fix: improve script resilience

projectpotos · May 4, 2023 · 4b86f47 · 4b86f47
1 parent ad931ec
commit 4b86f47
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 33 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -2,6 +2,7 @@
 potos_basics_client_name: "{{ potos_plays_client_short_name | default('potos') }}"
 
 potos_basics_ansible_workdir: "/var/lib/{{ potos_basics_client_name | lower }}/ansible"
+potos_basics_ansible_virtenvdir: "/var/lib/{{ potos_basics_client_name | lower }}/virtenv"
 potos_basics_ansible_logdir: "/var/log/{{ potos_basics_client_name | lower }}"
 potos_basics_playbook_version: 'main'
 
@@ -21,3 +22,5 @@ potos_basics_on_error_additional_lines:
 
 potos_basics_enable_reboot_reminder: true
 potos_basics_reboot_reminder_days: 10
+
+potos_basics_packages_enforce_latest: false
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -4,9 +4,4 @@
   hosts: all
   gather_facts: true
 
-  tasks:
-    # Update the apt cache as it's potentialy outdated in the container
-    - name: update apt
-      ansible.builtin.shell:  # noqa: command-instead-of-module
-        cmd: 'apt-get update && apt-get upgrade -y'
-      when: ansible_distribution == 'Ubuntu'
+  tasks: []
diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,11 @@
-
 # At least Ansible 2.12 is needed due to used features like 'argument_specs'
 ansible>=2.12
 
-# Required for testing
-ansible-lint[yamllint]
-molecule[docker, lint]
+## ansible/yaml lint
+ansible-lint~=6.15.0
+yamllint~=1.31.0
+
+## molecule tests
+molecule~=5.0.0
+molecule-plugins~=23.4.1
+docker~=6.0.1
diff --git a/tasks/ansible-env.yml b/tasks/ansible-env.yml
@@ -1,18 +1,20 @@
 ---
-- name: Install python and pip
-  ansible.builtin.package:
-    name: "{{ item }}"
-  loop:
-    - "python3"
-    - "python3-pip"
 
 - name: Install virtualenv
   ansible.builtin.pip:
     name: "virtualenv"
 
+- name: create local virtualenv dir
+  ansible.builtin.file:
+    path: '{{ potos_basics_ansible_virtenvdir }}'
+    owner: root
+    group: root
+    mode: 0750
+    state: directory
+
 - name: Install Python env
   ansible.builtin.pip:
     name: "{{ item }}"
-    virtualenv: "{{ potos_basics_ansible_workdir }}"
+    virtualenv: "{{ potos_basics_ansible_virtenvdir }}"
   loop:
     - "ansible-core=={{ potos_basics_ansible_version }}"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -7,9 +7,8 @@
 
 - name: install generally required packages
   ansible.builtin.package:
-    name: '{{ item }}'
-    state: present
-  loop: '{{ potos_basics_packages }}'
+    name: "{{ potos_basics_packages | join(' ') }}"
+    state: "{{ potos_basics_packages_enforce_latest | ternary('latest', 'present') }}"
 
 - name: create local work dir
   ansible.builtin.file:
@@ -33,10 +32,14 @@
     mode: 0750
     state: directory
 
+- name: get hostname
+  shell: hostname -f
+  register: potos_basics_hostname
+
 - name: create ansible inventory
   ansible.builtin.copy:
     dest: "{{ potos_basics_ansible_inventory }}"
-    content: "localhost ansible_connection=local"
+    content: "{{ potos_basics_hostname }} ansible_connection=local"
     force: false
     owner: root
     group: root
@@ -55,3 +58,6 @@
 
 - name: ansible ansible-pull
   ansible.builtin.include_tasks: ansible-pull.yml
+
+- name: legacy cleanup
+  ansible.builtin.include_tasks: legacy-cleanup.yml
diff --git a/templates/usr/bin/potos-ansible-pull.j2 → ...lates/usr/local/bin/potos-ansible-pull.j2 b/templates/usr/bin/potos-ansible-pull.j2 → ...lates/usr/local/bin/potos-ansible-pull.j2
@@ -106,37 +106,62 @@ if ! $VERBOSE; then
 fi
 {% endif %}
 
