Bunch of improvements around testing and ansible galaxy

* added a license info
 * added galaxy tags/platforms
 * added travis test support
 * testing the playbook using molecule
This commit is contained in:
Thomas Maurice 2019-03-16 11:51:32 +00:00
parent a0804ab28b
commit 168be1f6bb
19 changed files with 266 additions and 21 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*.pyc

14
.travis.yml Normal file
View file

@ -0,0 +1,14 @@
---
sudo: required
language: python
services:
- docker
before_install:
- sudo apt-get -qq update
- >
sudo apt-get install -o Dpkg::Options::="--force-confold"
--force-yes -y docker-engine
install:
- pip install -r requirements-travis.txt
script:
- molecule test

6
.yamllint Normal file
View file

@ -0,0 +1,6 @@
extends: default
rules:
line-length:
max: 100
level: warning

11
LICENSE Normal file
View file

@ -0,0 +1,11 @@
Copyright 2019-present Thomas Maurice
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View file

@ -1,4 +1,5 @@
# Ansible role gitea - Install a gitea server # Ansible role gitea - Install a gitea server
[![Build Status](https://travis-ci.org/thomas-maurice/ansible-role-gitea.svg?branch=master)](https://travis-ci.org/thomas-maurice/ansible-role-gitea)
This role installs and manages a [gitea](https://gitea.io) server - This role installs and manages a [gitea](https://gitea.io) server -
[Source code & screenshots](https://github.com/go-gitea/gitea). [Source code & screenshots](https://github.com/go-gitea/gitea).
@ -137,7 +138,39 @@ successfully on Debian Jessie 64 bits.
Do not hesitate to make me a pull request, and when in doubt you can reach me on Do not hesitate to make me a pull request, and when in doubt you can reach me on
Twitter [@thomas_maurice](https://twitter.com/thomas_maurice). Twitter [@thomas_maurice](https://twitter.com/thomas_maurice).
I also would be happy to fix the issues that would be opened. I also would be happy to fix the issues that would be opened, or even better, review
your pull requests :)
## Author ## Testing
This role is written by [Thomas Maurice](https://thomas.maurice.fr). Testing uses [molecule](https://molecule.readthedocs.io/en/stable-1.22/usage.html), to start the
tests, install the dependencies, I would recommend you use a virtual env for that but who am I to
tell you what to do.
```
pip install pew # install pew to manage the venvs
pew new ansible # create the venv
pip install -r requirements-travis.txt # install the requirements
molecule test # Run the actual tests
```
Note: you need Docker installed
### Known testing limitations
As of now, it is mainly validating that the playbook runs, the lint is ok and that type of things,
since it runs in Docker we have no way yet to check if the service actually is launched by systemd
and so on, this has to be worked on.
## License
```
Copyright 2019-present Thomas Maurice
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
```

View file

@ -1,3 +1,4 @@
---
gitea_version: "1.7.3" gitea_version: "1.7.3"
gitea_app_name: "Gitea" gitea_app_name: "Gitea"
@ -42,8 +43,8 @@ gitea_force_private: false
gitea_mailer_enabled: false gitea_mailer_enabled: false
gitea_mailer_skip_verify: false gitea_mailer_skip_verify: false
gitea_mailer_tls_enabled: true gitea_mailer_tls_enabled: true
gitea_mailer_host: localhost:25 gitea_mailer_host: localhost:25
gitea_mailer_from: noreply@your.domain gitea_mailer_from: noreply@your.domain
gitea_fail2ban_enabled: false gitea_fail2ban_enabled: false
gitea_fail2ban_jail_maxretry: 10 gitea_fail2ban_jail_maxretry: 10
@ -53,4 +54,3 @@ gitea_fail2ban_jail_action: iptables-allports
gitea_oauth2_enabled: true gitea_oauth2_enabled: true
gitea_oauth2_jwt_secret: ChangeMe gitea_oauth2_jwt_secret: ChangeMe

View file

@ -1,11 +1,17 @@
---
- name: "Restart gitea" - name: "Restart gitea"
service: name=gitea state=restarted service:
name: gitea
state: restarted
when: ansible_service_mgr == "systemd"
- name: "Reload systemd" - name: "Reload systemd"
shell: "systemctl daemon-reload" systemd:
daemon_reload: true
when: ansible_service_mgr == "systemd"
- name: "Restart fail2ban" - name: "Restart fail2ban"
service: service:
name: fail2ban name: fail2ban
state: restarted state: restarted
when: ansible_service_mgr == "systemd"

View file

@ -2,7 +2,27 @@
galaxy_info: galaxy_info:
author: Thomas Maurice author: Thomas Maurice
description: Ansible Role - Gitea description: Ansible Role - Gitea
min_ansible_version: 2.7.9
license: BSD-3-Clause
galaxy_tags:
- git
- gitea
- system
- development
- source-control
- self-hosted
- git-server
- gogs
platforms: platforms:
- name: Debian - name: Debian
versions: versions:
- jessie - jessie
- stretch
- name: EL
versions:
- 7
- name: Ubuntu
versions:
- xenial
- bionic

View file

@ -0,0 +1,14 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo git bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel git python2-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python git sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python git sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo git bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python git sudo bash ca-certificates && xbps-remove -O; fi

View file

@ -0,0 +1,16 @@
*******
Docker driver installation guide
*******
Requirements
============
* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
* Docker Engine
* docker-py
* docker
Install
=======
$ sudo pip install docker-py

