ansible: Default to /usr/local and /var/local

Following discussion in https://github.com/ava-labs/gecko/pull/151 it was decided that /usr (and by implication /var) should be reserved for OS package managers (e.g. apt, yum).
2020-05-24 11:54:45 +01:00 · 2020-05-24 11:54:45 +01:00 · 756fdee142
parent 4cd9569e21
commit 756fdee142
5 changed files with 44 additions and 18 deletions
--- a/scripts/ansible/roles/ava-install/defaults/main.yml
+++ b/scripts/ansible/roles/ava-install/defaults/main.yml
@ -1,8 +1,22 @@
-ava_daemon_bin_dir: "/usr/bin"
-ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
-ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
-ava_daemon_log_dir: "/var/log/ava"
-ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
-ava_daemon_staking_dir: "{{ ava_daemon_data_dir }}/staking"
+# These names, & default values are based on Meson build builtin options;
+# which in turn follow established *nix conventions.
+# See
+#   https://mesonbuild.com/Builtin-options.html
+#   https://www.gnu.org/prep/standards/html_node/Directory-Variables.html
+prefix: "/usr/local"
+bindir: "{{ prefix }}/bin"
+libdir: "{{ prefix }}/lib"
+localstatedir: "{{ prefix | replace('/usr', '/var') }}"
+sharedstatedir: "{{ localstatedir }}/lib"
+# Has no Meson builtin equivalent
+logdir: "{{ localstatedir }}/log"
+
+# These names are specific to AVA. Default values are based loosely on *nix
+# conventions.
+ava_daemon_home_dir: "{{ sharedstatedir }}/ava"
+ava_daemon_db_dir: "{{ ava_daemon_home_dir }}/db"
+ava_daemon_log_dir: "{{ logdir }}/ava"
+ava_daemon_plugin_dir: "{{ libdir }}/ava/plugins"
+ava_daemon_staking_dir: "{{ ava_daemon_home_dir }}/staking"
 ava_daemon_staking_tls_cert: "{{ ava_daemon_staking_dir }}/staker.crt"
 ava_daemon_staking_tls_key: "{{ ava_daemon_staking_dir }}/staker.key"
--- a/scripts/ansible/roles/ava-install/tasks/main.yml
+++ b/scripts/ansible/roles/ava-install/tasks/main.yml
@ -1,4 +1,14 @@
- name: Create directories
+- name: Create shared directories
+  file:
+    # Don't specify owner, mode etc for directories not specific to AVA.
+    # OS defaults, or local defaults are better than any guess we could make.
+    path: "{{ item.path }}"
+    state: directory
+  loop:
+    - path: "{{ sharedstatedir }}"
+    - path: "{{ logdir }}"
+
+- name: Create AVA directories
  become: true
  file:
    path: "{{ item.path }}"
@ -8,7 +18,9 @@
    recurse: "{{ item.recurse | default(omit) }}"
    state: directory
  loop:
-    - path: "{{ ava_daemon_data_dir }}"
+    - path: "{{ ava_daemon_home_dir }}"
+      mode: u=rwX,go=rX
+    - path: "{{ ava_daemon_db_dir }}"
      mode: u=rwX,go=rX
    - path: "{{ ava_daemon_staking_dir }}"
      mode: u=rX,go=
@ -24,11 +36,11 @@
  notify:
    - Restart AVA service

- name: Install binary
+- name: Install AVA binary
  become: true
  copy:
    src: "{{ ava_binary }}"
-    dest: "{{ ava_daemon_bin_dir }}/ava"
+    dest: "{{ bindir }}/ava"
    remote_src: true
    owner: root
    group: root
@ -36,7 +48,7 @@
  notify:
    - Restart AVA service

- name: Install plugins
+- name: Install AVA plugins
  become: true
  copy:
    src: "{{ item.path }}"
--- a/scripts/ansible/roles/ava-service/templates/ava.service
+++ b/scripts/ansible/roles/ava-service/templates/ava.service
@ -8,11 +8,11 @@ StartLimitIntervalSec=0

 [Service]
 Type=simple
-WorkingDirectory={{ ava_daemon_data_dir }}
+WorkingDirectory={{ ava_daemon_home_dir }}
 Restart=always
 RestartSec=1
 User={{ ava_daemon_user }}
-ExecStart={{ ava_daemon_bin_dir }}/ava \
+ExecStart={{ bindir }}/ava \
            --public-ip="{{ ansible_facts.default_ipv4.address }}" \
            --db-dir="{{ ava_daemon_db_dir }}" \
            --plugin-dir="{{ ava_daemon_plugin_dir }}" \
--- a/scripts/ansible/roles/ava-upgrade/tasks/10-staking-migrate.yml
+++ b/scripts/ansible/roles/ava-upgrade/tasks/10-staking-migrate.yml
@ -1,7 +1,7 @@
 - name: Migrate staking key
  vars:
-    old_key: "{{ ava_daemon_data_dir }}/keys/staker.key"
-    new_key: "{{ ava_daemon_data_dir }}/staking/staker.key"
+    old_key: "{{ ava_daemon_home_dir }}/keys/staker.key"
+    new_key: "{{ ava_daemon_home_dir }}/staking/staker.key"
  block:
    - name: Check for Gecko 0.2.0 staking key
      stat:
@ -25,8 +25,8 @@

 - name: Migrate staking certificate
  vars:
-    old_cert: "{{ ava_daemon_data_dir }}/keys/staker.crt"
-    new_cert: "{{ ava_daemon_data_dir }}/staking/staker.crt"
+    old_cert: "{{ ava_daemon_home_dir }}/keys/staker.crt"
+    new_cert: "{{ ava_daemon_home_dir }}/staking/staker.crt"
  block:
    - name: Check for Gecko 0.2.0 staking certificate
      stat:
--- a/scripts/ansible/roles/ava-user/tasks/main.yml
+++ b/scripts/ansible/roles/ava-user/tasks/main.yml
@ -9,7 +9,7 @@
  user:
    name: "{{ ava_daemon_user }}"
    group: "{{ ava_daemon_group }}"
-    home: "{{ ava_daemon_data_dir }}"
+    home: "{{ ava_daemon_home_dir }}"
    shell: /bin/false
    skeleton: false
    system: true