From 831912fc3bbc6ba37a77df9a651dafc7eea78c61 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Tue, 21 May 2024 16:27:17 +0400 Subject: [PATCH] roles/all: make it easier to use enterprise version for binary deployments - add configuration parameter to enable enterprise binaries - add configuration parameters to provide license key - add MoM vmagent for cluster integration molecule Signed-off-by: Zakhar Bessarab --- Makefile | 78 ++++++++- .../molecule/cluster-enterprise/converge.yml | 117 +++++++++++++ .../molecule/cluster-enterprise/molecule.yml | 157 ++++++++++++++++++ .../cluster-enterprise/tests/test_default.yml | 4 + .../molecule/cluster-enterprise/verify.yml | 93 +++++++++++ playbooks/molecule/cluster/converge.yml | 54 ++++++ roles/single/README.md | 5 +- roles/single/defaults/main.yml | 5 +- .../molecule/docker-enterprise/converge.yml | 18 ++ .../molecule/docker-enterprise/molecule.yml | 27 +++ .../molecule/docker-enterprise/verify.yml | 31 ++++ roles/single/tasks/main.yml | 2 + roles/single/tasks/preinstall_license.yml | 38 +++++ roles/vmagent/README.md | 7 +- roles/vmagent/defaults/main.yml | 5 +- .../molecule/docker-enterprise/converge.yml | 16 ++ .../molecule/docker-enterprise/molecule.yml | 25 +++ .../docker-enterprise/tests/test_default.yml | 4 + .../molecule/docker-enterprise/verify.yml | 93 +++++++++++ roles/vmagent/tasks/main.yml | 3 +- roles/vmagent/tasks/preinstall_license.yml | 37 +++++ roles/vmalert/README.md | 5 +- roles/vmalert/defaults/main.yml | 5 +- .../molecule/docker-enterprise/converge.yml | 11 ++ .../molecule/docker-enterprise/molecule.yml | 25 +++ .../molecule/docker-enterprise/verify.yml | 9 + roles/vmalert/tasks/configure.yml | 3 +- roles/vmalert/tasks/main.yml | 2 + roles/vmalert/tasks/preinstall_license.yml | 36 ++++ roles/vmauth/README.md | 5 +- roles/vmauth/defaults/main.yml | 7 +- roles/vmauth/molecule/enterprise/converge.yml | 11 ++ roles/vmauth/molecule/enterprise/molecule.yml | 25 +++ .../enterprise/tests/test_default.yml | 4 + roles/vmauth/molecule/enterprise/verify.yml | 93 +++++++++++ roles/vmauth/tasks/main.yml | 2 + roles/vmauth/tasks/preinstall_license.yml | 37 +++++ roles/vmauth/templates/vmauth.service.j2 | 2 +- roles/vminsert/README.md | 5 +- roles/vminsert/defaults/main.yml | 5 +- .../vminsert/molecule/enterprise/converge.yml | 16 ++ .../vminsert/molecule/enterprise/molecule.yml | 25 +++ .../enterprise/tests/test_default.yml | 4 + roles/vminsert/molecule/enterprise/verify.yml | 93 +++++++++++ roles/vminsert/tasks/main.yml | 2 + roles/vminsert/tasks/preinstall_license.yml | 37 +++++ roles/vmselect/README.md | 5 +- roles/vmselect/defaults/main.yml | 5 +- .../vmselect/molecule/enterprise/converge.yml | 11 ++ .../vmselect/molecule/enterprise/molecule.yml | 25 +++ .../enterprise/tests/test_default.yml | 4 + roles/vmselect/molecule/enterprise/verify.yml | 93 +++++++++++ roles/vmselect/tasks/main.yml | 2 + roles/vmselect/tasks/preinstall_license.yml | 37 +++++ roles/vmstorage/README.md | 5 +- roles/vmstorage/defaults/main.yml | 5 +- .../molecule/enterprise/converge.yml | 11 ++ .../molecule/enterprise/molecule.yml | 25 +++ .../enterprise/tests/test_default.yml | 4 + .../vmstorage/molecule/enterprise/verify.yml | 93 +++++++++++ roles/vmstorage/tasks/main.yml | 2 + roles/vmstorage/tasks/preinstall_license.yml | 35 ++++ 62 files changed, 1627 insertions(+), 23 deletions(-) create mode 100644 playbooks/molecule/cluster-enterprise/converge.yml create mode 100644 playbooks/molecule/cluster-enterprise/molecule.yml create mode 100644 playbooks/molecule/cluster-enterprise/tests/test_default.yml create mode 100644 playbooks/molecule/cluster-enterprise/verify.yml create mode 100644 roles/single/molecule/docker-enterprise/converge.yml create mode 100644 roles/single/molecule/docker-enterprise/molecule.yml create mode 100644 roles/single/molecule/docker-enterprise/verify.yml create mode 100644 roles/single/tasks/preinstall_license.yml create mode 100644 roles/vmagent/molecule/docker-enterprise/converge.yml create mode 100644 roles/vmagent/molecule/docker-enterprise/molecule.yml create mode 100644 roles/vmagent/molecule/docker-enterprise/tests/test_default.yml create mode 100644 roles/vmagent/molecule/docker-enterprise/verify.yml create mode 100644 roles/vmagent/tasks/preinstall_license.yml create mode 100644 roles/vmalert/molecule/docker-enterprise/converge.yml create mode 100644 roles/vmalert/molecule/docker-enterprise/molecule.yml create mode 100644 roles/vmalert/molecule/docker-enterprise/verify.yml create mode 100644 roles/vmalert/tasks/preinstall_license.yml create mode 100644 roles/vmauth/molecule/enterprise/converge.yml create mode 100644 roles/vmauth/molecule/enterprise/molecule.yml create mode 100644 roles/vmauth/molecule/enterprise/tests/test_default.yml create mode 100644 roles/vmauth/molecule/enterprise/verify.yml create mode 100644 roles/vmauth/tasks/preinstall_license.yml create mode 100644 roles/vminsert/molecule/enterprise/converge.yml create mode 100644 roles/vminsert/molecule/enterprise/molecule.yml create mode 100644 roles/vminsert/molecule/enterprise/tests/test_default.yml create mode 100644 roles/vminsert/molecule/enterprise/verify.yml create mode 100644 roles/vminsert/tasks/preinstall_license.yml create mode 100644 roles/vmselect/molecule/enterprise/converge.yml create mode 100644 roles/vmselect/molecule/enterprise/molecule.yml create mode 100644 roles/vmselect/molecule/enterprise/tests/test_default.yml create mode 100644 roles/vmselect/molecule/enterprise/verify.yml create mode 100644 roles/vmselect/tasks/preinstall_license.yml create mode 100644 roles/vmstorage/molecule/enterprise/converge.yml create mode 100644 roles/vmstorage/molecule/enterprise/molecule.yml create mode 100644 roles/vmstorage/molecule/enterprise/tests/test_default.yml create mode 100644 roles/vmstorage/molecule/enterprise/verify.yml create mode 100644 roles/vmstorage/tasks/preinstall_license.yml diff --git a/Makefile b/Makefile index e38d82f..c4ca72a 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ init-venv: - python3 -m venv .venv - . .venv/bin/activate - pip install -r requirements.txt + python3 -m venv .venv; \ + . .venv/bin/activate; \ + pip install -r requirements.txt; \ ansible-galaxy collection install community.general==8.3.0 lint: @@ -40,13 +40,47 @@ molecule-converge-vmauth: make activate-venv; \ cd roles/vmauth && molecule converge +molecule-converge-single-enterprise: + make activate-venv; \ + cd roles/single && molecule converge -s docker-enterprise + +molecule-converge-vmagent-enterprise: + make activate-venv; \ + cd roles/vmagent && molecule converge -s docker-enterprise + +molecule-converge-vmalert-enterprise: + make activate-venv; \ + cd roles/vmalert && molecule converge -s docker-enterprise + +molecule-converge-vminsert-enterprise: + make activate-venv; \ + cd roles/vminsert && molecule converge -s enterprise + +molecule-converge-vmstorage-enterprise: + make activate-venv; \ + cd roles/vmstorage && molecule converge -s enterprise + +molecule-converge-vmselect-enterprise: + make activate-venv; \ + cd roles/vmselect && molecule converge -s enterprise + +molecule-converge-vmauth-enterprise: + make activate-venv; \ + cd roles/vmauth && molecule converge -s enterprise + molecule-converge-cluster-integration: make activate-venv; \ cd playbooks/ && molecule converge -s cluster +molecule-converge-cluster-integration-enterprise: + make activate-venv; \ + cd playbooks/ && molecule converge -s cluster-enterprise + molecule-converge: molecule-converge-single molecule-converge-vmagent molecule-converge-vmalert molecule-converge-vminsert molecule-converge-vmstorage molecule-converge-vmselect molecule-converge-vmauth -molecule-converge-integration: molecule-converge-cluster-integration +molecule-converge-enterprise: molecule-converge-single-enterprise molecule-converge-vmagent-enterprise molecule-converge-vmalert-enterprise molecule-converge-vminsert-enterprise molecule-converge-vmstorage-enterprise molecule-converge-vmselect-enterprise molecule-converge-vmauth-enterprise + +molecule-converge-integration: molecule-converge-cluster-integration molecule-converge-cluster-integration-enterprise molecule-destroy-single: make activate-venv; \ @@ -76,10 +110,44 @@ molecule-destroy-vmauth: make activate-venv; \ cd roles/vmauth && molecule destroy +molecule-destroy-single-enterprise: + make activate-venv; \ + cd roles/single && molecule destroy -s docker-enterprise + +molecule-destroy-vmagent-enterprise: + make activate-venv; \ + cd roles/vmagent && molecule destroy -s docker-enterprise + +molecule-destroy-vmalert-enterprise: + make activate-venv; \ + cd roles/vmalert && molecule destroy -s docker-enterprise + +molecule-destroy-vminsert-enterprise: + make activate-venv; \ + cd roles/vminsert && molecule destroy -s enterprise + +molecule-destroy-vmstorage-enterprise: + make activate-venv; \ + cd roles/vmstorage && molecule destroy -s enterprise + +molecule-destroy-vmselect-enterprise: + make activate-venv; \ + cd roles/vmselect && molecule destroy -s enterprise + +molecule-destroy-vmauth-enterprise: + make activate-venv; \ + cd roles/vmauth && molecule destroy -s enterprise + molecule-destroy-cluster-integration: make activate-venv; \ cd playbooks/ && molecule destroy -s cluster +molecule-destroy-cluster-integration-enterprise: + make activate-venv; \ + cd playbooks/ && molecule destroy -s cluster-enterprise + molecule-destroy: molecule-destroy-single molecule-destroy-vmagent molecule-destroy-vmalert molecule-destroy-vminsert molecule-destroy-vmstorage molecule-destroy-vmselect molecule-destroy-vmauth molecule-destroy-cluster-integration -molecule-destroy-integration: molecule-destroy-cluster-integration +molecule-destroy-enterprise: molecule-destroy-single-enterprise molecule-destroy-vmagent-enterprise molecule-destroy-vmalert-enterprise molecule-destroy-vminsert-enterprise molecule-destroy-vmstorage-enterprise molecule-destroy-vmselect-enterprise molecule-destroy-vmauth-enterprise molecule-destroy-cluster-integration + +molecule-destroy-integration: molecule-destroy-cluster-integration molecule-destroy-cluster-integration-enterprise diff --git a/playbooks/molecule/cluster-enterprise/converge.yml b/playbooks/molecule/cluster-enterprise/converge.yml new file mode 100644 index 0000000..87599a3 --- /dev/null +++ b/playbooks/molecule/cluster-enterprise/converge.yml @@ -0,0 +1,117 @@ +--- +- name: Setup storage + become: true + hosts: vmstorage + vars: + vmstorage_enterprise: "true" + vmstorage_license_key: "fake" + vmstorage_config: + retentionPeriod: "12" + storageDataPath: "/var/lib/vmstorage" + dedup.minScrapeInterval: "1ms" + roles: + - vmstorage + +- name: Setup vmselect + become: true + hosts: vmselect + vars: + vmselect_enterprise: "true" + vmselect_license_key: "fake" + vmselect_cache_dir: "/var/lib/vmselect" + vmselect_config: + cacheDataPath: "/var/lib/vmselect" + storageNode: "{{ groups['vmstorage'] | join(',') }}" + dedup.minScrapeInterval: 1ms + roles: + - vmselect + +- name: Setup vminsert + become: true + hosts: vminsert + vars: + vminsert_enterprise: "true" + vminsert_license_key: "fake" + vminsert_config: + replicationFactor: 1 + storageNode: "{{ groups['vmstorage'] | join(',') }}" + roles: + - vminsert + +- name: Setup vmauth + become: true + hosts: vmauth + vars: + # See: https://docs.victoriametrics.com/vmauth/#load-balancer-for-victoriametrics-cluster + vmauth_auth_config: |- + unauthorized_user: + url_map: + - src_paths: + - "/insert/.+" + url_prefix: + {% for insert in groups['vminsert'] %} + - "http://{{ insert }}:8480/" + {% endfor %} + + - src_paths: + - "/select/.+" + url_prefix: + {% for select in groups['vmselect'] %} + - "http://{{ select }}:8481/" + {% endfor %} + roles: + - vmauth + +- name: Setup vmagent MoM + become: true + hosts: vmagent-mom + vars: + vmstorage_targets: [ ] + vminsert_targets: [ ] + vmselect_targets: [ ] + + vmagent_mom_targets: [ ] + vmagent_enterprise: true + vmagent_license_key: "fake" + vmagent_service_args: + "remoteWrite.url": "http://{{ groups['vmauth'] | first }}:8427/insert/10/prometheus/api/v1/write" + "promscrape.config": "{{ vmagent_config_dir }}/config.yml" + "remoteWrite.tmpDataPath": "{{ vmagent_tmp_data_path }}" + vmagent_scrape_config: + scrape_configs: + - job_name: vmagent + static_configs: + - targets: "{{ vmagent_mom_targets }}" + - job_name: vmstorage + static_configs: + - targets: "{{ vmstorage_targets }}" + + - job_name: vmselect + static_configs: + - targets: "{{ vmselect_targets }}" + + - job_name: vminsert + static_configs: + - targets: "{{ vminsert_targets }}" + pre_tasks: + - name: Prepare vmstorage list + ansible.builtin.set_fact: + vmstorage_targets: "{{ vmstorage_targets + [item + ':8482'] }}" + loop: "{{ groups['vmstorage'] }}" + + - name: Prepare vminsert list + ansible.builtin.set_fact: + vminsert_targets: "{{ vminsert_targets + [item + ':8480'] }}" + loop: "{{ groups['vminsert'] }}" + + - name: Prepare vmselect list + ansible.builtin.set_fact: + vmselect_targets: "{{ vmselect_targets + [item + ':8481'] }}" + loop: "{{ groups['vmselect'] }}" + + - name: Prepare vmagent-mom list + ansible.builtin.set_fact: + vmagent_mom_targets: "{{ vmagent_mom_targets + [item + ':8429'] }}" + loop: "{{ groups['vmagent-mom'] }}" + roles: + - vmagent diff --git a/playbooks/molecule/cluster-enterprise/molecule.yml b/playbooks/molecule/cluster-enterprise/molecule.yml new file mode 100644 index 0000000..28245d6 --- /dev/null +++ b/playbooks/molecule/cluster-enterprise/molecule.yml @@ -0,0 +1,157 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmstorage-1 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmstorage + - name: vmstorage-2 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmstorage + - name: vmstorage-3 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmstorage + + - name: vminsert-1 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vminsert + - name: vminsert-2 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vminsert + + - name: vmselect-1 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmselect + - name: vmselect-2 