Skip to content
Snippets Groups Projects
Unverified Commit 07e28f46 authored by casper's avatar casper
Browse files

Add molecule and fix some linting issues

parent f217e75e
Branches molecule
No related tags found
No related merge requests found
Pipeline #30191 failed
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
...@@ -5,7 +5,4 @@ if [ -z `which ansible` ];then ...@@ -5,7 +5,4 @@ if [ -z `which ansible` ];then
sudo apt install ansible sudo apt install ansible
fi fi
ansible-galaxy install geerlingguy.docker ansible-galaxy -r roles.yml
ansible-galaxy install geerlingguy.pip
ansible-galaxy install dev-sec.os-hardening
ansible-galaxy install dev-sec.ssh-hardening
*******
Vagrant driver installation guide
*******
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule[vagrant]'
---
dependency:
name: galaxy
options:
role-file: roles.yml
driver:
name: vagrant
provider:
name: virtualbox
lint:
name: yamllint
platforms:
- name: signalboost
box: debian/buster64
provisioner:
name: ansible
lint:
name: ansible-lint
verifier:
name: goss
lint:
name: yamllint
---
# - import_playbook: provision.yml
- import_playbook: ../../playbooks/deploy.yml
# - import_playbook: harden.yml
---
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
become: true
changed_when: false
# Molecule managed
---
file:
/etc/hosts:
exists: true
owner: root
group: root
---
# This is an example playbook to execute goss tests.
# Tests need distributed to the appropriate ansible host/groups
# prior to execution by `goss validate`.
- name: Verify
hosts: all
become: true
vars:
goss_version: v0.3.7
goss_arch: amd64
goss_bin: /usr/local/bin/goss
goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059.
goss_test_directory: /tmp/molecule/goss
goss_format: documentation
tasks:
- name: Download and install Goss
get_url:
url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
dest: "{{ goss_bin }}"
sha256sum: "{{ goss_sha256sum }}"
mode: 0755
- name: Create Molecule directory for test files
file:
path: "{{ goss_test_directory }}"
state: directory
- name: Find Goss tests on localhost
find:
paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}"
patterns:
- "test[-.\\w]*.yml"
- "test_host_{{ ansible_hostname }}[-.\\w]*.yml"
excludes:
- "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml"
use_regex: true
delegate_to: localhost
register: test_files
changed_when: false
become: false
- name: debug
debug:
msg: "{{ test_files.files }}"
verbosity: 3
- name: Copy Goss tests to remote
copy:
src: "{{ item.path }}"
dest: "{{ goss_test_directory }}/{{ item.path | basename }}"
with_items:
- "{{ test_files.files }}"
- name: Register test files
shell: "ls {{ goss_test_directory }}/test_*.yml"
register: test_files
- name: Execute Goss tests
command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}"
register: test_results
with_items: "{{ test_files.stdout_lines }}"
failed_when: false
- name: Display details about the Goss results
debug:
msg: "{{ item.stdout_lines }}"
with_items: "{{ test_results.results }}"
- name: Fail when tests fail
fail:
msg: "Goss failed to validate"
when: item.rc != 0
with_items: "{{ test_results.results }}"
...@@ -117,10 +117,12 @@ ...@@ -117,10 +117,12 @@
###################### ######################
- name: Ping nextcloud instance until it is available - name: Ping nextcloud instance until it is available
shell: SIGNALBOOST_API_TOKEN="{{ api_token }}" SIGNALBOOST_HOST_URL="{{ host_url }}" ./bin/check-availability shell: 'SIGNALBOOST_API_TOKEN="{{ api_token }}" SIGNALBOOST_HOST_URL="{{ host_url }}" ./bin/check-availability'
args: args:
chdir: "{{ homedir }}" chdir: "{{ homedir }}"
register: health_check_output register: health_check_output
changed_when: false changed_when: false
failed_when: health_check_output.rc != 0 failed_when: health_check_output.rc != 0
tags: health_check tags:
- health_check
- skip_ansible_lint
...@@ -163,7 +163,10 @@ ...@@ -163,7 +163,10 @@
# firewall # firewall
- ufw: state=enabled policy=allow - name: enable firewall
ufw:
state: enabled
policy: allow
tags: ufw tags: ufw
- name: default (incoming) policy - name: default (incoming) policy
......
---
- geerlingguy.docker
- geerlingguy.pip
- dev-sec.os-hardening
- dev-sec.ssh-hardening
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment