diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..3f7f42d --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '602' diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..4580c79 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,24 @@ +# name: .editorconfig +# description: This file helps to configure your editor via editorconfig. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://editorconfig.org/ + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true + +[*.{yml,py,sh}] +charset = utf-8 + +[*.yml] +indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..2b50384 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,14 @@ +# name: .gitattributes +# description: This file facilitates gitattributes. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://git-scm.com/docs/gitattributes + +# Ignore some files for exports / releases +.editorconfig export-ignore +.gitattributes export-ignore +.gitignore export-ignore +.gitmessages export-ignore +/tests export-ignore +/molecule export-ignore \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..45a6b7d --- /dev/null +++ b/.gitignore @@ -0,0 +1,52 @@ +# name: .gitignore +# description: This file facilitates gitignore. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://git-scm.com/docs/gitignore + +# repo specific + +# compiled source +*.com +*.class +*.dll +*.exe +*.o +*.so + +# ansible retry files +*.retry + +# cache +**/__pycache__ + +# temporary files +*.swp +*.swo +*~ + +# packages +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# logs and databases +*.log +*.sql +*.sqlite + +# OS generated files +.DS_Store* +ehthumbs.db +Icon? +Thumbs.db + +# lock files +*.lock +package-lock.json \ No newline at end of file diff --git a/.gitmessage b/.gitmessage new file mode 100644 index 0000000..adf97f8 --- /dev/null +++ b/.gitmessage @@ -0,0 +1,65 @@ +# name: .gitmessage +# description: This file helps to write better commit messages. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# +# usage: git config commit.template .gitmessage +# +#<------------------------- 72 characters ----------------------------> +# +# Pattern: +# +# : +# +# +# +# - : +# - : +# - : +# +# Resolves: #, # +# See also: #, # +# +#<------------------------- 72 characters ----------------------------> +# +# Example: +# +# feat: Everything OK Button +# +# A long requested Everything OK Button, which will help us a lot! +# +# - add: everything_ok.py +# - remove: not_ok.js +# - update: README.md +# - update: metadata.json +# +# Resolves: #1234 +# See also: #4711, #666 +# +#<------------------------- 72 characters ----------------------------> +# +# Explanation: +# +# --> TAGS +# +# change tags: can be used for all changes +# - add a feature of file is added +# - remove a feature or file is removed +# - update a feature of file was updated +# +# title tags: only use them for the subject line +# - doc documentation +# - feat feature provided +# - fix bug fix, security fix +# - refactor most likely a re-write or re-code +# - style code style +# +# --> SUBJECT, DESCRIPTION +# +# What was done and why was it done? +# +# --> RESOLVES, SEE ALSO +# +# In most cases, it is mandatory to provide an issue number, which is +# addressed. \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5a17f15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,45 @@ +--- +# name: .travis.yml +# description: This file tells travis, what needs to be done. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://docs.travis-ci.com/user/customizing-the-build + +language: python +services: + # Provide the docker service. + - docker + +install: + # Install test dependencies. + - pip install ansible molecule[docker] + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - ln -s $PWD ../while_true_do.srv_cockpit + - cd ../while_true_do.srv_cockpit + +script: + # Do the tests. + - molecule test + +notifications: + email: + recipients: + - devel@while-true-do.io + on_success: change + on_failure: always + + irc: + channels: + - "chat.freenode.net#while-true-do" + on_success: change + on_failure: always + + webhooks: + urls: + - https://galaxy.ansible.com/api/v1/notifications/ + on_success: always + on_failure: always + on_pull_requests: false diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..19414cf --- /dev/null +++ b/LICENSE @@ -0,0 +1,29 @@ +BSD 3-Clause License + +Copyright (c) 