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmselect + + - name: vmauth-1 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmauth + - name: vmauth-2 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmauth + + - name: vmagent-1 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmagent-mom + - name: vmagent-2 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + networks: + - name: cluster + groups: + - vmagent-mom + + +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: "../../../roles" + ANSIBLE_CONFIG: ../../../ansible.cfg +verifier: + name: ansible diff --git a/playbooks/molecule/cluster-enterprise/tests/test_default.yml b/playbooks/molecule/cluster-enterprise/tests/test_default.yml new file mode 100644 index 0000000..a125356 --- /dev/null +++ b/playbooks/molecule/cluster-enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vmauth": + enabled: true + running: true diff --git a/playbooks/molecule/cluster-enterprise/verify.yml b/playbooks/molecule/cluster-enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/playbooks/molecule/cluster-enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/playbooks/molecule/cluster/converge.yml b/playbooks/molecule/cluster/converge.yml index b89a031..60af714 100644 --- a/playbooks/molecule/cluster/converge.yml +++ b/playbooks/molecule/cluster/converge.yml @@ -48,3 +48,57 @@ roles: - vmauth + +- name: Setup vmagent MoM + become: true + hosts: vmagent-mom + vars: + vmstorage_targets: [ ] + vminsert_targets: [ ] + vmselect_targets: [ ] + + vmagent_mom_targets: [ ] + vmagent_enterprise: true + vmagent_license_key: "fake" + vmagent_service_args: + "remoteWrite.url": "http://{{ groups['vmauth'] | first }}:8427/insert/10/prometheus/api/v1/write" + "promscrape.config": "{{ vmagent_config_dir }}/config.yml" + "remoteWrite.tmpDataPath": "{{ vmagent_tmp_data_path }}" + vmagent_scrape_config: + scrape_configs: + - job_name: vmagent + static_configs: + - targets: "{{ vmagent_mom_targets }}" + - job_name: vmstorage + static_configs: + - targets: "{{ vmstorage_targets }}" + + - job_name: vmselect + static_configs: + - targets: "{{ vmselect_targets }}" + + - job_name: vminsert + static_configs: + - targets: "{{ vminsert_targets }}" + pre_tasks: + - name: Prepare vmstorage list + ansible.builtin.set_fact: + vmstorage_targets: "{{ vmstorage_targets + [item + ':8482'] }}" + loop: "{{ groups['vmstorage'] }}" + + - name: Prepare vminsert list + ansible.builtin.set_fact: + vminsert_targets: "{{ vminsert_targets + [item + ':8480'] }}" + loop: "{{ groups['vminsert'] }}" + + - name: Prepare vmselect list + ansible.builtin.set_fact: + vmselect_targets: "{{ vmselect_targets + [item + ':8481'] }}" + loop: "{{ groups['vmselect'] }}" + + - name: Prepare vmagent-mom list + ansible.builtin.set_fact: + vmagent_mom_targets: "{{ vmagent_mom_targets + [item + ':8429'] }}" + loop: "{{ groups['vmagent-mom'] }}" + roles: + - vmagent diff --git a/roles/single/README.md b/roles/single/README.md index e51c13e..57b5ee6 100644 --- a/roles/single/README.md +++ b/roles/single/README.md @@ -9,7 +9,10 @@ See full list at [defaults.yml](./defaults/main.yml) | Parameter | Description | Default | |-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------| | victoriametrics_repo_url | Repository to get binaries | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| victoriametrics_version | Version to install | `v1.101.0` | +| victoriametrics_version | Version to install | `v1.101.0` | +| victoriametrics_enterprise | Whether to use enterprise version of binaries. | `false` | +| victoriametrics_license_key | License key for VictoriaMetrics enterprise. | `""` | +| victoriametrics_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | victoriametrics_download_url | Resulting download url. | `"{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/vmutils-{{ go_arch }}-{{ victoriametrics_version }}.tar.gz"` | | victoriametrics_utils_download_url | Resulting download url. | `"{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/vmutils-{{ go_arch }}-{{ victoriametrics_version }}.tar.gz"` | | victoriametrics_system_user | User to run service. | `victoriametrics` | diff --git a/roles/single/defaults/main.yml b/roles/single/defaults/main.yml index 034ee16..e075553 100644 --- a/roles/single/defaults/main.yml +++ b/roles/single/defaults/main.yml @@ -1,9 +1,12 @@ --- victoriametrics_version: "v1.101.0" +victoriametrics_enterprise: false +victoriametrics_license_key: "" +victoriametrics_license_key_file: "" victoriametrics_platform: "{% if victoriametrics_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" victoriametrics_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" -victoriametrics_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/victoria-metrics{{ victoriametrics_platform }}-{{ go_arch }}-{{ victoriametrics_version }}.tar.gz" +victoriametrics_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/victoria-metrics{{ victoriametrics_platform }}-{{ go_arch }}-{{ victoriametrics_version }}{%if victoriametrics_enterprise %}-enterprise{% endif %}.tar.gz" victoriametrics_utils_download_url: "{{ victoriametrics_repo_url }}/releases/download/{{ victoriametrics_version }}/vmutils{{ victoriametrics_platform }}-{{ go_arch }}-{{ victoriametrics_version }}.tar.gz" victoriametrics_system_user: "victoriametrics" diff --git a/roles/single/molecule/docker-enterprise/converge.yml b/roles/single/molecule/docker-enterprise/converge.yml new file mode 100644 index 0000000..bce7140 --- /dev/null +++ b/roles/single/molecule/docker-enterprise/converge.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + become: yes + vars: + victoriametrics_enterprise: true + victoriametrics_license_key_file: "/tmp/vm-license" + victoriametrics_data_dir: "/tmp/victoria-metrics/" + victoriametrics_backup_enabled: false + victoriametrics_service_envflag_enabled: true + victoriametrics_service_envflag_data: + - "graphiteListenAddr=127.0.0.1:12345" + victoriametrics_service_args: + storageDataPath: "{{ victoriametrics_data_dir }}" + tasks: + - name: "Include single" + ansible.builtin.include_role: + name: "single" diff --git a/roles/single/molecule/docker-enterprise/molecule.yml b/roles/single/molecule/docker-enterprise/molecule.yml new file mode 100644 index 0000000..0c58248 --- /dev/null +++ b/roles/single/molecule/docker-enterprise/molecule.yml @@ -0,0 +1,27 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy + +driver: + name: docker + +platforms: + - name: vmsingle-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible + +verifier: + name: ansible diff --git a/roles/single/molecule/docker-enterprise/verify.yml b/roles/single/molecule/docker-enterprise/verify.yml new file mode 100644 index 0000000..9e608bb --- /dev/null +++ b/roles/single/molecule/docker-enterprise/verify.yml @@ -0,0 +1,31 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + tasks: + - name: Check if port 12345 is listening + ansible.builtin.wait_for: + port: 12345 + delay: 5 + timeout: 10 + msg: "Timeout waiting for port to respond" + register: port_check + ignore_errors: yes + + - name: Validate victoria is listening + ansible.builtin.assert: + that: port_check is succeeded + + - name: Check if port 8428 is listening + ansible.builtin.wait_for: + port: 8428 + delay: 5 + timeout: 10 + msg: "Timeout waiting for port to respond" + register: port_check + ignore_errors: yes + + - name: Validate victoria is listening + ansible.builtin.assert: + that: port_check is succeeded diff --git a/roles/single/tasks/main.yml b/roles/single/tasks/main.yml index 0dca962..5c5fec3 100644 --- a/roles/single/tasks/main.yml +++ b/roles/single/tasks/main.yml @@ -1,5 +1,7 @@ --- # tasks file for VictoriaMetrics +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/single/tasks/preinstall_license.yml b/roles/single/tasks/preinstall_license.yml new file mode 100644 index 0000000..1b2ac14 --- /dev/null +++ b/roles/single/tasks/preinstall_license.yml @@ -0,0 +1,38 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: victoriametrics_license_key != "" or victoriametrics_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: victoriametrics_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: victoriametrics_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - victoriametrics_enterprise | bool + - victoriametrics_license_key != "" + + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: victoriametrics_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - victoriametrics_enterprise | bool + - victoriametrics_license_key_file != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + victoriametrics_service_args: "{{ victoriametrics_service_args | combine({'license': victoriametrics_license_key}) }}" + when: + - victoriametrics_enterprise | bool + - victoriametrics_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + victoriametrics_service_args: "{{ victoriametrics_service_args | combine({'licenseFile': victoriametrics_license_key_file}) }}" + when: + - victoriametrics_enterprise | bool + - victoriametrics_license_key_file != "" diff --git a/roles/vmagent/README.md b/roles/vmagent/README.md index 2ac7aa0..10701d4 100644 --- a/roles/vmagent/README.md +++ b/roles/vmagent/README.md @@ -13,7 +13,10 @@ The following table lists the configurable parameters of the roles and their def | Parameter | Description | Default | |-------------------------------------|----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------| | vmagent_repo_url | Repository to use for download. | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| vmagent_version | vmagent version | `v1.101.0` | +| vmagent_version | vmagent version | `v1.101.0` | +| vmagent_enterprise | Whether to use enterprise version of binaries. | `false` | +| vmagent_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vmagent_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vmagent_download_url | URL to download archive | `{{ vmagent_repo_url }}/releases/download/{{ vmagent_version }}/vmutils-{{ vmagent_version }}.tar.gz` | | vmagent_system_user | User to run vmagent | `vic_vm_agent` | | vmagent_system_group | Group for user of vmagent | `{{ vmagent_system_user }}` | @@ -22,7 +25,7 @@ The following table lists the configurable parameters of the roles and their def | vmagent_remote_write_host | Remote write host URL. | `http://localhost:8428` | | vmagent_service_args | Dict representing set of arguments for vmagent | See [defaults](defaults/main.yml) | | vmagent_scrape_config | Prometheus scrape configuration | See [defaults](defaults/main.yml) | -| vmagent_aggregation_config | Stream aggregation configuration | [] | +| vmagent_aggregation_config | Stream aggregation configuration | [] | | vmagent_install_download_to_control | Whether use control or remote host to download installation archive | true | | vmagent_systemd_protect_home | Configure Systemd home protection. See See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= | `"yes"` | | vm_proxy_http | Sets environment for downloading archive | `""` | diff --git a/roles/vmagent/defaults/main.yml b/roles/vmagent/defaults/main.yml index efa5bb7..07d7f90 100644 --- a/roles/vmagent/defaults/main.yml +++ b/roles/vmagent/defaults/main.yml @@ -1,9 +1,12 @@ --- vmagent_version: "v1.101.0" +vmagent_enterprise: false +vmagent_license_key: "" +vmagent_license_key_file: "" vmagent_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vmagent_platform: "{% if vmagent_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vmagent_download_url: "{{ vmagent_repo_url }}/releases/download/{{ vmagent_version }}/vmutils{{ vmagent_platform }}-{{ go_arch }}-{{ vmagent_version }}.tar.gz" +vmagent_download_url: "{{ vmagent_repo_url }}/releases/download/{{ vmagent_version }}/vmutils{{ vmagent_platform }}-{{ go_arch }}-{{ vmagent_version }}{%if vmagent_enterprise %}-enterprise{% endif %}.tar.gz" vmagent_system_user: "vic_vm_agent" vmagent_system_group: "{{ vmagent_system_user }}" diff --git a/roles/vmagent/molecule/docker-enterprise/converge.yml b/roles/vmagent/molecule/docker-enterprise/converge.yml new file mode 100644 index 0000000..44db9bb --- /dev/null +++ b/roles/vmagent/molecule/docker-enterprise/converge.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vmagent" + vars: + vmagent_enterprise: true + vmagent_license_key_file: "/tmp/vm-license" + vmagent_service_args: + "remoteWrite.url": + - "url1/api/v1/write" + - "url2/api/v1/write" + "remoteWrite.tmpDataPath": /tmp/vmagent + ansible.builtin.include_role: + name: "vmagent" diff --git a/roles/vmagent/molecule/docker-enterprise/molecule.yml b/roles/vmagent/molecule/docker-enterprise/molecule.yml new file mode 100644 index 0000000..5da1959 --- /dev/null +++ b/roles/vmagent/molecule/docker-enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmagent-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vmagent/molecule/docker-enterprise/tests/test_default.yml b/roles/vmagent/molecule/docker-enterprise/tests/test_default.yml new file mode 100644 index 0000000..f69064b --- /dev/null +++ b/roles/vmagent/molecule/docker-enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vic-vmagent": + enabled: true + running: true diff --git a/roles/vmagent/molecule/docker-enterprise/verify.yml b/roles/vmagent/molecule/docker-enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/roles/vmagent/molecule/docker-enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/roles/vmagent/tasks/main.yml b/roles/vmagent/tasks/main.yml index 793b500..b3c9d0a 100644 --- a/roles/vmagent/tasks/main.yml +++ b/roles/vmagent/tasks/main.yml @@ -1,5 +1,6 @@ --- - +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vmagent/tasks/preinstall_license.yml b/roles/vmagent/tasks/preinstall_license.yml new file mode 100644 index 0000000..15e90d9 --- /dev/null +++ b/roles/vmagent/tasks/preinstall_license.yml @@ -0,0 +1,37 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vmagent_license_key != "" or vmagent_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vmagent_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmagent_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vmagent_enterprise | bool + - vmagent_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmagent_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vmagent_enterprise | bool + - vmagent_license_key_file != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmagent_service_args: "{{ vmagent_service_args | combine({'license': vmagent_license_key}) }}" + when: + - vmagent_enterprise | bool + - vmagent_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmagent_service_args: "{{ vmagent_service_args | combine({'licenseFile': vmagent_license_key_file}) }}" + when: + - vmagent_enterprise | bool + - vmagent_license_key_file != "" diff --git a/roles/vmalert/README.md b/roles/vmalert/README.md index 07fae51..00eb588 100644 --- a/roles/vmalert/README.md +++ b/roles/vmalert/README.md @@ -9,7 +9,10 @@ Installs `vmalert` as binary running with systemd | Parameter | Description | Default | |----------------------------------|-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------| | vic_vm_alert_repo_url | Repository to get binaries | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| vic_vm_alert_version | Version to install | `v1.101.0` | +| vic_vm_alert_version | Version to install | `v1.101.0` | +| vic_vm_alert_enterprise | Whether to use enterprise version of binaries. | `false` | +| vic_vm_alert_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vic_vm_alert_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vic_vm_alert_download_url | Resulting download url. | `"{{ vic_vm_alert_repo_url }}/releases/download/{{ vic_vm_alert_version }}/vmutils-{{ go_arch }}-{{ vic_vm_alert_version }}.tar.gz"` | | vic_vm_alert_system_user | User to run `vmalert`. | `vic_vm_alert` | | vic_vm_alert_system_group | Group to run `vmalert`. | `{{ vic_vm_alert_system_user }}` | diff --git a/roles/vmalert/defaults/main.yml b/roles/vmalert/defaults/main.yml index a613507..1597c37 100644 --- a/roles/vmalert/defaults/main.yml +++ b/roles/vmalert/defaults/main.yml @@ -1,9 +1,12 @@ --- vic_vm_alert_version: "v1.101.0" +vic_vm_alert_enterprise: false +vic_vm_alert_license_key: "" +vic_vm_alert_license_key_file: "" vic_vm_alert_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vic_vm_alert_platform: "{% if vic_vm_alert_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vic_vm_alert_download_url: "{{ vic_vm_alert_repo_url }}/releases/download/{{ vic_vm_alert_version }}/vmutils{{ vic_vm_alert_platform }}-{{ go_arch }}-{{ vic_vm_alert_version }}.tar.gz" +vic_vm_alert_download_url: "{{ vic_vm_alert_repo_url }}/releases/download/{{ vic_vm_alert_version }}/vmutils{{ vic_vm_alert_platform }}-{{ go_arch }}-{{ vic_vm_alert_version }}{%if vic_vm_alert_enterprise %}-enterprise{% endif %}.tar.gz" vic_vm_alert_system_user: "vic_vm_alert" vic_vm_alert_system_group: "{{ vic_vm_alert_system_user }}" vic_vm_alert_config_dir: "/opt/vic-vmalert" diff --git a/roles/vmalert/molecule/docker-enterprise/converge.yml b/roles/vmalert/molecule/docker-enterprise/converge.yml new file mode 100644 index 0000000..3cfcfab --- /dev/null +++ b/roles/vmalert/molecule/docker-enterprise/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vmalert" + vars: + vic_vm_alert_enterprise: true + vic_vm_alert_license_key_file: "/tmp/vm-license" + ansible.builtin.include_role: + name: "vmalert" diff --git a/roles/vmalert/molecule/docker-enterprise/molecule.yml b/roles/vmalert/molecule/docker-enterprise/molecule.yml new file mode 100644 index 0000000..fd9fa50 --- /dev/null +++ b/roles/vmalert/molecule/docker-enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmalert-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vmalert/molecule/docker-enterprise/verify.yml b/roles/vmalert/molecule/docker-enterprise/verify.yml new file mode 100644 index 0000000..86afba4 --- /dev/null +++ b/roles/vmalert/molecule/docker-enterprise/verify.yml @@ -0,0 +1,9 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + tasks: + - name: Example assertion + ansible.builtin.assert: + that: true diff --git a/roles/vmalert/tasks/configure.yml b/roles/vmalert/tasks/configure.yml index e54fe68..af4945b 100644 --- a/roles/vmalert/tasks/configure.yml +++ b/roles/vmalert/tasks/configure.yml @@ -58,6 +58,7 @@ mode: 0751 owner: "{{ vic_vm_alert_system_user }}" group: "{{ vic_vm_alert_system_group }}" - validate: "/usr/local/bin/vmalert-prod -dryRun -rule %s" + validate: "/usr/local/bin/vmalert-prod {% for k, v in vic_vm_alert_service_args.items() %}{% if k.startswith('license') %} -{{ k }}={{ v }} {%endif %}{% endfor %} -dryRun -rule %s" backup: yes notify: Restart VMalert service + tags: notest # skip in molecule since there is no valid license provided in tests diff --git a/roles/vmalert/tasks/main.yml b/roles/vmalert/tasks/main.yml index f9ae994..f1d18cf 100644 --- a/roles/vmalert/tasks/main.yml +++ b/roles/vmalert/tasks/main.yml @@ -1,4 +1,6 @@ --- +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vmalert/tasks/preinstall_license.yml b/roles/vmalert/tasks/preinstall_license.yml new file mode 100644 index 0000000..3f52ddd --- /dev/null +++ b/roles/vmalert/tasks/preinstall_license.yml @@ -0,0 +1,36 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vic_vm_alert_license_key != "" or vic_vm_alert_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vic_vm_alert_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vic_vm_alert_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vic_vm_alert_enterprise | bool + - vic_vm_alert_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vic_vm_alert_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vic_vm_alert_enterprise | bool + - vic_vm_alert_license_key_file != "" + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vic_vm_alert_service_args: "{{ vic_vm_alert_service_args | combine({'license': vic_vm_alert_license_key}) }}" + when: + - vic_vm_alert_enterprise | bool + - vic_vm_alert_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vic_vm_alert_service_args: "{{ vic_vm_alert_service_args | combine({'licenseFile': vic_vm_alert_license_key_file}) }}" + when: + - vic_vm_alert_enterprise | bool + - vic_vm_alert_license_key_file != "" diff --git a/roles/vmauth/README.md b/roles/vmauth/README.md index 0a125e8..398d1e3 100644 --- a/roles/vmauth/README.md +++ b/roles/vmauth/README.md @@ -9,7 +9,10 @@ The following table lists the configurable parameters of the roles and their def | Parameter | Description | Default | |------------------------------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------| | vmauth_repo_url | Repository to use for download. | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| vmauth_version | vmauth version | `v1.101.0` | +| vmauth_version | vmauth version | `v1.101.0` | +| vmauth_enterprise | Whether to use enterprise version of binaries. | `false` | +| vmauth_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vmauth_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vmauth_download_url | URL to download archive | `{{ vmauth_repo_url }}/releases/download/{{ vmauth_version }}/vmutils-{{ vmauth_version }}.tar.gz` | | vmauth_system_user | User to run vmauth | `victoriametrics` | | vmauth_system_group | Group for user of vmauth | `{{ vmauth_system_user }}` | diff --git a/roles/vmauth/defaults/main.yml b/roles/vmauth/defaults/main.yml index ba7e0ff..cdb6f92 100644 --- a/roles/vmauth/defaults/main.yml +++ b/roles/vmauth/defaults/main.yml @@ -1,15 +1,20 @@ --- vmauth_version: "v1.101.0" +vmauth_enterprise: false +vmauth_license_key: "" +vmauth_license_key_file: "" vmauth_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vmauth_platform: "{% if vmauth_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vmauth_download_url: "{{ vmauth_repo_url }}/releases/download/{{ vmauth_version }}/vmutils{{ vmauth_platform }}-{{ go_arch }}-{{ vmauth_version }}.tar.gz" +vmauth_download_url: "{{ vmauth_repo_url }}/releases/download/{{ vmauth_version }}/vmutils{{ vmauth_platform }}-{{ go_arch }}-{{ vmauth_version }}{%if vmauth_enterprise %}-enterprise{% endif %}.tar.gz" vmauth_system_user: "victoriametrics" vmauth_system_group: "{{ vmauth_system_user }}" vmauth_service_state: started vmauth_service_enabled: true +vmauth_service_args: {} + vmauth_exec_start_post: "" vmauth_exec_stop: "" diff --git a/roles/vmauth/molecule/enterprise/converge.yml b/roles/vmauth/molecule/enterprise/converge.yml new file mode 100644 index 0000000..9ff2724 --- /dev/null +++ b/roles/vmauth/molecule/enterprise/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vmauth" + vars: + vmauth_enterprise: true + vmauth_license_key_file: "/tmp/vm-license" + ansible.builtin.include_role: + name: "vmauth" diff --git a/roles/vmauth/molecule/enterprise/molecule.yml b/roles/vmauth/molecule/enterprise/molecule.yml new file mode 100644 index 0000000..2fbfc56 --- /dev/null +++ b/roles/vmauth/molecule/enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmauth-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vmauth/molecule/enterprise/tests/test_default.yml b/roles/vmauth/molecule/enterprise/tests/test_default.yml new file mode 100644 index 0000000..a125356 --- /dev/null +++ b/roles/vmauth/molecule/enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vmauth": + enabled: true + running: true diff --git a/roles/vmauth/molecule/enterprise/verify.yml b/roles/vmauth/molecule/enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/roles/vmauth/molecule/enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/roles/vmauth/tasks/main.yml b/roles/vmauth/tasks/main.yml index f9ae994..f1d18cf 100644 --- a/roles/vmauth/tasks/main.yml +++ b/roles/vmauth/tasks/main.yml @@ -1,4 +1,6 @@ --- +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vmauth/tasks/preinstall_license.yml b/roles/vmauth/tasks/preinstall_license.yml new file mode 100644 index 0000000..68a405a --- /dev/null +++ b/roles/vmauth/tasks/preinstall_license.yml @@ -0,0 +1,37 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vmauth_license_key != "" or vmauth_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vmauth_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmauth_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vmauth_enterprise | bool + - vmauth_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmauth_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vmauth_enterprise | bool + - vmauth_license_key_file != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmauth_service_args: "{{ vmauth_service_args | combine({'license': vmauth_license_key}) }}" + when: + - vmauth_enterprise | bool + - vmauth_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmauth_service_args: "{{ vmauth_service_args | combine({'licenseFile': vmauth_license_key_file}) }}" + when: + - vmauth_enterprise | bool + - vmauth_license_key_file != "" diff --git a/roles/vmauth/templates/vmauth.service.j2 b/roles/vmauth/templates/vmauth.service.j2 index 35fadca..8645f86 100644 --- a/roles/vmauth/templates/vmauth.service.j2 +++ b/roles/vmauth/templates/vmauth.service.j2 @@ -9,7 +9,7 @@ User={{ vmauth_system_user }} Group={{ vmauth_system_group }} Restart=always EnvironmentFile={{ vmauth_config_dir }}/vmauth.conf -ExecStart={{ vmauth_bin_dir }}/vmauth-prod -envflag.enable -auth.config={{ vmauth_config_dir }}/auth.yaml +ExecStart={{ vmauth_bin_dir }}/vmauth-prod -envflag.enable -auth.config={{ vmauth_config_dir }}/auth.yaml {% for flag, flag_value in vmauth_service_args.items() %}--{{ flag }}={{ flag_value }} {% endfor %} PrivateTmp=yes ProtectHome={{ vmauth_systemd_protect_home }} diff --git a/roles/vminsert/README.md b/roles/vminsert/README.md index ea9a329..c521eba 100644 --- a/roles/vminsert/README.md +++ b/roles/vminsert/README.md @@ -9,7 +9,10 @@ The following table lists the configurable parameters of the roles and their def | Parameter | Description | Default | |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| | vminsert_repo_url | Repository to use for download. | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| vminsert_version | vminsert version | `v1.101.0` | +| vminsert_version | vminsert version | `v1.101.0` | +| vminsert_enterprise | Whether to use enterprise version of binaries. | `false` | +| vminsert_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vminsert_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vminsert_download_url | URL to download archive | `{{ vminsert_repo_url }}/releases/download/{{ vminsert_version }}/vmutils-{{ vminsert_version }}.tar.gz` | | vminsert_system_user | User to run vminsert | `victoriametrics` | | vminsert_system_group | Group for user of vminsert | `{{ vminsert_system_user }}` | diff --git a/roles/vminsert/defaults/main.yml b/roles/vminsert/defaults/main.yml index 12859a3..e876f07 100644 --- a/roles/vminsert/defaults/main.yml +++ b/roles/vminsert/defaults/main.yml @@ -1,9 +1,12 @@ --- vminsert_version: "v1.101.0" +vminsert_enterprise: false +vminsert_license_key: "" +vminsert_license_key_file: "" vminsert_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vminsert_platform: "{% if vminsert_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vminsert_download_url: "{{ vminsert_repo_url }}/releases/download/{{ vminsert_version }}/victoria-metrics{{ vminsert_platform }}-{{ go_arch }}-{{ vminsert_version }}-cluster.tar.gz" +vminsert_download_url: "{{ vminsert_repo_url }}/releases/download/{{ vminsert_version }}/victoria-metrics{{ vminsert_platform }}-{{ go_arch }}-{{ vminsert_version }}{%if vminsert_enterprise %}-enterprise{% endif %}-cluster.tar.gz" vminsert_system_user: "victoriametrics" vminsert_system_group: "{{ vminsert_system_user }}" diff --git a/roles/vminsert/molecule/enterprise/converge.yml b/roles/vminsert/molecule/enterprise/converge.yml new file mode 100644 index 0000000..8572853 --- /dev/null +++ b/roles/vminsert/molecule/enterprise/converge.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vminsert" + vars: + vminsert_enterprise: true + vminsert_license_key_file: "/tmp/vm-license" + vminsert_relabel_config: | + - source_labels: [__address__] + target_label: instance + regex: '(.+):.