From 71d7b350e36a0581ef6e99347abdc8381adc3bf9 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 25 May 2021 18:46:46 +0300 Subject: [PATCH] Initial commit --- .gitattributes | 2 + .gitignore | 5 + .travis.yml | 15 + .yamllint | 32 ++ README.md | 56 ++++ ansible.cfg | 33 ++ bundle.sh | 21 ++ galaxy.yml | 24 ++ playbook.yml | 18 + playbooks/templates/playbook.yml | 11 + requirements.txt | 10 + roles/baseline/.yamllint | 12 + roles/baseline/README.md | 35 ++ roles/baseline/defaults/main.yml | 2 + roles/baseline/handlers/main.yml | 2 + roles/baseline/meta/main.yml | 35 ++ roles/baseline/molecule/default/molecule.yml | 39 +++ .../molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 37 ++ .../molecule/docker-debian-9/molecule.yml | 37 ++ .../molecule/docker-fedora-30/molecule.yml | 38 +++ .../molecule/docker-rhel-7/molecule.yml | 38 +++ .../molecule/docker-rhel-8/molecule.yml | 40 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 37 ++ .../baseline/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 7 + .../molecule/vagrant-centos-7/molecule.yml | 28 ++ roles/baseline/tasks/epel.yml | 8 + roles/baseline/tasks/hosts.yml | 6 + roles/baseline/tasks/main.yml | 19 ++ roles/baseline/tasks/pip.yml | 8 + roles/baseline/templates/hosts.j2 | 3 + roles/baseline/vars/main.yml | 2 + roles/dotfiles/.yamllint | 12 + roles/dotfiles/README.md | 35 ++ roles/dotfiles/defaults/main.yml | 20 ++ roles/dotfiles/handlers/main.yml | 2 + roles/dotfiles/meta/main.yml | 35 ++ roles/dotfiles/molecule/default/molecule.yml | 36 ++ .../dotfiles/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ roles/dotfiles/tasks/main.yml | 59 ++++ roles/dotfiles/vars/main.yml | 2 + roles/flatpak/.yamllint | 12 + roles/flatpak/README.md | 35 ++ roles/flatpak/defaults/main.yml | 21 ++ roles/flatpak/handlers/main.yml | 7 + roles/flatpak/meta/main.yml | 35 ++ roles/flatpak/molecule/default/molecule.yml | 42 +++ .../molecule/docker-centos-7/molecule.yml | 42 +++ .../molecule/docker-debian-10/molecule.yml | 40 +++ .../molecule/docker-debian-9/molecule.yml | 40 +++ .../molecule/docker-fedora-30/molecule.yml | 41 +++ .../molecule/docker-rhel-7/molecule.yml | 41 +++ .../molecule/docker-rhel-8/molecule.yml | 43 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 40 +++ .../flatpak/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 31 ++ .../molecule/vagrant-debian-10/molecule.yml | 31 ++ .../molecule/vagrant-fedora-30/molecule.yml | 31 ++ .../molecule/vagrant-rhel-8/molecule.yml | 31 ++ .../vagrant-ubuntu-18.04/molecule.yml | 31 ++ roles/flatpak/tasks/configure.yml | 21 ++ roles/flatpak/tasks/install.yml | 8 + roles/flatpak/tasks/main.yml | 19 ++ roles/flatpak/vars/main.yml | 11 + roles/hugo/.yamllint | 32 ++ roles/hugo/README.md | 35 ++ roles/hugo/defaults/main.yml | 7 + roles/hugo/meta/main.yml | 35 ++ roles/hugo/molecule/default/molecule.yml | 39 +++ .../molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 40 +++ .../molecule/docker-debian-9/molecule.yml | 40 +++ .../molecule/docker-fedora-30/molecule.yml | 41 +++ .../hugo/molecule/docker-rhel-7/molecule.yml | 41 +++ .../hugo/molecule/docker-rhel-8/molecule.yml | 43 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 40 +++ roles/hugo/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 31 ++ .../molecule/vagrant-debian-10/molecule.yml | 31 ++ .../molecule/vagrant-fedora-30/molecule.yml | 31 ++ .../hugo/molecule/vagrant-rhel-8/molecule.yml | 31 ++ .../vagrant-ubuntu-18.04/molecule.yml | 31 ++ roles/hugo/tasks/main.yml | 23 ++ roles/micro/.yamllint | 32 ++ roles/micro/README.md | 35 ++ roles/micro/defaults/main.yml | 7 + roles/micro/meta/main.yml | 35 ++ roles/micro/molecule/default/molecule.yml | 39 +++ roles/micro/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + roles/micro/tasks/main.yml | 24 ++ roles/micro/vars/main.yml | 2 + roles/npm/.yamllint | 32 ++ roles/npm/README.md | 35 ++ roles/npm/defaults/main.yml | 11 + roles/npm/meta/main.yml | 35 ++ roles/npm/molecule/default/molecule.yml | 39 +++ .../npm/molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 40 +++ .../npm/molecule/docker-debian-9/molecule.yml | 40 +++ .../molecule/docker-fedora-30/molecule.yml | 41 +++ roles/npm/molecule/docker-rhel-7/molecule.yml | 41 +++ roles/npm/molecule/docker-rhel-8/molecule.yml | 43 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 40 +++ roles/npm/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 31 ++ .../molecule/vagrant-debian-10/molecule.yml | 31 ++ .../molecule/vagrant-fedora-30/molecule.yml | 31 ++ .../npm/molecule/vagrant-rhel-8/molecule.yml | 31 ++ .../vagrant-ubuntu-18.04/molecule.yml | 31 ++ roles/npm/tasks/install.yml | 17 + roles/npm/tasks/main.yml | 18 + roles/npm/vars/main.yml | 11 + roles/packages/.yamllint | 12 + roles/packages/README.md | 35 ++ roles/packages/defaults/main.yml | 17 + roles/packages/handlers/main.yml | 2 + roles/packages/meta/main.yml | 35 ++ roles/packages/molecule/default/molecule.yml | 39 +++ .../molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 37 ++ .../molecule/docker-debian-9/molecule.yml | 37 ++ .../molecule/docker-fedora-30/molecule.yml | 38 +++ .../molecule/docker-rhel-7/molecule.yml | 38 +++ .../molecule/docker-rhel-8/molecule.yml | 40 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 37 ++ .../packages/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 7 + .../molecule/vagrant-rhel-8/molecule.yml | 28 ++ roles/packages/tasks/main.yml | 118 +++++++ roles/packages/vars/main.yml | 315 ++++++++++++++++++ roles/pandoc/.yamllint | 32 ++ roles/pandoc/README.md | 35 ++ roles/pandoc/defaults/main.yml | 7 + roles/pandoc/handlers/main.yml | 7 + roles/pandoc/meta/main.yml | 35 ++ roles/pandoc/molecule/default/molecule.yml | 42 +++ .../molecule/docker-centos-7/molecule.yml | 42 +++ .../molecule/docker-debian-10/molecule.yml | 40 +++ .../molecule/docker-debian-9/molecule.yml | 40 +++ .../molecule/docker-fedora-30/molecule.yml | 41 +++ .../molecule/docker-rhel-7/molecule.yml | 41 +++ .../molecule/docker-rhel-8/molecule.yml | 43 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 40 +++ roles/pandoc/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 31 ++ .../molecule/vagrant-debian-10/molecule.yml | 31 ++ .../molecule/vagrant-fedora-30/molecule.yml | 31 ++ .../molecule/vagrant-rhel-8/molecule.yml | 31 ++ .../vagrant-ubuntu-18.04/molecule.yml | 31 ++ roles/pandoc/tasks/main.yml | 22 ++ roles/pandoc/vars/main.yml | 11 + roles/pip/.yamllint | 32 ++ roles/pip/README.md | 35 ++ roles/pip/defaults/main.yml | 7 + roles/pip/handlers/main.yml | 7 + roles/pip/meta/main.yml | 35 ++ roles/pip/molecule/default/molecule.yml | 42 +++ .../pip/molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 37 ++ .../pip/molecule/docker-debian-9/molecule.yml | 37 ++ .../molecule/docker-fedora-30/molecule.yml | 38 +++ roles/pip/molecule/docker-rhel-7/molecule.yml | 38 +++ roles/pip/molecule/docker-rhel-8/molecule.yml | 40 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 37 ++ roles/pip/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 28 ++ .../molecule/vagrant-debian-10/molecule.yml | 28 ++ .../molecule/vagrant-fedora-30/molecule.yml | 28 ++ .../pip/molecule/vagrant-rhel-8/molecule.yml | 28 ++ .../vagrant-ubuntu-18.04/molecule.yml | 28 ++ roles/pip/tasks/install.yml | 9 + roles/pip/tasks/main.yml | 18 + roles/pip/vars/main.yml | 2 + roles/profile/.yamllint | 12 + roles/profile/README.md | 35 ++ roles/profile/defaults/main.yml | 2 + roles/profile/files/neo.sh | 1 + roles/profile/handlers/main.yml | 2 + roles/profile/meta/main.yml | 35 ++ roles/profile/molecule/default/molecule.yml | 39 +++ .../profile/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 7 + roles/profile/tasks/issue.yml | 15 + roles/profile/tasks/main.yml | 6 + roles/profile/tasks/motd.yml | 7 + roles/profile/tasks/neofetch.yml | 22 ++ roles/profile/templates/motd.j2 | 6 + roles/profile/templates/splash.issue.j2 | 1 + roles/profile/vars/main.yml | 2 + roles/secure/.yamllint | 12 + roles/secure/README.md | 35 ++ roles/secure/defaults/main.yml | 2 + roles/secure/handlers/main.yml | 7 + roles/secure/meta/main.yml | 35 ++ roles/secure/molecule/default/molecule.yml | 39 +++ .../molecule/docker-centos-7/molecule.yml | 39 +++ .../molecule/docker-debian-10/molecule.yml | 40 +++ .../molecule/docker-debian-9/molecule.yml | 40 +++ .../molecule/docker-fedora-30/molecule.yml | 41 +++ .../molecule/docker-rhel-7/molecule.yml | 41 +++ .../molecule/docker-rhel-8/molecule.yml | 43 +++ .../molecule/docker-ubuntu-18.04/molecule.yml | 40 +++ roles/secure/molecule/resources/Dockerfile.j2 | 26 ++ .../molecule/resources/playbooks/bootstrap.sh | 28 ++ .../molecule/resources/playbooks/playbook.yml | 5 + .../molecule/resources/playbooks/prepare.yml | 9 + .../molecule/resources/playbooks/verify.yml | 71 ++++ .../molecule/resources/tests/test_default.yml | 17 + .../molecule/vagrant-centos-7/molecule.yml | 31 ++ .../molecule/vagrant-debian-10/molecule.yml | 31 ++ .../molecule/vagrant-fedora-30/molecule.yml | 31 ++ .../molecule/vagrant-rhel-8/molecule.yml | 31 ++ .../vagrant-ubuntu-18.04/molecule.yml | 31 ++ roles/secure/tasks/lynis.yml | 8 + roles/secure/tasks/main.yml | 23 ++ roles/secure/tasks/openscap.yml | 11 + roles/secure/tasks/ssh.yml | 28 ++ roles/secure/tasks/sshd.yml | 28 ++ roles/secure/vars/main.yml | 9 + 266 files changed, 7590 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 .yamllint create mode 100644 README.md create mode 100644 ansible.cfg create mode 100755 bundle.sh create mode 100644 galaxy.yml create mode 100644 playbook.yml create mode 100644 playbooks/templates/playbook.yml create mode 100644 requirements.txt create mode 100644 roles/baseline/.yamllint create mode 100644 roles/baseline/README.md create mode 100644 roles/baseline/defaults/main.yml create mode 100644 roles/baseline/handlers/main.yml create mode 100644 roles/baseline/meta/main.yml create mode 100644 roles/baseline/molecule/default/molecule.yml create mode 100644 roles/baseline/molecule/docker-centos-7/molecule.yml create mode 100644 roles/baseline/molecule/docker-debian-10/molecule.yml create mode 100644 roles/baseline/molecule/docker-debian-9/molecule.yml create mode 100644 roles/baseline/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/baseline/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/baseline/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/baseline/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/baseline/molecule/resources/Dockerfile.j2 create mode 100755 roles/baseline/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/baseline/molecule/resources/playbooks/playbook.yml create mode 100644 roles/baseline/molecule/resources/playbooks/prepare.yml create mode 100644 roles/baseline/molecule/resources/playbooks/verify.yml create mode 100644 roles/baseline/molecule/resources/tests/test_default.yml create mode 100644 roles/baseline/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/baseline/tasks/epel.yml create mode 100644 roles/baseline/tasks/hosts.yml create mode 100644 roles/baseline/tasks/main.yml create mode 100644 roles/baseline/tasks/pip.yml create mode 100644 roles/baseline/templates/hosts.j2 create mode 100644 roles/baseline/vars/main.yml create mode 100644 roles/dotfiles/.yamllint create mode 100644 roles/dotfiles/README.md create mode 100644 roles/dotfiles/defaults/main.yml create mode 100644 roles/dotfiles/handlers/main.yml create mode 100644 roles/dotfiles/meta/main.yml create mode 100644 roles/dotfiles/molecule/default/molecule.yml create mode 100644 roles/dotfiles/molecule/resources/Dockerfile.j2 create mode 100755 roles/dotfiles/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/dotfiles/molecule/resources/playbooks/playbook.yml create mode 100644 roles/dotfiles/molecule/resources/playbooks/prepare.yml create mode 100644 roles/dotfiles/molecule/resources/playbooks/verify.yml create mode 100644 roles/dotfiles/tasks/main.yml create mode 100644 roles/dotfiles/vars/main.yml create mode 100644 roles/flatpak/.yamllint create mode 100644 roles/flatpak/README.md create mode 100644 roles/flatpak/defaults/main.yml create mode 100644 roles/flatpak/handlers/main.yml create mode 100644 roles/flatpak/meta/main.yml create mode 100644 roles/flatpak/molecule/default/molecule.yml create mode 100644 roles/flatpak/molecule/docker-centos-7/molecule.yml create mode 100644 roles/flatpak/molecule/docker-debian-10/molecule.yml create mode 100644 roles/flatpak/molecule/docker-debian-9/molecule.yml create mode 100644 roles/flatpak/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/flatpak/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/flatpak/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/flatpak/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/flatpak/molecule/resources/Dockerfile.j2 create mode 100755 roles/flatpak/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/flatpak/molecule/resources/playbooks/playbook.yml create mode 100644 roles/flatpak/molecule/resources/playbooks/prepare.yml create mode 100644 roles/flatpak/molecule/resources/playbooks/verify.yml create mode 100644 roles/flatpak/molecule/resources/tests/test_default.yml create mode 100644 roles/flatpak/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/flatpak/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/flatpak/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/flatpak/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/flatpak/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/flatpak/tasks/configure.yml create mode 100644 roles/flatpak/tasks/install.yml create mode 100644 roles/flatpak/tasks/main.yml create mode 100644 roles/flatpak/vars/main.yml create mode 100644 roles/hugo/.yamllint create mode 100644 roles/hugo/README.md create mode 100644 roles/hugo/defaults/main.yml create mode 100644 roles/hugo/meta/main.yml create mode 100644 roles/hugo/molecule/default/molecule.yml create mode 100644 roles/hugo/molecule/docker-centos-7/molecule.yml create mode 100644 roles/hugo/molecule/docker-debian-10/molecule.yml create mode 100644 roles/hugo/molecule/docker-debian-9/molecule.yml create mode 100644 roles/hugo/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/hugo/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/hugo/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/hugo/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/hugo/molecule/resources/Dockerfile.j2 