Merge remote-tracking branch 'upstream/master'

* upstream/master: Remove deprecated molecule/centos-stream-8 Fix rolling restart by waiting for consul leave and after restart Update molecule.yml --- (ansible-collections#597) Bump idna from 3.3 to 3.7 in the pip group across 1 directory (ansible-collections#596) Fix CI badge in README (ansible-collections#595) Fix ubuntu 22.04 molecule test to actually run on 22.04 (ansible-collections#594) feat: Configuration validation. fix ansible-collections#518 (ansible-collections#592) Fix error when creating gossip key (ansible-collections#558) adding become to service restarts (ansible-collections#571) Bump the pip group across 1 directories with 1 update (ansible-collections#590)
car-info · Jun 10, 2024 · 053901c · 053901c
2 parents 47b2fae + 7c907e3
commit 053901c
Show file tree

Hide file tree

Showing 21 changed files with 65 additions and 42 deletions.
diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -16,7 +16,6 @@ jobs:
         scenario:
           - almalinux-8
           - almalinux-9
-          - centos-stream-8
           - centos-stream-9
           - debian-10
           - debian-11

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Consul
 
-![Molecule](https://github.com/ansible-collections/ansible-consul/workflows/Molecule/badge.svg?branch=master&event=pull_request)
+[![Molecule](https://github.com/ansible-collections/ansible-consul/workflows/Molecule/badge.svg?branch=master)](https://github.com/ansible-collections/ansible-consul/actions?query=branch%3Amaster)
 [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/ansible-collections/ansible-consul.svg)](http://isitmaintained.com/project/ansible-collections/ansible-consul "Average time to resolve an issue")
 [![Percentage of issues still open](http://isitmaintained.com/badge/open/ansible-collections/ansible-consul.svg)](http://isitmaintained.com/project/ansible-collections/ansible-consul "Percentage of issues still open")
 
@@ -839,8 +839,8 @@ _Consul Enterprise Only (requires that CONSUL_ENTERPRISE is set to true)_
  - Restarts consul node one by one to avoid service interruption on existing cluster (Unix platforms only).
  - Default value: *false*
 
-### `consul_rolling_restart_delay_sec`
- - Adds a delay between node restart (Linux platforms only).
+ ### `consul_rolling_restart_delay_sec`
+ - Adds a delay between consul leave and node restart (Linux platforms only).
  - Default value: 5
 
 #### Custom Configuration Section

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -50,6 +50,7 @@ consul_log_path: "{{ lookup('env', 'CONSUL_LOG_PATH') | default('/var/log/consul
 consul_log_file: "{{ lookup('env', 'CONSUL_LOG_FILE') | default('consul.log', true) }}"
 consul_run_path: /run/consul
 consul_binary: "{{ consul_bin_path }}/consul"
+consul_pid_file: "{{ consul_run_path }}/consul.pid"
 
 ### System user and group
 consul_manage_user: true

diff --git a/handlers/reload_consul_conf.yml b/handlers/reload_consul_conf.yml
@@ -3,6 +3,6 @@
 # Cannot use `consul reload` because it requires the HTTP API to be bound to a non-loopback interface
 
 - name: Reload consul configuration on unix # noqa no-changed-when
-  ansible.builtin.command: pkill --pidfile "{{ consul_run_path }}/consul.pid" --signal SIGHUP
+  ansible.builtin.command: pkill --pidfile "{{ consul_pid_file }}" --signal SIGHUP
   when: ansible_os_family != "Windows"
   listen: reload consul configuration
diff --git a/handlers/restart_consul.yml b/handlers/restart_consul.yml
@@ -7,6 +7,7 @@
   listen: reload systemd daemon
 
