diff --git a/.ansible-lint b/.ansible-lint index c4a6494971c0f61a6a804b5ca4b9a6344e45bd72..0e89d59eddf08ff1b35b7bc55af3a0d01b49c100 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,5 @@ exclude_paths: - - roles/ + - .roles/ parseable: true quiet: false verbosity: 0 diff --git a/.gitignore b/.gitignore index 7659fa3597b9c674823dfafecde6a9e08bba1f27..967541fa6e756fe2b9b2fa67fa2e8a62fdef20ce 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ .idea/ .tox/ -virtualenv/ -venv/ -roles/* +.venv/ +.roles/ ansible/ansible.log diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a7e06c720c167692840d5412183767797f2eccfe..abfb3ec2e8ac2f6e7645f4e5fc8104bdcb5a5e12 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,7 +14,7 @@ variables: GIT_SUBMODULE_STRATEGY: none CI_DEBUG_TRACE: "false" PIP_CACHE_DIR: ".pip" - ANSIBLE_CMD: "venv/bin/ansible-playbook" + ANSIBLE_CMD: ".venv/bin/ansible-playbook" image: name: python:3.8-alpine @@ -26,7 +26,7 @@ cache: paths: - ${PIP_CACHE_DIR} - .tox - - venv + - .venv key: ${CI_PROJECT_ID} stages: @@ -35,8 +35,8 @@ stages: before_script: - apk add --update gcc libc-dev libffi-dev openssl-dev openssh-client git - - python3 -m venv venv - - source venv/bin/activate + - python3 -m venv .venv + - source .venv/bin/activate - pip install --ignore-installed -r requirements.txt - python --version - pip --version @@ -55,7 +55,7 @@ deploy: # Gitlab-CI issue: SSH key files must be "0600" permissions to work - chmod 600 ${ANSIBLE_SSH_PRIV_KEY_PATH} # Run pre-tasks.yml BEFORE playbook.yml to install required dependencies - - ANSIBLE_ROLES_PATH=roles/ ${ANSIBLE_CMD} + - ANSIBLE_ROLES_PATH=.roles/ ${ANSIBLE_CMD} --inventory ansible/hosts --user ${ANSIBLE_SSH_USERNAME} --private-key ${ANSIBLE_SSH_PRIV_KEY_PATH} diff --git a/.yamllint b/.yamllint index 8505b74dd7619bed4dd92e2316469954f3aa0f8e..ad98f0971cc044a7f0d10cbf6e60f995f335ed2d 100644 --- a/.yamllint +++ b/.yamllint @@ -2,10 +2,9 @@ ignore: | .idea/ .tox/ - virtualenv/ - venv/ + .venv/ + .roles/ __pycache__/ - roles/ extends: default diff --git a/README.md b/README.md index 5b1c95286c51807956d6e8b714b0f8a69451ff43..b91a2fa16f51c87a7272c83c4bc407ab80aad2a0 100644 --- a/README.md +++ b/README.md @@ -29,9 +29,9 @@ Init a new [virtualenv](https://virtualenv.pypa.io/en/stable/) and then use [pip requirements: ```bash -$ python3 -m venv venv -$ source venv/bin/activate -(venv) $ pip install -r requirements.txt +$ python3 -m venv .venv +$ source .venv/bin/activate +(.venv) $ pip install -r requirements.txt ``` @@ -47,7 +47,7 @@ To force the manual execution of the project, you can to execute the Ansible pla allowed to connect with SSH to the remote host): ```bash -(venv) $ ANSIBLE_ROLES_PATH=roles/ ansible-playbook -i ansible/hosts ansible/playbook.yml +(.venv) $ ANSIBLE_ROLES_PATH=.roles/ ansible-playbook -i ansible/hosts ansible/playbook.yml ``` @@ -56,7 +56,7 @@ Tests To run these tests, just use the [tox](https://tox.readthedocs.io/en/latest/) command: ```bash -(venv) $ tox +(.venv) $ tox ``` diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 6df744e167b1fb8811660801cc3821689c46e1f6..a68691ceaf5d90b61cd16d62fae953ae2db98507 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -3,8 +3,8 @@ gather_facts: false any_errors_fatal: true - vars: - ansible_python_interpreter: "python3" + vars_files: + - "{{ playbook_dir }}/../config/config.yml" tasks: - name: Installing project requirements @@ -13,14 +13,14 @@ pip: requirements: "{{ playbook_dir }}/../requirements.txt" state: present - virtualenv: "{{ playbook_dir }}/../venv" + virtualenv: "{{ playbook_dir }}/../.venv" - name: Installing / upgrading required roles delegate_to: localhost run_once: yes - command: "{{ playbook_dir }}/../venv/bin/ansible-galaxy install + command: "{{ playbook_dir }}/../.venv/bin/ansible-galaxy install --force - --roles-path {{ playbook_dir }}/../roles/ + --roles-path {{ playbook_dir }}/../.roles/ --role-file {{ playbook_dir }}/../requirements-roles.yml" changed_when: false @@ -28,42 +28,29 @@ delegate_to: localhost run_once: yes pip: - requirements: "{{ playbook_dir }}/../roles/{{ item }}/requirements.txt" + requirements: "{{ playbook_dir }}/../.roles/{{ item }}/requirements.txt" state: present - virtualenv: "{{ playbook_dir }}/../venv" - loop: - - bhean.iptables - - bhean.snmpd - - bhean.minecraft + virtualenv: "{{ playbook_dir }}/../.venv" + loop: "{{ roles_to_run }}" - hosts: minecraft_servers gather_facts: true any_errors_fatal: true - vars: - ansible_python_interpreter: "python3" - role_icinga_private_ip: "192.168.1.19/32" - role_icinga_public_ip: "151.80.54.66/32" - role_icinga_snmp_community: icinga2 - role_admin_email: admin@vandalsweb.com - vars_files: - - "{{ playbook_dir }}/../vars/iptables.yml" - - "{{ playbook_dir }}/../vars/snmpd.yml" - - "{{ playbook_dir }}/../vars/minecraft.yml" + - "{{ playbook_dir }}/../config/config.yml" tasks: - - name: Running Iptables role - include_role: - name: bhean.iptables - tags: [ 'iptables' ] - - - name: Running SNMPd role - include_role: - name: bhean.snmpd - tags: [ 'snmpd' ] - - - name: Running Minecraft role + - name: "Include config files" + include_vars: + file: "{{ playbook_dir }}/../config/role-{{ role_to_run }}.yml" + loop: "{{ roles_to_run }}" + loop_control: + loop_var: role_to_run + + - name: "Include roles" include_role: - name: bhean.minecraft - tags: [ 'minecraft' ] + name: "{{ role_to_run }}" + loop: "{{ roles_to_run }}" + loop_control: + loop_var: role_to_run diff --git a/config/config.yml b/config/config.yml new file mode 100644 index 0000000000000000000000000000000000000000..d1ee2b62205143b6e7f113f01ddb976e2eb79b64 --- /dev/null +++ b/config/config.yml @@ -0,0 +1,7 @@ +--- +ansible_python_interpreter: "python3" + +roles_to_run: + - iptables + - snmpd + - minecraft diff --git a/vars/iptables.yml b/config/role-iptables.yml similarity index 100% rename from vars/iptables.yml rename to config/role-iptables.yml diff --git a/vars/minecraft.yml b/config/role-minecraft.yml similarity index 100% rename from vars/minecraft.yml rename to config/role-minecraft.yml diff --git a/config/role-snmpd.yml b/config/role-snmpd.yml new file mode 100644 index 0000000000000000000000000000000000000000..9f7ed7bd6eca4bb7886823c456e8a671fd11eba8 --- /dev/null +++ b/config/role-snmpd.yml @@ -0,0 +1,14 @@ +--- +icinga_private_ip: "192.168.1.19/32" +icinga_public_ip: "151.80.54.66/32" +icinga_snmp_community: icinga2 + +snmpd_listen_ipv6_enabled: false +snmpd_information_contact: "Admin <admin@vandalsweb.com>" +snmpd_communities_readonly: + - name: "{{ icinga_snmp_community }}" + description: Icinga 2 monitoring system (from Icinga server public IP) + from_network: "{{ icinga_public_ip }}" + - name: "{{ icinga_snmp_community }}" + description: Icinga 2 monitoring system (from Icinga server private IP) + from_network: "{{ icinga_private_ip }}" diff --git a/requirements-roles.yml b/requirements-roles.yml index 863dc6d887b9ae07dc0f2d18ef833ced2f1ae432..cc68ec4537c4e7e7f778c5fbdbcdc3c7c481230e 100644 --- a/requirements-roles.yml +++ b/requirements-roles.yml @@ -3,16 +3,16 @@ - src: https://code.vandalsweb.com/ansible-roles/iptables.git scm: git version: origin/master - name: bhean.iptables + name: iptables # SNMPd - src: https://code.vandalsweb.com/ansible-roles/snmpd.git scm: git version: origin/master - name: bhean.snmpd + name: snmpd # Minecraft - src: https://code.vandalsweb.com/ansible-roles/minecraft.git scm: git version: origin/master - name: bhean.minecraft + name: minecraft diff --git a/requirements-tests.txt b/requirements-tests.txt index c2941c4be021a4d7709e3b3d20b23ceaff2cd421..99327f4801e14ad6d91749298014e080c7ab4277 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -1,3 +1,3 @@ -rrequirements.txt yamllint~=1.24 -ansible-lint~=4.2 +ansible-lint~=4.3 diff --git a/requirements.txt b/requirements.txt index 19a11ef75c19dbf498c7805bba2a84cf57e60a1b..74a7518ba3c90538bb6f509b45ee904d5282faa7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,2 @@ ansible~=2.9 -tox~=3.16 +tox~=3.20 diff --git a/tox.ini b/tox.ini index 37f43600d4942b244f868cbb98baabd412ee9e48..2b9f884b0eaa5858fcd5372225ea8e6ae021c08f 100644 --- a/tox.ini +++ b/tox.ini @@ -6,11 +6,11 @@ [tox] minversion = 3.7 envlist = py3 -skipsdist=True +skipsdist = True [testenv] deps = -rrequirements-tests.txt commands = - yamllint -c .yamllint . - ansible-lint -c .ansible-lint ansible/playbook.yml + yamllint --strict -c .yamllint . + ansible-lint -c .ansible-lint -v ansible/playbook.yml diff --git a/vars/snmpd.yml b/vars/snmpd.yml deleted file mode 100644 index 90539a947859b7f162c68870a99bed089a2c815e..0000000000000000000000000000000000000000 --- a/vars/snmpd.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -snmpd_listen_ipv6_enabled: false -snmpd_information_contact: "Admin <{{ role_admin_email }}>" -snmpd_communities_readonly: - - name: "{{ role_icinga_snmp_community }}" - description: Icinga 2 monitoring system (from Icinga server public IP) - from_network: "{{ role_icinga_public_ip }}" - - name: "{{ role_icinga_snmp_community }}" - description: Icinga 2 monitoring system (from Icinga server private IP) - from_network: "{{ role_icinga_private_ip }}"