diff --git a/handlers/main.yml b/handlers/main.yml index 4b0e0bc..ba0e721 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,18 +3,21 @@ - name: "Reload systemd file" ansible.builtin.systemd: daemon_reload: true + become: true listen: "systemctl-daemon-reload" - name: "Enable adguard service" ansible.builtin.service: name: adguard enabled: true + become: true listen: "systemctl-enable-adguard" - name: "Start adguard service" ansible.builtin.service: name: adguard state: restarted + become: true listen: "systemctl-restart-adguard" throttle: 1 when: deploy_adguard_start_service @@ -32,4 +35,5 @@ name: adguard-connect-proxy enabled: true state: restarted + become: true listen: "systemctl-enable-restart-adguard-connect-proxy" diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ab38f3a..b9adfa8 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -3,21 +3,6 @@ hosts: all gather_facts: false tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == 'root' - - name: "Test: directory /opt/adguard" block: - name: "Stat directory /opt/adguard" @@ -68,6 +53,7 @@ ansible.builtin.slurp: src: "/etc/systemd/system/adguard.service" register: slurp_etc_systemd_system_adguard_service + become: true - name: "Verify service adguard" ansible.builtin.assert: @@ -89,6 +75,7 @@ ansible.builtin.slurp: src: "/opt/adguard/docker-compose.yml" register: slurp_opt_adguard_docker_compose_yml + become: true - name: "Set fact for file content /opt/adguard/docker-compose.yml" diff --git a/molecule/default_vagrant/converge.yml b/molecule/default_vagrant/converge.yml new file mode 100644 index 0000000..b2b50da --- /dev/null +++ b/molecule/default_vagrant/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ednxzu.deploy_adguard" + ansible.builtin.include_role: + name: "ednxzu.deploy_adguard" diff --git a/molecule/default_vagrant/molecule.yml b/molecule/default_vagrant/molecule.yml new file mode 100644 index 0000000..2b02360 --- /dev/null +++ b/molecule/default_vagrant/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: vagrant + provider: + name: libvirt +platforms: + - name: instance + box: generic/${MOLECULE_TEST_OS} + cpus: 4 + memory: 4096 +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: default_vagrant + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/default_vagrant/requirements.yml b/molecule/default_vagrant/requirements.yml new file mode 100644 index 0000000..e9320f9 --- /dev/null +++ b/molecule/default_vagrant/requirements.yml @@ -0,0 +1,3 @@ +--- +# requirements file for molecule +roles: [] diff --git a/molecule/default_vagrant/verify.yml b/molecule/default_vagrant/verify.yml new file mode 100644 index 0000000..fa05439 --- /dev/null +++ b/molecule/default_vagrant/verify.yml @@ -0,0 +1,100 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: directory /opt/adguard" + block: + - name: "Stat directory /opt/adguard" + ansible.builtin.stat: + path: "/opt/adguard" + register: stat_opt_adguard + + - name: "Stat directory /opt/adguard/conf" + ansible.builtin.stat: + path: "/opt/adguard/conf" + register: stat_opt_adguard_conf + + - name: "Stat directory /opt/adguard/data" + ansible.builtin.stat: + path: "/opt/adguard/data" + register: stat_opt_adguard_data + + - name: "Verify directory /etc/consul.d" + ansible.builtin.assert: + that: + - stat_opt_adguard.stat.exists + - stat_opt_adguard.stat.isdir + - stat_opt_adguard.stat.pw_name == 'root' + - stat_opt_adguard.stat.gr_name == 'root' + - stat_opt_adguard.stat.mode == '0755' + - stat_opt_adguard_conf.stat.exists + - stat_opt_adguard_conf.stat.isdir + - stat_opt_adguard_conf.stat.pw_name == 'root' + - stat_opt_adguard_conf.stat.gr_name == 'root' + - stat_opt_adguard_conf.stat.mode == '0755' + - stat_opt_adguard_data.stat.exists + - stat_opt_adguard_data.stat.isdir + - stat_opt_adguard_data.stat.pw_name == 'root' + - stat_opt_adguard_data.stat.gr_name == 'root' + - stat_opt_adguard_data.stat.mode == '0755' + + - name: "Test: service adguard" + block: + - name: "Get service adguard" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/adguard.service" + ansible.builtin.stat: + path: "/etc/systemd/system/adguard.service" + register: stat_etc_systemd_system_adguard_service + + - name: "Slurp file /etc/systemd/system/adguard.