Merge pull request #2 from CoffeeITWorks/support_ubuntu_1604

Support ubuntu 1604

.travis.yml

@@ -0,0 +1,23 @@
+# http://www.jeffgeerling.com/blog/testing-ansible-roles-travis-ci-github
+sudo: required
+language: python
+services:
+  - docker
+before_install:
+  - sudo apt-get -qq update
+  #- docker build --tag molecule_local/fedora-rawhide2:latest -f molecule/default/fedorar/Dockerfile molecule/default/fedorar
+
+install:
+  - sudo apt-get install -y python-pip libssl-dev libffi-dev
+  - pip install molecule
+  - pip install docker-py
+    #- ansible-galaxy install -r requirements.yml
+
+script:
+  - molecule --debug create
+  - molecule converge
+  - molecule syntax
+  #- molecule idempotence
+
+notifications:
+    webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible.cfg

@@ -0,0 +1,18 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+
+# nearly all parameters can be overridden in ansible-playbook
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+
+[defaults]
+roles_path = ../:/etc/ansible/roles:~/.ansible/roles
+host_key_checking = False
+
+retry_files_enabled = False
+callback_whitelist = profile_tasks
+
+[ssh_connection]
+pipelining = False

handlers/main.yml

@@ -17,10 +17,16 @@
     state: reloaded
 
 - name: Restart Apache
-  service: name=apache2 state=restarted
+  service: 
+    name: "{{ apache_service }}"
+    state: restarted
 
 - name: Reload Apache
-  service: name=apache2 state=reloaded
+  service: 
+    name: "{{ apache_service }}"
+    state: reloaded
 
 - name: Restart NPCD
-  service: name=npcd state=restarted
+  service: 
+    name: npcd 
+    state: restarted

molecule/default/Dockerfile.j2

@@ -0,0 +1,24 @@
+# Molecule managed
+
+FROM {{ item.image }}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
+
+RUN if [ $(command -v dnf) ]; then dnf -y update && dnf clean all; fi
+
+RUN if [ $(command -v dnf) ]; then dnf -y install systemd hostname && dnf clean all && \
+(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*; fi
+
+# VOLUME [ "/sys/fs/cgroup" ]
+# CMD ["/usr/sbin/init"]

molecule/default/INSTALL.rst

@@ -0,0 +1,16 @@
+*******
+Install
+*******
+
+Requirements
+============
+
+* Docker Engine
+* docker-py
+
+Install
+=======
+
+.. code-block:: bash
+
+  $ sudo pip install docker-py

molecule/default/create.yml

@@ -0,0 +1,59 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
+    molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+  tasks:
+    - name: Create Dockerfiles from image names
+      template:
+        src: "{{ molecule_scenario_directory }}/Dockerfile.j2"
+        dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
+      with_items: "{{ molecule_yml.platforms }}"
+      register: platforms
+
+    - name: Discover local Docker images
+      docker_image_facts:
+        name: "molecule_local/{{ item.item.name }}"
+      with_items: "{{ platforms.results }}"
+      register: docker_images
+
+    - name: Build an Ansible compatible image
+      docker_image:
+        path: "{{ molecule_ephemeral_directory }}"
+        name: "molecule_local/{{ item.item.image }}"
+        dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
+        force: "{{ item.item.force | default(true) }}"
+      with_items: "{{ platforms.results }}"
+      when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
+
+    - name: Create molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        hostname: "{{ item.name }}"
+        image: "molecule_local/{{ item.image }}"
+        state: started
+        recreate: false
+        log_driver: syslog
+        command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}"
+        privileged: "{{ item.privileged | default(omit) }}"
+        volumes: "{{ item.volumes | default(omit) }}"
+        capabilities: "{{ item.capabilities | default(omit) }}"
+        ports: "{{ item.exposed_ports | default(omit) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+
+    - name: Wait for instance(s) creation to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"

molecule/default/destroy.yml

@@ -0,0 +1,27 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+  tasks:
+    - name: Destroy molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        state: absent
+        force_kill: "{{ item.force_kill | default(true) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+
+    - name: Wait for instance(s) deletion to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"

molecule/default/molecule.yml

@@ -0,0 +1,75 @@
+---
+dependency:
+  name: galaxy
+  options:
+    ignore-certs: True
+    ignore-errors: True
+    role-file: requirements.yml
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+
+  - name: ansible_test-01
+    image: paulfantom/ubuntu-molecule:16.04
+    #privileged: True
+    command: /sbin/init
+    capabilities:
+      - SYS_ADMIN    
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:ro"        
+    groups:
+      - group1
+
+  - name: ansible_test-01_2
+    image: paulfantom/ubuntu-molecule:18.04
+    #privileged: True
+    command: /sbin/init
+    capabilities:
+      - SYS_ADMIN    
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:ro"        
+    groups:
+      - group1
+
+  - name: ansible_test-02
+    image: ubuntu:trusty     
+    groups:
+      - groupold
+
+  - name: ansible_test-03
+    image: centos/systemd
+    command: /sbin/init
+    capabilities:
+      - SYS_ADMIN
+    volumes:
+      - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+    #privileged: True
+    groups:
+      - group1
+
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      callback_whitelist: profile_tasks
+  inventory:
+    group_vars:
+      master:
+        burpsrcext: "zip"
+        burp_version: "master"
+        burp_remove_clients:
+          - name: client_to_remove
+          - name: other_client_to_remove
+        burp_server_port_per_operation_bool: true
+  lint:
+    name: ansible-lint
+
+scenario:
+  name: default
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

