|
1 | 1 | - name: Envoy - system user |
2 | 2 | ansible.builtin.user: |
3 | | - name: envoy |
| 3 | + name: 'envoy' |
| 4 | + state: 'present' |
4 | 5 |
|
5 | 6 | - name: Envoy - download binary |
6 | 7 | ansible.builtin.get_url: |
7 | 8 | checksum: "{{ envoy_release_checksum }}" |
8 | | - dest: /opt/envoy |
9 | | - group: envoy |
10 | | - mode: u+x |
11 | | - owner: envoy |
| 9 | + dest: '/opt/envoy' |
| 10 | + group: 'envoy' |
| 11 | + mode: '0700' |
| 12 | + owner: 'envoy' |
12 | 13 | # yamllint disable-line rule:line-length |
13 | 14 | url: "https://github.com/envoyproxy/envoy/releases/download/v{{ envoy_release }}/envoy-{{ envoy_release }}-linux-aarch_64" |
14 | 15 |
|
15 | 16 | - name: Envoy - download hot restarter script |
16 | 17 | ansible.builtin.get_url: |
17 | 18 | checksum: "{{ envoy_hot_restarter_release_checksum }}" |
18 | | - dest: /opt/envoy-hot-restarter.py |
19 | | - group: envoy |
20 | | - mode: u+x |
21 | | - owner: envoy |
| 19 | + dest: '/opt/envoy-hot-restarter.py' |
| 20 | + group: 'envoy' |
| 21 | + mode: '0700' |
| 22 | + owner: 'envoy' |
22 | 23 | # yamllint disable-line rule:line-length |
23 | | - url: https://raw.githubusercontent.com/envoyproxy/envoy/v{{ envoy_release }}/restarter/hot-restarter.py |
| 24 | + url: "https://raw.githubusercontent.com/envoyproxy/envoy/v{{ envoy_release }}/restarter/hot-restarter.py" |
24 | 25 |
|
25 | 26 | - name: Envoy - bump up ulimit |
26 | 27 | community.general.pam_limits: |
27 | | - domain: envoy |
28 | | - limit_item: nofile |
29 | | - limit_type: soft |
30 | | - value: 4096 |
| 28 | + domain: 'envoy' |
| 29 | + limit_item: 'nofile' |
| 30 | + limit_type: 'soft' |
| 31 | + value: '4096' |
31 | 32 |
|
32 | 33 | - name: Envoy - create script to start envoy |
33 | 34 | ansible.builtin.copy: |
34 | | - dest: /opt/start-envoy.sh |
35 | | - group: envoy |
36 | | - mode: u+x |
37 | | - owner: envoy |
38 | | - src: files/start-envoy.sh |
| 35 | + dest: '/opt/start-envoy.sh' |
| 36 | + group: 'envoy' |
| 37 | + mode: '0700' |
| 38 | + owner: 'envoy' |
| 39 | + src: 'files/start-envoy.sh' |
39 | 40 |
|
40 | 41 | - name: Envoy - create configuration files |
41 | 42 | ansible.builtin.copy: |
42 | | - dest: /etc/envoy/ |
43 | | - directory_mode: u=rwx,g=rwx,o=rx |
44 | | - group: envoy |
45 | | - mode: u=rw,g=rw,o=r |
46 | | - owner: envoy |
47 | | - src: files/envoy_config/ |
| 43 | + dest: '/etc/envoy/' |
| 44 | + directory_mode: '0775' |
| 45 | + group: 'envoy' |
| 46 | + mode: '0664' |
| 47 | + owner: 'envoy' |
| 48 | + src: 'files/envoy_config/' |
48 | 49 |
|
49 | 50 | - name: Envoy - create service file |
50 | 51 | ansible.builtin.copy: |
51 | | - dest: /etc/systemd/system/envoy.service |
52 | | - mode: u=rw,g=r,o=r |
53 | | - src: files/envoy.service |
| 52 | + dest: '/etc/systemd/system/envoy.service' |
| 53 | + mode: '0644' |
| 54 | + src: 'files/envoy.service' |
54 | 55 |
|
55 | 56 | - name: Envoy - disable service |
56 | | - ansible.builtin.systemd: |
| 57 | + ansible.builtin.systemd_service: |
57 | 58 | daemon_reload: true |
58 | 59 | enabled: false |
59 | | - name: envoy |
60 | | - state: stopped |
| 60 | + name: 'envoy' |
| 61 | + state: 'stopped' |
0 commit comments