Bunch of improvements around testing and ansible galaxy

* added a license info
 * added galaxy tags/platforms
 * added travis test support
 * testing the playbook using molecule
This commit is contained in:
Thomas Maurice 2019-03-16 11:51:32 +00:00
parent a0804ab28b
commit 168be1f6bb
19 changed files with 266 additions and 21 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.pyc

14
.travis.yml Normal file
View File

@ -0,0 +1,14 @@
---
sudo: required
language: python
services:
- docker
before_install:
- sudo apt-get -qq update
- >
sudo apt-get install -o Dpkg::Options::="--force-confold"
--force-yes -y docker-engine
install:
- pip install -r requirements-travis.txt
script:
- molecule test

6
.yamllint Normal file
View File

@ -0,0 +1,6 @@
extends: default
rules:
line-length:
max: 100
level: warning

11
LICENSE Normal file
View File

@ -0,0 +1,11 @@
Copyright 2019-present Thomas Maurice
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View File

@ -1,4 +1,5 @@
# Ansible role gitea - Install a gitea server
[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea)
This role installs and manages a [gitea](https://gitea.io) server -
[Source code & screenshots](https://github.com/go-gitea/gitea).
@ -137,7 +138,39 @@ successfully on Debian Jessie 64 bits.
Do not hesitate to make me a pull request, and when in doubt you can reach me on
Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).
I also would be happy to fix the issues that would be opened.
I also would be happy to fix the issues that would be opened, or even better, review
your pull requests :)
## Author
This role is written by [Thomas Maurice](https://thomas.maurice.fr).
## Testing
Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html), to start the
tests, install the dependencies, I would recommend you use a virtual env for that but who am I to
tell you what to do.
```
pip install pew # install pew to manage the venvs
pew new ansible # create the venv
pip install -r requirements-travis.txt # install the requirements
molecule test # Run the actual tests
```
Note: you need Docker installed
### Known testing limitations
As of now, it is mainly validating that the playbook runs, the lint is ok and that type of things,
since it runs in Docker we have no way yet to check if the service actually is launched by systemd
and so on, this has to be worked on.
## License
```
Copyright 2019-present Thomas Maurice
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
```

View File

@ -1,3 +1,4 @@
---
gitea_version: "1.7.3"
gitea_app_name: "Gitea"
@ -42,8 +43,8 @@ gitea_force_private: false
gitea_mailer_enabled: false
gitea_mailer_skip_verify: false
gitea_mailer_tls_enabled: true
gitea_mailer_host: localhost:25
gitea_mailer_from: noreply@your.domain
gitea_mailer_host: localhost:25
gitea_mailer_from: noreply@your.domain
gitea_fail2ban_enabled: false
gitea_fail2ban_jail_maxretry: 10
@ -53,4 +54,3 @@ gitea_fail2ban_jail_action: iptables-allports
gitea_oauth2_enabled: true
gitea_oauth2_jwt_secret: ChangeMe

View File

@ -1,11 +1,17 @@
---
- name: "Restart gitea"
service: name=gitea state=restarted
service:
name: gitea
state: restarted
when: ansible_service_mgr == "systemd"
- name: "Reload systemd"
shell: "systemctl daemon-reload"
systemd:
daemon_reload: true
when: ansible_service_mgr == "systemd"
- name: "Restart fail2ban"
service:
name: fail2ban
name: fail2ban
state: restarted
when: ansible_service_mgr == "systemd"

View File

@ -2,7 +2,27 @@
galaxy_info:
author: Thomas Maurice
description: Ansible Role - Gitea
min_ansible_version: 2.7.9
license: BSD-3-Clause
galaxy_tags:
- git
- gitea
- system
- development
- source-control
- self-hosted
- git-server
- gogs
platforms:
- name: Debian
versions:
- jessie
- name: Debian
versions:
- jessie
- stretch
- name: EL
versions:
- 7
- name: Ubuntu
versions:
- xenial
- bionic

View File

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo git bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel git python2-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python git sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python git sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo git bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python git sudo bash ca-certificates && xbps-remove -O; fi

View File

@ -0,0 +1,16 @@
*******
Docker driver installation guide
*******
Requirements
============
* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
* Docker Engine
* docker-py
* docker
Install
=======
$ sudo pip install docker-py

