonitor
+postgres
--- a/inventories/example/std/hosts
+++ b/inventories/example/std/hosts
@@ -57,3 +57,13 @@ mediaworker
 mirismanager
 msmonitor
 postgres
+
+[base:children]
+celerity
+live
+mediacache
+mediaserver
+mediaworker
+mirismanager
+msmonitor
+postgres
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@@ -2,7 +2,7 @@
 ---

 - name: BASE
-  hosts: all
+  hosts: base
  tags: all
  roles:
    - base

--- a/playbooks/live/deploy-standalone.yml
+++ b/playbooks/live/deploy-standalone.yml
---
-
- name: LIVE
-  hosts: live
-  tags: live
-  roles:
-    - base
-
-# FIREWALL
-
- hosts: live
-  tags: live
-  vars:
-    live_ferm_rules_filename: live
-    live_ferm_input_rules:
-      - proto:
-          - tcp
-        dport:
-          - 80
-          - 443
-          - 1935
-    live_ferm_output_rules: []
-    live_ferm_global_settings:
-  tasks:
-    - name: firewall
-      vars:
-        ferm_rules_filename: "{{ live_ferm_rules_filename }}"
-        ferm_input_rules: "{{ live_ferm_input_rules }}"
-        ferm_output_rules: "{{ live_ferm_output_rules }}"
-        ferm_global_settings: "{{ live_ferm_global_settings }}"
-      ansible.builtin.include_role:
-        name: ferm-configure
-
- import_playbook: deploy-minimal.yml
-  tags: live
-
-...
--- a/playbooks/live/deploy-minimal.yml
+++ b/playbooks/live/deploy-minimal.yml
--- a/playbooks/mediacache/deploy-standalone.yml
+++ b/playbooks/mediacache/deploy-standalone.yml
-#!/usr/bin/env ansible-playbook
---
-
- name: MEDIACACHE
-  hosts: mediacache
-  tags: mediacache
-  roles:
-    - base
-
-# FIREWALL
-
- hosts: mediacache
-  tags: mediacache
-  vars:
-    cache_ferm_rules_filename: mediacache
-    cache_ferm_input_rules:
-      - proto:
-          - tcp
-        dport:
-          - 80
-          - 443
-    cache_ferm_output_rules: []
-    cache_ferm_global_settings:
-  tasks:
-    - name: firewall
-      vars:
-        ferm_rules_filename: "{{ cache_ferm_rules_filename }}"
-        ferm_input_rules: "{{ cache_ferm_input_rules }}"
-        ferm_output_rules: "{{ cache_ferm_output_rules }}"
-        ferm_global_settings: "{{ cache_ferm_global_settings }}"
-      ansible.builtin.include_role:
-        name: ferm-configure
-
- import_playbook: deploy-minimal.yml
-  tags: mediacache
-
-...
--- a/playbooks/mediacache/deploy-minimal.yml
+++ b/playbooks/mediacache/deploy-minimal.yml
--- a/playbooks/netcapture/deploy-standalone.yml
+++ b/playbooks/netcapture/deploy-standalone.yml
---
-
- name: NETCAPTURE
-  hosts: netcapture
-  tags: netcapture
-  roles:
-    - base
-
- hosts: netcapture
-  tags: netcapture
-  vars:
-    server_ferm_rules_filename: netcapture
-    server_ferm_input_rules: []
-    server_ferm_output_rules: []
-    server_ferm_global_settings:
-  tasks:
-    - name: firewall
-      when: ((server_firewall_enabled is defined) and server_firewall_enabled) or (server_firewall_enabled is undefined)
-      vars:
-        ferm_rules_filename: "{{ server_ferm_rules_filename }}"
-        ferm_input_rules: "{{ server_ferm_input_rules }}"
-        ferm_output_rules: "{{ server_ferm_output_rules }}"
-        ferm_global_settings: "{{ server_ferm_global_settings }}"
-      ansible.builtin.include_role:
-        name: ferm-configure
-
- import_playbook: deploy-minimal.yml
-  tags: netcapture
-
-...
--- a/playbooks/netcapture/deploy-minimal.yml
+++ b/playbooks/netcapture/deploy-minimal.yml
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -12,6 +12,9 @@
      ansible.builtin.raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt iproute2
      tags: always

