Rolle aktualisiert: ufw (#459)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #459
This commit is contained in:
parent
686a0b281f
commit
c86eb523bb
23 changed files with 216 additions and 127 deletions
|
@ -1,2 +1,5 @@
|
|||
skip_list:
|
||||
- '405'
|
||||
---
|
||||
warn_list:
|
||||
- role-name
|
||||
- name[casing]
|
||||
- '503'
|
||||
|
|
79
roles/oefenweb.ufw/.github/workflows/ci.yml
vendored
Normal file
79
roles/oefenweb.ufw/.github/workflows/ci.yml
vendored
Normal file
|
@ -0,0 +1,79 @@
|
|||
---
|
||||
name: CI
|
||||
'on':
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
schedule:
|
||||
- cron: '30 1 * * 3'
|
||||
|
||||
jobs:
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Set up Python 3
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies
|
||||
run: pip install ansible-lint[community,yamllint]
|
||||
|
||||
- name: Lint code
|
||||
run: |
|
||||
yamllint .
|
||||
ansible-lint
|
||||
|
||||
molecule:
|
||||
name: Molecule
|
||||
runs-on: ubuntu-latest
|
||||
defaults:
|
||||
run:
|
||||
working-directory: "${{ github.repository }}"
|
||||
needs:
|
||||
- lint
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- distro: debian8
|
||||
ansible-version: '<2.10'
|
||||
- distro: debian9
|
||||
- distro: debian10
|
||||
- distro: ubuntu1604
|
||||
ansible-version: '>=2.9, <2.10'
|
||||
- distro: ubuntu1604
|
||||
ansible-version: '>=2.10, <2.11'
|
||||
- distro: ubuntu1604
|
||||
- distro: ubuntu1804
|
||||
- distro: ubuntu2004
|
||||
|
||||
steps:
|
||||
- name: Check out the codebase
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
path: "${{ github.repository }}"
|
||||
|
||||
- name: Set up Python 3
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies
|
||||
run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker
|
||||
|
||||
- name: Run Molecule tests
|
||||
run: |
|
||||
molecule test
|
||||
env:
|
||||
ANSIBLE_FORCE_COLOR: '1'
|
||||
ANSIBLE_VERBOSITY: '3'
|
||||
MOLECULE_DEBUG: '1'
|
||||
MOLECULE_DISTRO: "${{ matrix.distro }}"
|
||||
PY_COLORS: '1'
|
20
roles/oefenweb.ufw/.github/workflows/release.yml
vendored
Normal file
20
roles/oefenweb.ufw/.github/workflows/release.yml
vendored
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
name: Release
|
||||
'on':
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
|
||||
jobs:
|
||||
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Publish to Galaxy
|
||||
uses: robertdebock/galaxy-action@1.2.0
|
||||
with:
|
||||
galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}
|
|
@ -1,89 +0,0 @@
|
|||
---
|
||||
sudo: required
|
||||
dist: xenial
|
||||
|
||||
language: python
|
||||
python:
|
||||
- "2.7"
|
||||
- "3.5"
|
||||
|
||||
env:
|
||||
- ANSIBLE_VERSION=latest
|
||||
- ANSIBLE_VERSION=2.10.2
|
||||
- ANSIBLE_VERSION=2.10.1
|
||||
- ANSIBLE_VERSION=2.10.0
|
||||
- ANSIBLE_VERSION=2.9.14
|
||||
- ANSIBLE_VERSION=2.9.13
|
||||
- ANSIBLE_VERSION=2.9.12
|
||||
- ANSIBLE_VERSION=2.9.11
|
||||
- ANSIBLE_VERSION=2.9.10
|
||||
- ANSIBLE_VERSION=2.9.9
|
||||
- ANSIBLE_VERSION=2.9.8
|
||||
- ANSIBLE_VERSION=2.9.7
|
||||
- ANSIBLE_VERSION=2.9.6
|
||||
- ANSIBLE_VERSION=2.9.5
|
||||
- ANSIBLE_VERSION=2.9.4
|
||||
- ANSIBLE_VERSION=2.9.3
|
||||
- ANSIBLE_VERSION=2.9.2
|
||||
- ANSIBLE_VERSION=2.9.1
|
||||
- ANSIBLE_VERSION=2.9.0
|
||||
- ANSIBLE_VERSION=2.8.16
|
||||
- ANSIBLE_VERSION=2.8.15
|
||||
- ANSIBLE_VERSION=2.8.14
|
||||
- ANSIBLE_VERSION=2.8.13
|
||||
- ANSIBLE_VERSION=2.8.12
|
||||
- ANSIBLE_VERSION=2.8.11
|
||||
- ANSIBLE_VERSION=2.8.10
|
||||
- ANSIBLE_VERSION=2.8.9
|
||||
- ANSIBLE_VERSION=2.8.8
|
||||
- ANSIBLE_VERSION=2.8.7
|
||||
- ANSIBLE_VERSION=2.8.6
|
||||
- ANSIBLE_VERSION=2.8.5
|
||||
- ANSIBLE_VERSION=2.8.4
|
||||
- ANSIBLE_VERSION=2.8.3
|
||||
- ANSIBLE_VERSION=2.8.2
|
||||
- ANSIBLE_VERSION=2.8.1
|
||||
- ANSIBLE_VERSION=2.8.0
|
||||
|
||||
branches:
|
||||
only:
|
||||
- master
|
||||
|
||||
matrix:
|
||||
allow_failures:
|
||||
# https://github.com/ansible/ansible/issues/56674
|
||||
- env: ANSIBLE_VERSION=2.8.0
|
||||
|
||||
before_install:
|
||||
- sudo apt-get update -qq
|
||||
|
||||
# Remove ufw
|
||||
- sudo apt-get remove --purge --yes ufw
|
||||
|
||||
install:
