diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..9d95094 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,34 @@ +--- +language: python +python: "2.7" + +sudo: required +dist: trusty + +addons: + hosts: + - riak-test + +install: + - sudo apt-get install -y software-properties-common python-software-properties + - sudo add-apt-repository -y ppa:ansible/ansible + - sudo apt-get update -y + - sudo apt-get install -y ansible + - echo 'riak-test' | sudo tee -a /etc/ansible/hosts + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - 'printf "[defaults]\nroles_path=../" > ansible.cfg' + +env: + - ANSIBLE_HOST_KEY_CHECKING=False + +script: + - ansible-playbook tests/test.yml -v + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: ZtgcjTxhTxrzWW6MIHLRtucW/BMm42RKS3nGRtSfgER9rx7oJ0Y9gOYkh1FM0GsM7Z11Q/iDhWs/8WTccAV0PrMZ6KHaq54wGmfYyqwPM4YreUwQ87PnOW4wZbl0TJTeWutasEwZvnVJ8VEyyQcS2PHt0zlsENn0XWvobvaZ+FM= diff --git a/README.md b/README.md index ee7b171..7554c98 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Ansible Role for Riak KV +# Ansible Role for Riak KV & TS -**Ansible Riak** is an Ansible role designed to install & configure Riak KV. In combination with Ansible hosts, it can be used to configure a single node or an [entire cluster](#building-a-cluster). +**Ansible Riak** is an Ansible role designed to install & configure Riak KV & TS. In combination with Ansible hosts, it can be used to configure a single node or an [entire cluster](#building-a-cluster). 1. [Installation](#installation) 1. [Documentation](#documentation) @@ -14,7 +14,7 @@ ### Dependencies -* Ansible 1.6+ +* Ansible 2.0+ ### Ansible Galaxy Install @@ -64,6 +64,21 @@ There are two different ways to override the default template: Internally, we have a [vagrant-ansible package](basho-labs/riak-clients-vagrant) that some of us use to test our client libs. In this package, we [created a role](https://github.com/basho-labs/riak-clients-vagrant/tree/master/provisioning/roles/integration_testing) that sets up the environment needed for our library tests and declares [this role as a dependency](https://github.com/basho-labs/riak-clients-vagrant/blob/master/provisioning/roles/integration_testing/meta/main.yml). +#### Installing Riak TS + +```yaml +--- +- hosts: riakts + sudo: true + roles: + - { role: ansible-riak } + vars: + riak_package: 'riak-ts' + riak_backend: leveldb + riak_node_name: "riak@{{ ansible_default_ipv4['address'] }}" + riak_shell_group: 'riak-ts' +``` + #### Building a Cluster To [build a cluster](http://docs.basho.com/riak/latest/ops/building/basic-cluster-setup/), you need to command your Riak node to [join the cluster](http://docs.basho.com/riak/latest/ops/running/cluster-admin/#join) by providing it the ring leader. With this role, there are two ways you can do this. Via the [command module](http://docs.ansible.com/ansible/command_module.html) and cli tool riak-admin or via the [Ansible Riak module](http://docs.ansible.com/ansible/riak_module.html). diff --git a/defaults/main.yml b/defaults/main.yml index 63a8c5b..042dab7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,7 +7,6 @@ riak_package: riak riak_enterprise: false -riak_usr_lib: /usr/lib riak_admin: '/usr/sbin/riak-admin' @@ -15,18 +14,19 @@ riak_conf_template: riak.conf.j2 riak_node_name: 'riak@{{ ansible_fqdn }}' -riak_ring_size: 64 - -riak_backend: bitcask - riak_pb_bind_ip: 0.0.0.0 riak_pb_port: 8087 riak_http_bind_ip: 0.0.0.0 riak_http_port: 8098 -riak_control: "off" -riak_search: "off" +riak_https_bind_ip: 