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/adguard.service" + register: slurp_etc_systemd_system_adguard_service + become: true + + - name: "Verify service adguard" + ansible.builtin.assert: + that: + - stat_etc_systemd_system_adguard_service.stat.exists + - stat_etc_systemd_system_adguard_service.stat.isreg + - stat_etc_systemd_system_adguard_service.stat.pw_name == 'root' + - stat_etc_systemd_system_adguard_service.stat.gr_name == 'root' + - stat_etc_systemd_system_adguard_service.stat.mode == '0644' + - slurp_etc_systemd_system_adguard_service.content != '' + - ansible_facts.services['adguard.service'] is defined + - ansible_facts.services['adguard.service']['source'] == 'systemd' + - ansible_facts.services['adguard.service']['state'] == 'stopped' + - ansible_facts.services['adguard.service']['status'] == 'enabled' + + - name: "Test: file /opt/adguard/docker-compose.yml" + block: + - name: "Slurp file /opt/adguard/docker-compose.yml" + ansible.builtin.slurp: + src: "/opt/adguard/docker-compose.yml" + register: slurp_opt_adguard_docker_compose_yml + become: true + + + - name: "Set fact for file content /opt/adguard/docker-compose.yml" + ansible.builtin.set_fact: + opt_adguard_docker_compose_yml_json: "{{ slurp_opt_adguard_docker_compose_yml.content | b64decode | from_yaml | to_json | from_json }}" + + - name: "Verify file /opt/adguard/docker-compose.yml" + ansible.builtin.assert: + that: + - opt_adguard_docker_compose_yml_json['version'] is defined + - opt_adguard_docker_compose_yml_json['version'] == '3.9' + - opt_adguard_docker_compose_yml_json['services'] is defined + - opt_adguard_docker_compose_yml_json['services']|length == 1 + - opt_adguard_docker_compose_yml_json['services']['adguard'] is defined + - opt_adguard_docker_compose_yml_json['services']['adguard']['image'] == 'adguard/adguardhome:latest' + - opt_adguard_docker_compose_yml_json['networks'] is defined + - opt_adguard_docker_compose_yml_json['networks']|length == 1 + - opt_adguard_docker_compose_yml_json['volumes'] is defined + - opt_adguard_docker_compose_yml_json['volumes']|length == 2 + - opt_adguard_docker_compose_yml_json['volumes']['conf'] is defined + - opt_adguard_docker_compose_yml_json['volumes']['data'] is defined + - opt_adguard_docker_compose_yml_json['secrets'] is not defined diff --git a/molecule/with_extra_sidecars/verify.yml b/molecule/with_extra_sidecars/verify.yml index 6ccc60d..0428c2b 100644 --- a/molecule/with_extra_sidecars/verify.yml +++ b/molecule/with_extra_sidecars/verify.yml @@ -3,21 +3,6 @@ hosts: all gather_facts: false tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == 'root' - - name: "Test: directory /opt/adguard" block: - name: "Stat directory /opt/adguard" @@ -68,6 +53,7 @@ ansible.builtin.slurp: src: "/etc/systemd/system/adguard.service" register: slurp_etc_systemd_system_adguard_service + become: true - name: "Verify service adguard" ansible.builtin.assert: @@ -89,7 +75,7 @@ ansible.builtin.slurp: src: "/opt/adguard/docker-compose.yml" register: slurp_opt_adguard_docker_compose_yml - + become: true - name: "Set fact for file content /opt/adguard/docker-compose.yml" ansible.builtin.set_fact: diff --git a/molecule/with_extra_sidecars_vagrant/converge.yml b/molecule/with_extra_sidecars_vagrant/converge.yml new file mode 100644 index 0000000..b2b50da --- /dev/null +++ b/molecule/with_extra_sidecars_vagrant/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ednxzu.deploy_adguard" + ansible.builtin.include_role: + name: "ednxzu.deploy_adguard" diff --git a/molecule/with_extra_sidecars_vagrant/group_vars/all.yml b/molecule/with_extra_sidecars_vagrant/group_vars/all.yml new file mode 100644 index 0000000..a0ff264 --- /dev/null +++ b/molecule/with_extra_sidecars_vagrant/group_vars/all.yml @@ -0,0 +1,37 @@ +--- +# defaults file for deploy_adguard +deploy_adguard_directory: /opt/adguard +deploy_adguard_timezone: "Europe/Paris" +deploy_adguard_enable_admin_interface: true +deploy_adguard_enable_dhcp: false +deploy_adguard_enable_doh: true +deploy_adguard_enable_dot: false +deploy_adguard_enable_doq: false +deploy_adguard_enable_dnscrypt: false +deploy_adguard_start_service: false +deploy_adguard_virtual_ip: + enable: true + interface: eth0 + vip_addr: "192.168.1.53" +deploy_adguard_node_exporter: + enable: true + protocol: http + port: 80 + username: admin + password: password + exporter_port: 9617 + interval: 10s + log_limit: 10000 +deploy_adguard_consul: + enable: false + consul_addr: http://127.0.0.1:8500 + consul_token: someUUIDhere + configuration: + service: + name: adguard + address: "{{ ansible_default_ipv4.address }}" + port: 80 + tags: [] + connect: + sidecar_service: {} +deploy_adguard_config: {} diff --git a/molecule/with_extra_sidecars_vagrant/molecule.yml b/molecule/with_extra_sidecars_vagrant/molecule.yml new file mode 100644 index 0000000..1e76a98 --- /dev/null +++ b/molecule/with_extra_sidecars_vagrant/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy + options: + requirements-file: ./requirements.yml +driver: + name: vagrant + provider: + name: libvirt +platforms: + - name: instance + box: generic/${MOLECULE_TEST_OS} + cpus: 4 + memory: 4096 +provisioner: + name: ansible + config_options: + defaults: + remote_tmp: /tmp/.ansible +verifier: + name: ansible +scenario: + name: with_extra_sidecars_vagrant + test_sequence: + - dependency + - cleanup + - destroy + - syntax + - create + - prepare + - converge + - idempotence + - verify + - cleanup + - destroy diff --git a/molecule/with_extra_sidecars_vagrant/requirements.yml b/molecule/with_extra_sidecars_vagrant/requirements.yml new file mode 100644 index 0000000..e9320f9 --- /dev/null +++ b/molecule/with_extra_sidecars_vagrant/requirements.yml @@ -0,0 +1,3 @@ +--- +# requirements file for molecule +roles: [] diff --git a/molecule/with_extra_sidecars_vagrant/verify.yml b/molecule/with_extra_sidecars_vagrant/verify.yml new file mode 100644 index 0000000..74752a0 --- /dev/null +++ b/molecule/with_extra_sidecars_vagrant/verify.yml @@ -0,0 +1,103 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: "Test: directory /opt/adguard" + block: + - name: "Stat directory /opt/adguard" + ansible.builtin.stat: + path: "/opt/adguard" + register: stat_opt_adguard + + - name: "Stat directory /opt/adguard/conf" + ansible.builtin.stat: + path: "/opt/adguard/conf" + register: stat_opt_adguard_conf + + - name: "Stat directory /opt/adguard/data" + ansible.builtin.stat: + path: "/opt/adguard/data" + register: stat_opt_adguard_data + + - name: "Verify directory /etc/consul.d" + ansible.builtin.assert: + that: + - stat_opt_adguard.stat.exists + - stat_opt_adguard.stat.isdir + - stat_opt_adguard.stat.pw_name == 'root' + - stat_opt_adguard.stat.gr_name == 'root' + - stat_opt_adguard.stat.mode == '0755' + - stat_opt_adguard_conf.stat.exists + - stat_opt_adguard_conf.stat.isdir + - stat_opt_adguard_conf.stat.pw_name == 'root' + - stat_opt_adguard_conf.stat.gr_name == 'root' + - stat_opt_adguard_conf.stat.mode == '0755' + - stat_opt_adguard_data.stat.exists + - stat_opt_adguard_data.stat.isdir + - stat_opt_adguard_data.stat.pw_name == 'root' + - stat_opt_adguard_data.stat.gr_name == 'root' + - stat_opt_adguard_data.stat.mode == '0755' + + - name: "Test: service adguard" + block: + - name: "Get service adguard" + ansible.builtin.service_facts: + + - name: "Stat file /etc/systemd/system/adguard.service" + ansible.builtin.stat: + path: "/etc/systemd/system/adguard.service" + register: stat_etc_systemd_system_adguard_service + + - name: "Slurp file /etc/systemd/system/adguard.service" + ansible.builtin.slurp: + src: "/etc/systemd/system/adguard.service" + register: slurp_etc_systemd_system_adguard_service + become: true + + - name: "Verify service adguard" + ansible.builtin.assert: + that: + - stat_etc_systemd_system_adguard_service.stat.exists + - stat_etc_systemd_system_adguard_service.stat.isreg + - stat_etc_systemd_system_adguard_service.stat.pw_name == 'root' + - stat_etc_systemd_system_adguard_service.stat.gr_name == 'root' + - stat_etc_systemd_system_adguard_service.stat.mode == '0644' + - slurp_etc_systemd_system_adguard_service.content != '' + - ansible_facts.services['adguard.service'] is defined + - ansible_facts.services['adguard.service']['source'] == 'systemd' + - ansible_facts.services['adguard.service']['state'] == 'stopped' + - ansible_facts.services['adguard.service']['status'] == 'enabled' + + - name: "Test: file /opt/adguard/docker-compose.yml" + block: + - name: "Slurp file /opt/adguard/docker-compose.yml" + ansible.builtin.slurp: + src: "/opt/adguard/docker-compose.yml" + register: slurp_opt_adguard_docker_compose_yml + become: true + + - name: "Set fact for file content /opt/adguard/docker-compose.yml" + ansible.builtin.set_fact: + opt_adguard_docker_compose_yml_json: "{{ slurp_opt_adguard_docker_compose_yml.content | b64decode | from_yaml | to_json | from_json }}" + + - name: "Verify file /opt/adguard/docker-compose.yml" + ansible.builtin.assert: + that: + - opt_adguard_docker_compose_yml_json['version'] is defined + - opt_adguard_docker_compose_yml_json['version'] == '3.9' + - opt_adguard_docker_compose_yml_json['services'] is defined + - opt_adguard_docker_compose_yml_json['services']|length == 3 + - opt_adguard_docker_compose_yml_json['services']['keepalived'] is defined + - opt_adguard_docker_compose_yml_json['services']['keepalived']['image'] == 'ghcr.io/rmartin16/keepalived:latest' + - opt_adguard_docker_compose_yml_json['services']['adguard'] is defined + - opt_adguard_docker_compose_yml_json['services']['adguard']['image'] == 'adguard/adguardhome:latest' + - opt_adguard_docker_compose_yml_json['services']['node_exporter'] is defined + - opt_adguard_docker_compose_yml_json['services']['node_exporter']['image'] == 'ebrianne/adguard-exporter:latest' + - opt_adguard_docker_compose_yml_json['networks'] is defined + - opt_adguard_docker_compose_yml_json['networks']|length == 1 + - opt_adguard_docker_compose_yml_json['volumes'] is defined + - opt_adguard_docker_compose_yml_json['volumes']|length == 2 + - opt_adguard_docker_compose_yml_json['volumes']['conf'] is defined + - opt_adguard_docker_compose_yml_json['volumes']['data'] is defined + - opt_adguard_docker_compose_yml_json['secrets'] is defined diff --git a/tasks/configure.yml b/tasks/configure.yml index c5e132f..4ab612c 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -7,10 +7,12 @@ owner: root group: root mode: '0644' + become: true notify: - systemctl-daemon-reload - name: "Configure docker-compose deployment" + become: true block: - name: "Copy docker-compose.yml template" ansible.builtin.template: @@ -42,5 +44,6 @@ group: root mode: '0600' when: deploy_adguard_config != {} + become: true notify: - systemctl-restart-adguard diff --git a/tasks/consul_service.yml b/tasks/consul_service.yml index ad160cc..e637cc4 100644 --- a/tasks/consul_service.yml +++ b/tasks/consul_service.yml @@ -7,10 +7,12 @@ owner: root group: root mode: '0644' + become: true notify: - "consul-services-register-adguard" - name: "Configure service mesh proxy" + become: true when: deploy_adguard_consul['configuration']['service']['connect'] is defined block: - name: "Copy adguard-connect-proxy.env file" diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml index c9e8361..69cb3de 100644 --- a/tasks/prerequisites.yml +++ b/tasks/prerequisites.yml @@ -7,6 +7,7 @@ owner: root group: root mode: '0755' + become: true - name: "Create adguard/conf directory" ansible.builtin.file: @@ -15,6 +16,7 @@ owner: root group: root mode: '0755' + become: true - name: "Create adguard/data directory" ansible.builtin.file: @@ -23,3 +25,4 @@ owner: root group: root mode: '0755' + become: true