diff --git a/.gitignore b/.gitignore index cbee34f..c44b579 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ id_rsa -roles/* !roles/requirements.yml files/ssh_keys .vagrant diff --git a/roles/ansible/.github/ISSUE_TEMPLATE/bug_report.md b/roles/ansible/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/ansible/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/ansible/.github/ISSUE_TEMPLATE/feature_request.md b/roles/ansible/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/ansible/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/ansible/.github/settings.yml b/roles/ansible/.github/settings.yml new file mode 100644 index 0000000..1163812 --- /dev/null +++ b/roles/ansible/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure ansible on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/ansible/.gitignore b/roles/ansible/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/ansible/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/ansible/.travis.yml b/roles/ansible/.travis.yml new file mode 100644 index 0000000..4c6d96f --- /dev/null +++ b/roles/ansible/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "DIjA6Mnh2fpuFs+CYMtn1DX0o1DWqiz5Jz4v39fjeF+CJsG0vMFpmHunRwqftVnGUpsJKrjH9zxZXL5EkAtMif4ROC885h+uc0YgWoNl1cnlZUfljD3+34+EjutW6W/wcijxqy7v0LqracBScDSErUzBnZO6fBUFdf/6KIsyWxOrKTEH4cjt5SocEDUYUy3CQZDIU4pXdfoliWPnb0MDjiRN2NV4paB5R2CQ0NawlUV8gwrA5hKOUGD6ca0LNOF/tnkOcF8qJKox4AyYMXvAJdieFO/aWQG5tZg2y5+yDXqQPyjuTTX7XiqNUpdyeP0mwR27eAO/R7LBiRMqiYPFkT2ttSN4ufKWToGX51lAZXZWmKfy8lKcFxszVwthJj4PQvjLcY/xbk9Ze1o+yz/1H4eBdmXEVD+H9SX3j2wToerbhktHcv+Uf62xrug8UglxQsSJFHRWaSkiC6ZWw5Awce+9LxHi8VK9ubnFKD7wK5iY+Gved4A7HvwSUQJQfCeNnyvmsLwacnr1DGTUzm0/LkbtkAQMh4h5ouDN5b1vwalcADHFZmmqtDeocZQL6m8E42Fvkpkllfo0tJV67aN3Of6fq/e/I5Ac+dOqJ0MQkclnGG4+HvSa12MAoTKhrgFIBkpJI/083i6eoRsmIT2gtHwGzclVNKJmRERcrVLLa1s=" + email: false diff --git a/roles/ansible/.yamllint b/roles/ansible/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/ansible/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/ansible/CODE_OF_CONDUCT.md b/roles/ansible/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/ansible/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/ansible/CONTRIBUTING.md b/roles/ansible/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/ansible/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/ansible/LICENSE b/roles/ansible/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/ansible/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/ansible/PULL_REQUEST_TEMPLATE.md b/roles/ansible/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/ansible/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/ansible/README.md b/roles/ansible/README.md new file mode 100644 index 0000000..f0e007a --- /dev/null +++ b/roles/ansible/README.md @@ -0,0 +1,143 @@ +ansible +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-ansible.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-ansible) + +Install and configure ansible on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.ansible +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.epel +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for ansible + +ansible_configuration: + - option: roles_path + value: roles + - option: retry_files_enabled + value: no + - option: inventory + value: inventory + - option: stdout_callback + value: yaml + - option: callback_whitelist + value: profile_roles +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.epel + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/ansible.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-ansible) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-ansible/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/ansible/defaults/main.yml b/roles/ansible/defaults/main.yml new file mode 100644 index 0000000..64b444a --- /dev/null +++ b/roles/ansible/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# defaults file for ansible + +ansible_configuration: + - option: roles_path + value: roles + - option: retry_files_enabled + value: no + - option: inventory + value: inventory + - option: stdout_callback + value: yaml + - option: callback_whitelist + value: profile_roles diff --git a/roles/ansible/meta/.galaxy_install_info b/roles/ansible/meta/.galaxy_install_info new file mode 100644 index 0000000..c3ecbb0 --- /dev/null +++ b/roles/ansible/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:13 2019', version: 2.0.3} diff --git a/roles/ansible/meta/main.yml b/roles/ansible/meta/main.yml new file mode 100644 index 0000000..a6d1b97 --- /dev/null +++ b/roles/ansible/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: ansible + description: Install and configure ansible on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - ansible + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/ansible/molecule/alpine-edge/molecule.yml b/roles/ansible/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..7b639c7 --- /dev/null +++ b/roles/ansible/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/ansible/molecule/alpine-latest/molecule.yml b/roles/ansible/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..e933ac0 --- /dev/null +++ b/roles/ansible/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/ansible/molecule/archlinux/molecule.yml b/roles/ansible/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..8ad32cf --- /dev/null +++ b/roles/ansible/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/ansible/molecule/centos-6/molecule.yml b/roles/ansible/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..26350b8 --- /dev/null +++ b/roles/ansible/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/ansible/molecule/centos-latest/molecule.yml b/roles/ansible/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..a2e98b4 --- /dev/null +++ b/roles/ansible/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/ansible/molecule/debian-latest/molecule.yml b/roles/ansible/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..149a9ff --- /dev/null +++ b/roles/ansible/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/ansible/molecule/debian-stable/molecule.yml b/roles/ansible/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..82d1e8e --- /dev/null +++ b/roles/ansible/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/ansible/molecule/debian-unstable/molecule.yml b/roles/ansible/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..2ab9ecc --- /dev/null +++ b/roles/ansible/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/ansible/molecule/default/molecule.yml b/roles/ansible/molecule/default/molecule.yml new file mode 100644 index 0000000..a10baa6 --- /dev/null +++ b/roles/ansible/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ansible-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ansible-archlinux + image: archlinux/base + pre_build_image: yes + - name: ansible-centos-6 + image: centos:6 + pre_build_image: yes + - name: ansible-centos-latest + image: centos:latest + pre_build_image: yes + - name: ansible-debian-latest + image: debian:latest + pre_build_image: yes + - name: ansible-debian-stable + image: debian:stable + pre_build_image: yes + - name: ansible-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: ansible-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: ansible-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: ansible-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: ansible-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: ansible-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: ansible-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/ansible/molecule/ec2/README.md b/roles/ansible/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/ansible/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/ansible/molecule/ec2/create.yml b/roles/ansible/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/ansible/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/ansible/molecule/ec2/destroy.yml b/roles/ansible/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/ansible/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/ansible/molecule/ec2/molecule.yml b/roles/ansible/molecule/ec2/molecule.yml new file mode 100644 index 0000000..62e014a --- /dev/null +++ b/roles/ansible/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: ansible-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + ansible-ubuntu-18.04: + ansible_user: ubuntu + ansible-centos-7: + ansible_user: centos + ansible-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/ansible/molecule/fedora-latest/molecule.yml b/roles/ansible/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..e7ff592 --- /dev/null +++ b/roles/ansible/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/ansible/molecule/fedora-rawhide/molecule.yml b/roles/ansible/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..f61802a --- /dev/null +++ b/roles/ansible/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/ansible/molecule/opensuse-leap/molecule.yml b/roles/ansible/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..2ec2614 --- /dev/null +++ b/roles/ansible/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/ansible/molecule/resources/playbook.yml b/roles/ansible/molecule/resources/playbook.yml new file mode 100644 index 0000000..7b4245a --- /dev/null +++ b/roles/ansible/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-ansible diff --git a/roles/ansible/molecule/resources/prepare.yml b/roles/ansible/molecule/resources/prepare.yml new file mode 100644 index 0000000..c8572a5 --- /dev/null +++ b/roles/ansible/molecule/resources/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.epel diff --git a/roles/ansible/molecule/ubuntu-devel/molecule.yml b/roles/ansible/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..18b79f3 --- /dev/null +++ b/roles/ansible/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/ansible/molecule/ubuntu-latest/molecule.yml b/roles/ansible/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..9640499 --- /dev/null +++ b/roles/ansible/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/ansible/molecule/ubuntu-rolling/molecule.yml b/roles/ansible/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..09162ae --- /dev/null +++ b/roles/ansible/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/ansible/molecule/vagrant/molecule.yml b/roles/ansible/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..7fcd279 --- /dev/null +++ b/roles/ansible/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: ansible-debian + box: debian/stretch64 + - name: ansible-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/ansible/requirements.yml b/roles/ansible/requirements.yml new file mode 100644 index 0000000..cecd945 --- /dev/null +++ b/roles/ansible/requirements.yml @@ -0,0 +1,3 @@ +--- +- robertdebock.bootstrap +- robertdebock.epel diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml new file mode 100644 index 0000000..ac111e6 --- /dev/null +++ b/roles/ansible/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# tasks file for ansible +- name: install ansible + package: + name: "{{ ansible_packages }}" + state: present + register: ansible_install_ansible + until: ansible_install_ansible is succeeded + retries: 3 + +- name: ensure the ansible directory exists + file: + path: /etc/ansible + state: directory + +- name: mark configuration file as ansible managed + lineinfile: + path: "{{ ansible_configuration_directory }}/{{ ansible_configuration_file }}" + create: yes + insertbefore: BOF + line: "# This file is managed by Ansible." + +- name: configure ansible + ini_file: + path: "{{ ansible_configuration_directory }}/{{ ansible_configuration_file }}" + section: "{{ item.section | default('defaults') }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - "{{ ansible_configuration }}" + loop_control: + label: "{{ item.option }}" diff --git a/roles/ansible/vars/main.yml b/roles/ansible/vars/main.yml new file mode 100644 index 0000000..147985b --- /dev/null +++ b/roles/ansible/vars/main.yml @@ -0,0 +1,8 @@ +--- +# vars file for ansible +ansible_packages: + - ansible + +ansible_configuration_directory: /etc/ansible + +ansible_configuration_file: ansible.cfg diff --git a/roles/ansible_lint/.github/ISSUE_TEMPLATE/bug_report.md b/roles/ansible_lint/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/ansible_lint/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/ansible_lint/.github/ISSUE_TEMPLATE/feature_request.md b/roles/ansible_lint/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/ansible_lint/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/ansible_lint/.github/settings.yml b/roles/ansible_lint/.github/settings.yml new file mode 100644 index 0000000..00c0616 --- /dev/null +++ b/roles/ansible_lint/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install ansible-lint on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/ansible_lint/.gitignore b/roles/ansible_lint/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/ansible_lint/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/ansible_lint/.travis.yml b/roles/ansible_lint/.travis.yml new file mode 100644 index 0000000..8b5b3a3 --- /dev/null +++ b/roles/ansible_lint/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "XWAAQ/YpN5s6xZknnRZKnkcUy5GkbI6nxGjZYOH+ZmYUEg+EnWzliwYmZ4zOzOtmQUTx7X6UMHfxb4Z7uyPA0z/mjVnIRCoqv6QAmbTHJBztzjyJy3HpDvX7IYO6Lrr+T0RHQ5uGarpXsUxCrCD+fKf1WfyVy/XJ8Uw1gPY7fEpjB+xRtxwYukRmZFxjcUnbBwguVSveoUBhyn6vr+cW4rovtB5s443H5UXQeprSY0Pu28G77rnc2opk1CLP0P/gwetPjnFaZRwYY0L0VNER877sloZ8IcY47ThdBNVpkkMbpJgkSQW7brSIjefP1S9kx00b6XqwV/8zh/DSi2j8mq8CU2g2qLm8M5F/ik1d/sc23wxCnj+GWeBoAlPcpgCYM8nYp8oS09H32TQFG7iENu3nG+9YsoNKdUSPQvfqYkXtO7Sbtvjgiv0rhhZJLsvqnrh2Dq/6Y2K1jmDcZuQfFDgdCTW85zLDle78zFyiIjLc41QX4Rqo9ELJNR5KQ60pQIoIb/JxRvEERvzOBJl+atAa4CvI+UdU/xUFEokWXLwGi+Ze+cu7Qfskg6ISCzGAZ/D1aJ0R8wHjwY/BdiM0oSadlGl13yU1jVSWoHwpnmpBZIuGnPrCGPf3VLzRGPdkAej+RCdt4DKCNUb8BZ67f4nP3gwAEBYbOle58O4tA2c=" + email: false diff --git a/roles/ansible_lint/.yamllint b/roles/ansible_lint/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/ansible_lint/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/ansible_lint/CODE_OF_CONDUCT.md b/roles/ansible_lint/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/ansible_lint/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/ansible_lint/CONTRIBUTING.md b/roles/ansible_lint/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/ansible_lint/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/ansible_lint/LICENSE b/roles/ansible_lint/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/ansible_lint/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/ansible_lint/PULL_REQUEST_TEMPLATE.md b/roles/ansible_lint/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/ansible_lint/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/ansible_lint/README.md b/roles/ansible_lint/README.md new file mode 100644 index 0000000..2d3d4f8 --- /dev/null +++ b/roles/ansible_lint/README.md @@ -0,0 +1,135 @@ +ansible_lint +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-ansible_lint.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-ansible_lint) + +Install ansible-lint on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.ansible_lint +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for ansible_lint +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/ansible_lint.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-ansible_lint) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-ansible_lint/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/ansible_lint/defaults/main.yml b/roles/ansible_lint/defaults/main.yml new file mode 100644 index 0000000..89b85d8 --- /dev/null +++ b/roles/ansible_lint/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ansible_lint diff --git a/roles/ansible_lint/meta/.galaxy_install_info b/roles/ansible_lint/meta/.galaxy_install_info new file mode 100644 index 0000000..4d59bd2 --- /dev/null +++ b/roles/ansible_lint/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:19 2019', version: 2.0.2} diff --git a/roles/ansible_lint/meta/main.yml b/roles/ansible_lint/meta/main.yml new file mode 100644 index 0000000..92d991e --- /dev/null +++ b/roles/ansible_lint/meta/main.yml @@ -0,0 +1,46 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: ansible_lint + description: Install ansible-lint on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - ansiblelint + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/ansible_lint/molecule/alpine-edge/molecule.yml b/roles/ansible_lint/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..9ff49d2 --- /dev/null +++ b/roles/ansible_lint/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/ansible_lint/molecule/alpine-latest/molecule.yml b/roles/ansible_lint/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..d7e6819 --- /dev/null +++ b/roles/ansible_lint/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/ansible_lint/molecule/archlinux/molecule.yml b/roles/ansible_lint/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..a26fe86 --- /dev/null +++ b/roles/ansible_lint/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/ansible_lint/molecule/centos-6/molecule.yml b/roles/ansible_lint/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..78e91bc --- /dev/null +++ b/roles/ansible_lint/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/ansible_lint/molecule/centos-latest/molecule.yml b/roles/ansible_lint/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..6905811 --- /dev/null +++ b/roles/ansible_lint/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/ansible_lint/molecule/debian-latest/molecule.yml b/roles/ansible_lint/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..2769446 --- /dev/null +++ b/roles/ansible_lint/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/ansible_lint/molecule/debian-stable/molecule.yml b/roles/ansible_lint/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..4d3b19a --- /dev/null +++ b/roles/ansible_lint/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/ansible_lint/molecule/debian-unstable/molecule.yml b/roles/ansible_lint/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..92753ae --- /dev/null +++ b/roles/ansible_lint/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/ansible_lint/molecule/default/molecule.yml b/roles/ansible_lint/molecule/default/molecule.yml new file mode 100644 index 0000000..8bfb018 --- /dev/null +++ b/roles/ansible_lint/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ansible_lint-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ansible_lint-archlinux + image: archlinux/base + pre_build_image: yes + - name: ansible_lint-centos-6 + image: centos:6 + pre_build_image: yes + - name: ansible_lint-centos-latest + image: centos:latest + pre_build_image: yes + - name: ansible_lint-debian-latest + image: debian:latest + pre_build_image: yes + - name: ansible_lint-debian-stable + image: debian:stable + pre_build_image: yes + - name: ansible_lint-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: ansible_lint-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: ansible_lint-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: ansible_lint-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: ansible_lint-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: ansible_lint-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: ansible_lint-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/ansible_lint/molecule/ec2/README.md b/roles/ansible_lint/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/ansible_lint/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/ansible_lint/molecule/ec2/create.yml b/roles/ansible_lint/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/ansible_lint/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/ansible_lint/molecule/ec2/destroy.yml b/roles/ansible_lint/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/ansible_lint/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/ansible_lint/molecule/ec2/molecule.yml b/roles/ansible_lint/molecule/ec2/molecule.yml new file mode 100644 index 0000000..ebae80a --- /dev/null +++ b/roles/ansible_lint/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: ansible_lint-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible_lint-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible_lint-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible_lint-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible_lint-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ansible_lint-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + ansible_lint-ubuntu-18.04: + ansible_user: ubuntu + ansible_lint-centos-7: + ansible_user: centos + ansible_lint-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/ansible_lint/molecule/fedora-latest/molecule.yml b/roles/ansible_lint/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..1621d26 --- /dev/null +++ b/roles/ansible_lint/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/ansible_lint/molecule/fedora-rawhide/molecule.yml b/roles/ansible_lint/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..e42f923 --- /dev/null +++ b/roles/ansible_lint/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/ansible_lint/molecule/opensuse-leap/molecule.yml b/roles/ansible_lint/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..fe91420 --- /dev/null +++ b/roles/ansible_lint/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/ansible_lint/molecule/resources/playbook.yml b/roles/ansible_lint/molecule/resources/playbook.yml new file mode 100644 index 0000000..11079b0 --- /dev/null +++ b/roles/ansible_lint/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-ansible_lint diff --git a/roles/ansible_lint/molecule/resources/prepare.yml b/roles/ansible_lint/molecule/resources/prepare.yml new file mode 100644 index 0000000..a44724a --- /dev/null +++ b/roles/ansible_lint/molecule/resources/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip diff --git a/roles/ansible_lint/molecule/ubuntu-devel/molecule.yml b/roles/ansible_lint/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..29ce30a --- /dev/null +++ b/roles/ansible_lint/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/ansible_lint/molecule/ubuntu-latest/molecule.yml b/roles/ansible_lint/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..e35f9f4 --- /dev/null +++ b/roles/ansible_lint/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/ansible_lint/molecule/ubuntu-rolling/molecule.yml b/roles/ansible_lint/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..6c70367 --- /dev/null +++ b/roles/ansible_lint/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ansible_lint-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/ansible_lint/molecule/vagrant/molecule.yml b/roles/ansible_lint/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..5fee3a7 --- /dev/null +++ b/roles/ansible_lint/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: ansible_lint-debian + box: debian/stretch64 + - name: ansible_lint-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/ansible_lint/requirements.yml b/roles/ansible_lint/requirements.yml new file mode 100644 index 0000000..2fd552b --- /dev/null +++ b/roles/ansible_lint/requirements.yml @@ -0,0 +1,5 @@ +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip diff --git a/roles/ansible_lint/tasks/main.yml b/roles/ansible_lint/tasks/main.yml new file mode 100644 index 0000000..a8d0812 --- /dev/null +++ b/roles/ansible_lint/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# tasks file for ansible_lint +- name: test veriables and environment + assert: + that: + +- name: install ansible_lint + pip: + name: "{{ ansible_lint_packages }}" + state: present + register: ansible_lint_install_ansible_lint + until: ansible_lint_install_ansible_lint is succeeded + retries: 3 diff --git a/roles/ansible_lint/vars/main.yml b/roles/ansible_lint/vars/main.yml new file mode 100644 index 0000000..cf44daa --- /dev/null +++ b/roles/ansible_lint/vars/main.yml @@ -0,0 +1,4 @@ +--- +# vars file for ansible_lint +ansible_lint_packages: + - ansible-lint diff --git a/roles/ara/.github/ISSUE_TEMPLATE/bug_report.md b/roles/ara/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/ara/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/ara/.github/ISSUE_TEMPLATE/feature_request.md b/roles/ara/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/ara/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/ara/.github/settings.yml b/roles/ara/.github/settings.yml new file mode 100644 index 0000000..582014f --- /dev/null +++ b/roles/ara/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure ara on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/ara/.gitignore b/roles/ara/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/ara/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/ara/.travis.yml b/roles/ara/.travis.yml new file mode 100644 index 0000000..c34a0e0 --- /dev/null +++ b/roles/ara/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "KNGb6nUiIFk86AMSfRdnFFWcKh4whVEcvS3ycBdhEBhbG4/4d8TBNFILjLpvTrr5d2Vmhj4JM2dRTwfkEj+ChC9cCknSVwkwZqbOx+H1NmiYgTWHn8Ar89NOh/GnaV3aU1AcK36L+7M9pcoTaLtl0BRWwrR4BUCIUFqgOf7vEtKWew+b1zmaGG3hygrGYFMKFJa4GfsGiSYnkn8TFG2muacgzlActQzML1xHrE/kR4hWK7dMZCLdPDgzXyRDwMZwkQQxPwKe0rCLYY7izzRoFchziyyvtwCrZ2F5sN4HsNploCwBRPCw3o6ZdhybPlmEls/PE+UhshV7NZb8t5/oX2bTHnHABEyRs6dLJotxgYCkkU4brlq2btWiYVP5FdCHYF/PraQbb5yNl+fKGSPimGj++B3MgIGLaq0ZskO3RC+RiqNnO5V6/SLjr4zk4JqPtPl7CEX3o77VcxQQEm91Xk7++yNCng8ShAK2IrBWxezQc4ZwyyvntNYi+ODqJaJDMCE+RQAaw1iBvGgaAX2P798LPJRew9D64xByC7FUKTe9TSOoYG635/iKWVDLneLd3CdvaKwkBSx2A/6eO6HGjSqi7PHhY1Y3Jru+oTVB3NNopHHLNNo2Qv1us76meP6LoxaoCvkt7/YmFkCYxvkCWey5q6vq0Kd0IhC3uGYFSkA=" + email: false diff --git a/roles/ara/.yamllint b/roles/ara/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/ara/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/ara/CODE_OF_CONDUCT.md b/roles/ara/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/ara/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/ara/CONTRIBUTING.md b/roles/ara/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/ara/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/ara/LICENSE b/roles/ara/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/ara/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/ara/PULL_REQUEST_TEMPLATE.md b/roles/ara/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/ara/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/ara/README.md b/roles/ara/README.md new file mode 100644 index 0000000..855c64a --- /dev/null +++ b/roles/ara/README.md @@ -0,0 +1,155 @@ +ara +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-ara.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-ara) + +Install and configure ara on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.ara +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap + - robertdebock.buildtools + - robertdebock.epel + - robertdebock.python_pip +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for ara + +# If you would like to update the packages that this role installs, set `ara_packages_state` to `latest`, otherwise use `default`. + +# The ansible.cfg to modify. +ara_configuration_file: /etc/ansible/ansible.cfg + +# The user to run ara as. Typically root, but if you run playbooks under your username, ara saves data in your homedirectory. In that case change the ara_user to your username. +ara_user: root + +# Extra options can be set using this structure. +# ara_configuration: +# - option: port +# value: 9191 +# - option: host +# value: 0.0.0.0 +# - option: playbook_per_page +# value: 10 +# - option: result_per_page +# value: 25 +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.epel +- robertdebock.buildtools +- robertdebock.python_pip +- robertdebock.service + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/ara.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-ara) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-ara/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/ara/defaults/main.yml b/roles/ara/defaults/main.yml new file mode 100644 index 0000000..3bf8709 --- /dev/null +++ b/roles/ara/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# defaults file for ara + +# If you would like to update the packages that this role installs, set `ara_packages_state` to `latest`, otherwise use `default`. + +# The ansible.cfg to modify. +ara_configuration_file: /etc/ansible/ansible.cfg + +# The user to run ara as. Typically root, but if you run playbooks under your username, ara saves data in your homedirectory. In that case change the ara_user to your username. +ara_user: root + +# Extra options can be set using this structure. +# ara_configuration: +# - option: port +# value: 9191 +# - option: host +# value: 0.0.0.0 +# - option: playbook_per_page +# value: 10 +# - option: result_per_page +# value: 25 diff --git a/roles/ara/handlers/main.yml b/roles/ara/handlers/main.yml new file mode 100644 index 0000000..424876d --- /dev/null +++ b/roles/ara/handlers/main.yml @@ -0,0 +1,16 @@ +--- +# handlers file for ara +- name: restart ara + service: + name: ara + state: restarted + when: + - ansible_virtualization_type != "docker" + become: yes + +- name: systemctl daemon-reload + systemd: + daemon_reload: yes + become: yes + notify: + - restart ara diff --git a/roles/ara/meta/.galaxy_install_info b/roles/ara/meta/.galaxy_install_info new file mode 100644 index 0000000..5974eea --- /dev/null +++ b/roles/ara/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:23 2019', version: 2.0.6} diff --git a/roles/ara/meta/main.yml b/roles/ara/meta/main.yml new file mode 100644 index 0000000..0a8aa7f --- /dev/null +++ b/roles/ara/meta/main.yml @@ -0,0 +1,52 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: ara + description: Install and configure ara on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - alpine + - ansiblerecordsansible + - ara + - arareportsansible + - archlinux + - centos + - cloud + - debian + - development + - fedora + - monitoring + - opensuse + - reporting + - rhel + - ubuntu + - web + +dependencies: [] diff --git a/roles/ara/molecule/alpine-edge/molecule.yml b/roles/ara/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..5b6d032 --- /dev/null +++ b/roles/ara/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/ara/molecule/alpine-latest/molecule.yml b/roles/ara/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..36d4dea --- /dev/null +++ b/roles/ara/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/ara/molecule/archlinux/molecule.yml b/roles/ara/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..589093a --- /dev/null +++ b/roles/ara/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/ara/molecule/centos-6/molecule.yml b/roles/ara/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..13eeb21 --- /dev/null +++ b/roles/ara/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/ara/molecule/centos-latest/molecule.yml b/roles/ara/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..685b3fc --- /dev/null +++ b/roles/ara/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/ara/molecule/debian-latest/molecule.yml b/roles/ara/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..de0eab2 --- /dev/null +++ b/roles/ara/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/ara/molecule/debian-stable/molecule.yml b/roles/ara/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..72e3726 --- /dev/null +++ b/roles/ara/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/ara/molecule/debian-unstable/molecule.yml b/roles/ara/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..e7e8f19 --- /dev/null +++ b/roles/ara/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/ara/molecule/default/molecule.yml b/roles/ara/molecule/default/molecule.yml new file mode 100644 index 0000000..701b1ab --- /dev/null +++ b/roles/ara/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ara-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ara-archlinux + image: archlinux/base + pre_build_image: yes + - name: ara-centos-6 + image: centos:6 + pre_build_image: yes + - name: ara-centos-latest + image: centos:latest + pre_build_image: yes + - name: ara-debian-latest + image: debian:latest + pre_build_image: yes + - name: ara-debian-stable + image: debian:stable + pre_build_image: yes + - name: ara-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: ara-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: ara-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: ara-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: ara-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: ara-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: ara-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/ara/molecule/ec2/README.md b/roles/ara/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/ara/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/ara/molecule/ec2/create.yml b/roles/ara/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/ara/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/ara/molecule/ec2/destroy.yml b/roles/ara/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/ara/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/ara/molecule/ec2/molecule.yml b/roles/ara/molecule/ec2/molecule.yml new file mode 100644 index 0000000..9a66cc1 --- /dev/null +++ b/roles/ara/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: ara-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ara-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ara-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ara-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ara-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ara-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + ara-ubuntu-18.04: + ansible_user: ubuntu + ara-centos-7: + ansible_user: centos + ara-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/ara/molecule/fedora-latest/molecule.yml b/roles/ara/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..e5bd6d5 --- /dev/null +++ b/roles/ara/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/ara/molecule/fedora-rawhide/molecule.yml b/roles/ara/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..b81dea7 --- /dev/null +++ b/roles/ara/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/ara/molecule/opensuse-leap/molecule.yml b/roles/ara/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..0d0c80a --- /dev/null +++ b/roles/ara/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/ara/molecule/resources/playbook.yml b/roles/ara/molecule/resources/playbook.yml new file mode 100644 index 0000000..93cd084 --- /dev/null +++ b/roles/ara/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-ara diff --git a/roles/ara/molecule/resources/prepare.yml b/roles/ara/molecule/resources/prepare.yml new file mode 100644 index 0000000..cc31f6d --- /dev/null +++ b/roles/ara/molecule/resources/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap + - robertdebock.buildtools + - robertdebock.epel + - robertdebock.python_pip diff --git a/roles/ara/molecule/ubuntu-devel/molecule.yml b/roles/ara/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..8c127bd --- /dev/null +++ b/roles/ara/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/ara/molecule/ubuntu-latest/molecule.yml b/roles/ara/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..d2dc8e2 --- /dev/null +++ b/roles/ara/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/ara/molecule/ubuntu-rolling/molecule.yml b/roles/ara/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..6956834 --- /dev/null +++ b/roles/ara/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ara-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/ara/molecule/vagrant/INSTALL.rst b/roles/ara/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/ara/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/ara/molecule/vagrant/molecule.yml b/roles/ara/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..e68a13a --- /dev/null +++ b/roles/ara/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: ara-debian + box: debian/stretch64 + - name: ara-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/ara/requirements.yml b/roles/ara/requirements.yml new file mode 100644 index 0000000..f1ffb01 --- /dev/null +++ b/roles/ara/requirements.yml @@ -0,0 +1,6 @@ +--- +- robertdebock.bootstrap +- robertdebock.epel +- robertdebock.buildtools +- robertdebock.python_pip +- robertdebock.service diff --git a/roles/ara/tasks/main.yml b/roles/ara/tasks/main.yml new file mode 100644 index 0000000..926f248 --- /dev/null +++ b/roles/ara/tasks/main.yml @@ -0,0 +1,69 @@ +--- +# tasks file for ara +- name: install required packages + package: + name: "{{ ara_packages }}" + state: present + register: ara_install_required_packages + until: ara_install_required_packages is succeeded + retries: 3 + +- name: install ara + pip: + name: ara + state: present + register: ara_install_ara + until: ara_install_ara is succeeded + retries: 3 + +- name: create ara service + import_role: + name: robertdebock.service + +- name: find callback_plugins path + block: + - name: try python2 + command: "{{ ara_setup_command_python2 }}" + register: ara_callback_plugins + changed_when: no + + rescue: + - name: try python3 + command: "{{ ara_setup_command_python3 }}" + register: ara_callback_plugins + changed_when: no + +- name: configure ansible to use ara + ini_file: + path: "{{ ara_configuration_file }}" + section: defaults + option: callback_plugins + value: "{{ ara_callback_plugins.stdout }}" + notify: + - restart ara + when: + - ara_configuration_file is defined + - ara_callback_plugins.stdout is defined + +- name: configure ara + ini_file: + path: "{{ ara_configuration_file }}" + section: ara + option: "{{ item.option }}" + value: "{{ item.value }}" + notify: + - restart ara + with_items: + - "{{ ara_configuration }}" + when: + - ara_configuration is defined + loop_control: + label: "{{ item.option }}" + +- name: start and enable ara + service: + name: ara + state: started + enabled: yes + when: + - ansible_virtualization_type != "docker" diff --git a/roles/ara/vars/main.yml b/roles/ara/vars/main.yml new file mode 100644 index 0000000..b8abd41 --- /dev/null +++ b/roles/ara/vars/main.yml @@ -0,0 +1,50 @@ +--- +# vars file for ara +_ara_packages: + default: + - gcc + Alpine: + - linux-headers + CentOS: + - gcc + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config + Debian: + - gcc + - python-dev + - libffi-dev + - libssl-dev + Fedora: + - gcc + - python-devel + - libffi-devel + - openssl-devel + - redhat-rpm-config + openSUSE Leap: + - gcc + - python-devel + Ubuntu: + - gcc + - python-dev + - libffi-dev + - libssl-dev + +ara_packages: "{{ _ara_packages[ansible_distribution] | default (_ara_packages['default'] ) }}" + +_ara_binary_location: + default: /usr/bin + Debian: /usr/local/bin + Ubuntu: /usr/local/bin + +ara_binary_location: "{{ _ara_binary_location[ansible_distribution] | default(_ara_binary_location['default']) }}" + +ara_setup_command_python2: python -m ara.setup.callback_plugins +ara_setup_command_python3: python3 -m ara.setup.callback_plugins + +service_list: + - name: ara + description: Ansible Reports Ara + start_command: "{{ ara_binary_location }}/ara-manage runserver" + user_name: "{{ ara_user }}" diff --git a/roles/atom/.github/ISSUE_TEMPLATE/bug_report.md b/roles/atom/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/atom/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/atom/.github/ISSUE_TEMPLATE/feature_request.md b/roles/atom/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/atom/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/atom/.github/settings.yml b/roles/atom/.github/settings.yml new file mode 100644 index 0000000..ae357a2 --- /dev/null +++ b/roles/atom/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install atom on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/atom/.gitignore b/roles/atom/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/atom/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/atom/.travis.yml b/roles/atom/.travis.yml new file mode 100644 index 0000000..3d3e834 --- /dev/null +++ b/roles/atom/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" expectation="fail" + - version="" distro="alpine-latest" expectation="fail" + - version="devel" distro="alpine-latest" expectation="fail" + - version=">=2.7,<2.8" distro="alpine-edge" expectation="fail" + - version="" distro="alpine-edge" expectation="fail" + - version="devel" distro="alpine-edge" expectation="fail" + - version=">=2.7,<2.8" distro="archlinux" expectation="fail" + - version="" distro="archlinux" expectation="fail" + - version="devel" distro="archlinux" expectation="fail" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" expectation="fail" + - env: version="" distro="alpine-edge" expectation="fail" + - env: version="devel" distro="alpine-edge" expectation="fail" + - env: version="devel" distro="alpine-latest" expectation="fail" + - env: version="devel" distro="archlinux" expectation="fail" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "m6jjS1/GZUUlovX2COeIGwVpS4iDfqAfX40onVjhCebOe5lMd259HTGk96QXPnh31VaonIfRfCgOjomcVKVBxZ1ELDKE/arwaflL6qc0zWHHH3cNzJjbTbouuSNGMrXA6y6Xlx6hBFb88PkpbiU07yO905RR2e5Jb8xse+zfzgFw451rfWLvbPXdskmC7YKzJ2T5heSG+eJE9EMOt4ZVj7wjWolNyGnW+QJetdZJTdokFRxgxSxPq8A0cLUBmC7nHEigycPimcDArikAU5wARs27Irp0bDjG+lDxcWj/0PEuDJjnpEc8j4pgSuMgLtmKMp+J75oC4FMcoOcYKL2FbDcY9fAbrfA/rK7kQq47QdtUjo6oP9BulP1Kl7/CRKXcM33QV5r5Yv80kDx+aOHVgf2ZqoKmtQovcS34VR94e8WwwRJloP0rz+8zoXci7tKOMeea5uvKws0zMRwjTlfRHrtOWT6yU0gL8o9dYLyyA1HhaV3kApuiBMH2FioMUteYzKCVWW3YO3PJO4CCJrltHaMPpRTCGY5bDn7Py3qqO41WTWJ6mzbZjLxNhHh/0R6xaV4BQH6qjkMH6WyS7ctaRBtGdkLW9nNmEJx2MLz3IYCAlY5Cs0BS1eKVoq6FVl0qwbhl24kiUekVTYSA6qti/VfoOyGKGGAqCBEyq/aKfSo=" + email: false diff --git a/roles/atom/.yamllint b/roles/atom/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/atom/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/atom/CODE_OF_CONDUCT.md b/roles/atom/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/atom/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/atom/CONTRIBUTING.md b/roles/atom/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/atom/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/atom/LICENSE b/roles/atom/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/atom/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/atom/PULL_REQUEST_TEMPLATE.md b/roles/atom/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/atom/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/atom/README.md b/roles/atom/README.md new file mode 100644 index 0000000..3594f99 --- /dev/null +++ b/roles/atom/README.md @@ -0,0 +1,129 @@ +atom +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-atom.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-atom) + +Install atom on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.atom +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for atom +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/atom.