From e8e07b1f43c678cef8b95412ccb24ee0faf0510c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 17:47:29 -0600 Subject: [PATCH 001/118] Ignore dev folders --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..4e0bbdfa --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +venv/ +.idea/ From 64139446417e6076a6cea69b87843e5de90b96e0 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 17:49:41 -0600 Subject: [PATCH 002/118] Update meta --- meta/main.yml | 47 ++++++----------------------------------------- 1 file changed, 6 insertions(+), 41 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 645bf82f..46c65581 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,43 +1,14 @@ galaxy_info: author: Alan Janis description: Deploy Common server configurations and packages + name: ansible-common + namespace: constructorfleet + issue_tracker_url: https://github.com/constructorfleet/ansible-common/issue/tracker - # If the issue tracker for your role is not on github, uncomment the - # next line and provide a value - # issue_tracker_url: http://example.com/issue/tracker - - # Choose a valid license ID from https://spdx.org - some suggested licenses: - # - BSD-3-Clause (default) - # - MIT - # - GPL-2.0-or-later - # - GPL-3.0-only - # - Apache-2.0 - # - CC-BY-4.0 license: MIT min_ansible_version: 2.9 - # If this a Container Enabled role, provide the minimum Ansible Container version. - # min_ansible_container_version: - - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - # platforms: - # - name: Fedora - # versions: - # - all - # - 25 - # - name: SomePlatform - # versions: - # - all - # - 1.0 - # - 7 - # - 99.99 - platforms: - name: Ubuntu versions: @@ -47,14 +18,8 @@ galaxy_info: galaxy_tags: - common - - wwt - # List tags for your role here, one per line. A tag is a keyword that describes - # and categorizes the role. Users find roles by searching for tags. Be sure to - # remove the '[]' above, if you add tags to this list. - # - # NOTE: A tag is limited to a single word comprised of alphanumeric characters. - # Maximum 20 tags per role. + - ssh + - serial-over-lan + - cockpit dependencies: [] - # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. From 690620b504ba6817c1814dcac52c0aa245419146 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 17:50:05 -0600 Subject: [PATCH 003/118] Molecule and GitHub actions init --- .github/workflows/molecule.yml | 24 ++++++++++++++ .github/workflows/publish.yml | 18 +++++++++++ .github/workflows/tag-on-merge.yml | 24 ++++++++++++++ molecule/default/Dockerfile.j2 | 14 ++++++++ molecule/default/INSTALL.rst | 22 +++++++++++++ molecule/default/converge.yml | 8 +++++ molecule/default/molecule.yml | 52 ++++++++++++++++++++++++++++++ molecule/default/verify.yml | 23 +++++++++++++ 8 files changed, 185 insertions(+) create mode 100644 .github/workflows/molecule.yml create mode 100644 .github/workflows/publish.yml create mode 100644 .github/workflows/tag-on-merge.yml create mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml new file mode 100644 index 00000000..ea35b5d1 --- /dev/null +++ b/.github/workflows/molecule.yml @@ -0,0 +1,24 @@ +--- +name: Molecule +on: + - push + - pull_request + +env: + CI: true + +jobs: + molecule: + name: Molecule + runs-on: ubuntu-latest + steps: + - name: Switch to using Python 3.8 by default + uses: actions/setup-python@v2 + with: + python-version: 3.8 + - name: Checkout code + uses: actions/checkout@v2 + with: + path: "${{ github.repository }}" + - name: Molecule + uses: robertdebock/molecule-action@4.0.7 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..ebb2023b --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,18 @@ +name: Publish Role to Ansible Galaxy +on: + release: + types: [ created ] +jobs: + publish: + name: Publish to Ansible Galaxy + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v2 + - name: Publish Ansible role to Galaxy + uses: robertdebock/galaxy-action@1.2.0 + with: + galaxy_api_key: ${{ secrets.GALAXY_API_TOKEN }} + diff --git a/.github/workflows/tag-on-merge.yml b/.github/workflows/tag-on-merge.yml new file mode 100644 index 00000000..27ac7d0c --- /dev/null +++ b/.github/workflows/tag-on-merge.yml @@ -0,0 +1,24 @@ +name: Tag on Merge + +on: + push: + branches: [ main ] + +env: + CI: true + +jobs: + tag: + name: Tag Role + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + with: + path: "${{ github.repository }}" + - name: Bump version and push tag + uses: anothrNick/github-tag-action@1.36.0 + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + WITH_V: true + DEFAULT_BUMP: minor diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..77bda50e --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi \ No newline at end of file diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 00000000..d926ca25 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ python3 -m pip install 'molecule[docker]' diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 00000000..cb93a687 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + strategy: free + tasks: + - name: Run avahi daemon role + ansible.builtin.include_role: + name: ansible-avahi-daemon diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 00000000..050f46b4 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,52 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: ubuntu-20.04 + image: joepublic/molecule-ubuntu:20.04 + privileged: true + command: /lib/systemd/systemd + capabilities: + - SYS_ADMIN + tmpfs: + - /tmp + - /run + - /run/lock + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: ubuntu-18.04 + image: joepublic/molecule-ubuntu:18.04 + privileged: true + command: /lib/systemd/systemd + capabilities: + - SYS_ADMIN + tmpfs: + - /tmp + - /run + - /run/lock + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - name: centos-7 + image: joepublic/molecule-centos:7 + privileged: true + command: /usr/sbin/init + capabilities: + - SYS_ADMIN + tmpfs: + - /tmp + - /run + - /run/lock + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro +provisioner: + name: ansible + options: + vvv: True +#lint: | +# set -e +# yamllint . +# ansible-lint . +verifier: + name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 00000000..c62dd676 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,23 @@ +--- +# This is a playbook to execute Ansible tests. + +- name: Verify + hosts: all + strategy: free + tasks: + - name: Get Systemd status of avahi-service + ansible.builtin.service_facts: + register: service_facts + + - name: Assert service is running + ansible.builtin.assert: + that: + - "{{ (service_facts.ansible_facts.services[service].state | default('error')) in ['running', 'started'] | default(False) }}" + success_msg: "Service {{ service }} is running" + fail_msg: "Service {{ service }} is not running: {{ service_facts | to_nice_yaml }}" + loop: + - avahi-daemon.service + loop_control: + loop_var: service + label: "{{ service }}" + From fa3c8c63257f55126602fe8809fdee5d935a0933 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 17:56:06 -0600 Subject: [PATCH 004/118] Fully qualified modules --- tasks/autoupdate.yml | 2 +- tasks/cloud_init.yml | 4 ++-- tasks/cockpit.yml | 8 ++++---- tasks/fix-login.yml | 5 +++-- tasks/hostfile.yml | 6 +++--- tasks/main.yml | 28 ++++++++++++++-------------- tasks/mdns_reflection.yml | 6 +++--- tasks/packages.yml | 8 +++++--- tasks/redhat-sol.yml | 12 ++++++------ tasks/ssh.yml | 18 +++++++++--------- tasks/sudo.yml | 2 +- tasks/ubuntu-sol.yml | 8 ++++---- tasks/users.yml | 6 +++--- 13 files changed, 58 insertions(+), 55 deletions(-) diff --git a/tasks/autoupdate.yml b/tasks/autoupdate.yml index c0079d76..21985adc 100644 --- a/tasks/autoupdate.yml +++ b/tasks/autoupdate.yml @@ -1,6 +1,6 @@ --- - name: "Common :: Disable Autoupdate Services" - service: + ansible.builtin.service: name: "{{ item }}" state: stopped enabled: no diff --git a/tasks/cloud_init.yml b/tasks/cloud_init.yml index 7a9b6908..a6bd42df 100644 --- a/tasks/cloud_init.yml +++ b/tasks/cloud_init.yml @@ -1,10 +1,10 @@ --- - name: Remove cloud-init config directory - file: + ansible.builtin.file: path: /etc/cloud state: absent - name: Remove cloud-init package if present - package: + ansible.builtin.package: name: cloud-init state: absent diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index fc1a2c8f..4199273a 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -2,10 +2,10 @@ - name: "Configure Selinux and firewall rules for Cockpit [RedHat/CentOS]" block: - name: Disable SELinux - selinux: + ansible.posix.selinux: state: "{{ common_selinux_state }}" - name: Configure Firewalld allowed ports - firewalld: + ansible.posix.firewalld: service: "{{ item }}" permanent: yes immediate: yes @@ -15,12 +15,12 @@ - name: Install cockpit packages - package: + ansible.builtin.package: name: "{{ common_cockpit_pkgs }}" state: present - name: Enable and start cockpit service - service: + ansible.builtin.service: name: "{{ common_cockpit_service }}" state: started enabled: True diff --git a/tasks/fix-login.yml b/tasks/fix-login.yml index 53f9241d..e65731c4 100644 --- a/tasks/fix-login.yml +++ b/tasks/fix-login.yml @@ -1,12 +1,13 @@ --- - name: fix root ssh login - replace: + ansible.builtin.replace: path: /root/.ssh/authorized_keys regexp: '^.*((?=ssh-rsa))' replace: '\1' backup: yes + - name: fix root ssh login - replace: + ansible.builtin.replace: path: /root/.ssh/authorized_keys regexp: '^no-port-forwarding.*$' backup: yes diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index 05840e04..0f5de997 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -1,5 +1,5 @@ - name: "Gather facts for all ceph nodes" - setup: + ansible.builtin.setup: gather_subset: - network delegate_to: "{{ item }}" @@ -13,7 +13,7 @@ - hostvars[item]['ansible_default_ipv4'] is not defined - name: "Gather facts for all NFS Servers" - setup: + ansible.builtin.setup: gather_subset: - network delegate_to: "{{ item }}" @@ -26,7 +26,7 @@ - hostvars[item]['ansible_default_ipv4'] is not defined - name: Generate /etc/hosts template - template: + ansible.builtin.template: src: hostfile.j2 dest: /etc/hosts mode: 0755 diff --git a/tasks/main.yml b/tasks/main.yml index 4aaec9f3..9baea714 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,5 +1,5 @@ - name: include os specific vars - include_vars: "{{ item }}" + ansible.builtin.include_vars: "{{ item }}" with_first_found: - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml" - "{{ ansible_distribution }}.yml" @@ -8,50 +8,50 @@ - always - name: "Install common system packages and python dependencies" - import_tasks: packages.yml + ansible.builtin.import_tasks: packages.yml tags: - common-packages - name: "Configure SSHd and root user" - import_tasks: ssh.yml + ansible.builtin.import_tasks: ssh.yml tags: - common-sshd - name: "Configure /etc/hosts" - import_tasks: hostfile.yml + ansible.builtin.import_tasks: hostfile.yml tags: - common-hostfile - name: "Configure system autoupdate parameters" - import_tasks: autoupdate.yml + ansible.builtin.import_tasks: autoupdate.yml tags: - common-autoupdate - name: "Remove cloud-init packages and config files" - import_tasks: cloud_init.yml + ansible.builtin.import_tasks: cloud_init.yml tags: - common-cloudinit - name: "Configure Local Users and Groups" - import_tasks: users.yml + ansible.builtin.import_tasks: users.yml when: not openldap_client_enable|default(false) tags: - common-users - name: "Configure Sudoers" - import_tasks: sudo.yml + ansible.builtin.import_tasks: sudo.yml tags: - common-sudoers - name: "Configure MDNS reflection / Avahi" - import_tasks: mdns_reflection.yml + ansible.builtin.import_tasks: mdns_reflection.yml when: - enable_mdns_reflection | default(False) tags: - common-mdns - name: "Configure Serial-over-LAN [Ubuntu]" - import_tasks: ubuntu-sol.yml + ansible.builtin.import_tasks: ubuntu-sol.yml when: - ansible_os_family == "Debian" - ansible_virtualization_role != "guest" @@ -61,7 +61,7 @@ - common-sol - name: "Configure Serial-over-LAN [RHEL/CentOS]" - import_tasks: redhat-sol.yml + ansible.builtin.import_tasks: redhat-sol.yml when: - ansible_os_family == "RedHat" - ansible_virtualization_role != "guest" @@ -71,19 +71,19 @@ - common-sol - name: "Configure Timezone Info" - timezone: + community.general.timezone: name: "{{ timezone }}" tags: - common-timezone - name: "Install Cockpit" - import_tasks: cockpit.yml + ansible.builtin.import_tasks: cockpit.yml tags: - common-cockpit when: common_enable_cockpit|default(False) - name: "Reboot host if grub config was updated" - reboot: + ansible.builtin.reboot: when: grub_require_rebuild | default(false) tags: - common-sol diff --git a/tasks/mdns_reflection.yml b/tasks/mdns_reflection.yml index 8968e446..12ec4149 100644 --- a/tasks/mdns_reflection.yml +++ b/tasks/mdns_reflection.yml @@ -1,14 +1,14 @@ --- - name: Install Avahi-Daemon package - package: + ansible.builtin.package: name: "{{ common_mdns_pkgs }}" state: present when: - enable_mdns_reflection | default(False) - name: Template Avahi-Daemon configuration - template: + ansible.builtin.template: dest: /etc/avahi/avahi-daemon.conf src: avahi-daemon.conf.j2 owner: root @@ -19,7 +19,7 @@ - enable_mdns_reflection | default(False) - name: Reload Avahi-Daemon configuration on change - systemd: + ansible.builtin.systemd: name: avahi-daemon.service state: restarted when: diff --git a/tasks/packages.yml b/tasks/packages.yml index eedafd94..65959771 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,5 +1,7 @@ +--- + - name: Install common packages - package: + ansible.builtin.package: name: '{{ common_pkgs }}' state: present when: @@ -7,7 +9,7 @@ - common_pkgs != None - name: "Uninstall any unwanted packages managed via OS package-manager" - package: + ansible.builtin.package: name: '{{ common_uninstall_pkgs }}' state: absent when: @@ -15,7 +17,7 @@ - common_uninstall_pkgs != None - name: "Install python requirements via Pip" - pip: + ansible.builtin.pip: name: "{{ common_python_pkgs }}" state: present when: diff --git a/tasks/redhat-sol.yml b/tasks/redhat-sol.yml index 8cd22f74..264d9894 100644 --- a/tasks/redhat-sol.yml +++ b/tasks/redhat-sol.yml @@ -1,6 +1,7 @@ --- + - name: Update GRUB_CMDLINE_LINUX - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_CMDLINE_LINUX="((?!.*(console={{ serialtty }},[0-9]+n8))(.*)?)"$' @@ -8,9 +9,8 @@ backrefs: yes notify: "update_grub_config" - - name: Update GRUB_CMDLINE_LINUX - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_CMDLINE_LINUX="((?!.*(console={{ consoletty }}))(.*)?)"$' @@ -19,7 +19,7 @@ notify: "update_grub_config" - name: Update GRUB_TERMINAL - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_TERMINAL=.*' @@ -27,7 +27,7 @@ notify: "update_grub_config" - name: Update GRUB_SERIAL_COMMAND - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_SERIAL_COMMAND=.