diff --git a/Inventories/vagrant/hosts.yaml b/Inventories/vagrant/hosts.yaml index 014ecb3..4e48cbd 100644 --- a/Inventories/vagrant/hosts.yaml +++ b/Inventories/vagrant/hosts.yaml @@ -1,7 +1,7 @@ --- bastion: hosts: - bastion.local: + bastion.vagrant: ansible_host: 127.0.0.1 ansible_port: 42222 vars: @@ -10,7 +10,7 @@ bastion: database: hosts: - database.local: + database.vagrant: ansible_host: 127.0.0.1 ansible_port: 52222 vars: diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..08e93c9 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.1.0-beta1 \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile index 905236b..0a26dea 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,6 +15,13 @@ def serverIP(num) end Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # Populate boxes hosts file + # config.hostmanager.enabled = true + # config.hostmanager.manage_host = false + # config.hostmanager.manage_guest = true + # config.hostmanager.ignore_private_ip = false + # config.hostmanager.include_offline = true + boxes.each do |boxes| NUMBER = 1 config.vm.define boxes['name'] do |srv| @@ -23,7 +30,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| srv.vm.box_version = boxes['box_version'] if boxes.key? 'box_version' srv.vm.box_url = boxes['box_url'] if boxes.key? 'box_url' srv.vm.hostname = boxes['hostname'] - + # srv.hostmanager.aliases = ["#{boxes['hostname']}.localdomain", boxes['hostname']] + # Networking. By default a NAT interface is added. # Add an internal network like this: # srv.vm.network 'private_network', type: 'dhcp', virtualbox__intnet: true @@ -36,9 +44,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end end - # if boxes['ssh_port'] - # srv.vm.network :forwarded_port, guest: 22, host: boxes['ssh_port'], host_ip: '127.0.0.1', id: 'ssh' - # end + # Set private network insterface + srv.vm.network :private_network, ip: serverIP(NUMBER) # Copy software packages to tmp if boxes['forward_port'] @@ -47,9 +54,6 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end end - # Set private network insterface - srv.vm.network :private_network, ip: serverIP(NUMBER) - # VirtualBox srv.vm.provider 'virtualbox' do |vb| vb.customize ['modifyvm', :id, '--cpus', boxes['cpus']] if boxes.key? 'cpus' @@ -69,8 +73,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| # Copy cloud-init files to tmp and provision if boxes['provision'] - srv.vm.provision :file, :source => boxes['provision']['meta-data'], :destination => '/tmp/vagrant/cloud-init/nocloud/meta-data' - srv.vm.provision :file, :source => boxes['provision']['user-data'], :destination => '/tmp/vagrant/cloud-init/nocloud/user-data' + srv.vm.provision :file, :source => boxes['provision']['meta-data'], :destination => '/tmp/vagrant/cloud-init/nocloud-net/meta-data' + srv.vm.provision :file, :source => boxes['provision']['user-data'], :destination => '/tmp/vagrant/cloud-init/nocloud-net/user-data' srv.vm.provision :shell, :path => boxes['provision']['cloud-init'], :args => boxes['name'] end @@ -85,12 +89,18 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| rsync__exclude: ['.vagrant/', '.vscode/', '.git/'] srv.vm.provision "ansible_local" do |ansible| + ansible.verbose="vvv" ansible.become = true ansible.verbose = true ansible.playbook = boxes['ansible']['playbook'] ansible.galaxy_roles_path = '/vagrant/roles' ansible.galaxy_role_file = "requirements.yaml" - ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3", ansible_stdout_callback: "debug"} + # ansible.install_mode = "pip3_args_only" + # ansible.pip_args = "-r requirements.txt" + # ansible.extra_vars = { + # ansible_python_interpreter: "/usr/bin/env python3", + # ansible_stdout_callback: "debug" + # } end else diff --git a/ansible.cfg b/ansible.cfg index c45b65a..92c511b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,2 +1,3 @@ [defaults] remote_tmp = /tmp +intepreter_python=/usr/bin/python3 \ No newline at end of file diff --git a/hack/cloud-init/nocloud/meta-data.yaml b/hack/cloud-init/nocloud-net/meta-data.yaml similarity index 81% rename from hack/cloud-init/nocloud/meta-data.yaml rename to hack/cloud-init/nocloud-net/meta-data.yaml index 122bb14..b7a788d 100644 --- a/hack/cloud-init/nocloud/meta-data.yaml +++ b/hack/cloud-init/nocloud-net/meta-data.yaml @@ -1,6 +1,6 @@ instance-id: 0001 hostname: