init

2022-05-30 16:57:39 +02:00
commit b5c3ce2ec4
16 changed files with 219 additions and 0 deletions
--- a/.ansible-lint.yml
+++ b/.ansible-lint.yml
@ -0,0 +1,4 @@
+---
+skip_list:
+  - fqcn-builtins
+  - experimental
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,16 @@
+----
+kind: pipeline
+name: default
+steps:
+  - name: integration test
+    image: python:3.9-buster
+    environment:
+      REMOTE_USER: molecule
+      HCLOUD_TOKEN:
+        from_secret: HCLOUD_TOKEN
+    commands:
+      - apt update && apt install -y pwgen
+      - mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.swarm-single-node
+      - export INSTANCE_UUID=$(pwgen 8 1)
+      - pip install -r requirements.txt
+      - molecule test
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,18 @@
+# Your username that you use for accounts on our machines.
+export REMOTE_USER=
+export ANSIBLE_USER=$REMOTE_USER
+
+# The path to our pass credentials store
+export PASSWORD_STORE_DIR=
+
+# The Hetzner Cloud API token for managing our instances
+# Uncomment the prod/test line below depending on what you're doing
+# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key)
+# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key)
+export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key)
+
+# For molecule role testing
+export INSTANCE_UUID=$RANDOM
+
+# So molecule will show credentials in the logs
+export MOLECULE_NO_LOG=False
--- a/.yamllint.yml
+++ b/.yamllint.yml
@ -0,0 +1,16 @@
+---
+extends: default
+
+yaml-files:
+  - "*.yaml"
+  - "*.yml"
+
+ignore: |
+  .venv
+  .drone.yml
+
+rules:
+  line-length: disable
+  braces:
+    max-spaces-inside: 1
+    level: error
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+autonomic.apt-upgrades: Upgrade system packages
+Copyright (C) 2022  Autonomic Co-operative <helo@autonomic.zone>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
--- a/README.md
+++ b/README.md
@ -0,0 +1,3 @@
+# autonomic.swarm-single-node
+
+[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/autonomic.swarm-single-node/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/autonomic-cooperative/autonomic.swarm-single-node)
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,2 @@
+---
+swarm_single_node_enable_proxy: false
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,12 @@
+---
+- name: Restart ufw
+  become: true
+  service:
+    name: ufw
+    state: restarted
+
+- name: Restart docker
+  become: true
+  service:
+    name: docker
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,14 @@
+---
+dependencies: []
+galaxy_info:
+  role_name: swarm_single_node
+  namespace: autonomic
+  author: autonomic
+  description: Setup a single node docker swarm
+  company: Autonomic
+  license: GPLv3
+  min_ansible_version: 2.9
+  platforms:
+    - name: Debian
+      versions:
+        - buster
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -0,0 +1,35 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    - swarm_single_node_enable_proxy: true
+    - members: files/members.yml
+  pre_tasks:
+    - name: Include resource variables
+      include_vars: "{{ members }}"
+
+    # Note(decentral1se): We create the accounts before the role since we want
+    # those accounts to exist so we can make sure they are used in the role
+    # under test
+    - name: Prepare user accounts for the role under test
+      user:
+        name: "{{ item.username }}"
+        shell: /bin/bash
+        password: "$apr1$GILkREir$r2zDF8rr9Bl8We9UVXnZl1"
+        groups: sudo
+        append: true
+        update_password: always
+      with_items: "{{ members }}"
+
+    - name: Update repository cache
+      apt:
+        update_cache: true
+  tasks:
+    - name: "Include {{ role_name }}"
+      include_role:
+        name: "{{ role_name }}"
+      loop:
+        - geerlingguy.docker
+        - autonomic.swarm-single-node
+      loop_control:
+        loop_var: role_name
--- a/molecule/default/files/members.yml
+++ b/molecule/default/files/members.yml
@ -0,0 +1,6 @@
+---
+members:
+  - username: foobar
+    email: barfoo
+    ssh_key: "ssh-rsa foo bar@nowhere.com"
+    uid: 1100
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -0,0 +1,19 @@
+---
+dependency:
+  name: galaxy
+
+driver:
+  name: hetznercloud
+
+platforms:
+  - name: "autonomic.swarm-single-node-${INSTANCE_UUID}"
+    server_type: "cx11"
+    image: "debian-10"
+
+provisioner:
+  name: ansible
+
+lint: |
+  set -e
+  yamllint -c .yamllint.yml .
+  ansible-lint --exclude .drone.yml -c .ansible-lint.yml .
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
@ -0,0 +1,3 @@
+---
+- src: geerlingguy.docker
+  version: 4.2.3
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,4 @@
+ansible-lint==6.0.0
+ansible==5.4.0
+molecule-hetznercloud==1.3.0
+molecule==3.6.1
--- a/tasks/group.yml
+++ b/tasks/group.yml
@ -0,0 +1,15 @@
+---
+- name: Setup user for docker usage
+  block:
+    - name: Check if user exists
+      getent:
+        database: passwd
+        key: "{{ user.username }}"
+      register: user_exists
+      ignore_errors: true
+
+    - name: Add user to docker group
+      user:
+        name: "{{ item.username }}"
+        group: docker
+      when: user_exists is not failed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,37 @@
+---
+- name: Ensure mandatory variables are configured
+  assert:
+    that: "{{ item }} is defined"
+    fail_msg: "You must define the '{{ item }}' variable"
+  with_items:
+    - members
+
+- name: Include resource variables
+  include_vars: "{{ members }}"
+  tags:
+    # Note(d1): we already load in converge.yml so skip here
+    - molecule-notest
+
+# Note(decentral1se): Done in this way because Ansible...
+# Please see this SO answer https://stackoverflow.com/a/39041069
+- name: Include user group tasks
+  include: group.yml user={{ item }}
+  with_items: "{{ members }}"
+
+- name: Ensure Docker python dependencies are installed
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-docker
+
+- name: Initialise docker swarm
+  docker_swarm:
+    state: present
+    advertise_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+
+- name: Initialise proxy for traefik
+  docker_network:
+    name: proxy
+    driver: overlay
+  when: swarm_single_node_enable_proxy