Rolle aktualisiert: ufw (#459)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #459
This commit is contained in:
parent
686a0b281f
commit
c86eb523bb
23 changed files with 216 additions and 127 deletions
|
@ -1,2 +1,5 @@
|
||||||
skip_list:
|
---
|
||||||
- '405'
|
warn_list:
|
||||||
|
- role-name
|
||||||
|
- name[casing]
|
||||||
|
- '503'
|
||||||
|
|
79
roles/oefenweb.ufw/.github/workflows/ci.yml
vendored
Normal file
79
roles/oefenweb.ufw/.github/workflows/ci.yml
vendored
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
---
|
||||||
|
name: CI
|
||||||
|
'on':
|
||||||
|
pull_request:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- master
|
||||||
|
schedule:
|
||||||
|
- cron: '30 1 * * 3'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
|
||||||
|
lint:
|
||||||
|
name: Lint
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Set up Python 3
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install test dependencies
|
||||||
|
run: pip install ansible-lint[community,yamllint]
|
||||||
|
|
||||||
|
- name: Lint code
|
||||||
|
run: |
|
||||||
|
yamllint .
|
||||||
|
ansible-lint
|
||||||
|
|
||||||
|
molecule:
|
||||||
|
name: Molecule
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: "${{ github.repository }}"
|
||||||
|
needs:
|
||||||
|
- lint
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- distro: debian8
|
||||||
|
ansible-version: '<2.10'
|
||||||
|
- distro: debian9
|
||||||
|
- distro: debian10
|
||||||
|
- distro: ubuntu1604
|
||||||
|
ansible-version: '>=2.9, <2.10'
|
||||||
|
- distro: ubuntu1604
|
||||||
|
ansible-version: '>=2.10, <2.11'
|
||||||
|
- distro: ubuntu1604
|
||||||
|
- distro: ubuntu1804
|
||||||
|
- distro: ubuntu2004
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
path: "${{ github.repository }}"
|
||||||
|
|
||||||
|
- name: Set up Python 3
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: '3.x'
|
||||||
|
|
||||||
|
- name: Install test dependencies
|
||||||
|
run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker
|
||||||
|
|
||||||
|
- name: Run Molecule tests
|
||||||
|
run: |
|
||||||
|
molecule test
|
||||||
|
env:
|
||||||
|
ANSIBLE_FORCE_COLOR: '1'
|
||||||
|
ANSIBLE_VERBOSITY: '3'
|
||||||
|
MOLECULE_DEBUG: '1'
|
||||||
|
MOLECULE_DISTRO: "${{ matrix.distro }}"
|
||||||
|
PY_COLORS: '1'
|
20
roles/oefenweb.ufw/.github/workflows/release.yml
vendored
Normal file
20
roles/oefenweb.ufw/.github/workflows/release.yml
vendored
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
name: Release
|
||||||
|
'on':
|
||||||
|
push:
|
||||||
|
tags:
|
||||||
|
- '*'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
|
||||||
|
release:
|
||||||
|
name: Release
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Publish to Galaxy
|
||||||
|
uses: robertdebock/galaxy-action@1.2.0
|
||||||
|
with:
|
||||||
|
galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}
|
|
@ -1,89 +0,0 @@
|
||||||
---
|
|
||||||
sudo: required
|
|
||||||
dist: xenial
|
|
||||||
|
|
||||||
language: python
|
|
||||||
python:
|
|
||||||
- "2.7"
|
|
||||||
- "3.5"
|
|
||||||
|
|
||||||
env:
|
|
||||||
- ANSIBLE_VERSION=latest
|
|
||||||
- ANSIBLE_VERSION=2.10.2
|
|
||||||
- ANSIBLE_VERSION=2.10.1
|
|
||||||
- ANSIBLE_VERSION=2.10.0
|
|
||||||
- ANSIBLE_VERSION=2.9.14
|
|
||||||
- ANSIBLE_VERSION=2.9.13
|
|
||||||
- ANSIBLE_VERSION=2.9.12
|
|
||||||
- ANSIBLE_VERSION=2.9.11
|
|
||||||
- ANSIBLE_VERSION=2.9.10
|
|
||||||
- ANSIBLE_VERSION=2.9.9
|
|
||||||
- ANSIBLE_VERSION=2.9.8
|
|
||||||
- ANSIBLE_VERSION=2.9.7
|
|
||||||
- ANSIBLE_VERSION=2.9.6
|
|
||||||
- ANSIBLE_VERSION=2.9.5
|
|
||||||
- ANSIBLE_VERSION=2.9.4
|
|
||||||
- ANSIBLE_VERSION=2.9.3
|
|
||||||
- ANSIBLE_VERSION=2.9.2
|
|
||||||
- ANSIBLE_VERSION=2.9.1
|
|
||||||
- ANSIBLE_VERSION=2.9.0
|
|
||||||
- ANSIBLE_VERSION=2.8.16
|
|
||||||
- ANSIBLE_VERSION=2.8.15