|
||||
# Install Ansible.
|
||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
|
||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
|
||||
|
||||
script:
|
||||
# Check the role/playbook's syntax.
|
||||
- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
|
||||
|
||||
# Run the role/playbook with ansible-playbook.
|
||||
- ansible-playbook -i tests/inventory tests/test.yml -vvvv
|
||||
|
||||
# Run the role/playbook again, checking to make sure it's idempotent.
|
||||
- >
|
||||
ansible-playbook -i tests/inventory tests/test.yml
|
||||
| grep -q 'changed=0.*failed=0'
|
||||
&& (echo 'Idempotence test: pass' && exit 0)
|
||||
|| (echo 'Idempotence test: fail' && exit 1)
|
||||
|
||||
- if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi
|
||||
|
||||
notifications:
|
||||
email: false
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
||||
slack:
|
||||
rooms:
|
||||
secure: "If2mqrqZs5q6yZ9bs9qq+pmgCEMCTv1Nk3vQjax9N+xFoIvnRi1v0drEekibKgns8eg0Mg/Tya7xxXokqFhs3wVY64r43v86HFLS2MVDTaMYAxK3kRd4x8R5INIAN1U7Dtsk8RQbIngzGJPZwOfmOtY1qQ5p3RLMM+6zEBQOO7U="
|
15
roles/oefenweb.ufw/.yamllint
Normal file
15
roles/oefenweb.ufw/.yamllint
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
braces:
|
||||
max-spaces-inside: 1
|
||||
level: error
|
||||
brackets:
|
||||
max-spaces-inside: 1
|
||||
level: error
|
||||
line-length: disable
|
||||
truthy: disable
|
||||
|
||||
ignore: |
|
||||
.tox/
|
20
roles/oefenweb.ufw/Dockerfile
Normal file
20
roles/oefenweb.ufw/Dockerfile
Normal file
|
@ -0,0 +1,20 @@
|
|||
FROM ubuntu:16.04
|
||||
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
|
||||
|
||||
# python
|
||||
RUN apt-get update && \
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
|
||||
apt-get clean
|
||||
RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
|
||||
RUN rm -rf $HOME/.cache
|
||||
|
||||
# ansible
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
|
||||
apt-get clean
|
||||
RUN pip install ansible==2.9.15
|
||||
RUN rm -rf $HOME/.cache
|
||||
|
||||
# provision
|
||||
COPY . /etc/ansible/roles/ansible-role
|
||||
WORKDIR /etc/ansible/roles/ansible-role
|
||||
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local
|
|
@ -1,6 +1,6 @@
|
|||
## ufw
|
||||
|
||||
[![Build Status](https://travis-ci.org/Oefenweb/ansible-ufw.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ufw)
|
||||
[![CI](https://github.com/Oefenweb/ansible-ufw/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-ufw/actions?query=workflow%3ACI)
|
||||
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw)
|
||||
|
||||
Set up ufw in Debian-like systems.