create mode 100755 roles/hugo/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/hugo/molecule/resources/playbooks/playbook.yml create mode 100644 roles/hugo/molecule/resources/playbooks/prepare.yml create mode 100644 roles/hugo/molecule/resources/playbooks/verify.yml create mode 100644 roles/hugo/molecule/resources/tests/test_default.yml create mode 100644 roles/hugo/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/hugo/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/hugo/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/hugo/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/hugo/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/hugo/tasks/main.yml create mode 100644 roles/micro/.yamllint create mode 100644 roles/micro/README.md create mode 100644 roles/micro/defaults/main.yml create mode 100644 roles/micro/meta/main.yml create mode 100644 roles/micro/molecule/default/molecule.yml create mode 100644 roles/micro/molecule/resources/Dockerfile.j2 create mode 100755 roles/micro/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/micro/molecule/resources/playbooks/playbook.yml create mode 100644 roles/micro/molecule/resources/playbooks/prepare.yml create mode 100644 roles/micro/molecule/resources/playbooks/verify.yml create mode 100644 roles/micro/molecule/resources/tests/test_default.yml create mode 100644 roles/micro/tasks/main.yml create mode 100644 roles/micro/vars/main.yml create mode 100644 roles/npm/.yamllint create mode 100644 roles/npm/README.md create mode 100644 roles/npm/defaults/main.yml create mode 100644 roles/npm/meta/main.yml create mode 100644 roles/npm/molecule/default/molecule.yml create mode 100644 roles/npm/molecule/docker-centos-7/molecule.yml create mode 100644 roles/npm/molecule/docker-debian-10/molecule.yml create mode 100644 roles/npm/molecule/docker-debian-9/molecule.yml create mode 100644 roles/npm/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/npm/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/npm/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/npm/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/npm/molecule/resources/Dockerfile.j2 create mode 100755 roles/npm/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/npm/molecule/resources/playbooks/playbook.yml create mode 100644 roles/npm/molecule/resources/playbooks/prepare.yml create mode 100644 roles/npm/molecule/resources/playbooks/verify.yml create mode 100644 roles/npm/molecule/resources/tests/test_default.yml create mode 100644 roles/npm/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/npm/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/npm/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/npm/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/npm/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/npm/tasks/install.yml create mode 100644 roles/npm/tasks/main.yml create mode 100644 roles/npm/vars/main.yml create mode 100644 roles/packages/.yamllint create mode 100644 roles/packages/README.md create mode 100644 roles/packages/defaults/main.yml create mode 100644 roles/packages/handlers/main.yml create mode 100644 roles/packages/meta/main.yml create mode 100644 roles/packages/molecule/default/molecule.yml create mode 100644 roles/packages/molecule/docker-centos-7/molecule.yml create mode 100644 roles/packages/molecule/docker-debian-10/molecule.yml create mode 100644 roles/packages/molecule/docker-debian-9/molecule.yml create mode 100644 roles/packages/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/packages/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/packages/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/packages/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/packages/molecule/resources/Dockerfile.j2 create mode 100755 roles/packages/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/packages/molecule/resources/playbooks/playbook.yml create mode 100644 roles/packages/molecule/resources/playbooks/prepare.yml create mode 100644 roles/packages/molecule/resources/playbooks/verify.yml create mode 100644 roles/packages/molecule/resources/tests/test_default.yml create mode 100644 roles/packages/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/packages/tasks/main.yml create mode 100644 roles/packages/vars/main.yml create mode 100644 roles/pandoc/.yamllint create mode 100644 roles/pandoc/README.md create mode 100644 roles/pandoc/defaults/main.yml create mode 100644 roles/pandoc/handlers/main.yml create mode 100644 roles/pandoc/meta/main.yml create mode 100644 roles/pandoc/molecule/default/molecule.yml create mode 100644 roles/pandoc/molecule/docker-centos-7/molecule.yml create mode 100644 roles/pandoc/molecule/docker-debian-10/molecule.yml create mode 100644 roles/pandoc/molecule/docker-debian-9/molecule.yml create mode 100644 roles/pandoc/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/pandoc/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/pandoc/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/pandoc/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/pandoc/molecule/resources/Dockerfile.j2 create mode 100755 roles/pandoc/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/pandoc/molecule/resources/playbooks/playbook.yml create mode 100644 roles/pandoc/molecule/resources/playbooks/prepare.yml create mode 100644 roles/pandoc/molecule/resources/playbooks/verify.yml create mode 100644 roles/pandoc/molecule/resources/tests/test_default.yml create mode 100644 roles/pandoc/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/pandoc/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/pandoc/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/pandoc/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/pandoc/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/pandoc/tasks/main.yml create mode 100644 roles/pandoc/vars/main.yml create mode 100644 roles/pip/.yamllint create mode 100644 roles/pip/README.md create mode 100644 roles/pip/defaults/main.yml create mode 100644 roles/pip/handlers/main.yml create mode 100644 roles/pip/meta/main.yml create mode 100644 roles/pip/molecule/default/molecule.yml create mode 100644 roles/pip/molecule/docker-centos-7/molecule.yml create mode 100644 roles/pip/molecule/docker-debian-10/molecule.yml create mode 100644 roles/pip/molecule/docker-debian-9/molecule.yml create mode 100644 roles/pip/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/pip/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/pip/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/pip/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/pip/molecule/resources/Dockerfile.j2 create mode 100755 roles/pip/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/pip/molecule/resources/playbooks/playbook.yml create mode 100644 roles/pip/molecule/resources/playbooks/prepare.yml create mode 100644 roles/pip/molecule/resources/playbooks/verify.yml create mode 100644 roles/pip/molecule/resources/tests/test_default.yml create mode 100644 roles/pip/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/pip/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/pip/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/pip/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/pip/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/pip/tasks/install.yml create mode 100644 roles/pip/tasks/main.yml create mode 100644 roles/pip/vars/main.yml create mode 100644 roles/profile/.yamllint create mode 100644 roles/profile/README.md create mode 100644 roles/profile/defaults/main.yml create mode 100755 roles/profile/files/neo.sh create mode 100644 roles/profile/handlers/main.yml create mode 100644 roles/profile/meta/main.yml create mode 100644 roles/profile/molecule/default/molecule.yml create mode 100644 roles/profile/molecule/resources/Dockerfile.j2 create mode 100755 roles/profile/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/profile/molecule/resources/playbooks/playbook.yml create mode 100644 roles/profile/molecule/resources/playbooks/prepare.yml create mode 100644 roles/profile/molecule/resources/playbooks/verify.yml create mode 100644 roles/profile/molecule/resources/tests/test_default.yml create mode 100644 roles/profile/tasks/issue.yml create mode 100644 roles/profile/tasks/main.yml create mode 100644 roles/profile/tasks/motd.yml create mode 100644 roles/profile/tasks/neofetch.yml create mode 100644 roles/profile/templates/motd.j2 create mode 100644 roles/profile/templates/splash.issue.j2 create mode 100644 roles/profile/vars/main.yml create mode 100644 roles/secure/.yamllint create mode 100644 roles/secure/README.md create mode 100644 roles/secure/defaults/main.yml create mode 100644 roles/secure/handlers/main.yml create mode 100644 roles/secure/meta/main.yml create mode 100644 roles/secure/molecule/default/molecule.yml create mode 100644 roles/secure/molecule/docker-centos-7/molecule.yml create mode 100644 roles/secure/molecule/docker-debian-10/molecule.yml create mode 100644 roles/secure/molecule/docker-debian-9/molecule.yml create mode 100644 roles/secure/molecule/docker-fedora-30/molecule.yml create mode 100644 roles/secure/molecule/docker-rhel-7/molecule.yml create mode 100644 roles/secure/molecule/docker-rhel-8/molecule.yml create mode 100644 roles/secure/molecule/docker-ubuntu-18.04/molecule.yml create mode 100644 roles/secure/molecule/resources/Dockerfile.j2 create mode 100755 roles/secure/molecule/resources/playbooks/bootstrap.sh create mode 100644 roles/secure/molecule/resources/playbooks/playbook.yml create mode 100644 roles/secure/molecule/resources/playbooks/prepare.yml create mode 100644 roles/secure/molecule/resources/playbooks/verify.yml create mode 100644 roles/secure/molecule/resources/tests/test_default.yml create mode 100644 roles/secure/molecule/vagrant-centos-7/molecule.yml create mode 100644 roles/secure/molecule/vagrant-debian-10/molecule.yml create mode 100644 roles/secure/molecule/vagrant-fedora-30/molecule.yml create mode 100644 roles/secure/molecule/vagrant-rhel-8/molecule.yml create mode 100644 roles/secure/molecule/vagrant-ubuntu-18.04/molecule.yml create mode 100644 roles/secure/tasks/lynis.yml create mode 100644 roles/secure/tasks/main.yml create mode 100644 roles/secure/tasks/openscap.yml create mode 100644 roles/secure/tasks/ssh.yml create mode 100644 roles/secure/tasks/sshd.yml create mode 100644 roles/secure/vars/main.yml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..dfe0770 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Auto detect text files and perform LF normalization +* text=auto diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..db6c5cd --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +releases/ +docs/site +id_rsa +.vagrant +*.pyc diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..50284c9 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,15 @@ +--- +sudo: required +language: python +services: docker + +cache: + - pip + +install: + - pip install --upgrade pip + - pip install ansible ansbile-lint yamllint mazer molecule docker + +script: + - ansible-lint roles/* + - yamllint roles/* diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/README.md b/README.md new file mode 100644 index 0000000..c70bb21 --- /dev/null +++ b/README.md @@ -0,0 +1,56 @@ +Ansible Workstation Collection +============================== + +[Ansible Galaxy Collection: Workstation](https://galaxy.ansible.com/buluma/workstation): + +- baseline: install baseline (epel for CentOS, python2-pip) as required by other roles +- dotfiles - download and link dotfiles from git repo +- flatpak - install and configure flatpaks +- baseline - baseline configuration (ex: sshd_config) +- micro - setup micro editor +- packages - install various packages +- pandoc - install pandoc +- pip - install various python modules from pip +- profile - setup profile, motd +- secure - secure the system (ex: sshd_config PermitRootLogin no) + +Tested on: +---------- + +- CentOS 7 +- RHEL 8 +- Fedora 30 +- Ubuntu 18.04 +- Debian 10 + +Example +------- + +### Install the role: + +```bash +ansible-galaxy collection install buluma.workstation +``` + + +### playbook.yml example + +```yaml +- name: setup a workstation environment + hosts: all + connection: local + become: yes + gather_facts: yes + roles: + - role: buluma.workstation.dotfiles +``` + +### Running a single role: + +``` +ansible localhost -m include_role -a 'name=secure' +``` + +# See also: + +- [Ansible Virtualization Collection](https://galaxy.ansible.com/buluma/virtualization) diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..7296830 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,33 @@ +[defaults] +#strategy = free +strategy = linear + +# Facts gathering and caching +#gathering = smart +fact_caching_timeout = 86400 +fact_caching = jsonfile +fact_caching_connection = /tmp/ansible_facts_cache.json + +# Callback and logging +stdout_callback = debug +nocows = 1 +log_path = /tmp/ansible.log +display_skipped_hosts = no +display_args_to_stdout = False +deprecation_warnings = True +#callback_whitelist = profile_tasks + +# Inventory and connectivity +inventory = hosts +remote_user = vagrant +host_key_checking = False +forks = 20 +pipelining = True +remote_tmp = /tmp/.ansible +ansible_python_interpreter = /usr/bin/python3 + +[privilege_escalation] +become = True +become_method = sudo +become_user = root +become_ask_pass = False diff --git a/bundle.sh b/bundle.sh new file mode 100755 index 0000000..ff44fbc --- /dev/null +++ b/bundle.