0.0.0.0 +riak_https_port: 10011 + +riak_ring_size: 64 +riak_backend: bitcask +riak_control: 'off' +riak_search: 'off' riak_leveldb_max_mem_percent: 70 @@ -34,6 +34,8 @@ riak_net_speed: 1Gb riak_anti_entropy: active +riak_security_enabled: false + # riak_shell configuration riak_shell_group: 'riak' riak_shell_interface: 'ansible_eth0' @@ -62,6 +64,11 @@ riak_scheduler: noop # - { name: maps, props: '{"props":{"datatype":"map"}}' } # - { name: sets, props: '{"props":{"datatype":"set"}}' } +# Create groups +# +#riak_groups: +# - admins +# - keysusers # Create users # @@ -81,5 +88,6 @@ riak_scheduler: noop # Create permission grants # #riak_grants: -# - {subject: 'user', bucket_type: 'certificate', bucket: '', permissions: ''} -# - {subject: 'group', bucket_type: 'password', bucket: '', permissions: ''} +# - {subject: 'all', scope: 'any', permissions: ''} +# - {subject: 'user', scope: 'mybuckettype', permissions: ''} +# - {subject: 'group', scope: 'mybuckettype mybucket', permissions: ''} diff --git a/meta/main.yml b/meta/main.yml index ff35ca9..7e3de16 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,112 +1,30 @@ --- galaxy_info: - author: James Martin - description: "Installs and configures Riak, a distributed, highly available NoSQL database." + author: Christopher Mancini + description: "Installs and configures Riak KV and TS, a distributed, highly available NoSQL and TimeSeries database." company: Basho license: Apache - min_ansible_version: 1.4 - # - # Below are all platforms currently available. Just uncomment - # the ones that apply to your role. If you don't see your - # platform on this list, let us know and we'll get it added! - # + min_ansible_version: 2.1 platforms: - name: EL versions: - # - all - 6 - 7 - #- name: GenericUNIX - # versions: - # - all - # - any - #- name: Fedora - # versions: - # - all - # - 16 - # - 17 - # - 18 - # - 19 - # - 20 - #- name: opensuse - # versions: - # - all - # - 12.1 - # - 12.2 - # - 12.3 - # - 13.1 - # - 13.2 - #- name: GenericBSD - # versions: - # - all - # - any - #- name: FreeBSD - # versions: - # - all - # - 8.0 - # - 8.1 - # - 8.2 - # - 8.3 - # - 8.4 - # - 9.0 - # - 9.1 - # - 9.1 - # - 9.2 - name: Ubuntu versions: - # - all - # - lucid - # - maverick - # - natty - # - oneiric - precise - # - quantal - # - raring - # - saucy - trusty - # - utopic - # - vivid - #- name: SLES - # versions: - # - all - # - 10SP3 - # - 10SP4 - # - 11 - # - 11SP1 - # - 11SP2 - # - 11SP3 - #- name: GenericLinux - # versions: - # - all - # - any + - wily + - xenial - name: Debian versions: - # - all - # - etch - # - lenny - # - squeeze - wheezy - # - # Below are all categories currently available. Just as with - # the platforms above, uncomment those that apply to your role. - # - categories: - #- cloud - #- cloud:ec2 - #- cloud:gce - #- cloud:rax + - jessie + galaxy_tags: - database - - database:nosql - #- database:sql - #- development - #- monitoring - #- networking - #- packaging - #- system - #- web + - nosql + - web + - basho + - timeseries + - riak dependencies: [] - # List your role dependencies here, one per line. Only - # dependencies available via galaxy should be listed here. - # Be sure to remove the '[]' above if you add dependencies - # to this list. - diff --git a/tasks/Debian.yml b/tasks/Debian.yml index d677c25..e5c0068 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,36 +1,38 @@ --- -- name: Include DEB vars - include_vars: Debian.yml - tags: Debian - - name: Install Pre-requisites package: name={{ item }} state=present