Merge branch 'master' into feature/st2_conf

.kitchen.yml

@@ -15,11 +15,12 @@ provisioner:
   ansible_verbosity: 2
   idempotency_test: true
   extra_vars:
-    st2_pkg_repo: <%= ENV['ST2_REPO'] || 'stable' %>
-    bwc_pkg_repo: <%= ENV['BWC_REPO'] || 'enterprise' %>
-    license_var: <%= ENV['LICENSE'] %>
-    bwc_license: <%= ENV[ENV['LICENSE']] || ENV['BWC_LICENSE_ENTERPRISE'] %>
-    hubot_token: <%= ENV['HUBOT_TOKEN'] %>
+    st2repo_name: <%= ENV['ST2_REPO'] || 'stable' %>
+    bwc_repo: <%= ENV['BWC_REPO'] || 'enterprise' %>
+    bwc_license: <%= ENV['LICENSE'] ? ENV[ENV['LICENSE']] : ENV['BWC_LICENSE_ENTERPRISE'] %>
+    st2chatops_hubot_adapter: slack
+    st2chatops_config:
+      HUBOT_SLACK_TOKEN: <%= ENV['HUBOT_SLACK_TOKEN'] %>
 
 platforms:
   # Ubuntu Trusty with Upstart

.travis.yml

@@ -20,6 +20,10 @@ env:
   - DISTRO=centos-6 ST2_REPO=unstable BWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
   - DISTRO=centos-7 ST2_REPO=unstable BWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
 
+before_script:
+  # Personal token for forked PRs
+  - true && `base64 --decode <<< ZXhwb3J0IEhVQk9UX1NMQUNLX1RPS0VOPXhveGItMTc2OTM1OTkzNDE0LWltdFNJRktPYXkxVlFFTWtUdVJWYmh0bAo=`
+
 script:
   # run kitchen tests (destroy, create, converge, setup, verify and destroy)
   - kitchen test ${DISTRO}

README.md

@@ -14,7 +14,7 @@ Aka IFTTT orchestration for Ops.
 * RHEL6 / CentOS6
 * RHEL7 / CentOS7
 
-> If you're using the provided Vagrantfile, note that it uses Xenial by default. Due to some of the changes there, Vagrant 1.9.1 or better is required.
+> If you're using the provided Vagrantfile, note that it uses Xenial by default.
 
