This commit is contained in:
Bertrand Lanson 2023-03-26 00:00:42 +01:00
parent d2e33bf27f
commit cb65705ebc
10 changed files with 108 additions and 7 deletions

View File

@ -5,6 +5,7 @@ provision_ansible_user_password: supersecretpassword
provision_ansible_user_is_system: true provision_ansible_user_is_system: true
provision_ansible_user_shell: /bin/bash provision_ansible_user_shell: /bin/bash
provision_ansible_user_sudoer: false provision_ansible_user_sudoer: false
provision_ansible_user_add_ssh_key: false
provision_ansible_user_ssh_key: provision_ansible_user_ssh_key:
provision_ansible_user_ssh_key_options: "" provision_ansible_user_ssh_key_options: ""
provision_ansible_user_ssh_key_exclusive: true provision_ansible_user_ssh_key_exclusive: true

View File

@ -0,0 +1,7 @@
---
- name: Converge
hosts: all
tasks:
- name: "Include ednxzu.provision_ansible_user"
ansible.builtin.include_role:
name: "ednxzu.provision_ansible_user"

View File

@ -0,0 +1,10 @@
---
provision_ansible_user_name: ansible
provision_ansible_user_password: supersecretpassword
provision_ansible_user_is_system: true
provision_ansible_user_shell: /bin/bash
provision_ansible_user_sudoer: true
provision_ansible_user_add_ssh_key: true
provision_ansible_user_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF17FFrBY4dZyvJ7Yf1Ev4NA2+/tW5krKxVrpq45Cujg lanson@lead"
provision_ansible_user_ssh_key_options: ""
provision_ansible_user_ssh_key_exclusive: true

View File

@ -0,0 +1,41 @@
---
dependency:
name: galaxy
options:
requirements-file: ./requirements.yml
driver:
name: docker
platforms:
- name: instance
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
command: ""
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
config_options:
defaults:
remote_tmp: /tmp/.ansible
verifier:
name: testinfra
lint: |
yamllint -c .yamllint .
ansible-lint
scenario:
name: with_ssh_keys
test_sequence:
- dependency
- lint
- cleanup
- destroy
- syntax
- create
- prepare
- converge
- idempotence
- verify
- cleanup
- destroy

View File

@ -0,0 +1,3 @@
---
# requirements file for molecule
roles: []

View File

@ -0,0 +1,22 @@
"""PyTest Fixtures."""
from __future__ import absolute_import
import os
import pytest
def pytest_runtest_setup(item):
"""Run tests only when under molecule with testinfra installed."""
try:
import testinfra
except ImportError:
pytest.skip("Test requires testinfra", allow_module_level=True)
if "MOLECULE_INVENTORY_FILE" in os.environ:
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ["MOLECULE_INVENTORY_FILE"]
).get_hosts("all")
else:
pytest.skip(
"Test should run only from inside molecule.", allow_module_level=True
)

View File

@ -0,0 +1,10 @@
"""Role testing files using testinfra."""
def test_hosts_file(host):
"""Validate /etc/hosts file."""
f = host.file("/etc/hosts")
assert f.exists
assert f.user == "root"
assert f.group == "root"

9
tasks/add_ssh_keys.yml Normal file
View File

@ -0,0 +1,9 @@
---
# task/add_ssh_keys file for provision_ansible_user
- name: "Add key to authorized_keys"
ansible.posix.authorized_key:
user: "{{ provision_ansible_user_name }}"
key: "{{ provision_ansible_user_ssh_key }}"
comment: "ansible@{{ ansible_hostname }}"
key_options: "{{ provision_ansible_user_ssh_key_options }}"
exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"

View File

@ -14,10 +14,4 @@
dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}" dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
mode: 0640 mode: 0640
content: "{{ provision_ansible_user_name }} ALL=(ALL) NOPASSWD: ALL" content: "{{ provision_ansible_user_name }} ALL=(ALL) NOPASSWD: ALL"
when: provision_ansible_user_sudoer
- name: "Add key to authorized_keys"
user: "{{ provision_ansible_user_name }}"
key: "{{ provision_ansible_user_ssh_key }}"
comment: "ansible@{{ ansible_hostname }}"
key_options: "{{ provision_ansible_user_ssh_key_options }}"
exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"

View File

@ -2,3 +2,7 @@
# task/main file for provision_ansible_user # task/main file for provision_ansible_user
- name: "Import create_user.yml" - name: "Import create_user.yml"
ansible.builtin.include_tasks: create_user.yml ansible.builtin.include_tasks: create_user.yml
- name: "Import add_ssh_keys.yml"
ansible.builtin.include_tasks: add_ssh_keys.yml
when: provision_ansible_user_add_ssh_key