Rolle aktualisiert: ufw (#459)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #459
This commit is contained in:
Michael Grote 2023-02-17 12:07:48 +01:00
parent 686a0b281f
commit c86eb523bb
23 changed files with 216 additions and 127 deletions

View file

@ -1,2 +1,5 @@
skip_list:
- '405'
---
warn_list:
- role-name
- name[casing]
- '503'

View file

@ -0,0 +1,79 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: '30 1 * * 3'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v3
- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install ansible-lint[community,yamllint]
- name: Lint code
run: |
yamllint .
ansible-lint
molecule:
name: Molecule
runs-on: ubuntu-latest
defaults:
run:
working-directory: "${{ github.repository }}"
needs:
- lint
strategy:
fail-fast: false
matrix:
include:
- distro: debian8
ansible-version: '<2.10'
- distro: debian9
- distro: debian10
- distro: ubuntu1604
ansible-version: '>=2.9, <2.10'
- distro: ubuntu1604
ansible-version: '>=2.10, <2.11'
- distro: ubuntu1604
- distro: ubuntu1804
- distro: ubuntu2004
steps:
- name: Check out the codebase
uses: actions/checkout@v3
with:
path: "${{ github.repository }}"
- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install test dependencies
run: pip install 'ansible${{ matrix.ansible-version }}' molecule[docker] docker
- name: Run Molecule tests
run: |
molecule test
env:
ANSIBLE_FORCE_COLOR: '1'
ANSIBLE_VERBOSITY: '3'
MOLECULE_DEBUG: '1'
MOLECULE_DISTRO: "${{ matrix.distro }}"
PY_COLORS: '1'

View file

@ -0,0 +1,20 @@
---
name: Release
'on':
push:
tags:
- '*'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v3
- name: Publish to Galaxy
uses: robertdebock/galaxy-action@1.2.0
with:
galaxy_api_key: ${{ secrets.GALAXY_API_KEY }}

View file

@ -1,89 +0,0 @@
---
sudo: required
dist: xenial
language: python
python:
- "2.7"
- "3.5"
env:
- ANSIBLE_VERSION=latest
- ANSIBLE_VERSION=2.10.2
- ANSIBLE_VERSION=2.10.1
- ANSIBLE_VERSION=2.10.0
- ANSIBLE_VERSION=2.9.14
- ANSIBLE_VERSION=2.9.13
- ANSIBLE_VERSION=2.9.12
- ANSIBLE_VERSION=2.9.11
- ANSIBLE_VERSION=2.9.10
- ANSIBLE_VERSION=2.9.9
- ANSIBLE_VERSION=2.9.8
- ANSIBLE_VERSION=2.9.7
- ANSIBLE_VERSION=2.9.6
- ANSIBLE_VERSION=2.9.5
- ANSIBLE_VERSION=2.9.4
- ANSIBLE_VERSION=2.9.3
- ANSIBLE_VERSION=2.9.2
- ANSIBLE_VERSION=2.9.1
- ANSIBLE_VERSION=2.9.0
- ANSIBLE_VERSION=2.8.16
- ANSIBLE_VERSION=2.8.15
- ANSIBLE_VERSION=2.8.14
- ANSIBLE_VERSION=2.8.13
- ANSIBLE_VERSION=2.8.12
- ANSIBLE_VERSION=2.8.11
- ANSIBLE_VERSION=2.8.10
- ANSIBLE_VERSION=2.8.9
- ANSIBLE_VERSION=2.8.8
- ANSIBLE_VERSION=2.8.7
- ANSIBLE_VERSION=2.8.6
- ANSIBLE_VERSION=2.8.5
- ANSIBLE_VERSION=2.8.4
- ANSIBLE_VERSION=2.8.3
- ANSIBLE_VERSION=2.8.2
- ANSIBLE_VERSION=2.8.1
- ANSIBLE_VERSION=2.8.0
branches:
only:
- master
matrix:
allow_failures:
# https://github.com/ansible/ansible/issues/56674
- env: ANSIBLE_VERSION=2.8.0
before_install:
- sudo apt-get update -qq
# Remove ufw
- sudo apt-get remove --purge --yes ufw
install:
# Install Ansible.
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi
- if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi
script:
# Check the role/playbook's syntax.
- ansible-playbook -i tests/inventory tests/test.yml --syntax-check
# Run the role/playbook with ansible-playbook.
- ansible-playbook -i tests/inventory tests/test.yml -vvvv
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/test.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
- if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi
notifications:
email: false
webhooks: https://galaxy.ansible.com/api/v1/notifications/
slack:
rooms:
secure: "If2mqrqZs5q6yZ9bs9qq+pmgCEMCTv1Nk3vQjax9N+xFoIvnRi1v0drEekibKgns8eg0Mg/Tya7xxXokqFhs3wVY64r43v86HFLS2MVDTaMYAxK3kRd4x8R5INIAN1U7Dtsk8RQbIngzGJPZwOfmOtY1qQ5p3RLMM+6zEBQOO7U="

