diff --git a/.ansible-lint b/.ansible-lint index a1d3e3d8..19eb3102 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -12,6 +12,7 @@ skip_list: - '701' - '208' - '106' + - '306' use_default_rules: true verbosity: 0 # https://github.com/ansible/ansible-lint#false-positives-skipping-rules diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..a0b03c35 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,33 @@ +[submodule "roles/gantsign.ctop"] + path = roles/gantsign.ctop + url = https://github.com/gantsign/ansible_role_ctop +[submodule "roles/geerlingguy.ansible"] + path = roles/geerlingguy.ansible + url = https://github.com/geerlingguy/ansible-role-ansible +[submodule "roles/geerlingguy.docker"] + path = roles/geerlingguy.docker + url = https://github.com/geerlingguy/ansible-role-docker +[submodule "roles/geerlingguy.dotfiles"] + path = roles/geerlingguy.dotfiles + url = https://github.com/geerlingguy/dotfiles +[submodule "roles/geerlingguy.pip"] + path = roles/geerlingguy.pip + url = https://github.com/geerlingguy/ansible-role-pip +[submodule "roles/hedii.youtube-dl"] + path = roles/hedii.youtube-dl + url = https://github.com/hedii/ansible-role-youtube-dl +[submodule "roles/ironicbadger.proxmox-nag-removal"] + path = roles/ironicbadger.proxmox-nag-removal + url = https://github.com/IronicBadger/ansible-role-proxmox-nag-removal +[submodule "roles/nickjj.ansible-user"] + path = roles/nickjj.ansible-user + url = https://github.com/nickjj/ansible-user +[submodule "roles/oefenweb.ufw"] + path = roles/oefenweb.ufw + url = https://github.com/Oefenweb/ansible-ufw +[submodule "roles/robertdebock.bootstrap"] + path = roles/robertdebock.bootstrap + url = https://github.com/robertdebock/ansible-role-bootstrap +[submodule "roles/ryandaniels.create_users"] + path = roles/ryandaniels.create_users + url = https://github.com/ryandaniels/ansible-role-create-users diff --git a/inventories/inventory b/inventories/inventory index b39c4778..8141c613 100644 --- a/inventories/inventory +++ b/inventories/inventory @@ -39,34 +39,34 @@ all: hosts: vm-test.grote.lan: lxc-test.grote.lan: - baseimage: - hosts: - vorlagebaseimage.grote.lan: virt: hosts: pve-staging.grote.lan: pve-test.grote.lan: pve2.grote.lan: - wsl: - hosts: - irantu.grote.lan: - qmk: - hosts: - qmk.grote.lan: - ceph: - hosts: - ceph-1.grote.lan: - ceph-2.grote.lan: - ceph-3.grote.lan: - ceph-4.grote.lan: - ceph-5.grote.lan: - ceph-6.grote.lan: - ceph-7.grote.lan: - k8s: - hosts: - k8s-1.grote.lan: - k8s-2.grote.lan: - k8s-3.grote.lan: +# wsl: +# hosts: +# irantu.grote.lan: +# baseimage: +# hosts: +# vorlagebaseimage.grote.lan: +# qmk: +# hosts: +# qmk.grote.lan: +# ceph: +# hosts: +# ceph-1.grote.lan: +# ceph-2.grote.lan: +# ceph-3.grote.lan: +# ceph-4.grote.lan: +# ceph-5.grote.lan: +# ceph-6.grote.lan: +# ceph-7.grote.lan: +# k8s: +# hosts: +# k8s-1.grote.lan: +# k8s-2.grote.lan: +# k8s-3.grote.lan: production: diff --git a/roles/gantsign.ctop b/roles/gantsign.ctop new file mode 160000 index 00000000..92f20ce8 --- /dev/null +++ b/roles/gantsign.ctop @@ -0,0 +1 @@ +Subproject commit 92f20ce81c42388295bd62afc0e3d04ab398e3c0 diff --git a/roles/gantsign.ctop/.editorconfig b/roles/gantsign.ctop/.editorconfig deleted file mode 100644 index c30c09d8..00000000 --- a/roles/gantsign.ctop/.editorconfig +++ /dev/null @@ -1,27 +0,0 @@ -# EditorConfig: http://EditorConfig.org - -# top-most EditorConfig file -root = true - -# Defaults for all editor files -[*] -insert_final_newline = true -indent_style = space -indent_size = 4 -trim_trailing_whitespace = true - -# YAML is fussy about indenting and charset -[*.yml] -indent_style = space -indent_size = 2 -continuation_indent_size = unset -charset = utf-8 - -# Markdown is fussy about indenting -[*.md] -indent_style = space -indent_size = 4 - -# Jinja2 template files -[*.j2] -end_of_line = lf diff --git a/roles/gantsign.ctop/.gitattributes b/roles/gantsign.ctop/.gitattributes deleted file mode 100644 index ea7ae0f9..00000000 --- a/roles/gantsign.ctop/.gitattributes +++ /dev/null @@ -1,47 +0,0 @@ - -# Set the default behavior, in case people don't have core.autocrlf set. -* text=auto - -# Explicitly declare text files you want to always be normalized and converted -# to native line endings on checkout. -LICENSE text -.editorconfig text -.gitattributes text -.gitignore text -.yamllint text -*.cfg text -*.css text -*.htm text -*.html text -*.js text -*.json text -*.less text -*.md text -*.py text -*.scss text -*.ts text -*.txt text -*.xhtml text -*.xml text -*.yaml text -*.yml text - -# Declare files that will always have CRLF line endings on checkout. -*.bat text eol=crlf -*.cmd text eol=crlf - -# Declare files that will always have LF line endings on checkout. -*.conf eol=lf -*.desktop eol=lf -*.j2 eol=lf -*.service eol=lf -*.sh text eol=lf - -# Denote all files that are truly binary and should not be modified. -*.eot binary -*.gif binary -*.jpeg binary -*.jpg binary -*.png binary -*.tff binary -*.woff binary diff --git a/roles/gantsign.ctop/.gitignore b/roles/gantsign.ctop/.gitignore deleted file mode 100644 index 81318854..00000000 --- a/roles/gantsign.ctop/.gitignore +++ /dev/null @@ -1,297 +0,0 @@ -# Created by https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible - -### Ansible ### -*.retry - -### Eclipse ### - -.metadata -bin/ -tmp/ -*.tmp -*.bak -*.swp -*~.nib -local.properties -.settings/ -.loadpath -.recommenders - -# External tool builders -.externalToolBuilders/ - -# Locally stored "Eclipse launch configurations" -*.launch - -# PyDev specific (Python IDE for Eclipse) -*.pydevproject - -# CDT-specific (C/C++ Development Tooling) -.cproject - -# CDT- autotools -.autotools - -# Java annotation processor (APT) -.factorypath - -# PDT-specific (PHP Development Tools) -.buildpath - -# sbteclipse plugin -.target - -# Tern plugin -.tern-project - -# TeXlipse plugin -.texlipse - -# STS (Spring Tool Suite) -.springBeans - -# Code Recommenders -.recommenders/ - -# Annotation Processing -.apt_generated/ - -# Scala IDE specific (Scala & Java development for Eclipse) -.cache-main -.scala_dependencies -.worksheet - -### Eclipse Patch ### -# Eclipse Core -.project - -# JDT-specific (Eclipse Java Development Tools) -.classpath - -# Annotation Processing -.apt_generated - -### Emacs ### -# -*- mode: gitignore; -*- -*~ -\#*\# -/.emacs.desktop -/.emacs.desktop.lock -*.elc -auto-save-list -tramp -.\#* - -# Org-mode -.org-id-locations -*_archive - -# flymake-mode -*_flymake.* - -# eshell files -/eshell/history -/eshell/lastdir - -# elpa packages -/elpa/ - -# reftex files -*.rel - -# AUCTeX auto folder -/auto/ - -# cask packages -.cask/ -dist/ - -# Flycheck -flycheck_*.el - -# server auth directory -/server/ - -# projectiles files -.projectile - -# directory configuration -.dir-locals.el - -### Intellij ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/**/usage.statistics.xml -.idea/**/dictionaries -.idea/**/shelf - -# Sensitive or high-churn files -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml -.idea/**/dbnavigator.xml - -# Gradle -.idea/**/gradle.xml -.idea/**/libraries - -# Gradle and Maven with auto-import -# When using Gradle or Maven with auto-import, you should exclude module files, -# since they will be recreated, and may cause churn. Uncomment if using -# auto-import. -# .idea/modules.xml -# .idea/*.iml -# .idea/modules - -# CMake -cmake-build-*/ - -# Mongo Explorer plugin -.idea/**/mongoSettings.xml - -# File-based project format -*.iws - -# IntelliJ -out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -# Editor-based Rest Client -.idea/httpRequests - -### Intellij Patch ### -# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 - -# *.iml -# modules.xml -# .idea/misc.xml -# *.ipr - -# Sonarlint plugin -.idea/sonarlint - -### Linux ### - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -### OSX ### -# General -.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -### Vim ### -# Swap -[._]*.s[a-v][a-z] -[._]*.sw[a-p] -[._]s[a-rt-v][a-z] -[._]ss[a-gi-z] -[._]sw[a-p] - -# Session -Session.vim - -# Temporary -.netrwhist -# Auto-generated tag files -tags -# Persistent undo -[._]*.un~ - -### VisualStudioCode ### -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json - -### Windows ### -# Windows thumbnail cache files -Thumbs.db -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - - -# End of https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible - -#################### -### Custom rules ### -#################### - -### Molecule ### - -__pycache__ -.cache -.molecule diff --git a/roles/gantsign.ctop/.moleculew/ansible_version b/roles/gantsign.ctop/.moleculew/ansible_version deleted file mode 100644 index dedcc7d4..00000000 --- a/roles/gantsign.ctop/.moleculew/ansible_version +++ /dev/null @@ -1 +0,0 @@ -2.9.1 diff --git a/roles/gantsign.ctop/.moleculew/molecule_version b/roles/gantsign.ctop/.moleculew/molecule_version deleted file mode 100644 index 4699fb07..00000000 --- a/roles/gantsign.ctop/.moleculew/molecule_version +++ /dev/null @@ -1 +0,0 @@ -2.22 diff --git a/roles/gantsign.ctop/.moleculew/python_version b/roles/gantsign.ctop/.moleculew/python_version deleted file mode 100644 index f24054fd..00000000 --- a/roles/gantsign.ctop/.moleculew/python_version +++ /dev/null @@ -1 +0,0 @@ -2.7.15 diff --git a/roles/gantsign.ctop/.travis.yml b/roles/gantsign.ctop/.travis.yml deleted file mode 100644 index 29d19362..00000000 --- a/roles/gantsign.ctop/.travis.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -language: python -python: '2.7' - -env: - global: - - MOLECULEW_USE_SYSTEM=true - -# Spin off separate builds for each of the following versions -# of Ansible and Linux. -jobs: - include: - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=centos - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=debian_max - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=debian_min - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=ubuntu_max - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=ubuntu_min - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=opensuse - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=centos - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=debian_max - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=debian_min - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=ubuntu_max - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=ubuntu_min - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=opensuse - -# Require Ubuntu 16.04 -dist: xenial - -# Require Docker -services: - - docker - -install: - # Install dependencies - - ./moleculew wrapper-install - - # Display versions - - ./moleculew wrapper-versions - -script: - - ./moleculew test --scenario-name=$MOLECULE_SCENARIO - -cache: - directories: - - $HOME/.moleculew - -branches: - only: - - master - - /^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)([\.\-].*)?$/ - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/gantsign.ctop/.yamllint b/roles/gantsign.ctop/.yamllint deleted file mode 100644 index 88276760..00000000 --- a/roles/gantsign.ctop/.yamllint +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/roles/gantsign.ctop/LICENSE b/roles/gantsign.ctop/LICENSE deleted file mode 100644 index 4add3620..00000000 --- a/roles/gantsign.ctop/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2018 GantSign Ltd. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/roles/gantsign.ctop/README.md b/roles/gantsign.ctop/README.md deleted file mode 100644 index 1b1a2efd..00000000 --- a/roles/gantsign.ctop/README.md +++ /dev/null @@ -1,156 +0,0 @@ -Ansible Role: ctop -================== - -[![Build Status](https://travis-ci.com/gantsign/ansible_role_ctop.svg?branch=master)](https://travis-ci.com/gantsign/ansible_role_ctop) -[![Ansible Galaxy](https://img.shields.io/badge/ansible--galaxy-gantsign.ctop-blue.svg)](https://galaxy.ansible.com/gantsign/ctop) -[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/gantsign/ansible_role_ctop/master/LICENSE) - -Role to download and install [ctop](https://ctop.sh) the top-like interface for -container metrics. View CPU, RAM and network I/O for your Docker containers at -a glance from your terminal. - -Requirements ------------- - -* Ansible >= 2.7 - -* Linux Distribution - - * Debian Family - - * Debian - - * Jessie (8) - * Stretch (9) - - * Ubuntu - - * Xenial (16.04) - * Bionic (18.04) - - * RedHat Family - - * CentOS - - * 7 - - * Fedora - - * 31 - - * SUSE Family - - * openSUSE - - * 15.1 - - * Note: other versions are likely to work but have not been tested. - -* Docker (already installed) - -Role Variables --------------- - -The following variables will change the behavior of this role (default values -are shown below): - -```yaml -# ctop version number -ctop_version: '0.7.3' - -# SHA256 sum for the ctop redistributable -ctop_redis_sha256sum: '54598d424396cbe25646e097b47d76a55d475c29ae4c3111548141a3ecfb7fc1' - -# Directory to store files downloaded for ctop -ctop_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" -``` - -Example Playbook ----------------- - -```yaml -- hosts: servers - roles: - - role: gantsign.ctop -``` - -Tab Completion for Zsh ----------------------- - -### Using Ansible - -We recommend using the -[gantsign.antigen](https://galaxy.ansible.com/gantsign/antigen) role to enable -tab completion for ctop (this must be configured for each user). - -```yaml -- hosts: servers - roles: - - role: gantsign.ctop - - - role: gantsign.antigen - users: - - username: example - antigen_bundles: - - name: ctop - url: gantsign/zsh-plugins - location: ctop -``` - -### Using Antigen - -If you prefer to use [Antigen](https://github.com/zsh-users/antigen) directly -add the following to your Antigen configuration: - -```bash -antigen bundle gantsign/zsh-plugins ctop -``` - -More Roles From GantSign ------------------------- - -You can find more roles from GantSign on -[Ansible Galaxy](https://galaxy.ansible.com/gantsign). - -Development & Testing ---------------------- - -This project uses [Molecule](http://molecule.readthedocs.io/) to aid in the -development and testing; the role is unit tested using -[Testinfra](http://testinfra.readthedocs.io/) and -[pytest](http://docs.pytest.org/). - -To develop or test you'll need to have installed the following: - -* Linux (e.g. [Ubuntu](http://www.ubuntu.com/)) -* [Docker](https://www.docker.com/) -* [Python](https://www.python.org/) (including python-pip) -* [Ansible](https://www.ansible.com/) -* [Molecule](http://molecule.readthedocs.io/) - -Because the above can be tricky to install, this project includes -[Molecule Wrapper](https://github.com/gantsign/molecule-wrapper). Molecule -Wrapper is a shell script that installs Molecule and it's dependencies (apart -from Linux) and then executes Molecule with the command you pass it. - -To test this role using Molecule Wrapper run the following command from the -project root: - -```bash -./moleculew test -``` - -Note: some of the dependencies need `sudo` permission to install. - -License -------- - -MIT - -Author Information ------------------- - -John Freeman - -GantSign Ltd. -Company No. 06109112 (registered in England) diff --git a/roles/gantsign.ctop/defaults/main.yml b/roles/gantsign.ctop/defaults/main.yml deleted file mode 100644 index 61835a0f..00000000 --- a/roles/gantsign.ctop/defaults/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# ctop version number -ctop_version: '0.7.3' - -# SHA256 sum for the ctop redistributable -ctop_redis_sha256sum: '54598d424396cbe25646e097b47d76a55d475c29ae4c3111548141a3ecfb7fc1' - -# Directory to store files downloaded for ctop -ctop_download_dir: "{{ x_ansible_download_dir | default(ansible_env.HOME + '/.ansible/tmp/downloads') }}" diff --git a/roles/gantsign.ctop/handlers/main.yml b/roles/gantsign.ctop/handlers/main.yml deleted file mode 100644 index 5b6f86c4..00000000 --- a/roles/gantsign.ctop/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for ansible_role_ctop diff --git a/roles/gantsign.ctop/meta/main.yml b/roles/gantsign.ctop/meta/main.yml deleted file mode 100644 index b6bcf34b..00000000 --- a/roles/gantsign.ctop/meta/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -galaxy_info: - author: John Freeman - role_name: ctop - description: Ansible role for downloading and installing ctop. - company: GantSign Ltd. - license: MIT - min_ansible_version: 2.7 - platforms: - - name: EL - versions: - - 7 - - name: Fedora - versions: - - 31 - - name: Ubuntu - versions: - - xenial - - bionic - - name: Debian - versions: - - jessie - - stretch - - name: opensuse - versions: - - 15.1 - galaxy_tags: - - ctop - - docker - - development -dependencies: [] diff --git a/roles/gantsign.ctop/molecule/centos/INSTALL.rst b/roles/gantsign.ctop/molecule/centos/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/centos/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/centos/molecule.yml b/roles/gantsign.ctop/molecule/centos/molecule.yml deleted file mode 100644 index a862c894..00000000 --- a/roles/gantsign.ctop/molecule/centos/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_centos - image: centos:7 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: centos - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst b/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/debian_max/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/debian_max/molecule.yml b/roles/gantsign.ctop/molecule/debian_max/molecule.yml deleted file mode 100644 index c1263f8b..00000000 --- a/roles/gantsign.ctop/molecule/debian_max/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_debian_max - image: debian:9 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: debian_max - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst b/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/debian_min/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/debian_min/molecule.yml b/roles/gantsign.ctop/molecule/debian_min/molecule.yml deleted file mode 100644 index 392bf5e4..00000000 --- a/roles/gantsign.ctop/molecule/debian_min/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_debian_min - image: debian:8 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: debian_min - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/default/Dockerfile.j2 b/roles/gantsign.ctop/molecule/default/Dockerfile.j2 deleted file mode 100644 index 0de39e63..00000000 --- a/roles/gantsign.ctop/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -{% if item.env is defined %} -{% for var, value in item.env.items() %} -{% if value %} -ENV {{ var }} {{ value }} -{% endif %} -{% endfor %} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi diff --git a/roles/gantsign.ctop/molecule/default/INSTALL.rst b/roles/gantsign.ctop/molecule/default/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/default/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/default/molecule.yml b/roles/gantsign.ctop/molecule/default/molecule.yml deleted file mode 100644 index caa58a7f..00000000 --- a/roles/gantsign.ctop/molecule/default/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_default - image: ubuntu:18.04 - -provisioner: - name: ansible - lint: - name: ansible-lint - -scenario: - name: default - -verifier: - name: testinfra - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/default/playbook.yml b/roles/gantsign.ctop/molecule/default/playbook.yml deleted file mode 100644 index e2368af7..00000000 --- a/roles/gantsign.ctop/molecule/default/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: ansible_role_ctop diff --git a/roles/gantsign.ctop/molecule/default/tests/test_role.py b/roles/gantsign.ctop/molecule/default/tests/test_role.py deleted file mode 100644 index 8eede6b3..00000000 --- a/roles/gantsign.ctop/molecule/default/tests/test_role.py +++ /dev/null @@ -1,30 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -import re - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_dir(host): - dir = host.file('/usr/local/bin') - assert dir.exists - assert dir.is_directory - assert dir.user == 'root' - assert dir.group == 'root' - - -def test_file(host): - installed_file = host.file('/usr/local/bin/ctop') - assert installed_file.exists - assert installed_file.is_file - assert installed_file.user == 'root' - assert installed_file.group == 'root' - - -def test_version(host): - version = host.check_output('ctop -v') - pattern = 'ctop version [0-9\\.]+' - assert re.search(pattern, version) diff --git a/roles/gantsign.ctop/molecule/fedora/INSTALL.rst b/roles/gantsign.ctop/molecule/fedora/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/fedora/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/fedora/molecule.yml b/roles/gantsign.ctop/molecule/fedora/molecule.yml deleted file mode 100644 index d4bb59a3..00000000 --- a/roles/gantsign.ctop/molecule/fedora/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_fedora - image: fedora:31 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: fedora - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst b/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/opensuse/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/opensuse/molecule.yml b/roles/gantsign.ctop/molecule/opensuse/molecule.yml deleted file mode 100644 index 4ef88a64..00000000 --- a/roles/gantsign.ctop/molecule/opensuse/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_opensuse - image: opensuse/leap:15.1 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: opensuse - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst b/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/ubuntu_max/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml b/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml deleted file mode 100644 index 97599dea..00000000 --- a/roles/gantsign.ctop/molecule/ubuntu_max/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_ubuntu_max - image: ubuntu:18.04 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: ubuntu_max - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst b/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst deleted file mode 100644 index 6a44bde9..00000000 --- a/roles/gantsign.ctop/molecule/ubuntu_min/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml b/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml deleted file mode 100644 index f9d8134f..00000000 --- a/roles/gantsign.ctop/molecule/ubuntu_min/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: - name: yamllint - -platforms: - - name: ansible_role_ctop_ubuntu_min - image: ubuntu:16.04 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: ubuntu_min - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/roles/gantsign.ctop/moleculew b/roles/gantsign.ctop/moleculew deleted file mode 100644 index 952183b5..00000000 --- a/roles/gantsign.ctop/moleculew +++ /dev/null @@ -1,736 +0,0 @@ -#!