localhost machine: x86_64 -platform: nocloud +platform: nocloud-net region: localhost availability-zone: null \ No newline at end of file diff --git a/hack/cloud-init/nocloud/user-data_bastion.yaml b/hack/cloud-init/nocloud-net/user-data_bastion.yaml similarity index 94% rename from hack/cloud-init/nocloud/user-data_bastion.yaml rename to hack/cloud-init/nocloud-net/user-data_bastion.yaml index 01219c0..71c40cb 100644 --- a/hack/cloud-init/nocloud/user-data_bastion.yaml +++ b/hack/cloud-init/nocloud-net/user-data_bastion.yaml @@ -62,6 +62,11 @@ packages: - python3-pip - python3-setuptools - libselinux-python3 + # Python 2 + - python + - python-pip + - python-setuptools + - libselinux-python # Docker engine - docker-ce - docker-ce-cli diff --git a/hack/cloud-init/nocloud/user-data_database.yaml b/hack/cloud-init/nocloud-net/user-data_database.yaml similarity index 92% rename from hack/cloud-init/nocloud/user-data_database.yaml rename to hack/cloud-init/nocloud-net/user-data_database.yaml index ea33937..adfd60e 100644 --- a/hack/cloud-init/nocloud/user-data_database.yaml +++ b/hack/cloud-init/nocloud-net/user-data_database.yaml @@ -48,7 +48,11 @@ packages: - python3-pip - python3-setuptools - libselinux-python3 - + # Python 2 + - python + - python-pip + - python-setuptools + - libselinux-python runcmd: # Install Ansible - ['/usr/bin/pip3', 'install', 'ansible==2.9'] \ No newline at end of file diff --git a/hack/local-up-vagrant.sh b/hack/local-up-vagrant.sh index 169e397..1f02d02 100644 --- a/hack/local-up-vagrant.sh +++ b/hack/local-up-vagrant.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash export VAGRANT_WSL_ENABLE_WINDOWS_ACCESS="1" +vagrant plugin install vagrant-scp && \ +vagrant plugin install vagrant-hostmanager && \ vagrant up \ No newline at end of file diff --git a/hack/terraform/provider/virtualbox/main.tf b/hack/terraform/provider/virtualbox/main.tf index aeb8f2f..40b1d6f 100644 --- a/hack/terraform/provider/virtualbox/main.tf +++ b/hack/terraform/provider/virtualbox/main.tf @@ -4,7 +4,7 @@ resource "virtualbox_vm" "bastion" { image = var.bastion_image cpus = var.bastion_cpu memory = var.bastion_memory + " mib" - user_data = file("../../../cloud-init/nocloud/user-data_bastion.yaml") + user_data = file("../../../cloud-init/nocloud-net/user-data_bastion.yaml") network_adapter { type = "hostonly" @@ -18,7 +18,7 @@ resource "virtualbox_vm" "database" { image = var.database_image cpus = var.database_cpu memory = var.database_memory + " mib" - user_data = file("../../../cloud-init/nocloud/user-data_database.yaml") + user_data = file("../../../cloud-init/nocloud-net/user-data_database.yaml") network_adapter { type = "hostonly" diff --git a/hack/vagrant/boxes-ansible.example b/hack/vagrant/boxes-ansible.example index 7f233cf..e03231c 100644 --- a/hack/vagrant/boxes-ansible.example +++ b/hack/vagrant/boxes-ansible.example @@ -1,6 +1,6 @@ --- - name: database - hostname: database.local + hostname: database.vagrant description: Sybase Database server box: generic/centos7 box_version: "3.1.8" @@ -16,14 +16,14 @@ port: 5000 expose: 5000 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_database.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_database.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh ansible: playbook: ./hack/vagrant/playbook_database.yaml - name: bastion - hostname: bastion.local + hostname: bastion.vagrant description: Bastion server box: generic/centos7 box_version: "3.1.8" @@ -36,8 +36,8 @@ port: 22 expose: 42222 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_bastion.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_bastion.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh ansible: playbook: ./hack/vagrant/playbook_bastion.yaml \ No newline at end of file diff --git a/hack/vagrant/boxes-scripted.example b/hack/vagrant/boxes-scripted.example index 80fed27..d8f5785 100644 --- a/hack/vagrant/boxes-scripted.example +++ b/hack/vagrant/boxes-scripted.example @@ -1,6 +1,6 @@ --- - name: database - hostname: database.local + hostname: database.vagrant description: Sybase Database server box: generic/centos7 box_version: "3.1.8" @@ -13,8 +13,8 @@ port: 22 expose: 42222 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_database.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_database.