From 168be1f6bb41e17ecf7d86c1ed1192f1500d5e56 Mon Sep 17 00:00:00 2001 From: Thomas Maurice Date: Sat, 16 Mar 2019 11:51:32 +0000 Subject: [PATCH] Bunch of improvements around testing and ansible galaxy * added a license info * added galaxy tags/platforms * added travis test support * testing the playbook using molecule --- .gitignore | 1 + .travis.yml | 14 ++++++ .yamllint | 6 +++ LICENSE | 11 +++++ README.md | 39 ++++++++++++++-- defaults/main.yml | 6 +-- handlers/main.yml | 14 ++++-- meta/main.yml | 26 +++++++++-- molecule/default/Dockerfile.j2 | 14 ++++++ molecule/default/INSTALL.rst | 16 +++++++ molecule/default/molecule.yml | 35 +++++++++++++++ molecule/default/playbook.yml | 5 +++ molecule/default/tests/test_default.py | 14 ++++++ requirements-travis.txt | 61 ++++++++++++++++++++++++++ tasks/create_user.yml | 1 + tasks/{fail2ban.yaml => fail2ban.yml} | 6 +-- tasks/install_systemd.yml | 5 +++ tasks/main.yml | 10 ++--- vars/main.yml | 3 ++ 19 files changed, 266 insertions(+), 21 deletions(-) create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 .yamllint create mode 100644 LICENSE create mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml create mode 100644 molecule/default/tests/test_default.py create mode 100644 requirements-travis.txt rename tasks/{fail2ban.yaml => fail2ban.yml} (91%) create mode 100644 vars/main.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0d20b64 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.pyc diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..7b706f7 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +--- +sudo: required +language: python +services: + - docker +before_install: + - sudo apt-get -qq update + - > + sudo apt-get install -o Dpkg::Options::="--force-confold" + --force-yes -y docker-engine +install: + - pip install -r requirements-travis.txt +script: + - molecule test diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..da36038 --- /dev/null +++ b/.yamllint @@ -0,0 +1,6 @@ +extends: default + +rules: + line-length: + max: 100 + level: warning diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..195ba20 --- /dev/null +++ b/LICENSE @@ -0,0 +1,11 @@ +Copyright 2019-present Thomas Maurice + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/README.md b/README.md index 4dbc9da..99d6cf4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # Ansible role gitea - Install a gitea server +[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea) This role installs and manages a [gitea](https://gitea.io) server - [Source code & screenshots](https://github.com/go-gitea/gitea). @@ -137,7 +138,39 @@ successfully on Debian Jessie 64 bits. Do not hesitate to make me a pull request, and when in doubt you can reach me on Twitter [@thomas_maurice](https://twitter.com/thomas_maurice). -I also would be happy to fix the issues that would be opened. +I also would be happy to fix the issues that would be opened, or even better, review +your pull requests :) -## Author -This role is written by [Thomas Maurice](https://thomas.maurice.fr). +## Testing +Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html), to start the +tests, install the dependencies, I would recommend you use a virtual env for that but who am I to +tell you what to do. + +``` +pip install pew # install pew to manage the venvs +pew new ansible # create the venv +pip install -r requirements-travis.txt # install the requirements +molecule test # Run the actual tests +``` + +Note: you need Docker installed + +### Known testing limitations +As of now, it is mainly validating that the playbook runs, the lint is ok and that type of things, +since it runs in Docker we have no way yet to check if the service actually is launched by systemd +and so on, this has to be worked on. + +## License +``` +Copyright 2019-present Thomas Maurice + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +``` \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml index fa197b1..949df44 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,4 @@ +--- gitea_version: "1.7.3" gitea_app_name: "Gitea" @@ -42,8 +43,8 @@ gitea_force_private: false gitea_mailer_enabled: false gitea_mailer_skip_verify: false gitea_mailer_tls_enabled: true -gitea_mailer_host: localhost:25 -gitea_mailer_from: noreply@your.domain +gitea_mailer_host: localhost:25 +gitea_mailer_from: noreply@your.domain gitea_fail2ban_enabled: false gitea_fail2ban_jail_maxretry: 10 @@ -53,4 +54,3 @@ gitea_fail2ban_jail_action: iptables-allports gitea_oauth2_enabled: true gitea_oauth2_jwt_secret: ChangeMe - diff --git a/handlers/main.yml b/handlers/main.yml index ff9001f..eade7a3 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,11 +1,17 @@ +--- - name: "Restart gitea" - service: name=gitea state=restarted + service: + name: gitea + state: restarted + when: ansible_service_mgr == "systemd" - name: "Reload systemd" - shell: "systemctl daemon-reload" + systemd: + daemon_reload: true + when: ansible_service_mgr == "systemd" - name: "Restart fail2ban" service: - name: fail2ban + name: fail2ban state: restarted - + when: ansible_service_mgr == "systemd" diff --git a/meta/main.yml b/meta/main.yml index b2ce962..1eb9a96 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -2,7 +2,27 @@ galaxy_info: author: Thomas Maurice description: Ansible Role - Gitea + min_ansible_version: 2.7.9 + license: BSD-3-Clause + galaxy_tags: + - git + - gitea + - system + - development + - source-control + - self-hosted + - git-server + - gogs platforms: - - name: Debian - versions: - - jessie + - name: Debian + versions: + - jessie + - stretch + - name: EL + versions: + - 7 + - name: Ubuntu + versions: + - xenial + - bionic + diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..4a1d8fe --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo git bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel git python2-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python git sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python git sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo git bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python git sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..b42edf5 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,16 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html) +* Docker Engine +* docker-py +* docker + +Install +======= + + $ sudo pip install docker-py diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..8f011ca --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,35 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos7 + image: centos:7 + - name: debian-stretch + image: debian:stretch + - name: debian-jessie + image: debian:jessie + - name: ubuntu-xenial + image: ubuntu:xenial + - name: ubuntu-bionic + image: ubuntu:bionic +provisioner: + name: ansible + lint: + name: ansible-lint +scenario: + name: default + test_sequence: + - lint + - destroy + - create + - converge + - destroy + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..35294c0 --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: ansible-role-gitea diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..eedd64a --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,14 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hosts_file(host): + f = host.file('/etc/hosts') + + assert f.exists + assert f.user == 'root' + assert f.group == 'root' diff --git a/requirements-travis.txt b/requirements-travis.txt new file mode 100644 index 0000000..d13534b --- /dev/null +++ b/requirements-travis.txt @@ -0,0 +1,61 @@ +ansible==2.7.9 +ansible-lint==3.4.23 +anyconfig==0.9.7 +arrow==0.13.1 +asn1crypto==0.24.0 +atomicwrites==1.3.0 +attrs==19.1.0 +bcrypt==3.1.6 +binaryornot==0.4.4 +Cerberus==1.2 +certifi==2019.3.9 +cffi==1.12.2 +chardet==3.0.4 +click==6.7 +click-completion==0.3.1 +colorama==0.3.9 +cookiecutter==1.6.0 +cryptography==2.6.1 +docker==3.7.0 +docker-pycreds==0.4.0 +fasteners==0.14.1 +flake8==3.5.0 +future==0.17.1 +git-url-parse==1.2.1 +idna==2.8 +Jinja2==2.10 +jinja2-time==0.2.0 +MarkupSafe==1.1.1 +mccabe==0.6.1 +molecule==2.19.0 +monotonic==1.5 +more-itertools==6.0.0 +paramiko==2.4.2 +pathspec==0.5.9 +pbr==4.1.0 +pexpect==4.6.0 +pluggy==0.9.0 +poyo==0.4.2 +psutil==5.4.6 +ptyprocess==0.6.0 +py==1.8.0 +pyasn1==0.4.5 +pycodestyle==2.3.1 +pycparser==2.19 +pyflakes==1.6.0 +PyNaCl==1.3.0 +pytest==4.3.1 +python-dateutil==2.8.0 +python-gilt==1.2.1 +PyYAML==3.13 +requests==2.21.0 +ruamel.yaml==0.15.89 +sh==1.12.14 +six==1.11.0 +tabulate==0.8.2 +testinfra==1.16.0 +tree-format==0.1.2 +urllib3==1.24.1 +websocket-client==0.55.0 +whichcraft==0.5.2 +yamllint==1.11.1 diff --git a/tasks/create_user.yml b/tasks/create_user.yml index 28b44e3..cb22b62 100644 --- a/tasks/create_user.yml +++ b/tasks/create_user.yml @@ -1,3 +1,4 @@ +--- - name: "Create Gitea user" user: name: "{{ gitea_user }}" diff --git a/tasks/fail2ban.yaml b/tasks/fail2ban.yml similarity index 91% rename from tasks/fail2ban.yaml rename to tasks/fail2ban.yml index db57979..5a9837e 100644 --- a/tasks/fail2ban.yaml +++ b/tasks/fail2ban.yml @@ -1,10 +1,11 @@ +--- - name: Install fail2ban filter template: src: fail2ban/filter.conf.j2 dest: /etc/fail2ban/filter.d/gitea.conf owner: root group: root - mode: 0444 + mode: 0444 notify: Restart fail2ban - name: Install fail2ban jail @@ -13,6 +14,5 @@ dest: /etc/fail2ban/jail.d/gitea.conf owner: root group: root - mode: 0444 + mode: 0444 notify: Restart fail2ban - diff --git a/tasks/install_systemd.yml b/tasks/install_systemd.yml index 6abfa8b..7698ede 100644 --- a/tasks/install_systemd.yml +++ b/tasks/install_systemd.yml @@ -1,3 +1,4 @@ +--- - name: "Setup systemd service" template: src: gitea.service.j2 @@ -8,3 +9,7 @@ notify: - "Reload systemd" - "Restart gitea" + +- name: "Reload systemd" + systemd: + daemon_reload: true diff --git a/tasks/main.yml b/tasks/main.yml index c03ccea..c3ab493 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,12 +1,12 @@ -# TODO: variabilize this +--- - name: "Download the binary" get_url: - url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" + url: "{{ gitea_dl_url }}/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}" dest: /usr/local/bin/gitea owner: root group: root mode: 0755 - force: yes + force: true notify: "Restart gitea" - include: create_user.yml @@ -24,7 +24,6 @@ - "{{ gitea_home }}/custom/https" - "{{ gitea_home }}/custom/mailer" -# TODO: Support other systems than systemd - include: install_systemd.yml when: ansible_service_mgr == "systemd" @@ -41,6 +40,7 @@ name: gitea state: started enabled: true + when: ansible_service_mgr == "systemd" - include: fail2ban.yml - when: gitea_fail2ban_enabled \ No newline at end of file + when: gitea_fail2ban_enabled diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..3581cfb --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,3 @@ +--- +gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" +gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download"