commit 2136ddd16bd41c7a93248c9e43be3a5f3f6341ef Author: Tobias Trabelsi Date: Tue Oct 5 21:34:34 2021 +0200 init diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..379349e --- /dev/null +++ b/.drone.yml @@ -0,0 +1,189 @@ +--- +kind: pipeline +type: kubernetes +name: prepare_workspace + +platform: + os: linux + arch: amd64 + +steps: + + - name: prepare_workspace + image: alpine + commands: + - mkdir -p /drone/src/tests/verify + - mv defaults /drone/src/tests/verify/ + - mv files /drone/src/tests/verify/ + - mv handlers /drone/src/tests/verify/ + - mv meta /drone/src/tests/verify/ + - mv tasks /drone/src/tests/verify/ + - mv vars /drone/src/tests/verify/ + when: + event: + - push + - pull_request + +--- +kind: pipeline +type: kubernetes +name: test-debian + +platform: + os: linux + arch: amd64 + +steps: + + - name: prepare_workspace + image: alpine + commands: + - mkdir -p /drone/src/tests/verify + - mv defaults /drone/src/tests/verify/ + - mv files /drone/src/tests/verify/ + - mv handlers /drone/src/tests/verify/ + - mv meta /drone/src/tests/verify/ + - mv tasks /drone/src/tests/verify/ + - mv vars /drone/src/tests/verify/ + when: + event: + - push + - pull_request + + - name: test-debian7 + image: lerentis/ansible:debian-7 + commands: + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + + - name: test-ubuntu16 + image: lerentis/ansible:ubuntu-16.04 + commands: + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + + - name: test-ubuntu18 + image: lerentis/ansible:ubuntu-18.04 + commands: + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + + - name: test-ubuntu20 + image: lerentis/ansible:ubuntu-20.04 + commands: + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + +depends_on: +- prepare_workspace + +--- +kind: pipeline +type: kubernetes +name: test-arch + +platform: + os: linux + arch: amd64 + +steps: + + - name: prepare_workspace + image: alpine + commands: + - mkdir -p /drone/src/tests/verify + - mv defaults /drone/src/tests/verify/ + - mv files /drone/src/tests/verify/ + - mv handlers /drone/src/tests/verify/ + - mv meta /drone/src/tests/verify/ + - mv tasks /drone/src/tests/verify/ + - mv vars /drone/src/tests/verify/ + when: + event: + - push + - pull_request + + - name: test-arch + image: lerentis/ansible:arch + commands: + - pacman -Sy python2 glibc --noconfirm + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + +depends_on: +- prepare_workspace + +--- +kind: pipeline +type: kubernetes +name: test-centos + +platform: + os: linux + arch: amd64 + +steps: + + - name: prepare_workspace + image: alpine + commands: + - mkdir -p /drone/src/tests/verify + - mv defaults /drone/src/tests/verify/ + - mv files /drone/src/tests/verify/ + - mv handlers /drone/src/tests/verify/ + - mv meta /drone/src/tests/verify/ + - mv tasks /drone/src/tests/verify/ + - mv vars /drone/src/tests/verify/ + when: + event: + - push + - pull_request + + - name: test-centos7 + image: lerentis/ansible:centos-7 + commands: + - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check + - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon" + depends_on: + - "prepare_workspace" + +depends_on: +- prepare_workspace + +--- +kind: pipeline +type: kubernetes +name: notify + +platform: + os: linux + arch: amd64 + +steps: + + - name: notify + image: appleboy/drone-telegram + settings: + message: "Commit {{ commit.link }} ran with build {{ build.number }} and finished with status {{ build.status }}." + to: 14852963 + token: 335668211:AAF-YgId7iI6ANBuZVy4uVOYYqA4R4uAaqY + when: + status: + - failure + - success + +depends_on: +- prepare_workspace +- test-debian +- test-arch +- test-centos \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..4547b35 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +Verify +========= + +This role will only be used to verify some assumptions and drifts on a host. + +Example Playbook +---------------- + +```yaml + - hosts: servers + roles: + - { role: verify } +``` + +License +------- + +MIT diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..fe799dc --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for verify \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..3fcecd1 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for verify \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..81af844 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Tobias Trabelsi + description: verify some assumptions and drifts on a host + + license: MIT + + min_ansible_version: 2.9 + + platforms: + - name: CentOS + versions: + - 7 + - 9 + - name: Debian + versions: + - 10 + - name: Ubuntu + version: + - 18.04 + - 20.04 \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c1791d9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# tasks file for verify + +- name: Gather facts on listening ports + become: yes + community.general.listen_ports_facts: + +- name: TCP denylist violation + ansible.builtin.debug: + msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the denylist + vars: + tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_denylist) | list }}" + tcp_denylist: + - 111 + loop: "{{ tcp_listen_violations }}" diff --git a/tests/Vagrantfile b/tests/Vagrantfile new file mode 100644 index 0000000..fea3bf4 --- /dev/null +++ b/tests/Vagrantfile @@ -0,0 +1,21 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + boxes = [ + { :name => "ubuntu-hello-world-box", :box => "ubuntu/xenial64" }, + { :name => "debian-hello-world-box", :box => "debian/stretch64" }, + { :name => "centos-hello-world-box", :box => "geerlingguy/centos8" } + ] + boxes.each do |opts| + config.vm.define opts[:name] do |config| + config.vm.box = opts[:box] + if opts[:name] == boxes.last[:name] + config.vm.provision "ansible" do |ansible| + ansible.playbook = "test-playbook.yml" + ansible.limit = "all" + end + end + end + end +end \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..dd7f5ba --- /dev/null +++ b/tests/inventory @@ -0,0 +1,8 @@ +[debian] +localhost ansible_connection=local + +[arch] +localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3 + +[centos] +localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python2 \ No newline at end of file diff --git a/tests/test-playbook.yml b/tests/test-playbook.yml new file mode 100644 index 0000000..6cecd85 --- /dev/null +++ b/tests/test-playbook.yml @@ -0,0 +1,7 @@ +--- + +- name: test playbook + hosts: all + gather_facts: True + roles: + - ../../. diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..a397ef9 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - verify \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..2784c98 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for verify \ No newline at end of file