From d36212b7d7e94e5df00dc9e8e2fdb5715a8af005 Mon Sep 17 00:00:00 2001 From: Nathaniel Landau Date: Tue, 25 Apr 2023 11:32:29 -0400 Subject: [PATCH] style: pass ansible-lint --- .pre-commit-config.yaml | 4 +- handlers/main.yml | 76 +-- main.yml | 134 ++--- tasks/backups.yml | 48 +- tasks/cluster_storage.yml | 276 +++++----- tasks/consul.yml | 584 +++++++++++----------- tasks/debug.yml | 2 +- tasks/docker.yml | 132 ++--- tasks/interpolated_variables.yml | 34 +- tasks/logrotate.yml | 40 +- tasks/nomad.yml | 42 +- tasks/orchestration_jobs.yml | 112 ++--- tasks/packages.yml | 100 ++-- tasks/pull_repositories.yml | 35 +- tasks/sanity.yml | 8 +- tasks/service_prometheus_nodeExporter.yml | 88 ++-- tasks/tdarr.yml | 305 +++++------ tasks/telegraf.yml | 440 ++++++++-------- 18 files changed, 1246 insertions(+), 1214 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e2939e1..f4e4081 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: "https://github.com/commitizen-tools/commitizen" - rev: v2.42.1 + rev: 3.0.1 hooks: - id: "commitizen" @@ -31,7 +31,7 @@ repos: args: [--markdown-linebreak-ext=md] - repo: "https://github.com/adrienverge/yamllint.git" - rev: v1.29.0 + rev: v1.31.0 hooks: - id: yamllint files: \.(yaml|yml)$ diff --git a/handlers/main.yml b/handlers/main.yml index a7b3232..f559f54 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,80 +3,96 @@ - name: Mount shared storage on Mac become: true ansible.builtin.command: - cmd: automount -cv + cmd: automount -cv register: automount_output failed_when: automount_output.rc > 0 + changed_when: automount_output.rc == 0 when: - - "'macs' in group_names" - - not ansible_check_mode + - "'macs' in group_names" + - not ansible_check_mode listen: "mac_run_automount" - name: Mount and unmount shared storage on Mac become: true ansible.builtin.command: - cmd: automount -cvu + cmd: automount -cvu register: automount_output failed_when: automount_output.rc > 0 + changed_when: automount_output.rc == 0 when: - - "'macs' in group_names" - - not ansible_check_mode + - "'macs' in group_names" + - not ansible_check_mode listen: "mac_run_automount_unmount" ##################################### TELEGRAF - name: (Re)Start telegraf (Debian) become: true ansible.builtin.service: - name: telegraf - state: restarted + name: telegraf + state: restarted + register: telegraf_service + failed_when: telegraf_service.rc > 0 + changed_when: telegraf_service.rc == 0 when: - - ansible_os_family == 'Debian' + - ansible_os_family == 'Debian' listen: restart_telegraf - name: (Re)Start telegraf ansible.builtin.shell: - cmd: /usr/local/bin/brew services restart telegraf - executable: /usr/local/bin/bash + cmd: /usr/local/bin/brew services restart telegraf + executable: /usr/local/bin/bash ignore_errors: true + register: telegraf_service + failed_when: telegraf_service.rc > 0 + changed_when: telegraf_service.rc == 0 when: - - ansible_os_family == 'Darwin' + - ansible_os_family == 'Darwin' listen: restart_telegraf ##################################### NOMAD -- name: restart nomad (Debian) +- name: Restart nomad (Debian) become: true ansible.builtin.systemd: - name: nomad - enabled: true - state: restarted + name: nomad + enabled: true + state: restarted + register: nomad_service + failed_when: nomad_service.rc > 0 + changed_when: nomad_service.rc == 0 when: - - ansible_os_family == 'Debian' - - "'nostart' not in ansible_run_tags" + - ansible_os_family == 'Debian' + - "'nostart' not in ansible_run_tags" listen: "restart nomad" -- name: "unload nomad agent (MacOSX)" +- name: "Unload nomad agent (MacOSX)" ansible.builtin.command: - cmd: "launchctl unload -w {{ nomad_plist_macos }}" - failed_when: false + cmd: "launchctl unload -w {{ nomad_plist_macos }}" + register: nomad_service + changed_when: nomad_service.rc == 0 + failed_when: nomad_service.rc > 0 when: - - ansible_os_family == 'Darwin' - - "'nostart' not in ansible_run_tags" + - ansible_os_family == 'Darwin' + - "'nostart' not in ansible_run_tags" listen: "restart nomad" -- name: "load the nomad agent (MacOSX)" +- name: "Load the nomad agent (MacOSX)" ansible.builtin.command: - cmd: "launchctl load -w {{ nomad_plist_macos }}" + cmd: "launchctl load -w {{ nomad_plist_macos }}" + register: nomad_service + changed_when: nomad_service.rc == 0 + failed_when: nomad_service.rc > 0 when: - - ansible_os_family == 'Darwin' - - "'nostart' not in ansible_run_tags" + - ansible_os_family == 'Darwin' + - "'nostart' not in ansible_run_tags" listen: "restart nomad" -- name: "ensure nomad is really running" +- name: "Ensure nomad is really running" ansible.builtin.shell: - cmd: "sleep 10 && /usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}" + cmd: "set -o pipefail && sleep 10 && /usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}" register: node_status_response failed_when: node_status_response.rc > 0 - changed_when: false + changed_when: node_status_response.rc == 0 when: "'nostart' not in ansible_run_tags" listen: "restart nomad" # - name: "Ensure sure Nomad service is really running" diff --git a/main.yml b/main.yml index faac9d4..6be1454 100644 --- a/main.yml +++ b/main.yml @@ -4,76 +4,76 @@ serial: 1 vars_files: - - default_variables.yml - - vault.yml + - default_variables.yml + - vault.yml pre_tasks: - - name: Run sanity checks - ansible.builtin.import_tasks: tasks/sanity.yml - tags: ["always", "sanity"] - - name: populate service facts - ansible.builtin.service_facts: - tags: ["nomad", "consul"] - - name: Run debug tasks - ansible.builtin.import_tasks: tasks/debug.yml - tags: [never, debug] - - name: populate device specific variables - ansible.builtin.import_tasks: tasks/interpolated_variables.yml - tags: ["always"] - - name: Ensure we have up-to-date packages - ansible.builtin.import_tasks: tasks/packages.yml - tags: ["packages", "update"] - - name: Set clean nomad_jobs_dir variable - ansible.builtin.set_fact: - clean_nomad_jobs: true - tags: ["never", "clean"] + - name: Run sanity checks + ansible.builtin.import_tasks: tasks/sanity.yml + tags: ["always", "sanity"] + - name: Populate service facts + ansible.builtin.service_facts: + tags: ["nomad", "consul"] + - name: Run debug tasks + ansible.builtin.import_tasks: tasks/debug.yml + tags: [never, debug] + - name: Populate device specific variables + ansible.builtin.import_tasks: tasks/interpolated_variables.yml + tags: ["always"] + - name: Ensure we have up-to-date packages + ansible.builtin.import_tasks: tasks/packages.yml + tags: ["packages", "update"] + - name: Set clean nomad_jobs_dir variable + ansible.builtin.set_fact: + clean_nomad_jobs: true + tags: ["never", "clean"] tasks: - - name: Configure cluster NFS mounts - ansible.builtin.import_tasks: tasks/cluster_storage.yml - tags: ["storage"] - when: - - is_nomad_client or is_nomad_server or is_shared_storage_client - - name: Install Docker - ansible.builtin.import_tasks: tasks/docker.yml - tags: ["docker"] - when: "'nas' not in group_names" - - name: Install and Upgrade Consul - ansible.builtin.import_tasks: tasks/consul.yml - tags: ["consul"] - when: is_consul_client or is_consul_server - - name: Install and Upgrade Nomad - ansible.builtin.import_tasks: tasks/nomad.yml - tags: ["nomad"] - when: is_nomad_client or is_nomad_server - - name: Orchestration Jobs - ansible.builtin.import_tasks: tasks/orchestration_jobs.yml - tags: ["jobs", "update"] - - name: Prometheus Node Exporter - ansible.builtin.import_tasks: tasks/service_prometheus_nodeExporter.yml - tags: ["prometheus_exporter"] - when: - - is_prometheus_node - - "'pis' in group_names" - - name: Install backup scripts - ansible.builtin.import_tasks: tasks/backups.yml - tags: ["backup", "backups"] - when: is_nomad_client or is_nomad_server - - name: Install and configure Telegraf - ansible.builtin.import_tasks: tasks/telegraf.yml - tags: ["telegraf"] - when: is_telegraf_client - - name: Pull repositories - ansible.builtin.import_tasks: tasks/pull_repositories.yml - tags: ["never", "update", "repos"] - - name: Configure log rotate - ansible.builtin.import_tasks: tasks/logrotate.yml - tags: ["logrotate"] - when: is_cluster_leader - - name: Install and configure tdarr - ansible.builtin.import_tasks: tasks/tdarr.yml - tags: ["tdarr"] - when: is_tdarr_server or is_tdarr_node + - name: Configure cluster NFS mounts + ansible.builtin.import_tasks: tasks/cluster_storage.yml + tags: ["storage"] + when: + - is_nomad_client or is_nomad_server or is_shared_storage_client + - name: Install Docker + ansible.builtin.import_tasks: tasks/docker.yml + tags: ["docker"] + when: "'nas' not in group_names" + - name: Install and Upgrade Consul + ansible.builtin.import_tasks: tasks/consul.yml + tags: ["consul"] + when: is_consul_client or is_consul_server + - name: Install and Upgrade Nomad + ansible.builtin.import_tasks: tasks/nomad.yml + tags: ["nomad"] + when: is_nomad_client or is_nomad_server + - name: Orchestration Jobs + ansible.builtin.import_tasks: tasks/orchestration_jobs.yml + tags: ["jobs", "update"] + - name: Prometheus Node Exporter + ansible.builtin.import_tasks: tasks/service_prometheus_nodeExporter.yml + tags: ["prometheus_exporter"] + when: + - is_prometheus_node + - "'pis' in group_names" + - name: Install backup scripts + ansible.builtin.import_tasks: tasks/backups.yml + tags: ["backup", "backups"] + when: is_nomad_client or is_nomad_server + - name: Install and configure Telegraf + ansible.builtin.import_tasks: tasks/telegraf.yml + tags: ["telegraf"] + when: is_telegraf_client + - name: Pull repositories + ansible.builtin.import_tasks: tasks/pull_repositories.yml + tags: ["never", "update", "repos"] + - name: Configure log rotate + ansible.builtin.import_tasks: tasks/logrotate.yml + tags: ["logrotate"] + when: is_cluster_leader + - name: Install and configure tdarr + ansible.builtin.import_tasks: tasks/tdarr.yml + tags: ["tdarr"] + when: is_tdarr_server or is_tdarr_node handlers: - - ansible.builtin.import_tasks: handlers/main.yml + - ansible.builtin.import_tasks: handlers/main.yml diff --git a/tasks/backups.yml b/tasks/backups.yml index 9ff18d8..f0e29c4 100644 --- a/tasks/backups.yml +++ b/tasks/backups.yml @@ -6,42 +6,42 @@ # 1. Copies a backup and restore shellscript to /usr/local/bin # 2. Edits the sudoers file to allow the script to be invoked with sudo privileges -- name: copy backup shellscript to server +- name: Copy backup shellscript to server become: true ansible.builtin.template: - src: scripts/service_backups.sh.j2 - dest: /usr/local/bin/service_backups - mode: 0755 + src: scripts/service_backups.sh.j2 + dest: /usr/local/bin/service_backups + mode: 0755 when: - - is_nomad_client or is_nomad_server + - is_nomad_client or is_nomad_server -- name: copy restore shellscript to server +- name: Copy restore shellscript to server become: true ansible.builtin.template: - src: scripts/service_restore.sh.j2 - dest: /usr/local/bin/service_restore - mode: 0755 + src: scripts/service_restore.sh.j2 + dest: /usr/local/bin/service_restore + mode: 0755 when: - - is_nomad_client or is_nomad_server + - is_nomad_client or is_nomad_server -- name: ensure nomad user can run sudo with the restore script +- name: Ensure nomad user can run sudo with the restore script become: true ansible.builtin.lineinfile: - path: /etc/sudoers - state: present - line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore" - validate: "/usr/sbin/visudo -cf %s" + path: /etc/sudoers + state: present + line: "nomad ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore" + validate: "/usr/sbin/visudo -cf %s" when: - - is_nomad_client or is_nomad_server - - "'pis' in group_names" + - is_nomad_client or is_nomad_server + - "'pis' in group_names" -- name: ensure