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +# exit when any command fails +set -e + +# Run lint +yamllint roles/* +ansible-lint roles/* +ansible-playbook --syntax-check playbook.yml + +# Release +my_release=$(mazer build | awk 'END{print $NF}') + + +echo "Release ${my_release} to ansible-galaxy?" +select yn in "Yes" "No"; do + case $yn in + Yes ) mazer publish ${my_release}; break;; + No ) exit;; + esac +done diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..6768a38 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,24 @@ +--- +namespace: "buluma" +name: "workstation" +version: "1.0.17" +readme: "README.md" +authors: + - "Michael Buluma (https://github.com/buluma)" +description: "Collection of Workstation Tools" +license: + - "MIT" +tags: + - linux + - workstation + - baseline + - profile + - dotfiles + - micro + - pip + - development + - collection +repository: "https://www.github.com/buluma/ansible_workstation" +homepage: "https://www.github.com/buluma/ansible_workstation" +documentation: "https://www.github.com/buluma/ansible_workstation" +issues: "https://www.github.com/buluma/ansible_workstation/issues" diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000..76c6b3e --- /dev/null +++ b/playbook.yml @@ -0,0 +1,18 @@ +--- +# ansible-playbook -i localhost, playbook.yml -e 'ansible_python_interpreter=/usr/bin/python3' + +- hosts: all + connection: local + gather_facts: yes + roles: + - role: hugo + - role: baseline + - role: packages + - role: micro + - role: pandoc + - role: profile + - role: dotfiles + - role: flatpak + - role: pip + - role: npm + - role: secure diff --git a/playbooks/templates/playbook.yml b/playbooks/templates/playbook.yml new file mode 100644 index 0000000..bfda0a9 --- /dev/null +++ b/playbooks/templates/playbook.yml @@ -0,0 +1,11 @@ +--- +# ansible-playbook playbook.yml + +- hosts: all + connection: ssh + gather_facts: yes + roles: + - role: crivetimihai.workstation.dotfiles + - role: crivetimihai.workstation.profile + - role: crivetimihai.workstation.packages + - role: crivetimihai.workstation.baseline diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..dfb25ee --- /dev/null +++ b/requirements.txt @@ -0,0 +1,10 @@ +docker +ansible +ansible-lint +yamllint +mazer +molecule +molecule[docker] # requires libyaml-devel +setuptools +selinux +python-vagrant diff --git a/roles/baseline/.yamllint b/roles/baseline/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/baseline/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/baseline/README.md b/roles/baseline/README.md new file mode 100644 index 0000000..669a850 --- /dev/null +++ b/roles/baseline/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +baseline + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: baseline + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml new file mode 100644 index 0000000..911c496 --- /dev/null +++ b/roles/baseline/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for baseline diff --git a/roles/baseline/handlers/main.yml b/roles/baseline/handlers/main.yml new file mode 100644 index 0000000..c4dac0d --- /dev/null +++ b/roles/baseline/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for baseline \ No newline at end of file diff --git a/roles/baseline/meta/main.yml b/roles/baseline/meta/main.yml new file mode 100644 index 0000000..8eb824b --- /dev/null +++ b/roles/baseline/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Baseline + company: ShadowNet + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/baseline/molecule/default/molecule.yml b/roles/baseline/molecule/default/molecule.yml new file mode 100644 index 0000000..4fd4c84 --- /dev/null +++ b/roles/baseline/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-centos-7/molecule.yml b/roles/baseline/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..13bb3e1 --- /dev/null +++ b/roles/baseline/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-debian-10/molecule.yml b/roles/baseline/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..92ff5ec --- /dev/null +++ b/roles/baseline/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-debian-9/molecule.yml b/roles/baseline/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..7193d65 --- /dev/null +++ b/roles/baseline/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-fedora-30/molecule.yml b/roles/baseline/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..b171ea5 --- /dev/null +++ b/roles/baseline/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-rhel-7/molecule.yml b/roles/baseline/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..51752b7 --- /dev/null +++ b/roles/baseline/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-rhel-8/molecule.yml b/roles/baseline/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..9942022 --- /dev/null +++ b/roles/baseline/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/docker-ubuntu-18.04/molecule.yml b/roles/baseline/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..ecaf633 --- /dev/null +++ b/roles/baseline/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: baseline-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/molecule/resources/Dockerfile.j2 b/roles/baseline/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/baseline/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/baseline/molecule/resources/playbooks/bootstrap.sh b/roles/baseline/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/baseline/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/baseline/molecule/resources/playbooks/playbook.yml b/roles/baseline/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..174af97 --- /dev/null +++ b/roles/baseline/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: baseline diff --git a/roles/baseline/molecule/resources/playbooks/prepare.yml b/roles/baseline/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/baseline/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/baseline/molecule/resources/playbooks/verify.yml b/roles/baseline/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/baseline/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/baseline/molecule/resources/tests/test_default.yml b/roles/baseline/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..31a99f8 --- /dev/null +++ b/roles/baseline/molecule/resources/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /etc/hosts: + exists: true + owner: root + group: root diff --git a/roles/baseline/molecule/vagrant-centos-7/molecule.yml b/roles/baseline/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..6e6e4b6 --- /dev/null +++ b/roles/baseline/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: baseline-centos-7 + box: centos/7 +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/baseline/tasks/epel.yml b/roles/baseline/tasks/epel.yml new file mode 100644 index 0000000..9d10fd0 --- /dev/null +++ b/roles/baseline/tasks/epel.yml @@ -0,0 +1,8 @@ +--- + +- name: install epel-release + package: + name: epel-release + state: present + become: yes + when: ansible_distribution == "CentOS" diff --git a/roles/baseline/tasks/hosts.yml b/roles/baseline/tasks/hosts.yml new file mode 100644 index 0000000..94027d7 --- /dev/null +++ b/roles/baseline/tasks/hosts.yml @@ -0,0 +1,6 @@ +--- + +- name: Deploy /etc/myhosts + template: + src: hosts.j2 + dest: /etc/myhosts diff --git a/roles/baseline/tasks/main.yml b/roles/baseline/tasks/main.yml new file mode 100644 index 0000000..09f2e19 --- /dev/null +++ b/roles/baseline/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for baseline +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version >= "7" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- include: epel.yml # Include epel +- include: pip.yml # Install pip +- include: hosts.yml # Generate /etc/myhosts diff --git a/roles/baseline/tasks/pip.yml b/roles/baseline/tasks/pip.yml new file mode 100644 index 0000000..c658bf6 --- /dev/null +++ b/roles/baseline/tasks/pip.yml @@ -0,0 +1,8 @@ +--- + +- name: install python2-pip + package: + name: python2-pip + state: present + become: yes + when: ansible_distribution == "CentOS" diff --git a/roles/baseline/templates/hosts.j2 b/roles/baseline/templates/hosts.j2 new file mode 100644 index 0000000..425bf81 --- /dev/null +++ b/roles/baseline/templates/hosts.j2 @@ -0,0 +1,3 @@ +{% for host in groups['all'] %} +{{ hostvars['host']['ansible_facts']['default_ipv4']['address'] }} {{ hostvars['host']['ansible_facts']['fqdn'] }} {{ hostvars['host']['ansible_facts']['hostname'] }} +{% endfor %} diff --git a/roles/baseline/vars/main.yml b/roles/baseline/vars/main.yml new file mode 100644 index 0000000..c81a8bc --- /dev/null +++ b/roles/baseline/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for baseline \ No newline at end of file diff --git a/roles/dotfiles/.yamllint b/roles/dotfiles/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/dotfiles/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/dotfiles/README.md b/roles/dotfiles/README.md new file mode 100644 index 0000000..6c7da46 --- /dev/null +++ b/roles/dotfiles/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +dotfiles + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: dotfiles + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/dotfiles/defaults/main.yml b/roles/dotfiles/defaults/main.yml new file mode 100644 index 0000000..8a121d9 --- /dev/null +++ b/roles/dotfiles/defaults/main.yml @@ -0,0 +1,20 @@ +--- +# defaults file for dotfiles + +dotfiles_repo: "https://github.com/crivetimihai/dotfiles.git" +dotfiles_repo_version: HEAD +dotfiles_path: ~/.dotfiles +spacemacs_version: "v0.200.13" + +dotfiles_files: + - .spacemacs + - .tmux.conf.local + - .tmux.conf + - .SpaceVim.d + - .zshrc + - .rpmmacros + +dotfiles_copy: + - .zshrc.local + - .gitconfig + - .config diff --git a/roles/dotfiles/handlers/main.yml b/roles/dotfiles/handlers/main.yml new file mode 100644 index 0000000..9db06ed --- /dev/null +++ b/roles/dotfiles/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for dotfiles diff --git a/roles/dotfiles/meta/main.yml b/roles/dotfiles/meta/main.yml new file mode 100644 index 0000000..74d6db2 --- /dev/null +++ b/roles/dotfiles/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Dotfiles + company: ShadowNet + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/dotfiles/molecule/default/molecule.yml b/roles/dotfiles/molecule/default/molecule.yml new file mode 100644 index 0000000..9b68887 --- /dev/null +++ b/roles/dotfiles/molecule/default/molecule.yml @@ -0,0 +1,36 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: dotfiles-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/dotfiles/molecule/resources/Dockerfile.j2 b/roles/dotfiles/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/dotfiles/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/dotfiles/molecule/resources/playbooks/bootstrap.sh b/roles/dotfiles/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/dotfiles/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/dotfiles/molecule/resources/playbooks/playbook.yml b/roles/dotfiles/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..3a3b2c4 --- /dev/null +++ b/roles/dotfiles/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: dotfiles diff --git a/roles/dotfiles/molecule/resources/playbooks/prepare.yml b/roles/dotfiles/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/dotfiles/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/dotfiles/molecule/resources/playbooks/verify.yml b/roles/dotfiles/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/dotfiles/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml new file mode 100644 index 0000000..be2fc29 --- /dev/null +++ b/roles/dotfiles/tasks/main.yml @@ -0,0 +1,59 @@ +--- +# tasks file for dotfiles + +- name: install git + package: + name: git + state: present + become: yes + +- name: install antigen + get_url: + url: http://git.io/antigen + dest: "$HOME/antigen.zsh" + become: no + +- name: download spacevim installer + get_url: + url: https://spacevim.org/install.sh + dest: /tmp/install-spacevim.sh + mode: '0777' + become: no + +- name: install spacevim + command: /tmp/install-spacevim.sh + args: + creates: ~/.SpaceVim + become: no + +- name: checkout spacemacs + git: + repo: https://github.com/syl20bnr/spacemacs + dest: "~/.emacs.d" + version: "{{ spacemacs_version }}" + update: yes + become: no + +- name: checkout dotfiles git repo + git: + version: "{{ dotfiles_repo_version }}" + repo: "{{ dotfiles_repo }}" + dest: "{{ dotfiles_path }}" + update: yes + become: no + +- name: link dotfiles + file: + src: "{{ dotfiles_path }}/{{ item }}" + dest: "~/{{ item }}" + state: link + become: no + with_items: "{{ dotfiles_files }}" + +- name: copy dotfiles.local + copy: + src: "{{ dotfiles_path }}/{{ item }}" + dest: "~/{{ item }}" + backup: yes + become: no + with_items: "{{ dotfiles_copy }}" diff --git a/roles/dotfiles/vars/main.yml b/roles/dotfiles/vars/main.yml new file mode 100644 index 0000000..f371106 --- /dev/null +++ b/roles/dotfiles/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for dotfiles diff --git a/roles/flatpak/.yamllint b/roles/flatpak/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/flatpak/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/flatpak/README.md b/roles/flatpak/README.md new file mode 100644 index 0000000..bc86c39 --- /dev/null +++ b/roles/flatpak/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +flatpak + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: flatpak + +License +------- + +MIT + +Author Information +------------------ + +- [buluma](https://www.github.com/in/buluma/) diff --git a/roles/flatpak/defaults/main.yml b/roles/flatpak/defaults/main.yml new file mode 100644 index 0000000..11f31fb --- /dev/null +++ b/roles/flatpak/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# defaults file for flatpak + +# Flatpak method: user or system +flatpak_method: system + +# Flatpacks repos +flatpak_repos: + - https://dl.flathub.org/repo/flathub.flatpakrepo + +# Packages to install +flatpak_packages: + - org.gnu.emacs + - io.neovim.nvim + - com.visualstudio.code + - com.slack.Slack + - com.wps.Office + - com.skype.Client + - com.spotify.Client + - com.obsproject.Studio + - net.xmind.ZEN diff --git a/roles/flatpak/handlers/main.yml b/roles/flatpak/handlers/main.yml new file mode 100644 index 0000000..faf4792 --- /dev/null +++ b/roles/flatpak/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for flatpak + +- name: restart service + service: + name: "{{ service_name }}" + state: restarted diff --git a/roles/flatpak/meta/main.yml b/roles/flatpak/meta/main.yml new file mode 100644 index 0000000..ba48ce5 --- /dev/null +++ b/roles/flatpak/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Flatpak + company: ShadowNet + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/flatpak/molecule/default/molecule.yml b/roles/flatpak/molecule/default/molecule.yml new file mode 100644 index 0000000..aa6788b --- /dev/null +++ b/roles/flatpak/molecule/default/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: true + pre_build_image: false + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: true + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-centos-7/molecule.yml b/roles/flatpak/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..b72e86f --- /dev/null +++ b/roles/flatpak/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-debian-10/molecule.yml b/roles/flatpak/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..535b9cc --- /dev/null +++ b/roles/flatpak/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-debian-9/molecule.yml b/roles/flatpak/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..8f902d6 --- /dev/null +++ b/roles/flatpak/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-fedora-30/molecule.yml b/roles/flatpak/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..70dec51 --- /dev/null +++ b/roles/flatpak/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-rhel-7/molecule.yml b/roles/flatpak/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..8286d3d --- /dev/null +++ b/roles/flatpak/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-rhel-8/molecule.yml b/roles/flatpak/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..0a33181 --- /dev/null +++ b/roles/flatpak/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/docker-ubuntu-18.04/molecule.yml b/roles/flatpak/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..a3b65da --- /dev/null +++ b/roles/flatpak/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: flatpak-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/resources/Dockerfile.j2 b/roles/flatpak/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/flatpak/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/flatpak/molecule/resources/playbooks/bootstrap.sh b/roles/flatpak/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/flatpak/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/flatpak/molecule/resources/playbooks/playbook.yml b/roles/flatpak/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..ef38498 --- /dev/null +++ b/roles/flatpak/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: flatpak diff --git a/roles/flatpak/molecule/resources/playbooks/prepare.yml b/roles/flatpak/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/flatpak/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/flatpak/molecule/resources/playbooks/verify.yml b/roles/flatpak/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/flatpak/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/flatpak/molecule/resources/tests/test_default.yml b/roles/flatpak/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..e7927f7 --- /dev/null +++ b/roles/flatpak/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/flatpak: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "flatpak --help" + stdout: + - "/flatpak/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/flatpak/molecule/vagrant-centos-7/molecule.yml b/roles/flatpak/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..a0d4ecf --- /dev/null +++ b/roles/flatpak/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: flatpak-centos-7 + box: centos/7 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/vagrant-debian-10/molecule.yml b/roles/flatpak/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..7caff10 --- /dev/null +++ b/roles/flatpak/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: flatpak-debian-10 + box: debian/buster64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/vagrant-fedora-30/molecule.yml b/roles/flatpak/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..b772d7b --- /dev/null +++ b/roles/flatpak/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: flatpak-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/vagrant-rhel-8/molecule.yml b/roles/flatpak/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..654aa7b --- /dev/null +++ b/roles/flatpak/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: flatpak-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/flatpak/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..ab1dea7 --- /dev/null +++ b/roles/flatpak/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: flatpak-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/flatpak/tasks/configure.yml b/roles/flatpak/tasks/configure.yml new file mode 100644 index 0000000..2eace52 --- /dev/null +++ b/roles/flatpak/tasks/configure.yml @@ -0,0 +1,21 @@ +--- +# Configure flatpak + +- name: Add the flathub flatpak repository remote to the user installation + flatpak_remote: + name: flathub + state: present + flatpakrepo_url: "{{ item }}" + method: "{{ flatpak_method }}" + become: yes + with_items: + - "{{ flatpak_repos }}" + +- name: install packages for current user + flatpak: + name: "{{ item }}" + state: present + method: "{{ flatpak_method }}" + become: yes + with_items: + - "{{ flatpak_packages }}" diff --git a/roles/flatpak/tasks/install.yml b/roles/flatpak/tasks/install.yml new file mode 100644 index 0000000..3acfcf8 --- /dev/null +++ b/roles/flatpak/tasks/install.yml @@ -0,0 +1,8 @@ +--- +# tasks file for packages + +- name: install packages + package: + name: "{{ packages }}" + state: present + become: yes diff --git a/roles/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml new file mode 100644 index 0000000..9e92d74 --- /dev/null +++ b/roles/flatpak/tasks/main.yml @@ -0,0 +1,19 @@ +--- +# tasks file for flatpak + +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "7" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- include: install.yml +- include: configure.yml diff --git a/roles/flatpak/vars/main.yml b/roles/flatpak/vars/main.yml new file mode 100644 index 0000000..55cd487 --- /dev/null +++ b/roles/flatpak/vars/main.yml @@ -0,0 +1,11 @@ +--- +# vars file for flatpak + +# Packages to install +_packages: + all: + - "flatpak" + CentOS: + - "flatpak" + +packages: "{{ _packages['all'] + ( _packages[ansible_distribution] | default([]) ) }}" diff --git a/roles/hugo/.yamllint b/roles/hugo/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/roles/hugo/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/roles/hugo/README.md b/roles/hugo/README.md new file mode 100644 index 0000000..5c56f98 --- /dev/null +++ b/roles/hugo/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +hugo + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: hugo + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/hugo/defaults/main.yml b/roles/hugo/defaults/main.yml new file mode 100644 index 0000000..31cda12 --- /dev/null +++ b/roles/hugo/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for hugo + +hugo_release: 0.58.3 +hugo_platform: Linux-64bit +hugo_url: https://github.com/gohugoio/hugo/releases/download/v{{ hugo_release }}/hugo_{{ hugo_release }}_{{ hugo_platform }}.tar.gz +hugo_sha256: 92aeeb64d4c392782cb55424dc2cc594a06ad5e1bc7e156480feab488ff7e774 diff --git a/roles/hugo/meta/main.yml b/roles/hugo/meta/main.yml new file mode 100644 index 0000000..f74a061 --- /dev/null +++ b/roles/hugo/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Hugo + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/hugo/molecule/default/molecule.yml b/roles/hugo/molecule/default/molecule.yml new file mode 100644 index 0000000..d96c61b --- /dev/null +++ b/roles/hugo/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: true + pre_build_image: false + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: true + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-centos-7/molecule.yml b/roles/hugo/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..ec80d7c --- /dev/null +++ b/roles/hugo/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-debian-10/molecule.yml b/roles/hugo/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..b3c472c --- /dev/null +++ b/roles/hugo/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-debian-9/molecule.yml b/roles/hugo/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..e3ba60b --- /dev/null +++ b/roles/hugo/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-fedora-30/molecule.yml b/roles/hugo/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..126f785 --- /dev/null +++ b/roles/hugo/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-rhel-7/molecule.yml b/roles/hugo/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..9ed63d9 --- /dev/null +++ b/roles/hugo/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-rhel-8/molecule.yml b/roles/hugo/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..fa8bb37 --- /dev/null +++ b/roles/hugo/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/docker-ubuntu-18.04/molecule.yml b/roles/hugo/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..88ed6a4 --- /dev/null +++ b/roles/hugo/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: hugo-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/resources/Dockerfile.j2 b/roles/hugo/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..2e34ced --- /dev/null +++ b/roles/hugo/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 python3-pip sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/hugo/molecule/resources/playbooks/bootstrap.sh b/roles/hugo/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/hugo/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/hugo/molecule/resources/playbooks/playbook.yml b/roles/hugo/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..fde56ad --- /dev/null +++ b/roles/hugo/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: hugo diff --git a/roles/hugo/molecule/resources/playbooks/prepare.yml b/roles/hugo/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/hugo/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/hugo/molecule/resources/playbooks/verify.yml b/roles/hugo/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/hugo/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/hugo/molecule/resources/tests/test_default.yml b/roles/hugo/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..b827b95 --- /dev/null +++ b/roles/hugo/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/hugo: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "hugo --help" + stdout: + - "/hugo/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/hugo/molecule/vagrant-centos-7/molecule.yml b/roles/hugo/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..df7df0e --- /dev/null +++ b/roles/hugo/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: hugo-centos-7 + box: centos/7 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/vagrant-debian-10/molecule.yml b/roles/hugo/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..77a90cf --- /dev/null +++ b/roles/hugo/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: hugo-debian-10 + box: debian/buster64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/vagrant-fedora-30/molecule.yml b/roles/hugo/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..524b5c2 --- /dev/null +++ b/roles/hugo/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: hugo-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/vagrant-rhel-8/molecule.yml b/roles/hugo/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..0bdbd9c --- /dev/null +++ b/roles/hugo/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: hugo-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/hugo/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..269f74f --- /dev/null +++ b/roles/hugo/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: hugo-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/hugo/tasks/main.yml b/roles/hugo/tasks/main.yml new file mode 100644 index 0000000..20cf6d0 --- /dev/null +++ b/roles/hugo/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# tasks file for hugo + +- name: download hugo + get_url: + url: " {{ hugo_url }}" + dest: /tmp/hugo.tar.gz + checksum: "sha256:{{ hugo_sha256 }}" + +- name: unpack hugo + unarchive: + src: /tmp/hugo.tar.gz + dest: /usr/local/bin + extra_opts: + - --wildcards + - 'hugo' + remote_src: yes + become: yes + +- name: delete hugo tarball + file: + path: /tmp/hugo.tar.gz + state: absent diff --git a/roles/micro/.yamllint b/roles/micro/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/roles/micro/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/roles/micro/README.md b/roles/micro/README.md new file mode 100644 index 0000000..3d6e0c1 --- /dev/null +++ b/roles/micro/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +micro + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: micro + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/micro/defaults/main.yml b/roles/micro/defaults/main.yml new file mode 100644 index 0000000..900c9b7 --- /dev/null +++ b/roles/micro/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for micro + +micro_release: 1.4.1 +micro_platform: linux64 +micro_url: https://github.com/zyedidia/micro/releases/download/v{{ micro_release }}/micro-{{ micro_release }}-{{ micro_platform }}.tar.gz +micro_sha256: e7d4c9427f9fdfed78e69d42cf518e93ae15fc8f70b7f0f87d292ed81206e900 diff --git a/roles/micro/meta/main.yml b/roles/micro/meta/main.yml new file mode 100644 index 0000000..489ca61 --- /dev/null +++ b/roles/micro/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Micro + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/micro/molecule/default/molecule.yml b/roles/micro/molecule/default/molecule.yml new file mode 100644 index 0000000..b16a7a2 --- /dev/null +++ b/roles/micro/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: micro-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/micro/molecule/resources/Dockerfile.j2 b/roles/micro/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/micro/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/micro/molecule/resources/playbooks/bootstrap.sh b/roles/micro/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/micro/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/micro/molecule/resources/playbooks/playbook.yml b/roles/micro/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..a93b017 --- /dev/null +++ b/roles/micro/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: micro diff --git a/roles/micro/molecule/resources/playbooks/prepare.yml b/roles/micro/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/micro/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/micro/molecule/resources/playbooks/verify.yml