/usr/bin/env bash - -# MIT License -# -# Copyright (c) 2018 GantSign Ltd. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -# Molecule Wrapper the wrapper script for Molecule -# https://github.com/gantsign/molecule-wrapper - -set -e - -WRAPPER_VERSION=0.9.12 - -VERSION_DIR='.moleculew' -PYTHON_VERSION_FILE="$VERSION_DIR/python_version" -ANSIBLE_VERSION_FILE="$VERSION_DIR/ansible_version" -MOLECULE_VERSION_FILE="$VERSION_DIR/molecule_version" - -BUILD_DEPENDENCIES_INSTALLLED=false -PYENV_INSTALLED=false - -ANSIBLE_VERSION='' -MOLECULE_VERSION='' -PYTHON_VERSION='' -USE_SYSTEM_DEPENDENCIES=false - -PRE_ARGS=() -MOLECULE_CMD='' -POST_ARGS=() - -export PATH="$HOME/.pyenv/bin:$HOME/.local/bin:$PATH" - -hr() { - for ((i = 1; i <= 80; i++)); do - printf '*' - done - echo '' -} - -banner() { - hr - echo "$1" - hr -} - -run_as_root() { - if [[ $EUID -eq 0 ]]; then - "$@" - elif [ -x "$(command -v sudo)" ]; then - sudo "$@" - else - echo "Error: sudo is not installed" >&2 - exit 1 - fi -} - -build_dependencies_present() { - if [[ $BUILD_DEPENDENCIES_INSTALLLED == true ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - return - fi - # https://github.com/pyenv/pyenv/wiki/common-build-problems - if [[ -x "$(command -v apt-get)" ]]; then - banner 'Installing build dependencies' - - run_as_root apt-get update - run_as_root apt-get install --assume-yes \ - make build-essential libssl-dev zlib1g-dev libbz2-dev \ - libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \ - libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev \ - git jq - echo '' - elif [[ -x "$(command -v dnf)" ]]; then - banner 'Installing build dependencies' - - run_as_root dnf install \ - zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ - openssl-devel xz xz-devel libffi-devel \ - git curl jq - echo '' - elif [[ -x "$(command -v yum)" ]]; then - banner 'Installing build dependencies' - - run_as_root yum install \ - zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ - openssl-devel xz xz-devel libffi-devel \ - git curl jq - echo '' - elif [[ -x "$(command -v zypper)" ]]; then - banner 'Installing build dependencies' - - run_as_root zypper install \ - zlib-devel bzip2 libbz2-devel readline-devel sqlite3 sqlite3-devel \ - libopenssl-devel xz xz-devel \ - git curl jq - echo '' - fi - BUILD_DEPENDENCIES_INSTALLLED=true -} - -pyenv_present() { - if [[ $PYENV_INSTALLED == true ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - return - fi - if [[ -x "$(command -v pyenv)" ]]; then - PYENV_INSTALLED=true - return - fi - - build_dependencies_present - - banner "Installing pyenv for user $USER" - bash <(curl --location https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer) - echo '' - PYENV_INSTALLED=true -} - -query_latest_python_version2() { - pyenv_present - - PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^2\.' | grep --invert-match '\-dev$' | tail -1)" -} - -query_latest_python_version3() { - pyenv_present - - PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^3\.' | grep --invert-match '\-dev$' | tail -1)" -} - -query_latest_package_version() { - if [[ ! -x "$(command -v curl)" ]]; then - build_dependencies_present - fi - if [[ ! -x "$(command -v jq)" ]]; then - build_dependencies_present - fi - if [[ ! -x "$(command -v curl)" ]]; then - echo 'Error: curl is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v jq)" ]]; then - echo 'Error: jq is not installed.' >&2 - exit 1 - fi - - local version - # shellcheck disable=SC2034 - version=$(curl --fail --silent --show-error --location "https://pypi.org/pypi/$2/json" | jq --raw-output '.info.version') - - eval "$1=\"\$version\"" -} - -docker_present() { - if [[ -x "$(command -v docker)" ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - echo 'Error: docker is not installed.' >&2 - exit 1 - fi - - build_dependencies_present - - banner 'Installing Docker' - sh <(curl --fail --silent --show-error --location https://get.docker.com) - run_as_root usermod --append --groups docker "$USER" - banner "User '$USER' has been added to the 'docker' group. Logout/restart and log back in for changes to take effect." - exit -} - -python_present() { - if [[ $PYTHON_VERSION == system ]]; then - if [[ ! -x "$(command -v python)" ]]; then - echo 'Error: python is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v pip)" ]]; then - echo 'Error: pip is not installed.' >&2 - exit 1 - fi - PYTHON_EXE="$(command -v python)" - else - if [[ ! -x "$(command -v git)" ]]; then - echo 'Error: git is not installed.' >&2 - exit 1 - fi - - pyenv_present - - export PYENV_VERSION="$PYTHON_VERSION" - if [[ ! -d "$HOME/.pyenv/versions/$PYTHON_VERSION" ]]; then - build_dependencies_present - - banner "Making Python version $PYTHON_VERSION available using pyenv" - pyenv install "$PYTHON_VERSION" - echo '' - fi - eval "$(pyenv init -)" - PYTHON_EXE="$(pyenv which python)" - fi -} - -virtualenv_presant() { - if [[ ! -x "$(command -v virtualenv)" ]]; then - banner "Installing virtualenv for user $USER" - pip install --user virtualenv - echo '' - fi -} - -install_ansible() { - banner "Installing Ansible $ANSIBLE_VERSION into virtualenv $VIRTUAL_ENV" - pip install "ansible==$ANSIBLE_VERSION" - echo '' -} - -install_molecule() { - banner "Installing Molecule $MOLECULE_VERSION into virtualenv $VIRTUAL_ENV" - - # Workaround https://github.com/ansible-community/molecule/issues/2676 - pip install 'sh==1.12.14' - - pip install "molecule[docker]==$MOLECULE_VERSION" - echo '' -} - -wrapper_clean() { - local MOLECULE_WRAPPER_HOME="$HOME/.moleculew" - read -r -p "Delete ${MOLECULE_WRAPPER_HOME} (y/n)? " yn - case $yn in - [Yy]|YES|yes|Yes) - rm -rf "$MOLECULE_WRAPPER_HOME"; - exit - ;; - *) - exit - ;; - esac -} - -wrapper_upgrade() { - curl --fail --silent --show-error --location --output moleculew.new \ - 'https://raw.githubusercontent.com/gantsign/molecule-wrapper/master/moleculew' \ - && chmod 'u+x' moleculew.new \ - && mv --force moleculew.new moleculew - - local NEW_VERSION - NEW_VERSION="$(./moleculew wrapper-version)" - if [ "$WRAPPER_VERSION" != "$NEW_VERSION" ]; then - echo "Upgraded wrapper from version $WRAPPER_VERSION to $NEW_VERSION" - else - echo "You are already using the latest version" - fi - exit -} - -wrapper_version() { - echo "$WRAPPER_VERSION" - exit -} - -print_versions() { - echo "Python: $PYTHON_VERSION" - echo "Ansible: $ANSIBLE_VERSION" - echo "Molecule: $MOLECULE_VERSION" -} - -wrapper_versions() { - detemine_versions - - print_versions - exit -} - -wrapper_freeze() { - detemine_versions - - banner 'Freezing versions' - - mkdir -p "$VERSION_DIR" - - echo "$PYTHON_VERSION" > "$PYTHON_VERSION_FILE" - echo "$ANSIBLE_VERSION" > "$ANSIBLE_VERSION_FILE" - echo "$MOLECULE_VERSION" > "$MOLECULE_VERSION_FILE" - - print_versions - - exit -} - -wrapper_unfreeze() { - banner 'Un-freezing versions' - - if [[ -f "$PYTHON_VERSION_FILE" ]]; then - rm --verbose "$PYTHON_VERSION_FILE" - fi - if [[ -f "$ANSIBLE_VERSION_FILE" ]]; then - rm --verbose "$ANSIBLE_VERSION_FILE" - fi - if [[ -f "$MOLECULE_VERSION_FILE" ]]; then - rm --verbose "$MOLECULE_VERSION_FILE" - fi - exit -} - -wrapper_upgrade_versions() { - detemine_versions - - banner 'Upgrading versions' - - local CURRENT_PYTHON_VERSION="$PYTHON_VERSION" - local CURRENT_ANSIBLE_VERSION="$ANSIBLE_VERSION" - local CURRENT_MOLECULE_VERSION="$MOLECULE_VERSION" - - query_latest_python_version2 - query_latest_package_version ANSIBLE_VERSION ansible - query_latest_package_version MOLECULE_VERSION molecule - echo '' - - echo 'New versions:' - if [[ "$CURRENT_PYTHON_VERSION" == "$PYTHON_VERSION" ]]; then - echo "Python: $CURRENT_PYTHON_VERSION (no change)" - else - echo "Python: $CURRENT_PYTHON_VERSION -> $PYTHON_VERSION" - fi - - if [[ "$CURRENT_ANSIBLE_VERSION" == "$ANSIBLE_VERSION" ]]; then - echo "Ansible: $CURRENT_ANSIBLE_VERSION (no change)" - else - echo "Ansible: $CURRENT_ANSIBLE_VERSION -> $ANSIBLE_VERSION" - fi - - if [[ "$CURRENT_MOLECULE_VERSION" == "$MOLECULE_VERSION" ]]; then - echo "Molecule: $CURRENT_MOLECULE_VERSION (no change)" - else - echo "Molecule: $CURRENT_MOLECULE_VERSION -> $MOLECULE_VERSION" - fi - echo '' - - wrapper_freeze -} - -wrapper_help() { - activate_virtualenv - - molecule --help - - echo " -Molecule Wrapper - -Additional options: - --ansible VERSION Use the specified version of Ansible - --molecule VERSION Use the specified version of Molecule - --python VERSION Use the specified version of Python - --use-system-dependencies Use system dependencies - -Additional commands: - wrapper-clean Removes all the wrapper virtual environments - wrapper-freeze Freezes the dependency versions being used - wrapper-unfreeze Un-freezes the dependency versions - wrapper-upgrade Upgrades the Molecule Wrapper to the latest version - wrapper-upgrade-versions Upgrades any frozen dependency versions - wrapper-version Displays the current version of Molecule Wrapper -" -} - -query_package_versions() { - local package_name="$1" - local min_version="$2" - - if [[ ! -x "$(command -v curl)" ]]; then - build_dependencies_present > /dev/null - fi - if [[ ! -x "$(command -v jq)" ]]; then - build_dependencies_present > /dev/null - fi - if [[ ! -x "$(command -v curl)" ]]; then - echo 'Error: curl is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v jq)" ]]; then - echo 'Error: jq is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v sort)" ]]; then - echo 'Error: sort is not installed.' >&2 - exit 1 - fi - - for i in $(curl --fail --silent --show-error \ - --location "https://pypi.org/pypi/$package_name/json" \ - | jq --raw-output ".releases | keys | .[], \"$min_version.\"" \ - | grep --invert-match '[a-zA-Z]' \ - | sort --version-sort --reverse) ; do - if [[ "$i" == "$min_version." ]]; then - break - fi - echo "$i" - done -} - -wrapper_options_ansible() { - echo 'latest' - query_package_versions 'ansible' '2.7' -} - -wrapper_options_molecule() { - echo 'latest' - query_package_versions 'molecule' '2.20' -} - -wrapper_options_python() { - if [[ ! -x "$(command -v sort)" ]]; then - echo 'Error: sort is not installed.' >&2 - exit 1 - fi - - pyenv_present > /dev/null - - local min_version='2.7' - - echo 'latest' - - for i in $( (echo "$min_version." && \ - ~/.pyenv/plugins/python-build/bin/python-build --definitions) \ - | grep --color=never '^[0-9]' \ - | grep --invert-match '\-dev$' \ - | sort --version-sort --reverse) ; do - if [[ "$i" == "$min_version." ]]; then - break - fi - echo "$i" - done -} - -wrapper_options_scenario() { - if [ -f 'moleculew' ]; then - activate_virtualenv > /dev/null - fi - python << EOF -import os -import sys - -import six -import yaml - - -molecule_dir = 'molecule' -if not os.path.isdir(molecule_dir): - sys.exit() - -scenarios = [] -default = False - -for filename in os.listdir(molecule_dir): - scenario_dir = os.path.join(molecule_dir, filename) - if not os.path.isdir(scenario_dir): - continue - - molecule_yaml = os.path.join(scenario_dir, 'molecule.yml') - if not os.path.isfile(molecule_yaml): - continue - - with open(molecule_yaml, 'r') as stream: - try: - contents = yaml.safe_load(stream) - except yaml.YAMLError as exc: - continue - - if not isinstance(contents, dict): - continue - - scenario = contents.get('scenario') - if scenario is None: - continue - if not isinstance(scenario, dict): - continue - - name = scenario.get('name') - if name is None: - continue - if not isinstance(name, six.string_types): - continue - - if name == 'default': - default = True - else: - scenarios.append(name) - -scenarios.sort() -if default: - scenarios.append('default') - -for scenario in scenarios: - print(scenario) -EOF -} - -wrapper_virtualenv() { - activate_virtualenv > /dev/null - echo "$VIRTUAL_ENV" -} - -parse_args() { - set +e - - while [[ $# -gt 0 ]]; do - key="$1" - - case $key in - --python=*) - PYTHON_VERSION="${1#*=}" - shift - ;; - --python) - shift - PYTHON_VERSION="$1" - shift - ;; - --ansible=*) - ANSIBLE_VERSION="${1#*=}" - shift - ;; - --ansible) - shift - ANSIBLE_VERSION="$1" - shift - ;; - --molecule=*) - MOLECULE_VERSION="${1#*=}" - shift - ;; - --molecule) - shift - MOLECULE_VERSION="$1" - shift - ;; - --use-system-dependencies) - USE_SYSTEM_DEPENDENCIES=true - shift - ;; - --help) - MOLECULE_CMD='wrapper-help' - break - ;; - wrapper-*) - MOLECULE_CMD="$1" - shift - ;; - check|converge|create|dependency|destroy|idempotence|init|lint|list|login|matrix|prepare|side-effect|syntax|test|verify) - if [[ "$MOLECULE_CMD" != '' ]]; then - shift - else - MOLECULE_CMD="$1" - shift - for arg in "$@"; do - POST_ARGS+=("$arg") - done - break - fi - ;; - *) - PRE_ARGS+=("$1") - shift - ;; - esac - done - set -e -} - -detemine_versions() { - if [[ $USE_SYSTEM_DEPENDENCIES == false ]]; then - USE_SYSTEM_DEPENDENCIES="$MOLECULEW_USE_SYSTEM" - fi - if [[ $PYTHON_VERSION == '' ]]; then - PYTHON_VERSION="$MOLECULEW_PYTHON" - fi - if [[ $ANSIBLE_VERSION == '' ]]; then - ANSIBLE_VERSION="$MOLECULEW_ANSIBLE" - fi - if [[ $MOLECULE_VERSION == '' ]]; then - MOLECULE_VERSION="$MOLECULEW_MOLECULE" - fi - - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - if [[ $PYTHON_VERSION != '' ]]; then - echo "Error: --python and --use-system-dependencies cannot be used together" >&2 - exit 1 - fi - PYTHON_VERSION=system - elif [[ $PYTHON_VERSION == '' ]] || [[ $PYTHON_VERSION == 'default' ]]; then - if [[ -f $PYTHON_VERSION_FILE ]]; then - PYTHON_VERSION=$(<"$PYTHON_VERSION_FILE") - fi - if [[ $PYTHON_VERSION == '' ]]; then - query_latest_python_version2 - fi - elif [[ $PYTHON_VERSION == 'latest' ]] || [[ $PYTHON_VERSION == 'latest2' ]]; then - query_latest_python_version2 - elif [[ $PYTHON_VERSION == 'latest3' ]]; then - query_latest_python_version3 - fi - - if [[ $ANSIBLE_VERSION == '' ]] || [[ $ANSIBLE_VERSION == 'default' ]]; then - if [[ -f $ANSIBLE_VERSION_FILE ]]; then - ANSIBLE_VERSION=$(<"$ANSIBLE_VERSION_FILE") - fi - if [[ $ANSIBLE_VERSION == '' ]]; then - query_latest_package_version ANSIBLE_VERSION ansible - fi - elif [[ $ANSIBLE_VERSION == 'latest' ]]; then - query_latest_package_version ANSIBLE_VERSION ansible - fi - - if [[ $MOLECULE_VERSION == '' ]] || [[ $MOLECULE_VERSION == 'default' ]]; then - if [[ -f $MOLECULE_VERSION_FILE ]]; then - MOLECULE_VERSION=$(<$MOLECULE_VERSION_FILE) - fi - if [[ $MOLECULE_VERSION == '' ]]; then - query_latest_package_version MOLECULE_VERSION molecule - fi - elif [[ $MOLECULE_VERSION == 'latest' ]]; then - query_latest_package_version MOLECULE_VERSION molecule - fi -} - -activate_virtualenv() { - detemine_versions - - MOLECULE_WRAPPER_ENV="$HOME/.moleculew/molecule/$MOLECULE_VERSION/ansible/$ANSIBLE_VERSION/python/$PYTHON_VERSION" - - if [ ! -f "$MOLECULE_WRAPPER_ENV/bin/activate" ]; then - - build_dependencies_present - - docker_present - - python_present - - virtualenv_presant - - banner "Initializing virtualenv $MOLECULE_WRAPPER_ENV" - virtualenv "--python=$PYTHON_EXE" "$MOLECULE_WRAPPER_ENV" - # shellcheck disable=SC1090 - source "$MOLECULE_WRAPPER_ENV/bin/activate" - echo '' - - install_ansible - - install_molecule - else - # shellcheck disable=SC1090 - source "$MOLECULE_WRAPPER_ENV/bin/activate" - fi -} - -parse_args "$@" - -case $MOLECULE_CMD in - wrapper-clean) - wrapper_clean - ;; - wrapper-freeze) - wrapper_freeze - ;; - wrapper-help) - wrapper_help - ;; - wrapper-install) - activate_virtualenv - ;; - wrapper-options-ansible) - wrapper_options_ansible - ;; - wrapper-options-molecule) - wrapper_options_molecule - ;; - wrapper-options-python) - wrapper_options_python - ;; - wrapper-options-scenario) - wrapper_options_scenario - ;; - wrapper-unfreeze) - wrapper_unfreeze - ;; - wrapper-upgrade) - wrapper_upgrade - ;; - wrapper-upgrade-versions) - wrapper_upgrade_versions - ;; - wrapper-version) - wrapper_version - ;; - wrapper-versions) - wrapper_versions - ;; - wrapper-virtualenv) - wrapper_virtualenv - ;; - wrapper-*) - echo "Unsupported command: $1" >&2 - exit 1 - ;; - *) - activate_virtualenv - - # shellcheck disable=SC2086 - exec molecule "${PRE_ARGS[@]}" $MOLECULE_CMD "${POST_ARGS[@]}" - ;; -esac diff --git a/roles/gantsign.ctop/tasks/main.yml b/roles/gantsign.ctop/tasks/main.yml deleted file mode 100644 index d14549ca..00000000 --- a/roles/gantsign.ctop/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: create download directory - file: - state: directory - mode: 'u=rwx,go=rx' - dest: '{{ ctop_download_dir }}' - -- name: download ctop - get_url: - url: '{{ ctop_mirror }}/{{ ctop_redis_filename }}' - dest: '{{ ctop_download_dir }}/{{ ctop_redis_filename }}' - checksum: 'sha256:{{ ctop_redis_sha256sum }}' - mode: 'u=rw,go=r' - -- name: create the ctop installation dir - become: yes - file: - state: directory - owner: root - group: root - mode: 'u=rwx,go=rx' - dest: '{{ ctop_install_dir }}' - -- name: install ctop - become: yes - copy: - src: '{{ ctop_download_dir }}/{{ ctop_redis_filename }}' - remote_src: yes - dest: '{{ ctop_install_path }}' - force: yes - mode: 'u=rwx,go=rx' diff --git a/roles/gantsign.ctop/vars/main.yml b/roles/gantsign.ctop/vars/main.yml deleted file mode 100644 index 1afc4eec..00000000 --- a/roles/gantsign.ctop/vars/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Dir where ctop should be installed -ctop_install_dir: '/usr/local/bin' - -# Path where ctop should be installed -ctop_install_path: '{{ ctop_install_dir }}/ctop' - -# Mirror to download the ctop from -ctop_mirror: 'https://github.com/bcicen/ctop/releases/download/v{{ ctop_version }}' - -# The OS of the ctop redistributable -ctop_os: 'linux' - -# The CPU architecture of the ctop redistributable -ctop_architecture: 'amd64' - -# File name of the ctop redistributable file -ctop_redis_filename: 'ctop-{{ ctop_version }}-{{ ctop_os }}-{{ ctop_architecture }}' diff --git a/roles/geerlingguy.ansible b/roles/geerlingguy.ansible new file mode 160000 index 00000000..adf22d8c --- /dev/null +++ b/roles/geerlingguy.ansible @@ -0,0 +1 @@ +Subproject commit adf22d8c735670a8323f118de6bc37ba6b67f86e diff --git a/roles/geerlingguy.ansible/.ansible-lint b/roles/geerlingguy.ansible/.ansible-lint deleted file mode 100644 index 55572942..00000000 --- a/roles/geerlingguy.ansible/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - '106' diff --git a/roles/geerlingguy.ansible/.github/FUNDING.yml b/roles/geerlingguy.ansible/.github/FUNDING.yml deleted file mode 100644 index 96b49383..00000000 --- a/roles/geerlingguy.ansible/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.ansible/.github/stale.yml b/roles/geerlingguy.ansible/.github/stale.yml deleted file mode 100644 index c7ff1275..00000000 --- a/roles/geerlingguy.ansible/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.ansible/.gitignore b/roles/geerlingguy.ansible/.gitignore deleted file mode 100644 index f56f5b57..00000000 --- a/roles/geerlingguy.ansible/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/geerlingguy.ansible/.travis.yml b/roles/geerlingguy.ansible/.travis.yml deleted file mode 100644 index ca44399e..00000000 --- a/roles/geerlingguy.ansible/.travis.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: ansible - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: fedora32 - # See: https://github.com/geerlingguy/ansible-role-ansible/issues/18 - # - MOLECULE_DISTRO: ubuntu2004 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - - - MOLECULE_DISTRO: centos8 - MOLECULE_PLAYBOOK: playbook-pip.yml - -before_install: - # Upgrade Docker to work with docker-py. - - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash - -install: - # Install test dependencies. - - pip install molecule yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.ansible/.yamllint b/roles/geerlingguy.ansible/.yamllint deleted file mode 100644 index 76a383c6..00000000 --- a/roles/geerlingguy.ansible/.yamllint +++ /dev/null @@ -1,10 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml diff --git a/roles/geerlingguy.ansible/LICENSE b/roles/geerlingguy.ansible/LICENSE deleted file mode 100644 index 4275cf3c..00000000 --- a/roles/geerlingguy.ansible/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.ansible/README.md b/roles/geerlingguy.ansible/README.md deleted file mode 100644 index c9bd5046..00000000 --- a/roles/geerlingguy.ansible/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# Ansible Role: Ansible - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-ansible.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-ansible) - -An Ansible Role that installs Ansible on Linux servers. - -## Requirements - -If using on a RedHat/CentOS-based host, make sure you've added the EPEL repository (it can easily be installed by including the `geerlingguy.repo-epel` role on Ansible Galaxy). - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - ansible_install_method: package - -Whether to install Ansible via the system `package` manager (`apt`, `yum`, `dnf`, etc.), or via `pip`. If set to `pip`, you need to make sure Pip is installed prior to running this role. You can use the `geerlingguy.pip` module to install Pip easily. - - ansible_install_version_pip: '' - -If `ansible_install_method` is set to `pip`, the specific Ansible version to be installed via Pip. If not set, the latest version of Ansible will be installed. - -## Dependencies - -None. - -## Example Playbook - -Install from the system package manager: - - - hosts: servers - roles: - - role: geerlingguy.ansible - -Install from pip: - - - hosts: servers - vars: - ansible_install_method: pip - ansible_install_version_pip: "2.7.0" - roles: - - role: geerlingguy.pip - - role: geerlingguy.ansible - -## License - -MIT / BSD - -## Author Information - -This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.ansible/defaults/main.yml b/roles/geerlingguy.ansible/defaults/main.yml deleted file mode 100644 index 5898c332..00000000 --- a/roles/geerlingguy.ansible/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -ansible_default_release: "" - -# Valid options include: 'package' or 'pip'. -ansible_install_method: package - -# Used only if ansible_install_method is 'pip'. If empty, defaults to latest. -ansible_install_version_pip: '' diff --git a/roles/geerlingguy.ansible/meta/main.yml b/roles/geerlingguy.ansible/meta/main.yml deleted file mode 100644 index 4ae9541b..00000000 --- a/roles/geerlingguy.ansible/meta/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - author: geerlingguy - description: Ansible for RedHat/CentOS/Debian/Ubuntu. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - all - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - galaxy_tags: - - system - - packaging - - development - - cloud - - ansible - - automation diff --git a/roles/geerlingguy.ansible/molecule/default/converge.yml b/roles/geerlingguy.ansible/molecule/default/converge.yml deleted file mode 100644 index 7adc54e3..00000000 --- a/roles/geerlingguy.ansible/molecule/default/converge.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=300 - when: ansible_os_family == 'Debian' - - roles: - - role: geerlingguy.ansible diff --git a/roles/geerlingguy.ansible/molecule/default/molecule.yml b/roles/geerlingguy.ansible/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd1..00000000 --- a/roles/geerlingguy.ansible/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.ansible/molecule/default/playbook-pip.yml b/roles/geerlingguy.ansible/molecule/default/playbook-pip.yml deleted file mode 100644 index 60e298ef..00000000 --- a/roles/geerlingguy.ansible/molecule/default/playbook-pip.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - ansible_install_method: pip - ansible_install_version_pip: "2.6.2" - - roles: - - role: geerlingguy.pip - - role: geerlingguy.ansible diff --git a/roles/geerlingguy.ansible/molecule/default/requirements.yml b/roles/geerlingguy.ansible/molecule/default/requirements.yml deleted file mode 100644 index 963f84b2..00000000 --- a/roles/geerlingguy.ansible/molecule/default/requirements.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- role: geerlingguy.pip diff --git a/roles/geerlingguy.ansible/tasks/main.yml b/roles/geerlingguy.ansible/tasks/main.yml deleted file mode 100644 index 5b7bbddc..00000000 --- a/roles/geerlingguy.ansible/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: Set the package state based on how Ansible is installed. - set_fact: - ansible_package_state: "{{ 'present' if ansible_install_method == 'package' else 'absent' }}" - -# Setup/install tasks. -- name: Set up Ansible on RedHat. - include_tasks: setup-RedHat.yml - when: - - ansible_os_family == 'RedHat' - - ansible_distribution != 'Fedora' - - ansible_install_method == 'package' - -- name: Set up Ansible on Fedora. - include_tasks: setup-Fedora.yml - when: - - ansible_distribution == 'Fedora' - - ansible_install_method == 'package' - -- name: Set up Ansible on Ubuntu. - include_tasks: setup-Ubuntu.yml - when: - - ansible_distribution == 'Ubuntu' - - ansible_install_method == 'package' - -- name: Set up Ansible on Debian. - include_tasks: setup-Debian.yml - when: - - ansible_distribution == 'Debian' - - ansible_install_method == 'package' - -- name: Set up Ansible using Pip. - include_tasks: setup-pip.yml - when: ansible_install_method == 'pip' diff --git a/roles/geerlingguy.ansible/tasks/setup-Debian.yml b/roles/geerlingguy.ansible/tasks/setup-Debian.yml deleted file mode 100644 index fb6911d7..00000000 --- a/roles/geerlingguy.ansible/tasks/setup-Debian.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Enable Backports repository. - apt_repository: - repo: >- - deb http://ftp.debian.org/debian - {{ ansible_distribution_release }}-backports main' - state: present - filename: "{{ ansible_distribution_release }}_backports" - update_cache: true - when: ansible_distribution_version | int < 9 - -- name: Set the default_release option for older Debian versions. - set_fact: - ansible_default_release: "{{ ansible_distribution_release }}-backports" - when: ansible_distribution_version | int < 9 - -- name: Install Ansible. - apt: - name: ansible - state: "{{ ansible_package_state }}" - default_release: "{{ ansible_default_release }}" diff --git a/roles/geerlingguy.ansible/tasks/setup-Fedora.yml b/roles/geerlingguy.ansible/tasks/setup-Fedora.yml deleted file mode 100644 index 7d56261d..00000000 --- a/roles/geerlingguy.ansible/tasks/setup-Fedora.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Install Ansible. - package: - name: ansible - state: "{{ ansible_package_state }}" diff --git a/roles/geerlingguy.ansible/tasks/setup-RedHat.yml b/roles/geerlingguy.ansible/tasks/setup-RedHat.yml deleted file mode 100644 index 170f243b..00000000 --- a/roles/geerlingguy.ansible/tasks/setup-RedHat.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Install Ansible. - package: - name: ansible - state: "{{ ansible_package_state }}" - enablerepo: epel diff --git a/roles/geerlingguy.ansible/tasks/setup-Ubuntu.yml b/roles/geerlingguy.ansible/tasks/setup-Ubuntu.yml deleted file mode 100644 index 23b972df..00000000 --- a/roles/geerlingguy.ansible/tasks/setup-Ubuntu.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Ensure dirmngr is installed (gnupg dependency). - apt: - name: dirmngr - state: present - -- name: Add ansible repository. - apt_repository: - repo: 'ppa:ansible/ansible' - update_cache: true - -- name: Install Ansible. - apt: - name: ansible - state: "{{ ansible_package_state }}" diff --git a/roles/geerlingguy.ansible/tasks/setup-pip.yml b/roles/geerlingguy.ansible/tasks/setup-pip.yml deleted file mode 100644 index a91049bd..00000000 --- a/roles/geerlingguy.ansible/tasks/setup-pip.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Install Ansible via Pip. - pip: - name: ansible - version: "{{ ansible_install_version_pip | default(omit) }}" diff --git a/roles/geerlingguy.docker b/roles/geerlingguy.docker new file mode 160000 index 00000000..e5adc9a5 --- /dev/null +++ b/roles/geerlingguy.docker @@ -0,0 +1 @@ +Subproject commit e5adc9a5289c02cc1c7044460deb1ab59a5971f9 diff --git a/roles/geerlingguy.docker/.ansible-lint b/roles/geerlingguy.docker/.ansible-lint deleted file mode 100644 index 47785641..00000000 --- a/roles/geerlingguy.docker/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - '306' diff --git a/roles/geerlingguy.docker/.github/FUNDING.yml b/roles/geerlingguy.docker/.github/FUNDING.yml deleted file mode 100644 index 96b49383..00000000 --- a/roles/geerlingguy.docker/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.docker/.github/stale.yml b/roles/geerlingguy.docker/.github/stale.yml deleted file mode 100644 index 3ac21f9a..00000000 --- a/roles/geerlingguy.docker/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale ---- -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.docker/.gitignore b/roles/geerlingguy.docker/.gitignore deleted file mode 100644 index f56f5b57..00000000 --- a/roles/geerlingguy.docker/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/geerlingguy.docker/.travis.yml b/roles/geerlingguy.docker/.travis.yml deleted file mode 100644 index 40c8f5b9..00000000 --- a/roles/geerlingguy.docker/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: docker - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: ubuntu2004 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: ubuntu1604 - - MOLECULE_DISTRO: debian10 - - MOLECULE_DISTRO: debian9 - - MOLECULE_DISTRO: fedora31 - -install: - # Install test dependencies. - - pip install molecule yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.docker/.yamllint b/roles/geerlingguy.docker/.yamllint deleted file mode 100644 index 7aeec5a4..00000000 --- a/roles/geerlingguy.docker/.yamllint +++ /dev/null @@ -1,6 +0,0 @@ ---- -extends: default -rules: - line-length: - max: 200 - level: warning diff --git a/roles/geerlingguy.docker/LICENSE b/roles/geerlingguy.docker/LICENSE deleted file mode 100644 index 4275cf3c..00000000 --- a/roles/geerlingguy.docker/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.docker/README.md b/roles/geerlingguy.docker/README.md deleted file mode 100644 index e6e9e43f..00000000 --- a/roles/geerlingguy.docker/README.md +++ /dev/null @@ -1,97 +0,0 @@ -# Ansible Role: Docker - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-docker.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-docker) - -An Ansible Role that installs [Docker](https://www.docker.com) on Linux. - -## Requirements - -None. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). - docker_edition: 'ce' - docker_package: "docker-{{ docker_edition }}" - docker_package_state: present - -The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-`; Debian/Ubuntu: `docker-{{ docker_edition }}=`. - -You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). - - docker_service_state: started - docker_service_enabled: true - docker_restart_handler_state: restarted - -Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`. - - docker_install_compose: true - docker_compose_version: "1.26.0" - docker_compose_path: /usr/local/bin/docker-compose - -Docker Compose installation options. - - docker_apt_release_channel: stable - docker_apt_arch: amd64 - docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" - docker_apt_ignore_key_error: True - docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -(Used only for Debian/Ubuntu.) You can switch the channel to `edge` if you want to use the Edge release. - -You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_apt_repository` as well. - - docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo - docker_yum_repo_enable_edge: '0' - docker_yum_repo_enable_test: '0' - docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -(Used only for RedHat/CentOS.) You can enable the Edge or Test repo by setting the respective vars to `1`. - -You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. -Usually in combination with changing `docker_yum_repository` as well. - - docker_users: - - user1 - - user2 - -A list of system users to be added to the `docker` group (so they can use Docker on the server). - -## Use with Ansible (and `docker` Python library) - -Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: - -```yaml -- hosts: all - - vars: - pip_install_packages: - - name: docker - - roles: - - geerlingguy.pip - - geerlingguy.docker -``` - -## Dependencies - -None. - -## Example Playbook - -```yaml -- hosts: all - roles: - - geerlingguy.docker -``` - -## License - -MIT / BSD - -## Author Information - -This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.docker/defaults/main.yml b/roles/geerlingguy.docker/defaults/main.yml deleted file mode 100644 index fc8d79e8..00000000 --- a/roles/geerlingguy.docker/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). -docker_edition: 'ce' -docker_package: "docker-{{ docker_edition }}" -docker_package_state: present - -# Service options. -docker_service_state: started -docker_service_enabled: true -docker_restart_handler_state: restarted - -# Docker Compose options. -docker_install_compose: true -docker_compose_version: "1.26.0" -docker_compose_path: /usr/local/bin/docker-compose - -# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed. -docker_apt_release_channel: stable -docker_apt_arch: amd64 -docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" -docker_apt_ignore_key_error: true -docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg - -# Used only for RedHat/CentOS/Fedora. -docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo -docker_yum_repo_enable_edge: '0' -docker_yum_repo_enable_test: '0' -docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg - -# A list of users who will be added to the docker group. -docker_users: [] diff --git a/roles/geerlingguy.docker/handlers/main.yml b/roles/geerlingguy.docker/handlers/main.yml deleted file mode 100644 index 7847bc1c..00000000 --- a/roles/geerlingguy.docker/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart docker - service: "name=docker state={{ docker_restart_handler_state }}" diff --git a/roles/geerlingguy.docker/meta/main.yml b/roles/geerlingguy.docker/meta/main.yml deleted file mode 100644 index fc017275..00000000 --- a/roles/geerlingguy.docker/meta/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: docker - author: geerlingguy - description: Docker for Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - 7 - - 8 - - name: Fedora - versions: - - all - - name: Debian - versions: - - stretch - - buster - - name: Ubuntu - versions: - - xenial - - bionic - - focal - galaxy_tags: - - web - - system - - containers - - docker - - orchestration - - compose - - server diff --git a/roles/geerlingguy.docker/molecule/default/converge.yml b/roles/geerlingguy.docker/molecule/default/converge.yml deleted file mode 100644 index 629095b2..00000000 --- a/roles/geerlingguy.docker/molecule/default/converge.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Wait for systemd to complete initialization. # noqa 303 - command: systemctl is-system-running - register: systemctl_status - until: > - 'running' in systemctl_status.stdout or - 'degraded' in systemctl_status.stdout - retries: 30 - delay: 5 - when: ansible_service_mgr == 'systemd' - changed_when: false - failed_when: systemctl_status.rc > 1 - - roles: - - role: geerlingguy.docker diff --git a/roles/geerlingguy.docker/molecule/default/molecule.yml b/roles/geerlingguy.docker/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd1..00000000 --- a/roles/geerlingguy.docker/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.docker/tasks/docker-compose.yml b/roles/geerlingguy.docker/tasks/docker-compose.yml deleted file mode 100644 index 92cf4f27..00000000 --- a/roles/geerlingguy.docker/tasks/docker-compose.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Check current docker-compose version. - command: docker-compose --version - register: docker_compose_current_version - changed_when: false - failed_when: false - -- name: Delete existing docker-compose version if it's different. - file: - path: "{{ docker_compose_path }}" - state: absent - when: > - docker_compose_current_version.stdout is defined - and docker_compose_version not in docker_compose_current_version.stdout - -- name: Install Docker Compose (if configured). - get_url: - url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64 - dest: "{{ docker_compose_path }}" - mode: 0755 diff --git a/roles/geerlingguy.docker/tasks/docker-users.yml b/roles/geerlingguy.docker/tasks/docker-users.yml deleted file mode 100644 index b3b6e0f1..00000000 --- a/roles/geerlingguy.docker/tasks/docker-users.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Ensure docker users are added to the docker group. - user: - name: "{{ item }}" - groups: docker - append: true - with_items: "{{ docker_users }}" diff --git a/roles/geerlingguy.docker/tasks/main.yml b/roles/geerlingguy.docker/tasks/main.yml deleted file mode 100644 index 56449ef7..00000000 --- a/roles/geerlingguy.docker/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -- include_tasks: setup-RedHat.yml - when: ansible_os_family == 'RedHat' - -- include_tasks: setup-Debian.yml - when: ansible_os_family == 'Debian' - -- name: Install Docker. - package: - name: "{{ docker_package }}" - state: "{{ docker_package_state }}" - notify: restart docker - -- name: Ensure Docker is started and enabled at boot. - service: - name: docker - state: "{{ docker_service_state }}" - enabled: "{{ docker_service_enabled }}" - -- name: Ensure handlers are notified now to avoid firewall conflicts. - meta: flush_handlers - -- include_tasks: docker-compose.yml - when: docker_install_compose | bool - -- include_tasks: docker-users.yml - when: docker_users | length > 0 diff --git a/roles/geerlingguy.docker/tasks/setup-Debian.yml b/roles/geerlingguy.docker/tasks/setup-Debian.yml deleted file mode 100644 index fe695ac6..00000000 --- a/roles/geerlingguy.docker/tasks/setup-Debian.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-engine - state: absent - -- name: Ensure dependencies are installed. - apt: - name: - - apt-transport-https - - ca-certificates - - gnupg2 - state: present - -- name: Add Docker apt key. - apt_key: - url: "{{ docker_apt_gpg_key }}" - id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 - state: present - register: add_repository_key - ignore_errors: "{{ docker_apt_ignore_key_error }}" - -- name: Ensure curl is present (on older systems without SNI). - package: name=curl state=present - when: add_repository_key is failed - -- name: Add Docker apt key (alternative for older systems without SNI). - shell: > # noqa 306 306 - curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add - - args: - warn: false - when: add_repository_key is failed - -- name: Add Docker repository. - apt_repository: - repo: "{{ docker_apt_repository }}" - state: present - update_cache: true diff --git a/roles/geerlingguy.docker/tasks/setup-RedHat.yml b/roles/geerlingguy.docker/tasks/setup-RedHat.yml deleted file mode 100644 index 6ef41de5..00000000 --- a/roles/geerlingguy.docker/tasks/setup-RedHat.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Ensure old versions of Docker are not installed. - package: - name: - - docker - - docker-common - - docker-engine - state: absent - -- name: Add Docker GPG key. - rpm_key: - key: "{{ docker_yum_gpg_key }}" - state: present - -- name: Add Docker repository. - get_url: - url: "{{ docker_yum_repo_url }}" - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - owner: root - group: root - mode: 0644 - -- name: Configure Docker Edge repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-edge' - option: enabled - value: '{{ docker_yum_repo_enable_edge }}' - -- name: Configure Docker Test repo. - ini_file: - dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo' - section: 'docker-{{ docker_edition }}-test' - option: enabled - value: '{{ docker_yum_repo_enable_test }}' - -- name: Install containerd separately (CentOS 8). - package: - name: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.2.el7.x86_64.rpm - state: present - when: ansible_distribution_major_version | int == 8 diff --git a/roles/geerlingguy.dotfiles b/roles/geerlingguy.dotfiles new file mode 160000 index 00000000..82dbdbc7 --- /dev/null +++ b/roles/geerlingguy.dotfiles @@ -0,0 +1 @@ +Subproject commit 82dbdbc7a6462ee11f910758aab69943c54ebedb diff --git a/roles/geerlingguy.dotfiles/.ansible-lint b/roles/geerlingguy.dotfiles/.ansible-lint deleted file mode 100644 index 55572942..00000000 --- a/roles/geerlingguy.dotfiles/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - '106' diff --git a/roles/geerlingguy.dotfiles/.github/FUNDING.yml b/roles/geerlingguy.dotfiles/.github/FUNDING.yml deleted file mode 100644 index 96b49383..00000000 --- a/roles/geerlingguy.dotfiles/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.dotfiles/.github/stale.yml b/roles/geerlingguy.dotfiles/.github/stale.yml deleted file mode 100644 index c7ff1275..00000000 --- a/roles/geerlingguy.dotfiles/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.dotfiles/.github/workflows/ci.yml b/roles/geerlingguy.dotfiles/.github/workflows/ci.yml deleted file mode 100644 index c3a919c7..00000000 --- a/roles/geerlingguy.dotfiles/.github/workflows/ci.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -name: CI -'on': - pull_request: - push: - branches: - - master - schedule: - - cron: "0 5 * * 1" - -defaults: - run: - working-directory: 'geerlingguy.dotfiles' - -jobs: - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.dotfiles' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install yamllint ansible-lint - - - name: Lint code. - run: | - yamllint . - ansible-lint - - molecule: - name: Molecule - runs-on: ubuntu-latest - strategy: - matrix: - distro: - - centos7 - - ubuntu1804 - - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.dotfiles' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker - - - name: Run Molecule tests. - run: molecule test - env: - PY_COLORS: '1' - ANSIBLE_FORCE_COLOR: '1' - MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/geerlingguy.dotfiles/.github/workflows/release.yml b/roles/geerlingguy.dotfiles/.github/workflows/release.yml deleted file mode 100644 index 474eedee..00000000 --- a/roles/geerlingguy.dotfiles/.github/workflows/release.