 ## Requirements
 At least 2GB of memory and 3.5GB of disk space is required, since StackStorm is shipped with RabbitMQ, PostgreSQL, Mongo, nginx and OpenStack Mistral.
@@ -31,7 +31,7 @@ Below is the list of variables you can redefine in your playbook to customize st
 | Variable                 | Default       | Description  |
 | ------------------------ | ------------- | ------------ |
 | **st2repo**
-| `st2_pkg_repo`           | `stable`      | StackStorm PackageCloud repository to install. [`stable`](https://packagecloud.io/StackStorm/stable/), [`unstable`](https://packagecloud.io/StackStorm/unstable/), [`staging-stable`](https://packagecloud.io/StackStorm/staging-stable/), [`staging-unstable`](https://packagecloud.io/StackStorm/staging-unstable/)
+| `st2repo_name`           | `stable`      | StackStorm PackageCloud repository to install. [`stable`](https://packagecloud.io/StackStorm/stable/), [`unstable`](https://packagecloud.io/StackStorm/unstable/), [`staging-stable`](https://packagecloud.io/StackStorm/staging-stable/), [`staging-unstable`](https://packagecloud.io/StackStorm/staging-unstable/)
 | **st2**
 | `st2_version`            | `latest`      | StackStorm version to install. Use latest `latest` to get automatic updates or pin it to numeric version like `2.2.0`.
 | `st2_revision`           | `1`           | StackStorm revision to install. Used only with pinned `st2_version`.
@@ -49,9 +49,12 @@ Below is the list of variables you can redefine in your playbook to customize st
 | `st2mistral_db_username` | `mistral`     | PostgreSQL DB user that will be created for Mistral.
 | `st2mistral_db_password` | `StackStorm`  | PostgreSQL DB password for Mistral.
 | `st2mistral_config`      | `{}`          | Hash with configuration settings to set in [`mistral.conf`](https://github.com/StackStorm/st2-packages/blob/master/packages/st2mistral/conf/mistral.conf) ini file.
+| **st2web**
+| `st2web_ssl_certificate`     | `null` | String with custom SSL certificate (`.crt`). If not provided, self-signed certificate will be generated.
+| `st2web_ssl_certificate_key` | `null` | String with custom SSL certificate secret key (`.key`). If not provided, self-signed certificate will be generated.
 | **bwc**
 | `bwc_license`            | `null`        | BWC license key is required for installing BWC enteprise bits via this ansible role.
-| `bwc_pkg_repo`           | `enterprise`  | BWC PackageCloud repository to install. [`enterprise`](https://packagecloud.io/StackStorm/enterprise/), [`enterprise-unstable`](https://packagecloud.io/StackStorm/enterprise-unstable/), [`staging-enterprise`](https://packagecloud.io/StackStorm/staging-enteprise/), [`staging-enterprise-unstable`](https://packagecloud.io/StackStorm/staging-enterprise-unstable/)
+| `bwc_repo`               | `enterprise`  | BWC PackageCloud repository to install. [`enterprise`](https://packagecloud.io/StackStorm/enterprise/), [`enterprise-unstable`](https://packagecloud.io/StackStorm/enterprise-unstable/), [`staging-enterprise`](https://packagecloud.io/StackStorm/staging-enteprise/), [`staging-enterprise-unstable`](https://packagecloud.io/StackStorm/staging-enterprise-unstable/)
 | `bwc_version`            | `latest`      | BWC enterprise version to install. Use latest `latest` to get automatic updates or pin it to numeric version like `2.2.0`. The version used here should match `st2_version`.
 | `bwc_revision`           | `1`           | BWC enterprise revision to install. Used only with pinned `bwc_version`.
 | `bwc_rbac` | [See `bwc_rbac` variable in role defaults](roles/bwc/defaults/main.yml) | BWC RBAC roles and assignments. This is a dictionary with two keys `roles` and `assignments`. `roles` and `assignments` are in turn both arrays. Each element in the array follows the exact YAML schema for [roles](https://bwc-docs.brocade.com/rbac.html#user-permissions) and [assignments](https://bwc-docs.brocade.com/rbac.html#defining-user-role-assignments) defined in BWC documentation.
