release: v1.2-3 (#200)

Author: stevius10

.gitignore

@@ -9,4 +9,5 @@ local/*.hash
 
 # git add --force '**/*.local*'
 
-*.local.caddy
+*.local.*
+!.*.local.*

base/default.yml

@@ -4,13 +4,16 @@
   gather_facts: no
   vars:
     os: "{{ OS | default('local:vztmpl/debian-13-standard_13.1-1_amd64.tar.zst') }}"
-    key_dir: "{{ KEYS_DIR | default('/share/.ssh') }}"
+    share_dir: "{{ SHARE | default('/share') }}"
+    cert_dir:  "{{ share_dir }}/.cert"
+    key_dir:   "{{ share_dir }}/.ssh"
   tasks:
 
-    - name: Ensure key directory
+    - name: Ensure directories
       file:
         path: "{{ key_dir }}"
         state: directory
+      loop: ["{{ share_dir }}", "{{ cert_dir }}", "{{ key_dir }}"]
 
     - name: Generate container key on host
       community.crypto.openssh_keypair:

base/roles/base/files/profile.sh

@@ -7,17 +7,6 @@ alias .....='cd ../../../..'
 
 # General
 
-alias l='ls -lhA --group-directories-first'
-alias grep='grep --color=auto'
-alias mdir='mkdir -pv'
-
-alias df='df -h'
-alias free='free -h'
-alias du='du -h'
-
-alias journal='journalctl -xef --output=short-iso --no-pager'
-alias ports='ss -tulpn'
-alias proc='ps aux | grep -v grep | grep -i'
 alias redo='sudo "$(fc -ln -1)"'
 
 # Development
@@ -54,8 +43,6 @@ backport() {
 
 # Functions
 
-cdir() { mkdir "$1" && cd "$1"; }
-
 extract () {
    if [ -f "$1" ] ; then
        case "$1" in
@@ -66,18 +53,60 @@ extract () {
            *.tar)       tar xvf "$1"     ;;
            *.tgz)       tar xvzf "$1"    ;;
            *.zip)       unzip "$1"       ;;
-           *)           echo "'$1' failed" ;;
        esac
-   else
-       echo "'$1' no valid file"
    fi
 }
 
+exe() {
+  docker exec -it "$(docker ps -qf name=$1)" /bin/bash
+}
+
+c() {
+  [ -z "$1" ] && { cd; return; }
+  [ -d "$1" ] && { cd "$1"; return; } ||
+  [ -f "$1" ] && file -b "$1" | grep -q -e "text" -e "empty" && { cat "$1"; return; } ||
+  file "$1"
+}
+
+d() {
+  mkdir -pv "$1" && cd "$1";
+}
+
+f() {
+    case "$1" in
+      /*) grep --color=auto -rni "$1" . ;;
+       *) find . -iname "*${1:1}*" ;;
+    esac
+}
+
+l() {
+  command ls -lAhF --color=auto "$@";
+}
+
+j() {
+  journalctl -xe --no-pager -u "$1" || journalctl -xe --no-pager
+}
+
+p() {
+  [ -z "$1" ] && { ps aux; return $?; }
+  local search
+  search="[${1:0:1}]${1:1}"
+  ps aux | grep --color=auto "$search"
+}
+
+s() {
+  [ -z "$1" ] && { cd /etc/systemd/system; return $?; }
+  case "$1" in start|stop|restart|reload|enable|disable|status|is-active|is-enabled|is-failed|mask|unmask|daemon-reload|reset-failed| \
+    cat|show|edit|list-units|list-unit-files|list-dependencies|list-jobs)
+      command systemctl "$@"; return $?;;
+  esac
+  systemctl cat "$1" && echo && systemctl status --no-pager "$1"
+}
+
 package() {
   local project
   project=$(basename "$PWD")
-  local out="${project}-packaged.txt"
-
+  local out="${project}.txt"
   rm -f -- "$out"
 