 - name: Restart consul on Unix
+  become: true
   ansible.builtin.service:
     name: "{{ consul_systemd_service_name }}"
     state: restarted

diff --git a/handlers/restart_rsyslog.yml b/handlers/restart_rsyslog.yml
@@ -1,5 +1,6 @@
 ---
 - name: Restart rsyslog
+  become: true
   ansible.builtin.service:
     name: rsyslog
     state: restarted

diff --git a/handlers/restart_syslogng.yml b/handlers/restart_syslogng.yml
@@ -1,5 +1,6 @@
 ---
 - name: Restart syslog-ng
+  become: true
   ansible.builtin.service:
     name: syslog-ng
     state: restarted

diff --git a/handlers/start_consul.yml b/handlers/start_consul.yml
@@ -1,5 +1,6 @@
 ---
 - name: Start consul on Unix
+  become: true
   ansible.builtin.service:
     name: "{{ consul_systemd_service_name }}"
     state: started

diff --git a/handlers/start_snapshot.yml b/handlers/start_snapshot.yml
@@ -1,5 +1,6 @@
 ---
 - name: Start consul snapshot on Unix
+  become: true
   ansible.builtin.service:
     name: consul_snapshot
     state: started

diff --git a/molecule/_shared/Dockerfile.j2 b/molecule/_shared/Dockerfile.j2
@@ -18,7 +18,7 @@ RUN if [ $(command -v apt-get) ]; then \
         if grep -q "Debian GNU/Linux 11" /etc/os-release; then \
             apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 python-apt-common && apt-get clean; \
         else \
-            apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 python-apt && apt-get clean; \
+            apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt && apt-get clean; \
         fi \
     elif [ $(command -v dnf) ]; then \
         dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \

diff --git a/molecule/centos-stream-8/molecule.yml b/molecule/centos-stream-8/molecule.yml
diff --git a/molecule/ubuntu-22.04/molecule.yml b/molecule/ubuntu-22.04/molecule.yml
@@ -3,7 +3,7 @@ platforms:
   - name: ubuntu-22.04
     groups:
       - consul_instances
-    image: dokken/ubuntu-20.04
+    image: dokken/ubuntu-22.04
     command: /lib/systemd/systemd
     dockerfile: ../_shared/Dockerfile.j2
     capabilities:

diff --git a/requirements.txt b/requirements.txt
@@ -17,12 +17,12 @@ click==8.1.3
 click-help-colors==0.9.1
 commonmark==0.9.1
 cookiecutter==2.1.1
-cryptography==42.0.2
+cryptography==42.0.4
 distro==1.7.0
 docutils==0.19
 enrich==1.2.7
 flake8==6.0.0
-idna==3.3
+idna==3.7
 importlib-resources==5.9.0
 iniconfig==1.1.1
 Jinja2==3.1.3
@@ -49,7 +49,7 @@ pyparsing==3.0.9
 pyrsistent==0.18.1
 pytest==7.1.2
 PyYAML==6.0
-requests==2.31.0
+requests==2.32.0
 rich==12.5.1
 ruamel.yaml==0.17.21
 ruamel.yaml.clib==0.2.6

diff --git a/tasks/config.yml b/tasks/config.yml
@@ -41,3 +41,12 @@
 - name: Set fact list with custom configuration file
   ansible.builtin.set_fact:
     managed_files: "{{ managed_files | default([]) }} + [ '{{ consul_configd_path }}/50custom.json' ]"
+
+# All configuration files must be given to the validate command at once (partial conf might raise some issue regarding missing some required items), so it's not possible to use the validate arg og the ansibvle.builtin.copy module used to template the config
+- name: Validate configuration
+  become: true
+  become_user: "{{ consul_user }}"
+  ansible.builtin.command: >
+    {{ consul_binary }} validate {{ (ansible_verbosity == 0) | ternary("-quiet", "") }}
+    {{ consul_config_path }}/config.json {{ consul_configd_path }}
+  changed_when: false
diff --git a/tasks/leave_restart_consul.yml b/tasks/leave_restart_consul.yml
@@ -1,9 +1,24 @@
 ---
 
