├── vars ├── debian.yml ├── redhat.yml └── main.yml ├── TROUBLESHOOTING.md ├── .github ├── lock.yml ├── stale.yml ├── settings.yml ├── workflows │ └── labeler.yml ├── ISSUE_TEMPLATE │ ├── feature.md │ ├── support.md │ └── bug.md └── labeler.yml ├── defaults └── main.yml ├── .gitignore ├── molecule ├── default │ ├── prepare.yml │ ├── playbook.yml │ ├── tests │ │ └── test_default.py │ ├── destroy.yml │ ├── create.yml │ └── molecule.yml ├── alternative │ ├── prepare.yml │ ├── playbook.yml │ ├── tests │ │ └── test_alternative.py │ └── molecule.yml └── latest │ ├── playbook.yml │ ├── tests │ └── test_latest.py │ └── molecule.yml ├── .ansible-lint ├── handlers └── main.yml ├── CHANGELOG.md ├── tasks ├── preflight.yml ├── configure.yml ├── install.yml └── main.yml ├── .yamllint ├── test-requirements.txt ├── templates └── application.service.j2 ├── meta └── main.yml ├── LICENSE ├── README.md ├── init.sh ├── .circleci └── config.yml ├── .mergify.yml ├── ROLE_README.md ├── circleci-config.yml └── CONTRIBUTING.md /vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /TROUBLESHOOTING.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting 2 | 3 | 4 | -------------------------------------------------------------------------------- /.github/lock.yml: -------------------------------------------------------------------------------- 1 | --- 2 | _extends: auto-maintenance 3 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | --- 2 | _extends: auto-maintenance 3 | -------------------------------------------------------------------------------- /.github/settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | _extends: auto-maintenance 3 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | <>_web_listen_address: "0.0.0.0:<>" 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.retry 2 | *.log 3 | .molecule 4 | .cache 5 | __pycache__/ 6 | .pytest_cache 7 | .tox 8 | -------------------------------------------------------------------------------- /molecule/default/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: all 4 | gather_facts: false 5 | tasks: [] 6 | -------------------------------------------------------------------------------- /molecule/alternative/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Prepare 3 | hosts: all 4 | gather_facts: false 5 | tasks: [] 6 | -------------------------------------------------------------------------------- /molecule/default/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | any_errors_fatal: true 4 | roles: 5 | - ansible-<> 6 | -------------------------------------------------------------------------------- /molecule/alternative/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | any_errors_fatal: true 4 | roles: 5 | - ansible-<> 6 | vars: [] 7 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | skip_list: 3 | - role-name # 106 4 | - risky-file-permissions # 208 5 | - fqcn-builtins # skip fqcn for ansible <2.9 compatibility 6 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart <> 3 | become: true 4 | systemd: 5 | daemon_reload: true 6 | name: <> 7 | state: restarted 8 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | 3 | 4 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* 5 | -------------------------------------------------------------------------------- /tasks/preflight.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Assert usage of systemd as an init system 3 | assert: 4 | that: ansible_service_mgr == 'systemd' 5 | msg: "This module only works with systemd" 6 | -------------------------------------------------------------------------------- /molecule/latest/playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Run role 3 | hosts: all 4 | any_errors_fatal: true 5 | roles: 6 | - ansible-<> 7 | vars: 8 | <>: latest 9 | -------------------------------------------------------------------------------- /molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | -------------------------------------------------------------------------------- /molecule/latest/tests/test_latest.py: -------------------------------------------------------------------------------- 1 | # import pytest 2 | import os 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | -------------------------------------------------------------------------------- /molecule/alternative/tests/test_alternative.py: -------------------------------------------------------------------------------- 1 | # import pytest 2 | import os 3 | import testinfra.utils.ansible_runner 4 | 5 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 6 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 7 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | ignore: | 4 | .github/ 5 | meta/ 6 | 7 | rules: 8 | braces: 9 | max-spaces-inside: 1 10 | level: error 11 | brackets: 12 | max-spaces-inside: 1 13 | level: error 14 | line-length: disable 15 | -------------------------------------------------------------------------------- /tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy the <> systemd service file 3 | template: 4 | src: <>.service.j2 5 | dest: /etc/systemd/system/<>.service 6 | owner: root 7 | group: root 8 | mode: 0644 9 | notify: restart <> 10 | -------------------------------------------------------------------------------- /test-requirements.txt: -------------------------------------------------------------------------------- 1 | # temporarily lock versions of molecule and ansible-compat to avoid a bug: 2 | # https://github.com/ansible-community/ansible-compat/issues/114 3 | ansible-compat==0.5.0 4 | molecule==3.5.2 5 | molecule-docker 6 | docker 7 | ansible-lint>=3.4.0 8 | testinfra>=1.7.0 9 | jmespath 10 | selinux 11 | passlib 12 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | go_arch_map: 3 | i386: '386' 4 | x86_64: 'amd64' 5 | aarch64: 'arm64' 6 | armv7l: 'armv7' 7 | armv6l: 'armv6' 8 | 9 | go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}" 10 | 11 | <>_system_user: "<>" 12 | <>_system_group: "<>" 13 | -------------------------------------------------------------------------------- /.github/workflows/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Pull request labeler 3 | on: 4 | schedule: 5 | - cron: '*/15 * * * *' 6 | jobs: 7 | labeler: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: paulfantom/periodic-labeler@master 11 | env: 12 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 13 | GITHUB_REPOSITORY: ${{ github.repository }} 14 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create the <> group 3 | group: 4 | name: "{{ <>_system_group }}" 5 | state: present 6 | system: true 7 | 8 | - name: Create the <> user 9 | user: 10 | name: "{{ <>_system_user }}" 11 | groups: "{{ <>_system_group }}" 12 | append: true 13 | shell: /usr/sbin/nologin 14 | system: true 15 | createhome: false 16 | home: / 17 | -------------------------------------------------------------------------------- /templates/application.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=<> 5 | After=network-online.target 6 | StartLimitInterval=0 7 | StartLimitIntervalSec=0 8 | 9 | [Service] 10 | Type=simple 11 | User={{ <>_system_user }} 12 | Group={{ <>_system_group }} 13 | ExecStart=/usr/local/bin/<> 14 | SyslogIdentifier=<> 15 | Restart=always 16 | RestartSec=5 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature 3 | about: If you want to propose a new feature or enhancement 4 | labels: enhancement 5 | --- 6 | 7 | **What is missing?** 8 | 9 | **Why do we need it?** 10 | 11 | **Environment** 12 | 13 | * Role version: 14 | 15 | `Insert release version/galaxy tag or Git SHA here` 16 | 17 | * Ansible version information: 18 | 19 | `ansible --version` 20 | 21 | 22 | **Anything else we need to know?**: 23 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: <> 4 | description: Deploy <> 5 | role_name: <> 6 | license: MIT 7 | company: none 8 | min_ansible_version: 2.7 9 | platforms: 10 | - name: Ubuntu 11 | versions: 12 | - bionic 13 | - xenial 14 | - name: Debian 15 | versions: 16 | - stretch 17 | - buster 18 | - name: EL 19 | versions: 20 | - 7 21 | - 8 22 | - name: Fedora 23 | versions: 24 | - 30 25 | - 31 26 | galaxy_tags: 27 | - monitoring 28 | 29 | dependencies: [] 30 | -------------------------------------------------------------------------------- /.github/labeler.