   if [ -d .git ]; then
@@ -88,7 +117,7 @@ package() {
 
   while IFS= read -r file; do
     if file --mime-type --brief "$file" | grep -q '^text/'; then
-      printf "# Filename: %s\n\n" "$file"
+      printf "# %s\n\n" "$file"
       sed '' "$file"
       printf "\n---\n\n"
     fi

base/roles/base/tasks/main.yml

@@ -1,8 +1,9 @@
 - name: Base container configuration
   block:
-    - name: Set key directory
+    - name: Set shared directories
       set_fact:
-        key_dir: "{{ KEYS_DIR | default('/share/.ssh') }}"
+        cert_dir: "{{ share_dir }}/.certs"
+        key_dir: "{{ share_dir }}/.ssh"
 
     - name: Update system
       apt:
@@ -53,6 +54,8 @@
     extra:
       - { path: "/app", state: "directory", mode: "0755", owner: "app", group: "config" }
       - { path: "/app/.ssh", state: "directory", mode: "0711", owner: "app", group: "config" }
+      - { path: "{{ key_dir }}", state: "directory", mode: "0711", owner: "app", group: "config" }
+      - { path: "{{ cert_dir }}", state: "directory", mode: "0711", owner: "app", group: "config" }
 
 - name: Container accessibility
   import_tasks: access.yml

base/roles/base/vars/main.yml

@@ -2,6 +2,7 @@ default_packages:
   - sudo
   - locales
   - curl
+  - jq
   - unzip
   - vim
 
@@ -11,5 +12,7 @@ default_users:
   - { name: "app",  groups: ["config"], create_home: false, home: "/app" }
   - { name: "config", groups: ["config", "root", "sudo"], create_home: false, home: "/app" }
 
+share_dir: "/share"
+
 ssh_users:
   - config

config.env

@@ -1,5 +1,5 @@
 IP="192.168.178.254"
-ID="254"
+ID="100"
 CORES="4"
 MEMORY="6144"
 SWAP="1024"

config/attributes/default.rb

@@ -1,6 +1,6 @@
 default['title']                      = "Proxmox-GitOps"
 default['online']                     = "https://github.com/stevius10/Proxmox-GitOps"
-default['version']                    = "v1.2-2"
+default['version']                    = "v1.2-3"
 
 default['id']                         = ENV['ID']
 default['host']                       = (default['ip'] = ENV['IP'].to_s.presence || "127.0.0.1")

config/libraries/common.rb

@@ -1,3 +1,5 @@
+require_relative 'default'
+
 module Common
 
   # General
@@ -33,14 +35,10 @@ def self.daemon(ctx, name)
     end
   end
 
-  def self.application(ctx, name, user: nil, group: nil,
+  def self.application(ctx, name, user: Default.user(ctx).to_s, group: Default.group(ctx).to_s,
       exec: nil, cwd: nil, unit: {}, actions: [:enable, :start], subscribe: nil, reload: 'systemd_reload',
       restart: 'on-failure', restart_delay: 10, restart_limit: 10, restart_max: 600,
       verify: true, verify_timeout: 60, verify_interval: 5, verify_cmd: "systemctl is-active --quiet #{name}")
-    user  ||= Default.user(ctx)
-    group ||= Default.group(ctx)
-    user  = user.to_s
-    group = group.to_s
 
     if exec
       daemon(ctx, reload)
@@ -69,7 +67,7 @@ def self.application(ctx, name, user: nil, group: nil,
 