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# This workflow requires a GALAXY_API_KEY secret present in the GitHub -# repository or organization. -# -# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy -# See: https://github.com/ansible/galaxy/issues/46 - -name: Release -'on': - push: - tags: - - '*' - -defaults: - run: - working-directory: 'geerlingguy.dotfiles' - -jobs: - - release: - name: Release - runs-on: ubuntu-latest - steps: - - name: Check out the codebase. - uses: actions/checkout@v2 - with: - path: 'geerlingguy.dotfiles' - - - name: Set up Python 3. - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Ansible. - run: pip3 install ansible-base - - - name: Trigger a new import on Galaxy. - run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.dotfiles/.gitignore b/roles/geerlingguy.dotfiles/.gitignore deleted file mode 100644 index f56f5b57..00000000 --- a/roles/geerlingguy.dotfiles/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/geerlingguy.dotfiles/.yamllint b/roles/geerlingguy.dotfiles/.yamllint deleted file mode 100644 index f2033dd2..00000000 --- a/roles/geerlingguy.dotfiles/.yamllint +++ /dev/null @@ -1,11 +0,0 @@ ---- -extends: default - -rules: - line-length: - max: 120 - level: warning - -ignore: | - .github/stale.yml - .travis.yml diff --git a/roles/geerlingguy.dotfiles/LICENSE b/roles/geerlingguy.dotfiles/LICENSE deleted file mode 100644 index 4275cf3c..00000000 --- a/roles/geerlingguy.dotfiles/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.dotfiles/README.md b/roles/geerlingguy.dotfiles/README.md deleted file mode 100644 index c7b2a548..00000000 --- a/roles/geerlingguy.dotfiles/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# Ansible Role: Dotfiles - -[![CI](https://github.com/geerlingguy/ansible-role-dotfiles/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-dotfiles/actions?query=workflow%3ACI) - -Installs a set of dotfiles from a given Git repository. By default, it will install my (geerlingguy's) [dotfiles](https://github.com/geerlingguy/dotfiles), but you can use any set of dotfiles you'd like, as long as they follow a conventional format. - -## Requirements - -Requires `git` on the managed machine (you can easily install it with `geerlingguy.git` if required). - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - dotfiles_repo: "https://github.com/geerlingguy/dotfiles.git" - dotfiles_repo_version: master - -The git repository and branch/tag/commit hash to use for retrieving dotfiles. Dotfiles should generally be laid out within the root directory of the repository. - - dotfiles_repo_accept_hostkey: false - -Add the hostkey for the repo url if not already added. If ssh_opts contains "-o StrictHostKeyChecking=no", this parameter is ignored. - - dotfiles_repo_local_destination: "~/Documents/dotfiles" - -The local path where the `dotfiles_repo` will be cloned. - - dotfiles_home: "~" - -The home directory where dotfiles will be linked. Generally, the default should work, but in some circumstances, or when running the role as sudo on behalf of another user, you may want to specify the full path. - - dotfiles_files: - - .zshrc - - .gitignore - - .inputrc - - .vimrc - -Which files from the dotfiles repository should be linked to the `dotfiles_home`. - -## Dependencies - -None - -## Example Playbook - - - hosts: localhost - roles: - - { role: geerlingguy.dotfiles } - -## License - -MIT / BSD - -## Author Information - -This role was created in 2015 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.dotfiles/defaults/main.yml b/roles/geerlingguy.dotfiles/defaults/main.yml deleted file mode 100644 index fa7d2ef6..00000000 --- a/roles/geerlingguy.dotfiles/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -dotfiles_repo: "https://github.com/geerlingguy/dotfiles.git" -dotfiles_repo_version: master -dotfiles_repo_accept_hostkey: false -dotfiles_repo_local_destination: "~/Documents/dotfiles" - -dotfiles_home: "~" -dotfiles_files: - - .zshrc - - .gitignore - - .inputrc - - .vimrc diff --git a/roles/geerlingguy.dotfiles/meta/main.yml b/roles/geerlingguy.dotfiles/meta/main.yml deleted file mode 100644 index f08b72f5..00000000 --- a/roles/geerlingguy.dotfiles/meta/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: dotfiles - author: geerlingguy - description: Dotfile installation for UNIX/Linux. - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: 2.2 - platforms: - - name: GenericUNIX - versions: - - all - - any - - name: GenericBSD - versions: - - all - - any - - name: GenericLinux - versions: - - all - - any - galaxy_tags: - - development - - system - - dotfiles - - configuration diff --git a/roles/geerlingguy.dotfiles/molecule/default/converge.yml b/roles/geerlingguy.dotfiles/molecule/default/converge.yml deleted file mode 100644 index 41f0ba45..00000000 --- a/roles/geerlingguy.dotfiles/molecule/default/converge.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - pre_tasks: - - name: Update apt cache. - apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' - - roles: - - role: geerlingguy.git - - role: geerlingguy.dotfiles diff --git a/roles/geerlingguy.dotfiles/molecule/default/molecule.yml b/roles/geerlingguy.dotfiles/molecule/default/molecule.yml deleted file mode 100644 index 74907107..00000000 --- a/roles/geerlingguy.dotfiles/molecule/default/molecule.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.dotfiles/molecule/default/requirements.yml b/roles/geerlingguy.dotfiles/molecule/default/requirements.yml deleted file mode 100644 index 6208520d..00000000 --- a/roles/geerlingguy.dotfiles/molecule/default/requirements.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- src: geerlingguy.git diff --git a/roles/geerlingguy.dotfiles/tasks/main.yml b/roles/geerlingguy.dotfiles/tasks/main.yml deleted file mode 100644 index 9f4e7b33..00000000 --- a/roles/geerlingguy.dotfiles/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Ensure dotfiles repository is cloned locally. - git: - repo: "{{ dotfiles_repo }}" - dest: "{{ dotfiles_repo_local_destination }}" - version: "{{ dotfiles_repo_version }}" - depth: 1 - -- name: Ensure all configured dotfiles are links. - command: "ls -F {{ dotfiles_home }}/{{ item }}" - register: existing_dotfile_info - failed_when: false - check_mode: false - changed_when: false - with_items: "{{ dotfiles_files }}" - -- name: Remove existing dotfiles file if a replacement is being linked. - file: - path: "{{ dotfiles_home }}/{{ dotfiles_files[item.0] }}" - state: absent - when: "'@' not in item.1.stdout" - with_indexed_items: "{{ existing_dotfile_info.results }}" - -- name: Link dotfiles into home folder. - file: - src: "{{ dotfiles_repo_local_destination }}/{{ item }}" - dest: "{{ dotfiles_home }}/{{ item }}" - state: link - mode: 0644 - with_items: "{{ dotfiles_files }}" diff --git a/roles/geerlingguy.pip b/roles/geerlingguy.pip new file mode 160000 index 00000000..fd6d58a5 --- /dev/null +++ b/roles/geerlingguy.pip @@ -0,0 +1 @@ +Subproject commit fd6d58a5719a836e89ef64cf22176e37ca312e9c diff --git a/roles/geerlingguy.pip/.github/FUNDING.yml b/roles/geerlingguy.pip/.github/FUNDING.yml deleted file mode 100644 index 96b49383..00000000 --- a/roles/geerlingguy.pip/.github/FUNDING.yml +++ /dev/null @@ -1,4 +0,0 @@ -# These are supported funding model platforms ---- -github: geerlingguy -patreon: geerlingguy diff --git a/roles/geerlingguy.pip/.github/stale.yml b/roles/geerlingguy.pip/.github/stale.yml deleted file mode 100644 index c7ff1275..00000000 --- a/roles/geerlingguy.pip/.github/stale.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Configuration for probot-stale - https://github.com/probot/stale - -# Number of days of inactivity before an Issue or Pull Request becomes stale -daysUntilStale: 90 - -# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. -# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. -daysUntilClose: 30 - -# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) -onlyLabels: [] - -# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable -exemptLabels: - - pinned - - security - - planned - -# Set to true to ignore issues in a project (defaults to false) -exemptProjects: false - -# Set to true to ignore issues in a milestone (defaults to false) -exemptMilestones: false - -# Set to true to ignore issues with an assignee (defaults to false) -exemptAssignees: false - -# Label to use when marking as stale -staleLabel: stale - -# Limit the number of actions per hour, from 1-30. Default is 30 -limitPerRun: 30 - -pulls: - markComment: |- - This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. - - unmarkComment: >- - This pull request is no longer marked for closure. - - closeComment: >- - This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. - -issues: - markComment: |- - This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! - - Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. - - unmarkComment: >- - This issue is no longer marked for closure. - - closeComment: >- - This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.pip/.gitignore b/roles/geerlingguy.pip/.gitignore deleted file mode 100644 index f56f5b57..00000000 --- a/roles/geerlingguy.pip/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.retry -*/__pycache__ -*.pyc diff --git a/roles/geerlingguy.pip/.travis.yml b/roles/geerlingguy.pip/.travis.yml deleted file mode 100644 index e2770b1b..00000000 --- a/roles/geerlingguy.pip/.travis.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -language: python -services: docker - -env: - global: - - ROLE_NAME: pip - matrix: - - MOLECULE_DISTRO: centos8 - - MOLECULE_DISTRO: centos7 - - MOLECULE_DISTRO: fedora32 - - MOLECULE_DISTRO: ubuntu2004 - - MOLECULE_DISTRO: ubuntu1804 - - MOLECULE_DISTRO: debian10 - -install: - # Install test dependencies. - - pip install molecule yamllint ansible-lint docker - -before_script: - # Use actual Ansible Galaxy role name for the project directory. - - cd ../ - - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME - - cd geerlingguy.$ROLE_NAME - -script: - # Run tests. - - molecule test - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/geerlingguy.pip/.yamllint b/roles/geerlingguy.pip/.yamllint deleted file mode 100644 index a3dbc38e..00000000 --- a/roles/geerlingguy.pip/.yamllint +++ /dev/null @@ -1,6 +0,0 @@ ---- -extends: default -rules: - line-length: - max: 120 - level: warning diff --git a/roles/geerlingguy.pip/LICENSE b/roles/geerlingguy.pip/LICENSE deleted file mode 100644 index 4275cf3c..00000000 --- a/roles/geerlingguy.pip/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2017 Jeff Geerling - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.pip/README.md b/roles/geerlingguy.pip/README.md deleted file mode 100644 index 5353e555..00000000 --- a/roles/geerlingguy.pip/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# Ansible Role: Pip (for Python) - -[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-pip.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-pip) - -An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux. - -## Requirements - -On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed. - -## Role Variables - -Available variables are listed below, along with default values (see `defaults/main.yml`): - - pip_package: python3-pip - -The name of the packge to install to get `pip` on the system. For older systems that don't have Python 3 available, you can set this to `python-pip`. - - pip_executable: pip3 - -The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`. - - pip_install_packages: [] - -A list of packages to install with pip. Examples below: - - pip_install_packages: - # Specify names and versions. - - name: docker - version: "1.2.3" - - name: awscli - version: "1.11.91" - - # Or specify bare packages to get the latest release. - - docker - - awscli - - # Or uninstall a package. - - name: docker - state: absent - - # Or update a package ot the latest version. - - name: docker - state: latest - - # Or force a reinstall. - - name: docker - state: forcereinstall - - # Or install a package in a particular virtualenv. - - name: docker - virtualenv: /my_app/venv - -## Dependencies - -None. - -## Example Playbook - - - hosts: all - - vars: - pip_install_packages: - - name: docker - - name: awscli - - roles: - - geerlingguy.pip - -## License - -MIT / BSD - -## Author Information - -This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.pip/defaults/main.yml b/roles/geerlingguy.pip/defaults/main.yml deleted file mode 100644 index e51000ba..00000000 --- a/roles/geerlingguy.pip/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# For Python 3, use python3-pip. -pip_package: python3-pip -pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}" - -pip_install_packages: [] diff --git a/roles/geerlingguy.pip/meta/main.yml b/roles/geerlingguy.pip/meta/main.yml deleted file mode 100644 index 908669d9..00000000 --- a/roles/geerlingguy.pip/meta/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -dependencies: [] - -galaxy_info: - role_name: pip - author: geerlingguy - description: Pip (Python package manager) for Linux. - issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues - company: "Midwestern Mac, LLC" - license: "MIT" - min_ansible_version: 2.4 - platforms: - - name: EL - versions: - - all - - name: Fedora - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - galaxy_tags: - - system - - server - - packaging - - python - - pip - - tools diff --git a/roles/geerlingguy.pip/molecule/default/converge.yml b/roles/geerlingguy.pip/molecule/default/converge.yml deleted file mode 100644 index e0151a53..00000000 --- a/roles/geerlingguy.pip/molecule/default/converge.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - - vars: - pip_install_packages: - # Test installing a specific version of a package. - - name: ipaddress - version: "1.0.18" - # Test installing a package by name. - - colorama - - pre_tasks: - - name: Update apt cache. - apt: update_cache=true cache_valid_time=600 - when: ansible_os_family == 'Debian' - - - name: Set package name for older OSes. - set_fact: - pip_package: python-pip - when: > - (ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8) - or (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10) - or (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18) - - roles: - - role: geerlingguy.pip diff --git a/roles/geerlingguy.pip/molecule/default/molecule.yml b/roles/geerlingguy.pip/molecule/default/molecule.yml deleted file mode 100644 index 2da47dd1..00000000 --- a/roles/geerlingguy.pip/molecule/default/molecule.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -dependency: - name: galaxy -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint -platforms: - - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" - command: ${MOLECULE_DOCKER_COMMAND:-""} - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - pre_build_image: true -provisioner: - name: ansible - playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.pip/tasks/main.yml b/roles/geerlingguy.pip/tasks/main.yml deleted file mode 100644 index dda7fac9..00000000 --- a/roles/geerlingguy.pip/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Ensure Pip is installed. - package: - name: "{{ pip_package }}" - state: present - -- name: Ensure pip_install_packages are installed. - pip: - name: "{{ item.name | default(item) }}" - version: "{{ item.version | default(omit) }}" - virtualenv: "{{ item.virtualenv | default(omit) }}" - state: "{{ item.state | default(omit) }}" - executable: "{{ pip_executable }}" - with_items: "{{ pip_install_packages }}" diff --git a/roles/hedii.youtube-dl b/roles/hedii.youtube-dl new file mode 160000 index 00000000..a7fe6c7f --- /dev/null +++ b/roles/hedii.youtube-dl @@ -0,0 +1 @@ +Subproject commit a7fe6c7f69863830a0a406281f64cd75d3d1201e diff --git a/roles/hedii.youtube-dl/.gitignore b/roles/hedii.youtube-dl/.gitignore deleted file mode 100644 index 5890704a..00000000 --- a/roles/hedii.youtube-dl/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -.idea/ -.DS_Store -tests/test.retry \ No newline at end of file diff --git a/roles/hedii.youtube-dl/.travis.yml b/roles/hedii.youtube-dl/.travis.yml deleted file mode 100644 index f3bed673..00000000 --- a/roles/hedii.youtube-dl/.travis.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -language: python -python: "2.7" - -# Use the new container infrastructure -sudo: true - -# Install ansible -addons: - apt: - packages: - - python-pip - -install: - # Install ansible - - pip install ansible - - # Check ansible version - - ansible --version - - # Create ansible.cfg with correct roles_path - - printf '[defaults]\nroles_path=../' >ansible.cfg - -script: - # Basic role syntax check - - ansible-playbook tests/test.yml -i tests/inventory --syntax-check - - # Run the role/playbook with ansible-playbook - - ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo - - # Run the role/playbook again, checking to make sure it's idempotent - - > - ansible-playbook -i tests/inventory tests/test.yml --connection=local --sudo - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # Check if youtube-dl is installed and working. - - youtube-dl --version - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/hedii.youtube-dl/LICENSE b/roles/hedii.youtube-dl/LICENSE deleted file mode 100644 index 3dfb5c50..00000000 --- a/roles/hedii.youtube-dl/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2016 hedii - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/roles/hedii.youtube-dl/README.md b/roles/hedii.youtube-dl/README.md deleted file mode 100644 index abb939e5..00000000 --- a/roles/hedii.youtube-dl/README.md +++ /dev/null @@ -1,51 +0,0 @@ -Ansible role: youtube-dl -======================== - -[![Build Status](https://travis-ci.org/hedii/ansible-role-youtube-dl.svg?branch=master)](https://travis-ci.org/hedii/ansible-role-youtube-dl) - -Installs [youtube-dl](https://github.com/rg3/youtube-dl) on any Linux or UNIX system. - -Youtube-dl is a small command-line program to download videos from YouTube.com and other video platforms. - -Requirements ------------- - -None. - -Role Variables --------------- - -Available variables are listed below, along with default values (see `defaults/main.yml`) - -```yml -# The path where youtube-dl executable will be installed. -# It is recommended to not change this path. -youtubedl_executable_path: "/usr/local/bin/youtube-dl" - -# Do we need to update youtube-dl if it is already installed? -youtubedl_update: false -``` - - -Dependencies ------------- - -None. - -Example Playbook ----------------- -```yml -- hosts: servers - roles: - - hedii.youtube-dl -``` - -License -------- - -MIT - -Author Information ------------------- - -[Hedi Chaibi](https://hedichaibi.com) diff --git a/roles/hedii.youtube-dl/defaults/main.yml b/roles/hedii.youtube-dl/defaults/main.yml deleted file mode 100644 index ae12afa0..00000000 --- a/roles/hedii.youtube-dl/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# The path where youtube-dl executable will be installed. -# It is recommended to not change this path. -youtubedl_executable_path: "/usr/local/bin/youtube-dl" - -# Do we need to update youtube-dl if it is already installed? -youtubedl_update: false \ No newline at end of file diff --git a/roles/hedii.youtube-dl/handlers/main.yml b/roles/hedii.youtube-dl/handlers/main.yml deleted file mode 100644 index 9e11583b..00000000 --- a/roles/hedii.youtube-dl/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for ansible-role-youtube-dl diff --git a/roles/hedii.youtube-dl/meta/main.yml b/roles/hedii.youtube-dl/meta/main.yml deleted file mode 100644 index d8f7e785..00000000 --- a/roles/hedii.youtube-dl/meta/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -galaxy_info: - author: hedii - description: Youtube-dl installation for Linux/UNIX. - company: hedii - license: MIT - min_ansible_version: 2.0 - platforms: - - name: EL - versions: - - all - - name: GenericUNIX - versions: - - all - - name: Ubuntu - versions: - - all - - name: GenericLinux - versions: - - all - - name: Debian - versions: - - all - galaxy_tags: - - system -dependencies: [] \ No newline at end of file diff --git a/roles/hedii.youtube-dl/tasks/main.yml b/roles/hedii.youtube-dl/tasks/main.yml deleted file mode 100644 index b84f2116..00000000 --- a/roles/hedii.youtube-dl/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Check if youtube-dl is already installed - stat: - path: "{{ youtubedl_executable_path }}" - register: youtubedl_bin - -- name: Download from source move to executables folder and set permissions - get_url: - url: http://yt-dl.org/latest/youtube-dl - dest: "{{ youtubedl_executable_path }}" - mode: 0755 - force: yes - when: not youtubedl_bin.stat.exists - -- name: Update youtube-dl - command: youtube-dl -U - register: youtubedl_update_out - when: youtubedl_bin.stat.exists and youtubedl_update - changed_when: "'Updated youtube-dl.' in youtubedl_update_out.stdout" - failed_when: "'ERROR:' in youtubedl_update_out.stdout" - ignore_errors: true diff --git a/roles/hedii.youtube-dl/tests/inventory b/roles/hedii.youtube-dl/tests/inventory deleted file mode 100644 index d18580b3..00000000 --- a/roles/hedii.youtube-dl/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost \ No newline at end of file diff --git a/roles/hedii.youtube-dl/tests/test.yml b/roles/hedii.youtube-dl/tests/test.yml deleted file mode 100644 index 6fa5bfde..00000000 --- a/roles/hedii.youtube-dl/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - ansible-role-youtube-dl \ No newline at end of file diff --git a/roles/hedii.youtube-dl/vars/main.yml b/roles/hedii.youtube-dl/vars/main.yml deleted file mode 100644 index 85968809..00000000 --- a/roles/hedii.youtube-dl/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for ansible-role-youtube-dl diff --git a/roles/ironicbadger.proxmox-nag-removal b/roles/ironicbadger.proxmox-nag-removal new file mode 160000 index 00000000..456f5861 --- /dev/null +++ b/roles/ironicbadger.proxmox-nag-removal @@ -0,0 +1 @@ +Subproject commit 456f5861ca19d653df7fe9f29f4904ffb0ccc937 diff --git a/roles/ironicbadger.proxmox-nag-removal/README.md b/roles/ironicbadger.proxmox-nag-removal/README.md deleted file mode 100644 index ed5dd9cb..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# ironicbadger/ansible-role-proxmox-nag-removal - -This role removes the obnoxious Proxmox 'please subscribe' dialog box from a non subscribed server. It will also by default ensure that the enterprise repos are disabled. - -Tested and working with Proxmo 5.4-4. \ No newline at end of file diff --git a/roles/ironicbadger.proxmox-nag-removal/defaults/main.yml b/roles/ironicbadger.proxmox-nag-removal/defaults/main.yml deleted file mode 100644 index 86327f16..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- - -remove_nag: True -remove_enterprise_repo: True \ No newline at end of file diff --git a/roles/ironicbadger.proxmox-nag-removal/handlers/main.yml b/roles/ironicbadger.proxmox-nag-removal/handlers/main.yml deleted file mode 100644 index 40fdea31..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: restart pveproxy - service: - name: pveproxy - state: restarted \ No newline at end of file diff --git a/roles/ironicbadger.proxmox-nag-removal/meta/main.yml b/roles/ironicbadger.proxmox-nag-removal/meta/main.yml deleted file mode 100644 index d8d6d4ae..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/meta/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -galaxy_info: - author: Alex Kretzschmar - description: Removes Proxmox nag screen - issue_tracker_url: https://github.com/ironicbadger/ansible-role-proxmox-nag-removal/issues - license: GPLv2 - min_ansible_version: 2.7 - platforms: - - name: Debian - versions: - - all - galaxy_tags: - - system - - web diff --git a/roles/ironicbadger.proxmox-nag-removal/tasks/main.yml b/roles/ironicbadger.proxmox-nag-removal/tasks/main.yml deleted file mode 100644 index 09bcfcff..