From 69d54a529e994a36fd2e91d12f50af83d7b50d9e Mon Sep 17 00:00:00 2001 From: Geno Date: Fri, 13 Nov 2020 14:30:17 +0100 Subject: [PATCH] init --- defaults/main.yml | 9 ++++ handlers/main.yml | 6 +++ tasks/config.yml | 76 +++++++++++++++++++++++++++++++++ tasks/install.yml | 88 +++++++++++++++++++++++++++++++++++++++ tasks/main.yml | 30 +++++++++++++ templates/default.env | 2 + templates/systemd.service | 21 ++++++++++ 7 files changed, 232 insertions(+) create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 tasks/config.yml create mode 100644 tasks/install.yml create mode 100644 tasks/main.yml create mode 100644 templates/default.env create mode 100644 templates/systemd.service diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..cda1ccc --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,9 @@ +cockroachdb_version: 20.1.5 +cockroachdb_download_url: "https://binaries.cockroachdb.com/cockroach-v{{ cockroachdb_version }}.linux-amd64.tgz" +cockroachdb_checksum: "sha256:e4c20ae1ab92420bea9a2c6c51daa660b2fa3661dca9ba919d34651e7627b504" + +cockroachdb__uid: "cockroach" +cockroachdb__gid: "cockroach" +cockroachdb__dir: "/var/lib/cockroach" + +cockroachdb__create_ca: true diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..ff68735 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +- name: restart cockroach + become: yes + systemd: + name: cockroach + state: restarted + daemon_reload: yes diff --git a/tasks/config.yml b/tasks/config.yml new file mode 100644 index 0000000..6680fec --- /dev/null +++ b/tasks/config.yml @@ -0,0 +1,76 @@ +- name: make sure directories exist + become: yes + file: + path: "/etc/cockroach" + state: directory + mode: "u=rwx,g=rx,o=rx" + owner: "{{ cockroachdb__uid }}" + group: "{{ cockroachdb__gid }}" + +- name: ensure systemd unit is present + become: yes + notify: restart cockroach + template: + src: default.env + dest: /etc/default/cockroach + +- name: Create node certs + become: yes + when: cockroachdb__create_ca + command: + argv: + - cockroach + - cert + - create-ca + - --certs-dir=/etc/cockroach + - --ca-key=/etc/cockroach/ca.key + creates: /etc/cockroach/ca.crt + +- name: Create node certs + become: yes + command: + argv: + - cockroach + - cert + - create-node + - localhost + - "{{ inventory_hostname }}" + - --certs-dir=/etc/cockroach + - --ca-key=/etc/cockroach/ca.key + creates: /etc/cockroach/node.key + +- name: Create client.root certs + become: yes + command: + argv: + - cockroach + - cert + - create-client + - root + - --certs-dir=/etc/cockroach + - --ca-key=/etc/cockroach/ca.key + creates: /etc/cockroach/client.root.key + +- name: check permission of ca cert + become: yes + file: + path: "/etc/cockroach/ca.crt" + state: file + mode: "u=rw,g=r,o=r" + owner: "{{ cockroachdb__uid }}" + group: "{{ cockroachdb__gid }}" + +- name: check permission of cert directory + become: yes + file: + path: "/etc/cockroach/{{ item }}" + state: file + mode: "u=rw,g=,o=" + owner: "{{ cockroachdb__uid }}" + group: "{{ cockroachdb__gid }}" + loop: + - ca.key + - client.root.key + - client.root.crt + - node.key + - node.crt diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..dda1a91 --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,88 @@ +--- +- name: Create temp ordner during install + file: + path: /tmp/cockroachdb + state: directory + +- name: download cockroachdb and check hash + get_url: + url: "{{ cockroachdb_download_url }}" + checksum: "{{ cockroachdb_checksum }}" + dest: /tmp/cockroachdb.tar.gz + +- name: unzip cockroachdb + unarchive: + remote_src: yes + src: /tmp/cockroachdb.tar.gz + dest: /tmp/cockroachdb + +- name: create group + become: yes + group: + name: "{{ cockroachdb__gid }}" + state: present + +- name: make sure cockroachdb user is present + become: yes + user: + system: true + name: "{{ cockroachdb__uid }}" + shell: /bin/nologin + createhome: false + home: "{{ cockroachdb__dir }}" + +- name: make sure directories exist + become: yes + file: + path: "{{ cockroachdb__dir }}" + state: directory + recurse: yes + mode: "u=rwx,g=rx,o=" + owner: "{{ cockroachdb__uid }}" + group: "{{ cockroachdb__gid }}" + + +- name: make sure cockroachdb binary is present + become: yes + notify: restart cockroach + copy: + src: "/tmp/cockroachdb/cockroach-v{{ cockroachdb_version }}.linux-amd64/cockroach" + remote_src: yes + dest: "/usr/local/bin/cockroach" + mode: 0755 + owner: "{{ cockroachdb__uid }}" + group: "{{ cockroachdb__gid }}" + +- name: generate autocomplete and man for cockroachdb + become: yes + command: /usr/local/bin/cockroach gen man --path "/usr/share/man/man1/" + +- name: generate autocomplete and man for cockroachdb + become: yes + command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" + loop: + - shell: bash + path: /usr/share/bash-completion/completions/cockroach + +- name: generate autocomplete and man for debian + when: ansible_os_family == "Debian" + become: yes + command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" + loop: + - shell: zsh + path: /usr/share/zsh/vendor-completions/_cockroach + +- name: generate autocomplete and man for archlinux + when: ansible_os_family == "Archlinux" + become: yes + command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}" + loop: + - shell: zsh + path: /usr/share/zsh/site-functions/_cockroach + +- name: ensure systemd unit is present + become: yes + notify: restart cockroach + template: + src: systemd.service + dest: /etc/systemd/system/cockroach.service diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..1b4a022 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: check if CockroachDB binary exists + stat: + path: /usr/local/bin/cockroach + register: cockroachdb__exists + +- name: CockroachDB Version register + become: yes + shell: "/usr/local/bin/cockroach version 2>&1 | head -n1 | cut -d'v' -f 2" + changed_when: False + when: cockroachdb__exists.stat.exists + check_mode: no + register: cockroachdb__local_version + +- debug: var=cockroachdb__local_version + +- name: Install CockroachDB + include_tasks: install.yml + when: "not cockroachdb__exists.stat.exists or cockroachdb_version is not in cockroachdb__local_version.stdout" + + +- name: Configuration + include_tasks: config.yml + +- name: ensure CockroachDB is enabled and started + become: yes + systemd: + name: cockroach + state: started + enabled: yes diff --git a/templates/default.env b/templates/default.env new file mode 100644 index 0000000..d782f7d --- /dev/null +++ b/templates/default.env @@ -0,0 +1,2 @@ +COCKROACH_STORE="path=/var/lib/cockroach" +COCKROACH_FLAGS="" diff --git a/templates/systemd.service b/templates/systemd.service new file mode 100644 index 0000000..95ca3ce --- /dev/null +++ b/templates/systemd.service @@ -0,0 +1,21 @@ +[Unit] +Description=CockroachDB database server +Requires=network-online.target +After=network-online.target + +[Service] +User={{ cockroachdb__uid }} +Group={{ cockroachdb__gid }} + +EnvironmentFile=-/etc/default/cockroach +ExecStart=/usr/local/bin/cockroach start --certs-dir /etc/cockroach --store=${COCKROACH_STORE} $COCKROACH_FLAGS +LimitNOFILE=35000 + +PrivateTmp=true +ProtectSystem=strict +PrivateDevices=true +ProtectHome=true +ReadWritePaths={{ cockroachdb__dir }} + +[Install] +WantedBy=multi-user.target