init

8 months ago · 58809f7fc7
commit 58809f7fc7
11 changed files with 161 additions and 0 deletions
--- a/.ansible-lint.yml
+++ b/.ansible-lint.yml
@ -0,0 +1,5 @@
+---
+skip_list:
+  - fqcn-builtins
+  - no-handler
+  - risky-shell-pipe
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,16 @@
+----
+kind: pipeline
+name: default
+steps:
+  - name: integration test
+    image: python:3.9-buster
+    environment:
+      REMOTE_USER: molecule
+      HCLOUD_TOKEN:
+        from_secret: HCLOUD_TOKEN
+    commands:
+      - apt update && apt install -y pwgen
+      - mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.apt-upgrades
+      - export INSTANCE_UUID=$(pwgen 8 1)
+      - pip install -r requirements.txt
+      - molecule test
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,18 @@
+# Your username that you use for accounts on our machines.
+export REMOTE_USER=
+export ANSIBLE_USER=$REMOTE_USER
+
+# The path to our pass credentials store
+export PASSWORD_STORE_DIR=
+
+# The Hetzner Cloud API token for managing our instances
+# Uncomment the prod/test line below depending on what you're doing
+# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key)
+# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key)
+export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key)
+
+# For molecule role testing
+export INSTANCE_UUID=$RANDOM
+
+# So molecule will show credentials in the logs
+export MOLECULE_NO_LOG=False
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -0,0 +1,16 @@
+---
+extends: default
+
+yaml-files:
+  - "*.yaml"
+  - "*.yml"
+
+ignore: |
+  .venv
+  .drone.yml
+
+rules:
+  line-length: disable
+  braces:
+    max-spaces-inside: 1
+    level: error
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+autonomic.apt-upgrades: Upgrade system packages
+Copyright (C) 2022  Autonomic Co-operative <helo@autonomic.zone>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
--- a/README.md
+++ b/README.md
@ -0,0 +1 @@
+# autonomic.apt-upgrades
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,14 @@
+---
+dependencies: []
+galaxy_info:
+  role_name: apt_upgrades
+  namespace: autonomic
+  author: autonomic
+  description: Upgrade apt packages using Ansible and reboot if needed
+  company: Autonomic
+  license: GPLv3
+  min_ansible_version: 2.9
+  platforms:
+    - name: Debian
+      versions:
+        - buster
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: Include autonomic.apt-upgrades
+      include_role:
+        name: autonomic.apt-upgrades
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -0,0 +1,19 @@
+---
+dependency:
+  name: galaxy
+
+driver:
+  name: hetznercloud
+
+platforms:
+  - name: "autonomic.apt-upgrades-${INSTANCE_UUID}"
+    server_type: "cx11"
+    image: "debian-10"
+
+provisioner:
+  name: ansible
+
+lint: |
+  set -e
+  yamllint -c .yamllint.yml .
+  ansible-lint --exclude .drone.yml -c .ansible-lint.yml .
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,4 @@
+ansible-lint==6.0.0
+ansible==5.4.0
+molecule-hetznercloud==1.3.0
+molecule==3.6.1
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,46 @@
+---
+- name: Update apt repo and cache
+  apt:
+    update_cache: true
+    force_apt_get: true
+    cache_valid_time: 3600
+
+- name: Upgrade all packages
+  apt:
+    upgrade: full
+    force_apt_get: true
+    autoremove: true
+  register: upgrade_cmd
+
+- name: List newly installed and upgraded packages
+  shell: grep -E "^$(date +%Y-%m-%d).+ (install|upgrade) " /var/log/dpkg.log |cut -d " " -f 3-5
+  register: new_or_upgraded_pkgs
+  when: upgrade_cmd.changed
+
+- name: Show installed/updated packages output
+  debug:
+    msg: "{{ new_or_upgraded_pkgs is defined and new_or_upgraded_pkgs.stdout_lines }}"
+  when: new_or_upgraded_pkgs.changed
+
+- name: Check if a reboot is needed
+  stat:
+    path: /var/run/reboot-required
+  register: reboot_required_file
+
+- name: Check if a docker upgrade happened
+  set_fact:
+    docker_upgrade: "{{ new_or_upgraded_pkgs is defined and 'stdout_lines' in new_or_upgraded_pkgs and 'docker' in new_or_upgraded_pkgs.stdout_lines }}"
+
+- name: Output warning when reboot is needed
+  debug:
+    msg: "--- WARNING: REBOOT REQUIRED ---"
+  when: reboot_required_file.stat.exists | bool or docker_upgrade | bool
+
+- name: Show prompt to take note of reboot
+  pause:
+    prompt: |
+      "{{ inventory_hostname }} requires a reboot, please take note and perform
+      this manually after this role finishes! Thank you for your system admin
+      labours!"
+  delegate_to: localhost
+  when: reboot_required_file.stat.exists | bool or docker_upgrade | bool