POC: Add ensure-managed role

This role should prepare any host from being managed by Ansible. * makes no assumptions about how the system is configure. This role should succees on pure clean OS image or containers. * should run very quickly on already prepared images * we can use it as a dependency from roles that do have assumptions Change-Id: I4b8add0317dbdbbbfe4d9a8adea0c4f7c764beb4
2019-08-05 14:41:58 +01:00 · 2019-08-05 14:41:58 +01:00 · 9a5644dfb8
parent 4a1ecf50a5
commit 9a5644dfb8
12 changed files with 189 additions and 0 deletions
--- a/roles/ensure-managed/.yamllint
+++ b/roles/ensure-managed/.yamllint
@ -0,0 +1,4 @@
+---
+rules:
+  # ansible-lint takes care of that:
+  line-length: disable
--- a/roles/ensure-managed/README.rst
+++ b/roles/ensure-managed/README.rst
@ -0,0 +1,16 @@
+ensure-managed
+==============
+
+Ensure that the host can be managed by Ansible and that has the basic libraries
+needed by ansible, like:
+
+* libselinux (jinja2 templating)
+
+By default the module will not install all possible extensions needed by less
+mainstream Ansible modules.
+
+Keep in mind that this role does not install Ansible itself, its purpose is to
+only make the host managable by Ansible.
+
+.. note:: This role is only available for Debian and RedHat based platforms
+          currently.
--- a/roles/ensure-managed/meta/main.yml
+++ b/roles/ensure-managed/meta/main.yml
@ -0,0 +1,33 @@
+---
+galaxy_info:
+  author: Sorin Sbarnea
+  description: Ensure host can be managed by Ansible
+  company: OpenStack
+
+  license: BSD
+
+  min_ansible_version: 2.6
+
+  platforms:
+  - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+  # List tags for your role here, one per line. A tag is a keyword that describes
+  # and categorizes the role. Users find roles by searching for tags. Be sure to
+  # remove the '[]' above, if you add tags to this list.
+  #
+  # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+  #       Maximum 20 tags per role.
+
+dependencies: []
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
--- a/roles/ensure-managed/molecule/default/Dockerfile.j2
+++ b/roles/ensure-managed/molecule/default/Dockerfile.j2
@ -0,0 +1,15 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
--- a/roles/ensure-managed/molecule/default/INSTALL.rst
+++ b/roles/ensure-managed/molecule/default/INSTALL.rst
@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'
--- a/roles/ensure-managed/molecule/default/molecule.yml
+++ b/roles/ensure-managed/molecule/default/molecule.yml
@ -0,0 +1,20 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: centos7
+    image: centos:7
+  - name: fedora
+    image: fedora:latest
+  - name: debian
+    image: debian:latest
+  - name: ubuntu
+    image: ubuntu:latest
+provisioner:
+  name: ansible
+  lint:
+    enabled: false
--- a/roles/ensure-managed/molecule/default/playbook.yml
+++ b/roles/ensure-managed/molecule/default/playbook.yml
@ -0,0 +1,28 @@
+---
+- name: Converge
+  hosts: all
+  # keep gather facts disabled because it this stage we are unlikely to be
+  # able to gather them.
+  gather_facts: false
+  tasks:
+    - name: include ensure-manager role
+      include_role:
+        name: ensure-managed
+
+- name: Validations
+  # now gather must succeed
+  gather_facts: true
+  hosts: all
+  tasks:
+
+    - name: check if templating works (needs selinux)
+      copy:
+        content: |
+            This host is managed by Ansible and has:
+
+            ansible_os_family: {{ ansible_os_family }}
+            ansible_distribution: {{ ansible_distribution }}
+        dest: ~/managed.txt
+
+    - name: sample shell command
+      shell: cat ~/managed.txt
--- a/roles/ensure-managed/tasks/main.yaml
+++ b/roles/ensure-managed/tasks/main.yaml
@ -0,0 +1,37 @@
+---
+- name: check if gather works
+  block:
+    - name: gather
+      when: ansible_os_family is not defined
+      setup:
+        gather_subset: os_family
+  rescue:
+    - name: boostrap python
+      raw: |
+        if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates iproute2 apt-utils && apt-get clean; \
+        elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash iproute && dnf clean all; \
+        elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+        elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+        elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+        elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi
+      register: result
+
+    - name: gather
+      when: ansible_os_family is not defined
+      setup:
+        gather_subset: os_family
+
+- name: Include OS specific variables
+  include_vars: "{{ item }}"
+  failed_when: false
+  loop:
+      - "family-{{ ansible_os_family | lower }}.yml"
+      - "family-{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
+      - "{{ ansible_distribution | lower }}.yml"
+      - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
+      - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[0:2] | join('-') | lower }}.yml"
+      - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version.split('.')[0:3] | join('-') | lower }}.yml"
+
+- name: Install system packages
+  package:
+    name: "{{ ensure_managed_system_packages | default([]) }}"
--- a/roles/ensure-managed/vars/family-debian.yaml
+++ b/roles/ensure-managed/vars/family-debian.yaml
@ -0,0 +1,4 @@
+---
+ensure_managed_system_packages:
+  - python
+  - python-apt
--- a/roles/ensure-managed/vars/family-redhat.yaml
+++ b/roles/ensure-managed/vars/family-redhat.yaml
@ -0,0 +1,3 @@
+---
+ensure_managed_system_packages:
+  - python3-libselinux
--- a/roles/ensure-managed/vars/main.yml
+++ b/roles/ensure-managed/vars/main.yml
@ -0,0 +1,2 @@
+---
+# vars file for foo
--- a/roles/ensure-managed/vars/redhat-7.yaml
+++ b/roles/ensure-managed/vars/redhat-7.yaml
@ -0,0 +1,5 @@
+---
+ensure_managed_system_packages:
+  - python
+  - libselinux-python
+