Merge pull request #8 from punktDe/ansible-lint-molecule

Add molecule testing, add ansible-lint commit hook, fix linting errors
punktDe · Jan 26, 2024 · 0a4aa41 · 0a4aa41
2 parents 7adb239 + cc4d0a8
commit 0a4aa41
Show file tree

Hide file tree

Showing 20 changed files with 377 additions and 189 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,10 @@
+---
+skip_list:
+  - 'risky-shell-pipe'
+  - 'role-name'
+
+warn_list:
+  - package-latest
+  - unnamed-task
+  - command-instead-of-shell
+  - no-handler
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,46 @@
+---
+name: Test
+run-name: Run molecule tests on the role
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: pip install yamllint ansible-lint ansible
+
+      - name: Run ansible-lint
+        run: "ansible-lint"
+
+  molecule:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible docker molecule molecule-plugins
+
+      - name: Install Galaxy dependencies.
+        run: ansible-galaxy collection install community.docker community.mysql
+
+      - name: Run molecule
+        run: "molecule test"
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 .DS_Store
 *.pyc
 __pycache__
+files/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,7 @@
+---
+repos:
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v6.22.1
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,15 +1,8 @@
 ---
+apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+
 mariadb:
-  system:
-    user:
-      root:
-        name: root
-        group: >-
-          {%- if ansible_system == 'Linux' -%}
-            root
-          {%- else -%}
-            wheel
-          {%- endif -%}
+  version: 10.6
   prefix:
     config: >-
       {%- if ansible_system == 'Linux' -%}
@@ -60,9 +53,8 @@ mariadb:
     application_event_log: /var/log/application_events/MariaDB-Backup.log
   repository:
     apt:
-      key_url:
-      repository:
-  version:
+      key_url: https://mariadb.org/mariadb_release_signing_key.asc
+      repository: "deb [arch={{ apt_arch }}] http://mirror.netcologne.de/mariadb/repo/{{ vars.mariadb.version }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} main"
 mariadb_root_password: >-
   {%- if mariadb.galera.cluster and not mariadb.galera.initializer -%}
     {{- (mariadb_galera_cluster_nodes
@@ -77,7 +69,7 @@ mariadb_root_password: >-
 mariadb_galera_cluster_nodes: >-
   {%- set cluster_nodes = [] -%}
   {%- for node, node_vars in hostvars.items() -%}
-    {%- if (((node_vars.mariadb|default({}))['my.cnf']|default({}))['galera']|default({}))['wsrep_cluster_name']|default('') == ((mariadb['my.cnf']|default({})).galera|default({})).wsrep_cluster_name|default('') -%}
+    {%- if (((node_vars.mariadb | default({}))['my.cnf'] | default({}))['galera'] | default({}))['wsrep_cluster_name'] | default('') == ((mariadb['my.cnf'] | default({})).galera | default({})).wsrep_cluster_name | default('') -%}
       {%- set _ = cluster_nodes.append(node) -%}
     {%- endif -%}
   {%- endfor -%}

diff --git a/handlers/main.yaml b/handlers/main.yaml
@@ -1,19 +1,19 @@
 ---
 - name: Start MariaDB
-  service:
+  ansible.builtin.service:
     name: "{{ mariadb.service }}"
     state: started
   register: mysqld_service_result
 
 - name: Restart MariaDB
   throttle: 1
-  service:
+  ansible.builtin.service:
     name: "{{ mariadb.service }}"
     state: restarted
   when: not (mysqld_service_result is defined and mysqld_service_result.changed)
 
