diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..7f85109 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,8 @@ +exclude_paths: + - ./box-example +parseable: true +quiet: true +skip_list: + - skip_linting +use_default_rules: true +verbosity: 1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f386fc0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +box-example/roles +*.retry +tempfile +local*.sh +.idea +__pycache__/ +**/*/__pycache__ +*.pyc diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..252d72e --- /dev/null +++ b/.travis.yml @@ -0,0 +1,105 @@ +--- +sudo: required + +env: + - distribution='ubuntu' + version='14.04' + init='/sbin/init' + run_opts='' + playbook='test.yml' + - distribution='ubuntu' + version='16.04' + init='/sbin/init' + run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' + playbook='test.yml' + - distribution='ubuntu' + version='18.04' + init='/sbin/init' + run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' + playbook='test.yml' +# - distribution='fedora' +# version='25' +# init='/usr/sbin/init' +# run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' +# playbook='test.yml' +# - distribution='fedora' +# version='26' +# init='/usr/sbin/init' +# run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' +# playbook='test.yml' +# - distribution='fedora' +# version='27' +# init='/usr/sbin/init' +# run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' +# playbook='test.yml' +# - distribution='fedora' +# version='28' +# init='/usr/sbin/init' +# run_opts='--security-opt seccomp=unconfined --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro' +# playbook='test.yml' +# - distribution='centos' +# version='7' +# init='/usr/lib/systemd/systemd' +# run_opts='--privileged' +# playbook='test.yml' +# - distribution: alpine +# version: 3.4 +# init: /sbin/init +# playbook: test.yml +# - distribution: alpine +# version: 3.5 +# init: /sbin/init +# playbook: test.yml +# - distribution: alpine +# version: 3.6 +# init: /sbin/init +# playbook: test.yml +# - distribution: alpine +# version: 3.7 +# init: /sbin/init +# playbook: test.yml + +# whitelist +branches: + only: + - master + - develop + +services: + - docker + +before_install: + # Pull container + - 'sudo docker pull ${distribution}:${version}' + # Customize container + - 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' + - 'sudo docker run --rm --privileged -v /:/host ${distribution}-${version}:ansible setup || true' + - 'sudo mkdir -p /tmp/cgroup/systemd && sudo mount -t cgroup systemd /tmp/cgroup/systemd -o ro,noexec,nosuid,nodev,none,name=systemd' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'echo sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} -t ${distribution}-${version}:ansible "${init}"' + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} -t ${distribution}-${version}:ansible "${init}" > "${container_id}"' + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} --syntax-check' + + # Ansible linting + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-lint -c /etc/ansible/roles/role_under_test/.ansible-lint /etc/ansible/roles/role_under_test || true' + + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook}' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/${playbook} + | grep -q 'unreachable=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up + - sudo docker stop "$(cat ${container_id})" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..c562672 --- /dev/null +++ b/README.md @@ -0,0 +1,70 @@ +sa-acme-sh +========== + +[![Build Status](https://travis-ci.com/softasap/sa-acme-sh.svg?branch=master)](https://travis-ci.com/softasap/sa-acme-sh) + + +Example of usage: + +Simple + +```YAML + + - { + role: "sa-acme-sh" + } + + +``` + +Advanced + +```YAML + + - { + role: "sa-acme-sh", + } + + +``` + + + +Usage with ansible