*' @@ -37,5 +37,5 @@ - meta: flush_handlers - name: Rebuild Grub Config - command: "{{ grub_update_cmd }} -o {{ grub_config }}" + ansible.builtin.command: "{{ grub_update_cmd }} -o {{ grub_config }}" when: grub_require_rebuild | default(false) diff --git a/tasks/ssh.yml b/tasks/ssh.yml index d3769747..bd31836b 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -1,6 +1,6 @@ --- - name: create /var/run/sshd - file: + ansible.builtin.file: state: directory path: /var/run/sshd mode: 0755 @@ -8,7 +8,7 @@ - ansible_os_family == "Debian" - name: Copy sshd_config Template - template: + ansible.builtin.template: src: sshd_config.j2 dest: /etc/ssh/sshd_config owner: root @@ -19,7 +19,7 @@ - meta: flush_handlers - name: Restart ssh server - service: + ansible.builtin.service: name: "{{ ssh_service }}" state: restarted enabled: yes @@ -27,7 +27,7 @@ when: sshd_require_restart | default(false) - name: Verify the sshd service is listening - wait_for: + ansible.builtin.wait_for: host: localhost port: 22 delay: 5 @@ -36,16 +36,16 @@ register: ssh_start_attempt - name: Get ssh journald logs if service does not appear to be up - shell: journalctl _SYSTEMD_INVOCATION_ID=`systemctl show -p InvocationID --value {{ ssh_service }}.service` + ansible.builtin.shell: journalctl _SYSTEMD_INVOCATION_ID=`systemctl show -p InvocationID --value {{ ssh_service }}.service` register: ssh_journal when: ssh_start_attempt.failed | default(false) -- fail: +- ansible.builtin.fail: msg: "{{ ssh_journal.stdout_lines }}" when: ssh_start_attempt.failed | default(false) - name: Ensure root .ssh directory exists - file: + ansible.builtin.file: path: /root/.ssh state: directory owner: root @@ -53,7 +53,7 @@ mode: 0700 - name: Generate root authorized_keys file - template: + ansible.builtin.template: src: root_authorized_keys.j2 dest: /root/.ssh/authorized_keys owner: root @@ -65,7 +65,7 @@ - ssh_users|length > 0 - name: Change root password - user: + ansible.builtin.user: name: root password: "{{ root_password | password_hash(salt=root_password_salt) }}" update_password: always diff --git a/tasks/sudo.yml b/tasks/sudo.yml index 14a32373..1aa716ae 100644 --- a/tasks/sudo.yml +++ b/tasks/sudo.yml @@ -1,6 +1,6 @@ --- - name: "Allow passwordless sudo for 'admin' group" - lineinfile: + ansible.builtin.lineinfile: path: /etc/sudoers regexp: '^%admin.*$' line: '%admin ALL=(ALL) NOPASSWD:ALL' diff --git a/tasks/ubuntu-sol.yml b/tasks/ubuntu-sol.yml index 421cbb3d..5ee3a75c 100755 --- a/tasks/ubuntu-sol.yml +++ b/tasks/ubuntu-sol.yml @@ -1,6 +1,6 @@ --- - name: Update GRUB_CMDLINE_LINUX - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_CMDLINE_LINUX=.*' @@ -8,7 +8,7 @@ notify: "update_grub_config" - name: Update GRUB_TERMINAL - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_TERMINAL=.*' @@ -16,7 +16,7 @@ notify: "update_grub_config" - name: Update GRUB_SERIAL_COMMAND - lineinfile: + ansible.builtin.lineinfile: dest: /etc/default/grub state: present regexp: '^GRUB_SERIAL_COMMAND=.*' @@ -26,5 +26,5 @@ - meta: flush_handlers - name: Rebuild Grub Config - command: "{{ grub_update_cmd }} -o {{ grub_config }}" + ansible.builtin.command: "{{ grub_update_cmd }} -o {{ grub_config }}" when: grub_require_rebuild | default(false) diff --git a/tasks/users.yml b/tasks/users.yml index bee5acd0..b96ec281 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,5 +1,5 @@ - name: Create local user groups - group: + ansible.builtin.group: name: "{{ item.key }}" gid: "{{ item.value.gid | default(omit) }}" state: present @@ -10,7 +10,7 @@ - ssh_groups is defined - ssh_groups != None - name: Create local user accounts - user: + ansible.builtin.user: name: "{{ item.key }}" shell: "{{ item.value.shell | default(omit) }}" group: "{{ item.value.gid | default(omit) }}" @@ -32,7 +32,7 @@ - ssh_users != None - name: Add user authorized keys - authorized_key: + ansible.posix.authorized_key: user: "{{ item.key }}" state: present key: "{{ item.value.pubkey }}" From 7d35c80130067daedcc510403e54a2b20a3d8ed0 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 18:02:11 -0600 Subject: [PATCH 005/118] Linting --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 9baea714..1dae0ac2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -80,7 +80,7 @@ ansible.builtin.import_tasks: cockpit.yml tags: - common-cockpit - when: common_enable_cockpit|default(False) + when: common_enable_cockpit | default(False) - name: "Reboot host if grub config was updated" ansible.builtin.reboot: From c283b1fe54475d2a3ced15027c5d1e3b2f94572e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 18:02:21 -0600 Subject: [PATCH 006/118] Verify services --- molecule/default/verify.yml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index c62dd676..753249c1 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -5,18 +5,32 @@ hosts: all strategy: free tasks: - - name: Get Systemd status of avahi-service + - name: Create list of services to verify + ansible.builtin.set_fact: + services_to_verify: | + {%- set ns = namespace(services=[]) -%} + {%- if autoupdate_services is defined and autoupdate_services is sequence -%} + {%- set ns.services = ns.services + ([autoupdate_services] | flatten) -%} + {%- endif -%} + {%- if common_enable_cockpit is defined and common_enable_cockpit is true -%} + {%- set ns.services = ns.services + ([common_cockpit_service] | flatten) -%} + {%- endif -%} + {%- if enable_mdns_reflection | default(False) -%} + {%- set ns.services = ns.services + ['avahi-daemon.service'] -%} + {%- endif -%} + {{ ns.services }} + + - name: Get Systemd status ansible.builtin.service_facts: register: service_facts - - name: Assert service is running + - name: Assert services are running ansible.builtin.assert: that: - "{{ (service_facts.ansible_facts.services[service].state | default('error')) in ['running', 'started'] | default(False) }}" success_msg: "Service {{ service }} is running" fail_msg: "Service {{ service }} is not running: {{ service_facts | to_nice_yaml }}" - loop: - - avahi-daemon.service + loop: '{{ services_to_verify }}' loop_control: loop_var: service label: "{{ service }}" From 1d91b31ea3181bf19a6b4ffba5f7015b80c7883f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 18:03:13 -0600 Subject: [PATCH 007/118] Converge playbook include common role --- molecule/default/converge.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index cb93a687..94e814f5 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,6 +3,6 @@ hosts: all strategy: free tasks: - - name: Run avahi daemon role + - name: Run common role ansible.builtin.include_role: - name: ansible-avahi-daemon + name: ansible-common From d787c17719c050793906d0d1830b2c58a5d596a6 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 18:08:45 -0600 Subject: [PATCH 008/118] Fix redhat package --- vars/RedHat.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/RedHat.yml b/vars/RedHat.yml index edeb0026..3b8ff3cb 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -5,7 +5,7 @@ common_pkgs: - zsh - screen - vim-enhanced - - python2-pip + - python-pip - python3-pip - sudo - tzdata From 306e9baa5ebafc2f3e5ac4b59a87e1a83049caec Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 18:11:05 -0600 Subject: [PATCH 009/118] Install ssh server --- vars/CentOS7.yml | 1 + vars/CentOS8.yml | 1 + vars/Debian.yml | 1 + vars/RedHat.yml | 1 + vars/Ubuntu.yml | 1 + vars/Ubuntu20.yml | 1 + 6 files changed, 6 insertions(+) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index e01650ff..9bc07fa3 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -1,5 +1,6 @@ --- common_pkgs: + - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index e429a79d..74583825 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,5 +1,6 @@ --- common_pkgs: + - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/Debian.yml b/vars/Debian.yml index 907002ee..3a117a06 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,6 @@ --- common_pkgs: + - openssh-server - screen - vim - ipmitool diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 3b8ff3cb..189f686f 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,6 @@ --- common_pkgs: + - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml index 907002ee..3a117a06 100644 --- a/vars/Ubuntu.yml +++ b/vars/Ubuntu.yml @@ -1,5 +1,6 @@ --- common_pkgs: + - openssh-server - screen - vim - ipmitool diff --git a/vars/Ubuntu20.yml b/vars/Ubuntu20.yml index 9493fb0b..b298224d 100644 --- a/vars/Ubuntu20.yml +++ b/vars/Ubuntu20.yml @@ -1,4 +1,5 @@ common_pkgs: + - openssh-server - screen - vim - ipmitool From 1e90f7277e47ef32c05d9e8d4708439f36baedf0 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 19:43:21 -0600 Subject: [PATCH 010/118] Fix package name --- vars/CentOS7.yml | 2 +- vars/CentOS8.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index 9bc07fa3..b8397348 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -6,7 +6,7 @@ common_pkgs: - zsh - screen - vim-enhanced - - python2-pip + - python-pip - python3-pip - sudo - tzdata diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 74583825..594e20a0 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -6,7 +6,7 @@ common_pkgs: - zsh - screen - vim-enhanced - - python2-pip + - python-pip - python3-pip - sudo - tzdata From 94465aa70fc94c40b11045215c2da0a3c631fedf Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 19:51:45 -0600 Subject: [PATCH 011/118] epel release --- vars/CentOS7.yml | 2 ++ vars/CentOS8.yml | 2 ++ vars/RedHat.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index b8397348..1ac9c757 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -1,5 +1,7 @@ --- + common_pkgs: + - epel-release - openssh-server - ipmitool - freeipmi diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 594e20a0..29c02dfe 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,5 +1,7 @@ --- + common_pkgs: + - epel-release - openssh-server - ipmitool - freeipmi diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 189f686f..6da890b3 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,7 @@ --- + common_pkgs: + - epel-release - openssh-server - ipmitool - freeipmi From 06efdeb2746d8fca2f1582573fbd807cc21db8b0 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 19:56:24 -0600 Subject: [PATCH 012/118] remove packsge --- vars/CentOS7.yml | 1 - vars/CentOS8.yml | 1 - vars/RedHat.yml | 1 - 3 files changed, 3 deletions(-) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index 1ac9c757..e8121b50 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -8,7 +8,6 @@ common_pkgs: - zsh - screen - vim-enhanced - - python-pip - python3-pip - sudo - tzdata diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 29c02dfe..2b39ba6f 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -8,7 +8,6 @@ common_pkgs: - zsh - screen - vim-enhanced - - python-pip - python3-pip - sudo - tzdata diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 6da890b3..db298c70 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -8,7 +8,6 @@ common_pkgs: - zsh - screen - vim-enhanced - - python-pip - python3-pip - sudo - tzdata From 54d6a4001754f8b32c86c687143f206bc69e4ca1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 20:11:53 -0600 Subject: [PATCH 013/118] Move epel and openssh to docker image --- molecule/default/Dockerfile.j2 | 12 ++++++------ vars/CentOS7.yml | 2 -- vars/CentOS8.yml | 2 -- vars/Debian.yml | 1 - vars/RedHat.yml | 2 -- vars/Ubuntu.yml | 1 - vars/Ubuntu20.yml | 1 - 7 files changed, 6 insertions(+), 15 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 77bda50e..3c6434ca 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,9 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi \ No newline at end of file +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi \ No newline at end of file diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index e8121b50..d4b38bb0 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -1,8 +1,6 @@ --- common_pkgs: - - epel-release - - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 2b39ba6f..f1bba182 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,8 +1,6 @@ --- common_pkgs: - - epel-release - - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/Debian.yml b/vars/Debian.yml index 3a117a06..907002ee 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,6 +1,5 @@ --- common_pkgs: - - openssh-server - screen - vim - ipmitool diff --git a/vars/RedHat.yml b/vars/RedHat.yml index db298c70..bf0e22b7 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,8 +1,6 @@ --- common_pkgs: - - epel-release - - openssh-server - ipmitool - freeipmi - zsh diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml index 3a117a06..907002ee 100644 --- a/vars/Ubuntu.yml +++ b/vars/Ubuntu.yml @@ -1,6 +1,5 @@ --- common_pkgs: - - openssh-server - screen - vim - ipmitool diff --git a/vars/Ubuntu20.yml b/vars/Ubuntu20.yml index b298224d..9493fb0b 100644 --- a/vars/Ubuntu20.yml +++ b/vars/Ubuntu20.yml @@ -1,5 +1,4 @@ common_pkgs: - - openssh-server - screen - vim - ipmitool From aa0e4937852e10abc800e8f69914af2da72cf34f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 20:38:48 -0600 Subject: [PATCH 014/118] Update dockerfile --- molecule/default/Dockerfile.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 3c6434ca..1775fdca 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,9 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean && systemctl enable ssh && systemctl start ssh; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all && systemctl enable ssh && systemctl start ssh; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all && systemctl enable ssh && systemctl start ssh; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi \ No newline at end of file From a07a283cf00b7213ef1ee15347aba7c43d0f96a7 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 20:50:49 -0600 Subject: [PATCH 015/118] Revert "Update dockerfile" This reverts commit aa0e4937852e10abc800e8f69914af2da72cf34f. --- molecule/default/Dockerfile.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 1775fdca..3c6434ca 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,9 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean && systemctl enable ssh && systemctl start ssh; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all && systemctl enable ssh && systemctl start ssh; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all && systemctl enable ssh && systemctl start ssh; \ +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi \ No newline at end of file From a8072413225badbfa340b493718e8007c7902a09 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 20:58:21 -0600 Subject: [PATCH 016/118] deub --- .github/workflows/molecule.yml | 2 ++ molecule/default/molecule.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index ea35b5d1..c1f31f30 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -22,3 +22,5 @@ jobs: path: "${{ github.repository }}" - name: Molecule uses: robertdebock/molecule-action@4.0.7 + with: + command: "--debug converge" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 050f46b4..45c8d559 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -50,3 +50,5 @@ provisioner: # ansible-lint . verifier: name: ansible + options: + vvv: True From 924755d39a64dc82dae4ba295e4a005e37d8b048 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 22:14:26 -0600 Subject: [PATCH 017/118] ssh Agent --- molecule/default/converge.