From 4aaaf2fa4fc70b59f25ad515e212f6f45953d7b4 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Tue, 25 Apr 2023 14:06:49 +0000 Subject: [PATCH 01/10] fix(ansible-lint): missing name --- tasks/main.yml | 3 ++- tests/test.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 774bce1..f62ba75 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,4 +8,5 @@ failed_when: false when: teleport_version_check|bool -- include_tasks: "install.yml" +- name: "Update goteleport" + ansible.builtin.include_tasks: "install.yml" diff --git a/tests/test.yml b/tests/test.yml index 6c43b24..8c7b64a 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Test Playbook for testing goteleport + hosts: all remote_user: root roles: - role-goteleport From 4235e237e2d07f50efec9259764a01183ba42de9 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Tue, 25 Apr 2023 17:54:29 +0000 Subject: [PATCH 02/10] fix(ansible-lint): missing name, wrong permission, truth, and use fqdn --- tasks/install.yml | 52 +++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/tasks/install.yml b/tasks/install.yml index dc1ddd4..7629644 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,55 +1,63 @@ --- -- block: +- name: "Update goteleport block" + when: (not teleport_version_check|bool) or (teleport_active_version.stdout != teleport_version) + block: - name: Download teleport archive - get_url: + ansible.builtin.get_url: url: "{{ teleport_dl_url }}.tar.gz" dest: "/tmp/teleport-{{ teleport_version }}-linux-{{ teleport_arch }}.tar.gz" checksum: "sha256:{{ teleport_sha256_url }}.tar.gz.sha256" + mode: "0755" register: _download_archive until: _download_archive is succeeded retries: 5 delay: 2 - - name: create directory if they don't exist - file: + - name: Create directory if they don't exist + ansible.builtin.file: path: "/tmp/teleport-{{ teleport_version }}" state: directory - owner: root - group: root - mode: 0775 + owner: "root" + group: "root" + mode: "0775" - name: Unpack Teleport Package - unarchive: - remote_src: yes + ansible.builtin.unarchive: + remote_src: true src: "/tmp/teleport-{{ teleport_version }}-linux-{{ teleport_arch }}.tar.gz" dest: "/tmp/teleport-{{ teleport_version }}" - mode: 0755 - owner: root - group: root + mode: "0755" + owner: "root" + group: "root" - - name: create directory if they don't exist - file: + - name: Create directory if they don't exist + ansible.builtin.file: path: "/var/lib/teleport" state: directory - owner: root - group: root - mode: 0775 + owner: "root" + group: "root" + mode: "0775" - - name: copy all binaries - copy: + - name: Copy all binaries + ansible.builtin.copy: remote_src: true src: "/tmp/teleport-{{ teleport_version }}/teleport/{{ item }}" dest: "/usr/local/bin/{{ item }}" + owner: "root" + group: "root" + mode: "0755" loop: - "tbot" - "tctl" - "tsh" - "teleport" - - name: copy teleport binary - copy: + - name: Copy teleport binary + ansible.builtin.copy: remote_src: true src: "/tmp/teleport-{{ teleport_version }}/teleport/teleport" dest: "/usr/local/bin/teleport" + owner: "root" + group: "root" + mode: "0755" notify: "Restart Teleport" - when: (not teleport_version_check|bool) or (teleport_active_version.stdout != teleport_version) From dc0d44d78ff7e33352e80172cb4d9e7a9601af63 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Tue, 25 Apr 2023 17:55:29 +0000 Subject: [PATCH 03/10] fix(ansible-lint): add missing metadata --- meta/main.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index c572acc..3fe885d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,8 +1,14 @@ galaxy_info: - author: your name - description: your role description - company: your company (optional) + role_name: update_goteleport + namespace: dragse + author: Lennard Brinkhaus + description: This role update a binary installation of goteleport + company: DragSE + platforms: + - name: GenericLinux + versions: + - all # If the issue tracker for your role is not on github, uncomment the # next line and provide a value # issue_tracker_url: http://example.com/issue/tracker @@ -14,9 +20,9 @@ galaxy_info: # - GPL-3.0-only # - Apache-2.0 # - CC-BY-4.0 - license: license (GPL-2.0-or-later, MIT, etc) + license: None - min_ansible_version: 2.1 + min_ansible_version: "2.1" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: From 3fac9583ac10e3d7861aa5e1deab39ba1fd59358 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Tue, 25 Apr 2023 17:57:29 +0000 Subject: [PATCH 04/10] chore: update the default version to 12.2.4 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 29c34d2..1d14a84 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- teleport_version_check: true -teleport_version: "12.0.2" +teleport_version: "12.2.4" teleport_dl_url: "https://cdn.teleport.dev/teleport-v{{ teleport_version }}-linux-{{ teleport_arch }}-bin" teleport_sha256_url: "https://get.gravitational.com/teleport-v{{ teleport_version }}-linux-{{ teleport_arch }}-bin" From 8a42acb378018b9ba8fb59f0985ce018acc634d2 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Thu, 27 Apr 2023 10:50:55 +0000 Subject: [PATCH 05/10] fix: remove redundancy which prevent restart handler notification --- tasks/install.