my user can run sudo with the restore script +- name: Ensure my user can run sudo with the restore script become: true ansible.builtin.lineinfile: - path: /etc/sudoers - state: present - line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore" - validate: "/usr/sbin/visudo -cf %s" + path: /etc/sudoers + state: present + line: "{{ ansible_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore" + validate: "/usr/sbin/visudo -cf %s" when: - - is_nomad_client or is_nomad_server - - "'pis' in group_names" + - is_nomad_client or is_nomad_server + - "'pis' in group_names" diff --git a/tasks/cluster_storage.yml b/tasks/cluster_storage.yml index 2165b1b..15d6be3 100644 --- a/tasks/cluster_storage.yml +++ b/tasks/cluster_storage.yml @@ -6,159 +6,159 @@ - name: "Mount storage on Raspberry Pis" when: "'pis' in group_names" block: - - name: ensure local mount points exist - become: true - ansible.builtin.file: - path: "{{ item.local }}" - state: directory - mode: 0777 - # owner: "{{ ansible_user_uid }}" - # group: "{{ ansible_user_gid }}" - loop: "{{ rpi_nfs_mounts_list }}" + - name: Ensure local mount points exist + become: true + ansible.builtin.file: + path: "{{ item.local }}" + state: directory + mode: 0777 + # owner: "{{ ansible_user_uid }}" + # group: "{{ ansible_user_gid }}" + loop: "{{ rpi_nfs_mounts_list }}" - - name: remove old nfs drives - become: true - ansible.posix.mount: - path: "{{ item.local }}" - src: "{{ item.src }}" - fstype: nfs - opts: defaults,hard,intr,timeo=14 - state: absent - loop: "{{ rpi_nfs_mounts_remove }}" + - name: Remove old nfs drives + become: true + ansible.posix.mount: + path: "{{ item.local }}" + src: "{{ item.src }}" + fstype: nfs + opts: defaults,hard,intr,timeo=14 + state: absent + loop: "{{ rpi_nfs_mounts_remove }}" - - name: mount all nfs drives - become: true - ansible.posix.mount: - path: "{{ item.local }}" - src: "{{ item.src }}" - fstype: nfs - opts: defaults,hard,intr,timeo=14 - state: mounted - boot: true - loop: "{{ rpi_nfs_mounts_list }}" + - name: Mount all nfs drives + become: true + ansible.posix.mount: + path: "{{ item.local }}" + src: "{{ item.src }}" + fstype: nfs + opts: defaults,hard,intr,timeo=14 + state: mounted + boot: true + loop: "{{ rpi_nfs_mounts_list }}" # --------------------------------- Mount on Macs # https://gist.github.com/l422y/8697518 - name: "Mount storage on Macs" when: "'macs' in group_names" block: - - name: create mount_point - become: true - ansible.builtin.file: - path: "{{ mac_storage_mount_point }}" - state: directory - mode: 0755 + - name: Create mount_point + become: true + ansible.builtin.file: + path: "{{ mac_storage_mount_point }}" + state: directory + mode: 0755 - # I ran into problems getting this to run successfully. If errors occur, add the line manually using: - # $ sudo nano /private/etc/auto_master + # I ran into problems getting this to run successfully. If errors occur, add the line manually using: + # $ sudo nano /private/etc/auto_master - - name: add NFS shared drives to macs - when: mac_autofs_type == 'nfs' - block: - - name: add auto_nfs to "/private/etc/auto_master" - become: true - ansible.builtin.lineinfile: - path: /private/etc/auto_master - regexp: "auto_nfs" - line: "/- auto_nfs -nobrowse,nosuid" - unsafe_writes: true + - name: Add NFS shared drives to macs + when: mac_autofs_type == 'nfs' + block: + - name: Add auto_nfs to "/private/etc/auto_master" + become: true + ansible.builtin.lineinfile: + path: /private/etc/auto_master + regexp: "auto_nfs" + line: "/- auto_nfs -nobrowse,nosuid" + unsafe_writes: true - - name: add mounts to /etc/auto_nfs - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_nfs - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=nfs,bg,intr,noowners,rw,vers=4 nfs://{{ item.src }}" - state: present - unsafe_writes: true - mode: 0644 - loop: "{{ mac_nfs_mounts_list if mac_nfs_mounts_list is iterable else [] }}" - notify: mac_run_automount + - name: Add mounts to /etc/auto_nfs + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_nfs + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=nfs,bg,intr,noowners,rw,vers=4 nfs://{{ item.src }}" + state: present + unsafe_writes: true + mode: 0644 + loop: "{{ mac_nfs_mounts_list if mac_nfs_mounts_list is iterable else [] }}" + notify: mac_run_automount - - name: remove old mounts from /etc/auto_nfs - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_nfs - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=nfs,bg,intr,noowners,rw,vers=4 nfs://{{ item.src }}" - state: absent - unsafe_writes: true - mode: 0644 - notify: mac_run_automount_unmount - loop: "{{ mac_nfs_mounts_remove if mac_nfs_mounts_remove is iterable else [] }}" + - name: Remove old mounts from /etc/auto_nfs + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_nfs + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=nfs,bg,intr,noowners,rw,vers=4 nfs://{{ item.src }}" + state: absent + unsafe_writes: true + mode: 0644 + notify: mac_run_automount_unmount + loop: "{{ mac_nfs_mounts_remove if mac_nfs_mounts_remove is iterable else [] }}" - - name: add AFP shared drives to macs - when: mac_autofs_type == 'afp' - block: - - name: add auto_afp to "/private/etc/auto_master" - become: true - ansible.builtin.lineinfile: - path: /private/etc/auto_master - regexp: "auto_afp" - line: "/- auto_afp -nobrowse,nosuid" - unsafe_writes: true + - name: Add AFP shared drives to macs + when: mac_autofs_type == 'afp' + block: + - name: Add auto_afp to "/private/etc/auto_master" + become: true + ansible.builtin.lineinfile: + path: /private/etc/auto_master + regexp: "auto_afp" + line: "/- auto_afp -nobrowse,nosuid" + unsafe_writes: true - - name: add mounts to /etc/auto_afp - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_afp - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" - state: present - unsafe_writes: true - mode: 0644 - loop: "{{ mac_afp_or_smb_mounts_list if mac_afp_or_smb_mounts_list is iterable else [] }}" - notify: mac_run_automount + - name: Add mounts to /etc/auto_afp + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_afp + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" + state: present + unsafe_writes: true + mode: 0644 + loop: "{{ mac_afp_or_smb_mounts_list if mac_afp_or_smb_mounts_list is iterable else [] }}" + notify: mac_run_automount - - name: remove mounts from /etc/auto_afp - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_afp - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" - state: present - unsafe_writes: true - mode: 0644 - loop: "{{ mac_afp_or_smb_mounts_remove if mac_afp_or_smb_mounts_remove is iterable else [] }}" - notify: mac_run_automount_unmount + - name: Remove mounts from /etc/auto_afp + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_afp + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" + state: present + unsafe_writes: true + mode: 0644 + loop: "{{ mac_afp_or_smb_mounts_remove if mac_afp_or_smb_mounts_remove is iterable else [] }}" + notify: mac_run_automount_unmount - - name: add SMB shared drives to macs - when: mac_autofs_type == 'smb' - block: - - name: add auto_smb to "/private/etc/auto_master" - become: true - ansible.builtin.lineinfile: - path: /private/etc/auto_master - regexp: "auto_smb" - line: "/- auto_smb -noowners,nosuid" - unsafe_writes: true + - name: Add SMB shared drives to macs + when: mac_autofs_type == 'smb' + block: + - name: Add auto_smb to "/private/etc/auto_master" + become: true + ansible.builtin.lineinfile: + path: /private/etc/auto_master + regexp: "auto_smb" + line: "/- auto_smb -noowners,nosuid" + unsafe_writes: true - - name: add mounts to /etc/auto_smb - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_smb - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=smbfs,soft,noowners,nosuid,rw ://{{ smb_username }}:{{ smb_password }}@{{ item.src }}" - state: present - unsafe_writes: true - mode: 0644 - loop: "{{ mac_afp_or_smb_mounts_list if mac_afp_or_smb_mounts_list is iterable else [] }}" - notify: mac_run_automount + - name: Add mounts to /etc/auto_smb + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_smb + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=smbfs,soft,noowners,nosuid,rw ://{{ smb_username }}:{{ smb_password }}@{{ item.src }}" + state: present + unsafe_writes: true + mode: 0644 + loop: "{{ mac_afp_or_smb_mounts_list if mac_afp_or_smb_mounts_list is iterable else [] }}" + notify: mac_run_automount - - name: remove mounts from /etc/auto_smb - become: true - ansible.builtin.lineinfile: - create: true - path: /private/etc/auto_smb - regexp: "{{ item.src }}" - line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" - state: present - unsafe_writes: true - mode: 0644 - loop: "{{ mac_afp_or_smb_mounts_remove if mac_afp_or_smb_mounts_remove is iterable else [] }}" - notify: mac_run_automount_unmount + - name: Remove mounts from /etc/auto_smb + become: true + ansible.builtin.lineinfile: + create: true + path: /private/etc/auto_smb + regexp: "{{ item.src }}" + line: "{{ item.local }} -fstype=afp,rw afp://{{ item.src }}" + state: present + unsafe_writes: true + mode: 0644 + loop: "{{ mac_afp_or_smb_mounts_remove if mac_afp_or_smb_mounts_remove is iterable else [] }}" + notify: mac_run_automount_unmount diff --git a/tasks/consul.yml b/tasks/consul.yml index c5979b0..6cd337b 100644 --- a/tasks/consul.yml +++ b/tasks/consul.yml @@ -4,356 +4,362 @@ - name: Set variables needed to install consul block: - - name: "Set variable: check if we have a mounted USB drive (Debian)" - ansible.builtin.stat: - path: "{{ rpi_usb_drive_mount_point }}" - register: have_usb_drive - changed_when: false - when: - - ansible_os_family == 'Debian' + - name: "Set variable: check if we have a mounted USB drive (Debian)" + ansible.builtin.stat: + path: "{{ rpi_usb_drive_mount_point }}" + register: have_usb_drive + changed_when: false + when: + - ansible_os_family == 'Debian' - - name: "Set variable: Use USB drive for consul /opt (Debian)" - ansible.builtin.set_fact: - consul_opt_dir: "{{ rpi_usb_drive_mount_point }}/opt/consul" - when: - - ansible_os_family == 'Debian' - - have_usb_drive.stat.exists + - name: "Set variable: Use USB drive for consul /opt (Debian)" + ansible.builtin.set_fact: + consul_opt_dir: "{{ rpi_usb_drive_mount_point }}/opt/consul" + when: + - ansible_os_family == 'Debian' + - have_usb_drive.stat.exists - - name: "Set variable: Use root disk for consul /opt (Debian)" - ansible.builtin.set_fact: - consul_opt_dir: "/opt/consul" - when: - - ansible_os_family == 'Debian' - - not have_usb_drive.stat.exists + - name: "Set variable: Use root disk for consul /opt (Debian)" + ansible.builtin.set_fact: + consul_opt_dir: "/opt/consul" + when: + - ansible_os_family == 'Debian' + - not have_usb_drive.stat.exists - - name: "Set variable: Use ~/library for /opt files (macOSX)" - ansible.builtin.set_fact: - consul_opt_dir: "/Users/{{ ansible_user }}/Library/consul" - when: - - mac_intel or mac_arm + - name: "Set variable: Use ~/library for /opt files (macOSX)" + ansible.builtin.set_fact: + consul_opt_dir: "/Users/{{ ansible_user }}/Library/consul" + when: + - mac_intel or mac_arm - - name: "Set variable: Use ~/volume1/docker/consul/data for /opt files (synology)" - ansible.builtin.set_fact: - consul_opt_dir: "/volume1/docker/consul/data" - when: - - inventory_hostname == 'synology' + - name: "Set variable: Use ~/volume1/docker/consul/data for /opt files (synology)" + ansible.builtin.set_fact: + consul_opt_dir: "/volume1/docker/consul/data" + when: + - inventory_hostname == 'synology' - - name: "Set variable: Set Consul download Binary (armv7l)" - ansible.builtin.set_fact: - consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm.zip" - when: - - ansible_os_family == 'Debian' - - ansible_architecture == 'armv7l' + - name: "Set variable: Set Consul download Binary (armv7l)" + ansible.builtin.set_fact: + consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm.zip" + when: + - ansible_os_family == 'Debian' + - ansible_architecture == 'armv7l' - - name: "Set variable: Set Consul download Binary (aarch64)" - ansible.builtin.set_fact: - consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm64.zip" - when: - - ansible_os_family == 'Debian' - - ansible_architecture == 'aarch64' + - name: "Set variable: Set Consul download Binary (aarch64)" + ansible.builtin.set_fact: + consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_arm64.zip" + when: + - ansible_os_family == 'Debian' + - ansible_architecture == 'aarch64' - - name: "Set variable: Set Consul download Binary (MacOSX)" - ansible.builtin.set_fact: - consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_darwin_amd64.zip" - when: mac_intel + - name: "Set variable: Set Consul download Binary (MacOSX)" + ansible.builtin.set_fact: + consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_darwin_amd64.zip" + when: mac_intel - - name: "Set variable: Set Consul download Binary (MacOSX)" - ansible.builtin.set_fact: - consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_darwin_arm64.zip" - when: mac_arm + - name: "Set variable: Set Consul download Binary (MacOSX)" + ansible.builtin.set_fact: + consul_download_uri: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_darwin_arm64.zip" + when: mac_arm - - name: Assert that we can install Consul - ansible.builtin.assert: - that: - - consul_download_uri is defined - - consul_opt_dir is defined - fail_msg: "Unable to install consul on this host" - when: inventory_hostname != 'synology' + - name: Assert that we can install Consul + ansible.builtin.assert: + that: + - consul_download_uri is defined + - consul_opt_dir is defined + fail_msg: "Unable to install consul on this host" + when: inventory_hostname != 'synology' - name: "Stop Consul" block: - - name: "Stop consul systemd service (Debian)" - become: true - ansible.builtin.systemd: - name: consul - state: stopped - when: - - ansible_os_family == 'Debian' - - ansible_facts.services["consul.service"] is defined + - name: "Stop consul systemd service (Debian)" + become: true + ansible.builtin.systemd: + name: consul + state: stopped + when: + - ansible_os_family == 'Debian' + - ansible_facts.services["consul.service"] is defined - - name: "Check if plist file exists (MacOSX)" - ansible.builtin.stat: - path: "{{ consul_plist_macos }}" - register: consul_file - when: - - ansible_os_family == 'Darwin' + - name: "Check if plist file exists (MacOSX)" + ansible.builtin.stat: + path: "{{ consul_plist_macos }}" + register: consul_file + when: + - ansible_os_family == 'Darwin' - - name: "Unload consul agent (MacOSX)" - become: true - ansible.builtin.command: - cmd: "launchctl unload {{ consul_plist_macos }}" - when: - - ansible_os_family == 'Darwin' - - consul_file.stat.exists + - name: "Unload consul agent (MacOSX)" + become: true + ansible.builtin.command: + cmd: "launchctl unload {{ consul_plist_macos }}" + register: consul_unload + failed_when: consul_unload.rc != 0 + changed_when: consul_unload.rc == 0 + when: + - ansible_os_family == 'Darwin' + - consul_file.stat.exists - name: "Create 'consul' user and group" when: - - ansible_os_family == 'Debian' + - ansible_os_family == 'Debian' block: - - name: "Ensure group 'consul' exists (Debian)" - become: true - ansible.builtin.group: - name: consul - state: present + - name: "Ensure group 'consul' exists (Debian)" + become: true + ansible.builtin.group: + name: consul + state: present - - name: "Add the user 'consul' with group 'consul' (Debian)" - become: true - ansible.builtin.user: - name: consul - group: consul + - name: "Add the user 'consul' with group 'consul' (Debian)" + become: true + ansible.builtin.user: + name: consul + group: consul - name: "Create Consul /opt storage and copy certificates" block: - - name: "Create {{ consul_opt_dir }} directories" - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - recurse: true - mode: 0755 - loop: - - "{{ consul_opt_dir }}" - - "{{ consul_opt_dir }}/logs" - - "{{ consul_opt_dir }}/plugins" - - "{{ consul_opt_dir }}/certs" + - name: "Create {{ consul_opt_dir }} directories" + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + recurse: true + mode: 0755 + loop: + - "{{ consul_opt_dir }}" + - "{{ consul_opt_dir }}/logs" + - "{{ consul_opt_dir }}/plugins" + - "{{ consul_opt_dir }}/certs" - - name: Copy certs to servers - become: true - ansible.builtin.copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: 0755 - loop: - - { src: "certs/consul/consul-agent-ca.pem", dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" } - - { src: "certs/consul/{{ datacenter_name }}-server-consul-0.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0.pem" } - - { src: "certs/consul/{{ datacenter_name }}-server-consul-0-key.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem" } - when: - - is_consul_server + - name: Copy certs to servers + become: true + ansible.builtin.copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + loop: + - { src: "certs/consul/consul-agent-ca.pem", dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" } + - { src: "certs/consul/{{ datacenter_name }}-server-consul-0.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0.pem" } + - { src: "certs/consul/{{ datacenter_name }}-server-consul-0-key.pem", dest: "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem" } + when: + - is_consul_server - - name: Copy certs to clients - become: true - ansible.builtin.copy: - src: certs/consul/consul-agent-ca.pem - dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" - mode: 0755 - when: - - is_consul_client - - not is_consul_server + - name: Copy certs to clients + become: true + ansible.builtin.copy: + src: certs/consul/consul-agent-ca.pem + dest: "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" + mode: 0755 + when: + - is_consul_client + - not is_consul_server - - name: "Set owner of files to consul:consul (debian)" - become: true - ansible.builtin.file: - path: "{{ consul_opt_dir }}" - owner: consul - group: consul - recurse: true - when: - - ansible_os_family == 'Debian' + - name: "Set owner of files to consul:consul (debian)" + become: true + ansible.builtin.file: + path: "{{ consul_opt_dir }}" + owner: consul + group: consul + recurse: true + when: + - ansible_os_family == 'Debian' - - name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" - become: true - ansible.builtin.file: - path: "{{ consul_opt_dir }}" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - recurse: true - when: - - mac_intel or mac_arm or inventory_hostname == 'synology' + - name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" + become: true + ansible.builtin.file: + path: "{{ consul_opt_dir }}" + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + recurse: true + when: + - mac_intel or mac_arm or inventory_hostname == 'synology' - name: "Template out Consul configuration file" block: - - name: "Create {{ interpolated_consul_configuration_dir }}" - become: true - ansible.builtin.file: - path: "{{ interpolated_consul_configuration_dir }}" - state: directory - mode: 0755 + - name: "Create {{ interpolated_consul_configuration_dir }}" + become: true + ansible.builtin.file: + path: "{{ interpolated_consul_configuration_dir }}" + state: directory + mode: 0755 - - name: Copy consul base config file - become: true - ansible.builtin.template: - src: consul.hcl.j2 - dest: "{{ interpolated_consul_configuration_dir }}/consul.hcl" - mode: 0644 + - name: Copy consul base config file + become: true + ansible.builtin.template: + src: consul.hcl.j2 + dest: "{{ interpolated_consul_configuration_dir }}/consul.hcl" + mode: 0644 - - name: "Set owner of files to consul:consul (Debian)" - become: true - ansible.builtin.file: - path: "{{ interpolated_consul_configuration_dir }}" - owner: consul - group: consul - recurse: true - when: - - ansible_os_family == 'Debian' + - name: "Set owner of files to consul:consul (Debian)" + become: true + ansible.builtin.file: + path: "{{ interpolated_consul_configuration_dir }}" + owner: consul + group: consul + recurse: true + when: + - ansible_os_family == 'Debian' - - name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" - become: true - ansible.builtin.file: - path: "{{ interpolated_consul_configuration_dir }}" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - recurse: true - when: - - mac_intel or mac_arm or inventory_hostname == 'synology' + - name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }}" + become: true + ansible.builtin.file: + path: "{{ interpolated_consul_configuration_dir }}" + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + recurse: true + when: + - mac_intel or mac_arm or inventory_hostname == 'synology' - - name: "Set owner of root consul dir to {{ ansible_user_uid }}:{{ ansible_user_gid }} (synology)" - become: true - ansible.builtin.file: - path: /volume1/docker/consul/ - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - recurse: true - when: - - inventory_hostname == 'synology' + - name: "Set owner of root consul dir to {{ ansible_user_uid }}:{{ ansible_user_gid }} (synology)" + become: true + ansible.builtin.file: + path: /volume1/docker/consul/ + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + recurse: true + when: + - inventory_hostname == 'synology' - name: "Install Consul binary" block: - - name: "Set fact: need install consul?" - ansible.builtin.set_fact: - need_consul_install: false - when: - - consul_download_uri is defined + - name: "Set fact: need install consul?" + ansible.builtin.set_fact: + need_consul_install: false + when: + - consul_download_uri is defined - - name: Check if Consul is installed - ansible.builtin.stat: - path: /usr/local/bin/consul - register: consul_binary_file_location - when: - - consul_download_uri is defined + - name: Check if Consul is installed + ansible.builtin.stat: + path: /usr/local/bin/consul + register: consul_binary_file_location + when: + - consul_download_uri is defined - - name: "Set fact: need consul install?" - ansible.builtin.set_fact: - need_consul_install: true - when: - - consul_download_uri is defined - - not consul_binary_file_location.stat.exists + - name: "Set fact: need consul install?" + ansible.builtin.set_fact: + need_consul_install: true + when: + - consul_download_uri is defined + - not consul_binary_file_location.stat.exists - - name: Check current version of Consul - ansible.builtin.shell: - cmd: /usr/local/bin/consul --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' - ignore_errors: true - changed_when: false - register: installed_consul_version - check_mode: false - when: - - consul_download_uri is defined - - not need_consul_install + - name: Check current version of Consul + ansible.builtin.shell: + cmd: /usr/local/bin/consul --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' + ignore_errors: true + changed_when: false + register: installed_consul_version + check_mode: false + when: + - consul_download_uri is defined + - not need_consul_install - - name: "Set fact: need consul install?" - ansible.builtin.set_fact: - need_consul_install: true - when: - - consul_download_uri is defined - - not need_consul_install - - installed_consul_version.stdout is version(consul_version, '<') + - name: "Set fact: need consul install?" + ansible.builtin.set_fact: + need_consul_install: true + when: + - consul_download_uri is defined + - not need_consul_install + - installed_consul_version.stdout