+# Check if tools exists
+function CheckToolAvailable {}
+  if [ ! -x $1 ]; then
+    echo "Required tool '{$1}' not available!"; exit 1;
+  fi
+}
+CheckToolAvailable /usr/bin/awk
+CheckToolAvailable /usr/bin/bc
+CheckToolAvailable /usr/bin/date
+CheckToolAvailable /usr/bin/echo
+CheckToolAvailable /usr/bin/flock
+CheckToolAvailable /usr/bin/git
+CheckToolAvailable /usr/bin/grep
+CheckToolAvailable /usr/bin/mkdir
+CheckToolAvailable /usr/bin/notify-send
+CheckToolAvailable /usr/bin/rm
+CheckToolAvailable /usr/bin/sed
+CheckToolAvailable /usr/bin/tail
+CheckToolAvailable /usr/bin/test
+CheckToolAvailable /usr/bin/touch
+CheckToolAvailable /usr/bin/tr
+CheckToolAvailable /usr/bin/uptime
+CheckToolAvailable /usr/bin/virtualenv
+CheckToolAvailable /usr/bin/wall
+
 # Check if virtualenv directory exists
-[ -d '{{ potos_basics_ansible_virtenvdir }}' ] || /usr/bin/mkdir -p {{ potos_basics_ansible_virtenvdir }}
+[ -d '{{ potos_basics_ansible_virtenvdir }}' ] || /usr/bin/mkdir -p {{ potos_basics_ansible_virtenvdir }} || die "Couldn't create VirtualEnv directory"
 
 # Clear and create working directory
-/usr/bin/rm -rf {{ potos_basics_ansible_workdir }}
-/usr/bin/mkdir -p {{ potos_basics_ansible_workdir }}
+/usr/bin/rm -rf {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
+/usr/bin/mkdir -p {{ potos_basics_ansible_workdir }} || die "Couldn't create Ansible work directory"
 
 # Get latest playbook of given version
 /usr/bin/git clone \
     --depth 1 --single-branch \
     -b {{ potos_basics_playbook_version }} \
     https://github.com/projectpotos/ansible-plays-potos.git \
-    {{ potos_basics_ansible_workdir }} 2>&1
+    {{ potos_basics_ansible_workdir }} 2>&1 || die "Failed to checkout playbook repository"
 
 # Adjust ansible config with client
 /usr/bin/sed 's|/var/log/potos|{{ potos_basics_ansible_logdir }}|' {{ potos_basics_ansible_workdir }}/ansible.cfg
 
 # Run Ansible with custom ansible.cfg, use flock to prevent concurrent runs
 ANSIBLE_CONFIG={{ potos_basics_ansible_workdir }}/ansible.cfg
-/usr/bin/mkdir -p /var/lock
-if [ ! -s /var/lock/{{ potos_basics_client_name | lower }}.lock ]; then
-  /usr/bin/touch /var/lock/{{ potos_basics_client_name | lower }}.lock
+/usr/bin/mkdir -p /var/lock || die "Failed create lock directory"
+if [ ! -f /var/lock/{{ potos_basics_client_name | lower }}.lock ]; then
+  /usr/bin/touch /var/lock/{{ potos_basics_client_name | lower }}.lock || die "Failed create lock file"
 fi
 
 exec {flockfd}</var/lock/{{ potos_basics_client_name | lower }}.lock
-/usr/bin/flock -x "$flockfd"
+/usr/bin/flock -x "$flockfd" || die "Failed to aquire lock"
 
 # Create virtualenv if not exists
-/usr/bin/virtualenv {{ potos_basics_ansible_virtenvdir }}
-source  {{ potos_basics_ansible_virtenvdir }}/bin/activate
-pip3 install ansible-core=={{ potos_basics_ansible_version }}
+/usr/bin/virtualenv {{ potos_basics_ansible_virtenvdir }} || die "Failed create virtualenv"
+source  {{ potos_basics_ansible_virtenvdir }}/bin/activate  || die "Failed activate virtualenv"
+pip3 install ansible-core=={{ potos_basics_ansible_version }} || die "Failed install ansible-core in virtualenv"
 
 ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} prepare.yml -e "{{ potos_basics_ansible_runtype_var_name }}=$RUN_TYPE"
 ansible-playbook {% if potos_basics_ansible_vault_key_check.stat.exists %}--vault-password-file=/etc/potos/ansible_vault_key {% endif %}-i {{ potos_basics_ansible_inventory }} playbook.yml -e "{{ potos_basics_ansible_runtype_var_name }}=$RUN_TYPE"

diff --git a/vars/main.yml b/vars/main.yml
@@ -2,7 +2,16 @@
 
 # basic packages to be installed on all potos clients
 potos_basics_packages:
- - git
+ - "git"                 # git
+ - "bc"                  # bc
+ - "util-linux"          # flock
+ - "libnotify-bin"       # notify-send
+ - "coreutils"           # tail, tr
+ - "procps"              # uptime
+ - "python3"             # python 3
+ - "python3-pip"         # pip for python3
+ - "python3-virtualenv"  # virtualenv for python3
+ - "bsdutils"            # wall
 
 # Ansible version to be used
 potos_basics_ansible_version: "2.12.3"