7 changed files with 232 additions and 0 deletions
@ -0,0 +1,9 @@
|
||||
cockroachdb_version: 20.1.5 |
||||
cockroachdb_download_url: "https://binaries.cockroachdb.com/cockroach-v{{ cockroachdb_version }}.linux-amd64.tgz" |
||||
cockroachdb_checksum: "sha256:e4c20ae1ab92420bea9a2c6c51daa660b2fa3661dca9ba919d34651e7627b504" |
||||
|
||||
cockroachdb__uid: "cockroach" |
||||
cockroachdb__gid: "cockroach" |
||||
cockroachdb__dir: "/var/lib/cockroach" |
||||
|
||||
cockroachdb__create_ca: true |
||||
@ -0,0 +1,6 @@
|
||||
- name: restart cockroach |
||||
become: yes |
||||
systemd: |
||||
name: cockroach |
||||
state: restarted |
||||
daemon_reload: yes |
||||
@ -0,0 +1,76 @@
|
||||
- name: make sure directories exist |
||||
become: yes |
||||
file: |
||||
path: "/etc/cockroach" |
||||
state: directory |
||||
mode: "u=rwx,g=rx,o=rx" |
||||
owner: "{{ cockroachdb__uid }}" |
||||
group: "{{ cockroachdb__gid }}" |
||||
|
||||
- name: ensure systemd unit is present |
||||
become: yes |
||||
notify: restart cockroach |
||||
template: |
||||
src: default.env |
||||
dest: /etc/default/cockroach |
||||
|
||||
- name: Create node certs |
||||
become: yes |
||||
when: cockroachdb__create_ca |
||||
command: |
||||
argv: |
||||
- cockroach |
||||
- cert |
||||
- create-ca |
||||
- --certs-dir=/etc/cockroach |
||||
- --ca-key=/etc/cockroach/ca.key |
||||
creates: /etc/cockroach/ca.crt |
||||
|
||||
- name: Create node certs |
||||
become: yes |
||||
command: |
||||
argv: |
||||
- cockroach |
||||
- cert |
||||
- create-node |
||||
- localhost |
||||
- "{{ inventory_hostname }}" |
||||
- --certs-dir=/etc/cockroach |
||||
- --ca-key=/etc/cockroach/ca.key |
||||
creates: /etc/cockroach/node.key |
||||
|
||||
- name: Create client.root certs |
||||
become: yes |
||||
command: |
||||
argv: |
||||
- cockroach |
||||
- cert |
||||
- create-client |
||||
- root |
||||
- --certs-dir=/etc/cockroach |
||||
- --ca-key=/etc/cockroach/ca.key |
||||
creates: /etc/cockroach/client.root.key |
||||
|
||||
- name: check permission of ca cert |
||||
become: yes |
||||
file: |
||||
path: "/etc/cockroach/ca.crt" |
||||
state: file |
||||
mode: "u=rw,g=r,o=r" |
||||
owner: "{{ cockroachdb__uid }}" |
||||
group: "{{ cockroachdb__gid }}" |
||||
|
||||
- name: check permission of cert directory |
||||
become: yes |
||||
file: |
||||
path: "/etc/cockroach/{{ item }}" |
||||
state: file |
||||
mode: "u=rw,g=,o=" |
||||
owner: "{{ cockroachdb__uid }}" |
||||
group: "{{ cockroachdb__gid }}" |
||||
loop: |
||||
- ca.key |
||||
- client.root.key |
||||
- client.root.crt |
||||
- node.key |
||||
- node.crt |
||||
@ -0,0 +1,88 @@
|
||||
--- |
||||
- name: Create temp ordner during install |
||||
file: |
||||
path: /tmp/cockroachdb |
||||
state: directory |
||||
|
||||
- name: download cockroachdb and check hash |
||||
get_url: |
||||
url: "{{ cockroachdb_download_url }}" |
||||
checksum: "{{ cockroachdb_checksum }}" |
||||
dest: /tmp/cockroachdb.tar.gz |
||||
|
||||
- name: unzip cockroachdb |
||||
unarchive: |
||||
remote_src: yes |
||||
src: /tmp/cockroachdb.tar.gz |
||||
dest: /tmp/cockroachdb |
||||
|
||||
- name: create group |
||||
become: yes |
||||
group: |
||||
name: "{{ cockroachdb__gid }}" |
||||
state: present |
||||
|
||||
- name: make sure cockroachdb user is present |
||||
become: yes |
||||
user: |
||||
system: true |
||||
name: "{{ cockroachdb__uid }}" |
||||
shell: /bin/nologin |
||||
createhome: false |
||||
home: "{{ cockroachdb__dir }}" |
||||
|
||||
- name: make sure directories exist |