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 94e814f5..b2392dfe 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,6 +3,16 @@ hosts: all strategy: free tasks: + - name: Enable ssh daemon + ansible.builtin.service: + name: sshd + enabled: true + state: restarted + + - name: Start agent + ansible.builtin.shell: + cmd: 'eval $(ssh-agent -s)'} + - name: Run common role ansible.builtin.include_role: name: ansible-common From dd7d180b3ae241a0129c75f0ab33265c23de383d Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Thu, 5 May 2022 22:19:23 -0600 Subject: [PATCH 018/118] Type-o --- molecule/default/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b2392dfe..b3644443 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -11,7 +11,7 @@ - name: Start agent ansible.builtin.shell: - cmd: 'eval $(ssh-agent -s)'} + cmd: 'eval $(ssh-agent -s)' - name: Run common role ansible.builtin.include_role: From e61094fbc7130c469550a0eb6f77fda9e29d2474 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:13:52 -0600 Subject: [PATCH 019/118] Start SSH command --- molecule/default/molecule.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 45c8d559..6b14bf64 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true - command: /lib/systemd/systemd + command: /usr/sbin/sshd -D & /lib/systemd/systemd capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +19,7 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true - command: /lib/systemd/systemd + command: /usr/sbin/sshd -D & /lib/systemd/systemd capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +31,7 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true - command: /usr/sbin/init + command: /usr/sbin/sshd -D & /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: From eb4603b5ab5dd9e2d2bf7c1bb6fcc5a94b7ae5ed Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:24:38 -0600 Subject: [PATCH 020/118] SSH and systemd --- molecule/default/Dockerfile.j2 | 5 ++++- molecule/default/entrypoint.sh | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100755 molecule/default/entrypoint.sh diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 3c6434ca..806e256d 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -11,4 +11,7 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi \ No newline at end of file + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi +COPY entrypoint.sh entrypoint.sh + +CMD ["./entrypoint.sh"] \ No newline at end of file diff --git a/molecule/default/entrypoint.sh b/molecule/default/entrypoint.sh new file mode 100755 index 00000000..7dc79821 --- /dev/null +++ b/molecule/default/entrypoint.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +/usr/sbin/sshd -D + +/lib/systemd/systemd \ No newline at end of file From 1200a65623757b95ec493a88157e8d128b80cc0c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:25:48 -0600 Subject: [PATCH 021/118] Dockerfile --- molecule/default/molecule.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6b14bf64..f4711942 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true - command: /usr/sbin/sshd -D & /lib/systemd/systemd +# command: /usr/sbin/sshd -D & /lib/systemd/systemd capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +19,7 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true - command: /usr/sbin/sshd -D & /lib/systemd/systemd +# command: /usr/sbin/sshd -D & /lib/systemd/systemd capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +31,7 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true - command: /usr/sbin/sshd -D & /usr/sbin/init +# command: /usr/sbin/sshd -D & /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: From a20269cf2c7286b0fd33a4b4ba1b413949d9a390 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:34:21 -0600 Subject: [PATCH 022/118] entrypoint --- molecule/default/Dockerfile.j2 | 4 ++-- molecule/default/{entrypoint.sh => entrypoint} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename molecule/default/{entrypoint.sh => entrypoint} (100%) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 806e256d..422946af 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -12,6 +12,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi -COPY entrypoint.sh entrypoint.sh +COPY entrypoint /usr/sbin/entrypoint -CMD ["./entrypoint.sh"] \ No newline at end of file +CMD ["./entrypoint"] \ No newline at end of file diff --git a/molecule/default/entrypoint.sh b/molecule/default/entrypoint similarity index 100% rename from molecule/default/entrypoint.sh rename to molecule/default/entrypoint From 7867ce00cbc9a36693d2e02efd896610a3e73aa6 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:34:53 -0600 Subject: [PATCH 023/118] Use path --- molecule/default/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 422946af..94d34079 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,4 +14,4 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi COPY entrypoint /usr/sbin/entrypoint -CMD ["./entrypoint"] \ No newline at end of file +CMD ["/usr/sbin/entrypoint"] \ No newline at end of file From 31967e12eeef88ec552a0180b524e8e54678bb37 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:35:50 -0600 Subject: [PATCH 024/118] Execute scrit --- molecule/default/molecule.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f4711942..21186ad9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true -# command: /usr/sbin/sshd -D & /lib/systemd/systemd + command: /usr/sbin/entrypoint capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +19,7 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true -# command: /usr/sbin/sshd -D & /lib/systemd/systemd + command: /usr/sbin/entrypoint capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +31,7 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true -# command: /usr/sbin/sshd -D & /usr/sbin/init + command: /usr/sbin/entrypoint capabilities: - SYS_ADMIN tmpfs: From 0da928efa14aa0790bb19fac6bb7766ad59e6a4e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 04:54:33 -0600 Subject: [PATCH 025/118] Fix docker command --- molecule/default/Dockerfile.j2 | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 94d34079..abe24c59 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,12 +6,13 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server epel-release && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi -COPY entrypoint /usr/sbin/entrypoint +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim python sudo bash ca-certificates openssh-server openssh-client && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server openssh-client epel-release && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server openssh-client epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server openssh-client && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi +RUN mkdir -p /run/sshd +RUN ssh-keygen -A -CMD ["/usr/sbin/entrypoint"] \ No newline at end of file +CMD ["/bin/bash", "/usr/sbin/entrypoint"] From 4e92e2bd398d0cd39d575f1f762ba8e2f78cca2f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 05:00:50 -0600 Subject: [PATCH 026/118] copy --- molecule/default/Dockerfile.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index abe24c59..1a85ec4b 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,5 +14,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A +COPY entrypoint /usr/sbin/entrypoint CMD ["/bin/bash", "/usr/sbin/entrypoint"] From 42798d3cb184c12709d49399f256ffd3ac91c295 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 05:06:17 -0600 Subject: [PATCH 027/118] file path --- molecule/default/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 1a85ec4b..c65971d8 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,6 +14,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -COPY entrypoint /usr/sbin/entrypoint +COPY ./molecule/default/entrypoint /usr/sbin/entrypoint CMD ["/bin/bash", "/usr/sbin/entrypoint"] From b4d6bb87432daf59cfa6964e1cdabb9557f7a78e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 05:31:07 -0600 Subject: [PATCH 028/118] Copy source path --- molecule/default/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index c65971d8..1a85ec4b 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,6 +14,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -COPY ./molecule/default/entrypoint /usr/sbin/entrypoint +COPY entrypoint /usr/sbin/entrypoint CMD ["/bin/bash", "/usr/sbin/entrypoint"] From b6aaeff0d9a1cd77bead3a1b521d7db25f19614b Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:11:24 -0600 Subject: [PATCH 029/118] Try to fix entrypoint --- molecule/default/Dockerfile.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 1a85ec4b..62ae10d0 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,6 +14,7 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -COPY entrypoint /usr/sbin/entrypoint +COPY molecule/default/entrypoint /usr/sbin/entrypoint +RUN chmod +x /usr/sbin/entrypoint -CMD ["/bin/bash", "/usr/sbin/entrypoint"] +CMD [ "/bin/bash", "-C", "/usr/sbin/entrypoint" ] From c14fb01e34ccbc99a8617ec9ba4e31db21491ab2 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:16:07 -0600 Subject: [PATCH 030/118] fix paths --- molecule/default/Dockerfile.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 62ae10d0..5495f524 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,7 +14,7 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -COPY molecule/default/entrypoint /usr/sbin/entrypoint +COPY {{ molecule_scenario_directory }}/entrypoint /usr/sbin/entrypoint RUN chmod +x /usr/sbin/entrypoint -CMD [ "/bin/bash", "-C", "/usr/sbin/entrypoint" ] +CMD [ "/bin/bash", "/usr/sbin/entrypoint" ] From ac660cee415f6602726e7826eea90ba44056173f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:20:51 -0600 Subject: [PATCH 031/118] Fix command --- molecule/default/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 5495f524..1a72e730 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -17,4 +17,4 @@ RUN ssh-keygen -A COPY {{ molecule_scenario_directory }}/entrypoint /usr/sbin/entrypoint RUN chmod +x /usr/sbin/entrypoint -CMD [ "/bin/bash", "/usr/sbin/entrypoint" ] +CMD [ "/usr/sbin/entrypoint" ] From 3bdab3908f11e0ef3e0ef9ddd10acf6577a07b80 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:26:28 -0600 Subject: [PATCH 032/118] Dockerfile changes --- molecule/default/Dockerfile.j2 | 5 ++--- molecule/default/molecule.yml | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 1a72e730..60e951dd 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,7 +14,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -COPY {{ molecule_scenario_directory }}/entrypoint /usr/sbin/entrypoint -RUN chmod +x /usr/sbin/entrypoint +RUN service enable ssh && service start ssh -CMD [ "/usr/sbin/entrypoint" ] +CMD [ "/usr/sbin/init" ] diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 21186ad9..6e282f7c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,7 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true - command: /usr/sbin/entrypoint + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +19,7 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true - command: /usr/sbin/entrypoint + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +31,7 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true - command: /usr/sbin/entrypoint + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: From b6c2d6e3870a01302c12a3e29cf2994fd69e7dc2 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:27:06 -0600 Subject: [PATCH 033/118] systemctl --- molecule/default/Dockerfile.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 60e951dd..0305f064 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -14,6 +14,6 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi RUN mkdir -p /run/sshd RUN ssh-keygen -A -RUN service enable ssh && service start ssh +RUN systemctl enable ssh && systemctl start ssh CMD [ "/usr/sbin/init" ] From 30e59d3e624f3014788d943d0a4a1ab49e4716d6 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:48:35 -0600 Subject: [PATCH 034/118] Try another ssh method --- molecule/default/Dockerfile.j2 | 13 ++++++++++--- molecule/default/ssh-host-key.service | 10 ++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 molecule/default/ssh-host-key.service diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 0305f064..9e7f0e16 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -12,8 +12,15 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server openssh-client && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh; \ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi -RUN mkdir -p /run/sshd -RUN ssh-keygen -A -RUN systemctl enable ssh && systemctl start ssh +RUN rm -rf /etc/ssh/ssh_host* + +COPY ssh-host-key.service /etc/systemd/system/ +RUN chmod 664 /etc/systemd/system/ssh-host-key.service +RUN systemctl enable ssh-host-key.service + +RUN mkdir /root/.ssh && \ + touch /root/.ssh/authorized_keys && \ + chmod 700 /root/.ssh && \ + chmod 600 /root/.ssh/authorized_keys CMD [ "/usr/sbin/init" ] diff --git a/molecule/default/ssh-host-key.service b/molecule/default/ssh-host-key.service new file mode 100644 index 00000000..332b319d --- /dev/null +++ b/molecule/default/ssh-host-key.service @@ -0,0 +1,10 @@ +[Unit] +Description=Generate SSH host keys +Before=ssh.service + +[Service] +Type=oneshot +ExecStart=/bin/bash -c "test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server" + +[Install] +RequiredBy=ssh.service \ No newline at end of file From 6dac86b3580929afabfb244d92a449a71967c892 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 06:53:12 -0600 Subject: [PATCH 035/118] forget ssh --- molecule/default/Dockerfile.j2 | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 9e7f0e16..b0c83fd6 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,19 +6,15 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim python sudo bash ca-certificates openssh-server openssh-client && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server openssh-client epel-release && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server openssh-client epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server openssh-client && zypper clean -a; \ +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash epel-release && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl basht epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server openssh-client && xbps-remove -O; fi + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi RUN rm -rf /etc/ssh/ssh_host* -COPY ssh-host-key.service /etc/systemd/system/ -RUN chmod 664 /etc/systemd/system/ssh-host-key.service -RUN systemctl enable ssh-host-key.service - -RUN mkdir /root/.ssh && \ +RUN mkdir -p /root/.ssh && \ touch /root/.ssh/authorized_keys && \ chmod 700 /root/.ssh && \ chmod 600 /root/.ssh/authorized_keys From 7e281bf7e18f9b27cef94ab855fa54638ccce77f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:15:54 -0600 Subject: [PATCH 036/118] skip ssh --- .github/workflows/molecule.yml | 2 +- molecule/default/Dockerfile.j2 | 18 +++++------------- molecule/default/entrypoint | 5 ----- molecule/default/molecule.yml | 3 --- molecule/default/ssh-host-key.service | 10 ---------- 5 files changed, 6 insertions(+), 32 deletions(-) delete mode 100755 molecule/default/entrypoint delete mode 100644 molecule/default/ssh-host-key.service diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index c1f31f30..8c97dc95 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -23,4 +23,4 @@ jobs: - name: Molecule uses: robertdebock/molecule-action@4.0.7 with: - command: "--debug converge" + command: "--debug converge -- --skip-tags='common-sshd'" diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index b0c83fd6..77bda50e 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,17 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y vim python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash epel-release && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl basht epel-release && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi -RUN rm -rf /etc/ssh/ssh_host* - -RUN mkdir -p /root/.ssh && \ - touch /root/.ssh/authorized_keys && \ - chmod 700 /root/.ssh && \ - chmod 600 /root/.ssh/authorized_keys - -CMD [ "/usr/sbin/init" ] + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi \ No newline at end of file diff --git a/molecule/default/entrypoint b/molecule/default/entrypoint deleted file mode 100755 index 7dc79821..00000000 --- a/molecule/default/entrypoint +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -/usr/sbin/sshd -D - -/lib/systemd/systemd \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6e282f7c..d59c1f73 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,6 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +18,6 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +29,6 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: diff --git a/molecule/default/ssh-host-key.service b/molecule/default/ssh-host-key.service deleted file mode 100644 index 332b319d..00000000 --- a/molecule/default/ssh-host-key.