cybercinch/ansible-role-common
1
0
Fork 0
Code Issues Pull Requests Actions Releases 10 Activity

Compare commits

base: cybercinch:v1.1.2
Branches Tags
cybercinch:master cybercinch:2.0.0
cybercinch:v1.1.7 cybercinch:v1.1.6 cybercinch:v1.1.5 cybercinch:v1.1.4 cybercinch:v1.1.3 cybercinch:v1.1.2 cybercinch:v1.1.1 cybercinch:v1.1.0 cybercinch:v1.0.13 cybercinch:v1.0.12 cybercinch:v1.0.11 cybercinch:v1.0.10 cybercinch:v1.0.9 cybercinch:v1.0.8 cybercinch:some-rando-tag-8 cybercinch:some-rando-tag-7 cybercinch:some-rando-tag-6 cybercinch:some-rando-tag-5 cybercinch:some-rando-tag-4 cybercinch:some-rando-tag-3 cybercinch:some-test-tag-1 cybercinch:some-rando-tag cybercinch:v1.0.6-3 cybercinch:v1.0.6-2 cybercinch:v1.0.6-1 cybercinch:v1.0.6 cybercinch:v1.0.5 cybercinch:1.0.5 cybercinch:1.0.4
..
compare: cybercinch:2.0.0
Branches Tags
cybercinch:master cybercinch:2.0.0
cybercinch:v1.1.7 cybercinch:v1.1.6 cybercinch:v1.1.5 cybercinch:v1.1.4 cybercinch:v1.1.3 cybercinch:v1.1.2 cybercinch:v1.1.1 cybercinch:v1.1.0 cybercinch:v1.0.13 cybercinch:v1.0.12 cybercinch:v1.0.11 cybercinch:v1.0.10 cybercinch:v1.0.9 cybercinch:v1.0.8 cybercinch:some-rando-tag-8 cybercinch:some-rando-tag-7 cybercinch:some-rando-tag-6 cybercinch:some-rando-tag-5 cybercinch:some-rando-tag-4 cybercinch:some-rando-tag-3 cybercinch:some-test-tag-1 cybercinch:some-rando-tag cybercinch:v1.0.6-3 cybercinch:v1.0.6-2 cybercinch:v1.0.6-1 cybercinch:v1.0.6 cybercinch:v1.0.5 cybercinch:1.0.5 cybercinch:1.0.4

10 Commits
v1.1.2 ... 2.0.0

Author SHA1 Message Date
Aaron Guise
8ad513bac3 Added sda to expression 2021-10-01 10:33:46 +13:00
Aaron Guise
0c9984e00d Commented defaults, added boolean for set root pw 2021-10-01 10:32:01 +13:00
Aaron Guise
ac94545d69 prefixed admin_group 2021-10-01 10:11:51 +13:00
Aaron Guise
b0655ceae4 Reformat smaller terminal 2021-09-30 23:40:46 +13:00
Aaron Guise
67fe06e119 Another prefix bites the dust 2021-09-30 23:33:36 +13:00
Aaron Guise
d2158ba3fa Add prefix 2021-09-30 23:26:52 +13:00
Aaron Guise
1f3310fe96 Re-add timezone 2021-09-30 23:12:42 +13:00
Aaron Guise
dae99f3168 Add molecule scenario 2021-09-30 22:58:20 +13:00
Aaron Guise
b84bcaa7c7 Migrate to common_ prefixed vars 2021-09-30 22:57:47 +13:00
Aaron Guise
e42d3c8214 Updated defaults prefix with common_ 2021-09-30 22:55:46 +13:00
38 changed files with 249 additions and 772 deletions
Expand all files Collapse all files

8
.ansible-lint
View File

@@ -1,6 +1,2 @@
profile: basic
skip_list: # or 'skip_list' to silence them completely
- experimental # all rules tagged as experimental
- unnamed-task # All tasks should be named
- fqcn-builtins
skip_list:
- role-name

83
.github/workflows/ci.yml vendored
View File

@@ -1,83 +0,0 @@
name: CI
on:
push:
branches:
- "**"
tags:
- "!**"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.10'
#cache: 'pip' # caching pip dependencies
- name: Ensure requirements are installed
run: pip install -r requirements.txt
- name: Lint with ansible-lint
run: ansible-lint -c ".ansible-lint"
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
- name: Lint with yamllint
run: yamllint .
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
molecule:
name: Molecule Test
runs-on: ubuntu-latest
needs: lint
strategy:
fail-fast: true
matrix:
os: [almalinux8, almalinux9]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
#cache: 'pip' # caching pip dependencies
- name: Ensure requirements are installed
run: pip install -r requirements.txt
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.os }}
release:
runs-on: ubuntu-latest
needs:
- lint
- molecule
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: '1.22'
- name: Install gitea provider for Go Semantic Release
run: |
mkdir -p .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/ && \
wget https://github.com/cybercinch/go-semantic-release-provider-gitea/releases/download/v${GITEA_PROVIDER_VER}/go-semantic-release-provider-gitea_v${GITEA_PROVIDER_VER}_linux_amd64 \
-O .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea && \
chmod a+x .semrel/$(go env GOOS)_$(go env GOARCH)/provider-gitea/${GITEA_PROVIDER_VER}/gitea
env:
GITEA_PROVIDER_VER: 1.0.11
- run: |
echo "github repo: ${GITHUB_REPOSITORY}"
echo "env vars: $(env)"
- uses: go-semantic-release/action@v1
with:
custom-arguments: --provider=gitea
env:
GITEA_TOKEN: ${{ secrets.G_TOKEN }}
GITEA_HOST: ${{ secrets.G_SERVER_URL}}

