From 456bfb9cd3eea0437dc2886413cd6b1acea28384 Mon Sep 17 00:00:00 2001 From: daniel-wtd Date: Tue, 7 May 2019 16:29:55 +0200 Subject: [PATCH] Initial commit --- .ansible-lint | 2 + .editorconfig | 24 +++ .gitattributes | 14 ++ .gitignore | 52 +++++ .gitmessage | 65 ++++++ .travis.yml | 45 ++++ .yamllint | 11 + LICENSE | 29 +++ README.md | 273 +++++++++++++++++++++++++ defaults/main.yml | 107 ++++++++++ handlers/main.yml | 13 ++ kudos.txt | 21 ++ meta/main.yml | 38 ++++ molecule/default/Dockerfile.j2 | 14 ++ molecule/default/INSTALL.rst | 22 ++ molecule/default/molecule.yml | 68 ++++++ molecule/default/playbook.yml | 13 ++ molecule/default/requirements.yml | 14 ++ molecule/default/tests/test_default.py | 32 +++ requirements.yml | 14 ++ tasks/cockpit-k8s.yml | 16 ++ tasks/cockpit-ws.yml | 87 ++++++++ tasks/main.yml | 95 +++++++++ templates/99-webui.json.j2 | 18 ++ templates/cockpit.conf.j2 | 27 +++ vars/CentOS.yml | 8 + vars/Fedora.yml | 10 + vars/RedHat.yml | 8 + vars/all.yml | 11 + vars/control-host.yml | 11 + vars/default-host.yml | 11 + vars/docker-host.yml | 11 + vars/k8s-host.yml | 11 + vars/kvm-host.yml | 11 + vars/main.yml | 2 + vars/none.yml | 11 + 36 files changed, 1219 insertions(+) create mode 100644 .ansible-lint create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .gitmessage create mode 100644 .travis.yml create mode 100644 .yamllint create mode 100644 LICENSE create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 kudos.txt create mode 100644 meta/main.yml create mode 100644 molecule/default/Dockerfile.j2 create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/playbook.yml create mode 100644 molecule/default/requirements.yml create mode 100644 molecule/default/tests/test_default.py create mode 100644 requirements.yml create mode 100644 tasks/cockpit-k8s.yml create mode 100644 tasks/cockpit-ws.yml create mode 100644 tasks/main.yml create mode 100644 templates/99-webui.json.j2 create mode 100644 templates/cockpit.conf.j2 create mode 100644 vars/CentOS.yml create mode 100644 vars/Fedora.yml create mode 100644 vars/RedHat.yml create mode 100644 vars/all.yml create mode 100644 vars/control-host.yml create mode 100644 vars/default-host.yml create mode 100644 vars/docker-host.yml create mode 100644 vars/k8s-host.yml create mode 100644 vars/kvm-host.yml create mode 100644 vars/main.yml create mode 100644 vars/none.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..3f7f42d --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '602' diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..4580c79 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,24 @@ +# name: .editorconfig +# description: This file helps to configure your editor via editorconfig. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://editorconfig.org/ + +# top-most EditorConfig file +root = true + +# Unix-style newlines with a newline ending every file +[*] +end_of_line = lf +insert_final_newline = true + +[*.{yml,py,sh}] +charset = utf-8 + +[*.yml] +indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..2b50384 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,14 @@ +# name: .gitattributes +# description: This file facilitates gitattributes. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://git-scm.com/docs/gitattributes + +# Ignore some files for exports / releases +.editorconfig export-ignore +.gitattributes export-ignore +.gitignore export-ignore +.gitmessages export-ignore +/tests export-ignore +/molecule export-ignore \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..45a6b7d --- /dev/null +++ b/.gitignore @@ -0,0 +1,52 @@ +# name: .gitignore +# description: This file facilitates gitignore. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://git-scm.com/docs/gitignore + +# repo specific + +# compiled source +*.com +*.class +*.dll +*.exe +*.o +*.so + +# ansible retry files +*.retry + +# cache +**/__pycache__ + +# temporary files +*.swp +*.swo +*~ + +# packages +*.7z +*.dmg +*.gz +*.iso +*.jar +*.rar +*.tar +*.zip + +# logs and databases +*.log +*.sql +*.sqlite + +# OS generated files +.DS_Store* +ehthumbs.db +Icon? +Thumbs.db + +# lock files +*.lock +package-lock.json \ No newline at end of file diff --git a/.gitmessage b/.gitmessage new file mode 100644 index 0000000..adf97f8 --- /dev/null +++ b/.gitmessage @@ -0,0 +1,65 @@ +# name: .gitmessage +# description: This file helps to write better commit messages. