Refractor for ha (#70)

* Remove redundant `tasks/` from paths in include_tasks modules * Add `no_log: true` to gathering facts Gathering facts tasks print long output when running playbooks with -v * Move inputting SQL files into a separate task file, add mssql_debug * Fix mssql_tls_ vars indentation in README * README.md: Remove redundant linebreakes, keep 1 sentence per line * Move __mssql_required_facts to the top of vars/main.yml * Improve failing when unsetting mssql settings * Unset the __mssql_sqlcmd_login_cmd fact * Defin mssql_debug in defaults
linux-system-roles · Jun 30, 2022 · 9ef3518 · 9ef3518
1 parent 560a5b1
commit 9ef3518
Show file tree

Hide file tree

Showing 9 changed files with 204 additions and 176 deletions.
diff --git a/.collection/README.md b/.collection/README.md
@@ -28,4 +28,5 @@ You can find the documentation for the microsoft.sql.server role in its reposito
 
 ## Supported Ansible Versions
 
-The supported Ansible versions are aligned with currently maintained Ansible versions that support Collections - Ansible 2.9 and later. You can find the list of maintained Ansible versions [here](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status).
+The supported Ansible versions are aligned with currently maintained Ansible versions that support Collections - Ansible 2.9 and later.
+You can find the list of maintained Ansible versions [here](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status).
diff --git a/README.md b/README.md
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -10,6 +10,7 @@ mssql_edition: null
 mssql_tcp_port: null
 mssql_ip_address: null
 mssql_input_sql_file: null
+mssql_debug: "{{ true if mssql_input_sql_file is not none else false }}"
 mssql_enable_sql_agent: null
 mssql_install_fts: null
 mssql_install_powershell: null

diff --git a/tasks/input_sql_file.yml b/tasks/input_sql_file.yml
@@ -0,0 +1,92 @@
+# SPDX-License-Identifier: MIT
+# This task files inputs sql file into MSSQL.
+# If you feed a file with .j2 extension, it generates a template from it.
+# If you feed a file with other extension, it just copies the file and runs it.
+---
+- name: Verify that the mssql_password variable is defined
+  assert:
+    that:
+      - mssql_password is not none
+    fail_msg: >-
+      You must define the mssql_password variable because MSSQL requires
+      the sa user to authenticate to input SQL files.
+
+- name: Input {{ __mssql_input_sql_file }} to MSSQL
+  block:
+    # changed_when: false for idempotency because the file is always removed
+    - name: Create a tempfile for the SQL file on the host
+      tempfile:
+        state: file
+      register: __mssql_sql_tempfile
+      changed_when: false
+
+    # changed_when: false for idempotency because the file is always removed
+    - name: Copy the {{ __mssql_input_sql_file }} file to the host
+      copy:
+        src: "{{ __mssql_input_sql_file }}"
+        dest: "{{ __mssql_sql_tempfile.path }}"
+        mode: preserve
+      when: __mssql_input_sql_file is not search(".*\.j2")
+      changed_when: false
+
+    # changed_when: false for idempotency because the file is always removed
+    - name: Generate the {{ __mssql_input_sql_file }} template on the host
+      template:
+        src: "{{ __mssql_input_sql_file }}"
+        dest: "{{ __mssql_sql_tempfile.path }}"
+        mode: 0664
+      when: __mssql_input_sql_file is search(".*\.j2")
+      changed_when: false
+
+    - name: Ensure that the mssql-server service is started
+      service:
+        name: mssql-server
+        state: started
+
+    - name: Wait for mssql-server to prepare for client connections
+      wait_for:
+        path: /var/opt/mssql/log/errorlog
+        search_regex: SQL Server is now ready for client connections
+        timeout: 10
+
+    - name: Prepare MSSQL and facts for logging in
+      include_tasks: verify_password.yml
+      vars:
+        __mssql_password: "{{ mssql_password }}"
+      when: >-
+        (__mssql_sqlcmd_login_cmd is none) or
+        (__mssql_sqlcmd_login_cmd is not defined)
+
+    - name: Input {{ __mssql_input_sql_file }} with the sqlcmd command
+      command: >-
+        {{ __mssql_sqlcmd_login_cmd }} -i {{ __mssql_sql_tempfile.path }} -b
+      register: __mssql_sqlcmd_input_file
+      changed_when: '"successfully" in __mssql_sqlcmd_input_file.stdout'
+  always:
+    - name: >-
+        Print the output of the sqlcmd command for {{ __mssql_input_sql_file }}
+        if not empty
+      debug:
+        var: __mssql_sqlcmd_input_file.stdout_lines
+      changed_when: false
+      when:
+        - __mssql_sqlcmd_input_file.stdout_lines | length > 0
+        - mssql_debug | bool
+
+    # Keep the file if the SQL command failed or when mssql_debug is true
+    # for debugging
+    - name: Remove the tempfile
+      file:
+        path: "{{ __mssql_sql_tempfile.path }}"
+        state: absent
+      when:
+        - __mssql_sqlcmd_input_file is succeeded
+        - not mssql_debug
+      changed_when: false
+
+    # This is required because in the case when a task that precedes the input
+    # task fails, the print task prints a previous result
+    - name: Unset the __mssql_sqlcmd_input_file variable
+      set_fact:
+        __mssql_sqlcmd_input_file: ""
+      when: not mssql_debug
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,7 +1,13 @@
 # SPDX-License-Identifier: MIT
 ---
 - name: Ensure ansible_facts and variables used by role
-  include_tasks: tasks/set_vars.yml
+  include_tasks: set_vars.yml
+
+# This is required to prevent the role from using a __mssql_sqlcmd_login_cmd
+# variable value from a previous role invocation
+- name: Unset the __mssql_sqlcmd_login_cmd fact
+  set_fact:
+    __mssql_sqlcmd_login_cmd: null
 
