stuff
This commit is contained in:
parent
d2e33bf27f
commit
cb65705ebc
@ -5,6 +5,7 @@ provision_ansible_user_password: supersecretpassword
|
||||
provision_ansible_user_is_system: true
|
||||
provision_ansible_user_shell: /bin/bash
|
||||
provision_ansible_user_sudoer: false
|
||||
provision_ansible_user_add_ssh_key: false
|
||||
provision_ansible_user_ssh_key:
|
||||
provision_ansible_user_ssh_key_options: ""
|
||||
provision_ansible_user_ssh_key_exclusive: true
|
||||
7
molecule/with_ssh_keys/converge.yml
Normal file
7
molecule/with_ssh_keys/converge.yml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: "Include ednxzu.provision_ansible_user"
|
||||
ansible.builtin.include_role:
|
||||
name: "ednxzu.provision_ansible_user"
|
||||
10
molecule/with_ssh_keys/group_vars/all.yml
Normal file
10
molecule/with_ssh_keys/group_vars/all.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
provision_ansible_user_name: ansible
|
||||
provision_ansible_user_password: supersecretpassword
|
||||
provision_ansible_user_is_system: true
|
||||
provision_ansible_user_shell: /bin/bash
|
||||
provision_ansible_user_sudoer: true
|
||||
provision_ansible_user_add_ssh_key: true
|
||||
provision_ansible_user_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF17FFrBY4dZyvJ7Yf1Ev4NA2+/tW5krKxVrpq45Cujg lanson@lead"
|
||||
provision_ansible_user_ssh_key_options: ""
|
||||
provision_ansible_user_ssh_key_exclusive: true
|
||||
41
molecule/with_ssh_keys/molecule.yml
Normal file
41
molecule/with_ssh_keys/molecule.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
requirements-file: ./requirements.yml
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
- name: instance
|
||||
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
|
||||
command: ""
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup
|
||||
cgroupns_mode: host
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
provisioner:
|
||||
name: ansible
|
||||
config_options:
|
||||
defaults:
|
||||
remote_tmp: /tmp/.ansible
|
||||
verifier:
|
||||
name: testinfra
|
||||
lint: |
|
||||
yamllint -c .yamllint .
|
||||
ansible-lint
|
||||
scenario:
|
||||
name: with_ssh_keys
|
||||
test_sequence:
|
||||
- dependency
|
||||
- lint
|
||||
- cleanup
|
||||
- destroy
|
||||
- syntax
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- idempotence
|
||||
- verify
|
||||
- cleanup
|
||||
- destroy
|
||||
3
molecule/with_ssh_keys/requirements.yml
Normal file
3
molecule/with_ssh_keys/requirements.yml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
# requirements file for molecule
|
||||
roles: []
|
||||
22
molecule/with_ssh_keys/tests/conftest.py
Normal file
22
molecule/with_ssh_keys/tests/conftest.py
Normal file
@ -0,0 +1,22 @@
|
||||
"""PyTest Fixtures."""
|
||||
from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
def pytest_runtest_setup(item):
|
||||
"""Run tests only when under molecule with testinfra installed."""
|
||||
try:
|
||||
import testinfra
|
||||
except ImportError:
|
||||
pytest.skip("Test requires testinfra", allow_module_level=True)
|
||||
if "MOLECULE_INVENTORY_FILE" in os.environ:
|
||||
pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||
os.environ["MOLECULE_INVENTORY_FILE"]
|
||||
).get_hosts("all")
|
||||
else:
|
||||
pytest.skip(
|
||||
"Test should run only from inside molecule.", allow_module_level=True
|
||||
)
|
||||
10
molecule/with_ssh_keys/tests/test_default.py
Normal file
10
molecule/with_ssh_keys/tests/test_default.py
Normal file
@ -0,0 +1,10 @@
|
||||
"""Role testing files using testinfra."""
|
||||
|
||||
|
||||
def test_hosts_file(host):
|
||||
"""Validate /etc/hosts file."""
|
||||
f = host.file("/etc/hosts")
|
||||
|
||||
assert f.exists
|
||||
assert f.user == "root"
|
||||
assert f.group == "root"
|
||||
9
tasks/add_ssh_keys.yml
Normal file
9
tasks/add_ssh_keys.yml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
# task/add_ssh_keys file for provision_ansible_user
|
||||
- name: "Add key to authorized_keys"
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ provision_ansible_user_name }}"
|
||||
key: "{{ provision_ansible_user_ssh_key }}"
|
||||
comment: "ansible@{{ ansible_hostname }}"
|
||||
key_options: "{{ provision_ansible_user_ssh_key_options }}"
|
||||
exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"
|
||||
@ -14,10 +14,4 @@
|
||||
dest: "/etc/sudoers.d/{{ provision_ansible_user_name }}"
|
||||
mode: 0640
|
||||
content: "{{ provision_ansible_user_name }} ALL=(ALL) NOPASSWD: ALL"
|
||||
|
||||
- name: "Add key to authorized_keys"
|
||||
user: "{{ provision_ansible_user_name }}"
|
||||
key: "{{ provision_ansible_user_ssh_key }}"
|
||||
comment: "ansible@{{ ansible_hostname }}"
|
||||
key_options: "{{ provision_ansible_user_ssh_key_options }}"
|
||||
exclusive: "{{ provision_ansible_user_ssh_key_exclusive }}"
|
||||
when: provision_ansible_user_sudoer
|
||||
|
||||
@ -2,3 +2,7 @@
|
||||
# task/main file for provision_ansible_user
|
||||
- name: "Import create_user.yml"
|
||||
ansible.builtin.include_tasks: create_user.yml
|
||||
|
||||
- name: "Import add_ssh_keys.yml"
|
||||
ansible.builtin.include_tasks: add_ssh_keys.yml
|
||||
when: provision_ansible_user_add_ssh_key
|
||||
|
||||
Loading…
Reference in New Issue
Block a user