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# +# usage: git config commit.template .gitmessage +# +#<------------------------- 72 characters ----------------------------> +# +# Pattern: +# +# : +# +# +# +# - : +# - : +# - : +# +# Resolves: #, # +# See also: #, # +# +#<------------------------- 72 characters ----------------------------> +# +# Example: +# +# feat: Everything OK Button +# +# A long requested Everything OK Button, which will help us a lot! +# +# - add: everything_ok.py +# - remove: not_ok.js +# - update: README.md +# - update: metadata.json +# +# Resolves: #1234 +# See also: #4711, #666 +# +#<------------------------- 72 characters ----------------------------> +# +# Explanation: +# +# --> TAGS +# +# change tags: can be used for all changes +# - add a feature of file is added +# - remove a feature or file is removed +# - update a feature of file was updated +# +# title tags: only use them for the subject line +# - doc documentation +# - feat feature provided +# - fix bug fix, security fix +# - refactor most likely a re-write or re-code +# - style code style +# +# --> SUBJECT, DESCRIPTION +# +# What was done and why was it done? +# +# --> RESOLVES, SEE ALSO +# +# In most cases, it is mandatory to provide an issue number, which is +# addressed. \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5a17f15 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,45 @@ +--- +# name: .travis.yml +# description: This file tells travis, what needs to be done. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://docs.travis-ci.com/user/customizing-the-build + +language: python +services: + # Provide the docker service. + - docker + +install: + # Install test dependencies. + - pip install ansible molecule[docker] + +before_script: + # Use actual Ansible Galaxy role name for the project directory. + - ln -s $PWD ../while_true_do.srv_cockpit + - cd ../while_true_do.srv_cockpit + +script: + # Do the tests. + - molecule test + +notifications: + email: + recipients: + - devel@while-true-do.io + on_success: change + on_failure: always + + irc: + channels: + - "chat.freenode.net#while-true-do" + on_success: change + on_failure: always + + webhooks: + urls: + - https://galaxy.ansible.com/api/v1/notifications/ + on_success: always + on_failure: always + on_pull_requests: false diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..ad0be76 --- /dev/null +++ b/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..19414cf --- /dev/null +++ b/LICENSE @@ -0,0 +1,29 @@ +BSD 3-Clause License + +Copyright (c) 2019, while-true-do.io +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..0ac7d74 --- /dev/null +++ b/README.md @@ -0,0 +1,273 @@ + + + +[![Github (tag)](https://img.shields.io/github/tag/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/tags) +[![Github (license)](https://img.shields.io/github/license/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/blob/master/LICENSE) +[![Github (issues)](https://img.shields.io/github/issues/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/issues) +[![Github (pull requests)](https://img.shields.io/github/issues-pr/while-true-do/ansible-role-srv_cockpit.svg)](https://github.com/while-true-do/ansible-role-srv_cockpit/pulls) + +[![Travis (com)](https://img.shields.io/travis/com/while-true-do/ansible-role-srv_cockpit.svg)](https://travis-ci.com/while-true-do/ansible-role-srv_cockpit) + +[![Ansible (min. version)](https://img.shields.io/badge/dynamic/yaml.svg?label=Min.%20Ansible%20Version&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=%24.galaxy_info.min_ansible_version&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) +[![Ansible (platforms)](https://img.shields.io/badge/dynamic/yaml.svg?label=Supported%20OS&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=galaxy_info.platforms%5B*%5D.name&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) +[![Ansible (tags)](https://img.shields.io/badge/dynamic/yaml.svg?label=Galaxy%20Tags&url=https%3A%2F%2Fraw.githubusercontent.com%2Fwhile-true-do%2Fansible-role-srv_cockpit%2Fmaster%2Fmeta%2Fmain.yml&query=%24.galaxy_info.galaxy_tags%5B*%5D&colorB=black)](https://galaxy.ansible.com/while_true_do/srv_cockpit) + +# Ansible Role: srv_cockpit + +An