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Generate SSH host keys -Before=ssh.service - -[Service] -Type=oneshot -ExecStart=/bin/bash -c "test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server" - -[Install] -RequiredBy=ssh.service \ No newline at end of file From d8460ef119167b233adddd7643c8f770ab9d0130 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:33:35 -0600 Subject: [PATCH 037/118] Update docker --- .github/workflows/molecule.yml | 2 +- molecule/default/converge.yml | 9 --------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 8c97dc95..351ac342 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -23,4 +23,4 @@ jobs: - name: Molecule uses: robertdebock/molecule-action@4.0.7 with: - command: "--debug converge -- --skip-tags='common-sshd'" + command: "--debug converge -- --skip-tags common-sshd" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b3644443..dafca6aa 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,15 +3,6 @@ hosts: all strategy: free tasks: - - name: Enable ssh daemon - ansible.builtin.service: - name: sshd - enabled: true - state: restarted - - - name: Start agent - ansible.builtin.shell: - cmd: 'eval $(ssh-agent -s)' - name: Run common role ansible.builtin.include_role: From d1a89b207d1ec952c514aea9d005ca0321c283d8 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:40:23 -0600 Subject: [PATCH 038/118] update dockerfile --- molecule/default/Dockerfile.j2 | 16 ++++++++++------ molecule/default/molecule.yml | 3 +++ tasks/hostfile.yml | 4 ++-- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 77bda50e..5137c296 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,9 +6,13 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi \ No newline at end of file +RUN mkdir -p /run/sshd && \ + ssh-keygen -A && \ + if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi + +CMD [ "/usr/sbin/sshd", "-D", "&&", "/lib/systemd/systemd"] \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d59c1f73..0cd37d6e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -49,3 +49,6 @@ verifier: name: ansible options: vvv: True + inventory: + all: + ceph: [] \ No newline at end of file diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index 0f5de997..57ca0b1b 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -4,7 +4,7 @@ - network delegate_to: "{{ item }}" delegate_facts: True - loop: "{{ groups['ceph'] }}" + loop: "{{ groups['ceph'] | default([]) }}" run_once: true when: - ansible_lsb.id != "Raspbian" @@ -19,7 +19,7 @@ delegate_to: "{{ item }}" delegate_facts: True run_once: true - loop: "{{ groups['nfsservers'] }}" + loop: "{{ groups['nfsservers'] | default([]) }}" when: - shared_storage is defined and shared_storage - storage_backend is defined and storage_backend == "nfs" From 18144414e2603cfe59b8b92efb555f32530d6a34 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:44:59 -0600 Subject: [PATCH 039/118] Run sshd --- molecule/default/Dockerfile.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 5137c296..7b466c91 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -8,11 +8,11 @@ FROM {{ item.image }} RUN mkdir -p /run/sshd && \ ssh-keygen -A && \ - if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O; fi + if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean && /usr/sbin/sshd -D &; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all && /usr/sbin/sshd -D &; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all && /usr/sbin/sshd -D &; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a && /usr/sbin/sshd -D &; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server && /usr/sbin/sshd -D &; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O && /usr/sbin/sshd -D &; fi CMD [ "/usr/sbin/sshd", "-D", "&&", "/lib/systemd/systemd"] \ No newline at end of file From d651068085589b505c42ffad747aaacb908dbfe2 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:46:35 -0600 Subject: [PATCH 040/118] System ssh --- molecule/default/Dockerfile.j2 | 4 +--- molecule/default/molecule.yml | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 7b466c91..eada9e0d 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -13,6 +13,4 @@ RUN mkdir -p /run/sshd && \ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all && /usr/sbin/sshd -D &; \ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a && /usr/sbin/sshd -D &; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server && /usr/sbin/sshd -D &; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O && /usr/sbin/sshd -D &; fi - -CMD [ "/usr/sbin/sshd", "-D", "&&", "/lib/systemd/systemd"] \ No newline at end of file + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O && /usr/sbin/sshd -D &; fi \ No newline at end of file diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 0cd37d6e..aa214a59 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,6 +7,7 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -18,6 +19,7 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -29,6 +31,7 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true + command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: From e481f053515d7f78fe6b506b031655b6371d995c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:48:56 -0600 Subject: [PATCH 041/118] remove openssh --- molecule/default/Dockerfile.j2 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index eada9e0d..907588d7 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -8,9 +8,9 @@ FROM {{ item.image }} RUN mkdir -p /run/sshd && \ ssh-keygen -A && \ - if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean && /usr/sbin/sshd -D &; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all && /usr/sbin/sshd -D &; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all && /usr/sbin/sshd -D &; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a && /usr/sbin/sshd -D &; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server && /usr/sbin/sshd -D &; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O && /usr/sbin/sshd -D &; fi \ No newline at end of file + if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean ; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all ; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all ; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a ; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server ; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O ; fi \ No newline at end of file From eb8e2f176619ef93057717743a05588337603c86 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:53:33 -0600 Subject: [PATCH 042/118] Remove openssh from packages --- molecule/default/Dockerfile.j2 | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 index 907588d7..3ccb9caf 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/Dockerfile.j2 @@ -6,11 +6,9 @@ FROM {{ item.registry.url }}/{{ item.image }} FROM {{ item.image }} {% endif %} -RUN mkdir -p /run/sshd && \ - ssh-keygen -A && \ - if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates openssh-server && apt-get clean ; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash openssh-server && dnf clean all ; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash openssh-server && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all ; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml openssh-server && zypper clean -a ; \ +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean ; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all ; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all ; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a ; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server ; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates openssh-server && xbps-remove -O ; fi \ No newline at end of file + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O ; fi \ No newline at end of file From 3de54fb1e6a2a83ce6dbd1fedf37437687379763 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 07:57:37 -0600 Subject: [PATCH 043/118] remove command --- molecule/default/molecule.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index aa214a59..0cd37d6e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -7,7 +7,6 @@ platforms: - name: ubuntu-20.04 image: joepublic/molecule-ubuntu:20.04 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -19,7 +18,6 @@ platforms: - name: ubuntu-18.04 image: joepublic/molecule-ubuntu:18.04 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: @@ -31,7 +29,6 @@ platforms: - name: centos-7 image: joepublic/molecule-centos:7 privileged: true - command: /usr/sbin/init capabilities: - SYS_ADMIN tmpfs: From dd84462a2ed20faf6b402e9b0ea16f6bc58876d4 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:02:45 -0600 Subject: [PATCH 044/118] Flag for ssh --- molecule/default/converge.yml | 2 ++ tasks/main.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index dafca6aa..8ed152d6 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,6 +2,8 @@ - name: Converge hosts: all strategy: free + vars: + configure_ssh: false tasks: - name: Run common role diff --git a/tasks/main.yml b/tasks/main.yml index 1dae0ac2..64951686 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -16,6 +16,8 @@ ansible.builtin.import_tasks: ssh.yml tags: - common-sshd + when: + - configure_ssh | default(True) - name: "Configure /etc/hosts" ansible.builtin.import_tasks: hostfile.yml From d4fbf7c896ff61db48f38e0c974be37b3b8a6823 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:05:43 -0600 Subject: [PATCH 045/118] Remove arg --- .github/workflows/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 351ac342..c1f31f30 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -23,4 +23,4 @@ jobs: - name: Molecule uses: robertdebock/molecule-action@4.0.7 with: - command: "--debug converge -- --skip-tags common-sshd" + command: "--debug converge" From 139c2a394b4119cae68bd561822854f5734274f1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:10:26 -0600 Subject: [PATCH 046/118] try vagrant --- molecule/default/molecule.yml | 39 ++++++----------------------------- 1 file changed, 6 insertions(+), 33 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 0cd37d6e..53a72278 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,41 +2,14 @@ dependency: name: galaxy driver: - name: docker + name: vagrant platforms: - name: ubuntu-20.04 - image: joepublic/molecule-ubuntu:20.04 - privileged: true - capabilities: - - SYS_ADMIN - tmpfs: - - /tmp - - /run - - /run/lock - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: ubuntu-18.04 - image: joepublic/molecule-ubuntu:18.04 - privileged: true - capabilities: - - SYS_ADMIN - tmpfs: - - /tmp - - /run - - /run/lock - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - - name: centos-7 - image: joepublic/molecule-centos:7 - privileged: true - capabilities: - - SYS_ADMIN - tmpfs: - - /tmp - - /run - - /run/lock - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro + box: ubuntu/focal64 + config_options: + ssh.keep_alive: yes + ssh.remote_user: 'vagrant' + synced_folder: true provisioner: name: ansible options: From 2f20af7b76d8fa3f56ebdeb2f6d95b13716ce662 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:27:07 -0600 Subject: [PATCH 047/118] try gerling example --- .github/workflows/ci.yml | 69 ++++++++++++++++++++++++++++++++++ .github/workflows/molecule.yml | 26 ------------- molecule/default/converge.yml | 18 +++++++++ molecule/default/molecule.yml | 17 +++++---- 4 files changed, 97 insertions(+), 33 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/molecule.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..b45e4c59 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,69 @@ +--- +name: Molecule +on: + - push + - pull_request + +env: + CI: true + +defaults: + run: + working-directory: 'constructorfleet.ansible-common' + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'constructorfleet.ansible-common' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: +# - rockylinux8 +# - centos7 + - ubuntu2004 +# - ubuntu1804 +# - debian11 +# - debian10 +# - debian9 +# - fedora34 + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'constructorfleet.ansible-common' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml deleted file mode 100644 index c1f31f30..00000000 --- a/.github/workflows/molecule.