+- import_playbook: base.yml
+  tags: base
+
 - import_playbook: "{{ 'postgres-ha' if groups['postgres']|d('') | length > 1 else 'postgres' }}.yml"
  tags: postgres

@@ -27,10 +30,10 @@
 - import_playbook: mediaserver.yml
  tags: server

- import_playbook: live/deploy-standalone.yml
+- import_playbook: live/live.yml
  tags: live

- import_playbook: mediacache/deploy-standalone.yml
+- import_playbook: mediacache/mediacache.yml
  tags: mediacache

 - import_playbook: mediavault/deploy.yml
@@ -39,7 +42,7 @@
 - import_playbook: mediaimport.yml
  tags: import

- import_playbook: netcapture/deploy-standalone.yml
+- import_playbook: netcapture/netcapture.yml
  tags: netcapture

 - import_playbook: bench.yml

--- a/playbooks/tester.yml
+++ b/playbooks/tester.yml
@@ -2,7 +2,7 @@
 ---

 - name: Install UbiCast tester
-  hosts: mediaserver:mediaworker:mirismanager:postgres:msmonitor:live:celerity:mediaimport:mediacache:mediavault
+  hosts: tester
  tags: all
  roles:
    - tester

--- a/roles/base/meta/main.yml
+++ b/roles/base/meta/main.yml
@@ -7,7 +7,6 @@ dependencies:
  - role: sysuser
  - role: postfix
  - role: ferm-install
-  - role: ferm-configure
  - role: fail2ban

 ...
--- a/roles/celerity/meta/main.yml
+++ b/roles/celerity/meta/main.yml
---
-
-dependencies:
-  - role: base
-
-...
--- a/roles/live/tasks/main.yml
+++ b/roles/live/tasks/main.yml
@@ -28,4 +28,18 @@
 #     group: root
 #     mode: "0700"

+# FIREWALL
+
+- name: firewall
+  vars:
+    ferm_rules_filename: "{{ live_ferm_rules_filename }}"
+    ferm_input_rules: "{{ live_ferm_input_rules }}"
+    ferm_output_rules: "{{ live_ferm_output_rules }}"
+    ferm_global_settings: "{{ live_ferm_output_global_settings }}"
+  ansible.builtin.include_role:
+    name: ferm-configure
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
 ...
--- a/roles/live/vars/main.yml
+++ b/roles/live/vars/main.yml
 ---
+
 live_packages:
  - ubicast-live
+
+live_ferm_rules_filename: live
+live_ferm_input_rules:
+  - proto:
+      - tcp
+    dport:
+      - 80
+      - 443
+      - 1935
+live_ferm_output_rules: []
+live_ferm_global_settings:
+
 ...
--- a/roles/mediacache/meta/main.yml
+++ b/roles/mediacache/meta/main.yml
 ---

 dependencies:
-  - role: base
  - role: nginx

 ...
--- a/roles/mediacache/tasks/main.yml
+++ b/roles/mediacache/tasks/main.yml
@@ -82,4 +82,18 @@
    regexp: ^(proxy_pass)\s+.*(;)$
    replace: \1 https://{{ live_domain }}\2

+# FIREWALL
+
+- name: firewall
+  vars:
+    ferm_rules_filename: "{{ cache_ferm_rules_filename }}"
+    ferm_input_rules: "{{ cache_ferm_input_rules }}"
+    ferm_output_rules: "{{ cache_ferm_output_rules }}"
+    ferm_global_settings: "{{ cache_ferm_output_global_settings }}"
+  ansible.builtin.include_role:
+    name: ferm-configure
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
 ...
--- a/roles/mediacache/vars/main.yml
+++ b/roles/mediacache/vars/main.yml
@@ -3,4 +3,14 @@
 cache_packages:
  - ubicast-mediacache

+cache_ferm_rules_filename: mediacache
+cache_ferm_input_rules:
+  - proto:
+      - tcp
+    dport:
+      - 80
+      - 443
+cache_ferm_output_rules: []
+cache_ferm_global_settings:
+
 ...
--- a/roles/mediaimport/meta/main.yml
+++ b/roles/mediaimport/meta/main.yml
---
-
-dependencies:
-  - role: base
-
-...
--- a/roles/mediaserver/meta/main.yml
+++ b/roles/mediaserver/meta/main.yml
 ---

 dependencies:
-  - role: base
  - role: nginx
  - when: groups['postgres'] | length > 1
    role: haproxy