ensure-dirs.yaml

Overview

This file is an Ansible playbook responsible for ensuring the presence and correct permissions of several important directories used by the application. It defines a series of tasks that create required directories if they do not already exist, and sets their access modes (permissions) to control user, group, and others' read, write, and execute rights appropriately.

The primary purpose is to prepare the file system environment before other operations or deployments that depend on these directories. This setup is essential for components like backups, logging, configuration storage, contract files, scripts, and Aerospike database directories.

Detailed Explanation of Tasks

Each item in this YAML file is an Ansible task using the ansible.builtin.file module to create directories. The key fields used in each task are:

• name: A descriptive string explaining the purpose of the task.

• ansible.builtin.file: The Ansible module that manages file system objects.

• path: The directory path to ensure exists.

• state: Set to directory to ensure the path is a directory.

• mode: The Unix permission bits to assign to the directory.

• with_list: Used in one task to iterate over multiple directory paths.

Tasks and Their Directory Targets

1. Ensure main directory exists:

   • Path: {{ BK_DIR }}/

   • Permissions: u=rwx,g=rwx,o=rwx (full read, write, execute for user, group, and others)

   • Purpose: The base directory for backup or application data.

2. Ensure node share directory exists:

   • Path: {{ BK_DATA_DIR }}/share

   • Permissions: u=rwx,g=rwx,o=rwx

   • Purpose: Shared data directory on the node.

3. Ensure node logs directory exists:

   • Path: {{ BK_LOGS_DIR }}

   • Permissions: u=rwx,g=rwx,o=rwx

   • Purpose: Directory for log files.

4. Ensure keys directory exists:

   • Path: {{ BK_DIR }}/bk-configs

   • Permissions: u=rwx,g=,o=rwx (no group permissions)

   • Purpose: Stores key files, with restricted group access.

5. Ensure contracts directory exists:

   • Path: {{ BK_DIR }}/contracts

   • Permissions: u=rwx,g=rx,o=rx (group and others can read and execute)

   • Purpose: Holds contract files.

6. Ensure scripts directory exists:

   • Path: {{ BK_DATA_DIR }}/

   • Permissions: u=rwx,g=rwx,o=rwx

   • Purpose: Base directory for scripts.

7. Ensure Aerospike directories exist:

   • Paths:

     • {{ BK_DIR }}/aerospike

     • {{ BK_DIR }}/aerospike-config

   • Permissions: u=rwx,g=rx,o=rx

   • Purpose: Stores Aerospike database files and configuration.

   • Implementation Detail: Uses with_list to iterate over multiple directories in one task.

8. Ensure WASM binaries directory exists:

   • Path: {{ BK_DIR }}/bk-binaries/wasm

   • Permissions: u=rwx,g=rx,o=rx

   • Purpose: Directory for WebAssembly binaries.

Parameters

• All directory paths are templated variables ({{ BK_DIR }}, {{ BK_DATA_DIR }}, {{ BK_LOGS_DIR }}) that must be defined in the playbook or inventory where this file is included.

• The mandatory Jinja2 filter is used to enforce the presence of these variables at runtime, ensuring the playbook fails early if they are not set.

Usage Example

This file is expected to be included or imported into a larger playbook or role that manages the lifecycle of the application environment. For example:

- hosts: all
  vars:
    BK_DIR: /opt/app/backup
    BK_DATA_DIR: /opt/app/data
    BK_LOGS_DIR: /var/log/app
  tasks:
    - import_tasks: ensure-dirs.yaml

This would execute all directory creation tasks with the specified paths and permissions.

Important Implementation Details

• Permissions are carefully assigned to balance accessibility and security:

  • Some directories are fully accessible (u=rwx,g=rwx,o=rwx), supporting shared access.

  • Sensitive directories like bk-configs restrict group permissions.

• The use of with_list in the Aerospike directories task improves maintainability and reduces repetition.

• The trailing slash in paths like {{ BK_DIR | mandatory }}/ ensures that the path is treated as a directory.

• The playbook assumes that the underlying system supports Unix-style permissions.

Interaction with Other Parts of the System

• This playbook prepares the file system environment before other plays that might deploy application components, copy configuration files, or start services.

• The directories created here are referenced by components that read or write backups, logs, scripts, contracts, Aerospike data, and WASM binaries.

• The correctness of permissions affects the security and proper functioning of those components.

• It depends on external variables for directory paths and thus is tightly integrated with the configuration management and deployment process.

Visual Diagram: Flowchart of Directory Creation Tasks

flowchart TD
A[Start Directory Setup]
A --> B1[Create BK_DIR]
A --> B2[Create BK_DATA_DIR/share]
A --> B3[Create BK_LOGS_DIR]
A --> B4[Create BK_DIR/bk-configs]
A --> B5[Create BK_DIR/contracts]
A --> B6["Create BK_DATA_DIR (scripts)"]
A --> B7[Create Aerospike Directories]
A --> B8[Create BK_DIR/bk-binaries/wasm]
B7 --> B7a[Create BK_DIR/aerospike]
B7 --> B7b[Create BK_DIR/aerospike-config]
B1 --> C[Set Permissions]
B2 --> C
B3 --> C
B4 --> C
B5 --> C
B6 --> C
B7a --> C
B7b --> C
B8 --> C
C --> D[End Directory Setup]

This diagram depicts the parallel execution of directory creation tasks, with a grouping for the Aerospike directories iterated together. Each task ensures directory existence and sets the appropriate permissions.