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -name: Molecule -on: - - push - - pull_request - -env: - CI: true - -jobs: - molecule: - name: Molecule - runs-on: ubuntu-latest - steps: - - name: Switch to using Python 3.8 by default - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: Checkout code - uses: actions/checkout@v2 - with: - path: "${{ github.repository }}" - - name: Molecule - uses: robertdebock/molecule-action@4.0.7 - with: - command: "--debug converge" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 8ed152d6..9f1c14b3 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,6 +4,24 @@ strategy: free vars: configure_ssh: false + + pre_tasks: + - name: Update apt cache. + ansible.builtin.apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + + - name: Wait for systemd to complete initialization. # noqa 303 + ansible.builtin.command: systemctl is-system-running + register: systemctl_status + until: > + 'running' in systemctl_status.stdout or + 'degraded' in systemctl_status.stdout + retries: 30 + delay: 5 + when: ansible_service_mgr == 'systemd' + changed_when: false + failed_when: systemctl_status.rc > 1 + tasks: - name: Run common role diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 53a72278..fadd6c60 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,16 +2,19 @@ dependency: name: galaxy driver: - name: vagrant + name: docker platforms: - - name: ubuntu-20.04 - box: ubuntu/focal64 - config_options: - ssh.keep_alive: yes - ssh.remote_user: 'vagrant' - synced_folder: true + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true provisioner: name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} options: vvv: True #lint: | From 184c8fc919a9024f888fa425965e63569870b626 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:32:28 -0600 Subject: [PATCH 048/118] Linting --- common.yml | 2 +- defaults/main.yml | 1 + handlers/main.yml | 1 + tasks/autoupdate.yml | 3 ++- tasks/cloud_init.yml | 1 + tasks/cockpit.yml | 5 +++-- tasks/fix-login.yml | 5 +++-- tasks/hostfile.yml | 2 ++ tasks/main.yml | 2 ++ tasks/redhat-sol.yml | 4 ++-- tasks/ssh.yml | 7 ++++--- tasks/sudo.yml | 3 ++- tasks/ubuntu-sol.yml | 1 + tasks/users.yml | 2 ++ tests/test.yml | 1 + vars/Debian.yml | 1 + vars/Ubuntu.yml | 1 + vars/Ubuntu20.yml | 2 ++ 18 files changed, 32 insertions(+), 12 deletions(-) diff --git a/common.yml b/common.yml index d650ab69..db45e82a 100755 --- a/common.yml +++ b/common.yml @@ -2,7 +2,7 @@ - name: Deploy common server configurations hosts: all remote_user: root - gather_facts: yes + gather_facts: true tasks: - import_role: diff --git a/defaults/main.yml b/defaults/main.yml index e0f9c7ba..a21c1a0c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,5 @@ --- + consoletty: serialtty: diff --git a/handlers/main.yml b/handlers/main.yml index c4926481..de8fab56 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,4 +1,5 @@ --- + - name: "restart_sshd" set_fact: sshd_require_restart: True diff --git a/tasks/autoupdate.yml b/tasks/autoupdate.yml index 21985adc..cb7f4a11 100644 --- a/tasks/autoupdate.yml +++ b/tasks/autoupdate.yml @@ -1,9 +1,10 @@ --- + - name: "Common :: Disable Autoupdate Services" ansible.builtin.service: name: "{{ item }}" state: stopped - enabled: no + enabled: false loop: "{{ autoupdate_services }}" when: - autoupdate_services is defined diff --git a/tasks/cloud_init.yml b/tasks/cloud_init.yml index a6bd42df..0c8c08e4 100644 --- a/tasks/cloud_init.yml +++ b/tasks/cloud_init.yml @@ -1,4 +1,5 @@ --- + - name: Remove cloud-init config directory ansible.builtin.file: path: /etc/cloud diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 4199273a..2608f7a6 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -1,3 +1,4 @@ +--- - name: "Configure Selinux and firewall rules for Cockpit [RedHat/CentOS]" block: @@ -7,8 +8,8 @@ - name: Configure Firewalld allowed ports ansible.posix.firewalld: service: "{{ item }}" - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled loop: "{{ common_cockpit_allowed_ports }}" when: ansible_os_family == "RedHat" diff --git a/tasks/fix-login.yml b/tasks/fix-login.yml index e65731c4..068ac034 100644 --- a/tasks/fix-login.yml +++ b/tasks/fix-login.yml @@ -1,13 +1,14 @@ --- + - name: fix root ssh login ansible.builtin.replace: path: /root/.ssh/authorized_keys regexp: '^.*((?=ssh-rsa))' replace: '\1' - backup: yes + backup: true - name: fix root ssh login ansible.builtin.replace: path: /root/.ssh/authorized_keys regexp: '^no-port-forwarding.*$' - backup: yes + backup: true diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index 57ca0b1b..be580216 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -1,3 +1,5 @@ +--- + - name: "Gather facts for all ceph nodes" ansible.builtin.setup: gather_subset: diff --git a/tasks/main.yml b/tasks/main.yml index 64951686..c8705dd2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - name: include os specific vars ansible.builtin.include_vars: "{{ item }}" with_first_found: diff --git a/tasks/redhat-sol.yml b/tasks/redhat-sol.yml index 264d9894..b96a7c6f 100644 --- a/tasks/redhat-sol.yml +++ b/tasks/redhat-sol.yml @@ -6,7 +6,7 @@ state: present regexp: '^GRUB_CMDLINE_LINUX="((?!.*(console={{ serialtty }},[0-9]+n8))(.*)?)"$' line: 'GRUB_CMDLINE_LINUX="\1 console={{ serialtty }},115200n8"' - backrefs: yes + backrefs: true notify: "update_grub_config" - name: Update GRUB_CMDLINE_LINUX @@ -15,7 +15,7 @@ state: present regexp: '^GRUB_CMDLINE_LINUX="((?!.*(console={{ consoletty }}))(.*)?)"$' line: 'GRUB_CMDLINE_LINUX="\1 console={{ consoletty }}"' - backrefs: yes + backrefs: true notify: "update_grub_config" - name: Update GRUB_TERMINAL diff --git a/tasks/ssh.yml b/tasks/ssh.yml index bd31836b..6f2cc267 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -1,4 +1,5 @@ --- + - name: create /var/run/sshd ansible.builtin.file: state: directory @@ -22,7 +23,7 @@ ansible.builtin.service: name: "{{ ssh_service }}" state: restarted - enabled: yes + enabled: true register: ssh_started when: sshd_require_restart | default(false) @@ -32,7 +33,7 @@ port: 22 delay: 5 when: ssh_started is changed - ignore_errors: yes + ignore_errors: true register: ssh_start_attempt - name: Get ssh journald logs if service does not appear to be up @@ -59,7 +60,7 @@ owner: root group: root mode: 0600 - backup: yes + backup: true when: - ssh_users is defined - ssh_users|length > 0 diff --git a/tasks/sudo.yml b/tasks/sudo.yml index 1aa716ae..79d3a718 100644 --- a/tasks/sudo.yml +++ b/tasks/sudo.yml @@ -1,9 +1,10 @@ --- + - name: "Allow passwordless sudo for 'admin' group" ansible.builtin.lineinfile: path: /etc/sudoers regexp: '^%admin.*$' line: '%admin ALL=(ALL) NOPASSWD:ALL' state: present - backup: yes + backup: true validate: 'visudo -cf %s' diff --git a/tasks/ubuntu-sol.yml b/tasks/ubuntu-sol.yml index 5ee3a75c..2a956f65 100755 --- a/tasks/ubuntu-sol.yml +++ b/tasks/ubuntu-sol.yml @@ -1,4 +1,5 @@ --- + - name: Update GRUB_CMDLINE_LINUX ansible.builtin.lineinfile: dest: /etc/default/grub diff --git a/tasks/users.yml b/tasks/users.yml index b96ec281..4d2c5688 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,3 +1,5 @@ +--- + - name: Create local user groups ansible.builtin.group: name: "{{ item.key }}" diff --git a/tests/test.yml b/tests/test.yml index 31cf1ac3..35372a3a 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,4 +1,5 @@ --- + - hosts: localhost remote_user: root roles: diff --git a/vars/Debian.yml b/vars/Debian.yml index 907002ee..e91f2d78 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,4 +1,5 @@ --- + common_pkgs: - screen - vim diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml index 907002ee..e91f2d78 100644 --- a/vars/Ubuntu.yml +++ b/vars/Ubuntu.yml @@ -1,4 +1,5 @@ --- + common_pkgs: - screen - vim diff --git a/vars/Ubuntu20.yml b/vars/Ubuntu20.yml index 9493fb0b..77e4d7e8 100644 --- a/vars/Ubuntu20.yml +++ b/vars/Ubuntu20.yml @@ -1,3 +1,5 @@ +--- + common_pkgs: - screen - vim From b941b37c34a81f13d42534b12ea677accd70c015 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:33:47 -0600 Subject: [PATCH 049/118] fqm --- molecule/default/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 9f1c14b3..aa9173ca 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -26,4 +26,4 @@ - name: Run common role ansible.builtin.include_role: - name: ansible-common + name: constructorfleet.ansible-common From 87af5efd6f80200b43f46511cfcf2c47066d657a Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:38:46 -0600 Subject: [PATCH 050/118] Linting --- .yamllint | 35 +++++++++++++++++++++++++++++++++++ README.md | 2 +- defaults/main.yml | 2 +- fix-centos-user.yml | 2 +- fix-ubuntu-user.yml | 2 +- handlers/main.yml | 4 ++-- molecule/default/molecule.yml | 4 ++-- tasks/cockpit.yml | 2 +- tasks/hostfile.yml | 4 ++-- vars/CentOS7.yml | 3 +-- vars/CentOS8.yml | 3 +-- vars/Debian.yml | 4 +--- vars/RedHat.yml | 3 +-- vars/Ubuntu.yml | 4 +--- vars/Ubuntu20.yml | 4 +--- 15 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 .yamllint diff --git a/.yamllint b/.yamllint new file mode 100644 index 00000000..b113d9b0 --- /dev/null +++ b/.yamllint @@ -0,0 +1,35 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: enable + comments-indentation: enable + document-start: enable + empty-lines: + max: 1 + level: error + hyphens: + level: error + indentation: + spaces: 2 + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + check-keys: false +å \ No newline at end of file diff --git a/README.md b/README.md index de1b3bd8..d933765f 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ N/A ``` - name: Deploy common server configurations hosts: all - become: True + become: true remote_user: root tasks: - include_role: diff --git a/defaults/main.yml b/defaults/main.yml index a21c1a0c..72485e5a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -8,7 +8,7 @@ timezone: UTC ssh_users: {} ssh_groups: {} -common_enable_cockpit: False +common_enable_cockpit: false common_pkgs: [] diff --git a/fix-centos-user.yml b/fix-centos-user.yml index d332aab8..6a241ef7 100644 --- a/fix-centos-user.yml +++ b/fix-centos-user.yml @@ -1,7 +1,7 @@ - name: fix root hosts: all remote_user: centos - become: True + become: true tasks: - import_role: name: common diff --git a/fix-ubuntu-user.yml b/fix-ubuntu-user.yml index 49908771..eaf36c9f 100644 --- a/fix-ubuntu-user.yml +++ b/fix-ubuntu-user.yml @@ -1,7 +1,7 @@ - name: fix root hosts: all remote_user: ubuntu - become: True + become: true tasks: - import_role: name: common diff --git a/handlers/main.yml b/handlers/main.yml index de8fab56..3a4fda86 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,8 +2,8 @@ - name: "restart_sshd" set_fact: - sshd_require_restart: True + sshd_require_restart: true - name: "update_grub_config" set_fact: - grub_require_rebuild: True + grub_require_rebuild: true diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index fadd6c60..f790da99 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -16,7 +16,7 @@ provisioner: playbooks: converge: ${MOLECULE_PLAYBOOK:-converge.yml} options: - vvv: True + vvv: true #lint: | # set -e # yamllint . @@ -24,7 +24,7 @@ provisioner: verifier: name: ansible options: - vvv: True + vvv: true inventory: all: ceph: [] \ No newline at end of file diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 2608f7a6..1b8d0ba3 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -24,4 +24,4 @@ ansible.builtin.service: name: "{{ common_cockpit_service }}" state: started - enabled: True + enabled: true diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index be580216..f748fa3e 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -5,7 +5,7 @@ gather_subset: - network delegate_to: "{{ item }}" - delegate_facts: True + delegate_facts: true loop: "{{ groups['ceph'] | default([]) }}" run_once: true when: @@ -19,7 +19,7 @@ gather_subset: - network delegate_to: "{{ item }}" - delegate_facts: True + delegate_facts: true run_once: true loop: "{{ groups['nfsservers'] | default([]) }}" when: diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index d4b38bb0..7d241125 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -10,14 +10,13 @@ common_pkgs: - sudo - tzdata -common_python_pkgs: +common_python_pkgs: [] grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig ssh_service: sshd - common_cockpit_pkgs: - cockpit - cockpit-composer diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index f1bba182..0db09614 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -10,14 +10,13 @@ common_pkgs: - sudo - tzdata -common_python_pkgs: +common_python_pkgs: [] grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig ssh_service: sshd - common_cockpit_pkgs: - cockpit - cockpit-composer diff --git a/vars/Debian.yml b/vars/Debian.yml index e91f2d78..9658a5e8 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -14,9 +14,7 @@ common_pkgs: - sudo - tzdata -common_uninstall_pkgs: -# - python-setuptools -# - python3-setuptools +common_uninstall_pkgs: [] common_python_pkgs: - setuptools diff --git a/vars/RedHat.yml b/vars/RedHat.yml index bf0e22b7..f8d64930 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -10,14 +10,13 @@ common_pkgs: - sudo - tzdata -common_python_pkgs: +common_python_pkgs: [] grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig ssh_service: sshd - common_cockpit_pkgs: - cockpit - cockpit-composer diff --git a/vars/Ubuntu.yml b/vars/Ubuntu.yml index e91f2d78..9658a5e8 100644 --- a/vars/Ubuntu.yml +++ b/vars/Ubuntu.yml @@ -14,9 +14,7 @@ common_pkgs: - sudo - tzdata -common_uninstall_pkgs: -# - python-setuptools -# - python3-setuptools +common_uninstall_pkgs: [] common_python_pkgs: - setuptools diff --git a/vars/Ubuntu20.yml b/vars/Ubuntu20.yml index 77e4d7e8..2177dc2d 100644 --- a/vars/Ubuntu20.yml +++ b/vars/Ubuntu20.yml @@ -15,9 +15,7 @@ common_pkgs: - python3-apt - apt-utils -common_uninstall_pkgs: -# - python-setuptools -# - python3-setuptools +common_uninstall_pkgs: [] common_python_pkgs: - setuptools From e5d8de3534505d2c39be556114959a18b413c9be Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:41:01 -0600 Subject: [PATCH 051/118] Set var --- molecule/default/converge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index aa9173ca..b0376c71 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,6 +4,7 @@ strategy: free vars: configure_ssh: false + storage_backend: NONE pre_tasks: - name: Update apt cache. From 47f6db02ccf7aafcfa97fbe6049c06d7ae5e4637 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:42:26 -0600 Subject: [PATCH 052/118] Typeo --- .yamllint | 1 - 1 file changed, 1 deletion(-) diff --git a/.yamllint b/.yamllint index b113d9b0..d755e054 100644 --- a/.yamllint +++ b/.yamllint @@ -32,4 +32,3 @@ rules: trailing-spaces: enable truthy: check-keys: false -å \ No newline at end of file From 5e79ee5ca5314bc8ba42c4d240ee0a32434e1248 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:50:24 -0600 Subject: [PATCH 053/118] Update role_name --- .yamllint | 4 ++++ meta/main.yml | 2 +- molecule/default/converge.yml | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.yamllint b/.yamllint index d755e054..0a868144 100644 --- a/.yamllint +++ b/.yamllint @@ -1,6 +1,10 @@ --- extends: default +ignore: | + .github/ + + rules: braces: max-spaces-inside: 1 diff --git a/meta/main.yml b/meta/main.yml index 46c65581..463c39fb 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: Alan Janis description: Deploy Common server configurations and packages - name: ansible-common + role_name: common namespace: constructorfleet issue_tracker_url: https://github.com/constructorfleet/ansible-common/issue/tracker diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b0376c71..b75eb236 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -27,4 +27,4 @@ - name: Run common role ansible.builtin.include_role: - name: constructorfleet.ansible-common + name: constructorfleet.common From a0d2c59907177ee1b654f1bc5de1e7cd7e68f56e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:54:49 -0600 Subject: [PATCH 054/118] linting --- common.yml | 1 + fix-centos-user.yml | 2 ++ fix-ubuntu-user.yml | 2 ++ molecule/default/verify.yml | 2 -- tasks/users.yml | 1 + test.yml | 1 + 6 files changed, 7 insertions(+), 2 deletions(-) diff --git a/common.yml b/common.yml index db45e82a..ddada869 100755 --- a/common.yml +++ b/common.yml @@ -1,4 +1,5 @@ --- + - name: Deploy common server configurations hosts: all remote_user: root diff --git a/fix-centos-user.yml b/fix-centos-user.yml index 6a241ef7..653c91b1 100644 --- a/fix-centos-user.yml +++ b/fix-centos-user.yml @@ -1,3 +1,5 @@ +--- + - name: fix root hosts: all remote_user: centos diff --git a/fix-ubuntu-user.yml b/fix-ubuntu-user.yml index eaf36c9f..0e7e23a3 100644 --- a/fix-ubuntu-user.yml +++ b/fix-ubuntu-user.yml @@ -1,3 +1,5 @@ +--- + - name: fix root hosts: all remote_user: ubuntu diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 753249c1..65730b27 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,5 +1,4 @@ --- -# This is a playbook to execute Ansible tests. - name: Verify hosts: all @@ -34,4 +33,3 @@ loop_control: loop_var: service label: "{{ service }}" - diff --git a/tasks/users.yml b/tasks/users.yml index 4d2c5688..a70102a8 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -11,6 +11,7 @@ when: - ssh_groups is defined - ssh_groups != None + - name: Create local user accounts ansible.builtin.user: name: "{{ item.key }}" diff --git a/test.yml b/test.yml index e526f6d7..785fc342 100644 --- a/test.yml +++ b/test.yml @@ -1,4 +1,5 @@ --- + - hosts: localhost connection: local roles: From 1463ce6116788f29fa7fa6efabed47573c6e941b Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:56:14 -0600 Subject: [PATCH 055/118] point to config --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b45e4c59..eed69eee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Lint code. run: | - yamllint . + yamllint -c .yamllint . molecule: name: Molecule From 3258058159f6b868bb80f7769161a984fa3a31e6 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 08:56:53 -0600 Subject: [PATCH 056/118] Linear strategy --- molecule/default/converge.yml | 1 - molecule/default/verify.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index b75eb236..0a220a2a 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,7 +1,6 @@ --- - name: Converge hosts: all - strategy: free vars: configure_ssh: false storage_backend: NONE diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 65730b27..28f18e3e 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -2,7 +2,6 @@ - name: Verify hosts: all - strategy: free tasks: - name: Create list of services to verify ansible.builtin.set_fact: From bfea309d6cbdcc10222b388a1376a33d9e02cfc9 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:01:01 -0600 Subject: [PATCH 057/118] linting --- .github/workflows/ci.yml | 2 +- molecule/default/molecule.yml | 6 +----- tasks/cockpit.yml | 1 - 3 files changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eed69eee..43aa4676 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Lint code. run: | - yamllint -c .yamllint . + yamllint -f parseable -c .yamllint . molecule: name: Molecule diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f790da99..7d60ae5c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -17,14 +17,10 @@ provisioner: converge: ${MOLECULE_PLAYBOOK:-converge.yml} options: vvv: true -#lint: | -# set -e -# yamllint . -# ansible-lint . verifier: name: ansible options: vvv: true inventory: all: - ceph: [] \ No newline at end of file + ceph: [] diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 1b8d0ba3..42a50ad8 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -14,7 +14,6 @@ loop: "{{ common_cockpit_allowed_ports }}" when: ansible_os_family == "RedHat" - - name: Install cockpit packages ansible.builtin.package: name: "{{ common_cockpit_pkgs }}" From 5631fd0956a0de6a7254ffc9cd5d0a72511853cf Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:02:22 -0600 Subject: [PATCH 058/118] sudo --- tasks/hostfile.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index f748fa3e..72632a13 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -34,3 +34,5 @@ mode: 0755 owner: root group: root + become: true + become_method: sudo From 6b5a218e5024f43e414b988765e86e2696379ead Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:03:17 -0600 Subject: [PATCH 059/118] type-o --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43aa4676..c2740fa8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Lint code. run: | - yamllint -f parseable -c .yamllint . + yamllint -f parsable -c .yamllint . molecule: name: Molecule From f16ccfb979f9bfc6f13e5deb419af96335e59b51 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:05:38 -0600 Subject: [PATCH 060/118] linting --- molecule/default/converge.yml | 1 - molecule/default/molecule.yml | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 0a220a2a..4ad1e83f 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -23,7 +23,6 @@ failed_when: systemctl_status.rc > 1 tasks: - - name: Run common role ansible.builtin.include_role: name: constructorfleet.common diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 7d60ae5c..716a718c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,4 +1,5 @@ --- + dependency: name: galaxy driver: From 38618f77288c24fb6850a9332ff19dd73b3ec1a1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:07:32 -0600 Subject: [PATCH 061/118] ignroe venv --- .yamllint | 1 + 1 file changed, 1 insertion(+) diff --git a/.yamllint b/.yamllint index 0a868144..4b8312ab 100644 --- a/.yamllint +++ b/.yamllint @@ -3,6 +3,7 @@ extends: default ignore: | .github/ + venv/ rules: From 952ece5181d8f07f50637262915b60baf64624ea Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:09:39 -0600 Subject: [PATCH 062/118] cleanup --- .github/workflows/ci.yml | 2 +- molecule/default/molecule.yml | 1 + molecule/default/{Dockerfile.j2 => old.Dockerfile.j2} | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) rename molecule/default/{Dockerfile.j2 => old.Dockerfile.j2} (87%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c2740fa8..be6069f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Lint code. run: | - yamllint -f parsable -c .yamllint . + yamllint -f github -c .yamllint . molecule: name: Molecule diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 716a718c..22aaff7a 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -10,6 +10,7 @@ platforms: command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro + - 'isntance_etc:/etc:rw' privileged: true pre_build_image: true provisioner: diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/old.Dockerfile.j2 similarity index 87% rename from molecule/default/Dockerfile.j2 rename to molecule/default/old.Dockerfile.j2 index 3ccb9caf..be65ecb3 100644 --- a/molecule/default/Dockerfile.j2 +++ b/molecule/default/old.Dockerfile.j2 @@ -9,6 +9,6 @@ FROM {{ item.image }} RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean ; \ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all ; \ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all ; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a ; \ + elif [ $(command -v zypper) ]; ten zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a ; \ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates openssh-server ; \ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O ; fi \ No newline at end of file From 2ffcfb22fe172f0aec6205905c9f565b8eb64e58 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:12:28 -0600 Subject: [PATCH 063/118] lint --- .yamllint | 1 - README.md | 2 -- 2 files changed, 3 deletions(-) diff --git a/.yamllint b/.yamllint index 4b8312ab..f4dc4c5e 100644 --- a/.yamllint +++ b/.yamllint @@ -5,7 +5,6 @@ ignore: | .github/ venv/ - rules: braces: max-spaces-inside: 1 diff --git a/README.md b/README.md index d933765f..69665527 100644 --- a/README.md +++ b/README.md @@ -16,12 +16,10 @@ Deploy common configurations and packages to servers. - ## Requirements N/A - ## Role Variables #### defaults/main.yml From 5a1c516a14e01e4d5f8793f8ab0f8f2b3dadf138 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:13:17 -0600 Subject: [PATCH 064/118] change command --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be6069f3..fb956781 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: - name: Lint code. run: | - yamllint -f github -c .yamllint . + yamllint -f parsable . molecule: name: Molecule From 4ec8beecfd44490339294ffdb1d4e4ca502d7d30 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:21:45 -0600 Subject: [PATCH 065/118] Check if container --- molecule/default/converge.yml | 1 + tasks/hostfile.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 4ad1e83f..aa0ba842 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,6 +4,7 @@ vars: configure_ssh: false storage_backend: NONE + host_is_container: true pre_tasks: - name: Update apt cache. diff --git a/tasks/hostfile.yml b/tasks/hostfile.yml index 72632a13..ead60b5a 100644 --- a/tasks/hostfile.yml +++ b/tasks/hostfile.yml @@ -34,5 +34,5 @@ mode: 0755 owner: root group: root - become: true - become_method: sudo + when: + - host_is_container | default(False) is false From 2768ced48e7d2b8ee69b86358a9043832ad8a1d4 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:26:57 -0600 Subject: [PATCH 066/118] Ignore errors --- tasks/autoupdate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/autoupdate.yml b/tasks/autoupdate.yml index cb7f4a11..3fa35c1a 100644 --- a/tasks/autoupdate.yml +++ b/tasks/autoupdate.yml @@ -6,5 +6,6 @@ state: stopped enabled: false loop: "{{ autoupdate_services }}" + ignore_errors: true when: - autoupdate_services is defined From c322ffb782fdfa99ed032ea55cb75d098f21d304 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:29:58 -0600 Subject: [PATCH 067/118] Collection requirements --- molecule/default/molecule.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 22aaff7a..b8fe8ea9 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,6 +2,10 @@ dependency: name: galaxy + options: + ignore-certs: True + ignore-errors: True + role-file: molecule/default/requirements.yml driver: name: docker platforms: From 9fe101fb807c3e4bec8ac5a52fddf50fd120f0f2 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:31:04 -0600 Subject: [PATCH 068/118] requirements --- molecule/default/requirements.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 molecule/default/requirements.yml diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 00000000..aca7cd60 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,7 @@ +--- + +roles: [] + +collections: + - name: ansible.posix + version: 1.3.0 From 0fdeafec670a2c4a19aa42396e81634d2b7c6655 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:34:12 -0600 Subject: [PATCH 069/118] Verify --- molecule/default/verify.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 28f18e3e..ebc5d676 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -32,3 +32,10 @@ loop_control: loop_var: service label: "{{ service }}" + + - name: Verify cloud-init is removed + ansible.builtin.assert: + that: + - "{{ '/etc/cloud' is not exists }}" + success_msg: 'Cloud init is removed' + fail_msg: 'Cloud init is not removed.' From c0ed87c749c0e019a0eac229f91ee257e48e2f01 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:37:26 -0600 Subject: [PATCH 070/118] Workflow --- .github/workflows/ci.yml | 9 ++------- molecule/default/molecule.yml | 2 +- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb956781..506152d7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,14 +39,9 @@ jobs: strategy: matrix: distro: -# - rockylinux8 -# - centos7 + - centos7 - ubuntu2004 -# - ubuntu1804 -# - debian11 -# - debian10 -# - debian9 -# - fedora34 + - ubuntu1804 steps: - name: Check out the codebase. uses: actions/checkout@v2 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b8fe8ea9..9b3cdf9f 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -9,7 +9,7 @@ dependency: driver: name: docker platforms: - - name: instance + - name: "${MOLECULE_DISTRO:-centos7}" image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: From 947cf47d91ad0d49f02c8f08fa6ede4ab5b60cd3 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:41:01 -0600 Subject: [PATCH 071/118] fix not --- molecule/default/verify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ebc5d676..c421845f 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -36,6 +36,6 @@ - name: Verify cloud-init is removed ansible.builtin.assert: that: - - "{{ '/etc/cloud' is not exists }}" + - "{{ not ('/etc/cloud' is exists) }}" success_msg: 'Cloud init is removed' fail_msg: 'Cloud init is not removed.' From 87e4289ee06550a89413d9bfff0328cf804e1a08 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:46:48 -0600 Subject: [PATCH 072/118] fix --- molecule/default/converge.yml | 1 + molecule/default/verify.yml | 7 ------- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index aa0ba842..f4bae286 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -5,6 +5,7 @@ configure_ssh: false storage_backend: NONE host_is_container: true + enable_mdns_reflection: true pre_tasks: - name: Update apt cache. diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index c421845f..28f18e3e 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -32,10 +32,3 @@ loop_control: loop_var: service label: "{{ service }}" - - - name: Verify cloud-init is removed - ansible.builtin.assert: - that: - - "{{ not ('/etc/cloud' is exists) }}" - success_msg: 'Cloud init is removed' - fail_msg: 'Cloud init is not removed.' From 2c0c754b317ea4a3fc658d00a61783fa15f5642b Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 09:48:15 -0600 Subject: [PATCH 073/118] centos8 --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 506152d7..84b65e9a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,6 +40,7 @@ jobs: matrix: distro: - centos7 + - centos8 - ubuntu2004 - ubuntu1804 steps: From 85d211feb56871adb655aba3684610c51061ac8a Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:06:48 -0600 Subject: [PATCH 074/118] Verify cockpit --- molecule/default/converge.yml | 2 +- molecule/default/verify.yml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f4bae286..79617c11 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -6,7 +6,7 @@ storage_backend: NONE host_is_container: true enable_mdns_reflection: true - + common_enable_cockpit: true pre_tasks: - name: Update apt cache. ansible.builtin.apt: update_cache=yes cache_valid_time=600 diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 28f18e3e..d8fbd5c4 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -32,3 +32,7 @@ loop_control: loop_var: service label: "{{ service }}" + + - name: Curl cockpit web ui + ansible.builtin.uri: + url: "http://localhost:9090 From 98124e6a68d91b4856204fbd8dbeebb1499808fe Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:08:13 -0600 Subject: [PATCH 075/118] Linting --- molecule/default/molecule.yml | 4 ++-- molecule/default/verify.