3
.gitignore vendored
View File

@@ -5,14 +5,13 @@
*.idea
# Ignore any retry files from ansible
*.retry
*/.terraform
# Ignore roles
roles/*
!roles/.gitkeep
!files/authorized_keys/
files/authorized_keys/*
!files/authorized_keys/.gitkeep
env/
# Do not commit Vault password
.vault_password.txt

28
.woodpecker/cron.yml
View File

@@ -1,28 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ cron ]
steps:
test:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
when:
event: [ cron ]

43
.woodpecker/lint.yml
View File

@@ -1,43 +0,0 @@
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push, manual ]
steps:
ansible-lint:
group: test
name: "Lint: Ansible-lint"
image: guisea/ansible-molecule
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
commands:
- ansible-lint -c ".ansible-lint"
when:
event: [ push, manual ]
yamllint:
group: test
name: "Lint: Yamllint"
image: guisea/ansible-molecule
commands:
- yamllint -f colored .
when:
event: [ push, manual ]
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Lint failed for ${CI_REPO_NAME}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]

48
.woodpecker/release.yml
View File

@@ -1,48 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
- MOLECULE_DISTRO: almalinux9
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push ]
steps:
create-release:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
#secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
when:
event:
- push
- manual
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]
depends_on:
- lint

48
.woodpecker/test.yml
View File

@@ -1,48 +0,0 @@
matrix:
include:
- MOLECULE_DISTRO: centos7
- MOLECULE_DISTRO: almalinux8
- MOLECULE_DISTRO: almalinux9
clone:
git:
image: woodpeckerci/plugin-git
settings:
recursive: true
submodule_update_remote: true
when:
event: [ push, manual ]
steps:
test:
name: Test on ${MOLECULE_DISTRO}
image: guisea/ansible-molecule
pull: true
environment:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- molecule test --scenario-name ${MOLECULE_SCENARIO:-default}
#secrets: [ auth_duo_host, auth_duo_ikey, auth_duo_skey, auth_duo_mirror_url ]
when:
event:
- push
- manual
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Test failed for ${CI_REPO_NAME} - Distro: ${MOLECULE_DISTRO} Scenario: ${MOLECULE_SCENARIO:-default}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,warning,rotating_light,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ failure ]
depends_on:
- lint

16
.woodpecker/z.ntfy-cron.yml
View File

@@ -1,16 +0,0 @@
skip_clone: true
steps:
ntfy-success:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: Build succeeded on ${CI_REPO_NAME}
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
Test success when run by cron for ${CI_REPO_NAME}.
depends_on:
- "cron"
runs_on: [ success ]

20
.woodpecker/z.ntfy.yml
View File

@@ -1,20 +0,0 @@
skip_clone: true
steps:
ntfy:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: "Build completed for ${CI_REPO_NAME}"
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,tada,white_check_mark,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
📝 Commit by ${CI_COMMIT_AUTHOR} on ${CI_COMMIT_BRANCH}:
${CI_COMMIT_MESSAGE}
when:
event: [ push, manual ]
status: [ success ]
depends_on:
- lint
- test

16
.woodpecker/zz.ntfy-cron-failed.yml
View File

@@ -1,16 +0,0 @@
skip_clone: true
steps:
ntfy-failed:
image: codeberg.org/l-x/woodpecker-ntfy
settings:
url: https://ntfy.cybercinch.nz/ci-status
title: Build failed on ${CI_REPO_NAME}
priority: urgent
icon: https://woodpecker-ci.org/img/logo.svg
tags: robot,rotating_light,no_entry,${CI_BUILD_EVENT},${CI_REPO_NAME}
message: >
Test failed when run by cron for ${CI_REPO_NAME}.
depends_on:
- "cron"
runs_on: [ failure ]

6
.yamllint
View File

@@ -2,8 +2,6 @@
# Based on ansible-lint config
extends: default
ignore: |
.venv/
rules:
braces:
max-spaces-inside: 1
@@ -28,8 +26,8 @@ rules:
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: enable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: enable
trailing-spaces: disable
truthy: disable

