diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..ee8cbbe --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,82 @@ +--- +# .ansible-lint + +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .env/ + - .github/ + - .pre-commit-config.yaml + - .pre-commit-hooks.yaml + +# parseable: true +# verbosity: 1 +quiet: true + +# Mock modules or roles in order to pass ansible-playbook --syntax-check +# mock_modules: +# - zuul_return +# # note the foo.bar is invalid as being neither a module or a collection +# - fake_namespace.fake_collection.fake_module +# - fake_namespace.fake_collection.fake_module.fake_submodule +# mock_roles: +# - mocked_role +# - author.role_name # old standalone galaxy role +# - fake_namespace.fake_collection.fake_role # role within a collection + +# Enable checking of loop variable prefixes in roles +loop_var_prefix: "microk8s_" + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +var_naming_pattern: "^[_]*microk8s_[a-z][a-z0-9_]*$" + +use_default_rules: true + +# This makes linter to fully ignore rules/tags listed below +# skip_list: +# - skip_this_tag +# - git-latest + +# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is +# mentioned in the enable_list: +enable_list: + - fqcn-builtins # opt-in + - no-log-password # opt-in + - no-same-owner # opt-in + # - yaml +# Report only a subset of tags and fully ignore any others +# tags: +# - var-spacing + +# This makes the linter display but not fail for rules/tags listed below: +# warn_list: +# - skip_this_tag +# - git-latest +# - experimental # experimental is included in the implicit list +# # - role-name + +# Offline mode disables installation of requirements.yml +# offline: false + +# Define required Ansible's variables to satisfy syntax check +extra_vars: + # foo: bar + # multiline_string_variable: | + # line1 + # line2 + # complex_variable: ":{;\t$()" + +# Uncomment to enforce action validation with tasks, usually is not +# needed as Ansible syntax check also covers it. +# skip_action_validation: false + +# List of additional kind:pattern to be added at the top of the default +# match list, first match determines the file kind. +# kinds: + # - playbook: "**/examples/*.{yml,yaml}" + # - galaxy: "**/folder/galaxy.yml" + # - tasks: "**/tasks/*.yml" + # - vars: "**/vars/*.yml" + # - meta: "**/meta/main.yml" +... diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index c30c09d..0000000 --- a/.editorconfig +++ /dev/null @@ -1,27 +0,0 @@ -# EditorConfig: http://EditorConfig.org - -# top-most EditorConfig file -root = true - -# Defaults for all editor files -[*] -insert_final_newline = true -indent_style = space -indent_size = 4 -trim_trailing_whitespace = true - -# YAML is fussy about indenting and charset -[*.yml] -indent_style = space -indent_size = 2 -continuation_indent_size = unset -charset = utf-8 - -# Markdown is fussy about indenting -[*.md] -indent_style = space -indent_size = 4 - -# Jinja2 template files -[*.j2] -end_of_line = lf diff --git a/.gitattributes b/.gitattributes index ea7ae0f..096fbde 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,47 +1,2 @@ - -# Set the default behavior, in case people don't have core.autocrlf set. -* text=auto - -# Explicitly declare text files you want to always be normalized and converted -# to native line endings on checkout. -LICENSE text -.editorconfig text -.gitattributes text -.gitignore text -.yamllint text -*.cfg text -*.css text -*.htm text -*.html text -*.js text -*.json text -*.less text -*.md text -*.py text -*.scss text -*.ts text -*.txt text -*.xhtml text -*.xml text -*.yaml text -*.yml text - -# Declare files that will always have CRLF line endings on checkout. -*.bat text eol=crlf -*.cmd text eol=crlf - -# Declare files that will always have LF line endings on checkout. -*.conf eol=lf -*.desktop eol=lf -*.j2 eol=lf -*.service eol=lf -*.sh text eol=lf - -# Denote all files that are truly binary and should not be modified. -*.eot binary -*.gif binary -*.jpeg binary -*.jpg binary -*.png binary -*.tff binary -*.woff binary +*.yml linguist-detectable +*.yaml linguist-detectable diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..e988024 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,3 @@ +--- +github: ckaserer +... diff --git a/.github/workflows/1-develop.yml b/.github/workflows/1-develop.yml new file mode 100644 index 0000000..c01376b --- /dev/null +++ b/.github/workflows/1-develop.yml @@ -0,0 +1,109 @@ +--- +name: Develop + +'on': + push: + branches: + - develop + workflow_dispatch: + +jobs: + ansible-linter: + name: Ansible Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install ansible-lint Dependencies + run: pip3 install ansible ansible-base ansible-lint + + - name: Lint Code Base with ansible-lint + run: ansible-lint + + pre-commit: + name: pre-commit + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Run pre-commit + uses: pre-commit/action@v2.0.3 + + super-linter: + name: Github Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Lint Code Base with github super-linter + uses: github/super-linter@v4 + env: + VALIDATE_ALL_CODEBASE: true + FILTER_REGEX_EXCLUDE: '.*.md' + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + yaml-linter: + name: YAML Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install yamllint Dependencies + run: pip3 install yamllint + + - name: Lint Code Base with yamllint + run: yamllint . + + pull-request: + name: Pull Request + runs-on: ubuntu-latest + needs: + - ansible-linter + - pre-commit + - super-linter + - yaml-linter + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v3 + with: + branch: main + token: ${{ secrets.PAT }} + + notify: + name: Slack Notifications + runs-on: ubuntu-latest + if: ${{ failure() }} + needs: + - pull-request + steps: + - name: Notify Slack channel on failure + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_ICON: https://github.com/ckaserer/logos/raw/master/ansible.png + SLACK_USERNAME: ${{ github.repository }} + SLACK_COLOR: '#ff0033' + SLACK_FOOTER: '' +... diff --git a/.github/workflows/2-pull-request.yml b/.github/workflows/2-pull-request.yml new file mode 100644 index 0000000..5ee745f --- /dev/null +++ b/.github/workflows/2-pull-request.yml @@ -0,0 +1,91 @@ +--- +name: Pull Request + +'on': + pull_request: + +jobs: + ansible-linter: + name: Ansible Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install ansible-lint Dependencies + run: pip3 install ansible ansible-base ansible-lint + + - name: Lint Code Base with ansible-lint + run: ansible-lint + + pre-commit: + name: pre-commit + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Run pre-commit + uses: pre-commit/action@v2.0.3 + + super-linter: + name: Github Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Lint Code Base with github super-linter + uses: github/super-linter@v4 + env: + VALIDATE_ALL_CODEBASE: true + FILTER_REGEX_EXCLUDE: '.*.md' + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + yaml-linter: + name: YAML Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install yamllint Dependencies + run: pip3 install yamllint + + - name: Lint Code Base with yamllint + run: yamllint . + + notify: + name: Slack Notifications + runs-on: ubuntu-latest + if: ${{ failure() }} + needs: + - ansible-linter + - pre-commit + - super-linter + - yaml-linter + steps: + - name: Notify Slack channel on failure + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_ICON: https://github.com/ckaserer/logos/raw/master/ansible.png + SLACK_USERNAME: ${{ github.repository }} + SLACK_COLOR: '#ff0033' + SLACK_FOOTER: '' +... diff --git a/.github/workflows/3-main.yml b/.github/workflows/3-main.yml new file mode 100644 index 0000000..5abd9de --- /dev/null +++ b/.github/workflows/3-main.yml @@ -0,0 +1,135 @@ +--- +name: Main + +'on': + push: + branches: + - main + tags-ignore: + - '**' + schedule: + - cron: '30 8 * * 3' + +jobs: + ansible-linter: + name: Ansible Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install ansible-lint Dependencies + run: pip3 install ansible ansible-base ansible-lint + + - name: Lint Code Base with ansible-lint + run: ansible-lint + + pre-commit: + name: pre-commit + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Run pre-commit + uses: pre-commit/action@v2.0.3 + + super-linter: + name: Github Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Lint Code Base with github super-linter + uses: github/super-linter@v4 + env: + VALIDATE_ALL_CODEBASE: true + FILTER_REGEX_EXCLUDE: '.*.md' + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + yaml-linter: + name: YAML Linter + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install yamllint Dependencies + run: pip3 install yamllint + + - name: Lint Code Base with yamllint + run: yamllint . + + release: + name: Release + if: ${{ github.event_name != 'schedule' }} + runs-on: ubuntu-latest + needs: + - ansible-linter + - pre-commit + - super-linter + - yaml-linter + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Create a new tag + uses: phish108/autotag-action@1.1.37 + id: autotag + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Create a new release + uses: ncipollo/release-action@v1 + with: + tag: ${{ steps.autotag.outputs.new-tag }} + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Python 3 + uses: actions/setup-python@v2 + with: + python-version: 3.x + + - name: Install ansible-base + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy + run: >- + ansible-galaxy role import + --token "${{ secrets.GALAXY_API_KEY }}" + --branch main + "$(echo ${{ github.repository }} | cut -d/ -f1)" + "$(echo ${{ github.repository }} | cut -d/ -f2)" + + notify: + name: Slack Notifications + runs-on: ubuntu-latest + if: ${{ failure() }} + needs: + - release + steps: + - name: Notify Slack channel on failure + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SLACK_ICON: https://github.com/ckaserer/logos/raw/master/ansible.png + SLACK_USERNAME: ${{ github.repository }} + SLACK_COLOR: '#ff0033' + SLACK_FOOTER: '' +... diff --git a/.gitignore b/.gitignore index d7f11a7..8d7a67f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,301 +1,2 @@ -# Created by https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible - -### Ansible ### *.retry - -### Eclipse ### - -.metadata -bin/ -tmp/ -*.tmp -*.bak -*.swp -*~.nib -local.properties -.settings/ -.loadpath -.recommenders - -# External tool builders -.externalToolBuilders/ - -# Locally stored "Eclipse launch configurations" -*.launch - -# PyDev specific (Python IDE for Eclipse) -*.pydevproject - -# CDT-specific (C/C++ Development Tooling) -.cproject - -# CDT- autotools -.autotools - -# Java annotation processor (APT) -.factorypath - -# PDT-specific (PHP Development Tools) -.buildpath - -# sbteclipse plugin -.target - -# Tern plugin -.tern-project - -# TeXlipse plugin -.texlipse - -# STS (Spring Tool Suite) -.springBeans - -# Code Recommenders -.recommenders/ - -# Annotation Processing -.apt_generated/ - -# Scala IDE specific (Scala & Java development for Eclipse) -.cache-main -.scala_dependencies -.worksheet - -### Eclipse Patch ### -# Eclipse Core -.project - -# JDT-specific (Eclipse Java Development Tools) -.classpath - -# Annotation Processing -.apt_generated - -### Emacs ### -# -*- mode: gitignore; -*- -*~ -\#*\# -/.emacs.desktop -/.emacs.desktop.lock -*.elc -auto-save-list -tramp -.