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- name: removes subscription nag box - include: remove-nag.yml - when: remove_nag - -- name: remove enterprise repos - include: remove-enterprise-repo.yml - when: remove_enterprise_repo diff --git a/roles/ironicbadger.proxmox-nag-removal/tasks/remove-enterprise-repo.yml b/roles/ironicbadger.proxmox-nag-removal/tasks/remove-enterprise-repo.yml deleted file mode 100644 index 0cba8ed7..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/tasks/remove-enterprise-repo.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- - -- name: Ensure enterprise repo file is not present - file: - path: /etc/apt/sources.list.d/pve-enterprise.list - state: absent diff --git a/roles/ironicbadger.proxmox-nag-removal/tasks/remove-nag.yml b/roles/ironicbadger.proxmox-nag-removal/tasks/remove-nag.yml deleted file mode 100644 index abeec0e3..00000000 --- a/roles/ironicbadger.proxmox-nag-removal/tasks/remove-nag.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - -- name: backup up original file - copy: - remote_src: True - src: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js - dest: "/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js.bak-{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" - -- name: modify line which performs license check - replace: - path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js - regexp: "data.status \\!== \\'Active\\'" - replace: "false" - notify: restart pveproxy \ No newline at end of file diff --git a/roles/nickjj.ansible-user b/roles/nickjj.ansible-user new file mode 160000 index 00000000..1612f6a0 --- /dev/null +++ b/roles/nickjj.ansible-user @@ -0,0 +1 @@ +Subproject commit 1612f6a06216665cbec2ae8643c759b9962bbf36 diff --git a/roles/nickjj.ansible-user/.gitignore b/roles/nickjj.ansible-user/.gitignore deleted file mode 100644 index 59053d40..00000000 --- a/roles/nickjj.ansible-user/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -.DS_Store -*/**.DS_Store -._* -.*.sw* -*~ -.idea/ -.vscode/ -*.retry diff --git a/roles/nickjj.ansible-user/.travis.yml b/roles/nickjj.ansible-user/.travis.yml deleted file mode 100644 index ebeda4b0..00000000 --- a/roles/nickjj.ansible-user/.travis.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- - -services: "docker" - -env: - - distro: "ubuntu1604" - - distro: "ubuntu1804" - - distro: "debian8" - - distro: "debian9" - -script: - # Download test shim. - - wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/nickjj/d12353b5b601e33cd62fda111359957a/raw - - chmod +x ${PWD}/tests/test.sh - - # Run tests. - - ${PWD}/tests/test.sh diff --git a/roles/nickjj.ansible-user/CHANGES.md b/roles/nickjj.ansible-user/CHANGES.md deleted file mode 100644 index ce0edcf8..00000000 --- a/roles/nickjj.ansible-user/CHANGES.md +++ /dev/null @@ -1,50 +0,0 @@ -# Changelog - -### v0.4.0 - -*Released: January 25th 2018* - -- Rename `user_authorized_keys_path` to `user_local_ssh_key_path` -- Add proper tests and support for Ubuntu 16, Debian Stretch and Debian Jessie -- Update format and style consistencies - -### v0.3.3 - -*Released: October 27th 2016* - -- Add ability to generate an SSH key pair (disabled by default) - -### v0.3.1 - -*Released: October 9th 2016* - -- Append groups to users -- Test against Ubuntu 16.04 LTS and Debian Jessie on Travis-CI - -### v0.3.0 - -*Released: October 7th 2016* - -- Add ability to create/assign groups -- Add ability to set a different shell -- Add ability to toggle copying an SSH key -- Add ability to toggle passwordless sudo -- Use the updated YAML syntax for tasks - -### v0.2.1 - -*Released: October 6th 2016* - -- Fix Travis-CI tests - -### v0.2.0 - -*Released: October 6th 2016* - -- Update role for Ansible 2.1 - -### v0.1.0 - -*Released: May 4th 2014* - -- Initial release diff --git a/roles/nickjj.ansible-user/LICENSE b/roles/nickjj.ansible-user/LICENSE deleted file mode 100644 index 38c335bc..00000000 --- a/roles/nickjj.ansible-user/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2014 Nick Janetakis nick.janetakis@gmail.com - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -'Software'), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/nickjj.ansible-user/README.md b/roles/nickjj.ansible-user/README.md deleted file mode 100644 index c97d6ee4..00000000 --- a/roles/nickjj.ansible-user/README.md +++ /dev/null @@ -1,97 +0,0 @@ -## What is ansible-user? [![Build Status](https://secure.travis-ci.org/nickjj/ansible-user.png)](http://travis-ci.org/nickjj/ansible-user) - -It is an [Ansible](http://www.ansible.com/home) role to: - -- Create user groups -- Create a single user, add it to any groups you created and configure its shell -- Set your public SSH key as an authorized key so you can login without a password -- Enable passwordless sudo - -## Why would you want to use this role? - -When you spin up a new server, you'll often want to set up a non-root user that -you can login as and run your applications under. That's because running your -applications as root is a questionable idea from a security point of view. - -This role sets you up to do that, but it also includes a few other user related -tasks, such as what's listed in the above bullets. Having all of these things -together in 1 role means less work for you to do! - -## Supported platforms - -- Ubuntu 16.04 LTS (Xenial) -- Ubuntu 18.04 LTS (Bionic) -- Debian 8 (Jessie) -- Debian 9 (Stretch) - -## Role variables - -``` -# Optionally create additional user groupss. If empty, the user you create will -# automatically be a part of their user's group, ie. deploy:deploy. -user_groups: [] - -# The user you want to create. -user_name: "deploy" - -# Which shell should you default to? Typically "bash" or "sh". -user_shell: "/bin/bash" - -# Do you want to create an SSH keypair for this user? You probably don't for a -# regular user that you plan to login as which is why it's disabled by default. -user_generate_ssh_key: False - -# When set, this will copy your local SSH public key from this path to your -# user's authorized keys on your server. -# -# If you don't want this behavior then use an empty string as the value but keep -# in mind this role does not set a default password for the user you create, so -# you will be locked out if you don't supply your public SSH key. -user_local_ssh_key_path: "~/.ssh/id_rsa.pub" - -# Do you want to enable running root commands without needing a password? -user_enable_passwordless_sudo: True -``` - -## Example usage - -For the sake of this example let's assume you have a group called **app** and -you have a typical `site.yml` playbook. - -To use this role edit your `site.yml` file to look something like this: - -``` ---- - -- name: "Configure app server(s)" - hosts: "app" - become: True - - roles: - - { role: "nickjj.user", tags: "user" } -``` - -Let's say you want to edit the user name, you can do this by opening or -creating `group_vars/app.yml` which is located relative to your `inventory` -directory and then make it look something like this: - -``` ---- - -user_name: "thor" -``` - -Now you would run `ansible-playbook -i inventory/hosts site.yml -t user`. - -## Installation - -`$ ansible-galaxy install nickjj.user` - -### Ansible Galaxy - -You can find it on the official -[Ansible Galaxy](https://galaxy.ansible.com/nickjj/user) if you want to rate it. - -## License - -MIT diff --git a/roles/nickjj.ansible-user/defaults/main.yml b/roles/nickjj.ansible-user/defaults/main.yml deleted file mode 100644 index 88db4e06..00000000 --- a/roles/nickjj.ansible-user/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- - -user_groups: [] -user_name: "deploy" -user_shell: "/bin/bash" -user_generate_ssh_key: False - -user_local_ssh_key_path: "~/.ssh/id_rsa.pub" - -user_enable_passwordless_sudo: True diff --git a/roles/nickjj.ansible-user/meta/main.yml b/roles/nickjj.ansible-user/meta/main.yml deleted file mode 100644 index 650d91de..00000000 --- a/roles/nickjj.ansible-user/meta/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -galaxy_info: - author: "Nick Janetakis" - description: "Create and configure a user for SSH key based logins and passwordless sudo." - company: - license: "MIT" - min_ansible_version: "2.5" - - platforms: - - name: "Ubuntu" - versions: - - "xenial" - - "bionic" - - name: "Debian" - versions: - - "jessie" - - "stretch" - - galaxy_tags: - - "groups" - - "system" - - "users" - -dependencies: [] diff --git a/roles/nickjj.ansible-user/tasks/main.yml b/roles/nickjj.ansible-user/tasks/main.yml deleted file mode 100644 index 7e482518..00000000 --- a/roles/nickjj.ansible-user/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- - -- name: "Create user group(s)" - group: - name: "{{ item }}" - loop: "{{ user_groups }}" - when: user_groups - -- name: "Create user" - user: - name: "{{ user_name }}" - groups: "{{ (user_groups | join(',')) }}" - generate_ssh_key: "{{ user_generate_ssh_key }}" - shell: "{{ user_shell }}" - -- name: "Set authorized_key to allow SSH key based logins" - authorized_key: - user: "{{ user_name }}" - key: "{{ lookup('file', user_local_ssh_key_path) }}" - when: user_local_ssh_key_path | default(False) - -- name: "Enable including files from sudoers.d/" - lineinfile: - path: "/etc/sudoers" - regexp: "^#includedir /etc/sudoers.d" - line: "#includedir /etc/sudoers.d" - state: "present" - backup: True - when: user_enable_passwordless_sudo - -- name: Disable sudoers.d - lineinfile: - path: "/etc/sudoers" - regexp: "^#includedir /etc/sudoers.d" - line: "#includedir /etc/sudoers.d" - state: "absent" - backup: True - when: user_enable_passwordless_sudo == False - -- name: "Enable passwordless sudo" - copy: - content: "%{{ user_name }} ALL=(ALL) NOPASSWD:ALL" - dest: "/etc/sudoers.d/{{ user_name }}" - owner: "root" - group: "root" - mode: "0440" - when: user_enable_passwordless_sudo diff --git a/roles/nickjj.ansible-user/tests/test.yml b/roles/nickjj.ansible-user/tests/test.yml deleted file mode 100644 index 4a974db7..00000000 --- a/roles/nickjj.ansible-user/tests/test.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- - -- hosts: "all" - become: True - - vars: - user_local_ssh_key_path: "/root/.ssh/id_rsa.pub" - user_groups: ["foo", "bar"] - - roles: - - "role_under_test" - - pre_tasks: - - name: "Create fake SSH directory" - file: - path: "/root/.ssh" - state: "directory" - owner: "root" - group: "root" - mode: "0755" - - - name: "Generate fake SSH key" - lineinfile: - path: "/root/.ssh/id_rsa.pub" - line: "ssh-rsa foo hello@world" - state: "present" - create: True - - post_tasks: - - name: "Ensure user belongs to the correct groups" - command: groups {{ user_name }} - register: result - changed_when: result.stdout.split(":")[1] | trim != ([user_name] + user_groups) | join(" ") - - - name: "Ensure authorized_key is set" - command: cat /root/.ssh/id_rsa.pub - register: result - changed_when: result.stdout != "ssh-rsa foo hello@world" - - - name: "Ensure /etc/sudoers.d/deploy contains 'NOPASSWD:ALL'" - command: grep NOPASSWD:ALL /etc/sudoers.d/deploy - register: result - changed_when: result.rc != 0 - - - name: "Ensure passwordless sudo works" - become_user: "{{ user_name }}" - command: sudo whoami - register: result - changed_when: result.stdout != "root" diff --git a/roles/oefenweb.ufw b/roles/oefenweb.ufw new file mode 160000 index 00000000..14548ed9 --- /dev/null +++ b/roles/oefenweb.ufw @@ -0,0 +1 @@ +Subproject commit 14548ed99b9135b7c886aaf6d1289c4a6c8d1a62 diff --git a/roles/oefenweb.ufw/.ansible-lint b/roles/oefenweb.ufw/.ansible-lint deleted file mode 100644 index cb8e2acf..00000000 --- a/roles/oefenweb.ufw/.ansible-lint +++ /dev/null @@ -1,2 +0,0 @@ -skip_list: - - '405' diff --git a/roles/oefenweb.ufw/.gitignore b/roles/oefenweb.ufw/.gitignore deleted file mode 100644 index f74c83aa..00000000 --- a/roles/oefenweb.ufw/.gitignore +++ /dev/null @@ -1,30 +0,0 @@ -# OS generated files # -###################### -.DS_Store -.DS_Store? -._* -.Spotlight-V100 -.Trashes -Icon? -ehthumbs.db -Thumbs.db - -# IDE files # -################# -/.settings -/.buildpath -/.project -/nbproject -*.komodoproject -*.kpf -/.idea - -# Vagrant files # -.virtualbox/ -.vagrant/ -vagrant_ansible_inventory_* -ansible.cfg - -# Other files # -############### -!empty diff --git a/roles/oefenweb.ufw/.travis.yml b/roles/oefenweb.ufw/.travis.yml deleted file mode 100644 index 1d9ade4f..00000000 --- a/roles/oefenweb.ufw/.travis.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -sudo: required -dist: xenial - -language: python -python: - - "2.7" - - "3.5" - -env: - - ANSIBLE_VERSION=latest - - ANSIBLE_VERSION=2.9.9 - - ANSIBLE_VERSION=2.9.8 - - ANSIBLE_VERSION=2.9.7 - - ANSIBLE_VERSION=2.9.6 - - ANSIBLE_VERSION=2.9.5 - - ANSIBLE_VERSION=2.9.4 - - ANSIBLE_VERSION=2.9.3 - - ANSIBLE_VERSION=2.9.2 - - ANSIBLE_VERSION=2.9.1 - - ANSIBLE_VERSION=2.9.0 - - ANSIBLE_VERSION=2.8.12 - - ANSIBLE_VERSION=2.8.11 - - ANSIBLE_VERSION=2.8.10 - - ANSIBLE_VERSION=2.8.9 - - ANSIBLE_VERSION=2.8.8 - - ANSIBLE_VERSION=2.8.7 - - ANSIBLE_VERSION=2.8.6 - - ANSIBLE_VERSION=2.8.5 - - ANSIBLE_VERSION=2.8.4 - - ANSIBLE_VERSION=2.8.3 - - ANSIBLE_VERSION=2.8.2 - - ANSIBLE_VERSION=2.8.1 - - ANSIBLE_VERSION=2.8.0 - - ANSIBLE_VERSION=2.7.18 - - ANSIBLE_VERSION=2.7.17 - - ANSIBLE_VERSION=2.7.16 - - ANSIBLE_VERSION=2.7.15 - - ANSIBLE_VERSION=2.7.14 - - ANSIBLE_VERSION=2.7.13 - - ANSIBLE_VERSION=2.7.12 - - ANSIBLE_VERSION=2.7.11 - - ANSIBLE_VERSION=2.7.10 - - ANSIBLE_VERSION=2.7.9 - - ANSIBLE_VERSION=2.7.8 - - ANSIBLE_VERSION=2.7.7 - - ANSIBLE_VERSION=2.7.6 - - ANSIBLE_VERSION=2.7.5 - - ANSIBLE_VERSION=2.7.4 - - ANSIBLE_VERSION=2.7.3 - - ANSIBLE_VERSION=2.7.2 - - ANSIBLE_VERSION=2.7.1 - - ANSIBLE_VERSION=2.7.0 - - ANSIBLE_VERSION=2.6.20 - - ANSIBLE_VERSION=2.6.19 - - ANSIBLE_VERSION=2.6.18 - - ANSIBLE_VERSION=2.6.17 - - ANSIBLE_VERSION=2.6.16 - - ANSIBLE_VERSION=2.6.15 - - ANSIBLE_VERSION=2.6.14 - - ANSIBLE_VERSION=2.6.13 - - ANSIBLE_VERSION=2.6.12 - - ANSIBLE_VERSION=2.6.11 - - ANSIBLE_VERSION=2.6.10 - - ANSIBLE_VERSION=2.6.9 - - ANSIBLE_VERSION=2.6.8 - - ANSIBLE_VERSION=2.6.7 - - ANSIBLE_VERSION=2.6.6 - - ANSIBLE_VERSION=2.6.5 - - ANSIBLE_VERSION=2.6.4 - - ANSIBLE_VERSION=2.6.3 - - ANSIBLE_VERSION=2.6.2 - - ANSIBLE_VERSION=2.6.1 - - ANSIBLE_VERSION=2.6.0 - -branches: - only: - - master - -matrix: - allow_failures: - # https://github.com/ansible/ansible/issues/56674 - - env: ANSIBLE_VERSION=2.8.0 - -before_install: - - sudo apt-get update -qq - - # Remove ufw - - sudo apt-get remove --purge --yes ufw - -install: - # Install Ansible. - - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible; else pip install ansible==$ANSIBLE_VERSION; fi - - if [ "$ANSIBLE_VERSION" = "latest" ]; then pip install ansible-lint; fi - -script: - # Check the role/playbook's syntax. - - ansible-playbook -i tests/inventory tests/test.yml --syntax-check - - # Run the role/playbook with ansible-playbook. - - ansible-playbook -i tests/inventory tests/test.yml -vvvv - - # Run the role/playbook again, checking to make sure it's idempotent. - - > - ansible-playbook -i tests/inventory tests/test.yml - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - - if [ "$ANSIBLE_VERSION" = "latest" ]; then ansible-lint tests/test.yml; fi - -notifications: - email: false - webhooks: https://galaxy.ansible.com/api/v1/notifications/ - slack: - rooms: - secure: "If2mqrqZs5q6yZ9bs9qq+pmgCEMCTv1Nk3vQjax9N+xFoIvnRi1v0drEekibKgns8eg0Mg/Tya7xxXokqFhs3wVY64r43v86HFLS2MVDTaMYAxK3kRd4x8R5INIAN1U7Dtsk8RQbIngzGJPZwOfmOtY1qQ5p3RLMM+6zEBQOO7U=" diff --git a/roles/oefenweb.ufw/LICENSE.txt b/roles/oefenweb.ufw/LICENSE.txt deleted file mode 100644 index 5708f355..00000000 --- a/roles/oefenweb.ufw/LICENSE.txt +++ /dev/null @@ -1,19 +0,0 @@ -Copyright (c) Oefenweb.nl - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/roles/oefenweb.ufw/README.md b/roles/oefenweb.ufw/README.md deleted file mode 100644 index 703ec0df..00000000 --- a/roles/oefenweb.ufw/README.md +++ /dev/null @@ -1,93 +0,0 @@ -## ufw - -[![Build Status](https://travis-ci.org/Oefenweb/ansible-ufw.svg?branch=master)](https://travis-ci.org/Oefenweb/ansible-ufw) -[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-ufw-blue.svg)](https://galaxy.ansible.com/Oefenweb/ufw) - -Set up ufw in Debian-like systems. - -#### Requirements - -None - -#### Variables - -* `ufw_default_incoming_policy` [default: `deny`]: Default (incoming) policy -* `ufw_default_outgoing_policy` [default: `allow`]: Default (outgoing) policy - -* `ufw_logging` [default: `off`]: Log level - -* `ufw_rules` [default: see `defaults/main.yml`]: Rules to apply - -* `ufw_etc_default_ipv6` [default: `true`]: Set to yes to apply rules to support IPv6 -* `ufw_etc_default_default_input_policy` [default: `DROP`]: Set the default input policy to `ACCEPT`, `DROP`, or `REJECT`. Please note that if you change this you will most likely want to adjust your rules -* `ufw_etc_default_default_output_policy` [default: `ACCEPT`]: Set the default output policy to `ACCEPT`, `DROP`, or `REJECT`. Please note that if you change this you will most likely want to adjust your rules -* `ufw_etc_default_default_forward_policy` [default: `DROP`]: Set the default forward policy to `ACCEPT`, `DROP` or `REJECT`. Please note that if you change this you will most likely want to adjust your rules -* `ufw_etc_default_default_application_policy` [default: `SKIP`]: Set the default application policy to `ACCEPT`, `DROP`, `REJECT` or `SKIP`. Please note that setting this to `ACCEPT` may be a security risk -* `ufw_etc_default_manage_builtins` [default: `false`]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules -* `ufw_etc_default_ipt_sysctl` [default: `/etc/ufw/sysctl.conf`]: IPT backend, only enable if using iptables backend -* `ufw_etc_default_ipt_modules` [default: `[nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]`]: Extra connection tracking modules to load. Complete list can be found in `net/netfilter/Kconfig` of your kernel source - -## Dependencies - -None - -#### Example - -```yaml ---- -- hosts: all - roles: - - ufw -``` - -##### Allow ssh -```yaml -- hosts: all - roles: - - ufw - vars: - ufw_rules: - - rule: allow - to_port: 22 - protocol: tcp - comment: 'allow incoming connection on standard ssh port' -``` - -##### Allow all traffic on eth1 -```yaml -- hosts: all - roles: - - ufw - vars: - ufw_rules: - - rule: allow - interface: eth1 - to_port: '' - comment: 'allow all traffic on interface eth1' -``` - -##### Allow snmp traffic from 1.2.3.4 on eth0 -```yaml -- hosts: all - roles: - - ufw - vars: - ufw_rules: - - rule: allow - interface: eth0 - from_ip: 1.2.3.4 - to_port: 161 - protocol: udp -``` - -#### License - -MIT - -#### Author Information - -Mischa ter Smitten (based on work of weareinteractive) - -#### Feedback, bug-reports, requests, ... - -Are [welcome](https://github.com/Oefenweb/ansible-ufw/issues)! diff --git a/roles/oefenweb.ufw/Vagrantfile b/roles/oefenweb.ufw/Vagrantfile deleted file mode 100644 index 653c851f..00000000 --- a/roles/oefenweb.ufw/Vagrantfile +++ /dev/null @@ -1,77 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby ts=2 sw=2 tw=0 et : - -role = File.basename(File.expand_path(File.dirname(__FILE__))) - -boxes = [ - { - :name => "ubuntu-1204", - :box => "bento/ubuntu-12.04", - :ip => '10.0.0.11', - :cpu => "50", - :ram => "256" - }, - { - :name => "ubuntu-1404", - :box => "bento/ubuntu-14.04", - :ip => '10.0.0.12', - :cpu => "50", - :ram => "256" - }, - { - :name => "ubuntu-1604", - :box => "bento/ubuntu-16.04", - :ip => '10.0.0.13', - :cpu => "50", - :ram => "256" - }, - { - :name => "ubuntu-1804", - :box => "bento/ubuntu-18.04", - :ip => '10.0.0.14', - :cpu => "50", - :ram => "384" - }, - { - :name => "debian-7", - :box => "bento/debian-7", - :ip => '10.0.0.15', - :cpu => "50", - :ram => "256" - }, - { - :name => "debian-8", - :box => "bento/debian-8", - :ip => '10.0.0.16', - :cpu => "50", - :ram => "256" - }, - { - :name => "debian-9", - :box => "bento/debian-9", - :ip => '10.0.0.17', - :cpu => "50", - :ram => "256" - }, -] - -Vagrant.configure("2") do |config| - boxes.each do |box| - config.vm.define box[:name] do |vms| - vms.vm.box = box[:box] - vms.vm.hostname = "ansible-#{role}-#{box[:name]}" - - vms.vm.provider "virtualbox" do |v| - v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]] - v.customize ["modifyvm", :id, "--memory", box[:ram]] - end - - vms.vm.network :private_network, ip: box[:ip] - - vms.vm.provision :ansible do |ansible| - ansible.playbook = "tests/vagrant.yml" - ansible.verbose = "vv" - end - end - end -end diff --git a/roles/oefenweb.ufw/defaults/main.yml b/roles/oefenweb.ufw/defaults/main.yml deleted file mode 100644 index 37730c66..00000000 --- a/roles/oefenweb.ufw/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -# defaults file for ufw ---- -ufw_default_incoming_policy: deny -ufw_default_outgoing_policy: allow - -ufw_logging: 'off' - -ufw_rules: - - rule: allow - interface: "{{ ansible_default_ipv4['interface'] }}" - to_port: 22 - protocol: tcp - -# /etc/default/ufw -ufw_etc_default_ipv6: true -ufw_etc_default_default_input_policy: DROP -ufw_etc_default_default_output_policy: ACCEPT -ufw_etc_default_default_forward_policy: DROP -ufw_etc_default_default_application_policy: SKIP -ufw_etc_default_manage_builtins: false -ufw_etc_default_ipt_sysctl: /etc/ufw/sysctl.conf -ufw_etc_default_ipt_modules: - - nf_conntrack_ftp - - nf_nat_ftp - - nf_conntrack_netbios_ns diff --git a/roles/oefenweb.ufw/files/empty b/roles/oefenweb.ufw/files/empty deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/oefenweb.ufw/handlers/main.yml b/roles/oefenweb.ufw/handlers/main.yml deleted file mode 100644 index 2a77d703..00000000 --- a/roles/oefenweb.ufw/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -# handlers file for ufw ---- -- name: reload ufw - ufw: - state: reloaded diff --git a/roles/oefenweb.ufw/meta/main.yml b/roles/oefenweb.ufw/meta/main.yml deleted file mode 100644 index 9fd3f0a4..00000000 --- a/roles/oefenweb.ufw/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# meta file for ufw ---- -galaxy_info: - role_name: ufw - author: Mischa ter Smitten - company: Oefenweb.nl B.V. - description: Set up ufw in Debian-like systems - license: MIT - min_ansible_version: 2.6.0 - platforms: - - name: Ubuntu - versions: - - precise - - trusty - - xenial - - bionic - - name: Debian - versions: - - wheezy - - jessie - - stretch - galaxy_tags: - - system - - networking - - firewall -dependencies: [] diff --git a/roles/oefenweb.ufw/tasks/configure.yml b/roles/oefenweb.ufw/tasks/configure.yml deleted file mode 100644 index aa39ca87..00000000 --- a/roles/oefenweb.ufw/tasks/configure.yml +++ /dev/null @@ -1,77 +0,0 @@ -# tasks file for ufw ---- -- name: configure | create (local facts) directory - file: - path: /etc/ansible/facts.d/ - state: directory - owner: root - group: root - mode: 0755 - tags: - - ufw-configure-facts - -- name: configure | update configuration file(s) - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root - group: root - mode: 0644 - with_items: - - src: etc/default/ufw.j2 - dest: /etc/default/ufw - - src: etc/ansible/facts.d/ufw.fact.j2 - dest: /etc/ansible/facts.d/ufw.fact - register: configuration - tags: - - ufw-configure-facts - -- name: configure | reset - ufw: - state: reset - when: configuration is changed - tags: - - ufw-configure-reset - -- name: configure | default (incoming) policy - ufw: - policy: "{{ ufw_default_incoming_policy }}" - direction: incoming - notify: reload ufw - tags: - - ufw-configure-default-policy - - ufw-configure-default-policy-incoming - -- name: configure | default (outgoing) policy - ufw: - policy: "{{ ufw_default_outgoing_policy }}" - direction: outgoing - notify: reload ufw - tags: - - ufw-configure-default-policy - - ufw-configure-default-policy-outgoing - -- name: configure | rules - ufw: - rule: "{{ item.rule }}" - interface: "{{ item.interface | default('') }}" - direction: "{{ item.direction | default('in') }}" - from_ip: "{{ item.from_ip | default('any') }}" - to_ip: "{{ item.to_ip | default('any') }}" - from_port: "{{ item.from_port | default('') }}" - to_port: "{{ item.to_port | default('') }}" - protocol: "{{ item.protocol | default('any') }}" - route: "{{ item.route | default(omit) }}" - log: "{{ item.log | default(false) }}" - comment: "{{ item.comment | default(omit) }}" - with_items: "{{ ufw_rules }}" - notify: reload ufw - tags: - - ufw-configure-rules - -- name: configure | logging - ufw: - logging: "{{ ufw_logging }}" - notify: reload ufw - tags: - - ufw-configure-logging diff --git a/roles/oefenweb.ufw/tasks/fix-dropped-ssh-sessions.yml b/roles/oefenweb.ufw/tasks/fix-dropped-ssh-sessions.yml deleted file mode 100644 index d4186e0b..00000000 --- a/roles/oefenweb.ufw/tasks/fix-dropped-ssh-sessions.yml +++ /dev/null @@ -1,17 +0,0 @@ -# tasks file for ufw ---- -- name: check if conntrack exists - stat: - path: /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal - register: _nf_conntrack_tcp_be_liberal - -- name: fix dropped ssh sessions | configure kernel - sysctl: - name: net.netfilter.nf_conntrack_tcp_be_liberal - value: '1' - state: present - sysctl_set: true - reload: true - when: _nf_conntrack_tcp_be_liberal.stat.exists - tags: - - ufw-fix-dropped-ssh-sessions-configure-kernel diff --git a/roles/oefenweb.ufw/tasks/install.yml b/roles/oefenweb.ufw/tasks/install.yml deleted file mode 100644 index 02c34c08..00000000 --- a/roles/oefenweb.ufw/tasks/install.yml +++ /dev/null @@ -1,10 +0,0 @@ -# tasks file for ufw ---- -- name: install | dependencies - apt: - name: "{{ ufw_dependencies }}" - state: "{{ apt_install_state | default('latest') }}" - update_cache: true - cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}" - tags: - - ufw-install-dependencies diff --git a/roles/oefenweb.ufw/tasks/main.yml b/roles/oefenweb.ufw/tasks/main.yml deleted file mode 100644 index 5de837c6..00000000 --- a/roles/oefenweb.ufw/tasks/main.yml +++ /dev/null @@ -1,39 +0,0 @@ -# tasks file for ufw ---- -- name: facts | set - set_fact: - kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}" - tags: - - configuration - - ufw - - ufw-facts - -# see https://askubuntu.com/a/1064533/261010, https://www.spinics.net/lists/netfilter-devel/msg55682.html -- include: fix-dropped-ssh-sessions.yml - when: - - kernel_version is version('4.14', '>=') - - kernel_version is version('5', '<') - tags: - - configuration - - ufw - - ufw-fix-dropped-ssh-sessions - -- include: install.yml - tags: - - configuration - - ufw - - ufw-install - -- include: configure.yml - tags: - - configuration - - ufw - - ufw-configure - -- name: start and enable service - ufw: - state: enabled - tags: - - configuration - - ufw - - ufw-start-enable-service diff --git a/roles/oefenweb.ufw/templates/etc/ansible/facts.d/ufw.fact.j2 b/roles/oefenweb.ufw/templates/etc/ansible/facts.d/ufw.fact.j2 deleted file mode 100644 index ad9d5186..00000000 --- a/roles/oefenweb.ufw/templates/etc/ansible/facts.d/ufw.fact.j2 +++ /dev/null @@ -1 +0,0 @@ -{{ ufw_facts | to_nice_json }} diff --git a/roles/oefenweb.ufw/templates/etc/default/ufw.j2 b/roles/oefenweb.ufw/templates/etc/default/ufw.j2 deleted file mode 100644 index 4b00d509..00000000 --- a/roles/oefenweb.ufw/templates/etc/default/ufw.j2 +++ /dev/null @@ -1,46 +0,0 @@ -# {{ ansible_managed }} - -# /etc/default/ufw -# - -# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback -# accepted). You will need to 'disable' and then 'enable' the firewall for -# the changes to take affect. -IPV6={{ 'yes' if ufw_etc_default_ipv6 else 'no' }} - -# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if -# you change this you will most likely want to adjust your rules. -DEFAULT_INPUT_POLICY="{{ ufw_etc_default_default_input_policy }}" - -# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if -# you change this you will most likely want to adjust your rules. -DEFAULT_OUTPUT_POLICY="{{ ufw_etc_default_default_output_policy }}" - -# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that -# if you change this you will most likely want to adjust your rules -DEFAULT_FORWARD_POLICY="{{ ufw_etc_default_default_forward_policy }}" - -# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please -# note that setting this to ACCEPT may be a security risk. See 'man ufw' for -# details -DEFAULT_APPLICATION_POLICY="{{ ufw_etc_default_default_application_policy }}" - -# By default, ufw only touches its own chains. Set this to 'yes' to have ufw -# manage the built-in chains too. Warning: setting this to 'yes' will break -# non-ufw managed firewall rules -MANAGE_BUILTINS={{ 'yes' if ufw_etc_default_manage_builtins else 'no' }} - -# -# IPT backend -# -# only enable if using iptables backend -IPT_SYSCTL={{ ufw_etc_default_ipt_sysctl }} - -# Extra connection tracking modules to load. Complete list can be found in -# net/netfilter/Kconfig of your kernel source. Some common modules: -# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support -# nf_conntrack_netbios_ns: NetBIOS (samba) client support -# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT -# nf_conntrack_ftp, nf_nat_ftp: active FTP support -# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) -IPT_MODULES="{{ ufw_etc_default_ipt_modules | join(' ') }}" diff --git a/roles/oefenweb.ufw/tests/inventory b/roles/oefenweb.ufw/tests/inventory deleted file mode 100644 index 2fbb50c4..00000000 --- a/roles/oefenweb.ufw/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/roles/oefenweb.ufw/tests/test.yml b/roles/oefenweb.ufw/tests/test.yml deleted file mode 100644 index 8c28d0f6..00000000 --- a/roles/oefenweb.ufw/tests/test.yml +++ /dev/null @@ -1,7 +0,0 @@ -# test file for ufw ---- -- hosts: localhost - connection: local - become: true - roles: - - ../../ diff --git a/roles/oefenweb.ufw/tests/vagrant.yml b/roles/oefenweb.ufw/tests/vagrant.yml deleted file mode 100644 index aa0b5e2c..00000000 --- a/roles/oefenweb.ufw/tests/vagrant.yml +++ /dev/null @@ -1,7 +0,0 @@ -# test file for ufw ---- -- hosts: all - remote_user: vagrant - become: true - roles: - - ../../ diff --git a/roles/oefenweb.ufw/vars/main.yml b/roles/oefenweb.ufw/vars/main.yml deleted file mode 100644 index 63ef6a69..00000000 --- a/roles/oefenweb.ufw/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -# vars file for ufw ---- -ufw_dependencies: - - ufw - -ufw_facts: - default_incoming_policy: "{{ ufw_default_incoming_policy }}" - default_outgoing_policy: "{{ ufw_default_outgoing_policy }}" - logging: "{{ ufw_logging }}" - rules: "{{ ufw_rules }}" diff --git a/roles/robertdebock.bootstrap b/roles/robertdebock.bootstrap new file mode 160000 index 00000000..ed3d2384 --- /dev/null +++ b/roles/robertdebock.bootstrap @@ -0,0 +1 @@ +Subproject commit ed3d238492b0bc546e9830b7896c07610c1bf5ee diff --git a/roles/robertdebock.bootstrap/.ansible-lint b/roles/robertdebock.bootstrap/.ansible-lint deleted file mode 100644 index acb2d05e..00000000 --- a/roles/robertdebock.bootstrap/.ansible-lint +++ /dev/null @@ -1,6 +0,0 @@ -# -# Ansible managed -# -exclude_paths: - - ./meta/preferences.yml - - ./molecule/default/verify.yml diff --git a/roles/robertdebock.bootstrap/.github/FUNDING.yml b/roles/robertdebock.bootstrap/.github/FUNDING.yml deleted file mode 100644 index 67320f05..00000000 --- a/roles/robertdebock.bootstrap/.github/FUNDING.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -github: robertdebock diff --git a/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/bug_report.md b/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index f39b5dc5..00000000 --- a/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -name: Bug report -about: Create a report to help me improve - ---- - -## Describe the bug -A clear and concise description of what the bug is. - -## Playbook - -Please paste the playbook you are using. (Consider `requirements.yml` and -optionally the command you've invoked.) - - -```yaml ---- -YOUR PLAYBOOK HERE -``` - -## Output - -Show at least the error, possible related output, maybe just all the output. - -## Environment - -- Control node OS: [e.g. Debian 9] (`cat /etc/os-release`) -- Control node Ansible version: [e.g. 2.9.1] (`ansible --version`) -- Managed node OS: [e.g. CentOS 7] (`cat /etc/os-release`) - -Please consider [sponsoring me](https://github.com/sponsors/robertdebock). diff --git a/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/feature_request.md b/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 55a93c40..00000000 --- a/roles/robertdebock.bootstrap/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project - ---- - -## Proposed feature - -A clear and concise description of what you want to happen. - -## Rationale - -Why is this feature required? - -## Additional context - -Add any other context about the feature request here. - -Please consider [sponsoring me](https://github.com/sponsors/robertdebock). diff --git a/roles/robertdebock.bootstrap/.github/pull_request_template.md b/roles/robertdebock.bootstrap/.github/pull_request_template.md deleted file mode 100644 index b1578c0c..00000000 --- a/roles/robertdebock.bootstrap/.github/pull_request_template.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -name: Pull request -about: Describe the proposed change - ---- - -**Describe the change** -A clear and concise description of what the pull request is. - -**Testing** -In case a feature was added, how were tests performed? diff --git a/roles/robertdebock.bootstrap/.github/settings.yml b/roles/robertdebock.bootstrap/.github/settings.yml deleted file mode 100644 index eaf6fb81..00000000 --- a/roles/robertdebock.bootstrap/.github/settings.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# -# Ansible managed -# -repository: - description: Prepare your system to be managed by Ansible. - homepage: https://robertdebock.nl/ diff --git a/roles/robertdebock.bootstrap/.github/workflows/galaxy.yml b/roles/robertdebock.bootstrap/.github/workflows/galaxy.yml deleted file mode 100644 index 7ff6f4ba..00000000 --- a/roles/robertdebock.bootstrap/.github/workflows/galaxy.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# -# Ansible managed -# - -name: Release to Ansible Galaxy - -on: - push: - tags: - - '*' - schedule: - - cron: '2 2 2 * *' - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: galaxy - uses: robertdebock/galaxy-action@1.0.1 - with: - galaxy_api_key: ${{ secrets.galaxy_api_key }} diff --git a/roles/robertdebock.bootstrap/.github/workflows/molecule.yml b/roles/robertdebock.bootstrap/.github/workflows/molecule.yml deleted file mode 100644 index 01b49c25..00000000 --- a/roles/robertdebock.bootstrap/.github/workflows/molecule.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# -# Ansible managed -# - -name: Ansible Molecule - -on: - push: - tags_ignore: - - '*' - pull_request: - schedule: - - cron: '2 2 2 * *' - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v2 - with: - path: "${{ github.repository }}" - - name: molecule - uses: robertdebock/molecule-action@2.6.1 - with: - command: lint - test: - needs: - - lint - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - config: - - image: "alpine" - tag: "latest" - - image: "alpine" - tag: "edge" - - image: "amazonlinux" - tag: "1" - - image: "centos" - tag: "7" - - image: "centos" - tag: "latest" - - image: "debian" - tag: "latest" - - image: "debian" - tag: "bullseye" - - image: "fedora" - tag: "31" - - image: "fedora" - tag: "latest" - - image: "opensuse" - tag: "latest" - - image: "ubuntu" - tag: "latest" - - image: "ubuntu" - tag: "bionic" - - image: "ubuntu" - tag: "xenial" - steps: - - name: checkout - uses: actions/checkout@v2 - with: - path: "${{ github.repository }}" - - name: disable apparmor for mysql - run: sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ - - name: parse apparmor for mysql - run: sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - - name: molecule - uses: robertdebock/molecule-action@2.6.1 - with: - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} - options: "--parallel all" - env: - TOX_PARALLEL_NO_SPINNER: 1 diff --git a/roles/robertdebock.bootstrap/.gitignore b/roles/robertdebock.bootstrap/.gitignore deleted file mode 100644 index 982db11f..00000000 --- a/roles/robertdebock.bootstrap/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -.molecule -*.log -*.swp -.tox diff --git a/roles/robertdebock.bootstrap/.travis.yml b/roles/robertdebock.bootstrap/.travis.yml deleted file mode 100644 index d0b7cc4c..00000000 --- a/roles/robertdebock.bootstrap/.travis.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# -# Ansible managed -# -language: python - -python: - - "3.8" - -services: - - docker - -env: - global: - namespace="robertdebock" - matrix: - - image="alpine" tag="latest" - - image="alpine" tag="edge" - - image="amazonlinux" tag="1" - - image="centos" tag="7" - - image="centos" tag="latest" - - image="debian" tag="latest" - - image="debian" tag="bullseye" - - image="fedora" tag="31" - - image="fedora" tag="latest" - - image="opensuse" tag="latest" - - image="ubuntu" tag="latest" - - image="ubuntu" tag="bionic" - - image="ubuntu" tag="xenial" - -cache: - - pip - -install: - - pip install --upgrade pip - - pip install tox - -script: - - function retry { counter=0 ; until "$@" ; do exit=$? ; counter=$(($counter + 1)) ; if [ $counter -ge 3 ] ; then return $exit ; fi ; done ; return 0; } ; retry tox --parallel all - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ - slack: "AEo3BmfzYciKxvEhGfhFzpKs9Lvw5uN5yetaMvDWkpoQ2IxuTj3SZIg2VEFBgvg/w9R5ICPcegwymqL8Yq9/PdDGRIFw1LFnL7azHKL+m6AQYrw+vzBEEfZX/IVMqpsV9+feEi+D7+w1gGh3XcqcgNXHT0K022wkSG2inn/7hYdSqNAg8lTQ8Ba7EEi5q/coVZhInaF0NcD2b78KbPsRU13esoJHZpwR/emBBhVN/TUEfRyYotPDy3fT62Im3rokcLorz6mExZzT4Z3lj82erOjZjDJBsl94JjJF8XzeOrwJefgBdPJa7fkliuJFJC66ofQU8LZGFRv2XkABYDRUtOmGB/fhe9KSzBFUlcGUdawrlv3o5+u5R1Faz8Ic/BVb7I3Nt79zjgoUR0SeLuUieUK7a7FAOYtX0YO+A+PHlkvf2hzLAqQp0tn0et8pmCt5gyJL3zsi/UK7xGOeezB5o771sd5Ac21qv89TOR8ybrV1K/ATczIaDE61QOxW0VfbXbAeQXWYVWa6XIgdIWGbwsCTQIk0HPXju4kZxsqBbM0U/cOXOhHFLegi0KRULkSZOd9M+ZqTK6Zc62oVFC5SqA9t+jozO3hcB8XB/hmT6YW3pBYM0E1p1MFB+aWArb4WGoaBC4aAM8C5cj/HH1Bl0I+Yo5GXNXuklxHKX21g9l8=" - email: false diff --git a/roles/robertdebock.bootstrap/.yamllint b/roles/robertdebock.bootstrap/.yamllint deleted file mode 100644 index c5ae64be..00000000 --- a/roles/robertdebock.bootstrap/.yamllint +++ /dev/null @@ -1,12 +0,0 @@ ---- -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - truthy: disable diff --git a/roles/robertdebock.bootstrap/CODE_OF_CONDUCT.md b/roles/robertdebock.bootstrap/CODE_OF_CONDUCT.md deleted file mode 100644 index 0d97a6fb..00000000 --- a/roles/robertdebock.bootstrap/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,46 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. - -## Our Standards - -Examples of behaviour that contributes to creating a positive environment include: - -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members - -Examples of unacceptable behaviour by participants include: - -* The use of sexualized language or imagery and unwelcome sexual attention or advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a professional setting - -## Our Responsibilities - -Project maintainers are responsible for clarifying the standards of acceptable behaviour and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behaviour. - -Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviours that they deem inappropriate, threatening, offensive, or harmful. - -## Scope - -This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behaviour may be reported by contacting the project team at robert@meinit.nl. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. - -Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] - -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ diff --git a/roles/robertdebock.bootstrap/CONTRIBUTING.md b/roles/robertdebock.bootstrap/CONTRIBUTING.md deleted file mode 100644 index 2ef8c236..00000000 --- a/roles/robertdebock.bootstrap/CONTRIBUTING.md +++ /dev/null @@ -1,76 +0,0 @@ -# [Please contribute](#please-contribute) - -You can really make a difference by: - -- [Making an issue](https://help.github.com/articles/creating-an-issue/). A well described issue helps a lot. (Have a look at the [known issues](https://github.com/search?q=user%3Arobertdebock+is%3Aissue+state%3Aopen).) -- [Making a pull request](https://services.github.com/on-demand/github-cli/open-pull-request-github) when you see the error in code. - -I'll try to help and take every contribution seriously. - -It's a great opportunity for me to learn how you use the role and also an opportunity to get into the habit of contributing to open source software. - -## [Step by step](#step-by-step) - -Here is how you can help, a lot of steps are related to GitHub, not specifically my roles. - -### [1. Make an issue.](#1-make-an-issue) - -When you spot an issue, [create an issue](https://github.com/robertdebock/ansible-role-bootstrap/issues). - -Making the issue help me and others to find similar problems in the future. - -### [2. Fork the project.](#2-fork-the-project) - -On the top right side of [the repository on GitHub](https://github.com/robertdebock/ansible-role-bootstrap), click `fork`. This copies everything to your GitHub namespace. - -### [3. Make the changes](#3-make-the-changes) - -In you own GitHub namespace, make the required changes. - -I typically do that by cloning the repository (in your namespace) locally: - -``` -git clone git@github.com:YOURNAMESPACE/ansible-role-bootstrap.git -``` - -Now you can start to edit on your laptop. - -### [4. Optionally: test your changes](#4-optionally-test-your-changes) - -Install [molecule](https://molecule.readthedocs.io/en/stable/) and [Tox](https://tox.readthedocs.io/): - -``` -pip install molecule tox ansible-lint docker -``` - -And run `molecule test`. If you want to test a specific distribution, set `image` and optionally `tag`: - -``` -image=centos tag=7 molecule test -``` - -Once it start to work, you can test multiple version of Ansible: - -``` -image=centos tag=7 tox -``` - -### [5. Optionally: Regenerate all dynamic content](#5-optionally-regenerate-all-dynamic-content) - -You can use [Ansible Generator](https://github.com/robertdebock/ansible-generator) to regenerate all dynamic content. - -If you don't do it, I'll do it later for you. - -### [6. Make a pull request](#6-make-a-pull-request) - -[GitHub](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork) on pull requests. - -In the comment-box, you can [refer to the issue number](https://help.github.com/en/github/writing-on-github/autolinked-references-and-urls) by using #123, where 123 is the issue number. - -### [7. Wait](#7-wait) - -Now I'll get a message that you've added some code. Thank you, really. - -CI starts to test your changes. You can follow the progress on Travis. - -Please consider [sponsoring me](https://github.com/sponsors/robertdebock). diff --git a/roles/robertdebock.bootstrap/LICENSE b/roles/robertdebock.bootstrap/LICENSE deleted file mode 100644 index bd15893f..00000000 --- a/roles/robertdebock.bootstrap/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2020 Robert de Bock (robert@meinit.nl) - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/roles/robertdebock.bootstrap/README.md b/roles/robertdebock.bootstrap/README.md deleted file mode 100644 index 1b155af9..00000000 --- a/roles/robertdebock.bootstrap/README.md +++ /dev/null @@ -1,156 +0,0 @@ -# [bootstrap](#bootstrap) - -Prepare your system to be managed by Ansible. - -|Travis|GitHub|Quality|Downloads|Version| -|------|------|-------|---------|-------| -|[![travis](https://travis-ci.com/robertdebock/ansible-role-bootstrap.svg?branch=master)](https://travis-ci.com/robertdebock/ansible-role-bootstrap)|[![github](https://github.com/robertdebock/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[![quality](https://img.shields.io/ansible/quality/21642)](https://galaxy.ansible.com/robertdebock/bootstrap)|[![downloads](https://img.shields.io/ansible/role/d/21642)](https://galaxy.ansible.com/robertdebock/bootstrap)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-bootstrap.svg)](https://github.com/robertdebock/ansible-role-bootstrap/releases/)| - -## [Example Playbook](#example-playbook) - -This example is taken from `molecule/resources/converge.yml` and is tested on each push, pull request