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # configuration spec at https://github.com/actions/labeler/blob/master/README.md 3 | area/docs: 4 | - meta/* 5 | - CHANGELOG.md 6 | - CONTRIBUTING.md 7 | - TROUBLESHOOTING.md 8 | - LICENSE 9 | - README.md 10 | area/tests: 11 | - molecule/* 12 | - molecule/**/* 13 | - .ansible-lint 14 | - .yamllint 15 | - test-requirements.txt 16 | area/automation: 17 | - .circleci/* 18 | - .github/* 19 | - .github/**/* 20 | - .mergify.yml 21 | area/vars: 22 | - defaults/* 23 | - vars/* 24 | - vars/**/* 25 | area/tasks: 26 | - handlers/* 27 | - tasks/* 28 | - tasks/**/* 29 | area/jinja: 30 | - templates/* 31 | - templates/**/* 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/support.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Support 3 | about: If you have questions about this ansible role 4 | labels: question 5 | --- 6 | 7 | **What did you do?** 8 | 9 | **Did you expect to see some different?** 10 | 11 | **Environment** 12 | 13 | * Role version: 14 | 15 | `Insert release version/galaxy tag or Git SHA here` 16 | 17 | * Ansible version information: 18 | 19 | `ansible --version` 20 | 21 | 22 | * Variables: 23 | 24 | ``` 25 | insert role variables relevant to the issue 26 | ``` 27 | 28 | * Ansible playbook execution Logs: 29 | 30 | ``` 31 | insert Ansible logs relevant to the issue here 32 | ``` 33 | 34 | **Anything else we need to know?**: 35 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug 3 | about: Report a bug related to ansible role 4 | labels: bug 5 | --- 6 | 7 | **What happened?** 8 | 9 | **Did you expect to see some different?** 10 | 11 | **How to reproduce it (as minimally and precisely as possible)**: 12 | 13 | **Environment** 14 | 15 | * Role version: 16 | 17 | `Insert release version/galaxy tag or Git SHA here` 18 | 19 | * Ansible version information: 20 | 21 | `ansible --version` 22 | 23 | 24 | * Variables: 25 | 26 | ``` 27 | insert role variables relevant to the issue 28 | ``` 29 | 30 | * Ansible playbook execution Logs: 31 | 32 | ``` 33 | insert Ansible logs relevant to the issue here 34 | ``` 35 | 36 | **Anything else we need to know?**: 37 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Gather variables for each operating system 3 | include_vars: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_distribution_file_variety | lower }}.yml" 6 | - "{{ ansible_distribution | lower }}.yml" 7 | - "{{ ansible_os_family | lower }}.yml" 8 | tags: 9 | - <>_install 10 | - <>_configure 11 | - <>_run 12 | 13 | - import_tasks: preflight.yml 14 | tags: 15 | - <>_install 16 | - <>_configure 17 | - <>_run 18 | 19 | - import_tasks: install.yml 20 | become: true 21 | tags: 22 | - <>_install 23 | 24 | - import_tasks: configure.yml 25 | become: true 26 | tags: 27 | - <>_configure 28 | 29 | - name: Ensure <> is enabled on boot 30 | become: true 31 | systemd: 32 | daemon_reload: true 33 | name: <> 34 | enabled: true 35 | tags: 36 | - <>_run 37 | -------------------------------------------------------------------------------- /molecule/latest/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | platforms: 7 | - name: buster 8 | pre_build_image: true 9 | image: quay.io/paulfantom/molecule-systemd:debian-10 10 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 11 | privileged: true 12 | volumes: 13 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 14 | - name: fedora 15 | pre_build_image: true 16 | image: quay.io/paulfantom/molecule-systemd:fedora-30 17 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 18 | privileged: true 19 | volumes: 20 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 21 | groups: 22 | - python3 23 | provisioner: 24 | name: ansible 25 | playbooks: 26 | create: ../default/create.yml 27 | prepare: ../default/prepare.yml 28 | converge: playbook.yml 29 | destroy: ../default/destroy.yml 30 | inventory: 31 | group_vars: 32 | python3: 33 | ansible_python_interpreter: /usr/bin/python3 34 | verifier: 35 | name: testinfra 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2018-2019 Pawel Krupa and <> 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

skeleton logo

