Browse Source

replace molecule with playbooks

keep-around/0023e0d15ac7faa84caf4933981b539f9633cf60
Loïc Dachary 1 year ago
committed by Loic Dachary
parent
commit
0023e0d15a
Signed by: dachary GPG Key ID: 992D23B392F9E4F2
  1. 2
      .ansible-lint
  2. 2
      ansible.cfg
  3. 4
      converge-from-tag.sh
  4. 64
      enough-playbook.yml
  5. 4
      enough/common/ansible_utils.py
  6. 2
      enough/common/openstack.py
  7. 2
      playbooks/authorized_keys/tests/test_all.py
  8. 2
      playbooks/certificate/test-certificate-playbook.yml
  9. 8
      playbooks/conftest.py
  10. 2
      playbooks/icinga/test-monitoring-deployment-playbook.yml
  11. 37
      playbooks/pad/molecule.yml
  12. 5
      requirements.in
  13. 24
      setup.cfg
  14. 2
      tests/enough/common/test_ansible_utils.py
  15. 6
      tox.ini

2
.ansible-lint

@ -1,5 +1,5 @@
exclude_paths:
- molecule/postfix/roles/debops.postfix
- playbooks/postfix/roles/debops.postfix
skip_list:
- ANSIBLE0004 # Git checkouts must contain explicit version

2
ansible.cfg

@ -1,2 +1,2 @@
[defaults]
roles_path = molecule/infrastructure/roles:molecule/authorized_keys/roles:molecule/backup/roles:molecule/bind/roles:molecule/icinga/roles:molecule/postfix/roles:molecule/weblate/roles:molecule/packages/roles:molecule/jdauphant.nginx/roles:molecule/enough-nginx/roles:molecule/certificate/roles:molecule/wazuh/roles:molecule/firewall/roles:molecule/api/roles
roles_path = playbooks/infrastructure/roles:playbooks/authorized_keys/roles:playbooks/backup/roles:playbooks/bind/roles:playbooks/icinga/roles:playbooks/postfix/roles:playbooks/weblate/roles:playbooks/packages/roles:playbooks/jdauphant.nginx/roles:playbooks/enough-nginx/roles:playbooks/certificate/roles:playbooks/wazuh/roles:playbooks/firewall/roles:playbooks/api/roles

4
converge-from-tag.sh

@ -19,5 +19,5 @@ else
cd $d
source ../virtualenv/bin/activate
fi
molecule converge -s $what
molecule verify -s $what
tox -e $what

64
enough-playbook.yml

@ -1,33 +1,33 @@
---
- import_playbook: "{{ '$SHARE_DIR/molecule/infrastructure/buster-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/firewall/firewall-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/wazuh/wazuh-firewall-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/sexy-debian-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/sshd-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/bind/bind-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/bind/bind-client-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/authorized_keys/authorized-keys-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/backup/backup-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/icinga/icinga-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/icinga/monitor-external-ressources-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/bind/bind-monitoring-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/postfix/postfix-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/wazuh/wazuh-manager-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/wazuh/wazuh-agent-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/weblate/weblate-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/gitlab/gitlab-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/gitlab/gitlab-ci-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/packages/packages-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/packages/enough-android-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/chat/chat-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/cloud/cloud-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/enough/enough-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/website/website-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/forum/forum-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/api/api-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/openvpn/openvpn-server-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/openvpn/openvpn-client-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/uninstall-ntp.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/fail2ban-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/upgrades-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/molecule/misc/commit_etc-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/infrastructure/buster-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/firewall/firewall-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/wazuh/wazuh-firewall-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/sexy-debian-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/sshd-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/bind/bind-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/bind/bind-client-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/authorized_keys/authorized-keys-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/backup/backup-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/icinga/icinga-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/icinga/monitor-external-ressources-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/bind/bind-monitoring-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/postfix/postfix-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/wazuh/wazuh-manager-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/wazuh/wazuh-agent-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/weblate/weblate-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/gitlab/gitlab-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/gitlab/gitlab-ci-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/packages/packages-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/packages/enough-android-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/chat/chat-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/cloud/cloud-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/enough/enough-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/website/website-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/forum/forum-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/api/api-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/openvpn/openvpn-server-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/openvpn/openvpn-client-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/uninstall-ntp.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/fail2ban-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/upgrades-playbook.yml' | expandvars }}"
- import_playbook: "{{ '$SHARE_DIR/playbooks/misc/commit_etc-playbook.yml' | expandvars }}"

4
enough/common/ansible_utils.py

@ -144,8 +144,8 @@ class Playbook(Ansible):
@staticmethod
def roles_path(d):
r = glob.glob(f'{d}/molecule/*/roles')
r.append(f'{d}/molecule/wazuh/wazuh-ansible/roles/wazuh')
r = glob.glob(f'{d}/playbooks/*/roles')
r.append(f'{d}/playbooks/wazuh/wazuh-ansible/roles/wazuh')
return ":".join(r)
def bake(self):