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh packages: - ./hack/vagrant/packages/ASE_Suite.linuxamd64.tgz @@ -30,7 +30,7 @@ install: ./hack/vagrant/scripts/install-ASE.sh - name: bastion - hostname: bastion.local + hostname: bastion.vagrant description: Bastion server box: generic/centos7 box_version: "3.1.8" @@ -46,8 +46,8 @@ port: 5000 expose: 5000 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_bastion.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_bastion.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh packages: - ./hack/vagrant/packages/ASE_Suite.linuxamd64.tgz diff --git a/hack/vagrant/boxes.yaml b/hack/vagrant/boxes.yaml index 1ff9538..480838b 100644 --- a/hack/vagrant/boxes.yaml +++ b/hack/vagrant/boxes.yaml @@ -1,9 +1,9 @@ --- - name: database - hostname: database.local + hostname: database.vagrant description: Sybase Database server box: generic/centos7 - box_version: "3.1.10" + box_version: "3.1.12" paravirtprovider: hyperv cpus: 2 memory: 4096 @@ -15,17 +15,17 @@ port: 5000 expose: 5000 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_database.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_database.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh ansible: playbook: ./hack/vagrant/playbook_database.yaml - name: bastion - hostname: bastion.local + hostname: bastion.vagrant description: Bastion server box: generic/centos7 - box_version: "3.1.10" + box_version: "3.1.12" paravirtprovider: hyperv cpus: 1 memory: 1024 @@ -34,8 +34,8 @@ port: 22 expose: 42222 provision: - meta-data: ./hack/cloud-init/nocloud/meta-data.yaml - user-data: ./hack/cloud-init/nocloud/user-data_bastion.yaml + meta-data: ./hack/cloud-init/nocloud-net/meta-data.yaml + user-data: ./hack/cloud-init/nocloud-net/user-data_bastion.yaml cloud-init: ./hack/vagrant/scripts/cloud-init.sh ansible: playbook: ./hack/vagrant/playbook_bastion.yaml \ No newline at end of file diff --git a/hack/vagrant/playbook_bastion.yaml b/hack/vagrant/playbook_bastion.yaml index 7d00330..bcb038b 100644 --- a/hack/vagrant/playbook_bastion.yaml +++ b/hack/vagrant/playbook_bastion.yaml @@ -1,6 +1,8 @@ - hosts: bastion gather_facts: false + vars: roles: + - common-firewall - sybase-ocs - openjdk-8 - liquibase \ No newline at end of file diff --git a/hack/vagrant/playbook_database.yaml b/hack/vagrant/playbook_database.yaml index 2710736..4b0b82d 100644 --- a/hack/vagrant/playbook_database.yaml +++ b/hack/vagrant/playbook_database.yaml @@ -1,4 +1,5 @@ - hosts: database gather_facts: false roles: + - common-firewall - sybase-ase \ No newline at end of file diff --git a/hack/vagrant/scripts/cloud-init.sh b/hack/vagrant/scripts/cloud-init.sh index b944a00..d5218dc 100644 --- a/hack/vagrant/scripts/cloud-init.sh +++ b/hack/vagrant/scripts/cloud-init.sh @@ -3,9 +3,9 @@ set -ex SUCCESS_INDICATOR=/opt/.vagrant_provision_success -DATA_SOURCE=/var/lib/cloud/seed/nocloud -META_DATA=/tmp/vagrant/cloud-init/nocloud/meta-data -USER_DATA=/tmp/vagrant/cloud-init/nocloud/user-data +DATA_SOURCE=/var/lib/cloud/seed/nocloud-net +META_DATA=/tmp/vagrant/cloud-init/nocloud-net/meta-data +USER_DATA=/tmp/vagrant/cloud-init/nocloud-net/user-data # confirm this is a centos box [[ ! -f /etc/centos-release ]] && exit 1 @@ -13,7 +13,31 @@ USER_DATA=/tmp/vagrant/cloud-init/nocloud/user-data # check if vagrant_provision has run before [[ -f $SUCCESS_INDICATOR ]] && exit 0 -yum install -y epel-release cloud-init +yum install -y epel-release +yum install -y cloud-init avahi avahi-tools nss-mdns + +# HACK: mDNS has an issue where other clients cannot resolve this host after vagrant halt/suspend +hostname "$1" + +# enable Multicast DNS +sed -i.bak -e 's/^hosts:.*/hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4/g' /etc/nsswitch.conf +systemctl restart avahi-daemon +systemctl enable avahi-daemon + +# HACK: mDNS has an issue where other clients cannot resolve this host after vagrant halt/suspend +cat << EOF > /etc/NetworkManager/dispatcher.d/ifup-local +#!