Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CI/CD, fix linting errors #13

Merged
merged 4 commits into from
Nov 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
skip_list:
- 'risky-shell-pipe'
- 'role-name'
- var-naming[no-reserved]

warn_list:
- package-latest
- unnamed-task
- command-instead-of-shell
- no-handler
47 changes: 47 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
name: Test
run-name: Run molecule tests on the role
on:
push:
workflow_dispatch:

jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.x'

- name: Install dependencies.
run: pip install yamllint ansible-lint ansible

- name: Run ansible-lint
run: "ansible-lint"

molecule:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.x'

- name: Install dependencies.
run: |
python -m pip install --upgrade pip
pip install ansible docker molecule molecule-plugins
sudo apt install rsync

- name: Install Galaxy dependencies.
run: ansible-galaxy collection install community.general ansible.posix

- name: Run molecule
run: "molecule test"
6 changes: 6 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
repos:
- repo: https://github.com/ansible/ansible-lint.git
rev: v6.17.2
hooks:
- id: ansible-lint
33 changes: 33 additions & 0 deletions .yamllint
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# Based on ansible-lint config
extends: default

rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
4 changes: 2 additions & 2 deletions defaults/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ system:
timezone:
netplan: {}
ufw:
reset: "{{ system_ufw_reset|bool }}"
reset: "{{ system_ufw_reset | bool }}"
state:
policy:
rules: {}
Expand Down Expand Up @@ -77,5 +77,5 @@ system:
| |_) | | | (_) |__) | __/ | \ V / __/ |
| .__/|_| \___/____/ \___|_| \_/ \___|_|
|_|
details: "{{ (((dehydrated|default({})).domains|default({})).keys()|list + ((dehydrated|default({})).domains|default({})).values()|list|sum(start=[]))|reject('eq', inventory_hostname)|reject('eq', ansible_nodename)|system_motd_sort_fqdns }}"
details: "{{ (((dehydrated | default({})).domains | default({})).keys() | list + ((dehydrated | default({})).domains | default({})).values() | list | sum(start=[])) | reject('eq', inventory_hostname) | reject('eq', ansible_nodename) | system_motd_sort_fqdns }}"
system_ufw_reset: no
2 changes: 1 addition & 1 deletion handlers/main.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
- name: Restart Postfix
service:
ansible.builtin.service:
name: postfix
state: restarted
8 changes: 8 additions & 0 deletions meta/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
galaxy_info:
author: "Punkt.de"
license: ""
description: "System role for Proserver"
role_name: "proserver_system"
namespace: "punktde"
min_ansible_version: "2.15"
7 changes: 7 additions & 0 deletions molecule/default/converge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
- name: Converge
hosts: all
tasks:
- name: "Include ansible-proserver-system"
ansible.builtin.include_role:
name: "ansible-proserver-system"
27 changes: 27 additions & 0 deletions molecule/default/molecule.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-ubuntu2204-ansible
command: /lib/systemd/systemd
pre_build_image: true
privileged: true
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
verifier:
name: ansible
scenario:
name: default
test_sequence:
- destroy
- create
- converge
- verify
10 changes: 10 additions & 0 deletions molecule/default/verify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
# This is an example playbook to execute Ansible tests.

- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Example assertion
ansible.builtin.assert:
that: true
25 changes: 13 additions & 12 deletions tasks/apt.yaml
Original file line number Diff line number Diff line change
@@ -1,42 +1,43 @@
- name: Install GPG on Ubuntu
apt:
ansible.builtin.package:
name: gpg
when: ansible_distribution == 'Ubuntu'

- name: Remove legacy NodeSource repository
file:
ansible.builtin.file:
path: /etc/apt/sources.list.d/deb_nodesource_com_node_14_x.list
state: absent
when: nodejs.version is defined

- name: Add NodeSource package signing key
apt_key:
ansible.builtin.apt_key:
id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
keyring: /usr/share/keyrings/nodesource.gpg
when: nodejs.version is defined

- name: Add NodeSource repository
copy:
ansible.builtin.copy:
content: "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs.version }}.x {{ ansible_distribution_release }} main"
dest: /etc/apt/sources.list.d/nodesource.list
mode: "0644"
owner: root
when: nodejs.version is defined

- name: Update apt cache and remove unneeded packages
apt:
ansible.builtin.apt:
update_cache: yes
autoremove: yes
changed_when: false

- name: Configure apt proxy
when: system.apt.proxy
loop:
- /etc/apt/apt.conf.d/proxy.conf
copy:
ansible.builtin.copy:
owner: root
mode: "0644"
content: |
Acquire::http::Proxy "{{ system.apt.proxy }}";
dest: "{{ item }}"
dest: "/etc/apt/apt.conf.d/proxy.conf"