\#* - -# Org-mode -.org-id-locations -*_archive - -# flymake-mode -*_flymake.* - -# eshell files -/eshell/history -/eshell/lastdir - -# elpa packages -/elpa/ - -# reftex files -*.rel - -# AUCTeX auto folder -/auto/ - -# cask packages -.cask/ -dist/ - -# Flycheck -flycheck_*.el - -# server auth directory -/server/ - -# projectiles files -.projectile - -# directory configuration -.dir-locals.el - -### Intellij ### -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/**/usage.statistics.xml -.idea/**/dictionaries -.idea/**/shelf - -# Sensitive or high-churn files -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml -.idea/**/dbnavigator.xml - -# Gradle -.idea/**/gradle.xml -.idea/**/libraries - -# Gradle and Maven with auto-import -# When using Gradle or Maven with auto-import, you should exclude module files, -# since they will be recreated, and may cause churn. Uncomment if using -# auto-import. -# .idea/modules.xml -# .idea/*.iml -# .idea/modules - -# CMake -cmake-build-*/ - -# Mongo Explorer plugin -.idea/**/mongoSettings.xml - -# File-based project format -*.iws - -# IntelliJ -out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -# Editor-based Rest Client -.idea/httpRequests - -### Intellij Patch ### -# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 - -# *.iml -# modules.xml -# .idea/misc.xml -# *.ipr - -# Sonarlint plugin -.idea/sonarlint - -### Linux ### - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -### OSX ### -# General -.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -### Vim ### -# Swap -[._]*.s[a-v][a-z] -[._]*.sw[a-p] -[._]s[a-rt-v][a-z] -[._]ss[a-gi-z] -[._]sw[a-p] - -# Session -Session.vim - -# Temporary -.netrwhist -# Auto-generated tag files -tags -# Persistent undo -[._]*.un~ - -### VisualStudioCode ### -.vscode/* -!.vscode/settings.json -!.vscode/tasks.json -!.vscode/launch.json -!.vscode/extensions.json - -### Windows ### -# Windows thumbnail cache files -Thumbs.db -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - - -# End of https://www.gitignore.io/api/windows,linux,osx,vim,emacs,intellij,eclipse,visualstudiocode,ansible - -#################### -### Custom rules ### -#################### - -### Molecule ### - -__pycache__ -.cache -.molecule - -### virtual env ### -venv/ -.venv/ +.env diff --git a/.moleculew/ansible_version b/.moleculew/ansible_version deleted file mode 100644 index dedcc7d..0000000 --- a/.moleculew/ansible_version +++ /dev/null @@ -1 +0,0 @@ -2.9.1 diff --git a/.moleculew/molecule_version b/.moleculew/molecule_version deleted file mode 100644 index 4699fb0..0000000 --- a/.moleculew/molecule_version +++ /dev/null @@ -1 +0,0 @@ -2.22 diff --git a/.moleculew/python_version b/.moleculew/python_version deleted file mode 100644 index f24054f..0000000 --- a/.moleculew/python_version +++ /dev/null @@ -1 +0,0 @@ -2.7.15 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..33f3658 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,99 @@ +--- +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.0.1 + hooks: + # Prevent giant files from being committed. + # Specify what is "too large" with args: ['--maxkb=123'] (default=500kB). + # Limits checked files to those indicated as staged for addition by git. + # If git-lfs is installed, lfs files will be skipped + # (requires git-lfs>=2.2.1) + # --enforce-all - Check all listed files not just those staged for + # addition. + - id: check-added-large-files + # Check for files with names that would conflict on a case-insensitive + # filesystem like MacOS HFS+ or Windows FAT. + - id: check-case-conflict + # Attempts to load all json files to verify syntax. + - id: check-json + # Check for files that contain merge conflict strings. + - id: check-merge-conflict + # Checks that scripts with shebangs are executable. + - id: check-shebang-scripts-are-executable + # Checks for symlinks which do not point to anything. + - id: check-symlinks + # Attempts to load all xml files to verify syntax. + - id: check-xml + # Attempts to load all yaml files to verify syntax. + # --allow-multiple-documents - allow yaml files which use the + # multi-document syntax + # --unsafe - Instead of loading the files, simply parse them for syntax. + # A syntax-only check enables extensions and unsafe constructs + # which would otherwise be forbidden. + # Using this option removes all guarantees of portability to + # other yaml implementations. + # Implies --allow-multiple-documents. + - id: check-yaml + # Detects symlinks which are changed to regular files with a content of + # a path which that symlink was pointing to. This usually happens on + # Windows when a user clones a repository that has symlinks but they do + # not have the permission to create symlinks. + - id: destroyed-symlinks + # Checks for the existence of private keys. + - id: detect-private-key + # Makes sure files end in a newline and only a newline. + - id: end-of-file-fixer + # Prevent addition of new git submodules. + - id: forbid-new-submodules + # Replaces or checks mixed line ending. + # --fix={auto,crlf,lf,no} + # auto - Replaces automatically the most frequent line ending. + # This is the default argument. + # crlf, lf - Forces to replace line ending by respectively CRLF and LF. + # This option isn't compatible with git setup check-in LF + # check-out CRLF as git smudge this later than the hook + # is invoked. + # no - Checks if there is any mixed line ending without modifying any + # file. + - id: mixed-line-ending + # Checks that all your JSON files are pretty. "Pretty" here means that + # keys are sorted and indented. + # You can configure this with the following commandline options: + # --autofix - automatically format json files + # --indent ... - Control the indentation (either a number for a number of + # spaces or a string of whitespace). Defaults to 2 spaces. + # --no-ensure-ascii preserve unicode characters instead of converting to + # escape sequences + # --no-sort-keys - when autofixing, retain the original key ordering + # (instead of sorting the keys) + # --top-keys comma,separated,keys - Keys to keep at the top of mappings. + - id: pretty-format-json + # Sorts entries in requirements.txt and removes incorrect entry for + # pkg-resources==0.0.0 + - id: requirements-txt-fixer + # Trims trailing whitespace. + # To preserve Markdown hard linebreaks use + # args: [--markdown-linebreak-ext=md] + # (or other extensions used by your markdownfiles). If for some reason + # you want to treat all files as markdown, use --markdown-linebreak-ext=*. + # By default, this hook trims all whitespace from the ends of lines. To + # specify a custom set of characters to trim instead, use + # args: [--chars,""]. + - id: trailing-whitespace + + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.26.2 + hooks: + # yamllint does not only check for syntax validity, but for weirdnesses + # like key repetition and cosmetic problems such as lines length, + # trailing spaces, indentation, etc. + - id: yamllint + + - repo: https://github.com/ansible-community/ansible-lint.git + rev: v5.1.3 + hooks: + # ansible-lint checks playbooks for practices and behaviour that could + # potentially be improved. As a community backed project ansible-lint + # supports only the last two major versions of Ansible. + - id: ansible-lint +... diff --git a/.pre-commit-hooks.yaml b/.pre-commit-hooks.yaml new file mode 100644 index 0000000..1d760a6 --- /dev/null +++ b/.pre-commit-hooks.yaml @@ -0,0 +1,26 @@ +--- +# For use with pre-commit. +# See usage instructions at http://pre-commit.com + +- id: ansible-lint + name: Check ansible-lint + description: This hook runs ansible-lint. + entry: ansible-lint --force-color + files: \.(yaml|yml)$ + language: python + # do not pass files to ansible-lint, see: + # https://github.com/ansible-community/ansible-lint/issues/611 + pass_filenames: false + additional_dependencies: + # https://github.com/pre-commit/pre-commit/issues/1526 + # if you want to use only the base ansible version for linting, + # replace 'community' extra with 'core' or just mention the exact + # version of Ansible you want to install as a dependency. + - .[community,yamllint] + +- id: yamllint + entry: yamllint --strict + files: \.(yaml|yml)$ + language: python + types: [file, yaml] +... diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 748cab9..0000000 --- a/.travis.