From 3fa110dfc735bf223dc965ea2f16f4a2a35e1ee5 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Thu, 23 May 2024 15:59:23 +0200 Subject: [PATCH 1/2] Adding pre-flight checks and lock file behaviour to ce-deploy. --- docs/roles/_init.md | 3 +- .../database_backup/database_backup-mysql.md | 2 ++ roles/_exit/tasks/main.yml | 5 +++ roles/_init/README.md | 1 + roles/_init/defaults/main.yml | 1 + roles/_init/tasks/main.yml | 31 +++++++++++++++++++ .../database_backup-mysql/README.md | 2 ++ 7 files changed, 44 insertions(+), 1 deletion(-) diff --git a/docs/roles/_init.md b/docs/roles/_init.md index f31e8064..2873dffa 100644 --- a/docs/roles/_init.md +++ b/docs/roles/_init.md @@ -1,5 +1,5 @@ # Init -Mandatory role that must run before any other `ce-edploy` roles when executing a playbook. +Mandatory role that must run before any other `ce-deploy` roles when executing a playbook. These variables **must** be set in a common variables file if you do not wish to use defaults. @@ -28,6 +28,7 @@ bin_directory: "/home/{{ deploy_user }}/.bin" cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app # AWS ASG variables to allow for the suspension of autoscaling during a code deployment. +ce_deploy_version: 1.x aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/docs/roles/database_backup/database_backup-mysql.md b/docs/roles/database_backup/database_backup-mysql.md index 2766a4f3..f23c9c34 100644 --- a/docs/roles/database_backup/database_backup-mysql.md +++ b/docs/roles/database_backup/database_backup-mysql.md @@ -24,6 +24,8 @@ mysql_backup: mysqldump_params: "{{ _mysqldump_params }}" # set in _init but you can override here # Location on deploy server where the generated MySQL password will be stashed - should be temporary storage mysql_password_path: "/tmp/.ce-deploy/{{ project_name }}_{{ build_type }}_{{ build_number }}" + # Uncomment to login with MySQL socket instead of TCP/IP (e.g. for MariaDB after secure set-up) + #mysql_unix_socket: /run/mysqld/mysqld.sock # Number of dumps/db to keep. Note this is independant from the build codebases. keep: 10 # This can be one of the following: diff --git a/roles/_exit/tasks/main.yml b/roles/_exit/tasks/main.yml index 0ba2da27..2d286a1a 100644 --- a/roles/_exit/tasks/main.yml +++ b/roles/_exit/tasks/main.yml @@ -7,3 +7,8 @@ when: - aws_asg.name is defined - aws_asg.name | length > 0 + +- name: Delete the lock file. + ansible.builtin.file: + path: /tmp/ce-deploy-lock + state: absent diff --git a/roles/_init/README.md b/roles/_init/README.md index 8d4fa92e..2873dffa 100644 --- a/roles/_init/README.md +++ b/roles/_init/README.md @@ -28,6 +28,7 @@ bin_directory: "/home/{{ deploy_user }}/.bin" cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app # AWS ASG variables to allow for the suspension of autoscaling during a code deployment. +ce_deploy_version: 1.x aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml index 7f06f695..b5bfc9fa 100644 --- a/roles/_init/defaults/main.yml +++ b/roles/_init/defaults/main.yml @@ -9,6 +9,7 @@ bin_directory: "/home/{{ deploy_user }}/.bin" cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app # AWS ASG variables to allow for the suspension of autoscaling during a code deployment. +ce_deploy_version: 1.x aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/roles/_init/tasks/main.yml b/roles/_init/tasks/main.yml index 680ba19f..b8b8c1a6 100644 --- a/roles/_init/tasks/main.yml +++ b/roles/_init/tasks/main.yml @@ -1,4 +1,35 @@ --- +- name: Version check. + ansible.builtin.debug: + msg: "Using ce-deploy {{ ce_deploy_version }}" + +- name: Check for a ce-provision lock file. + ansible.builtin.stat: + path: /tmp/ce-provision-lock + register: _ce_provision_lock + +- name: Abort if ce-provision lock file exists. + when: _ce_provision_lock.stat.exists is defined and _ce_provision_lock.stat.exists + block: + - name: Abort if ce-provision lock file is found. + ansible.builtin.debug: + msg: "ce-provision lock file discovered, an infrastructure build is in progress! If this is not the case, login to the affected server and delete the file at /tmp/ce-provision-lock." + - ansible.builtin.meta: end_play + +- name: Check OS family. + when: ansible_os_family == "Windows" + block: + - name: Abort if target is a Windows server. + ansible.builtin.debug: + msg: "ce-deploy currently only supports Linux like operating systems, and works best with Debian Linux." + - ansible.builtin.meta: end_play + +- name: Set a lock file. + ansible.builtin.file: + path: /tmp/ce-deploy-lock + state: touch + mode: 0644 + # Ensure default