42
Makefile
View File

@@ -1,42 +0,0 @@
.PHONY: clean virtualenv lint test docker dist dist-upload
clean:
find . -name '*.py[co]' -delete
virtualenv:
virtualenv --prompt '|> ansible-role-common <| ' .venv
.venv/bin/pip install --upgrade pip
.venv/bin/pip install -r requirements.txt
.venv/bin/ansible-galaxy collection install -r requirements.yml
@echo
@echo "VirtualENV Setup Complete. Now run: source .venv/bin/activate"
@echo
test:
for distro in almalinux9 ; do \
MOLECULE_DISTRO=$$distro molecule test --all ; \
done
lint:
@echo "Linting with Ansible-lint"
@echo
ansible-lint -c ".ansible-lint" --exclude ".venv"
@echo
@echo "Linting with Yamllint"
@echo
yamllint .
@echo
docker: clean
docker buildx build --platform 'linux/amd64,linux/arm64' --push \
-t hub.cybercinch.nz/cybercinch/imap_retention_manager:latest \
-t docker.io/cybercinch/imap_retention_manager:latest .
dist: clean
rm -rf dist/*
python setup.py sdist
python setup.py bdist_wheel
dist-upload:
twine upload dist/*

6
README.md
View File

@@ -1,9 +1,9 @@
# Common [![status-badge](https://ci.cybercinch.nz/api/badges/8/status.svg)](https://ci.cybercinch.nz/repos/8)
Role Name
=========
A brief description of the role goes here.
Requirements
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
@@ -23,11 +23,9 @@ Example Playbook
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```yaml
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
```
License
-------

58
defaults/main.yml
View File

@@ -1,20 +1,42 @@
---
# defaults file for guisea.common
domain: exampledomain.com
ad_domain_joined: no
win_timezone: New Zealand Standard Time
vendors_hosts: []
# defaults file for cybercinch.common
dns_servers:
# What is the domain name for this machine?
common_domain: exampledomain.com
# Timezone string for Windows nodes
common_win_tz: New Zealand Standard Time
# Timezone string for Linux nodes
common_tz: Pacific/Auckland
# Additional host entries to add to /etc/hosts if required
# e.g
# common_vendors_hosts:
# - ip: 192.168.1.3
# name: an.alias.hostname
# - ip: 192.168.1.4
# name: another.alias.hostname
common_vendors_hosts: []
# What DNS Servers should we use by default
common_dns_servers:
- 1.0.0.1
- 1.1.1.1
admin_group: admins
# The name of the security group for administrators
common_admin_group: admins
# Configuration of Grub boot timeout
common_grub_timeout: 5
postfix_configure: false
# Should we configure postfix?
common_postfix_configure: false
# This relayhost will be set if common_postfix_configure is true
common_postfix_relayhost: some.smtp.server
# Common packages to install in the case of Linux
common_packages:
- nano
- git
@@ -25,14 +47,22 @@ common_packages:
- yum-utils
- unzip
win_packages:
# Common packages to install in the case of Windows
common_win_packages:
- notepadplusplus.install
- firefoxesr
- baretail
- 7zip.install
common_apply_win_updates: false
apply_win_updates: false
# Does this node have ipv6? If so set to true to add ipv4 and ipv6 to Dynamic MOTD
common_show_ipv6: false
common_show_ipv6: false|bool
common_root_pwd: l3tm31nN0w
common_root_email: admin@somplace.co.nz
# Want to change the root password?
common_change_root_pwd: false
# The crypted password you wish to set for root password
# Only fires if common_change_root_pwd is true default = false
common_root_pwd: $6$5GG7U/EyDL$L/UkIlhoVABnvjtJl0zGwryjgRF9wNZ5wIAIAVfViROiMUK0tUsuZmO.x87tpDYUJA0QR5pCo4yd.2sLgSlHU0
# This email address is set as the forwarding address for root. Used for notifications.
common_root_email: anemail@someco.com

8
files/helpers/set_dhcp_ip.sh
View File

@@ -1,8 +0,0 @@
#!/bin/bash
# This script will reset the IP Address back to default of DHCP
# helpful for a pending restore
/bin/nmcli c m "System eth0" ipv4.method auto
/bin/nmcli c m "System eth0" ipv4.address "" ipv4.gateway ""
/bin/nmcli connection up "System eth0"

48
files/helpers/set_static_ip.sh
View File

@@ -1,48 +0,0 @@
#!/bin/bash
# get subnet
subnet=$(ip a | grep "inet " | tail -1 | awk '{print $2}')
# get router/gateway
router=$(ip route show | head -1 | awk '{print $3}')
# get size of network portion of address in bytes
sz=$(echo $subnet | awk -F / '{print $2}')
bytes=$(("$sz" / 8))
prefix=$(echo "$subnet" | cut -d. -f1-$bytes) # e.g., 192.168.0
# get IP address to be set
IP=$(hostname -I | awk '{print $1}') # current IP
echo -n "Keep IP address?—$IP [yn]> "