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tasks/install.yml b/tasks/install.yml index 7629644..30a2b51 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -51,13 +51,6 @@ - "tctl" - "tsh" - "teleport" + notify: + - "Restart Teleport" - - name: Copy teleport binary - ansible.builtin.copy: - remote_src: true - src: "/tmp/teleport-{{ teleport_version }}/teleport/teleport" - dest: "/usr/local/bin/teleport" - owner: "root" - group: "root" - mode: "0755" - notify: "Restart Teleport" From fc26ec47452a9e6ba6484ebb90f49c511cf562c3 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Thu, 27 Apr 2023 10:54:55 +0000 Subject: [PATCH 06/10] fix: removing of temporary files to prevent tmp going out of space --- tasks/install.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/install.yml b/tasks/install.yml index 30a2b51..ba2e9ba 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -54,3 +54,7 @@ notify: - "Restart Teleport" + - name: "Clean Up Temporary Files" + ansible.builtin.file: + state: absent + path: /tmp/teleport-{{ teleport_version }} From f6e152c31385549c7f10446512c4906084d3ed9d Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Thu, 27 Apr 2023 10:57:30 +0000 Subject: [PATCH 07/10] fix: reorder handler for right execution order --- handlers/main.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 11e6dd7..8cb7708 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,11 +1,12 @@ --- -- name: "Restart Teleport" - ansible.builtin.service: - name: teleport - state: restarted - when: ansible_service_mgr == "systemd" - - name: "Reload systemd" ansible.builtin.systemd: daemon_reload: true when: ansible_service_mgr == "systemd" + +- name: "Restart Teleport" + ansible.builtin.service: + name: teleport + state: restarted + failed_when: false + when: ansible_service_mgr == "systemd" From a989dd2368fc0267e56ec6dd0543418a18310fe5 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Sun, 25 Jun 2023 13:34:24 +0000 Subject: [PATCH 08/10] improve variables --- defaults/main.yml | 8 ++++++-- tasks/install.yml | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 1d14a84..13c2bf5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,9 @@ --- teleport_version_check: true teleport_version: "12.2.4" -teleport_dl_url: "https://cdn.teleport.dev/teleport-v{{ teleport_version }}-linux-{{ teleport_arch }}-bin" -teleport_sha256_url: "https://get.gravitational.com/teleport-v{{ teleport_version }}-linux-{{ teleport_arch }}-bin" +teleport_base_url_tar: "https://cdn.teleport.dev" +teleport_base_url_sha: "https://get.gravitational.com" +teleport_base_filename: teleport-v{{ teleport_version }}-linux-{{ teleport_arch }}-bin +teleport_dl_url: "{{ teleport_base_url_tar }}/{{ teleport_base_filename }}.tar.gz" +teleport_sha256_url: "{{ teleport_base_url_sha }}/{{ teleport_base_filename }}.tar.gz.sha256" +pid_file_telport: "/run/teleport.pid" diff --git a/tasks/install.yml b/tasks/install.yml index ba2e9ba..9bc5cc6 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -4,9 +4,9 @@ block: - name: Download teleport archive ansible.builtin.get_url: - url: "{{ teleport_dl_url }}.tar.gz" - dest: "/tmp/teleport-{{ teleport_version }}-linux-{{ teleport_arch }}.tar.gz" - checksum: "sha256:{{ teleport_sha256_url }}.tar.gz.sha256" + url: "{{ teleport_dl_url }}" + dest: "/tmp/{{ teleport_base_filename }}.tar.gz" + checksum: "sha256:{{ teleport_sha256_url }}" mode: "0755" register: _download_archive until: _download_archive is succeeded @@ -24,7 +24,7 @@ - name: Unpack Teleport Package ansible.builtin.unarchive: remote_src: true - src: "/tmp/teleport-{{ teleport_version }}-linux-{{ teleport_arch }}.tar.gz" + src: "/tmp/{{ teleport_base_filename }}.tar.gz" dest: "/tmp/teleport-{{ teleport_version }}" mode: "0755" owner: "root" From 8cf12cc88092751d1cf01744e0b783f2a7a530d9 Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Sun, 25 Jun 2023 13:36:44 +0000 Subject: [PATCH 09/10] add tasks for getting main pid from teleport --- tasks/main.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index f62ba75..99939eb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,5 +8,20 @@ failed_when: false when: teleport_version_check|bool +- name: "Check if teleport pid file exist" + ansible.builtin.stat: + path: "{{ pid_file_telport }}" + register: pid_file_telport_state + +- name: "Get Main PID of Teleport" + when: pid_file_teleport_state.stat.isdir is defined and not pid_file_teleport_state.stat.isdir + ansible.builtin.shell: "cat /run/teleport.pid" + args: + executable: /bin/bash + register: teleport_main_pid + changed_when: false + failed_when: false + + - name: "Update goteleport" ansible.builtin.include_tasks: "install.yml" From 7d334559b70f579650704276488bda19c648d41e Mon Sep 17 00:00:00 2001 From: Leo Drachenfeuer Date: Sun, 25 Jun 2023 13:37:22 +0000 Subject: [PATCH 10/10] add work around for restart hang with test --- handlers/main.yml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 8cb7708..1c0ee07 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -8,5 +8,17 @@ ansible.builtin.service: name: teleport state: restarted - failed_when: false + async: 15 + poll: 0 when: ansible_service_mgr == "systemd" + notify: "Check Teleport restart" + +- name: "Check Teleport restart" + delegate_to: localhost + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: "3022" + delay: 10 + timeout: 30 + state: started + msg: "Telport has restarted"