View file

@ -0,0 +1,35 @@
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: centos7
image: centos:7
- name: debian-stretch
image: debian:stretch
- name: debian-jessie
image: debian:jessie
- name: ubuntu-xenial
image: ubuntu:xenial
- name: ubuntu-bionic
image: ubuntu:bionic
provisioner:
name: ansible
lint:
name: ansible-lint
scenario:
name: default
test_sequence:
- lint
- destroy
- create
- converge
- destroy
verifier:
name: testinfra
lint:
name: flake8

View file

@ -0,0 +1,5 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-gitea

View file

@ -0,0 +1,14 @@
import os
import testinfra.utils.ansible_runner
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
def test_hosts_file(host):
f = host.file('/etc/hosts')
assert f.exists
assert f.user == 'root'
assert f.group == 'root'

61
requirements-travis.txt Normal file
View file

@ -0,0 +1,61 @@
ansible==2.7.9
ansible-lint==3.4.23
anyconfig==0.9.7
arrow==0.13.1
asn1crypto==0.24.0
atomicwrites==1.3.0
attrs==19.1.0
bcrypt==3.1.6
binaryornot==0.4.4
Cerberus==1.2
certifi==2019.3.9
cffi==1.12.2
chardet==3.0.4
click==6.7
click-completion==0.3.1
colorama==0.3.9
cookiecutter==1.6.0
cryptography==2.6.1
docker==3.7.0
docker-pycreds==0.4.0
fasteners==0.14.1
flake8==3.5.0
future==0.17.1
git-url-parse==1.2.1
idna==2.8
Jinja2==2.10
jinja2-time==0.2.0
MarkupSafe==1.1.1
mccabe==0.6.1
molecule==2.19.0
monotonic==1.5
more-itertools==6.0.0
paramiko==2.4.2
pathspec==0.5.9
pbr==4.1.0
pexpect==4.6.0
pluggy==0.9.0
poyo==0.4.2
psutil==5.4.6
ptyprocess==0.6.0
py==1.8.0
pyasn1==0.4.5
pycodestyle==2.3.1
pycparser==2.19
pyflakes==1.6.0
PyNaCl==1.3.0
pytest==4.3.1
python-dateutil==2.8.0
python-gilt==1.2.1
PyYAML==3.13
requests==2.21.0
ruamel.yaml==0.15.89
sh==1.12.14
six==1.11.0
tabulate==0.8.2
testinfra==1.16.0
tree-format==0.1.2
urllib3==1.24.1
websocket-client==0.55.0
whichcraft==0.5.2
yamllint==1.11.1

View file

@ -1,3 +1,4 @@
---
- name: "Create Gitea user" - name: "Create Gitea user"
user: user:
name: "{{ gitea_user }}" name: "{{ gitea_user }}"

View file

@ -1,10 +1,11 @@
---
- name: Install fail2ban filter - name: Install fail2ban filter
template: template:
src: fail2ban/filter.conf.j2 src: fail2ban/filter.conf.j2
dest: /etc/fail2ban/filter.d/gitea.conf dest: /etc/fail2ban/filter.d/gitea.conf
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: Restart fail2ban notify: Restart fail2ban
- name: Install fail2ban jail - name: Install fail2ban jail
@ -13,6 +14,5 @@
dest: /etc/fail2ban/jail.d/gitea.conf dest: /etc/fail2ban/jail.d/gitea.conf
owner: root owner: root
group: root group: root
mode: 0444 mode: 0444
notify: Restart fail2ban notify: Restart fail2ban

View file

@ -1,3 +1,4 @@
---
- name: "Setup systemd service" - name: "Setup systemd service"
template: template:
src: gitea.service.j2 src: gitea.service.j2
@ -8,3 +9,7 @@
notify: notify:
- "Reload systemd" - "Reload systemd"
- "Restart gitea" - "Restart gitea"
- name: "Reload systemd"
systemd:
daemon_reload: true

View file

@ -1,12 +1,12 @@
# TODO: variabilize this ---
- name: "Download the binary" - name: "Download the binary"
get_url: get_url:
url: "https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}" url: "{{ gitea_dl_url }}/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-{{ gitea_arch }}"
dest: /usr/local/bin/gitea dest: /usr/local/bin/gitea
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
force: yes force: true
notify: "Restart gitea" notify: "Restart gitea"
- include: create_user.yml - include: create_user.yml
@ -24,7 +24,6 @@
- "{{ gitea_home }}/custom/https" - "{{ gitea_home }}/custom/https"
- "{{ gitea_home }}/custom/mailer" - "{{ gitea_home }}/custom/mailer"
# TODO: Support other systems than systemd
- include: install_systemd.yml - include: install_systemd.yml
when: ansible_service_mgr == "systemd" when: ansible_service_mgr == "systemd"
@ -41,6 +40,7 @@
name: gitea name: gitea
state: started state: started
enabled: true enabled: true
when: ansible_service_mgr == "systemd"
- include: fail2ban.yml - include: fail2ban.yml
when: gitea_fail2ban_enabled when: gitea_fail2ban_enabled

3
vars/main.yml Normal file
View file

@ -0,0 +1,3 @@
---
gitea_arch: "{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}"
gitea_dl_url: "https://github.com/go-gitea/gitea/releases/download"