forked from confluentinc/cp-ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupgrade_ksql.yml
194 lines (169 loc) · 6.68 KB
/
upgrade_ksql.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
---
- name: KSQL Upgrade
hosts: ksql
gather_facts: false
environment: "{{ proxy_env }}"
serial: 1
tasks:
- name: Gather OS Facts
setup:
# Only gathers items in list, filters out the rest
filter: ansible_os_family
gather_subset:
- '!all'
- import_role:
name: confluent.variables
- shell: "egrep -i 'ssl.client.auth ?= ?true' {{ ksql.config_file }}"
register: mtls_check
failed_when: false
- name: Set MTLS Variable
set_fact:
ksql_ssl_mutual_auth_enabled: "{{ true if mtls_check.rc == 0 else false}}"
- name: Get Package Facts
package_facts:
manager: auto
when: installation_method == "package"
- name: Set ksql_current_version variable - Package
set_fact:
confluent_server_enabled: "{{ True if ansible_facts.packages['confluent-server'] is defined else False }}"
ksql_current_version: "{{ ansible_facts.packages['confluent-ksqldb'][0]['version'] }}"
when: installation_method == "package"
- name: Load override.conf
slurp:
src: "{{ ksql.systemd_override }}"
register: slurped_override
when: installation_method == "archive"
- name: Set ksql_current_version variable - Archive
set_fact:
ksql_current_version: "{{ (slurped_override.content|b64decode) .split('\n') |
select('match', '^ExecStart=' + archive_config_base_path + '/confluent-(.*)/bin/ksql-server-start ' + ksql.config_file) |
list | first | regex_search('[0-9]+(.[0-9]+)+') }}"
when: installation_method == "archive"
- debug:
msg: "Current version: {{ksql_current_version}} Upgrade to version: {{confluent_package_version}}"
- name: Assert Upgrading from Valid Version
assert:
that:
- ksql_current_version is version('5.5.0', '>=')
fail_msg: "Current KSQL Version: {{ksql_current_version}} is lower than the minimal supported upgrade version: 5.5.0"
- name: Create Backup Directory
file:
# TODO configurable
path: "/tmp/upgrade/{{ ksql_service_name }}"
state: directory
mode: 0640
when: installation_method == "package"
- set_fact:
timestamp: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}"
when: installation_method == "package"
- name: Backup Configuration files
copy:
src: "{{ item }}"
remote_src: true
dest: "/tmp/upgrade/{{ ksql_service_name }}/{{ item | basename }}-{{timestamp}}"
loop:
- "{{ ksql.config_file }}"
- "{{ ksql.systemd_override }}"
when: installation_method == "package"
# Files cannot be copied because directory is not created in check mode
ignore_errors: "{{ ansible_check_mode }}"
- name: Stop Service
systemd:
name: "{{ ksql_service_name }}"
state: stopped
- name: Configure Repositories
import_role:
name: confluent.common
vars:
install_java: false
- name: Remove Confluent-Kafka Packages - Red Hat
yum:
name: confluent-kafka-2.12
state: absent
when:
- ansible_os_family == "RedHat"
- not confluent_server_enabled|bool
- installation_method == "package"
# Packages will not be found in check mode because repos not changed
ignore_errors: "{{ ansible_check_mode }}"
- name: Remove Confluent-Kafka Packages - Debian
apt:
name: confluent-kafka-2.12
state: absent
when:
- ansible_os_family == "Debian"
- not confluent_server_enabled|bool
- installation_method == "package"
# Packages will not be found in check mode because repos not changed
ignore_errors: "{{ ansible_check_mode }}"
- name: Install the Packages - Red Hat
yum:
name: "{{item}}{{confluent_package_redhat_suffix}}"
state: latest
update_cache: true
loop: "{{ ksql_packages }}"
when:
- ansible_os_family == "RedHat"
- installation_method == "package"
# Packages will not be found in check mode because repos not changed
ignore_errors: "{{ ansible_check_mode }}"
- name: Install the Packages - Debian
apt:
name: "{{item}}{{confluent_package_debian_suffix}}"
update_cache: true
loop: "{{ ksql_packages }}"
when:
- ansible_os_family == "Debian"
- installation_method == "package"
# Packages will not be found in check mode because repos not changed
ignore_errors: "{{ ansible_check_mode }}"
- name: Put back configuration
copy:
dest: "{{ item }}"
remote_src: true
src: "/tmp/upgrade/{{ ksql_service_name }}/{{ item | basename }}-{{timestamp}}"
loop:
- "{{ ksql.config_file }}"
- "{{ ksql.systemd_override }}"
when: installation_method == "package"
# Files cannot be copied because directory is not created in check mode
ignore_errors: "{{ ansible_check_mode }}"
- name: Copy Service from Archive Directory to System
copy:
src: "{{binary_base_path}}/lib/systemd/system/{{ksql.systemd_file|basename}}"
remote_src: true
dest: "{{ksql.systemd_file}}"
mode: 0644
force: true
when: installation_method == "archive"
- name: Update Override to Use New Version
lineinfile:
path: "{{ ksql.systemd_override }}"
line: "ExecStart={{archive_config_base_path}}/confluent-{{confluent_package_version}}/bin/ksql-server-start {{ ksql.config_file }}"
regexp: "ExecStart={{archive_config_base_path}}/confluent-(.*)/bin/ksql-server-start {{ ksql.config_file }}"
when: installation_method == "archive"
- name: Update RBAC Configs
lineinfile:
path: "{{ ksql.config_file }}"
regexp: "{{ item }}"
state: absent
loop:
- 'rest.servlet.initializor.classes=io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler'
- 'websocket.servlet.initializor.classes=io.confluent.common.security.initializer.InstallBearerOrBasicSecurityHandler'
when: rbac_enabled|bool
- name: Update RBAC Configs
lineinfile:
path: "{{ ksql.config_file }}"
regexp: 'ksql.authentication.plugin.class=io.confluent.ksql.security.VertxBearerOrBasicAuthenticationPlugin'
line: 'ksql.authentication.plugin.class=io.confluent.ksql.security.VertxBearerOrBasicAuthenticationPlugin'
when: rbac_enabled|bool
- name: Restart Service
systemd:
daemon_reload: true
name: "{{ ksql_service_name }}"
state: restarted
- name: KSQL Health Check
import_role:
name: confluent.ksql
tasks_from: health_check.yml
when: not ansible_check_mode