 - name: Link the deprecated accept_microsoft_sql_server_2019_standard_eula fact
   set_fact:
@@ -40,6 +46,7 @@
 - name: Gather package facts
   package_facts:
     manager: auto
+  no_log: true
 
 - name: >-
     Verify if mssql_version is not smaller then the existing SQL Server version
@@ -118,6 +125,7 @@
 
 - name: Gather system services facts
   service_facts:
+  no_log: true
 
 - name: Set up MSSQL
   when: not __mssql_is_setup
@@ -293,55 +301,6 @@
     __mssql_conf_setting_value: "{{ mssql_tcp_port }}"
   when: mssql_tcp_port is not none
 
-- name: Verify that the mssql_password variable is defined
-  assert:
-    that:
-      - mssql_password is not none
-    fail_msg: >-
-      You must define the mssql_password variable because MSSQL requires
-      the sa user to authenticate to input SQL files.
-  when: mssql_input_sql_file is not none
-
-- name: Input the {{ mssql_input_sql_file }} file to MSSQL
-  when: mssql_input_sql_file is not none
-  block:
-    - name: Create a tempfile for the SQL file on the host
-      tempfile:
-        state: file
-      register: __mssql_sql_tempfile
-
-    - name: Copy the {{ mssql_input_sql_file }} file to the host
-      copy:
-        src: "{{ mssql_input_sql_file }}"
-        dest: "{{ __mssql_sql_tempfile.path }}"
-        mode: preserve
-
-    - name: Ensure that the mssql-server service is started
-      service:
-        name: mssql-server
-        state: started
-
-    - name: Prepare MSSQL and facts for logging in
-      include_tasks: verify_password.yml
-      vars:
-        __mssql_password: "{{ mssql_password }}"
-
-    - name: Input the {{ mssql_input_sql_file }} file with the sqlcmd command
-      command: >-
-        {{ __mssql_sqlcmd_login_cmd }} -i {{ __mssql_sql_tempfile.path }} -b
-      register: __mssql_sqlcmd_input_file
-      ignore_errors: true
-
-  always:
-    - name: Print the output of the sqlcmd command
-      debug:
-        var: __mssql_sqlcmd_input_file.stdout_lines
-
-    - name: Remove the tempfile
-      file:
-        path: "{{ __mssql_sql_tempfile.path }}"
-        state: absent
-
 - name: Configure the sqlagent setting
   include_tasks: mssql_conf_setting.yml
   vars:
@@ -471,3 +430,12 @@
     path: /var/opt/mssql/mssql.conf
     block: "{{ __lsr_ansible_managed }}"
     insertbefore: BOF
+
+# Keep this task at the bottom, it must be run at the end of the role
+- name: Input the {{ mssql_input_sql_file }} sql file to SQL Server
+  vars:
+    __mssql_input_sql_file: "{{ mssql_input_sql_file }}"
+  include_tasks: input_sql_file.yml
+  when:
+    - mssql_input_sql_file is defined
+    - mssql_input_sql_file is not none
diff --git a/tasks/mssql_conf_setting.yml b/tasks/mssql_conf_setting.yml
@@ -41,7 +41,8 @@
   when:
     - __mssql_conf_setting_value == "unset"
     - '"No setting for the given" not in __mssql_conf_get_setting.stdout'
-  register: __mssql_conf_set
+  register: __mssql_conf_unset
   failed_when: >-
-    ("error" in __mssql_conf_set.stdout | lower) or (__mssql_conf_set is failed)
+    ("error" in __mssql_conf_unset.stdout | lower) or
+    (__mssql_conf_unset is failed)
   notify: Restart the mssql-server service
diff --git a/tests/tasks/verify_package.yml b/tests/tasks/verify_package.yml
@@ -7,6 +7,7 @@
 - name: Gather package facts
   package_facts:
     manager: auto
+  no_log: true
 
