diff --git a/README.md b/README.md index 6fd66c29..ef15fb74 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,20 @@ You might be interested in other methods to deploy StackStorm engine: * [RHEL7/CentOS7](https://docs.stackstorm.com/install/rhel7.html) * [RHEL6/CentOS6](https://docs.stackstorm.com/install/rhel6.html) +## Developing + +There are a few requirements when developing on `ansible-st2`: + +These are the platforms we must support (must pass end-to-end testing): +- Xenial +- Trusty +- CentOS6 +- CentOS7 +- RHEL6 (via AWS) +- RHEL7 (via AWS) + +Must also support Ansible Idempotence (Eg. Ansible-playbook re-run should end with the following results: changed=0.*failed=0) + ## Help If you're in stuck, our community always ready to help, feel free to: * Ask questions in our [public Slack channel](https://stackstorm.com/community-signup) diff --git a/roles/epel/meta/main.yml b/roles/epel/meta/main.yml new file mode 100644 index 00000000..99bab9a9 --- /dev/null +++ b/roles/epel/meta/main.yml @@ -0,0 +1,18 @@ +--- +galaxy_info: + description: Install EPEL repository + author: mierdin + company: StackStorm + license: Apache + min_ansible_version: 1.9 + platforms: + - name: Ubuntu + versions: + - trusty + - precise + - name: EL + versions: + - 6 + - 7 + categories: + - system diff --git a/roles/epel/tasks/main.yml b/roles/epel/tasks/main.yml new file mode 100644 index 00000000..d799bee5 --- /dev/null +++ b/roles/epel/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- name: Check if EPEL is installed + stat: + path: /etc/yum.repos.d/epel.repo + register: epel_installed + when: ansible_os_family == "RedHat" + +- name: Install EPEL repo + become: yes + yum: + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" + state: present + when: ansible_os_family == "RedHat" and not epel_installed.stat.exists diff --git a/roles/mongodb/meta/main.yml b/roles/mongodb/meta/main.yml index 67652481..0d8df801 100644 --- a/roles/mongodb/meta/main.yml +++ b/roles/mongodb/meta/main.yml @@ -16,3 +16,5 @@ galaxy_info: - 7 categories: - system +dependencies: + - { role: 'epel', when: ansible_os_family == 'RedHat' } diff --git a/roles/st2/meta/main.yml b/roles/st2/meta/main.yml index ad977ea9..017459d9 100644 --- a/roles/st2/meta/main.yml +++ b/roles/st2/meta/main.yml @@ -13,4 +13,5 @@ galaxy_info: categories: - system dependencies: + - { role: 'epel', when: ansible_os_family == 'RedHat' } - role: st2repos diff --git a/roles/st2/tasks/config_auth.yml b/roles/st2/tasks/config_auth.yml index fab28847..abd8a288 100644 --- a/roles/st2/tasks/config_auth.yml +++ b/roles/st2/tasks/config_auth.yml @@ -1,4 +1,4 @@ -- name: Install auth pre-reqs +- name: Install auth pre-reqs (Debian) become: yes apt: name: "{{ item }}" @@ -6,6 +6,17 @@ with_items: - python-passlib - apache2-utils + when: ansible_os_family == 'Debian' + +- name: Install auth pre-reqs (RedHat) + become: yes + yum: + name: "{{ item }}" + state: present + with_items: + - python-passlib + - httpd-tools + when: ansible_os_family == 'RedHat' - name: Create htpasswd file become: true @@ -16,7 +27,7 @@ notify: - restart st2api/st2stream -- name: Enable autentication +- name: Enable authentication become: yes ini_file: dest: /etc/st2/st2.conf diff --git a/roles/st2/tasks/main.yml b/roles/st2/tasks/main.yml index 232b9d1a..90113e1f 100644 --- a/roles/st2/tasks/main.yml +++ b/roles/st2/tasks/main.yml @@ -1,7 +1,14 @@ --- +- name: Install libffi-devel on EL6 + become: yes + package: + name: http://rpmfind.net/linux/centos/6/os/x86_64/Packages/libffi-devel-3.0.5-3.2.el6.x86_64.rpm + state: present + when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "6" + - name: Install latest st2 package