2019, while-true-do.io +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..0ac7d74 --- /dev/null +++ b/README.md @@ -0,0 +1,273 @@ + + + +[![Github (tag)](https://img.shields.io/github/tag/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/tags) +[![Github (license)](https://img.shields.io/github/license/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/blob/master/LICENSE) +[![Github (issues)](https://img.shields.io/github/issues/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/issues) +[![Github (pull requests)](https://img.shields.io/github/issues-pr/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/pulls) + +[![Travis (com)](https://img.shields.io/travis/com/while-true-do/ansible-role-srv_cockpit.svg)](https://travis-ci.com/while-true-do/ansible-role-srv_cockpit) + +[![Ansible (min. version)](https://img.shields.io/badge/dynamic/yaml.svg?label=Min.%20Ansible%20Version&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=%24.galaxy_info.min_ansible_version&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) +[![Ansible (platforms)](https://img.shields.io/badge/dynamic/yaml.svg?label=Supported%20OS&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=galaxy_info.platforms%5B*%5D.name&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) +[![Ansible (tags)](https://img.shields.io/badge/dynamic/yaml.svg?label=Galaxy%20Tags&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=%24.galaxy_info.galaxy_tags%5B*%5D&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) + +# Ansible Role: srv_cockpit + +An Ansible role to install and configure Cockpit. + +## Motivation + +[Cockpit](https://cockpit-project.org/) ia a very interesting management tool +for Linux servers. It does provide an overview of different metrics and allows +management for several features. It does integrate with tools like +[docker](https://www.docker.com/), +[selinux](https://selinuxproject.org/page/Main_Page), kdump, +[podman](https://podman.io/) or [kvm](https://www.linux-kvm.org/page/Main_Page). + +## Description + +This role installs and configures several features and modules of cockpit. + +- cockpit system +- cockpit web +- integration with tools like kvm or selinux +- integration of performance co-pilot + +## Requirements + +There are no hard requirements. Nevertheless, since cockpit integrates with +lots of services, you should review some of these tools and optional roles. + +Optional Roles: + +- [while_true_do.rpo_epel](https://github.com/while-true-do/ansible-role-rpo_epel) +- [while_true_do.srv_docker](https://github.com/while-true-do/ansible-role-srv_docker) +- [while_true_do.srv_kvm](https://github.com/while-true-do/ansible-role-srv_kvm) +- [while_true_do.srv_pcp](https://github.com/while-true-do/ansible-role-srv_pcp) +- [while_true_do.sys_kdump](https://github.com/while-true-do/ansible-role-sys_kdump) +- [while_true_do.sys_selinux](https://github.com/while-true-do/ansible-role-sys_selinux) +- [while_true_do.sys_tuned](https://github.com/while-true-do/ansible-role-sys_tuned) + +Used Modules: + +- [Ansible Package Module](https://docs.ansible.com/ansible/latest/modules/package_module.html) +- [Ansible Service Module](https://docs.ansible.com/ansible/latest/modules/service_module.html) +- [Ansible Template Module](https://docs.ansible.com/ansible/latest/modules/template_module.html) +- [Ansible Firewalld Module](https://docs.ansible.com/ansible/latest/modules/firewalld_module.html) +- [Ansible Package_Facts Module](https://docs.ansible.com/ansible/latest/modules/package_facts_module.html) + +## Installation + +Install from [Ansible Galaxy](https://galaxy.ansible.com/while_true_do/srv_cockpit) +``` +ansible-galaxy install while_true_do.srv_cockpit +``` + +Install from [Github](https://github.com/while-true-do/ansible-role-srv_cockpit) +``` +git clone https://github.com/while-true-do/ansible-role-srv_cockpit.git while_true_do.srv_cockpit +``` + +Dependencies: + +``` +ansible-galaxy install -r requirements.yml +``` + +## Usage + +### Role Variables + +``` +--- +# defaults file for while_true_do.srv_cockpit + +# Some roles are predefined for convenience. +# Role can be: +# default-host => sys, pcp, kdump, selinux +# kvm-host => default-host + machine management +# docker-host => default-host + docker management +# control-host => default-host + webserver +# k8s-host => control-host + cockpit-kubernetes +# all => all packages present +# none => all packages absent +# unmanaged => you have to define each state +wtd_srv_cockpit_role: "default-host" + +# Cockpit System Packages +# Packages needed by most systems +# You should consider to look at while_true_do.sys_tuned +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager +# State can be present|latest|absent +wtd_srv_cockpit_sys_package_state: "" + +# Cockpit PCP Integration +# You should consider to look at while_true_do.sys_pcp +wtd_srv_cockpit_pcp_package: + - cockpit-pcp +# State can be present|latest|absent +wtd_srv_cockpit_pcp_package_state: "" + +# Cockpit Docker Integration +# You should consider to look at while_true_do.srv_docker +wtd_srv_cockpit_docker_package: + - cockpit-docker +# State can be present|latest|absent +wtd_srv_cockpit_docker_package_state: "" + +# Cockpit KVM Integration +# You should consider to look at while_true_do.srv_kvm +wtd_srv_cockpit_machine_package: + - cockpit-machines +# State can be present|latest|absent +wtd_srv_cockpit_machine_package_state: "" + +# Cockpit Kdump Integration +# You should consider to look at while_true_do.sys_kdump +wtd_srv_cockpit_kdump_package: + - cockpit-kdump +# State can be present|latest|absent +wtd_srv_cockpit_kdump_package_state: "" + +# Cockpit selinux Integration +# You should consider to look at while_true_do.sys_selinux +wtd_srv_cockpit_selinux_package: + - cockpit-selinux +# State can be present|latest|absent +wtd_srv_cockpit_selinux_package_state: "" + +# Cockpit Kubernetes Integration +wtd_srv_cockpit_k8s_package: + - cockpit-kubernetes +# State can be present|latest|absent +wtd_srv_cockpit_k8s_package_state: "" + +# Cockpit Webserver +# The webserver, if you need it. Most likely on control/admin hosts only +wtd_srv_cockpit_ws_package: + - cockpit-ws + - cockpit-dashboard +# State can be present|latest|absent +wtd_srv_cockpit_ws_package_state: "" + +wtd_srv_cockpit_ws_service: "cockpit.socket" +# State can be started|stopped +wtd_srv_cockpit_ws_service_state: "started" +wtd_srv_cockpit_ws_service_enabled: true + +# Firewalld Management +wtd_srv_cockpit_ws_firewall_service: "cockpit" +# State can be enabled|disabled +wtd_srv_cockpit_ws_firewall_service_state: "enabled" +# Define a zone, to be used +wtd_srv_cockpit_ws_firewall_service_zone: "public" + +# See here: http://cockpit-project.org/guide/latest/cockpit.conf.5.html +wtd_srv_cockpit_ws_conf_Origins: "" +wtd_srv_cockpit_ws_conf_ProtocolHeader: "" +wtd_srv_cockpit_ws_conf_LoginTo: "" +wtd_srv_cockpit_ws_conf_LoginTitle: "" +wtd_srv_cockpit_ws_conf_RequireHost: "" +wtd_srv_cockpit_ws_conf_MaxStartups: "3" +wtd_srv_cockpit_ws_conf_AllowUnencrypted: "" +wtd_srv_cockpit_ws_conf_UrlRoot: "" + +# See here: http://cockpit-project.org/guide/latest/cockpit-ws.8.html +wtd_srv_cockpit_ws_conf_cert: "" + +wtd_srv_cockpit_ws_clients: +# - name: "someName" +# color: "rgb(0, 0, 255)" # default random color +# port: "22" # default to 22 +# address: "host1.example.com" +``` + +### Example Playbook + +Running Ansible +[Roles](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) +can be done in a +[playbook](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html). + +#### Simple + +``` +--- +- hosts: all + roles: + - role: while_true_do.srv_cockpit +``` + +#### Control Host + +``` +- hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "control-host" +``` + +#### Control Host with multiple Clients + +``` +- hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "control-host" + wtd_srv_cockpit_ws_clients: + - name: "host1" + address: "host1.example.com" + - name: "host2" + address: "host2.example.com" + - name: "host3" + address: "192.168.22.10" +``` + +## Testing + +Most of the "generic" tests are located in the +[Test Library](https://github.com/while-true-do/test-library). + +Ansible specific testing is done with +[Molecule](https://molecule.readthedocs.io/en/stable/). + +Infrastructure testing is done with +[testinfra](https://testinfra.readthedocs.io/en/stable/). + +Automated testing is done with [Travis CI](https://travis-ci.com/while-true-do). + +## Contribute + +Thank you so much for considering to contribute. We are very happy, when somebody +is joining the hard work. Please fell free to open +[Bugs, Feature Requests](https://github.com/while-true-do/ansible-role-srv_cockpit/issues) +or [Pull