Bunch of improvements around testing and ansible galaxy
* added a license info * added galaxy tags/platforms * added travis test support * testing the playbook using molecule
This commit is contained in:
parent
a0804ab28b
commit
168be1f6bb
19 changed files with 266 additions and 21 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
*.pyc
|
14
.travis.yml
Normal file
14
.travis.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
sudo: required
|
||||||
|
language: python
|
||||||
|
services:
|
||||||
|
- docker
|
||||||
|
before_install:
|
||||||
|
- sudo apt-get -qq update
|
||||||
|
- >
|
||||||
|
sudo apt-get install -o Dpkg::Options::="--force-confold"
|
||||||
|
--force-yes -y docker-engine
|
||||||
|
install:
|
||||||
|
- pip install -r requirements-travis.txt
|
||||||
|
script:
|
||||||
|
- molecule test
|
6
.yamllint
Normal file
6
.yamllint
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
line-length:
|
||||||
|
max: 100
|
||||||
|
level: warning
|
11
LICENSE
Normal file
11
LICENSE
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
Copyright 2019-present Thomas Maurice
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
39
README.md
39
README.md
|
@ -1,4 +1,5 @@
|
||||||
# Ansible role gitea - Install a gitea server
|
# Ansible role gitea - Install a gitea server
|
||||||
|
[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea)
|
||||||
|
|
||||||
This role installs and manages a [gitea](https://gitea.io) server -
|
This role installs and manages a [gitea](https://gitea.io) server -
|
||||||
[Source code & screenshots](https://github.com/go-gitea/gitea).
|
[Source code & screenshots](https://github.com/go-gitea/gitea).
|
||||||
|
@ -137,7 +138,39 @@ successfully on Debian Jessie 64 bits.
|
||||||
Do not hesitate to make me a pull request, and when in doubt you can reach me on
|
Do not hesitate to make me a pull request, and when in doubt you can reach me on
|
||||||
Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).
|
Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).
|
||||||
|
|
||||||
I also would be happy to fix the issues that would be opened.
|
I also would be happy to fix the issues that would be opened, or even better, review
|
||||||
|
your pull requests :)
|
||||||
|
|
||||||
## Author
|
## Testing
|
||||||
This role is written by [Thomas Maurice](https://thomas.maurice.fr).
|
Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html), to start the
|
||||||
|
tests, install the dependencies, I would recommend you use a virtual env for that but who am I to
|
||||||
|
tell you what to do.
|
||||||
|
|
||||||
|
```
|
||||||
|
pip install pew # install pew to manage the venvs
|
||||||
|
pew new ansible # create the venv
|
||||||
|
pip install -r requirements-travis.txt # install the requirements
|
||||||
|
molecule test # Run the actual tests
|
||||||
|
```
|
||||||
|
|
||||||
|
Note: you need Docker installed
|
||||||
|
|
||||||
|
### Known testing limitations
|
||||||
|
As of now, it is mainly validating that the playbook runs, the lint is ok and that type of things,
|
||||||
|
since it runs in Docker we have no way yet to check if the service actually is launched by systemd
|
||||||
|
and so on, this has to be worked on.
|
||||||
|
|
||||||
|
## License
|
||||||
|
```
|
||||||
|
Copyright 2019-present Thomas Maurice
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
|
||||||
|
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
|
||||||
|
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
```
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
gitea_version: "1.7.3"
|
gitea_version: "1.7.3"
|
||||||
|
|
||||||
gitea_app_name: "Gitea"
|
gitea_app_name: "Gitea"
|
||||||
|
@ -42,8 +43,8 @@ gitea_force_private: false
|
||||||
gitea_mailer_enabled: false
|
gitea_mailer_enabled: false
|
||||||
gitea_mailer_skip_verify: false
|
gitea_mailer_skip_verify: false
|
||||||
gitea_mailer_tls_enabled: true
|
gitea_mailer_tls_enabled: true
|
||||||
gitea_mailer_host: localhost:25
|
gitea_mailer_host: localhost:25
|
||||||
gitea_mailer_from: noreply@your.domain
|
gitea_mailer_from: noreply@your.domain
|
||||||
|
|
||||||
gitea_fail2ban_enabled: false
|
gitea_fail2ban_enabled: false
|
||||||
gitea_fail2ban_jail_maxretry: 10
|
gitea_fail2ban_jail_maxretry: 10
|
||||||
|
@ -53,4 +54,3 @@ gitea_fail2ban_jail_action: iptables-allports
|
||||||
|
|
||||||
gitea_oauth2_enabled: true
|
gitea_oauth2_enabled: true
|
||||||
gitea_oauth2_jwt_secret: ChangeMe
|
gitea_oauth2_jwt_secret: ChangeMe