||||
become: yes |
||||
file: |
||||
path: "{{ cockroachdb__dir }}" |
||||
state: directory |
||||
recurse: yes |
||||
mode: "u=rwx,g=rx,o=" |
||||
owner: "{{ cockroachdb__uid }}" |
||||
group: "{{ cockroachdb__gid }}" |
||||
|
||||
|
||||
- name: make sure cockroachdb binary is present |
||||
become: yes |
||||
notify: restart cockroach |
||||
copy: |
||||
src: "/tmp/cockroachdb/cockroach-v{{ cockroachdb_version }}.linux-amd64/cockroach" |
||||
remote_src: yes |
||||
dest: "/usr/local/bin/cockroach" |
||||
mode: 0755 |
||||
owner: "{{ cockroachdb__uid }}" |
||||
group: "{{ cockroachdb__gid }}" |
||||
|
||||
- name: generate autocomplete and man for cockroachdb |
||||
become: yes |
||||
command: /usr/local/bin/cockroach gen man --path "/usr/share/man/man1/" |
||||
|
||||
- name: generate autocomplete and man for cockroachdb |
||||
become: yes |
||||
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" |
||||
loop: |
||||
- shell: bash |
||||
path: /usr/share/bash-completion/completions/cockroach |
||||
|
||||
- name: generate autocomplete and man for debian |
||||
when: ansible_os_family == "Debian" |
||||
become: yes |
||||
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" |
||||
loop: |
||||
- shell: zsh |
||||
path: /usr/share/zsh/vendor-completions/_cockroach |
||||
|
||||
- name: generate autocomplete and man for archlinux |
||||
when: ansible_os_family == "Archlinux" |
||||
become: yes |
||||
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" |
||||
loop: |
||||
- shell: zsh |
||||
path: /usr/share/zsh/site-functions/_cockroach |
||||
|
||||
- name: ensure systemd unit is present |
||||
become: yes |
||||
notify: restart cockroach |
||||
template: |
||||
src: systemd.service |
||||
dest: /etc/systemd/system/cockroach.service |
||||
@ -0,0 +1,30 @@
|
||||
--- |
||||
- name: check if CockroachDB binary exists |
||||
stat: |
||||
path: /usr/local/bin/cockroach |
||||
register: cockroachdb__exists |
||||
|
||||
- name: CockroachDB Version register |
||||
become: yes |
||||
shell: "/usr/local/bin/cockroach version 2>&1 | head -n1 | cut -d'v' -f 2" |
||||
changed_when: False |
||||
when: cockroachdb__exists.stat.exists |
||||
check_mode: no |
||||
register: cockroachdb__local_version |
||||
|
||||
- debug: var=cockroachdb__local_version |
||||
|
||||
- name: Install CockroachDB |
||||
include_tasks: install.yml |
||||
when: "not cockroachdb__exists.stat.exists or cockroachdb_version is not in cockroachdb__local_version.stdout" |
||||
|
||||
|
||||
- name: Configuration |
||||
include_tasks: config.yml |
||||
|
||||
- name: ensure CockroachDB is enabled and started |
||||
become: yes |
||||
systemd: |
||||
name: cockroach |
||||
state: started |
||||
enabled: yes |
||||
@ -0,0 +1,2 @@
|
||||
COCKROACH_STORE="path=/var/lib/cockroach" |
||||
COCKROACH_FLAGS="" |
||||
@ -0,0 +1,21 @@
|
||||
[Unit] |
||||
Description=CockroachDB database server |
||||
Requires=network-online.target |
||||
After=network-online.target |
||||
|
||||
[Service] |
||||
User={{ cockroachdb__uid }} |
||||
Group={{ cockroachdb__gid }} |
||||
|
||||
EnvironmentFile=-/etc/default/cockroach |
||||
ExecStart=/usr/local/bin/cockroach start --certs-dir /etc/cockroach --store=${COCKROACH_STORE} $COCKROACH_FLAGS |
||||
LimitNOFILE=35000 |
||||
|
||||
PrivateTmp=true |
||||
ProtectSystem=strict |
||||
PrivateDevices=true |
||||
ProtectHome=true |
||||
ReadWritePaths={{ cockroachdb__dir }} |
||||
|
||||
[Install] |
||||
WantedBy=multi-user.target |
||||
Loading…
Reference in new issue