 - name: Restart garb
-  service:
+  ansible.builtin.service:
     name: garb
     state: restarted
   when: not mariadb_service_garb_start_result.changed
diff --git a/meta/main.yaml b/meta/main.yaml
@@ -1,2 +1,10 @@
 ---
 dependencies: []
+
+galaxy_info:
+  author: "Punkt.de"
+  license: "MIT"
+  description: "MariaDB role for Proserver"
+  role_name: "proserver_mariadb"
+  namespace: "punktde"
+  min_ansible_version: "2.15"
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include ansible-proserver-mariadb"
+      ansible.builtin.include_role:
+        name: "ansible-proserver-mariadb"
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -0,0 +1,20 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true
diff --git a/tasks/backup.yaml b/tasks/backup.yaml
@@ -1,9 +1,15 @@
-- when: "true in ([mariadb.backup.enabled] + (mariadb.databases.values()|selectattr('backup.enabled', 'defined')|map(attribute='backup.enabled')|list))"
+---
+- name: Handle MariaDB Backups
+  when: >-
+    true in ([mariadb.backup.enabled] + (mariadb.databases.values() |
+    selectattr('backup.enabled', 'defined') |
+    map(attribute='backup.enabled') |
+    list))
   block:
     - name: Template MariaDB backup script
       loop:
         - /usr/local/bin/mariadb-backup
-      template:
+      ansible.builtin.template:
         src: backup/mariadb-backup
         dest: "{{ item }}"
         mode: u+rwx,go-rwx
@@ -12,12 +18,14 @@
       loop:
         - /etc/systemd/system/mariadb-backup.service
         - /etc/systemd/system/mariadb-backup.timer
-      template:
-        src: "backup/{{ item|basename }}"
+      ansible.builtin.template:
+        src: "backup/{{ item | basename }}"
+        owner: root
+        mode: "0644"
         dest: "{{ item }}"
 
     - name: Enable and start systemd timer for MariaDB backups
-      systemd:
+      ansible.builtin.systemd:
         daemon_reload: yes
         name: mariadb-backup.timer
         enabled: yes

diff --git a/tasks/client_config.yaml b/tasks/client_config.yaml
@@ -1,30 +1,38 @@
 ---
 - name: Check for root password
   changed_when: false
-  stat:
+  ansible.builtin.stat:
     path: /usr/local/etc/mysql-password
   register: mariadb_mysql_password
 
 - name: Create root password
-  when: not mariadb_mysql_password.stat.exists and (not mariadb.galera.cluster or mariadb.galera.initializer)
-  copy:
+  when:
+    - not mariadb_mysql_password.stat.exists
+    - not mariadb.galera.cluster or mariadb.galera.initializer
+  ansible.builtin.copy:
     dest: /usr/local/etc/mysql-password
     content: "{{ lookup('password', '/dev/null length=32 chars=ascii_letters,digits') }}"
-    owner: "{{ mariadb.system.user.root.name }}"
-    group: "{{ mariadb.system.user.root.group }}"
+    owner: "root"
     mode: '0600'
 
-- when: not mariadb.galera.cluster or mariadb.galera.initializer
+- name: Set up mysql root password
+  when: not mariadb.galera.cluster or mariadb.galera.initializer
   block:
     - name: Read root-password
-      slurp:
+      ansible.builtin.slurp:
         src: "{{ item }}"
       with_items:
         - /usr/local/etc/mysql-password
       register: mariadb_root_password_slurp_result
 
+    - name: Start MariaDB
+      ansible.builtin.service:
+        name: "{{ mariadb.service }}"
+        state: started
+
     - name: Set root password in database
-      mysql_user:
+      ignore_errors: "{{ ansible_check_mode }}"
+      community.mysql.mysql_user:
         login_user: root
         login_password: "{{ mariadb_root_password_slurp_result.results.0.content|b64decode|trim }}"
         check_implicit_admin: yes
@@ -34,8 +42,9 @@
         login_unix_socket: "{{ mariadb.socket if mariadb.socket else none }}"
 