2
enough/common/openstack.py

@ -44,7 +44,7 @@ class Stack(OpenStackBase):
self.definition = definition
def get_template(self):
return f'{settings.SHARE_DIR}/molecule/infrastructure/template-host.yaml'
return f'{settings.SHARE_DIR}/playbooks/infrastructure/template-host.yaml'
def set_public_key(self, path):
self.public_key = open(path).read().strip()

2
playbooks/authorized_keys/tests/test_all.py

@ -6,7 +6,7 @@ testinfra_hosts = ['ansible://authorized-keys-host']
def test_all(host):
address = host.ansible.get_variables()['ansible_host']
marker = "MARKER"
key = 'molecule/authorized_keys/roles/authorized_keys/files/test_keys/testkey'
key = 'playbooks/authorized_keys/roles/authorized_keys/files/test_keys/testkey'
sh.chmod('600', key)
r = sh.ssh('-i', key, 'debian@' + address, 'echo', marker)
assert r.stdout.decode('utf-8').strip() == marker

2
playbooks/certificate/test-certificate-playbook.yml

@ -67,7 +67,7 @@
- role: jdauphant.nginx
vars:
# must match molecule/enough-nginx/roles/enough-nginx/tasks/enough-nginx.yml
# must match playbooks/enough-nginx/roles/enough-nginx/tasks/enough-nginx.yml
nginx_http_params: "{{ nginx_http_default_params + enough_nginx_http_params }}"
enough_nginx_http_params:
# because server names can be long when using test subdomains

8
playbooks/conftest.py

@ -53,7 +53,7 @@ def pytest_sessionstart(session):
e = Enough(config_dir, '.',
domain=domain,
driver='openstack',
inventory=[f'molecule/{service_directory}/inventory'])
inventory=[f'playbooks/{service_directory}/inventory'])
names = session.config.getoption("--enough-hosts")
public_key = f'{e.config_dir}/infrastructure_key.pub'
r = e.heat.create_missings(names.split(','), public_key)
@ -61,9 +61,9 @@ def pytest_sessionstart(session):
e.heat.create_test_subdomain('enough.community')
e.playbook.run([
'--private-key', f'{e.config_dir}/infrastructure_key',
'-i', f'molecule/{service_directory}/inventory',
'-i', f'playbooks/{service_directory}/inventory',
f'--limit={names},localhost',
f'molecule/{service_directory}/playbook.yml',
f'playbooks/{service_directory}/playbook.yml',
])
@ -87,7 +87,7 @@ def pytest_sessionfinish(session, exitstatus):
domain=domain,
driver='openstack',
name=names,
inventory=[f'molecule/{service_directory}/inventory'])
inventory=[f'playbooks/{service_directory}/inventory'])
e.host.delete()

2
playbooks/icinga/test-monitoring-deployment-playbook.yml

@ -1,6 +1,6 @@
---
- name: deploy dummy monitoring object in molecule environment
- name: deploy dummy monitoring object
hosts: website-host
become: true
roles:

37
playbooks/pad/molecule.yml

@ -1,37 +0,0 @@
---
driver:
name: delegated
lint:
name: yamllint
platforms:
- name: bind-host
- name: icinga-host
- name: website-host
provisioner:
name: ansible
options:
i: ../../development-inventory
limit: bind-host,icinga-host,website-host,localhost
lint:
name: ansible-lint
env:
ANSIBLE_ROLES_PATH: roles:../infrastructure/roles:../firewall/roles:../bind/roles:../icinga/roles:../jdauphant.nginx/roles:../enough-nginx/roles:../certificate/roles
inventory:
links:
group_vars: ../../inventory/group_vars
host_vars: ../../inventory/host_vars
scenario:
name: pad
test_sequence:
- destroy
- create
- converge
- verify
- destroy
verifier:
name: testinfra
options:
v: True
s: True
lint:
name: flake8

5
requirements.in

@ -15,11 +15,6 @@ netaddr==0.7.19
openstacksdk==0.22.0
python-openstackclient==3.18.0
python-heatclient==1.17
#
# pytest is required otherwise molecule will indirectly pull an ancient version that will create problems when
# running tox, if specified in requirements-dev.in because egg-info will have a conflicting version.
# This should be removed at some point.
#
pytest==4.4.0
sh>=1.12
shade==1.30.0