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|no|no|no*| +|alpine-latest|no|no|no*| +|archlinux|no|no|no*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-atom) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-atom/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/atom/defaults/main.yml b/roles/atom/defaults/main.yml new file mode 100644 index 0000000..fbabfd5 --- /dev/null +++ b/roles/atom/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for atom diff --git a/roles/atom/meta/.galaxy_install_info b/roles/atom/meta/.galaxy_install_info new file mode 100644 index 0000000..24d1218 --- /dev/null +++ b/roles/atom/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:26 2019', version: 2.0.2} diff --git a/roles/atom/meta/main.yml b/roles/atom/meta/main.yml new file mode 100644 index 0000000..608bdc3 --- /dev/null +++ b/roles/atom/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: atom + description: Install atom on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - atom + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/atom/molecule/alpine-edge/molecule.yml b/roles/atom/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..b42ad9b --- /dev/null +++ b/roles/atom/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/atom/molecule/alpine-latest/molecule.yml b/roles/atom/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..6ba79e6 --- /dev/null +++ b/roles/atom/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/atom/molecule/archlinux/molecule.yml b/roles/atom/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..a8082f5 --- /dev/null +++ b/roles/atom/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/atom/molecule/centos-6/molecule.yml b/roles/atom/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..348a5c5 --- /dev/null +++ b/roles/atom/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/atom/molecule/centos-latest/molecule.yml b/roles/atom/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..036b09d --- /dev/null +++ b/roles/atom/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/atom/molecule/debian-latest/molecule.yml b/roles/atom/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..88261cc --- /dev/null +++ b/roles/atom/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/atom/molecule/debian-stable/molecule.yml b/roles/atom/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..c830041 --- /dev/null +++ b/roles/atom/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/atom/molecule/debian-unstable/molecule.yml b/roles/atom/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..aee7021 --- /dev/null +++ b/roles/atom/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/atom/molecule/default/molecule.yml b/roles/atom/molecule/default/molecule.yml new file mode 100644 index 0000000..cc3cccc --- /dev/null +++ b/roles/atom/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: atom-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: atom-archlinux + image: archlinux/base + pre_build_image: yes + - name: atom-centos-6 + image: centos:6 + pre_build_image: yes + - name: atom-centos-latest + image: centos:latest + pre_build_image: yes + - name: atom-debian-latest + image: debian:latest + pre_build_image: yes + - name: atom-debian-stable + image: debian:stable + pre_build_image: yes + - name: atom-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: atom-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: atom-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: atom-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: atom-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: atom-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: atom-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/atom/molecule/ec2/README.md b/roles/atom/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/atom/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/atom/molecule/ec2/create.yml b/roles/atom/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/atom/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/atom/molecule/ec2/destroy.yml b/roles/atom/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/atom/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/atom/molecule/ec2/molecule.yml b/roles/atom/molecule/ec2/molecule.yml new file mode 100644 index 0000000..286a73b --- /dev/null +++ b/roles/atom/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: atom-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: atom-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: atom-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: atom-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: atom-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: atom-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + atom-ubuntu-18.04: + ansible_user: ubuntu + atom-centos-7: + ansible_user: centos + atom-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/atom/molecule/fedora-latest/molecule.yml b/roles/atom/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..a99d771 --- /dev/null +++ b/roles/atom/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/atom/molecule/fedora-rawhide/molecule.yml b/roles/atom/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..4483fa7 --- /dev/null +++ b/roles/atom/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/atom/molecule/opensuse-leap/molecule.yml b/roles/atom/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..e351fa9 --- /dev/null +++ b/roles/atom/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/atom/molecule/resources/playbook.yml b/roles/atom/molecule/resources/playbook.yml new file mode 100644 index 0000000..409511e --- /dev/null +++ b/roles/atom/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-atom diff --git a/roles/atom/molecule/resources/prepare.yml b/roles/atom/molecule/resources/prepare.yml new file mode 100644 index 0000000..feb7d81 --- /dev/null +++ b/roles/atom/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap diff --git a/roles/atom/molecule/ubuntu-devel/molecule.yml b/roles/atom/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..5276cdb --- /dev/null +++ b/roles/atom/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/atom/molecule/ubuntu-latest/molecule.yml b/roles/atom/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..a01cd1f --- /dev/null +++ b/roles/atom/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/atom/molecule/ubuntu-rolling/molecule.yml b/roles/atom/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..0035797 --- /dev/null +++ b/roles/atom/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: atom-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/atom/molecule/vagrant/molecule.yml b/roles/atom/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..d37e7ad --- /dev/null +++ b/roles/atom/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: atom-debian + box: debian/stretch64 + - name: atom-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/atom/requirements.yml b/roles/atom/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/atom/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/atom/tasks/main.yml b/roles/atom/tasks/main.yml new file mode 100644 index 0000000..6501832 --- /dev/null +++ b/roles/atom/tasks/main.yml @@ -0,0 +1,66 @@ +--- +# tasks file for atom +- name: test veriables and environment + assert: + that: + - ansible_pkg_mgr is defined + - ansible_pkg_mgr == "yum" or + ansible_pkg_mgr == "dnf" or + ansible_pkg_mgr == "apt" or + ansible_pkg_mgr == "zypper" + - atom_package_url is defined + - atom_package is defined + +- name: install requirements + package: + name: "{{ atom_requirements }}" + state: present + when: + - atom_requirements is defined + - ansible_pkg_mgr == "apt" + register: atom_install_requirements + until: atom_install_requirements is succeeded + retries: 3 + +- name: download atom + get_url: + url: "{{ atom_package_url }}" + dest: "/tmp/{{ atom_package }}" + validate_certs: no + when: + - ansible_pkg_mgr == "apt" or + ansible_pkg_mgr == "dnf" or + ansible_pkg_mgr == "yum" or + ansible_pkg_mgr == "zypper" + register: atom_download_atom + until: atom_download_atom is succeeded + retries: 3 + +- name: install atom deb + apt: + deb: "/tmp/{{ atom_package }}" + state: present + when: + - ansible_pkg_mgr == "apt" + +- name: install atom rpm dnf + dnf: + name: "/tmp/{{ atom_package }}" + state: present + when: + - ansible_pkg_mgr == "dnf" + +- name: install atom rpm yum + yum: + name: "/tmp/{{ atom_package }}" + state: present + when: + - ansible_pkg_mgr == "yum" + +- name: install atom rpm zypper + zypper: + name: "/tmp/{{ atom_package }}" + state: present + disable_gpg_check: yes + when: + - ansible_pkg_mgr == "zypper" diff --git a/roles/atom/vars/main.yml b/roles/atom/vars/main.yml new file mode 100644 index 0000000..b5490f7 --- /dev/null +++ b/roles/atom/vars/main.yml @@ -0,0 +1,26 @@ +--- +# vars file for atom +_atom_requirements: + apt: + - apt-transport-https + +atom_requirements: "{{ _atom_requirements[ansible_pkg_mgr] | default(omit) }}" + +atom_packages: "{{ _atom_packages[ansible_distribution ~ '-' ~ ansible_distribution_major_version] | default(_atom_packages[ansible_distribution] | default(_atom_packages['default'])) }}" + +_atom_package: + apt: + url: 'https://atom.io/download/deb' + name: atom-amd64.deb + dnf: + url: 'https://atom.io/download/rpm' + name: atom.x86_64.rpm + yum: + url: 'https://atom.io/download/rpm' + name: atom.x86_64.rpm + zypper: + url: 'https://atom.io/download/rpm' + name: atom.x86_64.rpm + +atom_package_url: '{{ _atom_package[ansible_pkg_mgr]["url"] }}' +atom_package: "{{ _atom_package[ansible_pkg_mgr]['name'] }}" diff --git a/roles/bootstrap/.github/ISSUE_TEMPLATE/bug_report.md b/roles/bootstrap/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/bootstrap/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/bootstrap/.github/ISSUE_TEMPLATE/feature_request.md b/roles/bootstrap/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/bootstrap/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/bootstrap/.github/settings.yml b/roles/bootstrap/.github/settings.yml new file mode 100644 index 0000000..7377564 --- /dev/null +++ b/roles/bootstrap/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Prepare your system to be managed by Ansible. + homepage: https://robertdebock.nl/ diff --git a/roles/bootstrap/.gitignore b/roles/bootstrap/.gitignore new file mode 100644 index 0000000..2ba7fd3 --- /dev/null +++ b/roles/bootstrap/.gitignore @@ -0,0 +1,5 @@ +molecule/*/.molecule +*.log +*.swp +*_ssh_key +*_ssh_key.pub diff --git a/roles/bootstrap/.travis.yml b/roles/bootstrap/.travis.yml new file mode 100644 index 0000000..6271fca --- /dev/null +++ b/roles/bootstrap/.travis.yml @@ -0,0 +1,100 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="gentoo" + - version="" distro="gentoo" + - version="devel" distro="gentoo" + - version=">=2.7,<2.8" distro="kali" + - version="" distro="kali" + - version="devel" distro="kali" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="gentoo" + - env: version="devel" distro="kali" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "aulwiTA7Pd7ckRc4A99/ldtgA3ke8+xC2LOTNA0REpgkUOp19IDYZvwZBGWoBTR4dGsh4P7/Z3V/9vpi7d/b8zDDF4pF+xayo7xSFtqJviawJuRIC7OTCzAKQrTvQccNA1sLPWWH49hWjjQCwVd7VnhhXZOFFJwtx7KT7S+xABInFQIRyuEEJocDrTzlF8xG63P3iFkv3YE90QSsi7gxAB6dnSiOOESwAnnhWEuvAEsLsEkHCANEoA90O477/jqH6eCBGGyA4ItO7dRwdhn8iSEbqakQ6WWD5bMUjnydQ/5CsyolJeV6ejr1z3CaPWMDA1nM+gCBuIPlkTV2E+uWWzYIGEcUt/oXY/P8d4AzfSbIECE0VQptOBVnxvDTY++39MPMDVtWW9j82ZyAylswQrx7eNqnhLMOF0MhTAJxiOeLAnPJe179j47dVDJRGWVzlBSqg0XIk8tVsVNrF7+hkkxYkP8pe3+yQYIW03j+JZyPR9uzkJnNhMSnoTC3ey7wd9aJD+9wgEeXkmvtIPCd6QIR35irRSKVHTyU5yArHzQDRCK5IwRqkfWG3fH1s92ApCzDn6AzbYCpdgf8f1diFHyNSmmO0eePRvo89skoRnUv3LhUre8HJbx2946AamrIeYYKi77uTcrLG9AekP/oiT31y6U/GcWXJnlaSyKhXFU=" + email: false diff --git a/roles/bootstrap/.yamllint b/roles/bootstrap/.yamllint new file mode 100644 index 0000000..77be3fb --- /dev/null +++ b/roles/bootstrap/.yamllint @@ -0,0 +1,13 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + # NOTE(retr0h): Templates no longer fail this lint rule. + # Uncomment if running old Molecule templates. + truthy: disable diff --git a/roles/bootstrap/CODE_OF_CONDUCT.md b/roles/bootstrap/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/bootstrap/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/bootstrap/CONTRIBUTING.md b/roles/bootstrap/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/bootstrap/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/bootstrap/LICENSE b/roles/bootstrap/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/bootstrap/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bootstrap/PULL_REQUEST_TEMPLATE.md b/roles/bootstrap/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/bootstrap/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/bootstrap/README.md b/roles/bootstrap/README.md new file mode 100644 index 0000000..218ba47 --- /dev/null +++ b/roles/bootstrap/README.md @@ -0,0 +1,138 @@ +bootstrap +========= + +Ansible logo +Build status + +Prepare your system to be managed by Ansible. + +Example Playbook +---------------- + +This example is taken from `molecule/resources/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap +``` + +The machine you are running this on, may need to be prepared. +```yaml +No preparation required. + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for bootstrap + +# The user to use to connect to machines. +bootstrap_user: root + +# Installed software to support modules flagged as "preview" (i.e. mysql_db). +# "yes", "no" or unset are valid. +bootstrap_preview: yes + +# Do you want to wait for the host to be available? +bootstrap_wait_for_host: no + +# The number of seconds you want to wait during connection test before failing. +bootstrap_timeout: 3 + +# The number of retries during installation +bootstrap_retries: 3 +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +- none +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/bootstrap.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.7|ansible 2.8|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|gentoo|yes|yes|yes*| +|kali|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-bootstrap) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-bootstrap/issues) + +To test this role locally please use [Molecule](https://github.com/ansible/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +Robert de Bock diff --git a/roles/bootstrap/defaults/main.yml b/roles/bootstrap/defaults/main.yml new file mode 100644 index 0000000..1bc6c52 --- /dev/null +++ b/roles/bootstrap/defaults/main.yml @@ -0,0 +1,18 @@ +--- +# defaults file for bootstrap + +# The user to use to connect to machines. +bootstrap_user: root + +# Installed software to support modules flagged as "preview" (i.e. mysql_db). +# "yes", "no" or unset are valid. +bootstrap_preview: yes + +# Do you want to wait for the host to be available? +bootstrap_wait_for_host: no + +# The number of seconds you want to wait during connection test before failing. +bootstrap_timeout: 3 + +# The number of retries during installation +bootstrap_retries: 3 diff --git a/roles/bootstrap/handlers/main.yml b/roles/bootstrap/handlers/main.yml new file mode 100644 index 0000000..e95f7e9 --- /dev/null +++ b/roles/bootstrap/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# handlers file for bootstrap +- name: gather facts + setup: + become: no diff --git a/roles/bootstrap/meta/.galaxy_install_info b/roles/bootstrap/meta/.galaxy_install_info new file mode 100644 index 0000000..581823f --- /dev/null +++ b/roles/bootstrap/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:31 2019', version: 3.1.2} diff --git a/roles/bootstrap/meta/main.yml b/roles/bootstrap/meta/main.yml new file mode 100644 index 0000000..50ebcc2 --- /dev/null +++ b/roles/bootstrap/meta/main.yml @@ -0,0 +1,67 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: bootstrap + description: Prepare your system to be managed by Ansible. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: Amazon + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: FreeBSD + versions: + - 10.4 + - 11.2 + - name: OpenBSD + versions: + - all + - name: OpenSUSE + versions: + - all + - name: SLES + verions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - alpine + - bootstrap + - centos + - debian + - el + - fedora + - freebsd + - gentoo + - installer + - kali + - openbsd + - opensuse + - rhel + - server + - sudo + - system + - ubuntu + +dependencies: [] diff --git a/roles/bootstrap/molecule/alpine-edge/molecule.yml b/roles/bootstrap/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..3db17dd --- /dev/null +++ b/roles/bootstrap/molecule/alpine-edge/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/bootstrap/molecule/alpine-latest/molecule.yml b/roles/bootstrap/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..13acd8d --- /dev/null +++ b/roles/bootstrap/molecule/alpine-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/bootstrap/molecule/archlinux/molecule.yml b/roles/bootstrap/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..e800746 --- /dev/null +++ b/roles/bootstrap/molecule/archlinux/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/bootstrap/molecule/centos-6/molecule.yml b/roles/bootstrap/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..e868ed4 --- /dev/null +++ b/roles/bootstrap/molecule/centos-6/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/bootstrap/molecule/centos-latest/molecule.yml b/roles/bootstrap/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..27bb7af --- /dev/null +++ b/roles/bootstrap/molecule/centos-latest/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/bootstrap/molecule/debian-latest/molecule.yml b/roles/bootstrap/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..09927f7 --- /dev/null +++ b/roles/bootstrap/molecule/debian-latest/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/bootstrap/molecule/debian-stable/molecule.yml b/roles/bootstrap/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..e6b5b2f --- /dev/null +++ b/roles/bootstrap/molecule/debian-stable/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/bootstrap/molecule/debian-unstable/molecule.yml b/roles/bootstrap/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..015d345 --- /dev/null +++ b/roles/bootstrap/molecule/debian-unstable/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/bootstrap/molecule/default/molecule.yml b/roles/bootstrap/molecule/default/molecule.yml new file mode 100644 index 0000000..6b14302 --- /dev/null +++ b/roles/bootstrap/molecule/default/molecule.yml @@ -0,0 +1,62 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: bootstrap-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: bootstrap-archlinux + image: archlinux/base + pre_build_image: yes + - name: bootstrap-centos-6 + image: centos:6 + pre_build_image: yes + - name: bootstrap-centos-latest + image: centos:latest + pre_build_image: yes + - name: bootstrap-debian-latest + image: debian:latest + pre_build_image: yes + - name: bootstrap-debian-stable + image: debian:stable + pre_build_image: yes + - name: bootstrap-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: bootstrap-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: bootstrap-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: bootstrap-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: bootstrap-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: bootstrap-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: bootstrap-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/bootstrap/molecule/digitalocean/README.md b/roles/bootstrap/molecule/digitalocean/README.md new file mode 100644 index 0000000..e8f9e1f --- /dev/null +++ b/roles/bootstrap/molecule/digitalocean/README.md @@ -0,0 +1,13 @@ +# Testing on Digitalocean + +In order to test on Digitalocean, set the `DO_API_TOKEN`: + +``` +export DO_API_TOKEN=abcdefghijklmnopqrstuvwxyz0123456789 +``` + +Run the tests: + +``` +molecule test --scenario-name digitalocean +``` diff --git a/roles/bootstrap/molecule/digitalocean/create.yml b/roles/bootstrap/molecule/digitalocean/create.yml new file mode 100644 index 0000000..c0e412b --- /dev/null +++ b/roles/bootstrap/molecule/digitalocean/create.yml @@ -0,0 +1,84 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + + vars: + ssh_user: root + ssh_port: 22 + ssh_identity_file: /tmp/molecule_ssh_key + + tasks: + - name: create ssh key + command: ssh-keygen -f {{ ssh_identity_file }} + args: + creates: "{{ ssh_identity_file }}" + + - name: save ssh key into a variable + command: cat {{ ssh_identity_file }}.pub + register: molecule_ssh_key + changed_when: no + + - name: upload digitalocean ssh key + digital_ocean_sshkey: + name: "{{ ssh_identity_file }}" + state: present + ssh_pub_key: "{{ molecule_ssh_key.stdout }}" + register: digital_ocean_ssh_key + + - name: start digitalocean droplet + digital_ocean: + name: "{{ item.name }}" + state: present + size_id: "{{ item.size_id | default('2gb') }}" + region_id: "{{ item.region_id | default('ams3') }}" + image_id: "{{ item.image_id | default('centos-7-x64') }}" + unique_name: yes + ssh_key_ids: + - "{{ digital_ocean_ssh_key.data.ssh_key.id }}" + register: server + with_items: + - "{{ molecule_yml.platforms }}" + + - name: render sshd_config for instances + template: + src: sshd_config.j2 + dest: "{{ molecule_ephemeral_directory }}/sshd_config" + when: server.changed | bool + + - name: wait for ssh_port to be available + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.droplet.ip_address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: + - "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.droplet.id }}", + 'address': "{{ item.droplet.ip_address}}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ ssh_identity_file }}", } + with_items: "{{ server.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/bootstrap/molecule/digitalocean/destroy.yml b/roles/bootstrap/molecule/digitalocean/destroy.yml new file mode 100644 index 0000000..57a35da --- /dev/null +++ b/roles/bootstrap/molecule/digitalocean/destroy.yml @@ -0,0 +1,28 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + + tasks: + - name: destroy digitalocean droplet + digital_ocean: + name: "{{ item.name }}" + state: absent + unique_name: yes + with_items: + - "{{ molecule_yml.platforms }}" + register: server + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/bootstrap/molecule/digitalocean/molecule.yml b/roles/bootstrap/molecule/digitalocean/molecule.yml new file mode 100644 index 0000000..6347d77 --- /dev/null +++ b/roles/bootstrap/molecule/digitalocean/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: delegated +lint: + name: yamllint +platforms: + - name: bootstrap-fedora + image_id: fedora-28-x64 +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint + ssh_connection: + host_key_checking: no + ssh_args: -C -o ControlMaster=auto -o ControlPersist=60s -F ${MOLECULE_EPHEMERAL_DIRECTORY}/sshd_config +scenario: + name: digitalocean diff --git a/roles/bootstrap/molecule/digitalocean/sshd_config.j2 b/roles/bootstrap/molecule/digitalocean/sshd_config.j2 new file mode 100644 index 0000000..a204f33 --- /dev/null +++ b/roles/bootstrap/molecule/digitalocean/sshd_config.j2 @@ -0,0 +1,10 @@ +{% for platform in molecule_yml.platforms %} +{% for host in server.results %} +Host {{ platform.name }} + HostName {{ host.droplet.ip_address }} + Port {{ ssh_port }} + IdentityFile {{ ssh_identity_file }} + PreferredAuthentications publickey + User {{ ssh_user }} +{% endfor %} +{% endfor %} diff --git a/roles/bootstrap/molecule/ec2/README.md b/roles/bootstrap/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/bootstrap/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/bootstrap/molecule/ec2/create.yml b/roles/bootstrap/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/bootstrap/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/bootstrap/molecule/ec2/destroy.yml b/roles/bootstrap/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/bootstrap/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/bootstrap/molecule/ec2/molecule.yml b/roles/bootstrap/molecule/ec2/molecule.yml new file mode 100644 index 0000000..bc4a4a9 --- /dev/null +++ b/roles/bootstrap/molecule/ec2/molecule.yml @@ -0,0 +1,76 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: bootstrap-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: bootstrap-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: bootstrap-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: bootstrap-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: bootstrap-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: bootstrap-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + bootstrap-ubuntu-18.04: + ansible_user: ubuntu + bootstrap-centos-7: + ansible_user: centos + bootstrap-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/bootstrap/molecule/fedora-latest/molecule.yml b/roles/bootstrap/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..f126ad0 --- /dev/null +++ b/roles/bootstrap/molecule/fedora-latest/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + group_vars: + all: + ansible_python_interpreter: /usr/bin/python3 +scenario: + name: fedora-latest diff --git a/roles/bootstrap/molecule/fedora-rawhide/molecule.yml b/roles/bootstrap/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..6a26099 --- /dev/null +++ b/roles/bootstrap/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,27 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + group_vars: + all: + ansible_python_interpreter: /usr/bin/python3 +scenario: + name: fedora-rawhide diff --git a/roles/bootstrap/molecule/gentoo/molecule.yml b/roles/bootstrap/molecule/gentoo/molecule.yml new file mode 100644 index 0000000..54ad49b --- /dev/null +++ b/roles/bootstrap/molecule/gentoo/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bootstrap-gentoo + image: gentoo/stage3-amd64 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: gentoo diff --git a/roles/bootstrap/molecule/kali/molecule.yml b/roles/bootstrap/molecule/kali/molecule.yml new file mode 100644 index 0000000..cd5c3a0 --- /dev/null +++ b/roles/bootstrap/molecule/kali/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: bootstrap-kali + image: kalilinux/kali-linux-docker + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: kali diff --git a/roles/bootstrap/molecule/opensuse-leap/molecule.yml b/roles/bootstrap/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..2d02f99 --- /dev/null +++ b/roles/bootstrap/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/bootstrap/molecule/resources/playbook.yml b/roles/bootstrap/molecule/resources/playbook.yml new file mode 100644 index 0000000..f74ea59 --- /dev/null +++ b/roles/bootstrap/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: no + + roles: + - ansible-role-bootstrap diff --git a/roles/bootstrap/molecule/ubuntu-devel/molecule.yml b/roles/bootstrap/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..cb51cf8 --- /dev/null +++ b/roles/bootstrap/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/bootstrap/molecule/ubuntu-latest/molecule.yml b/roles/bootstrap/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..fdb0a14 --- /dev/null +++ b/roles/bootstrap/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/bootstrap/molecule/ubuntu-rolling/molecule.yml b/roles/bootstrap/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..e1f998a --- /dev/null +++ b/roles/bootstrap/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,21 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: bootstrap-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/bootstrap/molecule/vagrant/INSTALL.rst b/roles/bootstrap/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/bootstrap/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/bootstrap/molecule/vagrant/molecule.yml b/roles/bootstrap/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..47dac28 --- /dev/null +++ b/roles/bootstrap/molecule/vagrant/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: bootstrap-debian + box: debian/stretch64 + - name: bootstrap-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml new file mode 100644 index 0000000..747a609 --- /dev/null +++ b/roles/bootstrap/tasks/main.yml @@ -0,0 +1,223 @@ +--- +# tasks file for bootstrap +- name: wait for the host + wait_for: + port: "{{ ansible_port | default('22') }}" + host: "{{ (ansible_ssh_host | default(ansible_host) | default(inventory_hostname)) }}" + connection: local + become: no + when: + - ansible_connection is defined + - ansible_connection != "docker" + - bootstrap_wait_for_host + +- name: test connection + wait_for_connection: + timeout: "{{ bootstrap_timeout }}" + register: bootstrap_connect + changed_when: no + ignore_errors: yes + +- name: find package manager + remote_user: "{{ bootstrap_remote_user | default(omit) }}" + become: no + check_mode: no + block: + + - name: register apk + raw: apk --version + register: apk + changed_when: no + failed_when: no + + - name: register apt_get + raw: apt-get --version + register: apt_get + changed_when: no + failed_when: no + + - name: register dnf + raw: dnf --version + register: dnf + changed_when: no + failed_when: no + + - name: register emerge + raw: emerge --version + register: emerge + changed_when: no + failed_when: no + + - name: register pacman + raw: pacman --version + register: pacman + changed_when: no + failed_when: no + + - name: register pkg + raw: pkg --version + register: pkg + changed_when: no + failed_when: no + + - name: register pkg_add + raw: pkg_info + register: pkg_add + changed_when: no + failed_when: no + + - name: register yum + raw: yum --version + register: yum + changed_when: no + failed_when: no + + - name: register zypper + raw: zypper --version + register: zypper + changed_when: no + failed_when: no + +- name: install using found package manager + remote_user: "{{ bootstrap_remote_user | default(omit) }}" + block: + + - name: install software with apk + raw: "apk update ; apk add {{ bootstrap_apk_packages }}" + when: + - apk.rc == 0 + register: apkresult + changed_when: + - "'Installing' in apkresult.stdout" + until: apkresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with apt-get + raw: "apt-get update ; apt-get -y install {{ bootstrap_apt_packages }}" + when: + - apt_get.rc == 0 + - zypper.rc != 0 + register: apt_getresult + changed_when: + - "' 0 newly installed' not in apt_getresult.stdout" + until: apt_getresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with dnf + raw: "dnf -y install {{ bootstrap_dnf_packages }}" + when: + - dnf.rc == 0 + register: dnfresult + changed_when: + - "'Nothing' not in dnfresult.stdout" + until: dnfresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with emerge + raw: "{{ bootstrap_emerge_command }}" + when: + - emerge.rc == 0 + register: emergeresult + changed_when: + - "'changed' in emergeresult.stdout" + until: emergeresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with pacman + raw: "pacman -Sy ; pacman -T {{ bootstrap_pacman_packages }} || pacman -S --noconfirm {{ bootstrap_pacman_packages }}" + when: + - pacman.rc == 0 + register: pacmanresult + changed_when: + - "' installing python' in pacmanresult.stdout" + until: pacmanresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with pkg + raw: > + ASSUME_ALWAYS_YES=YES + pkg install {{ bootstrap_pkg_packages }} + ; ln -s /usr/local/bin/python /usr/bin/python + || exit 0 + when: + - pkg.rc == 0 + register: pkgresult + changed_when: + - "'Extracting python' in pkgresult.stdout" + until: pkgresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with pkg_add + raw: pkg_add -Iz {{ bootstrap_pkg_add_packages }} + when: + - pkg_add.rc == 0 + register: pkg_add_getresult + changed_when: + - "': ok' in pkg_add_getresult.stdout" + until: pkg_add_getresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with yum + raw: "yum -y install {{ bootstrap_yum_packages }}" + when: + - yum.rc == 0 + register: yumresult + changed_when: + - "'Nothing' not in yumresult.stdout" + until: yumresult is succeeded + retries: "{{ bootstrap_retries }}" + + - name: install software with zypper + raw: "zypper -n install {{ bootstrap_zypper_packages }}" + when: + - zypper.rc == 0 + register: zypperresult + changed_when: + - "'Nothing' not in zypperresult.stdout" + failed_when: no + until: zypperresult is succeeded + retries: "{{ bootstrap_retries }}" + +- name: gather facts + setup: + become: no + +- name: add community repository for alpine + lineinfile: + path: /etc/apk/repositories + line: "{{ bootstrap_alpine_community_repo }}" + when: + - ansible_distribution == "Alpine" + +- name: install bootstrap packages + package: + name: "{{ bootstrap_packages }}" + state: present + register: packageresult + until: packageresult is succeeded + +- name: install software to support stable modules + package: + name: "{{ bootstrap_stable_packages }}" + state: present + when: + - bootstrap_stable_packages is defined + register: packagestableresult + until: packagestableresult is succeeded + notify: + - gather facts + +- name: install software to support preview modules + package: + name: "{{ bootstrap_preview_packages }}" + state: present + when: + - bootstrap_preview | bool + - bootstrap_preview_packages is defined + register: packagepreviewresult + until: packagepreviewresult is succeeded + notify: + - gather facts + +- name: flush handlers + meta: flush_handlers diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml new file mode 100644 index 0000000..bd67213 --- /dev/null +++ b/roles/bootstrap/vars/main.yml @@ -0,0 +1,177 @@ +--- +# vars file for bootstrap + +bootstrap_remote_user: "{{ (ansible_user | default(omit, true)) if bootstrap_connect is succeeded else bootstrap_user }}" + +# A string containing all packages required to be installed using the `raw` +# module, separated by a space. +bootstrap_apk_packages: python sudo +bootstrap_apt_packages: python sudo +bootstrap_dnf_packages: python sudo +bootstrap_emerge_packages: python sudo gentoolkit +bootstrap_pacman_packages: python sudo +bootstrap_pkg_add_packages: python-3* sudo-- +bootstrap_pkg_packages: python sudo +bootstrap_yum_packages: python2 sudo +bootstrap_zypper_packages: python python-xml sudo + +bootstrap_alpine_community_repo: "http://dl-cdn.alpinelinux.org/alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/community" + +# Some distributions do not have the fact `ansible_distribution_major_version`, +# as a workaround it's determined here, saved to another variable and used +# later. + +bootstrap_ansible_distribution_major_version: ansible_distibution_major_version | default('none') + +# A dictionary based on Ansible facts `ansible_distribution` and +# `ansible_distribution_major_version` containing a list of packages. +# This list is very similar to the `boostrap_{{ ansible_pkg_mgr }}_package` +# list. This dictionary is used to be able to update these packages. +_bootstrap_packages: + default: + - python + - sudo + Alpine: + - python + - sudo + - shadow + Archlinux: + - iproute2 + - python + - sudo + CentOS: + - iproute + - python2 + - sudo + Fedora: + - iproute + - python3 + - python3-dnf + - sudo + FreeBSD: + - python + - sudo + Gentoo: + - python + - sudo + - gentoolkit + OpenBSD: + - python%3 + - sudo-- + openSUSE Leap: + - iproute2 + - python + - python-xml + - sudo + Ubuntu: + - iproute2 + - python + - sudo + +bootstrap_packages: "{{ _bootstrap_packages[ansible_distribution ~ '-' ~ bootstrap_ansible_distribution_major_version] | default(_bootstrap_packages[ansible_distribution] | default(_bootstrap_packages['default'])) }}" + +# A dictionary based on Ansible facts `ansible_distribution` and +# `ansible_distribution_major_version` containing a list of packages. The +# packages in these lists support modules marked as `stable`. +_bootstrap_stable_packages: + default: + - python + Alpine: + - acl + - ca-certificates + - py-simplejson + CentOS-6: + - acl + - python-simplejson + - yum-plugin-ovl + CentOS-7: + - acl + - yum-plugin-ovl + Debian: + - acl + - ca-certificates + - python-apt + - python-simplejson + Fedora: + - acl + - polkit + - python-devel + - python-simplejson + OpenBSD: + - py-simplejson-- + openSUSE Leap: + - acl + - ca-certificates + Ubuntu: + - acl + - ca-certificates + - python-apt + - python-simplejson + +bootstrap_stable_packages: "{{ _bootstrap_stable_packages[ansible_distribution ~ '-' ~ bootstrap_ansible_distribution_major_version] | default(_bootstrap_stable_packages[ansible_distribution] | default(_bootstrap_stable_packages['default'])) }}" + +# A dictionary based on Ansible facts `ansible_distribution` and +# `ansible_distribution_major_version` containing a list of packages. The +# packages in these lists support modules marked as `preview`. +_bootstrap_preview_packages: + default: + - lvm2 + - tar + - unzip + - gzip + - xz + CentOS: + - lvm2 + - tar + - unzip + - gzip + - policycoreutils-python + - xz + Debian: + - apt-transport-https + - gzip + - lvm2 + - tar + - unzip + - xz-utils + Fedora: + - lvm2 + - tar + - unzip + - gzip + - policycoreutils-python + - xz + FreeBSD: + - unzip + - gzip + - xz + Gentoo: + - gzip + - tar + - unzip + Kali: + - lvm2 + - tar + - unzip + - gzip + - xz-utils + Kali GNU/Linux: + - lvm2 + - tar + - unzip + - gzip + - xz-utils + OpenBSD: + - unzip-- + - xz + Ubuntu: + - apt-transport-https + - gzip + - lvm2 + - tar + - unzip + - xz-utils + +bootstrap_preview_packages: "{{ _bootstrap_preview_packages[ansible_distribution] | default(_bootstrap_preview_packages['default']) }}" + +bootstrap_emerge_command: equery l {{ bootstrap_emerge_packages }} || (emaint -a sync ; emerge -qkv {{ bootstrap_emerge_packages }} ; echo "changed") diff --git a/roles/buildtools/.github/ISSUE_TEMPLATE/bug_report.md b/roles/buildtools/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/buildtools/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/buildtools/.github/ISSUE_TEMPLATE/feature_request.md b/roles/buildtools/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/buildtools/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/buildtools/.github/settings.yml b/roles/buildtools/.github/settings.yml new file mode 100644 index 0000000..8896cbe --- /dev/null +++ b/roles/buildtools/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install buildtools on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/buildtools/.gitignore b/roles/buildtools/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/buildtools/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/buildtools/.travis.yml b/roles/buildtools/.travis.yml new file mode 100644 index 0000000..e1a1ed3 --- /dev/null +++ b/roles/buildtools/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "iTJzjXzcFBfoTgvxgyhUtMSQhYJlDxTHdjoEx3MBqStvdMoBTTrnhZWy9jL6vMzXscMKWQboWZerMiES4sDuRykmRKuoz7ymXGKtrYuTecmTdYmWMhV8nj9PcDlO27HSIfPwHuUkRW14tBv2RWxTkp2fgWNGSsoNngtydgw2JHX4mWrOEZoDTFWnauj+D256NpEA31ej0ZptbmYN3ZExb1A+q0p02aRpvrbPt+zvVlZG8iFbrVBCwHkl+TnGoHFl3vG4C3P5VDHxWvPKuQ+F+et7c0kVPrCo3fEz+grqGv/BKNg8uJ0IAdFtq7M5AXlM5G+yT3ERYuuGkExQOu9ZnILh8oMdEn2XXeMzb7OoA7g0ayNm2m3JEsAsYM64/kcXwZgfJo22dQ9NDFhfS5Tdddri8nrldQAC/LGOntr+Z20W/dzEDiBC14845Gif9SS1N0dA1M2dUjVLTLGO5vZwyLdpcTzSVAbZZ+L0mgBs3kuyJYmolPianQJimnKJ8dI5SbQ+UwKTagDpoC8XY4PWhXtqVk+/PAMqzPpZPHyooAwRiqCoyHVaHWu4IKgy/x2BW9QJez5X9gvXIbrJlipWheBHkUDABaRTED5vdjqlXgZq9+kG1MQ8r3MMaYvQIWip/05T0w9ZgcgUhwt/qljHa4YR53Jo7JIdODST60lWyXM=" + email: false diff --git a/roles/buildtools/.yamllint b/roles/buildtools/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/buildtools/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/buildtools/CODE_OF_CONDUCT.md b/roles/buildtools/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/buildtools/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/buildtools/CONTRIBUTING.md b/roles/buildtools/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/buildtools/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/buildtools/LICENSE b/roles/buildtools/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/buildtools/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/buildtools/PULL_REQUEST_TEMPLATE.md b/roles/buildtools/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/buildtools/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/buildtools/README.md b/roles/buildtools/README.md new file mode 100644 index 0000000..5154154 --- /dev/null +++ b/roles/buildtools/README.md @@ -0,0 +1,134 @@ +buildtools +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-buildtools.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-buildtools) + +Install buildtools on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.buildtools +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + + roles: + - robertdebock.bootstrap + + tasks: + - name: run gcc + shell: gcc --version > gcc.version + args: + creates: gcc.version +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for buildtools +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/buildtools.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-buildtools) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-buildtools/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/buildtools/defaults/main.yml b/roles/buildtools/defaults/main.yml new file mode 100644 index 0000000..75c6b21 --- /dev/null +++ b/roles/buildtools/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for buildtools diff --git a/roles/buildtools/meta/.galaxy_install_info b/roles/buildtools/meta/.galaxy_install_info new file mode 100644 index 0000000..11b83c9 --- /dev/null +++ b/roles/buildtools/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:34 2019', version: 2.0.4} diff --git a/roles/buildtools/meta/main.yml b/roles/buildtools/meta/main.yml new file mode 100644 index 0000000..2aa73e2 --- /dev/null +++ b/roles/buildtools/meta/main.yml @@ -0,0 +1,49 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: buildtools + description: Install buildtools on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - alpine + - archlinux + - centos + - debian + - development + - fedora + - installer + - opensuse + - packages + - rhel + - system + - ubuntu + +dependencies: [] diff --git a/roles/buildtools/molecule/alpine-edge/molecule.yml b/roles/buildtools/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..85d7032 --- /dev/null +++ b/roles/buildtools/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/buildtools/molecule/alpine-latest/molecule.yml b/roles/buildtools/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..340bafa --- /dev/null +++ b/roles/buildtools/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/buildtools/molecule/archlinux/molecule.yml b/roles/buildtools/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..0fe88d8 --- /dev/null +++ b/roles/buildtools/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/buildtools/molecule/centos-6/molecule.yml b/roles/buildtools/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..7edae6d --- /dev/null +++ b/roles/buildtools/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/buildtools/molecule/centos-latest/molecule.yml b/roles/buildtools/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..71d8f3b --- /dev/null +++ b/roles/buildtools/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/buildtools/molecule/debian-latest/molecule.yml b/roles/buildtools/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..e06e46d --- /dev/null +++ b/roles/buildtools/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/buildtools/molecule/debian-stable/molecule.yml b/roles/buildtools/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..e66c70f --- /dev/null +++ b/roles/buildtools/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/buildtools/molecule/debian-unstable/molecule.yml b/roles/buildtools/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..0f25fc4 --- /dev/null +++ b/roles/buildtools/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/buildtools/molecule/default/molecule.yml b/roles/buildtools/molecule/default/molecule.yml new file mode 100644 index 0000000..f9548e3 --- /dev/null +++ b/roles/buildtools/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: buildtools-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: buildtools-archlinux + image: archlinux/base + pre_build_image: yes + - name: buildtools-centos-6 + image: centos:6 + pre_build_image: yes + - name: buildtools-centos-latest + image: centos:latest + pre_build_image: yes + - name: buildtools-debian-latest + image: debian:latest + pre_build_image: yes + - name: buildtools-debian-stable + image: debian:stable + pre_build_image: yes + - name: buildtools-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: buildtools-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: buildtools-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: buildtools-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: buildtools-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: buildtools-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: buildtools-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/buildtools/molecule/ec2/README.md b/roles/buildtools/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/buildtools/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/buildtools/molecule/ec2/create.yml b/roles/buildtools/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/buildtools/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/buildtools/molecule/ec2/destroy.yml b/roles/buildtools/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/buildtools/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/buildtools/molecule/ec2/molecule.yml b/roles/buildtools/molecule/ec2/molecule.yml new file mode 100644 index 0000000..880dcff --- /dev/null +++ b/roles/buildtools/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: buildtools-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: buildtools-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: buildtools-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: buildtools-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: buildtools-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: buildtools-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + buildtools-ubuntu-18.04: + ansible_user: ubuntu + buildtools-centos-7: + ansible_user: centos + buildtools-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/buildtools/molecule/fedora-latest/molecule.yml b/roles/buildtools/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..ed815c8 --- /dev/null +++ b/roles/buildtools/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/buildtools/molecule/fedora-rawhide/molecule.yml b/roles/buildtools/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..eaa6f74 --- /dev/null +++ b/roles/buildtools/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/buildtools/molecule/opensuse-leap/molecule.yml b/roles/buildtools/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..a2ad520 --- /dev/null +++ b/roles/buildtools/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/buildtools/molecule/resources/playbook.yml b/roles/buildtools/molecule/resources/playbook.yml new file mode 100644 index 0000000..c232e99 --- /dev/null +++ b/roles/buildtools/molecule/resources/playbook.yml @@ -0,0 +1,14 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-buildtools + + tasks: + - name: run gcc + shell: gcc --version > gcc.version + args: + creates: gcc.version diff --git a/roles/buildtools/molecule/resources/prepare.yml b/roles/buildtools/molecule/resources/prepare.yml new file mode 100644 index 0000000..1cda60c --- /dev/null +++ b/roles/buildtools/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap diff --git a/roles/buildtools/molecule/ubuntu-devel/molecule.yml b/roles/buildtools/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..7a78da2 --- /dev/null +++ b/roles/buildtools/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/buildtools/molecule/ubuntu-latest/molecule.yml b/roles/buildtools/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..74060e1 --- /dev/null +++ b/roles/buildtools/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/buildtools/molecule/ubuntu-rolling/molecule.yml b/roles/buildtools/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..715ad84 --- /dev/null +++ b/roles/buildtools/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: buildtools-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/buildtools/molecule/vagrant/INSTALL.rst b/roles/buildtools/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/buildtools/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/buildtools/molecule/vagrant/molecule.yml b/roles/buildtools/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..3118faf --- /dev/null +++ b/roles/buildtools/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: buildtools-debian + box: debian/stretch64 + - name: buildtools-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/buildtools/requirements.yml b/roles/buildtools/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/buildtools/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/buildtools/tasks/main.yml b/roles/buildtools/tasks/main.yml new file mode 100644 index 0000000..bd6115c --- /dev/null +++ b/roles/buildtools/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# tasks file for buildtools +- name: install buildtools + package: + name: "{{ buildtools_packages }}" + state: present + register: buildtools_install_buildtools + until: buildtools_install_buildtools is succeeded + retries: 3 diff --git a/roles/buildtools/vars/main.yml b/roles/buildtools/vars/main.yml new file mode 100644 index 0000000..d00167d --- /dev/null +++ b/roles/buildtools/vars/main.yml @@ -0,0 +1,60 @@ +--- +# vars file for buildroot +_buildtools_packages: + default: + - build-essential + Alpine: + - alpine-sdk + - libffi-dev + - openssl-dev + - perl-utils + Amazon: + - gcc + - make + Archlinux: + - base-devel + CentOS: + - "@Development tools" + - perl-Digest-SHA + Fedora: + - "@Development tools" + - perl-Digest-SHA + openSUSE Leap: + - autoconf + - automake + - binutils + - bison + - cpp + - cvs + - flex + - gcc + - gdbm-devel + - gettext-tools + - glibc-devel + - libtool + - m4 + - make + - makeinfo + - patch + - zlib-devel + - bin86 + - binutils-devel + - fdupes + - gcc-c++ + - gcc-info + - glibc-info + - gmp-devel + - gperf + - libaio-devel + - libapparmor-devel + - libdb-4_8-devel + - libgcj-devel + - libosip2-devel + - libstdc++-devel + - openldap2-devel + - pam-devel + - patch + - pkg-config + - subversion + +buildtools_packages: "{{ _buildtools_packages[ansible_distribution] | default (_buildtools_packages['default'] ) }}" diff --git a/roles/common/.github/ISSUE_TEMPLATE/bug_report.md b/roles/common/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/common/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/common/.github/ISSUE_TEMPLATE/feature_request.md b/roles/common/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/common/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/common/.github/settings.yml b/roles/common/.github/settings.yml new file mode 100644 index 0000000..b0e93f9 --- /dev/null +++ b/roles/common/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: The purpose of this role is to configure common things on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/common/.gitignore b/roles/common/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/common/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/common/.travis.yml b/roles/common/.travis.yml new file mode 100644 index 0000000..a6a2bf0 --- /dev/null +++ b/roles/common/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "bPMYgxeg7GNaRQnvYIeXLf+rVuKC6w8DM5VEAG8tVis+esPrJFY2u8WGUWF5R4xRxNwq5Dn/A7cXPk3RYz9j2BfaGq0QzeN6C4DyJb8LHhL7VVJypOAkcnNpmwlmWYmR5FSJxRA2i8Tmx3kVc82eLZgMNoFgStg2gMQHDHkiNw2bOiPt/HWycXPkpmfjJkg/JTe7yEkLDzO4PyvUwnI7HjZT5RUrSCsZeMiU5uZMi0VgQ41ypgCSoF6X3tlCQP3vyCo9HGN9PQIrIerwrEArUHxiZXycDuBKRlyDj85hQdZzNTz7xzQ8IA58wcFrN/o9/LEv5T7W+iSlx4c4rZjHRZ1yqjBTPmXIDCHnVFObGkSkfXYjyYgjc9fRGYLjorTJqk7mVL5U/AVd+rrhFtcnuKI1o0c8rvK/gOPvr6dLYkRVxGhethcHOrIQAV1KSt1HaFyUKqL89t5448gMKHEH4Q+bTjVxyR9Y50WBIvSRgvxmzsXfepnXmoxETlcDo0Yk/rgCn4M2LI1AzW/xY3nlEwbG4SRFLDSWkXPh6Hxq6ftGnf9ZdfMv4lXuSYxPgwvMNjb7GUKkAMU61fay5OdPbU6qnhDjqV+tKOGYvbyOlso+bf8FoyD+tl8eyl2yQtCcpjbdLfYaDtj/ETweS3VKdrDNJ6Eu/l2gGhw44CPkcEE=" + email: false diff --git a/roles/common/.yamllint b/roles/common/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/common/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/common/CODE_OF_CONDUCT.md b/roles/common/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/common/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/common/CONTRIBUTING.md b/roles/common/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/common/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/common/INSTALL.md b/roles/common/INSTALL.md new file mode 100644 index 0000000..b2bc1b1 --- /dev/null +++ b/roles/common/INSTALL.md @@ -0,0 +1,21 @@ +Installation +========= + +To use this Ansible role skeleton, as [described in Ansible Galaxy documentation](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html#using-a-custom-role-skeleton): + +``` +export keep_trailing_newline=True +ansible-galaxy init --role-skeleton=/path/to/skeleton role_name +``` + +or add this to ansible.cfg: + +``` +[galaxy] +role_skeleton = /path/to/skeleton +role_skeleton_ignore = ^.git$,^.