skeleton

.ansible-lint

@@ -0,0 +1,8 @@
+---
+warn_list:
+  - experimental  # all rules tagged as experimental
+  - yaml  # violations reported by yamllint
+  - meta-no-info
+
+skip_list:
+  - jinja[spacing]  # Rule that looks inside jinja2 templates.

.gitignore

@@ -0,0 +1,2 @@
+# ignore molecule/testinfra pycache
+**/__pycache__

.yamllint

@@ -0,0 +1,40 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: enable
+  comments-indentation: disable
+  document-start: enable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: enable
+  key-duplicates: enable
+  line-length:
+    max: 80
+    level: warning
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    allowed-values:
+      - 'true'
+      - 'false'
+      - 'yes'
+      - 'no'

LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Jeff Geerling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for renew_consul_certificates

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for renew_consul_certificates

meta/main.yml

@@ -0,0 +1,24 @@
+---
+# meta file for renew_consul_certificates
+galaxy_info:
+  namespace: 'ednxzu'
+  role_name: 'renew_consul_certificates'
+  author: 'Bertrand Lanson'
+  description: 'Install and configure consul-template to renew consul TLS certificates for debian-based distros.'
+  license: 'license (BSD, MIT)'
+  min_ansible_version: '2.10'
+  platforms:
+    - name: Ubuntu
+      versions:
+        - focal
+        - jammy
+    - name: Debian
+      versions:
+        - bullseye
+  galaxy_tags:
+    - 'ubuntu'
+    - 'debian'
+    - 'hashicorp'
+    - 'consul'
+
+dependencies: []

molecule/default/converge.yml

@@ -0,0 +1,7 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include ednxzu.renew_consul_certificates"
+      ansible.builtin.include_role:
+        name: "ednxzu.renew_consul_certificates"

molecule/default/molecule.yml

@@ -0,0 +1,37 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: ./requirements.yml
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      remote_tmp: /tmp/.ansible
+verifier:
+  name: testinfra
+scenario:
+  name: default
+  test_sequence:
+    - dependency
+    - cleanup
+    - destroy
+    - syntax
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - verify
+    - cleanup
+    - destroy

molecule/default/prepare.yml

@@ -0,0 +1,15 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+    - name: "Create group consul"
+      ansible.builtin.group:
+        name: "consul"
+        state: present
+
+    - name: "Create user consul"
+      ansible.builtin.user:
+        name: "consul"
+        group: "consul"
+        shell: /bin/false
+        state: present

molecule/default/requirements.yml

@@ -0,0 +1,5 @@
+---
+# requirements file for molecule
+roles:
+  - name: ednxzu.manage_repositories
+  - name: ednxzu.manage_apt_packages

molecule/default/tests/conftest.py

@@ -0,0 +1,22 @@
+"""PyTest Fixtures."""
+
+import os
+
+import pytest
+
+
+def pytest_runtest_setup(item):
+    """Run tests only when under molecule with testinfra installed."""
+    try:
+        import testinfra
+    except ImportError:
+        pytest.skip("Test requires testinfra", allow_module_level=True)
+    if "MOLECULE_INVENTORY_FILE" in os.environ:
+        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+            os.environ["MOLECULE_INVENTORY_FILE"],
+        ).get_hosts("all")
+    else:
+        pytest.skip(
+            "Test should run only from inside molecule.",
+            allow_module_level=True,
+        )

molecule/default/tests/test_default.py

@@ -0,0 +1,9 @@
+"""Role testing files using testinfra."""
+
+
+def test_hosts_file(host):
+    """Validate /etc/hosts file."""
+    etc_hosts = host.file("/etc/hosts")
+    assert etc_hosts.exists
+    assert etc_hosts.user == "root"
+    assert etc_hosts.group == "root"

tasks/main.yml

@@ -0,0 +1,2 @@
+---
+# task/main file for renew_consul_certificates

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for renew_consul_certificates