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 9b3cdf9f..6f60ea5c 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,8 +3,8 @@ dependency: name: galaxy options: - ignore-certs: True - ignore-errors: True + ignore-certs: true + ignore-errors: true role-file: molecule/default/requirements.yml driver: name: docker diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index d8fbd5c4..a6659d7a 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -35,4 +35,4 @@ - name: Curl cockpit web ui ansible.builtin.uri: - url: "http://localhost:9090 + url: "http://localhost:9090" From 20f337618a3192008c8a5954cd4619100a70c69a Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:14:05 -0600 Subject: [PATCH 076/118] Install apt package required for disable selinux task --- vars/CentOS8.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 0db09614..69e3ce08 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -18,6 +18,7 @@ grub_update_cmd: /usr/sbin/grub2-mkconfig ssh_service: sshd common_cockpit_pkgs: + - libselinux-python - cockpit - cockpit-composer - cockpit-doc From 7b6476b6b296c6e25e2ac51d205d7c9b2f8e0f31 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:23:44 -0600 Subject: [PATCH 077/118] Install apt package required for disable selinux task --- vars/CentOS8.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 69e3ce08..b0bdf1a9 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,6 +1,7 @@ --- common_pkgs: + - libselinux-python - ipmitool - freeipmi - zsh @@ -18,7 +19,6 @@ grub_update_cmd: /usr/sbin/grub2-mkconfig ssh_service: sshd common_cockpit_pkgs: - - libselinux-python - cockpit - cockpit-composer - cockpit-doc From de5954179d121cbd5b82098d83bf92b4235b26ca Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:31:13 -0600 Subject: [PATCH 078/118] use link --- tasks/packages.yml | 2 +- vars/CentOS8.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 65959771..8491d2e8 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,7 +1,7 @@ --- - name: Install common packages - ansible.builtin.package: + ansible.builtin.apt: name: '{{ common_pkgs }}' state: present when: diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index b0bdf1a9..ac45de59 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,7 +1,7 @@ --- common_pkgs: - - libselinux-python + - https://centos.pkgs.org/8-stream/centos-baseos-aarch64/python3-libselinux-2.9-5.el8.aarch64.rpm.html - ipmitool - freeipmi - zsh From 80dc1788fd3ea30d7e289b989cb917ed2301dfb5 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:35:31 -0600 Subject: [PATCH 079/118] use package --- tasks/packages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/packages.yml b/tasks/packages.yml index 8491d2e8..65959771 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,7 +1,7 @@ --- - name: Install common packages - ansible.builtin.apt: + ansible.builtin.package: name: '{{ common_pkgs }}' state: present when: From b8968995e4496e47683d4f0155723537da70b53f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:42:30 -0600 Subject: [PATCH 080/118] use package --- vars/CentOS8.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index ac45de59..5ad035a7 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,7 +1,7 @@ --- common_pkgs: - - https://centos.pkgs.org/8-stream/centos-baseos-aarch64/python3-libselinux-2.9-5.el8.aarch64.rpm.html + - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi - zsh From 9bed368b5ed2967a2bf8e2db9bc0a008d77a2e86 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 10:48:52 -0600 Subject: [PATCH 081/118] policy utils --- vars/CentOS8.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 5ad035a7..49eb75d0 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,6 +1,8 @@ --- common_pkgs: + - policycoreutils + - policycoreutils-python - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi From d4a5dbed74f411cd2fbb7809f0566b2aa07b9d7f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:01:39 -0600 Subject: [PATCH 082/118] use direct links --- vars/CentOS8.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 49eb75d0..7a2142e5 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,8 +1,8 @@ --- common_pkgs: - - policycoreutils - - policycoreutils-python + - https://centos.pkgs.org/8-stream/centos-baseos-x86_64/policycoreutils-2.9-19.el8.x86_64.rpm.html + - https://amazonlinux.pkgs.org/2/amazonlinux-core-x86_64/policycoreutils-python-2.5-22.amzn2.x86_64.rpm.html - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi From cee91caf43cd80f8c630112124d22e0976c9131c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:09:00 -0600 Subject: [PATCH 083/118] Install package --- vars/CentOS8.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 7a2142e5..8c894deb 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,8 +1,7 @@ --- common_pkgs: - - https://centos.pkgs.org/8-stream/centos-baseos-x86_64/policycoreutils-2.9-19.el8.x86_64.rpm.html - - https://amazonlinux.pkgs.org/2/amazonlinux-core-x86_64/policycoreutils-python-2.5-22.amzn2.x86_64.rpm.html + - https://centos.pkgs.org/8/centos-baseos-aarch64/policycoreutils-python-utils-2.9-16.el8.noarch.rpm.html - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi From fb1379ba95e621bda47efc95d412a770b75fee46 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:17:20 -0600 Subject: [PATCH 084/118] Install package --- molecule/default/molecule.yml | 1 - vars/CentOS8.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 6f60ea5c..900825ef 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -14,7 +14,6 @@ platforms: command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro - - 'isntance_etc:/etc:rw' privileged: true pre_build_image: true provisioner: diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 8c894deb..0f22072d 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,7 +1,7 @@ --- common_pkgs: - - https://centos.pkgs.org/8/centos-baseos-aarch64/policycoreutils-python-utils-2.9-16.el8.noarch.rpm.html + - https://vault.centos.org/centos/8/BaseOS/aarch64/os/Packages/python3-policycoreutils-2.9-16.el8.noarch.rpm - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi From fe25521aecb06bb96f63231563fb0e80d5cbe0b1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:32:34 -0600 Subject: [PATCH 085/118] Another package --- vars/CentOS8.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 0f22072d..6ee5a1f8 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,7 +1,10 @@ --- +common_repos: + common_pkgs: - https://vault.centos.org/centos/8/BaseOS/aarch64/os/Packages/python3-policycoreutils-2.9-16.el8.noarch.rpm + - https://vault.centos.org/centos/8/BaseOS/aarch64/os/Packages/selinux-policy-3.14.3-80.el8_5.2.noarch.rpm - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi From 33362f1cc8f35389c46e550fbc532093182dec27 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:37:38 -0600 Subject: [PATCH 086/118] install python module --- vars/CentOS8.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 6ee5a1f8..275abcca 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -15,7 +15,8 @@ common_pkgs: - sudo - tzdata -common_python_pkgs: [] +common_python_pkgs: + - firewalld==0.2.11 grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig From 97d84d2468d1a83a315e0cfd01219267a0d49191 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:44:58 -0600 Subject: [PATCH 087/118] 3.8 --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 84b65e9a..f5df2429 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: - name: Set up Python 3. uses: actions/setup-python@v2 with: - python-version: '3.x' + python-version: '3.8' - name: Install test dependencies. run: pip3 install yamllint @@ -52,7 +52,7 @@ jobs: - name: Set up Python 3. uses: actions/setup-python@v2 with: - python-version: '3.x' + python-version: '3.8' - name: Install test dependencies. run: pip3 install ansible molecule[docker] docker From 775422c68a0f5489ced5820ca2141e26eb5925f9 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:55:17 -0600 Subject: [PATCH 088/118] module --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f5df2429..e0cae7da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -58,7 +58,7 @@ jobs: run: pip3 install ansible molecule[docker] docker - name: Run Molecule tests. - run: molecule test + run: python3 -m molecule test env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' From b56c2f99494d9141788c089a6d14519aaa2f1671 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 11:57:18 -0600 Subject: [PATCH 089/118] python3 this bitch --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0cae7da..563cc545 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,7 +55,7 @@ jobs: python-version: '3.8' - name: Install test dependencies. - run: pip3 install ansible molecule[docker] docker + run: python3 -m pip3 install ansible "molecule[docker]" docker - name: Run Molecule tests. run: python3 -m molecule test From 2db2701c5095a0bac76daa46460f2d33d7e1c725 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:06:03 -0600 Subject: [PATCH 090/118] pip packages --- .github/workflows/ci.yml | 2 +- vars/CentOS8.yml | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 563cc545..036796b3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,7 +55,7 @@ jobs: python-version: '3.8' - name: Install test dependencies. - run: python3 -m pip3 install ansible "molecule[docker]" docker + run: pip install ansible "molecule[docker]" docker - name: Run Molecule tests. run: python3 -m molecule test diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 275abcca..27fb2b31 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -14,7 +14,14 @@ common_pkgs: - python3-pip - sudo - tzdata - + - ebtables + - ipset + - iptables + - polkit + - python3-capng + - python3-dbus + - python3-gobject + - python3-nftables common_python_pkgs: - firewalld==0.2.11 From 06981f3d6f07aa5db1338a7f3afb6acb253bf531 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:10:17 -0600 Subject: [PATCH 091/118] Ensure python interpreter --- .github/workflows/ci.yml | 4 ++-- vars/CentOS8.yml | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 036796b3..c518a64b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,10 +55,10 @@ jobs: python-version: '3.8' - name: Install test dependencies. - run: pip install ansible "molecule[docker]" docker + run: python -m pip install ansible "molecule[docker]" docker - name: Run Molecule tests. - run: python3 -m molecule test + run: python -m molecule test env: PY_COLORS: '1' ANSIBLE_FORCE_COLOR: '1' diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 27fb2b31..63892749 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -18,7 +18,6 @@ common_pkgs: - ipset - iptables - polkit - - python3-capng - python3-dbus - python3-gobject - python3-nftables From 45251dda7464dd0ed64db1727408e0594ff4494c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:17:52 -0600 Subject: [PATCH 092/118] set python interp --- .github/workflows/ci.yml | 6 +++--- molecule/default/molecule.yml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c518a64b..b5bdd929 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,10 +39,10 @@ jobs: strategy: matrix: distro: - - centos7 +# - centos7 - centos8 - - ubuntu2004 - - ubuntu1804 +# - ubuntu2004 +# - ubuntu1804 steps: - name: Check out the codebase. uses: actions/checkout@v2 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 900825ef..f629de0e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -28,4 +28,6 @@ verifier: vvv: true inventory: all: + vars: + ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64 ceph: [] From cd27be567d783d6494aef724d8f097c714d05a47 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:19:24 -0600 Subject: [PATCH 093/118] Interp --- molecule/default/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f629de0e..b3c89e4e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -29,5 +29,5 @@ verifier: inventory: all: vars: - ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64 + ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64/bin/python ceph: [] From b52d3f3a7d0405b2c04cdeff91c65edf9e1f901f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:46:32 -0600 Subject: [PATCH 094/118] Install firewalld --- molecule/default/molecule.yml | 2 +- vars/CentOS8.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index b3c89e4e..569418cc 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -29,5 +29,5 @@ verifier: inventory: all: vars: - ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64/bin/python + ansible_python_interpreter: /usr/bin/python3 ceph: [] diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 63892749..e75dd1bd 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -11,6 +11,7 @@ common_pkgs: - zsh - screen - vim-enhanced + - firewalld - python3-pip - sudo - tzdata @@ -21,8 +22,6 @@ common_pkgs: - python3-dbus - python3-gobject - python3-nftables -common_python_pkgs: - - firewalld==0.2.11 grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig From 59e3672acdf7f93f5275839d39554249650f1fa9 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:55:05 -0600 Subject: [PATCH 095/118] Disable selinux --- molecule/default/converge.yml | 4 ++++ vars/CentOS8.yml | 16 +++------------- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 79617c11..12277066 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -24,6 +24,10 @@ changed_when: false failed_when: systemctl_status.rc > 1 + - name: Disable SELinux + ansible.posix.selinux: + state: "{{ common_selinux_state }}" + tasks: - name: Run common role ansible.builtin.include_role: diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index e75dd1bd..55d177da 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -1,27 +1,17 @@ --- -common_repos: - common_pkgs: - - https://vault.centos.org/centos/8/BaseOS/aarch64/os/Packages/python3-policycoreutils-2.9-16.el8.noarch.rpm - - https://vault.centos.org/centos/8/BaseOS/aarch64/os/Packages/selinux-policy-3.14.3-80.el8_5.2.noarch.rpm - - "{{ ( (ansible_facts.distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}" - ipmitool - freeipmi - zsh + - firewalld - screen - vim-enhanced - - firewalld - python3-pip - sudo - tzdata - - ebtables - - ipset - - iptables - - polkit - - python3-dbus - - python3-gobject - - python3-nftables + +common_python_pkgs: [] grub_config: /boot/grub2/grub.cfg grub_update_cmd: /usr/sbin/grub2-mkconfig From 34bd127fff24b900d81531f48deba0c1cce366fc Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 12:59:12 -0600 Subject: [PATCH 096/118] Disable selinux --- molecule/default/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 12277066..d23e0a33 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -26,7 +26,7 @@ - name: Disable SELinux ansible.posix.selinux: - state: "{{ common_selinux_state }}" + state: disabled tasks: - name: Run common role From 41f5897112617256393c105b386582ea02ed8342 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 13:06:05 -0600 Subject: [PATCH 097/118] ensure firewall is running --- molecule/default/converge.