*/.git_keep$ +``` + +Followed by `ansible-galaxy init role_name`. + +Don't include `ansible-role` to the role name, for example use `java` instead of `ansible-role-java`. diff --git a/roles/common/LICENSE b/roles/common/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/common/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/common/PULL_REQUEST_TEMPLATE.md b/roles/common/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/common/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/common/README.md b/roles/common/README.md new file mode 100644 index 0000000..ac680e7 --- /dev/null +++ b/roles/common/README.md @@ -0,0 +1,144 @@ +common +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-common.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-common) + +The purpose of this role is to configure common things on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.common +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for common + +# The selected hostname. +common_hostname: "{{ inventory_hostname }}" + +# A list of nameservers to configure. +common_nameservers: + - 1.1.1.1 + - 1.0.0.1 + +# Fill /etc/hosts with all hosts in the play. +common_hosts: "{{ groups.all }}" + +# Do you want to reboot on a hostname change? +common_reboot: yes +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.reboot + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/common.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-common) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-common/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml new file mode 100644 index 0000000..8ddd57d --- /dev/null +++ b/roles/common/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# defaults file for common + +# The selected hostname. +common_hostname: "{{ inventory_hostname }}" + +# A list of nameservers to configure. +common_nameservers: + - 1.1.1.1 + - 1.0.0.1 + +# Fill /etc/hosts with all hosts in the play. +common_hosts: "{{ groups.all }}" + +# Do you want to reboot on a hostname change? +common_reboot: yes diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml new file mode 100644 index 0000000..6b04c50 --- /dev/null +++ b/roles/common/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# handlers file for common +- name: gather facts + setup: + become: no diff --git a/roles/common/meta/.galaxy_install_info b/roles/common/meta/.galaxy_install_info new file mode 100644 index 0000000..2c08fd2 --- /dev/null +++ b/roles/common/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:37 2019', version: 3.0.2} diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml new file mode 100644 index 0000000..e8b8e75 --- /dev/null +++ b/roles/common/meta/main.yml @@ -0,0 +1,49 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: common + description: The purpose of this role is to configure common things on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - common + - alpine + - centos + - debian + - el + - fedora + - opensuse + - rhel + - server + - system + - ubuntu + +dependencies: + - robertdebock.reboot diff --git a/roles/common/molecule/alpine-edge/molecule.yml b/roles/common/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..36ca284 --- /dev/null +++ b/roles/common/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/common/molecule/alpine-latest/molecule.yml b/roles/common/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..d2a6a3f --- /dev/null +++ b/roles/common/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/common/molecule/archlinux/molecule.yml b/roles/common/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..bf7ddc4 --- /dev/null +++ b/roles/common/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/common/molecule/centos-6/molecule.yml b/roles/common/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..82386cd --- /dev/null +++ b/roles/common/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/common/molecule/centos-latest/molecule.yml b/roles/common/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..cea79fe --- /dev/null +++ b/roles/common/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/common/molecule/debian-latest/molecule.yml b/roles/common/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..54719f2 --- /dev/null +++ b/roles/common/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/common/molecule/debian-stable/molecule.yml b/roles/common/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..761c431 --- /dev/null +++ b/roles/common/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/common/molecule/debian-unstable/molecule.yml b/roles/common/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..878de8a --- /dev/null +++ b/roles/common/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/common/molecule/default/molecule.yml b/roles/common/molecule/default/molecule.yml new file mode 100644 index 0000000..c57dfe3 --- /dev/null +++ b/roles/common/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: common-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: common-archlinux + image: archlinux/base + pre_build_image: yes + - name: common-centos-6 + image: centos:6 + pre_build_image: yes + - name: common-centos-latest + image: centos:latest + pre_build_image: yes + - name: common-debian-latest + image: debian:latest + pre_build_image: yes + - name: common-debian-stable + image: debian:stable + pre_build_image: yes + - name: common-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: common-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: common-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: common-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: common-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: common-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: common-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/common/molecule/ec2/README.md b/roles/common/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/common/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/common/molecule/ec2/create.yml b/roles/common/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/common/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/common/molecule/ec2/destroy.yml b/roles/common/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/common/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/common/molecule/ec2/molecule.yml b/roles/common/molecule/ec2/molecule.yml new file mode 100644 index 0000000..153408e --- /dev/null +++ b/roles/common/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: common-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: common-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: common-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: common-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: common-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: common-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + common-ubuntu-18.04: + ansible_user: ubuntu + common-centos-7: + ansible_user: centos + common-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/common/molecule/fedora-latest/molecule.yml b/roles/common/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..c7795c6 --- /dev/null +++ b/roles/common/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/common/molecule/fedora-rawhide/molecule.yml b/roles/common/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..c788a36 --- /dev/null +++ b/roles/common/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/common/molecule/opensuse-leap/molecule.yml b/roles/common/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..b53db03 --- /dev/null +++ b/roles/common/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/common/molecule/resources/playbook.yml b/roles/common/molecule/resources/playbook.yml new file mode 100644 index 0000000..4feb6cb --- /dev/null +++ b/roles/common/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-common diff --git a/roles/common/molecule/resources/prepare.yml b/roles/common/molecule/resources/prepare.yml new file mode 100644 index 0000000..1cda60c --- /dev/null +++ b/roles/common/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap diff --git a/roles/common/molecule/ubuntu-devel/molecule.yml b/roles/common/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..fda2966 --- /dev/null +++ b/roles/common/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/common/molecule/ubuntu-latest/molecule.yml b/roles/common/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..98cb835 --- /dev/null +++ b/roles/common/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/common/molecule/ubuntu-rolling/molecule.yml b/roles/common/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..1a19274 --- /dev/null +++ b/roles/common/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: common-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/common/molecule/vagrant/INSTALL.rst b/roles/common/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/common/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/common/molecule/vagrant/molecule.yml b/roles/common/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..46cd94e --- /dev/null +++ b/roles/common/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: common-debian + box: debian/stretch64 + - name: common-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/common/requirements.yml b/roles/common/requirements.yml new file mode 100644 index 0000000..4681079 --- /dev/null +++ b/roles/common/requirements.yml @@ -0,0 +1,3 @@ +--- +- robertdebock.bootstrap +- robertdebock.reboot diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..8b4f542 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,64 @@ +--- +# tasks file for common +- name: install requirements + package: + name: "{{ common_requirements }}" + state: present + register: common_install_requirements + until: common_install_requirements is succeeded + retries: 3 + +- name: check for network manager + stat: + path: /etc/NetworkManager/NetworkManager.conf + register: common_check_for_network_manager + +- name: set nameserver in resolv.conf + lineinfile: + path: /etc/resolv.conf + line: "nameserver {{ item }}" + with_items: + - "{{ common_nameservers }}" + when: + - common_nameservers is defined + - not common_check_for_network_manager.stat.exists + - ansible_virtualization_type != "docker" + notify: + - gather facts + +- name: set nameservers in network manager + ini_file: + path: /etc/NetworkManager/conf.d/dnsservers.conf + section: global-dns-domain-* + option: servers + value: "{{ common_nameservers | join(',') }}" + when: + - common_check_for_network_manager.stat.exists + notify: + - gather facts + +- name: flush handlers + meta: flush_handlers + +- name: set hostname + hostname: + name: "{{ common_hostname }}" + when: + - ansible_virtualization_type != "docker" + register: set_hostname + +- name: reboot for hostname + include_role: + name: robertdebock.reboot + when: + - set_hostname.changed + - common_reboot + tags: + - skip_ansible_lint + +- name: fill /etc/hosts + template: + src: hosts.j2 + dest: /etc/hosts + when: + - ansible_virtualization_type != "docker" diff --git a/roles/common/templates/.gitkeep b/roles/common/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/common/templates/hosts.j2 b/roles/common/templates/hosts.j2 new file mode 100644 index 0000000..ca80233 --- /dev/null +++ b/roles/common/templates/hosts.j2 @@ -0,0 +1,8 @@ +{{ ansible_managed | comment }} +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +{% for host in common_hosts | sort %} +{% if host != "localhost" %} +{{ hostvars[host]['ansible_default_ipv4']['address'] }} {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_fqdn'] }} +{% endif %} +{% endfor %} diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml new file mode 100644 index 0000000..ce8aa80 --- /dev/null +++ b/roles/common/vars/main.yml @@ -0,0 +1,13 @@ +--- +# vars file for common +_common_requirements: + default: + - hostname + Alpine: + - net-tools + Archlinux: + - net-tools + CentOS-6: + - net-tools + +common_requirements: "{{ _common_requirements[ansible_distribution ~ '-' ~ ansible_distribution_major_version] | default(_common_requirements[ansible_distribution] | default(_common_requirements['default'])) }}" diff --git a/roles/docker/.github/ISSUE_TEMPLATE/bug_report.md b/roles/docker/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/docker/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/docker/.github/ISSUE_TEMPLATE/feature_request.md b/roles/docker/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/docker/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/docker/.github/settings.yml b/roles/docker/.github/settings.yml new file mode 100644 index 0000000..34a20b0 --- /dev/null +++ b/roles/docker/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure Docker (non-CE) on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/docker/.gitignore b/roles/docker/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/docker/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/docker/.travis.yml b/roles/docker/.travis.yml new file mode 100644 index 0000000..03c33a4 --- /dev/null +++ b/roles/docker/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "meoPGg3WUicE47IA6gfiVlEzuaN/bBoHQ6UNRUjtttvXLWyAHEPHq40NgWxy0iSQ9i6gNVcvzmSFh28aG/27PAeODpsbmePQ8dP+Zn4C4YJJzCEOldZwN79kGfq5VfHUtGcQsegJKPVFbT3bjgLp9Rug8g9ogqT97NwNO1BDcP/ark2TwsWs124tfQWiDDnnzbOZD4kHedOpUC8C1sAwvXFgVWwMk7FDRBUKrCU8xlwKtDCnhxbVeTKp57p1ZEMaQ+BSYZOTzXAbb8csmRQG5nGp+YdBFpSjPDRC9SzYU51dkcTffGfzy155UkVcPhi5KBVXqMM0WFPmmEGwEnL7+pJMGGNePQZlpBK3z+akA4/Vj69PLFQnnhDtGD0FQywYU0b0LnFDWAnkR9oNyWdItHLF/s1VwvearTpZLF35MCiQUeFVL8ZfKpkV3RszZKiywn8PKLc6YmO76Hk06t5CJK1Rmt9BCrko2XaK1LkgRtNx6B2SGF3NrN6t26SHvyHImInE/paq9F4jOmLeBUh96uSoRIzWshd2S5VskB7h25xACNkjXOAwzxuBRTEnVcLJpgOKhvxuCvepQ6D7LsyB3axB6UnHcCD9WCFdeh5ZRVzyqeWxE9Ac9e9+tMghzUohkZD9IRQDPUyUBb82/X9zZeTq55h2h0oFKYebugZPjT4=" + email: false diff --git a/roles/docker/.yamllint b/roles/docker/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/docker/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/docker/CODE_OF_CONDUCT.md b/roles/docker/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/docker/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/docker/CONTRIBUTING.md b/roles/docker/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/docker/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/docker/LICENSE b/roles/docker/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/docker/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/docker/PULL_REQUEST_TEMPLATE.md b/roles/docker/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/docker/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/docker/README.md b/roles/docker/README.md new file mode 100644 index 0000000..9b00f3b --- /dev/null +++ b/roles/docker/README.md @@ -0,0 +1,142 @@ +docker +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-docker.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-docker) + +Install and configure Docker (non-CE) on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.docker + + tasks: + - name: Create a container + docker_container: + name: openssh + image: robertdebock/docker-centos-openssh + ports: + - "2222:22" + when: + - ansible_virtualization_type != "docker" +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.python_pip +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for docker +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.epel +- robertdebock.python_pip + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/docker.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-docker) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-docker/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml new file mode 100644 index 0000000..f0327f6 --- /dev/null +++ b/roles/docker/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for docker diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 0000000..ffc14fd --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# handlers file for docker +- name: change owner for docker socket + file: + path: /var/run/docker.sock + group: docker diff --git a/roles/docker/meta/.galaxy_install_info b/roles/docker/meta/.galaxy_install_info new file mode 100644 index 0000000..ee427f9 --- /dev/null +++ b/roles/docker/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:41 2019', version: 2.0.3} diff --git a/roles/docker/meta/main.yml b/roles/docker/meta/main.yml new file mode 100644 index 0000000..ca2d0dc --- /dev/null +++ b/roles/docker/meta/main.yml @@ -0,0 +1,43 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: docker + description: Install and configure Docker (non-CE) on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - docker + - alpine + - centos + - rhel + - ubuntu + - fedora + +dependencies: [] diff --git a/roles/docker/molecule/alpine-edge/molecule.yml b/roles/docker/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..844bc16 --- /dev/null +++ b/roles/docker/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/docker/molecule/alpine-latest/molecule.yml b/roles/docker/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..fd31ad6 --- /dev/null +++ b/roles/docker/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/docker/molecule/archlinux/molecule.yml b/roles/docker/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..c800a88 --- /dev/null +++ b/roles/docker/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/docker/molecule/centos-6/molecule.yml b/roles/docker/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..d678676 --- /dev/null +++ b/roles/docker/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/docker/molecule/centos-latest/molecule.yml b/roles/docker/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..74e1830 --- /dev/null +++ b/roles/docker/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/docker/molecule/debian-latest/molecule.yml b/roles/docker/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..861415a --- /dev/null +++ b/roles/docker/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/docker/molecule/debian-stable/molecule.yml b/roles/docker/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..3f25e2a --- /dev/null +++ b/roles/docker/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/docker/molecule/debian-unstable/molecule.yml b/roles/docker/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..f9b9b56 --- /dev/null +++ b/roles/docker/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/docker/molecule/default/molecule.yml b/roles/docker/molecule/default/molecule.yml new file mode 100644 index 0000000..e0980a7 --- /dev/null +++ b/roles/docker/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: docker-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: docker-archlinux + image: archlinux/base + pre_build_image: yes + - name: docker-centos-6 + image: centos:6 + pre_build_image: yes + - name: docker-centos-latest + image: centos:latest + pre_build_image: yes + - name: docker-debian-latest + image: debian:latest + pre_build_image: yes + - name: docker-debian-stable + image: debian:stable + pre_build_image: yes + - name: docker-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: docker-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: docker-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: docker-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: docker-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: docker-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: docker-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/docker/molecule/ec2/README.md b/roles/docker/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/docker/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/docker/molecule/ec2/create.yml b/roles/docker/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/docker/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/docker/molecule/ec2/destroy.yml b/roles/docker/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/docker/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/docker/molecule/ec2/molecule.yml b/roles/docker/molecule/ec2/molecule.yml new file mode 100644 index 0000000..e270078 --- /dev/null +++ b/roles/docker/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: docker-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: docker-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: docker-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: docker-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: docker-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: docker-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + docker-ubuntu-18.04: + ansible_user: ubuntu + docker-centos-7: + ansible_user: centos + docker-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/docker/molecule/fedora-latest/molecule.yml b/roles/docker/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..382f24e --- /dev/null +++ b/roles/docker/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/docker/molecule/fedora-rawhide/molecule.yml b/roles/docker/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..043b8b1 --- /dev/null +++ b/roles/docker/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/docker/molecule/opensuse-leap/molecule.yml b/roles/docker/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..ef171b5 --- /dev/null +++ b/roles/docker/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/docker/molecule/resources/playbook.yml b/roles/docker/molecule/resources/playbook.yml new file mode 100644 index 0000000..2de9a4e --- /dev/null +++ b/roles/docker/molecule/resources/playbook.yml @@ -0,0 +1,18 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-docker + + tasks: + - name: Create a container + docker_container: + name: openssh + image: robertdebock/docker-centos-openssh + ports: + - "2222:22" + when: + - ansible_virtualization_type != "docker" diff --git a/roles/docker/molecule/resources/prepare.yml b/roles/docker/molecule/resources/prepare.yml new file mode 100644 index 0000000..a5ff972 --- /dev/null +++ b/roles/docker/molecule/resources/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.python_pip diff --git a/roles/docker/molecule/ubuntu-devel/molecule.yml b/roles/docker/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..00720ff --- /dev/null +++ b/roles/docker/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/docker/molecule/ubuntu-latest/molecule.yml b/roles/docker/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..f60e29b --- /dev/null +++ b/roles/docker/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/docker/molecule/ubuntu-rolling/molecule.yml b/roles/docker/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..cd5085d --- /dev/null +++ b/roles/docker/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: docker-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/docker/molecule/vagrant/INSTALL.rst b/roles/docker/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/docker/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/docker/molecule/vagrant/molecule.yml b/roles/docker/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..5ee18ff --- /dev/null +++ b/roles/docker/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: docker-debian + box: debian/stretch64 + - name: docker-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/docker/requirements.yml b/roles/docker/requirements.yml new file mode 100644 index 0000000..d47836a --- /dev/null +++ b/roles/docker/requirements.yml @@ -0,0 +1,4 @@ +--- +- robertdebock.bootstrap +- robertdebock.epel +- robertdebock.python_pip diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..a27a336 --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# tasks file for docker +- name: install docker + package: + name: "{{ docker_packages }}" + state: present + register: docker_install_docker + until: docker_install_docker is succeeded + retries: 3 + +- name: install docker pip packages + pip: + name: "{{ docker_pip_packages }}" + state: present + register: docker_install_docker_pip_packages + until: docker_install_docker_pip_packages is succeeded + retries: 3 + +- name: add docker group + group: + name: docker + system: yes + +- name: start and enable docker + service: + name: "{{ docker_service }}" + state: started + enabled: yes + when: + - ansible_virtualization_type != "docker" + notify: + - change owner for docker socket diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml new file mode 100644 index 0000000..798e7aa --- /dev/null +++ b/roles/docker/vars/main.yml @@ -0,0 +1,27 @@ +--- +# vars file for docker +_docker_requirements: + default: [] + Debian: + - ca-certificates + - curl + - gnupg2 + - software-properties-common + +docker_requirements: "{{ _docker_requirements[ansible_distribution] | default(_docker_requirements['default']) }}" + +_docker_packages: + default: + - docker + CentOS: + - docker-io + Ubuntu: + - docker.io + + +docker_packages: "{{ _docker_packages[ansible_distribution] | default(_docker_packages['default']) }}" + +docker_pip_packages: + - docker + +docker_service: docker diff --git a/roles/epel/.github/ISSUE_TEMPLATE/bug_report.md b/roles/epel/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/epel/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/epel/.github/ISSUE_TEMPLATE/feature_request.md b/roles/epel/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/epel/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/epel/.github/settings.yml b/roles/epel/.github/settings.yml new file mode 100644 index 0000000..75c1660 --- /dev/null +++ b/roles/epel/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install epel on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/epel/.gitignore b/roles/epel/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/epel/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/epel/.travis.yml b/roles/epel/.travis.yml new file mode 100644 index 0000000..86282d1 --- /dev/null +++ b/roles/epel/.travis.yml @@ -0,0 +1,36 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + +matrix: + allow_failures: + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "UCtHXxGlko9yhbPzIlhDNINhnYk1bUCkTyQzHNN/toT37uzzTQGsQksb8AOxS5C3LhkgTcMucM68rlM4yaaDize92ppWOfpePnqasRSLRPnI9HpHF5toJbnEZUA/1L2SBn1oHzrFBpoFiizTSt35yuo2uYIc8SSYphksiywtyW47+SErzZB0A+UvQvHSOj1LRqh5KYe1vcR028V8MabwIV0Pt4IccvPBrKbWjZZgyoYJbwhj+H7dXZ3u5Y7dmoLfcpJFPv44iz4o4zg2NRx7yYuVRyhaNOeikScKyjFXL4t+3RyqEfuWHTg5ffwvxIY2gG7fotj5aplxMlc04FASHLYlQwDKRRXb7pkb0fiK6h9CiB2V8iIXUYhj15lDitTJe1MZu2WUTxA/hGK81aI6IwRCPF1nAphS0UcVfi+EyNIO463aW9vW6t53FIdQ5O4MQuH/YkSmP2y/YX3qoAB9mlcglYOWWgoEFvDpJezRouzOA0wGBhKFRtMg8NZnsTU8CMPsjsRRNDb4Y2mcymkzpKT7ljmKyav+EK9Ko9Mizh5CCIMClsxZ4Hg/1bWn+R4y7T7qlzboGonZ2USw6s/sa/bQ69eAw4JC2IIL7EqadBwTeALUBWd1tY0gvuFPLJIG+LX+XRvne85nYC1m7ioUeGsFrjDrodNuMeyxwiEjfYo=" + email: false diff --git a/roles/epel/.yamllint b/roles/epel/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/epel/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/epel/CODE_OF_CONDUCT.md b/roles/epel/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/epel/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/epel/CONTRIBUTING.md b/roles/epel/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/epel/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/epel/LICENSE b/roles/epel/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/epel/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/epel/PULL_REQUEST_TEMPLATE.md b/roles/epel/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/epel/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/epel/README.md b/roles/epel/README.md new file mode 100644 index 0000000..b535b91 --- /dev/null +++ b/roles/epel/README.md @@ -0,0 +1,117 @@ +epel +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-epel.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-epel) + +Install epel on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.epel +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for epel +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/epel.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-epel) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-epel/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/epel/defaults/main.yml b/roles/epel/defaults/main.yml new file mode 100644 index 0000000..155edb4 --- /dev/null +++ b/roles/epel/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for epel diff --git a/roles/epel/meta/.galaxy_install_info b/roles/epel/meta/.galaxy_install_info new file mode 100644 index 0000000..b4fbc23 --- /dev/null +++ b/roles/epel/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:45 2019', version: 2.0.3} diff --git a/roles/epel/meta/main.yml b/roles/epel/meta/main.yml new file mode 100644 index 0000000..d11c9d6 --- /dev/null +++ b/roles/epel/meta/main.yml @@ -0,0 +1,24 @@ +--- +galaxy_info: + author: Robert de Bock + ansible_role: epel + description: Install epel on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: EL + version: + - 6 + - 7 + + galaxy_tags: + - epel + - repository + - installer + - packages + - centos + - rhel + +dependencies: [] diff --git a/roles/epel/molecule/centos-6/molecule.yml b/roles/epel/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..40cea3b --- /dev/null +++ b/roles/epel/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: epel-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/epel/molecule/centos-latest/molecule.yml b/roles/epel/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..2e506ef --- /dev/null +++ b/roles/epel/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: epel-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/epel/molecule/default/molecule.yml b/roles/epel/molecule/default/molecule.yml new file mode 100644 index 0000000..6b40fcf --- /dev/null +++ b/roles/epel/molecule/default/molecule.yml @@ -0,0 +1,20 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: epel-centos-6 + image: centos:6 + - name: epel-centos-latest + image: centos:latest +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/epel/molecule/ec2/README.md b/roles/epel/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/epel/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/epel/molecule/ec2/create.yml b/roles/epel/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/epel/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/epel/molecule/ec2/destroy.yml b/roles/epel/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/epel/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/epel/molecule/ec2/molecule.yml b/roles/epel/molecule/ec2/molecule.yml new file mode 100644 index 0000000..87e5fef --- /dev/null +++ b/roles/epel/molecule/ec2/molecule.yml @@ -0,0 +1,48 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: ec2 +lint: + name: yamllint +platforms: + - name: rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: epel-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: epel-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: epel-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: epel-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + lint: + name: ansible-lint + inventory: + host_vars: + epel-ubuntu-18.04: + ansible_user: ubuntu + epel-centos-7: + ansible_user: centos + epel-fedora-29: + ansible_user: fedora +scenario: + name: ec2 diff --git a/roles/epel/molecule/resources/playbook.yml b/roles/epel/molecule/resources/playbook.yml new file mode 100644 index 0000000..5cbf3eb --- /dev/null +++ b/roles/epel/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-epel diff --git a/roles/epel/molecule/resources/prepare.yml b/roles/epel/molecule/resources/prepare.yml new file mode 100644 index 0000000..1cda60c --- /dev/null +++ b/roles/epel/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap diff --git a/roles/epel/molecule/vagrant/INSTALL.rst b/roles/epel/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/epel/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/epel/molecule/vagrant/molecule.yml b/roles/epel/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..b57592b --- /dev/null +++ b/roles/epel/molecule/vagrant/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: epel-debian + box: debian/stretch64 + - name: epel-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/epel/requirements.yml b/roles/epel/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/epel/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/epel/tasks/main.yml b/roles/epel/tasks/main.yml new file mode 100644 index 0000000..e6ef57c --- /dev/null +++ b/roles/epel/tasks/main.yml @@ -0,0 +1,11 @@ +--- +# tasks file for epel +- name: install epel-release + package: + name: epel-release + state: present + when: + - ansible_distribution in [ "CentOS", "RedHat" ] + register: epel_install_epel_release + until: epel_install_epel_release is succeeded + retries: 3 diff --git a/roles/fail2ban/.github/ISSUE_TEMPLATE/bug_report.md b/roles/fail2ban/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/fail2ban/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/fail2ban/.github/ISSUE_TEMPLATE/feature_request.md b/roles/fail2ban/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/fail2ban/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/fail2ban/.github/settings.yml b/roles/fail2ban/.github/settings.yml new file mode 100644 index 0000000..85cf34b --- /dev/null +++ b/roles/fail2ban/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure fail2ban on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/fail2ban/.gitignore b/roles/fail2ban/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/fail2ban/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/fail2ban/.travis.yml b/roles/fail2ban/.travis.yml new file mode 100644 index 0000000..58f06e0 --- /dev/null +++ b/roles/fail2ban/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "mYOHaSRDBSnw58PRnQB3JPf92saah4d9c6p0zLKWj7SOzc8uOqxbrXTaoHUouoNIVbZuNl64zruYWBZSUCk3ReBFcRWTU+qi0OuQU1ifTeBIH/eM50saQYgjEdMFeN1FYbgI75x2aDJ0go+2qU3kZFvdwDh7xs1McBf2MNKo8Xlwe20jPy8jUyBlp66+DOFJ+W7EGbGkgvUzW5YWlAaL9ItHrDoaup++dBc1RlHDidz/cvfaMzw9XeXTjATOYm9/VhQsHOa9sVKWVe102E6M+uphoel1gjdHSPYLvno85DiK08kJPIvRu+3hvbkWAJKu6H1ILp2g3uF13jZpibTIIaSbXLUCXa2gYi252pUs4+blwuRy7onS67HLiUqG9aufKhcFxgeCvpcn/Au1pMnhLKVG3M9yWe3FxiAzjgfU0rSz/tHhwEr3m1MwylA+k3gfir3uDS6JsFlkAy/6aNRYDoL693yPB/Y1cNHdJTQf5VJ0kcwx/5FGz+1MdxzW2Mw8uTQJa42c1dDOeL6YgkPDbbgCvRP3mh+rHAGn8SGp6O9QzSwTdMwnNMw087N+3Onw1rDsnYVX3KS/j7oqS0TABiPF8SCze8cgW6X1V+5hFD+5H8dhcE05naQicU6Abr+pyA++c5q5AKtg2tbenMAZB+9tkPfF1C+q12HasnNGMl8=" + email: false diff --git a/roles/fail2ban/.yamllint b/roles/fail2ban/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/fail2ban/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/fail2ban/CODE_OF_CONDUCT.md b/roles/fail2ban/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/fail2ban/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/fail2ban/CONTRIBUTING.md b/roles/fail2ban/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/fail2ban/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/fail2ban/LICENSE b/roles/fail2ban/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/fail2ban/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/fail2ban/PULL_REQUEST_TEMPLATE.md b/roles/fail2ban/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/fail2ban/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/fail2ban/README.md b/roles/fail2ban/README.md new file mode 100644 index 0000000..9323f98 --- /dev/null +++ b/roles/fail2ban/README.md @@ -0,0 +1,141 @@ +fail2ban +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-fail2ban.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-fail2ban) + +Install and configure fail2ban on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.fail2ban +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + + roles: + - robertdebock.bootstrap + - robertdebock.epel +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for fail2ban + +fail2ban_loglevel: INFO +fail2ban_logtarget: /var/log/fail2ban.log + +fail2ban_ignoreself: true +fail2ban_ignoreips: "127.0.0.1/8 ::1" +fail2ban_bantime: 10m +fail2ban_findtime: 10m +fail2ban_maxretry: 5 +fail2ban_destemail: root@localhost +fail2ban_sender: root@{{ ansible_fqdn}} +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.epel + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/fail2ban.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-fail2ban) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-fail2ban/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/fail2ban/defaults/main.yml b/roles/fail2ban/defaults/main.yml new file mode 100644 index 0000000..3a40d51 --- /dev/null +++ b/roles/fail2ban/defaults/main.yml @@ -0,0 +1,13 @@ +--- +# defaults file for fail2ban + +fail2ban_loglevel: INFO +fail2ban_logtarget: /var/log/fail2ban.log + +fail2ban_ignoreself: true +fail2ban_ignoreips: "127.0.0.1/8 ::1" +fail2ban_bantime: 10m +fail2ban_findtime: 10m +fail2ban_maxretry: 5 +fail2ban_destemail: root@localhost +fail2ban_sender: root@{{ ansible_fqdn}} diff --git a/roles/fail2ban/handlers/main.yml b/roles/fail2ban/handlers/main.yml new file mode 100644 index 0000000..5c3d436 --- /dev/null +++ b/roles/fail2ban/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# handlers file for fail2ban +- name: restart fail2ban + service: + name: "{{ fail2ban_service }}" + state: restarted + when: + - ansible_virtualization_type != "docker" diff --git a/roles/fail2ban/meta/.galaxy_install_info b/roles/fail2ban/meta/.galaxy_install_info new file mode 100644 index 0000000..d3e2e2c --- /dev/null +++ b/roles/fail2ban/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:48 2019', version: 2.0.3} diff --git a/roles/fail2ban/meta/main.yml b/roles/fail2ban/meta/main.yml new file mode 100644 index 0000000..e4e5218 --- /dev/null +++ b/roles/fail2ban/meta/main.yml @@ -0,0 +1,46 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: fail2ban + description: Install and configure fail2ban on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - fail2ban + - installer + - package + - alpine + - centos + - debian + - fedora + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/fail2ban/molecule/alpine-edge/molecule.yml b/roles/fail2ban/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..b5d5d64 --- /dev/null +++ b/roles/fail2ban/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/fail2ban/molecule/alpine-latest/molecule.yml b/roles/fail2ban/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..82d6188 --- /dev/null +++ b/roles/fail2ban/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/fail2ban/molecule/archlinux/molecule.yml b/roles/fail2ban/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..19471ae --- /dev/null +++ b/roles/fail2ban/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/fail2ban/molecule/centos-6/molecule.yml b/roles/fail2ban/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..a53ef61 --- /dev/null +++ b/roles/fail2ban/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/fail2ban/molecule/centos-latest/molecule.yml b/roles/fail2ban/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..7f1416e --- /dev/null +++ b/roles/fail2ban/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/fail2ban/molecule/debian-latest/molecule.yml b/roles/fail2ban/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..c0d88fa --- /dev/null +++ b/roles/fail2ban/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/fail2ban/molecule/debian-stable/molecule.yml b/roles/fail2ban/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..8896721 --- /dev/null +++ b/roles/fail2ban/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/fail2ban/molecule/debian-unstable/molecule.yml b/roles/fail2ban/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..6f470d6 --- /dev/null +++ b/roles/fail2ban/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/fail2ban/molecule/default/molecule.yml b/roles/fail2ban/molecule/default/molecule.yml new file mode 100644 index 0000000..ac1182f --- /dev/null +++ b/roles/fail2ban/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: fail2ban-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: fail2ban-archlinux + image: archlinux/base + pre_build_image: yes + - name: fail2ban-centos-6 + image: centos:6 + pre_build_image: yes + - name: fail2ban-centos-latest + image: centos:latest + pre_build_image: yes + - name: fail2ban-debian-latest + image: debian:latest + pre_build_image: yes + - name: fail2ban-debian-stable + image: debian:stable + pre_build_image: yes + - name: fail2ban-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: fail2ban-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: fail2ban-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: fail2ban-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: fail2ban-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: fail2ban-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: fail2ban-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/fail2ban/molecule/ec2/README.md b/roles/fail2ban/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/fail2ban/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/fail2ban/molecule/ec2/create.yml b/roles/fail2ban/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/fail2ban/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/fail2ban/molecule/ec2/destroy.yml b/roles/fail2ban/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/fail2ban/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/fail2ban/molecule/ec2/molecule.yml b/roles/fail2ban/molecule/ec2/molecule.yml new file mode 100644 index 0000000..9a8c090 --- /dev/null +++ b/roles/fail2ban/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: fail2ban-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: fail2ban-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: fail2ban-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: fail2ban-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: fail2ban-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: fail2ban-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + fail2ban-ubuntu-18.04: + ansible_user: ubuntu + fail2ban-centos-7: + ansible_user: centos + fail2ban-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/fail2ban/molecule/fedora-latest/molecule.yml b/roles/fail2ban/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..3943319 --- /dev/null +++ b/roles/fail2ban/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/fail2ban/molecule/fedora-rawhide/molecule.yml b/roles/fail2ban/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..4ab4813 --- /dev/null +++ b/roles/fail2ban/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/fail2ban/molecule/opensuse-leap/molecule.yml b/roles/fail2ban/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..3801d7a --- /dev/null +++ b/roles/fail2ban/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/fail2ban/molecule/resources/playbook.yml b/roles/fail2ban/molecule/resources/playbook.yml new file mode 100644 index 0000000..3079943 --- /dev/null +++ b/roles/fail2ban/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-fail2ban diff --git a/roles/fail2ban/molecule/resources/prepare.yml b/roles/fail2ban/molecule/resources/prepare.yml new file mode 100644 index 0000000..d61fdfb --- /dev/null +++ b/roles/fail2ban/molecule/resources/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap + - robertdebock.epel diff --git a/roles/fail2ban/molecule/ubuntu-devel/molecule.yml b/roles/fail2ban/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..4917984 --- /dev/null +++ b/roles/fail2ban/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/fail2ban/molecule/ubuntu-latest/molecule.yml b/roles/fail2ban/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..39cef4c --- /dev/null +++ b/roles/fail2ban/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/fail2ban/molecule/ubuntu-rolling/molecule.yml b/roles/fail2ban/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..8f0e63e --- /dev/null +++ b/roles/fail2ban/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: fail2ban-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/fail2ban/molecule/vagrant/INSTALL.rst b/roles/fail2ban/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/fail2ban/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/fail2ban/molecule/vagrant/molecule.yml b/roles/fail2ban/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..394aefd --- /dev/null +++ b/roles/fail2ban/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: fail2ban-debian + box: debian/stretch64 + - name: fail2ban-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/fail2ban/requirements.yml b/roles/fail2ban/requirements.yml new file mode 100644 index 0000000..cecd945 --- /dev/null +++ b/roles/fail2ban/requirements.yml @@ -0,0 +1,3 @@ +--- +- robertdebock.bootstrap +- robertdebock.epel diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml new file mode 100644 index 0000000..7be514e --- /dev/null +++ b/roles/fail2ban/tasks/main.yml @@ -0,0 +1,45 @@ +--- +# tasks file for fail2ban +- name: install fail2ban + package: + name: "{{ fail2ban_packages }}" + state: present + register: fail2ban_install_fail2ban + until: fail2ban_install_fail2ban is succeeded + retries: 3 + +- name: configure fail2ban.conf + ini_file: + path: /etc/fail2ban/fail2ban.conf + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - "{{ fail2ban_configuration }}" + notify: + - restart fail2ban + loop_control: + label: "{{ item.option }}" + +- name: configure jail.conf + ini_file: + path: /etc/fail2ban/jail.conf + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - "{{ fail2ban_jail_configuration }}" + notify: + - restart fail2ban + loop_control: + label: "{{ item.option }}" + +- name: start and enable fail2ban + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: + - "{{ fail2ban_service }}" + when: + - ansible_virtualization_type != "docker" diff --git a/roles/fail2ban/vars/main.yml b/roles/fail2ban/vars/main.yml new file mode 100644 index 0000000..07184af --- /dev/null +++ b/roles/fail2ban/vars/main.yml @@ -0,0 +1,37 @@ +--- +# vars file for fail2ban +fail2ban_packages: + - fail2ban + +fail2ban_service: fail2ban + +fail2ban_configuration: + - option: loglevel + value: "{{ fail2ban_loglevel }}" + section: Definition + - option: logtarget + value: "{{ fail2ban_logtarget }}" + section: Definition + +fail2ban_jail_configuration: + - option: ignoreself + value: "{{ fail2ban_ignoreself }}" + section: DEFAULT + - option: ignoreip + value: "{{ fail2ban_ignoreips }}" + section: DEFAULT + - option: bantime + value: "{{ fail2ban_bantime }}" + section: DEFAULT + - option: findtime + value: "{{ fail2ban_findtime }}" + section: DEFAULT + - option: maxretry + value: "{{ fail2ban_maxretry }}" + section: DEFAULT + - option: destemail + value: "{{ fail2ban_destemail }}" + section: DEFAULT + - option: sender + value: "{{ fail2ban_sender }}" + section: DEFAULT diff --git a/roles/git/.github/ISSUE_TEMPLATE/bug_report.md b/roles/git/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/git/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/git/.github/ISSUE_TEMPLATE/feature_request.md b/roles/git/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/git/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/git/.github/settings.yml b/roles/git/.github/settings.yml new file mode 100644 index 0000000..848d749 --- /dev/null +++ b/roles/git/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure git on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/git/.gitignore b/roles/git/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/git/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/git/.travis.yml b/roles/git/.travis.yml new file mode 100644 index 0000000..c2efa0b --- /dev/null +++ b/roles/git/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "ZGQaRaplYeFs9BKaNBLpIQocM8GTRjXS9lyFZzdWHacdamjnEyGko8G2HUSfMB/1mjE84z/+TWdPYHFXhYQZzqPv92uRuoE++zisYyiSE8viYnbrLnUoI5HCBWmkKJHrfDgg3hnLVeErvYDG870mz6WyQVIf0UNuTcnS/+lU6JonRFwdp1s8J4At30X3wK9ZGpCtXaWSloFmr0Y2WO7FUBuhdNIhB98j43m8ymLrQAe4Yg085bGUnw112g/uLQ9+NLrZtKSazF8/RpXDKG7WrnAlwHWrlKerePcEywM6Abs0vWGgAcR0COO1+SglPjfQtGViYonDMGITq6S96h1G0cONVVd6x8ykbE29WY0zknsfswcXnQ9mw05Y9woWtt6Et8OYYi1ygQBzD7ClSCzvyja05zVoQOIPojWeYR2uDmTbcxjDM6FKLE75bQYBav2s6+KyqQHl9txNH5m9Xf+3sj6PuNMEmJHdhMiduObMp9ILS3cFgU/kKVbxipXy6r7/az5q+DI7+nAETXNVTKOR13hOH6X0QJ7cYeZgz+bA2pwGMW+cIkHl6UaHvceOcNJskccyBtu5/HOeIrDa1CYuZgOIGWpVh49dhI65s4HRoUXBGwUv+kEjbQ97r9qM6Ixd7ZpSWDjUooJjigvczsL/Qfej1W2UDR+2J79SoTjLs34=" + email: false diff --git a/roles/git/.yamllint b/roles/git/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/git/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/git/CODE_OF_CONDUCT.md b/roles/git/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/git/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/git/CONTRIBUTING.md b/roles/git/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/git/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/git/LICENSE b/roles/git/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/git/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/git/PULL_REQUEST_TEMPLATE.md b/roles/git/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/git/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/git/README.md b/roles/git/README.md new file mode 100644 index 0000000..b5a0860 --- /dev/null +++ b/roles/git/README.md @@ -0,0 +1,173 @@ +git +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-git.