read -r ans
if [ "$ans" == "n" ]; then
echo -n "Enter new IP address: "
read -r IP
# check if specified IP is properly formatted
if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo Invalid IP
fi
# check if specified IP works for local network
if [[ ! $IP =~ ^$prefix ]]; then
echo "ERROR: Specified IP not usable for local network"
exit
fi
fi
# check if specified IP is properly formatted
if [[ ! $IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
echo Invalid IP
fi
# fetch the UUID
UUID=$(nmcli connection show | tail -1 | awk '{print $4}')
if [[ "$UUID" == "ethernet" ]]; then
# This is the other format of nmcli connection show
UUID=$(nmcli connection show | head -2 | tail -1 | awk '{print $3}')
fi
# run commands to set up the permanent IP address
nmcli connection modify "$UUID" IPv4.address "$IP"/"$sz"
nmcli connection modify "$UUID" IPv4.gateway "$router"
nmcli connection modify "$UUID" IPv4.method manual
nmcli connection up "$UUID"

20
handlers/main.yml
View File

@@ -1,33 +1,27 @@
---
# handlers file for guisea.common
- name: Restart Postfix
service:
service:
name: postfix
state: reloaded
- name: Restart SSH
service:
name: sshd
state: restarted
- name: Restart NTPD
service:
name: ntpd
state: restarted
- name: Reboot Windows
- name: reboot windows
win_reboot:
- name: Restart NetworkManager
- name: restart NetworkManager
service:
name: NetworkManager
state: restarted
- name: Check if grub.cfg exists
stat:
path: /boot/grub2/grub.cfg
register: grub_cfg
- name: Update GRUB
command: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
when: grub_cfg.stat.exists

46
meta/main.yml
View File

@@ -1,17 +1,45 @@
---
galaxy_info:
author: guisea <aaron@guise.net.nz>
role_name: common # if absent directory name hosting role is used instead
namespace: cybercinch # if absent, author is used instead
description: Commonplace system setup
company: CyberCinch
author: Aaron Guise
namespace: cybercinch
role_name: ansible_role_common
description:
license: MIT
min_ansible_version: "2.9"
min_ansible_version: 2.9
platforms:
- name: EL
versions:
- all
galaxy_tags: []
dependencies: []
- name: Windows
versions:
- all
- name: Amazon
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []

4
molecule/default/converge.yml
View File

@@ -2,6 +2,6 @@
- name: Converge
hosts: all
tasks:
- name: "Include common"
- name: "Include ansi-ansible-role-common"
include_role:
name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
name: "ansi-ansible-role-common"

20
molecule/default/molecule.yml
View File

@@ -4,21 +4,11 @@ dependency:
driver:
name: docker
platforms:
- name: molecule-${MOLECULE_DISTRO:-almalinux8}
image: "cybercinch/docker-${MOLECULE_DISTRO:-almalinux8}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
- name: instance
image: docker.io/pycontribs/centos:8
pre_build_image: true
privileged: true
provisioner:
name: ansible
env:
MOLECULE_NO_LOG: true
# verifier:
# name: ansible
# lint: |
# set -e
# yamllint .
# ansible-lint
verifier:
name: ansible

8
molecule/default/verify.yml
View File

@@ -5,6 +5,14 @@
hosts: all
gather_facts: false
tasks:
- name: Capture output of dynamic motd
command: /usr/local/bin/dynmotd
register: motd
changed_when: false
- debug:
msg: "{{ motd.stdout.split('\n') }}"
- name: Example assertion
assert:
that: true

6
requirements.txt
View File

@@ -1,6 +0,0 @@
ansible-core<2.17
ansible-compat<4
molecule[docker]<5.0.0
ansible-lint==6.16.2
yamllint==1.32.0
passlib==1.7.4

3
requirements.yml
View File

@@ -1,3 +0,0 @@
collections:
- ansible.windows
- community.general

64
tasks/RedHat.yml
View File

@@ -1,46 +1,31 @@
---
# tasks file for common role
- include_tasks: networking.yml
- include: networking.yml
- name: Ensure common packages (RHEL)
yum:
- name: Ensure common packages
yum:
name: "{{ common_packages }}"
state: present
enablerepo: epel
when: ansible_distribution != 'OracleLinux'
tags: packages
- name: Ensure common packages (OracleLinux)
- name: Ensure common packages
yum:
name: "{{ common_packages }}"
state: present
enablerepo: ol7_developer_EPEL
when: ansible_distribution == 'OracleLinux'
tags: packages
- name: Check if SELinux is installed
stat:
path: /etc/selinux/config
register: se
tags: security