|
|
||||||
- ANSIBLE_VERSION=2.8.14
|
|
||||||
- ANSIBLE_VERSION=2.8.13
|
|
||||||
- ANSIBLE_VERSION=2.8.12
|
|
||||||
- ANSIBLE_VERSION=2.8.11
|
|
||||||
- ANSIBLE_VERSION=2.8.10
|
|
||||||
- ANSIBLE_VERSION=2.8.9
|
|
||||||
- ANSIBLE_VERSION=2.8.8
|
|
||||||
- ANSIBLE_VERSION=2.8.7
|
|
||||||
- ANSIBLE_VERSION=2.8.6
|
|
||||||
- ANSIBLE_VERSION=2.8.5
|
|
||||||
- ANSIBLE_VERSION=2.8.4
|
|
||||||
- ANSIBLE_VERSION=2.8.3
|
|
||||||
- ANSIBLE_VERSION=2.8.2
|
|
||||||
- ANSIBLE_VERSION=2.8.1
|
|
||||||
- ANSIBLE_VERSION=2.8.0
|
|
||||||
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
|
|
||||||
matrix:
|
|
||||||
allow_failures:
|
|
||||||
# https://github.com/ansible/ansible/issues/56674
|
|
||||||
- env: ANSIBLE_VERSION=2.8.0
|
|
||||||
|
|
||||||
before_install:
|
|
||||||
- sudo apt-get update -qq
|
|
||||||
|
|
||||||
# Remove ufw
|
|
||||||
- sudo apt-get remove --purge --yes ufw
|
|
||||||
|
|
||||||
install:
|
|
||||||
# Install Ansible.
|
|
||||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
|
|
||||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
|
|
||||||
|
|
||||||
script:
|
|
||||||
# Check the role/playbook's syntax.
|
|
||||||
- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
|
|
||||||
|
|
||||||
# Run the role/playbook with ansible-playbook.
|
|
||||||
- ansible-playbook -i tests/inventory tests/test.yml -vvvv
|
|
||||||
|
|
||||||
# Run the role/playbook again, checking to make sure it's idempotent.
|
|
||||||
- >
|
|
||||||
ansible-playbook -i tests/inventory tests/test.yml
|
|
||||||
| grep -q 'changed=0.*failed=0'
|
|
||||||
&& (echo 'Idempotence test: pass' && exit 0)
|
|
||||||
|| (echo 'Idempotence test: fail' && exit 1)
|
|
||||||
|
|
||||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi
|
|
||||||
|
|
||||||
notifications:
|
|
||||||
email: false
|
|
||||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
|
||||||
slack:
|
|
||||||
rooms:
|
|
||||||
secure: "If2mqrqZs5q6yZ9bs9qq+pmgCEMCTv1Nk3vQjax9N+xFoIvnRi1v0drEekibKgns8eg0Mg/Tya7xxXokqFhs3wVY64r43v86HFLS2MVDTaMYAxK3kRd4x8R5INIAN1U7Dtsk8RQbIngzGJPZwOfmOtY1qQ5p3RLMM+6zEBQOO7U="
|
|
15
roles/oefenweb.ufw/.yamllint
Normal file
15
roles/oefenweb.ufw/.yamllint
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
braces:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
brackets:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
line-length: disable
|
||||||
|
truthy: disable
|
||||||
|
|
||||||
|
ignore: |
|
||||||
|
.tox/
|
20
roles/oefenweb.ufw/Dockerfile
Normal file
20
roles/oefenweb.ufw/Dockerfile
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
FROM ubuntu:16.04
|
||||||
|
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
|
||||||
|
|
||||||
|
# python
|
||||||
|
RUN apt-get update && \
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
|
||||||
|
apt-get clean
|
||||||
|
RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
|
||||||
|
RUN rm -rf $HOME/.cache
|
||||||
|
|
||||||
|
# ansible
|
||||||
|
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
|
||||||
|
apt-get clean
|
||||||
|
RUN pip install ansible==2.9.15
|
||||||
|
RUN rm -rf $HOME/.cache
|
||||||
|
|
||||||
|
# provision
|
||||||
|
COPY . /etc/ansible/roles/ansible-role
|
||||||
|
WORKDIR /etc/ansible/roles/ansible-role
|
||||||
|
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local
|
|
@ -1,6 +1,6 @@
|
||||||
## ufw
|
## ufw
|
||||||
|
|
||||||
[![Build Status](https://travis-ci.org/Oefenweb/ansible-ufw.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ufw)
|
[![CI](https://github.com/Oefenweb/ansible-ufw/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-ufw/actions?query=workflow%3ACI)
|
||||||
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw)
|
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw)
|
||||||
|
|
||||||
Set up ufw in Debian-like systems.