become: yes - apt: + package: name: st2 state: latest when: st2_version == "latest" @@ -9,9 +16,9 @@ - restart st2 tags: skip_ansible_lint -- name: Install latest st2 package +- name: Install pinned st2 package become: yes - apt: + package: name: st2={{ st2_version }}-{{ st2_revision }} state: present when: st2_version != "latest" diff --git a/roles/st2/tasks/user.yml b/roles/st2/tasks/user.yml index a076a56b..698c298e 100644 --- a/roles/st2/tasks/user.yml +++ b/roles/st2/tasks/user.yml @@ -13,8 +13,6 @@ tags: [st2, user] - name: user | Authorize key-based access for system user - vars: - ansible_ssh_pipelining: true become: yes become_user: "{{ st2_system_user }}" authorized_key: diff --git a/roles/st2mistral/tasks/main.yml b/roles/st2mistral/tasks/main.yml index f5d78bbc..3b008856 100644 --- a/roles/st2mistral/tasks/main.yml +++ b/roles/st2mistral/tasks/main.yml @@ -1,4 +1,5 @@ --- + - name: Install st2mistral dependency become: yes package: @@ -44,8 +45,6 @@ tags: st2mistral - name: Initiate database - vars: - ansible_ssh_pipelining: true become: yes become_user: postgres shell: psql < /etc/mistral/init_mistral_db.SQL diff --git a/roles/st2repos/tasks/debian.yml b/roles/st2repos/tasks/debian.yml new file mode 100644 index 00000000..a26933a7 --- /dev/null +++ b/roles/st2repos/tasks/debian.yml @@ -0,0 +1,23 @@ +--- +- name: Install prereqs (Debian) + become: yes + apt: + name: "{{ item }}" + state: present + with_items: + - debian-archive-keyring + - apt-transport-https + +- name: Add keys to keyring + become: yes + apt_key: + id: 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB + url: https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/gpgkey + state: present + +- name: Add StackStorm repos + become: yes + apt_repository: + repo: 'deb https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main' + state: present + update_cache: yes diff --git a/roles/st2repos/tasks/main.yml b/roles/st2repos/tasks/main.yml index 56cadb07..07a4d5f4 100644 --- a/roles/st2repos/tasks/main.yml +++ b/roles/st2repos/tasks/main.yml @@ -1,22 +1,4 @@ --- -- name: Install prereqs - become: yes - apt: - name: "{{ item }}" - state: present - with_items: - - debian-archive-keyring - - apt-transport-https +# tasks file for st2repos -- name: Add keys to keyring - become: yes - apt_key: - url: https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/gpgkey - state: present - -- name: Add StackStorm repos - become: yes - apt_repository: - repo: 'deb https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main' - state: present - update_cache: yes +- include: "{{ ansible_os_family|lower }}.yml" diff --git a/roles/st2repos/tasks/redhat.yml b/roles/st2repos/tasks/redhat.yml new file mode 100644 index 00000000..57b383cf --- /dev/null +++ b/roles/st2repos/tasks/redhat.yml @@ -0,0 +1,24 @@ +--- +# Fixes "Failure talking to yum: Cannot retrieve repository metadata (repomd.xml) for repository: StackStorm_stable. Please verify its path and try again" when installing st2 +- name: Update ca-certificates package + become: yes + yum: + name: ca-certificates + state: latest + tags: skip_ansible_lint + +- name: Add ST2 Repo + become: yes + yum_repository: + name: "StackStorm_{{ st2_pkg_repo }}" + description: "StackStorm_{{ st2_pkg_repo }}" + file: "StackStorm_{{ st2_pkg_repo }}" + baseurl: https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/el/{{ ansible_distribution_major_version }}/$basearch + repo_gpgcheck: yes + gpgkey: "https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/gpgkey" + sslcacert: /etc/pki/tls/certs/ca-bundle.crt + metadata_expire: 300 + gpgcheck: no + enabled: yes + sslverify: yes + register: st2_repo_installed