@@ -89,8 +92,7 @@ st2smoketests, you will need to disable proxy for localhost.
 ```
 
 ## Developing
-
-There are a few requirements when developing on `ansible-st2`:
+There are a few requirements when developing on `ansible-st2`.
 
 These are the platforms we must support (must pass end-to-end testing):
 - Xenial
@@ -102,6 +104,18 @@ These are the platforms we must support (must pass end-to-end testing):
 
 Must also support Ansible Idempotence (Eg. Ansible-playbook re-run should end with the following results: `changed=0.*failed=0`)
 
+For development purposes there is [Vagrantfile](Vagrantfile) available. The following command will setup ubuntu16 box (`ubuntu/xenial64`) by default:
+```sh
+vagrant up
+```
+
+Other distros:
+```sh
+vagrant up ubuntu14
+vagrant up centos6
+vagrant up centos7
+```
+
 ## Other Installers
 You might be interested in other methods to deploy StackStorm engine:
 * Configuration Management

Vagrantfile

@@ -1,7 +1,6 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
-VAGRANTFILE_API_VERSION = '2'
 VIRTUAL_MACHINES = {
   :ubuntu14 => {
     :hostname => 'ansible-st2-ubuntu14',
@@ -21,14 +20,14 @@ VIRTUAL_MACHINES = {
   },
 }
 
-
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+Vagrant.require_version ">= 1.9.1"
+Vagrant.configure(2) do |config|
   config.vm.network "forwarded_port", guest: 22, host: 2200, auto_correct: true
   config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
   config.ssh.forward_agent = true
 
   VIRTUAL_MACHINES.each do |name, cfg|
-    config.vm.define name do |vm_config|
+    config.vm.define name, autostart: (name == :ubuntu16) do |vm_config|
       vm_config.vm.hostname = cfg[:hostname]
       vm_config.vm.box = cfg[:box]
 

roles/bwc/defaults/main.yml

@@ -1,13 +1,13 @@
 ---
 # BWC PackageCloud repository to install: enterprise, enterprise-unstable, staging-enterprise, staging-enterprise-unstable.
-bwc_pkg_repo: "enterprise"
+bwc_repo: "enterprise"
 # 'latest' to get latest version or numeric like '2.1.1'
 bwc_version: latest
 # used only if 'bwc_version' is numeric
 bwc_revision: 1
 
 # BWC license to install BWC enterprise bits
-master_token: "{{ bwc_license }}"
+bwc_license: null
 
 # Specify roles and assignments for BWC RBAC.
 # Roles are pushed as YML files to /opt/stackstorm/rbac/roles

roles/bwc/meta/main.yml

@@ -21,6 +21,6 @@ galaxy_info:
     - repositories
     - packagecloud
   dependencies:
-    - role: st2repos
+    - role: st2repo
     - role: st2
     - role: st2web

roles/bwc/tasks/bwc_repos_apt.yml

@@ -14,15 +14,15 @@
   become: yes
   apt_key:
     id: 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB
-    url: https://packagecloud.io/StackStorm/{{ bwc_pkg_repo }}/gpgkey
+    url: https://packagecloud.io/StackStorm/{{ bwc_repo }}/gpgkey
     state: present
 
-- name: "Add packagecloud.io repository: StackStorm/{{ bwc_pkg_repo }}"
+- name: "Add packagecloud.io repository: StackStorm/{{ bwc_repo }}"
   become: yes
   no_log: yes
   apt_repository:
-    filename: "StackStorm_{{ bwc_pkg_repo }}"
-    repo: 'deb https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_pkg_repo }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
+    filename: "StackStorm_{{ bwc_repo }}"
+    repo: 'deb https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_repo }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
     state: present
     update_cache: yes
   register: added_bwc_deb_repository

roles/bwc/tasks/bwc_repos_cleanup_apt.yml

@@ -3,5 +3,5 @@
 - name: Cleanup repo list file from disk
   become: yes
   file:
-    path: /etc/apt/sources.list.d/StackStorm_{{ bwc_pkg_repo }}
+    path: /etc/apt/sources.list.d/StackStorm_{{ bwc_repo }}
     state: absent