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-git) + +Install and configure git on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + git_username: root + git_groupname: root + git_repository_destination: /root + git_repositories: + - repo: https://github.com/robertdebock/robertdebock.bootstrap + dest: bootstrap + - repo: https://github.com/robertdebock/robertdebock.bootstrap + dest: bootstrap-force + force: yes + - repo: https://github.com/robertdebock/robertdebock.bootstrap + dest: bootstrap-version + version: 2.11.1 + + roles: + - robertdebock.git +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + serial: 30% + + roles: + - role: robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for git + +# The system username in /home where to place the gitconfig file. +# git_username: johndoe + +# The group to own directories. +# git_groupname: "{{ git_username }}" + +# Settings for git configuration. +# git_user_email: johndoe@example.com +# git_user_name: John Doe + +# Where to place the copies of the repositories. +git_repository_destination: /home/{{ git_username }}/Documents/github.com/{{ git_username }} + + +# Should git force (overwrite locally changed) clone? (Can also be controlled +# per repository, see below. +git_force: no + +# The repositories to check out, bootstrap is pinned to a version, java will get HEAD/latest. +# git_repositories: +# - repo: https://github.com/robertdebock/ansible-role-bootstrap.git +# dest: bootstrap +# version: 2.2.4 +# - repo: ssh://git@github.com/robertdebock/ansible-role-java.git +# dest: java +# - repo: ssh://git@github.com/robertdebock/ansible-role-tomcat.git +# dest: tomcat +# force: yes +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/git.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-git) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-git/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/git/defaults/main.yml b/roles/git/defaults/main.yml new file mode 100644 index 0000000..652c160 --- /dev/null +++ b/roles/git/defaults/main.yml @@ -0,0 +1,31 @@ +--- +# defaults file for git + +# The system username in /home where to place the gitconfig file. +# git_username: johndoe + +# The group to own directories. +# git_groupname: "{{ git_username }}" + +# Settings for git configuration. +# git_user_email: johndoe@example.com +# git_user_name: John Doe + +# Where to place the copies of the repositories. +git_repository_destination: /home/{{ git_username }}/Documents/github.com/{{ git_username }} + + +# Should git force (overwrite locally changed) clone? (Can also be controlled +# per repository, see below. +git_force: no + +# The repositories to check out, bootstrap is pinned to a version, java will get HEAD/latest. +# git_repositories: +# - repo: https://github.com/robertdebock/ansible-role-bootstrap.git +# dest: bootstrap +# version: 2.2.4 +# - repo: ssh://git@github.com/robertdebock/ansible-role-java.git +# dest: java +# - repo: ssh://git@github.com/robertdebock/ansible-role-tomcat.git +# dest: tomcat +# force: yes diff --git a/roles/git/meta/.galaxy_install_info b/roles/git/meta/.galaxy_install_info new file mode 100644 index 0000000..28ca78e --- /dev/null +++ b/roles/git/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:51 2019', version: 3.0.2} diff --git a/roles/git/meta/main.yml b/roles/git/meta/main.yml new file mode 100644 index 0000000..1a6aaef --- /dev/null +++ b/roles/git/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: git + description: Install and configure git on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - git + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/git/molecule/alpine-edge/molecule.yml b/roles/git/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..bb82c55 --- /dev/null +++ b/roles/git/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/git/molecule/alpine-latest/molecule.yml b/roles/git/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..8a50fe7 --- /dev/null +++ b/roles/git/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/git/molecule/archlinux/molecule.yml b/roles/git/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..4ab7402 --- /dev/null +++ b/roles/git/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/git/molecule/centos-6/molecule.yml b/roles/git/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..9fe7fe5 --- /dev/null +++ b/roles/git/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/git/molecule/centos-latest/molecule.yml b/roles/git/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..1fae767 --- /dev/null +++ b/roles/git/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/git/molecule/debian-latest/molecule.yml b/roles/git/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..bbd64ee --- /dev/null +++ b/roles/git/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/git/molecule/debian-stable/molecule.yml b/roles/git/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..8bdd8c6 --- /dev/null +++ b/roles/git/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/git/molecule/debian-unstable/molecule.yml b/roles/git/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..3473f15 --- /dev/null +++ b/roles/git/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/git/molecule/default/molecule.yml b/roles/git/molecule/default/molecule.yml new file mode 100644 index 0000000..5817f9a --- /dev/null +++ b/roles/git/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: git-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: git-archlinux + image: archlinux/base + pre_build_image: yes + - name: git-centos-6 + image: centos:6 + pre_build_image: yes + - name: git-centos-latest + image: centos:latest + pre_build_image: yes + - name: git-debian-latest + image: debian:latest + pre_build_image: yes + - name: git-debian-stable + image: debian:stable + pre_build_image: yes + - name: git-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: git-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: git-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: git-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: git-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: git-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: git-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/git/molecule/ec2/README.md b/roles/git/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/git/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/git/molecule/ec2/create.yml b/roles/git/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/git/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/git/molecule/ec2/destroy.yml b/roles/git/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/git/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/git/molecule/ec2/molecule.yml b/roles/git/molecule/ec2/molecule.yml new file mode 100644 index 0000000..a00707c --- /dev/null +++ b/roles/git/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: git-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: git-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: git-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: git-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: git-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: git-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + git-ubuntu-18.04: + ansible_user: ubuntu + git-centos-7: + ansible_user: centos + git-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/git/molecule/fedora-latest/molecule.yml b/roles/git/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..c98efda --- /dev/null +++ b/roles/git/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/git/molecule/fedora-rawhide/molecule.yml b/roles/git/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..c0f896a --- /dev/null +++ b/roles/git/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/git/molecule/opensuse-leap/molecule.yml b/roles/git/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..4b6f21c --- /dev/null +++ b/roles/git/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/git/molecule/resources/playbook.yml b/roles/git/molecule/resources/playbook.yml new file mode 100644 index 0000000..3e39d91 --- /dev/null +++ b/roles/git/molecule/resources/playbook.yml @@ -0,0 +1,22 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + git_username: root + git_groupname: root + git_repository_destination: /root + git_repositories: + - repo: https://github.com/robertdebock/ansible-role-bootstrap + dest: bootstrap + - repo: https://github.com/robertdebock/ansible-role-bootstrap + dest: bootstrap-force + force: yes + - repo: https://github.com/robertdebock/ansible-role-bootstrap + dest: bootstrap-version + version: 2.11.1 + + roles: + - ansible-role-git diff --git a/roles/git/molecule/resources/prepare.yml b/roles/git/molecule/resources/prepare.yml new file mode 100644 index 0000000..d54ab93 --- /dev/null +++ b/roles/git/molecule/resources/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + serial: 30% + + roles: + - role: robertdebock.bootstrap diff --git a/roles/git/molecule/ubuntu-devel/molecule.yml b/roles/git/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..e794147 --- /dev/null +++ b/roles/git/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/git/molecule/ubuntu-latest/molecule.yml b/roles/git/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..3b37638 --- /dev/null +++ b/roles/git/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/git/molecule/ubuntu-rolling/molecule.yml b/roles/git/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..aa4f63b --- /dev/null +++ b/roles/git/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: git-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/git/molecule/vagrant/molecule.yml b/roles/git/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..3cceac4 --- /dev/null +++ b/roles/git/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: git-debian + box: debian/stretch64 + - name: git-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/git/requirements.yml b/roles/git/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/git/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml new file mode 100644 index 0000000..59766c7 --- /dev/null +++ b/roles/git/tasks/main.yml @@ -0,0 +1,66 @@ +--- +# tasks file for git +- name: install git + package: + name: "{{ git_packages }}" + state: present + register: git_install_git + until: git_install_git is succeeded + retries: 3 + +- name: see if the specified user exists + getent: + database: passwd + key: "{{ git_username }}" + fail_key: no + when: + - git_username is defined + +- name: create directory for git configuration + file: + path: /home/{{ git_username }} + state: directory + owner: "{{ git_username | default(omit) }}" + group: "{{ git_groupname | default(omit) }}" + when: + - getent_passwd is defined + - getent_passwd[git_username] != none + +- name: place git configuration + template: + src: gitconfig.j2 + dest: /home/{{ git_username }}/.gitconfig + when: + - git_user_email is defined + - git_user_name is defined + - git_username is defined + - getent_passwd[git_username] != none + +- name: create repository_destination + file: + path: "{{ git_repository_destination }}" + state: directory + owner: "{{ git_username | default(omit) }}" + group: "{{ git_groupname | default(omit) }}" + when: + - git_username is defined + - git_repository_destination is defined + - getent_passwd[git_username] != none + +- name: clone all roles + git: + repo: "{{ item.repo }}" + dest: "{{ git_repository_destination }}/{{ item.dest }}" + accept_hostkey: yes + version: "{{ item.version | default('HEAD') }}" + force: "{{ item.force | default(git_force) }}" + with_items: "{{ git_repositories }}" + become: yes + become_user: "{{ git_username }}" + when: + - git_repositories is defined + - git_repository_destination is defined + - git_username is defined + - getent_passwd[git_username] != none + loop_control: + label: "{{ item.dest }}" diff --git a/roles/git/templates/gitconfig.j2 b/roles/git/templates/gitconfig.j2 new file mode 100644 index 0000000..49567af --- /dev/null +++ b/roles/git/templates/gitconfig.j2 @@ -0,0 +1,3 @@ +[user] + email = {{ git_user_email }} + name = {{ git_user_name }} diff --git a/roles/git/vars/main.yml b/roles/git/vars/main.yml new file mode 100644 index 0000000..4af23a4 --- /dev/null +++ b/roles/git/vars/main.yml @@ -0,0 +1,7 @@ +--- +# vars file for git +_git_packages: + default: + - git + +git_packages: "{{ _git_packages[ansible_distribution] | default(_git_packages['default']) }}" diff --git a/roles/investigate/.github/ISSUE_TEMPLATE/bug_report.md b/roles/investigate/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/investigate/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/investigate/.github/ISSUE_TEMPLATE/feature_request.md b/roles/investigate/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/investigate/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/investigate/.github/settings.yml b/roles/investigate/.github/settings.yml new file mode 100644 index 0000000..75f7e20 --- /dev/null +++ b/roles/investigate/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure investigation tools on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/investigate/.gitignore b/roles/investigate/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/investigate/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/investigate/.travis.yml b/roles/investigate/.travis.yml new file mode 100644 index 0000000..cdef79f --- /dev/null +++ b/roles/investigate/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "me8c9Zt7dVW51f85HW7hYMWjpZrm1aeb0nUXyz2G2ymZfT2DN9TJOp7PLu0hbucos1qIQjxcc8JXiRsoFKwLxAYr3HrftQF+OS4IffSw5d31bbD93u+vvpJDVjovMHaNIjJj39b3G2siIjzoiAH7fJxrkSWY9Bq3DgK4oH2nMbmjYqc3VG6S3uOJJt/MX8sfq8phl14277TudGlOy4nLxN93GxVWkssFx5/liFk/io1hX8Dv9JtOU+zw9GiS8uoPqTHZtxJaiJyi+omjV8rs+NClHHCCd9nG8pnW4aWZLp1BQtOMSP1qwVwWgXMu1q5SxnYi+kjhHljOI2eoOra1vaDHkHWpLnQ9WnrVITNNVAoRiHyowtg1n0n+V7pd+ZQReGwUtTwsewOvWxB0/K9fBxw10PelIAciayaPQUiv7uCOM7tLz2ljS3sAj/KG/+oYdQoNxhgrLuG8szdZV982f9uFIos5SLe0s4Wo7EjhEFgg2odn1xcRYONFtElBlsxckr+yzSjzsFS7YhjkR0ca2nFUeU1eloRHAY4M76rHO4b9birn5SbXYvrXg+D/zyo2U8DAjWdId5fbQid7jz+u6LDlfbK4a3S4qJLb0fl9HNIdE88mq7XD95AK1XS6Qth8mpCafQthFAYjS4tC50HEZ8tDzag7adkPeKQGSoQE3io=" + email: false diff --git a/roles/investigate/.yamllint b/roles/investigate/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/investigate/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/investigate/CODE_OF_CONDUCT.md b/roles/investigate/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/investigate/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/investigate/CONTRIBUTING.md b/roles/investigate/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/investigate/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/investigate/LICENSE b/roles/investigate/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/investigate/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/investigate/PULL_REQUEST_TEMPLATE.md b/roles/investigate/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/investigate/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/investigate/README.md b/roles/investigate/README.md new file mode 100644 index 0000000..b2eb8d2 --- /dev/null +++ b/roles/investigate/README.md @@ -0,0 +1,131 @@ +investigate +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-investigate.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-investigate) + +Install and configure investigation tools on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.investigate +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.epel +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for investigate +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.epel + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/investigate.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-investigate) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-investigate/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/investigate/defaults/main.yml b/roles/investigate/defaults/main.yml new file mode 100644 index 0000000..68d56d4 --- /dev/null +++ b/roles/investigate/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for investigate diff --git a/roles/investigate/handlers/main.yml b/roles/investigate/handlers/main.yml new file mode 100644 index 0000000..4149297 --- /dev/null +++ b/roles/investigate/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# handlers file for investigate +- name: restart investigate + service: + name: "{{ investigate_service }}" + state: restarted + when: + - ansible_virtualization_type != "docker" diff --git a/roles/investigate/meta/.galaxy_install_info b/roles/investigate/meta/.galaxy_install_info new file mode 100644 index 0000000..77ea649 --- /dev/null +++ b/roles/investigate/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:54 2019', version: 2.0.2} diff --git a/roles/investigate/meta/main.yml b/roles/investigate/meta/main.yml new file mode 100644 index 0000000..365e9e5 --- /dev/null +++ b/roles/investigate/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: investigate + description: Install and configure investigation tools on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - investigate + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/investigate/molecule/alpine-edge/molecule.yml b/roles/investigate/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..05cc817 --- /dev/null +++ b/roles/investigate/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/investigate/molecule/alpine-latest/molecule.yml b/roles/investigate/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..60f3357 --- /dev/null +++ b/roles/investigate/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/investigate/molecule/archlinux/molecule.yml b/roles/investigate/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..8de54ba --- /dev/null +++ b/roles/investigate/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/investigate/molecule/centos-6/molecule.yml b/roles/investigate/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..773978e --- /dev/null +++ b/roles/investigate/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/investigate/molecule/centos-latest/molecule.yml b/roles/investigate/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..b4e39cf --- /dev/null +++ b/roles/investigate/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/investigate/molecule/debian-latest/molecule.yml b/roles/investigate/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..f719e16 --- /dev/null +++ b/roles/investigate/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/investigate/molecule/debian-stable/molecule.yml b/roles/investigate/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..f8ce15b --- /dev/null +++ b/roles/investigate/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/investigate/molecule/debian-unstable/molecule.yml b/roles/investigate/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..fe405ed --- /dev/null +++ b/roles/investigate/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/investigate/molecule/default/molecule.yml b/roles/investigate/molecule/default/molecule.yml new file mode 100644 index 0000000..a6e43b7 --- /dev/null +++ b/roles/investigate/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: investigate-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: investigate-archlinux + image: archlinux/base + pre_build_image: yes + - name: investigate-centos-6 + image: centos:6 + pre_build_image: yes + - name: investigate-centos-latest + image: centos:latest + pre_build_image: yes + - name: investigate-debian-latest + image: debian:latest + pre_build_image: yes + - name: investigate-debian-stable + image: debian:stable + pre_build_image: yes + - name: investigate-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: investigate-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: investigate-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: investigate-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: investigate-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: investigate-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: investigate-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/investigate/molecule/ec2/README.md b/roles/investigate/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/investigate/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/investigate/molecule/ec2/create.yml b/roles/investigate/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/investigate/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/investigate/molecule/ec2/destroy.yml b/roles/investigate/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/investigate/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/investigate/molecule/ec2/molecule.yml b/roles/investigate/molecule/ec2/molecule.yml new file mode 100644 index 0000000..200507a --- /dev/null +++ b/roles/investigate/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: investigate-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: investigate-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: investigate-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: investigate-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: investigate-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: investigate-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + investigate-ubuntu-18.04: + ansible_user: ubuntu + investigate-centos-7: + ansible_user: centos + investigate-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/investigate/molecule/fedora-latest/molecule.yml b/roles/investigate/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..178841e --- /dev/null +++ b/roles/investigate/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/investigate/molecule/fedora-rawhide/molecule.yml b/roles/investigate/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..83e9b1e --- /dev/null +++ b/roles/investigate/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/investigate/molecule/opensuse-leap/molecule.yml b/roles/investigate/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..1795fdc --- /dev/null +++ b/roles/investigate/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/investigate/molecule/resources/playbook.yml b/roles/investigate/molecule/resources/playbook.yml new file mode 100644 index 0000000..5508315 --- /dev/null +++ b/roles/investigate/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-investigate diff --git a/roles/investigate/molecule/resources/prepare.yml b/roles/investigate/molecule/resources/prepare.yml new file mode 100644 index 0000000..c8572a5 --- /dev/null +++ b/roles/investigate/molecule/resources/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.epel diff --git a/roles/investigate/molecule/ubuntu-devel/molecule.yml b/roles/investigate/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..e294e08 --- /dev/null +++ b/roles/investigate/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/investigate/molecule/ubuntu-latest/molecule.yml b/roles/investigate/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..1234692 --- /dev/null +++ b/roles/investigate/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/investigate/molecule/ubuntu-rolling/molecule.yml b/roles/investigate/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..0480fec --- /dev/null +++ b/roles/investigate/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: investigate-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/investigate/molecule/vagrant/molecule.yml b/roles/investigate/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..d612047 --- /dev/null +++ b/roles/investigate/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: investigate-debian + box: debian/stretch64 + - name: investigate-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/investigate/requirements.yml b/roles/investigate/requirements.yml new file mode 100644 index 0000000..cecd945 --- /dev/null +++ b/roles/investigate/requirements.yml @@ -0,0 +1,3 @@ +--- +- robertdebock.bootstrap +- robertdebock.epel diff --git a/roles/investigate/tasks/main.yml b/roles/investigate/tasks/main.yml new file mode 100644 index 0000000..7378c6a --- /dev/null +++ b/roles/investigate/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# tasks file for investigate +- name: install investigation tools + package: + name: "{{ investigate_packages }}" + state: present + register: investigate_install_investigate + until: investigate_install_investigate is succeeded + retries: 3 diff --git a/roles/investigate/templates/.gitkeep b/roles/investigate/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/investigate/vars/main.yml b/roles/investigate/vars/main.yml new file mode 100644 index 0000000..e18b311 --- /dev/null +++ b/roles/investigate/vars/main.yml @@ -0,0 +1,60 @@ +--- +# vars file for investigate +_investigate_packages: + Alpine: + - net-tools + - busybox-extras + - tcpdump + - bash + - bash-completion + - curl + - screen + Archlinux: + - net-tools + - tcpdump + - bash + - bash-completion + - curl + - screen + Debian: + - net-tools + - tcpdump + - telnet + - bash + - bash-completion + - curl + - screen + CentOS: + - net-tools + - tcpdump + - telnet + - bash + - bash-completion + - curl + - screen + Fedora: + - net-tools + - tcpdump + - telnet + - bash + - bash-completion + - curl + - screen + openSUSE Leap: + - net-tools + - tcpdump + - telnet + - bash + - bash-completion + - curl + - screen + Ubuntu: + - net-tools + - tcpdump + - telnet + - bash + - bash-completion + - curl + - screen + +investigate_packages: "{{ _investigate_packages[ansible_distribution] }}" diff --git a/roles/molecule/.github/ISSUE_TEMPLATE/bug_report.md b/roles/molecule/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/molecule/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/molecule/.github/ISSUE_TEMPLATE/feature_request.md b/roles/molecule/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/molecule/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/molecule/.github/settings.yml b/roles/molecule/.github/settings.yml new file mode 100644 index 0000000..dc97e42 --- /dev/null +++ b/roles/molecule/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install Molecule on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/molecule/.gitignore b/roles/molecule/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/molecule/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/molecule/.travis.yml b/roles/molecule/.travis.yml new file mode 100644 index 0000000..41b90ff --- /dev/null +++ b/roles/molecule/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "n7u1Uc3sZszghMynczG25+WGHDctpTRgXNpL7VDbj0ehoPQf1e0gNvXh2oQJhjssqfCgSPzdKhbF+X0/TJL2CLIZaMJXzlnQNek1AbpKfAfzmAAk8xCshAvUvto/sP/LKUCUY6dRVUS154p5p9h7RIYVPkBLqvTM0OdOizo6LzJTiqHPd0IwwsUMj6xAms6hwlY1m3M0q1GCx9R+DsqNxKWXR8mEBgvDap+KLxrGT34dOjUZqVqUA7qflbQpLrDsEG6ZR9UIXxOoQoyqwKqXG66FJfKRrMLnxLbi7UC9HBl4Dda0PZIyWbVhotM/vK/8SW72YyR+bqvqBmunPwaU5p15ipArGpMkRTm642RyeKB4XvgCvIBBycC/kl5aj2DBumkGs+nqZpq1fFpK2clSVUHdmkffAddbjRrMH9ZMnWfP85KaHXkg6cymBFxpp+K0uRL6QFTqPO/tHmZ+oWtiKUvy25n06KiDkMdn4MsqfvpaB5CfidbC7zcKMcGk5lcWwvKLMsBKXZI48z7ty/8XKYO1Ss/XgEyPbXg4MrSTwPCY/0tawaAdqqMen+0qLfSURsFN5TG0+Ym/ov+rLqq3TaqyawSRMAe9p1atWKkE3lEbS45KLuvlEMS9W1XHrzrx5MuDcFFqii8ePI7FFeMWoSFqeYXT0Bk7K3FlQ/vyf28=" + email: false diff --git a/roles/molecule/.yamllint b/roles/molecule/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/molecule/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/molecule/CODE_OF_CONDUCT.md b/roles/molecule/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/molecule/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/molecule/CONTRIBUTING.md b/roles/molecule/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/molecule/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/molecule/LICENSE b/roles/molecule/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/molecule/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/molecule/PULL_REQUEST_TEMPLATE.md b/roles/molecule/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/molecule/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/molecule/README.md b/roles/molecule/README.md new file mode 100644 index 0000000..937de58 --- /dev/null +++ b/roles/molecule/README.md @@ -0,0 +1,135 @@ +molecule +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-molecule.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-molecule) + +Install Molecule on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.molecule +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for molecule +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/molecule.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-molecule) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-molecule/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/molecule/defaults/main.yml b/roles/molecule/defaults/main.yml new file mode 100644 index 0000000..6669d52 --- /dev/null +++ b/roles/molecule/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for molecule diff --git a/roles/molecule/meta/.galaxy_install_info b/roles/molecule/meta/.galaxy_install_info new file mode 100644 index 0000000..376701c --- /dev/null +++ b/roles/molecule/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:25:58 2019', version: 2.0.1} diff --git a/roles/molecule/meta/main.yml b/roles/molecule/meta/main.yml new file mode 100644 index 0000000..0565736 --- /dev/null +++ b/roles/molecule/meta/main.yml @@ -0,0 +1,46 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: molecule + description: Install Molecule on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - molecule + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/molecule/molecule/alpine-edge/molecule.yml b/roles/molecule/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..58ba6af --- /dev/null +++ b/roles/molecule/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/molecule/molecule/alpine-latest/molecule.yml b/roles/molecule/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..dafdaec --- /dev/null +++ b/roles/molecule/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/molecule/molecule/archlinux/molecule.yml b/roles/molecule/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..72f1f6b --- /dev/null +++ b/roles/molecule/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/molecule/molecule/centos-6/molecule.yml b/roles/molecule/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..c8b695f --- /dev/null +++ b/roles/molecule/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/molecule/molecule/centos-latest/molecule.yml b/roles/molecule/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..3367410 --- /dev/null +++ b/roles/molecule/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/molecule/molecule/debian-latest/molecule.yml b/roles/molecule/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..17715ce --- /dev/null +++ b/roles/molecule/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/molecule/molecule/debian-stable/molecule.yml b/roles/molecule/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..aba6060 --- /dev/null +++ b/roles/molecule/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/molecule/molecule/debian-unstable/molecule.yml b/roles/molecule/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..b11c7ea --- /dev/null +++ b/roles/molecule/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/molecule/molecule/default/molecule.yml b/roles/molecule/molecule/default/molecule.yml new file mode 100644 index 0000000..6138b6e --- /dev/null +++ b/roles/molecule/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: molecule-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: molecule-archlinux + image: archlinux/base + pre_build_image: yes + - name: molecule-centos-6 + image: centos:6 + pre_build_image: yes + - name: molecule-centos-latest + image: centos:latest + pre_build_image: yes + - name: molecule-debian-latest + image: debian:latest + pre_build_image: yes + - name: molecule-debian-stable + image: debian:stable + pre_build_image: yes + - name: molecule-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: molecule-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: molecule-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: molecule-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: molecule-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: molecule-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: molecule-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/molecule/molecule/ec2/README.md b/roles/molecule/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/molecule/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/molecule/molecule/ec2/create.yml b/roles/molecule/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/molecule/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/molecule/molecule/ec2/destroy.yml b/roles/molecule/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/molecule/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/molecule/molecule/ec2/molecule.yml b/roles/molecule/molecule/ec2/molecule.yml new file mode 100644 index 0000000..ee04797 --- /dev/null +++ b/roles/molecule/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: molecule-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: molecule-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: molecule-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: molecule-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: molecule-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: molecule-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + molecule-ubuntu-18.04: + ansible_user: ubuntu + molecule-centos-7: + ansible_user: centos + molecule-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/molecule/molecule/fedora-latest/molecule.yml b/roles/molecule/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..a81b037 --- /dev/null +++ b/roles/molecule/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/molecule/molecule/fedora-rawhide/molecule.yml b/roles/molecule/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..be1c501 --- /dev/null +++ b/roles/molecule/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/molecule/molecule/opensuse-leap/molecule.yml b/roles/molecule/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..e599819 --- /dev/null +++ b/roles/molecule/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/molecule/molecule/resources/playbook.yml b/roles/molecule/molecule/resources/playbook.yml new file mode 100644 index 0000000..800082b --- /dev/null +++ b/roles/molecule/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-molecule diff --git a/roles/molecule/molecule/resources/prepare.yml b/roles/molecule/molecule/resources/prepare.yml new file mode 100644 index 0000000..a44724a --- /dev/null +++ b/roles/molecule/molecule/resources/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip diff --git a/roles/molecule/molecule/ubuntu-devel/molecule.yml b/roles/molecule/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..335191f --- /dev/null +++ b/roles/molecule/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/molecule/molecule/ubuntu-latest/molecule.yml b/roles/molecule/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..e0d69a1 --- /dev/null +++ b/roles/molecule/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/molecule/molecule/ubuntu-rolling/molecule.yml b/roles/molecule/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..4f835b4 --- /dev/null +++ b/roles/molecule/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: molecule-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/molecule/molecule/vagrant/molecule.yml b/roles/molecule/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..7a6508b --- /dev/null +++ b/roles/molecule/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: molecule-debian + box: debian/stretch64 + - name: molecule-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/molecule/requirements.yml b/roles/molecule/requirements.yml new file mode 100644 index 0000000..2fd552b --- /dev/null +++ b/roles/molecule/requirements.yml @@ -0,0 +1,5 @@ +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip diff --git a/roles/molecule/tasks/main.yml b/roles/molecule/tasks/main.yml new file mode 100644 index 0000000..c90971b --- /dev/null +++ b/roles/molecule/tasks/main.yml @@ -0,0 +1,25 @@ +--- +# tasks file for molecule +- name: install requirements + package: + name: "{{ molecule_requirements }}" + state: present + register: molecule_install_requirements + until: molecule_install_requirements is succeeded + retries: 3 + +- name: register molecule state + stat: + path: /usr/local/bin/molecule + register: register_molecule_state + +- name: install molecule + pip: + name: "{{ molecule_packages }}" + state: present + extra_args: "{{ molecule_extra_args | default(omit) }}" + register: molecule_install_molecule + until: molecule_install_molecule is succeeded + retries: 3 + when: + - not register_molecule_state.stat.exists diff --git a/roles/molecule/vars/main.yml b/roles/molecule/vars/main.yml new file mode 100644 index 0000000..b856594 --- /dev/null +++ b/roles/molecule/vars/main.yml @@ -0,0 +1,30 @@ +--- +# vars file for molecule +_molecule_requirements: + default: [] + Archlinux: + - bash + Alpine: + - linux-headers + CentOS: + - python-devel + - openssl-devel + Debian: + - libssl-dev + Fedora: + - python3-devel + - openssl-devel + openSUSE Leap: + - python-devel + Ubuntu: + - libssl-dev + +molecule_requirements: "{{ _molecule_requirements[ansible_distribution] | default(_molecule_requirements['default']) }}" + +molecule_packages: + - molecule + +# _molecule_extra_args: +# Ubuntu: "--ignore-installed entrypoints" +# +# molecule_extra_args: "{{ _molecule_extra_args[ansible_distribution] | default(omit) }}" diff --git a/roles/postfix/.github/ISSUE_TEMPLATE/bug_report.md b/roles/postfix/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/postfix/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/postfix/.github/ISSUE_TEMPLATE/feature_request.md b/roles/postfix/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/postfix/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/postfix/.github/settings.yml b/roles/postfix/.github/settings.yml new file mode 100644 index 0000000..71b1b62 --- /dev/null +++ b/roles/postfix/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install and configure postfix on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/postfix/.gitignore b/roles/postfix/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/postfix/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/postfix/.travis.yml b/roles/postfix/.travis.yml new file mode 100644 index 0000000..5fcec88 --- /dev/null +++ b/roles/postfix/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "Wi69Ef0QvViLESAaT/IZFiPjBzqSyalb5VajrCtb4Zj1L0HT0Wt7kWwJhXiiLtAycCRZAqidjBcJvBF7eCVRjGSVkTDSX3HnMG/ErbKYshlNt/aelTEAt5bfqUmDOP9mvXL7kWbuGa7P+0BDPGc96QLX3OhhmivVZSuhTSUQbtBV71c92IAw1D+w/MSeu4yevrPL3vNAqgmjk6tqzA00wahIESgyZY8FtiCSDCyoL9FwUxCOt8Ko9zXf8TEM4ZbhihF4NmUe2klAlPnzFXkMHrPnFDWbHL0PpjSm1ALM8d5jsBC8YjI+oTCI5x82/Z0Ov1MntSyy/JEOHqOn835UhvOql2nDOHTS7IMsPAaskiNu9PMnSX7RQDgoGFfIKEaMS4/q/c/Uxzmi5WHzieS/yT4ghPi66EYaYjoLS4/cXIfrZsAHkl5xCQSLQyPgkzUkS/yWDduzusTvq/qxMoWP8m8asjNPfz13sou2/ZyVBXXQv0dDIWGO3hhFbucZ6hJqmOnbXRnngNXY4W68VFa2KatiOvMgDSJyG+Tk+R5sPHVxnTSv7Q3qzQbV6osS542VG3aV6y3SNhYU201pCwKxQHh9dpatnwijnpDVBZWKVGnA/rRWlf1MZ/1Y3saXd7irubUNgc1J3jYrEVk6g/EUZ/dfQlmvvJw3sRrBWPWkOWc=" + email: false diff --git a/roles/postfix/.yamllint b/roles/postfix/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/postfix/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/postfix/CODE_OF_CONDUCT.md b/roles/postfix/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/postfix/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/postfix/CONTRIBUTING.md b/roles/postfix/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/postfix/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/postfix/LICENSE b/roles/postfix/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/postfix/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/postfix/PULL_REQUEST_TEMPLATE.md b/roles/postfix/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/postfix/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/postfix/README.md b/roles/postfix/README.md new file mode 100644 index 0000000..4d8e0fd --- /dev/null +++ b/roles/postfix/README.md @@ -0,0 +1,187 @@ +postfix +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-postfix.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-postfix) + +Install and configure postfix on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.postfix +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + vars: + postfix_aliases: + - name: root + destination: robert@meinit.nl + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for postfix + +# These settings are required in postfix. +postfix_myhostname: "{{ ansible_fqdn }}" +postfix_mydomain: "{{ ansible_domain | default ('localdomain', true) }}" +postfix_myorigin: "{{ ansible_domain | default ('localdomain', true) }}" + +# To "listen" on public interfaces, set inet_interfaces to something like +# "all" or the name of the interface, such as "eth0". +postfix_inet_inferfaces: "loopback-only" + +# The distination tells Postfix what mails to accept mail for. +postfix_mydestination: $mydomain, $myhostname, localhost.$mydomain, localhost + +# To accept email from other machines, set the mynetworks to something like +# "192.168.0.0/24". +postfix_mynetworks: "127.0.0.0/8" + +# These settings change the role of the postfix server to a relay host. +# postfix_relay_domains: "$mydestination" + +# If you want to forward emails to another central relay server, set relayhost. +# use brackets to sent to the A-record of the relayhost. +# postfix_relayhost: [relay.example.com] + +# Set the restrictions for receiving mails. +postfix_smtpd_recipient_restrictions: + - permit_mynetworks + - permit_sasl_authenticated + - reject_unauth_destination + - reject_invalid_hostname + - reject_non_fqdn_hostname + - reject_non_fqdn_sender + - reject_non_fqdn_recipient + - reject_unknown_sender_domain + - reject_unknown_recipient_domain + - reject_rbl_client sbl.spamhaus.org + - reject_rbl_client cbl.abuseat.org + - reject_rbl_client dul.dnsbl.sorbs.net + - permit + +# To enable spamassassin, ensure spamassassin is installed, +# (hint: role: robertdebock.spamassassin) and set these two variables: +# postfix_spamassassin: enabled +# postfix_spamassassin_user: spamd + +# To enable clamav, ensure clamav is installed, +# (hint: role: robertdebock.clamav) and set this variable: +# postfix_clamav: enabled + +# You can configure aliases here. Typically redirecting `root` is a good plan. +# postfix_aliases: +# - name: root +# destination: robert@meinit.nl +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/postfix.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-postfix) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-postfix/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml new file mode 100644 index 0000000..985d51d --- /dev/null +++ b/roles/postfix/defaults/main.yml @@ -0,0 +1,55 @@ +--- +# defaults file for postfix + +# These settings are required in postfix. +postfix_myhostname: "{{ ansible_fqdn }}" +postfix_mydomain: "{{ ansible_domain | default ('localdomain', true) }}" +postfix_myorigin: "{{ ansible_domain | default ('localdomain', true) }}" + +# To "listen" on public interfaces, set inet_interfaces to something like +# "all" or the name of the interface, such as "eth0". +postfix_inet_inferfaces: "loopback-only" + +# The distination tells Postfix what mails to accept mail for. +postfix_mydestination: $mydomain, $myhostname, localhost.