commit b5c3ce2ec4714d60d9faa5293190e23069aea590 Author: decentral1se Date: Mon May 30 16:57:39 2022 +0200 init diff --git a/.ansible-lint.yml b/.ansible-lint.yml new file mode 100644 index 0000000..25636f8 --- /dev/null +++ b/.ansible-lint.yml @@ -0,0 +1,4 @@ +--- +skip_list: + - fqcn-builtins + - experimental diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..449edc6 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,16 @@ +---- +kind: pipeline +name: default +steps: + - name: integration test + image: python:3.9-buster + environment: + REMOTE_USER: molecule + HCLOUD_TOKEN: + from_secret: HCLOUD_TOKEN + commands: + - apt update && apt install -y pwgen + - mkdir -p /root/.ansible/roles && ln -sr . /root/.ansible/roles/autonomic.swarm-single-node + - export INSTANCE_UUID=$(pwgen 8 1) + - pip install -r requirements.txt + - molecule test diff --git a/.envrc.sample b/.envrc.sample new file mode 100644 index 0000000..8a266bf --- /dev/null +++ b/.envrc.sample @@ -0,0 +1,18 @@ +# Your username that you use for accounts on our machines. +export REMOTE_USER= +export ANSIBLE_USER=$REMOTE_USER + +# The path to our pass credentials store +export PASSWORD_STORE_DIR= + +# The Hetzner Cloud API token for managing our instances +# Uncomment the prod/test line below depending on what you're doing +# export HCLOUD_TOKEN=$(pass show logins/hetzner/prod/api_key) +# export HCLOUD_TOKEN=$(pass show logins/hetzner/test/api_key) +export HCLOUD_TOKEN=$(pass show logins/hetzner/cicd/api_key) + +# For molecule role testing +export INSTANCE_UUID=$RANDOM + +# So molecule will show credentials in the logs +export MOLECULE_NO_LOG=False diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100755 index 0000000..456c99c --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,16 @@ +--- +extends: default + +yaml-files: + - "*.yaml" + - "*.yml" + +ignore: | + .venv + .drone.yml + +rules: + line-length: disable + braces: + max-spaces-inside: 1 + level: error diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..db10852 --- /dev/null +++ b/LICENSE @@ -0,0 +1,15 @@ +autonomic.apt-upgrades: Upgrade system packages +Copyright (C) 2022 Autonomic Co-operative + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . diff --git a/README.md b/README.md new file mode 100644 index 0000000..023b927 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# autonomic.swarm-single-node + +[![Build Status](https://drone.autonomic.zone/api/badges/autonomic-cooperative/autonomic.swarm-single-node/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/autonomic-cooperative/autonomic.swarm-single-node) diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..3741bac --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +swarm_single_node_enable_proxy: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..f00648b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Restart ufw + become: true + service: + name: ufw + state: restarted + +- name: Restart docker + become: true + service: + name: docker + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..4b6b8a4 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,14 @@ +--- +dependencies: [] +galaxy_info: + role_name: swarm_single_node + namespace: autonomic + author: autonomic + description: Setup a single node docker swarm + company: Autonomic + license: GPLv3 + min_ansible_version: 2.9 + platforms: + - name: Debian + versions: + - buster diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..becf196 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,35 @@ +--- +- name: Converge + hosts: all + vars: + - swarm_single_node_enable_proxy: true + - members: files/members.yml + pre_tasks: + - name: Include resource variables + include_vars: "{{ members }}" + + # Note(decentral1se): We create the accounts before the role since we want + # those accounts to exist so we can make sure they are used in the role + # under test + - name: Prepare user accounts for the role under test + user: + name: "{{ item.username }}" + shell: /bin/bash + password: "$apr1$GILkREir$r2zDF8rr9Bl8We9UVXnZl1" + groups: sudo + append: true + update_password: always + with_items: "{{ members }}" + + - name: Update repository cache + apt: + update_cache: true + tasks: + - name: "Include {{ role_name }}" + include_role: + name: "{{ role_name }}" + loop: + - geerlingguy.docker + - autonomic.swarm-single-node + loop_control: + loop_var: role_name diff --git a/molecule/default/files/members.yml b/molecule/default/files/members.yml new file mode 100644 index 0000000..9f1aa65 --- /dev/null +++ b/molecule/default/files/members.yml @@ -0,0 +1,6 @@ +--- +members: + - username: foobar + email: barfoo + ssh_key: "ssh-rsa foo bar@nowhere.com" + uid: 1100 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..de59ea6 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,19 @@ +--- +dependency: + name: galaxy + +driver: + name: hetznercloud + +platforms: + - name: "autonomic.swarm-single-node-${INSTANCE_UUID}" + server_type: "cx11" + image: "debian-10" + +provisioner: + name: ansible + +lint: | + set -e + yamllint -c .yamllint.yml . + ansible-lint --exclude .drone.yml -c .ansible-lint.yml . diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..e94c6c7 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: geerlingguy.docker + version: 4.2.3 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..7d6c96a --- /dev/null +++ b/requirements.txt @@ -0,0 +1,4 @@ +ansible-lint==6.0.0 +ansible==5.4.0 +molecule-hetznercloud==1.3.0 +molecule==3.6.1 diff --git a/tasks/group.yml b/tasks/group.yml new file mode 100644 index 0000000..7e54463 --- /dev/null +++ b/tasks/group.yml @@ -0,0 +1,15 @@ +--- +- name: Setup user for docker usage + block: + - name: Check if user exists + getent: + database: passwd + key: "{{ user.username }}" + register: user_exists + ignore_errors: true + + - name: Add user to docker group + user: + name: "{{ item.username }}" + group: docker + when: user_exists is not failed diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..fa4a35e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Ensure mandatory variables are configured + assert: + that: "{{ item }} is defined" + fail_msg: "You must define the '{{ item }}' variable" + with_items: + - members + +- name: Include resource variables + include_vars: "{{ members }}" + tags: + # Note(d1): we already load in converge.yml so skip here + - molecule-notest + +# Note(decentral1se): Done in this way because Ansible... +# Please see this SO answer https://stackoverflow.com/a/39041069 +- name: Include user group tasks + include: group.yml user={{ item }} + with_items: "{{ members }}" + +- name: Ensure Docker python dependencies are installed + package: + name: "{{ item }}" + state: present + with_items: + - python3-docker + +- name: Initialise docker swarm + docker_swarm: + state: present + advertise_addr: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + +- name: Initialise proxy for traefik + docker_network: + name: proxy + driver: overlay + when: swarm_single_node_enable_proxy