 - name: Write root password to cli client configuration file
+  ignore_errors: "{{ ansible_check_mode }}"
   when: not mariadb.galera.cluster or not mariadb.galera.arbitrator
-  blockinfile:
+  ansible.builtin.blockinfile:
     path: "{{ item.path }}"
     owner: "{{ item.owner }}"
     group: "{{ item.group }}"
@@ -49,8 +58,8 @@
     label: "{{ item.path }}"
   with_items:
     - path: /root/.my.cnf
-      owner: "{{ mariadb.system.user.root.name }}"
-      group: "{{ mariadb.system.user.root.group }}"
+      owner: "root"
+      group: "{{ 'root' if ansible_os_family == 'Debian' else 'wheel' }}"
     - path: "{{ ansible_user_dir }}/.my.cnf"
       owner: "{{ ansible_user_uid }}"
       group: "{{ ansible_user_gid }}"
diff --git a/tasks/config_db.yaml b/tasks/config_db.yaml
@@ -1,43 +1,48 @@
 ---
-- when: not mariadb.galera.arbitrator
+- name: Handle MariaDB nodes
+  when: not mariadb.galera.arbitrator
   block:
-    - when: ansible_system == 'FreeBSD'
+    - name: Configure MariaDB (FreeBSD)
+      when: ansible_system == 'FreeBSD'
       block:
         - name: Get MariaDB server version
-          shell: >
-            /usr/local/libexec/mysqld --version | python3 -c 'import sys, re; print(re.search("Ver[\s\t]*([0-9]+\.[0-9]+)", sys.stdin.readline()).group(1))'
-          changed_when: false
+          ansible.builtin.shell:
+            cmd: >-
+              /usr/local/libexec/mysqld --version |
+              python3 -c
+              'import sys, re; print(re.search("Ver[\s\t]*([0-9]+\.[0-9]+)", sys.stdin.readline()).group(1))'
+          changed_when: no
           register: mariadb_get_server_version_result
 
         - name: Check if legacy config location must be used
-          set_fact:
-            mariadb_use_legacy_config_location_result: "{{ mariadb_get_server_version_result.stdout|float < 10.5 }}"
+          ansible.builtin.set_fact:
+            mariadb_use_legacy_config_location_result: "{{ mariadb_get_server_version_result.stdout | float < 10.5 }}"
 
         - name: Remove obsolete my.cnf
           when: not mariadb_use_legacy_config_location_result
-          loop:
-            - /usr/local/etc/my.cnf
-          file:
-            path: "{{ item }}"
+          ansible.builtin.file:
+            path: "/usr/local/etc/my.cnf"
             state: absent
 
     - name: Configure MariaDB (my.cnf)
-      ini_file:
+      community.general.ini_file:
         path: "{{ config_filepath }}"
         section: "{{ item.section }}"
         option: "{{ item.option }}"
         value: "{{ item.value }}"
         state: "{{ 'present' if item.value is not none else 'absent' }}"
+        owner: root
+        mode: "0644"
       loop_control:
         label: "{{ config_filepath }} {{ item.section }}.{{ item.option }}={{ item.value }}"
-      with_items: "{{ mariadb['my.cnf']|mariadb_ini_helper }}"
+      with_items: "{{ mariadb['my.cnf'] | mariadb_ini_helper }}"
       vars:
         config_filepath: "{% if ansible_system == 'FreeBSD' and mariadb_use_legacy_config_location_result %}/usr/local/etc/my.cnf{% else %}{{ mariadb.prefix.config }}/conf.d/zz-ansible.cnf{% endif %}"
       notify: Restart MariaDB
 
     - name: Ensure MariaDB config set by Ansible overrules package defaults
       when: "ansible_system == 'Linux' and mariadb['my.cnf']"
-      file:
+      ansible.builtin.file:
         dest: "{{ mariadb.prefix.config }}/mariadb.conf.d/zz-ansible.cnf"
         src: ../conf.d/zz-ansible.cnf
         state: link

diff --git a/tasks/config_garb.yaml b/tasks/config_garb.yaml
@@ -1,7 +1,9 @@
 ---
 - name: Confiure garb (garb.cnf)
   when: mariadb.galera.arbitrator
-  template:
+  ansible.builtin.template:
     src: garb.cnf
     dest: /etc/default/garb
+    owner: root
+    mode: "0644"
   notify: Restart garb