This commit is contained in:
Tobias Trabelsi 2021-10-05 21:34:34 +02:00
commit 2136ddd16b
Signed by: lerentis
GPG Key ID: FF0C2839718CAF2E
11 changed files with 289 additions and 0 deletions

189
.drone.yml Normal file
View File

@ -0,0 +1,189 @@
---
kind: pipeline
type: kubernetes
name: prepare_workspace
platform:
os: linux
arch: amd64
steps:
- name: prepare_workspace
image: alpine
commands:
- mkdir -p /drone/src/tests/verify
- mv defaults /drone/src/tests/verify/
- mv files /drone/src/tests/verify/
- mv handlers /drone/src/tests/verify/
- mv meta /drone/src/tests/verify/
- mv tasks /drone/src/tests/verify/
- mv vars /drone/src/tests/verify/
when:
event:
- push
- pull_request
---
kind: pipeline
type: kubernetes
name: test-debian
platform:
os: linux
arch: amd64
steps:
- name: prepare_workspace
image: alpine
commands:
- mkdir -p /drone/src/tests/verify
- mv defaults /drone/src/tests/verify/
- mv files /drone/src/tests/verify/
- mv handlers /drone/src/tests/verify/
- mv meta /drone/src/tests/verify/
- mv tasks /drone/src/tests/verify/
- mv vars /drone/src/tests/verify/
when:
event:
- push
- pull_request
- name: test-debian7
image: lerentis/ansible:debian-7
commands:
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
- name: test-ubuntu16
image: lerentis/ansible:ubuntu-16.04
commands:
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
- name: test-ubuntu18
image: lerentis/ansible:ubuntu-18.04
commands:
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
- name: test-ubuntu20
image: lerentis/ansible:ubuntu-20.04
commands:
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
depends_on:
- prepare_workspace
---
kind: pipeline
type: kubernetes
name: test-arch
platform:
os: linux
arch: amd64
steps:
- name: prepare_workspace
image: alpine
commands:
- mkdir -p /drone/src/tests/verify
- mv defaults /drone/src/tests/verify/
- mv files /drone/src/tests/verify/
- mv handlers /drone/src/tests/verify/
- mv meta /drone/src/tests/verify/
- mv tasks /drone/src/tests/verify/
- mv vars /drone/src/tests/verify/
when:
event:
- push
- pull_request
- name: test-arch
image: lerentis/ansible:arch
commands:
- pacman -Sy python2 glibc --noconfirm
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
depends_on:
- prepare_workspace
---
kind: pipeline
type: kubernetes
name: test-centos
platform:
os: linux
arch: amd64
steps:
- name: prepare_workspace
image: alpine
commands:
- mkdir -p /drone/src/tests/verify
- mv defaults /drone/src/tests/verify/
- mv files /drone/src/tests/verify/
- mv handlers /drone/src/tests/verify/
- mv meta /drone/src/tests/verify/
- mv tasks /drone/src/tests/verify/
- mv vars /drone/src/tests/verify/
when:
event:
- push
- pull_request
- name: test-centos7
image: lerentis/ansible:centos-7
commands:
- ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
- ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
depends_on:
- "prepare_workspace"
depends_on:
- prepare_workspace
---
kind: pipeline
type: kubernetes
name: notify
platform:
os: linux
arch: amd64
steps:
- name: notify
image: appleboy/drone-telegram
settings:
message: "Commit {{ commit.link }} ran with build {{ build.number }} and finished with status {{ build.status }}."
to: 14852963
token: 335668211:AAF-YgId7iI6ANBuZVy4uVOYYqA4R4uAaqY
when:
status:
- failure
- success
depends_on:
- prepare_workspace
- test-debian
- test-arch
- test-centos

18
README.md Normal file
View File

@ -0,0 +1,18 @@
Verify
=========
This role will only be used to verify some assumptions and drifts on a host.
Example Playbook
----------------
```yaml
- hosts: servers
roles:
- { role: verify }
```
License
-------
MIT

2
defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# defaults file for verify

2
handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for verify

20
meta/main.yml Normal file
View File

@ -0,0 +1,20 @@
galaxy_info:
author: Tobias Trabelsi
description: verify some assumptions and drifts on a host
license: MIT
min_ansible_version: 2.9
platforms:
- name: CentOS
versions:
- 7
- 9
- name: Debian
versions:
- 10
- name: Ubuntu
version:
- 18.04
- 20.04

15
tasks/main.yml Normal file
View File

@ -0,0 +1,15 @@
---
# tasks file for verify
- name: Gather facts on listening ports
become: yes
community.general.listen_ports_facts:
- name: TCP denylist violation
ansible.builtin.debug:
msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the denylist
vars:
tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_denylist) | list }}"
tcp_denylist:
- 111
loop: "{{ tcp_listen_violations }}"

21
tests/Vagrantfile vendored Normal file
View File

@ -0,0 +1,21 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
boxes = [
{ :name => "ubuntu-hello-world-box", :box => "ubuntu/xenial64" },
{ :name => "debian-hello-world-box", :box => "debian/stretch64" },
{ :name => "centos-hello-world-box", :box => "geerlingguy/centos8" }
]
boxes.each do |opts|
config.vm.define opts[:name] do |config|
config.vm.box = opts[:box]
if opts[:name] == boxes.last[:name]
config.vm.provision "ansible" do |ansible|
ansible.playbook = "test-playbook.yml"
ansible.limit = "all"
end
end
end
end
end

8
tests/inventory Normal file
View File

@ -0,0 +1,8 @@
[debian]
localhost ansible_connection=local
[arch]
localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
[centos]
localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python2

7
tests/test-playbook.yml Normal file
View File

@ -0,0 +1,7 @@
---
- name: test playbook
hosts: all
gather_facts: True
roles:
- ../../.

5
tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- verify

2
vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for verify