2 | 3 | # Cloud Alchemy Ansible Role Skeleton 4 | 5 | [![License](https://img.shields.io/badge/license-MIT%20License-brightgreen.svg)](https://opensource.org/licenses/MIT) 6 | 7 | ## Description 8 | 9 | Skeleton to create new ansible roles similar to other Cloud Alchemy roles. 10 | 11 | ## How to use it 12 | 13 | To create a new role, just follow a couple of easy steps: 14 | 1. Create new rpository using this one as a template by clicking [here](https://github.com/cloudalchemy/skeleton/generate) 15 | 1. Clone repository locally 16 | 1. Run `init.sh` with required parameters 17 | 1. Commit your changes 18 | 19 | ## Result 20 | 21 | After running `init.sh` it will convert this repo into a directory structure with everything needed to start 22 | developing new Cloud Alchemy ansible role. 23 | 24 | ## Warnings 25 | 26 | - README.md file is overwritten with ROLE_README.md 27 | - `init.sh` file is removed after being used 28 | 29 | ## License 30 | 31 | This project is licensed under MIT License. See [LICENSE](/LICENSE) for more details. 32 | -------------------------------------------------------------------------------- /molecule/default/destroy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Destroy 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" 7 | tasks: 8 | - name: Destroy molecule instance(s) 9 | docker_container: 10 | name: "{{ item.name }}" 11 | docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" 12 | state: absent 13 | force_kill: "{{ item.force_kill | default(true) }}" 14 | register: server 15 | with_items: "{{ molecule_yml.platforms }}" 16 | async: 7200 17 | poll: 0 18 | 19 | - name: Wait for instance(s) deletion to complete 20 | async_status: 21 | jid: "{{ item.ansible_job_id }}" 22 | register: docker_jobs 23 | until: docker_jobs.finished 24 | retries: 300 25 | with_items: "{{ server.results }}" 26 | 27 | - name: Delete docker network(s) 28 | docker_network: 29 | name: "{{ item }}" 30 | docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" 31 | state: absent 32 | with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}" 33 | -------------------------------------------------------------------------------- /init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Port on which your application is listening 4 | PORT="${1}" 5 | 6 | # Your name. Preferably your full name. 7 | AUTHOR="${2}" 8 | 9 | # This variable ideally should contain the name of an application which will be deployed with ansible role. 10 | # Do not use whitespaces. 11 | APPLICATION="${3}" 12 | 13 | 14 | if [ -z "${PORT}" ]; then 15 | echo "PORT is required" 16 | echo "Usage: " 17 | echo " $0 PORT [AUTHOR] [APPLICATION]" 18 | exit 1 19 | fi 20 | 21 | # Try to figure out author name from repo name 22 | if [ -z "${AUTHOR}" ]; then 23 | AUTHOR="$(git config user.name)" 24 | echo "Using author name: '$AUTHOR'" 25 | fi 26 | 27 | # Try to figure out application name from repo name 28 | if [ -z "${APPLICATION}" ]; then 29 | APPLICATION="$(basename -s .git "$(git config --get remote.origin.url)")" 30 | echo "Using application name: '$APPLICATION'" 31 | fi 32 | 33 | rm README.md 34 | mv ROLE_README.md README.md 35 | mv 'templates/application.service.j2' "templates/${APPLICATION}.service.j2" 36 | 37 | mkdir -p '.circleci' 38 | mv 'circleci-config.yml' '.circleci/config.yml' 39 | 40 | find ./ -type f -exec sed -i "s/<>/$AUTHOR/g" {} \; 41 | find ./ -type f -exec sed -i "s/<>/$APPLICATION/g" {} \; 42 | find ./ -type f -exec sed -i "s/<>/$PORT/g" {} \; 43 | 44 | # Remove itself 45 | rm -- "$0" 46 | -------------------------------------------------------------------------------- /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is a dummy config to make branch protection tests pass. 4 | # 5 | # The real skeleton config is /circleci-config.yml 6 | # 7 | version: 2.1 8 | 9 | executors: 10 | python: 11 | docker: 12 | - image: cimg/python:3.9 13 | publisher: 14 | docker: 15 | - image: quay.io/cloudalchemy/publisher:latest 16 | 17 | jobs: 18 | lint: 19 | executor: python 20 | steps: 21 | - checkout 22 | - run: pip install ansible ansible-lint yamllint flake8 23 | - run: mkdir -p .cache/roles && ln -s ../.. .cache/roles/${CIRCLE_PROJECT_REPONAME} 24 | - run: yamllint . 25 | - run: flake8 26 | 27 | test: 28 | executor: python 29 | parameters: 30 | ansible: 31 | type: string 32 | steps: 33 | - checkout 34 | - setup_remote_docker 35 | - run: ln -s ~/project ~/${CIRCLE_PROJECT_REPONAME} 36 | - run: pip install "ansible~=<>.0" 37 | - run: pip install -r test-requirements.txt 38 | 39 | workflows: 40 | version: 2 41 | molecule: 42 | jobs: 43 | - lint: 44 | filters: 45 | tags: 46 | only: /.