Ansible role to install and configure Cockpit. + +## Motivation + +[Cockpit](https://cockpit-project.org/) ia a very interesting management tool +for Linux servers. It does provide an overview of different metrics and allows +management for several features. It does integrate with tools like +[docker](https://www.docker.com/), +[selinux](https://selinuxproject.org/page/Main_Page), kdump, +[podman](https://podman.io/) or [kvm](https://www.linux-kvm.org/page/Main_Page). + +## Description + +This role installs and configures several features and modules of cockpit. + +- cockpit system +- cockpit web +- integration with tools like kvm or selinux +- integration of performance co-pilot + +## Requirements + +There are no hard requirements. Nevertheless, since cockpit integrates with +lots of services, you should review some of these tools and optional roles. + +Optional Roles: + +- [while_true_do.rpo_epel](https://github.com/while-true-do/ansible-role-rpo_epel) +- [while_true_do.srv_docker](https://github.com/while-true-do/ansible-role-srv_docker) +- [while_true_do.srv_kvm](https://github.com/while-true-do/ansible-role-srv_kvm) +- [while_true_do.srv_pcp](https://github.com/while-true-do/ansible-role-srv_pcp) +- [while_true_do.sys_kdump](https://github.com/while-true-do/ansible-role-sys_kdump) +- [while_true_do.sys_selinux](https://github.com/while-true-do/ansible-role-sys_selinux) +- [while_true_do.sys_tuned](https://github.com/while-true-do/ansible-role-sys_tuned) + +Used Modules: + +- [Ansible Package Module](https://docs.ansible.com/ansible/latest/modules/package_module.html) +- [Ansible Service Module](https://docs.ansible.com/ansible/latest/modules/service_module.html) +- [Ansible Template Module](https://docs.ansible.com/ansible/latest/modules/template_module.html) +- [Ansible Firewalld Module](https://docs.ansible.com/ansible/latest/modules/firewalld_module.html) +- [Ansible Package_Facts Module](https://docs.ansible.com/ansible/latest/modules/package_facts_module.html) + +## Installation + +Install from [Ansible Galaxy](https://galaxy.ansible.com/while_true_do/srv_cockpit) +``` +ansible-galaxy install while_true_do.srv_cockpit +``` + +Install from [Github](https://github.com/while-true-do/ansible-role-srv_cockpit) +``` +git clone https://github.com/while-true-do/ansible-role-srv_cockpit.git while_true_do.srv_cockpit +``` + +Dependencies: + +``` +ansible-galaxy install -r requirements.yml +``` + +## Usage + +### Role Variables + +``` +--- +# defaults file for while_true_do.srv_cockpit + +# Some roles are predefined for convenience. +# Role can be: +# default-host => sys, pcp, kdump, selinux +# kvm-host => default-host + machine management +# docker-host => default-host + docker management +# control-host => default-host + webserver +# k8s-host => control-host + cockpit-kubernetes +# all => all packages present +# none => all packages absent +# unmanaged => you have to define each state +wtd_srv_cockpit_role: "default-host" + +# Cockpit System Packages +# Packages needed by most systems +# You should consider to look at while_true_do.sys_tuned +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager +# State can be present|latest|absent +wtd_srv_cockpit_sys_package_state: "" + +# Cockpit PCP Integration +# You should consider to look at while_true_do.sys_pcp +wtd_srv_cockpit_pcp_package: + - cockpit-pcp +# State can be present|latest|absent +wtd_srv_cockpit_pcp_package_state: "" + +# Cockpit Docker Integration +# You should consider to look at while_true_do.srv_docker +wtd_srv_cockpit_docker_package: + - cockpit-docker +# State can be present|latest|absent +wtd_srv_cockpit_docker_package_state: "" + +# Cockpit KVM Integration +# You should consider to look at while_true_do.srv_kvm +wtd_srv_cockpit_machine_package: + - cockpit-machines +# State can be present|latest|absent +wtd_srv_cockpit_machine_package_state: "" + +# Cockpit Kdump Integration +# You should consider to look at while_true_do.sys_kdump +wtd_srv_cockpit_kdump_package: + - cockpit-kdump +# State can be present|latest|absent +wtd_srv_cockpit_kdump_package_state: "" + +# Cockpit selinux Integration +# You should consider to look at while_true_do.sys_selinux +wtd_srv_cockpit_selinux_package: + - cockpit-selinux +# State can be present|latest|absent +wtd_srv_cockpit_selinux_package_state: "" + +# Cockpit Kubernetes Integration +wtd_srv_cockpit_k8s_package: + - cockpit-kubernetes +# State can be present|latest|absent +wtd_srv_cockpit_k8s_package_state: "" + +# Cockpit Webserver +# The webserver, if you need it. Most likely on control/admin hosts only +wtd_srv_cockpit_ws_package: + - cockpit-ws + - cockpit-dashboard +# State can be present|latest|absent +wtd_srv_cockpit_ws_package_state: "" + +wtd_srv_cockpit_ws_service: "cockpit.socket" +# State can be started|stopped +wtd_srv_cockpit_ws_service_state: "started" +wtd_srv_cockpit_ws_service_enabled: true + +# Firewalld Management +wtd_srv_cockpit_ws_firewall_service: "cockpit" +# State can be enabled|disabled +wtd_srv_cockpit_ws_firewall_service_state: "enabled" +# Define a zone, to be used +wtd_srv_cockpit_ws_firewall_service_zone: "public" + +# See here: http://cockpit-project.org/guide/latest/cockpit.conf.5.html +wtd_srv_cockpit_ws_conf_Origins: "" +wtd_srv_cockpit_ws_conf_ProtocolHeader: "" +wtd_srv_cockpit_ws_conf_LoginTo: "" +wtd_srv_cockpit_ws_conf_LoginTitle: "" +wtd_srv_cockpit_ws_conf_RequireHost: "" +wtd_srv_cockpit_ws_conf_MaxStartups: "3" +wtd_srv_cockpit_ws_conf_AllowUnencrypted: "" +wtd_srv_cockpit_ws_conf_UrlRoot: "" + +# See here: http://cockpit-project.org/guide/latest/cockpit-ws.8.html +wtd_srv_cockpit_ws_conf_cert: "" + +wtd_srv_cockpit_ws_clients: +# - name: "someName" +# color: "rgb(0, 0, 255)" # default random color +# port: "22" # default to 22 +# address: "host1.example.com" +``` + +### Example Playbook + +Running Ansible +[Roles](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) +can be done in a +[playbook](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html). + +#### Simple + +``` +--- +- hosts: all + roles: + - role: while_true_do.srv_cockpit +``` + +#### Control Host + +``` +- hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "control-host" +``` + +#### Control Host with multiple Clients + +``` +- hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "control-host" + wtd_srv_cockpit_ws_clients: + - name: "host1" + address: "host1.example.com" + - name: "host2" + address: "host2.example.com" + - name: "host3" + address: "192.168.22.10" +``` + +## Testing + +Most of the "generic" tests are located in the +[Test Library](https://github.com/while-true-do/test-library). + +Ansible specific testing is done with +[Molecule](https://molecule.readthedocs.io/en/stable/). + +Infrastructure testing is done with +[testinfra](https://testinfra.readthedocs.io/en/stable/). + +Automated testing is done with [Travis CI](https://travis-ci.com/while-true-do). + +## Contribute + +Thank you so much for considering to contribute. We are very happy, when somebody +is joining the hard work. Please fell free to open +[Bugs, Feature Requests](https://github.com/while-true-do/ansible-role-srv_cockpit/issues) +or [Pull Requests](https://github.com/while-true-do/ansible-role-srv_cockpit/pulls) after +reading the [Contribution Guideline](https://github.com/while-true-do/doc-library/blob/master/docs/CONTRIBUTING.md). + +See who has contributed already in the [kudos.txt](./kudos.txt). + +## License + +This work is licensed under a [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause). + +## Contact + +- Site +- Twitter +- Code +- Mail [hello@while-true-do.io](mailto:hello@while-true-do.io) +- IRC [freenode, #while-true-do](https://webchat.freenode.net/?channels=while-true-do) +- Telegram diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..b68a0a9 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,107 @@ +--- +# defaults file for while_true_do.srv_cockpit + +# Some roles are predefined for convenience. +# Role can be: +# default-host => sys, pcp, kdump, selinux +# kvm-host => default-host + machine management +# docker-host => default-host + docker management +# control-host => default-host + webserver +# k8s-host => control-host + cockpit-kubernetes +# all => all packages present +# none => all packages absent +# unmanaged => you have to define each state +wtd_srv_cockpit_role: "default-host" + +# Cockpit System Packages +# Packages needed by most systems +# You should consider to look at while_true_do.sys_tuned +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager +# State can be present|latest|absent +wtd_srv_cockpit_sys_package_state: "" + +# Cockpit PCP Integration +# You should consider to look at while_true_do.sys_pcp +wtd_srv_cockpit_pcp_package: + - cockpit-pcp +# State can be present|latest|absent +wtd_srv_cockpit_pcp_package_state: "" + +# Cockpit Docker Integration +# You should consider to look at while_true_do.srv_docker +wtd_srv_cockpit_docker_package: + - cockpit-docker +# State can be present|latest|absent +wtd_srv_cockpit_docker_package_state: "" + +# Cockpit KVM Integration +# You should consider to look at while_true_do.srv_kvm +wtd_srv_cockpit_machine_package: + - cockpit-machines +# State can be present|latest|absent +wtd_srv_cockpit_machine_package_state: "" + +# Cockpit Kdump Integration +# You should consider to look at while_true_do.sys_kdump +wtd_srv_cockpit_kdump_package: + - cockpit-kdump +# State can be present|latest|absent +wtd_srv_cockpit_kdump_package_state: "" + +# Cockpit selinux Integration +# You should consider to look at while_true_do.sys_selinux +wtd_srv_cockpit_selinux_package: + - cockpit-selinux +# State can be present|latest|absent +wtd_srv_cockpit_selinux_package_state: "" + +# Cockpit Kubernetes Integration +wtd_srv_cockpit_k8s_package: + - cockpit-kubernetes +# State can be present|latest|absent +wtd_srv_cockpit_k8s_package_state: "" + +# Cockpit Webserver +# The webserver, if you need it. Most likely on control/admin hosts only +wtd_srv_cockpit_ws_package: + - cockpit-ws + - cockpit-dashboard +# State can be present|latest|absent +wtd_srv_cockpit_ws_package_state: "" + +wtd_srv_cockpit_ws_service: "cockpit.socket" +# State can be started|stopped +wtd_srv_cockpit_ws_service_state: "started" +wtd_srv_cockpit_ws_service_enabled: true + +# Firewalld Management +wtd_srv_cockpit_ws_firewall_service: "cockpit" +# State can be enabled|disabled +wtd_srv_cockpit_ws_firewall_service_state: "enabled" +# Define a zone, to be used +wtd_srv_cockpit_ws_firewall_service_zone: "public" + +# See here: http://cockpit-project.org/guide/latest/cockpit.conf.5.html +wtd_srv_cockpit_ws_conf_Origins: "" +wtd_srv_cockpit_ws_conf_ProtocolHeader: "" +wtd_srv_cockpit_ws_conf_LoginTo: "" +wtd_srv_cockpit_ws_conf_LoginTitle: "" +wtd_srv_cockpit_ws_conf_RequireHost: "" +wtd_srv_cockpit_ws_conf_MaxStartups: "3" +wtd_srv_cockpit_ws_conf_AllowUnencrypted: "" +wtd_srv_cockpit_ws_conf_UrlRoot: "" + +# See here: http://cockpit-project.org/guide/latest/cockpit-ws.8.html +wtd_srv_cockpit_ws_conf_cert: "" + +wtd_srv_cockpit_ws_clients: +# - name: "someName" +# color: "rgb(0, 0, 255)" # default random color +# port: "22" # default to 22 +# address: "host1.example.com" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..06e1f23 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for while_true_do.srv_cockpit + +- name: Restart Cockpit Web + service: + name: "{{ wtd_srv_cockpit_ws_service }}" + state: "restarted" + become: true + tags: + - cockpit + - service + - web + - system diff --git a/kudos.txt b/kudos.txt new file mode 100644 index 0000000..913cb3d --- /dev/null +++ b/kudos.txt @@ -0,0 +1,21 @@ +# name: kudos.txt +# description: This file shows the named contributors. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause +# reference: https://github.com/kudos-txt + +project: + - name: while-true-do.io + site: https://while-true-do.io + mail: hello@while-true-do.io + +contributors: + - name: daniel-wtd + mail: daniel@while-true-do.io + role: Founder / Owner + site: https://while-true-do.io + +partners: + - name: kudos.txt + site: https://kudos-txt.io diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..1f3e8c5 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,38 @@ +--- +# meta file for while_true_do.srv_cockpit +galaxy_info: + role_name: srv_cockpit + author: while-true-do.io + description: An Ansible role to install and configure Cockpit. + license: BSD + + min_ansible_version: 2.7 + + # Supported platforms: https://galaxy.ansible.com/api/v1/platforms/ + # Please also maintain + # - molecule/default/molecule.yml + # - molecule/default/tests/test_default.py + platforms: + - name: EL + versions: + - 7 + + - name: Fedora + versions: + - 29 + + galaxy_tags: + - cockpit + - container + - kdump + - monitoring + - package + - pcp + - security + - selinux + - service + - system + - virtualization + - web + +dependencies: [] diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2 