is version(consul_version, '<') - - name: Install Consul - become: true - ansible.builtin.unarchive: - src: "{{ consul_download_uri }}" - dest: /usr/local/bin - remote_src: true - when: - - consul_download_uri is defined - - need_consul_install + - name: Install Consul + become: true + ansible.builtin.unarchive: + src: "{{ consul_download_uri }}" + dest: /usr/local/bin + remote_src: true + when: + - consul_download_uri is defined + - need_consul_install - name: "Validate consul config" ansible.builtin.command: - cmd: "/usr/local/bin/consul validate {{ interpolated_consul_configuration_dir }}" + cmd: "/usr/local/bin/consul validate {{ interpolated_consul_configuration_dir }}" register: consul_config_valid changed_when: false failed_when: consul_config_valid.rc != 0 when: - - inventory_hostname != 'synology' + - inventory_hostname != 'synology' - name: "Copy system.d or launchctl service files" block: - - name: Ensure /Library/LaunchAgents exists (MacOSX) - ansible.builtin.file: - path: "{{ consul_plist_macos | dirname }}" - state: directory - mode: 0755 - when: - - ansible_os_family == 'Darwin' + - name: Ensure /Library/LaunchAgents exists (MacOSX) + ansible.builtin.file: + path: "{{ consul_plist_macos | dirname }}" + state: directory + mode: 0755 + when: + - ansible_os_family == 'Darwin' - - name: Create Consul launchd service (MacOSX) - ansible.builtin.template: - src: consul.launchd.j2 - dest: "{{ consul_plist_macos }}" - mode: 0644 - when: - - ansible_os_family == 'Darwin' + - name: Create Consul launchd service (MacOSX) + ansible.builtin.template: + src: consul.launchd.j2 + dest: "{{ consul_plist_macos }}" + mode: 0644 + when: + - ansible_os_family == 'Darwin' - - name: Create Consul service (Debian) - become: true - ansible.builtin.template: - src: consul.service.j2 - dest: /etc/systemd/system/consul.service - mode: 0644 - when: - - ansible_os_family == 'Debian' + - name: Create Consul service (Debian) + become: true + ansible.builtin.template: + src: consul.service.j2 + dest: /etc/systemd/system/consul.service + mode: 0644 + when: + - ansible_os_family == 'Debian' - name: "Start Consul" block: - - name: Load the Consul agent (MacOSX) - ansible.builtin.command: - cmd: "launchctl load -w {{ consul_plist_macos }}" - when: - - mac_intel or mac_arm - - "'nostart' not in ansible_run_tags" + - name: Load the Consul agent (MacOSX) + ansible.builtin.command: + cmd: "launchctl load -w {{ consul_plist_macos }}" + register: consul_loaded + changed_when: consul_loaded.rc == 0 + failed_when: consul_loaded.rc > 0 + when: + - mac_intel or mac_arm + - "'nostart' not in ansible_run_tags" - - name: Start Consul (Debian) - become: true - ansible.builtin.systemd: - name: consul - enabled: true - state: started - when: - - ansible_os_family == 'Debian' - - "'nostart' not in ansible_run_tags" + - name: Start Consul (Debian) + become: true + ansible.builtin.systemd: + name: consul + enabled: true + state: started + when: + - ansible_os_family == 'Debian' + - "'nostart' not in ansible_run_tags" - - name: Make sure Consul service is really running - ansible.builtin.command: - cmd: systemctl is-active consul - register: is_consul_really_running - changed_when: false - failed_when: is_consul_really_running.rc != 0 - when: - - ansible_os_family == 'Debian' - - "'nostart' not in ansible_run_tags" + - name: Make sure Consul service is really running + ansible.builtin.command: + cmd: systemctl is-active consul + register: is_consul_really_running + changed_when: false + failed_when: is_consul_really_running.rc != 0 + when: + - ansible_os_family == 'Debian' + - "'nostart' not in ansible_run_tags" - name: "Copy Consul service checks to synology" when: - - inventory_hostname == 'synology' + - inventory_hostname == 'synology' block: - - name: Copy config file - ansible.builtin.template: - src: consul_services/consul_synology_checks.json.j2 - dest: "{{ interpolated_consul_configuration_dir }}/service_checks.json" - mode: 0644 + - name: Copy config file + ansible.builtin.template: + src: consul_services/consul_synology_checks.json.j2 + dest: "{{ interpolated_consul_configuration_dir }}/service_checks.json" + mode: 0644 - - name: Reload configuration file - ansible.builtin.uri: - url: "http://{{ synology_second_ip }}:8500/v1/agent/reload" - method: PUT - status_code: 200 - ignore_errors: true - check_mode: false - register: consul_agent_reload_http_response - failed_when: consul_agent_reload_http_response.status != 200 + - name: Reload configuration file + ansible.builtin.uri: + url: "http://{{ synology_second_ip }}:8500/v1/agent/reload" + method: PUT + status_code: 200 + ignore_errors: true + check_mode: false + register: consul_agent_reload_http_response + failed_when: consul_agent_reload_http_response.status != 200 - - name: Debug when consul agent reload fails - ansible.builtin.debug: - var: consul_agent_reload_http_response.msg - check_mode: false - when: consul_agent_reload_http_response.status != 200 + - name: Debug when consul agent reload fails + ansible.builtin.debug: + var: consul_agent_reload_http_response.msg + check_mode: false + when: consul_agent_reload_http_response.status != 200 diff --git a/tasks/debug.yml b/tasks/debug.yml index 9448138..2763ecc 100644 --- a/tasks/debug.yml +++ b/tasks/debug.yml @@ -33,5 +33,5 @@ # when: # - ansible_facts['system_vendor'] is search("Synology") -- name: "end play" +- name: "End play" ansible.builtin.meta: end_play diff --git a/tasks/docker.yml b/tasks/docker.yml index 7ae224a..81d593e 100644 --- a/tasks/docker.yml +++ b/tasks/docker.yml @@ -4,85 +4,91 @@ - name: Check if Docker is already present ansible.builtin.command: - cmd: docker --version + cmd: docker --version register: docker_command_result changed_when: docker_command_result.rc == 1 failed_when: false -- name: install docker on Debian +- name: Install docker on Debian when: ansible_os_family == 'Debian' block: - - name: "Add docker local filesystem storage directory" - ansible.builtin.file: - path: "{{ rpi_localfs_service_storage }}" - mode: 0755 - state: directory + - name: "Add docker local filesystem storage directory" + ansible.builtin.file: + path: "{{ rpi_localfs_service_storage }}" + mode: 0755 + state: directory - - name: Download Docker install convenience script - ansible.builtin.get_url: - url: "https://get.docker.com/" - dest: /tmp/get-docker.sh - mode: 0775 - when: docker_command_result.rc == 1 + - name: Download Docker install convenience script + ansible.builtin.get_url: + url: "https://get.docker.com/" + dest: /tmp/get-docker.sh + mode: 0775 + when: docker_command_result.rc == 1 - - name: Run Docker install convenience script - ansible.builtin.command: /tmp/get-docker.sh - environment: - CHANNEL: stable - when: docker_command_result.rc == 1 + - name: Run Docker install convenience script + ansible.builtin.command: /tmp/get-docker.sh + environment: + CHANNEL: stable + register: docker_install + failed_when: docker_install.rc > 0 + changed_when: docker_install.rc == 0 + when: docker_command_result.rc == 1 - - name: Make sure Docker CE is the version specified - ansible.builtin.apt: - name: "docker-ce" - state: present - when: docker_command_result.rc == 1 + - name: Make sure Docker CE is the version specified + ansible.builtin.apt: + name: "docker-ce" + state: present + when: docker_command_result.rc == 1 - - name: Ensure Docker is started - ansible.builtin.service: - name: docker - state: started - enabled: true + - name: Ensure Docker is started + ansible.builtin.service: + name: docker + state: started + enabled: true - - name: Ensure docker users are added to the docker group - become: true - ansible.builtin.user: - name: "{{ ansible_user }}" - groups: docker - append: true - when: docker_command_result.rc == 1 + - name: Ensure docker users are added to the docker group + become: true + ansible.builtin.user: + name: "{{ ansible_user }}" + groups: docker + append: true + when: docker_command_result.rc == 1 -- name: install docker on macOS +- name: Install docker on macOS when: "'macs' in group_names" block: - - name: "Add docker directory to ~/Library" - ansible.builtin.file: - path: "{{ mac_localfs_service_storage }}" - mode: 0755 - state: directory + - name: "Add docker directory to ~/Library" + ansible.builtin.file: + path: "{{ mac_localfs_service_storage }}" + mode: 0755 + state: directory - - name: install base homebrew packages - community.general.homebrew: - name: docker - state: present - update_homebrew: false - upgrade_all: false - when: docker_command_result.rc == 1 + - name: Install base homebrew packages + community.general.homebrew: + name: docker + state: present + update_homebrew: false + upgrade_all: false + when: docker_command_result.rc == 1 - - name: open docker application - ansible.builtin.command: - cmd: open /Applications/Docker.app - when: docker_command_result.rc == 1 + - name: Open docker application + ansible.builtin.command: + cmd: open /Applications/Docker.app + register: docker_open_app + failed_when: docker_open_app.rc > 0 + changed_when: docker_open_app.rc == 0 + when: docker_command_result.rc == 1 - - name: Must install Docker manually - ansible.builtin.debug: - msg: | - Docker must be installed manually on MacOS. Log in to mac to install then rerun playbook + - name: Must install Docker manually + ansible.builtin.debug: + msg: | + Docker must be installed manually on MacOS. Log in to mac to install then rerun playbook - Be certain to configure the following: - - run on login - - add '{{ mac_storage_mount_point }}' to mountable file system directories - when: docker_command_result.rc == 1 + Be certain to configure the following: + - run on login + - add '{{ mac_storage_mount_point }}' to mountable file system directories + when: docker_command_result.rc == 1 - - name: end play - ansible.builtin.meta: end_play - when: docker_command_result.rc == 1 + - name: End play + ansible.builtin.meta: end_play + when: docker_command_result.rc == 1 diff --git a/tasks/interpolated_variables.yml b/tasks/interpolated_variables.yml index 8d32fd5..0ea9559 100644 --- a/tasks/interpolated_variables.yml +++ b/tasks/interpolated_variables.yml @@ -8,46 +8,46 @@ - name: "Set local filesystem location (pis)" ansible.builtin.set_fact: - interpolated_localfs_service_storage: "{{ rpi_localfs_service_storage }}" + interpolated_localfs_service_storage: "{{ rpi_localfs_service_storage }}" changed_when: false when: - - "'pis' in group_names" + - "'pis' in group_names" - name: "Set local filesystem location (macs)" ansible.builtin.set_fact: - interpolated_localfs_service_storage: "{{ mac_localfs_service_storage }}" + interpolated_localfs_service_storage: "{{ mac_localfs_service_storage }}" changed_when: false when: - - "'macs' in group_names" + - "'macs' in group_names" - name: "Set NFS mount location (pis)" ansible.builtin.set_fact: - interpolated_nfs_service_storage: "{{ rpi_nfs_mount_point }}" + interpolated_nfs_service_storage: "{{ rpi_nfs_mount_point }}" changed_when: false when: - - "'pis' in group_names" + - "'pis' in group_names" - name: "Set NFS mount location location (macs)" ansible.builtin.set_fact: - interpolated_nfs_service_storage: "{{ mac_storage_mount_point }}" + interpolated_nfs_service_storage: "{{ mac_storage_mount_point }}" changed_when: false when: - - "'macs' in group_names" + - "'macs' in group_names" -- name: "set consul configuration directory (synology)" +- name: "Set consul configuration directory (synology)" ansible.builtin.set_fact: - interpolated_consul_configuration_dir: "{{ synology_consul_configuration_dir }}" + interpolated_consul_configuration_dir: "{{ synology_consul_configuration_dir }}" when: - - inventory_hostname == 'synology' + - inventory_hostname == 'synology' -- name: "set consul configuration directory (pis)" +- name: "Set consul configuration directory (pis)" ansible.builtin.set_fact: - interpolated_consul_configuration_dir: "{{ rpi_consul_configuration_dir }}" + interpolated_consul_configuration_dir: "{{ rpi_consul_configuration_dir }}" when: - - "'pis' in group_names" + - "'pis' in group_names" -- name: "set consul configuration directory (macs)" +- name: "Set consul configuration directory (macs)" ansible.builtin.set_fact: - interpolated_consul_configuration_dir: "{{ mac_consul_configuration_dir }}" + interpolated_consul_configuration_dir: "{{ mac_consul_configuration_dir }}" when: - - "'macs' in group_names" + - "'macs' in group_names" diff --git a/tasks/logrotate.yml b/tasks/logrotate.yml index 6b63dc9..ea2664d 100644 --- a/tasks/logrotate.yml +++ b/tasks/logrotate.yml @@ -4,29 +4,29 @@ # # NOTE: This task exists due to the arillso.logrotate failing completely on macOS -- name: add service_backups.log to logrotate +- name: Add service_backups.log to logrotate become: true vars: - logrotate_applications: - - name: service_backups - definitions: - - logs: - - "{{ rpi_nfs_mount_point }}/pi-cluster/logs/service_backups.log" - options: - - rotate 1 - - size 100k - - missingok - - notifempty - - su root root - - extension .log - - compress - - nodateext - - nocreate - - delaycompress + logrotate_applications: + - name: service_backups + definitions: + - logs: + - "{{ rpi_nfs_mount_point }}/pi-cluster/logs/service_backups.log" + options: + - rotate 1 + - size 100k + - missingok + - notifempty + - su root root + - extension .log + - compress + - nodateext + - nocreate + - delaycompress ansible.builtin.import_role: - name: arillso.logrotate + name: arillso.logrotate failed_when: false ignore_errors: true when: - - "'macs' not in group_names" - - is_cluster_leader + - "'macs' not in group_names" + - is_cluster_leader diff --git a/tasks/nomad.yml b/tasks/nomad.yml index 9141e55..9578358 100644 --- a/tasks/nomad.yml +++ b/tasks/nomad.yml @@ -4,7 +4,7 @@ - name: "Set variables needed to install Nomad" block: - - name: "set variable: check if we have a mounted USB drive (Debian)" + - name: "Set variable: check if we have a mounted USB drive (Debian)" ansible.builtin.stat: path: "{{ rpi_usb_drive_mount_point }}" register: have_usb_drive @@ -12,41 +12,41 @@ when: - ansible_os_family == 'Debian' - - name: "set variable: Use USB drive for nomad /opt (Debian)" + - name: "Set variable: Use USB drive for nomad /opt (Debian)" ansible.builtin.set_fact: nomad_opt_dir_location: "{{ rpi_usb_drive_mount_point }}/opt/nomad" when: - ansible_os_family == 'Debian' - have_usb_drive.stat.exists - - name: "set variable: Use root dist for nomad /opt (Debian)" + - name: "Set variable: Use root dist for nomad /opt (Debian)" ansible.builtin.set_fact: nomad_opt_dir_location: "/opt/nomad" when: - ansible_os_family == 'Debian' - not have_usb_drive.stat.exists - - name: "set variable: Use ~/library for /opt files (macOSX)" + - name: "Set variable: Use ~/library for /opt files (macOSX)" ansible.builtin.set_fact: nomad_opt_dir_location: "/Users/{{ ansible_user }}/Library/nomad" when: - ansible_os_family == 'Darwin' - - name: "set variable: Set Nomad download Binary (armv7l)" + - name: "Set variable: Set Nomad download Binary (armv7l)" ansible.builtin.set_fact: nomad_download_file_uri: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_arm.zip" when: - ansible_os_family == 'Debian' - ansible_architecture == 'armv7l' - - name: "set variable: Set Nomad download Binary (aarch64)" + - name: "Set variable: Set Nomad download Binary (aarch64)" ansible.builtin.set_fact: nomad_download_file_uri: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_arm64.zip" when: - ansible_os_family == 'Debian' - ansible_architecture == 'aarch64' - - name: "set variable: Set Nomad download Binary (MacOSX)" + - name: "Set variable: Set Nomad download Binary (MacOSX)" ansible.builtin.set_fact: nomad_download_file_uri: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_darwin_amd64.zip" when: @@ -83,7 +83,7 @@ - name: "Create Nomad /opt storage" block: - - name: "create {{ nomad_opt_dir_location }} directories" + - name: "Create {{ nomad_opt_dir_location }} directories" become: true ansible.builtin.file: path: "{{ item }}" @@ -121,7 +121,7 @@ notify: "restart nomad" when: is_nomad_client - - name: "set owner of files to nomad:nomad (debian)" + - name: "Set owner of files to nomad:nomad (debian)" become: true ansible.builtin.file: path: "{{ nomad_opt_dir_location }}" @@ -130,7 +130,7 @@ recurse: true when: ansible_os_family == 'Debian' - - name: "set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }} (MacOSX)" + - name: "Set owner of files to {{ ansible_user_uid }}:{{ ansible_user_gid }} (MacOSX)" become: true ansible.builtin.file: path: "{{ nomad_opt_dir_location }}" @@ -141,14 +141,14 @@ - name: "Template out the configuration file" block: - - name: "create {{ nomad_configuration_dir }}" + - name: "Create {{ nomad_configuration_dir }}" become: true ansible.builtin.file: path: "{{ nomad_configuration_dir }}" state: directory mode: 0755 - - name: copy base config file + - name: Copy base config file become: true ansible.builtin.template: src: nomad.hcl.j2 @@ -156,7 +156,7 @@ mode: 0644 notify: "restart nomad" - - name: "set owner of files to nomad:nomad (Debian)" + - name: "Set owner of files to nomad:nomad (Debian)" become: true ansible.builtin.file: path: "{{ nomad_configuration_dir }}" @@ -168,7 +168,7 @@ - name: Install or Update Nomad block: - - name: "set fact: do we need a nomad install?" + - name: "Set fact: do we need a nomad install?" ansible.builtin.set_fact: need_nomad_install: false @@ -177,7 +177,7 @@ path: /usr/local/bin/nomad register: nomad_binary_file_location - - name: "set fact: do we need a nomad install" + - name: "Set fact: do we need a nomad install" ansible.builtin.set_fact: need_nomad_install: true when: @@ -192,14 +192,14 @@ when: - not need_nomad_install - - name: "set fact: do we need a nomad install" + - name: "Set fact: do we need a nomad install" ansible.builtin.set_fact: need_nomad_install: true when: - not need_nomad_install - current_nomad_version.stdout is version(nomad_version, '<') - - name: install Nomad + - name: Install Nomad become: true ansible.builtin.unarchive: src: "{{ nomad_download_file_uri }}" @@ -211,7 +211,7 @@ - name: "Copy system.d or launchctrl service files" block: - - name: ensure /Library/LaunchAgents exists (MacOSX) + - name: Ensure /Library/LaunchAgents exists (MacOSX) ansible.builtin.file: path: "{{ nomad_plist_macos | dirname }}" state: directory @@ -219,7 +219,7 @@ when: - ansible_os_family == 'Darwin' - - name: create nomad launchd service (MacOSX) + - name: Create nomad launchd service (MacOSX) ansible.builtin.template: src: nomad.launchd.j2 dest: "{{ nomad_plist_macos }}" @@ -228,7 +228,7 @@ when: - ansible_os_family == 'Darwin' - - name: create nomad service (Debian) + - name: Create nomad service (Debian) become: true ansible.builtin.template: src: nomad.service.j2 @@ -238,7 +238,7 @@ when: - ansible_os_family == 'Debian' -- name: "start nomad, if stopped" +- name: "Start nomad, if stopped" ansible.builtin.shell: cmd: "/usr/local/bin/nomad node status -self -short | grep {{ inventory_hostname }}" register: node_status_response diff --git a/tasks/orchestration_jobs.yml b/tasks/orchestration_jobs.yml index e28e646..7bee6ee 100644 --- a/tasks/orchestration_jobs.yml +++ b/tasks/orchestration_jobs.yml @@ -10,67 +10,67 @@ - name: "Sync Nomad Jobs" block: - - name: Remove nomad jobs directory - ansible.builtin.file: - path: "{{ nomad_jobfile_location }}" - state: absent - when: - - is_nomad_client or is_nomad_server or ("'macs' in group_names") - - clean_nomad_jobs + - name: Remove nomad jobs directory + ansible.builtin.file: + path: "{{ nomad_jobfile_location }}" + state: absent + when: + - is_nomad_client or is_nomad_server or ("'macs' in group_names") + - clean_nomad_jobs - - name: (Re)Create nomad jobs directory - ansible.builtin.file: - path: "{{ nomad_jobfile_location }}" - state: directory - mode: 0755 - when: - - is_nomad_client or is_nomad_server or ("'macs' in group_names") - - "'nas' not in group_names" + - name: (Re)Create nomad jobs directory + ansible.builtin.file: + path: "{{ nomad_jobfile_location }}" + state: directory + mode: 0755 + when: + - is_nomad_client or is_nomad_server or ("'macs' in group_names") + - "'nas' not in group_names" - - name: synchronize nomad job templates (jinja) - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ nomad_jobfile_location }}/{{ item | basename | regex_replace('.j2$', '') }}" - mode: 0644 - with_fileglob: "templates/nomad_jobs/*.j2" - when: - - is_nomad_client or is_nomad_server or ("'macs' in group_names") - - "'nas' not in group_names" + - name: Synchronize nomad job templates (jinja) + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ nomad_jobfile_location }}/{{ item | basename | regex_replace('.j2$', '') }}" + mode: 0644 + with_fileglob: "templates/nomad_jobs/*.j2" + when: + - is_nomad_client or is_nomad_server or ("'macs' in group_names") + - "'nas' not in group_names" - - name: synchronize nomad job templates (hcl) - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ nomad_jobfile_location }}/{{ item | basename }}" - mode: 0644 - with_fileglob: "templates/nomad_jobs/*.hcl" - when: - - is_nomad_client or is_nomad_server or ("'macs' in group_names") - - "'nas' not in group_names" + - name: Synchronize nomad job templates (hcl) + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ nomad_jobfile_location }}/{{ item | basename }}" + mode: 0644 + with_fileglob: "templates/nomad_jobs/*.hcl" + when: + - is_nomad_client or is_nomad_server or ("'macs' in group_names") + - "'nas' not in group_names" - - name: Ensure we have local storage folders - become: true - ansible.builtin.file: - path: "{{ interpolated_localfs_service_storage }}/{{ item }}" - state: directory - mode: 0777 - group: "{{ ansible_user_gid }}" - owner: "{{ ansible_user_uid }}" - when: - - is_nomad_client or is_nomad_server - loop: "{{ service_localfs_dirs }}" + - name: Ensure we have local storage folders + become: true + ansible.builtin.file: + path: "{{ interpolated_localfs_service_storage }}/{{ item }}" + state: directory + mode: 0777 + group: "{{ ansible_user_gid }}" + owner: "{{ ansible_user_uid }}" + when: + - is_nomad_client or is_nomad_server + loop: "{{ service_localfs_dirs }}" -- name: "Sync docker compose files" +- name: Sync docker compose files when: is_docker_compose_client block: - - name: confirm compose file dir exists - ansible.builtin.file: - path: "{{ docker_compose_file_location }}" - state: directory - mode: 0755 + - name: Confirm compose file dir exists + ansible.builtin.file: + path: "{{ docker_compose_file_location }}" + state: directory + mode: 0755 - - name: synchronize docker-compose files - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ docker_compose_file_location }}/{{ item | basename | regex_replace('.j2$', '') }}" - mode: 0644 - with_fileglob: "../templates/docker_compose_files/*.j2" + - name: Synchronize docker-compose files + ansible.builtin.template: + src: "{{ item }}" + dest: "{{ docker_compose_file_location }}/{{ item | basename | regex_replace('.j2$', '') }}" + mode: 0644 + with_fileglob: "../templates/docker_compose_files/*.j2" diff --git a/tasks/packages.yml b/tasks/packages.yml index ccdbbc1..67b49a4 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -4,64 +4,64 @@ - name: "Update and install APT packages" when: - - ansible_os_family != 'Darwin' - - manage_apt_packages_list + - ansible_os_family != 'Darwin' + - manage_apt_packages_list block: - - name: update APT package cache - become: true - ansible.builtin.apt: - update_cache: true - cache_valid_time: 3600 + - name: Update APT package cache + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 - - name: "upgrade APT to the latest packages (this may take a while)" - become: true - ansible.builtin.apt: - upgrade: safe + - name: "Upgrade APT to the latest packages (this may take a while)" + become: true + ansible.builtin.apt: + upgrade: safe - - name: "install/upgrade APT packages (this may take a while)" - become: true - ansible.builtin.apt: - pkg: "{{ item }}" - state: present - loop: "{{ apt_packages_list }}" - register: apt_output + - name: "Install/upgrade APT packages (this may take a while)" + become: true + ansible.builtin.apt: + pkg: "{{ item }}" + state: present + loop: "{{ apt_packages_list }}" + register: apt_output - name: "Update and install Homebrew packages" when: - - manage_homebrew_package_list - - ansible_os_family == 'Darwin' + - manage_homebrew_package_list + - ansible_os_family == 'Darwin' block: - - name: upgrade homebrew and all packages - community.general.homebrew: - update_homebrew: true - upgrade_all: true - register: homebrew_output - ignore_errors: true + - name: Upgrade homebrew and all packages + community.general.homebrew: + update_homebrew: true + upgrade_all: true + register: homebrew_output + ignore_errors: true - - name: install base homebrew packages - community.general.homebrew: - name: "{{ homebrew_package_list | join(',') }}" - state: present - update_homebrew: false - upgrade_all: false - register: homebrew_output + - name: Install base homebrew packages + community.general.homebrew: + name: "{{ homebrew_package_list | join(',') }}" + state: present + update_homebrew: false + upgrade_all: false + register: homebrew_output - - name: homebrew packages updated or installed - ansible.builtin.debug: - msg: "{{ homebrew_output.changed_pkgs }}" + - name: Homebrew packages updated or installed + ansible.builtin.debug: + msg: "{{ homebrew_output.changed_pkgs }}" - - name: unchanged homebrew packages - ansible.builtin.debug: - msg: "{{ homebrew_output.unchanged_pkgs }}" + - name: Unchanged homebrew packages + ansible.builtin.debug: + msg: "{{ homebrew_output.unchanged_pkgs }}" - - name: install homebrew casks - community.general.homebrew_cask: - name: "{{ item }}" - state: present - install_options: "appdir=/Applications" - accept_external_apps: true - upgrade_all: false - update_homebrew: false - greedy: false - loop: "{{ homebrew_casks_list }}" - ignore_errors: true + - name: Install homebrew casks + community.general.homebrew_cask: + name: "{{ item }}" + state: present + install_options: "appdir=/Applications" + accept_external_apps: true + upgrade_all: false + update_homebrew: false + greedy: false + loop: "{{ homebrew_casks_list }}" + ignore_errors: true diff --git a/tasks/pull_repositories.yml b/tasks/pull_repositories.yml index c368828..e667f59 100644 --- a/tasks/pull_repositories.yml +++ b/tasks/pull_repositories.yml @@ -5,36 +5,37 @@ - name: "Check if pull_all_repos exists" ansible.builtin.stat: - path: "~/bin/pull_all_repos" + path: "~/bin/pull_all_repos" check_mode: false register: pull_script_check - name: "Check if ~/repos exists" ansible.builtin.stat: - path: "~/repos" + path: "~/repos" check_mode: false register: repos_directory_check -- name: "run pull_all_repos script" +- name: "Run pull_all_repos script" ansible.builtin.command: - cmd: "~/bin/pull_all_repos --directory ~/repos" + cmd: "~/bin/pull_all_repos --directory ~/repos" register: pull_script_output when: - - not ansible_check_mode - - pull_script_check.stat.exists - - pull_script_check.stat.executable - - repos_directory_check.stat.isdir is defined - - repos_directory_check.stat.isdir - - repos_directory_check.stat.writeable + - not ansible_check_mode + - pull_script_check.stat.exists + - pull_script_check.stat.executable + - repos_directory_check.stat.isdir is defined + - repos_directory_check.stat.isdir + - repos_directory_check.stat.writeable failed_when: pull_script_output.rc > 1 + changed_when: pull_script_output.rc == 0 - name: "Output from pull_all_repos" ansible.builtin.debug: - msg: "{{ pull_script_output.stdout }}" + msg: "{{ pull_script_output.stdout }}" when: - - not ansible_check_mode - - pull_script_check.stat.exists - - pull_script_check.stat.executable - - repos_directory_check.stat.isdir is defined - - repos_directory_check.stat.isdir - - repos_directory_check.stat.writeable + - not ansible_check_mode + - pull_script_check.stat.exists + - pull_script_check.stat.executable + - repos_directory_check.stat.isdir is defined + - repos_directory_check.stat.isdir + - repos_directory_check.stat.writeable diff --git a/tasks/sanity.yml b/tasks/sanity.yml index 96f4196..70a40aa 100644 --- a/tasks/sanity.yml +++ b/tasks/sanity.yml @@ -1,12 +1,12 @@ --- # TASK DESCRIPTION: # Always runs fist. Confirms we can actually use Ansible -- name: sanity - user mode +- name: Sanity - user mode become: false ansible.builtin.debug: - msg: "sanity check: user mode" + msg: "Sanity check: user mode" -- name: sanity - become mode +- name: Sanity - become mode become: true ansible.builtin.debug: - msg: "sanity check: become mode" + msg: "Sanity check: become mode" diff --git a/tasks/service_prometheus_nodeExporter.yml b/tasks/service_prometheus_nodeExporter.yml index b4ba321..936e3d3 100644 --- a/tasks/service_prometheus_nodeExporter.yml +++ b/tasks/service_prometheus_nodeExporter.yml @@ -4,90 +4,92 @@ # # NOTE: This is depreciated, I no longer use Prometheus and have migrated to Telegraf -- name: populate service facts +- name: Populate service facts ansible.builtin.service_facts: -- name: stop node_exporter +- name: Stop node_exporter become: true ansible.builtin.systemd: - name: node_exporter - state: stopped + name: node_exporter + state: stopped when: ansible_facts.services["node_exporter.service"] is defined - name: Ensure group "prometheus" exists become: true ansible.builtin.group: - name: prometheus - state: present + name: prometheus + state: present - name: Add the user 'prometheus' with group 'prometheus' become: true ansible.builtin.user: - name: prometheus - group: prometheus - groups: docker - append: true + name: prometheus + group: prometheus + groups: docker + append: true # --------------- Install or Update Prometheus -- name: "set fact: need to install Prometheus?" +- name: "Set fact: need to install Prometheus?" ansible.builtin.set_fact: - need_prometheus_install: false + need_prometheus_install: false - name: Check if node_exporter is installed ansible.builtin.stat: - path: /usr/local/bin/node_exporter + path: /usr/local/bin/node_exporter register: prometheus_binary_file_location -- name: "set fact: need to install Prometheus?" +- name: "Set fact: need to install Prometheus?" ansible.builtin.set_fact: - need_prometheus_install: true + need_prometheus_install: true when: - - not prometheus_binary_file_location.stat.exists + - not prometheus_binary_file_location.stat.exists - name: Check current version of Prometheus ansible.builtin.shell: /usr/local/bin/node_exporter --version 3>&1 1>&2 2>&3 | head -n1 | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' ignore_errors: true register: current_prometheus_version + failed_when: false + changed_when: false check_mode: false when: - - need_prometheus_install is false + - need_prometheus_install is false -- name: "set fact: need to install Prometheus?" +- name: "Set fact: need to install Prometheus?" ansible.builtin.set_fact: - need_prometheus_install: true + need_prometheus_install: true when: - - need_prometheus_install is false - - current_prometheus_version.stdout != prometheus_verssion + - need_prometheus_install is false + - current_prometheus_version.stdout != prometheus_verssion -- name: install node_exporter +- name: Install node_exporter become: true ansible.builtin.unarchive: - src: "https://github.com/prometheus/node_exporter/releases/download/v{{ prometheus_verssion }}/node_exporter-{{ prometheus_verssion }}.linux-armv7.tar.gz" - dest: /usr/local/bin - group: prometheus - owner: prometheus - # reference for extra_opts: https://github.com/ansible/ansible/issues/27081 - extra_opts: - - --strip=1 - - --no-anchored - - "node_exporter" - remote_src: true + src: "https://github.com/prometheus/node_exporter/releases/download/v{{ prometheus_verssion }}/node_exporter-{{ prometheus_verssion }}.linux-armv7.tar.gz" + dest: /usr/local/bin + group: prometheus + owner: prometheus + # reference for extra_opts: https://github.com/ansible/ansible/issues/27081 + extra_opts: + - --strip=1 + - --no-anchored + - "node_exporter" + remote_src: true when: - - need_prometheus_install is true + - need_prometheus_install is true -- name: create node_exporter service +- name: Create node_exporter service become: true ansible.builtin.template: - src: node_exporter.service.j2 - dest: /etc/systemd/system/node_exporter.service - mode: 0644 + src: node_exporter.service.j2 + dest: /etc/systemd/system/node_exporter.service + mode: 0644 -- name: start node_exporter +- name: Start node_exporter become: true ansible.builtin.systemd: - name: node_exporter - daemon_reload: true - enabled: true - state: started + name: node_exporter + daemon_reload: true + enabled: true + state: started when: - - "'nostart' not in ansible_run_tags" + - "'nostart' not in ansible_run_tags" diff --git a/tasks/tdarr.yml b/tasks/tdarr.yml index c33996c..ea2204b 100644 --- a/tasks/tdarr.yml +++ b/tasks/tdarr.yml @@ -4,186 +4,187 @@ - name: "Set variables" block: - - name: "Set tdarr local filesystem location (pis)" - ansible.builtin.set_fact: - interpolated_tdarr_dir: "{{ rpi1_tdarr_file_location }}" - changed_when: false - when: - - "'pis' in group_names" + - name: "Set tdarr local filesystem location (pis)" + ansible.builtin.set_fact: + interpolated_tdarr_dir: "{{ rpi1_tdarr_file_location }}" + changed_when: false + when: + - "'pis' in group_names" - - name: "Set tdarr local filesystem location (macs)" - ansible.builtin.set_fact: - interpolated_tdarr_dir: "{{ mac_tdarr_file_location }}" - changed_when: false - when: - - "'macs' in group_names" + - name: "Set tdarr local filesystem location (macs)" + ansible.builtin.set_fact: + interpolated_tdarr_dir: "{{ mac_tdarr_file_location }}" + changed_when: false + when: + - "'macs' in group_names" - - name: "set variable: Set tdarr download Binary (armv7l)" - ansible.builtin.set_fact: - tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/linux_arm/Tdarr_Updater.zip" - when: - - ansible_os_family == 'Debian' - - ansible_architecture == 'armv7l' + - name: "Set variable: Set tdarr download Binary (armv7l)" + ansible.builtin.set_fact: + tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/linux_arm/Tdarr_Updater.zip" + when: + - ansible_os_family == 'Debian' + - ansible_architecture == 'armv7l' - - name: "set variable: Set tdarr download Binary (MacOSX) - Intel" - ansible.builtin.set_fact: - tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/darwin_x64/Tdarr_Updater.zip" - when: - - mac_intel + - name: "Set variable: Set tdarr download Binary (MacOSX) - Intel" + ansible.builtin.set_fact: + tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/darwin_x64/Tdarr_Updater.zip" + when: + - mac_intel - - name: "set variable: Set tdarr download Binary (MacOSX) - ARM" - ansible.builtin.set_fact: - tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/darwin_arm64/Tdarr_Updater.zip" - when: - - mac_arm + - name: "Set variable: Set tdarr download Binary (MacOSX) - ARM" + ansible.builtin.set_fact: + tdarr_download_uri: "https://f000.backblazeb2.com/file/tdarrs/versions/{{ tdarr_installer_version }}/darwin_arm64/Tdarr_Updater.zip" + when: + - mac_arm - - name: "set fact: do we need a tdarr install?" - ansible.builtin.set_fact: - need_tdarr_install: false + - name: "Set fact: do we need a tdarr install?" + ansible.builtin.set_fact: + need_tdarr_install: false - - name: Assert that we can install Tdarr - ansible.builtin.assert: - that: - - tdarr_download_uri is defined - - interpolated_tdarr_dir is defined - fail_msg: "Unable to install Tdarr on this host" + - name: Assert that we can install Tdarr + ansible.builtin.assert: + that: + - tdarr_download_uri is defined + - interpolated_tdarr_dir is defined + fail_msg: "Unable to install Tdarr on this host" - name: "Install ffmpeg and HandbrakeCLI" block: - - name: "ensure ffmpeg and handbrake are installed (Debian)" - become: true - ansible.builtin.apt: - pkg: "{{ item }}" - state: present - loop: - - ffmpeg - - handbrake - when: "'pis' in group_names" + - name: "Ensure ffmpeg and handbrake are installed (Debian)" + become: true + ansible.builtin.apt: + pkg: "{{ item }}" + state: present + loop: + - ffmpeg + - handbrake + when: "'pis' in group_names" - - name: "ensure ffmpeg and handbrake are installed (MacOS)" - community.general.homebrew: - name: "{{ item }}" - state: present - update_homebrew: false - upgrade_all: false - loop: - - ffmpeg - - handbrake - when: "'macs' in group_names" + - name: "Ensure ffmpeg and handbrake are installed (MacOS)" + community.general.homebrew: + name: "{{ item }}" + state: present + update_homebrew: false + upgrade_all: false + loop: + - ffmpeg + - handbrake + when: "'macs' in group_names" -- name: "ensure tdarr directory exists" +- name: "Ensure tdarr directory exists" become: true ansible.builtin.file: - path: "{{ interpolated_tdarr_dir }}" - mode: 0755 - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - state: directory + path: "{{ interpolated_tdarr_dir }}" + mode: 0755 + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + state: directory - name: "Install tdarr" block: - - name: "set_fact: need Tdarr install?" - ansible.builtin.stat: - path: "{{ interpolated_tdarr_dir }}/configs" - register: tdarr_exists - changed_when: false - failed_when: false + - name: "Set fact: need Tdarr install?" + ansible.builtin.stat: + path: "{{ interpolated_tdarr_dir }}/configs" + register: tdarr_exists + changed_when: false + failed_when: false - - name: "set fact: do we need a tdarr install?" - ansible.builtin.set_fact: - need_tdarr_install: true - when: not tdarr_exists.stat.exists + - name: "Set fact: do we need a tdarr install?" + ansible.builtin.set_fact: + need_tdarr_install: true + when: not tdarr_exists.stat.exists - - name: Download tdarr - ansible.builtin.unarchive: - src: "{{ tdarr_download_uri }}" - dest: "{{ interpolated_tdarr_dir }}" - remote_src: true - when: need_tdarr_install + - name: Download tdarr + ansible.builtin.unarchive: + src: "{{ tdarr_download_uri }}" + dest: "{{ interpolated_tdarr_dir }}" + remote_src: true + when: need_tdarr_install - - name: Did tdarr download? - ansible.builtin.stat: - path: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" - register: tdarr_installer_exists - failed_when: not tdarr_installer_exists.stat.exists - when: need_tdarr_install + - name: Did tdarr download? + ansible.builtin.stat: + path: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" + register: tdarr_installer_exists + failed_when: not tdarr_installer_exists.stat.exists + when: need_tdarr_install - - name: Ensure correct permissions on Tdarr_Updater - ansible.builtin.file: - path: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" - mode: 0755 - when: need_tdarr_install + - name: Ensure correct permissions on Tdarr_Updater + ansible.builtin.file: + path: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" + mode: 0755 + when: need_tdarr_install - - name: Install tdarr - ansible.builtin.command: - cmd: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" - register: tdarr_install - failed_when: tdarr_install.rc > 0 - when: need_tdarr_install + - name: Install tdarr + ansible.builtin.command: + cmd: "{{ interpolated_tdarr_dir }}/Tdarr_Updater" + register: tdarr_install + failed_when: tdarr_install.rc > 0 + changed_when: tdarr_install.rc == 0 + when: need_tdarr_install - - name: Ensure correct permissions on server/node executables - ansible.builtin.file: - path: "{{ interpolated_tdarr_dir }}/{{ item }}" - mode: 0755 - loop: - - Tdarr_Server/Tdarr_Server - - Tdarr_Node/Tdarr_Node - when: need_tdarr_install + - name: Ensure correct permissions on server/node executables + ansible.builtin.file: + path: "{{ interpolated_tdarr_dir }}/{{ item }}" + mode: 0755 + loop: + - Tdarr_Server/Tdarr_Server + - Tdarr_Node/Tdarr_Node + when: need_tdarr_install -- name: "configure tdarr" +- name: "Configure tdarr" block: - - name: update server configuration file - ansible.builtin.template: - src: Tdarr_Server_Config.json.j2 - dest: "{{ interpolated_tdarr_dir }}/configs/Tdarr_Server_Config.json" - mode: 0644 - when: is_tdarr_server + - name: Update server configuration file + ansible.builtin.template: + src: Tdarr_Server_Config.json.j2 + dest: "{{ interpolated_tdarr_dir }}/configs/Tdarr_Server_Config.json" + mode: 0644 + when: is_tdarr_server - - name: update node configuration file - ansible.builtin.template: - src: Tdarr_Node_Config.json.j2 - dest: "{{ interpolated_tdarr_dir }}/configs/Tdarr_Node_Config.json" - mode: 0644 - when: is_tdarr_node + - name: Update node configuration file + ansible.builtin.template: + src: Tdarr_Node_Config.json.j2 + dest: "{{ interpolated_tdarr_dir }}/configs/Tdarr_Node_Config.json" + mode: 0644 + when: is_tdarr_node - - name: check if consul is installed? - ansible.builtin.stat: - path: "{{ interpolated_consul_configuration_dir }}" - register: consul_installed - changed_when: false - failed_when: false - when: - - is_tdarr_server + - name: Check if consul is installed? + ansible.builtin.stat: + path: "{{ interpolated_consul_configuration_dir }}" + register: consul_installed + changed_when: false + failed_when: false + when: + - is_tdarr_server - - name: move consul service config into place - become: true - ansible.builtin.template: - src: consul_services/tdarr_service.json.j2 - dest: "{{ interpolated_consul_configuration_dir }}/tdarr_service.json" - mode: 0644 - when: - - is_tdarr_server - - consul_installed.stat.exists + - name: Move consul service config into place + become: true + ansible.builtin.template: + src: consul_services/tdarr_service.json.j2 + dest: "{{ interpolated_consul_configuration_dir }}/tdarr_service.json" + mode: 0644 + when: + - is_tdarr_server + - consul_installed.stat.exists - - name: Reload consul agent - ansible.builtin.uri: - url: "http://{{ ansible_host }}:8500/v1/agent/reload" - method: PUT - status_code: 200 - ignore_errors: true - register: consul_agent_reload_http_response - failed_when: consul_agent_reload_http_response.status != 200 - when: - - is_tdarr_server - - consul_installed.stat.exists + - name: Reload consul agent + ansible.builtin.uri: + url: "http://{{ ansible_host }}:8500/v1/agent/reload" + method: PUT + status_code: 200 + ignore_errors: true + register: consul_agent_reload_http_response + failed_when: consul_agent_reload_http_response.status != 200 + when: + - is_tdarr_server + - consul_installed.stat.exists - - name: debug when consul agent reload fails - ansible.builtin.debug: - var: consul_agent_reload_http_response.msg - when: - - is_tdarr_server - - consul_installed.stat.exists - - consul_agent_reload_http_response.status != 200 + - name: Debug when consul agent reload fails + ansible.builtin.debug: + var: consul_agent_reload_http_response.msg + when: + - is_tdarr_server + - consul_installed.stat.exists + - consul_agent_reload_http_response.status != 200 -- name: mount shared storage +- name: Mount shared storage ansible.builtin.import_tasks: cluster_storage.yml diff --git a/tasks/telegraf.yml b/tasks/telegraf.yml index 70d7b17..4509d2d 100644 --- a/tasks/telegraf.yml +++ b/tasks/telegraf.yml @@ -5,146 +5,146 @@ # --------------------------------- Set variables depending on system type - name: "Configure variables" block: - - name: "set variable: telegraph_binary_location (Debian)" - ansible.builtin.set_fact: - telegraph_binary_location: "/usr/bin/telegraf" - when: - - ansible_os_family == 'Debian' + - name: "Set variable: telegraph_binary_location (Debian)" + ansible.builtin.set_fact: + telegraph_binary_location: "/usr/bin/telegraf" + when: + - ansible_os_family == 'Debian' - - name: "set variable: telegraph_binary_location (MacOS)" - ansible.builtin.set_fact: - telegraph_binary_location: "/usr/local/bin/telegraf" - when: - - ansible_os_family == 'Darwin' + - name: "Set variable: telegraph_binary_location (MacOS)" + ansible.builtin.set_fact: + telegraph_binary_location: "/usr/local/bin/telegraf" + when: + - ansible_os_family == 'Darwin' - - name: "set fact: telegraph_config_location (Debian)" - ansible.builtin.set_fact: - telegraph_config_location: "/etc/telegraf" - when: - - ansible_os_family == 'Debian' + - name: "Set fact: telegraph_config_location (Debian)" + ansible.builtin.set_fact: + telegraph_config_location: "/etc/telegraf" + when: + - ansible_os_family == 'Debian' - - name: "set fact: telegraph_config_location (macOS)" - ansible.builtin.set_fact: - telegraph_config_location: "/usr/local/etc" - when: - - ansible_os_family == 'Darwin' + - name: "Set fact: telegraph_config_location (macOS)" + ansible.builtin.set_fact: + telegraph_config_location: "/usr/local/etc" + when: + - ansible_os_family == 'Darwin' - - name: "set fact: telegraph_config_location (macOS)" - ansible.builtin.set_fact: - telegraph_config_location: "/volume1/docker/telegraf/config" - when: - - inventory_hostname == 'synology' + - name: "Set fact: telegraph_config_location (macOS)" + ansible.builtin.set_fact: + telegraph_config_location: "/volume1/docker/telegraf/config" + when: + - inventory_hostname == 'synology' - - name: "Fail if arm Mac (need to update task) or variables not defined" - ansible.builtin.assert: - that: - - telegraph_binary_location is defined - - telegraph_config_location is defined - - not mac_arm - fail_msg: "Unable to install Telegraf on this host" + - name: "Fail if arm Mac (need to update task) or variables not defined" + ansible.builtin.assert: + that: + - telegraph_binary_location is defined + - telegraph_config_location is defined + - not mac_arm + fail_msg: "Unable to install Telegraf on this host" - - name: "set variable: Set speedtest download Binary (armv7l)" - ansible.builtin.set_fact: - speedtest_download_file_uri: "https://install.speedtest.net/app/cli/ookla-speedtest-{{ speedtest_cli_version }}-linux-armhf.tgz" - when: - - ansible_os_family == 'Debian' - - ansible_architecture == 'armv7l' + - name: "Set variable: Set speedtest download Binary (armv7l)" + ansible.builtin.set_fact: + speedtest_download_file_uri: "https://install.speedtest.net/app/cli/ookla-speedtest-{{ speedtest_cli_version }}-linux-armhf.tgz" + when: + - ansible_os_family == 'Debian' + - ansible_architecture == 'armv7l' - - name: "set variable: Set speedtest download Binary (aarch64)" - ansible.builtin.set_fact: - speedtest_download_file_uri: "https://install.speedtest.net/app/cli/ookla-speedtest-{{ speedtest_cli_version }}-linux-aarch64.tgz" - when: - - ansible_os_family == 'Debian' - - ansible_architecture == 'aarch64' + - name: "Set variable: Set speedtest download Binary (aarch64)" + ansible.builtin.set_fact: + speedtest_download_file_uri: "https://install.speedtest.net/app/cli/ookla-speedtest-{{ speedtest_cli_version }}-linux-aarch64.tgz" + when: + - ansible_os_family == 'Debian' + - ansible_architecture == 'aarch64' - name: "Install/upgrade Telegraf" block: - - name: "set fact: Need telegraf install?" - ansible.builtin.set_fact: - need_telegraf_install: false - when: telegraph_binary_location is defined + - name: "Set fact: Need telegraf install?" + ansible.builtin.set_fact: + need_telegraf_install: false + when: telegraph_binary_location is defined - - name: Check if telegraf is installed - ansible.builtin.stat: - path: "{{ telegraph_binary_location }}" - check_mode: false - register: telegraf_binary_exists - when: telegraph_binary_location is defined + - name: Check if telegraf is installed + ansible.builtin.stat: + path: "{{ telegraph_binary_location }}" + check_mode: false + register: telegraf_binary_exists + when: telegraph_binary_location is defined - - name: "set fact: Need telegraf install?" - ansible.builtin.set_fact: - need_telegraf_install: true - check_mode: false - when: - - telegraph_binary_location is defined - - not telegraf_binary_exists.stat.exists + - name: "Set fact: Need telegraf install?" + ansible.builtin.set_fact: + need_telegraf_install: true + check_mode: false + when: + - telegraph_binary_location is defined + - not telegraf_binary_exists.stat.exists - - name: Check current version of telegraf - ansible.builtin.shell: "{{ telegraph_binary_location }} --version | grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+'" - ignore_errors: true - register: current_telegraf_version - check_mode: false - changed_when: false - when: - - not need_telegraf_install - - telegraph_binary_location is defined + - name: Check current version of telegraf + ansible.builtin.shell: "{{ telegraph_binary_location }} --version | grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+'" + ignore_errors: true + register: current_telegraf_version + check_mode: false + changed_when: false + when: + - not need_telegraf_install + - telegraph_binary_location is defined - - name: "set fact: Need telegraf install?" - ansible.builtin.set_fact: - need_telegraf_install: true - when: - - telegraph_binary_location is defined - - not need_telegraf_install - - current_telegraf_version.stdout is version(telegraf_version, '<') + - name: "Set fact: Need telegraf install?" + ansible.builtin.set_fact: + need_telegraf_install: true + when: + - telegraph_binary_location is defined + - not need_telegraf_install + - current_telegraf_version.stdout is version(telegraf_version, '<') - - name: install telegraf (MacOS) - community.general.homebrew: - name: telegraf - state: present - notify: restart_telegraf - when: - - ansible_os_family == 'Darwin' - - need_telegraf_install + - name: Install telegraf (MacOS) + community.general.homebrew: + name: telegraf + state: present + notify: restart_telegraf + when: + - ansible_os_family == 'Darwin' + - need_telegraf_install - - name: install base apt-transport (Debian) - become: true - ansible.builtin.apt: - pkg: apt-transport-https - state: present - update_cache: true - when: - - ansible_os_family == 'Debian' - - need_telegraf_install + - name: Install base apt-transport (Debian) + become: true + ansible.builtin.apt: + pkg: apt-transport-https + state: present + update_cache: true + when: + - ansible_os_family == 'Debian' + - need_telegraf_install - - name: Download telegraf GPG key (Debian) - become: true - ansible.builtin.apt_key: - state: present - url: "https://repos.influxdata.com/influxdb.key" - when: - - ansible_os_family == 'Debian' - - need_telegraf_install + - name: Download telegraf GPG key (Debian) + become: true + ansible.builtin.apt_key: + state: present + url: "https://repos.influxdata.com/influxdb.key" + when: + - ansible_os_family == 'Debian' + - need_telegraf_install - - name: Add telegraf repository to apt (Debian) - become: true - ansible.builtin.apt_repository: - repo: deb https://repos.influxdata.com/debian bullseye stable - state: present - when: - - ansible_os_family == 'Debian' - - need_telegraf_install + - name: Add telegraf repository to apt (Debian) + become: true + ansible.builtin.apt_repository: + repo: deb https://repos.influxdata.com/debian bullseye stable + state: present + when: + - ansible_os_family == 'Debian' + - need_telegraf_install - - name: install telegraf (Debian) - become: true - ansible.builtin.apt: - pkg: telegraf - state: latest - update_cache: true - only_upgrade: true - notify: restart_telegraf - when: - - ansible_os_family == 'Debian' - - need_telegraf_install + - name: Install telegraf (Debian) + become: true + ansible.builtin.apt: + pkg: telegraf + state: latest + update_cache: true + only_upgrade: true + notify: restart_telegraf + when: + - ansible_os_family == 'Debian' + - need_telegraf_install # - name: give telegraf access to docker # become: true @@ -162,115 +162,115 @@ - name: "Install speedtest" when: "'pis' in group_names" block: - - name: "set fact: do we need speedtest installed?" - ansible.builtin.set_fact: - need_speedtest_install: false + - name: "Set fact: do we need speedtest installed?" + ansible.builtin.set_fact: + need_speedtest_install: false - - name: Check if speedtest is installed - ansible.builtin.stat: - path: /usr/local/bin/speedtest - register: speedtest_binary_file_location + - name: Check if speedtest is installed + ansible.builtin.stat: + path: /usr/local/bin/speedtest + register: speedtest_binary_file_location - - name: "set fact: do we need a speedtest install" - ansible.builtin.set_fact: - need_speedtest_install: true - when: - - not speedtest_binary_file_location.stat.exists + - name: "Set fact: do we need a speedtest install" + ansible.builtin.set_fact: + need_speedtest_install: true + when: + - not speedtest_binary_file_location.stat.exists - - name: Check current version of speedtest - ansible.builtin.shell: /usr/local/bin/speedtest --version | head -n1 | awk '{print $4}' | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' - ignore_errors: true - register: current_speedtest_version - check_mode: false - changed_when: false - when: - - not need_speedtest_install + - name: Check current version of speedtest + ansible.builtin.shell: /usr/local/bin/speedtest --version | head -n1 | awk '{print $4}' | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' + ignore_errors: true + register: current_speedtest_version + check_mode: false + changed_when: false + when: + - not need_speedtest_install - - name: "set fact: do we need a speedtest install" - ansible.builtin.set_fact: - need_speedtest_install: true - when: - - not need_speedtest_install - - current_speedtest_version.stdout is version(speedtest_cli_version, '<') + - name: "Set fact: do we need a speedtest install" + ansible.builtin.set_fact: + need_speedtest_install: true + when: + - not need_speedtest_install + - current_speedtest_version.stdout is version(speedtest_cli_version, '<') - - name: "Install speedtest (pi)" - become: true - ansible.builtin.unarchive: - src: "{{ speedtest_download_file_uri }}" - dest: /usr/local/bin - remote_src: true - when: - - need_speedtest_install - - ansible_os_family == 'Debian' - - ansible_architecture == 'armv7l' + - name: "Install speedtest (pi)" + become: true + ansible.builtin.unarchive: + src: "{{ speedtest_download_file_uri }}" + dest: /usr/local/bin + remote_src: true + when: + - need_speedtest_install + - ansible_os_family == 'Debian' + - ansible_architecture == 'armv7l' - name: "Configure Telegraf" block: - - name: "Ensure {{ telegraph_config_location }} exists" - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: 0755 - loop: - - "{{ telegraph_config_location }}" - - "{{ telegraph_config_location }}/telegraf.d" + - name: "Ensure {{ telegraph_config_location }} exists" + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: 0755 + loop: + - "{{ telegraph_config_location }}" + - "{{ telegraph_config_location }}/telegraf.d" - - name: template config files to server - become: true - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "644" - loop: - - { src: "telegraf/base_config.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.conf" } - - { src: "telegraf/custom_metrics.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/custom_metrics.conf" } - - { src: "telegraf/nomad.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/nomad.conf" } - - { src: "telegraf/docker.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/docker.conf" } - notify: restart_telegraf + - name: Template config files to server + become: true + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "644" + loop: + - { src: "telegraf/base_config.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.conf" } + - { src: "telegraf/custom_metrics.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/custom_metrics.conf" } + - { src: "telegraf/nomad.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/nomad.conf" } + - { src: "telegraf/docker.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/docker.conf" } + notify: restart_telegraf - - name: template leader configs (ie, configs that should be placed on a single server) - become: true - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "644" - loop: - - { src: "telegraf/leader.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/leader.conf" } - - { src: "telegraf/speedtest.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/speedtest.conf" } - - { src: "telegraf/pingHosts.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/pingHosts.conf" } - when: - - is_cluster_leader - notify: restart_telegraf + - name: Template leader configs (ie, configs that should be placed on a single server) + become: true + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "644" + loop: + - { src: "telegraf/leader.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/leader.conf" } + - { src: "telegraf/speedtest.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/speedtest.conf" } + - { src: "telegraf/pingHosts.conf.j2", dest: "{{ telegraph_config_location }}/telegraf.d/pingHosts.conf" } + when: + - is_cluster_leader + notify: restart_telegraf - - name: Copy custom metrics script - become: true - ansible.builtin.template: - src: "scripts/telegraf_custom_metrics.sh.j2" - dest: "/usr/local/bin/telegraf_custom_metrics.sh" - mode: 0755 - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - when: - - inventory_hostname != 'synology' + - name: Copy custom metrics script + become: true + ansible.builtin.template: + src: "scripts/telegraf_custom_metrics.sh.j2" + dest: "/usr/local/bin/telegraf_custom_metrics.sh" + mode: 0755 + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + when: + - inventory_hostname != 'synology' - - name: Copy speedtest script - become: true - ansible.builtin.template: - src: "scripts/telegraf_speedtest.sh.j2" - dest: "/usr/local/bin/telegraf_speedtest.sh" - mode: 0755 - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - when: - - is_cluster_leader + - name: Copy speedtest script + become: true + ansible.builtin.template: + src: "scripts/telegraf_speedtest.sh.j2" + dest: "/usr/local/bin/telegraf_speedtest.sh" + mode: 0755 + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + when: + - is_cluster_leader - - name: Reset file ownership - become: true - ansible.builtin.file: - path: "{{ telegraph_config_location }}" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" - recurse: true - when: - - (ansible_os_family == 'Darwin') or (inventory_hostname == 'synology') + - name: Reset file ownership + become: true + ansible.builtin.file: + path: "{{ telegraph_config_location }}" + owner: "{{ ansible_user_uid }}" + group: "{{ ansible_user_gid }}" + recurse: true + when: + - (ansible_os_family == 'Darwin') or (inventory_hostname == 'synology')