*/ 47 | - test: 48 | matrix: 49 | parameters: 50 | ansible: 51 | - "2.9" 52 | - "2.10" 53 | filters: 54 | tags: 55 | only: /.*/ 56 | -------------------------------------------------------------------------------- /molecule/default/create.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create 3 | hosts: localhost 4 | connection: local 5 | gather_facts: false 6 | no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" 7 | tasks: 8 | - name: Create molecule instance(s) 9 | docker_container: 10 | name: "{{ item.name }}" 11 | docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}" 12 | hostname: "{{ item.name }}" 13 | image: "{{ item.image }}" 14 | state: started 15 | recreate: false 16 | log_driver: json-file 17 | command: "{{ item.command | default(omit) }}" 18 | privileged: "{{ item.privileged | default(omit) }}" 19 | volumes: "{{ item.volumes | default(omit) }}" 20 | capabilities: "{{ item.capabilities | default(omit) }}" 21 | exposed_ports: "{{ item.exposed_ports | default(omit) }}" 22 | published_ports: "{{ item.published_ports | default(omit) }}" 23 | ulimits: "{{ item.ulimits | default(omit) }}" 24 | networks: "{{ item.networks | default(omit) }}" 25 | dns_servers: "{{ item.dns_servers | default(omit) }}" 26 | register: server 27 | with_items: "{{ molecule_yml.platforms }}" 28 | async: 7200 29 | poll: 0 30 | 31 | - name: Wait for instance(s) creation to complete 32 | async_status: 33 | jid: "{{ item.ansible_job_id }}" 34 | register: docker_jobs 35 | until: docker_jobs.finished 36 | retries: 300 37 | with_items: "{{ server.results }}" 38 | -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | queue_rules: 3 | - name: default 4 | conditions: 5 | # These need to stay in sync with auto-maintenance/.github/settings.yml. 6 | - "check-success=/circleci: lint" 7 | - "check-success=/circleci: test-2.9-default" 8 | - "check-success=/circleci: test-2.9-alternative" 9 | - "check-success=/circleci: test-2.10-default" 10 | - "check-success=/circleci: test-2.10-alternative" 11 | - "check-success=/circleci: test-4.10-default" 12 | - "check-success=/circleci: test-4.10-alternative" 13 | - "check-success=/circleci: test-5.1-default" 14 | - "check-success=/circleci: test-5.1-alternative" 15 | 16 | pull_request_rules: 17 | - name: automatic merge and new release from cloudalchemybot 18 | conditions: 19 | - status-success=WIP 20 | - head~=autoupdate|skeleton 21 | - author=cloudalchemybot 22 | # These need to stay in sync with auto-maintenance/.github/settings.yml. 23 | - "check-success=/circleci: lint" 24 | - "check-success=/circleci: test-2.9-default" 25 | - "check-success=/circleci: test-2.9-alternative" 26 | - "check-success=/circleci: test-2.10-default" 27 | - "check-success=/circleci: test-2.10-alternative" 28 | - "check-success=/circleci: test-4.10-default" 29 | - "check-success=/circleci: test-4.10-alternative" 30 | - "check-success=/circleci: test-5.1-default" 31 | - "check-success=/circleci: test-5.1-alternative" 32 | actions: 33 | queue: 34 | method: squash 35 | name: default 36 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | platforms: 7 | - name: bionic 8 | pre_build_image: true 9 | image: quay.io/paulfantom/molecule-systemd:ubuntu-18.04 10 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 11 | privileged: true 12 | volumes: 13 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 14 | - name: xenial 15 | pre_build_image: true 16 | image: quay.io/paulfantom/molecule-systemd:ubuntu-16.04 17 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 18 | privileged: true 19 | volumes: 20 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 21 | - name: stretch 22 | pre_build_image: true 23 | image: quay.io/paulfantom/molecule-systemd:debian-9 24 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 25 | privileged: true 26 | volumes: 27 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 28 | - name: buster 29 | pre_build_image: true 30 | image: quay.io/paulfantom/molecule-systemd:debian-10 31 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 32 | privileged: true 33 | volumes: 34 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 35 | - name: centos7 36 | pre_build_image: true 37 | image: quay.io/paulfantom/molecule-systemd:centos-7 38 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 39 | privileged: true 40 | volumes: 41 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 42 | - name: centos8 43 | pre_build_image: true 44 | image: quay.io/paulfantom/molecule-systemd:centos-8 45 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 46 | privileged: true 47 | volumes: 48 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 49 | groups: 50 | - python3 51 | - name: fedora 52 | pre_build_image: true 53 | image: quay.io/paulfantom/molecule-systemd:fedora-30 54 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 55 | privileged: true 56 | volumes: 57 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 58 | groups: 59 | - python3 60 | provisioner: 61 | name: ansible 62 | playbooks: 63 | prepare: prepare.yml 64 | converge: playbook.yml 65 | inventory: 66 | group_vars: 67 | python3: 68 | ansible_python_interpreter: /usr/bin/python3 69 | verifier: 70 | name: testinfra 71 | -------------------------------------------------------------------------------- /molecule/alternative/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | platforms: 7 | - name: bionic 8 | pre_build_image: true 9 | image: quay.io/paulfantom/molecule-systemd:ubuntu-18.04 10 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 11 | privileged: true 12 | volumes: 13 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 14 | - name: xenial 15 | pre_build_image: true 16 | image: quay.io/paulfantom/molecule-systemd:ubuntu-16.04 17 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 18 | privileged: true 19 | volumes: 20 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 21 | - name: stretch 22 | pre_build_image: true 23 | image: quay.io/paulfantom/molecule-systemd:debian-9 24 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 25 | privileged: true 26 | volumes: 27 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 28 | - name: buster 29 | pre_build_image: true 30 | image: quay.io/paulfantom/molecule-systemd:debian-10 31 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 32 | privileged: true 33 | volumes: 34 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 35 | - name: centos7 36 | pre_build_image: true 37 | image: quay.io/paulfantom/molecule-systemd:centos-7 38 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 39 | privileged: true 40 | volumes: 41 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 42 | - name: centos8 43 | pre_build_image: true 44 | image: quay.io/paulfantom/molecule-systemd:centos-8 45 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 46 | privileged: true 47 | volumes: 48 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 49 | groups: 50 | - python3 51 | - name: fedora 52 | pre_build_image: true 53 | image: quay.io/paulfantom/molecule-systemd:fedora-30 54 | docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}" 55 | privileged: true 56 | volumes: 57 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 58 | groups: 59 | - python3 60 | provisioner: 61 | name: ansible 62 | playbooks: 63 | prepare: prepare.yml 64 | converge: playbook.yml 65 | inventory: 66 | group_vars: 67 | python3: 68 | ansible_python_interpreter: /usr/bin/python3 69 | verifier: 70 | name: testinfra 71 | -------------------------------------------------------------------------------- /ROLE_README.md: -------------------------------------------------------------------------------- 1 | # Ansible Role: <> 2 | 3 | [![Build Status](https://travis-ci.com/cloudalchemy/ansible-<>.svg?branch=master)](https://travis-ci.com/cloudalchemy/ansible-<>) 4 | [![License](https://img.shields.io/badge/license-MIT%20License-brightgreen.svg)](https://opensource.org/licenses/MIT) 5 | [![Ansible Role](https://img.shields.io/badge/ansible%20role-cloudalchemy.<>-blue.svg)](https://galaxy.ansible.com/cloudalchemy/<>/) 6 | [![GitHub tag](https://img.shields.io/github/tag/cloudalchemy/ansible-<>.svg)](https://github.com/cloudalchemy/ansible-<>/tags) 7 | 8 | ## Description 9 | 10 | Deploy [<>](https://github.com/prometheus/<>) using ansible. 11 | 12 | ## Requirements 13 | 14 | - Ansible >= 2.7 (It might work on previous versions, but we cannot guarantee it) 15 | 16 | ## Role Variables 17 | 18 | All variables which can be overridden are stored in [defaults/main.yml](defaults/main.yml) file as well as in table below. 