24
setup.cfg

@ -40,25 +40,25 @@ data_files =
ansible.cfg
copy-playbook.yml
enough-playbook.yml
share/enough/molecule = molecule/*
share/enough/playbooks = playbooks/*
#
# Begin HACK
#
# find molecule/postfix/roles/debops.*/ molecule/postfix/roles -type l | while read i ; do test -d $i && echo $i ; done | perl -pe 's:(.*): share/enough/\1 = \1/*:'
# find playbooks/postfix/roles/debops.*/ playbooks/postfix/roles -type l | while read i ; do test -d $i && echo $i ; done | perl -pe 's:(.*): share/enough/\1 = \1/*:'
#
# See https://stackoverflow.com/questions/55976838/how-can-setup-py-sdist-dereference-symbolic-links for more information about
# why this is necesary.
#
share/enough/molecule/postfix/roles/debops.etc_aliases/env/defaults = molecule/postfix/roles/debops.etc_aliases/env/defaults/*
share/enough/molecule/postfix/roles/debops.opendkim/env/templates = molecule/postfix/roles/debops.opendkim/env/templates/*
share/enough/molecule/postfix/roles/debops.opendkim/env/defaults = molecule/postfix/roles/debops.opendkim/env/defaults/*
share/enough/molecule/postfix/roles/debops.postfix/env/templates = molecule/postfix/roles/debops.postfix/env/templates/*
share/enough/molecule/postfix/roles/debops.postfix/env/defaults = molecule/postfix/roles/debops.postfix/env/defaults/*
share/enough/molecule/postfix/roles/debops.etc_aliases = molecule/postfix/roles/debops.etc_aliases/*
share/enough/molecule/postfix/roles/debops.secret = molecule/postfix/roles/debops.secret/*
share/enough/molecule/postfix/roles/debops.opendkim = molecule/postfix/roles/debops.opendkim/*
share/enough/molecule/postfix/roles/debops.ansible_plugins = molecule/postfix/roles/debops.ansible_plugins/*
share/enough/molecule/postfix/roles/debops.postfix = molecule/postfix/roles/debops.postfix/*
share/enough/playbooks/postfix/roles/debops.etc_aliases/env/defaults = playbooks/postfix/roles/debops.etc_aliases/env/defaults/*
share/enough/playbooks/postfix/roles/debops.opendkim/env/templates = playbooks/postfix/roles/debops.opendkim/env/templates/*
share/enough/playbooks/postfix/roles/debops.opendkim/env/defaults = playbooks/postfix/roles/debops.opendkim/env/defaults/*
share/enough/playbooks/postfix/roles/debops.postfix/env/templates = playbooks/postfix/roles/debops.postfix/env/templates/*
share/enough/playbooks/postfix/roles/debops.postfix/env/defaults = playbooks/postfix/roles/debops.postfix/env/defaults/*
share/enough/playbooks/postfix/roles/debops.etc_aliases = playbooks/postfix/roles/debops.etc_aliases/*
share/enough/playbooks/postfix/roles/debops.secret = playbooks/postfix/roles/debops.secret/*
share/enough/playbooks/postfix/roles/debops.opendkim = playbooks/postfix/roles/debops.opendkim/*
share/enough/playbooks/postfix/roles/debops.ansible_plugins = playbooks/postfix/roles/debops.ansible_plugins/*
share/enough/playbooks/postfix/roles/debops.postfix = playbooks/postfix/roles/debops.postfix/*
#
# End HACK
#

2
tests/enough/common/test_ansible_utils.py

@ -7,7 +7,7 @@ from enough.common import ansible_utils
def test_get_variable():
defaults = yaml.load(open('molecule/api/roles/api/defaults/main.yml'))
defaults = yaml.load(open('playbooks/api/roles/api/defaults/main.yml'))
variable = 'api_admin_password'
ansible = ansible_utils.Ansible(settings.CONFIG_DIR, settings.SHARE_DIR)
value = ansible.get_variable('api', variable, 'api-host')

6
tox.ini

@ -23,18 +23,18 @@ commands = flake8 {posargs}
passenv =
ENOUGH_API_TOKEN
PYTEST_ADDOPTS
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={env:HOME}/.enough/{envname}.test/inventory {posargs:molecule/{envname}/tests}
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={env:HOME}/.enough/{envname}.test/inventory {posargs:playbooks/{envname}/tests}
[testenv:enough_nginx]
passenv =
ENOUGH_API_TOKEN
PYTEST_ADDOPTS
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={env:HOME}/.enough/{envname}.test/inventory {posargs:molecule/enough-nginx/tests}
commands = {envbindir}/py.test --log-cli-level INFO -s --ssh-identity-file=infrastructure_key --ansible-inventory={env:HOME}/.enough/{envname}.test/inventory {posargs:playbooks/enough-nginx/tests}
[testenv:docs]
commands = sphinx-build -W -vvv -b html docs build/html
[flake8]
exclude = venv,.tox,dist,doc,*.egg,build,docs/conf.py,src,molecule/debops*
exclude = venv,.tox,dist,doc,*.egg,build,docs/conf.py,src,playbooks/debops*
show-source = true
max_line_length = 100
Loading…
Cancel
Save