 - name: Verify if the {{ __mssql_verify_package_name }} package is installed
   assert:

diff --git a/tests/tasks/verify_settings.yml b/tests/tasks/verify_settings.yml
@@ -36,14 +36,14 @@
         that: __mssql_edition_matches.stdout | bool
 
 - name: Verify the IP address setting
-  include_tasks: tasks/mssql_conf_verify.yml
+  include_tasks: mssql_conf_verify.yml
   vars:
     __mssql_conf_setting: ipaddress
     __mssql_conf_value: __mssql_ip_address_matches
   when: __mssql_ip_address_matches is defined
 
 - name: Verify the TCP port setting
-  include_tasks: tasks/mssql_conf_verify.yml
+  include_tasks: mssql_conf_verify.yml
   vars:
     __mssql_conf_setting: tcpport
     __mssql_conf_value: __mssql_tcp_port_matches
@@ -78,21 +78,21 @@
         that: __mssql_password_query is success
 
 - name: Verify that the SQL agent is enabled
-  include_tasks: tasks/mssql_conf_verify.yml
+  include_tasks: mssql_conf_verify.yml
   vars:
     __mssql_conf_setting: enabled
     __mssql_conf_value: "{{ __verify_mssql_agent_is_enabled }}"
   when: __verify_mssql_agent_is_enabled is defined
 
 - name: Verify the {{ __mssql_server_fts_packages }} package
-  include_tasks: tasks/verify_package.yml
+  include_tasks: verify_package.yml
   vars:
     __mssql_verify_package_name: "{{ __mssql_server_fts_packages }}"
     __mssql_verify_package_installed: "{{ __verify_mssql_fts_is_installed }}"
   when: __verify_mssql_fts_is_installed is defined
 
 - name: Verify the {{ __mssql_powershell_packages }} package
-  include_tasks: tasks/verify_package.yml
+  include_tasks: verify_package.yml
   vars:
     __mssql_verify_package_name: "{{ __mssql_powershell_packages }}"
     __mssql_verify_package_installed: >-
@@ -103,13 +103,13 @@
   when: __verify_mssql_ha_is_installed is defined
   block:
     - name: Verify if the {{ __mssql_server_ha_packages }} package is installed
-      include_tasks: tasks/verify_package.yml
+      include_tasks: verify_package.yml
       vars:
         __mssql_verify_package_name: "{{ __mssql_server_ha_packages }}"
         __mssql_verify_package_installed: "{{ __verify_mssql_ha_is_installed }}"
 
     - name: Verify the hadrenabled setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: hadrenabled
         __mssql_conf_value: >-
@@ -135,13 +135,13 @@
 
     # alternatewritethrough must be false according to MS docs
     - name: Verify that the alternatewritethrough setting is false
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: alternatewritethrough
         __mssql_conf_value: false
 
     - name: Verify the writethrough setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: writethrough
         __mssql_conf_value: >-
@@ -151,31 +151,31 @@
   when: __verify_mssql_is_tls_encrypted is defined
   block:
     - name: Verify the tlscert setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: tlscert
         __mssql_conf_value: >-
           {{ mssql_tls_cert | basename if __verify_mssql_is_tls_encrypted
           else '' }}
 
     - name: Verify the tlskey setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: tlskey
         __mssql_conf_value: >-
           {{ mssql_tls_private_key | basename if
           __verify_mssql_is_tls_encrypted else '' }}
 
     - name: Verify the tlsprotocols setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: tlsprotocols
         __mssql_conf_value: >-
           {{ mssql_tls_version | string if
           __verify_mssql_is_tls_encrypted else '' }}
 
     - name: Verify the forceencryption setting
-      include_tasks: tasks/mssql_conf_verify.yml
+      include_tasks: mssql_conf_verify.yml
       vars:
         __mssql_conf_setting: forceencryption
         __mssql_conf_value: >-

diff --git a/vars/main.yml b/vars/main.yml
@@ -1,12 +1,12 @@
 # SPDX-License-Identifier: MIT
 ---
-__mssql_server_packages: mssql-server
-__mssql_client_packages: [mssql-tools, unixODBC-devel]
-__mssql_server_fts_packages: mssql-server-fts
-__mssql_server_ha_packages: mssql-server-ha
-__mssql_powershell_packages: powershell
 __mssql_required_facts:
   - distribution
   - distribution_major_version
   - distribution_version
   - os_family
+__mssql_server_packages: mssql-server
+__mssql_client_packages: [mssql-tools, unixODBC-devel]
+__mssql_server_fts_packages: mssql-server-fts
+__mssql_server_ha_packages: mssql-server-ha
+__mssql_powershell_packages: powershell