View File

@ -0,0 +1,35 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos7
image: centos:7
- name: debian-stretch
image: debian:stretch
- name: debian-jessie
image: debian:jessie
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint
scenario:
name: default
test_sequence:
- lint
- destroy
- create
- converge
- destroy
verifier:
name: testinfra
lint:
name: flake8

View File

@ -0,0 +1,5 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-gitea

View File

@ -0,0 +1,14 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_hosts_file(host):
f = host.file('/etc/hosts')
assert f.exists
assert f.user == 'root'
assert f.group == 'root'

61
requirements-travis.txt Normal file
View File

@ -0,0 +1,61 @@
ansible==2.7.9
ansible-lint==3.4.23
anyconfig==0.9.7
arrow==0.13.1
asn1crypto==0.24.0
atomicwrites==1.3.0
attrs==19.1.0
bcrypt==3.1.6
binaryornot==0.4.4
Cerberus==1.2
certifi==2019.3.9
cffi==1.12.2
chardet==3.0.4
click==6.7
click-completion==0.3.1
colorama==0.3.9
cookiecutter==1.6.0
cryptography==2.6.1
docker==3.7.0
docker-pycreds==0.4.0
fasteners==0.14.1
flake8==3.5.0
future==0.17.1
git-url-parse==1.2.1
idna==2.8
Jinja2==2.10
jinja2-time==0.2.0
MarkupSafe==1.1.1
mccabe==0.6.1
molecule==2.19.0
monotonic==1.5
more-itertools==6.0.0
paramiko==2.4.2
pathspec==0.5.9
pbr==4.1.0
pexpect==4.6.0
pluggy==0.9.0
poyo==0.4.2
psutil==5.4.6
ptyprocess==0.6.0
py==1.8.0
pyasn1==0.4.5
pycodestyle==2.3.1
pycparser==2.19
pyflakes==1.6.0
PyNaCl==1.3.0
pytest==4.3.1
python-dateutil==2.8.0
python-gilt==1.2.1
PyYAML==3.13
requests==2.21.0
ruamel.yaml==0.15.89
sh==1.12.14
six==1.11.0
tabulate==0.8.2
testinfra==1.16.0
tree-format==0.1.2
urllib3==1.24.1
websocket-client==0.55.0
whichcraft==0.5.2
yamllint==1.11.1

View File

@ -1,3 +1,4 @@
---
- name: "Create Gitea user"
user:
name: "{{ gitea_user }}"

View File

@ -1,10 +1,11 @@
---
- name: Install fail2ban filter
template:
src: fail2ban/filter.conf.j2
dest: /etc/fail2ban/filter.d/gitea.conf
owner: root
group: root
mode: 0444
mode: 0444
notify: Restart fail2ban
- name: Install fail2ban jail
@ -13,6 +14,5 @@
dest: /etc/fail2ban/jail.d/gitea.conf
owner: root
group: root
mode: 0444
mode: 0444
notify: Restart fail2ban

View File

@ -1,3 +1,4 @@
---
- name: "Setup systemd service"
template:
src: gitea.service.j2
@ -8,3 +9,7 @@
notify:
- "Reload systemd"
- "Restart gitea"
- name: "Reload systemd"
systemd:
daemon_reload: true

View File

@ -1,12 +1,12 @@
# TODO: variabilize this
---
- name: "Download the binary"
get_url:
url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
url: "{{ gitea_dl_url }}/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
dest: /usr/local/bin/gitea
owner: root
group: root
mode: 0755
force: yes
force: true
notify: "Restart gitea"
- include: create_user.yml
@ -24,7 +24,6 @@
- "{{ gitea_home }}/custom/https"
- "{{ gitea_home }}/custom/mailer"
# TODO: Support other systems than systemd
- include: install_systemd.yml
when: ansible_service_mgr == "systemd"
@ -41,6 +40,7 @@
name: gitea
state: started
enabled: true
when: ansible_service_mgr == "systemd"
- include: fail2ban.yml
when: gitea_fail2ban_enabled
when: gitea_fail2ban_enabled

3
vars/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download"