19 | 20 | | Name | Default Value | Description | 21 | | -------------- | ------------- | -----------------------------------| 22 | | `<>_web_listen_address` | "0.0.0.0:<>" | Address on which <> will listen | 23 | 24 | ## Example 25 | 26 | ### Playbook 27 | 28 | Use it in a playbook as follows: 29 | ```yaml 30 | - hosts: all 31 | roles: 32 | - cloudalchemy.<> 33 | ``` 34 | 35 | ## Local Testing 36 | 37 | The preferred way of locally testing the role is to use Docker and [molecule](https://github.com/ansible-community/molecule) (v3.x). You will have to install Docker on your system. See "Get started" for a Docker package suitable to for your system. Running your tests is as simple as executing `molecule test`. 38 | 39 | ## Continuous Integration 40 | 41 | Combining molecule and circle CI allows us to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows use to create test scenarios for different role configurations. As a result we have a quite large test matrix which can take more time than local testing, so please be patient. 42 | 43 | ## Contributing 44 | 45 | See [contributor guideline](CONTRIBUTING.md). 46 | 47 | ## Troubleshooting 48 | 49 | See [troubleshooting](TROUBLESHOOTING.md). 50 | 51 | ## License 52 | 53 | This project is licensed under MIT License. See [LICENSE](/LICENSE) for more details. 54 | -------------------------------------------------------------------------------- /circleci-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2.1 3 | 4 | executors: 5 | python: 6 | docker: 7 | - image: cimg/python:3.10 8 | python_large: 9 | docker: 10 | - image: cimg/python:3.9 11 | resource_class: large 12 | publisher: 13 | docker: 14 | - image: quay.io/cloudalchemy/publisher:latest 15 | 16 | jobs: 17 | lint: 18 | executor: python 19 | steps: 20 | - checkout 21 | - run: pip install ansible ansible-lint yamllint flake8 22 | - run: ansible-lint . 23 | - run: yamllint . 24 | - run: flake8 25 | 26 | test: 27 | executor: python_large 28 | parameters: 29 | ansible: 30 | type: string 31 | scenario: 32 | type: string 33 | steps: 34 | - checkout 35 | - setup_remote_docker 36 | - run: pip install "ansible~=<< parameters.ansible >>.0" 37 | - run: pip install -r test-requirements.txt 38 | - run: 39 | no_output_timeout: 60m 40 | command: | 41 | if [[ -n "${CIRCLE_PULL_REQUEST}" ]] && [[ '<< parameters.scenario >>' == 'latest' ]]; then 42 | echo 'Not running latest on PR' 43 | else 44 | molecule test -s '<< parameters.scenario >>' --destroy always 45 | fi 46 | release: 47 | executor: publisher 48 | steps: 49 | - checkout 50 | - run: | 51 | PROJECT_USERNAME="${CIRCLE_PROJECT_USERNAME}" \ 52 | PROJECT_REPONAME="${CIRCLE_PROJECT_REPONAME}" \ 53 | create_release 54 | 55 | galaxy: 56 | executor: python 57 | steps: 58 | - checkout 59 | - run: pip install ansible 60 | - run: ansible-galaxy role import --token "${GALAXY_TOKEN}" "${CIRCLE_PROJECT_USERNAME}" "${CIRCLE_PROJECT_REPONAME}" 61 | 62 | workflows: 63 | version: 2 64 | molecule: 65 | jobs: 66 | - lint: 67 | filters: 68 | tags: 69 | only: /.*/ 70 | - test: 71 | matrix: 72 | parameters: 73 | ansible: 74 | - "2.9" 75 | - "2.10" 76 | - "4.10" 77 | - "5.1" 78 | scenario: 79 | - default 80 | - alternative 81 | - latest 82 | filters: 83 | tags: 84 | only: /.*/ 85 | - release: 86 | context: release 87 | requires: 88 | - lint 89 | - test 90 | filters: 91 | branches: 92 | only: master 93 | tags: 94 | ignore: /.*/ 95 | - galaxy: 96 | context: galaxy 97 | requires: 98 | - lint 99 | - test 100 | - release 101 | filters: 102 | branches: 103 | only: master 104 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributor Guideline 2 | 3 | This document provides an overview of how you can participate in improving this project or extending it. We are 4 | grateful for all your help: bug reports and fixes, code contributions, documentation or ideas. Feel free to join, we 5 | appreciate your support!! 6 | 7 | ## Communication 8 | 9 | ### GitHub repositories 10 | 11 | Much of the issues, goals and ideas are tracked in the respective projects in GitHub. Please use this channel to report 12 | bugs, ask questions, and request new features . 