diff --git a/.github/workflows/molecule-test.yml b/.github/workflows/molecule-test.yml index 53b1996..16bb2d1 100644 --- a/.github/workflows/molecule-test.yml +++ b/.github/workflows/molecule-test.yml @@ -8,7 +8,7 @@ jobs: fail-fast: false max-parallel: 4 matrix: - molecule_distro: ['centos7', 'centos8', 'ubuntu1804', 'ubuntu2004', 'debian10'] + molecule_distro: ['rockylinux8', 'rockylinux9', 'ubuntu2004', 'ubuntu2204'] env: ANSIBLE_CALLBACK_WHITELIST: profile_tasks @@ -21,7 +21,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install ansible ansible-lint flake8 molecule molecule-docker docker + pip install ansible ansible-lint flake8 molecule molecule-docker docker yamllint ansible --version ansible-lint --version molecule --version diff --git a/README.md b/README.md index dcd9096..edd9896 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ ansible-role-neo4j ![](https://github.com/kevincoakley/ansible-role-neo4j/workflows/Molecule%20Test/badge.svg) -Install Neo4j - https://www.neo4j.com . Tested with Neo4j 4.2.3 on CentOS 7, CentOS 8, Ubuntu 18.04 and Ubuntu 20.04. +Install Neo4j - https://www.neo4j.com . Tested with Neo4j RockyLinux 8, RockyLinux 9, Ubuntu 20.04 and Ubuntu 22.04. Requirements ------------ diff --git a/defaults/main.yml b/defaults/main.yml index b52077b..043e29e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,8 +9,6 @@ neo4j_memory_pagecache_size: 10g neo4j_connector_bolt_listen_address: :7687 neo4j_connector_http_listen_address: :7474 neo4j_connector_https_listen_address: :7473 -neo4j_prometheus_metrics_enabled: false -neo4j_prometheus_metrics_endpoint: localhost:2004 neo4j_edition: community # neo4j_version: use this if you want a specific version of Neo4j, omit it to get the latest # neo4j_password: 'change_me!' diff --git a/handlers/main.yml b/handlers/main.yml index 9f44a69..4ed475b 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,6 +2,8 @@ # handlers file for neo4j - name: Restart Neo4j - service: name=neo4j state=restarted + ansible.builtin.service: + name: neo4j + state: restarted become: true become_method: sudo diff --git a/meta/main.yml b/meta/main.yml index 1708966..24895d3 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: description: Install Neo4j (http://neo4j.com/) license: BSD - min_ansible_version: 2.4 + min_ansible_version: "2.14" # Optionally specify the branch Galaxy will use when accessing the GitHub # repo for this role. During role install, if no tags are available, @@ -24,12 +24,12 @@ galaxy_info: platforms: - name: EL versions: - - 7 - - 8 + - "8" + - "9" - name: Ubuntu versions: - - bionic - focal + - jammy galaxy_tags: - database diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index c520c6e..0e8a711 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,16 +10,17 @@ lint: | flake8 platforms: - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /sys/fs/cgroup:/sys/fs/cgroup:rw exposed_ports: - 7474/tcp - 7687/tcp published_ports: - 0.0.0.0:7474:7474/tcp - 0.0.0.0:7687:7687/tcp + cgroupns_mode: host privileged: true pre_build_image: true provisioner: diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 927836f..23c66f1 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -1,7 +1,7 @@ --- # See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199 - name: Ensure 'man' directory exists. - file: + ansible.builtin.file: path: /usr/share/man/man1 state: directory recurse: true @@ -10,11 +10,11 @@ - ansible_distribution == 'Ubuntu' - name: Update repositories cache - apt: + ansible.builtin.apt: update_cache: true - name: Install Required Ubuntu Packages - package: + ansible.builtin.package: name: "{{ item }}" state: present with_items: @@ -23,16 +23,16 @@ - gpg-agent - name: Import the signing key for the Neo Technology Debian repository for Neo4j - apt_key: + ansible.builtin.apt_key: url: https://debian.neo4j.org/neotechnology.gpg.key state: present - name: Add the Neo Technology Debian repository for Neo4j - apt_repository: + ansible.builtin.apt_repository: repo: "deb https://debian.neo4j.com stable {% if neo4j_version is defined %}{{ neo4j_version.split('.')[0:2] | join('.') }}{% else %}latest{% endif %}" state: present update_cache: true - name: Determine the neo4j package to install - set_fact: + ansible.builtin.set_fact: neo4j_package: neo4j{% if neo4j_edition == 'enterprise' %}-enterprise{% endif %}{% if neo4j_version is defined %}=1:{{ neo4j_version }}{% endif %} diff --git a/tasks/RedHat.yml b/tasks/RedHat.yml index b4251c5..b4e2c64 100644 --- a/tasks/RedHat.yml +++ b/tasks/RedHat.yml @@ -1,13 +1,13 @@ --- - name: Install Required RedHat Packages - package: + ansible.builtin.package: name: "{{ item }}" state: present with_items: - which - name: Add Neo4j Yum Repo - yum_repository: + ansible.builtin.yum_repository: name: neo4j description: Neo4j Yum Repo baseurl: https://yum.neo4j.com/stable @@ -15,5 +15,5 @@ gpgcheck: true - name: Determine the neo4j package to install - set_fact: + ansible.builtin.set_fact: neo4j_package: neo4j{% if neo4j_edition == 'enterprise' %}-enterprise{% endif %}{% if neo4j_version is defined %}-{{ neo4j_version }}{% endif %} diff --git a/tasks/main.yml b/tasks/main.yml index b260eb6..e2a83dd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,18 +1,18 @@ --- - name: Include OS family specific variables - include_vars: "{{ ansible_os_family }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}.yml" - name: Include OS specific tasks - include_tasks: "{{ ansible_os_family }}.yml" + ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml" - name: Install Neo4j - package: + ansible.builtin.package: name: "{{ neo4j_package }}" state: present when: neo4j_edition == 'community' - name: Install Neo4j Enterprise - package: + ansible.builtin.package: name: "{{ neo4j_package }}" state: present when: neo4j_edition == 'enterprise' @@ -20,7 +20,7 @@ NEO4J_ACCEPT_LICENSE_AGREEMENT: 'yes' - name: Ensure graph DB folder exists and has the correct permissions - file: + ansible.builtin.file: path: "{{ neo4j_server_database_location }}" state: directory owner: neo4j @@ -28,88 +28,72 @@ mode: 0755 - name: Set the neo4j data directory - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.directories\.data=.*' - line: "dbms.directories.data={{ neo4j_server_database_location }}" + regexp: '^server\.directories\.data=.*' + line: "server.directories.data={{ neo4j_server_database_location }}" state: present notify: Restart Neo4j - name: Set the neo4j heap inital size - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.memory\.heap\.initial_size=.*' - line: "dbms.memory.heap.initial_size={{ neo4j_memory_heap_initial_size }}" + regexp: '^server\.memory\.heap\.initial_size=.*' + line: "server.memory.heap.initial_size={{ neo4j_memory_heap_initial_size }}" state: present notify: Restart Neo4j - name: Set the neo4j heap max size - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.memory\.heap\.max_size=.*' - line: "dbms.memory.heap.max_size={{ neo4j_memory_heap_max_size }}" + regexp: '^server\.memory\.heap\.max_size=.*' + line: "server.memory.heap.max_size={{ neo4j_memory_heap_max_size }}" state: present notify: Restart Neo4j - name: Set the neo4j pagecache size - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.memory\.pagecache\.size=.*' - line: "dbms.memory.pagecache.size={{ neo4j_memory_pagecache_size }}" + regexp: '^server\.memory\.pagecache\.size=.*' + line: "server.memory.pagecache.size={{ neo4j_memory_pagecache_size }}" state: present notify: Restart Neo4j - name: Allow any connection to Neo4J - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^(# )?dbms.connectors.default_listen_address=0.0.0.0' - line: "dbms.connectors.default_listen_address=0.0.0.0" + regexp: '^(# )?server.default_listen_address=0.0.0.0' + line: "server.default_listen_address=0.0.0.0" state: present when: neo4j_allow_any_connection | bool notify: Restart Neo4j - name: Set the neo4j bolt listen address - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.connector\.bolt\.listen_address=.*' - line: "dbms.connector.bolt.listen_address={{ neo4j_connector_bolt_listen_address }}" + regexp: '^server\.bolt\.listen_address=.*' + line: "server.bolt.listen_address={{ neo4j_connector_bolt_listen_address }}" state: present notify: Restart Neo4j - name: Set the neo4j http listen address - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.connector\.http\.listen_address=.*' - line: "dbms.connector.http.listen_address={{ neo4j_connector_http_listen_address }}" + regexp: '^server\.http\.listen_address=.*' + line: "server.http.listen_address={{ neo4j_connector_http_listen_address }}" state: present notify: Restart Neo4j - name: Set the neo4j https listen address - lineinfile: + ansible.builtin.lineinfile: dest: /etc/neo4j/neo4j.conf - regexp: '^dbms\.connector\.https\.listen_address=.*' - line: "dbms.connector.https.listen_address={{ neo4j_connector_https_listen_address }}" - state: present - notify: Restart Neo4j - -- name: Enable prometheus metrics - lineinfile: - dest: /etc/neo4j/neo4j.conf - regexp: '^metrics\.prometheus\.enabled=.*' - line: "metrics.prometheus.enabled={{ neo4j_prometheus_metrics_enabled }}" - state: present - notify: Restart Neo4j - -- name: Set prometheus metrics interface - lineinfile: - dest: /etc/neo4j/neo4j.conf - regexp: '^metrics\.prometheus\.endpoint=.*' - line: "metrics.prometheus.endpoint={{ neo4j_prometheus_metrics_endpoint }}" + regexp: '^server\.https\.listen_address=.*' + line: "server.https.listen_address={{ neo4j_connector_https_listen_address }}" state: present notify: Restart Neo4j - name: Ensure open files soft and hard limits are set - copy: + ansible.builtin.copy: src: etc/security/limits.d/neo4j.conf dest: /etc/security/limits.d/neo4j.conf owner: root @@ -117,21 +101,21 @@ mode: 0644 - name: Ensure pam_limits.so is enabled - lineinfile: + ansible.builtin.lineinfile: dest: /etc/pam.d/su regexp: '^(# )?session required pam_limits.so' line: "session required pam_limits.so" state: present - name: Ensure the Neo4j service is enabled and started - service: + ansible.builtin.service: name: neo4j enabled: true state: started # https://neo4j.com/docs/operations-manual/current/configuration/set-initial-password/ - name: Set Neo4j initial password - command: "neo4j-admin set-initial-password '{{ neo4j_password }}'" + ansible.builtin.command: "neo4j-admin set-initial-password '{{ neo4j_password }}'" args: creates: /var/lib/neo4j/data/dbms/auth.ini when: neo4j_password is defined and neo4j_password|string