b/roles/micro/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/micro/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/micro/molecule/resources/tests/test_default.yml b/roles/micro/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..e00f0b1 --- /dev/null +++ b/roles/micro/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/micro: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "micro --help" + stdout: + - "/micro/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/micro/tasks/main.yml b/roles/micro/tasks/main.yml new file mode 100644 index 0000000..b121952 --- /dev/null +++ b/roles/micro/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# tasks file for micro + +- name: download micro + get_url: + url: " {{ micro_url }}" + dest: /tmp/micro.tar.gz + checksum: "sha256:{{ micro_sha256 }}" + +- name: unpack micro + unarchive: + src: /tmp/micro.tar.gz + dest: /usr/local/bin + extra_opts: + - --strip=1 + - --wildcards + - '*/micro' + remote_src: yes + become: yes + +- name: delete micro tarball + file: + path: /tmp/micro.tar.gz + state: absent diff --git a/roles/micro/vars/main.yml b/roles/micro/vars/main.yml new file mode 100644 index 0000000..fc9902c --- /dev/null +++ b/roles/micro/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for micro diff --git a/roles/npm/.yamllint b/roles/npm/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/roles/npm/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/roles/npm/README.md b/roles/npm/README.md new file mode 100644 index 0000000..948b990 --- /dev/null +++ b/roles/npm/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +npm + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: npm + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/npm/defaults/main.yml b/roles/npm/defaults/main.yml new file mode 100644 index 0000000..09c691a --- /dev/null +++ b/roles/npm/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# defaults file for npm + +npm_path: ~/node_modules + +npm_packages: + - terminalizer + - ssh-perf + - prettier + - align-yaml + - docsify-cli diff --git a/roles/npm/meta/main.yml b/roles/npm/meta/main.yml new file mode 100644 index 0000000..f8ea63d --- /dev/null +++ b/roles/npm/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Npm + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/npm/molecule/default/molecule.yml b/roles/npm/molecule/default/molecule.yml new file mode 100644 index 0000000..259bbd0 --- /dev/null +++ b/roles/npm/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: true + pre_build_image: false + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: true + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-centos-7/molecule.yml b/roles/npm/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..09ac638 --- /dev/null +++ b/roles/npm/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-debian-10/molecule.yml b/roles/npm/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..4c965f1 --- /dev/null +++ b/roles/npm/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-debian-9/molecule.yml b/roles/npm/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..eda1d53 --- /dev/null +++ b/roles/npm/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-fedora-30/molecule.yml b/roles/npm/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..4b2adf3 --- /dev/null +++ b/roles/npm/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-rhel-7/molecule.yml b/roles/npm/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..bb5b49a --- /dev/null +++ b/roles/npm/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-rhel-8/molecule.yml b/roles/npm/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..05be5e5 --- /dev/null +++ b/roles/npm/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/docker-ubuntu-18.04/molecule.yml b/roles/npm/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..752d5f0 --- /dev/null +++ b/roles/npm/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: npm-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/resources/Dockerfile.j2 b/roles/npm/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..2e34ced --- /dev/null +++ b/roles/npm/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 python3-pip sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/npm/molecule/resources/playbooks/bootstrap.sh b/roles/npm/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/npm/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/npm/molecule/resources/playbooks/playbook.yml b/roles/npm/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..8faac3d --- /dev/null +++ b/roles/npm/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: npm diff --git a/roles/npm/molecule/resources/playbooks/prepare.yml b/roles/npm/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/npm/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/npm/molecule/resources/playbooks/verify.yml b/roles/npm/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/npm/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/npm/molecule/resources/tests/test_default.yml b/roles/npm/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..35e3081 --- /dev/null +++ b/roles/npm/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/npm: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "npm --help" + stdout: + - "/npm/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/npm/molecule/vagrant-centos-7/molecule.yml b/roles/npm/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..10c1d9b --- /dev/null +++ b/roles/npm/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: npm-centos-7 + box: centos/7 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/vagrant-debian-10/molecule.yml b/roles/npm/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..19d901a --- /dev/null +++ b/roles/npm/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: npm-debian-10 + box: debian/buster64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/vagrant-fedora-30/molecule.yml b/roles/npm/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..f208b67 --- /dev/null +++ b/roles/npm/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: npm-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/vagrant-rhel-8/molecule.yml b/roles/npm/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..bfd676c --- /dev/null +++ b/roles/npm/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: npm-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/npm/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..2d45220 --- /dev/null +++ b/roles/npm/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: npm-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/npm/tasks/install.yml b/roles/npm/tasks/install.yml new file mode 100644 index 0000000..d62128c --- /dev/null +++ b/roles/npm/tasks/install.yml @@ -0,0 +1,17 @@ +--- +# tasks file for packages + +- name: install npm package + package: + name: "{{ packages }}" + state: present + become: yes + +- name: install npm modules + npm: + name: "{{ item }}" + state: present + path: "{{ npm_path }}" + global: no + become: no + with_items: "{{ npm_packages }}" diff --git a/roles/npm/tasks/main.yml b/roles/npm/tasks/main.yml new file mode 100644 index 0000000..0436043 --- /dev/null +++ b/roles/npm/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# tasks file for npm + +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "7" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- include: install.yml diff --git a/roles/npm/vars/main.yml b/roles/npm/vars/main.yml new file mode 100644 index 0000000..f0520df --- /dev/null +++ b/roles/npm/vars/main.yml @@ -0,0 +1,11 @@ +--- +# vars file for npm + +# Packages to install +_packages: + all: + - "npm" + CentOS: + - "npm" + +packages: "{{ _packages['all'] + ( _packages[ansible_distribution] | default([]) ) }}" diff --git a/roles/packages/.yamllint b/roles/packages/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/packages/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/packages/README.md b/roles/packages/README.md new file mode 100644 index 0000000..5beee76 --- /dev/null +++ b/roles/packages/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +packages + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: packages + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/packages/defaults/main.yml b/roles/packages/defaults/main.yml new file mode 100644 index 0000000..c7fec01 --- /dev/null +++ b/roles/packages/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# defaults file for packages + +uninstall_packages: yes +install_prereq: yes +install_rpmfusion: yes +install_base: yes +install_build: yes +install_net: yes +install_tools: yes +install_clients: yes +install_devel: yes +install_gui: yes +install_desktop: yes +install_latex: yes +install_google: yes +update_packages: yes diff --git a/roles/packages/handlers/main.yml b/roles/packages/handlers/main.yml new file mode 100644 index 0000000..eb51201 --- /dev/null +++ b/roles/packages/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for packages diff --git a/roles/packages/meta/main.yml b/roles/packages/meta/main.yml new file mode 100644 index 0000000..00ad755 --- /dev/null +++ b/roles/packages/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Packages + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/packages/molecule/default/molecule.yml b/roles/packages/molecule/default/molecule.yml new file mode 100644 index 0000000..df20704 --- /dev/null +++ b/roles/packages/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-centos-7/molecule.yml b/roles/packages/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..6977dad --- /dev/null +++ b/roles/packages/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-debian-10/molecule.yml b/roles/packages/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..accf6f8 --- /dev/null +++ b/roles/packages/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-debian-9/molecule.yml b/roles/packages/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..e4d0bab --- /dev/null +++ b/roles/packages/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-fedora-30/molecule.yml b/roles/packages/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..0cca8cd --- /dev/null +++ b/roles/packages/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-rhel-7/molecule.yml b/roles/packages/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..e8ff06d --- /dev/null +++ b/roles/packages/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-rhel-8/molecule.yml b/roles/packages/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..09c593b --- /dev/null +++ b/roles/packages/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/docker-ubuntu-18.04/molecule.yml b/roles/packages/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..d63fdfe --- /dev/null +++ b/roles/packages/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: packages-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/molecule/resources/Dockerfile.j2 b/roles/packages/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/packages/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/packages/molecule/resources/playbooks/bootstrap.sh b/roles/packages/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/packages/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/packages/molecule/resources/playbooks/playbook.yml b/roles/packages/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..69e3321 --- /dev/null +++ b/roles/packages/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: packages diff --git a/roles/packages/molecule/resources/playbooks/prepare.yml b/roles/packages/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/packages/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/packages/molecule/resources/playbooks/verify.yml b/roles/packages/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/packages/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/packages/molecule/resources/tests/test_default.yml b/roles/packages/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..31a99f8 --- /dev/null +++ b/roles/packages/molecule/resources/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /etc/hosts: + exists: true + owner: root + group: root diff --git a/roles/packages/molecule/vagrant-rhel-8/molecule.yml b/roles/packages/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..b21ff14 --- /dev/null +++ b/roles/packages/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: packages-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml new file mode 100644 index 0000000..d3ed23c --- /dev/null +++ b/roles/packages/tasks/main.yml @@ -0,0 +1,118 @@ +--- +# tasks file for packages +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "7" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- name: install prereq packages + package: + name: "{{ packages_prereq }}" + state: present + become: yes + when: install_prereq + +- name: install the rpmfusion repo + dnf: + name: "{{ item }}" + state: present + with_items: + - http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_major_version }}.noarch.rpm + - http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-{{ ansible_distribution_major_version }}.noarch.rpm + when: + - install_rpmfusion + - ansible_distribution == "Fedora" + +- name: install base packages + package: + name: "{{ packages_base }}" + state: present + become: yes + when: install_base + +- name: install tools packages + package: + name: "{{ packages_tools }}" + state: present + become: yes + when: install_tools + +- name: install net packages + package: + name: "{{ packages_net }}" + state: present + become: yes + when: install_net + +- name: install build packages + package: + name: "{{ packages_build }}" + state: present + become: yes + when: install_build + +- name: install clients packages + package: + name: "{{ packages_clients }}" + state: present + become: yes + when: install_clients + +- name: install devel packages + package: + name: "{{ packages_devel }}" + state: present + become: yes + when: install_devel + +- name: install gui packages + package: + name: "{{ packages_gui }}" + state: present + become: yes + when: install_gui + +- name: install desktop packages + package: + name: "{{ packages_desktop }}" + state: present + become: yes + when: install_desktop + +- name: install latex packages + package: + name: "{{ packages_latex }}" + state: present + become: yes + when: install_latex + +- name: remove packages + package: + name: "{{ packages_remove }}" + state: absent + become: yes + when: uninstall_packages + +- name: install google packages + package: + name: "{{ packages_google }}" + state: present + enablerepo: google-chrome + become: yes + when: install_google + +- name: update packages + package: + name: '*' + state: latest # noqa 403 + become: yes + when: update_packages diff --git a/roles/packages/vars/main.yml b/roles/packages/vars/main.yml new file mode 100644 index 0000000..88b384b --- /dev/null +++ b/roles/packages/vars/main.yml @@ -0,0 +1,315 @@ +--- +# vars file for packages + +# Remove packages: uninstall if found +_packages_remove: + all: + - screen + CentOS: + - abrt + Fedora: + - abrt + - fedora-chromium-config.noarch + RedHat: + - abrt + +# Prereq packages: they get installed first, so put things like epel-release here +_packages_prereq: + all: + - sudo + - bash + - tar + - unzip + - bzip2 + CentOS: + - epel-release + Fedora: + - fedora-workstation-repositories + +# Base packages +_packages_base: + all: + - bash-completion + - zsh + - ed + - vim + - neovim + - mc + - aspell-en + - tmux + - bc + - less + - autofs + CentOS: + - which + - xz + - tuned + - lvm2 + - vdo + - kmod-kvdo + - tuned + RedHat: + - xz + - tuned + - lvm2 + - vdo + - kmod-kvdo + - stratisd + - stratis-cli + - tuned + Fedora: + - xz + - tuned + - lvm2 + - tuned + Debian: + - xz-utils + - apt-file + - debianutils + - command-not-found + Ubuntu: + - xz-utils + - apt-file + - debianutils + - command-not-found + +# Packages tools +_packages_tools: + all: + - lsof + - sysstat + - htop + - strace + - iotop + - mosh + - lynis + - testdisk + - inotify-tools + CentOS: + - openscap + - openscap-scanner + - scap-security-guide + RedHat: + - openscap + - openscap-scanner + - scap-security-guide + Debian: + - ssg-debian + Ubuntu: + - ssg-debderived + +# Net tools packages +_packages_net: + all: + - curl + - wget + - traceroute + - net-tools + - tcpdump + - nethogs + - irssi + CentOS: + - bind-utils + - nmap-ncat + - NetworkManager-tui + RedHat: + - bind-utils + - nmap-ncat + - NetworkManager-tui + Fedora: + - bind-utils + - nmap-ncat + - NetworkManager-tui + Debian: + - dnsutils + - ncat + Ubuntu: + - dnsutils + - ncat + +# Build packages +_packages_build: + all: + - git + CentOS: + - python36-devel + - openssl-devel + - elfutils-libelf-devel + - ncurses-libs + - ncurses-devel + - flex + - bison + - bc + - kernel-headers + - kernel-devel + - gcc + - binutils + - perl + - make + - dialog + - kexec-tools + RedHat: + - openssl-devel + - elfutils-libelf-devel + - ncurses-libs + - ncurses-devel + - flex + - bison + - bc + - kernel-headers + - kernel-devel + - gcc + - binutils + - perl + - make + - dialog + - kexec-tools + Fedora: + - openssl-devel + - elfutils-libelf-devel + - ncurses-libs + - ncurses-devel + - flex + - bison + - bc + - kernel-headers + - kernel-devel + - gcc + - binutils + - perl + - make + - dialog + - kexec-tools + Debian: + - build-essential + Ubuntu: + - build-essential + +# Clients packages +_packages_clients: + all: + - rsync + - cifs-utils + - samba-client + - openldap-clients + - nfs-utils + - openssh-clients + CentOS: + - openldap-clients + RedHat: + - openldap-clients + Fedora: + - openldap-clients + Debian: + - ldap-utils + Ubuntu: + - ldap-utils + +# Devel packages +_packages_devel: + all: + - npm + - nodejs + - cargo + - ruby + - cloc + CentOS: + - java-11-openjdk + - rust + - go + - rpm-build + - rpmdevtools + RedHat: + - java-11-openjdk + - rust + - go + - rpm-build + - rpmdevtools + Fedora: + - java-11-openjdk + - rust + - go + - rpm-build + - rpmdevtools + Debian: + - openjdk-11-jdk + - rustc + - golang + Ubuntu: + - openjdk-11-jdk + - rustc + - golang + +# GUI packages +_packages_gui: + all: + - wireshark + CentOS: + - "@^graphical-server-environment" + - firewall-config + - "system-config-*" + RedHat: + - "@^graphical-server-environment" + - firewall-config + Fedora: + - "@workstation-product-environment" + - firewall-config + - firefox + - keepassx + - remmina + - mediawriter + - dconf-editor + - ghostwriter + - calibre + Debian: + - task-gnome-desktop + - firefox-esr + Ubuntu: + - unity + - firefox-esr + +# Desktop packages (specific to desktop environments) +_packages_desktop: + all: + - figlet + Fedora: + - lm_sensors + - wine-fonts + - powerline-fonts + - flameshot + - transmission + - pinta + - mpv + - libldac + +# LaTeX packages +_packages_latex: + all: + - texlive + - texlive-xetex + CentOS: + - texlive-euenc + Fedora: + - texlive-beamertheme-metropolis + - texmaker + - texlive-frame + +# Google packages +_packages_google: + all: + - google-chrome-stable + Fedora: + - google-chrome-stable + +packages_remove: "{{ _packages_remove['all'] + ( _packages_remove[ansible_distribution] | default([]) ) }}" +packages_prereq: "{{ _packages_prereq['all'] + ( _packages_prereq[ansible_distribution] | default([]) ) }}" +packages_base: "{{ _packages_base['all'] + ( _packages_base[ansible_distribution] | default([]) ) }}" +packages_net: "{{ _packages_net['all'] + ( _packages_net[ansible_distribution] | default([]) ) }}" +packages_tools: "{{ _packages_tools['all'] + ( _packages_tools[ansible_distribution] | default([]) ) }}" +packages_build: "{{ _packages_build['all'] + ( _packages_build[ansible_distribution] | default([]) ) }}" +packages_clients: "{{ _packages_clients['all'] + ( _packages_clients[ansible_distribution] | default([]) ) }}" +packages_devel: "{{ _packages_devel['all'] + ( _packages_devel[ansible_distribution] | default([]) ) }}" +packages_gui: "{{ _packages_gui['all'] + ( _packages_gui[ansible_distribution] | default([]) ) }}" +packages_desktop: "{{ _packages_desktop['all'] + ( _packages_desktop[ansible_distribution] | default([]) ) }}" +packages_latex: "{{ _packages_latex['all'] + ( _packages_latex[ansible_distribution] | default([]) ) }}" +packages_google: "{{ _packages_google['all'] + ( _packages_google[ansible_distribution] | default([]) ) }}" diff --git a/roles/pandoc/.yamllint b/roles/pandoc/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/roles/pandoc/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/roles/pandoc/README.md b/roles/pandoc/README.md new file mode 100644 index 0000000..a17fd8f --- /dev/null +++ b/roles/pandoc/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +pandoc + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: pandoc + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/pandoc/defaults/main.yml b/roles/pandoc/defaults/main.yml new file mode 100644 index 0000000..30256fb --- /dev/null +++ b/roles/pandoc/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for pandoc + +pandoc_release: 2.7.3 +pandoc_platform: linux +pandoc_url: https://github.com/jgm/pandoc/releases/download/{{ pandoc_release }}/pandoc-{{ pandoc_release }}-{{ pandoc_platform }}.tar.gz +pandoc_sha256: eb775fd42ec50329004d00f0c9b13076e707cdd44745517c8ce2581fb8abdb75 \ No newline at end of file diff --git a/roles/pandoc/handlers/main.yml b/roles/pandoc/handlers/main.yml new file mode 100644 index 0000000..9a3f3c9 --- /dev/null +++ b/roles/pandoc/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for pandoc + +- name: restart service + service: + name: "{{ service_name }}" + state: restarted diff --git a/roles/pandoc/meta/main.yml b/roles/pandoc/meta/main.yml new file mode 100644 index 0000000..68b17a3 --- /dev/null +++ b/roles/pandoc/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Pandoc + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/pandoc/molecule/default/molecule.yml b/roles/pandoc/molecule/default/molecule.yml new file mode 100644 index 0000000..19f046d --- /dev/null +++ b/roles/pandoc/molecule/default/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: true + pre_build_image: false + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: true + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-centos-7/molecule.yml b/roles/pandoc/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..c1ddb4c --- /dev/null +++ b/roles/pandoc/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-debian-10/molecule.yml b/roles/pandoc/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..bb7f6c8 --- /dev/null +++ b/roles/pandoc/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-debian-9/molecule.yml b/roles/pandoc/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..9e4ccb9 --- /dev/null +++ b/roles/pandoc/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-fedora-30/molecule.yml b/roles/pandoc/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..a9388a3 --- /dev/null +++ b/roles/pandoc/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-rhel-7/molecule.yml b/roles/pandoc/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..d4006ed --- /dev/null +++ b/roles/pandoc/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-rhel-8/molecule.yml b/roles/pandoc/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..af6d53f --- /dev/null +++ b/roles/pandoc/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/docker-ubuntu-18.04/molecule.yml b/roles/pandoc/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..8f10e7d --- /dev/null +++ b/roles/pandoc/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pandoc-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/resources/Dockerfile.j2 b/roles/pandoc/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/pandoc/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/pandoc/molecule/resources/playbooks/bootstrap.sh b/roles/pandoc/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/pandoc/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/pandoc/molecule/resources/playbooks/playbook.yml b/roles/pandoc/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..f9ecf99 --- /dev/null +++ b/roles/pandoc/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: pandoc diff --git a/roles/pandoc/molecule/resources/playbooks/prepare.yml b/roles/pandoc/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/pandoc/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/pandoc/molecule/resources/playbooks/verify.yml b/roles/pandoc/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/pandoc/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/pandoc/molecule/resources/tests/test_default.yml b/roles/pandoc/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..6909868 --- /dev/null +++ b/roles/pandoc/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/pandoc: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "pandoc --help" + stdout: + - "/pandoc/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/pandoc/molecule/vagrant-centos-7/molecule.yml b/roles/pandoc/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..93c4b82 --- /dev/null +++ b/roles/pandoc/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pandoc-centos-7 + box: centos/7 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/vagrant-debian-10/molecule.yml b/roles/pandoc/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..d7ce4fe --- /dev/null +++ b/roles/pandoc/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pandoc-debian-10 + box: debian/buster64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/vagrant-fedora-30/molecule.yml b/roles/pandoc/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..3003a0b --- /dev/null +++ b/roles/pandoc/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pandoc-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/vagrant-rhel-8/molecule.yml b/roles/pandoc/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..728ce51 --- /dev/null +++ b/roles/pandoc/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pandoc-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/pandoc/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..51be6a6 --- /dev/null +++ b/roles/pandoc/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pandoc-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pandoc/tasks/main.yml b/roles/pandoc/tasks/main.yml new file mode 100644 index 0000000..373a071 --- /dev/null +++ b/roles/pandoc/tasks/main.yml @@ -0,0 +1,22 @@ +--- +# tasks file for pandoc + +- name: download pandoc + get_url: + url: " {{ pandoc_url }}" + dest: /tmp/pandoc.tar.gz + checksum: "sha256:{{ pandoc_sha256 }}" + +- name: unpack pandoc + unarchive: + src: /tmp/pandoc.tar.gz + dest: /usr/local + extra_opts: + - --strip=1 + remote_src: yes + become: yes + +- name: delete pandoc tarball + file: + path: /tmp/pandoc.tar.gz + state: absent \ No newline at end of file diff --git a/roles/pandoc/vars/main.yml b/roles/pandoc/vars/main.yml new file mode 100644 index 0000000..b1836ad --- /dev/null +++ b/roles/pandoc/vars/main.yml @@ -0,0 +1,11 @@ +--- +# vars file for pandoc + +# Packages to install +_packages: + all: + - "pandoc" + CentOS: + - "pandoc" + +packages: "{{ _packages['all'] + ( _packages[ansible_distribution] | default([]) ) }}" diff --git a/roles/pip/.yamllint b/roles/pip/.yamllint new file mode 100644 index 0000000..2d5f5a8 --- /dev/null +++ b/roles/pip/.yamllint @@ -0,0 +1,32 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: enable + commas: enable + comments: + level: warning + comments-indentation: + level: warning + document-end: disable + document-start: + level: warning + empty-lines: enable + empty-values: enable + hyphens: enable + indentation: enable + key-duplicates: enable + key-ordering: disable + line-length: disable + new-line-at-end-of-file: disable + new-lines: enable + octal-values: enable + quoted-strings: disable + trailing-spaces: enable + truthy: disable diff --git a/roles/pip/README.md b/roles/pip/README.md new file mode 100644 index 0000000..c03737b --- /dev/null +++ b/roles/pip/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +pip + +Requirements +============ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: pip + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/pip/defaults/main.yml b/roles/pip/defaults/main.yml new file mode 100644 index 0000000..b30788d --- /dev/null +++ b/roles/pip/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for pip + +pip_packages: + - setuptools + - ansible + - ansible-lint diff --git a/roles/pip/handlers/main.yml b/roles/pip/handlers/main.yml new file mode 100644 index 0000000..b94db6d --- /dev/null +++ b/roles/pip/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for pip + +- name: restart sshd + service: + name: "{{ sshd_service_name }}" + state: restarted diff --git a/roles/pip/meta/main.yml b/roles/pip/meta/main.yml new file mode 100644 index 0000000..7c39e1b --- /dev/null +++ b/roles/pip/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Pip + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/pip/molecule/default/molecule.yml b/roles/pip/molecule/default/molecule.yml new file mode 100644 index 0000000..607fc5e --- /dev/null +++ b/roles/pip/molecule/default/molecule.yml @@ -0,0 +1,42 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + config_options: + defaults: + stdout_callback: debug + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-centos-7/molecule.yml b/roles/pip/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..21a3b8a --- /dev/null +++ b/roles/pip/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-debian-10/molecule.yml b/roles/pip/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..031d8aa --- /dev/null +++ b/roles/pip/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-debian-9/molecule.yml b/roles/pip/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..37c3b74 --- /dev/null +++ b/roles/pip/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-fedora-30/molecule.yml b/roles/pip/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..ef1fb9e --- /dev/null +++ b/roles/pip/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-rhel-7/molecule.yml b/roles/pip/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..d46b03d --- /dev/null +++ b/roles/pip/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,38 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-rhel-8/molecule.yml b/roles/pip/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..f9176fe --- /dev/null +++ b/roles/pip/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/docker-ubuntu-18.04/molecule.yml b/roles/pip/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..a7ab32c --- /dev/null +++ b/roles/pip/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,37 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: pip-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/resources/Dockerfile.j2 b/roles/pip/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..1a189ad --- /dev/null +++ b/roles/pip/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux python3-pip && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y epel-release && yum install -y python python2-pip sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/pip/molecule/resources/playbooks/bootstrap.sh b/roles/pip/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/pip/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/pip/molecule/resources/playbooks/playbook.yml b/roles/pip/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..1f15d70 --- /dev/null +++ b/roles/pip/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: pip diff --git a/roles/pip/molecule/resources/playbooks/prepare.yml b/roles/pip/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/pip/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/pip/molecule/resources/playbooks/verify.yml b/roles/pip/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/pip/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/pip/molecule/resources/tests/test_default.yml b/roles/pip/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..a9be795 --- /dev/null +++ b/roles/pip/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/pip: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "pip --help" + stdout: + - "/pip/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/pip/molecule/vagrant-centos-7/molecule.yml b/roles/pip/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..5120c19 --- /dev/null +++ b/roles/pip/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pip-centos-7 + box: centos/7 +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/vagrant-debian-10/molecule.yml b/roles/pip/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..84d42e8 --- /dev/null +++ b/roles/pip/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pip-debian-10 + box: debian/buster64 +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/vagrant-fedora-30/molecule.yml b/roles/pip/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..bec18fa --- /dev/null +++ b/roles/pip/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pip-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/vagrant-rhel-8/molecule.yml b/roles/pip/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..885a8dd --- /dev/null +++ b/roles/pip/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pip-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/pip/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..0cdd43f --- /dev/null +++ b/roles/pip/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,28 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: pip-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/pip/tasks/install.yml b/roles/pip/tasks/install.yml new file mode 100644 index 0000000..6302900 --- /dev/null +++ b/roles/pip/tasks/install.yml @@ -0,0 +1,9 @@ +--- +# tasks file for pip + +- name: install pip modules + pip: + executable: pip + name: "{{ pip_packages }}" + extra_args: --user --upgrade + become: no diff --git a/roles/pip/tasks/main.yml b/roles/pip/tasks/main.yml new file mode 100644 index 0000000..7a5e675 --- /dev/null +++ b/roles/pip/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# tasks file for pip + +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "7" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- include: install.yml diff --git a/roles/pip/vars/main.yml b/roles/pip/vars/main.yml new file mode 100644 index 0000000..ec56191 --- /dev/null +++ b/roles/pip/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for pip diff --git a/roles/profile/.yamllint b/roles/profile/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/profile/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/profile/README.md b/roles/profile/README.md new file mode 100644 index 0000000..42f23ca --- /dev/null +++ b/roles/profile/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +profile + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: profile + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/profile/defaults/main.yml b/roles/profile/defaults/main.yml new file mode 100644 index 0000000..de74ec3 --- /dev/null +++ b/roles/profile/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for profile diff --git a/roles/profile/files/neo.sh b/roles/profile/files/neo.sh new file mode 100755 index 0000000..df23403 --- /dev/null +++ b/roles/profile/files/neo.sh @@ -0,0 +1 @@ +/usr/local/bin/neofetch diff --git a/roles/profile/handlers/main.yml b/roles/profile/handlers/main.yml new file mode 100644 index 0000000..dc00a99 --- /dev/null +++ b/roles/profile/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for profile diff --git a/roles/profile/meta/main.yml b/roles/profile/meta/main.yml new file mode 100644 index 0000000..8777188 --- /dev/null +++ b/roles/profile/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Profile + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/profile/molecule/default/molecule.yml b/roles/profile/molecule/default/molecule.yml new file mode 100644 index 0000000..1670ece --- /dev/null +++ b/roles/profile/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: profile-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + tmpfs: + - /run + - /tmp + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/profile/molecule/resources/Dockerfile.j2 b/roles/profile/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/profile/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/profile/molecule/resources/playbooks/bootstrap.sh b/roles/profile/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/profile/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/profile/molecule/resources/playbooks/playbook.yml b/roles/profile/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..a562a5d --- /dev/null +++ b/roles/profile/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: profile diff --git a/roles/profile/molecule/resources/playbooks/prepare.yml b/roles/profile/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/profile/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/profile/molecule/resources/playbooks/verify.yml b/roles/profile/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/profile/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/profile/molecule/resources/tests/test_default.yml b/roles/profile/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..31a99f8 --- /dev/null +++ b/roles/profile/molecule/resources/tests/test_default.yml @@ -0,0 +1,7 @@ +# Molecule managed +--- +file: + /etc/hosts: + exists: true + owner: root + group: root diff --git a/roles/profile/tasks/issue.yml b/roles/profile/tasks/issue.yml new file mode 100644 index 0000000..c884699 --- /dev/null +++ b/roles/profile/tasks/issue.yml @@ -0,0 +1,15 @@ +--- +- name: Creates directory + file: + path: /etc/issue.d + state: directory + owner: root + group: root + mode: "0775" + +- name: Setup /etc/issue.d/splash.issue from template + template: + src: splash.issue.j2 + dest: /etc/issue.d/splash.issue + tags: + - issue_config diff --git a/roles/profile/tasks/main.yml b/roles/profile/tasks/main.yml new file mode 100644 index 0000000..3b2e27e --- /dev/null +++ b/roles/profile/tasks/main.yml @@ -0,0 +1,6 @@ +--- +# Profile and customizations + +- include: motd.yml # Customize motd +- include: issue.yml # Customize issue +- include: neofetch.yml # Add neofetch to login prompt diff --git a/roles/profile/tasks/motd.yml b/roles/profile/tasks/motd.yml new file mode 100644 index 0000000..c861d84 --- /dev/null +++ b/roles/profile/tasks/motd.yml @@ -0,0 +1,7 @@ +--- +- name: Setup /etc/motd from template + template: + src: motd.j2 + dest: /etc/motd + tags: + - motd_config diff --git a/roles/profile/tasks/neofetch.yml b/roles/profile/tasks/neofetch.yml new file mode 100644 index 0000000..c0f958c --- /dev/null +++ b/roles/profile/tasks/neofetch.yml @@ -0,0 +1,22 @@ +--- +- name: copy neofetch to image + get_url: + url: https://raw.githubusercontent.com/dylanaraps/neofetch/master/neofetch + dest: /usr/local/bin/neofetch + owner: root + group: root + mode: "0755" + become: yes + tags: + - neofetch_get + +- name: copy neofetch startup to profile.d + copy: + src: neo.sh + dest: /etc/profile.d/neo.sh + owner: root + group: root + mode: "0755" + become: yes + tags: + - neofetch_startup diff --git a/roles/profile/templates/motd.j2 b/roles/profile/templates/motd.j2 new file mode 100644 index 0000000..fff54c4 --- /dev/null +++ b/roles/profile/templates/motd.j2 @@ -0,0 +1,6 @@ +██╗ ██╗███████╗██╗ ██████╗ ██████╗ ███╗ ███╗███████╗ +██║ ██║██╔════╝██║ ██╔════╝██╔═══██╗████╗ ████║██╔════╝ +██║ █╗ ██║█████╗ ██║ ██║ ██║ ██║██╔████╔██║█████╗ +██║███╗██║██╔══╝ ██║ ██║ ██║ ██║██║╚██╔╝██║██╔══╝ +╚███╔███╔╝███████╗███████╗╚██████╗╚██████╔╝██║ ╚═╝ ██║███████╗ + ╚══╝╚══╝ ╚══════╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ diff --git a/roles/profile/templates/splash.issue.j2 b/roles/profile/templates/splash.issue.j2 new file mode 100644 index 0000000..d6a4ceb --- /dev/null +++ b/roles/profile/templates/splash.issue.j2 @@ -0,0 +1 @@ + => Managed by Ansible <= diff --git a/roles/profile/vars/main.yml b/roles/profile/vars/main.yml new file mode 100644 index 0000000..4dc87ad --- /dev/null +++ b/roles/profile/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for profile diff --git a/roles/secure/.yamllint b/roles/secure/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/secure/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/secure/README.md b/roles/secure/README.md new file mode 100644 index 0000000..ea5f3d5 --- /dev/null +++ b/roles/secure/README.md @@ -0,0 +1,35 @@ +Role Name +========= + +secure + +Requirements +------------ + +- For RHEL, a Red Hat subscription or functional local repository. + +Role Variables +-------------- + + +Dependencies +------------ + +- For Red Hat, subscription-manager. + +Example Playbook +---------------- + + - hosts: servers + roles: + - role: secure + +License +------- + +MIT + +Author Information +------------------ + +- [Mihai Criveti](https://www.linkedin.com/in/crivetimihai/) diff --git a/roles/secure/defaults/main.yml b/roles/secure/defaults/main.yml new file mode 100644 index 0000000..e686ae7 --- /dev/null +++ b/roles/secure/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for secure diff --git a/roles/secure/handlers/main.yml b/roles/secure/handlers/main.yml new file mode 100644 index 0000000..083911c --- /dev/null +++ b/roles/secure/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for secure + +- name: restart sshd + service: + name: "{{ sshd_service_name }}" + state: restarted diff --git a/roles/secure/meta/main.yml b/roles/secure/meta/main.yml new file mode 100644 index 0000000..a992b54 --- /dev/null +++ b/roles/secure/meta/main.yml @@ -0,0 +1,35 @@ +--- +galaxy_info: + author: buluma + description: Secure + company: buluma + license: MIT + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + platforms: + - name: Fedora + versions: + - all + - 30 + - name: EL + versions: + - 7 + - 8 + - name: Ubuntu + versions: + - bionic + - name: Debian + versions: + - buster + + galaxy_tags: + - debian + - ubuntu + - rhel + - centos + - fedora + +# dependencies: [] diff --git a/roles/secure/molecule/default/molecule.yml b/roles/secure/molecule/default/molecule.yml new file mode 100644 index 0000000..972c8a1 --- /dev/null +++ b/roles/secure/molecule/default/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-centos-76 + image: centos:7.6.1810 + dockerfile: ../resources/Dockerfile.j2 + privileged: true + pre_build_image: false + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: true + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-centos-7/molecule.yml b/roles/secure/molecule/docker-centos-7/molecule.yml new file mode 100644 index 0000000..75daa03 --- /dev/null +++ b/roles/secure/molecule/docker-centos-7/molecule.yml @@ -0,0 +1,39 