and release. -```yaml ---- -- name: Converge - hosts: all - become: yes - gather_facts: no - - roles: - - role: robertdebock.bootstrap -``` - -The machine may need to be prepared using `molecule/resources/prepare.yml`: -```yaml -No preparation required. -``` - -For verification `molecule/resources/verify.yml` run after the role has been applied. -```yaml ---- -- name: Verify - hosts: all - become: no - gather_facts: yes - - tasks: - - name: test connection - ping: -``` - -Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. - -## [Role Variables](#role-variables) - -These variables are set in `defaults/main.yml`: -```yaml ---- -# defaults file for bootstrap - -# The user to use to connect to machines. -bootstrap_user: root - -# Do you want to wait for the host to be available? -bootstrap_wait_for_host: no - -# The number of seconds you want to wait during connection test before failing. -bootstrap_timeout: 3 - -# The number of retries during installation -bootstrap_retries: 3 -``` - -## [Requirements](#requirements) - -- Access to a repository containing packages, likely on the internet. -- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.) - -The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: - -```yaml -- none -``` - -## [Context](#context) - -This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. - -Here is an overview of related roles: -![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/bootstrap.png "Dependency") - -## [Compatibility](#compatibility) - -This role has been tested on these [container images](https://hub.docker.com/u/robertdebock): - -|container|tags| -|---------|----| -|alpine|all| -|amazon|2018.03| -|el|7, 8| -|debian|buster, bullseye| -|fedora|31, 32| -|opensuse|all| -|ubuntu|focal, bionic, xenial| - -The minimum version of Ansible required is 2.8 but tests have been done to: - -- The previous version, on version lower. -- The current version. -- The development version. - - - -## [Testing](#testing) - -[Unit tests](https://travis-ci.com/robertdebock/ansible-role-bootstrap) are done on every commit, pull request, release and periodically. - -If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-bootstrap/issues) - -Testing is done using [Tox](https://tox.readthedocs.io/en/latest/) and [Molecule](https://github.com/ansible/molecule): - -[Tox](https://tox.readthedocs.io/en/latest/) tests multiple ansible versions. -[Molecule](https://github.com/ansible/molecule) tests multiple distributions. - -To test using the defaults (any installed ansible version, namespace: `robertdebock`, image: `fedora`, tag: `latest`): - -``` -molecule test - -# Or select a specific image: -image=ubuntu molecule test -# Or select a specific image and a specific tag: -image="debian" tag="stable" tox -``` - -Or you can test multiple versions of Ansible, and select images: -Tox allows multiple versions of Ansible to be tested. To run the default (namespace: `robertdebock`, image: `fedora`, tag: `latest`) tests: - -``` -tox - -# To run CentOS (namespace: `robertdebock`, tag: `latest`) -image="centos" tox -# Or customize more: -image="debian" tag="stable" tox -``` - -## [License](#license) - -Apache-2.0 - -## [Contributors](#contributors) - -I'd like to thank everybody that made contributions to this repository. It motivates me, improves the code and is just fun to collaborate. - -- [rembik](https://github.com/rembik) -- [jellevandehaterd](https://github.com/jellevandehaterd) -- [fzarifian](https://github.com/fzarifian) -- [kmonticolo](https://github.com/kmonticolo) -- [CrystalStiletto](https://github.com/CrystalStiletto) -- [infothrill](https://github.com/infothrill) - -## [Author Information](#author-information) - -[Robert de Bock](https://robertdebock.nl/) - -Please consider [sponsoring me](https://github.com/sponsors/robertdebock). diff --git a/roles/robertdebock.bootstrap/SECURITY.md b/roles/robertdebock.bootstrap/SECURITY.md deleted file mode 100644 index cdbc6628..00000000 --- a/roles/robertdebock.bootstrap/SECURITY.md +++ /dev/null @@ -1,25 +0,0 @@ -# [Security Policy](#security-policy) - -This software implements other software, it's not very likely that this software introduces new vulnerabilities. - -## [Supported Versions](#supported-versions) - -The current major version is supported. For example if the current version is 3.4.1: - -| Version | Supported | -| ------- | ------------------ | -| 3.4.1 | :white_check_mark: | -| 3.4.x | :white_check_mark: | -| 3.x.x | :white_check_mark: | -| 2.0.0 | :x: | -| 1.0.0 | :x: | - -## [Reporting a Vulnerability](#reporting-a-vulnarability) - -Please [open an issue](https://github.com/robertdebock/ansible-role-bootstrap/issues) describing the vulnerability. - -Tell them where to go, how often they can expect to get an update on a -reported vulnerability, what to expect if the vulnerability is accepted or -declined, etc. - -Please consider [sponsoring me](https://github.com/sponsors/robertdebock). diff --git a/roles/robertdebock.bootstrap/defaults/main.yml b/roles/robertdebock.bootstrap/defaults/main.yml deleted file mode 100644 index 4e0673ca..00000000 --- a/roles/robertdebock.bootstrap/defaults/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# defaults file for bootstrap - -# The user to use to connect to machines. -bootstrap_user: root - -# Do you want to wait for the host to be available? -bootstrap_wait_for_host: no - -# The number of seconds you want to wait during connection test before failing. -bootstrap_timeout: 3 - -# The number of retries during installation -bootstrap_retries: 3 diff --git a/roles/robertdebock.bootstrap/meta/main.yml b/roles/robertdebock.bootstrap/meta/main.yml deleted file mode 100644 index 37100702..00000000 --- a/roles/robertdebock.bootstrap/meta/main.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -galaxy_info: - author: Robert de Bock - role_name: bootstrap - description: Prepare your system to be managed by Ansible. - license: Apache-2.0 - company: none - min_ansible_version: 2.8 - - platforms: - - name: Alpine - versions: - - all - - name: Amazon - versions: - - 2018.03 - - name: EL - versions: - - 7 - - 8 - - name: Debian - versions: - - buster - - bullseye - - name: Fedora - versions: - - 31 - - 32 - - name: OpenSUSE - versions: - - all - - name: Ubuntu - versions: - - focal - - bionic - - xenial - - galaxy_tags: - - bootstrap - - centos - - installer - - server - - system - - oraclelinux - -dependencies: [] diff --git a/roles/robertdebock.bootstrap/meta/preferences.yml b/roles/robertdebock.bootstrap/meta/preferences.yml deleted file mode 100644 index e7fdebfd..00000000 --- a/roles/robertdebock.bootstrap/meta/preferences.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -tox_parallel: yes diff --git a/roles/robertdebock.bootstrap/molecule/default/converge.yml b/roles/robertdebock.bootstrap/molecule/default/converge.yml deleted file mode 100644 index 3cd3d548..00000000 --- a/roles/robertdebock.bootstrap/molecule/default/converge.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Converge - hosts: all - become: yes - gather_facts: no - - roles: - - role: ansible-role-bootstrap diff --git a/roles/robertdebock.bootstrap/molecule/default/molecule.yml b/roles/robertdebock.bootstrap/molecule/default/molecule.yml deleted file mode 100644 index 64cdda7b..00000000 --- a/roles/robertdebock.bootstrap/molecule/default/molecule.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# -# Ansible managed -# -dependency: - name: galaxy - options: - role-file: requirements.yml -lint: | - PATH=${PATH} - yamllint molecule/default/converge.yml - ansible-lint molecule/default/converge.yml -driver: - name: docker -platforms: - - name: "bootstrap-${image:-fedora}-${tag:-latest}${TOX_ENVNAME}" - image: "${namespace:-robertdebock}/${image:-fedora}:${tag:-latest}" - command: /sbin/init - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: yes - pre_build_image: yes -provisioner: - name: ansible - config_options: - defaults: - stdout_callback: yaml - bin_ansible_callbacks: yes -verifier: - name: ansible diff --git a/roles/robertdebock.bootstrap/molecule/default/verify.yml b/roles/robertdebock.bootstrap/molecule/default/verify.yml deleted file mode 100644 index e7ef038c..00000000 --- a/roles/robertdebock.bootstrap/molecule/default/verify.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Verify - hosts: all - become: no - gather_facts: yes - - tasks: - - name: test connection - ping: diff --git a/roles/robertdebock.bootstrap/tasks/assert.yml b/roles/robertdebock.bootstrap/tasks/assert.yml deleted file mode 100644 index a8ababed..00000000 --- a/roles/robertdebock.bootstrap/tasks/assert.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: test if bootstrap_user is set correctly - assert: - that: - - bootstrap_user is defined - - bootstrap_user | length > 0 - quiet: yes - -- name: test if bootstrap_wait_for_host is set correctly - assert: - that: - - bootstrap_wait_for_host is defined - - bootstrap_wait_for_host | type_debug == "bool" - quiet: yes - -- name: test if bootstrap_timeout is set correctly - assert: - that: - - bootstrap_timeout is defined - - bootstrap_timeout | int >= 0 - quiet: yes - -- name: test if bootstrap_retries is set correctly - assert: - that: - - bootstrap_retries is defined - - bootstrap_retries | int >= 0 - quiet: yes diff --git a/roles/robertdebock.bootstrap/tasks/gather_facts.yml b/roles/robertdebock.bootstrap/tasks/gather_facts.yml deleted file mode 100644 index 3985d5bf..00000000 --- a/roles/robertdebock.bootstrap/tasks/gather_facts.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: lookup bootstrap facts - become: no - raw: "cat /etc/os-release" - check_mode: no - register: bootstrap_facts - changed_when: no - vars: - ansible_user: "{{ bootstrap_user }}" - -- name: set bootstrap facts (I) - set_fact: - bootstrap_distribution: "{{ item }}" - bootstrap_distribution_major_version: "{{ bootstrap_facts.stdout_lines | join(',') | regex_replace( - '^.*VERSION_ID=\"(\\d{1,2})(\\.\\d{1,4})*?\".*$','\\1') | default('NA') }}" - loop: "{{ bootstrap_os_family_map | dict2items | map(attribute='value') | flatten }}" - when: - - bootstrap_facts.rc == 0 - - bootstrap_distribution is not defined - - bootstrap_facts.stdout is regex('PRETTY_NAME=.'~ bootstrap_search[item] | default(item) ~'.*') - -- name: set bootstrap facts (II) - set_fact: - bootstrap_os_family: "{{ item.key }}" - loop: "{{ bootstrap_os_family_map | dict2items }}" - loop_control: - label: "{{ item.key }}" - when: bootstrap_distribution in item.value diff --git a/roles/robertdebock.bootstrap/tasks/main.yml b/roles/robertdebock.bootstrap/tasks/main.yml deleted file mode 100644 index b1a165eb..00000000 --- a/roles/robertdebock.bootstrap/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# tasks file for bootstrap -- name: include assert.yml - include_tasks: assert.yml - -- name: wait for host - wait_for: - port: "{{ ansible_port | default('22') }}" - host: "{{ (ansible_ssh_host | default(ansible_host) | default(inventory_hostname)) }}" - connection: local - become: no - when: - - ansible_connection is defined - - ansible_connection != "docker" - - ansible_connection != "container" - - bootstrap_wait_for_host | bool - -- name: prepare system - block: - - name: test connection - wait_for_connection: - timeout: "{{ bootstrap_timeout }}" - register: bootstrap_connect - changed_when: no - rescue: - - name: gather bootstrap facts - include_tasks: "gather_facts.yml" - - - name: install bootstrap packages - raw: "{{ bootstrap_install.raw }}" - register: bootstrap_install_packages - changed_when: (bootstrap_install.stdout_regex in bootstrap_install_packages.stdout and - bootstrap_os_family in ['Alpine', 'Archlinux', 'Gentoo']) or ( - bootstrap_install.stdout_regex not in bootstrap_install_packages.stdout and - bootstrap_os_family in ['Debian', 'RedHat', 'Suse']) - vars: - ansible_user: "{{ bootstrap_user }}" - always: - - name: set bootstrap ansible_user - set_fact: - bootstrap_ansible_user: "{{ ansible_user | default(omit) if bootstrap_connect is succeeded else bootstrap_user }}" - changed_when: no - -- name: ensure system is prepared - block: - - name: gather ansible facts - setup: - - - name: install bootstrap packages - package: - name: "{{ item }}" - state: present - loop: "{{ bootstrap_facts_packages.split() }}" - vars: - ansible_user: "{{ bootstrap_ansible_user | default(omit) }}" diff --git a/roles/robertdebock.bootstrap/tox.ini b/roles/robertdebock.bootstrap/tox.ini deleted file mode 100644 index c1bc1d4d..00000000 --- a/roles/robertdebock.bootstrap/tox.ini +++ /dev/null @@ -1,26 +0,0 @@ -# -# Ansible managed -# -[tox] -minversion = 3.7 -# Disabled "next" because of: -# https://github.com/ansible-community/molecule/issues/2626. -# envlist = py{38}-ansible-{previous,current,next} -envlist = py{38}-ansible-{previous,current} -skipsdist = true - -[testenv] -deps = - previous: ansible>=2.8, <2.9 - current: ansible>=2.9 - next: git+https://github.com/ansible/ansible.git@devel - molecule[lint]>=3, <4 - docker>=4.2, <4.3 -commands = molecule test -setenv = - TOX_ENVNAME={envname} - MOLECULE_EPHEMERAL_DIRECTORY=/tmp/.molecule/{env:image:fedora}-{env:tag:latest}/{envname} - PY_COLORS=1 - ANSIBLE_FORCE_COLOR=1 - -passenv = namespace image tag diff --git a/roles/robertdebock.bootstrap/vars/main.yml b/roles/robertdebock.bootstrap/vars/main.yml deleted file mode 100644 index 1636f76d..00000000 --- a/roles/robertdebock.bootstrap/vars/main.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -# vars file for bootstrap - -_bootstrap_packages: - Alpine: python3 sudo - Archlinux: python sudo - Debian: python3 sudo gnupg python3-apt - Gentoo: python sudo gentoolkit - RedHat: python3 sudo - Suse: python python-xml sudo - Amazon: python sudo - CentOS_7: python sudo - Debian_8: python sudo gnupg - Debian_9: python sudo gnupg - RedHat_7: python sudo - -_bootstrap_install: - Alpine: - raw: "LANG=C apk update ; apk add {{ bootstrap_packages }}" - stdout_regex: 'Installing' - Archlinux: - raw: "LANG=C pacman -Sy --noconfirm {{ bootstrap_packages }}" - stdout_regex: ' installing python' - Debian: - raw: "LANG=C apt-get update && apt-get install -y {{ bootstrap_packages }}" - stdout_regex: ' 0 newly installed' - Gentoo: - raw: "LANG=C equery l {{ bootstrap_packages }} || - (emaint -a sync ; emerge -qkv {{ bootstrap_packages }} ; echo 'changed')" - stdout_regex: 'changed' - RedHat: - raw: "LANG=C yum -y install {{ bootstrap_packages }}" - stdout_regex: 'Nothing' - Suse: - raw: "LANG=C zypper -n install {{ bootstrap_packages }}" - stdout_regex: 'Nothing' - -# See URL for available OS families and search queries -# https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/facts/system/distribution.py -bootstrap_os_family_map: - Alpine: [Alpine] - Archlinux: [Archlinux, Antergos, Manjaro] - Debian: [Debian, Ubuntu, Raspbian, Neon, KDE neon, - Linux Mint, SteamOS, Devuan, Kali, 'Cumulus Linux'] - Gentoo: [Gentoo, Funtoo] - RedHat: [RedHat, Fedora, CentOS, Scientific, SLC, - Ascendos, CloudLinux, PSBM, OracleLinux, OVS, - OEL, Amazon, Virtuozzo, XenServer, Alibaba] - Suse: [SLED, 'openSUSE Tumbleweed', 'openSUSE Leap', - SLES_SAP, SUSE_LINUX, SLES, openSUSE, SuSE] - -bootstrap_search: - Archlinux: 'Arch Linux' - OracleLinux: 'Oracle Linux' - RedHat: 'Red Hat' - -# Map the right set of packages, based on gathered bootstrap facts. -bootstrap_packages: "{{ _bootstrap_packages[bootstrap_distribution ~'_'~ bootstrap_distribution_major_version]|default( - _bootstrap_packages[bootstrap_distribution])|default( - _bootstrap_packages[bootstrap_os_family]) }}" - -# Map the right install command, based on gathered bootstrap facts. -bootstrap_install: "{{ _bootstrap_install[bootstrap_distribution ~'_'~ bootstrap_distribution_major_version]|default( - _bootstrap_install[bootstrap_distribution])|default( - _bootstrap_install[bootstrap_os_family]) }}" - -# Map the right set of packages, based on gathered ansible_facts. -bootstrap_facts_packages: "{{ _bootstrap_packages[ansible_distribution ~'_'~ ansible_distribution_major_version]|default( - _bootstrap_packages[ansible_distribution])|default( - _bootstrap_packages[ansible_os_family]) }}" diff --git a/roles/ryandaniels.create_users b/roles/ryandaniels.create_users new file mode 160000 index 00000000..2ceb27b0 --- /dev/null +++ b/roles/ryandaniels.create_users @@ -0,0 +1 @@ +Subproject commit 2ceb27b08ffb0581d410f98eee89c320d3347dd1 diff --git a/roles/ryandaniels.create_users/.gitignore b/roles/ryandaniels.create_users/.gitignore deleted file mode 100644 index c5a19509..00000000 --- a/roles/ryandaniels.create_users/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -.vaultpass -.retry -secret -*.secret -.venv -.vscode -*.tmp diff --git a/roles/ryandaniels.create_users/.travis.yml b/roles/ryandaniels.create_users/.travis.yml deleted file mode 100644 index be7f6f51..00000000 --- a/roles/ryandaniels.create_users/.travis.yml +++ /dev/null @@ -1,95 +0,0 @@ ---- -language: python -python: "2.7" - -before_install: - # Make sure everything's up to date. - - sudo apt-get update -qq - -install: - # Install Ansible. - - pip install ansible - # - | - # if [ -f requirements.yml ]; then - # ansible-galaxy install --roles-path ../ -r requirements.yml - # fi - - # Add ansible.cfg to pick up roles path. -# - "printf '[defaults]\nroles_path = ../' > ansible.cfg" - - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" - -script: - # Check the role/playbook's syntax. - - ansible-playbook -i tests/inventory tests/test.yml --syntax-check - - ansible-playbook -i tests/inventory tests/test-passchange.yml --syntax-check - - # Run the role/playbook with ansible-playbook. - - "ansible-playbook -i tests/inventory tests/test.yml --connection=local --become" - - # Run the role/playbook again, checking to make sure it's idempotent. - - > - ansible-playbook -i tests/inventory tests/test.yml --connection=local --become - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # Check users are setup - - id testuser101 | grep --silent "testuser101" - - id testuser102 | grep --silent "testuser102" - - id testuser103 | grep --silent "testuser103" - - id testuser104 | grep --silent "testuser104" - - id testuser105 | grep --silent "testuser105" - - id testuser106 | grep --silent "testuser106" - - id testuser107 | grep --silent "testuser107" - - id testuser108 | grep --silent "testuser108" - - id testuser109 | grep --silent "testuser109" - - id testuser110 | grep --silent "testuser110" - - id testuser111 | grep --silent "testuser111" - - sudo grep testuser101 /etc/shadow | awk -F":" '{exit $2!="$6$/y5RGZnFaD3f$96xVdOAnldEtSxivDY02h.DwPTrJgGQl8/MTRRrFAwKTYbFymeKH/1Rxd3k.RQfpgebM6amLK3xAaycybdc.60"}' - - sudo grep testuser102 /etc/shadow | awk -F":" '{exit $2!="$6$F/KXFzMa$ZIDqtYtM6sOC3UmRntVsTcy1rnsvw.6tBquOhX7Sb26jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1"}' - - grep --silent "^testuser101:" /etc/group - - ls -lgd /home/testuser101 | awk '{exit $3!="testuser101"}' - - sudo ls -lg /home/testuser101/.ssh/authorized_keys | awk '{exit $3!="testuser101"}' - - sudo cat /home/testuser101/.ssh/authorized_keys | wc -l | grep --silent "2" - - sudo chage -l testuser101 | grep "Account expires" | awk '{exit $4!="never"}' - - sudo chage -l testuser105 | grep "Account expires" | awk '{exit $4!="Jan"}' - - sudo cat /etc/sudoers|grep --silent "^testuser102 " - # Check UID is set as specified - - grep sshuser /etc/passwd | awk -F":" '{exit $3!="1099"}' - # Check group(s) are set for users - - grep "^groupcommon:" /etc/group | grep --silent testuser106 - - grep "^testgroupweb:" /etc/group | grep --silent testuser107 - # Check group not set on webserver - - grep "^testgroupdb:" /etc/group | grep --silent testuser107 || echo "success, testgroupdb not found" - # Check primary group set - - id -gn testuser105 | grep --silent "group105primary" - # Check primary group id set - - id -gn testuser106 | grep --silent "group106primary" - - id -g testuser106 | grep --silent 2222 - # Check ssh key for user was created - - sudo cat /home/testuser108/.ssh/id_rsa | grep --silent "BEGIN RSA PRIVATE KEY" - - sudo cat /home/testuser109/.ssh/id_rsa | grep --silent "BEGIN RSA PRIVATE KEY" - # Check no ssh key for user was created - - sudo test ! -f /home/testuser110/.ssh/id_rsa - # Check key is encrypted - - sudo cat /home/testuser109/.ssh/id_rsa | grep --silent "ENCRYPTED" - # Check key size is correct - - sudo ssh-keygen -lf /home/testuser109/.ssh/id_rsa | awk '{exit $1!="4096"}' - # Check if not system account - - id -u testuser101 | awk '{exit ($1<1000)?"0":"1"}' || echo "success, not system account" - # Check if system account - - id -u testuser111 | awk '{exit ($1<1000)?"0":"1"}' - # Run the role/playbook again but change a password, and change password where on_create is set - - "ansible-playbook -i tests/inventory tests/test-passchange.yml --connection=local --become" - - # Check password changed or not - - sudo grep testuser101 /etc/shadow | awk -F":" '{exit $2!="$6$/y5RGZnFaD3f$96xVdOAnldEtSxivDY02h.DwPTrJgGQl8/MTRRrFAwKTYbFymeKH/1Rxd3k.RQfpgebM6amLK3xAaycybdc.60"}' - - sudo grep testuser102 /etc/shadow | awk -F":" '{exit $2!="$6$F/KXFzMa$ZIDqtYtM6sOC3UmRnt__NEW_SHOULD_CHANGE__6jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1"}' - # Confirm you locked yourself out - - sudo grep testuser103 /etc/shadow | awk -F":" '{exit $2!="!"