-- name: Consul leave
+- name: Check if consul is running
   delegate_to: "{{ rolling_restart_host }}"
-  ansible.builtin.command: "{{ consul_binary }} leave {% if consul_acl_enable %} -token {{ consul_acl_master_token }} {% endif %} -http-addr {{ consul_addresses.http }}:{{ consul_ports.http }}"
-  changed_when: true
+  ansible.builtin.stat:
+    path: "{{ consul_pid_file }}"
+  register: consul_pid
+
+- name: Leave the consul cluster
+  when: consul_pid.stat.exists
+  block:
+    - name: Consul leave
+      delegate_to: "{{ rolling_restart_host }}"
+      ansible.builtin.command:
+        cmd: "{{ consul_binary }} leave {% if consul_acl_enable %} -token {{ consul_acl_master_token }} {% endif %} -http-addr {{ consul_addresses.http }}:{{ consul_ports.http }}"
+      changed_when: true
+
+    - name: Give the cluster some time to perform proper leadership transfer
+      ansible.builtin.pause:
+        seconds: "{{ consul_rolling_restart_delay_sec }}"
+      when: consul_rolling_restart_delay_sec > 0
 
 - name: Restart consul on Unix
   delegate_to: "{{ rolling_restart_host }}"
@@ -13,7 +28,12 @@
     # Needed to force SysV service manager on Docker for Molecule tests
     use: "{{ ansible_service_mgr }}"
 
-- name: Wait for service availability
-  ansible.builtin.pause:
-    seconds: "{{ consul_rolling_restart_delay_sec }}"
-  when: consul_rolling_restart_delay_sec > 0
+- name: Assert that consul service is running
+  delegate_to: "{{ rolling_restart_host }}"
+  ansible.builtin.command:
+    cmd: "{{ consul_binary }} info {% if consul_acl_enable %} -token {{ consul_acl_master_token }} {% endif %} -http-addr {{ consul_addresses.http }}:{{ consul_ports.http }}"
+  changed_when: false
+  register: consul_info
+  retries: 20
+  delay: 1
+  until: "consul_info.rc == 0"
diff --git a/tasks/nix.yml b/tasks/nix.yml
@@ -141,6 +141,7 @@
           register: gossip_key_tempfile
 
         - name: Generate gossip encryption key # noqa no-changed-when
+          become: false
           ansible.builtin.shell: PATH={{ consul_bin_path }}:$PATH consul keygen > {{ gossip_key_tempfile.path }}
           register: consul_keygen
 

diff --git a/templates/consul_bsdinit.j2 b/templates/consul_bsdinit.j2
@@ -30,7 +30,7 @@ consul_start() {
     for user in ${consul_users}; do
         mkdir {{ consul_run_path }}
         chown -R "{{ consul_user }}:{{ consul_group }}" {{ consul_run_path }}
-        su -m "${user}" -c "{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_run_path }}/consul.pid&"
+        su -m "${user}" -c "{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path }}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_pid_file }}&"
     done
 }
 

diff --git a/templates/consul_launchctl.plist.j2 b/templates/consul_launchctl.plist.j2
@@ -24,7 +24,7 @@
     <string>agent</string>
     <string>-config-file={{ consul_config_path }}/config.json</string>
     <string>-config-dir={{ consul_configd_path }}</string>
-    <string>-pid-file={{ consul_run_path }}/consul.pid</string>
+    <string>-pid-file={{ consul_pid_file }}</string>
   </array>
   <key>RunAtLoad</key>
   <true/>

diff --git a/templates/consul_smf_manifest.j2 b/templates/consul_smf_manifest.j2
@@ -23,7 +23,7 @@
             <method_credential user="{{ consul_user }}" group="{{ consul_group }}"/>
         </method_context>
 
-        <exec_method type="method" name="start" exec="{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path}}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_run_path }}/consul.pid" timeout_seconds="60"/>
+        <exec_method type="method" name="start" exec="{{ consul_bin_path }}/consul agent -config-file={{ consul_config_path}}/config.json -config-dir={{ consul_configd_path }} -pid-file={{ consul_pid_file }}" timeout_seconds="60"/>
 
