x/browbeat
Code Issues Proposed changes
browbeat/ansible/install/roles/graphite/tasks/main.yml
jkilpatr 7e7c6230cb Refactor EPEL into a role 
Fixes bug 1605228, where if the user installs epel-relase from the Centos7 default
packages rather than from the latest rpm online packages the latest epel-release
from the rpm installs on top of it but does not provide newer packages.

But that's not what you care about, the big change that comes with this bugfix is a
refactoring of every playbook that uses EPEL to all call a single role which both
installs epel and setups a handler to cleanup epel when the set of roles is done.

This unifies and cleans up what was previously two ways of installing EPEL, two
ways of disabling it all duplicating across more than half a dozen roles. Some of
of which used the epel_rpm variable some of which did not. The resulting combined
role still uses the rpm command and as such inherits some hackiness in an effort
to keep everything working as it was before just with better organization.

This has been tested with very playbook modified here against my own cloud. Don't
consider this final since trying to install every single one of these to a single
virtual undercloud generated lots of other problems, but none of them failed on EPEL
or package related issues.

Change-Id: Ic592a97875a9ec783519f618260713277589c83e
2016-07-21 15:58:37 -04:00

163 lines
4.5 KiB
YAML
Raw Blame History

---
#
# Install/run graphite-web for browbeat
#
- name: Install graphite rpms
yum: name={{ item }} state=present
become: true
with_items:
- graphite-web
- python-carbon
- expect
- name: Check for graphite.db sqlite
shell: ls /var/lib/graphite-web/graphite.db
ignore_errors: true
register: graphite_db_installed
- name: Copy setup-graphite-db.exp
copy:
src=setup-graphite-db.exp
dest=/root/setup-graphite-db.exp
owner=root
group=root
mode=0755
become: true
- name: Create initial graphite db
shell: /root/setup-graphite-db.exp {{ graphite_username }} {{ graphite_password }} && chown apache:apache /var/lib/graphite-web/graphite.db
become: true
when: graphite_db_installed.rc != 0
register: apache_needs_restart
- name: Setup httpd graphite-web config
template:
src=graphite-web.conf.j2
dest=/etc/httpd/conf.d/graphite-web.conf
owner=root
group=root
mode=0644
become: true
register: apache_needs_restart
### begin firewall ###
# we need TCP/80 open
# determine firewall status and take action
# 1) use firewall-cmd if firewalld is utilized
# 2) insert iptables rule if iptables is used
# Firewalld
- name: (graphite-web) Determine if firewalld is in use
shell: systemctl is-enabled firewalld.service | egrep -qv 'masked|disabled'
ignore_errors: true
register: firewalld_in_use
no_log: true
- name: (graphite-web) Determine if firewalld is active
shell: systemctl is-active firewalld.service | grep -vq inactive
ignore_errors: true
register: firewalld_is_active
no_log: true
- name: (graphite-web) Determine if TCP/{{graphite_port}} is already active
shell: firewall-cmd --list-ports | egrep -q "^{{graphite_port}}/tcp"
ignore_errors: true
register: firewalld_tcp{{graphite_port}}_exists
no_log: true
# add firewall rule via firewall-cmd
- name: (graphite-web) Add firewall rule for TCP/{{graphite_port}} (firewalld)
command: "{{ item }}"
with_items:
- firewall-cmd --zone=public --add-port={{graphite_port}}/tcp --permanent
- firewall-cmd --reload
ignore_errors: true
become: true
when: firewalld_in_use.rc == 0 and firewalld_is_active.rc == 0 and firewalld_tcp{{graphite_port}}_exists.rc != 0
# iptables-services
- name: (graphite-web) check firewall rules for TCP/{{graphite_port}} (iptables-services)
shell: grep "dport {{graphite_port}} \-j ACCEPT" /etc/sysconfig/iptables | wc -l
ignore_errors: true
register: iptables_tcp80_exists
failed_when: iptables_tcp{{graphite_port}}_exists == 127
no_log: true
- name: (graphite-web) Add firewall rule for TCP/{{graphite_port}} (iptables-services)
lineinfile:
dest: /etc/sysconfig/iptables
line: '-A INPUT -p tcp -m tcp --dport {{graphite_port}} -j ACCEPT'
regexp: '^INPUT -i lo -j ACCEPT'
insertbefore: '-A INPUT -i lo -j ACCEPT'
backup: yes
when: firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0 and iptables_tcp80_exists.stdout|int == 0
register: iptables_needs_restart
- name: (graphite-web) Restart iptables-services for TCP/{{graphite_port}} (iptables-services)
shell: systemctl restart iptables.service
ignore_errors: true
when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0
### end firewall ###
# Start graphite-web service
- name: Setup httpd service
service: name=httpd state=started enabled=true
become: true
# remove silly welcome from apache (if it exists)
- name: Remove httpd welcome config
become: true
file: path=/etc/httpd/conf.d/welcome.conf state=absent
register: apache_needs_restart
- name: Bounce Apache
service: name=httpd state=restarted enabled=true
become: true
when: apache_needs_restart.changed
#
# setup the python-carbon service
#
- name: Setup carbon-cache service
service: name=carbon-cache state=started enabled=true
become: true
- name: copy carbon storage schema config
copy:
src=storage-schemas.conf
dest=/etc/carbon/storage-schemas.conf
owner=root
group=root
mode=0644
become: true
register: carbon_cache_needs_restart
- name: copy carbon storage aggregation config
copy:
src=storage-aggregation.conf
dest=/etc/carbon/storage-aggregation.conf
owner=root
group=root
mode=0644
become: true
register: carbon_cache_needs_restart
- name: copy carbon config
copy:
src=carbon.conf
dest=/etc/carbon/carbon.conf
owner=root
group=root
mode=0644
become: true
register: carbon_cache_needs_restart
- name: bounce carbon cache
service: name=carbon-cache state=restarted enabled=true
become: true
when: carbon_cache_needs_restart.changed
View Git Blame Copy Permalink