}' - # Confirm ssh key was changed and only 1 entry in file - - sudo grep --silent "^ssh-rsa AAABNEW.... test104@server" /home/testuser104/.ssh/authorized_keys - - sudo cat /home/testuser104/.ssh/authorized_keys | wc -l | grep --silent "1" - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/roles/ryandaniels.create_users/LICENSE b/roles/ryandaniels.create_users/LICENSE deleted file mode 100644 index 1305c8c9..00000000 --- a/roles/ryandaniels.create_users/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2017 Ryan Daniels - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/roles/ryandaniels.create_users/README.md b/roles/ryandaniels.create_users/README.md deleted file mode 100644 index c546bd6e..00000000 --- a/roles/ryandaniels.create_users/README.md +++ /dev/null @@ -1,230 +0,0 @@ -# ansible-role-create-users - -[![Build Status](https://travis-ci.org/ryandaniels/ansible-role-create-users.svg?branch=master)](https://travis-ci.org/ryandaniels/ansible-role-create-users) - -Role to manage users on linux. -Manage users in the user list config file (list is in the file vars/secret). -Add users (with specific uid), change passwords, lock/unlock user accounts, manage sudo access (per user), add ssh key(s) for sshkey based authentication, set user's primary group and gid, add user (append) to group(s) and group will be created if doesn't exist. -This is done on a per "group" basis (Ansible group variables), as set in the config file. The group comes from the Ansible group as set for a server in the inventory file. - -More detailed example can be found in the blog post: [User Management with Ansible](https://ryandaniels.ca/blog/ansible-user-management/) - -Note: Deleting users is not done on purpose. - -## Distros tested - -* Ubuntu 18.04 / 16.04 -* CentOS / RHEL: 7.x, 6.5, 5.9 - -## Dependencies - -Requires Ansible 2.6 (due to previous [bug 20096](https://github.com/ansible/ansible/issues/20096) with un-expiring users) - -## ansible-vault - -Use ansible-vault to encrypt sensitive info from git. - -```bash -cat vars/secret -#encrypt if cleartext (before git commit/push) -ansible-vault encrypt vars/secret - -#Edit encrypted file: -ansible-vault edit vars/secret - -vi .vaultpass --Enter the password for Ansible Vault from Password Safe -chmod 600 .vaultpass -vi ansible.cfg -#Insert the following lines -[defaults] -vault_password_file = ./.vaultpass -``` - -## .gitignore - -```bash -vi .gitignore -#Insert the following lines -.vaultpass -.retry -secret -*.secret -``` - -## How to generate password - -* on Ubuntu - Install "whois" package - -```bash -mkpasswd --method=SHA-512 -``` - -* on RedHat - Use Python - -```bash -python -c 'import crypt,getpass; print(crypt.crypt(getpass.getpass(), crypt.mksalt(crypt.METHOD_SHA512)))' -``` - -## Default Settings - -```yaml ---- -#Note: 'debug_enabled_default: true' will put hashed passwords in the output. -debug_enabled_default: false -default_update_password: on_create -default_shell: /bin/bash -``` - -## User Settings - -File Location: vars/secret - -* **username**: username - no spaces **(required)** -* **uid**: The numerical value of the user's ID (optional) -* **user_state**: present|lock **(required)** -* **password**: sha512 encrypted password (optional). If not set, password is set to "!" -* **update_password**: always|on_create (optional, default is on_create to be safe). - **WARNING**: when 'always', password will be change to password value. - If you are using 'always' on an **existing** users, **make sure to have the password set**. -* **comment**: Full name and Department or description of application (optional) (But you should set this!) -* **primarygroup**: Primary group name (optional). -* **primarygid**: Primary group ID (optional). If same gid is reused on server the playbook will fail. If same duplicate group is specified with different gid, last configured will be used. - **WARNING**: changing the primarygroup and/or primarygid of **existing** users will not change permissions of existing files belonging to that user. Also old entries will remain in /etc/group. Use with caution. -* **groups**: Comma separated list of groups the user will be added to (appended). If group doesn't exist it will be created on the specific server. This is not the primary group (primary group is not modified) -* **shell**: path to shell (optional, default is /bin/bash) -* **ssh_key**: ssh key for ssh key based authentication (optional) - NOTE: 1 key can go on single line, but if multiple keys, use formatting below from first example. -* **exclusive_ssh_key**: yes|no (optional, default: no) - **WARNING**: exclusive_ssh_key: yes - will remove any ssh keys not defined here! no - will add any key specified. -* **generate_ssh_key**: Whether to generate a SSH key for the user in question. (optional, default is 'no') - NOTE: This will not overwrite an existing SSH key -* **ssh_key_bits**: Optionally specify number of bits in SSH key to create. (optional, default set by ssh-keygen) -* **ssh_key_passphrase**: Set a passphrase for the SSH key. If no passphrase is provided, the SSH key will default to having no passphrase. -* **use_sudo**: yes|no (optional, default no) -* **use_sudo_nopass**: yes|no (optional, default no). yes = passwordless sudo. -* **system**: yes|no (optional, default no). yes = create system account (uid < 1000). Does not work on existing users. -* **servers**: sub-element list of servers where changes are made. **(required)** - These are the Ansible groups from your Ansible inventory file. In below examples, `webserver` would be the 3 servers in the `webserver` Ansible inventory `webserver1`, `webserver2`, and `webserver3`. - -Note: - You can have duplicate usernames on different servers, if you want to have different settings. See below example of testuser102 has sudo on servers defined as the `webserver` group in the inventory, but no sudo on the `database` group. - -## Example Ansible Inventory file - -```yaml -[webserver] -webserver1 -webserver2 -webserver3 - -[database] -db1 -db2 -db3 - -[monitoring] -monitor1 -``` - -## Example config file (vars/secret) - -```yaml ---- -users: - - username: testuser101 - password: $6$/y5RGZnFaD3f$96xVdOAnldEtSxivDY02h.DwPTrJgGQl8/MTRRrFAwKTYbFymeKH/1Rxd3k.RQfpgebM6amLK3xAaycybdc.60 - update_password: on_create - comment: Test User 100 - shell: /bin/bash - ssh_key: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8crAHG/a9QBD4zO0ZHIjdRXy+ySKviXVCMIJ3/NMIAAzDyIsPKToUJmIApHHHF1/hBllqzBSkPEMwgFbXjyqTeVPHF8V0iq41n0kgbulJG testuser101@server1 - ssh-rsa AAAA.... testuser101@server2 - exclusive_ssh_key: yes - use_sudo: no - use_sudo_nopass: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser102 - password: $6$F/KXFzMa$ZIDqtYtM6sOC3UmRntVsTcy1rnsvw.6tBquOhX7Sb26jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1 - update_password: always - comment: Test User 101 - groups: testcommon, testgroup102web - shell: /bin/sh - use_sudo: yes - user_state: present - servers: - - webserver - - - username: testuser102 - password: $6$F/KXFzMa$ZIDqtYtM6sOC3UmRntVsTcy1rnsvw.6tBquOhX7Sb26jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1 - update_password: always - comment: Test User 101 - groups: testcommon, testgroup102db - shell: /bin/sh - user_state: present - servers: - - database - - - username: testuser103 - password: $6$wBxBAqRmG6O$gPbg9hYShkuIe3YKMFujwiKsPKZHNFwoK4yCyTOlploljz53YSoPdCn9P5k8Qm0z062Q.8hvJ6DnnQQjwtrnS0 - user_state: present - servers: - - webserver - - - username: testuser104 - primarygroup: testgroup104primary - ssh_key: ssh-rsa AAAB.... test103@server - exclusive_ssh_key: no - use_sudo: no - user_state: present - servers: - - webserver - - monitoring - - - username: testuser105 - uid: 1099 - password: $6$XEnyI5UYSw$Rlc6tXtECtqdJ3uFitrbBlec1/8Fx2obfgFST419ntJqaX8sfPQ9xR7vj7dGhQsfX8zcSX3tumzR7/vwlIH6p/ - primarygroup: testgroup105primary - primarygid: 2222 - ssh_key: ssh-rsa AAAB.... test107@server - generate_ssh_key: yes - ssh_key_bits: 4096 - use_sudo: no - user_state: lock - servers: - - webserver - - database -``` - -## Example Playbook create-users.yml - -```bash ---- -- hosts: '{{inventory}}' - vars_files: - - vars/secret - become: yes - roles: - - create-users -``` - -## Prep - -* install ansible -* create keys -* ssh to client to add entry to known_hosts file -* configure client server authorized_keys -* run ansible commands - -## Usage - -Create all users - -```bash -ansible-playbook create-users.yml --ask-vault-pass --extra-vars "inventory=all-dev" -i hosts -``` diff --git a/roles/ryandaniels.create_users/defaults/main.yml b/roles/ryandaniels.create_users/defaults/main.yml deleted file mode 100644 index edef989c..00000000 --- a/roles/ryandaniels.create_users/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -#Note: 'debug_enabled_default: true' will put hashed passwords in the output. -debug_enabled_default: false -default_update_password: on_create -default_shell: /bin/bash diff --git a/roles/ryandaniels.create_users/meta/main.yml b/roles/ryandaniels.create_users/meta/main.yml deleted file mode 100644 index 10d0a040..00000000 --- a/roles/ryandaniels.create_users/meta/main.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -galaxy_info: - role_name: create-users - author: Ryan Daniels - description: Role to manage users on linux - license: MIT - min_ansible_version: 2.6 - platforms: - - name: EL - versions: - - all - - name: GenericUNIX - versions: - - all - - any - - name: Fedora - versions: - - all - - name: Ubuntu - versions: - - all - - name: GenericLinux - versions: - - all - - any - - name: Debian - versions: - - all - galaxy_tags: - - system - - users - - ssh - - accounts - - user - -dependencies: [] diff --git a/roles/ryandaniels.create_users/tasks/main.yml b/roles/ryandaniels.create_users/tasks/main.yml deleted file mode 100644 index c35955be..00000000 --- a/roles/ryandaniels.create_users/tasks/main.yml +++ /dev/null @@ -1,193 +0,0 @@ ---- -- name: debug variable group_names - debug: var=group_names - when: debug_enabled_default | bool - -- name: debug variable users - debug: var=users - when: debug_enabled_default | bool - -- name: Add group | create primary group before adding user to group - group: - name: "{{ item.0.primarygroup }}" - gid: "{{ item.0.primarygid | default(omit) }}" - state: present - when: item.0.primarygroup is defined and item.1 in group_names - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "primarygroup: {{ item.0.primarygroup if item.0.primarygroup is defined else '' }}, primarygid: {{ item.0.primarygid if item.0.primarygid is defined else 'default' }}" # noqa 204 - -# Get unique list of groups to create on the server (var is different on each server) -# Still keeps formatting of comma separated list and converts to list (even if whitespace) -- name: set_fact - get groups as list per server - set_fact: - groups_as_list: "{{ (groups_as_list|default([]) + item.0.groups.split(','))|map('trim')|list|sort|unique }}" - with_subelements: - - "{{ users }}" - - servers - when: item.0.groups is defined and item.1 in group_names - loop_control: - label: "username: {{ item.0.username }}, groups_as_list: {{ item.0.groups if item.0.groups is defined else '' }}" - -- name: debug show groups_as_list - debug: var=groups_as_list - when: debug_enabled_default | bool - -- name: Add group | create groups before adding user to group - group: - name: "{{ item }}" - state: present - when: groups_as_list is defined - loop: "{{ groups_as_list }}" - loop_control: - label: "groups: {{ item }}" - -- name: Add users | create users, shell, home dirs - user: - name: "{{ item.0.username }}" - uid: "{{ item.0.uid | default(omit, True) }}" - password: "{{ item.0.password if item.0.password is defined else '!' }}" - update_password: "{{ item.0.update_password if item.0.update_password is defined else default_update_password }}" - group: "{{ item.0.primarygroup | default(omit) }}" - groups: "{{ item.0.groups | default(omit) }}" - shell: "{{ item.0.shell if item.0.shell is defined else default_shell }}" - createhome: yes - system: "{{ item.0.system | default(omit) }}" - comment: "{{ item.0.comment if item.0.comment is defined else '' }}" - state: present #hard-coded in case user sets state of absent. Choice made to never delete accounts! -# expires: -1 #unlock account if locked ###Doesn't work like chage.. -# command: chage -E -1 {{ item.0.username }} #unlock password authentication -# register: user_results - when: (item.0.user_state == 'present' or item.0.user_state == 'lock') and item.1 in group_names -#works but not multiple servers #and 'centos6' in "{{ group_names }}" - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, user_state: {{ item.0.user_state }}, password: {{ 'True' if item.0.password is defined else 'False' }}, update_password: {{ item.0.update_password if item.0.update_password is defined else default_update_password }}, primarygroup: {{ item.0.primarygroup if item.0.primarygroup is defined else ''}}, groups: {{ item.0.groups if item.0.groups is defined else ''}}, servers: {{ item.1 if item.1 is defined else '' }}, group_names: {{ group_names }}" # noqa 204 - -- name: Add users | Unlock password login (set expiry to -1) - user: - name: "{{ item.0.username }}" - expires: -1 #unlock account if locked -# command: chage -E -1 {{ item.0.username }} #unlock password authentication -# register: user_results - when: item.0.user_state == 'present' and item.1 in group_names - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, user_state: {{ item.0.user_state }}" - -#- debug: var=user_results - -#DONE: Change to user module once -1 bug fixed. -#DONE: Follow issue https://github.com/ansible/ansible/issues/20096 -# - name: Add users | Unlock password login (set expiry to -1) -# chage: -# user: "{{ item.0.username }}" -# sp_expire: -1 -# # command: chage -E -1 {{ item.username }} #unlock password authentication -# when: item.0.user_state == 'present' and item.1 in group_names -# with_subelements: -# - "{{ users }}" -# - servers -# loop_control: -# label: "username: {{item.0.username}}, user_state: {{ item.0.user_state }}" - -##DONE user module doesn't work properly? expires=0 doesn't change anything. expires=1+ always updates?? -##Use chage module instead -# - name: Lock users | Lock password & ssh key authentication -# chage: -# user: "{{ item.0.username }}" -# sp_expire: 0 -# # command: chage -E 0 {{ item.0.username }} #Alternative lock password & ssh key authentication -# when: item.0.user_state == 'lock' and item.1 in group_names -# with_subelements: -# - "{{ users }}" -# - servers -# loop_control: -# label: "username: {{item.0.username}}, user_state: {{ item.0.user_state }}" - -- name: Lock users | Lock password & ssh key authentication - user: - name: "{{ item.0.username }}" - expires: 0 #lock account if not locked -# command: chage -E 0 {{ item.0.username }} #Alternative lock password & ssh key authentication -# register: user_results - when: item.0.user_state == 'lock' and item.1 in group_names - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, user_state: {{ item.0.user_state }}" - -#Not needed, sp_expire -1 locks password authentication as well. -#- name: Lock users | Lock password login -# command: passwd -l {{ item.username }} #lock password authentication -# when: item.user_state == 'lock' -# with_items: "{{ users }}" - -- name: SSH Keys | Add authorized key for ssh key authentication - authorized_key: - user: "{{ item.0.username }}" - key: "{{ item.0.ssh_key }}" - exclusive: "{{ item.0.exclusive_ssh_key if item.0.exclusive_ssh_key is defined else 'no' }}" - state: present - when: item.0.ssh_key is defined and item.1 in group_names - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, ssh_key: {{ 'True' if item.0.ssh_key is defined else 'False' }}, exclusive_ssh_key: {{ item.0.exclusive_ssh_key if item.0.exclusive_ssh_key is defined else 'False' }}" # noqa 204 - -- name: SSH Keys | Generate ssh key - user: - name: "{{ item.0.username }}" - generate_ssh_key: "{{ item.0.generate_ssh_key | default(false) }}" - ssh_key_bits: "{{ item.0.ssh_key_bits | default(omit) }}" - ssh_key_passphrase: "{{ item.0.ssh_key_passphrase | default(omit) }}" - when: item.0.generate_ssh_key is defined and item.1 in group_names - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, generate_ssh_key: {{ 'True' if item.0.generate_ssh_key is defined else 'False' }}, ssh_key_bits: {{ item.0.ssh_key_bits if item.0.ssh_key_bits is defined else '' }}, ssh_key_passphrase: {{ 'True' if item.0.ssh_key_passphrase is defined else 'False' }} " - -- name: Sudo | add to sudoers file and validate - lineinfile: - dest: /etc/sudoers - state: present - regexp: '^{{ item.0.username }} ' -# line: '{{ item.0.username }} ALL=(ALL) NOPASSWD:ALL' - line: "{{ item.0.username }} ALL=(ALL) {{ 'NOPASSWD:' if ( item.0.use_sudo_nopass|d(false) ) else '' }}ALL" - validate: 'visudo -cf %s' - environment: - PATH: /usr/sbin:/usr/local/sbin:/sbin - # TODO: Fix literal compare - when: item.0.use_sudo|d(false)|bool == true and item.1 in group_names # noqa 601 - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, use_sudo: {{ item.0.use_sudo|d(false) }}, use_sudo_nopass: {{ item.0.use_sudo_nopass|d(false) }}" -#environment fixes Redhat issue of hard-coded path to visudo - -- name: Sudo | remove from sudoers file and validate - lineinfile: - dest: /etc/sudoers - state: absent - regexp: '^{{ item.0.username }} ' - line: '{{ item.0.username }}' - validate: 'visudo -cf %s' - environment: - PATH: /usr/sbin:/usr/local/sbin:/sbin - # TODO: Fix literal compare - when: item.0.use_sudo|d(false)|bool == false and item.1 in group_names # noqa 601 - with_subelements: - - "{{ users }}" - - servers - loop_control: - label: "username: {{ item.0.username }}, use_sudo: {{ item.0.use_sudo|d(false) }}" diff --git a/roles/ryandaniels.create_users/tests/inventory b/roles/ryandaniels.create_users/tests/inventory deleted file mode 100644 index a5f89b3c..00000000 --- a/roles/ryandaniels.create_users/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -[webserver] -localhost diff --git a/roles/ryandaniels.create_users/tests/test-passchange.yml b/roles/ryandaniels.create_users/tests/test-passchange.yml deleted file mode 100644 index aeb4bb75..00000000 --- a/roles/ryandaniels.create_users/tests/test-passchange.yml +++ /dev/null @@ -1,91 +0,0 @@ ---- -- hosts: localhost - remote_user: root - - vars: - debug_enabled_default: false - - users: - - username: testuser101 - password: $6$/y5RGZnFaD3f$96xVdOAnldEtS__NEW_SHOULD_NOT_CHANGE__bFymeKH/1Rxd3k.RQfpgebM6amLK3xAaycybdc.60 - update_password: on_create - comment: Test User 100 - shell: /bin/bash - ssh_key: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8crAHG/a9QBD4zO0ZHIjdRXy+ySKviXVCMIJ3/NMIAAzDyIsPKToUJmIApHHHF1/hBllqzBSkPEMwgFbXjyqTeVPHF8V0iq41n0kgbulJG testuser101@server1 - ssh-rsa AAAA.... testuser101@server2 - exclusive_ssh_key: yes - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser102 - password: $6$F/KXFzMa$ZIDqtYtM6sOC3UmRnt__NEW_SHOULD_CHANGE__6jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1 - update_password: always - comment: Test User 101 - groups: testnew102 - shell: /bin/sh - use_sudo: yes - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser103 - update_password: always - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser104 - ssh_key: ssh-rsa AAABNEW.... test104@server - exclusive_ssh_key: yes - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser105 - uid: 1099 - password: $6$XEnyI5UYSw$Rlc6tXtECtqdJ3uFitrbBlec1/8Fx2obfgFST419ntJqaX8sfPQ9xR7vj7dGhQsfX8zcSX3tumzR7/vwlIH6p/ - primarygroup: group105primary - ssh_key: ssh-rsa AAAB.... test107@server - use_sudo: no - user_state: lock - servers: - - webserver - - database - - monitoring - - - username: testuser106 - user_state: present - primarygroup: group106primary - primarygid: 2222 - groups: groupcommon - servers: - - webserver - - database - - - username: testuser107 - user_state: present - groups: groupcommon, testgroupweb - servers: - - webserver - - - username: testuser107 - user_state: present - groups: groupcommon, testgroupdb - servers: - - database - - roles: - - ansible-role-create-users diff --git a/roles/ryandaniels.create_users/tests/test.yml b/roles/ryandaniels.create_users/tests/test.yml deleted file mode 100644 index 5e759192..00000000 --- a/roles/ryandaniels.create_users/tests/test.yml +++ /dev/null @@ -1,126 +0,0 @@ ---- -- hosts: localhost - remote_user: root - - vars: - debug_enabled_default: false - - users: - - username: testuser101 - password: $6$/y5RGZnFaD3f$96xVdOAnldEtSxivDY02h.DwPTrJgGQl8/MTRRrFAwKTYbFymeKH/1Rxd3k.RQfpgebM6amLK3xAaycybdc.60 - update_password: on_create - comment: Test User 100 - shell: /bin/bash - ssh_key: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx8crAHG/a9QBD4zO0ZHIjdRXy+ySKviXVCMIJ3/NMIAAzDyIsPKToUJmIApHHHF1/hBllqzBSkPEMwgFbXjyqTeVPHF8V0iq41n0kgbulJG testuser101@server1 - ssh-rsa AAAA.... testuser101@server2 - exclusive_ssh_key: yes - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser102 - password: $6$F/KXFzMa$ZIDqtYtM6sOC3UmRntVsTcy1rnsvw.6tBquOhX7Sb26jxskXpve8l6DYsQyI1FT8N5I5cL0YkzW7bLbSCMtUw1 - update_password: always - comment: Test User 101 - groups: testnew102 - shell: /bin/sh - use_sudo: yes - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser103 - password: $6$wBxBAqRmG6O$gPbg9hYShkuIe3YKMFujwiKsPKZHNFwoK4yCyTOlploljz53YSoPdCn9P5k8Qm0z062Q.8hvJ6DnnQQjwtrnS0 - update_password: always - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser104 - ssh_key: ssh-rsa AAAB.... test104@server - exclusive_ssh_key: no - use_sudo: no - user_state: present - servers: - - webserver - - database - - monitoring - - - username: testuser105 - uid: 1099 - password: $6$XEnyI5UYSw$Rlc6tXtECtqdJ3uFitrbBlec1/8Fx2obfgFST419ntJqaX8sfPQ9xR7vj7dGhQsfX8zcSX3tumzR7/vwlIH6p/ - primarygroup: group105primary - ssh_key: ssh-rsa AAAB.... test107@server - use_sudo: no - user_state: lock - servers: - - webserver - - database - - monitoring - - - username: testuser106 - user_state: present - primarygroup: group106primary - primarygid: 2222 - groups: groupcommon - servers: - - webserver - - database - - - username: testuser107 - user_state: present - groups: groupcommon, testgroupweb - servers: - - webserver - - - username: testuser107 - user_state: present - groups: groupcommon, testgroupdb - servers: - - database - - - username: testuser108 - user_state: present - generate_ssh_key: yes - servers: - - webserver - - database - - monitoring - - - username: testuser109 - user_state: present - generate_ssh_key: yes - ssh_key_bits: 4096 - ssh_key_passphrase: "use_vault_instead_of_cleartext_for_production" - servers: - - webserver - - database - - monitoring - - - username: testuser110 - user_state: present - generate_ssh_key: no - servers: - - webserver - - database - - monitoring - - - username: testuser111 - user_state: present - system: yes - servers: - - webserver - - database - - monitoring - - roles: - - ansible-role-create-users