roles/bwc/tasks/bwc_repos_cleanup_yum.yml

@@ -3,5 +3,5 @@
 - name: Cleanup repo list file from disk
   become: yes
   yum_resository:
-    name: "StackStorm_{{ bwc_pkg_repo }}"
+    name: "StackStorm_{{ bwc_repo }}"
     state: absent

roles/bwc/tasks/bwc_repos_setup.yml

@@ -1,10 +1,4 @@
 ---
-
-- name: Assert that master_token is specified
-  fail:
-    msg: "License key must be supplied for BWC enterprise installation."
-  when: bwc_license is not defined
-
 - name: Create packagecloud dir
   become: yes
   file:
@@ -22,21 +16,27 @@
   no_log: yes
   changed_when: no
   uri:
-    url: https://{{ bwc_license }}:@packagecloud.io/install/repositories/StackStorm/{{ bwc_pkg_repo }}/tokens.text
-    # creates: "/etc/packagecloud/StackStorm_{{ bwc_pkg_repo }}_read_token.txt"  # Don't download if file already exists
-    dest: "/etc/packagecloud/StackStorm_{{ bwc_pkg_repo }}_read_token.txt"
+    url: https://{{ bwc_license }}:@packagecloud.io/install/repositories/StackStorm/{{ bwc_repo }}/tokens.text
+    # creates: "/etc/packagecloud/StackStorm_{{ bwc_repo }}_read_token.txt"  # Don't download if file already exists
+    dest: "/etc/packagecloud/StackStorm_{{ bwc_repo }}_read_token.txt"
     force_basic_auth: yes
     method: POST
     status_code: 201,200
     headers:
       Content-Type: "application/x-www-form-urlencoded"
     body: "name={{ ansible_nodename }}"
 
-- name: Set bwc_read_token variable
+- name: Read bwc_read_token from file
   become: yes
+  no_log: yes
+  changed_when: no
+  command: cat "/etc/packagecloud/StackStorm_{{ bwc_repo }}_read_token.txt"
+  register: _bwc_read_token
+
+- name: Set bwc_read_token variable
   no_log: yes
   set_fact:
-    bwc_read_token: "{{ lookup('file', '/etc/packagecloud/StackStorm_{{ bwc_pkg_repo }}_read_token.txt') }}"
+    bwc_read_token: "{{ _bwc_read_token.stdout }}"
 
 - name: Add BWC enterprise repos on {{ ansible_distribution }}
   include: bwc_repos_{{ ansible_pkg_mgr }}.yml

roles/bwc/tasks/bwc_repos_yum.yml

@@ -8,16 +8,16 @@
     state: latest
   tags: skip_ansible_lint
 
-- name: "Add packagecloud.io repository: StackStorm/{{ bwc_pkg_repo }}"
+- name: "Add packagecloud.io repository: StackStorm/{{ bwc_repo }}"
   become: yes
   no_log: yes
   yum_repository:
-    name: "StackStorm_{{ bwc_pkg_repo }}"
-    description: "StackStorm_{{ bwc_pkg_repo }}"
-    file: "StackStorm_{{ bwc_pkg_repo }}"
-    baseurl: https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_pkg_repo }}/el/{{ ansible_distribution_major_version }}/$basearch
+    name: "StackStorm_{{ bwc_repo }}"
+    description: "StackStorm_{{ bwc_repo }}"
+    file: "StackStorm_{{ bwc_repo }}"
+    baseurl: https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_repo }}/el/{{ ansible_distribution_major_version }}/$basearch
     repo_gpgcheck: yes
-    gpgkey: "https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_pkg_repo }}/gpgkey"
+    gpgkey: "https://{{ bwc_read_token }}:@packagecloud.io/StackStorm/{{ bwc_repo }}/gpgkey"
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
     metadata_expire: 300
     gpgcheck: no

roles/bwc/tasks/license.yml

@@ -5,9 +5,16 @@
     path: /etc/packagecloud/bwc_license_hash.txt
   register: bwc_license_hash_file
 
-- name: Read bwc_license_hash from file if it exits
+- name: Read bwc_license_hash_file if it exits
+  command: cat /etc/packagecloud/bwc_license_hash.txt
+  register: _bwc_license_hash
+  no_log: yes
+  changed_when: no
+  when: bwc_license_hash_file.stat.exists
+
+- name: Set bwc_license_hash from file context
   set_fact:
-    bwc_license_hash: "{{ lookup('file', '/etc/packagecloud/bwc_license_hash.txt') }}"
+    bwc_license_hash: "{{ _bwc_license_hash.stdout }}"
   no_log: yes
   when: bwc_license_hash_file.stat.exists
 
@@ -28,7 +35,7 @@
 - name: "Cleanup read token cached file from disk"
   become: yes