View file

@ -0,0 +1,15 @@
---
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
truthy: disable
ignore: |
.tox/

View file

@ -0,0 +1,20 @@
FROM ubuntu:16.04
MAINTAINER Mischa ter Smitten <mtersmitten@oefenweb.nl>
# python
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
apt-get clean
RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
RUN rm -rf $HOME/.cache
# ansible
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
apt-get clean
RUN pip install ansible==2.9.15
RUN rm -rf $HOME/.cache
# provision
COPY . /etc/ansible/roles/ansible-role
WORKDIR /etc/ansible/roles/ansible-role
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local

View file

@ -1,6 +1,6 @@
## ufw
[![Build Status](https://travis-ci.org/Oefenweb/ansible-ufw.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ufw)
[![CI](https://github.com/Oefenweb/ansible-ufw/workflows/CI/badge.svg)](https://github.com/Oefenweb/ansible-ufw/actions?query=workflow%3ACI)
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw)
Set up ufw in Debian-like systems.

View file

@ -4,40 +4,26 @@
role = File.basename(File.expand_path(File.dirname(__FILE__)))
boxes = [
{
:name => "ubuntu-1204",
:box => "bento/ubuntu-12.04",
:ip => '10.0.0.11',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1404",
:box => "bento/ubuntu-14.04",
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1604",
:box => "bento/ubuntu-16.04",
:ip => '10.0.0.13',
:ip => '10.0.0.12',
:cpu => "50",
:ram => "256"
},
{
:name => "ubuntu-1804",
:box => "bento/ubuntu-18.04",
:ip => '10.0.0.14',
:ip => '10.0.0.13',
:cpu => "50",
:ram => "384"
},
{
:name => "debian-7",
:box => "bento/debian-7",
:ip => '10.0.0.15',
:name => "ubuntu-2004",
:box => "bento/ubuntu-20.04",
:ip => '10.0.0.14',
:cpu => "50",
:ram => "256"
:ram => "384"
},
{
:name => "debian-8",
@ -53,6 +39,13 @@ boxes = [
:cpu => "50",
:ram => "256"
},
{
:name => "debian-10",
:box => "bento/debian-10",
:ip => '10.0.0.18',
:cpu => "50",
:ram => "256"
},
]
Vagrant.configure("2") do |config|

View file

@ -1,4 +1,4 @@
# defaults file for ufw
# defaults file
---
ufw_default_incoming_policy: deny
ufw_default_outgoing_policy: allow

View file

@ -1,4 +1,4 @@
# handlers file for ufw
# handlers file
---
- name: reload ufw
ufw:

View file

@ -1,24 +1,24 @@
# meta file for ufw
# meta file
---
galaxy_info:
namespace: oefenweb
role_name: ufw
author: Mischa ter Smitten
company: Oefenweb.nl B.V.
description: Set up ufw in Debian-like systems
license: MIT
min_ansible_version: 2.8.0
min_ansible_version: 2.9.0
platforms:
- name: Ubuntu
versions:
- precise
- trusty
- xenial
- bionic
- focal
- name: Debian
versions:
- wheezy
- jessie
- stretch
- buster
galaxy_tags:
- system
- networking

View file

@ -0,0 +1,9 @@
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
roles:
- ../../../

View file

@ -0,0 +1,21 @@
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
capabilities:
- NET_ADMIN
provisioner:
name: ansible
playbooks:
prepare: prepare.yml
converge: converge.yml
verify: verify.yml

View file

@ -0,0 +1,5 @@
---
- name: Prepare
hosts: all
become: true
tasks: []

View file

@ -0,0 +1,5 @@
---
- name: Verify
hosts: all
become: true
tasks: []

View file

@ -1,4 +1,4 @@
# tasks file for ufw
# tasks file
---
- name: configure | create (local facts) directory
file:

View file

@ -1,4 +1,4 @@
# tasks file for ufw
# tasks file
---
- name: check if conntrack exists
stat:

View file

@ -1,4 +1,4 @@
# tasks file for ufw
# tasks file
---
- name: install | dependencies
apt:

View file

@ -1,8 +1,8 @@
# tasks file for ufw
# tasks file
---
- name: facts | set
set_fact:
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
tags:
- configuration
- ufw

View file

@ -1,7 +1,10 @@
# test file for ufw
# test file
---
- hosts: localhost
connection: local
become: true
pre_tasks:
- name: include vars
include_vars: "{{ playbook_dir }}/vars/main.yml"
roles:
- ../../

View file

@ -1,4 +1,4 @@
# test file for ufw
# test file
---
- hosts: all
remote_user: vagrant

View file

@ -0,0 +1,3 @@
# vars file
---
ufw_etc_default_ipv6: false

View file

@ -1,7 +1,9 @@
# vars file for ufw
# vars file
---
ufw_dependencies:
- ufw
- iproute2
- procps
ufw_facts:
default_incoming_policy: "{{ ufw_default_incoming_policy }}"