rootsystem/ansible-roles/threshold/tasks/main.yml

- name: Ensure threshold user group exists
  group:
    name: threshold
    state: present

- name: Ensure threshold user exists
  user:
    name: threshold
    state: present
    group: threshold

- name: ensure threshold folder exists
  file:
    path: /opt/threshold
    state: directory
    owner: threshold
    group: threshold
    mode: '0600'

- name: checksum the Threshold binary 
  stat:
    path: /opt/threshold/threshold
    checksum_algorithm: sha256
  register: threshold_binary

- name: log the checksum
  debug:
    var: threshold_binary.stat.checksum
  when: threshold_binary.stat.checksum is defined

- name: Download & validate the Threshold tar.gz file (if reinstall is desired)
  get_url:
    url: 'https://f000.backblazeb2.com/file/server-garden-artifacts/threshold-{{ arch }}.tar.gz'
    dest: '/tmp/threshold-{{ arch }}.tar.gz'
    checksum: "sha256:{{ tar_sha256[arch] }}"
  when: threshold_binary.stat.checksum is not defined or threshold_binary.stat.checksum != bin_sha256[arch]

- name: unarchive threshold tar.gz file  (if reinstall is desired)
  unarchive:
    remote_src: yes
    src: '/tmp/threshold-{{ arch }}.tar.gz'
    dest: /opt/threshold
  when: threshold_binary.stat.checksum is not defined or threshold_binary.stat.checksum != bin_sha256[arch]

- name: set owner, group and permissions on threshold binary
  file:
    path: /opt/threshold/threshold
    owner: threshold
    group: threshold
    mode: '0700'

- name: clean up threshold tar.gz file 
  file:
    path: '/tmp/threshold-{{ arch }}.tar.gz'
    state: absent

- name: set owner, group and permissions on threshold service unit file
  copy:
    src: threshold.service
    dest: /etc/systemd/system/threshold.service
    owner: threshold
    group: threshold
    mode: '0755'