update_cache=yes cache_valid_time=3600 tags: Debian with_items: - curl - apt-transport-https - - openjdk-7-jre + - default-jre -- name: Fetch ansible ansible_version - local_action: shell ansible --version - register: ans_ver +- name: Check if Riak is installed + stat: path=/etc/riak/riak.conf + register: dist - name: Add Package Cloud repository key without validation apt_key: url=https://packagecloud.io/gpg.key state=present validate_certs=no tags: Debian - when: ans_ver.stdout.find(' 1.5.') > 0 - -- name: Add Package Cloud repository key with validation - apt_key: url=https://packagecloud.io/gpg.key state=present - tags: Debian - when: ans_ver.stdout.find(' 1.5.') < 0 + when: + - not dist.stat.exists - name: Add Basho Riak repository (hosted at Package Cloud) template: src=deb_repo.list.j2 dest=/etc/apt/sources.list.d/basho_riak.list owner=root group=root mode=0644 + when: + - not dist.stat.exists + +- name: Install Riak for Debian + package: "name={{ riak_package }} state=present update_cache=yes" + tags: Debian + when: "'deb' not in riak_package" - name: Install Riak for Debian - package: name={{ riak_package }} state=present update_cache=yes + apt: "deb={{ riak_package }}" tags: Debian + when: + - "'deb' in riak_package" + - not dist.stat.exists - name: Set the riak ulimit for Debian copy: src=etc_default_riak_ulimit dest=/etc/default/riak owner=riak group=riak diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index c6f3326..f8ad16c 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,8 +1,4 @@ --- -- name: Include RHEL vars - include_vars: RedHat.yml - tags: RedHat - - name: "Install Java & libselinux-python" package: "name={{ item }} state=present" tags: RedHat @@ -20,7 +16,8 @@ - name: Install package cloud repo if Riak is not already installed command: '/tmp/packagecloud_rpm.sh' tags: RedHat - when: not dist.stat.exists + when: + - not dist.stat.exists - name: Install Riak for RedHat package: "name={{ riak_package }} state=present" diff --git a/tasks/buckets.yml b/tasks/buckets.yml index e3036a3..d2fcef0 100644 --- a/tasks/buckets.yml +++ b/tasks/buckets.yml @@ -13,3 +13,4 @@ command: '{{ riak_admin }} bucket-type activate {{ item.name }}' with_items: '{{ riak_bucket_types }}' when: riak_bucket_types is defined and types.stdout.find(item.name + " (active)") < 0 + ignore_errors: true diff --git a/tasks/main.yml b/tasks/main.yml index 47f71c2..e9819b0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -30,34 +30,15 @@ template: src=etc_sysctl.d_riak.conf.j2 dest=/etc/sysctl.d/riak.conf owner=root group=root mode=0644 - name: copy custom beams - synchronize: src={{ riak_custom_beams_dir }} dest={{ riak_patch_dir }} + synchronize: "src={{ riak_custom_beams_dir }} dest={{ riak_patch_dir }}" when: riak_custom_beams_dir is defined -- name: Check if this is first pass - stat: path=/etc/riak/riak.conf.dist - register: dist - -- name: Check if this is first pass - stat: path=/etc/riak/riak_shell.config.dist - register: distts - when: riak_package == "riak-ts" - -- name: preserve distribution copy of riak.conf if not already done - command: "cp -i /etc/riak/riak.conf /etc/riak/riak.conf.dist" - tags: configfiles - when: not dist.stat.exists - -- name: preserve distribution copy of riak_shell.config if not already done - command: "cp -i /etc/riak/riak_shell.config /etc/riak/riak_shell.config.dist" - tags: configfiles - when: riak_package == "riak-ts" and not distts.stat.exists - - name: install riak.conf with templated configuration - template: src={{ riak_conf_template }} dest=/etc/riak/riak.conf owner=root group=root mode=0444 + template: "src={{ riak_conf_template }} dest=/etc/riak/riak.conf owner=root group=root mode=0444 backup=yes" notify: restart riak - name: install riak_shell.config with templated configuration - template: src={{ riak_shell_conf_template }} dest=/etc/riak/riak_shell.config owner=root group=root mode=0444 + template: "src={{ riak_shell_conf_template }} dest=/etc/riak/riak_shell.config owner=root group=root mode=0444" when: riak_package == "riak-ts" and riak_shell_nodes is defined notify: restart riak @@ -65,7 +46,7 @@ service: name=riak enabled=yes state=started - name: Wait for Riak to start up before continuing - wait_for: delay=5 timeout=30 host={{ riak_pb_bind_ip }} port={{ riak_pb_port }} state=started + wait_for: "delay=5 timeout=30 host={{ riak_pb_bind_ip }} port={{ riak_pb_port }} state=started" - name: Bucket operations include: buckets.yml diff --git a/tasks/security.yml b/tasks/security.yml index 40d1733..a54856f 100644 --- a/tasks/security.yml +++ b/tasks/security.yml @@ -1,8 +1,22 @@ --- +- name: Enable Security + command: '{{ riak_admin }} security enable' + when: riak_security_enabled + +- name: Create Groups + command: '{{ riak_admin }} security add-group {{ item }}' + with_items: '{{ riak_groups }}' + when: riak_groups is defined + +- name: Create users + command: '{{ riak_admin }} security add-user {{ item.user }} password={{ item.password }} groups={{ item.groups }}' + with_items: "{{ riak_users }}" + when: (riak_users is defined) and (riak_groups is defined) + - name: Create users command: '{{ riak_admin }} security add-user {{ item.user }} password={{ item.password }}' - with_items: '{{ riak_users }}' - when: riak_users is defined + with_items: "{{ riak_users }}" + when: (riak_users is defined) and (riak_groups is not defined) - name: Create security sources command: '{{ riak_admin }} security add-source {{ item.user }} {{ item.cidr }} {{ item.type }}' @@ -10,6 +24,6 @@ when: riak_sources is defined - name: Set security permissions - command: '{{ riak_admin }} security grant {{ item.permissions }} on {{ item.container }} to {{ item.subject }}' + command: '{{ riak_admin }} security grant {{ item.permissions }} on {{ item.scope }} to {{ item.subject }}' with_items: '{{ riak_grants }}' when: riak_grants is defined diff --git a/templates/packagecloud_rpm.sh.j2 b/templates/packagecloud_rpm.sh.j2 index f6fef63..26b1c92 100644 --- a/templates/packagecloud_rpm.sh.j2 +++ b/templates/packagecloud_rpm.sh.j2 @@ -89,9 +89,9 @@ main () curl_check - yum_repo_config_url="https://packagecloud.io/install/repositories/basho/{{ riak_package }}/config_file.repo?os=${os}&dist=${dist}&source=script" + yum_repo_config_url="https://packagecloud.io/install/repositories/basho/{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}/config_file.repo?os=${os}&dist=${dist}&source=script" - yum_repo_path=/etc/yum.repos.d/basho_{{ riak_package }}.repo + yum_repo_path=/etc/yum.repos.d/basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}.repo echo "Downloading repository file: ${yum_repo_config_url}" @@ -141,7 +141,7 @@ main () fi echo "Installing pygpgme to verify GPG signatures..." - yum install -y pygpgme --disablerepo='basho_{{ riak_package }}' + yum install -y pygpgme --disablerepo='basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}' pypgpme_check=`rpm -qa | grep -qw pygpgme` if [ "$?" != "0" ]; then echo @@ -152,11 +152,11 @@ main () echo # set the repo_gpgcheck option to 0 - sed -i'' 