13 | 14 | ## git and GitHub 15 | 16 | In order to contribute code please: 17 | 18 | 1. Fork the project on GitHub 19 | 2. Clone the project 20 | 3. Add changes (and tests) 21 | 4. Commit and push 22 | 5. Create a merge-request 23 | 24 | To have your code merged, see the expectations listed below. 25 | 26 | You can find a well-written guide [here](https://help.github.com/articles/fork-a-repo). 27 | 28 | Please follow common commit best-practices. Be explicit, have a short summary, a well-written description and 29 | references. This is especially important for the merge-request. 30 | 31 | Some great guidelines can be found [here](https://wiki.openstack.org/wiki/GitCommitMessages) and 32 | [here](http://robots.thoughtbot.com/5-useful-tips-for-a-better-commit-message). 33 | 34 | ## Releases 35 | 36 | We try to stick to semantic versioning and our releases are automated. Release is created by assigning a keyword (in a 37 | way similar to circle ci keyword [`[ci skip]`](https://docs.travis-ci.com/user/customizing-the-build#Skipping-a-build)) 38 | to a commit with merge request. Available keywords are (square brackets are important!): 39 | 40 | * `[patch]`, `[fix]`, `[bugfix]` - for PATCH version release 41 | * `[minor]`, `[feature]`, `[feat]` - for MINOR version release 42 | * `[major]`, `[breaking change]` - for MAJOR version release 43 | 44 | ## Changelog 45 | 46 | Changelog is generated automatically during release process and all information is taken from github issues, PRs and 47 | labels. 48 | 49 | ## Expectations 50 | 51 | ### Keep it simple 52 | 53 | We try to provide production ready ansible roles which should be as much zero-conf as possible but this doesn't mean to 54 | overcomplicate things. Just follow [KISS](https://en.wikipedia.org/wiki/KISS_principle). 55 | 56 | ### Be explicit 57 | 58 | * Please avoid using nonsensical property and variable names. 59 | * Use self-describing attribute names for user configuration. 60 | * In case of failures, communicate what happened and why a failure occurs to the user. Make it easy to track the code 61 | or action that produced the error. Try to catch and handle errors if possible to provide improved failure messages. 62 | 63 | 64 | ### Add tests 65 | 66 | We are striving to use at least two test scenarios located in [/molecule](molecule) directory. First one 67 | ([default](molecule/default)) is testing default configuration without any additional variables, second one 68 | ([alternative](molecule/alternative)) is testing what happens when many variables from 69 | [/defaults/main.yml](defaults/main.yml) are changed. When adding new functionalities please add tests to proper 70 | scenarios. Tests are written in testinfra framework and are located in `/tests` subdirectory of scenario directory 71 | (for example default tests are in [/molecule/default/tests](molecule/default/tests)). 72 | More information about: 73 | - [testinfra](http://testinfra.readthedocs.io/en/latest/index.html) 74 | - [molecule](https://molecule.readthedocs.io/en/latest/index.html) 75 | 76 | ### Follow best practices 77 | 78 | Please follow [ansible best practices](http://docs.ansible.com/ansible/latest/playbooks_best_practices.html) and 79 | especially provide meaningful names to tasks and even comments where needed. 80 | 81 | Our test framework automatically lints code with [`yamllint`](https://github.com/adrienverge/yamllint), 82 | [`ansible-lint`](https://github.com/willthames/ansible-lint), and [`flake8`](https://gitlab.com/pycqa/flake8) programs 83 | so be sure to follow their rules. 84 | 85 | Remember: Code is generally read much more often than written. 86 | 87 | ### Use Markdown 88 | 89 | Wherever possible, please refrain from any other formats and stick to simple markdown. 90 | 91 | ## Requirements regarding roles design 92 | 93 | We are trying to create the best and most secure installation method for non-containerized prometheus stack components. 94 | To accomplish this all roles need to support: 95 | 96 | - current and at least one previous ansible version 97 | - systemd as the only available process manager 98 | - at least latest debian and CentOS distributions 99 | --------------------------------------------------------------------------------