added skeleton

This commit is contained in:
Bertrand Lanson 2023-03-14 23:23:33 +01:00
parent 1f6fdcdcea
commit de54f56d25
15 changed files with 297 additions and 81 deletions

8
.ansible-lint Normal file
View File

@ -0,0 +1,8 @@
---
warn_list:
- experimental # all rules tagged as experimental
- yaml # violations reported by yamllint
- meta-no-info
skip_list:
- jinja[spacing] # Rule that looks inside jinja2 templates.

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
# ignore molecule/testinfra pycache
**/__pycache__

40
.yamllint Normal file
View File

@ -0,0 +1,40 @@
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: enable
comments-indentation: disable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: enable
key-duplicates: enable
line-length:
max: 80
level: warning
new-line-at-end-of-file: enable
new-lines:
type: unix
trailing-spaces: enable
truthy:
allowed-values:
- 'true'
- 'false'
- 'yes'
- 'no'

20
LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

158
README.md
View File

@ -1,92 +1,88 @@
# manage_pip_packages Hashicorp Consul
=========
> This repository is only a mirror. Development and testing is done on a private gitlab server.
This role install and configure consul on **debian-based** distributions.
Requirements
------------
## Getting started None.
To make it easy for you to get started with GitLab, here's a list of recommended next steps. Role Variables
--------------
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)! Available variables are listed below, along with default values. A sample file for the default values is available in `default/hashicorp_consul.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```yaml
hashi_consul_install: true # by default, set to true
``` ```
cd existing_repo This variable defines if the consul package is to be installed or not before configuring. If you install consul using another task, you can set this to `false`.
git remote add origin https://gitlab.ednz.fr/homelab/ansible-resources/roles/manage_pip_packages.git
git branch -M main ```yaml
git push -uf origin main hashi_consul_start_service: true
```
This variable defines if the consul service should be started once it has been configured. This is usefull in case you're using this role to build golden images, in which case you might want to only enable the service, to have it start on the next boot (when the image is launched)
```yaml
hashi_consul_version: latest # by default, set to latest
```
This variable specifies the version of consul to install when `hashi_consul_install` is set to `true`. The version to specify is the version of the package on the hashicorp repository (`1.14.1-1` for example).
```yaml
hashi_consul_deploy_method: host # by default, set to host
```
This variable defines the method of deployment of consul. The `host` method installs the binary directly on the host, and runs consul as a systemd service. The `docker` method install consul as a docker container.
> Currently, only the `host` method is available, the `docker` method will be added later.
```yaml
hashi_consul_server_enable: true # by default, set to true
hashi_consul_connect_enable: false # by default, set to false
hashi_consul_acl_enabled: false # by default, set to false
```
These variables enable or disable the server, service mesh and acl functions or consul.
```yaml
hashi_consul_server:
```
This variable sets a bunch of configuration parameters for consul. For more information on all of them, please check the [documentation](https://developer.hashicorp.com/consul/docs/agent/config/config-files). I try to name them the same as in the configuration file, so that it is easier to search for it. Most of the defaults in the role are the default values of consul, however, some might differ.
```yaml
hashi_consul_server_ports:
```
This variable sets up all of the ports used for consul communications. They default to the consul default values.
```yaml
hashi_consul_client:
```
This variable is the list of servers to try to join on startup for agents. This only applies to agents, not servers (see `hashi_consul_server['retry_join']` for servers).
```yaml
hashi_consul_acl:
```
This variable sets a bunch of settings regarding the ACLs in consul. YOU NEED TO EDIT IT if you decide to enable ACLs on the cluster (you might want to look into `lookup plugins` to fetch tokens from a secret manager, like [vault](https://docs.ansible.com/ansible/latest/collections/community/hashi_vault/hashi_vault_lookup.html) or [bitwarden](https://docs.ansible.com/ansible/latest/collections/community/general/bitwarden_lookup.html)).
Dependencies
------------
This role requires both `ednxzu.manage_repositories` and `ednxzu.manage_apt_packages` to install consul. If you already installed consul, you can set `hashi_consul_install` to `false`, and that'll remove the dependencies.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednxzu.hashicorp_consul
``` ```
## Integrate with your tools License
-------
- [ ] [Set up project integrations](https://gitlab.ednz.fr/homelab/ansible-resources/roles/manage_pip_packages/-/settings/integrations) MIT / BSD
## Collaborate with your team Author Information
------------------
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/) This role was created by Bertrand Lanson in 2023.
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.

8
defaults/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
# defaults file for manage_pip_packages
manage_pip_packages_install_python: true
manage_pip_packages_install_pip: true
manage_pip_packages_list:
- name: nginx
version: latest
state: absent

2
handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for manage_pip_packages

53
meta/main.yml Normal file
View File

@ -0,0 +1,53 @@
galaxy_info:
author: your name
namespace: ednxzu
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

View File

@ -0,0 +1,7 @@
---
- name: Converge
hosts: all
tasks:
- name: "Include ednxzu.manage_pip_packages"
ansible.builtin.include_role:
name: "ednxzu.manage_pip_packages"

View File

@ -0,0 +1,41 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: testinfra
lint: |
yamllint -c .yamllint .
ansible-lint
scenario:
name: default
test_sequence:
- dependency
- lint
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

View File

@ -0,0 +1,3 @@
---
# requirements file for molecule
roles: []

View File

@ -0,0 +1,22 @@
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.", allow_module_level=True
)

View File

@ -0,0 +1,10 @@
"""Role testing files using testinfra."""
def test_hosts_file(host):
"""Validate /etc/hosts file."""
f = host.file("/etc/hosts")
assert f.exists
assert f.user == "root"
assert f.group == "root"

2
tasks/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# task/main file for manage_pip_packages

2
vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for manage_pip_packages