's/repo_gpgcheck=1/repo_gpgcheck=0/' /etc/yum.repos.d/basho_{{ riak_package }}.repo + sed -i'' 's/repo_gpgcheck=1/repo_gpgcheck=0/' /etc/yum.repos.d/basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}.repo fi echo "Installing yum-utils..." - yum install -y yum-utils --disablerepo='basho_{{ riak_package }}' + yum install -y yum-utils --disablerepo='basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}' yum_utils_check=`rpm -qa | grep -qw yum-utils` if [ "$?" != "0" ]; then echo @@ -165,11 +165,11 @@ main () echo fi - echo "Generating yum cache for basho_{{ riak_package }}..." - yum -q makecache -y --disablerepo='*' --enablerepo='basho_{{ riak_package }}' + echo "Generating yum cache for basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}..." + yum -q makecache -y --disablerepo='*' --enablerepo='basho_{% if 'riak-ts' in riak_package %}riak-ts{% else %}riak{% endif %}' echo echo "The repository is setup! You can now install packages." } -main +main \ No newline at end of file diff --git a/templates/riak.conf.j2 b/templates/riak.conf.j2 index d54b910..b234825 100644 --- a/templates/riak.conf.j2 +++ b/templates/riak.conf.j2 @@ -313,7 +313,7 @@ listener.protobuf.internal = {{ riak_pb_bind_ip }}:{{ riak_pb_port }} ## ## Acceptable values: ## - an IP/port pair, e.g. 127.0.0.1:10011 -## listener.https.internal = 127.0.0.1:8098 +{% if not riak_security_enabled %}#{% endif %}listener.https.internal = {{ riak_https_bind_ip }}:{{ riak_https_port }} ## How Riak will repair out-of-sync keys. Some features require ## this to be set to 'active', including search. @@ -501,4 +501,3 @@ search.solr.jmx_port = 8985 ## Acceptable values: ## - text search.solr.jvm_options = -d64 -Xms1g -Xmx1g -XX:+UseStringCache -XX:+UseCompressedOops - diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..c8f9701 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,36 @@ +--- +- hosts: riak-test + connection: local + become: yes + become_method: sudo + roles: + - ansible-riak + vars: + riak_node_name: "riak@127.0.0.1" + riak_pb_bind_ip: 127.0.0.1 + riak_pb_port: 8087 + riak_http_bind_ip: 127.0.0.1 + riak_http_port: 8098 + + riak_bucket_types: + - { name: counters, props: '{"props":{"datatype":"counter"}}' } + - { name: maps, props: '{"props":{"datatype":"map"}}' } + - { name: sets, props: '{"props":{"datatype":"set"}}' } + + riak_users: + - {user: 'riakuser', password: '', cert: '', groups: ''} + - {user: 'riakpass', password: 'Test1234', cert: '', groups: ''} + - {user: 'riakadmin', password: '', cert: '', groups: 'admins'} + - {user: 'riakdeveloper', password: '', cert: '', groups: 'developers'} + + riak_groups: + - admins + - developers + + riak_sources: + - {user: 'riakuser', type: 'certificate', cidr: '0.0.0.0/0'} + - {user: 'riakpass', type: 'password', cidr: '0.0.0.0/0'} + + riak_grants: + - {subject: 'riakuser', scope: 'any', permissions: 'riak_kv.get,riak_kv.put'} + - {subject: 'riakpass', scope: 'any', permissions: 'riak_kv.get,riak_kv.put'} diff --git a/vars/Debian.yml b/vars/Debian.yml deleted file mode 100644 index f9003a6..0000000 --- a/vars/Debian.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -riak_usr_lib: /usr/lib diff --git a/vars/RedHat.yml b/vars/RedHat.yml deleted file mode 100644 index 366c081..0000000 --- a/vars/RedHat.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -riak_usr_lib: /usr/lib64 \ No newline at end of file diff --git a/version.txt b/version.txt deleted file mode 100644 index 0dee73b..0000000 --- a/version.txt +++ /dev/null @@ -1 +0,0 @@ -v2.0.0RC