galaxy workflow +---------------------------------- + +If you installed the `sa-acme-sh` role using the command + + +` + ansible-galaxy install softasap.sa-acme-sh +` + +the role will be available in the folder `library/softasap.sa-acme-sh` +Please adjust the path accordingly. + +```YAML + + - { + role: "softasap.sa-acme-sh" + } + +``` + + + + +Copyright and license +--------------------- + +Code is dual licensed under the [BSD 3 clause] (https://opensource.org/licenses/BSD-3-Clause) and the [MIT License] (http://opensource.org/licenses/MIT). Choose the one that suits you best. + +Reach us: + +Subscribe for roles updates at [FB] (https://www.facebook.com/SoftAsap/) + +Join gitter discussion channel at [Gitter](https://gitter.im/softasap) + +Discover other roles at http://www.softasap.com/roles/registry_generated.html + +visit our blog at http://www.softasap.com/blog/archive.html diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..f0f4bc7 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,36 @@ +--- +# defaults file for sa-acme-sh + +# defaults file for sa-dehydrated + + role_dir: "{{role_path}}" + + # Installation directory + le_base_install_dir: /opt + le_install_dir: "{{ le_base_install_dir }}/letsencrypt/" + le_wellknown_path: "/var/www/.well-known/acme-challenge" + + acmesh_version: 2.8.0 + + le_overrides: + - apache + - nginx + - haproxy + + # Let's Encrypt CA URL + #le_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" + + # Setup crob job + option_setup_cron: true + # Force certificates generation + option_run_once: true + # Leave prolongation endpoint website + option_leave_prolongation_endpoint: false + + # Domain list + le_domains: + - { + names: "voronenko.net www.voronenko.net", + nginx_config: "/etc/nginx/sites-available/voronenko_net" + } + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..12e6a70 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for sa-acme-sh \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..5d50bf4 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.4 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/molecule/Readme.md b/molecule/Readme.md new file mode 100644 index 0000000..5a2d407 --- /dev/null +++ b/molecule/Readme.md @@ -0,0 +1,10 @@ +Limit to specific distribution + +``` +env: + matrix: + - INSTANCE: platform-instance01 + - INSTANCE: platform-instance02 +script: + - molecule converge -- --limit="localhost,${INSTANCE}" +``` \ No newline at end of file diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..ca81c7b --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,17 @@ +******* +Vagrant driver installation guide +******* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop +* python-vagrant + +Install +======= + +.. code-block:: bash + + $ sudo pip install python-vagrant diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..f9316ec --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,44 @@ +--- +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +# lint: +# name: yamllint +platforms: + # - name: trusty + # box: ubuntu/trusty64 + # # interfaces: + # # - network_name: public_network + # # type: dhcp + # # auto_config: true + - name: xenial + box: ubuntu/xenial64 + #- name: bionic + # box: ubuntu/bionic64 + # interfaces: + # - network_name: public_network + # type: dhcp + # auto_config: true + # - name: centos6 + # box: centos/6 + #- name: centos7 + # box: centos/7 + # - name: fedora28 + # box: generic/fedora28 + # - name: alpine + # box: generic/alpine28 + + +provisioner: + name: ansible + # lint: + # name: ansible-lint +scenario: + name: default +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..405c4cf --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,16 @@ +--- +- name: Converge + hosts: all + + pre_tasks: + - debug: msg="Pre tasks section for {{ansible_host}}" + + - set_fact: + remote_ip_address: "{{ ansible_host }}" + + - include_vars: "playbook_vars.yml" + + roles: + - { + role: "sa-acme-sh" + } diff --git a/molecule/default/playbook_vars.yml b/molecule/default/playbook_vars.