*' + replacement: '${1}' + ansible.builtin.include_role: + name: "vminsert" diff --git a/roles/vminsert/molecule/enterprise/molecule.yml b/roles/vminsert/molecule/enterprise/molecule.yml new file mode 100644 index 0000000..d278691 --- /dev/null +++ b/roles/vminsert/molecule/enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vminsert-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vminsert/molecule/enterprise/tests/test_default.yml b/roles/vminsert/molecule/enterprise/tests/test_default.yml new file mode 100644 index 0000000..41d5176 --- /dev/null +++ b/roles/vminsert/molecule/enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vminsert": + enabled: true + running: true diff --git a/roles/vminsert/molecule/enterprise/verify.yml b/roles/vminsert/molecule/enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/roles/vminsert/molecule/enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/roles/vminsert/tasks/main.yml b/roles/vminsert/tasks/main.yml index f9ae994..f1d18cf 100644 --- a/roles/vminsert/tasks/main.yml +++ b/roles/vminsert/tasks/main.yml @@ -1,4 +1,6 @@ --- +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vminsert/tasks/preinstall_license.yml b/roles/vminsert/tasks/preinstall_license.yml new file mode 100644 index 0000000..63b16f5 --- /dev/null +++ b/roles/vminsert/tasks/preinstall_license.yml @@ -0,0 +1,37 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vminsert_license_key != "" or vminsert_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vminsert_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vminsert_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vminsert_enterprise | bool + - vminsert_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vminsert_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vminsert_enterprise | bool + - vminsert_license_key_file != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vminsert_config: "{{ vminsert_config | combine({'license': vminsert_license_key}) }}" + when: + - vminsert_enterprise | bool + - vminsert_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vminsert_config: "{{ vminsert_config | combine({'licenseFile': vminsert_license_key_file}) }}" + when: + - vminsert_enterprise | bool + - vminsert_license_key_file != "" diff --git a/roles/vmselect/README.md b/roles/vmselect/README.md index 1f16b48..4e36a66 100644 --- a/roles/vmselect/README.md +++ b/roles/vmselect/README.md @@ -9,7 +9,10 @@ The following table lists the configurable parameters of the roles and their def | Parameter | Description | Default | |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------| | vmselect_repo_url | Repository to use for download. | `https://github.com/VictoriaMetrics/VictoriaMetrics` | -| vmselect_version | vmselect version | `v1.101.0` | +| vmselect_version | vmselect version | `v1.101.0` | +| vmselect_enterprise | Whether to use enterprise version of binaries. | `false` | +| vmselect_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vmselect_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vmselect_download_url | URL to download archive | `{{ vmselect_repo_url }}/releases/download/{{ vmselect_version }}/vmutils-{{ vmselect_version }}.tar.gz` | | vmselect_system_user | User to run vmselect | `victoriametrics` | | vmselect_system_group | Group for user of vmselect | `{{ vmselect_system_user }}` | diff --git a/roles/vmselect/defaults/main.yml b/roles/vmselect/defaults/main.yml index b7f0b37..b216dfb 100644 --- a/roles/vmselect/defaults/main.yml +++ b/roles/vmselect/defaults/main.yml @@ -1,9 +1,12 @@ --- vmselect_version: "v1.101.0" +vmselect_enterprise: false +vmselect_license_key: "" +vmselect_license_key_file: "" vmselect_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vmselect_platform: "{% if vmselect_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vmselect_download_url: "{{ vmselect_repo_url }}/releases/download/{{ vmselect_version }}/victoria-metrics{{ vmselect_platform }}-{{ go_arch }}-{{ vmselect_version }}-cluster.tar.gz" +vmselect_download_url: "{{ vmselect_repo_url }}/releases/download/{{ vmselect_version }}/victoria-metrics{{ vmselect_platform }}-{{ go_arch }}-{{ vmselect_version }}{%if vmselect_enterprise %}-enterprise{% endif %}-cluster.tar.gz" vmselect_system_user: "victoriametrics" vmselect_system_group: "{{ vmselect_system_user }}" diff --git a/roles/vmselect/molecule/enterprise/converge.yml b/roles/vmselect/molecule/enterprise/converge.yml new file mode 100644 index 0000000..e103291 --- /dev/null +++ b/roles/vmselect/molecule/enterprise/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vmselect" + vars: + vmselect_enterprise: true + vmselect_license_key_file: "/tmp/vm-license" + ansible.builtin.include_role: + name: "vmselect" diff --git a/roles/vmselect/molecule/enterprise/molecule.yml b/roles/vmselect/molecule/enterprise/molecule.yml new file mode 100644 index 0000000..3aaf4fb --- /dev/null +++ b/roles/vmselect/molecule/enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmselect-debian11 + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vmselect/molecule/enterprise/tests/test_default.yml b/roles/vmselect/molecule/enterprise/tests/test_default.yml new file mode 100644 index 0000000..50b89a2 --- /dev/null +++ b/roles/vmselect/molecule/enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vmselect": + enabled: true + running: true diff --git a/roles/vmselect/molecule/enterprise/verify.yml b/roles/vmselect/molecule/enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/roles/vmselect/molecule/enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/roles/vmselect/tasks/main.yml b/roles/vmselect/tasks/main.yml index f9ae994..f1d18cf 100644 --- a/roles/vmselect/tasks/main.yml +++ b/roles/vmselect/tasks/main.yml @@ -1,4 +1,6 @@ --- +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vmselect/tasks/preinstall_license.yml b/roles/vmselect/tasks/preinstall_license.yml new file mode 100644 index 0000000..0d9a297 --- /dev/null +++ b/roles/vmselect/tasks/preinstall_license.yml @@ -0,0 +1,37 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vmselect_license_key != "" or vmselect_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vmselect_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmselect_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vmselect_enterprise | bool + - vmselect_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmselect_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vmselect_enterprise | bool + - vmselect_license_key_file != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmselect_config: "{{ vmselect_config | combine({'license': vmselect_license_key}) }}" + when: + - vmselect_enterprise | bool + - vmselect_license_key != "" + + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmselect_config: "{{ vmselect_config | combine({'licenseFile': vmselect_license_key_file}) }}" + when: + - vmselect_enterprise | bool + - vmselect_license_key_file != "" diff --git a/roles/vmstorage/README.md b/roles/vmstorage/README.md index 3e1613e..aa17338 100644 --- a/roles/vmstorage/README.md +++ b/roles/vmstorage/README.md @@ -8,7 +8,10 @@ The following table lists the configurable parameters of the roles and their def | Parameter | Description | Default | |---------------------------------------|----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------| -| vmstorage_version | vmstorage version | `v1.101.0` | +| vmstorage_version | vmstorage version | `v1.101.0` | +| vmstorage_enterprise | Whether to use enterprise version of binaries. | `false` | +| vmstorage_license_key | License key for VictoriaMetrics enterprise. | `""` | +| vmstorage_license_key_file | License key file for VictoriaMetrics enterprise. | `""` | | vmstorage_repo_url | Repository to use for download. | `https://github.com/VictoriaMetrics/VictoriaMetrics` | | vmstorage_download_url | URL to download archive | `{{ vmstorage_repo_url }}/releases/download/{{ vmstorage_version }}/vmutils-{{ vmstorage_version }}.tar.gz` | | vmstorage_system_user | User to run vmstorage | `victoriametrics` | diff --git a/roles/vmstorage/defaults/main.yml b/roles/vmstorage/defaults/main.yml index 4e6af2f..922a621 100644 --- a/roles/vmstorage/defaults/main.yml +++ b/roles/vmstorage/defaults/main.yml @@ -1,9 +1,12 @@ --- vmstorage_version: "v1.101.0" +vmstorage_enterprise: false +vmstorage_license_key: "" +vmstorage_license_key_file: "" vmstorage_repo_url: "https://github.com/VictoriaMetrics/VictoriaMetrics" vmstorage_platform: "{% if vmstorage_version.replace('v', '') is version('1.79.0', '>=') %}-linux{% endif %}" -vmstorage_download_url: "{{ vmstorage_repo_url }}/releases/download/{{ vmstorage_version }}/victoria-metrics{{ vmstorage_platform }}-{{ go_arch }}-{{ vmstorage_version }}-cluster.tar.gz" +vmstorage_download_url: "{{ vmstorage_repo_url }}/releases/download/{{ vmstorage_version }}/victoria-metrics{{ vmstorage_platform }}-{{ go_arch }}-{{ vmstorage_version }}{%if vmstorage_enterprise %}-enterprise{% endif %}-cluster.tar.gz" vmstorage_system_user: "victoriametrics" vmstorage_system_group: "{{ vmstorage_system_user }}" diff --git a/roles/vmstorage/molecule/enterprise/converge.yml b/roles/vmstorage/molecule/enterprise/converge.yml new file mode 100644 index 0000000..d915779 --- /dev/null +++ b/roles/vmstorage/molecule/enterprise/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge + hosts: all + become: yes + tasks: + - name: "Include vmstorage" + vars: + vmstorage_enterprise: true + vmstorage_license_key_file: "/tmp/vm-license" + ansible.builtin.include_role: + name: "vmstorage" diff --git a/roles/vmstorage/molecule/enterprise/molecule.yml b/roles/vmstorage/molecule/enterprise/molecule.yml new file mode 100644 index 0000000..7f4ebde --- /dev/null +++ b/roles/vmstorage/molecule/enterprise/molecule.yml @@ -0,0 +1,25 @@ +--- +lint: | + yamllint . + ansible-lint . + + +dependency: + name: galaxy +driver: + name: docker + +platforms: + - name: vmstorage-debian11-enterprise + image: "geerlingguy/docker-${MOLECULE_DISTRO:-debian11}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cgroupns_mode: host + privileged: true + pre_build_image: true + +provisioner: + name: ansible +verifier: + name: ansible diff --git a/roles/vmstorage/molecule/enterprise/tests/test_default.yml b/roles/vmstorage/molecule/enterprise/tests/test_default.yml new file mode 100644 index 0000000..43592a3 --- /dev/null +++ b/roles/vmstorage/molecule/enterprise/tests/test_default.yml @@ -0,0 +1,4 @@ +service: + "vmstorage": + enabled: true + running: true diff --git a/roles/vmstorage/molecule/enterprise/verify.yml b/roles/vmstorage/molecule/enterprise/verify.yml new file mode 100644 index 0000000..1a1bce3 --- /dev/null +++ b/roles/vmstorage/molecule/enterprise/verify.yml @@ -0,0 +1,93 @@ +--- +# Molecule Goss Tests + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.10 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 150f25495ca0d1d4fd2ef8d0e750dbd767a15e9a522505f99b61dd1dd40a76d4 + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + ansible.builtin.get_url: + url: "{{ goss_url }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" # noqa: args[module] + mode: "u=rwx,go=rx" + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Create Molecule directory for test files + ansible.builtin.file: + path: "{{ goss_test_directory }}" + state: directory + mode: "0755" + + - name: Find Goss tests on localhost + ansible.builtin.find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: Debug + ansible.builtin.debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + mode: "0644" + with_items: + - "{{ test_files.files }}" + loop_control: + label: "{{ item.path | basename }}" + + - name: Register test files + ansible.builtin.find: + paths: + - "{{ goss_test_directory }}" + patterns: + - "test_*.yml" + register: test_files + + - name: Run verify + when: test_files is succeeded + block: + - name: Execute Goss tests # noqa: no-changed-when + ansible.builtin.command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.files | map(attribute='path') | list }}" + loop_control: + label: "{{ item | basename }}" + failed_when: false + + - name: Display details about the Goss results + ansible.builtin.debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" + + - name: Fail when tests fail + ansible.builtin.fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" + loop_control: + label: "{{ item[item.ansible_loop_var] | basename }}" diff --git a/roles/vmstorage/tasks/main.yml b/roles/vmstorage/tasks/main.yml index f9ae994..f1d18cf 100644 --- a/roles/vmstorage/tasks/main.yml +++ b/roles/vmstorage/tasks/main.yml @@ -1,4 +1,6 @@ --- +- name: License preinstall checks + ansible.builtin.import_tasks: preinstall_license.yml - name: Preinstall checks ansible.builtin.import_tasks: preinstall.yml - name: Install diff --git a/roles/vmstorage/tasks/preinstall_license.yml b/roles/vmstorage/tasks/preinstall_license.yml new file mode 100644 index 0000000..9e260e8 --- /dev/null +++ b/roles/vmstorage/tasks/preinstall_license.yml @@ -0,0 +1,35 @@ +- name: Ensure license key is provided + ansible.builtin.assert: + that: vmstorage_license_key != "" or vmstorage_license_key_file != "" + msg: Either license key or license key file location must be provided. + when: vmstorage_enterprise | bool + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmstorage_license_key_file == "" + msg: Only one of license key or license key file must be provided. + when: + - vmstorage_enterprise | bool + - vmstorage_license_key != "" + +- name: Ensure only one of key or file is provided + ansible.builtin.assert: + that: vmstorage_license_key == "" + msg: Only one of license key or license key file must be provided. + when: + - vmstorage_enterprise | bool + - vmstorage_license_key_file != "" + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmstorage_config: "{{ vmstorage_config | combine({'license': vmstorage_license_key}) }}" + when: + - vmstorage_enterprise | bool + - vmstorage_license_key != "" + +- name: Add license key parameter to service config + ansible.builtin.set_fact: + vmstorage_config: "{{ vmstorage_config | combine({'licenseFile': vmstorage_license_key_file}) }}" + when: + - vmstorage_enterprise | bool + - vmstorage_license_key_file != ""