|
Set up ufw in Debian-like systems.
|
||||||
|
|
33
roles/oefenweb.ufw/Vagrantfile
vendored
33
roles/oefenweb.ufw/Vagrantfile
vendored
|
@ -4,40 +4,26 @@
|
||||||
role = File.basename(File.expand_path(File.dirname(__FILE__)))
|
role = File.basename(File.expand_path(File.dirname(__FILE__)))
|
||||||
|
|
||||||
boxes = [
|
boxes = [
|
||||||
{
|
|
||||||
:name => "ubuntu-1204",
|
|
||||||
:box => "bento/ubuntu-12.04",
|
|
||||||
:ip => '10.0.0.11',
|
|
||||||
:cpu => "50",
|
|
||||||
:ram => "256"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
:name => "ubuntu-1404",
|
|
||||||
:box => "bento/ubuntu-14.04",
|
|
||||||
:ip => '10.0.0.12',
|
|
||||||
:cpu => "50",
|
|
||||||
:ram => "256"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
:name => "ubuntu-1604",
|
:name => "ubuntu-1604",
|
||||||
:box => "bento/ubuntu-16.04",
|
:box => "bento/ubuntu-16.04",
|
||||||
:ip => '10.0.0.13',
|
:ip => '10.0.0.12',
|
||||||
:cpu => "50",
|
:cpu => "50",
|
||||||
:ram => "256"
|
:ram => "256"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
:name => "ubuntu-1804",
|
:name => "ubuntu-1804",
|
||||||
:box => "bento/ubuntu-18.04",
|
:box => "bento/ubuntu-18.04",
|
||||||
:ip => '10.0.0.14',
|
:ip => '10.0.0.13',
|
||||||
:cpu => "50",
|
:cpu => "50",
|
||||||
:ram => "384"
|
:ram => "384"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
:name => "debian-7",
|
:name => "ubuntu-2004",
|
||||||
:box => "bento/debian-7",
|
:box => "bento/ubuntu-20.04",
|
||||||
:ip => '10.0.0.15',
|
:ip => '10.0.0.14',
|
||||||
:cpu => "50",
|
:cpu => "50",
|
||||||
:ram => "256"
|
:ram => "384"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
:name => "debian-8",
|
:name => "debian-8",
|
||||||
|
@ -53,6 +39,13 @@ boxes = [
|
||||||
:cpu => "50",
|
:cpu => "50",
|
||||||
:ram => "256"
|
:ram => "256"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
:name => "debian-10",
|
||||||
|
:box => "bento/debian-10",
|
||||||
|
:ip => '10.0.0.18',
|
||||||
|
:cpu => "50",
|
||||||
|
:ram => "256"
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
Vagrant.configure("2") do |config|
|
Vagrant.configure("2") do |config|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# defaults file for ufw
|
# defaults file
|
||||||
---
|
---
|
||||||
ufw_default_incoming_policy: deny
|
ufw_default_incoming_policy: deny
|
||||||
ufw_default_outgoing_policy: allow
|
ufw_default_outgoing_policy: allow
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# handlers file for ufw
|
# handlers file
|
||||||
---
|
---
|
||||||
- name: reload ufw
|
- name: reload ufw
|
||||||
ufw:
|
ufw:
|
||||||
|
|
|
@ -1,24 +1,24 @@
|
||||||
# meta file for ufw
|
# meta file
|
||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
|
namespace: oefenweb
|
||||||
role_name: ufw
|
role_name: ufw
|
||||||
author: Mischa ter Smitten
|
author: Mischa ter Smitten
|
||||||
company: Oefenweb.nl B.V.