new file mode 100644 index 0000000..e6aa95d --- /dev/null +++ b/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..70a5c98 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,68 @@ +--- +scenario: + name: default + test_sequence: + - lint + - destroy + - dependency + - syntax + - create + - prepare + - converge + - idempotence + - side_effect + - verify + - destroy +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + # Please also maintain: + # - meta/main.yml + # - molecule/default/tests/test_default.py + - name: fedora29 + image: fedora:29 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + + - name: centos7 + image: centos:7 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + + - name: redhat7 + image: centos:7 + command: /sbin/init + volume_mounts: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + environment: + container: docker + +provisioner: + name: ansible + lint: + name: ansible-lint +verifier: + name: testinfra + options: + v: 1 + lint: + name: flake8 diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml new file mode 100644 index 0000000..060cb6f --- /dev/null +++ b/molecule/default/playbook.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + roles: + - role: while_true_do.srv_cockpit + wtd_srv_cockpit_role: "all" + wtd_srv_cockpit_ws_clients: + - name: "host1" + address: "host1.example.com" + - name: "host2" + address: "host2.example.com" + - name: "host3" + address: "host3.example.com" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..5c8fac0 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,14 @@ +--- +# name: requirements.yml +# description: This file contains dependencies. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause + +- src: while_true_do.rpo_epel +- src: while_true_do.srv_docker +- src: while_true_do.srv_kvm +- src: while_true_do.srv_pcp +- src: while_true_do.sys_kdump +- src: while_true_do.sys_selinux +- src: while_true_do.sys_tuned diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..9c213f1 --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,32 @@ +import os + +import testinfra.utils.ansible_runner +import pytest + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +@pytest.mark.parametrize("name", [ + ("cockpit-system"), + ("cockpit-pcp"), + ("cockpit-docker"), + ("cockpit-machines"), + ("cockpit-ws"), + ("cockpit-dashboard"), + ("cockpit-kubernetes"), +]) +def test_pkg(host, name): + pkg = host.package(name) + assert pkg.is_installed + + +def test_srv(host): + srv = host.service('cockpit.socket') + assert srv.is_running + assert srv.is_enabled + + +def test_socket(host): + sock = host.socket('tcp://9090') + assert sock.is_listening diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..5c8fac0 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,14 @@ +--- +# name: requirements.yml +# description: This file contains dependencies. +# author: while-true-do.io +# contact: hello@while-true-do.io +# license: BSD-3-Clause + +- src: while_true_do.rpo_epel +- src: while_true_do.srv_docker +- src: while_true_do.srv_kvm +- src: while_true_do.srv_pcp +- src: while_true_do.sys_kdump +- src: while_true_do.sys_selinux +- src: while_true_do.sys_tuned diff --git a/tasks/cockpit-k8s.yml b/tasks/cockpit-k8s.yml new file mode 100644 index 0000000..2aabd45 --- /dev/null +++ b/tasks/cockpit-k8s.yml @@ -0,0 +1,16 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Manage Kubernetes Packages + package: + name: "{{ wtd_srv_cockpit_k8s_package }}" + state: "{{ wtd_srv_cockpit_k8s_package_state }}" + become: true + when: wtd_srv_cockpit_k8s_package_state != "" + tags: + - cockpit + - container + - monitoring + - package + - system + - web diff --git a/tasks/cockpit-ws.yml b/tasks/cockpit-ws.yml new file mode 100644 index 0000000..1bf4dd8 --- /dev/null +++ b/tasks/cockpit-ws.yml @@ -0,0 +1,87 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Gather package facts + package_facts: + manager: auto + tags: + - cockpit + - facts + - package + +- name: Manage Cockpit Web Packages + package: + name: "{{ wtd_srv_cockpit_ws_package }}" + state: "{{ wtd_srv_cockpit_ws_package_state }}" + become: true + tags: + - cockpit + - package + - system + - web + +- name: Manage Cockpit Web Service + service: + name: "{{ wtd_srv_cockpit_ws_service }}" + state: "{{ wtd_srv_cockpit_ws_service_state }}" + enabled: "{{ wtd_srv_cockpit_ws_service_enabled }}" + become: true + when: wtd_srv_cockpit_ws_package_state != "absent" + tags: + - cockpit + - service + - system + - web + +- name: Configure Cockpit Web + template: + src: "cockpit.conf.j2" + dest: "/etc/cockpit/cockpit.conf" + owner: "root" + group: "root" + mode: 0644 + become: true + when: wtd_srv_cockpit_ws_package_state != "absent" + notify: + - Restart Cockpit Web + tags: + - cockpit + - configuration + - system + - web + +- name: Configure Cockpit Web Clients + template: + src: "99-webui.json.j2" + dest: "/etc/cockpit/machines.d/99-webui.json" + owner: "root" + group: "root" + mode: 0644 + lstrip_blocks: true + become: true + when: + - wtd_srv_cockpit_ws_package_state != "absent" + - wtd_srv_cockpit_ws_clients != "" + notify: + - Restart Cockpit Web + tags: + - cockpit + - configuration + - system + - web + +- name: Manage cockpit Firewalld Service + firewalld: + service: "{{ wtd_srv_cockpit_ws_firewall_service }}" + state: "{{ wtd_srv_cockpit_ws_firewall_service_state }}" + immediate: true + permanent: true + zone: "{{ wtd_srv_cockpit_ws_firewall_service_zone }}" + become: true + when: + - '"firewalld" in packages' + tags: + - cockpit + - configuration + - firewall + - security diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e2d08d9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,95 @@ +--- +# tasks file for while_true_do.srv_cockpit + +- name: Include distribution Vars + include_vars: "{{ ansible_distribution }}.yml" + +- name: Include cockpit_role Vars + include_vars: "{{ wtd_srv_cockpit_role }}.yml" + when: wtd_srv_cockpit_role != "unmanaged" + +- name: Manage Cockpit sys Packages + package: + name: "{{ wtd_srv_cockpit_sys_package }}" + state: "{{ wtd_srv_cockpit_sys_package_state }}" + become: true + tags: + - cockpit + - monitoring + - package + - system + +- name: Manage Cockpit pcp Packages + package: + name: "{{ wtd_srv_cockpit_pcp_package }}" + state: "{{ wtd_srv_cockpit_pcp_package_state }}" + become: true + when: wtd_srv_cockpit_pcp_package_state != "" + tags: + - cockpit + - monitoring + - package + - pcp + - system + +- name: Manage Cockpit docker Packages + package: + name: "{{ wtd_srv_cockpit_docker_package }}" + state: "{{ wtd_srv_cockpit_docker_package_state }}" + become: true + when: wtd_srv_cockpit_docker_package_state != "" + tags: + - cockpit + - container + - monitoring + - package + - system + +- name: Manage Cockpit machine Packages + package: + name: "{{ wtd_srv_cockpit_machine_package }}" + state: "{{ wtd_srv_cockpit_machine_package_state }}" + become: true + when: wtd_srv_cockpit_machine_package_state != "" + tags: + - cockpit + - monitoring + - package + - system + - virtualization + +- name: Manage Cockpit kdump Packages + package: + name: "{{ wtd_srv_cockpit_kdump_package }}" + state: "{{ wtd_srv_cockpit_kdump_package_state }}" + become: true + when: wtd_srv_cockpit_kdump_package_state != "" + tags: + - cockpit + - kdump + - package + - system + +- name: Manage Cockpit selinux Packages + package: + name: "{{ wtd_srv_cockpit_selinux_package }}" + state: "{{ wtd_srv_cockpit_selinux_package_state }}" + become: true + when: wtd_srv_cockpit_selinux_package_state != "" + tags: + - cockpit + - monitoring + - package + - security + - selinux + - system + +- name: Include Cockpit Web Tasks + include_tasks: cockpit-ws.yml + when: wtd_srv_cockpit_ws_package_state != "" + +- name: Include Cockpit k8s Tasks + include_tasks: cockpit-k8s.yml + when: + - wtd_srv_cockpit_k8s_package_state != "" + - wtd_srv_cockpit_ws_package_state != "" diff --git a/templates/99-webui.json.j2 b/templates/99-webui.json.j2 new file mode 100644 index 0000000..2a92030 --- /dev/null +++ b/templates/99-webui.json.j2 @@ -0,0 +1,18 @@ +{{ '{' }} +{% for host in wtd_srv_cockpit_ws_clients %} + "{{ host.name }}" : {{ '{' }} + "visible" : "true", + {% if host.color is defined %} + "color" : "{{ host.color }}", + {% endif %} + {% if host.port is defined %} + "port" : "{{ host.port }}", + {% endif %} + "address" : "{{ host.address }}" + {% if loop.last %} + {{ '}' }} + {% else %} + {{ '},' }} + {% endif %} +{% endfor %} +{{ '}' }} diff --git a/templates/cockpit.conf.j2 b/templates/cockpit.conf.j2 new file mode 100644 index 0000000..bfd4588 --- /dev/null +++ b/templates/cockpit.conf.