Merge pull request #5 from punktDe/dev

De-couple the role from the built-in Solr service (use supervisord instead)

.ansible-lint

@@ -1,11 +1,28 @@
 ---
 skip_list:
-  - 'risky-shell-pipe'
-  - 'role-name'
-  - 'name[template]'
+  - meta-no-info
+  - var-naming[no-role-prefix]
+  - name[template]
 
 warn_list:
   - package-latest
   - unnamed-task
-  - command-instead-of-shell
-  - no-handler
+
+exclude_paths:
+  - group_vars/secrets.*
+  - roles/dehydrated
+  - roles/mailhog
+  - roles/postgresql
+  - roles/mail
+  - roles/mariadb
+  - roles/nginx
+  - roles/elasticsearch
+  - roles/oauth2_proxy
+  - roles/php
+  - roles/redis
+  - roles/supervisord
+  - roles/system
+  - roles/apache
+  - roles/solr
+  - roles/varnish
+  - roles/docker

.editorconfig

@@ -0,0 +1,14 @@
+# EditorConfig: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# 2 space indentation for YAML
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2

.envrc

@@ -0,0 +1,24 @@
+#!/bin/sh
+if [ -n "$$DIRENV_DIFF" ]; then
+  # Do not `set -e` unless we're being run from direnv
+  set -e 
+fi
+
+if [ ! -f .venv/bin/activate ]
+then
+	echo "Creating a virtual Python environment"
+	python3 -m venv .venv >/dev/null
+fi
+
+if [ -f .venv/bin/activate ]
+then
+	echo "Activating the Python virtual environment"
+	. .venv/bin/activate
+fi
+
+if [ -f .venv/bin/pip3 ]
+then
+	echo "Installing Python requirements"
+	.venv/bin/pip3 install --upgrade pip 1> /dev/null
+	.venv/bin/pip3 install -r requirements.txt 1> /dev/null
+fi

.gitignore

@@ -0,0 +1,14 @@
+.DS_Store
+*.pyc
+__pycache__
+.idea
+.vscode
+/*.retry
+/.fact_cache
+/venv/
+debug.log
+id_ed25519*
+/venv*/
+.collections
+roles
+.venv

.pre-commit-config.yaml

@@ -1,6 +1,7 @@
 ---
 repos:
   - repo: https://github.com/ansible/ansible-lint.git
-    rev: v6.17.2
+    rev: v24.6.1
     hooks:
       - id: ansible-lint
+        files: \.(yaml|yml)$

.yamllint

@@ -1,33 +1,15 @@
 ---
-# Based on ansible-lint config
 extends: default
 
 rules:
+  line-length: disable
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+  comments:
+    min-spaces-from-content: 1
   braces:
+    min-spaces-inside: 0
     max-spaces-inside: 1
-    level: error
-  brackets:
-    max-spaces-inside: 1
-    level: error
-  colons:
-    max-spaces-after: -1
-    level: error
-  commas:
-    max-spaces-after: -1
-    level: error
-  comments: disable
-  comments-indentation: disable
-  document-start: disable
-  empty-lines:
-    max: 3
-    level: error
-  hyphens:
-    level: error
-  indentation: disable
-  key-duplicates: enable
-  line-length: disable
-  new-line-at-end-of-file: disable
-  new-lines:
-    type: unix
-  trailing-spaces: disable
-  truthy: disable
+
+ignore: |
+  .cache

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 punkt.de GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -4,21 +4,104 @@ An Ansible role that sets up Apache Solr and Apache Tika on a Proserver
 
 Downloads the defined versions of Solr and Tika from [archive.apache.org](https://archive.apache.org) and enables their respective services.
 
-### Example configuration
+## Dependencies
+* [ansible-proserver-oauth2-proxy](https://github.com/punktDe/ansible-proserver-oauth2-proxy)
+* [ansible-proserver-nginx](https://github.com/punktDe/ansible-proserver-nginx) or [ansible-proserver-apache](https://github.com/punktDe/ansible-proserver-apache)
+* [ansible-proserver-dehydrated](https://github.com/punktDe/ansible-proserver-dehydrated)
+* [ansible-proserver-supervisord](https://github.com/punktDe/ansible-proserver-supervisord)
+
+## Background
+
+This role deactivates the built-in FreeBSD rc.d services for Solr and Tika and does not interfere with their respective working directories (/var/solr, /var/solr/db, etc.).
+
+Instead, it uses [supervisord](https://github.com/punktDe/ansible-proserver-supervisord) for service management, and works with the following folders:
+
+|Directory|Description|
+|---|---|
+|/var/opt/solr/solr|Solr working directory|
+|/var/opt/solr/home|Solr home|
+|/var/opt/solr/tika|Tika working directory|
+|/var/log/solr-ansible|Solr and Tika Logs|
+
+## Configuration
 