/bin/sh +case "\$1" in + eth*) + # Record event in /var/log/messages + logger "\$1 has come up... resetting hostname to $1 and restarting avahi-daemon.service - this is a hack" + hostname "$1" + systemctl restart avahi-daemon.service + ;; +esac +exit 0 +EOF +chmod 700 /etc/NetworkManager/dispatcher.d/ifup-local # write cloud-init files mkdir -p $DATA_SOURCE diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..91af873 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,5 @@ +ansible==2.9.15 +boto3==1.16.30 +boto==2.49.0 +lxml==4.6.2 +jinja2==2.11.2 \ No newline at end of file diff --git a/roles/common-firewall/defaults/main.yaml b/roles/common-firewall/defaults/main.yaml new file mode 100644 index 0000000..c6a992c --- /dev/null +++ b/roles/common-firewall/defaults/main.yaml @@ -0,0 +1,10 @@ +firewall: + enabled: true + zones: + - zone: trusted + interface: eth1 + rules: + - zone: trusted + service: mdns + - zone: public + service: mdns diff --git a/roles/common-firewall/handlers/main.yaml b/roles/common-firewall/handlers/main.yaml new file mode 100644 index 0000000..d192e0e --- /dev/null +++ b/roles/common-firewall/handlers/main.yaml @@ -0,0 +1,12 @@ +- name: Reload firewall rules + command: firewall-cmd --reload + +- name: Restart firewalld + service: + name: firewalld + state: restarted + +- name: Restart network + service: + name: network + state: restarted diff --git a/roles/common-firewall/tasks/main.yaml b/roles/common-firewall/tasks/main.yaml new file mode 100644 index 0000000..4d8f5ec --- /dev/null +++ b/roles/common-firewall/tasks/main.yaml @@ -0,0 +1,34 @@ +- name: Manage firewalld service + systemd: + name: firewalld + state: "{{ firewall.enabled | ternary('started','stopped') }}" + enabled: "{{ firewall.enabled }}" + tags: + - common + - firewall + +- name: Configure firewalld zones + firewalld: + zone: "{{ item.zone|default('public') }}" + permanent: "{{ item.permanent|default('yes') }}" + interface: "{{ item.interface }}" + state: "{{ item.state|default('enabled') }}" + loop: "{{ firewall.zones }}" + when: firewall.enabled + notify: Reload firewall rules + tags: + - common + - firewall + +- name: Configure firewalld rules + firewalld: + zone: "{{ item.zone|default('public') }}" + permanent: "{{ item.permanent|default('yes') }}" + service: "{{ item.service }}" + state: "{{ item.state|default('enabled') }}" + loop: "{{ firewall.rules }}" + when: firewall.enabled + notify: Reload firewall rules + tags: + - common + - firewall \ No newline at end of file diff --git a/roles/sybase-ase/handlers/main.yaml b/roles/sybase-ase/handlers/main.yaml new file mode 100644 index 0000000..d192e0e --- /dev/null +++ b/roles/sybase-ase/handlers/main.yaml @@ -0,0 +1,12 @@ +- name: Reload firewall rules + command: firewall-cmd --reload + +- name: Restart firewalld + service: + name: firewalld + state: restarted + +- name: Restart network + service: + name: network + state: restarted diff --git a/roles/sybase-ase/tasks/firewall.yaml b/roles/sybase-ase/tasks/firewall.yaml index 8b81404..8832569 100644 --- a/roles/sybase-ase/tasks/firewall.yaml +++ b/roles/sybase-ase/tasks/firewall.yaml @@ -1,21 +1,17 @@ -- name: Disable firewalld - service: - name: firewalld - state: stopped - enabled: no +- name: Enable Sybase server port in Firewalld + firewalld: + port: "{{ sybase.networking.port }}/tcp" + permanent: true + state: enabled + zone: public + notify: restart-firewalld + #when: firewall.enabled -# - name: Enable Sybase server port in Firewalld -# firewalld: -# port: "{{ sybase.networking.port }}/tcp" -# permanent: true -# state: enabled -# zone: public -# notify: restart-firewalld - -# - name: Enable Sybase backup server port in Firewalld -# firewalld: -# port: "{{ sybase.networking.backup_port }}/tcp" -# permanent: true -# state: enabled -# zone: public -# notify: restart-firewalld +- name: Enable Sybase backup server port in Firewalld + firewalld: + port: "{{ sybase.networking.backup_port }}/tcp" + permanent: true + state: enabled + zone: public + notify: Reload firewall rules + #when: firewall.enabled \ No newline at end of file diff --git a/roles/sybase-ocs/defaults/main.yaml b/roles/sybase-ocs/defaults/main.yaml index cd9d5fd..d0d8a2e 100644 --- a/roles/sybase-ocs/defaults/main.yaml +++ b/roles/sybase-ocs/defaults/main.yaml @@ -22,7 +22,7 @@ sybase: features: 'fopen_client,fdblib,fjconnect70,fsysam_util,fscc_server,fasemap,fase_snmp_agent' networking: # Sybase listen ports - interface: '0.0.0.0' + interface: 'database.local' port: '5000' backup_port: '5001' # Name of the database server to add in the ${SYBASE}/interfaces