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d23e0a33..f4f85b5b 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -28,6 +28,20 @@ ansible.posix.selinux: state: disabled + - name: Install firewalld + ansible.builtin.package: + name: firewalld + state: present + when: + - ansible_os_family == 'RedHat' + + - name: Start the firewall daemon + ansible.builtin.service: + name: firewalld.service + state: started + when: + - ansible_os_family == 'RedHat' + tasks: - name: Run common role ansible.builtin.include_role: From 4979e4bf2f9370809dc7641c31421a695c4672c6 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 13:11:20 -0600 Subject: [PATCH 098/118] Specify python3.8 and add conditions to firewalld tasks --- molecule/default/converge.yml | 3 +++ molecule/default/molecule.yml | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f4f85b5b..2b790eae 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -7,6 +7,7 @@ host_is_container: true enable_mdns_reflection: true common_enable_cockpit: true + ansible_python_interpreter: /usr/bin/python3.8 pre_tasks: - name: Update apt cache. ansible.builtin.apt: update_cache=yes cache_valid_time=600 @@ -27,6 +28,8 @@ - name: Disable SELinux ansible.posix.selinux: state: disabled + when: + - ansible_os_family == 'RedHat' - name: Install firewalld ansible.builtin.package: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 569418cc..900825ef 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -28,6 +28,4 @@ verifier: vvv: true inventory: all: - vars: - ansible_python_interpreter: /usr/bin/python3 ceph: [] From e081ae5b9e749037225bdc2b11a5bbcd9b165839 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 13:12:32 -0600 Subject: [PATCH 099/118] python3 package --- vars/CentOS8.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 55d177da..86342f8a 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -4,6 +4,7 @@ common_pkgs: - ipmitool - freeipmi - zsh + - libselinux-ptyhon3 - firewalld - screen - vim-enhanced From 262636b7ad94f9d0bc00f55c71b238d7e4cedd60 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 13:19:31 -0600 Subject: [PATCH 100/118] use py3.8 --- .github/workflows/ci.yml | 2 +- molecule/default/converge.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b5bdd929..a5fcc1cc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,7 +55,7 @@ jobs: python-version: '3.8' - name: Install test dependencies. - run: python -m pip install ansible "molecule[docker]" docker + run: python -m pip install ansible==5. "molecule[docker]" docker - name: Run Molecule tests. run: python -m molecule test diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 2b790eae..eac09045 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -7,7 +7,7 @@ host_is_container: true enable_mdns_reflection: true common_enable_cockpit: true - ansible_python_interpreter: /usr/bin/python3.8 + ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64/bin/python pre_tasks: - name: Update apt cache. ansible.builtin.apt: update_cache=yes cache_valid_time=600 From fea6127abb23aea79f2b0a62f3adf52c6e377f1e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 13:22:02 -0600 Subject: [PATCH 101/118] pin ansible --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a5fcc1cc..2cb04320 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -55,7 +55,7 @@ jobs: python-version: '3.8' - name: Install test dependencies. - run: python -m pip install ansible==5. "molecule[docker]" docker + run: python -m pip install ansible==5.1.0 "molecule[docker]" docker - name: Run Molecule tests. run: python -m molecule test From ed17a1df4bbf48fee8db85f80ee09cf9c341c6b1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 23:43:04 -0600 Subject: [PATCH 102/118] Fix role --- meta/main.yml | 2 +- molecule/default/converge.yml | 22 +--------------------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 463c39fb..deece28a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: Alan Janis description: Deploy Common server configurations and packages - role_name: common + role_name: role namespace: constructorfleet issue_tracker_url: https://github.com/constructorfleet/ansible-common/issue/tracker diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index eac09045..03a4be89 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -25,27 +25,7 @@ changed_when: false failed_when: systemctl_status.rc > 1 - - name: Disable SELinux - ansible.posix.selinux: - state: disabled - when: - - ansible_os_family == 'RedHat' - - - name: Install firewalld - ansible.builtin.package: - name: firewalld - state: present - when: - - ansible_os_family == 'RedHat' - - - name: Start the firewall daemon - ansible.builtin.service: - name: firewalld.service - state: started - when: - - ansible_os_family == 'RedHat' - tasks: - name: Run common role ansible.builtin.include_role: - name: constructorfleet.common + name: constructorfleet.role From 77566cdc33114b8cdfc6abc5666ef88e7ed4a49c Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Fri, 6 May 2022 23:54:46 -0600 Subject: [PATCH 103/118] Fix role --- meta/main.yml | 2 +- molecule/default/converge.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index deece28a..463c39fb 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: Alan Janis description: Deploy Common server configurations and packages - role_name: role + role_name: common namespace: constructorfleet issue_tracker_url: https://github.com/constructorfleet/ansible-common/issue/tracker diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 03a4be89..29d082b4 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -28,4 +28,4 @@ tasks: - name: Run common role ansible.builtin.include_role: - name: constructorfleet.role + name: constructorfleet.common From 3fcc84dff48dd0879687d74fef5a6159ba40ed96 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:06:42 -0600 Subject: [PATCH 104/118] Do not specify python client --- molecule/default/converge.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 29d082b4..79617c11 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -7,7 +7,6 @@ host_is_container: true enable_mdns_reflection: true common_enable_cockpit: true - ansible_python_interpreter: /opt/hostedtoolcache/Python/3.8.12/x64/bin/python pre_tasks: - name: Update apt cache. ansible.builtin.apt: update_cache=yes cache_valid_time=600 From e7f2d7deb5f555b3e7379603448c96c307275197 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:20:41 -0600 Subject: [PATCH 105/118] Remove libselinux --- vars/CentOS8.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 86342f8a..55d177da 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -4,7 +4,6 @@ common_pkgs: - ipmitool - freeipmi - zsh - - libselinux-ptyhon3 - firewalld - screen - vim-enhanced From ef3e0b1eb6edb92375d4d52197e703e99e5fbb3d Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:27:24 -0600 Subject: [PATCH 106/118] disable selinux --- tasks/cockpit.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 42a50ad8..3b0f747b 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -5,6 +5,9 @@ - name: Disable SELinux ansible.posix.selinux: state: "{{ common_selinux_state }}" + when: + - "'/etc/selinux/config' is exists" + - name: Configure Firewalld allowed ports ansible.posix.firewalld: service: "{{ item }}" From 0f74656ec07f435cb569292d81b33a5ba9ac314a Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:33:59 -0600 Subject: [PATCH 107/118] Firewalld --- tasks/cockpit.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 3b0f747b..f7f3939d 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -8,6 +8,16 @@ when: - "'/etc/selinux/config' is exists" + - name: 'Restarting firewalld' + systemd: + name: firewalld + state: restarted + enabled: true + daemon_reload: true + when: + - not kickstarting | bool + listen: "restart firewalld" + - name: Configure Firewalld allowed ports ansible.posix.firewalld: service: "{{ item }}" From d6ae010f6cd5dd41189b3998b2810ce7f8fd73bd Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:37:56 -0600 Subject: [PATCH 108/118] fix task --- tasks/cockpit.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index f7f3939d..d4163362 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -14,9 +14,6 @@ state: restarted enabled: true daemon_reload: true - when: - - not kickstarting | bool - listen: "restart firewalld" - name: Configure Firewalld allowed ports ansible.posix.firewalld: From 73ba17164ea6db0852a40d2eadaba299f9b98e05 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:46:19 -0600 Subject: [PATCH 109/118] remove package --- vars/CentOS8.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/CentOS8.yml b/vars/CentOS8.yml index 55d177da..3fcb2e52 100644 --- a/vars/CentOS8.yml +++ b/vars/CentOS8.yml @@ -24,7 +24,6 @@ common_cockpit_pkgs: - cockpit-doc - cockpit-session-recording - cockpit-bridge - - cockpit-dashboard - cockpit-packagekit - cockpit-podman - cockpit-machines From e73feb58b7915b53e8d753cb5b3d812b38abf97f Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:46:40 -0600 Subject: [PATCH 110/118] Centos7 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2cb04320..a1b4ba12 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: strategy: matrix: distro: -# - centos7 + - centos7 - centos8 # - ubuntu2004 # - ubuntu1804 From ac9b9ce963b6f05a65f1851d81b1d3bf2f214fa8 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 15:59:20 -0600 Subject: [PATCH 111/118] install firewalld --- vars/CentOS7.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index 7d241125..3b67af2b 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -5,6 +5,7 @@ common_pkgs: - freeipmi - zsh - screen + - firewalld - vim-enhanced - python3-pip - sudo From 6d8e11c003b4aad5173231ec9354ecc063898f36 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:07:56 -0600 Subject: [PATCH 112/118] Fix pretasks --- molecule/default/converge.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 79617c11..7dbbef41 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -9,9 +9,17 @@ common_enable_cockpit: true pre_tasks: - name: Update apt cache. - ansible.builtin.apt: update_cache=yes cache_valid_time=600 + ansible.builtin.apt: + update_cache: true + cache_valid_time: 600 when: ansible_os_family == 'Debian' + - name: Ensure Firewalld is installed. + ansible.builtin.package: + name: firewalld + state: present + when: ansible_os_family == 'RedHat' + - name: Wait for systemd to complete initialization. # noqa 303 ansible.builtin.command: systemctl is-system-running register: systemctl_status From eb1b7e152f696b6b595e5c2e74124b5ed872bb3e Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:10:58 -0600 Subject: [PATCH 113/118] remove firewalld restart --- tasks/cockpit.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index d4163362..3b0f747b 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -8,13 +8,6 @@ when: - "'/etc/selinux/config' is exists" - - name: 'Restarting firewalld' - systemd: - name: firewalld - state: restarted - enabled: true - daemon_reload: true - - name: Configure Firewalld allowed ports ansible.posix.firewalld: service: "{{ item }}" From 36f3621c8513811ba118fd55ec30b4a500384ccf Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:18:50 -0600 Subject: [PATCH 114/118] Ensure firewalld is running --- molecule/default/converge.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 7dbbef41..3ef9452e 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -32,6 +32,14 @@ changed_when: false failed_when: systemctl_status.rc > 1 + - name: 'Restarting firewalld' + ansible.builtin.systemd: + name: firewalld + state: restarted + enabled: true + daemon_reload: true + when: ansible_os_family == 'RedHat' + tasks: - name: Run common role ansible.builtin.include_role: From 25885d1343e10c7d05df2f30d8d6c42ef42daf21 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:21:22 -0600 Subject: [PATCH 115/118] lint --- molecule/default/converge.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 3ef9452e..e82350ca 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -34,10 +34,10 @@ - name: 'Restarting firewalld' ansible.builtin.systemd: - name: firewalld - state: restarted - enabled: true - daemon_reload: true + name: firewalld + state: restarted + enabled: true + daemon_reload: true when: ansible_os_family == 'RedHat' tasks: From 87407403d7b7b0ef7202c4f38521c707a84fd0f0 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:22:56 -0600 Subject: [PATCH 116/118] started --- molecule/default/converge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e82350ca..582684d9 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -35,7 +35,7 @@ - name: 'Restarting firewalld' ansible.builtin.systemd: name: firewalld - state: restarted + state: started enabled: true daemon_reload: true when: ansible_os_family == 'RedHat' From 67f8679f15118212e0b6443314dadf6a669233c1 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:34:16 -0600 Subject: [PATCH 117/118] Ensure cockpit service is known by firewalld --- tasks/cockpit.yml | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/tasks/cockpit.yml b/tasks/cockpit.yml index 3b0f747b..8e59ae4e 100644 --- a/tasks/cockpit.yml +++ b/tasks/cockpit.yml @@ -1,27 +1,26 @@ --- -- name: "Configure Selinux and firewall rules for Cockpit [RedHat/CentOS]" - block: - - name: Disable SELinux - ansible.posix.selinux: - state: "{{ common_selinux_state }}" - when: - - "'/etc/selinux/config' is exists" - - - name: Configure Firewalld allowed ports - ansible.posix.firewalld: - service: "{{ item }}" - permanent: true - immediate: true - state: enabled - loop: "{{ common_cockpit_allowed_ports }}" - when: ansible_os_family == "RedHat" +- name: Disable SELinux + ansible.posix.selinux: + state: "{{ common_selinux_state }}" + when: + - "'/etc/selinux/config' is exists" + - ansible_os_family == "RedHat" - name: Install cockpit packages ansible.builtin.package: name: "{{ common_cockpit_pkgs }}" state: present +- name: Configure Firewalld allowed ports + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + immediate: true + state: enabled + loop: "{{ common_cockpit_allowed_ports }}" + when: ansible_os_family == "RedHat" + - name: Enable and start cockpit service ansible.builtin.service: name: "{{ common_cockpit_service }}" From dbfcd0808bbfac62e5230395b74fb799a54e0bd9 Mon Sep 17 00:00:00 2001 From: Teagan glenn Date: Sat, 7 May 2022 16:41:08 -0600 Subject: [PATCH 118/118] remove package --- vars/CentOS7.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/CentOS7.yml b/vars/CentOS7.yml index 3b67af2b..3b29129c 100644 --- a/vars/CentOS7.yml +++ b/vars/CentOS7.yml @@ -22,7 +22,6 @@ common_cockpit_pkgs: - cockpit - cockpit-composer - cockpit-doc - - cockpit-session-recording - cockpit-bridge - cockpit-dashboard - cockpit-packagekit