|
company: Oefenweb.nl B.V.
|
||||||
description: Set up ufw in Debian-like systems
|
description: Set up ufw in Debian-like systems
|
||||||
license: MIT
|
license: MIT
|
||||||
min_ansible_version: 2.8.0
|
min_ansible_version: 2.9.0
|
||||||
platforms:
|
platforms:
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- precise
|
|
||||||
- trusty
|
|
||||||
- xenial
|
- xenial
|
||||||
- bionic
|
- bionic
|
||||||
|
- focal
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- wheezy
|
|
||||||
- jessie
|
- jessie
|
||||||
- stretch
|
- stretch
|
||||||
|
- buster
|
||||||
galaxy_tags:
|
galaxy_tags:
|
||||||
- system
|
- system
|
||||||
- networking
|
- networking
|
||||||
|
|
9
roles/oefenweb.ufw/molecule/default/converge.yml
Normal file
9
roles/oefenweb.ufw/molecule/default/converge.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
pre_tasks:
|
||||||
|
- name: include vars
|
||||||
|
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
|
||||||
|
roles:
|
||||||
|
- ../../../
|
21
roles/oefenweb.ufw/molecule/default/molecule.yml
Normal file
21
roles/oefenweb.ufw/molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
|
||||||
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
privileged: true
|
||||||
|
pre_build_image: true
|
||||||
|
capabilities:
|
||||||
|
- NET_ADMIN
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
playbooks:
|
||||||
|
prepare: prepare.yml
|
||||||
|
converge: converge.yml
|
||||||
|
verify: verify.yml
|
5
roles/oefenweb.ufw/molecule/default/prepare.yml
Normal file
5
roles/oefenweb.ufw/molecule/default/prepare.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Prepare
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks: []
|
5
roles/oefenweb.ufw/molecule/default/verify.yml
Normal file
5
roles/oefenweb.ufw/molecule/default/verify.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
tasks: []
|
|
@ -1,4 +1,4 @@
|
||||||
# tasks file for ufw
|
# tasks file
|
||||||
---
|
---
|
||||||
- name: configure | create (local facts) directory
|
- name: configure | create (local facts) directory
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# tasks file for ufw
|
# tasks file
|
||||||
---
|
---
|
||||||
- name: check if conntrack exists
|
- name: check if conntrack exists
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# tasks file for ufw
|
# tasks file
|
||||||
---
|
---
|
||||||
- name: install | dependencies
|
- name: install | dependencies
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# tasks file for ufw
|
# tasks file
|
||||||
---
|
---
|
||||||
- name: facts | set
|
- name: facts | set
|
||||||
set_fact:
|
set_fact:
|
||||||
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
|
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
|
||||||
tags:
|
tags:
|
||||||
- configuration
|
- configuration
|
||||||
- ufw
|
- ufw
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
# test file for ufw
|
# test file
|
||||||
---
|
---
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
become: true
|
become: true
|
||||||
|
pre_tasks:
|
||||||
|
- name: include vars
|
||||||
|
include_vars: "{{ playbook_dir }}/vars/main.yml"
|
||||||
roles:
|
roles:
|
||||||
- ../../
|
- ../../
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# test file for ufw
|
# test file
|
||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
remote_user: vagrant
|
remote_user: vagrant
|
||||||
|
|
3
roles/oefenweb.ufw/tests/vars/main.yml
Normal file
3
roles/oefenweb.ufw/tests/vars/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# vars file
|
||||||
|
---
|
||||||
|
ufw_etc_default_ipv6: false
|
|
@ -1,7 +1,9 @@
|
||||||
# vars file for ufw
|
# vars file
|
||||||
---
|
---
|
||||||
ufw_dependencies:
|
ufw_dependencies:
|
||||||
- ufw
|
- ufw
|
||||||
|
- iproute2
|
||||||
|
- procps
|
||||||
|
|
||||||
ufw_facts:
|
ufw_facts:
|
||||||
default_incoming_policy: "{{ ufw_default_incoming_policy }}"
|
default_incoming_policy: "{{ ufw_default_incoming_policy }}"
|
||||||
|
|
Loading…
Add table
Reference in a new issue