       # Mask default application service
       conflicts = %Q(systemctl list-unit-files '*#{File.basename(exec.split.first)}*.service' --no-legend | awk '$2!="masked" {print $1}')
-      Ctx.dsl(ctx).execute "mask_conflicts_#{name}" do
+      Ctx.dsl(ctx).execute "application_mask_#{name}" do
         command "#{conflicts} | xargs -r -IUNIT sh -c 'systemctl stop UNIT && systemctl mask UNIT'"
         only_if conflicts
         returns [0, 123] # already masked returns '123'
@@ -81,15 +79,22 @@ def self.application(ctx, name, user: nil, group: nil,
         group   'root'
         mode    '0664'
         content unit_content
+        notifies :run, "execute[application_reset_#{name}]", :immediately
         notifies :run, "execute[#{reload}]", :immediately
         notifies :restart, "service[#{name}]", :delayed
       end
 
     end
 
+    Ctx.dsl(ctx).execute "application_reset_#{name}" do
+      command "systemctl reset-failed #{name}.service"
+      only_if "systemctl is-failed --quiet #{name}.service"
+      action :nothing
+    end
+
     if actions.include?(:force_restart)
-      Ctx.dsl(ctx).execute "force_restart_#{name}" do
-        command "systemctl reset-failed #{name}; systemctl stop #{name} || true && sleep 1 && systemctl start #{name}"
+      Ctx.dsl(ctx).execute "application_restart_#{name}" do
+        command "systemctl stop #{name} || true && sleep 1 && systemctl start #{name}"
         action :run
       end
     else
@@ -107,11 +112,12 @@ def self.application(ctx, name, user: nil, group: nil,
           (is_active = Mixlib::ShellOut.new(verify_cmd)).run_command
           is_active.exitstatus.zero? ? (ok = true; break) : (sleep verify_interval)
         end
-        Logs.error!("service '#{name}' failed health check") unless ok
+        raise (Logs.debug("service '#{name}' failed health check", [
+          Mixlib::ShellOut.new("systemctl status #{name} --no-pager").run_command.stdout.strip,
+          Mixlib::ShellOut.new("journalctl -u #{name} --no-pager").run_command.stdout.strip,
+        ], level: :error)) unless ok
       end
-      action :nothing
-      subscribes :run, "service[#{name}]", :delayed if verify
-      subscribes :run, "file[/etc/systemd/system/#{name}.service]", :delayed if verify
+      only_if { verify }
     end
   end
 

config/recipes/git.rb

@@ -9,7 +9,8 @@
   mode '0644'
   variables(host: node['host'], app_user: node['app']['user'] , ssh_user: node['app']['config'],
     app_dir: node['git']['dir']['app'], home_dir: node['git']['dir']['home'],
-    http_port: node['git']['port']['http'], ssh_port: node['git']['port']['ssh'] )
+    http_port: node['git']['port']['http'], ssh_port: node['git']['port']['ssh'],
+    org_main: node['git']['org']['main'])
   action :create_if_missing
 end
 

config/recipes/repo/push.rb

@@ -12,18 +12,16 @@
     if ! git ls-remote origin refs/for/release | grep -q "$(git rev-parse HEAD)"; then
       if { [ "#{repository}" != "./" ] && [ "#{is_bootstrap}" = "false" ]; } || \
          { [ "#{repository}" = "./" ] && [ "#{is_bootstrap}" = "true" ]; }; then
-        git push origin HEAD:refs/for/release \
-          -o topic="release" \
-          -o title="Release Pull Request" \
-          -o description="Created automatically for deployment." \
-          -o force-push
+        git push origin HEAD:refs/for/release -o topic="release" -o title="Release Pull Request" \
+          -o description="Created automatically for deployment." -o force-push
       fi
+      git push -u origin HEAD:snapshot
     fi
   fi
   EOH
 end
 
-execute "repo_#{name_repo}_push_snapshot" do
+execute "repo_#{name_repo}_push_rollback" do
   command <<-EOH
     cp -r #{path_destination}/.git #{path_working}
     cd #{path_working} && git checkout -b #{node['git']['branch']['rollback']} && git add -A
@@ -32,6 +30,6 @@
   EOH
   cwd path_destination
   user node['app']['user']
-  only_if { Logs.info("[#{repository} (#{name_repo})]: snapshot commit")
+  only_if { Logs.info("[#{repository} (#{name_repo})]: rollback commit")
   node.run_state["#{name_repo}_repo_exists"] }
 end