         <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>
 

diff --git a/templates/consul_systemd.service.j2 b/templates/consul_systemd.service.j2
@@ -16,7 +16,7 @@ After=network-online.target
 [Service]
 User={{ consul_user }}
 Group={{ consul_group }}
-PIDFile={{ consul_run_path }}/consul.pid
+PIDFile={{ consul_pid_file }}
 PermissionsStartOnly=true
 {% if consul_ui_legacy %}
 Environment=CONSUL_UI_LEGACY=true
@@ -26,7 +26,7 @@ ExecStartPre=/bin/chown -R {{ consul_user }}:{{ consul_group }} {{ consul_run_pa
 ExecStart={{ consul_bin_path }}/consul agent \
     -config-file={{ consul_config_path }}/config.json \
     -config-dir={{ consul_configd_path}} \
-    -pid-file={{ consul_run_path }}/consul.pid
+    -pid-file={{ consul_pid_file }}
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 KillSignal=SIGTERM

diff --git a/templates/consul_sysvinit.j2 b/templates/consul_sysvinit.j2
@@ -3,7 +3,7 @@
 # chkconfig:   2345 95 95
 # description: Consul service discovery framework
 # processname: consul
-# pidfile: {{ consul_run_path }}/consul.pid
+# pidfile: {{ consul_pid_file }}
 
 {% if ansible_distribution == "Ubuntu" %}
 . /lib/lsb/init-functions
@@ -14,7 +14,6 @@
 CONSUL={{ consul_bin_path }}/consul
 CONFIG={{ consul_config_path }}/config.json
 CONFIGD={{ consul_configd_path }}
-PID_FILE={{ consul_run_path }}/consul.pid
 LOCK_FILE=/var/lock/subsys/consul
 {% if consul_ui_legacy %}
 CONSUL_UI_LEGACY=true
@@ -29,13 +28,13 @@ mkrundir() {
         chown {{ consul_user }} {{ consul_run_path }}
 }
 
-KILLPROC_OPT="-p ${PID_FILE}"
+KILLPROC_OPT="-p {{ consul_pid_file }}"
 mkpidfile() {
         mkrundir
-        [ ! -f "${PID_FILE}" ] && pidofproc "${CONSUL}" > "${PID_FILE}"
+        [ ! -f "{{ consul_pid_file }}" ] && pidofproc "${CONSUL}" > "{{ consul_pid_file }}"
         chown -R {{ consul_user }} {{ consul_run_path }}
         if [ $? -ne 0 ] ; then
-            rm "${PID_FILE}"
+            rm "{{ consul_pid_file }}"
             KILLPROC_OPT=""
         fi
 }
@@ -44,10 +43,10 @@ start() {
         echo -n "Starting consul: "
         mkrundir
         mkpidfile
-        # [ -f "${PID_FILE}" ] && rm "${PID_FILE}"
+        # [ -f "{{ consul_pid_file }}" ] && rm "{{ consul_pid_file }}"
         daemon --user={{ consul_user }} \
-            --pidfile="${PID_FILE}" \
-            "${CONSUL}" agent -config-file="${CONFIG}" -config-dir="${CONFIGD}" -pid-file="${PID_FILE}" &
+            --pidfile="{{ consul_pid_file }}" \
+            "${CONSUL}" agent -config-file="${CONFIG}" -config-dir="${CONFIGD}" -pid-file="{{ consul_pid_file }}" &
         retcode=$?
         touch ${LOCK_FILE}
         return "${retcode}"
@@ -63,7 +62,7 @@ stop() {
         killproc "${KILLPROC_OPT}" "${CONSUL}" -SIGTERM
 
         retcode=$?
-        rm -f "${LOCK_FILE}" "${PID_FILE}"
+        rm -f "${LOCK_FILE}" "{{ consul_pid_file }}"
         return "${retcode}"
 }