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -language: python -python: '2.7' - -env: - global: - - MOLECULEW_USE_SYSTEM=true - -# Spin off separate builds for each of the following versions -# of Ansible and Linux. -jobs: - include: - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=centos - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=debian_max - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=debian_min - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=ubuntu_max - - env: - - MOLECULEW_ANSIBLE=2.7.15 - - MOLECULE_SCENARIO=ubuntu_min - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=centos - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=debian_max - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=debian_min - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=ubuntu_max - - env: - - MOLECULEW_ANSIBLE=2.9.1 - - MOLECULE_SCENARIO=ubuntu_min - -# Require Ubuntu 16.04 -dist: xenial - -# Require Docker -services: - - docker - -install: - # Install dependencies - - ./moleculew wrapper-install - - # Display versions - - ./moleculew wrapper-versions - -script: - - ./moleculew test --scenario-name=$MOLECULE_SCENARIO - -cache: - directories: - - $HOME/.moleculew - -branches: - only: - - master - - /^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)([\.\-].*)?$/ - -notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/.yamllint b/.yamllint deleted file mode 100644 index 1061379..0000000 --- a/.yamllint +++ /dev/null @@ -1,37 +0,0 @@ ---- -# Based on ansible-lint config -extends: default - -ignore: | - venv/ - .venv/ - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - colons: - max-spaces-after: -1 - level: error - commas: - max-spaces-after: -1 - level: error - comments: disable - comments-indentation: disable - document-start: disable - empty-lines: - max: 3 - level: error - hyphens: - level: error - indentation: disable - key-duplicates: enable - line-length: disable - new-line-at-end-of-file: disable - new-lines: - type: unix - trailing-spaces: disable - truthy: disable diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..e66f6d9 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our community include: + +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall community + +Examples of unacceptable behavior include: + +* The use of sexualized language or imagery, and sexual attention or advances of any kind +* Trolling, insulting or derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or email address, without their explicit permission +* Contacting individual members, contributors, or leaders privately, outside designated community mechanisms, without their explicit permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at opensource@github.com. All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of actions. + +**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at . + +Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity). + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see the FAQ at . Translations are available at . diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..5180a9a --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,104 @@ +# Contributing to this repository + +## Getting started + +Before you begin: +- Have you read the [code of conduct](CODE_OF_CONDUCT.md)? +- Check out the [existing issues](https://github.com/racqspace/ansible-role-microk8s/issues) & see if we [accept contributions](#types-of-contributions-memo) for your type of issue. +- Before you make your changes, check to see if an [issue exists](https://github.com/racqspace/ansible-role-microk8s/issues/) already for the change you want to make. + +### Don't see your issue? Open one + +If you spot something new, open an issue. We'll use the issue to have a conversation about the problem you want to fix. + +### Ready to make a change? Fork the repo + +Fork using GitHub Desktop: + +- [Getting started with GitHub Desktop](https://docs.github.com/en/desktop/installing-and-configuring-github-desktop/getting-started-with-github-desktop) will guide you through setting up Desktop. +- Once Desktop is set up, you can use it to [fork the repo](https://docs.github.com/en/desktop/contributing-and-collaborating-using-github-desktop/cloning-and-forking-repositories-from-github-desktop)! + +Fork using the command line: + +- [Fork the repo](https://docs.github.com/en/github/getting-started-with-github/fork-a-repo#fork-an-example-repository) so that you can make your changes without affecting the original project until you're ready to merge them. + +Fork with [GitHub Codespaces](https://github.com/features/codespaces): + +- [Fork, edit, and preview](https://docs.github.com/en/free-pro-team@latest/github/developing-online-with-codespaces/creating-a-codespace) using [GitHub Codespaces](https://github.com/features/codespaces) without having to install and run the project locally. + +### Make your update: +Make your changes to the file(s) you'd like to update. Here are some tips and tricks for [using the docs codebase](#working-in-the-githubdocs-repository). + - Are you making changes to the application code? You'll need **ansible,docker,molecule,python3,pre-commit** to run the tests locally. + +### Open a pull request +When you're done making changes and you'd like to propose them for review open a PR (pull request). + +### Submit your PR & get it reviewed +- Once you submit your PR, others from the racqspace community will review it with you. The first thing you're going to want to do is a [self review](#self-review). +- After that, we may have questions, check back on your PR to keep up with the conversation. +- Did you have an issue, like a merge conflict? Check out our [git tutorial](https://lab.github.com/githubtraining/managing-merge-conflicts) on how to resolve merge conflicts and other issues. + +### Your PR is merged! +Congratulations! The racqspace community thanks you. :sparkles: + +Once your PR is merged, you will be proudly listed as a contributor in the [contributor chart](https://github.com/racqspace/ansible-role-microk8s/graphs/contributors). + +### Keep contributing as you use the ansible role + +Now that you're a part of the racqspace community, you can keep participating in many ways. + +**Learn more about contributing:** + +- [Types of contributions :memo:](#types-of-contributions-memo) + - [:mega: Discussions](#mega-discussions) + - [:beetle: Issues](#beetle-issues) + - [:hammer_and_wrench: Pull requests](#hammer_and_wrench-pull-requests) +- [Starting with an issue](#starting-with-an-issue) +- [Opening a pull request](#opening-a-pull-request) +- [Reviewing](#reviewing) + - [Self review](#self-review) + - [Suggested changes](#suggested-changes) + +## Types of contributions :memo: +You can contribute in several ways. This repo is a place to discuss and collaborate on the ansible role racqspace.microk8s! Our small, but mighty :muscle: racqspace team is maintaining this repo. To preserve our bandwidth, off topic conversations will be closed. + +### :mega: Discussions +Discussions are where we have conversations. + +If you'd like help troubleshooting a PR you're working on, have a great new idea, or want to share something amazing you've learned in our docs, join us in [discussions](https://github.com/racqspace/ansible-role-microk8s/discussions). + +### :beetle: Issues +[Issues](https://docs.github.com/en/github/managing-your-work-on-github/about-issues) are used to track tasks that contributors can help with. If an issue has a triage label, we haven't reviewed it yet and you shouldn't begin work on it. + +If you've found something in the repo that should be updated, search open issues to see if someone else has reported the same thing. If it's something new, open an issue. We'll use the issue to have a conversation about the problem you want to fix. + +### :hammer_and_wrench: Pull requests +A [pull request](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests) is a way to suggest changes in our repository. + +When we merge those changes, they should be available in ansible galaxy within 24 hours. :earth_africa: To learn more about opening a pull request in this repo, see [Opening a pull request](#opening-a-pull-request) below. + +## Starting with an issue +You can browse existing issues to find something that needs help! + +## Opening a pull request +You can use the GitHub user interface :pencil2: for some small changes, like fixing a typo or updating a readme. You can also fork the repo and then clone it locally, to view changes and run your tests on your machine. + +## Reviewing +We (usually the docs team, but sometimes GitHub product managers, engineers, or supportocats too!) review every single PR. The purpose of reviews is to create the best content we can for people who use GitHub. + +:yellow_heart: Reviews are always respectful, acknowledging that everyone did the best possible job with the knowledge they had at the time. +:yellow_heart: Reviews discuss content, not the person who created it. +:yellow_heart: Reviews are constructive and start conversation around feedback. + +### Self review +You should always review your own PR first. + +For content changes, make sure that you: +- [ ] Confirm that the changes meet the user experience and goals outlined in the content design plan (if there is one). +- [ ] Review the content for technical accuracy. +- [ ] If there are any failing checks in your PR, troubleshoot them until they're all passing. + +### Suggested changes +We may ask for changes to be made before a PR can be merged, either using [suggested changes](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/incorporating-feedback-in-your-pull-request) or pull request comments. You can apply suggested changes directly through the UI. You can make any other changes in your fork, then commit them to your branch. + +As you update your PR and apply changes, mark each conversation as [resolved](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/commenting-on-a-pull-request#resolving-conversations). diff --git a/LICENSE b/LICENSE index 4add362..1ef2056 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,7 @@ MIT License Copyright (c) 2018 GantSign Ltd. +Copyright (c) 2021 racqspace e.U. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 90b0786..aa72025 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,23 @@ # Ansible Role: microk8s -Role to download and install [microk8s](https://microk8s.io/) the smallest, simplest, pure production K8s. +![MIT](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square) +![GitHub Workflow Status](https://img.shields.io/github/workflow/status/racqspace/ansible-role-microk8s/Main?style=flat-square) +![GitHub last commit](https://img.shields.io/github/last-commit/racqspace/ansible-role-microk8s?style=flat-square) +![GitHub Release Date](https://img.shields.io/github/release-date/racqspace/ansible-role-microk8s?style=flat-square) +![Maintenance](https://img.shields.io/maintenance/yes/2022?style=flat-square) + +![Ansible Role](https://img.shields.io/ansible/role/56296?style=flat-square) +![Ansible Quality Score](https://img.shields.io/ansible/quality/56296?style=flat-square) + +Install and configure [microk8s](https://microk8s.io/) - the smallest, simplest, pure production K8s on debian based systems. ## Requirements -* Ansible >= 2.7 +* Ansible >= 2.10 * Linux Distribution * Debian Family * Ubuntu - * Xenial (16.04) - * Bionic (18.04) - * Arch Linux (untested) - -## License - -MIT + * Focal (20.04) ## Usage @@ -22,11 +25,9 @@ MIT Some variables available in this role are listed here. The full set is defined in `[defaults/main.yml](defaults/main.yml)`. - -* `microk8s_version`: Version to use, defaults to `1.19/stable`. * `microk8s_plugins`: Enable/disable various plugins. -* `microk8s_enable_HA`: Enable/disable high-availability. -* `microk8s_group_HA`: Hostgroup whose members will form HA cluster. +* `microk8s_enable_ha`: Enable/disable high-availability. +* `microk8s_group_ha`: Hostgroup whose members will form HA cluster. * `microk8s_csr_template`: If defined, will cause a custom CSR to be used in generating certificates. @@ -35,57 +36,30 @@ defined in `[defaults/main.yml](defaults/main.yml)`. ```yaml - hosts: servers roles: - - role: istvano.microk8s + - role: racqspace.microk8s vars: microk8s_plugins: istio: true ingress: true ``` -### Custom certificate request template - -It might be useful to customize the certificate request template used by -MicroK8s in generating cluster certificates. For example, additional SANs can -be added to the certificates such that the MicroK8s certificates validate when -addressed from outside the cluster, such as through a reverse proxy. - -To generate a CSR template, the easiest is probably to use the role without -a template, and then copy the CSR in -`/var/snap/microk8s/current/certs/csr.conf.template` to your playbook's -templates directory, make the edits and set the `microk8s_csr_template` -variable accordingly, and re-run the playbook. - -## Testing - -### Using Molecule wrapper and system Python - -* `./moleculew lint` -* `./moleculew create` -* `./moleculew list` -* `./moleculew check` -* `./moleculew test` - -### Using Python virtual environment - -* Set up virtual environment - ``` - $ python3 -m venv venv - ``` -* Activate the environment - ``` - $ . venv/bin/activate - ``` -* Install Molecule with lint and Docker options - ``` - $ pip install 'molecule[lint,docker]' - ``` -* Install up-to-date Ansible package if necessary - ``` - $ pip install ansible - ``` -* Run the test commands: - * `molecule lint` - * `molecule create` - * `molecule list` - * `molecule check` - * `molecule test` +## License + +MIT + +## Author Information + +This role is maintained by [Clemens Kaserer](https://www.ckaserer.dev/). + +Contributions by: + +- [@ckaserer](https://github.com/ckaserer) +- [@Defilan]((https://github.com/defilan) +- [@dleske]((https://github.com/dleske) +- [@dyasny]((https://github.com/dyasny) +- [@ericpardee]((https://github.com/ericpardee) +- [@eshikhov]((https://github.com/eshikhov) +- [@istvano]((https://github.com/istvano) +- [@markmywords]((https://github.com/markmywords) +- [@Turiok]((https://github.com/turiok) +- [@vonDowntown]((https://github.com/vonDowntown) diff --git a/defaults/main.yml b/defaults/main.yml index 9f64487..2d5626d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,52 +1,49 @@ --- -# -# defaults file for ansible_role_microk8s -# +## Cache update time for apt module +microk8s_cache_valid_time: 3600 -# version management -microk8s_version: "1.19/stable" +## version management microk8s_disable_snap_autoupdate: false -# plugin configuration -microk8s_plugins: - dashboard: true # The Kubernetes dashboard - dns: true # CoreDNS - helm3: true # Helm 3 - Kubernetes package manager - host-access: true # Allow Pods connecting to Host services smoothly - ingress: true # Ingress controller for external access - metrics-server: true # K8s Metrics Server for API access to service metrics - rbac: true # Role-Based Access Control for authorisation - registry: true # Private image registry exposed on localhost:32000 - storage: true # Storage class; allocates storage from host directory - ambassador: false # Ambassador API Gateway and Ingress - cilium: false # SDN, fast with full network policy - fluentd: false # Elasticsearch-Fluentd-Kibana logging and monitoring - gpu: false # Automatic enablement of Nvidia CUDA - helm: false # Helm 2 - the package manager for Kubernetes - istio: false # Core Istio service mesh services - jaeger: false # Kubernetes Jaeger operator with its simple config - knative: false # The Knative framework on Kubernetes. - kubeflow: false # Kubeflow for easy ML deployments - linkerd: false # Linkerd is a service mesh for Kubernetes and other frameworks - metallb: false # Loadbalancer for your Kubernetes cluster - multus: false # Multus CNI enables attaching multiple network interfaces to pods - prometheus: false # Prometheus operator for monitoring and logging - traefik: false - - -registry_size: 20Gi -helm3_repositories: - - name: stable - url: https://charts.helm.sh/stable - -# users to make members of microk8s group -users: [] - -# enable high-availability? -microk8s_enable_HA: false - -# hostgroup whose members will form high-availability cluster -microk8s_group_HA: "microk8s_HA" - -# for setting up custom certificate request. Set to template name to enable -#microk8s_csr_template: null +## plugin configuration +# microk8s_plugins: +# dashboard: false # The Kubernetes dashboard +# dns: false # CoreDNS +# helm3: false # Helm 3 - Kubernetes package manager +# host-access: false # Allow Pods connecting to Host services smoothly +# ingress: false # Ingress controller for external access +# metrics-server: false # K8s Metrics Server for API access to service +# # metrics +# rbac: false # Role-Based Access Control for authorisation +# registry: false # Private image registry exposed on localhost:32000 +# storage: false # Storage class; allocates storage from host +# # directory +# ambassador: false # Ambassador API Gateway and Ingress +# cilium: false # SDN, fast with full network policy +# fluentd: false # Elasticsearch-Fluentd-Kibana logging and +# # monitoring +# gpu: false # Automatic enablement of Nvidia CUDA +# helm: false # Helm 2 - the package manager for Kubernetes +# istio: false # Core Istio service mesh services +# jaeger: false # Kubernetes Jaeger operator with its simple config +# knative: false # The Knative framework on Kubernetes. +# kubeflow: false # Kubeflow for easy ML deployments +# linkerd: false # Linkerd is a service mesh for Kubernetes +# # and other frameworks +# metallb: false # Loadbalancer for your Kubernetes cluster +# multus: false # Multus CNI enables attaching multiple network +# # interfaces to pods +# prometheus: false # Prometheus operator for monitoring and logging +# traefik: false + +microk8s_registry_size: 20Gi + +## microk8s_users to make members of microk8s group +microk8s_users: [] + +## enable high-availability? +microk8s_enable_ha: false + +## hostgroup whose members will form high-availability cluster +microk8s_group_ha: "microk8s_HA" +... diff --git a/handlers/main.yml b/handlers/main.yml index 2232db3..91da2a7 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,6 +1,2 @@ --- -# handlers file for ansible_role_microk8s - -- name: Refresh certs - become: yes - command: microk8s refresh-certs +... diff --git a/meta/main.yml b/meta/main.yml index 16328e3..aa40468 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,19 +1,24 @@ --- galaxy_info: role_name: microk8s - namespace: istvano - description: Ansible role for installing and set-up microk8s. - author: Istvan Orban - company: Urban and Co Ltd. + author: ckaserer + namespace: racqspace + description: >- + Install and configure microk8s - the smallest, + simplest, pure production K8s on debian based systems. license: MIT - min_ansible_version: 2.7 + min_ansible_version: "2.10" platforms: - name: Ubuntu versions: - - xenial - - bionic + - focal galaxy_tags: - - kubernetes - - k8s + - container - development + - devops + - k8s + - kubernetes + - microk8s + - system dependencies: [] +... diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 deleted file mode 100644 index 0de39e6..0000000 --- a/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,22 +0,0 @@ -# Molecule managed - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -{% if item.env is defined %} -{% for var, value in item.env.items() %} -{% if value %} -ENV {{ var }} {{ value }} -{% endif %} -{% endfor %} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst deleted file mode 100644 index 6a44bde..0000000 --- a/molecule/default/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..1ed0dc4 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: instance* + roles: + - role: racqspace.microk8s +... diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index f1cb35a..d037f08 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,28 +1,20 @@ --- dependency: name: galaxy - driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint . - + name: "${DRIVER_NAME:-docker}" platforms: - - name: ansible_role_microk8s_default - image: ubuntu:18.04 - + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + pre_build_image: true + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup +# network_mode: host provisioner: name: ansible - lint: - name: ansible-lint - -scenario: - name: default - -verifier: - name: testinfra - lint: - name: flake8 +... diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml deleted file mode 100644 index 2c619c6..0000000 --- a/molecule/default/playbook.