Requests](https://github.com/while-true-do/ansible-role-srv_cockpit/pulls) after +reading the [Contribution Guideline](https://github.com/while-true-do/doc-library/blob/master/docs/CONTRIBUTING.md). + +See who has contributed already in the [kudos.txt](./kudos.txt). + +## License + +This work is licensed under a [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause). + +## Contact + +- Site +- Twitter +- Code +- Mail [hello@while-true-do.io](mailto:hello@while-true-do.io) +- IRC [freenode, #while-true-do](https://webchat.freenode.net/?channels=while-true-do) +- Telegram diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b68a0a9 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,107 @@ +--- +# defaults file for while_true_do.srv_cockpit + +# Some roles are predefined for convenience. +# Role can be: +# default-host => sys, pcp, kdump, selinux +# kvm-host => default-host + machine management +# docker-host => default-host + docker management +# control-host => default-host + webserver +# k8s-host => control-host + cockpit-kubernetes +# all => all packages present +# none => all packages absent +# unmanaged => you have to define each state +wtd_srv_cockpit_role: "default-host" + +# Cockpit System Packages +# Packages needed by most systems +# You should consider to look at while_true_do.sys_tuned +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager +# State can be present|latest|absent +wtd_srv_cockpit_sys_package_state: "" + +# Cockpit PCP Integration +# You should consider to look at while_true_do.sys_pcp +wtd_srv_cockpit_pcp_package: + - cockpit-pcp +# State can be present|latest|absent +wtd_srv_cockpit_pcp_package_state: "" + +# Cockpit Docker Integration +# You should consider to look at while_true_do.srv_docker +wtd_srv_cockpit_docker_package: + - cockpit-docker +# State can be present|latest|absent +wtd_srv_cockpit_docker_package_state: "" + +# Cockpit KVM Integration +# You should consider to look at while_true_do.srv_kvm +wtd_srv_cockpit_machine_package: + - cockpit-machines +# State can be present|latest|absent +wtd_srv_cockpit_machine_package_state: "" + +# Cockpit Kdump Integration +# You should consider to look at while_true_do.sys_kdump +wtd_srv_cockpit_kdump_package: + - cockpit-kdump +# State can be present|latest|absent +wtd_srv_cockpit_kdump_package_state: "" + +# Cockpit selinux Integration +# You should consider to look at while_true_do.sys_selinux +wtd_srv_cockpit_selinux_package: + - cockpit-selinux +# State can be present|latest|absent +wtd_srv_cockpit_selinux_package_state: "" + +# Cockpit Kubernetes Integration +wtd_srv_cockpit_k8s_package: + - cockpit-kubernetes +# State can be present|latest|absent +wtd_srv_cockpit_k8s_package_state: "" + +# Cockpit Webserver +# The webserver, if you need it. Most likely on control/admin hosts only +wtd_srv_cockpit_ws_package: + - cockpit-ws + - cockpit-dashboard +# State can be present|latest|absent +wtd_srv_cockpit_ws_package_state: "" + +wtd_srv_cockpit_ws_service: "cockpit.socket" +# State can be started|stopped +wtd_srv_cockpit_ws_service_state: "started" +wtd_srv_cockpit_ws_service_enabled: true + +# Firewalld Management +wtd_srv_cockpit_ws_firewall_service: "cockpit" +# State can be enabled|disabled +wtd_srv_cockpit_ws_firewall_service_state: "enabled" +# Define a zone, to be used +wtd_srv_cockpit_ws_firewall_service_zone: "public" + +# See here: http://cockpit-project.org/guide/latest/cockpit.conf.5.html +wtd_srv_cockpit_ws_conf_Origins: "" +wtd_srv_cockpit_ws_conf_ProtocolHeader: "" +wtd_srv_cockpit_ws_conf_LoginTo: "" +wtd_srv_cockpit_ws_conf_LoginTitle: "" +wtd_srv_cockpit_ws_conf_RequireHost: "" +wtd_srv_cockpit_ws_conf_MaxStartups: "3" +wtd_srv_cockpit_ws_conf_AllowUnencrypted: "" +wtd_srv_cockpit_ws_conf_UrlRoot: "" + +# See here: http://cockpit-project.org/guide/latest/cockpit-ws.8.html +wtd_srv_cockpit_ws_conf_cert: "" + +wtd_srv_cockpit_ws_clients: +# - name: "someName" +# color: "rgb(0, 0, 255)" # default random color +# port: "22" # default to 22 +# address: "host1.example.com" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..06e1f23 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for while_true_do.srv_cockpit + +- name: Restart Cockpit Web + service: + name: "{{ wtd_srv_cockpit_ws_service }}" + state: "restarted" + become: true + tags: + - cockpit + - service + - web + - system diff --git a/kudos.txt b/kudos.txt new file mode 100644 index 0000000..913cb3d --- /dev/null +++ b/kudos.txt @@ -0,0 +1,21 @@ +# name: kudos.txt +# description: This file shows the named contributors. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://github.com/kudos-txt + +project: + - name: while-true-do.io + site: https://while-true-do.io + mail: hello@while-true-do.io + +contributors: + - name: daniel-wtd + mail: daniel@while-true-do.io + role: Founder / Owner + site: https://while-true-do.io + +partners: + - name: kudos.txt + site: https://kudos-txt.io diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..1f3e8c5 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,38 @@ +--- +# meta file for while_true_do.srv_cockpit +galaxy_info: + role_name: srv_cockpit + author: while-true-do.io + description: An Ansible role to install and configure Cockpit. + license: BSD + + min_ansible_version: 2.7 + + # Supported platforms: https://galaxy.ansible.com/api/v1/platforms/ + # Please also maintain + # - molecule/default/molecule.yml + # - molecule/default/tests/test_default.py + platforms: + - name: EL + versions: + - 7 + + - name: Fedora + versions: + - 29 + + galaxy_tags: + - cockpit + - container + - kdump + - monitoring + - package + - pcp + - security + - selinux + - service + - system + - virtualization + - web + +dependencies: [] diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..e6aa95d --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..70a5c98 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,68 @@ +--- +scenario: + name: default + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - side_effect + - verify + - destroy +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + # Please also maintain: + # - meta/main.yml + # - molecule/default/tests/test_default.py + - name: fedora29 + image: fedora:29 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + + - name: centos7 + image: centos:7 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + + - name: redhat7 + image: centos:7 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + options: + v: 1 + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..060cb6f --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "all" + wtd_srv_cockpit_ws_clients: + - name: "host1" + address: "host1.example.com" + - name: "host2" + address: "host2.example.com" + - name: "host3" + address: "host3.example.com" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..5c8fac0 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,14 @@ +--- +# name: requirements.yml +# description: This file contains dependencies. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause + +- src: while_true_do.rpo_epel +- src: while_true_do.srv_docker +- src: while_true_do.srv_kvm +- src: while_true_do.srv_pcp +- src: while_true_do.sys_kdump +- src: while_true_do.sys_selinux +- src: while_true_do.sys_tuned diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..9c213f1 --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,32 @@ +import os + +import testinfra.utils.ansible_runner +import pytest + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.mark.parametrize("name", [ + ("cockpit-system"), + ("cockpit-pcp"), + ("cockpit-docker"), + ("cockpit-machines"), + ("cockpit-ws"), + ("cockpit-dashboard"), + ("cockpit-kubernetes"), +]) +def test_pkg(host, name): + pkg = host.package(name) + assert pkg.is_installed + + +def test_srv(host): + srv = host.service('cockpit.socket') + assert srv.is_running + assert srv.is_enabled + + +def test_socket(host): + sock = host.socket('tcp://9090') + assert sock.is_listening diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..5c8fac0 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,14 @@ +--- +# name: requirements.yml +# description: This file contains dependencies. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause + +- src: while_true_do.rpo_epel +- src: while_true_do.srv_docker +- src: while_true_do.srv_kvm +- src: while_true_do.srv_pcp +- src: while_true_do.sys_kdump +- src: while_true_do.sys_selinux +- src: while_true_do.sys_tuned diff --git a/tasks/cockpit-k8s.yml b/tasks/cockpit-k8s.yml new file mode 100644 index 0000000..2aabd45 --- /dev/null +++ b/tasks/cockpit-k8s.yml @@ -0,0 +1,16 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Manage Kubernetes Packages + package: + name: "{{ wtd_srv_cockpit_k8s_package }}" + state: "{{ wtd_srv_cockpit_k8s_package_state }}" + become: true + when: wtd_srv_cockpit_k8s_package_state != "" + tags: + - cockpit + - container + - monitoring + - package + - system + - web diff --git a/tasks/cockpit-ws.yml b/tasks/cockpit-ws.yml new file mode 100644 index 0000000..1bf4dd8 --- /dev/null +++ b/tasks/cockpit-ws.yml @@ -0,0 +1,87 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Gather package facts + package_facts: + manager: auto + tags: + - cockpit + - facts + - package + +- name: Manage Cockpit Web Packages + package: + name: "{{ wtd_srv_cockpit_ws_package }}" + state: "{{ wtd_srv_cockpit_ws_package_state }}" + become: true + tags: + - cockpit + - package + - system + - web + +- name: Manage Cockpit Web Service + service: + name: "{{ wtd_srv_cockpit_ws_service }}" + state: "{{ wtd_srv_cockpit_ws_service_state }}" + enabled: "{{ wtd_srv_cockpit_ws_service_enabled }}" + become: true + when: wtd_srv_cockpit_ws_package_state != "absent" + tags: + - cockpit + - service + - system + - web + +- name: Configure Cockpit Web + template: + src: "cockpit.conf.j2" + dest: "/etc/cockpit/cockpit.conf" + owner: "root" + group: "root" + mode: 0644 + become: true + when: wtd_srv_cockpit_ws_package_state != "absent" + notify: + - Restart Cockpit Web + tags: + - cockpit + - configuration + - system + - web + +- name: Configure Cockpit Web Clients + template: + src: "99-webui.json.j2" + dest: "/etc/cockpit/machines.d/99-webui.json" + owner: "root" + group: "root" + mode: 0644 + lstrip_blocks: true + become: true + when: + - wtd_srv_cockpit_ws_package_state != "absent" + - wtd_srv_cockpit_ws_clients != "" + notify: + - Restart Cockpit Web + tags: + - cockpit + - configuration + - system + - web + +- name: Manage cockpit Firewalld Service + firewalld: + service: "{{ wtd_srv_cockpit_ws_firewall_service }}" + state: "{{ wtd_srv_cockpit_ws_firewall_service_state }}" + immediate: true + permanent: true + zone: "{{ wtd_srv_cockpit_ws_firewall_service_zone }}" + become: true + when: + - '"firewalld" in packages' + tags: + - cockpit + - configuration + - firewall + - security diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e2d08d9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,95 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Include distribution Vars + include_vars: "{{ ansible_distribution }}.yml" + +- name: Include cockpit_role Vars + include_vars: "{{ wtd_srv_cockpit_role }}.yml" + when: wtd_srv_cockpit_role != "unmanaged" + +- name: Manage Cockpit sys Packages + package: + name: "{{ wtd_srv_cockpit_sys_package }}" + state: "{{ wtd_srv_cockpit_sys_package_state }}" + become: true + tags: + - cockpit + - monitoring + - package + - system + +- name: Manage Cockpit pcp Packages + package: + name: "{{ wtd_srv_cockpit_pcp_package }}" + state: "{{ wtd_srv_cockpit_pcp_package_state }}" + become: true + when: wtd_srv_cockpit_pcp_package_state != "" + tags: + - cockpit + - monitoring + - package + - pcp + - system + +- name: Manage Cockpit docker Packages + package: + name: "{{ wtd_srv_cockpit_docker_package }}" + state: "{{ wtd_srv_cockpit_docker_package_state }}" + become: true + when: wtd_srv_cockpit_docker_package_state != "" + tags: + - cockpit + - container + - monitoring + - package + - system + +- name: Manage Cockpit machine Packages + package: + name: "{{ wtd_srv_cockpit_machine_package }}" + state: "{{ wtd_srv_cockpit_machine_package_state }}" + become: true + when: wtd_srv_cockpit_machine_package_state != "" + tags: + - cockpit + - monitoring + - package + - system + - virtualization + +- name: Manage Cockpit kdump Packages + package: + name: "{{ wtd_srv_cockpit_kdump_package }}" + state: "{{ wtd_srv_cockpit_kdump_package_state }}" + become: true + when: wtd_srv_cockpit_kdump_package_state != "" + tags: + - cockpit + - kdump + - package + - system + +- name: Manage Cockpit selinux Packages + package: + name: "{{ wtd_srv_cockpit_selinux_package }}" + state: "{{ wtd_srv_cockpit_selinux_package_state }}" + become: true + when: wtd_srv_cockpit_selinux_package_state != "" + tags: + - cockpit + - monitoring + - package + - security + - selinux + - system + +- name: Include Cockpit Web Tasks + include_tasks: cockpit-ws.yml + when: wtd_srv_cockpit_ws_package_state != "" + +- name: Include Cockpit k8s Tasks + include_tasks: cockpit-k8s.yml + when: + - wtd_srv_cockpit_k8s_package_state != "" + - wtd_srv_cockpit_ws_package_state != "" diff --git a/templates/99-webui.json.j2 b/templates/99-webui.json.j2 new file mode 100644 index 0000000..2a92030 --- /dev/null +++ b/templates/99-webui.json.j2 @@ -0,0 +1,18 @@ +{{ '{' }} +{% for host in wtd_srv_cockpit_ws_clients %} + "{{ host.name }}" : {{ '{' }} + "visible" : "true", + {% if host.color is defined %} + "color" : "{{ host.color }}", + {% endif %} + {% if host.port is defined %} + "port" : "{{ host.port }}", + {% endif %} + "address" : "{{ host.address }}" + {% if loop.last %} + {{ '}' }} + {% else %} + {{ '},' }} + {% endif %} +{% endfor %} +{{ '}' }} diff --git a/templates/cockpit.conf.j2 b/templates/cockpit.conf.j2 new file mode 100644 index 0000000..bfd4588 --- /dev/null +++ b/templates/cockpit.conf.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} + +[WebService] +{% if wtd_srv_cockpit_ws_conf_Origins %} +Origins = {{ wtd_srv_cockpit_ws_conf_Origins }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_ProtocolHeader %} +ProtocolHeader = {{ wtd_srv_cockpit_ws_conf_ProtocolHeader }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_LoginTo %} +LoginTo = {{ wtd_srv_cockpit_ws_conf_LoginTo }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_LoginTitle %} +LoginTitle = {{ wtd_srv_cockpit_ws_conf_LoginTitle }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_RequireHost %} +RequireHost = {{ wtd_srv_cockpit_ws_conf_RequireHost }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_MaxStartups %} +MaxStartups = {{ wtd_srv_cockpit_ws_conf_MaxStartups }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_AllowUnencrypted %} +AllowUnencrypted = {{ wtd_srv_cockpit_ws_conf_AllowUnencrypted }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_UrlRoot %} +UrlRoot = {{ wtd_srv_cockpit_ws_conf_UrlRoot }} +{% endif %} diff --git a/vars/CentOS.yml b/vars/CentOS.yml new file mode 100644 index 0000000..254b98a --- /dev/null +++ b/vars/CentOS.yml @@ -0,0 +1,8 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-storaged diff --git a/vars/Fedora.yml b/vars/Fedora.yml new file mode 100644 index 0000000..b610ca5 --- /dev/null +++ b/vars/Fedora.yml @@ -0,0 +1,10 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..254b98a --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,8 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-storaged diff --git a/vars/all.yml b/vars/all.yml new file mode 100644 index 0000000..3c441d8 --- /dev/null +++ b/vars/all.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +wtd_srv_cockpit_docker_package_state: "present" +wtd_srv_cockpit_machine_package_state: "present" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +wtd_srv_cockpit_k8s_package_state: "present" diff --git a/vars/control-host.yml b/vars/control-host.yml new file mode 100644 index 0000000..ec50662 --- /dev/null +++ b/vars/control-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/default-host.yml b/vars/default-host.yml new file mode 100644 index 0000000..a604f36 --- /dev/null +++ b/vars/default-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/docker-host.yml b/vars/docker-host.yml new file mode 100644 index 0000000..0c8181e --- /dev/null +++ b/vars/docker-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +wtd_srv_cockpit_docker_package_state: "present" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/k8s-host.yml b/vars/k8s-host.yml new file mode 100644 index 0000000..6d3a7c7 --- /dev/null +++ b/vars/k8s-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +wtd_srv_cockpit_k8s_package_state: "present" diff --git a/vars/kvm-host.yml b/vars/kvm-host.yml new file mode 100644 index 0000000..2affd7a --- /dev/null +++ b/vars/kvm-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +wtd_srv_cockpit_machine_package_state: "present" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..6515c8a --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for while_true_do.srv_cockpit diff --git a/vars/none.yml b/vars/none.yml new file mode 100644 index 0000000..ecf8ede --- /dev/null +++ b/vars/none.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "absent" +wtd_srv_cockpit_pcp_package_state: "absent" +wtd_srv_cockpit_docker_package_state: "absent" +wtd_srv_cockpit_machine_package_state: "absent" +wtd_srv_cockpit_kdump_package_state: "absent" +wtd_srv_cockpit_selinux_package_state: "absent" +wtd_srv_cockpit_ws_package_state: "absent" +wtd_srv_cockpit_k8s_package_state: "absent"