# - name: SELinux Management
# block:
# - name: selinux | Ensure SELinux status
# selinux:
# state: disabled
# register: sestate
# - name: selinux | Message Output
# debug:
# msg: "SELinux {{ sestate.msg }}"
# when: sestate.changed
# when: se.stat.exists
# tags: security
- name: Create admin group
group:
name: "{{ admin_group }}"
state: present
group: name={{ common_admin_group }} state=present
- name: Configure yum limit
lineinfile:
@@ -51,22 +36,33 @@
- name: Ensure Helpers are present
copy:
src: helpers/
dest: /usr/local/bin/
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: u+rwx,g+rx,o+rx
with_items:
- src: helpers/reload_scsi_devices
dest: /usr/local/bin/reload_scsi_devices
- src: helpers/reload_scsi_hosts
dest: /usr/local/bin/reload_scsi_hosts
- name: Ensure Hostname is set
hostname:
name: "{{ inventory_hostname }}.{{ domain }}"
when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
hostname:
name: "{{ inventory_hostname }}.{{ common_domain }}"
when:
- ansible_virtualization_type != "docker"
- name: Change root password
user:
name: root
password: "{{ common_root_pwd | password_hash('sha512') }}"
user:
name: root
password: "{{ common_root_pwd }}"
changed_when: false
when: common_change_root_pwd
tags: rootpw
- include_tasks: grub.yml
- include_tasks: communication.yml
- include_tasks: motd.yml
- name: Set timezone
timezone:
name: "{{ common_tz }}"
- include: grub.yml
- include: communication.yml
- include: motd.yml

11
tasks/Windows.yml
View File

@@ -11,14 +11,14 @@
state: present
update_password: always
changed_when: false
- name: Ensure System Culture Set
win_region:
location: 183
format: en-NZ
unicode_language: en-NZ
copy_settings: true
- name: Ensure DNS is set
win_dns_client:
adapter_names: "*"
@@ -30,7 +30,7 @@
admin_password: "{{ vault_ad_password }}"
domain_name: "{{ authconfig_domain }}"
when: ad_domain_joined
notify: Reboot Windows
notify: reboot windows
- meta: flush_handlers
- name: Ensure Important dirs exist
@@ -40,7 +40,7 @@
with_items:
- 'C:\Temp'
- 'C:\Tools'
#- name: Ensure Profile Tool Present
# win_copy:
# src: Defprof.exe
@@ -53,7 +53,7 @@
- name: Apply Windows Updates
win_updates:
when: apply_windows_updates
notify: Reboot Windows
notify: reboot windows
- meta: flush_handlers
- name: Ensure default applications installed
@@ -61,3 +61,4 @@
name: "{{ item }}"
state: present
with_items: "{{ win_packages }}"

5
tasks/common.yml
View File

@@ -1,5 +0,0 @@
---
- include_tasks: networking.yml
- include_tasks: communication.yml
- include_tasks: grub.yml
- include_tasks: motd.yml

31
tasks/communication.yml
View File

@@ -1,44 +1,39 @@
---
- name: Postfix Configuration
when: postfix_configure
block:
- name: Postfix | Apply postfix configuration
- name: postfix | Apply postfix configuration
lineinfile:
dest: "{{ configurations.dest }}"
regexp: "{{ configurations.regexp }}"
line: "{{ configurations.line }}"
dest: "{{item.dest}}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
insertafter: EOF
notify: Restart Postfix
when: "'SMTP0' not in inventory_hostname"
with_items:
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?inet_protocols =",
line: "inet_protocols = ipv4",
line: "inet_protocols = ipv4"
}
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?inet_interfaces =",
line: "inet_interfaces = all",
line: "inet_interfaces = all"
}
- {
dest: /etc/postfix/main.cf,
- { dest: /etc/postfix/main.cf,
regexp: "^.?relayhost =",
line: "relayhost = {{ relayhost }}",
line: "relayhost = {{ common_postfix_relayhost }}"
}
- {
dest: /etc/postfix/main.cf,
regexp: "^.?smtp_randomize_addresses =",
line: "smtp_randomize_addresses = no",
line: "smtp_randomize_addresses = no"
}
loop_control:
loop_var: configurations
- name: Postfix | Ensure Postfix is Started/Enabled
- name: postfix | Ensure Postfix is Started/Enabled
service:
name: postfix
state: started
enabled: yes
when: common_postfix_configure
- name: Ensure root forwarding address is set
lineinfile:

8
tasks/grub.yml
View File

@@ -18,9 +18,7 @@
option: GRUB_TIMEOUT
value: "{{ common_grub_timeout }}"
no_extra_spaces: yes
when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version > '6'"
notify:
- Check if grub.cfg exists
- Update GRUB
when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'"
notify: Update GRUB
tags:
- grub
- grub

9
tasks/main.yml
View File

@@ -1,9 +1,2 @@
---
- name: Include tasks only if one of the files exist, otherwise skip the task
include_tasks: "{{ item }}"
vars:
params:
files:
- "{{ ansible_os_family }}.yml"