|
||||
|
|
33
roles/oefenweb.ufw/Vagrantfile
vendored
33
roles/oefenweb.ufw/Vagrantfile
vendored
|
@ -4,40 +4,26 @@
|
|||
role = File.basename(File.expand_path(File.dirname(__FILE__)))
|
||||
|
||||
boxes = [
|
||||
{
|
||||
:name => "ubuntu-1204",
|
||||
:box => "bento/ubuntu-12.04",
|
||||
:ip => '10.0.0.11',
|
||||
:cpu => "50",
|
||||
:ram => "256"
|
||||
},
|
||||
{
|
||||
:name => "ubuntu-1404",
|
||||
:box => "bento/ubuntu-14.04",
|
||||
:ip => '10.0.0.12',
|
||||
:cpu => "50",
|
||||
:ram => "256"
|
||||
},
|
||||
{
|
||||
:name => "ubuntu-1604",
|
||||
:box => "bento/ubuntu-16.04",
|
||||
:ip => '10.0.0.13',
|
||||
:ip => '10.0.0.12',
|
||||
:cpu => "50",
|
||||
:ram => "256"
|
||||
},
|
||||
{
|
||||
:name => "ubuntu-1804",
|
||||
:box => "bento/ubuntu-18.04",
|
||||
:ip => '10.0.0.14',
|
||||
:ip => '10.0.0.13',
|
||||
:cpu => "50",
|
||||
:ram => "384"
|
||||
},
|
||||
{
|
||||
:name => "debian-7",
|
||||
:box => "bento/debian-7",
|
||||
:ip => '10.0.0.15',
|
||||
:name => "ubuntu-2004",
|
||||
:box => "bento/ubuntu-20.04",
|
||||
:ip => '10.0.0.14',
|
||||
:cpu => "50",
|
||||
:ram => "256"
|
||||
:ram => "384"
|
||||
},
|
||||
{
|
||||
:name => "debian-8",
|
||||
|
@ -53,6 +39,13 @@ boxes = [
|
|||
:cpu => "50",
|
||||
:ram => "256"
|
||||
},
|
||||
{
|
||||
:name => "debian-10",
|
||||
:box => "bento/debian-10",
|
||||
:ip => '10.0.0.18',
|
||||
:cpu => "50",
|
||||
:ram => "256"
|
||||
},
|
||||
]
|
||||
|
||||
Vagrant.configure("2") do |config|
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# defaults file for ufw
|
||||
# defaults file
|
||||
---
|
||||
ufw_default_incoming_policy: deny
|
||||
ufw_default_outgoing_policy: allow
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# handlers file for ufw
|
||||
# handlers file
|
||||
---
|
||||
- name: reload ufw
|
||||
ufw:
|
||||
|
|
|
@ -1,24 +1,24 @@
|
|||
# meta file for ufw
|
||||
# meta file
|
||||
---
|
||||
galaxy_info:
|
||||
namespace: oefenweb
|
||||
role_name: ufw
|
||||
author: Mischa ter Smitten
|
||||
company: Oefenweb.nl B.V.
|
||||
description: Set up ufw in Debian-like systems
|
||||
license: MIT
|
||||
min_ansible_version: 2.8.0
|
||||
min_ansible_version: 2.9.0
|
||||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- precise
|
||||
- trusty
|
||||
- xenial
|
||||
- bionic
|
||||
- focal
|
||||
- name: Debian
|
||||
versions:
|
||||
- wheezy
|
||||
- jessie
|
||||
- stretch
|
||||
- buster
|
||||
galaxy_tags:
|
||||
- system
|
||||
- networking
|
||||
|
|
9
roles/oefenweb.ufw/molecule/default/converge.yml
Normal file
9
roles/oefenweb.ufw/molecule/default/converge.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
pre_tasks:
|
||||
- name: include vars
|
||||
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
|
||||
roles:
|
||||
- ../../../
|
21
roles/oefenweb.ufw/molecule/default/molecule.yml
Normal file
21
roles/oefenweb.ufw/molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
- name: instance
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
capabilities:
|
||||
- NET_ADMIN
|
||||
provisioner:
|
||||
name: ansible
|
||||
playbooks:
|
||||
prepare: prepare.yml
|
||||
converge: converge.yml
|
||||
verify: verify.yml
|
5
roles/oefenweb.ufw/molecule/default/prepare.yml
Normal file
5
roles/oefenweb.ufw/molecule/default/prepare.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
become: true
|
||||
tasks: []
|
5
roles/oefenweb.ufw/molecule/default/verify.yml
Normal file
5
roles/oefenweb.ufw/molecule/default/verify.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: Verify
|
||||
hosts: all
|
||||
become: true
|
||||
tasks: []
|
|
@ -1,4 +1,4 @@
|
|||
# tasks file for ufw
|
||||
# tasks file
|
||||
---
|
||||
- name: configure | create (local facts) directory
|
||||
file:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# tasks file for ufw
|
||||
# tasks file
|
||||
---
|
||||
- name: check if conntrack exists
|
||||
stat:
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# tasks file for ufw
|
||||
# tasks file
|
||||
---
|
||||
- name: install | dependencies
|
||||
apt:
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# tasks file for ufw
|
||||
# tasks file
|
||||
---
|
||||
- name: facts | set
|
||||
set_fact:
|
||||
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
|
||||
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
|
||||
tags:
|
||||
- configuration
|
||||
- ufw
|
||||
|
|
|
@ -1,7 +1,10 @@
|
|||
# test file for ufw
|
||||
# test file
|
||||
---
|
||||
- hosts: localhost
|
||||
connection: local
|
||||
become: true
|
||||
pre_tasks:
|
||||
- name: include vars
|
||||
include_vars: "{{ playbook_dir }}/vars/main.yml"
|
||||
roles:
|
||||
- ../../
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# test file for ufw
|
||||
# test file
|
||||
---
|
||||
- hosts: all
|
||||
remote_user: vagrant
|
||||
|
|
3
roles/oefenweb.ufw/tests/vars/main.yml
Normal file
3
roles/oefenweb.ufw/tests/vars/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
# vars file
|
||||
---
|
||||
ufw_etc_default_ipv6: false
|
|
@ -1,7 +1,9 @@
|
|||
# vars file for ufw
|
||||
# vars file
|
||||
---
|
||||
ufw_dependencies:
|
||||
- ufw
|
||||
- iproute2
|
||||
- procps
|
||||
|
||||
ufw_facts:
|
||||
default_incoming_policy: "{{ ufw_default_incoming_policy }}"
|
||||
|
|
Loading…
Reference in a new issue