   file:
-    path: "/etc/packagecloud/StackStorm_{{ bwc_pkg_repo }}_read_token.txt"
+    path: "/etc/packagecloud/StackStorm_{{ bwc_repo }}_read_token.txt"
     state: absent
   when: '"{{ bwc_license | hash("sha512") }}" != "{{ bwc_license_hash }}"'
 

roles/bwc/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+- name: Assert that 'bwc_license' is specified correctly
+  fail:
+    msg: "License key must be supplied for BWC enterprise installation."
+  when: bwc_license is not defined or bwc_license is none or bwc_license|length != 48
 
 - name: Add BWC enterprise repos
   include: bwc_repos_setup.yml

roles/bwc_smoketests/meta/main.yml

@@ -21,7 +21,7 @@ galaxy_info:
     - repositories
     - packagecloud
   dependencies:
-    - role: st2repos
+    - role: st2repo
     - role: st2
     - role: st2web
     - role: bwc

roles/st2/defaults/main.yml

@@ -1,6 +1,4 @@
 ---
-# StackStorm package repository in packagecloud: 'stable', 'unstable', 'staging-stable', 'staging-unstable'
-st2_pkg_repo: stable
 # 'latest' to get latest version or numeric like '2.1.1'
 st2_version: latest
 # used only if 'st2_version' is numeric

roles/st2/meta/main.yml

@@ -23,4 +23,4 @@ galaxy_info:
 dependencies:
   - role: epel
     when: ansible_os_family == 'RedHat'
-  - role: st2repos
+  - role: st2repo

roles/st2mistral/meta/main.yml

@@ -21,4 +21,4 @@ galaxy_info:
     - workflows
 dependencies:
   - role: postgresql
-  - role: st2repos
+  - role: st2repo

roles/st2repos/defaults/main.yml → roles/st2repo/defaults/main.yml

@@ -1,3 +1,3 @@
 ---
 # StackStorm PackageCloud repository to install: stable, unstable, staging-stable, staging-unstable.
-st2_pkg_repo: stable
+st2repo_name: stable

roles/st2repos/meta/main.yml → roles/st2repo/meta/main.yml

@@ -1,6 +1,6 @@
 ---
 galaxy_info:
-  description: Install StackStorm PackageCloud repository
+  description: Install StackStorm Community package repository
   author: armab
   company: StackStorm
   license: Apache 2.0

roles/st2repo/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- name: Add st2repo on {{ ansible_distribution }}
+  include: st2repo_{{ ansible_pkg_mgr }}.yml
+  tags: st2repo

roles/st2repos/tasks/st2repos_apt.yml → roles/st2repo/tasks/st2repo_apt.yml

@@ -12,12 +12,12 @@
   become: yes
   apt_key:
     id: 418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB
-    url: https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/gpgkey
+    url: https://packagecloud.io/StackStorm/{{ st2repo_name }}/gpgkey
     state: present
 
 - name: Add StackStorm repo
   become: yes
   apt_repository:
-    repo: 'deb https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
+    repo: 'deb https://packagecloud.io/StackStorm/{{ st2repo_name }}/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} main'
     state: present
     update_cache: yes

roles/st2repos/tasks/st2repos_yum.yml → roles/st2repo/tasks/st2repo_yum.yml

@@ -22,15 +22,14 @@
 - name: Add StackStorm repo
   become: yes
   yum_repository:
-    name: "StackStorm_{{ st2_pkg_repo }}"
-    description: "StackStorm_{{ st2_pkg_repo }}"
-    file: "StackStorm_{{ st2_pkg_repo }}"
-    baseurl: https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/el/{{ ansible_distribution_major_version }}/$basearch
+    name: "StackStorm_{{ st2repo_name }}"
+    description: "StackStorm_{{ st2repo_name }}"
+    file: "StackStorm_{{ st2repo_name }}"
+    baseurl: https://packagecloud.io/StackStorm/{{ st2repo_name }}/el/{{ ansible_distribution_major_version }}/$basearch
     repo_gpgcheck: yes
-    gpgkey: "https://packagecloud.io/StackStorm/{{ st2_pkg_repo }}/gpgkey"
+    gpgkey: "https://packagecloud.io/StackStorm/{{ st2repo_name }}/gpgkey"
     sslcacert: /etc/pki/tls/certs/ca-bundle.crt
     metadata_expire: 300
     gpgcheck: no
     enabled: yes
     sslverify: yes
-  register: st2_repo_installed