- "common.yml"
loop: "{{ q('first_found', params, errors='ignore') }}"
- include: "{{ ansible_os_family }}.yml"

2
tasks/motd.yml
View File

@@ -16,4 +16,4 @@
dest: /etc/profile.d/motd.sh
regexp: "^/usr/local/bin/dynmotd"
line: "/usr/local/bin/dynmotd"
create: yes
create: yes

93
tasks/networking.yml
View File

@@ -1,79 +1,54 @@
---
- name: What is virtualization type?
debug:
msg: "Virtualization is: {{ ansible_virtualization_type }}"
- name: Ensure Network Setup (RedHat only)
- name: Ensure resolvers set
template:
src: "{{ network_config.src }}"
dest: "{{ network_config.dest }}"
mode: "{{ network_config.mode }}"
backup: yes
with_items:
- {
src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,
a+r,
}
when: >
ansible_virtualization_type != "docker"
and ansible_virtualization_type != "container"
and ansible_os_family == "RedHat"
loop_control:
loop_var: network_config
src: etc.resolv.conf.j2
dest: /etc/resolv.conf
mode: u+rw,a+r
tags: dns
when:
- ansible_virtualization_type != "docker"
- name: Ensure Resolvers Configured
- name: Ensure DNS and SSH common config
template:
src: "{{ network_config.src }}"
dest: "{{ network_config.dest }}"
mode: "{{ network_config.mode }}"
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
with_items:
- { src: etc.resolv.conf.j2, dest: /etc/resolv.conf, mode: u+rw, a+r }
when: >
ansible_virtualization_type != "docker"
and ansible_virtualization_type != "container"
loop_control:
loop_var: network_config
- { src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,a+r
}
tags: dns
- name: Ensure hosts file correct
lineinfile:
dest: /etc/hosts
regexp: "{{ hosts_config.regexp }}"
line: "{{ hosts_config.line }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
backup: yes
with_items:
- {
regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}",
- {regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}",
- {regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
}
- {
regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}",
- {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}",
- {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {
regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}",
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ common_domain }} {{ inventory_hostname }}"
}
loop_control:
loop_var: hosts_config
when: ansible_virtualization_type != "docker" and ansible_virtualization_type != "container"
when:
- ansible_virtualization_type != "docker"
- name: Ensure NetworkManager does not fiddle DNS
ini_file:
@@ -84,18 +59,16 @@
backup: yes
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
notify:
- Restart NetworkManager
- restart NetworkManager
changed_when: false
- name: Ensure correct permissions (hosts/resolv.conf)
file:
path: "{{ perm_config }}"
path: "{{item}}"
state: touch
mode: u+rw,g+r,a+r
with_items:
- /etc/resolv.conf
- /etc/hosts
loop_control:
loop_var: perm_config
changed_when: false
tags: dns
tags: dns

115
templates/dynmotd
View File

@@ -15,42 +15,41 @@
# /usr/local/bin/dynmotd
#
if getent group "{{ admin_group }}" | grep -qw "$(whoami)"; then
USER=`/usr/bin/env whoami`
HOSTNAME=`/usr/bin/env uname -n | /usr/bin/env cut -d. -f1`
IP=`/usr/bin/env ip route get 1 | /usr/bin/env grep -Po '(?<=src.)[\w\d.]+'`
IP6=`/usr/bin/env ip -6 addr | /usr/bin/env awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
NUM_CPU=`cat /proc/cpuinfo | grep processor | wc -l`
#ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda' | awk '{print $4}' | tr -d '\n'`
#HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
#BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
FILESYSTEMS=`cat /etc/fstab | grep -v '#' | grep -v 'swap' | grep -v 'proc' | awk '{if(NF>0) {print $2}}'`
MEMORY=`/usr/bin/env free -m | /usr/bin/env grep "Mem" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
SWAP=`/usr/bin/env free -m | /usr/bin/env grep "Swap" | /usr/bin/env awk '{print $2,"-",$3,"-",$4}'`
PSA=`/usr/bin/env ps -Afl | /usr/bin/env wc -l`
USER=`/usr/bin/whoami`
HOSTNAME=`/usr/bin/uname -n | /usr/bin/cut -d. -f1`
IP=`/usr/sbin/ip route get 1 | grep -Po '(?<=src.)[\w\d.]+'`
IP6=`/sbin/ip -6 addr | awk -F '[ \t]+|/' '$3 == "::1" { next;} $3 ~ /^fe80::/ { next ; } /inet6/ {print $3} '`
NUM_CPU=`/usr/bin/lscpu | /usr/bin/grep "CPU(s):" | /usr/bin/head -n 1 | /usr/bin/awk '{print $2}'`
ROOT=`/usr/bin/df / -x fuse.gvfs-fuse-daemon -Ph | /usr/bin/egrep -i 'root|logvol|vda|sda' | awk '{print $4}' | tr -d '\n'`
HOME=`/usr/bin/df /home -x fuse.gvfs-fuse-daemon -Ph | grep home | awk '{print $4}' | tr -d '\n'`
BACKUP=`/usr/bin/df -x fuse.gvfs-fuse-daemon -Ph | grep backup | awk '{print $4}' | tr -d '\n'`
# time of day
HOUR=$(/usr/bin/env date +"%H")
if [ $HOUR -lt 12 -a $HOUR -ge 0 ]
then TIME="morning"
elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
then TIME="afternoon"
else
MEMORY=`/usr/bin/free -m | /usr/bin/grep "Mem" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
SWAP=`/usr/bin/free -m | /usr/bin/grep "Swap" | /usr/bin/awk '{print $2,"-",$3,"-",$4}'`
PSA=`/usr/bin/ps -Afl | wc -l`
# time of day
HOUR=$(/usr/bin/date +"%H")
if [ $HOUR -lt 12 -a $HOUR -ge 0 ]
then TIME="morning"
elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
then TIME="afternoon"
else
TIME="evening"
fi
fi
#System uptime
uptime=`/usr/bin/env cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System uptime
uptime=`/usr/bin/cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60))
upSecs=$((uptime%60))
#System load
LOADAVG=`/usr/bin/env cat /proc/loadavg`
LOAD1=`echo $LOADAVG | /usr/bin/env awk {'print $1'}`
LOAD5=`echo $LOADAVG | /usr/bin/env awk {'print $2'}`
LOAD15=`echo $LOADAVG | /usr/bin/env awk {'print $3'}`
#System load
LOADAVG=`/usr/bin/cat /proc/loadavg`
LOAD1=`echo $LOADAVG | /usr/bin/awk {'print $1'}`
LOAD5=`echo $LOADAVG | /usr/bin/awk {'print $2'}`
LOAD15=`echo $LOADAVG | /usr/bin/awk {'print $3'}`
echo ""
echo -e "\e[7m--- GOOD $TIME $USER ----\e[0m"
@@ -62,42 +61,24 @@ COLOR_COLUMN="\e[1m-"
COLOR_VALUE="\e[31m"
RESET_COLORS="\e[0m"
echo -e "
===========================================================================
$COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
==========================================================================
$COLOR_COLUMN- Hostname$RESET_COLORS............: $COLOR_VALUE $HOSTNAME $RESET_COLORS
{% if common_show_ipv6 == true %}
$COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v4)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
$COLOR_COLUMN- IP Address (Main v6)$RESET_COLORS: $COLOR_VALUE $IP6 $RESET_COLORS
{% else %} $COLOR_COLUMN- IP Address (Default)$RESET_COLORS: $COLOR_VALUE $IP $RESET_COLORS
{% endif %}
{% if ansible_distribution == "Alpine" %}
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE Alpine `/usr/bin/env cat /etc/os-release` $RESET_COLORS
{% else %}
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `/usr/bin/env cat /etc/os-release | /usr/bin/env grep PRETTY_NAME | /usr/bin/env cut -d '"' -f 2` $RESET_COLORS
{% endif %}
{% if ansible_distribution != "Alpine" %}
$COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
{% endif %}
=========================================================================== $RESET_COLORS
$COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
$COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
$COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
$COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
$COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
$COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
$COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
{% if ansible_virtualization_type != "lxc" %}
$COLOR_COLUMN- Disk space$RESET_COLORS..........: "
for FS in ${FILESYSTEMS}; do
echo -e " $COLOR_COLUMN- ..........$RESET_COLORS..........: $COLOR_VALUE `df -H ${FS} | grep -v 'Filesystem' | grep -v '^[[:space:]]*$' | awk '{print $6 \" \" $4}'` remaining $RESET_COLORS"
done
{% endif %}
echo -e "
===========================================================================
$COLOR_COLUMN- Release$RESET_COLORS.............: $COLOR_VALUE `cat {{ ansible_distribution_file_path }}` $RESET_COLORS
$COLOR_COLUMN- Users$RESET_COLORS...............: $COLOR_VALUE Currently `users | wc -w` user(s) logged on $RESET_COLORS
========================================================================== $RESET_COLORS
$COLOR_COLUMN- Current user$RESET_COLORS........: $COLOR_VALUE $USER $RESET_COLORS
$COLOR_COLUMN- Number of CPU$RESET_COLORS.......: $COLOR_VALUE $NUM_CPU $RESET_COLORS
$COLOR_COLUMN- CPU usage$RESET_COLORS...........: $COLOR_VALUE $LOAD1 - $LOAD5 - $LOAD15 (1-5-15 min) $RESET_COLORS
$COLOR_COLUMN- Memory used$RESET_COLORS.........: $COLOR_VALUE $MEMORY (total-used-free) $RESET_COLORS