- name: Install apt packages
apt:
name: "{{ system.apt.packages.items()|selectattr('1', 'eq', true)|map(attribute='0')|list }}"
ansible.builtin.apt:
name: "{{ system.apt.packages.items() | selectattr('1', 'eq', true) | map(attribute='0') | list }}"
2 changes: 1 addition & 1 deletion tasks/authorized_keys.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
loop: "{{ user_authorized_keys }}"
loop_control:
label: '{{ item.user }} public_keys="{{ item.key }}"'
ansible.builtin.authorized_key:
ansible.posix.authorized_key:
user: "{{ item.user }}"
key: "{{ item.key }}"
exclusive: "{{ system.features.authorized_keys_delete | default(False) }}"
10 changes: 5 additions & 5 deletions tasks/environment.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
- name: Set global environment variables
loop: "{{ system.environment|dict2items }}"
loop: "{{ system.environment | dict2items }}"
loop_control:
label: "{{ path }} {{ item.key }}={% if item.value is not none %}{{ item.value|quote }}{% endif %}"
label: "{{ path }} {{ item.key }}={% if item.value is not none %}{{ item.value | quote }}{% endif %}"
vars:
path: /etc/environment
lineinfile:
ansible.builtin.lineinfile:
path: "{{ path }}"
regexp: "^{{ item.key|regex_escape }}="
line: "{{ item.key }}={{ item.value|quote }}"
regexp: "^{{ item.key | regex_escape }}="
line: "{{ item.key }}={{ item.value | quote }}"
state: "{{ 'absent' if item.value is none else 'present' }}"
2 changes: 1 addition & 1 deletion tasks/hostname.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
- name: Set hostname
when: system.hostname
hostname:
ansible.builtin.hostname:
name: "{{ system.hostname }}"
8 changes: 4 additions & 4 deletions tasks/hosts.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
- name: Update hosts file
vars:
hosts: "{{ system.hosts.values()|select('string')|reject('eq', '')|list }}"
hosts: "{{ system.hosts.values() | select('string') | reject('eq', '') | list }}"
loop:
- /etc/hosts
blockinfile:
ansible.builtin.blockinfile:
path: "{{ item }}"
block: "{{ hosts|join('\n') }}"
block: "{{ hosts | join('\n') }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK (system)"
state: "{{ 'present' if hosts|length > 0 else 'absent' }}"
state: "{{ 'present' if hosts | length > 0 else 'absent' }}"
47 changes: 31 additions & 16 deletions tasks/main.yaml
Original file line number Diff line number Diff line change
@@ -1,32 +1,47 @@
- import_tasks: proserver_fact.yaml
- ansible.builtin.include_tasks: proserver_fact.yaml
when: system.features.proserver_fact
- import_tasks: hostname.yaml

- ansible.builtin.include_tasks: hostname.yaml
when: system.features.hostname
- import_tasks: timezone.yaml

- ansible.builtin.include_tasks: timezone.yaml
when: system.features.timezone
- import_tasks: netplan.yaml

- ansible.builtin.include_tasks: netplan.yaml
when: system.features.netplan
- import_tasks: systemd_resolved.yaml

- ansible.builtin.include_tasks: systemd_resolved.yaml
when: system.features.systemd_resolved
- import_tasks: apt.yaml

- ansible.builtin.include_tasks: apt.yaml
when: system.features.apt
- import_tasks: ufw.yaml

- ansible.builtin.include_tasks: ufw.yaml
when: system.features.ufw
- import_tasks: sysctl.yaml

- ansible.builtin.include_tasks: sysctl.yaml
when: system.features.sysctl
- import_tasks: hosts.yaml

- ansible.builtin.include_tasks: hosts.yaml
when: system.features.hosts
- import_tasks: environment.yaml

- ansible.builtin.include_tasks: environment.yaml
when: system.features.environment
- import_tasks: proserver_user.yaml

- ansible.builtin.include_tasks: proserver_user.yaml
when: system.features.proserver_user
- import_tasks: postfix.yaml

- ansible.builtin.include_tasks: postfix.yaml
when: system.features.postfix
- import_tasks: users.yaml

- ansible.builtin.include_tasks: users.yaml
when: system.features.users
- import_tasks: sudoers.yaml

- ansible.builtin.include_tasks: sudoers.yaml
when: system.features.sudoers
- import_tasks: authorized_keys.yaml

- ansible.builtin.include_tasks: authorized_keys.yaml
when: system.features.authorized_keys
- import_tasks: motd.yaml

- ansible.builtin.include_tasks: motd.yaml
when: system.features.motd
15 changes: 7 additions & 8 deletions tasks/motd.yaml
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
- name: Get current OS version
when: ansible_system == 'FreeBSD'
check_mode: no
shell: |
uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,'
ansible.builtin.shell:
cmd: >-
uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,'
register: system_motd_uname_shell_result
changed_when: no

- name: Template Message of the Day
loop:
- /etc/motd
loop_control:
label: "{{ item }}"
template:
ansible.builtin.template:
owner: root
mode: "0644"
src: motd/motd.j2
dest: "{{ item }}"
dest: "/etc/motd"
12 changes: 8 additions & 4 deletions tasks/netplan.yaml
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
- name: Template Netplan config
loop: "{{ system.netplan|dict2items }}"
loop: "{{ system.netplan | dict2items }}"
loop_control:
label: "{{ dest }}"
vars:
dest: "/etc/netplan/{{ item.key }}"
copy:
ansible.builtin.copy:
mode: "0644"
owner: root
content: |
{{ item.value|to_nice_yaml(indent=2) }}
{{ item.value | to_nice_yaml(indent=2) }}
dest: "{{ dest }}"
register: system_template_netplan_config_result

- name: Apply Netplan config
when: system_template_netplan_config_result.changed
command: netplan apply
changed_when: yes
ansible.builtin.command:
cmd: netplan apply
Loading