$mydomain, localhost + +# To accept email from other machines, set the mynetworks to something like +# "192.168.0.0/24". +postfix_mynetworks: "127.0.0.0/8" + +# These settings change the role of the postfix server to a relay host. +# postfix_relay_domains: "$mydestination" + +# If you want to forward emails to another central relay server, set relayhost. +# use brackets to sent to the A-record of the relayhost. +# postfix_relayhost: [relay.example.com] + +# Set the restrictions for receiving mails. +postfix_smtpd_recipient_restrictions: + - permit_mynetworks + - permit_sasl_authenticated + - reject_unauth_destination + - reject_invalid_hostname + - reject_non_fqdn_hostname + - reject_non_fqdn_sender + - reject_non_fqdn_recipient + - reject_unknown_sender_domain + - reject_unknown_recipient_domain + - reject_rbl_client sbl.spamhaus.org + - reject_rbl_client cbl.abuseat.org + - reject_rbl_client dul.dnsbl.sorbs.net + - permit + +# To enable spamassassin, ensure spamassassin is installed, +# (hint: role: robertdebock.spamassassin) and set these two variables: +# postfix_spamassassin: enabled +# postfix_spamassassin_user: spamd + +# To enable clamav, ensure clamav is installed, +# (hint: role: robertdebock.clamav) and set this variable: +# postfix_clamav: enabled + +# You can configure aliases here. Typically redirecting `root` is a good plan. +# postfix_aliases: +# - name: root +# destination: robert@meinit.nl diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml new file mode 100644 index 0000000..b909f7c --- /dev/null +++ b/roles/postfix/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for postfix +- name: restart postfix + service: + name: "{{ postfix_service }}" + state: restarted + when: + - ansible_virtualization_type != "docker" + +- name: rebuild alias database + command: postmap "{{ postfix_alias_path }}" diff --git a/roles/postfix/meta/.galaxy_install_info b/roles/postfix/meta/.galaxy_install_info new file mode 100644 index 0000000..6ecfe90 --- /dev/null +++ b/roles/postfix/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:01 2019', version: 2.0.4} diff --git a/roles/postfix/meta/main.yml b/roles/postfix/meta/main.yml new file mode 100644 index 0000000..c1ff8ce --- /dev/null +++ b/roles/postfix/meta/main.yml @@ -0,0 +1,51 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: postfix + description: Install and configure postfix on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - alpine + - archlinux + - centos + - debian + - fedora + - installer + - mailserver + - opensuse + - package + - postfix + - rhel + - security + - system + - ubuntu + +dependencies: [] diff --git a/roles/postfix/molecule/alpine-edge/molecule.yml b/roles/postfix/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..56ec268 --- /dev/null +++ b/roles/postfix/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/postfix/molecule/alpine-latest/molecule.yml b/roles/postfix/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..7f6d3de --- /dev/null +++ b/roles/postfix/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/postfix/molecule/archlinux/molecule.yml b/roles/postfix/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..55478ad --- /dev/null +++ b/roles/postfix/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/postfix/molecule/centos-6/molecule.yml b/roles/postfix/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..7ad4302 --- /dev/null +++ b/roles/postfix/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/postfix/molecule/centos-latest/molecule.yml b/roles/postfix/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..9bafe85 --- /dev/null +++ b/roles/postfix/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/postfix/molecule/debian-latest/molecule.yml b/roles/postfix/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..3160959 --- /dev/null +++ b/roles/postfix/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/postfix/molecule/debian-stable/molecule.yml b/roles/postfix/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..86a46cd --- /dev/null +++ b/roles/postfix/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/postfix/molecule/debian-unstable/molecule.yml b/roles/postfix/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..d662c32 --- /dev/null +++ b/roles/postfix/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/postfix/molecule/default/molecule.yml b/roles/postfix/molecule/default/molecule.yml new file mode 100644 index 0000000..9847c1d --- /dev/null +++ b/roles/postfix/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: postfix-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: postfix-archlinux + image: archlinux/base + pre_build_image: yes + - name: postfix-centos-6 + image: centos:6 + pre_build_image: yes + - name: postfix-centos-latest + image: centos:latest + pre_build_image: yes + - name: postfix-debian-latest + image: debian:latest + pre_build_image: yes + - name: postfix-debian-stable + image: debian:stable + pre_build_image: yes + - name: postfix-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: postfix-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: postfix-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: postfix-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: postfix-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: postfix-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: postfix-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/postfix/molecule/ec2/README.md b/roles/postfix/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/postfix/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/postfix/molecule/ec2/create.yml b/roles/postfix/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/postfix/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/postfix/molecule/ec2/destroy.yml b/roles/postfix/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/postfix/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/postfix/molecule/ec2/molecule.yml b/roles/postfix/molecule/ec2/molecule.yml new file mode 100644 index 0000000..67ea6bb --- /dev/null +++ b/roles/postfix/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: postfix-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: postfix-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: postfix-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: postfix-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: postfix-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: postfix-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + postfix-ubuntu-18.04: + ansible_user: ubuntu + postfix-centos-7: + ansible_user: centos + postfix-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/postfix/molecule/fedora-latest/molecule.yml b/roles/postfix/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..4924e69 --- /dev/null +++ b/roles/postfix/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/postfix/molecule/fedora-rawhide/molecule.yml b/roles/postfix/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..af0deb5 --- /dev/null +++ b/roles/postfix/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/postfix/molecule/opensuse-leap/molecule.yml b/roles/postfix/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..c74f332 --- /dev/null +++ b/roles/postfix/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/postfix/molecule/resources/playbook.yml b/roles/postfix/molecule/resources/playbook.yml new file mode 100644 index 0000000..a357fa3 --- /dev/null +++ b/roles/postfix/molecule/resources/playbook.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + postfix_aliases: + - name: root + destination: robert@meinit.nl + + roles: + - ansible-role-postfix diff --git a/roles/postfix/molecule/resources/prepare.yml b/roles/postfix/molecule/resources/prepare.yml new file mode 100644 index 0000000..4298ff8 --- /dev/null +++ b/roles/postfix/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap diff --git a/roles/postfix/molecule/ubuntu-devel/molecule.yml b/roles/postfix/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..646473e --- /dev/null +++ b/roles/postfix/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/postfix/molecule/ubuntu-latest/molecule.yml b/roles/postfix/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..dc19681 --- /dev/null +++ b/roles/postfix/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/postfix/molecule/ubuntu-rolling/molecule.yml b/roles/postfix/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..b341ddc --- /dev/null +++ b/roles/postfix/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: postfix-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/postfix/molecule/vagrant/INSTALL.rst b/roles/postfix/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/postfix/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/postfix/molecule/vagrant/molecule.yml b/roles/postfix/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..212fb10 --- /dev/null +++ b/roles/postfix/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: postfix-debian + box: debian/stretch64 + - name: postfix-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/postfix/requirements.yml b/roles/postfix/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/postfix/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml new file mode 100644 index 0000000..5f81727 --- /dev/null +++ b/roles/postfix/tasks/main.yml @@ -0,0 +1,62 @@ +--- +# tasks file for postfix +- name: check postfix_aliases + assert: + that: + - item.name is defined + - item.destination is defined + when: + - postfix_aliases is defined + with_items: + - "{{ postfix_aliases }}" + +- name: install postfix + package: + name: "{{ postfix_packages }}" + state: present + register: postfix_install_postfix + until: postfix_install_postfix + retries: 3 + +- name: create group + group: + name: "{{ postfix_group }}" + state: present + +- name: configure postfix (main.cf) + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + validate: postconf -d -c %s + notify: + - restart postfix + +- name: configure postfix (master.cf) + template: + src: master.cf.j2 + dest: /etc/postfix/master.cf + validate: postconf -d -c %s + notify: + - restart postfix + +- name: configure aliases + lineinfile: + path: "{{ postfix_alias_path }}" + regexp: "^{{ item.name }}:" + line: "{{ item.name }}: {{ item.destination }}" + when: + - postfix_aliases is defined + with_items: + - "{{ postfix_aliases }}" + notify: + - rebuild alias database + loop_control: + label: "{{ item.name }}" + +- name: start and enable postfix + service: + name: "{{ postfix_service }}" + state: started + enabled: yes + when: + - ansible_virtualization_type != "docker" diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2 new file mode 100644 index 0000000..bbe5b54 --- /dev/null +++ b/roles/postfix/templates/main.cf.j2 @@ -0,0 +1,704 @@ +{{ ansible_managed | comment }} +# Global Postfix configuration file. This file lists only a subset +# of all parameters. For the syntax, and for a complete parameter +# list, see the postconf(5) manual page (command: "man 5 postconf"). +# +# For common configuration examples, see BASIC_CONFIGURATION_README +# and STANDARD_CONFIGURATION_README. To find these documents, use +# the command "postconf html_directory readme_directory", or go to +# http://www.postfix.org/. +# +# For best results, change no more than 2-3 parameters at a time, +# and test if Postfix still works after every change. + +# SOFT BOUNCE +# +# The soft_bounce parameter provides a limited safety net for +# testing. When soft_bounce is enabled, mail will remain queued that +# would otherwise bounce. This parameter disables locally-generated +# bounces, and prevents the SMTP server from rejecting mail permanently +# (by changing 5xx replies into 4xx replies). However, soft_bounce +# is no cure for address rewriting mistakes or mail routing mistakes. +# +#soft_bounce = no + +# LOCAL PATHNAME INFORMATION +# +# The queue_directory specifies the location of the Postfix queue. +# This is also the root directory of Postfix daemons that run chrooted. +# See the files in examples/chroot-setup for setting up Postfix chroot +# environments on different UNIX systems. +# +queue_directory = /var/spool/postfix + +# The command_directory parameter specifies the location of all +# postXXX commands. +# +command_directory = /usr/sbin + +# The daemon_directory parameter specifies the location of all Postfix +# daemon programs (i.e. programs listed in the master.cf file). This +# directory must be owned by root. +# +daemon_directory = {{ postfix_daemon_directory[ansible_distribution] | default(postfix_daemon_directory['default']) }} + +# The data_directory parameter specifies the location of Postfix-writable +# data files (caches, random numbers). This directory must be owned +# by the mail_owner account (see below). +# +data_directory = /var/lib/postfix + +# QUEUE AND PROCESS OWNERSHIP +# +# The mail_owner parameter specifies the owner of the Postfix queue +# and of most Postfix daemon processes. Specify the name of a user +# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS +# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In +# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED +# USER. +# +mail_owner = postfix + +# The default_privs parameter specifies the default rights used by +# the local delivery agent for delivery to external file or command. +# These rights are used in the absence of a recipient user context. +# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER. +# +#default_privs = nobody + +# INTERNET HOST AND DOMAIN NAMES +# +# The myhostname parameter specifies the internet hostname of this +# mail system. The default is to use the fully-qualified domain name +# from gethostname(). $myhostname is used as a default value for many +# other configuration parameters. +# +#myhostname = host.domain.tld +#myhostname = virtual.domain.tld +myhostname = {{ postfix_myhostname }} + +# The mydomain parameter specifies the local internet domain name. +# The default is to use $myhostname minus the first component. +# $mydomain is used as a default value for many other configuration +# parameters. +# +#mydomain = domain.tld +mydomain = {{ postfix_mydomain }} + +# SENDING MAIL +# +# The myorigin parameter specifies the domain that locally-posted +# mail appears to come from. The default is to append $myhostname, +# which is fine for small sites. If you run a domain with multiple +# machines, you should (1) change this to $mydomain and (2) set up +# a domain-wide alias database that aliases each user to +# user@that.users.mailhost. +# +# For the sake of consistency between sender and recipient addresses, +# myorigin also specifies the default domain name that is appended +# to recipient addresses that have no @domain part. +# +#myorigin = $myhostname +#myorigin = $mydomain +myorigin = {{ postfix_myorigin }} + +# RECEIVING MAIL + +# The inet_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on. By default, +# the software claims all active interfaces on the machine. The +# parameter also controls delivery of mail to user@[ip.address]. +# +# See also the proxy_interfaces parameter, for network addresses that +# are forwarded to us via a proxy or network address translator. +# +# Note: you need to stop/start Postfix when this parameter changes. +# +#inet_interfaces = all +#inet_interfaces = $myhostname +#inet_interfaces = $myhostname, localhost +#inet_inferfaces = localhost +inet_interfaces = {{ postfix_inet_inferfaces }} + +# Enable IPv4, and IPv6 if supported +inet_protocols = all + +# The proxy_interfaces parameter specifies the network interface +# addresses that this mail system receives mail on by way of a +# proxy or network address translation unit. This setting extends +# the address list specified with the inet_interfaces parameter. +# +# You must specify your proxy/NAT addresses when your system is a +# backup MX host for other domains, otherwise mail delivery loops +# will happen when the primary MX host is down. +# +#proxy_interfaces = +#proxy_interfaces = 1.2.3.4 + +# The mydestination parameter specifies the list of domains that this +# machine considers itself the final destination for. +# +# These domains are routed to the delivery agent specified with the +# local_transport parameter setting. By default, that is the UNIX +# compatible delivery agent that lookups all recipients in /etc/passwd +# and /etc/aliases or their equivalent. +# +# The default is $myhostname + localhost.$mydomain. On a mail domain +# gateway, you should also include $mydomain. +# +# Do not specify the names of virtual domains - those domains are +# specified elsewhere (see VIRTUAL_README). +# +# Do not specify the names of domains that this machine is backup MX +# host for. Specify those names via the relay_domains settings for +# the SMTP server, or use permit_mx_backup if you are lazy (see +# STANDARD_CONFIGURATION_README). +# +# The local machine is always the final destination for mail addressed +# to user@[the.net.work.address] of an interface that the mail system +# receives mail on (see the inet_interfaces parameter). +# +# Specify a list of host or domain names, /file/name or type:table +# patterns, separated by commas and/or whitespace. A /file/name +# pattern is replaced by its contents; a type:table is matched when +# a name matches a lookup key (the right-hand side is ignored). +# Continue long lines by starting the next line with whitespace. +# +# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". +# +#mydestination = $myhostname, localhost.$mydomain, localhost +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain +#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, +# mail.$mydomain, www.$mydomain, ftp.$mydomain +{% if postfix_mydestination is defined %} +mydestination = {{ postfix_mydestination }} +{% endif %} + +# REJECTING MAIL FOR UNKNOWN LOCAL USERS +# +# The local_recipient_maps parameter specifies optional lookup tables +# with all names or addresses of users that are local with respect +# to $mydestination, $inet_interfaces or $proxy_interfaces. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown local users. This parameter is defined by default. +# +# To turn off local recipient checking in the SMTP server, specify +# local_recipient_maps = (i.e. empty). +# +# The default setting assumes that you use the default Postfix local +# delivery agent for local delivery. You need to update the +# local_recipient_maps setting if: +# +# - You define $mydestination domain recipients in files other than +# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files. +# For example, you define $mydestination domain recipients in +# the $virtual_mailbox_maps files. +# +# - You redefine the local delivery agent in master.cf. +# +# - You redefine the "local_transport" setting in main.cf. +# +# - You use the "luser_relay", "mailbox_transport", or "fallback_transport" +# feature of the Postfix local delivery agent (see local(8)). +# +# Details are described in the LOCAL_RECIPIENT_README file. +# +# Beware: if the Postfix SMTP server runs chrooted, you probably have +# to access the passwd file via the proxymap service, in order to +# overcome chroot restrictions. The alternative, having a copy of +# the system passwd file in the chroot jail is just not practical. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify a bare username, an @domain.tld +# wild-card, or specify a user@domain.tld address. +# +#local_recipient_maps = unix:passwd.byname $alias_maps +#local_recipient_maps = proxy:unix:passwd.byname $alias_maps +#local_recipient_maps = + +# The unknown_local_recipient_reject_code specifies the SMTP server +# response code when a recipient domain matches $mydestination or +# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty +# and the recipient address or address local-part is not found. +# +# The default setting is 550 (reject mail) but it is safer to start +# with 450 (try again later) until you are certain that your +# local_recipient_maps settings are OK. +# +unknown_local_recipient_reject_code = 550 + +# TRUST AND RELAY CONTROL + +# The mynetworks parameter specifies the list of "trusted" SMTP +# clients that have more privileges than "strangers". +# +# In particular, "trusted" SMTP clients are allowed to relay mail +# through Postfix. See the smtpd_recipient_restrictions parameter +# in postconf(5). +# +# You can specify the list of "trusted" network addresses by hand +# or you can let Postfix do it for you (which is the default). +# +# By default (mynetworks_style = subnet), Postfix "trusts" SMTP +# clients in the same IP subnetworks as the local machine. +# On Linux, this does works correctly only with interfaces specified +# with the "ifconfig" command. +# +# Specify "mynetworks_style = class" when Postfix should "trust" SMTP +# clients in the same IP class A/B/C networks as the local machine. +# Don't do this with a dialup site - it would cause Postfix to "trust" +# your entire provider's network. Instead, specify an explicit +# mynetworks list by hand, as described below. +# +# Specify "mynetworks_style = host" when Postfix should "trust" +# only the local machine. +# +#mynetworks_style = class +#mynetworks_style = subnet +#mynetworks_style = host + +# Alternatively, you can specify the mynetworks list by hand, in +# which case Postfix ignores the mynetworks_style setting. +# +# Specify an explicit list of network/netmask patterns, where the +# mask specifies the number of bits in the network part of a host +# address. +# +# You can also specify the absolute pathname of a pattern file instead +# of listing the patterns here. Specify type:table for table-based lookups +# (the value on the table right-hand side is not used). +# +#mynetworks = 168.100.189.0/28, 127.0.0.0/8 +#mynetworks = $config_directory/mynetworks +#mynetworks = hash:/etc/postfix/network_table +mynetworks = {{ postfix_mynetworks }} + +# The relay_domains parameter restricts what destinations this system will +# relay mail to. See the smtpd_recipient_restrictions description in +# postconf(5) for detailed information. +# +# By default, Postfix relays mail +# - from "trusted" clients (IP address matches $mynetworks) to any destination, +# - from "untrusted" clients to destinations that match $relay_domains or +# subdomains thereof, except addresses with sender-specified routing. +# The default relay_domains value is $mydestination. +# +# In addition to the above, the Postfix SMTP server by default accepts mail +# that Postfix is final destination for: +# - destinations that match $inet_interfaces or $proxy_interfaces, +# - destinations that match $mydestination +# - destinations that match $virtual_alias_domains, +# - destinations that match $virtual_mailbox_domains. +# These destinations do not need to be listed in $relay_domains. +# +# Specify a list of hosts or domains, /file/name patterns or type:name +# lookup tables, separated by commas and/or whitespace. Continue +# long lines by starting the next line with whitespace. A file name +# is replaced by its contents; a type:name table is matched when a +# (parent) domain appears as lookup key. +# +# NOTE: Postfix will not automatically forward mail for domains that +# list this system as their primary or backup MX host. See the +# permit_mx_backup restriction description in postconf(5). +# +#relay_domains = $mydestination +{% if postfix_relay_domains is defined %} +relay_domains = {{ postfix_relay_domains }} +{% endif %} + +{% if postfix_smtpd_recipient_restrictions is defined %} +smtpd_recipient_restrictions = {% for smtpd_recipient_restriction in postfix_smtpd_recipient_restrictions %}{{ smtpd_recipient_restriction }}, {% endfor %} +{% endif %} + +# INTERNET OR INTRANET + +# The relayhost parameter specifies the default host to send mail to +# when no entry is matched in the optional transport(5) table. When +# no relayhost is given, mail is routed directly to the destination. +# +# On an intranet, specify the organizational domain name. If your +# internal DNS uses no MX records, specify the name of the intranet +# gateway host instead. +# +# In the case of SMTP, specify a domain, host, host:port, [host]:port, +# [address] or [address]:port; the form [host] turns off MX lookups. +# +# If you're connected via UUCP, see also the default_transport parameter. +# +#relayhost = $mydomain +#relayhost = [gateway.my.domain] +#relayhost = [mailserver.isp.tld] +#relayhost = uucphost +#relayhost = [an.ip.add.ress] +{% if postfix_relayhost is defined %} +relayhost = {{ postfix_relayhost }} +{% endif %} + +# REJECTING UNKNOWN RELAY USERS +# +# The relay_recipient_maps parameter specifies optional lookup tables +# with all addresses in the domains that match $relay_domains. +# +# If this parameter is defined, then the SMTP server will reject +# mail for unknown relay users. This feature is off by default. +# +# The right-hand side of the lookup tables is conveniently ignored. +# In the left-hand side, specify an @domain.tld wild-card, or specify +# a user@domain.tld address. +# +#relay_recipient_maps = hash:/etc/postfix/relay_recipients + +# INPUT RATE CONTROL +# +# The in_flow_delay configuration parameter implements mail input +# flow control. This feature is turned on by default, although it +# still needs further development (it's disabled on SCO UNIX due +# to an SCO bug). +# +# A Postfix process will pause for $in_flow_delay seconds before +# accepting a new message, when the message arrival rate exceeds the +# message delivery rate. With the default 100 SMTP server process +# limit, this limits the mail inflow to 100 messages a second more +# than the number of messages delivered per second. +# +# Specify 0 to disable the feature. Valid delays are 0..10. +# +#in_flow_delay = 1s + +# ADDRESS REWRITING +# +# The ADDRESS_REWRITING_README document gives information about +# address masquerading or other forms of address rewriting including +# username->Firstname.Lastname mapping. + +# ADDRESS REDIRECTION (VIRTUAL DOMAIN) +# +# The VIRTUAL_README document gives information about the many forms +# of domain hosting that Postfix supports. + +# "USER HAS MOVED" BOUNCE MESSAGES +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# TRANSPORT MAP +# +# See the discussion in the ADDRESS_REWRITING_README document. + +# ALIAS DATABASE +# +# The alias_maps parameter specifies the list of alias databases used +# by the local delivery agent. The default list is system dependent. +# +# On systems with NIS, the default is to search the local alias +# database, then the NIS alias database. See aliases(5) for syntax +# details. +# +# If you change the alias database, run "postalias /etc/aliases" (or +# wherever your system stores the mail alias file), or simply run +# "newaliases" to build the necessary DBM or DB file. +# +# It will take a minute or so before changes become visible. Use +# "postfix reload" to eliminate the delay. +# +#alias_maps = dbm:/etc/aliases +alias_maps = hash:/etc/aliases +#alias_maps = hash:/etc/aliases, nis:mail.aliases +#alias_maps = netinfo:/aliases + +# The alias_database parameter specifies the alias database(s) that +# are built with "newaliases" or "sendmail -bi". This is a separate +# configuration parameter, because alias_maps (see above) may specify +# tables that are not necessarily all under control by Postfix. +# +#alias_database = dbm:/etc/aliases +#alias_database = dbm:/etc/mail/aliases +alias_database = hash:/etc/aliases +#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases + +# ADDRESS EXTENSIONS (e.g., user+foo) +# +# The recipient_delimiter parameter specifies the separator between +# user names and address extensions (user+foo). See canonical(5), +# local(8), relocated(5) and virtual(5) for the effects this has on +# aliases, canonical, virtual, relocated and .forward file lookups. +# Basically, the software tries user+foo and .forward+foo before +# trying user and .forward. +# +#recipient_delimiter = + + +# DELIVERY TO MAILBOX +# +# The home_mailbox parameter specifies the optional pathname of a +# mailbox file relative to a user's home directory. The default +# mailbox file is /var/spool/mail/user or /var/mail/user. Specify +# "Maildir/" for qmail-style delivery (the / is required). +# +#home_mailbox = Mailbox +#home_mailbox = Maildir/ + +# The mail_spool_directory parameter specifies the directory where +# UNIX-style mailboxes are kept. The default setting depends on the +# system type. +# +#mail_spool_directory = /var/mail +#mail_spool_directory = /var/spool/mail + +# The mailbox_command parameter specifies the optional external +# command to use instead of mailbox delivery. The command is run as +# the recipient with proper HOME, SHELL and LOGNAME environment settings. +# Exception: delivery for root is done as $default_user. +# +# Other environment variables of interest: USER (recipient username), +# EXTENSION (address extension), DOMAIN (domain part of address), +# and LOCAL (the address localpart). +# +# Unlike other Postfix configuration parameters, the mailbox_command +# parameter is not subjected to $parameter substitutions. This is to +# make it easier to specify shell syntax (see example below). +# +# Avoid shell meta characters because they will force Postfix to run +# an expensive shell process. Procmail alone is expensive enough. +# +# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN +# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. +# +#mailbox_command = /some/where/procmail +#mailbox_command = /some/where/procmail -a "$EXTENSION" + +# The mailbox_transport specifies the optional transport in master.cf +# to use after processing aliases and .forward files. This parameter +# has precedence over the mailbox_command, fallback_transport and +# luser_relay parameters. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd" +# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf. +#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp + +# If using the cyrus-imapd IMAP server deliver local mail to the IMAP +# server using LMTP (Local Mail Transport Protocol), this is prefered +# over the older cyrus deliver program by setting the +# mailbox_transport as below: +# +# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp +# +# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via +# these settings. +# +# local_destination_recipient_limit = 300 +# local_destination_concurrency_limit = 5 +# +# Of course you should adjust these settings as appropriate for the +# capacity of the hardware you are using. The recipient limit setting +# can be used to take advantage of the single instance message store +# capability of Cyrus. The concurrency limit can be used to control +# how many simultaneous LMTP sessions will be permitted to the Cyrus +# message store. +# +# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and +# subsequent line in master.cf. +#mailbox_transport = cyrus + +# The fallback_transport specifies the optional transport in master.cf +# to use for recipients that are not found in the UNIX passwd database. +# This parameter has precedence over the luser_relay parameter. +# +# Specify a string of the form transport:nexthop, where transport is +# the name of a mail delivery transport defined in master.cf. The +# :nexthop part is optional. For more details see the sample transport +# configuration file. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must update the "local_recipient_maps" setting in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp +#fallback_transport = + +# The luser_relay parameter specifies an optional destination address +# for unknown recipients. By default, mail for unknown@$mydestination, +# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned +# as undeliverable. +# +# The following expansions are done on luser_relay: $user (recipient +# username), $shell (recipient shell), $home (recipient home directory), +# $recipient (full recipient address), $extension (recipient address +# extension), $domain (recipient domain), $local (entire recipient +# localpart), $recipient_delimiter. Specify ${name?value} or +# ${name:value} to expand value only when $name does (does not) exist. +# +# luser_relay works only for the default Postfix local delivery agent. +# +# NOTE: if you use this feature for accounts not in the UNIX password +# file, then you must specify "local_recipient_maps =" (i.e. empty) in +# the main.cf file, otherwise the SMTP server will reject mail for +# non-UNIX accounts with "User unknown in local recipient table". +# +#luser_relay = $user@other.host +#luser_relay = $local@other.host +#luser_relay = admin+$local + +# JUNK MAIL CONTROLS +# +# The controls listed here are only a very small subset. The file +# SMTPD_ACCESS_README provides an overview. + +# The header_checks parameter specifies an optional table with patterns +# that each logical message header is matched against, including +# headers that span multiple physical lines. +# +# By default, these patterns also apply to MIME headers and to the +# headers of attached messages. With older Postfix versions, MIME and +# attached message headers were treated as body text. +# +# For details, see "man header_checks". +# +#header_checks = regexp:/etc/postfix/header_checks + +# FAST ETRN SERVICE +# +# Postfix maintains per-destination logfiles with information about +# deferred mail, so that mail can be flushed quickly with the SMTP +# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld". +# See the ETRN_README document for a detailed description. +# +# The fast_flush_domains parameter controls what destinations are +# eligible for this service. By default, they are all domains that +# this server is willing to relay mail to. +# +#fast_flush_domains = $relay_domains + +# SHOW SOFTWARE VERSION OR NOT +# +# The smtpd_banner parameter specifies the text that follows the 220 +# code in the SMTP server's greeting banner. Some people like to see +# the mail version advertised. By default, Postfix shows no version. +# +# You MUST specify $myhostname at the start of the text. That is an +# RFC requirement. Postfix itself does not care. +# +#smtpd_banner = $myhostname ESMTP $mail_name +#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) + +# PARALLEL DELIVERY TO THE SAME DESTINATION +# +# How many parallel deliveries to the same user or domain? With local +# delivery, it does not make sense to do massively parallel delivery +# to the same user, because mailbox updates must happen sequentially, +# and expensive pipelines in .forward files can cause disasters when +# too many are run at the same time. With SMTP deliveries, 10 +# simultaneous connections to the same domain could be sufficient to +# raise eyebrows. +# +# Each message delivery transport has its XXX_destination_concurrency_limit +# parameter. The default is $default_destination_concurrency_limit for +# most delivery transports. For the local delivery agent the default is 2. + +#local_destination_concurrency_limit = 2 +#default_destination_concurrency_limit = 20 + +# DEBUGGING CONTROL +# +# The debug_peer_level parameter specifies the increment in verbose +# logging level when an SMTP client or server host name or address +# matches a pattern in the debug_peer_list parameter. +# +debug_peer_level = 2 + +# The debug_peer_list parameter specifies an optional list of domain +# or network patterns, /file/name patterns or type:name tables. When +# an SMTP client or server host name or address matches a pattern, +# increase the verbose logging level by the amount specified in the +# debug_peer_level parameter. +# +#debug_peer_list = 127.0.0.1 +#debug_peer_list = some.domain + +# The debugger_command specifies the external command that is executed +# when a Postfix daemon program is run with the -D option. +# +# Use "command .. & sleep 5" so that the debugger can attach before +# the process marches on. If you use an X-based debugger, be sure to +# set up your XAUTHORITY environment variable before starting Postfix. +# +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +# If you can't use X, use this to capture the call stack when a +# daemon crashes. The result is in a file in the configuration +# directory, and is named after the process name and the process ID. +# +# debugger_command = +# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; +# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 +# >$config_directory/$process_name.$process_id.log & sleep 5 +# +# Another possibility is to run gdb under a detached screen session. +# To attach to the screen sesssion, su root and run "screen -r +# " where uniquely matches one of the detached +# sessions (from "screen -list"). +# +# debugger_command = +# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen +# -dmS $process_name gdb $daemon_directory/$process_name +# $process_id & sleep 1 + +# INSTALL-TIME CONFIGURATION INFORMATION +# +# The following parameters are used when installing a new Postfix version. +# +# sendmail_path: The full pathname of the Postfix sendmail command. +# This is the Sendmail-compatible mail posting interface. +# +sendmail_path = /usr/sbin/sendmail.postfix + +# newaliases_path: The full pathname of the Postfix newaliases command. +# This is the Sendmail-compatible command to build alias databases. +# +newaliases_path = /usr/bin/newaliases.postfix + +# mailq_path: The full pathname of the Postfix mailq command. This +# is the Sendmail-compatible mail queue listing command. +# +mailq_path = /usr/bin/mailq.postfix + +# setgid_group: The group for mail submission and queue management +# commands. This must be a group name with a numerical group ID that +# is not shared with other accounts, not even with the Postfix account. +# +setgid_group = postdrop + +# html_directory: The location of the Postfix HTML documentation. +# +html_directory = no + +# manpage_directory: The location of the Postfix on-line manual pages. +# +manpage_directory = /usr/share/man + +# sample_directory: The location of the Postfix sample configuration files. +# This parameter is obsolete as of Postfix 2.1. +# +sample_directory = /usr/share/doc/postfix-2.10.1/samples + +# readme_directory: The location of the Postfix README files. +# +readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES + +# content_filter: An optional filter to classify content. +{% if postfix_clamav is defined %} +content_filter = scan:127.0.0.1:10025 +receive_override_options = no_address_mappings +{% endif %} diff --git a/roles/postfix/templates/master.cf.j2 b/roles/postfix/templates/master.cf.j2 new file mode 100644 index 0000000..e79cd48 --- /dev/null +++ b/roles/postfix/templates/master.cf.j2 @@ -0,0 +1,147 @@ +{{ ansible_managed | comment }} +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master"). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (yes) (never) (100) +# ========================================================================== +{% if postfix_spamassassin is defined %} +smtp inet n - n - - smtpd -o content_filter=spamassassin +spamassassin unix - n n - - pipe flags=R user={{ postfix_spamassassin_user | default('spamd') }} argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} +{% else %} +smtp inet n - n - - smtpd +{% endif %} +{% if postfix_clamav is defined %} +scan unix - - n - 16 smtp + -o smtp_send_xforward_command=yes + -o smtp_enforce_tls=no +127.0.0.1:10026 inet n - n - 16 smtpd + -o content_filter= + -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks_style=host + -o smtpd_authorized_xforward_hosts=127.0.0.0/8 +{% endif %} +#smtp inet n - n - 1 postscreen +#smtpd pass - - n - - smtpd +#dnsblog unix - - n - 0 dnsblog +#tlsproxy unix - - n - 0 tlsproxy +#submission inet n - n - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#smtps inet n - n - - smtpd +# -o syslog_name=postfix/smtps +# -o smtpd_tls_wrappermode=yes +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - n - - qmqpd +pickup unix n - n 60 1 pickup +cleanup unix n - n - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - n - - smtp +relay unix - - n - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +#maildrop unix - n n - - pipe +# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== +# +# Other external delivery methods. +# +#ifmail unix - n n - - pipe +# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +# +#bsmtp unix - n n - - pipe +# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +#scalemail-backend unix - n n - 2 pipe +# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +# ${nexthop} ${user} ${extension} +# +#mailman unix - n n - - pipe +# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +# ${nexthop} ${user} diff --git a/roles/postfix/vars/main.yml b/roles/postfix/vars/main.yml new file mode 100644 index 0000000..c46cfe2 --- /dev/null +++ b/roles/postfix/vars/main.yml @@ -0,0 +1,21 @@ +--- +# vars file for postfix +postfix_packages: + - postfix + +postfix_service: postfix + +postfix_daemon_directory: + default: /usr/libexec/postfix + Debian: /usr/lib/postfix/sbin + Ubuntu: /usr/lib/postfix/sbin + openSUSE Leap: /usr/lib/postfix + +postfix_group: postdrop + +_postfix_alias_path: + default: /etc/aliases + Alpine: /etc/postfix/aliases + Archlinux: /etc/postfix/aliases + +postfix_alias_path: "{{ _postfix_alias_path[ansible_distribution] | default(_postfix_alias_path['default']) }}" diff --git a/roles/python_pip/.github/ISSUE_TEMPLATE/bug_report.md b/roles/python_pip/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/python_pip/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/python_pip/.github/ISSUE_TEMPLATE/feature_request.md b/roles/python_pip/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/python_pip/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/python_pip/.gitignore b/roles/python_pip/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/python_pip/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/python_pip/.travis.yml b/roles/python_pip/.travis.yml new file mode 100644 index 0000000..0cf3a79 --- /dev/null +++ b/roles/python_pip/.travis.yml @@ -0,0 +1,96 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.6,<2.7" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.6,<2.7" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.6,<2.7" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.6,<2.7" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.6,<2.7" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.6,<2.7" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.6,<2.7" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.6,<2.7" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.6,<2.7" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.6,<2.7" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.6,<2.7" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.6,<2.7" distro="opensuse-tumbleweed" + - version="" distro="opensuse-tumbleweed" + - version="devel" distro="opensuse-tumbleweed" + - version=">=2.6,<2.7" distro="ubuntu-artful" + - version="" distro="ubuntu-artful" + - version="devel" distro="ubuntu-artful" + - version=">=2.6,<2.7" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.6,<2.7" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.6,<2.7" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.6,<2.7" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.6,<2.7" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="opensuse-tumbleweed" + - env: version="devel" distro="ubuntu-artful" + - env: version=">=2.6,<2.7" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "imFHUBzYmrrkXXSZNhqP/epuJgWJUvCmU3bpLM87AV8WST/jY2Ex46DjAIeLpZanwf6RPDRESLPYPTKTyVWU2xWk4EvlgJePZWGsy7n0x8xg+hxMU4BbCc4dHsi9kWCa6cgKNvEUtFRqvNCd+PaovvvcoFCXPrGa5o0W9ZawYYChFuA122Q/7/lsqA3GaC/NZSsUyj2K8qvYeeZbdNOTwYfOL0kT808eOQRL/rYzsD/9wa+SIw4sIAAymZDQi5fgo1HvfcMSnKHtdNvJ1Js9ncrsNY6S+xGzUPOcImQ4n694ITNn4MuaGSG2DNGqJBbewqOED43v20pYjRmk7JAIo9vc0yD0wWbJ7sX3WMG46VPT3X51Ib9B0X54fZUil3d+6MEbLi6hJKU1YtirGV98tTGgKlUKexvEoYsP8nc4MsEg+ogh9GEa1Nu7pDCn80baPUKx7+pm0JAavFmqEskpiuyI3gFUTVjp7zuV91JaVU4Qtow/yANmXhJFOVLvjYGr40NqftgPxZfq2rvrwyvey70CxzfnbCkOaJOOB5Bx/fV3DSOlok5yCfDDIAPjcp0Zwf6TWaWtfsZhEdzvfHbWSzkY7nRcAp/vIKUnpQELm03DyfSgHH7cAkVvi/4r3Z07cZGaDM6wWYTHWpU/ISF25JvbjmKte+kMwprvMs5G3AQ=" + email: false diff --git a/roles/python_pip/.yamllint b/roles/python_pip/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/python_pip/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/python_pip/CODE_OF_CONDUCT.md b/roles/python_pip/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/python_pip/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/python_pip/CONTRIBUTING.md b/roles/python_pip/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/python_pip/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/python_pip/LICENSE b/roles/python_pip/LICENSE new file mode 100644 index 0000000..f93e0dc --- /dev/null +++ b/roles/python_pip/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018 Robert de Bock + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/python_pip/PULL_REQUEST_TEMPLATE.md b/roles/python_pip/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/python_pip/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/python_pip/README.md b/roles/python_pip/README.md new file mode 100644 index 0000000..96427b4 --- /dev/null +++ b/roles/python_pip/README.md @@ -0,0 +1,140 @@ +python-pip +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-python-pip.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-python-pip) + +Install pythons pip on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - robertdebock.python-pip + +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for python_pip + +# The version of pip to update to. +python_pip_version: 18.1 + +# By default no modules should be installed. +python_pip_modules: [] + +# To update all packages installed by this roles, set `python-pip_package_state` to `latest`. +python_pip_package_state: present + +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.scl + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/python-pip.