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Converge - hosts: all - roles: - - role: ansible_role_microk8s diff --git a/molecule/default/tests/test_role.py b/molecule/default/tests/test_role.py deleted file mode 100644 index 62627f9..0000000 --- a/molecule/default/tests/test_role.py +++ /dev/null @@ -1,29 +0,0 @@ -import os - -import testinfra.utils.ansible_runner - -import re - -testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( - os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') - - -def test_dir(host): - dir = host.file('/snap/bin') - assert dir.exists - assert dir.is_directory - assert dir.user == 'root' - - -def test_file(host): - installed_file = host.file('/snap/bin/microk8s') - assert installed_file.exists - assert installed_file.is_file - assert installed_file.user == 'root' - assert installed_file.group == 'root' - - -def test_version(host): - version = host.check_output('snap info microk8s | grep installed:') - pattern = 'v[0-9\\.]+' - assert re.search(pattern, version) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..d97b4ed --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,101 @@ +--- +- name: Verify + hosts: instance* + tasks: + - name: Make sure dependencies are installed + ansible.builtin.apt: + name: + - snapd + - fuse + - udev + state: present + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.apt + + - name: Start and Enable Services + ansible.builtin.service: + name: "{{ microk8s_service }}" + state: started + enabled: true + with_items: + - snapd + - udev + loop_control: + loop_var: microk8s_service + label: "{{ microk8s_service }}" + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.services + + - name: Install microk8s + community.general.snap: + name: microk8s + classic: true + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.install + + - name: Create kubectl alias + shell: command -v /snap/bin/kubectl >/dev/null 2>&1 + changed_when: false + tags: + - microk8s + - microk8s.alias + - microk8s.alias.kubectl + + - name: Create folder for microk8s certificates + ansible.builtin.file: + path: /usr/share/ca-certificates/extra + state: directory + mode: 0755 + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.certs + - microk8s.certs.dir + + - name: Copy certificates + ansible.builtin.copy: + src: "{{ microk8s_ca }}" + dest: /usr/share/ca-certificates/extra + remote_src: true + force: true + mode: 0644 + loop_control: + loop_var: microk8s_ca + label: "{{ microk8s_ca }}" + with_fileglob: + - /var/snap/microk8s/current/certs/*ca*.crt + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.certs + - microk8s.certs.copy + + - name: Trust certificates generated by microk8s + ansible.builtin.command: + cmd: "update-ca-certificates" + register: microk8s_cmd_result + changed_when: "'0 added, 0 removed' not in microk8s_cmd_result.stdout" + failed_when: "'0 added, 0 removed' not in microk8s_cmd_result.stdout" + tags: + - microk8s + - microk8s.certs + - microk8s.certs.trust +... diff --git a/molecule/ubuntu_max/INSTALL.rst b/molecule/ubuntu_max/INSTALL.rst deleted file mode 100644 index 6a44bde..0000000 --- a/molecule/ubuntu_max/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/ubuntu_max/molecule.yml b/molecule/ubuntu_max/molecule.yml deleted file mode 100644 index 26e0949..0000000 --- a/molecule/ubuntu_max/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint . - -platforms: - - name: ansible_role_microk8s_ubuntu_max - image: ubuntu:18.04 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: ubuntu_max - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/molecule/ubuntu_min/INSTALL.rst b/molecule/ubuntu_min/INSTALL.rst deleted file mode 100644 index 6a44bde..0000000 --- a/molecule/ubuntu_min/INSTALL.rst +++ /dev/null @@ -1,22 +0,0 @@ -******* -Docker driver installation guide -******* - -Requirements -============ - -* Docker Engine - -Install -======= - -Please refer to the `Virtual environment`_ documentation for installation best -practices. If not using a virtual environment, please consider passing the -widely recommended `'--user' flag`_ when invoking ``pip``. - -.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ -.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site - -.. code-block:: bash - - $ pip install 'molecule[docker]' diff --git a/molecule/ubuntu_min/molecule.yml b/molecule/ubuntu_min/molecule.yml deleted file mode 100644 index aaa4a38..0000000 --- a/molecule/ubuntu_min/molecule.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -dependency: - name: galaxy - -driver: - name: docker - -lint: | - set -e - yamllint . - ansible-lint . - -platforms: - - name: ansible_role_microk8s_ubuntu_min - image: ubuntu:16.04 - dockerfile: ../default/Dockerfile.j2 - -provisioner: - name: ansible - playbooks: - converge: ../default/playbook.yml - lint: - name: ansible-lint - -scenario: - name: ubuntu_min - -verifier: - name: testinfra - directory: ../default/tests - lint: - name: flake8 diff --git a/molecule/users/converge.yml b/molecule/users/converge.yml new file mode 100644 index 0000000..a470463 --- /dev/null +++ b/molecule/users/converge.yml @@ -0,0 +1,9 @@ +--- +- name: Converge + hosts: instance* + roles: + - role: racqspace.microk8s + vars: + microk8s_users: + - ckaserer +... diff --git a/molecule/users/molecule.yml b/molecule/users/molecule.yml new file mode 100644 index 0000000..d037f08 --- /dev/null +++ b/molecule/users/molecule.yml @@ -0,0 +1,20 @@ +--- +dependency: + name: galaxy +driver: + name: "${DRIVER_NAME:-docker}" +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + pre_build_image: true + privileged: true + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup +# network_mode: host +provisioner: + name: ansible +... diff --git a/molecule/users/verify.yml b/molecule/users/verify.yml new file mode 100644 index 0000000..d97b4ed --- /dev/null +++ b/molecule/users/verify.yml @@ -0,0 +1,101 @@ +--- +- name: Verify + hosts: instance* + tasks: + - name: Make sure dependencies are installed + ansible.builtin.apt: + name: + - snapd + - fuse + - udev + state: present + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.apt + + - name: Start and Enable Services + ansible.builtin.service: + name: "{{ microk8s_service }}" + state: started + enabled: true + with_items: + - snapd + - udev + loop_control: + loop_var: microk8s_service + label: "{{ microk8s_service }}" + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.services + + - name: Install microk8s + community.general.snap: + name: microk8s + classic: true + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.install + + - name: Create kubectl alias + shell: command -v /snap/bin/kubectl >/dev/null 2>&1 + changed_when: false + tags: + - microk8s + - microk8s.alias + - microk8s.alias.kubectl + + - name: Create folder for microk8s certificates + ansible.builtin.file: + path: /usr/share/ca-certificates/extra + state: directory + mode: 0755 + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.certs + - microk8s.certs.dir + + - name: Copy certificates + ansible.builtin.copy: + src: "{{ microk8s_ca }}" + dest: /usr/share/ca-certificates/extra + remote_src: true + force: true + mode: 0644 + loop_control: + loop_var: microk8s_ca + label: "{{ microk8s_ca }}" + with_fileglob: + - /var/snap/microk8s/current/certs/*ca*.crt + check_mode: true + register: microk8s_verify + failed_when: microk8s_verify.changed + tags: + - microk8s + - microk8s.certs + - microk8s.certs.copy + + - name: Trust certificates generated by microk8s + ansible.builtin.command: + cmd: "update-ca-certificates" + register: microk8s_cmd_result + changed_when: "'0 added, 0 removed' not in microk8s_cmd_result.stdout" + failed_when: "'0 added, 0 removed' not in microk8s_cmd_result.stdout" + tags: + - microk8s + - microk8s.certs + - microk8s.certs.trust +... diff --git a/moleculew b/moleculew deleted file mode 100755 index 952183b..0000000 --- a/moleculew +++ /dev/null @@ -1,736 +0,0 @@ -#!/usr/bin/env bash - -# MIT License -# -# Copyright (c) 2018 GantSign Ltd. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -# Molecule Wrapper the wrapper script for Molecule -# https://github.com/gantsign/molecule-wrapper - -set -e - -WRAPPER_VERSION=0.9.12 - -VERSION_DIR='.moleculew' -PYTHON_VERSION_FILE="$VERSION_DIR/python_version" -ANSIBLE_VERSION_FILE="$VERSION_DIR/ansible_version" -MOLECULE_VERSION_FILE="$VERSION_DIR/molecule_version" - -BUILD_DEPENDENCIES_INSTALLLED=false -PYENV_INSTALLED=false - -ANSIBLE_VERSION='' -MOLECULE_VERSION='' -PYTHON_VERSION='' -USE_SYSTEM_DEPENDENCIES=false - -PRE_ARGS=() -MOLECULE_CMD='' -POST_ARGS=() - -export PATH="$HOME/.pyenv/bin:$HOME/.local/bin:$PATH" - -hr() { - for ((i = 1; i <= 80; i++)); do - printf '*' - done - echo '' -} - -banner() { - hr - echo "$1" - hr -} - -run_as_root() { - if [[ $EUID -eq 0 ]]; then - "$@" - elif [ -x "$(command -v sudo)" ]; then - sudo "$@" - else - echo "Error: sudo is not installed" >&2 - exit 1 - fi -} - -build_dependencies_present() { - if [[ $BUILD_DEPENDENCIES_INSTALLLED == true ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - return - fi - # https://github.com/pyenv/pyenv/wiki/common-build-problems - if [[ -x "$(command -v apt-get)" ]]; then - banner 'Installing build dependencies' - - run_as_root apt-get update - run_as_root apt-get install --assume-yes \ - make build-essential libssl-dev zlib1g-dev libbz2-dev \ - libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev \ - libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev \ - git jq - echo '' - elif [[ -x "$(command -v dnf)" ]]; then - banner 'Installing build dependencies' - - run_as_root dnf install \ - zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ - openssl-devel xz xz-devel libffi-devel \ - git curl jq - echo '' - elif [[ -x "$(command -v yum)" ]]; then - banner 'Installing build dependencies' - - run_as_root yum install \ - zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel \ - openssl-devel xz xz-devel libffi-devel \ - git curl jq - echo '' - elif [[ -x "$(command -v zypper)" ]]; then - banner 'Installing build dependencies' - - run_as_root zypper install \ - zlib-devel bzip2 libbz2-devel readline-devel sqlite3 sqlite3-devel \ - libopenssl-devel xz xz-devel \ - git curl jq - echo '' - fi - BUILD_DEPENDENCIES_INSTALLLED=true -} - -pyenv_present() { - if [[ $PYENV_INSTALLED == true ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - return - fi - if [[ -x "$(command -v pyenv)" ]]; then - PYENV_INSTALLED=true - return - fi - - build_dependencies_present - - banner "Installing pyenv for user $USER" - bash <(curl --location https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer) - echo '' - PYENV_INSTALLED=true -} - -query_latest_python_version2() { - pyenv_present - - PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^2\.' | grep --invert-match '\-dev$' | tail -1)" -} - -query_latest_python_version3() { - pyenv_present - - PYTHON_VERSION="$(~/.pyenv/plugins/python-build/bin/python-build --definitions | grep --color=never '^3\.' | grep --invert-match '\-dev$' | tail -1)" -} - -query_latest_package_version() { - if [[ ! -x "$(command -v curl)" ]]; then - build_dependencies_present - fi - if [[ ! -x "$(command -v jq)" ]]; then - build_dependencies_present - fi - if [[ ! -x "$(command -v curl)" ]]; then - echo 'Error: curl is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v jq)" ]]; then - echo 'Error: jq is not installed.' >&2 - exit 1 - fi - - local version - # shellcheck disable=SC2034 - version=$(curl --fail --silent --show-error --location "https://pypi.org/pypi/$2/json" | jq --raw-output '.info.version') - - eval "$1=\"\$version\"" -} - -docker_present() { - if [[ -x "$(command -v docker)" ]]; then - return - fi - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - echo 'Error: docker is not installed.' >&2 - exit 1 - fi - - build_dependencies_present - - banner 'Installing Docker' - sh <(curl --fail --silent --show-error --location https://get.docker.com) - run_as_root usermod --append --groups docker "$USER" - banner "User '$USER' has been added to the 'docker' group. Logout/restart and log back in for changes to take effect." - exit -} - -python_present() { - if [[ $PYTHON_VERSION == system ]]; then - if [[ ! -x "$(command -v python)" ]]; then - echo 'Error: python is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v pip)" ]]; then - echo 'Error: pip is not installed.' >&2 - exit 1 - fi - PYTHON_EXE="$(command -v python)" - else - if [[ ! -x "$(command -v git)" ]]; then - echo 'Error: git is not installed.' >&2 - exit 1 - fi - - pyenv_present - - export PYENV_VERSION="$PYTHON_VERSION" - if [[ ! -d "$HOME/.pyenv/versions/$PYTHON_VERSION" ]]; then - build_dependencies_present - - banner "Making Python version $PYTHON_VERSION available using pyenv" - pyenv install "$PYTHON_VERSION" - echo '' - fi - eval "$(pyenv init -)" - PYTHON_EXE="$(pyenv which python)" - fi -} - -virtualenv_presant() { - if [[ ! -x "$(command -v virtualenv)" ]]; then - banner "Installing virtualenv for user $USER" - pip install --user virtualenv - echo '' - fi -} - -install_ansible() { - banner "Installing Ansible $ANSIBLE_VERSION into virtualenv $VIRTUAL_ENV" - pip install "ansible==$ANSIBLE_VERSION" - echo '' -} - -install_molecule() { - banner "Installing Molecule $MOLECULE_VERSION into virtualenv $VIRTUAL_ENV" - - # Workaround https://github.com/ansible-community/molecule/issues/2676 - pip install 'sh==1.12.14' - - pip install "molecule[docker]==$MOLECULE_VERSION" - echo '' -} - -wrapper_clean() { - local MOLECULE_WRAPPER_HOME="$HOME/.moleculew" - read -r -p "Delete ${MOLECULE_WRAPPER_HOME} (y/n)? " yn - case $yn in - [Yy]|YES|yes|Yes) - rm -rf "$MOLECULE_WRAPPER_HOME"; - exit - ;; - *) - exit - ;; - esac -} - -wrapper_upgrade() { - curl --fail --silent --show-error --location --output moleculew.new \ - 'https://raw.githubusercontent.com/gantsign/molecule-wrapper/master/moleculew' \ - && chmod 'u+x' moleculew.new \ - && mv --force moleculew.new moleculew - - local NEW_VERSION - NEW_VERSION="$(./moleculew wrapper-version)" - if [ "$WRAPPER_VERSION" != "$NEW_VERSION" ]; then - echo "Upgraded wrapper from version $WRAPPER_VERSION to $NEW_VERSION" - else - echo "You are already using the latest version" - fi - exit -} - -wrapper_version() { - echo "$WRAPPER_VERSION" - exit -} - -print_versions() { - echo "Python: $PYTHON_VERSION" - echo "Ansible: $ANSIBLE_VERSION" - echo "Molecule: $MOLECULE_VERSION" -} - -wrapper_versions() { - detemine_versions - - print_versions - exit -} - -wrapper_freeze() { - detemine_versions - - banner 'Freezing versions' - - mkdir -p "$VERSION_DIR" - - echo "$PYTHON_VERSION" > "$PYTHON_VERSION_FILE" - echo "$ANSIBLE_VERSION" > "$ANSIBLE_VERSION_FILE" - echo "$MOLECULE_VERSION" > "$MOLECULE_VERSION_FILE" - - print_versions - - exit -} - -wrapper_unfreeze() { - banner 'Un-freezing versions' - - if [[ -f "$PYTHON_VERSION_FILE" ]]; then - rm --verbose "$PYTHON_VERSION_FILE" - fi - if [[ -f "$ANSIBLE_VERSION_FILE" ]]; then - rm --verbose "$ANSIBLE_VERSION_FILE" - fi - if [[ -f "$MOLECULE_VERSION_FILE" ]]; then - rm --verbose "$MOLECULE_VERSION_FILE" - fi - exit -} - -wrapper_upgrade_versions() { - detemine_versions - - banner 'Upgrading versions' - - local CURRENT_PYTHON_VERSION="$PYTHON_VERSION" - local CURRENT_ANSIBLE_VERSION="$ANSIBLE_VERSION" - local CURRENT_MOLECULE_VERSION="$MOLECULE_VERSION" - - query_latest_python_version2 - query_latest_package_version ANSIBLE_VERSION ansible - query_latest_package_version MOLECULE_VERSION molecule - echo '' - - echo 'New versions:' - if [[ "$CURRENT_PYTHON_VERSION" == "$PYTHON_VERSION" ]]; then - echo "Python: $CURRENT_PYTHON_VERSION (no change)" - else - echo "Python: $CURRENT_PYTHON_VERSION -> $PYTHON_VERSION" - fi - - if [[ "$CURRENT_ANSIBLE_VERSION" == "$ANSIBLE_VERSION" ]]; then - echo "Ansible: $CURRENT_ANSIBLE_VERSION (no change)" - else - echo "Ansible: $CURRENT_ANSIBLE_VERSION -> $ANSIBLE_VERSION" - fi - - if [[ "$CURRENT_MOLECULE_VERSION" == "$MOLECULE_VERSION" ]]; then - echo "Molecule: $CURRENT_MOLECULE_VERSION (no change)" - else - echo "Molecule: $CURRENT_MOLECULE_VERSION -> $MOLECULE_VERSION" - fi - echo '' - - wrapper_freeze -} - -wrapper_help() { - activate_virtualenv - - molecule --help - - echo " -Molecule Wrapper - -Additional options: - --ansible VERSION Use the specified version of Ansible - --molecule VERSION Use the specified version of Molecule - --python VERSION Use the specified version of Python - --use-system-dependencies Use system dependencies - -Additional commands: - wrapper-clean Removes all the wrapper virtual environments - wrapper-freeze Freezes the dependency versions being used - wrapper-unfreeze Un-freezes the dependency versions - wrapper-upgrade Upgrades the Molecule Wrapper to the latest version - wrapper-upgrade-versions Upgrades any frozen dependency versions - wrapper-version Displays the current version of Molecule Wrapper -" -} - -query_package_versions() { - local package_name="$1" - local min_version="$2" - - if [[ ! -x "$(command -v curl)" ]]; then - build_dependencies_present > /dev/null - fi - if [[ ! -x "$(command -v jq)" ]]; then - build_dependencies_present > /dev/null - fi - if [[ ! -x "$(command -v curl)" ]]; then - echo 'Error: curl is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v jq)" ]]; then - echo 'Error: jq is not installed.' >&2 - exit 1 - fi - if [[ ! -x "$(command -v sort)" ]]; then - echo 'Error: sort is not installed.' >&2 - exit 1 - fi - - for i in $(curl --fail --silent --show-error \ - --location "https://pypi.org/pypi/$package_name/json" \ - | jq --raw-output ".releases | keys | .[], \"$min_version.