Upgrade to latest standards (#44)

* Upgrade to latest standards

- Use package module
- Ensure the prevent start works under ubuntu 16
- Make use of check_mode to provide real idempotency instead
  of changed_when: false
- Reorganized variable names to match openstack-ansible naming
  conventions
- Simplified the includes

* Update testing, bring vagrant support

Bringing vagrant support has highlighted issues:
- The examples were not easy to pass automatically
- Selinux was not working
- Policy files for ubuntu xenial was not working

.gitignore

@@ -0,0 +1,3 @@
+*.retry
+*.log
+.vagrant/

Vagrantfile

@@ -0,0 +1,66 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Ansible provisioner for multimachine
+ANSIBLE_RAW_SSH_ARGS = []
+boxes = [
+    {
+        :name => "keepalived1",
+        :eth1 => "192.168.33.10",
+        :image => "ubuntu/trusty64",
+    },
+    {
+        :name => "keepalived2",
+        :eth1 => "192.168.33.11",
+        :image => "ubuntu/xenial64",
+    },
+    {
+        :name => "keepalived3",
+        :eth1 => "192.168.33.12",
+        :image => "centos/7",
+    }
+]
+
+# Gather all the keys for the ssh connections
+boxes.each do |boxopts|
+  ANSIBLE_RAW_SSH_ARGS << "-o IdentityFile=.vagrant/machines/#{boxopts[:name]}/virtualbox/private_key"
+end
+
+Vagrant.configure(2) do |config|
+
+  config.vm.provider "virtualbox" do |v|
+    v.customize ["modifyvm", :id, "--memory", 256]
+    v.customize ["modifyvm", :id, "--cpus", 1]
+  end
+
+  # Optional vagrant cache
+  if Vagrant.has_plugin?("vagrant-cachier")
+    # http://fgrehm.viewdocs.io/vagrant-cachier/usage/
+    config.cache.scope = :box
+    #config.cache.synced_folder_opts = {
+    #  type: :nfs,
+    #  mount_options: ['rw', 'vers=3', 'tcp', 'nolock']
+    #}
+  end
+
+  boxes.each do |boxopts|
+    config.vm.define boxopts[:name] do |config|
+      config.vm.box = boxopts[:image]
+      config.vm.hostname = boxopts[:name]
+      config.vm.network :private_network, ip: boxopts[:eth1]
+      # Vagrant works serially and provision machines
+      # serially. Each of them is unaware of the others.
+      # Therefore, we should start provisioning only on last machine
+      if boxopts[:name] == "keepalived3"
+        config.vm.provision :ansible do |ansible|
+          ansible.playbook = "tests/deploy.yml"
+          ansible.extra_vars = "tests/keepalived_haproxy_combined_example.yml"
+          ansible.limit = 'all'
+          #ansible.inventory_path = "tests/inventory"
+          ansible.verbose = "-v"
+          ansible.raw_ssh_args = ANSIBLE_RAW_SSH_ARGS
+        end
+      end
+    end
+  end
+end

defaults/main.yml

@@ -13,28 +13,33 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# keepalived_ubuntu_src should be either "uca", "ppa" or "native":
+# "ppa" will ensure that keepalived ppa source is installed (recommended)
+# "uca" will ensure that the Ubuntu Cloud Archive is installed (good enough)
+# "native" will not ensure any external repository is set
+#  and use what's available (not recommended, unless you defined one of the
+#  above on your hosts)
+# Please see vars/ for information about these repositories
+# TODO(evrardjp), 2017-11:to remove the conditional
+# Remove the deprecation conditional and provide a good unconditional
+# default:
+#keepalived_ubuntu_src: "uca"
+keepalived_ubuntu_src: "{{ (keepalived_uca_enable is defined and (keepalived_uca_enable | bool)) | ternary('uca','ppa') }}"
+
+# If using UCA, you may want to point with your local mirror of UCA.
+keepalived_uca_apt_repo_url: "http://ubuntu-cloud.archive.canonical.com/ubuntu"
+
+# TODO(evrardjp), 2017-11:
+# Remove the deprecation conditional and provide a good unconditional
+# default:
+#keepalived_package_state: "latest"
+keepalived_package_state: "{{ ( (keepalived_use_latest_stable | default(true)) | bool) | ternary('latest','present') }}"
+
 #This is the expiration time of your package manager cache.
 #When expired, this role will require to update the package manger cache.
 #This variable will be removed when the ansible upstream bugs will be fixed.
 cache_timeout: 600
 