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|opensuse-tumbleweed|yes|yes|yes*| +|ubuntu-artful|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-python-pip) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-python-pip/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/python_pip/[Command Line] b/roles/python_pip/[Command Line] new file mode 100644 index 0000000..994f19b --- /dev/null +++ b/roles/python_pip/[Command Line] @@ -0,0 +1,2 @@ +w + diff --git a/roles/python_pip/defaults/main.yml b/roles/python_pip/defaults/main.yml new file mode 100644 index 0000000..2be6512 --- /dev/null +++ b/roles/python_pip/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# defaults file for python_pip + +# The version of pip to update to. +python_pip_version: 19.0.1 + +# By default no modules should be installed. +python_pip_modules: [] + +# To update all packages installed by this roles, set `python-pip_package_state` to `latest`. +python_pip_package_state: present diff --git a/roles/python_pip/meta/.galaxy_install_info b/roles/python_pip/meta/.galaxy_install_info new file mode 100644 index 0000000..6bf6a2f --- /dev/null +++ b/roles/python_pip/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:05 2019', version: 1.4.3} diff --git a/roles/python_pip/meta/main.yml b/roles/python_pip/meta/main.yml new file mode 100644 index 0000000..7f8ab94 --- /dev/null +++ b/roles/python_pip/meta/main.yml @@ -0,0 +1,46 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: python_pip + description: Install pythons pip on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - python + - pip + - pypip + - system + - installer + - alpine + - debian + - centos + - fedora + - ubuntu + +dependencies: [] diff --git a/roles/python_pip/molecule/alpine-edge/Dockerfile.j2 b/roles/python_pip/molecule/alpine-edge/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/alpine-edge/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/alpine-edge/molecule.yml b/roles/python_pip/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..d73378c --- /dev/null +++ b/roles/python_pip/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-alpine-edge + image: alpine:edge + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: alpine-edge +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/alpine-edge/playbook.yml b/roles/python_pip/molecule/alpine-edge/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/alpine-edge/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/alpine-edge/tests/test_default.yml b/roles/python_pip/molecule/alpine-edge/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/alpine-edge/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/alpine-edge/verify.yml b/roles/python_pip/molecule/alpine-edge/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/alpine-edge/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/alpine-latest/Dockerfile.j2 b/roles/python_pip/molecule/alpine-latest/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/alpine-latest/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/alpine-latest/molecule.yml b/roles/python_pip/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..e6c2b04 --- /dev/null +++ b/roles/python_pip/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-alpine-latest + image: alpine:latest + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: alpine-latest +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/alpine-latest/playbook.yml b/roles/python_pip/molecule/alpine-latest/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/alpine-latest/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/alpine-latest/tests/test_default.yml b/roles/python_pip/molecule/alpine-latest/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/alpine-latest/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/alpine-latest/verify.yml b/roles/python_pip/molecule/alpine-latest/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/alpine-latest/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/archlinux/Dockerfile.j2 b/roles/python_pip/molecule/archlinux/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/archlinux/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/archlinux/molecule.yml b/roles/python_pip/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..457e62b --- /dev/null +++ b/roles/python_pip/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-archlinux + image: base/archlinux +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: archlinux +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/archlinux/playbook.yml b/roles/python_pip/molecule/archlinux/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/archlinux/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/archlinux/tests/test_default.yml b/roles/python_pip/molecule/archlinux/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/archlinux/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/archlinux/verify.yml b/roles/python_pip/molecule/archlinux/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/archlinux/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/centos-6/Dockerfile.j2 b/roles/python_pip/molecule/centos-6/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/centos-6/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/centos-6/molecule.yml b/roles/python_pip/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..2d604d2 --- /dev/null +++ b/roles/python_pip/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-centos-6 + image: centos:6 +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: centos-6 +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/centos-6/playbook.yml b/roles/python_pip/molecule/centos-6/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/centos-6/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/centos-6/tests/test_default.yml b/roles/python_pip/molecule/centos-6/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/centos-6/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/centos-6/verify.yml b/roles/python_pip/molecule/centos-6/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/centos-6/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/centos-latest/Dockerfile.j2 b/roles/python_pip/molecule/centos-latest/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/centos-latest/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/centos-latest/molecule.yml b/roles/python_pip/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..dd098d5 --- /dev/null +++ b/roles/python_pip/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-centos-latest + image: centos:latest +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: centos-latest +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/centos-latest/playbook.yml b/roles/python_pip/molecule/centos-latest/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/centos-latest/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/centos-latest/tests/test_default.yml b/roles/python_pip/molecule/centos-latest/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/centos-latest/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/centos-latest/verify.yml b/roles/python_pip/molecule/centos-latest/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/centos-latest/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/debian-latest/Dockerfile.j2 b/roles/python_pip/molecule/debian-latest/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/debian-latest/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/debian-latest/molecule.yml b/roles/python_pip/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..d14b7d6 --- /dev/null +++ b/roles/python_pip/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-debian-latest + image: debian:latest +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: debian-latest +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/debian-latest/playbook.yml b/roles/python_pip/molecule/debian-latest/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/debian-latest/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/debian-latest/tests/test_default.yml b/roles/python_pip/molecule/debian-latest/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/debian-latest/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/debian-latest/verify.yml b/roles/python_pip/molecule/debian-latest/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/debian-latest/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/debian-stable/Dockerfile.j2 b/roles/python_pip/molecule/debian-stable/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/debian-stable/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/debian-stable/molecule.yml b/roles/python_pip/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..4c5aa2a --- /dev/null +++ b/roles/python_pip/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-debian-stable + image: debian:stable +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: debian-stable +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/debian-stable/playbook.yml b/roles/python_pip/molecule/debian-stable/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/debian-stable/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/debian-stable/tests/test_default.yml b/roles/python_pip/molecule/debian-stable/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/debian-stable/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/debian-stable/verify.yml b/roles/python_pip/molecule/debian-stable/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/debian-stable/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/debian-unstable/Dockerfile.j2 b/roles/python_pip/molecule/debian-unstable/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/debian-unstable/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/debian-unstable/molecule.yml b/roles/python_pip/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..c6dd396 --- /dev/null +++ b/roles/python_pip/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-debian-unstable + image: debian:unstable +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: debian-unstable +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/debian-unstable/playbook.yml b/roles/python_pip/molecule/debian-unstable/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/debian-unstable/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/debian-unstable/tests/test_default.yml b/roles/python_pip/molecule/debian-unstable/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/debian-unstable/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/debian-unstable/verify.yml b/roles/python_pip/molecule/debian-unstable/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/debian-unstable/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/default/Dockerfile.j2 b/roles/python_pip/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/default/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/default/molecule.yml b/roles/python_pip/molecule/default/molecule.yml new file mode 100644 index 0000000..8adf28d --- /dev/null +++ b/roles/python_pip/molecule/default/molecule.yml @@ -0,0 +1,59 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-alpine-edge + image: alpine:edge + command: sh -c "while true ; do sleep 1 ; done" + - name: python-pip-alpine-latest + image: alpine:latest + command: sh -c "while true ; do sleep 1 ; done" + - name: python-pip-archlinux + image: base/archlinux + - name: python-pip-centos-6 + image: centos:6 + - name: python-pip-centos-latest + image: centos:latest + - name: python-pip-debian-latest + image: debian:latest + - name: python-pip-debian-stable + image: debian:stable + - name: python-pip-debian-unstable + image: debian:unstable + - name: python-pip-fedora-latest + image: fedora:latest + - name: python-pip-fedora-rawhide + image: fedora:rawhide + - name: python-pip-opensuse-leap + image: opensuse:leap + - name: python-pip-opensuse-tumbleweed + image: opensuse:tumbleweed + - name: python-pip-ubuntu-artful + image: ubuntu:artful + - name: python-pip-ubuntu-devel + image: ubuntu:devel + - name: python-pip-ubuntu-latest + image: ubuntu:latest +provisioner: + name: ansible + inventory: + host_vars: + python-fedora-rawhide: + ansible_python_interpreter: /usr/bin/python3 + lint: + name: ansible-lint + config_options: + defaults: + callback_plugins: /usr/lib/python2.7/site-packages/ara/plugins/callbacks +scenario: + name: default +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/default/playbook.yml b/roles/python_pip/molecule/default/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/default/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/default/tests/test_default.yml b/roles/python_pip/molecule/default/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/default/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/default/verify.yml b/roles/python_pip/molecule/default/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/default/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/ec2/README.md b/roles/python_pip/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/python_pip/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/python_pip/molecule/ec2/create.yml b/roles/python_pip/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/python_pip/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/python_pip/molecule/ec2/destroy.yml b/roles/python_pip/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/python_pip/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/python_pip/molecule/ec2/molecule.yml b/roles/python_pip/molecule/ec2/molecule.yml new file mode 100644 index 0000000..3f9beff --- /dev/null +++ b/roles/python_pip/molecule/ec2/molecule.yml @@ -0,0 +1,81 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: ec2 +lint: + name: yamllint +platforms: + # - name: rhel-7 + # image: ami-c86c3f23 + # instance_type: t2.micro + # vpc_subnet_id: subnet-0e688067 + # - name: sles-15 + # image: ami-0a1886cf45f944eb1 + # instance_type: t2.micro + # vpc_subnet_id: subnet-0e688067 + - name: python-pip-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: python-pip-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: python-pip-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: python-pip-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + lint: + name: ansible-lint + config_options: + defaults: + callback_plugins: /usr/lib/python2.7/site-packages/ara/plugins/callbacks + inventory: + host_vars: + python-pip-ubuntu-18.04: + ansible_user: ubuntu + python-pip-centos-7: + ansible_user: centos + python-pip-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/ec2/playbook.yml b/roles/python_pip/molecule/ec2/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/ec2/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/ec2/tests/test_default.yml b/roles/python_pip/molecule/ec2/tests/test_default.yml new file mode 100644 index 0000000..7f40386 --- /dev/null +++ b/roles/python_pip/molecule/ec2/tests/test_default.yml @@ -0,0 +1,8 @@ +# Molecule managed + +--- +file: + /etc/hosts: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/ec2/verify.yml b/roles/python_pip/molecule/ec2/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/ec2/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/fedora-latest/Dockerfile.j2 b/roles/python_pip/molecule/fedora-latest/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/fedora-latest/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/fedora-latest/molecule.yml b/roles/python_pip/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..92912d7 --- /dev/null +++ b/roles/python_pip/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-fedora-latest + image: fedora:latest +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: fedora-latest +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/fedora-latest/playbook.yml b/roles/python_pip/molecule/fedora-latest/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/fedora-latest/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/fedora-latest/tests/test_default.yml b/roles/python_pip/molecule/fedora-latest/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/fedora-latest/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/fedora-latest/verify.yml b/roles/python_pip/molecule/fedora-latest/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/fedora-latest/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/fedora-rawhide/Dockerfile.j2 b/roles/python_pip/molecule/fedora-rawhide/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/fedora-rawhide/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/fedora-rawhide/molecule.yml b/roles/python_pip/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..3a701e4 --- /dev/null +++ b/roles/python_pip/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-fedora-rawhide + image: fedora:rawhide + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + inventory: + host_vars: + python-fedora-rawhide: + ansible_python_interpreter: /usr/bin/python3 + lint: + name: ansible-lint +scenario: + name: fedora-rawhide +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/fedora-rawhide/playbook.yml b/roles/python_pip/molecule/fedora-rawhide/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/fedora-rawhide/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/fedora-rawhide/tests/test_default.yml b/roles/python_pip/molecule/fedora-rawhide/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/fedora-rawhide/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/fedora-rawhide/verify.yml b/roles/python_pip/molecule/fedora-rawhide/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/fedora-rawhide/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/opensuse-leap/Dockerfile.j2 b/roles/python_pip/molecule/opensuse-leap/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-leap/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/opensuse-leap/molecule.yml b/roles/python_pip/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..8471345 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-opensuse-leap + image: opensuse:leap +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: opensuse-leap +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/opensuse-leap/playbook.yml b/roles/python_pip/molecule/opensuse-leap/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-leap/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/opensuse-leap/tests/test_default.yml b/roles/python_pip/molecule/opensuse-leap/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-leap/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/opensuse-leap/verify.yml b/roles/python_pip/molecule/opensuse-leap/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/opensuse-leap/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/opensuse-tumbleweed/Dockerfile.j2 b/roles/python_pip/molecule/opensuse-tumbleweed/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-tumbleweed/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/opensuse-tumbleweed/molecule.yml b/roles/python_pip/molecule/opensuse-tumbleweed/molecule.yml new file mode 100644 index 0000000..96a3d00 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-tumbleweed/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-opensuse-tumbleweed + image: opensuse:tumbleweed +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: opensuse-tumbleweed +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/opensuse-tumbleweed/playbook.yml b/roles/python_pip/molecule/opensuse-tumbleweed/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-tumbleweed/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/opensuse-tumbleweed/tests/test_default.yml b/roles/python_pip/molecule/opensuse-tumbleweed/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/opensuse-tumbleweed/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/opensuse-tumbleweed/verify.yml b/roles/python_pip/molecule/opensuse-tumbleweed/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/opensuse-tumbleweed/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/ubuntu-artful/Dockerfile.j2 b/roles/python_pip/molecule/ubuntu-artful/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-artful/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/ubuntu-artful/molecule.yml b/roles/python_pip/molecule/ubuntu-artful/molecule.yml new file mode 100644 index 0000000..c1e0499 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-artful/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-ubuntu-artful + image: ubuntu:artful +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: ubuntu-artful +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/ubuntu-artful/playbook.yml b/roles/python_pip/molecule/ubuntu-artful/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-artful/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/ubuntu-artful/tests/test_default.yml b/roles/python_pip/molecule/ubuntu-artful/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-artful/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/ubuntu-artful/verify.yml b/roles/python_pip/molecule/ubuntu-artful/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-artful/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/ubuntu-devel/Dockerfile.j2 b/roles/python_pip/molecule/ubuntu-devel/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-devel/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/ubuntu-devel/molecule.yml b/roles/python_pip/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..19ff02d --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-ubuntu-devel + image: ubuntu:devel +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: ubuntu-devel +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/ubuntu-devel/playbook.yml b/roles/python_pip/molecule/ubuntu-devel/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-devel/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/ubuntu-devel/tests/test_default.yml b/roles/python_pip/molecule/ubuntu-devel/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-devel/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/ubuntu-devel/verify.yml b/roles/python_pip/molecule/ubuntu-devel/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-devel/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/ubuntu-latest/Dockerfile.j2 b/roles/python_pip/molecule/ubuntu-latest/Dockerfile.j2 new file mode 100644 index 0000000..36166d6 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-latest/Dockerfile.j2 @@ -0,0 +1,7 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} diff --git a/roles/python_pip/molecule/ubuntu-latest/molecule.yml b/roles/python_pip/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..8683048 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: docker +lint: + name: yamllint +platforms: + - name: python-pip-ubuntu-latest + image: ubuntu:latest +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: ubuntu-latest +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/ubuntu-latest/playbook.yml b/roles/python_pip/molecule/ubuntu-latest/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-latest/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/ubuntu-latest/tests/test_default.yml b/roles/python_pip/molecule/ubuntu-latest/tests/test_default.yml new file mode 100644 index 0000000..865e875 --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-latest/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /usr/bin/python: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/ubuntu-latest/verify.yml b/roles/python_pip/molecule/ubuntu-latest/verify.yml new file mode 100644 index 0000000..77a24ea --- /dev/null +++ b/roles/python_pip/molecule/ubuntu-latest/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.2 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/molecule/vagrant/INSTALL.rst b/roles/python_pip/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/python_pip/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/python_pip/molecule/vagrant/molecule.yml b/roles/python_pip/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..6d172f3 --- /dev/null +++ b/roles/python_pip/molecule/vagrant/molecule.yml @@ -0,0 +1,29 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: python-pip-debian + box: debian/stretch64 + - name: python-pip-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + lint: + name: ansible-lint + config_options: + defaults: + callback_plugins: /usr/lib/python2.7/site-packages/ara/plugins/callbacks +scenario: + name: vagrant +verifier: + name: goss + lint: + name: yamllint diff --git a/roles/python_pip/molecule/vagrant/playbook.yml b/roles/python_pip/molecule/vagrant/playbook.yml new file mode 100644 index 0000000..e36ff57 --- /dev/null +++ b/roles/python_pip/molecule/vagrant/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + gather_facts: no + become: yes + + vars: + python_pip_modules: + - name: jinja2 + - name: ansible + + roles: + - robertdebock.bootstrap + - robertdebock.epel + - robertdebock.buildtools + - ansible-role-python-pip diff --git a/roles/python_pip/molecule/vagrant/tests/test_default.yml b/roles/python_pip/molecule/vagrant/tests/test_default.yml new file mode 100644 index 0000000..7f40386 --- /dev/null +++ b/roles/python_pip/molecule/vagrant/tests/test_default.yml @@ -0,0 +1,8 @@ +# Molecule managed + +--- +file: + /etc/hosts: + exists: true + owner: root + group: root diff --git a/roles/python_pip/molecule/vagrant/verify.yml b/roles/python_pip/molecule/vagrant/verify.yml new file mode 100644 index 0000000..5948e4d --- /dev/null +++ b/roles/python_pip/molecule/vagrant/verify.yml @@ -0,0 +1,53 @@ +--- +# This is an example playbook to execute goss tests. +# Tests need distributed to the appropriate ansible host/groups +# prior to execution by `goss validate`. + +- name: Verify + hosts: all + become: true + vars: + goss_version: v0.3.6 + goss_arch: amd64 + goss_dst: /usr/local/bin/goss + goss_sha256sum: 53dd1156ab66f2c4275fd847372e6329d895cfb2f0bcbec5f86c1c4df7236dde + goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + goss_test_directory: /tmp + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "{{ goss_url }}" + dest: "{{ goss_dst }}" + sha256sum: "{{ goss_sha256sum }}" + mode: 0755 + register: download_goss + until: download_goss is succeeded + retries: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item }}" + dest: "{{ goss_test_directory }}/{{ item | basename }}" + with_fileglob: + - "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/python_pip/requirements.yml b/roles/python_pip/requirements.yml new file mode 100644 index 0000000..bc4c55b --- /dev/null +++ b/roles/python_pip/requirements.yml @@ -0,0 +1,5 @@ +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.scl diff --git a/roles/python_pip/tasks/main.yml b/roles/python_pip/tasks/main.yml new file mode 100644 index 0000000..aecea10 --- /dev/null +++ b/roles/python_pip/tasks/main.yml @@ -0,0 +1,45 @@ +--- +# tasks file for python_pip +- name: remove conflicting packages + package: + name: "{{ python_pip_conflicting_packages }}" + state: absent + when: + - ansible_distribution != "Archlinux" + +- name: install python pip + package: + name: "{{ python_pip_packages }}" + state: "{{ python_pip_package_state }}" + register: python_pip_install_python_pip + until: python_pip_install_python_pip + retries: 3 + +- name: update pip + pip: + name: pip + state: present + version: "{{ python_pip_version }}" + register: update_pip + until: update_pip is succeeded + retries: 3 + +- name: update setuptools + pip: + name: setuptools + state: present + version: 40.2.0 + register: update_setuptools + until: update_setuptools is succeeded + retries: 3 + +- name: install requested modules + pip: + name: "{{ item.name }}" + state: present + version: "{{ item.version | default(omit) }}" + with_items: + - "{{ python_pip_modules }}" + register: install_requested_modules + until: install_requested_modules is succeeded + retries: 3 diff --git a/roles/python_pip/vars/main.yml b/roles/python_pip/vars/main.yml new file mode 100644 index 0000000..cb96755 --- /dev/null +++ b/roles/python_pip/vars/main.yml @@ -0,0 +1,13 @@ +--- +# vars file for python_pip +_python_pip_packages: + default: + - python-pip + Alpine: + - py-pip + - python2-dev + +python_pip_packages: "{{ _python_pip_packages[ansible_distribution] | default(_python_pip_packages['default']) }}" + +python_pip_conflicting_packages: + - python-requests diff --git a/roles/reboot/.github/ISSUE_TEMPLATE/bug_report.md b/roles/reboot/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/reboot/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/reboot/.github/ISSUE_TEMPLATE/feature_request.md b/roles/reboot/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/reboot/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/reboot/.github/settings.yml b/roles/reboot/.github/settings.yml new file mode 100644 index 0000000..c090903 --- /dev/null +++ b/roles/reboot/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: The purpose of this role is to reboot your system. + homepage: https://robertdebock.nl/ diff --git a/roles/reboot/.gitignore b/roles/reboot/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/reboot/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/reboot/.travis.yml b/roles/reboot/.travis.yml new file mode 100644 index 0000000..b2f8aa9 --- /dev/null +++ b/roles/reboot/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "KeXA8wXxYX41jjXJAMEU3dBFf0jf6T/OuY62Zt6fCxmse+R4nC7P6TZGx7LKjaVCXKdRz3+giJz7Ef/7q23yTSFIoasiB0rzWiAg0S0E5o8ZFdJ0HdQQZknA7j21GcvK9Kj/zgxXUqFu6hhc+vgKRnPAMOjpyaoo74PwG4kHARFLAxb7fKdCxhkfBWvtdkgAUWzESWNeUHNsknFlbEP7PTk1akfsOaC3xUYjfA7kmZMH6w0eM+/FuTaoYdJ8EM3OcH+3j2q0IXuXVrJ0B1IyGvpJ1qVvDu9YSvkxbD6Qd9BCVRDBkCcTxsBpZX+Ks5DhaTOO71zsk1nZtBIFPAanXARygoyuMrAS4exfSrWT2TTxu0D01J9JZUlGmI/Uf7R9Kf7LAT1KfvZR/7VAK3X53i3pZHQqp8EOPr+FGpB9MPn62jfWF7gWYR8AfP4M1gaP7JYVxZqmSKE0LgqQNY/SmPcs37TU8jL6h1ojN0PPy8tRhGUhY3/tQq/19aF62WDTzH1j/OgcI5GrAZ2bR8EOQGvSfJX2uWnFhBQsISxaYo4Eiocw5z/QGU/JFBXOgipAGeS2PjiR3PYa3SkeftEOHnbp7rzakKd4zDCM/EGiIG4rPnFSwvVPBnnm64ut+PqpX8JI5uxdoJ8bjVIM/47hGNUnVFIG/ZQUXzI5vySqwyY=" + email: false diff --git a/roles/reboot/.yamllint b/roles/reboot/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/reboot/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/reboot/CODE_OF_CONDUCT.md b/roles/reboot/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/reboot/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/reboot/CONTRIBUTING.md b/roles/reboot/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/reboot/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/reboot/LICENSE b/roles/reboot/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/reboot/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/reboot/PULL_REQUEST_TEMPLATE.md b/roles/reboot/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/reboot/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/reboot/README.md b/roles/reboot/README.md new file mode 100644 index 0000000..5212187 --- /dev/null +++ b/roles/reboot/README.md @@ -0,0 +1,142 @@ +reboot +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-reboot.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-reboot) + +The purpose of this role is to reboot your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.reboot +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for reboot + +# Some operating systems can determine if a reboot is required. This +# parameter can be set to always reboot. +reboot_always: no + +# How long to wait before sending a reboot. +reboot_delay: 4 + +# Number of seconds to wait before checking if the machine is up. +reboot_up_delay: 8 + +# You can specify a message for rebooting, easier for auditing. +reboot_message: "Ansible role robertdebock.reboot initiated a reboot." +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/reboot.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-reboot) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-reboot/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/reboot/defaults/main.yml b/roles/reboot/defaults/main.yml new file mode 100644 index 0000000..5e045f5 --- /dev/null +++ b/roles/reboot/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for reboot + +# Some operating systems can determine if a reboot is required. This +# parameter can be set to always reboot. +reboot_always: no + +# How long to wait before sending a reboot. +reboot_delay: 4 + +# Number of seconds to wait before checking if the machine is up. +reboot_up_delay: 8 + +# You can specify a message for rebooting, easier for auditing. +reboot_message: "Ansible role robertdebock.reboot initiated a reboot." diff --git a/roles/reboot/handlers/main.yml b/roles/reboot/handlers/main.yml new file mode 100644 index 0000000..294f982 --- /dev/null +++ b/roles/reboot/handlers/main.yml @@ -0,0 +1,12 @@ +--- +# handlers file for reboot +- name: 1 wait for the start of reboot + pause: + seconds: "{{ reboot_delay }}" + +- name: 2 wait for the machine to be up + wait_for_connection: + delay: "{{ reboot_up_delay }}" + +- name: 3 gather facts after reboot + setup: diff --git a/roles/reboot/meta/.galaxy_install_info b/roles/reboot/meta/.galaxy_install_info new file mode 100644 index 0000000..c83e440 --- /dev/null +++ b/roles/reboot/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:08 2019', version: 2.0.3} diff --git a/roles/reboot/meta/main.yml b/roles/reboot/meta/main.yml new file mode 100644 index 0000000..3d39caa --- /dev/null +++ b/roles/reboot/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: reboot + description: The purpose of this role is to reboot your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - reboot + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/reboot/molecule/alpine-edge/molecule.yml b/roles/reboot/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..4ec12ba --- /dev/null +++ b/roles/reboot/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/reboot/molecule/alpine-latest/molecule.yml b/roles/reboot/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..dad487d --- /dev/null +++ b/roles/reboot/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/reboot/molecule/archlinux/molecule.yml b/roles/reboot/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..bda689d --- /dev/null +++ b/roles/reboot/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/reboot/molecule/centos-6/molecule.yml b/roles/reboot/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..3f30d63 --- /dev/null +++ b/roles/reboot/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/reboot/molecule/centos-latest/molecule.yml b/roles/reboot/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..1c3b88c --- /dev/null +++ b/roles/reboot/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/reboot/molecule/debian-latest/molecule.yml b/roles/reboot/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..f8237aa --- /dev/null +++ b/roles/reboot/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/reboot/molecule/debian-stable/molecule.yml b/roles/reboot/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..e8b658a --- /dev/null +++ b/roles/reboot/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/reboot/molecule/debian-unstable/molecule.yml b/roles/reboot/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..2157c85 --- /dev/null +++ b/roles/reboot/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/reboot/molecule/default/molecule.yml b/roles/reboot/molecule/default/molecule.yml new file mode 100644 index 0000000..f74b39d --- /dev/null +++ b/roles/reboot/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: reboot-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: reboot-archlinux + image: archlinux/base + pre_build_image: yes + - name: reboot-centos-6 + image: centos:6 + pre_build_image: yes + - name: reboot-centos-latest + image: centos:latest + pre_build_image: yes + - name: reboot-debian-latest + image: debian:latest + pre_build_image: yes + - name: reboot-debian-stable + image: debian:stable + pre_build_image: yes + - name: reboot-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: reboot-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: reboot-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: reboot-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: reboot-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: reboot-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: reboot-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/reboot/molecule/ec2/README.md b/roles/reboot/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/reboot/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/reboot/molecule/ec2/create.yml b/roles/reboot/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/reboot/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/reboot/molecule/ec2/destroy.yml b/roles/reboot/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/reboot/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/reboot/molecule/ec2/molecule.yml b/roles/reboot/molecule/ec2/molecule.yml new file mode 100644 index 0000000..4f4e53a --- /dev/null +++ b/roles/reboot/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: reboot-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: reboot-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: reboot-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: reboot-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: reboot-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: reboot-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + reboot-ubuntu-18.04: + ansible_user: ubuntu + reboot-centos-7: + ansible_user: centos + reboot-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/reboot/molecule/fedora-latest/molecule.yml b/roles/reboot/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..df19145 --- /dev/null +++ b/roles/reboot/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/reboot/molecule/fedora-rawhide/molecule.yml b/roles/reboot/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..4452a44 --- /dev/null +++ b/roles/reboot/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/reboot/molecule/opensuse-leap/molecule.yml b/roles/reboot/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..023815e --- /dev/null +++ b/roles/reboot/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/reboot/molecule/resources/playbook.yml b/roles/reboot/molecule/resources/playbook.yml new file mode 100644 index 0000000..1a33108 --- /dev/null +++ b/roles/reboot/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-reboot diff --git a/roles/reboot/molecule/resources/prepare.yml b/roles/reboot/molecule/resources/prepare.yml new file mode 100644 index 0000000..1cda60c --- /dev/null +++ b/roles/reboot/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap diff --git a/roles/reboot/molecule/ubuntu-devel/molecule.yml b/roles/reboot/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..49eb47d --- /dev/null +++ b/roles/reboot/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/reboot/molecule/ubuntu-latest/molecule.yml b/roles/reboot/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..8152e23 --- /dev/null +++ b/roles/reboot/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/reboot/molecule/ubuntu-rolling/molecule.yml b/roles/reboot/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..ca85d4c --- /dev/null +++ b/roles/reboot/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: reboot-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/reboot/molecule/vagrant/INSTALL.rst b/roles/reboot/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/reboot/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/reboot/molecule/vagrant/molecule.yml b/roles/reboot/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..64b155f --- /dev/null +++ b/roles/reboot/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: reboot-debian + box: debian/stretch64 + - name: reboot-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/reboot/requirements.yml b/roles/reboot/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/reboot/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/reboot/tasks/main.yml b/roles/reboot/tasks/main.yml new file mode 100644 index 0000000..f698e6a --- /dev/null +++ b/roles/reboot/tasks/main.yml @@ -0,0 +1,37 @@ +--- +# tasks file for reboot +- name: see if a reboot is required + command: needs-restarting -r + register: needsrestarting + changed_when: + - needsrestarting.rc != 0 + failed_when: + - needsrestarting.rc != 1 + - needsrestarting.rc != 0 + when: + - ansible_pkg_mgr == "yum" + - ansible_distribution_major_version == "7" + - ansible_virtualization_type != "docker" + - not reboot_always + +- name: flush handlers + meta: flush_handlers + +- name: reboot the machine + shell: "(sleep {{ reboot_delay }} && {{ reboot_command }} &)" + async: 1 + poll: 0 + ignore_errors: yes + when: + - ansible_virtualization_type != "docker" + - (needsrestarting.skipped is defined and needsrestarting.skipped ) + or needsrestarting.changed + notify: + - 1 wait for the start of reboot + - 2 wait for the machine to be up + - 3 gather facts after reboot + tags: + - skip_ansible_lint + +- name: flush handlers + meta: flush_handlers diff --git a/roles/reboot/vars/main.yml b/roles/reboot/vars/main.yml new file mode 100644 index 0000000..f607d0c --- /dev/null +++ b/roles/reboot/vars/main.yml @@ -0,0 +1,7 @@ +--- +# vars file for reboot +_reboot_command: + default: shutdown -r now {{ reboot_message }} + Alpine: reboot + +reboot_command: "{{ _reboot_command[ansible_distribution] | default(_reboot_command['default']) }}" diff --git a/roles/ruby/.github/ISSUE_TEMPLATE/bug_report.md b/roles/ruby/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/ruby/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/ruby/.github/ISSUE_TEMPLATE/feature_request.md b/roles/ruby/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/ruby/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/ruby/.github/settings.yml b/roles/ruby/.github/settings.yml new file mode 100644 index 0000000..42056fa --- /dev/null +++ b/roles/ruby/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install ruby on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/ruby/.gitignore b/roles/ruby/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/ruby/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/ruby/.travis.yml b/roles/ruby/.travis.yml new file mode 100644 index 0000000..7bcd220 --- /dev/null +++ b/roles/ruby/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "VFUXKZ3ZK4S858FeA1ynlaMi2HWx34weehc92wXsqsFnYL2NEdV0KObpAUknmsXTWhem862eP2Vk+vYj61Ut6wK3fS42g8z1xuZhlu9ITG0Sctp7DSH1wq1L331O0v3gzy31D5Wb/blPto0DIkdgjOyLFcM1Rt0HFLekEypv3Bwuqo8I1GXnYjRY9eY8Pkw8qFjRhm/gDjfOCeq8wIj9vBCw5TKFNC+EqU2Ugn5sKICuVclrKmvrWhyAjuJOOdhOQbBVoG1dljZdk2XE2gVzxgYsv0vA0Qc0uZCl/c2QSZKAaaxy8tQiyy44qmeLhlsBRPMRTbi1p7uJNn6ktmbgNl5CN2IhOMoYLnTc/4dZMKWYy6bZgGd7wSD+S3w02sSk1Z/RpAwpvqB7LrZMmPCjvQsytQXQvhWo6lI6CuHSEURTdSv68Po16hgwxsnKbo0mSY6GTZr/hRUh6omooYagV8UmjeDNTU02GoUZwzrCIsQfh/VGZ36xmpTpA47esuVLNZYiUOkGYYv6eB3o/OLZx85syaXF0QEdlgU8NCjiyTN0HCD6Yc+vj4JCmez5KVV9c9+mXsotWDu14MH18+GASb5a5MDYviKC2CmDCeaVL2UC0Z+mOAQ+QK+sqNFkOHdOSQ8UXPq5ti5LS1VYJxv2iQVqv1D20RRe1rOSPRFADBQ=" + email: false diff --git a/roles/ruby/.yamllint b/roles/ruby/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/ruby/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/ruby/CODE_OF_CONDUCT.md b/roles/ruby/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/ruby/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/ruby/CONTRIBUTING.md b/roles/ruby/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/ruby/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/ruby/LICENSE b/roles/ruby/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/ruby/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/ruby/PULL_REQUEST_TEMPLATE.md b/roles/ruby/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/ruby/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/ruby/README.md b/roles/ruby/README.md new file mode 100644 index 0000000..fa0eaec --- /dev/null +++ b/roles/ruby/README.md @@ -0,0 +1,129 @@ +ruby +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-ruby.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-ruby) + +Install ruby on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.ruby +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for ruby +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/ruby.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-ruby) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-ruby/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/ruby/defaults/main.yml b/roles/ruby/defaults/main.yml new file mode 100644 index 0000000..9d9d7d7 --- /dev/null +++ b/roles/ruby/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for ruby diff --git a/roles/ruby/meta/.galaxy_install_info b/roles/ruby/meta/.galaxy_install_info new file mode 100644 index 0000000..e9bb9ad --- /dev/null +++ b/roles/ruby/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:11 2019', version: 2.0.2} diff --git a/roles/ruby/meta/main.yml b/roles/ruby/meta/main.yml new file mode 100644 index 0000000..bae770b --- /dev/null +++ b/roles/ruby/meta/main.yml @@ -0,0 +1,46 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: ruby + description: Install ruby on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + version: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - ruby + - installer + - package + - alpine + - centos + - debian + - fedora + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/ruby/molecule/alpine-edge/molecule.yml b/roles/ruby/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..1a2b5fc --- /dev/null +++ b/roles/ruby/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/ruby/molecule/alpine-latest/molecule.yml b/roles/ruby/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..c09b999 --- /dev/null +++ b/roles/ruby/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/ruby/molecule/archlinux/molecule.yml b/roles/ruby/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..eca1b7b --- /dev/null +++ b/roles/ruby/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/ruby/molecule/centos-6/molecule.yml b/roles/ruby/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..69f3f8d --- /dev/null +++ b/roles/ruby/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/ruby/molecule/centos-latest/molecule.yml b/roles/ruby/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..aebd1a5 --- /dev/null +++ b/roles/ruby/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/ruby/molecule/debian-latest/molecule.yml b/roles/ruby/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..0a6c8da --- /dev/null +++ b/roles/ruby/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/ruby/molecule/debian-stable/molecule.yml b/roles/ruby/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..de5dcc1 --- /dev/null +++ b/roles/ruby/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/ruby/molecule/debian-unstable/molecule.yml b/roles/ruby/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..94a5b1f --- /dev/null +++ b/roles/ruby/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/ruby/molecule/default/molecule.yml b/roles/ruby/molecule/default/molecule.yml new file mode 100644 index 0000000..e759b72 --- /dev/null +++ b/roles/ruby/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ruby-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: ruby-archlinux + image: archlinux/base + pre_build_image: yes + - name: ruby-centos-6 + image: centos:6 + pre_build_image: yes + - name: ruby-centos-latest + image: centos:latest + pre_build_image: yes + - name: ruby-debian-latest + image: debian:latest + pre_build_image: yes + - name: ruby-debian-stable + image: debian:stable + pre_build_image: yes + - name: ruby-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: ruby-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: ruby-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: ruby-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: ruby-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: ruby-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: ruby-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/ruby/molecule/ec2/README.md b/roles/ruby/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/ruby/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/ruby/molecule/ec2/create.yml b/roles/ruby/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/ruby/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/ruby/molecule/ec2/destroy.yml b/roles/ruby/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/ruby/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/ruby/molecule/ec2/molecule.yml b/roles/ruby/molecule/ec2/molecule.yml new file mode 100644 index 0000000..a683978 --- /dev/null +++ b/roles/ruby/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: ruby-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ruby-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ruby-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ruby-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ruby-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: ruby-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + ruby-ubuntu-18.04: + ansible_user: ubuntu + ruby-centos-7: + ansible_user: centos + ruby-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/ruby/molecule/fedora-latest/molecule.yml b/roles/ruby/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..b2982f6 --- /dev/null +++ b/roles/ruby/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/ruby/molecule/fedora-rawhide/molecule.yml b/roles/ruby/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..c59d98a --- /dev/null +++ b/roles/ruby/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/ruby/molecule/opensuse-leap/molecule.yml b/roles/ruby/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..ee154c3 --- /dev/null +++ b/roles/ruby/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/ruby/molecule/resources/playbook.yml b/roles/ruby/molecule/resources/playbook.yml new file mode 100644 index 0000000..4fbbe31 --- /dev/null +++ b/roles/ruby/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-ruby diff --git a/roles/ruby/molecule/resources/prepare.yml b/roles/ruby/molecule/resources/prepare.yml new file mode 100644 index 0000000..4298ff8 --- /dev/null +++ b/roles/ruby/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap diff --git a/roles/ruby/molecule/ubuntu-devel/molecule.yml b/roles/ruby/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..da3609e --- /dev/null +++ b/roles/ruby/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/ruby/molecule/ubuntu-latest/molecule.yml b/roles/ruby/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..c21b3f8 --- /dev/null +++ b/roles/ruby/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/ruby/molecule/ubuntu-rolling/molecule.yml b/roles/ruby/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..f3a51c7 --- /dev/null +++ b/roles/ruby/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: ruby-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/ruby/molecule/vagrant/INSTALL.rst b/roles/ruby/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/ruby/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/ruby/molecule/vagrant/molecule.yml b/roles/ruby/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..4db7e3f --- /dev/null +++ b/roles/ruby/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: ruby-debian + box: debian/stretch64 + - name: ruby-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/ruby/requirements.yml b/roles/ruby/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/ruby/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/ruby/tasks/main.yml b/roles/ruby/tasks/main.yml new file mode 100644 index 0000000..f7fb393 --- /dev/null +++ b/roles/ruby/tasks/main.yml @@ -0,0 +1,8 @@ +--- +# tasks file for ruby +- name: install ruby + package: + name: "{{ ruby_packages }}" + register: ruby_install_ruby + until: ruby_install_ruby + retries: 3 diff --git a/roles/ruby/vars/main.yml b/roles/ruby/vars/main.yml new file mode 100644 index 0000000..d2aa5a7 --- /dev/null +++ b/roles/ruby/vars/main.yml @@ -0,0 +1,10 @@ +--- +# vars file for ruby +_ruby_packages: + default: + - ruby + CentOS-6: + - ruby + - rubygems + +ruby_packages: "{{ _ruby_packages[ansible_distribution] | default(_ruby_packages['default']) }}" diff --git a/roles/service/.github/ISSUE_TEMPLATE/bug_report.md b/roles/service/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/service/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/service/.github/ISSUE_TEMPLATE/feature_request.md b/roles/service/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/service/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/service/.github/settings.yml b/roles/service/.github/settings.yml new file mode 100644 index 0000000..a3342dd --- /dev/null +++ b/roles/service/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Add custom services to your Linux system. + homepage: https://robertdebock.nl/ diff --git a/roles/service/.gitignore b/roles/service/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/service/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/service/.travis.yml b/roles/service/.travis.yml new file mode 100644 index 0000000..07f1da6 --- /dev/null +++ b/roles/service/.travis.yml @@ -0,0 +1,93 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.6,<2.7" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.6,<2.7" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.6,<2.7" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.6,<2.7" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.6,<2.7" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.6,<2.7" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.6,<2.7" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.6,<2.7" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.6,<2.7" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.6,<2.7" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.6,<2.7" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.6,<2.7" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.6,<2.7" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.6,<2.7" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.6,<2.7" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.6,<2.7" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.6,<2.7" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.6,<2.7" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "qaGtGqE0v0I1bzGWPPW2lLOesDQQ4g4l0fW3I7iJMf3f1YASWi3QXN/0H6i3lcO3VGok+k2yGXlZyG6dwMUPkz0jCv8iFsbKCiNnewVBbMX2L/gGhinl5n6rzw/Udkg/k+/CKZ7k+Bem/JDSgmIGVAyxzdmkRK0RxuhCurFQnlEUSEDNFekIKybuTccja6zbsuyX/gWZjEDxRdODpBPAslTFJSK/V5BOz49RGpka3kOvwt8PmoJZVkZwVMLcRzvyQORN3aUylivtl5kjxehA8dMLPgZTGd9g4oagDRsk5y9yFmUeV3XVYTBEec0QvCzsJ54M5D133ButcXutFfzlsIr5bpcizD46eRS9L6dmRuB9Xi9l5tVPponlJPG1kVJTJA8TsbDHWC4Dn3M8tOPNxGovy0c2V6Y0O2T6fG4PxmuBPAecrnxZg+pmWoZcR5KuaqHFdGhef+gKuM2r6JrBwPyytt0zz74/o+kiWp7koiRh2S5DIR6d65LKOf9j688AGitJJWsDqgcvNYZcWUsghtOVLbGd4KGq1PscJsAQGUW5yXtrbyUhu3pSDr/EmWH9JA69J9J1JdcczgZfX9lW7uNUVLWo53on2I64snOxlkXi/lWje2DujqE6tVYGsrHFq9eVw1s8aaIwVs2t0GgdJQJqgDhnbNFjio9CbFcHKy8=" + + email: false diff --git a/roles/service/.yamllint b/roles/service/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/service/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/service/CODE_OF_CONDUCT.md b/roles/service/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/service/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/service/CONTRIBUTING.md b/roles/service/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/service/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/service/LICENSE b/roles/service/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/service/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/service/PULL_REQUEST_TEMPLATE.md b/roles/service/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/service/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/service/README.md b/roles/service/README.md new file mode 100644 index 0000000..efd4cf3 --- /dev/null +++ b/roles/service/README.md @@ -0,0 +1,174 @@ +service +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-service.