 The default configuration values can be found in defaults/main.yaml
 
+### solr.url
+**Default**: empty
+
+The URL for the Solr WebUI
+```yaml
+solr:
+  url: https://solr.example.com
+```
+
+### solr.oauth2_proxy
+**Default**: empty
+
+The oauth2_proxy configuration that should be used for Solr WebUI authentiacation.
+
+Should be defined under `oauth2_proxy.$configuration` e.g. `oauth2_proxy.main` or `oauth2_proxy.solr`
+
+If empty, the WebUI will be publicly available, with no authentication.
+```yaml
+solr:
+  oauth2_proxy: main
+```
+
+### solr.overwrite_home
+**Default**: no
+
+If enabled, will erase the Solr home directory (default: /var/opt/solr/home) on version change.
+
+**Use with caution** – this will also remove all your cores and custom configurations for them.
+
+```yaml
+solr:
+  overwrite_home: yes
+```
+
+If disabled, it will still handle the `solr.xml` as followed:
+
+In case `solr.version` is **older than 9.x**, it will comment out the following parameters in your `solr.xml`:
+
+* allowUrls
+* modules
+* zkCredentialsInjector
+* distributedClusterStateUpdates
+* distributedCollectionConfigSetExecution
+* minStateByteLenForCompression
+* stateCompressor
+* hideStackTrace
+
+These configuration parameters are present in the default `solr.xml` file shipped with 9.x, but are incompatible with versions 8.x and older.
+
+The commented out lines are marked with the text `disabled by Ansible`.
+
+In case `solr.version` is 9.x or newer, the role will uncomment all config lines that contain the text `disabled by Ansible`.
+
+### solr.prefix
+The directories for Solr and Tika
 ```yaml
 solr:
-  domain: https://solr.example.com
   prefix:
-    bin: /var/solr
-    var: /var/db/solr
-  version: 9.2.0
+    bin: /var/opt/solr/solr
+    home: /var/opt/solr/home
+    tika: /var/opt/solr/tika
+    logs: /var/log/solr-ansible
+```
+
+### solr.version
+Solr version to install. Make sure the version exists on either https://archive.apache.org/dist/lucene/solr/ (pre 9.x) or https://archive.apache.org/dist/solr/solr/ (9.x)
+```yaml
+solr:
+  version: 9.7.0
+```
+
+### solr.tika.version
+Tika version to install. Make sure the version exists on https://archive.apache.org/dist/tika
+```yaml
+solr:
   tika:
-    prefix:
-      bin: /var/opt/tika
-    version: 2.8.0
-  synced_config: /path/to/synced/config
-  oauth2_proxy: main # https://github.com/punktDe/ansible-proserver-oauth2-proxy
+    version: 3.0.0
 ```

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+roles_path = ./roles
+collections_path = ./.collections
+
+[ssh_connection]
+pipelining = true

defaults/main.yaml

@@ -1,13 +1,13 @@
 ---
 solr:
-  domain:
+  url:
   prefix:
-    bin: /var/solr
-    var: /var/db/solr
-  version: 9.2.0
+    bin: /var/opt/solr/solr
+    home: /var/opt/solr/home
+    tika: /var/opt/solr/tika
+    logs: /var/log/solr-ansible
+  version: 9.7.0
   tika:
-    prefix:
-      bin: /var/opt/tika
-    version: 2.8.0
-  synced_config:
+    version: 3.0.0
   oauth2_proxy:
+  overwrite_home: no

handlers/main.yaml

@@ -1,14 +1,20 @@
 ---
 - name: Start Solr
-  ansible.builtin.service:
-    name: solr
-    state: started
+  changed_when: yes
+  ansible.builtin.shell:
+    cmd: |
+      set -e -u -o pipefail
+      supervisorctl update solr
+      supervisorctl start solr
   register: solr_service_result
 
 - name: Restart Solr
-  ansible.builtin.service:
-    name: solr
-    state: restarted
+  changed_when: yes
+  ansible.builtin.shell:
+    cmd: |
+      set -e -u -o pipefail
+      supervisorctl update solr
+      supervisorctl restart solr
   when: not (solr_service_result is defined and solr_service_result.changed)
 
 - name: Start Tika

meta/main.yaml

@@ -1,10 +1,24 @@
 ---
+galaxy_info:
+  author: "Punkt.de"
+  license: ""
+  description: "Ansible role for Solr"
+  role_name: "proserver_solr"
+  namespace: "punktde"
+  min_ansible_version: "2.15"
+
 dependencies:
   - role: dehydrated
   - role: nginx
-    when: inventory_hostname in groups.nginx or not inventory_hostname in groups.apache
+    when:
+      - groups.nginx is defined
+      - (inventory_hostname in groups.nginx or not inventory_hostname in groups.apache)
   - role: apache
-    when: inventory_hostname in groups.apache
+    when:
+      - groups.apache is defined
+      - inventory_hostname in groups.apache
   - role: oauth2_proxy
-    when: solr.oauth2_proxy is defined and solr.oauth2_proxy
+    when:
+      - solr.oauth2_proxy is defined
+      - solr.oauth2_proxy
   - role: supervisord

molecule/.molecule.yml.tmp

@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
+scenario:
+  name: default
+  test_sequence:
+    - destroy
+    - create
+    - converge
+    - verify

molecule/.verify.yml.tmp

@@ -0,0 +1,8 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true