molecule/default/playbook.yml

@@ -0,0 +1,6 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: ansible-role-nagios
+    - role: ansible_nagios4_server_config

molecule/default/prepare.yml

@@ -0,0 +1,5 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: false
+  tasks: []

molecule/default/requirements.yml

@@ -0,0 +1,6 @@
+# from GitHub, overriding the name and specifying a specific tag
+- src: https://github.com/CoffeeITWorks/ansible-role-nagios.git
+  version: master
+  name: ansible-role-nagios
+
+- src: geerlingguy.repo-epel

molecule/default/tests/test_default.py

@@ -0,0 +1,14 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_hosts_file(host):
+    f = host.file('/etc/hosts')
+
+    assert f.exists
+    assert f.user == 'root'
+    assert f.group == 'root'

requirements.yml

@@ -0,0 +1,6 @@
+# from GitHub, overriding the name and specifying a specific tag
+- src: https://github.com/CoffeeITWorks/ansible-role-nagios.git
+  version: master
+  name: ansible-role-nagios
+
+- src: geerlingguy.repo-epel

run_local_molecule.sh

@@ -0,0 +1,7 @@
+# https://molecule.readthedocs.io/en/latest/examples.html#docker
+docker run --rm -it --privileged=True \
+    -v "$(pwd)":/tmp/$(basename "${PWD}"):ro \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -w /tmp/$(basename "${PWD}") \
+    retr0h/molecule:latest \
+    sudo molecule converge

run_local_molecule_basic.sh

@@ -0,0 +1,26 @@
+# https://molecule.readthedocs.io/en/latest/examples.html#docker
+# https://hub.docker.com/r/fminzoni/molecule/
+# install docker (sudo pip install docker) / if some error appears try with docker-py
+# install ansible
+# run from repository role
+docker run --rm -it --privileged=True \
+    -v "$(pwd)":/tmp/$(basename "${PWD}"):ro \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -w /tmp/$(basename "${PWD}") \
+    retr0h/molecule:latest \
+    sudo molecule --debug syntax
+
+docker run --rm -it --privileged=True \
+    -v "$(pwd)":/tmp/$(basename "${PWD}"):ro \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -w /tmp/$(basename "${PWD}") \
+    retr0h/molecule:latest \
+    sudo molecule --debug create
+
+
+docker run --rm -it --privileged=True \
+    -v "$(pwd)":/tmp/$(basename "${PWD}"):ro \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -w /tmp/$(basename "${PWD}") \
+    retr0h/molecule:latest \
+    sudo molecule converge

run_local_molecule_destroy.sh

@@ -0,0 +1,10 @@
+# https://molecule.readthedocs.io/en/latest/examples.html#docker
+docker run --rm -it --privileged=True \
+    -v "$(pwd)":/tmp/$(basename "${PWD}"):ro \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    -w /tmp/$(basename "${PWD}") \
+    retr0h/molecule:latest \
+    sudo molecule destroy
+
+
+rm -rf molecule/default/.molecule/

tasks/config_main_nagios.yml

@@ -70,7 +70,7 @@
   with_items: "{{ nagios_config_perf_options }}"
 
 - name:  config_main_nagios | Install Plugins
-  copy: 'src=plugins/ dest=/usr/lib/nagios/plugins/ owner=root group=root mode=0755'
+  copy: 'src=plugins/ dest={{ nagios_plugins_dir }} owner=root group=root mode=0755'
 
 - name:  config_main_nagios | lineinfile - configure sudoers to allow check_linux_stats.pl permissions
   lineinfile: 
@@ -79,4 +79,4 @@
     line: "{{ item.value }}"
     validate: '/usr/sbin/visudo -cf %s'
   with_items:
-    - { src: "^nagios ALL=" , value: "nagios ALL=(root) NOPASSWD:/usr/lib/nagios/plugins/check_linux_stats.pl" }
+    - { src: "^nagios ALL=" , value: "nagios ALL=(root) NOPASSWD:{{ nagios_plugins_dir }}check_linux_stats.pl" }

tasks/config_nagios.yml

@@ -26,7 +26,7 @@
   notify: Reload Nagios
 
 - name: Allow icmp to run with nagios user
-  file: 'path=/usr/lib/nagios/plugins/check_icmp mode="u+rws,g+rx,o+rx"'
+  file: 'path={{ nagios_plugins_dir }}/check_icmp mode="u+rws,g+rx,o+rx"'
   notify: Reload Nagios
 
 - name: Configure Generic Nagios stuff
@@ -82,7 +82,7 @@
   file: 'path={{ nagios_config_cfg_dir }}/commands_core owner=root group=root mode=755 state=directory'
 
 - name: config_nagios | copy commands to commands_core
-  copy: src={{ item }} dest="{{ nagios_config_cfg_dir }}/commands_core" owner=www-data mode=655
+  copy: src={{ item }} dest="{{ nagios_config_cfg_dir }}/commands_core" owner="{{ apache_user }}" mode=655
   with_fileglob:
   - "commands/*"
   notify: Reload Nagios