init

2021-10-05 21:34:34 +02:00 · 2021-10-05 21:34:34 +02:00 · 2136ddd16b
commit 2136ddd16b
11 changed files with 289 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,189 @@
+---
+kind: pipeline
+type: kubernetes
+name: prepare_workspace
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+
+  - name:  prepare_workspace
+    image: alpine
+    commands:
+      - mkdir -p /drone/src/tests/verify
+      - mv defaults /drone/src/tests/verify/
+      - mv files /drone/src/tests/verify/
+      - mv handlers /drone/src/tests/verify/
+      - mv meta /drone/src/tests/verify/
+      - mv tasks /drone/src/tests/verify/
+      - mv vars /drone/src/tests/verify/
+    when:
+      event:
+      - push
+      - pull_request
+
+---
+kind: pipeline
+type: kubernetes
+name: test-debian
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+
+  - name:  prepare_workspace
+    image: alpine
+    commands:
+      - mkdir -p /drone/src/tests/verify
+      - mv defaults /drone/src/tests/verify/
+      - mv files /drone/src/tests/verify/
+      - mv handlers /drone/src/tests/verify/
+      - mv meta /drone/src/tests/verify/
+      - mv tasks /drone/src/tests/verify/
+      - mv vars /drone/src/tests/verify/
+    when:
+      event:
+      - push
+      - pull_request
+
+  - name: test-debian7
+    image: lerentis/ansible:debian-7
+    commands:
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+  - name: test-ubuntu16
+    image: lerentis/ansible:ubuntu-16.04
+    commands:
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+  - name: test-ubuntu18
+    image: lerentis/ansible:ubuntu-18.04
+    commands:
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+  - name: test-ubuntu20
+    image: lerentis/ansible:ubuntu-20.04
+    commands:
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+depends_on:
+- prepare_workspace
+
+---
+kind: pipeline
+type: kubernetes
+name: test-arch
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+
+  - name:  prepare_workspace
+    image: alpine
+    commands:
+      - mkdir -p /drone/src/tests/verify
+      - mv defaults /drone/src/tests/verify/
+      - mv files /drone/src/tests/verify/
+      - mv handlers /drone/src/tests/verify/
+      - mv meta /drone/src/tests/verify/
+      - mv tasks /drone/src/tests/verify/
+      - mv vars /drone/src/tests/verify/
+    when:
+      event:
+      - push
+      - pull_request
+
+  - name: test-arch
+    image: lerentis/ansible:arch
+    commands:
+      - pacman -Sy python2 glibc --noconfirm
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+depends_on:
+- prepare_workspace
+
+---
+kind: pipeline
+type: kubernetes
+name: test-centos
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+
+  - name:  prepare_workspace
+    image: alpine
+    commands:
+      - mkdir -p /drone/src/tests/verify
+      - mv defaults /drone/src/tests/verify/
+      - mv files /drone/src/tests/verify/
+      - mv handlers /drone/src/tests/verify/
+      - mv meta /drone/src/tests/verify/
+      - mv tasks /drone/src/tests/verify/
+      - mv vars /drone/src/tests/verify/
+    when:
+      event:
+      - push
+      - pull_request
+
+  - name: test-centos7
+    image: lerentis/ansible:centos-7
+    commands:
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml --syntax-check
+      - ansible-playbook -i tests/inventory tests/test-playbook.yml -e "ci_run=yes" --skip-tags "daemon"
+    depends_on:
+      - "prepare_workspace"
+
+depends_on:
+- prepare_workspace
+
+---
+kind: pipeline
+type: kubernetes
+name: notify
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+
+  - name: notify
+    image: appleboy/drone-telegram
+    settings:
+      message: "Commit {{ commit.link }} ran with build {{ build.number }} and finished with status {{ build.status }}."
+      to: 14852963
+      token: 335668211:AAF-YgId7iI6ANBuZVy4uVOYYqA4R4uAaqY
+    when:
+      status:
+      - failure
+      - success
+
+depends_on:
+- prepare_workspace
+- test-debian
+- test-arch
+- test-centos
--- a/README.md
+++ b/README.md
@ -0,0 +1,18 @@
+Verify
+=========
+
+This role will only be used to verify some assumptions and drifts on a host.
+
+Example Playbook
+----------------
+
+```yaml
+    - hosts: servers
+      roles:
+         - { role: verify }
+```
+
+License
+-------
+
+MIT
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,2 @@
+---
+# defaults file for verify
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,2 @@
+---
+# handlers file for verify
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,20 @@
+galaxy_info:
+  author: Tobias Trabelsi
+  description: verify some assumptions and drifts on a host
+
+  license: MIT
+
+  min_ansible_version: 2.9
+
+  platforms:
+  - name: CentOS
+    versions:
+      - 7
+      - 9
+  - name: Debian
+    versions:
+      - 10
+  - name: Ubuntu
+    version:
+      - 18.04
+      - 20.04
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,15 @@
+---
+# tasks file for verify
+
+- name: Gather facts on listening ports
+  become: yes
+  community.general.listen_ports_facts:
+
+- name: TCP denylist violation
+  ansible.builtin.debug:
+    msg: TCP port {{ item.port }} by pid {{ item.pid }} violates the denylist
+  vars:
+    tcp_listen_violations: "{{ ansible_facts.tcp_listen | selectattr('port', 'in', tcp_denylist) | list }}"
+    tcp_denylist:
+      - 111
+  loop: "{{ tcp_listen_violations }}"
--- a/tests/Vagrantfile
+++ b/tests/Vagrantfile
@ -0,0 +1,21 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  boxes = [
+    { :name => "ubuntu-hello-world-box", :box => "ubuntu/xenial64" },
+    { :name => "debian-hello-world-box", :box => "debian/stretch64" },
+    { :name => "centos-hello-world-box", :box => "geerlingguy/centos8" }
+  ]
+  boxes.each do |opts|
+    config.vm.define opts[:name] do |config|
+      config.vm.box = opts[:box]
+      if opts[:name] == boxes.last[:name]
+        config.vm.provision "ansible" do |ansible|
+          ansible.playbook = "test-playbook.yml"
+          ansible.limit = "all"
+        end
+      end
+    end
+  end
+end
--- a/tests/inventory
+++ b/tests/inventory
@ -0,0 +1,8 @@
+[debian]
+localhost ansible_connection=local 
+
+[arch]
+localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python3
+
+[centos]
+localhost ansible_connection=local ansible_python_interpreter=/usr/bin/python2
--- a/tests/test-playbook.yml
+++ b/tests/test-playbook.yml
@ -0,0 +1,7 @@
+---
+
+- name: test playbook
+  hosts: all
+  gather_facts: True
+  roles:
+   - ../../.
--- a/tests/test.yml
+++ b/tests/test.yml
@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - verify
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1,2 @@
+---
+# vars file for verify