values for common variables. - name: Define deploy user. ansible.builtin.set_fact: diff --git a/roles/database_backup/database_backup-mysql/README.md b/roles/database_backup/database_backup-mysql/README.md index 2766a4f3..f23c9c34 100644 --- a/roles/database_backup/database_backup-mysql/README.md +++ b/roles/database_backup/database_backup-mysql/README.md @@ -24,6 +24,8 @@ mysql_backup: mysqldump_params: "{{ _mysqldump_params }}" # set in _init but you can override here # Location on deploy server where the generated MySQL password will be stashed - should be temporary storage mysql_password_path: "/tmp/.ce-deploy/{{ project_name }}_{{ build_type }}_{{ build_number }}" + # Uncomment to login with MySQL socket instead of TCP/IP (e.g. for MariaDB after secure set-up) + #mysql_unix_socket: /run/mysqld/mysqld.sock # Number of dumps/db to keep. Note this is independant from the build codebases. keep: 10 # This can be one of the following: From 4aafc8e614d14ba7163c445ff45d9c126867a0c2 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 24 May 2024 10:00:03 +0200 Subject: [PATCH 2/2] Moving lock file paths to variables. --- docs/roles/_init.md | 4 +++- roles/_exit/tasks/main.yml | 2 +- roles/_init/README.md | 4 +++- roles/_init/defaults/main.yml | 4 +++- roles/_init/tasks/main.yml | 6 +++--- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/docs/roles/_init.md b/docs/roles/_init.md index 2873dffa..a1e37f95 100644 --- a/docs/roles/_init.md +++ b/docs/roles/_init.md @@ -27,8 +27,10 @@ bin_directory: "/home/{{ deploy_user }}/.bin" # Number of dumps/db to look up for cleanup. cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app -# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. ce_deploy_version: 1.x +lock_file: /tmp/ce-deploy-lock +provision_lock_file: /tmp/ce-provision-lock # must match _init.lock_file in ce-provision +# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/roles/_exit/tasks/main.yml b/roles/_exit/tasks/main.yml index 2d286a1a..640f3a18 100644 --- a/roles/_exit/tasks/main.yml +++ b/roles/_exit/tasks/main.yml @@ -10,5 +10,5 @@ - name: Delete the lock file. ansible.builtin.file: - path: /tmp/ce-deploy-lock + path: "{{ lock_file }}" state: absent diff --git a/roles/_init/README.md b/roles/_init/README.md index 2873dffa..a1e37f95 100644 --- a/roles/_init/README.md +++ b/roles/_init/README.md @@ -27,8 +27,10 @@ bin_directory: "/home/{{ deploy_user }}/.bin" # Number of dumps/db to look up for cleanup. cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app -# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. ce_deploy_version: 1.x +lock_file: /tmp/ce-deploy-lock +provision_lock_file: /tmp/ce-provision-lock # must match _init.lock_file in ce-provision +# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml index b5bfc9fa..00c14563 100644 --- a/roles/_init/defaults/main.yml +++ b/roles/_init/defaults/main.yml @@ -8,8 +8,10 @@ bin_directory: "/home/{{ deploy_user }}/.bin" # Number of dumps/db to look up for cleanup. cleanup_history_depth: 50 install_php_cachetool: true # set to false if you don't need cachetool, e.g. for a nodejs app -# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. ce_deploy_version: 1.x +lock_file: /tmp/ce-deploy-lock +provision_lock_file: /tmp/ce-provision-lock # must match _init.lock_file in ce-provision +# AWS ASG variables to allow for the suspension of autoscaling during a code deployment. aws_asg: name: "" # if the deploy is on an ASG put the name here region: "eu-west-1" diff --git a/roles/_init/tasks/main.yml b/roles/_init/tasks/main.yml index b8b8c1a6..1b53f4b2 100644 --- a/roles/_init/tasks/main.yml +++ b/roles/_init/tasks/main.yml @@ -5,7 +5,7 @@ - name: Check for a ce-provision lock file. ansible.builtin.stat: - path: /tmp/ce-provision-lock + path: "{{ provision_lock_file }}" register: _ce_provision_lock - name: Abort if ce-provision lock file exists. @@ -13,7 +13,7 @@ block: - name: Abort if ce-provision lock file is found. ansible.builtin.debug: - msg: "ce-provision lock file discovered, an infrastructure build is in progress! If this is not the case, login to the affected server and delete the file at /tmp/ce-provision-lock." + msg: "ce-provision lock file discovered, an infrastructure build is in progress! If this is not the case, login to the affected server and delete the file at {{ provision_lock_file }}." - ansible.builtin.meta: end_play - name: Check OS family. @@ -26,7 +26,7 @@ - name: Set a lock file. ansible.builtin.file: - path: /tmp/ce-deploy-lock + path: "{{ lock_file }}" state: touch mode: 0644