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,17 @@
|
||||||
|
---
|
||||||
- name: "Restart gitea"
|
- name: "Restart gitea"
|
||||||
service: name=gitea state=restarted
|
service:
|
||||||
|
name: gitea
|
||||||
|
state: restarted
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- name: "Reload systemd"
|
- name: "Reload systemd"
|
||||||
shell: "systemctl daemon-reload"
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- name: "Restart fail2ban"
|
- name: "Restart fail2ban"
|
||||||
service:
|
service:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
|
@ -2,7 +2,27 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Thomas Maurice
|
author: Thomas Maurice
|
||||||
description: Ansible Role - Gitea
|
description: Ansible Role - Gitea
|
||||||
|
min_ansible_version: 2.7.9
|
||||||
|
license: BSD-3-Clause
|
||||||
|
galaxy_tags:
|
||||||
|
- git
|
||||||
|
- gitea
|
||||||
|
- system
|
||||||
|
- development
|
||||||
|
- source-control
|
||||||
|
- self-hosted
|
||||||
|
- git-server
|
||||||
|
- gogs
|
||||||
platforms:
|
platforms:
|
||||||
- name: Debian
|
- name: Debian
|
||||||
versions:
|
versions:
|
||||||
- jessie
|
- jessie
|
||||||
|
- stretch
|
||||||
|
- name: EL
|
||||||
|
versions:
|
||||||
|
- 7
|
||||||
|
- name: Ubuntu
|
||||||
|
versions:
|
||||||
|
- xenial
|
||||||
|
- bionic
|
||||||
|
|
||||||
|
|
14
molecule/default/Dockerfile.j2
Normal file
14
molecule/default/Dockerfile.j2
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Molecule managed
|
||||||
|
|
||||||
|
{% if item.registry is defined %}
|
||||||
|
FROM {{ item.registry.url }}/{{ item.image }}
|
||||||
|
{% else %}
|
||||||
|
FROM {{ item.image }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo git bash ca-certificates && apt-get clean; \
|
||||||
|
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel git python2-dnf bash && dnf clean all; \
|
||||||
|
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python git sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
|
||||||
|
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python git sudo bash python-xml && zypper clean -a; \
|
||||||
|
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo git bash ca-certificates; \
|
||||||
|
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python git sudo bash ca-certificates && xbps-remove -O; fi
|
16
molecule/default/INSTALL.rst
Normal file
16
molecule/default/INSTALL.rst
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
*******
|
||||||
|
Docker driver installation guide
|
||||||
|
*******
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
============
|
||||||
|
|
||||||
|
* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
|
||||||
|
* Docker Engine
|
||||||
|
* docker-py
|
||||||
|
* docker
|
||||||
|
|
||||||
|
Install
|
||||||
|
=======
|
||||||
|
|
||||||
|
$ sudo pip install docker-py
|
35
molecule/default/molecule.yml
Normal file
35
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
lint:
|
||||||
|
name: yamllint
|
||||||
|
platforms:
|
||||||
|
- name: centos7
|
||||||
|
image: centos:7
|
||||||
|
- name: debian-stretch
|
||||||
|
image: debian:stretch
|
||||||
|
- name: debian-jessie
|
||||||
|
image: debian:jessie
|
||||||
|
- name: ubuntu-xenial
|
||||||
|
image: ubuntu:xenial
|
||||||
|
- name: ubuntu-bionic
|
||||||
|
image: ubuntu:bionic
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
lint:
|
||||||
|
name: ansible-lint
|
||||||
|
scenario:
|
||||||
|
name: default
|
||||||
|
test_sequence:
|
||||||
|
- lint
|
||||||
|
- destroy
|
||||||
|
- create
|
||||||
|
- converge
|
||||||
|
- destroy
|
||||||
|
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
5
molecule/default/playbook.yml
Normal file
5
molecule/default/playbook.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
roles:
|
||||||
|
- role: ansible-role-gitea
|
14
molecule/default/tests/test_default.py
Normal file
14
molecule/default/tests/test_default.py
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
import os
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
||||||
|
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||||
|
|
||||||
|
|
||||||
|
def test_hosts_file(host):
|
||||||
|
f = host.file('/etc/hosts')
|
||||||
|
|
||||||
|
assert f.exists
|
||||||
|
assert f.user == 'root'
|
||||||
|
assert f.group == 'root'
|
61
requirements-travis.txt
Normal file
61
requirements-travis.txt
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
ansible==2.7.9
|
||||||
|
ansible-lint==3.4.23
|
||||||
|
anyconfig==0.9.7
|