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-centos-7 + image: centos:7 + dockerfile: ../resources/Dockerfile.j2 + privileged: True + pre_build_image: False + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-debian-10/molecule.yml b/roles/secure/molecule/docker-debian-10/molecule.yml new file mode 100644 index 0000000..14b7cb7 --- /dev/null +++ b/roles/secure/molecule/docker-debian-10/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-debian-10 + image: debian:10 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-debian-9/molecule.yml b/roles/secure/molecule/docker-debian-9/molecule.yml new file mode 100644 index 0000000..15cef7f --- /dev/null +++ b/roles/secure/molecule/docker-debian-9/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-debian-9 + image: debian:9 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-fedora-30/molecule.yml b/roles/secure/molecule/docker-fedora-30/molecule.yml new file mode 100644 index 0000000..2a3c8c0 --- /dev/null +++ b/roles/secure/molecule/docker-fedora-30/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-fedora-30 + image: fedora:30 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-rhel-7/molecule.yml b/roles/secure/molecule/docker-rhel-7/molecule.yml new file mode 100644 index 0000000..aa32cfb --- /dev/null +++ b/roles/secure/molecule/docker-rhel-7/molecule.yml @@ -0,0 +1,41 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-rhel-7 + image: ubi + registry: + url: registry.access.redhat.com/ubi7 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-rhel-8/molecule.yml b/roles/secure/molecule/docker-rhel-8/molecule.yml new file mode 100644 index 0000000..d9fb355 --- /dev/null +++ b/roles/secure/molecule/docker-rhel-8/molecule.yml @@ -0,0 +1,43 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-rhel-8 + image: ubi + registry: + url: registry.access.redhat.com/ubi8 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/docker-ubuntu-18.04/molecule.yml b/roles/secure/molecule/docker-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..f4ecb4e --- /dev/null +++ b/roles/secure/molecule/docker-ubuntu-18.04/molecule.yml @@ -0,0 +1,40 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: docker + provider: + name: docker +lint: + name: yamllint +platforms: + - name: secure-ubuntu-1804 + image: ubuntu:18.04 + dockerfile: ../resources/Dockerfile.j2 + pre_build_image: False + privileged: True + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + environment: + container: docker +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + extra_vars: + ansible_python_interpreter: /usr/bin/python3 + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/resources/Dockerfile.j2 b/roles/secure/molecule/resources/Dockerfile.j2 new file mode 100644 index 0000000..851c10e --- /dev/null +++ b/roles/secure/molecule/resources/Dockerfile.j2 @@ -0,0 +1,26 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi + +# Create `ansible` user with sudo permissions and membership in `DEPLOY_GROUP` +ENV ANSIBLE_USER=ansible DEPLOY_GROUP=deployer +RUN set -xe \ + && if [ $(getent group wheel) ]; then export SUDO_GROUP=wheel; fi \ + && if [ $(getent group sudo) ]; then export SUDO_GROUP=sudo; fi \ + && groupadd -r ${ANSIBLE_USER} \ + && groupadd -r ${DEPLOY_GROUP} \ + && useradd -m -g ${ANSIBLE_USER} ${ANSIBLE_USER} \ + && usermod -aG ${SUDO_GROUP} ${ANSIBLE_USER} \ + && usermod -aG ${DEPLOY_GROUP} ${ANSIBLE_USER} \ + && sed -i "/^%${SUDO_GROUP}/s/ALL\$/NOPASSWD:ALL/g" /etc/sudoers diff --git a/roles/secure/molecule/resources/playbooks/bootstrap.sh b/roles/secure/molecule/resources/playbooks/bootstrap.sh new file mode 100755 index 0000000..35ddc21 --- /dev/null +++ b/roles/secure/molecule/resources/playbooks/bootstrap.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ "$(whoami)" != "root" ]; then + sudo su -s "$0" + exit +fi + +if [ $(command -v apt-get) ]; then + apt-get update + apt-get install -y python sudo bash ca-certificates + apt-get clean +elif [ $(command -v dnf) ]; then + dnf makecache + dnf --assumeyes install python3 sudo python3-devel python3-dnf bash python3-libselinux + dnf clean all +elif [ $(command -v yum) ]; then + yum makecache fast + yum install -y python sudo yum-plugin-ovl bash + sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf + yum clean all +elif [ $(command -v zypper) ]; then + zypper refresh + zypper install -y python sudo bash python-xml + zypper clean -a +elif [ $(command -v apk) ]; then + apk update + apk add --no-cache python sudo bash ca-certificates +fi diff --git a/roles/secure/molecule/resources/playbooks/playbook.yml b/roles/secure/molecule/resources/playbooks/playbook.yml new file mode 100644 index 0000000..1831c40 --- /dev/null +++ b/roles/secure/molecule/resources/playbooks/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: secure diff --git a/roles/secure/molecule/resources/playbooks/prepare.yml b/roles/secure/molecule/resources/playbooks/prepare.yml new file mode 100644 index 0000000..3305c7d --- /dev/null +++ b/roles/secure/molecule/resources/playbooks/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: no + become: no + + tasks: + - name: bootstrap python + script: bootstrap.sh diff --git a/roles/secure/molecule/resources/playbooks/verify.yml b/roles/secure/molecule/resources/playbooks/verify.yml new file mode 100644 index 0000000..b591e65 --- /dev/null +++ b/roles/secure/molecule/resources/playbooks/verify.yml @@ -0,0 +1,71 @@ +--- +- name: Verify + hosts: all + gather_facts: true # required + become: true + vars: + goss_version: v0.3.7 + goss_arch: amd64 + goss_bin: /usr/local/bin/goss + goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059. + goss_test_directory: /tmp/molecule/goss + goss_format: documentation + tasks: + - name: Download and install Goss + get_url: + url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" + dest: "{{ goss_bin }}" + sha256sum: "{{ goss_sha256sum }}" + mode: "0755" + + - name: Create Molecule directory for test files + file: + path: "{{ goss_test_directory }}" + state: directory + + - name: Find Goss tests on localhost + find: + paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" + patterns: + - "test[-.\\w]*.yml" + - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" + excludes: + - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" + use_regex: true + delegate_to: localhost + register: test_files + changed_when: false + become: false + + - name: debug + debug: + msg: "{{ test_files.files }}" + verbosity: 3 + + - name: Copy Goss tests to remote + copy: + src: "{{ item.path }}" + dest: "{{ goss_test_directory }}/{{ item.path | basename }}" + with_items: + - "{{ test_files.files }}" + + - name: Register test files + shell: "ls {{ goss_test_directory }}/test_*.yml" + register: test_files + + - name: Execute Goss tests + command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" + register: test_results + with_items: "{{ test_files.stdout_lines }}" + ignore_errors: true + + - name: Display details about the Goss results + debug: + msg: "{{ item.stdout_lines }}" + with_items: "{{ test_results.results }}" + + - name: Fail when tests fail + fail: + msg: "Goss failed to validate" + when: item.rc != 0 + with_items: "{{ test_results.results }}" diff --git a/roles/secure/molecule/resources/tests/test_default.yml b/roles/secure/molecule/resources/tests/test_default.yml new file mode 100644 index 0000000..6e8e090 --- /dev/null +++ b/roles/secure/molecule/resources/tests/test_default.yml @@ -0,0 +1,17 @@ +# Molecule managed +--- +file: + /usr/bin/secure: + exists: true + owner: root + group: root + +command: + help: + exit-status: 0 + exec: "secure --help" + stdout: + - "/secure/" + stderr: [] + timeout: 10000 # in milliseconds + skip: false diff --git a/roles/secure/molecule/vagrant-centos-7/molecule.yml b/roles/secure/molecule/vagrant-centos-7/molecule.yml new file mode 100644 index 0000000..1f7993f --- /dev/null +++ b/roles/secure/molecule/vagrant-centos-7/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: secure-centos-7 + box: centos/7 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/vagrant-debian-10/molecule.yml b/roles/secure/molecule/vagrant-debian-10/molecule.yml new file mode 100644 index 0000000..b251dea --- /dev/null +++ b/roles/secure/molecule/vagrant-debian-10/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: secure-debian-10 + box: debian/buster64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/vagrant-fedora-30/molecule.yml b/roles/secure/molecule/vagrant-fedora-30/molecule.yml new file mode 100644 index 0000000..25be5cc --- /dev/null +++ b/roles/secure/molecule/vagrant-fedora-30/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: secure-fedora-30 + box: fedora/30-cloud-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/vagrant-rhel-8/molecule.yml b/roles/secure/molecule/vagrant-rhel-8/molecule.yml new file mode 100644 index 0000000..ee5d301 --- /dev/null +++ b/roles/secure/molecule/vagrant-rhel-8/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: secure-rhel-8 + box: cmihai/rhel-8-base +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/molecule/vagrant-ubuntu-18.04/molecule.yml b/roles/secure/molecule/vagrant-ubuntu-18.04/molecule.yml new file mode 100644 index 0000000..3e32420 --- /dev/null +++ b/roles/secure/molecule/vagrant-ubuntu-18.04/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + role-file: requirements.yml +driver: + name: vagrant + provider: + name: virtualbox +lint: + name: yamllint +platforms: + - name: secure-ubuntu-1804 + box: ubuntu/bionic64 +provisioner: + name: ansible + config_options: + defaults: + stdout_callback: debug + log: True + playbooks: + vagrant: + prepare: ../resources/playbooks/prepare.yml + converge: ../resources/playbooks/playbook.yml + verify: ../resources/playbooks/verify.yml + lint: + name: ansible-lint +verifier: + name: goss + directory: ../resources/tests + lint: + name: yamllint diff --git a/roles/secure/tasks/lynis.yml b/roles/secure/tasks/lynis.yml new file mode 100644 index 0000000..a651170 --- /dev/null +++ b/roles/secure/tasks/lynis.yml @@ -0,0 +1,8 @@ +--- +# Run lynis scan + +- name: run a lynis scan + command: lynis audit system -Q + args: + creates: /var/log/lynis.log + become: yes diff --git a/roles/secure/tasks/main.yml b/roles/secure/tasks/main.yml new file mode 100644 index 0000000..d1e405d --- /dev/null +++ b/roles/secure/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# tasks file for secure + +- name: assert supported distributions and versions + assert: + that: + - ( ansible_distribution == "RedHat" and ( ansible_distribution_major_version == '8' ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "7" ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "8" ) + ) or + ( ansible_distribution == "CentOS" and ( ansible_distribution_major_version == "8" ) + ) or + ( ansible_distribution == "Fedora" and ( ansible_distribution_major_version == "30" ) + ) or + ( ansible_distribution == "Debian" and ( ansible_distribution_major_version == "9" or ansible_distribution_major_version == "10" ) + ) or + ( ansible_distribution == "Ubuntu" and ( ansible_distribution_version == "18.04" ) + ) + +- include: sshd.yml +- include: ssh.yml diff --git a/roles/secure/tasks/openscap.yml b/roles/secure/tasks/openscap.yml new file mode 100644 index 0000000..380dd15 --- /dev/null +++ b/roles/secure/tasks/openscap.yml @@ -0,0 +1,11 @@ +--- +# Run lynis scan + +- name: run a lynis scan # noqa 301 + command: oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp --results-arf /tmp/arf.xml --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml # noqa 204 + creates: /tmp/report.html + become: yes + +- name: generate ansible fix # noqa 301 + command: oscap xccdf generate fix --fix-type ansible --result-id xccdf_org.ssgproject.content_profile_rht-ccp --output /tmp/scap-playbook-result.yml /tmp/arf.xml # noqa 204 + become: yes diff --git a/roles/secure/tasks/ssh.yml b/roles/secure/tasks/ssh.yml new file mode 100644 index 0000000..b624796 --- /dev/null +++ b/roles/secure/tasks/ssh.yml @@ -0,0 +1,28 @@ +--- +# configure ssh client + +- name: Ensure ~/.ssh directory exists + file: + name: ~/.ssh + state: directory + mode: '0700' + become: no + +- name: ensure ~/.ssh/config file exists + copy: + content: "" + dest: ~/.ssh/config + force: no + mode: '0600' + become: no + +- name: Configure SSH client + lineinfile: + dest: ~/.ssh/config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - { regexp: 'ServerAliveInterval', line: 'ServerAliveInterval 50' } + - { regexp: 'Compression', line: 'Compression yes' } + become: no diff --git a/roles/secure/tasks/sshd.yml b/roles/secure/tasks/sshd.yml new file mode 100644 index 0000000..c882ca9 --- /dev/null +++ b/roles/secure/tasks/sshd.yml @@ -0,0 +1,28 @@ +--- +- name: install SSHD + package: + name: openssh-server + state: present + become: yes + +- name: Configure SSH daemon to disable RootLogin, DNS, GSSAPI, ChallangeResponse, Kerberos + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: + - { regexp: 'PermitRootLogin', line: 'PermitRootLogin no' } + - { regexp: 'UseDNS', line: 'UseDNS no' } + - { regexp: 'PermitEmptyPasswords', line: 'PermitEmptyPasswords no' } + - { regexp: 'GSSAPIAuthentication', line: 'GSSAPIAuthentication no' } + - { regexp: 'ChallengeResponseAuthentication', line: 'ChallengeResponseAuthentication no' } + - { regexp: 'KerberosAuthentication', line: 'KerberosAuthentication no' } + - { regexp: 'IgnoreRhosts', line: 'IgnoreRhosts yes' } + - { regexp: 'X11Forwarding', line: 'X11Forwarding no' } + - { regexp: 'RhostsRSAAuthentication', line: 'RhostsRSAAuthentication no' } + - { regexp: 'HostbasedAuthentication', line: 'HostbasedAuthentication no' } + - { regexp: 'AddressFamily', line: 'AddressFamily inet' } + - { regexp: 'sftp-server', line: '# Subsystem sftp /usr/libexec/openssh/sftp-server' } + notify: restart sshd + become: yes diff --git a/roles/secure/vars/main.yml b/roles/secure/vars/main.yml new file mode 100644 index 0000000..7ec6e1d --- /dev/null +++ b/roles/secure/vars/main.yml @@ -0,0 +1,9 @@ +--- +# vars file for baseline + +_sshd_service_name: + default: sshd + Debian: ssh + Ubuntu: ssh + +sshd_service_name: "{{ _sshd_service_name[ansible_distribution] | default(_sshd_service_name['default']) }}"