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} + +[WebService] +{% if wtd_srv_cockpit_ws_conf_Origins %} +Origins = {{ wtd_srv_cockpit_ws_conf_Origins }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_ProtocolHeader %} +ProtocolHeader = {{ wtd_srv_cockpit_ws_conf_ProtocolHeader }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_LoginTo %} +LoginTo = {{ wtd_srv_cockpit_ws_conf_LoginTo }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_LoginTitle %} +LoginTitle = {{ wtd_srv_cockpit_ws_conf_LoginTitle }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_RequireHost %} +RequireHost = {{ wtd_srv_cockpit_ws_conf_RequireHost }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_MaxStartups %} +MaxStartups = {{ wtd_srv_cockpit_ws_conf_MaxStartups }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_AllowUnencrypted %} +AllowUnencrypted = {{ wtd_srv_cockpit_ws_conf_AllowUnencrypted }} +{% endif %} +{% if wtd_srv_cockpit_ws_conf_UrlRoot %} +UrlRoot = {{ wtd_srv_cockpit_ws_conf_UrlRoot }} +{% endif %} diff --git a/vars/CentOS.yml b/vars/CentOS.yml new file mode 100644 index 0000000..254b98a --- /dev/null +++ b/vars/CentOS.yml @@ -0,0 +1,8 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-storaged diff --git a/vars/Fedora.yml b/vars/Fedora.yml new file mode 100644 index 0000000..b610ca5 --- /dev/null +++ b/vars/Fedora.yml @@ -0,0 +1,10 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-sosreport + - cockpit-storaged + - cockpit-networkmanager diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..254b98a --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,8 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package: + - cockpit-system + - cockpit-bridge + - cockpit-packagekit + - cockpit-storaged diff --git a/vars/all.yml b/vars/all.yml new file mode 100644 index 0000000..3c441d8 --- /dev/null +++ b/vars/all.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +wtd_srv_cockpit_docker_package_state: "present" +wtd_srv_cockpit_machine_package_state: "present" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +wtd_srv_cockpit_k8s_package_state: "present" diff --git a/vars/control-host.yml b/vars/control-host.yml new file mode 100644 index 0000000..ec50662 --- /dev/null +++ b/vars/control-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/default-host.yml b/vars/default-host.yml new file mode 100644 index 0000000..a604f36 --- /dev/null +++ b/vars/default-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/docker-host.yml b/vars/docker-host.yml new file mode 100644 index 0000000..0c8181e --- /dev/null +++ b/vars/docker-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +wtd_srv_cockpit_docker_package_state: "present" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/k8s-host.yml b/vars/k8s-host.yml new file mode 100644 index 0000000..6d3a7c7 --- /dev/null +++ b/vars/k8s-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +# wtd_srv_cockpit_machine_package_state: "" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +wtd_srv_cockpit_ws_package_state: "present" +wtd_srv_cockpit_k8s_package_state: "present" diff --git a/vars/kvm-host.yml b/vars/kvm-host.yml new file mode 100644 index 0000000..2affd7a --- /dev/null +++ b/vars/kvm-host.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "present" +wtd_srv_cockpit_pcp_package_state: "present" +# wtd_srv_cockpit_docker_package_state: "" +wtd_srv_cockpit_machine_package_state: "present" +wtd_srv_cockpit_kdump_package_state: "present" +wtd_srv_cockpit_selinux_package_state: "present" +# wtd_srv_cockpit_ws_package_state: "" +# wtd_srv_cockpit_k8s_package_state: "" diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..6515c8a --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for while_true_do.srv_cockpit diff --git a/vars/none.yml b/vars/none.yml new file mode 100644 index 0000000..ecf8ede --- /dev/null +++ b/vars/none.yml @@ -0,0 +1,11 @@ +--- +# vars file for while_true_do.srv_cockpit + +wtd_srv_cockpit_sys_package_state: "absent" +wtd_srv_cockpit_pcp_package_state: "absent" +wtd_srv_cockpit_docker_package_state: "absent" +wtd_srv_cockpit_machine_package_state: "absent" +wtd_srv_cockpit_kdump_package_state: "absent" +wtd_srv_cockpit_selinux_package_state: "absent" +wtd_srv_cockpit_ws_package_state: "absent" +wtd_srv_cockpit_k8s_package_state: "absent"