init

pull/1/head 0.1.0
decentral1se 8 months ago
commit b5c3ce2ec4
No known key found for this signature in database
GPG Key ID: 03789458B3D0C410
  1. 4
      .ansible-lint.yml
  2. 16
      .drone.yml
  3. 18
      .envrc.sample
  4. 16
      .yamllint.yml
  5. 15
      LICENSE
  6. 3
      README.md
  7. 2
      defaults/main.yml
  8. 12
      handlers/main.yml
  9. 14
      meta/main.yml
  10. 35
      molecule/default/converge.yml
  11. 6
      molecule/default/files/members.yml
  12. 19
      molecule/default/molecule.yml
  13. 3
      molecule/default/requirements.yml
  14. 4
      requirements.txt
  15. 15
      tasks/group.yml
  16. 37
      tasks/main.yml

@ -0,0 +1,4 @@
---
skip_list:
- fqcn-builtins
- experimental

@ -0,0 +1,16 @@
----
kind: pipeline
name: default
steps:
- name: integration test
image: python:3.9-buster
environment:
REMOTE_USER: molecule
HCLOUD_TOKEN:
from_secret: HCLOUD_TOKEN
commands:
- apt update && apt install -y pwgen
- mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.swarm-single-node
- export INSTANCE_UUID=$(pwgen 8 1)
- pip install -r requirements.txt
- molecule test

@ -0,0 +1,18 @@
# Your username that you use for accounts on our machines.
export REMOTE_USER=
export ANSIBLE_USER=$REMOTE_USER
# The path to our pass credentials store
export PASSWORD_STORE_DIR=
# The Hetzner Cloud API token for managing our instances
# Uncomment the prod/test line below depending on what you're doing
# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key)
# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key)
export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key)
# For molecule role testing
export INSTANCE_UUID=$RANDOM
# So molecule will show credentials in the logs
export MOLECULE_NO_LOG=False

@ -0,0 +1,16 @@
---
extends: default
yaml-files:
- "*.yaml"
- "*.yml"
ignore: |
.venv
.drone.yml
rules:
line-length: disable
braces:
max-spaces-inside: 1
level: error

@ -0,0 +1,15 @@
autonomic.apt-upgrades: Upgrade system packages
Copyright (C) 2022 Autonomic Co-operative <helo@autonomic.zone>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.

@ -0,0 +1,3 @@
# autonomic.swarm-single-node
[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/autonomic.swarm-single-node/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/autonomic-cooperative/autonomic.swarm-single-node)

@ -0,0 +1,2 @@
---
swarm_single_node_enable_proxy: false

@ -0,0 +1,12 @@
---
- name: Restart ufw
become: true
service:
name: ufw
state: restarted
- name: Restart docker
become: true
service:
name: docker
state: restarted

@ -0,0 +1,14 @@
---
dependencies: []
galaxy_info:
role_name: swarm_single_node
namespace: autonomic
author: autonomic
description: Setup a single node docker swarm
company: Autonomic
license: GPLv3
min_ansible_version: 2.9
platforms:
- name: Debian
versions:
- buster

@ -0,0 +1,35 @@
---
- name: Converge
hosts: all
vars:
- swarm_single_node_enable_proxy: true
- members: files/members.yml
pre_tasks:
- name: Include resource variables
include_vars: "{{ members }}"
# Note(decentral1se): We create the accounts before the role since we want
# those accounts to exist so we can make sure they are used in the role
# under test
- name: Prepare user accounts for the role under test
user:
name: "{{ item.username }}"
shell: /bin/bash
password: "$apr1$GILkREir$r2zDF8rr9Bl8We9UVXnZl1"
groups: sudo
append: true
update_password: always
with_items: "{{ members }}"
- name: Update repository cache
apt:
update_cache: true
tasks:
- name: "Include {{ role_name }}"
include_role:
name: "{{ role_name }}"
loop:
- geerlingguy.docker
- autonomic.swarm-single-node
loop_control:
loop_var: role_name

@ -0,0 +1,6 @@
---
members:
- username: foobar
email: barfoo
ssh_key: "ssh-rsa foo bar@nowhere.com"
uid: 1100

@ -0,0 +1,19 @@
---
dependency:
name: galaxy
driver:
name: hetznercloud
platforms:
- name: "autonomic.swarm-single-node-${INSTANCE_UUID}"
server_type: "cx11"
image: "debian-10"
provisioner:
name: ansible
lint: |
set -e
yamllint -c .yamllint.yml .
ansible-lint --exclude .drone.yml -c .ansible-lint.yml .

@ -0,0 +1,3 @@
---
- src: geerlingguy.docker
version: 4.2.3

@ -0,0 +1,4 @@
ansible-lint==6.0.0
ansible==5.4.0
molecule-hetznercloud==1.3.0
molecule==3.6.1

@ -0,0 +1,15 @@
---
- name: Setup user for docker usage
block:
- name: Check if user exists
getent:
database: passwd
key: "{{ user.username }}"
register: user_exists
ignore_errors: true
- name: Add user to docker group
user:
name: "{{ item.username }}"
group: docker
when: user_exists is not failed

@ -0,0 +1,37 @@
---
- name: Ensure mandatory variables are configured
assert:
that: "{{ item }} is defined"
fail_msg: "You must define the '{{ item }}' variable"
with_items:
- members
- name: Include resource variables
include_vars: "{{ members }}"
tags:
# Note(d1): we already load in converge.yml so skip here
- molecule-notest
# Note(decentral1se): Done in this way because Ansible...
# Please see this SO answer https://stackoverflow.com/a/39041069
- name: Include user group tasks
include: group.yml user={{ item }}
with_items: "{{ members }}"
- name: Ensure Docker python dependencies are installed
package:
name: "{{ item }}"
state: present
with_items:
- python3-docker
- name: Initialise docker swarm
docker_swarm:
state: present
advertise_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
- name: Initialise proxy for traefik
docker_network:
name: proxy
driver: overlay
when: swarm_single_node_enable_proxy