sum7
/
ansible-role-cockroachdb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

init

This commit is contained in:
Geno 2020-11-13 14:30:17 +01:00
parent 127c36c209
commit 69d54a529e
7 changed files with 232 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
defaults/main.yml Normal file
View File

@ -0,0 +1,9 @@
cockroachdb_version: 20.1.5
cockroachdb_download_url: "https://binaries.cockroachdb.com/cockroach-v{{ cockroachdb_version }}.linux-amd64.tgz"
cockroachdb_checksum: "sha256:e4c20ae1ab92420bea9a2c6c51daa660b2fa3661dca9ba919d34651e7627b504"
cockroachdb__uid: "cockroach"
cockroachdb__gid: "cockroach"
cockroachdb__dir: "/var/lib/cockroach"
cockroachdb__create_ca: true

6
handlers/main.yml Normal file
View File

@ -0,0 +1,6 @@
- name: restart cockroach
become: yes
systemd:
name: cockroach
state: restarted
daemon_reload: yes

76
tasks/config.yml Normal file
View File

@ -0,0 +1,76 @@
- name: make sure directories exist
become: yes
file:
path: "/etc/cockroach"
state: directory
mode: "u=rwx,g=rx,o=rx"
owner: "{{ cockroachdb__uid }}"
group: "{{ cockroachdb__gid }}"
- name: ensure systemd unit is present
become: yes
notify: restart cockroach
template:
src: default.env
dest: /etc/default/cockroach
- name: Create node certs
become: yes
when: cockroachdb__create_ca
command:
argv:
- cockroach
- cert
- create-ca
- --certs-dir=/etc/cockroach
- --ca-key=/etc/cockroach/ca.key
creates: /etc/cockroach/ca.crt
- name: Create node certs
become: yes
command:
argv:
- cockroach
- cert
- create-node
- localhost
- "{{ inventory_hostname }}"
- --certs-dir=/etc/cockroach
- --ca-key=/etc/cockroach/ca.key
creates: /etc/cockroach/node.key
- name: Create client.root certs
become: yes
command:
argv:
- cockroach
- cert
- create-client
- root
- --certs-dir=/etc/cockroach
- --ca-key=/etc/cockroach/ca.key
creates: /etc/cockroach/client.root.key
- name: check permission of ca cert
become: yes
file:
path: "/etc/cockroach/ca.crt"
state: file
mode: "u=rw,g=r,o=r"
owner: "{{ cockroachdb__uid }}"
group: "{{ cockroachdb__gid }}"
- name: check permission of cert directory
become: yes
file:
path: "/etc/cockroach/{{ item }}"
state: file
mode: "u=rw,g=,o="
owner: "{{ cockroachdb__uid }}"
group: "{{ cockroachdb__gid }}"
loop:
- ca.key
- client.root.key
- client.root.crt
- node.key
- node.crt

88
tasks/install.yml Normal file
View File

@ -0,0 +1,88 @@
---
- name: Create temp ordner during install
file:
path: /tmp/cockroachdb
state: directory
- name: download cockroachdb and check hash
get_url:
url: "{{ cockroachdb_download_url }}"
checksum: "{{ cockroachdb_checksum }}"
dest: /tmp/cockroachdb.tar.gz
- name: unzip cockroachdb
unarchive:
remote_src: yes
src: /tmp/cockroachdb.tar.gz
dest: /tmp/cockroachdb
- name: create group
become: yes
group:
name: "{{ cockroachdb__gid }}"
state: present
- name: make sure cockroachdb user is present
become: yes
user:
system: true
name: "{{ cockroachdb__uid }}"
shell: /bin/nologin
createhome: false
home: "{{ cockroachdb__dir }}"
- name: make sure directories exist
become: yes
file:
path: "{{ cockroachdb__dir }}"
state: directory
recurse: yes
mode: "u=rwx,g=rx,o="
owner: "{{ cockroachdb__uid }}"
group: "{{ cockroachdb__gid }}"
- name: make sure cockroachdb binary is present
become: yes
notify: restart cockroach
copy:
src: "/tmp/cockroachdb/cockroach-v{{ cockroachdb_version }}.linux-amd64/cockroach"
remote_src: yes
dest: "/usr/local/bin/cockroach"
mode: 0755
owner: "{{ cockroachdb__uid }}"
group: "{{ cockroachdb__gid }}"
- name: generate autocomplete and man for cockroachdb
become: yes
command: /usr/local/bin/cockroach gen man --path "/usr/share/man/man1/"
- name: generate autocomplete and man for cockroachdb
become: yes
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}"
loop:
- shell: bash
path: /usr/share/bash-completion/completions/cockroach
- name: generate autocomplete and man for debian
when: ansible_os_family == "Debian"
become: yes
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}"
loop:
- shell: zsh
path: /usr/share/zsh/vendor-completions/_cockroach
- name: generate autocomplete and man for archlinux
when: ansible_os_family == "Archlinux"
become: yes
command: /usr/local/bin/cockroach gen autocomplete "{{ item.shell }}" --out "{{ item.path }}"
loop:
- shell: zsh
path: /usr/share/zsh/site-functions/_cockroach
- name: ensure systemd unit is present
become: yes
notify: restart cockroach
template:
src: systemd.service
dest: /etc/systemd/system/cockroach.service

30
tasks/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: check if CockroachDB binary exists
stat:
path: /usr/local/bin/cockroach
register: cockroachdb__exists
- name: CockroachDB Version register
become: yes
shell: "/usr/local/bin/cockroach version 2>&1 | head -n1 | cut -d'v' -f 2"
changed_when: False
when: cockroachdb__exists.stat.exists
check_mode: no
register: cockroachdb__local_version
- debug: var=cockroachdb__local_version
- name: Install CockroachDB
include_tasks: install.yml
when: "not cockroachdb__exists.stat.exists or cockroachdb_version is not in cockroachdb__local_version.stdout"
- name: Configuration
include_tasks: config.yml
- name: ensure CockroachDB is enabled and started
become: yes
systemd:
name: cockroach
state: started
enabled: yes

2
templates/default.env Normal file
View File

@ -0,0 +1,2 @@
COCKROACH_STORE="path=/var/lib/cockroach"
COCKROACH_FLAGS=""

21
templates/systemd.service Normal file
View File

@ -0,0 +1,21 @@
[Unit]
Description=CockroachDB database server
Requires=network-online.target
After=network-online.target
[Service]
User={{ cockroachdb__uid }}
Group={{ cockroachdb__gid }}
EnvironmentFile=-/etc/default/cockroach
ExecStart=/usr/local/bin/cockroach start --certs-dir /etc/cockroach --store=${COCKROACH_STORE} $COCKROACH_FLAGS
LimitNOFILE=35000
PrivateTmp=true
ProtectSystem=strict
PrivateDevices=true
ProtectHome=true
ReadWritePaths={{ cockroachdb__dir }}
[Install]
WantedBy=multi-user.target