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-service) + +Add custom services to your Linux system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.service +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + serial: 30% + + vars: + service_list: + - name: simple-service + description: Simple Service + start_command: /usr/bin/sleep 3600 + - name: forking-service + description: Forking Service + type: forking + start_command: "/usr/bin/sleep 7200 &" + - name: specific-stop-service + description: Specific Stop Service + start_command: /usr/bin/sleep 14400 + stop_command: killall -f "sleep 1440" + - name: specific-user-group-service + description: Specific User Group Service + start_command: /usr/bin/sleep 28800 + user_name: root + group_name: root + - name: specific-workingdirectory-service + description: Specific WorkingDirectory Service + start_command: /usr/bin/sleep 57600 + working_directory: /tmp + - name: specific-pattern-service + description: Specific Status Pattern Service + start_command: /usr/bin/sleep 115200 + status_pattern: 115200 + + roles: + - role: robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for service + +# status_list can contain a list of services to add to the system. +# The mandatory items for each item are: +# - name: The (short) name of the service, i.e. "tomcat". +# - description: A bit longer name, i.e. "Tomcat application server". +# - start_command: The command to start the daemon, +# i.e. "/usr/local/bin/java -jar some.jar" +# The optional items are: +# - stop_command: By default the program that is started is found and stopped. +# in case a running program is renamed or expanded (including a path) during +# startup, you can specify a custom stop command here, i.e. "pkill foo" +# - status_pattern: What program (or pattern) to look for when finding the +# status of a program, i.e. "artifactory". +# - type: How the program starts; "simple" or "forking". Simple means the +# program runs on the foreground, i.e. "nc -l 1234". Forking means the +# program itself forks, i.e. "nc -l 12345 &" +# - working_directory: The directory to cd into before starting the service. +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/service.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-service) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-service/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/service/defaults/main.yml b/roles/service/defaults/main.yml new file mode 100644 index 0000000..6cdc0f6 --- /dev/null +++ b/roles/service/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# defaults file for service + +# status_list can contain a list of services to add to the system. +# The mandatory items for each item are: +# - name: The (short) name of the service, i.e. "tomcat". +# - description: A bit longer name, i.e. "Tomcat application server". +# - start_command: The command to start the daemon, +# i.e. "/usr/local/bin/java -jar some.jar" +# The optional items are: +# - stop_command: By default the program that is started is found and stopped. +# in case a running program is renamed or expanded (including a path) during +# startup, you can specify a custom stop command here, i.e. "pkill foo" +# - status_pattern: What program (or pattern) to look for when finding the +# status of a program, i.e. "artifactory". +# - type: How the program starts; "simple" or "forking". Simple means the +# program runs on the foreground, i.e. "nc -l 1234". Forking means the +# program itself forks, i.e. "nc -l 12345 &" +# - working_directory: The directory to cd into before starting the service. diff --git a/roles/service/handlers/main.yml b/roles/service/handlers/main.yml new file mode 100644 index 0000000..cde6f5d --- /dev/null +++ b/roles/service/handlers/main.yml @@ -0,0 +1,18 @@ +--- +# handlers file for service +- name: systemctl daemon-reload + systemd: + daemon_reload: yes + when: + - ansible_virtualization_type != "docker" + +- name: restart service + service: + name: "{{ item.name }}" + state: restarted + with_items: + - "{{ service_list }}" + when: + - ansible_virtualization_type != "docker" + loop_control: + label: "{{ item.name }}" diff --git a/roles/service/meta/.galaxy_install_info b/roles/service/meta/.galaxy_install_info new file mode 100644 index 0000000..0316eff --- /dev/null +++ b/roles/service/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:15 2019', version: 2.0.4} diff --git a/roles/service/meta/main.yml b/roles/service/meta/main.yml new file mode 100644 index 0000000..d9a1e4d --- /dev/null +++ b/roles/service/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: service + description: Add custom services to your Linux system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - service + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/service/molecule/alpine-edge/molecule.yml b/roles/service/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..911a523 --- /dev/null +++ b/roles/service/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/service/molecule/alpine-latest/molecule.yml b/roles/service/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..3f7f8f3 --- /dev/null +++ b/roles/service/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/service/molecule/archlinux/molecule.yml b/roles/service/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..bb361cf --- /dev/null +++ b/roles/service/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/service/molecule/centos-6/molecule.yml b/roles/service/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..0393506 --- /dev/null +++ b/roles/service/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/service/molecule/centos-latest/molecule.yml b/roles/service/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..047503a --- /dev/null +++ b/roles/service/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/service/molecule/debian-latest/molecule.yml b/roles/service/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..bafbb9d --- /dev/null +++ b/roles/service/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/service/molecule/debian-stable/molecule.yml b/roles/service/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..afa0b8c --- /dev/null +++ b/roles/service/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/service/molecule/debian-unstable/molecule.yml b/roles/service/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..f386724 --- /dev/null +++ b/roles/service/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/service/molecule/default/molecule.yml b/roles/service/molecule/default/molecule.yml new file mode 100644 index 0000000..64f5c68 --- /dev/null +++ b/roles/service/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: service-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: service-archlinux + image: archlinux/base + pre_build_image: yes + - name: service-centos-6 + image: centos:6 + pre_build_image: yes + - name: service-centos-latest + image: centos:latest + pre_build_image: yes + - name: service-debian-latest + image: debian:latest + pre_build_image: yes + - name: service-debian-stable + image: debian:stable + pre_build_image: yes + - name: service-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: service-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: service-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: service-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: service-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: service-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: service-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/service/molecule/ec2/README.md b/roles/service/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/service/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/service/molecule/ec2/create.yml b/roles/service/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/service/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/service/molecule/ec2/destroy.yml b/roles/service/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/service/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/service/molecule/ec2/molecule.yml b/roles/service/molecule/ec2/molecule.yml new file mode 100644 index 0000000..3d6dd88 --- /dev/null +++ b/roles/service/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: service-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: service-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: service-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: service-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: service-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: service-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + service-ubuntu-18.04: + ansible_user: ubuntu + service-centos-7: + ansible_user: centos + service-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/service/molecule/fedora-latest/molecule.yml b/roles/service/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..264e9bc --- /dev/null +++ b/roles/service/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/service/molecule/fedora-rawhide/molecule.yml b/roles/service/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..5886343 --- /dev/null +++ b/roles/service/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/service/molecule/opensuse-leap/molecule.yml b/roles/service/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..c6f4562 --- /dev/null +++ b/roles/service/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/service/molecule/resources/playbook.yml b/roles/service/molecule/resources/playbook.yml new file mode 100644 index 0000000..d938f2a --- /dev/null +++ b/roles/service/molecule/resources/playbook.yml @@ -0,0 +1,35 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + service_list: + - name: simple-service + description: Simple Service + start_command: /usr/bin/sleep 3600 + - name: forking-service + description: Forking Service + type: forking + start_command: "/usr/bin/sleep 7200 &" + - name: specific-stop-service + description: Specific Stop Service + start_command: /usr/bin/sleep 14400 + stop_command: killall -f "sleep 1440" + - name: specific-user-group-service + description: Specific User Group Service + start_command: /usr/bin/sleep 28800 + user_name: root + group_name: root + - name: specific-workingdirectory-service + description: Specific WorkingDirectory Service + start_command: /usr/bin/sleep 57600 + working_directory: /tmp + - name: specific-pattern-service + description: Specific Status Pattern Service + start_command: /usr/bin/sleep 115200 + status_pattern: 115200 + + roles: + - ansible-role-service diff --git a/roles/service/molecule/resources/prepare.yml b/roles/service/molecule/resources/prepare.yml new file mode 100644 index 0000000..d54ab93 --- /dev/null +++ b/roles/service/molecule/resources/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + serial: 30% + + roles: + - role: robertdebock.bootstrap diff --git a/roles/service/molecule/ubuntu-devel/molecule.yml b/roles/service/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..7eab3f0 --- /dev/null +++ b/roles/service/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/service/molecule/ubuntu-latest/molecule.yml b/roles/service/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..3006074 --- /dev/null +++ b/roles/service/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/service/molecule/ubuntu-rolling/molecule.yml b/roles/service/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..4b8e96d --- /dev/null +++ b/roles/service/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: service-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/service/molecule/vagrant/molecule.yml b/roles/service/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..97b9d5e --- /dev/null +++ b/roles/service/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: service-debian + box: debian/stretch64 + - name: service-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/service/requirements.yml b/roles/service/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/service/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml new file mode 100644 index 0000000..1f27e43 --- /dev/null +++ b/roles/service/tasks/main.yml @@ -0,0 +1,57 @@ +--- +# tasks file for service +- name: test veriables and environment + assert: + that: + - service_list is defined + +- name: test service_list + assert: + that: + - item.name is defined + - item.description is defined + - item.start_command is defined + with_items: + - "{{ service_list }}" + loop_control: + label: "{{ item.name }}" + +- name: install required packages + package: + name: "{{ service_required_packages }}" + state: present + register: service_install_required_packages + until: service_install_required_packages is succeeded + retries: 3 + +- name: configure systemd service + template: + src: "systemd.j2" + dest: "/etc/systemd/system/{{ item.name }}.service" + when: + - ansible_service_mgr == "systemd" + notify: + - systemctl daemon-reload + with_items: + - "{{ service_list }}" + loop_control: + label: "{{ item.name }}" + +- name: configure sysvinit service + template: + src: "sysvinit.j2" + dest: "/etc/init.d/{{ item.name }}" + mode: "0755" + when: + - ansible_service_mgr == "sysvinit" or + ansible_service_mgr == "upstart" or + ansible_service_mgr == "openrc" + with_items: + - "{{ service_list }}" + notify: + - restart service + loop_control: + label: "{{ item.name }}" + +- name: flush handlers + meta: flush_handlers diff --git a/roles/service/templates/.gitkeep b/roles/service/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/service/templates/systemd.j2 b/roles/service/templates/systemd.j2 new file mode 100644 index 0000000..fa2f969 --- /dev/null +++ b/roles/service/templates/systemd.j2 @@ -0,0 +1,24 @@ +{{ ansible_managed | comment }} +[Unit] +Description={{ item.description }} + +[Service] +{% if item.type is defined and item.type != "simple" %} +Type={{ item.type }} +{% endif %} +{% if item.working_directory is defined %} +WorkingDirectory={{ item.working_directory }} +{% endif %} +{% if item.user_name is defined %} +User={{ item.user_name }} +{% endif %} +{% if item.group_name is defined %} +Group={{ item.group_name }} +{% endif %} +ExecStart={{ item.start_command }} +{% if item.stop_command is defined %} +ExecStop={{ item.stop_command }} +{% endif %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/service/templates/sysvinit.j2 b/roles/service/templates/sysvinit.j2 new file mode 100644 index 0000000..8ce37b7 --- /dev/null +++ b/roles/service/templates/sysvinit.j2 @@ -0,0 +1,77 @@ +#!/bin/sh +{{ ansible_managed | comment }} +# +# /etc/init.d/{{ item.name }} +# +# {{ item.description }} +# As simple as possible, using Apache Tomcat's daemon.sh mostly. +# +# chkconfig: 2345 20 80 +# description: {{ item.name }} + +# Source function library. +if [ -f /etc/init.d/functions ] ; then + . /etc/init.d/functions +fi + +start() { + echo -n "Starting {{ item.name }}: " +{% if item.working_directory is defined %} + cd {{ item.working_directory }} +{% endif %} +{% if item.type is defined and item.type != "simple" %} + # Start the program in the foreground, when finished, continue. + {% if item.user_name is defined %}su - {{ item.user_name ~ ' ' }}{% endif %}{{ item.start_command }} +{% else %} + # Start the program in the background and continue. + ({% if item.user_name is defined %}su - {{ item.user_name ~ ' ' }}{% endif %}{{ item.start_command }} &) +{% endif %} + returncode="${?}" + touch /var/lock/subsys/{{ item.name }} + return ${returncode} +} + +stop() { + echo -n "Shutting down {{ item.name }}: " + {{ item.stop_command | default('killall -f {{ item.start_command.split[0] }}') }} + returncode="${?}" + rm -f /var/lock/subsys/{{ item.name }} + return ${returncode} +} + +status() { +{% if item.status_pattern is defined %} + pgrep -f {{ item.status_pattern }} > /dev/null 2>&1 +{% else %} + echo "Not implemented." ; exit 1 +{% endif %} + returncode="${?}" + if [ $returncode -gt 0 ] ; then + echo "{{ item.name }} is not running." + else + echo "{{ item.name }} is running." + fi + return ${returncode} +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + restart) + stop + start + ;; + *) + echo "Usage: {start|stop|status|restart}" + exit 1 + ;; +esac + +exit $? diff --git a/roles/service/vars/main.yml b/roles/service/vars/main.yml new file mode 100644 index 0000000..b11f2f1 --- /dev/null +++ b/roles/service/vars/main.yml @@ -0,0 +1,16 @@ +--- +# vars file for service +_service_required_packages: + default: [] + Archlinux: + - psmisc + Debian: + - psmisc + Fedora: + - psmisc + openSUSE Leap: + - psmisc + Ubuntu: + - psmisc + +service_required_packages: "{{ _service_required_packages[ansible_distribution] | default(_service_required_packages['default']) }}" diff --git a/roles/travis/.github/ISSUE_TEMPLATE/bug_report.md b/roles/travis/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/travis/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/travis/.github/ISSUE_TEMPLATE/feature_request.md b/roles/travis/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/travis/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/travis/.github/settings.yml b/roles/travis/.github/settings.yml new file mode 100644 index 0000000..fa13fa3 --- /dev/null +++ b/roles/travis/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Installs travis on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/travis/.gitignore b/roles/travis/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/travis/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/travis/.travis.yml b/roles/travis/.travis.yml new file mode 100644 index 0000000..a99b474 --- /dev/null +++ b/roles/travis/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "cz++inNU0QUAIv7TDKUbjbaktTGufnHQERxjDtUSc7KhAiBdvfqzr8aFqYu+B3z1M24qrDXs1WZH0MGjMWQRfxO9NiU7my626bZWKecomzPCK3WRe90DvwVnz1Jk6ZTVTXq3195PuPrkm0Wsf23KgpHeTGBkznchOn7tZN91cPS7OQ+daL31TZrHkX+d+mu2CxDBLfsJvmVH9s7se0rJpzIARzAAHKbJhMVaUTJG61gyO47raXxP48PrUmJRFQ/QYTl54nga+RZCdRN/ig5jToU5VDWy5yYQBO4+StYDDuXSNCj+ypDBt7eqUDOCp1cx5LQkZFA34Dfz3vNSAs2lKoM3fQ3P2r6HTIZZjWAmhorLtcNGS1FIXzyTU5oHYBWKiUPWeOOvFrKtNHH74C+Y44lMwqZ/ocxNOtJTg7TFDHzOPOqu7G3x69nE0A0xbSUmMpcWnGKdSpd+rEfRpXzTZKNf/LFaUWryUrRXd4aJVbShVprobSAoZ7gGjhfSt/7J7Y5+860wrIOK5JRTlDyNLJ8nRz46aiZWBMmvJXS2cmRi2SzAGQPIu74U0Y+sZU/4zwJOhP4LK9HF/Fq5qdEh4mKwqr/bzLkIxApUpDgBBPvgl2H655jvox4xfUfVjMgE3wjhGDVy0sMZ7NaNA48IOiqfJTVG/pYUX5pR+OWAQO0=" + email: false diff --git a/roles/travis/.yamllint b/roles/travis/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/travis/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/travis/CODE_OF_CONDUCT.md b/roles/travis/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/travis/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/travis/CONTRIBUTING.md b/roles/travis/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/travis/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/travis/LICENSE b/roles/travis/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/travis/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/travis/PULL_REQUEST_TEMPLATE.md b/roles/travis/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/travis/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/travis/README.md b/roles/travis/README.md new file mode 100644 index 0000000..576777d --- /dev/null +++ b/roles/travis/README.md @@ -0,0 +1,133 @@ +travis +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-travis.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-travis) + +Installs travis on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.travis +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.ruby +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for travis +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.ruby + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/travis.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-travis) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-travis/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/travis/defaults/main.yml b/roles/travis/defaults/main.yml new file mode 100644 index 0000000..bf3be98 --- /dev/null +++ b/roles/travis/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for travis diff --git a/roles/travis/meta/.galaxy_install_info b/roles/travis/meta/.galaxy_install_info new file mode 100644 index 0000000..207389a --- /dev/null +++ b/roles/travis/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:17 2019', version: 2.0.2} diff --git a/roles/travis/meta/main.yml b/roles/travis/meta/main.yml new file mode 100644 index 0000000..95c2420 --- /dev/null +++ b/roles/travis/meta/main.yml @@ -0,0 +1,43 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: travis + description: Installs travis on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 7 + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - travis + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/travis/molecule/alpine-edge/molecule.yml b/roles/travis/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..3de87f9 --- /dev/null +++ b/roles/travis/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/travis/molecule/alpine-latest/molecule.yml b/roles/travis/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..12cc364 --- /dev/null +++ b/roles/travis/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/travis/molecule/archlinux/molecule.yml b/roles/travis/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..10cf50b --- /dev/null +++ b/roles/travis/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/travis/molecule/centos-6/molecule.yml b/roles/travis/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..c7bac29 --- /dev/null +++ b/roles/travis/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/travis/molecule/centos-latest/molecule.yml b/roles/travis/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..caaf50d --- /dev/null +++ b/roles/travis/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/travis/molecule/debian-latest/molecule.yml b/roles/travis/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..b42f597 --- /dev/null +++ b/roles/travis/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/travis/molecule/debian-stable/molecule.yml b/roles/travis/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..2561c8b --- /dev/null +++ b/roles/travis/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/travis/molecule/debian-unstable/molecule.yml b/roles/travis/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..a15e65a --- /dev/null +++ b/roles/travis/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/travis/molecule/default/molecule.yml b/roles/travis/molecule/default/molecule.yml new file mode 100644 index 0000000..32c0f70 --- /dev/null +++ b/roles/travis/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: travis-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: travis-archlinux + image: archlinux/base + pre_build_image: yes + - name: travis-centos-6 + image: centos:6 + pre_build_image: yes + - name: travis-centos-latest + image: centos:latest + pre_build_image: yes + - name: travis-debian-latest + image: debian:latest + pre_build_image: yes + - name: travis-debian-stable + image: debian:stable + pre_build_image: yes + - name: travis-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: travis-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: travis-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: travis-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: travis-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: travis-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: travis-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/travis/molecule/ec2/README.md b/roles/travis/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/travis/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/travis/molecule/ec2/create.yml b/roles/travis/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/travis/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/travis/molecule/ec2/destroy.yml b/roles/travis/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/travis/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/travis/molecule/ec2/molecule.yml b/roles/travis/molecule/ec2/molecule.yml new file mode 100644 index 0000000..9f133a4 --- /dev/null +++ b/roles/travis/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: travis-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: travis-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: travis-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: travis-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: travis-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: travis-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + travis-ubuntu-18.04: + ansible_user: ubuntu + travis-centos-7: + ansible_user: centos + travis-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/travis/molecule/fedora-latest/molecule.yml b/roles/travis/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..a0bee93 --- /dev/null +++ b/roles/travis/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/travis/molecule/fedora-rawhide/molecule.yml b/roles/travis/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..f506bb7 --- /dev/null +++ b/roles/travis/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/travis/molecule/opensuse-leap/molecule.yml b/roles/travis/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..a10ddd0 --- /dev/null +++ b/roles/travis/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/travis/molecule/resources/playbook.yml b/roles/travis/molecule/resources/playbook.yml new file mode 100644 index 0000000..0bf19eb --- /dev/null +++ b/roles/travis/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-travis diff --git a/roles/travis/molecule/resources/prepare.yml b/roles/travis/molecule/resources/prepare.yml new file mode 100644 index 0000000..a4f3931 --- /dev/null +++ b/roles/travis/molecule/resources/prepare.yml @@ -0,0 +1,10 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.ruby diff --git a/roles/travis/molecule/ubuntu-devel/molecule.yml b/roles/travis/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..80e4c9f --- /dev/null +++ b/roles/travis/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/travis/molecule/ubuntu-latest/molecule.yml b/roles/travis/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..6152e2f --- /dev/null +++ b/roles/travis/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/travis/molecule/ubuntu-rolling/molecule.yml b/roles/travis/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..3a917bf --- /dev/null +++ b/roles/travis/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: travis-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/travis/molecule/vagrant/molecule.yml b/roles/travis/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..bd74696 --- /dev/null +++ b/roles/travis/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: travis-debian + box: debian/stretch64 + - name: travis-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/travis/requirements.yml b/roles/travis/requirements.yml new file mode 100644 index 0000000..5c1fe87 --- /dev/null +++ b/roles/travis/requirements.yml @@ -0,0 +1,4 @@ +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.ruby diff --git a/roles/travis/tasks/main.yml b/roles/travis/tasks/main.yml new file mode 100644 index 0000000..8fb3da6 --- /dev/null +++ b/roles/travis/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# tasks file for travis +- name: test veriables and environment + assert: + that: + +- name: install requirements + package: + name: "{{ travis_requirements }}" + state: present + register: travis_install_requirements + until: travis_install_requirements is succeeded + retries: 3 + +- name: install travis + gem: + name: "{{ travis_package }}" + state: present + user_install: no + register: travis_install_travis + until: travis_install_travis is succeeded + retries: 3 diff --git a/roles/travis/vars/main.yml b/roles/travis/vars/main.yml new file mode 100644 index 0000000..0539af3 --- /dev/null +++ b/roles/travis/vars/main.yml @@ -0,0 +1,22 @@ +--- +# vars file for travis +_travis_requirements: + default: [] + Alpine: + - ruby-dev + Archlinux: + - bash + CentOS: + - ruby-devel + Debian: + - ruby-dev + Fedora: + - ruby-devel + openSUSE Leap: + - ruby-devel + Ubuntu: + - ruby-dev + +travis_requirements: "{{ _travis_requirements[ansible_distribution] | default(_travis_requirements['default']) }}" + +travis_package: travis diff --git a/roles/update/.github/ISSUE_TEMPLATE/bug_report.md b/roles/update/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/update/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/update/.github/ISSUE_TEMPLATE/feature_request.md b/roles/update/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/update/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/update/.github/settings.yml b/roles/update/.github/settings.yml new file mode 100644 index 0000000..c8078bf --- /dev/null +++ b/roles/update/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install updates on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/update/.gitignore b/roles/update/.gitignore new file mode 100644 index 0000000..10b26d1 --- /dev/null +++ b/roles/update/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp diff --git a/roles/update/.travis.yml b/roles/update/.travis.yml new file mode 100644 index 0000000..312134e --- /dev/null +++ b/roles/update/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "AWHru2ap8OQdUHCYCKa7KxfIXZALrCtkLjiBGiyo7PEEe4PEaJ6Ys5HOEuZF5BEPTwSyhZgbi/zX3fPwJTYZU24sFcqq7IKY7DxyW0LrIv4+ekKR18YtrliIVirisQUHq12/gI0KmyPKN1llhktEFkB9e5xo2ujWwc/eVReYX2WFtzdfEe7qPSlJcc/GstK+Iz6F5hAiDxXAfDIrCzSZDNGM43x8fLapBP0W4sSBE+We/EEhi8ltKD+40SyGXZMyXEn9LZw3Yr2P2rQ25DdgYtqQoLjb86gj4D8Cwe8VyNI7/GHuPtbRFuEWLJm5izcbEgzECs0lNue/TgQT6AOCF9ctbyiMrNWNGXiQVTt0CPwjQDHEqQu/8KxcCFiLCA44HYYOoWFRLdv1/wyx541AfkmLgEEURqY0VFGP2WBHQI7gQf+ED/9RsZ3+75D6e4tBKgBa8QpLtSoQzlCH/1o/ORWWbRJAQ6n8yv7pjVT6vkrGufQ00z4e5U3eAgTnitEwWJ7VufgO6Cj+jqHDYd+cXiRP6TuHfP7PaaClozqTzZL5ZLLreA5M9yHkkCWkpRBWPXKmIDPtn2w9YUm6BFQdc7aqo6SCQoa7TEw9ZrhtmNGiblbBeFUQPo/nEa93SLklJCa/0ahPd2DR1r8XU9VtW6hL5sAei7UrgDfeWVZ41Ws=" + email: false diff --git a/roles/update/.yamllint b/roles/update/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/update/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/update/CODE_OF_CONDUCT.md b/roles/update/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/update/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/update/CONTRIBUTING.md b/roles/update/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/update/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/update/LICENSE b/roles/update/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/update/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/update/PULL_REQUEST_TEMPLATE.md b/roles/update/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/update/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/update/README.md b/roles/update/README.md new file mode 100644 index 0000000..f70225d --- /dev/null +++ b/roles/update/README.md @@ -0,0 +1,144 @@ +update +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-update.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-update) + +Install updates on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.update +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for update + +# For APT (Debian/Ubuntu) only: remove unused dependency packages for all module states except `build-dep' +update_autoremove: no + +# For APT (Debian/Ubuntu) only: apt_upgrade type which can be: dist, full, yes, or safe +update_upgrade_command: dist + +# For APT (Debian/Ubuntu) only: update the apt cache if it's older than the cache_valid_time. Set in seconds. +update_cache_valid_time: 1 + +# When updating systems, a reboot may be required. Here you can select to: +# "yes": Always reboot when packages have changed. +# "no": Never reboot when packages have changed. +update_reboot: yes +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.reboot + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/update.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-update) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-update/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/update/defaults/main.yml b/roles/update/defaults/main.yml new file mode 100644 index 0000000..4d645bd --- /dev/null +++ b/roles/update/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# defaults file for update + +# For APT (Debian/Ubuntu) only: remove unused dependency packages for all module states except `build-dep' +update_autoremove: no + +# For APT (Debian/Ubuntu) only: apt_upgrade type which can be: dist, full, yes, or safe +update_upgrade_command: dist + +# For APT (Debian/Ubuntu) only: update the apt cache if it's older than the cache_valid_time. Set in seconds. +update_cache_valid_time: 1 + +# When updating systems, a reboot may be required. Here you can select to: +# "yes": Always reboot when packages have changed. +# "no": Never reboot when packages have changed. +update_reboot: yes diff --git a/roles/update/handlers/main.yml b/roles/update/handlers/main.yml new file mode 100644 index 0000000..c80863f --- /dev/null +++ b/roles/update/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for update diff --git a/roles/update/meta/.galaxy_install_info b/roles/update/meta/.galaxy_install_info new file mode 100644 index 0000000..0473d2e --- /dev/null +++ b/roles/update/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:21 2019', version: 2.0.2} diff --git a/roles/update/meta/main.yml b/roles/update/meta/main.yml new file mode 100644 index 0000000..be83619 --- /dev/null +++ b/roles/update/meta/main.yml @@ -0,0 +1,45 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: update + description: Install updates on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - update + - alpine + - centos + - debian + - fedora + - rhel + - ubuntu + +dependencies: + - robertdebock.reboot diff --git a/roles/update/molecule/alpine-edge/molecule.yml b/roles/update/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..2d5ba76 --- /dev/null +++ b/roles/update/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/update/molecule/alpine-latest/molecule.yml b/roles/update/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..50f6d80 --- /dev/null +++ b/roles/update/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/update/molecule/archlinux/molecule.yml b/roles/update/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..e06d218 --- /dev/null +++ b/roles/update/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/update/molecule/centos-6/molecule.yml b/roles/update/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..6f5197c --- /dev/null +++ b/roles/update/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/update/molecule/centos-latest/molecule.yml b/roles/update/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..8b0f0ed --- /dev/null +++ b/roles/update/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/update/molecule/debian-latest/molecule.yml b/roles/update/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..0da320e --- /dev/null +++ b/roles/update/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/update/molecule/debian-stable/molecule.yml b/roles/update/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..1947096 --- /dev/null +++ b/roles/update/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/update/molecule/debian-unstable/molecule.yml b/roles/update/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..009f0fd --- /dev/null +++ b/roles/update/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/update/molecule/default/molecule.yml b/roles/update/molecule/default/molecule.yml new file mode 100644 index 0000000..8157a56 --- /dev/null +++ b/roles/update/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: update-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: update-archlinux + image: archlinux/base + pre_build_image: yes + - name: update-centos-6 + image: centos:6 + pre_build_image: yes + - name: update-centos-latest + image: centos:latest + pre_build_image: yes + - name: update-debian-latest + image: debian:latest + pre_build_image: yes + - name: update-debian-stable + image: debian:stable + pre_build_image: yes + - name: update-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: update-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: update-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: update-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: update-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: update-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: update-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/update/molecule/ec2/README.md b/roles/update/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/update/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/update/molecule/ec2/create.yml b/roles/update/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/update/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/update/molecule/ec2/destroy.yml b/roles/update/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/update/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/update/molecule/ec2/molecule.yml b/roles/update/molecule/ec2/molecule.yml new file mode 100644 index 0000000..f13716e --- /dev/null +++ b/roles/update/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: update-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: update-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: update-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: update-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: update-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: update-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + update-ubuntu-18.04: + ansible_user: ubuntu + update-centos-7: + ansible_user: centos + update-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/update/molecule/fedora-latest/molecule.yml b/roles/update/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..aa40ac4 --- /dev/null +++ b/roles/update/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/update/molecule/fedora-rawhide/molecule.yml b/roles/update/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..51c017e --- /dev/null +++ b/roles/update/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/update/molecule/opensuse-leap/molecule.yml b/roles/update/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..7b1bb5d --- /dev/null +++ b/roles/update/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/update/molecule/resources/playbook.yml b/roles/update/molecule/resources/playbook.yml new file mode 100644 index 0000000..8bfc88c --- /dev/null +++ b/roles/update/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-update diff --git a/roles/update/molecule/resources/prepare.yml b/roles/update/molecule/resources/prepare.yml new file mode 100644 index 0000000..4298ff8 --- /dev/null +++ b/roles/update/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - robertdebock.bootstrap diff --git a/roles/update/molecule/ubuntu-devel/molecule.yml b/roles/update/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..6357582 --- /dev/null +++ b/roles/update/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/update/molecule/ubuntu-latest/molecule.yml b/roles/update/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..337fca4 --- /dev/null +++ b/roles/update/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/update/molecule/ubuntu-rolling/molecule.yml b/roles/update/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..c8a7504 --- /dev/null +++ b/roles/update/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: update-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/update/molecule/vagrant/INSTALL.rst b/roles/update/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/update/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/update/molecule/vagrant/molecule.yml b/roles/update/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..07dc17f --- /dev/null +++ b/roles/update/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: update-debian + box: debian/stretch64 + - name: update-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/update/requirements.yml b/roles/update/requirements.yml new file mode 100644 index 0000000..4681079 --- /dev/null +++ b/roles/update/requirements.yml @@ -0,0 +1,3 @@ +--- +- robertdebock.bootstrap +- robertdebock.reboot diff --git a/roles/update/tasks/main.yml b/roles/update/tasks/main.yml new file mode 100644 index 0000000..0143e0f --- /dev/null +++ b/roles/update/tasks/main.yml @@ -0,0 +1,119 @@ +--- +# tasks file for update +- name: update cache (apk) + apk: + update_cache: yes + when: + - ansible_pkg_mgr == "apk" + changed_when: no + register: update_update_cache_apk + until: update_update_cache_apk + retries: 3 + +- name: update all software (apk) + apk: + upgrade: yes + when: + - ansible_pkg_mgr == "apk" + register: update_update_all_software_apk + until: update_update_all_software_apk + retries: 3 + +- name: update all software (apt) + apt: + update_cache: yes + upgrade: "{{ update_upgrade_command }}" + cache_valid_time: "{{ update_cache_valid_time }}" + register: update_all_software_apt + when: + - ansible_pkg_mgr == "apt" + until: update_all_software_apt + retries: 3 + +- name: apt autoremove (apt) + apt: + autoremove: "{{ update_autoremove }}" + when: + - ansible_pkg_mgr == "apt" + - update_autoremove == "yes" + tags: + - skip_ansible_lint + +- name: update all software (dnf) + dnf: + name: "*" + state: latest + register: update_result_dnf + when: + - ansible_pkg_mgr == "dnf" + tags: + - skip_ansible_lint + +- name: update all software (pacman) + pacman: + update_cache: yes + upgrade: yes + register: update_result_pacman + when: + - ansible_pkg_mgr == "pacman" + tags: + - skip_ansible_lint + +- name: update all software (yum/6) + yum: + name: "*" + state: latest + when: + - ansible_pkg_mgr == "yum" + - ansible_distribution_major_version == "6" + tags: + - skip_ansible_lint + register: update_result_yum_6 + +- name: update all software (yum/7) + yum: + name: "*" + state: latest + when: + - ansible_pkg_mgr == "yum" + - ansible_distribution_major_version == "7" + tags: + - skip_ansible_lint + register: update_result_yum_7 + +- name: install yum-utils + package: + name: yum-utils + when: + - ansible_pkg_mgr == "yum" + - ansible_distribution_major_version == "7" + register: update_install_yum_utils + until: update_install_yum_utils + retries: 3 + +- name: update all software (zypper) + zypper: + name: "*" + state: latest + when: + - ansible_pkg_mgr == "zypper" + tags: + - skip_ansible_lint + register: update_result_zypper + +- name: reboot for updates + include_role: + name: robertdebock.reboot + vars: + reboot_message: rebooting for robertdebock/ansible-role-update + when: + - update_update_all_software_apk.changed or + update_all_software_apt.changed or + update_result_dnf.changed or + update_result_pacman.changed or + update_result_yum_6.changed or + update_result_yum_7.changed or + update_result_zypper.changed + - update_reboot + tags: + - skip_ansible_lint diff --git a/roles/users/.github/ISSUE_TEMPLATE/bug_report.md b/roles/users/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/users/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/users/.github/ISSUE_TEMPLATE/feature_request.md b/roles/users/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/users/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/users/.github/settings.yml b/roles/users/.github/settings.yml new file mode 100644 index 0000000..799df93 --- /dev/null +++ b/roles/users/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: The purpose of this role is to add users and groups on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/users/.gitignore b/roles/users/.gitignore new file mode 100644 index 0000000..55207b5 --- /dev/null +++ b/roles/users/.gitignore @@ -0,0 +1,4 @@ +molecule/*/.molecule +*.log +molecule/*/ssh_keys +*.swp diff --git a/roles/users/.travis.yml b/roles/users/.travis.yml new file mode 100644 index 0000000..4e51a25 --- /dev/null +++ b/roles/users/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" + - version="" distro="centos-6" + - version="devel" distro="centos-6" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "D+mNeObKmTP+19Y1thU13eDdS0VdsUWj1L+Fs8k9ZGM0MG1kKjoQN5lzhBnn5G4KTAtK7h6H6LkFcHlRMPC7zQVKThsOlCYcDa1HDRdUAwBzk+KwmU5FwsGm2u/iYg1/P7eF/EcdB8FruhREfeYJKU/yxrYu/JKw7wSe70iTK3Xxs1R54cV9Ofyrr7UCr5lmkYyjb4OQGxPbaXPiFECFARD14H+bfDtLmu6wQp4k3qtyDsBcIoGeRQWp9dKJOaLPSh+9JRqT5RPjzQGkcbRW8PyGistnvhnEGoaPemg91koLHkYTKX+29o1NC5KlQNXqLuzSDydwExKsZ6NZfabK8oYS00rF8EVA1JPTVKEjpxJWQ003uVZfzH8TuAWSl5ZC2lRVZDQQ/DRmq4lav67ASB1gdSdNdaCDSa9vfG+RES6WKYXgoTqOkUVnAUcNs8zr+41UFr5vdJcKr2PG1uKAkqurQaIRZxJUL26pUljoqmkRhTndJiphEf52OHeZpU2h4pS1q71TTzinOtFM6Cf6nqnDD6BlzF/XLpxMkZkpMChombOqFfZuSYfHkpJ+uqzduqZ0oMJnWjnb//T02zYonQquAZTBC9rJAP0onCa9PRKcnhncWcyOILG8v6eADCOPTz4A8rQEpCpp8gE4hFvs2PTS5xduUxaf4uth4phBEFA=" + email: false diff --git a/roles/users/.yamllint b/roles/users/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/users/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/users/CODE_OF_CONDUCT.md b/roles/users/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/users/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/users/CONTRIBUTING.md b/roles/users/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/users/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/users/LICENSE b/roles/users/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/users/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/users/PULL_REQUEST_TEMPLATE.md b/roles/users/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/users/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/users/README.md b/roles/users/README.md new file mode 100644 index 0000000..3e0dc51 --- /dev/null +++ b/roles/users/README.md @@ -0,0 +1,191 @@ +users +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-users.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-users) + +The purpose of this role is to add users and groups on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + users_group_list: + - name: robertdb + gid: 1024 + - name: users + - name: notgroup + state: absent + + users_user_list: + - name: root + cron_allow: yes + - name: robertdb + comment: Robert de Bock + uid: 1024 + group: robertdb + groups: users + cron_allow: yes + sudo_options: "ALL=(ALL) NOPASSWD: ALL" + authorized_key: "ssh-rsa ABC123" + - name: notuser + state: absent + - name: keyuser + manage_ssh_key: yes + - name: privkeyuser + manage_ssh_key: yes + copy_private_key: yes + + roles: + - robertdebock.users +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for users + +# The location to store ssh keys for user +users_ssh_key_directory: ssh_keys + +# The default shell if not overwritten. +users_shell: /bin/bash + +# A list of groups and properties. +# users_group_list: +# - name: robertdb +# gid: 1024 +# - name: notgroup +# state: absent + +# A list of users and properties. +# users_user_list: +# - name: root +# cron_allow: yes +# - name: robertdb +# comment: Robert de Bock +# uid: 1024 +# group: robertdb +# groups: users,wheel +# cron_allow: yes +# sudo_options: "ALL=(ALL) NOPASSWD: ALL" +# authorized_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5" +# authorized_keys: +# - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5" +# copy_private_key: yes +# - name: notuser +# state: absent +# - name: keyuser +# manage_ssh_key: yes +# - name: specificshell +# shell: "/bin/ksh" +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/users.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|yes|yes|yes*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-users) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-users/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml new file mode 100644 index 0000000..b3bb362 --- /dev/null +++ b/roles/users/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# defaults file for users + +# The location to store ssh keys for user +users_ssh_key_directory: ssh_keys + +# The default shell if not overwritten. +users_shell: /bin/bash + +# A list of groups and properties. +# users_group_list: +# - name: robertdb +# gid: 1024 +# - name: notgroup +# state: absent + +# A list of users and properties. +# users_user_list: +# - name: root +# cron_allow: yes +# - name: robertdb +# comment: Robert de Bock +# uid: 1024 +# group: robertdb +# groups: users,wheel +# cron_allow: yes +# sudo_options: "ALL=(ALL) NOPASSWD: ALL" +# authorized_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5" +# authorized_keys: +# - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5" +# copy_private_key: yes +# - name: notuser +# state: absent +# - name: keyuser +# manage_ssh_key: yes +# - name: specificshell +# shell: "/bin/ksh" diff --git a/roles/users/meta/.galaxy_install_info b/roles/users/meta/.galaxy_install_info new file mode 100644 index 0000000..414c845 --- /dev/null +++ b/roles/users/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:24 2019', version: 3.0.2} diff --git a/roles/users/meta/main.yml b/roles/users/meta/main.yml new file mode 100644 index 0000000..c23a9d5 --- /dev/null +++ b/roles/users/meta/main.yml @@ -0,0 +1,49 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: users + description: The purpose of this role is to add users and groups on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - users + - alpine + - centos + - debian + - el + - fedora + - opensuse + - rhel + - server + - sudo + - system + - ubuntu + +dependencies: [] diff --git a/roles/users/molecule/alpine-edge/molecule.yml b/roles/users/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..8c43b40 --- /dev/null +++ b/roles/users/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/users/molecule/alpine-latest/molecule.yml b/roles/users/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..6fa00e6 --- /dev/null +++ b/roles/users/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/users/molecule/archlinux/molecule.yml b/roles/users/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..b4b8730 --- /dev/null +++ b/roles/users/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/users/molecule/centos-6/molecule.yml b/roles/users/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..c2ef077 --- /dev/null +++ b/roles/users/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/users/molecule/centos-latest/molecule.yml b/roles/users/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..e435007 --- /dev/null +++ b/roles/users/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/users/molecule/debian-latest/molecule.yml b/roles/users/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..8e4e1b3 --- /dev/null +++ b/roles/users/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/users/molecule/debian-stable/molecule.yml b/roles/users/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..5976839 --- /dev/null +++ b/roles/users/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/users/molecule/debian-unstable/molecule.yml b/roles/users/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..3817b49 --- /dev/null +++ b/roles/users/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/users/molecule/default/molecule.yml b/roles/users/molecule/default/molecule.yml new file mode 100644 index 0000000..e1611bf --- /dev/null +++ b/roles/users/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: users-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: users-archlinux + image: archlinux/base + pre_build_image: yes + - name: users-centos-6 + image: centos:6 + pre_build_image: yes + - name: users-centos-latest + image: centos:latest + pre_build_image: yes + - name: users-debian-latest + image: debian:latest + pre_build_image: yes + - name: users-debian-stable + image: debian:stable + pre_build_image: yes + - name: users-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: users-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: users-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: users-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: users-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: users-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: users-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/users/molecule/ec2/README.md b/roles/users/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/users/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/users/molecule/ec2/create.yml b/roles/users/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/users/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/users/molecule/ec2/destroy.yml b/roles/users/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/users/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/users/molecule/ec2/molecule.yml b/roles/users/molecule/ec2/molecule.yml new file mode 100644 index 0000000..ff75b2e --- /dev/null +++ b/roles/users/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: users-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: users-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: users-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: users-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: users-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: users-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + users-ubuntu-18.04: + ansible_user: ubuntu + users-centos-7: + ansible_user: centos + users-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/users/molecule/fedora-latest/molecule.yml b/roles/users/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..d992641 --- /dev/null +++ b/roles/users/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/users/molecule/fedora-rawhide/molecule.yml b/roles/users/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..a574adc --- /dev/null +++ b/roles/users/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/users/molecule/opensuse-leap/molecule.yml b/roles/users/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..86b86f6 --- /dev/null +++ b/roles/users/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/users/molecule/resources/playbook.yml b/roles/users/molecule/resources/playbook.yml new file mode 100644 index 0000000..e1ab849 --- /dev/null +++ b/roles/users/molecule/resources/playbook.yml @@ -0,0 +1,44 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + vars: + users_group_list: + - name: robertdb + gid: 1024 + - name: users + - name: notgroup + state: absent + + users_user_list: + - name: root + cron_allow: yes + - name: robertdb + comment: Robert de Bock + uid: 1024 + group: robertdb + groups: users + cron_allow: yes + sudo_options: "ALL=(ALL) NOPASSWD: ALL" + authorized_key: "ssh-rsa ABC123" + - name: notuser + state: absent + - name: keyuser + manage_ssh_key: yes + - name: privkeyuser + manage_ssh_key: yes + copy_private_key: yes + - name: multiplekeys + authorized_keys: + - "ssh-rsa ABC1234" + - "ssh-rsa ABC12345" + - name: mixedkeys + authorized_key: "ssh-rsa ABC123456" + authorized_keys: + - "ssh-rsa ABC1234567" + - "ssh-rsa ABC12345678" + + roles: + - ansible-role-users diff --git a/roles/users/molecule/resources/prepare.yml b/roles/users/molecule/resources/prepare.yml new file mode 100644 index 0000000..1cda60c --- /dev/null +++ b/roles/users/molecule/resources/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - robertdebock.bootstrap diff --git a/roles/users/molecule/ubuntu-devel/molecule.yml b/roles/users/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..dbdb378 --- /dev/null +++ b/roles/users/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/users/molecule/ubuntu-latest/molecule.yml b/roles/users/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..2de45f8 --- /dev/null +++ b/roles/users/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/users/molecule/ubuntu-rolling/molecule.yml b/roles/users/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..f665d72 --- /dev/null +++ b/roles/users/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: users-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/users/molecule/vagrant/INSTALL.rst b/roles/users/molecule/vagrant/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/roles/users/molecule/vagrant/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/roles/users/molecule/vagrant/molecule.yml b/roles/users/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..acec739 --- /dev/null +++ b/roles/users/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: users-debian + box: debian/stretch64 + - name: users-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/users/requirements.yml b/roles/users/requirements.yml new file mode 100644 index 0000000..46dec9d --- /dev/null +++ b/roles/users/requirements.yml @@ -0,0 +1,2 @@ +--- +- robertdebock.bootstrap diff --git a/roles/users/tasks/group.yml b/roles/users/tasks/group.yml new file mode 100644 index 0000000..a2eae67 --- /dev/null +++ b/roles/users/tasks/group.yml @@ -0,0 +1,6 @@ +--- +- name: manage group {{ group.name }} + group: + name: "{{ group.name }}" + state: "{{ group.state | default('present') }}" + gid: "{{ group.gid | default(omit) }}" diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml new file mode 100644 index 0000000..c09dd99 --- /dev/null +++ b/roles/users/tasks/main.yml @@ -0,0 +1,33 @@ +--- +# tasks file for users +- name: create local ssh_key_directory + file: + path: "{{ users_ssh_key_directory }}" + state: directory + delegate_to: localhost + become: no + +- name: loop over users_group_list + include: group.yml + with_items: + - "{{ users_group_list }}" + loop_control: + label: "{{ group.name }}" + loop_var: group + when: + - users_group_list is defined + +- name: loop over users_user_list + include: user.yml + with_items: + - "{{ users_user_list }}" + loop_control: + label: "{{ user.name }}" + loop_var: user + when: + - users_user_list is defined + +- name: manage cron permission + template: + src: cron.allow.j2 + dest: /etc/cron.allow diff --git a/roles/users/tasks/user.yml b/roles/users/tasks/user.yml new file mode 100644 index 0000000..f447fdf --- /dev/null +++ b/roles/users/tasks/user.yml @@ -0,0 +1,132 @@ +--- +# tasks file for users +- name: manage users {{ user.name }} + user: + name: "{{ user.name }}" + state: "{{ user.state | default('present') }}" + comment: "{{ user.comment | default(omit) }}" + password: "{{ user.password | default(omit) }}" + uid: "{{ user.uid | default(omit) }}" + group: "{{ user.group | default(omit) }}" + groups: "{{ user.groups | default(omit) }}" + shell: "{{ user.shell | default(users_shell) }}" + register: users_manage_user + +- name: set sudo options for {{ user.name }} + template: + src: sudo.j2 + dest: "/etc/sudoers.d/{{ user.name }}" + when: + - user.sudo_options is defined + loop_control: + label: "{{ user.name }}" + +- name: generate private ssh key for {{ user.name }} + command: "{{ users_ssh_keygen_command }}" + args: + creates: "{{ users_ssh_key_directory }}/{{ user.name }}" + when: + - user.manage_ssh_key is defined + - user.manage_ssh_key + loop_control: + label: "{{ user.name }}" + delegate_to: localhost + become: no + +- name: generate public ssh key for {{ user.name }} + shell: "{{ users_ssh_keygen_pubkey_command }} > {{ users_ssh_key_directory }}/{{ user.name }}.pub" + args: + creates: "{{ users_ssh_key_directory }}/{{ user.name }}.pub" + when: + - user.manage_ssh_key is defined + - user.manage_ssh_key + loop_control: + label: "{{ user.name }}" + delegate_to: localhost + become: no + +- name: read generated public ssh key for {{ user.name }} + command: cat "{{ users_ssh_key_directory }}/{{ user.name }}.pub" + when: + - user.manage_ssh_key is defined + - user.manage_ssh_key + changed_when: no + register: ssh_public_key + delegate_to: localhost + become: no + loop_control: + label: "{{ user.name }}" + +- name: convert ssh key to ppk for {{ user.name }} + shell: > + ssh-keygen -e -f "{{ users_ssh_key_directory }}/{{ user.name }}" + -C "Generated by Ansible role robertdebock.users" + > "{{ users_ssh_key_directory }}/{{ user.name }}.ppk" + args: + creates: "{{ users_ssh_key_directory }}/{{ user.name }}.ppk" + when: + - user.manage_ssh_key is defined + - user.manage_ssh_key + delegate_to: localhost + become: no + +- name: create .ssh directory for {{ user.name }} + file: + path: "{{ user.home }}/.ssh" + state: directory + mode: "0700" + become: yes + become_user: "{{ user.name }}" + when: + - users_manage_user is defined + - user.home is defined + +- name: loop over authorized_key for {{ user.name }} + include: user_authorized_key.yml + with_items: + - "{{ user.authorized_key }}" + loop_control: + label: "{{ user.name }}" + loop_var: authorized_key + when: + - user.authorized_key is defined + +- name: loop over authorized_keys for {{ user.name }} + include: user_authorized_key.yml + with_items: + - "{{ user.authorized_keys }}" + loop_control: + label: "{{ user.name }}" + loop_var: authorized_key + when: + - user.authorized_keys is defined + +- name: place generated ssh_public_key for {{ user.name }} + authorized_key: + user: "{{ user.name }}" + state: present + key: "{{ item.stdout }}" + with_items: + - "{{ ssh_public_key }}" + when: + - ssh_public_key is defined + - user.manage_ssh_key is defined + - user.manage_ssh_key + loop_control: + label: "{{ user.name }}" + +- name: copy generated private ssh key for {{ user.name }} + copy: + src: "{{ users_ssh_key_directory }}/{{ item.name }}" + dest: "{{ item.home }}/.ssh/id_rsa" + mode: "0400" + owner: "{{ item.name }}" + group: "{{ item.group }}" + with_items: + - "{{ users_manage_user }}" + when: + - users_manage_user is defined + - user.copy_private_key is defined + - user.copy_private_key + loop_control: + label: "{{ user.name }}" diff --git a/roles/users/tasks/user_authorized_key.yml b/roles/users/tasks/user_authorized_key.yml new file mode 100644 index 0000000..48aab3b --- /dev/null +++ b/roles/users/tasks/user_authorized_key.yml @@ -0,0 +1,6 @@ +--- +- name: place authorized_key for {{ user.name }} + authorized_key: + user: "{{ user.name }}" + state: present + key: "{{ authorized_key }}" diff --git a/roles/users/templates/.gitkeep b/roles/users/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/users/templates/cron.allow.j2 b/roles/users/templates/cron.allow.j2 new file mode 100644 index 0000000..2b339d4 --- /dev/null +++ b/roles/users/templates/cron.allow.j2 @@ -0,0 +1,10 @@ +{{ ansible_managed | comment }} +{% if users_user_list is defined %} +{% for user in users_user_list %} +{% if user.cron_allow is defined %} +{% if user.cron_allow %} +{{ user.name }} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} diff --git a/roles/users/templates/sudo.j2 b/roles/users/templates/sudo.j2 new file mode 100644 index 0000000..43459cc --- /dev/null +++ b/roles/users/templates/sudo.j2 @@ -0,0 +1,2 @@ +{{ ansible_managed | comment }} +{{ user.name }} {{ user.sudo_options }} diff --git a/roles/users/vars/main.yml b/roles/users/vars/main.yml new file mode 100644 index 0000000..4183a5c --- /dev/null +++ b/roles/users/vars/main.yml @@ -0,0 +1,5 @@ +--- +# vars file for users + +users_ssh_keygen_command: ssh-keygen -f {{ users_ssh_key_directory }}/{{ user.name }} -N "" -C "Generated by Ansible role robertdebock.users" +users_ssh_keygen_pubkey_command: ssh-keygen -y -f {{ users_ssh_key_directory }}/{{ user.name }} diff --git a/roles/vagrant/.github/ISSUE_TEMPLATE/bug_report.md b/roles/vagrant/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..bd1a0dc --- /dev/null +++ b/roles/vagrant/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Run this role: +2. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Error** +Please show the resulting error. If applicable a snippet of the playbook including the role ran with `-vvv` + +**Environment** +- Control node OS: [e.g. Debian 9] +- Control node Ansible version: [e.g. 2.6.2] +- Managed node OS: [e.g. CentOS 7] + +**Additional context** +Add any other context about the problem here. diff --git a/roles/vagrant/.github/ISSUE_TEMPLATE/feature_request.md b/roles/vagrant/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/roles/vagrant/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/roles/vagrant/.github/settings.yml b/roles/vagrant/.github/settings.yml new file mode 100644 index 0000000..d250bb0 --- /dev/null +++ b/roles/vagrant/.github/settings.yml @@ -0,0 +1,4 @@ +--- +repository: + description: Install vagrant on your system. + homepage: https://robertdebock.nl/ diff --git a/roles/vagrant/.gitignore b/roles/vagrant/.gitignore new file mode 100644 index 0000000..47cf7b9 --- /dev/null +++ b/roles/vagrant/.gitignore @@ -0,0 +1,3 @@ +molecule/*/.molecule +*.log +*.swp \ No newline at end of file diff --git a/roles/vagrant/.travis.yml b/roles/vagrant/.travis.yml new file mode 100644 index 0000000..638e86d --- /dev/null +++ b/roles/vagrant/.travis.yml @@ -0,0 +1,92 @@ +--- +sudo: required +language: python +services: docker + +env: + - version=">=2.7,<2.8" distro="alpine-latest" + - version="" distro="alpine-latest" + - version="devel" distro="alpine-latest" + - version=">=2.7,<2.8" distro="alpine-edge" + - version="" distro="alpine-edge" + - version="devel" distro="alpine-edge" + - version=">=2.7,<2.8" distro="archlinux" + - version="" distro="archlinux" + - version="devel" distro="archlinux" + - version=">=2.7,<2.8" distro="centos-6" expectation="fail" + - version="" distro="centos-6" expectation="fail" + - version="devel" distro="centos-6" expectation="fail" + - version=">=2.7,<2.8" distro="centos-latest" + - version="" distro="centos-latest" + - version="devel" distro="centos-latest" + - version=">=2.7,<2.8" distro="debian-latest" + - version="" distro="debian-latest" + - version="devel" distro="debian-latest" + - version=">=2.7,<2.8" distro="debian-stable" + - version="" distro="debian-stable" + - version="devel" distro="debian-stable" + - version=">=2.7,<2.8" distro="debian-unstable" + - version="" distro="debian-unstable" + - version="devel" distro="debian-unstable" + - version=">=2.7,<2.8" distro="fedora-latest" + - version="" distro="fedora-latest" + - version="devel" distro="fedora-latest" + - version=">=2.7,<2.8" distro="fedora-rawhide" + - version="" distro="fedora-rawhide" + - version="devel" distro="fedora-rawhide" + - version=">=2.7,<2.8" distro="opensuse-leap" + - version="" distro="opensuse-leap" + - version="devel" distro="opensuse-leap" + - version=">=2.7,<2.8" distro="ubuntu-rolling" + - version="" distro="ubuntu-rolling" + - version="devel" distro="ubuntu-rolling" + - version=">=2.7,<2.8" distro="ubuntu-latest" + - version="" distro="ubuntu-latest" + - version="devel" distro="ubuntu-latest" + - version=">=2.7,<2.8" distro="ubuntu-devel" + - version="" distro="ubuntu-devel" + - version="devel" distro="ubuntu-devel" + +matrix: + allow_failures: + - env: version=">=2.7,<2.8" distro="alpine-edge" + - env: version="" distro="alpine-edge" + - env: version="devel" distro="alpine-edge" + - env: version="devel" distro="alpine-latest" + - env: version="devel" distro="archlinux" + - env: version="devel" distro="centos-6" expectation="fail" + - env: version="devel" distro="centos-latest" + - env: version="devel" distro="debian-latest" + - env: version="devel" distro="debian-stable" + - env: version=">=2.7,<2.8" distro="debian-unstable" + - env: version="" distro="debian-unstable" + - env: version="devel" distro="debian-unstable" + - env: version="devel" distro="fedora-latest" + - env: version=">=2.7,<2.8" distro="fedora-rawhide" + - env: version="" distro="fedora-rawhide" + - env: version="devel" distro="fedora-rawhide" + - env: version="devel" distro="opensuse-leap" + - env: version="devel" distro="ubuntu-rolling" + - env: version=">=2.7,<2.8" distro="ubuntu-devel" + - env: version="" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-devel" + - env: version="devel" distro="ubuntu-latest" + +cache: + - pip + +install: + - pip install --upgrade pip + - if [ "${version}" != "devel" ] ; then pip install ansible"${version}" ; fi + - if [ "${version}" = "devel" ] ; then pip install git+https://github.com/ansible/ansible.git@devel ; fi + - pip install molecule + - pip install docker + +script: + - if [ "${expectation}" = "fail" ] ; then ! molecule test --scenario-name "${distro}" ; else molecule test --scenario-name "${distro}" ; fi + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + slack: + secure: "LmW+3578U7MAUOTYbf4ZcZclQWVlh6j9aKr7DbyHSG9OiVqfgb2U4aea3rLTRAw8EE/WgQRL61Pm8YJ/F0yCRcVlaeOEUNmOjkVTKrWGd3XXK079Ek+lPYFL3ozsnUv4tpP71wtkLzzCAkJABBW+Z9pUN+02IOQV2Lu9VXprxppWZEuNfNjfWhwUZwpfUok7WD93/59zoKNHU9wnI/xVNVFpBIsViGoSTx5TU9+mVPhXKKmDPL2EulJQn1QFiwAfcnWdQuECGCvuZa7d8z1JLFfcWksJ7mk2bHL/5WJt3lddT3l9sWXDZ1SP8RbYsoseT5/YwHGc6ubILGuOtzOV34MdAYIR9Y8X5FMbVbTlDfPQVbVyv6bvp6hq4G/WLFA0o591rM1P+wQ0BEGsHs06z2j/YJSveLblRQeKZeMURcG1d6tfknp4pvQFpG80Efbm3Ux0iE/ST03MYXbyktP+jhpkSeRG+KopgxNqgEeicpsIa6L4rctSDFuQqtZfVBQCmrGsEG9Iv727EMw7565n5uJJmwRz0PaCQkqhu+fUPPvpw+itBvGrvtUX8h9IjuDk7C3NiL20baJ6OMvbklHOF8b20DqE5BwHcoDESxA6aQat1yo/dwushXhAfP+vSfG22HSNXIDj2Tq0PRrtZqUTkWFJe8skt67XgxUyfKkcABE=" + email: false diff --git a/roles/vagrant/.yamllint b/roles/vagrant/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/roles/vagrant/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/vagrant/CODE_OF_CONDUCT.md b/roles/vagrant/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0d97a6f --- /dev/null +++ b/roles/vagrant/CODE_OF_CONDUCT.md @@ -0,0 +1,46 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behaviour that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behaviour by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/vagrant/CONTRIBUTING.md b/roles/vagrant/CONTRIBUTING.md new file mode 100644 index 0000000..2931dcf --- /dev/null +++ b/roles/vagrant/CONTRIBUTING.md @@ -0,0 +1,4 @@ +# Please contribute! +You can really make a difference by: +- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. +- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. diff --git a/roles/vagrant/LICENSE b/roles/vagrant/LICENSE new file mode 100644 index 0000000..744118c --- /dev/null +++ b/roles/vagrant/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2019 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/vagrant/PULL_REQUEST_TEMPLATE.md b/roles/vagrant/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..b1578c0 --- /dev/null +++ b/roles/vagrant/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,11 @@ +--- +name: Pull request +about: Describe the proposed change + +--- + +**Describe the change** +A clear and concise description of what the pull request is. + +**Testing** +In case a feature was added, how were tests performed? diff --git a/roles/vagrant/README.md b/roles/vagrant/README.md new file mode 100644 index 0000000..26748cb --- /dev/null +++ b/roles/vagrant/README.md @@ -0,0 +1,141 @@ +vagrant +========= + +[![Build Status](https://travis-ci.org/robertdebock/ansible-role-vagrant.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-vagrant) + +Install vagrant on your system. + +Example Playbook +---------------- + +This example is taken from `molecule/default/playbook.yml`: +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - robertdebock.vagrant +``` + +The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: +```yaml +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip +``` + +Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. + +Role Variables +-------------- + +These variables are set in `defaults/main.yml`: +```yaml +--- +# defaults file for vagrant + +# The version of vagrant to install. See https://releases.hashicorp.com/vagrant/ . +vagrant_version: 2.2.3 + +# The location to unpack the .tar.xz, if applicable. +vagrant_unarchive_dest: /usr/local/bin +``` + +Requirements +------------ + +- Access to a repository containing packages, likely on the internet. +- A recent version of Ansible. (Tests run on the last 3 release of Ansible.) + +The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: + +```yaml +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip + +``` + +Context +------- + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/vagrant.png "Dependency") + + +Compatibility +------------- + +This role has been tested against the following distributions and Ansible version: + +|distribution|ansible 2.6|ansible 2.7|ansible devel| +|------------|-----------|-----------|-------------| +|alpine-edge*|yes|yes|yes*| +|alpine-latest|yes|yes|yes*| +|archlinux|yes|yes|yes*| +|centos-6|no|no|no*| +|centos-latest|yes|yes|yes*| +|debian-latest|yes|yes|yes*| +|debian-stable|yes|yes|yes*| +|debian-unstable*|yes|yes|yes*| +|fedora-latest|yes|yes|yes*| +|fedora-rawhide*|yes|yes|yes*| +|opensuse-leap|yes|yes|yes*| +|ubuntu-devel*|yes|yes|yes*| +|ubuntu-latest|yes|yes|yes*| +|ubuntu-rolling|yes|yes|yes*| + +A single star means the build may fail, it's marked as an experimental build. + +Testing +------- + +[Unit tests](https://travis-ci.org/robertdebock/ansible-role-vagrant) are done on every commit and periodically. + +If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-vagrant/issues) + +To test this role locally please use [Molecule](https://github.com/metacloud/molecule): +``` +pip install molecule +molecule test +``` + +To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. + +There are many specific scenarios available, please have a look in the `molecule/` directory. + +Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: + +```shell +git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint +ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . + +git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint +ansible-lint -r /tmp/my-ansible-lint/rules . +``` + +License +------- + +Apache-2.0 + + +Author Information +------------------ + +[Robert de Bock](https://robertdebock.nl/) diff --git a/roles/vagrant/defaults/main.yml b/roles/vagrant/defaults/main.yml new file mode 100644 index 0000000..4e0555e --- /dev/null +++ b/roles/vagrant/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# defaults file for vagrant + +# The version of vagrant to install. See https://releases.hashicorp.com/vagrant/ . +vagrant_version: 2.2.3 + +# The location to unpack the .tar.xz, if applicable. +vagrant_unarchive_dest: /usr/local/bin diff --git a/roles/vagrant/handlers/main.yml b/roles/vagrant/handlers/main.yml new file mode 100644 index 0000000..62de044 --- /dev/null +++ b/roles/vagrant/handlers/main.yml @@ -0,0 +1,8 @@ +--- +# handlers file for vagrant +- name: restart vagrant + service: + name: "{{ vagrant_service }}" + state: restarted + when: + - ansible_virtualization_type != "docker" diff --git a/roles/vagrant/meta/.galaxy_install_info b/roles/vagrant/meta/.galaxy_install_info new file mode 100644 index 0000000..22910f3 --- /dev/null +++ b/roles/vagrant/meta/.galaxy_install_info @@ -0,0 +1 @@ +{install_date: 'Fri Jun 7 18:26:28 2019', version: 2.0.2} diff --git a/roles/vagrant/meta/main.yml b/roles/vagrant/meta/main.yml new file mode 100644 index 0000000..2cfca46 --- /dev/null +++ b/roles/vagrant/meta/main.yml @@ -0,0 +1,47 @@ +--- +galaxy_info: + author: Robert de Bock + role_name: vagrant + description: Install vagrant on your system. + license: Apache-2.0 + company: none + min_ansible_version: 2.6 + + platforms: + - name: Alpine + versions: + - all + - name: ArchLinux + version: + - all + - name: Debian + versions: + - all + - name: EL + version: + - 6 + - 7 + - name: Fedora + versions: + - all + - name: OpenSUSE + versions: + - all + - name: Ubuntu + versions: + - artful + - bionic + + galaxy_tags: + - vagrant + - alpine + - archlinux + - centos + - debian + - el + - fedora + - opensuse + - rhel + - ubuntu + +dependencies: [] diff --git a/roles/vagrant/molecule/alpine-edge/molecule.yml b/roles/vagrant/molecule/alpine-edge/molecule.yml new file mode 100644 index 0000000..e896615 --- /dev/null +++ b/roles/vagrant/molecule/alpine-edge/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-edge diff --git a/roles/vagrant/molecule/alpine-latest/molecule.yml b/roles/vagrant/molecule/alpine-latest/molecule.yml new file mode 100644 index 0000000..8287a7e --- /dev/null +++ b/roles/vagrant/molecule/alpine-latest/molecule.yml @@ -0,0 +1,23 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: alpine-latest diff --git a/roles/vagrant/molecule/archlinux/molecule.yml b/roles/vagrant/molecule/archlinux/molecule.yml new file mode 100644 index 0000000..ce2a251 --- /dev/null +++ b/roles/vagrant/molecule/archlinux/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-archlinux + image: archlinux/base + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: archlinux diff --git a/roles/vagrant/molecule/centos-6/molecule.yml b/roles/vagrant/molecule/centos-6/molecule.yml new file mode 100644 index 0000000..543e6ff --- /dev/null +++ b/roles/vagrant/molecule/centos-6/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-centos-6 + image: centos:6 + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-6 diff --git a/roles/vagrant/molecule/centos-latest/molecule.yml b/roles/vagrant/molecule/centos-latest/molecule.yml new file mode 100644 index 0000000..e9f9f1f --- /dev/null +++ b/roles/vagrant/molecule/centos-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-centos-latest + image: centos:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: centos-latest diff --git a/roles/vagrant/molecule/debian-latest/molecule.yml b/roles/vagrant/molecule/debian-latest/molecule.yml new file mode 100644 index 0000000..7d45838 --- /dev/null +++ b/roles/vagrant/molecule/debian-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-debian-latest + image: debian:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-latest diff --git a/roles/vagrant/molecule/debian-stable/molecule.yml b/roles/vagrant/molecule/debian-stable/molecule.yml new file mode 100644 index 0000000..62bc0b8 --- /dev/null +++ b/roles/vagrant/molecule/debian-stable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-debian-stable + image: debian:stable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-stable diff --git a/roles/vagrant/molecule/debian-unstable/molecule.yml b/roles/vagrant/molecule/debian-unstable/molecule.yml new file mode 100644 index 0000000..ae85032 --- /dev/null +++ b/roles/vagrant/molecule/debian-unstable/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-debian-unstable + image: debian:unstable + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: debian-unstable diff --git a/roles/vagrant/molecule/default/molecule.yml b/roles/vagrant/molecule/default/molecule.yml new file mode 100644 index 0000000..c5d8223 --- /dev/null +++ b/roles/vagrant/molecule/default/molecule.yml @@ -0,0 +1,63 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-alpine-edge + image: alpine:edge + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: vagrant-alpine-latest + image: alpine:latest + pre_build_image: yes + command: sh -c "while true ; do sleep 1 ; done" + - name: vagrant-archlinux + image: archlinux/base + pre_build_image: yes + - name: vagrant-centos-6 + image: centos:6 + pre_build_image: yes + - name: vagrant-centos-latest + image: centos:latest + pre_build_image: yes + - name: vagrant-debian-latest + image: debian:latest + pre_build_image: yes + - name: vagrant-debian-stable + image: debian:stable + pre_build_image: yes + - name: vagrant-debian-unstable + image: debian:unstable + pre_build_image: yes + - name: vagrant-fedora-latest + image: fedora:latest + pre_build_image: yes + - name: vagrant-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + - name: vagrant-opensuse-leap + image: opensuse:leap + pre_build_image: yes + - name: vagrant-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes + - name: vagrant-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes + - name: vagrant-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: default diff --git a/roles/vagrant/molecule/ec2/README.md b/roles/vagrant/molecule/ec2/README.md new file mode 100644 index 0000000..856b351 --- /dev/null +++ b/roles/vagrant/molecule/ec2/README.md @@ -0,0 +1,15 @@ +# Amazon EC2 + +To test on Amazon elastic compute cloud (EC2), set this variable: + +``` +export EC2_REGION=eu-central-1 +``` + +And save the credentials: +``` +cat ~/.aws/credentials +[default] +aws_access_key_id=YOUR_KEY_ID +aws_secret_access_key=YOUR_ACCESS_KEY +``` diff --git a/roles/vagrant/molecule/ec2/create.yml b/roles/vagrant/molecule/ec2/create.yml new file mode 100644 index 0000000..7992818 --- /dev/null +++ b/roles/vagrant/molecule/ec2/create.yml @@ -0,0 +1,125 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + vars: + ssh_user: ec2-user + ssh_port: 22 + + security_group_name: molecule + security_group_description: Security group for testing Molecule + security_group_rules: + - proto: tcp + from_port: "{{ ssh_port }}" + to_port: "{{ ssh_port }}" + cidr_ip: '0.0.0.0/0' + - proto: icmp + from_port: 8 + to_port: -1 + cidr_ip: '0.0.0.0/0' + security_group_rules_egress: + - proto: -1 + from_port: 0 + to_port: 0 + cidr_ip: '0.0.0.0/0' + + keypair_name: molecule_key + keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key" + tasks: + - name: Create security group + ec2_group: + name: "{{ security_group_name }}" + description: "{{ security_group_name }}" + rules: "{{ security_group_rules }}" + rules_egress: "{{ security_group_rules_egress }}" + + - name: Test for presence of local keypair + stat: + path: "{{ keypair_path }}" + register: keypair_local + + - name: Delete remote keypair + ec2_key: + name: "{{ keypair_name }}" + state: absent + when: not keypair_local.stat.exists + + - name: Create keypair + ec2_key: + name: "{{ keypair_name }}" + register: keypair + + - name: Persist the keypair + copy: + dest: "{{ keypair_path }}" + content: "{{ keypair.key.private_key }}" + mode: 0600 + when: keypair.changed + + - name: Create molecule instance(s) + ec2: + key_name: "{{ keypair_name }}" + image: "{{ item.image }}" + instance_type: "{{ item.instance_type }}" + vpc_subnet_id: "{{ item.vpc_subnet_id }}" + group: "{{ security_group_name }}" + instance_tags: + instance: "{{ item.name }}" + wait: true + assign_public_ip: true + exact_count: 1 + count_tag: + instance: "{{ item.name }}" + register: server + with_items: "{{ molecule_yml.platforms }}" + async: 7200 + poll: 0 + + - name: Wait for instance(s) creation to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config dict + set_fact: + instance_conf_dict: { + 'instance': "{{ item.instances[0].tags.instance }}", + 'address': "{{ item.instances[0].public_ip }}", + 'user': "{{ ssh_user }}", + 'port': "{{ ssh_port }}", + 'identity_file': "{{ keypair_path }}", + 'instance_ids': "{{ item.instance_ids }}", } + with_items: "{{ ec2_jobs.results }}" + register: instance_config_dict + when: server.changed | bool + + - name: Convert instance config dict to a list + set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + when: server.changed | bool + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool + + - name: Wait for SSH + wait_for: + port: "{{ ssh_port }}" + host: "{{ item.address }}" + search_regex: SSH + delay: 10 + timeout: 320 + with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + + - name: Wait for boot process to finish + pause: + minutes: 2 diff --git a/roles/vagrant/molecule/ec2/destroy.yml b/roles/vagrant/molecule/ec2/destroy.yml new file mode 100644 index 0000000..b460c1e --- /dev/null +++ b/roles/vagrant/molecule/ec2/destroy.yml @@ -0,0 +1,47 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}" + tasks: + - block: + - name: Populate instance config + set_fact: + instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}" + skip_instances: false + rescue: + - name: Populate instance config when file missing + set_fact: + instance_conf: {} + skip_instances: true + + - name: Destroy molecule instance(s) + ec2: + state: absent + instance_ids: "{{ item.instance_ids }}" + register: server + with_items: "{{ instance_conf }}" + when: not skip_instances + async: 7200 + poll: 0 + + - name: Wait for instance(s) deletion to complete + async_status: + jid: "{{ item.ansible_job_id }}" + register: ec2_jobs + until: ec2_jobs.finished + retries: 300 + with_items: "{{ server.results }}" + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + set_fact: + instance_conf: {} + + - name: Dump instance config + copy: + content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}" + dest: "{{ molecule_instance_config }}" + when: server.changed | bool diff --git a/roles/vagrant/molecule/ec2/molecule.yml b/roles/vagrant/molecule/ec2/molecule.yml new file mode 100644 index 0000000..b4b75e4 --- /dev/null +++ b/roles/vagrant/molecule/ec2/molecule.yml @@ -0,0 +1,77 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: ec2 +platforms: + - name: vagrant-rhel-7 + image: ami-c86c3f23 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: vagrant-sles-15 + image: ami-0a1886cf45f944eb1 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: vagrant-ubuntu-18.04 + image: ami-0bdf93799014acdc4 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: vagrant-amazon-linux-2 + image: ami-02ea8f348fa28c108 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: vagrant-centos-7 + image: ami-9a183671 + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 + - name: vagrant-fedora-29 + image: ami-0f904cfaa69a1c64c + instance_type: t2.micro + vpc_subnet_id: subnet-0e688067 +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint + inventory: + host_vars: + vagrant-ubuntu-18.04: + ansible_user: ubuntu + vagrant-centos-7: + ansible_user: centos + vagrant-fedora-29: + ansible_user: fedora +scenario: + name: ec2 + create_sequence: + - create + check_sequence: + - destroy + - dependency + - create + - converge + - check + - destroy + converge_sequence: + - dependency + - create + - converge + destroy_sequence: + - destroy + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - converge + - idempotence + - side_effect + - verify + - destroy diff --git a/roles/vagrant/molecule/fedora-latest/molecule.yml b/roles/vagrant/molecule/fedora-latest/molecule.yml new file mode 100644 index 0000000..6b1a17a --- /dev/null +++ b/roles/vagrant/molecule/fedora-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-fedora-latest + image: fedora:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-latest diff --git a/roles/vagrant/molecule/fedora-rawhide/molecule.yml b/roles/vagrant/molecule/fedora-rawhide/molecule.yml new file mode 100644 index 0000000..1d9019e --- /dev/null +++ b/roles/vagrant/molecule/fedora-rawhide/molecule.yml @@ -0,0 +1,24 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-fedora-rawhide + image: fedora:rawhide + pre_build_image: yes + registry: + url: registry.fedoraproject.org +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: fedora-rawhide diff --git a/roles/vagrant/molecule/opensuse-leap/molecule.yml b/roles/vagrant/molecule/opensuse-leap/molecule.yml new file mode 100644 index 0000000..e85d851 --- /dev/null +++ b/roles/vagrant/molecule/opensuse-leap/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-opensuse-leap + image: opensuse:leap + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: opensuse-leap diff --git a/roles/vagrant/molecule/resources/playbook.yml b/roles/vagrant/molecule/resources/playbook.yml new file mode 100644 index 0000000..c2c3532 --- /dev/null +++ b/roles/vagrant/molecule/resources/playbook.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - ansible-role-vagrant diff --git a/roles/vagrant/molecule/resources/prepare.yml b/roles/vagrant/molecule/resources/prepare.yml new file mode 100644 index 0000000..a44724a --- /dev/null +++ b/roles/vagrant/molecule/resources/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: yes + + roles: + - role: robertdebock.bootstrap + - role: robertdebock.buildtools + - role: robertdebock.epel + - role: robertdebock.python_pip diff --git a/roles/vagrant/molecule/ubuntu-devel/molecule.yml b/roles/vagrant/molecule/ubuntu-devel/molecule.yml new file mode 100644 index 0000000..284a3a9 --- /dev/null +++ b/roles/vagrant/molecule/ubuntu-devel/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-ubuntu-devel + image: ubuntu:devel + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-devel diff --git a/roles/vagrant/molecule/ubuntu-latest/molecule.yml b/roles/vagrant/molecule/ubuntu-latest/molecule.yml new file mode 100644 index 0000000..68e552b --- /dev/null +++ b/roles/vagrant/molecule/ubuntu-latest/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-ubuntu-latest + image: ubuntu:latest + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-latest diff --git a/roles/vagrant/molecule/ubuntu-rolling/molecule.yml b/roles/vagrant/molecule/ubuntu-rolling/molecule.yml new file mode 100644 index 0000000..e8080ad --- /dev/null +++ b/roles/vagrant/molecule/ubuntu-rolling/molecule.yml @@ -0,0 +1,22 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: docker +platforms: + - name: vagrant-ubuntu-rolling + image: ubuntu:rolling + pre_build_image: yes +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: ubuntu-rolling diff --git a/roles/vagrant/molecule/vagrant/molecule.yml b/roles/vagrant/molecule/vagrant/molecule.yml new file mode 100644 index 0000000..2e964ea --- /dev/null +++ b/roles/vagrant/molecule/vagrant/molecule.yml @@ -0,0 +1,25 @@ +--- +dependency: + name: galaxy + options: + role-file: requirements.yml +lint: + name: yamllint +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: vagrant-debian + box: debian/stretch64 + - name: vagrant-fedora + box: fedora/29-cloud-base +provisioner: + name: ansible + playbooks: + prepare: ../resources/prepare.yml + converge: ../resources/playbook.yml + lint: + name: ansible-lint +scenario: + name: vagrant diff --git a/roles/vagrant/requirements.yml b/roles/vagrant/requirements.yml new file mode 100644 index 0000000..2fd552b --- /dev/null +++ b/roles/vagrant/requirements.yml @@ -0,0 +1,5 @@ +--- +- robertdebock.bootstrap +- robertdebock.buildtools +- robertdebock.epel +- robertdebock.python_pip diff --git a/roles/vagrant/tasks/main.yml b/roles/vagrant/tasks/main.yml new file mode 100644 index 0000000..2d8092f --- /dev/null +++ b/roles/vagrant/tasks/main.yml @@ -0,0 +1,66 @@ +--- +# tasks file for vagrant +- name: test veriables and environment + assert: + that: + - vagrant_version is defined + +- name: download vagrant + get_url: + url: "{{ vagrant_package }}" + dest: /tmp + register: vagrant_download_vagrant + until: vagrant_download_vagrant is succeeded + retries: 3 + +- name: install vagrant rpm using package + package: + name: "/tmp/{{ vagrant_package | basename }}" + state: present + register: vagrant_install_vagrant_rpm_using_package + until: vagrant_install_vagrant_rpm_using_package is succeeded + retries: 3 + when: + - ansible_pkg_mgr == "yum" or + ansible_pkg_mgr == "dnf" + +- name: install vagrant rpm using zypper + zypper: + name: "/tmp/{{ vagrant_package | basename }}" + state: present + disable_gpg_check: yes + register: vagrant_install_vagrant_rpm_using_zypper + until: vagrant_install_vagrant_rpm_using_zypper is succeeded + retries: 3 + when: + - ansible_pkg_mgr == "zypper" + +- name: install vagrant deb + apt: + deb: "/tmp/{{ vagrant_package | basename }}" + state: present + register: vagrant_install_vagrant_deb + until: vagrant_install_vagrant_deb is succeeded + retries: 3 + when: + - ansible_pkg_mgr == "apt" + +- name: install vagrant archive + unarchive: + src: "/tmp/{{ vagrant_package | basename }}" + dest: "{{ vagrant_unarchive_dest }}" + creates: "{{ vagrant_unarchive_dest }}/vagrant" + remote_src: yes + when: + - ansible_pkg_mgr != "apt" + - ansible_pkg_mgr != "yum" + - ansible_pkg_mgr != "dnf" + - ansible_pkg_mgr != "zypper" + +- name: install pip requirements + pip: + name: "{{ vagrant_pip_packages }}" + state: present + register: vagrant_install_pip_requirements + until: vagrant_install_pip_requirements is succeeded + retries: 3 diff --git a/roles/vagrant/vars/main.yml b/roles/vagrant/vars/main.yml new file mode 100644 index 0000000..acac0c5 --- /dev/null +++ b/roles/vagrant/vars/main.yml @@ -0,0 +1,17 @@ +--- +# vars file for vagrant + +vagrant_release_url: "https://releases.hashicorp.com/vagrant/{{ vagrant_version }}" + +_vagrant_package: + apt: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_{{ ansible_architecture }}.deb" + dnf: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_{{ ansible_architecture }}.rpm" + yum: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_{{ ansible_architecture }}.rpm" + zypper: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_{{ ansible_architecture }}.rpm" + # src: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_{{ ansible_architecture }}.tar.xz" + src: "{{ vagrant_release_url }}/vagrant_{{ vagrant_version }}_linux_amd64.zip" + +vagrant_package: "{{ _vagrant_package[ansible_pkg_mgr] | default(_vagrant_package['src']) }}" + +vagrant_pip_packages: + - python-vagrant