\"" \ - | grep --invert-match '[a-zA-Z]' \ - | sort --version-sort --reverse) ; do - if [[ "$i" == "$min_version." ]]; then - break - fi - echo "$i" - done -} - -wrapper_options_ansible() { - echo 'latest' - query_package_versions 'ansible' '2.7' -} - -wrapper_options_molecule() { - echo 'latest' - query_package_versions 'molecule' '2.20' -} - -wrapper_options_python() { - if [[ ! -x "$(command -v sort)" ]]; then - echo 'Error: sort is not installed.' >&2 - exit 1 - fi - - pyenv_present > /dev/null - - local min_version='2.7' - - echo 'latest' - - for i in $( (echo "$min_version." && \ - ~/.pyenv/plugins/python-build/bin/python-build --definitions) \ - | grep --color=never '^[0-9]' \ - | grep --invert-match '\-dev$' \ - | sort --version-sort --reverse) ; do - if [[ "$i" == "$min_version." ]]; then - break - fi - echo "$i" - done -} - -wrapper_options_scenario() { - if [ -f 'moleculew' ]; then - activate_virtualenv > /dev/null - fi - python << EOF -import os -import sys - -import six -import yaml - - -molecule_dir = 'molecule' -if not os.path.isdir(molecule_dir): - sys.exit() - -scenarios = [] -default = False - -for filename in os.listdir(molecule_dir): - scenario_dir = os.path.join(molecule_dir, filename) - if not os.path.isdir(scenario_dir): - continue - - molecule_yaml = os.path.join(scenario_dir, 'molecule.yml') - if not os.path.isfile(molecule_yaml): - continue - - with open(molecule_yaml, 'r') as stream: - try: - contents = yaml.safe_load(stream) - except yaml.YAMLError as exc: - continue - - if not isinstance(contents, dict): - continue - - scenario = contents.get('scenario') - if scenario is None: - continue - if not isinstance(scenario, dict): - continue - - name = scenario.get('name') - if name is None: - continue - if not isinstance(name, six.string_types): - continue - - if name == 'default': - default = True - else: - scenarios.append(name) - -scenarios.sort() -if default: - scenarios.append('default') - -for scenario in scenarios: - print(scenario) -EOF -} - -wrapper_virtualenv() { - activate_virtualenv > /dev/null - echo "$VIRTUAL_ENV" -} - -parse_args() { - set +e - - while [[ $# -gt 0 ]]; do - key="$1" - - case $key in - --python=*) - PYTHON_VERSION="${1#*=}" - shift - ;; - --python) - shift - PYTHON_VERSION="$1" - shift - ;; - --ansible=*) - ANSIBLE_VERSION="${1#*=}" - shift - ;; - --ansible) - shift - ANSIBLE_VERSION="$1" - shift - ;; - --molecule=*) - MOLECULE_VERSION="${1#*=}" - shift - ;; - --molecule) - shift - MOLECULE_VERSION="$1" - shift - ;; - --use-system-dependencies) - USE_SYSTEM_DEPENDENCIES=true - shift - ;; - --help) - MOLECULE_CMD='wrapper-help' - break - ;; - wrapper-*) - MOLECULE_CMD="$1" - shift - ;; - check|converge|create|dependency|destroy|idempotence|init|lint|list|login|matrix|prepare|side-effect|syntax|test|verify) - if [[ "$MOLECULE_CMD" != '' ]]; then - shift - else - MOLECULE_CMD="$1" - shift - for arg in "$@"; do - POST_ARGS+=("$arg") - done - break - fi - ;; - *) - PRE_ARGS+=("$1") - shift - ;; - esac - done - set -e -} - -detemine_versions() { - if [[ $USE_SYSTEM_DEPENDENCIES == false ]]; then - USE_SYSTEM_DEPENDENCIES="$MOLECULEW_USE_SYSTEM" - fi - if [[ $PYTHON_VERSION == '' ]]; then - PYTHON_VERSION="$MOLECULEW_PYTHON" - fi - if [[ $ANSIBLE_VERSION == '' ]]; then - ANSIBLE_VERSION="$MOLECULEW_ANSIBLE" - fi - if [[ $MOLECULE_VERSION == '' ]]; then - MOLECULE_VERSION="$MOLECULEW_MOLECULE" - fi - - if [[ $USE_SYSTEM_DEPENDENCIES == true ]]; then - if [[ $PYTHON_VERSION != '' ]]; then - echo "Error: --python and --use-system-dependencies cannot be used together" >&2 - exit 1 - fi - PYTHON_VERSION=system - elif [[ $PYTHON_VERSION == '' ]] || [[ $PYTHON_VERSION == 'default' ]]; then - if [[ -f $PYTHON_VERSION_FILE ]]; then - PYTHON_VERSION=$(<"$PYTHON_VERSION_FILE") - fi - if [[ $PYTHON_VERSION == '' ]]; then - query_latest_python_version2 - fi - elif [[ $PYTHON_VERSION == 'latest' ]] || [[ $PYTHON_VERSION == 'latest2' ]]; then - query_latest_python_version2 - elif [[ $PYTHON_VERSION == 'latest3' ]]; then - query_latest_python_version3 - fi - - if [[ $ANSIBLE_VERSION == '' ]] || [[ $ANSIBLE_VERSION == 'default' ]]; then - if [[ -f $ANSIBLE_VERSION_FILE ]]; then - ANSIBLE_VERSION=$(<"$ANSIBLE_VERSION_FILE") - fi - if [[ $ANSIBLE_VERSION == '' ]]; then - query_latest_package_version ANSIBLE_VERSION ansible - fi - elif [[ $ANSIBLE_VERSION == 'latest' ]]; then - query_latest_package_version ANSIBLE_VERSION ansible - fi - - if [[ $MOLECULE_VERSION == '' ]] || [[ $MOLECULE_VERSION == 'default' ]]; then - if [[ -f $MOLECULE_VERSION_FILE ]]; then - MOLECULE_VERSION=$(<$MOLECULE_VERSION_FILE) - fi - if [[ $MOLECULE_VERSION == '' ]]; then - query_latest_package_version MOLECULE_VERSION molecule - fi - elif [[ $MOLECULE_VERSION == 'latest' ]]; then - query_latest_package_version MOLECULE_VERSION molecule - fi -} - -activate_virtualenv() { - detemine_versions - - MOLECULE_WRAPPER_ENV="$HOME/.moleculew/molecule/$MOLECULE_VERSION/ansible/$ANSIBLE_VERSION/python/$PYTHON_VERSION" - - if [ ! -f "$MOLECULE_WRAPPER_ENV/bin/activate" ]; then - - build_dependencies_present - - docker_present - - python_present - - virtualenv_presant - - banner "Initializing virtualenv $MOLECULE_WRAPPER_ENV" - virtualenv "--python=$PYTHON_EXE" "$MOLECULE_WRAPPER_ENV" - # shellcheck disable=SC1090 - source "$MOLECULE_WRAPPER_ENV/bin/activate" - echo '' - - install_ansible - - install_molecule - else - # shellcheck disable=SC1090 - source "$MOLECULE_WRAPPER_ENV/bin/activate" - fi -} - -parse_args "$@" - -case $MOLECULE_CMD in - wrapper-clean) - wrapper_clean - ;; - wrapper-freeze) - wrapper_freeze - ;; - wrapper-help) - wrapper_help - ;; - wrapper-install) - activate_virtualenv - ;; - wrapper-options-ansible) - wrapper_options_ansible - ;; - wrapper-options-molecule) - wrapper_options_molecule - ;; - wrapper-options-python) - wrapper_options_python - ;; - wrapper-options-scenario) - wrapper_options_scenario - ;; - wrapper-unfreeze) - wrapper_unfreeze - ;; - wrapper-upgrade) - wrapper_upgrade - ;; - wrapper-upgrade-versions) - wrapper_upgrade_versions - ;; - wrapper-version) - wrapper_version - ;; - wrapper-versions) - wrapper_versions - ;; - wrapper-virtualenv) - wrapper_virtualenv - ;; - wrapper-*) - echo "Unsupported command: $1" >&2 - exit 1 - ;; - *) - activate_virtualenv - - # shellcheck disable=SC2086 - exec molecule "${PRE_ARGS[@]}" $MOLECULE_CMD "${POST_ARGS[@]}" - ;; -esac diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..3a75f76 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,6 @@ +ansible +ansible-lint +docker +molecule +molecule-docker +pre-commit diff --git a/tasks/configure-HA.yml b/tasks/configure-HA.yml index 57ed0ca..e6ea463 100644 --- a/tasks/configure-HA.yml +++ b/tasks/configure-HA.yml @@ -1,46 +1,64 @@ --- - - name: Enumerate all cluster hosts within the hosts file - become: yes - blockinfile: + ansible.builtin.blockinfile: dest: /etc/hosts marker: "# {mark} ANSIBLE MANAGED: microk8s HA Cluster Hosts" + # yamllint disable rule:line-length content: | - {% for host in groups[microk8s_group_HA] %} + {% for host in groups[microk8s_group_ha] %} {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_hostname }} {% endfor %} + # yamllint enable rule:line-length + tags: + - microk8s + - microk8s.ha + - microk8s.ha.hosts - name: Find the designated host - set_fact: - designated_host: '{{ (groups[microk8s_group_HA]|sort)[0] }}' + ansible.builtin.set_fact: + microk8s_designated_host: '{{ (groups[microk8s_group_ha]|sort)[0] }}' + tags: + - always + - microk8s + - microk8s.ha - block: - - name: Waiting for microk8s to be ready on microk8s host master - command: "microk8s status --wait-ready" - delegate_to: "{{ designated_host }}" - delegate_facts: true - changed_when: false + - name: Waiting for microk8s to be ready on microk8s host master + ansible.builtin.command: + cmd: "microk8s status --wait-ready" + delegate_to: "{{ microk8s_designated_host }}" + delegate_facts: true + changed_when: false - - name: Get the microk8s join command from the microk8s master - shell: "microk8s add-node | head -n 2 | tail -n 1" - delegate_to: "{{ designated_host }}" - delegate_facts: true - changed_when: false - register: microk8s_join_command + - name: Get the microk8s join command from the microk8s master + ansible.builtin.shell: + cmd: "microk8s add-node | head -n 2 | tail -n 1" + delegate_to: "{{ microk8s_designated_host }}" + delegate_facts: true + changed_when: false + register: microk8s_join_command - - name: Get microk8s cluster nodes - command: "microk8s kubectl get node" - delegate_to: "{{ designated_host }}" - delegate_facts: true - changed_when: false - register: microk8s_cluster_node + - name: Get microk8s cluster nodes + ansible.builtin.command: + cmd: "microk8s kubectl get node" + delegate_to: "{{ microk8s_designated_host }}" + delegate_facts: true + changed_when: false + register: microk8s_cluster_node - - name: Waiting for microk8s to be ready on microk8s host node - command: "microk8s status --wait-ready" - changed_when: false + - name: Waiting for microk8s to be ready on microk8s host node + ansible.builtin.command: + cmd: "microk8s status --wait-ready" + changed_when: false - - name: Set the microk8s join command on the microk8s node - command: "{{ microk8s_join_command.stdout }}" - when: microk8s_cluster_node.stdout.find(inventory_hostname) == -1 + - name: Set the microk8s join command on the microk8s node + ansible.builtin.command: + cmd: "{{ microk8s_join_command.stdout }}" + when: microk8s_cluster_node.stdout.find(inventory_hostname) == -1 - when: inventory_hostname != designated_host + when: inventory_hostname != microk8s_designated_host + tags: + - microk8s + - microk8s.ha + - microk8s.ha.join +... diff --git a/tasks/configure-groups.yml b/tasks/configure-groups.yml index a594fb1..7b2ea22 100644 --- a/tasks/configure-groups.yml +++ b/tasks/configure-groups.yml @@ -1,74 +1,67 @@ -# add user specific settings --- - name: add user to group - become: yes - command: "usermod -a -G microk8s {{ user }}" - changed_when: true - with_items: '{{ users }}' + ansible.builtin.user: + name: "{{ microk8s_user }}" + groups: microk8s + append: true + with_items: '{{ microk8s_users }}' loop_control: - loop_var: user - label: '{{ user }}' + loop_var: microk8s_user + label: '{{ microk8s_user }}' + tags: + - microk8s + - microk8s.user + - microk8s.user.group - name: Create .kube folder for the user - become: yes - become_user: '{{ user }}' - file: + ansible.builtin.file: path: ~/.kube state: directory - owner: '{{ user }}' - group: '{{ user }}' + owner: '{{ microk8s_user }}' + group: '{{ microk8s_user }}' mode: 0750 - with_items: '{{ users }}' + become: true + become_user: '{{ microk8s_user }}' + with_items: '{{ microk8s_users }}' loop_control: - loop_var: user - label: '{{ user }}' + loop_var: microk8s_user + label: '{{ microk8s_user }}' + tags: + - microk8s + - microk8s.kube + - microk8s.kube.dir - name: create kubectl config - become: yes - changed_when: true - shell: microk8s config > /home/{{ user }}/.kube/config + ansible.builtin.shell: + cmd: microk8s config > /home/{{ microk8s_user }}/.kube/config args: executable: /bin/bash - with_items: '{{ users }}' + creates: /home/{{ microk8s_user }}/.kube/config + environment: + PATH: '${PATH}:/snap/bin/' + with_items: '{{ microk8s_users }}' loop_control: - loop_var: user - label: '{{ user }}' + loop_var: microk8s_user + label: '{{ microk8s_user }}' + tags: + - molecule-idempotence-notest + - microk8s + - microk8s.kube + - microk8s.kube.config - name: reaffirm permission on files - become: yes - file: + ansible.builtin.file: path: ~/.kube state: directory - owner: '{{ user }}' - group: '{{ user }}' - recurse: yes - with_items: '{{ users }}' + owner: '{{ microk8s_user }}' + group: '{{ microk8s_user }}' + recurse: true + with_items: '{{ microk8s_users }}' loop_control: - loop_var: user - label: '{{ user }}' - -- name: add helm repository to user - become: yes - become_user: '{{ user }}' - community.kubernetes.helm_repository: - name: stable - repo_url: https://charts.helm.sh/stable - with_items: '{{ users }}' - loop_control: - loop_var: user - label: '{{ user }}' - when: microk8s_plugin_helm3_enable - -- name: update helm repos - become: yes - become_user: '{{ user }}' - community.kubernetes.helm: - name: stable - state: absent - namespace: default - update_repo_cache: yes - with_items: '{{ users }}' - loop_control: - loop_var: user - label: '{{ user }}' - when: microk8s_plugin_helm3_enable + loop_var: microk8s_user + label: '{{ microk8s_user }}' + tags: + - microk8s + - microk8s.kube + - microk8s.kube.permission +... diff --git a/tasks/install.yml b/tasks/install.yml index 6002a10..8b722e9 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,117 +1,204 @@ -- name: Make sure snapd is installed - apt: +--- +- name: Make sure dependencies are installed + ansible.builtin.apt: name: - snapd + - fuse + - udev state: present - become: yes - when: ansible_distribution == 'Ubuntu' + update_cache: true + cache_valid_time: "{{ microk8s_cache_valid_time }}" + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.apt -- name: Make sure snapd is installed - pacman: - name: - - snapd - state: present - become: yes - when: ansible_distribution == 'Archlinux' +- name: Start and Enable Services + ansible.builtin.service: + name: "{{ microk8s_service }}" + state: started + enabled: true + with_items: + - snapd + - udev + loop_control: + loop_var: microk8s_service + label: "{{ microk8s_service }}" + tags: + - microk8s + - microk8s.dependencies + - microk8s.dependencies.services - name: Install microk8s - become: yes - snap: + community.general.snap: name: microk8s - classic: yes - channel: "{{ microk8s_version }}" + classic: true + tags: + - microk8s + - microk8s.install - name: Wait for microk8s to be ready - become: yes - command: microk8s.status --wait-ready + ansible.builtin.command: + cmd: microk8s.status --wait-ready changed_when: false - register: mk8sstatusout + environment: + PATH: '${PATH}:/snap/bin/' + tags: + - notest + - microk8s + - microk8s.ready - name: Create kubectl alias - become: yes - command: "snap alias microk8s.kubectl kubectl" + ansible.builtin.command: + cmd: snap alias microk8s.kubectl kubectl changed_when: false - register: aliaskubectlout + tags: + - microk8s + - microk8s.alias + - microk8s.alias.kubectl - name: Create helm3 alias - become: yes - command: "snap alias microk8s.helm3 helm" + ansible.builtin.command: + cmd: snap alias microk8s.helm3 helm changed_when: false - register: aliashelmout - when: microk8s_plugins.helm3 - -- name: Create custom certificates - become: yes - ansible.builtin.template: - src: "{{ microk8s_csr_template }}" - dest: /var/snap/microk8s/current/certs/csr.conf.template - mode: 0644 - when: microk8s_csr_template is defined and microk8s_csr_template is file - notify: - - Refresh certs + when: + - microk8s_plugins is defined + - microk8s_plugins.helm3 is defined + - microk8s_plugins.helm3 + tags: + - microk8s + - microk8s.alias + - microk8s.alias.helm - name: Create folder for microk8s certificates - become: yes - file: + ansible.builtin.file: path: /usr/share/ca-certificates/extra state: directory mode: 0755 + tags: + - microk8s + - microk8s.certs + - microk8s.certs.dir - name: Copy certificates - become: yes - copy: - src: "{{ item }}" + ansible.builtin.copy: + src: "{{ microk8s_ca }}" dest: /usr/share/ca-certificates/extra - remote_src: yes - force: yes + remote_src: true + force: true mode: 0644 with_fileglob: - /var/snap/microk8s/current/certs/*ca*.crt + loop_control: + loop_var: microk8s_ca + label: "{{ microk8s_ca }}" + tags: + - microk8s + - microk8s.certs + - microk8s.certs.copy - name: Trust certificates generated by microk8s - become: yes - command: "update-ca-certificates" - register: command_result - changed_when: "'0 added, 0 removed' not in command_result.stdout" + ansible.builtin.command: + cmd: update-ca-certificates + register: microk8s_cmd_result + changed_when: "'0 added, 0 removed' not in microk8s_cmd_result.stdout" + tags: + - microk8s + - microk8s.certs + - microk8s.certs.trust - name: Enable plugins - become: yes - loop: "{{ microk8s_plugins | dict2items }}" - command: "microk8s.enable {{ item.key }}" - loop_control: - label: "{{ item.key }}" - register: command_result - changed_when: "'Addon {{ item.key }} is already enabled' not in command_result.stdout" - when: item.value and item.key != "registry" + ansible.builtin.command: + cmd: "microk8s.enable {{ microk8s_plugin.key }}" + with_dict: "{{ microk8s_plugins }}" + environment: + PATH: '${PATH}:/snap/bin/' + loop_control: + loop_var: microk8s_plugin + label: "{{ microk8s_plugin.key }}" + when: + - microk8s_plugins is defined + - microk8s_plugin.value + - microk8s_plugin.key != "registry" + register: microk8s_cmd_result + changed_when: + - "'Addon {{ microk8s_plugin.key }} is already enabled' + not in microk8s_cmd_result.stdout" + tags: + - molecule-idempotence-notest + - microk8s + - microk8s.plugins + - microk8s.plugins.enable - name: Disable plugins - become: yes - loop: "{{ microk8s_plugins | dict2items }}" - command: "microk8s.disable {{ item.key }}" - loop_control: - label: "{{ item.key }}" - register: command_result - changed_when: "'Addon {{ item.key }} is already disabled' not in command_result.stdout" - when: not item.value and item.key != "registry" + ansible.builtin.command: + cmd: "microk8s.disable {{ microk8s_plugin.key }}" + with_dict: "{{ microk8s_plugins | default({}) }}" + loop_control: + loop_var: microk8s_plugin + label: "{{ microk8s_plugin.key }}" + register: microk8s_cmd_result + environment: + PATH: '${PATH}:/snap/bin/' + changed_when: + - "'Addon {{ microk8s_plugin.key }} is already disabled' + not in microk8s_cmd_result.stdout" + when: + - microk8s_plugins is defined + - not (microk8s_plugin.value | bool) + - microk8s_plugin.key != "registry" + tags: + - molecule-idempotence-notest + - microk8s + - microk8s.plugins + - microk8s.plugins.disable - name: Enable registry - become: yes - command: "microk8s.enable registry:size={{ registry_size }}" - register: command_result - changed_when: "'Addon registry is already enabled' not in command_result.stdout" - when: microk8s_plugins.registry + ansible.builtin.command: + cmd: "microk8s.enable registry:size={{ microk8s_registry_size }}" + register: microk8s_cmd_result + environment: + PATH: '${PATH}:/snap/bin/' + changed_when: + - "'Addon registry is already enabled' not in microk8s_cmd_result.stdout" + when: + - microk8s_plugins is defined + - microk8s_plugins.registry is defined + - (microk8s_plugins.registry | bool) + tags: + - microk8s + - microk8s.plugins + - microk8s.plugins.enable + - microk8s.plugins.enable.registry - name: Disable registry - become: yes - command: "microk8s.disable registry:size={{ registry_size }}" - register: command_result - changed_when: "'Addon registry is already disabled' not in command_result.stdout" - when: not microk8s_plugins.registry + ansible.builtin.command: + cmd: "microk8s.disable registry:size={{ microk8s_registry_size }}" + register: microk8s_cmd_result + environment: + PATH: '${PATH}:/snap/bin/' + changed_when: + - "'Addon registry is already disabled' not in microk8s_cmd_result.stdout" + when: + - microk8s_plugins is defined + - microk8s_plugins.registry is defined + - not (microk8s_plugins.registry | bool) + tags: + - microk8s + - microk8s.plugins + - microk8s.plugins.disable + - microk8s.plugins.disable.registry - name: Disable snap autoupdate - blockinfile: + ansible.builtin.blockinfile: dest: /etc/hosts marker: "# {mark} ANSIBLE MANAGED: microk8s Disable snap autoupdate" content: | 127.0.0.1 api.snapcraft.io - when: microk8s_disable_snap_autoupdate + when: + - (microk8s_disable_snap_autoupdate | bool) + tags: + - notest + - microk8s + - microk8s.disable_autoupdate +... diff --git a/tasks/main.yml b/tasks/main.yml index 5ded850..5a1d9d5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,10 +1,27 @@ --- -- import_tasks: install.yml +- name: install microk8s + ansible.builtin.import_tasks: + file: install.yml + tags: + - always + - microk8s -- name: configure users - include_tasks: configure-groups.yml - when: "users is defined and users not in ([], None, '', omit)" +- name: configure microk8s Users + ansible.builtin.include_tasks: + file: configure-groups.yml + when: + - microk8s_users is defined + - microk8s_users not in ([], None, '', omit) + tags: + - microk8s + - microk8s.users - name: configure High Availability - include_tasks: configure-HA.yml - when: "microk8s_enable_HA" + ansible.builtin.include_tasks: + file: configure-HA.yml + when: + - microk8s_enable_ha | bool + tags: + - microk8s + - microk8s.ha +... diff --git a/tests/test.yml b/tests/test.yml deleted file mode 100644 index 98746ee..0000000 --- a/tests/test.yml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: 127.0.0.1 - connection: local - tags: - - case-1 - vars: - ansible_unit_test: True - roles: - - role: ../.. diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index 81c38cd..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# var file for ansible_role_microk8s