-# This is the variable to ensure the state of the package on your system.
-# When False, the role will only make sure a package is installed.
-# When True, the role will always install latest version of the
-#   keepalived package, making it restart when a new version appears.
-keepalived_use_latest_stable: False
-
-# This variable used to be called keepalived_use_latest_stable_ppa
-# When this setting is set to False, the role will use the package
-# provided with the distribution instead of using an external source.
-keepalived_use_external_repo: True
-
-# This variables changes the external repo used for ubuntu. If set
-# to true, it will use the ubuntu cloud archive as external repo.
-# If set to False, it will use the ppa as external repo.
-keepalived_uca_enable: False
-uca_apt_repo_url: "http://ubuntu-cloud.archive.canonical.com/ubuntu"
-
 keepalived_instances: []
 keepalived_sync_groups: {}
-keepalived_bind_on_non_local: False
+keepalived_bind_on_non_local: False

meta/main.yml

@@ -17,7 +17,7 @@ galaxy_info:
   author: Jean-Philippe Evrard
   description:  This role installs and configure keepalived based on a variable file
   license: Apache
-  min_ansible_version: 1.9
+  min_ansible_version: 2.3
   platforms:
   - name: EL
     versions:

tasks/keepalived_install.yml

@@ -0,0 +1,83 @@
+---
+# Copyright 2015, Jean-Philippe Evrard <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Add the keepalived through ppa
+  apt_key:
+    id: "{{ keepalived_ppa_keyid }}"
+    keyserver: "{{ keepalived_ppa_keyserver }}"
+    state: present
+  when:
+    - ansible_pkg_mgr == 'apt'
+    - keepalived_ubuntu_src == "ppa"
+  tags:
+    - keepalived-apt-keys
+
+- name: Add Ubuntu Cloud Archive keyring
+  apt:
+    pkg: ubuntu-cloud-keyring
+    state: "latest"
+  when:
+    - ansible_pkg_mgr == 'apt'
+    - keepalived_ubuntu_src == "uca"
+  tags:
+    - keepalived-apt-keys
+
+- name: Add the keepalived apt repository
+  apt_repository:
+    repo: "{{ (keepalived_ubuntu_src == 'ppa') | ternary(keepalived_ppa_repo, keepalived_uca_repo) }}"
+    update_cache: True
+    state: present
+  when:
+    - ansible_pkg_mgr == 'apt'
+    - keepalived_ubuntu_src != "native"
+  tags:
+    - keepalived-repo
+
+- name: Check if keepalived is already installed
+  package:
+    name: "{{ keepalived_package_name }}"
+    state: present
+  register: check_if_present
+  check_mode: yes
+
+- name: Prevent keepalived from starting on install
+  copy:
+    dest: "{{ prevent_start_file }}"
+    content: "{{ prevent_start_file_content }}"
+  when:
+    - ansible_os_family | lower == 'debian'
+    - check_if_present | changed
+  tags:
+    - keepalived-prevent-start
+
+- name: install keepalived
+  package:
+    name: "{{ keepalived_package_name }}"
+    state: "{{ keepalived_package_state }}"
+    update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}"
+    cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
+  tags:
+    - keepalived-apt-packages
+
+- name: Revert keepalived start prevention
+  file:
+    dest: "{{ prevent_start_file }}"
+    state: absent
+  when:
+    - ansible_os_family | lower == 'debian'
+    - check_if_present | changed
+  tags:
+    - keepalived-config
+    - keepalived-prevent-start

tasks/keepalived_selinux.yml

@@ -25,6 +25,8 @@
   with_items:
     - libselinux
     - libselinux-devel
+    - checkpolicy
+    - policycoreutils-python
   when:
     - '"keepalived_ping" not in selinux_modules.stdout'