$COLOR_COLUMN- Swap in use$RESET_COLORS.........: $COLOR_VALUE $SWAP (total-used-free) MB $RESET_COLORS
$COLOR_COLUMN- Processes$RESET_COLORS...........: $COLOR_VALUE $PSA running $RESET_COLORS
$COLOR_COLUMN- System uptime$RESET_COLORS.......: $COLOR_VALUE $upDays days $upHours hours $upMins minutes $upSecs seconds $RESET_COLORS
$COLOR_COLUMN- Disk space$RESET_COLORS..........: $COLOR_VALUE $ROOT remaining $RESET_COLORS
==========================================================================
`/usr/bin/cat /etc/motd`
"
if [ -f /etc/motd ]; then
/usr/bin/env cat /etc/motd
fi
else
# Just exit :)
exit 0
fi;

2
templates/etc.hosts.j2
View File

@@ -4,7 +4,7 @@
127.0.0.1 localhost {{ ansible_hostname }}
::1 localhost {{ ansible_hostname }}
{{ ansible_default_ipv4.address }} {{ ansible_hostname }}.{{ domain }} {{ ansible_hostname }}
{{ ansible_default_ipv4.address }} {{ ansible_hostname }}.{{ common_domain }} {{ ansible_hostname }}
{# note: below block takes a list of ip -> name mappings
applying them to the hosts file should the variable be

4
templates/etc.resolv.conf.j2
View File

@@ -2,9 +2,9 @@
## DO NOT edit manually as changes will be overwritten ##
# Search Domain
search {{ domain }}
search {{ common_domain }}
# Use servers configured via Ansible
{% for server in dns_servers %}
{% for server in common_dns_servers %}
nameserver {{ server }}
{% endfor %}

2
templates/etc.sysconfig.network.j2
View File

@@ -2,4 +2,4 @@
## DO NOT edit manually as changes will be overwritten ##
NETWORKING=yes
HOSTNAME={{ inventory_hostname }}.{{ domain }}
HOSTNAME={{ inventory_hostname }}.{{ common_domain }}

22
terraform/.terraform.lock.hcl generated
View File

@@ -1,22 +0,0 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/linode/linode" {
version = "1.16.0"
constraints = "1.16.0"
hashes = [
"h1:JpBtHnebAi6yr/aDdlk8EybaEiEY+VPtFP3o0QoMTng=",
"zh:03c867440797b82012cd5d97f58fef5885dc0248683227299a39af836df222db",
"zh:0486be7f72d6ea73d10140e23be8c1d2772b2d8be28c7bb39c73be83601405cf",
"zh:181929d6880cac6500f4af1f3799385c47ccd69872cacf1042a3a48e445b2b02",
"zh:18b7f6cc1ddf86e28322638607e1f84c1e9d56824c26903e22d4d12352f20b6e",
"zh:4e65e7f9e17c334ff7047fc2dd8fc479c2509cba66834d89e2033a45e9275fe3",
"zh:6077eda3fdf77a5158d9dc1a0c38492e23f7d679b1ac96382ba92ebe92e19266",
"zh:642e7c96867c519176d84228a7f9104352212ae3c999b409eee1076b7ed90a96",
"zh:6451f5117125fad9884214fe2f2635a2bed95912e64cf1c66a57c38558dfe907",
"zh:83b957b30da19586393b9aea2cc93524a7d4c43dd07d11129a11d29c2b4bfb21",
"zh:852954fe6cfe5278bd7c3d1079a9832bbf8c58436486489ed85154c0a0600633",
"zh:a2385c51147a3c40707f7bfceb673c077e1054e8af6fb4c808cef56f995b8193",
"zh:d21cd5cb5a635d18547430fe6cdfe3c6898541f9f3adc110edbf8d6e0439390d",
]
}

58
terraform/drone-runners.tf
View File

@@ -1,58 +0,0 @@
variable "drone_instances" {
description = "How many runner instances should there be?"
default = 3
}
variable "root_pass" {
description = "Root password to set on the node"
}
variable "linode_api_token" {
description = "Linode API Token"
}
variable "ssh_pubkey" {
description = "SSH key to be allowed access by default"
}
terraform {
required_providers {
linode = {
source = "linode/linode"
version = "1.16.0"
}
}
backend "local" {
path = "/data/runner.tfstate"
}
}
provider "linode" {
token = var.linode_api_token
}
resource "linode_instance" "terraform-drone" {
connection {
type = "ssh"
user = "root"
password = var.root_pass
host = self.ip_address
}
count = var.drone_instances
image = "private/15818922"
label = "drone-runner-${count.index + 1}"
group = "docker"
tags = ["tag_Testing","docker"]
region = "ap-southeast"
type = "g6-standard-2"
authorized_keys = [ var.ssh_pubkey ]
root_pass = var.root_pass
provisioner "remote-exec" {
inline = [
"yum upgrade -y && systemctl restart docker",
"docker rm -f runner",
"docker run --detach --volume=/var/run/docker.sock:/var/run/docker.sock --env=DRONE_RPC_PROTO=https --env=DRONE_RPC_HOST=drone.guise.net.nz --env=DRONE_RPC_SECRET=super-duper-secret --env=DRONE_RUNNER_CAPACITY=2 --env=DRONE_RUNNER_NAME=drone-runner-${count.index + 1} --env=DRONE_RUNNER_LABELS='linodrone:true' --env=--publish=3000:3000 --restart=always --name=runner drone/drone-runner-docker:1"
]
}
}

7
test.sh
View File

@@ -1,7 +0,0 @@
#!/bin/bash
if getent group "wheel" | grep -qw "$(whoami)"; then
echo true
else
echo false
fi;