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/molecule/default/playbook_vars.yml @@ -0,0 +1 @@ +--- diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..4b18d48 --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Prepare + hosts: all + gather_facts: false + tasks: + - name: Install python for Ansible + raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) + become: true + changed_when: false diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/molecule/default/yaml-lint.yml b/molecule/default/yaml-lint.yml new file mode 100644 index 0000000..9097e58 --- /dev/null +++ b/molecule/default/yaml-lint.yml @@ -0,0 +1,6 @@ +--- +extends: default +rules: + line-length: + max: 120 + level: warning \ No newline at end of file diff --git a/molecule/requirements-dev.txt b/molecule/requirements-dev.txt new file mode 100644 index 0000000..2e82017 --- /dev/null +++ b/molecule/requirements-dev.txt @@ -0,0 +1,3 @@ +ansible==2.7.5 +ansible-lint==3.4.23 +molecule==2.19.0 diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..1f7bcc6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,3 @@ +--- +# tasks file for sa-acme-sh + - include_tasks: tasks_acme_sh.yml \ No newline at end of file diff --git a/tasks/tasks_acme_sh.yml b/tasks/tasks_acme_sh.yml new file mode 100644 index 0000000..1ac3259 --- /dev/null +++ b/tasks/tasks_acme_sh.yml @@ -0,0 +1,107 @@ +--- + - name: Lets Encrypt | Install dependencies + package: + name: "{{ item }}" + with_items: + - curl + - socat + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | Create user and home directory + user: + name: "le" + shell: "/bin/bash" + system: "yes" + home: "{{ le_install_dir }}" + createhome: True + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | Create letsencrypt '.acme-challenges' directory + file: + path: "{{ le_install_dir }}/.acme-challenges" + owner: "le" + state: "directory" + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | pki dir + file: + dest: '/etc/pki/acme' + owner: 'le' + group: 'le' + mode: '0755' + state: directory + tags: + - letsencrypt + + - name: Lets Encrypt | Download distribution + get_url: + url: "https://github.com/Neilpang/acme.sh/archive/{{acmesh_version}}.tar.gz" + dest: '/tmp/{{acmesh_version}}.tar.gz' + tags: + - letsencrypt + + - name: Lets Encrypt | Unpack distribution + unarchive: + src: "/tmp/{{acmesh_version}}.tar.gz" + dest: '{{ le_base_install_dir }}' + remote_src: yes + owner: 'le' + group: 'le' + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | Link current version + file: + src: "{{ le_base_install_dir }}/acme.sh-{{acmesh_version}}" + dest: "{{ le_install_dir }}" + state: link + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | Link binary globally + file: + src: "{{ le_install_dir }}/acme.sh" + dest: "/usr/local/bin/acme.sh" + state: link + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | Link binary globally + file: + src: "{{ le_install_dir }}/acme.sh" + dest: "/usr/local/bin/acme.sh" + state: link + become: yes + tags: + - letsencrypt + + - name: Lets Encrypt | sudoers rules + template: + src: "{{ role_dir }}/{{ item }}.overrides.j2" + dest: "/etc/sudoers.d/{{ item }}.overrides" + with_items: "{{ le_overrides }}" + become: yes + tags: + - letsencrypt + + +- name: "Enable sudo reload haproxy by letsencrypt" + template: + src: letsencrypt-restart-haproxy.j2 + dest: /etc/sudoers.d/20-letsencrypt-haproxy-restart + when: acme_sudo_reload_haproxy + +- name: "Enable sudo reload httpd by letsencrypt" + template: + src: letsencrypt-restart-httpd.j2 + dest: /etc/sudoers.d/20-letsencrypt-httpd-restart + when: acme_sudo_reload_httpd \ No newline at end of file diff --git a/templates/apache.overrides.j2 b/templates/apache.overrides.j2 new file mode 100644 index 0000000..1e41f80 --- /dev/null +++ b/templates/apache.overrides.j2 @@ -0,0 +1,22 @@ +# Enter this command to create a sudoers override/include file: +# sudo visudo -f /etc/sudoers.d/apache.overrides + +# (Make sure you actually have this in your /etc/sudoers - Run `sudo visudo` to check) +# #includedir /etc/sudoers.d + +# This file assumes your deployment user is `le` + + +Defaults !requiretty + +{% if ansible_os_family =="RedHat" %} +Cmnd_Alias APACHE_RELOAD = /bin/systemctl reload httpd +Cmnd_Alias APACHE_RESTART = /bin/systemctl restart httpd +{% elif ansible_os_family == "Debian" %} +Cmnd_Alias APACHE_RELOAD = /bin/systemctl reload apache2 +Cmnd_Alias APACHE_RESTART = /bin/systemctl restart apache2 +{% endif %} + +# No-Password Commands + +le ALL=NOPASSWD: APACHE_RESTART, APACHE_RELOAD \ No newline at end of file diff --git a/templates/haproxy.overrides.j2 b/templates/haproxy.overrides.j2 new file mode 100644 index 0000000..c59ba8b --- /dev/null +++ b/templates/haproxy.overrides.j2 @@ -0,0 +1,14 @@ +# Enter this command to create a sudoers override/include file: +# sudo visudo -f /etc/sudoers.d/haproxy.overrides + +# (Make sure you actually have this in your /etc/sudoers - Run `sudo visudo` to check) +# #includedir /etc/sudoers.d + +# This file assumes your deployment user is `le` + +# Nginx Commands +Cmnd_Alias HA_RESTART = /bin/systemctl reload haproxy +Cmnd_Alias HA_RELOAD = /bin/systemctl restart haproxy + +# No-Password Commands +le ALL=NOPASSWD: HA_RESTART, HA_RELOAD diff --git a/templates/nginx.overrides.j2 b/templates/nginx.overrides.j2 new file mode 100644 index 0000000..c831450 --- /dev/null +++ b/templates/nginx.overrides.j2 @@ -0,0 +1,14 @@ +# Enter this command to create a sudoers override/include file: +# sudo visudo -f /etc/sudoers.d/nginx.overrides + +# (Make sure you actually have this in your /etc/sudoers - Run `sudo visudo` to check) +# #includedir /etc/sudoers.d + +# This file assumes your deployment user is `le` + +# Nginx Commands +Cmnd_Alias NGINX_RESTART = /usr/sbin/service nginx restart +Cmnd_Alias NGINX_RELOAD = /usr/sbin/service nginx reload + +# No-Password Commands +le ALL=NOPASSWD: NGINX_RESTART, NGINX_RELOAD diff --git a/templates/sa_role.fact.j2 b/templates/sa_role.fact.j2 new file mode 100644 index 0000000..25c9656 --- /dev/null +++ b/templates/sa_role.fact.j2 @@ -0,0 +1,4 @@ +{ + "le_install_dir" : "{{le_install_dir}}", + "acmesh_version" : "{{acmesh_version}}", +} diff --git a/tests/Dockerfile.alpine-3.4 b/tests/Dockerfile.alpine-3.4 new file mode 100644 index 0000000..626d8cf --- /dev/null +++ b/tests/Dockerfile.alpine-3.4 @@ -0,0 +1,29 @@ +FROM alpine:3.4 + +ENV container docker + +RUN echo "===> (temporary) Installing sudo ..." && \ + apk --update add sudo && \ + \ + \ + echo "===> Adding Python runtime..." && \ + apk --update add python py-pip openssl ca-certificates && \ + apk --update add --virtual build-dependencies \ + python-dev libffi-dev openssl-dev build-base && \ + pip install --upgrade pip cffi && \ + \ + \ + echo "===> Installing Ansible..." && \ + pip install ansible ansible-lint && \ + \ + \ + echo "===> Removing package list..." && \ + apk del build-dependencies && \ + rm -rf /var/cache/apk/* + +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts + diff --git a/tests/Dockerfile.alpine-3.5 b/tests/Dockerfile.alpine-3.5 new file mode 100644 index 0000000..c19e79c --- /dev/null +++ b/tests/Dockerfile.alpine-3.5 @@ -0,0 +1,29 @@ +FROM alpine:3.5 + +ENV container docker + +RUN echo "===> (temporary) Installing sudo ..." && \ + apk --update add sudo && \ + \ + \ + echo "===> Adding Python runtime..." && \ + apk --update add python py-pip openssl ca-certificates && \ + apk --update add --virtual build-dependencies \ + python-dev libffi-dev openssl-dev build-base && \ + pip install --upgrade pip cffi && \ + \ + \ + echo "===> Installing Ansible..." && \ + pip install ansible ansible-lint && \ + \ + \ + echo "===> Removing package list..." && \ + apk del build-dependencies && \ + rm -rf /var/cache/apk/* + +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts + diff --git a/tests/Dockerfile.alpine-3.6 b/tests/Dockerfile.alpine-3.6 new file mode 100644 index 0000000..b3edbae --- /dev/null +++ b/tests/Dockerfile.alpine-3.6 @@ -0,0 +1,29 @@ +FROM alpine:3.6 + +ENV container docker + +RUN echo "===> (temporary) Installing sudo ..." && \ + apk --update add sudo && \ + \ + \ + echo "===> Adding Python runtime..." && \ + apk --update add python py-pip openssl ca-certificates && \ + apk --update add --virtual build-dependencies \ + python-dev libffi-dev openssl-dev build-base && \ + pip install --upgrade pip cffi && \ + \ + \ + echo "===> Installing Ansible..." && \ + pip install ansible ansible-lint && \ + \ + \ + echo "===> Removing package list..." && \ + apk del build-dependencies && \ + rm -rf /var/cache/apk/* + +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts + diff --git a/tests/Dockerfile.alpine-3.7 b/tests/Dockerfile.alpine-3.7 new file mode 100644 index 0000000..5bc241a --- /dev/null +++ b/tests/Dockerfile.alpine-3.7 @@ -0,0 +1,29 @@ +FROM alpine:3.7 + +ENV container docker + +RUN echo "===> (temporary) Installing sudo ..." && \ + apk --update add sudo && \ + \ + \ + echo "===> Adding Python runtime..." && \ + apk --update add python py-pip openssl ca-certificates && \ + apk --update add --virtual build-dependencies \ + python-dev libffi-dev openssl-dev build-base && \ + pip install --upgrade pip cffi && \ + \ + \ + echo "===> Installing Ansible..." && \ + pip install ansible ansible-lint && \ + \ + \ + echo "===> Removing package list..." && \ + apk del build-dependencies && \ + rm -rf /var/cache/apk/* + +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts + diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 new file mode 100644 index 0000000..38ee516 --- /dev/null +++ b/tests/Dockerfile.centos-6 @@ -0,0 +1,14 @@ + +FROM centos:6.8 + +ENV container docker + +RUN rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm + +# Install Ansible +RUN yum -y install ansible ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.centos-7 b/tests/Dockerfile.centos-7 new file mode 100644 index 0000000..5ac5c59 --- /dev/null +++ b/tests/Dockerfile.centos-7 @@ -0,0 +1,15 @@ + +FROM centos:7 + +ENV container docker + +RUN rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm + +# Install Ansible +RUN yum -y install sudo python-pip +RUN pip install -U ansible==2.5.2 ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.fedora-25 b/tests/Dockerfile.fedora-25 new file mode 100644 index 0000000..12bbab7 --- /dev/null +++ b/tests/Dockerfile.fedora-25 @@ -0,0 +1,32 @@ + +FROM fedora:25 + +ENV container docker + +RUN dnf -y update && dnf install -y findutils + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN systemctl set-default multi-user.target + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Install Ansible +RUN dnf -y update +RUN dnf install -y python2 python-pip python2-dnf libselinux-python sudo +RUN dnf -y install ansible +RUN pip install -U ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.fedora-26 b/tests/Dockerfile.fedora-26 new file mode 100644 index 0000000..d1e21ac --- /dev/null +++ b/tests/Dockerfile.fedora-26 @@ -0,0 +1,32 @@ + +FROM fedora:26 + +ENV container docker + +RUN dnf -y update && dnf install -y findutils + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN systemctl set-default multi-user.target + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Install Ansible +RUN dnf -y update +RUN dnf install -y python2 python2-dnf python-pip libselinux-python sudo +RUN dnf -y install ansible-2.5.2-1.fc26 +RUN pip install -U ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.fedora-27 b/tests/Dockerfile.fedora-27 new file mode 100644 index 0000000..7f2b146 --- /dev/null +++ b/tests/Dockerfile.fedora-27 @@ -0,0 +1,31 @@ + +FROM fedora:27 + +ENV container docker + +RUN dnf -y update && dnf install -y findutils + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN systemctl set-default multi-user.target + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Install Ansible +RUN dnf -y update +RUN dnf install -y python2 python-pip python2-dnf libselinux-python sudo +RUN pip install -U ansible==2.5.2 ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.fedora-28 b/tests/Dockerfile.fedora-28 new file mode 100644 index 0000000..39ce5c2 --- /dev/null +++ b/tests/Dockerfile.fedora-28 @@ -0,0 +1,31 @@ + +FROM fedora:28 + +ENV container docker + +RUN dnf -y update && dnf install -y findutils + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN systemctl set-default multi-user.target + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Install Ansible +RUN dnf -y update +RUN dnf install -y python2 python2-dnf python-pip libselinux-python sudo +RUN pip install -U ansible==2.5.2 ansible-lint +RUN mkdir -p /etc/ansible + +# Install Ansible inventory file +RUN echo "[local]" > /etc/ansible/hosts +RUN echo "localhost ansible_connection=local" >> /etc/ansible/hosts diff --git a/tests/Dockerfile.ubuntu-14.04 b/tests/Dockerfile.ubuntu-14.04 new file mode 100644 index 0000000..0f8b1c2 --- /dev/null +++ b/tests/Dockerfile.ubuntu-14.04 @@ -0,0 +1,24 @@ + +FROM ubuntu:14.04 + +ENV container docker + +RUN apt-get update + +# Install Ansible +RUN apt-get update -y +RUN apt-get upgrade -y +RUN apt-get install -y software-properties-common curl git python-dev wget apt-transport-https libffi-dev libssl-dev +RUN apt-get install -y python-pip +RUN pip install -U pip +RUN pip install ansible ansible-lint pyopenssl ndg-httpsclient pyasn1 urllib3 +RUN mkdir -p /etc/ansible + +# setup tools 3.3 conflict +RUN wget https://bootstrap.pypa.io/ez_setup.py -O - | python + +#COPY initctl_faker . +#RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/tests/Dockerfile.ubuntu-16.04 b/tests/Dockerfile.ubuntu-16.04 new file mode 100644 index 0000000..519707d --- /dev/null +++ b/tests/Dockerfile.ubuntu-16.04 @@ -0,0 +1,49 @@ + +FROM ubuntu:16.04 + +# SystemD mock + +ENV container docker + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN apt-get update && \ + apt-get install -y \ + dbus sudo && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN systemctl set-default multi-user.target + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Workaround for docker/docker#27202, technique based on comments from docker/docker#9212 +CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=journal 3>&1"] + +# Install Ansible +RUN apt-get update -y +RUN apt-get install -y software-properties-common git python-dev wget apt-transport-https libffi-dev libssl-dev +RUN apt-get install -y python-pip +RUN pip install -U pip +RUN pip install ansible ansible-lint +RUN mkdir -p /etc/ansible + +# setup tools 3.3 conflict +RUN wget https://bootstrap.pypa.io/ez_setup.py -O - | python + +RUN mkdir -p /home/root/Desktop + +#COPY initctl_faker . +#RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/tests/Dockerfile.ubuntu-18.04 b/tests/Dockerfile.ubuntu-18.04 new file mode 100644 index 0000000..3a818b8 --- /dev/null +++ b/tests/Dockerfile.ubuntu-18.04 @@ -0,0 +1,48 @@ +FROM ubuntu:18.04 + +ENV container docker + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; + +RUN apt-get update && \ + apt-get install -y \ + dbus systemd iproute2 sudo && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN systemctl set-default multi-user.target +RUN systemctl mask dev-hugepages.mount sys-fs-fuse-connections.mount + +COPY setup /sbin/ + +STOPSIGNAL SIGRTMIN+3 + +# Workaround for docker/docker#27202, technique based on comments from docker/docker#9212 +CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=journal 3>&1"] + +# Install Ansible +RUN apt-get update -y +RUN apt-get upgrade -y +RUN apt-get install -y software-properties-common git python-dev wget apt-transport-https libffi-dev libssl-dev +RUN apt-get install -y python-pip +RUN pip install -U pip +RUN pip install ansible ansible-lint +RUN mkdir -p /etc/ansible + +# setup tools 3.3 conflict +RUN wget https://bootstrap.pypa.io/ez_setup.py -O - | python + +RUN mkdir -p /home/root/Desktop + +#COPY initctl_faker . +#RUN chmod +x initctl_faker && rm -fr /sbin/initctl && ln -s /initctl_faker /sbin/initctl + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/tests/initctl_faker b/tests/initctl_faker new file mode 100644 index 0000000..a2267f3 --- /dev/null +++ b/tests/initctl_faker @@ -0,0 +1,23 @@ +#!/bin/sh +ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" + +case "$ALIAS_CMD" in + start|stop|restart|reload|status) + exec service $1 $ALIAS_CMD + ;; +esac + +case "$1" in + list ) + exec service --status-all + ;; + reload-configuration ) + exec service $2 restart + ;; + start|stop|restart|reload|status) + exec service $2 $1 + ;; + \?) + exit 0 + ;; +esac diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..8eab666 --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ + +localhost diff --git a/tests/setup b/tests/setup new file mode 100755 index 0000000..a3f8122 --- /dev/null +++ b/tests/setup @@ -0,0 +1,17 @@ +#!/bin/sh +set -eu + +if nsenter --mount=/host/proc/1/ns/mnt -- mount | grep /sys/fs/cgroup/systemd >/dev/null 2>&1; then + echo 'The systemd cgroup hierarchy is already mounted at /sys/fs/cgroup/systemd.' +else + if [ -d /host/sys/fs/cgroup/systemd ]; then + echo 'The mount point for the systemd cgroup hierarchy already exists at /sys/fs/cgroup/systemd.' + else + echo 'Creating the mount point for the systemd cgroup hierarchy at /sys/fs/cgroup/systemd.' + mkdir -p /host/sys/fs/cgroup/systemd + fi + + echo 'Mounting the systemd cgroup hierarchy.' + nsenter --mount=/host/proc/1/ns/mnt -- mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd +fi +echo 'Your Docker host is now configured for running systemd containers!' diff --git a/tests/setup_local.sh b/tests/setup_local.sh new file mode 100755 index 0000000..a43dd5a --- /dev/null +++ b/tests/setup_local.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -eu + +if nsenter --mount=/proc/1/ns/mnt -- mount | grep /sys/fs/cgroup/systemd >/dev/null 2>&1; then + echo 'The systemd cgroup hierarchy is already mounted at /sys/fs/cgroup/systemd.' +else + if [ -d /sys/fs/cgroup/systemd ]; then + echo 'The mount point for the systemd cgroup hierarchy already exists at /sys/fs/cgroup/systemd.' + else + echo 'Creating the mount point for the systemd cgroup hierarchy at /sys/fs/cgroup/systemd.' + mkdir -p /sys/fs/cgroup/systemd + fi + + echo 'Mounting the systemd cgroup hierarchy.' + nsenter --mount=/proc/1/ns/mnt -- mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd +fi +echo 'Your Docker host is now configured for running systemd containers!' diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..4c047b8 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + roles: + - { + role: "role_under_test", + firewall_used: docker, + docker_test: true + } diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..826d64e --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for sa-acme-sh \ No newline at end of file diff --git a/version.txt b/version.txt new file mode 100644 index 0000000..8acdd82 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +0.0.1