||||||
|
arrow==0.13.1
|
||||||
|
asn1crypto==0.24.0
|
||||||
|
atomicwrites==1.3.0
|
||||||
|
attrs==19.1.0
|
||||||
|
bcrypt==3.1.6
|
||||||
|
binaryornot==0.4.4
|
||||||
|
Cerberus==1.2
|
||||||
|
certifi==2019.3.9
|
||||||
|
cffi==1.12.2
|
||||||
|
chardet==3.0.4
|
||||||
|
click==6.7
|
||||||
|
click-completion==0.3.1
|
||||||
|
colorama==0.3.9
|
||||||
|
cookiecutter==1.6.0
|
||||||
|
cryptography==2.6.1
|
||||||
|
docker==3.7.0
|
||||||
|
docker-pycreds==0.4.0
|
||||||
|
fasteners==0.14.1
|
||||||
|
flake8==3.5.0
|
||||||
|
future==0.17.1
|
||||||
|
git-url-parse==1.2.1
|
||||||
|
idna==2.8
|
||||||
|
Jinja2==2.10
|
||||||
|
jinja2-time==0.2.0
|
||||||
|
MarkupSafe==1.1.1
|
||||||
|
mccabe==0.6.1
|
||||||
|
molecule==2.19.0
|
||||||
|
monotonic==1.5
|
||||||
|
more-itertools==6.0.0
|
||||||
|
paramiko==2.4.2
|
||||||
|
pathspec==0.5.9
|
||||||
|
pbr==4.1.0
|
||||||
|
pexpect==4.6.0
|
||||||
|
pluggy==0.9.0
|
||||||
|
poyo==0.4.2
|
||||||
|
psutil==5.4.6
|
||||||
|
ptyprocess==0.6.0
|
||||||
|
py==1.8.0
|
||||||
|
pyasn1==0.4.5
|
||||||
|
pycodestyle==2.3.1
|
||||||
|
pycparser==2.19
|
||||||
|
pyflakes==1.6.0
|
||||||
|
PyNaCl==1.3.0
|
||||||
|
pytest==4.3.1
|
||||||
|
python-dateutil==2.8.0
|
||||||
|
python-gilt==1.2.1
|
||||||
|
PyYAML==3.13
|
||||||
|
requests==2.21.0
|
||||||
|
ruamel.yaml==0.15.89
|
||||||
|
sh==1.12.14
|
||||||
|
six==1.11.0
|
||||||
|
tabulate==0.8.2
|
||||||
|
testinfra==1.16.0
|
||||||
|
tree-format==0.1.2
|
||||||
|
urllib3==1.24.1
|
||||||
|
websocket-client==0.55.0
|
||||||
|
whichcraft==0.5.2
|
||||||
|
yamllint==1.11.1
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: "Create Gitea user"
|
- name: "Create Gitea user"
|
||||||
user:
|
user:
|
||||||
name: "{{ gitea_user }}"
|
name: "{{ gitea_user }}"
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
|
---
|
||||||
- name: Install fail2ban filter
|
- name: Install fail2ban filter
|
||||||
template:
|
template:
|
||||||
src: fail2ban/filter.conf.j2
|
src: fail2ban/filter.conf.j2
|
||||||
dest: /etc/fail2ban/filter.d/gitea.conf
|
dest: /etc/fail2ban/filter.d/gitea.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0444
|
mode: 0444
|
||||||
notify: Restart fail2ban
|
notify: Restart fail2ban
|
||||||
|
|
||||||
- name: Install fail2ban jail
|
- name: Install fail2ban jail
|
||||||
|
@ -13,6 +14,5 @@
|
||||||
dest: /etc/fail2ban/jail.d/gitea.conf
|
dest: /etc/fail2ban/jail.d/gitea.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0444
|
mode: 0444
|
||||||
notify: Restart fail2ban
|
notify: Restart fail2ban
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
- name: "Setup systemd service"
|
- name: "Setup systemd service"
|
||||||
template:
|
template:
|
||||||
src: gitea.service.j2
|
src: gitea.service.j2
|
||||||
|
@ -8,3 +9,7 @@
|
||||||
notify:
|
notify:
|
||||||
- "Reload systemd"
|
- "Reload systemd"
|
||||||
- "Restart gitea"
|
- "Restart gitea"
|
||||||
|
|
||||||
|
- name: "Reload systemd"
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
# TODO: variabilize this
|
---
|
||||||
- name: "Download the binary"
|
- name: "Download the binary"
|
||||||
get_url:
|
get_url:
|
||||||
url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
|
url: "{{ gitea_dl_url }}/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
|
||||||
dest: /usr/local/bin/gitea
|
dest: /usr/local/bin/gitea
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0755
|
mode: 0755
|
||||||
force: yes
|
force: true
|
||||||
notify: "Restart gitea"
|
notify: "Restart gitea"
|
||||||
|
|
||||||
- include: create_user.yml
|
- include: create_user.yml
|
||||||
|
@ -24,7 +24,6 @@
|
||||||
- "{{ gitea_home }}/custom/https"
|
- "{{ gitea_home }}/custom/https"
|
||||||
- "{{ gitea_home }}/custom/mailer"
|
- "{{ gitea_home }}/custom/mailer"
|
||||||
|
|
||||||
# TODO: Support other systems than systemd
|
|
||||||
- include: install_systemd.yml
|
- include: install_systemd.yml
|
||||||
when: ansible_service_mgr == "systemd"
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
|
@ -41,6 +40,7 @@
|
||||||
name: gitea
|
name: gitea
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
when: ansible_service_mgr == "systemd"
|
||||||
|
|
||||||
- include: fail2ban.yml
|
- include: fail2ban.yml
|
||||||
when: gitea_fail2ban_enabled
|
when: gitea_fail2ban_enabled
|
||||||
|
|
3
vars/main.yml
Normal file
3
vars/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
|
||||||
|
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download"
|
Loading…
Reference in a new issue