ozerno
/
ansible_lxd_tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

avances ssh

This commit is contained in:
RDF 2022-08-05 01:34:36 -03:00
parent 35ad6d218c
commit 08b37b1b95
24 changed files with 482 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
Playbooks/01-A-OPENLDAP.yml
View File

@ -1,34 +1,33 @@
# ansible-playbook Playbooks/01-A-OPENLDAP.yml -i Inventories/QA -v -t 'deploy' --ask-become-pass
# ansible-playbook Playbooks/01-A-OPENLDAP.yml -i Inventories/QA -v -t 'deploy' --become-password-file
############# TO DO
# usar el socket sin sudo
# storage pool zfs
#############
- hosts: ubuntu_lxd
gather_facts: false
tags: deploy
vars:
DIR: "~/OpenLDAP/"
service_name: OpenLDAP-01
DIR: "/home/{{ansible_user}}/OpenLDAP"
ssh_key_passphrase: open
ssh_key_name: OpenLDAP
roles:
- lxc_configure_ssh
tasks:
- name: Create a directory if it does not exist
ansible.builtin.file:
path: "{{DIR}}"
state: directory
mode: '0755'
- ansible.builtin.copy:
src: files/OpenLDAP.tf
dest: "{{DIR}}"
# Instalar terraform desde ansible con apt
# usar el socket sin sudo
# storage pool zfs
# Copio el manifest.
- file: path="{{DIR}}" state=directory mode='0755'
- copy: src=Manifests/OpenLDAP/main.tf dest="{{DIR}}/OpenLDAP-01.tf"
#- become: true
# ansible.builtin.shell: |
# apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
# apt install terraform
- become: true
community.general.terraform:
project_path: '/home/renzo/OpenLDAP'
# Ejecuto el manifest, creo la instancia.
# Se necesita sudo para conectarse con el socket de LXD
- community.general.terraform:
project_path: "{{DIR}}"
force_init: true
state: present
binary_path: "/home/renzo/.local/bin/terraform"
become: true
register: terraform

28
Playbooks/01-B-LDAP-WEB-UI.yml
View File

@ -0,0 +1,28 @@
# ansible-playbook Playbooks/01-A-OPENLDAP.yml -i Inventories/QA -vv -t 'deploy' --become-password-file .sudo_pass
- hosts: ubuntu_lxd
gather_facts: false
tags: deploy
vars:
DIR: "/home/renzo/PHPLDAPAdmin/"
tasks:
- ansible.builtin.file:
path: "{{DIR}}"
state: directory
mode: '0755'
- ansible.builtin.copy:
src: files/PHPLDAPAdmin.tf
dest: "{{DIR}}"
#- become: true
# ansible.builtin.shell: |
# apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
# apt install terraform
- become: true
community.general.terraform:
project_path: "{{DIR}}"
force_init: true
state: present

46
Playbooks/01-UBUNTU-LXD.yml
View File

@ -1,47 +1,25 @@
# ansible-playbook Playbooks/01-UBUNTU-LXD.yml -i Inventories/QA -v -t 'deploy' --become-password-file .sudo_pass
- hosts: ubuntu_lxd
gather_facts: false
gather_facts: true
tags:
- deploy
become: true
become: false
tasks:
- name: Update, Upgrade & Install dependencies
become: true
block:
- apt: update_cache=yes upgrade=full
- ansible.builtin.package: name="{{item}}" state=present
- package: name="{{item}}" state=present
with_items:
- ansible
- zfsutils-linux
- python3-pip
#- ansible
- lxc
- build-essential
- autoconf
- libtool
- pkg-config
- idle-python2.7
- libgle3
- terraform
- ansible.builtin.include_role: name=init_lxd
- zfsutils-linux
- unzip
- shell: python3 -m pip install --upgrade pip
- pip: name=pylxd
- script: Playbooks/files/OpenLDAP.py
#vars:
# - lxd_init_template_config_path="/path/to/my/custom/template"
## Rollback
- hosts: ubuntu_lxd
tags:
- rollback
become: true
tasks:
- shell: "snap remove --purge lxd"
- pip: name=lxc-python2 state=absent
- ansible.builtin.package: name="{{item}}" state=absent
with_items:
- "ansible"
- "zfsutils-linux"
- "python3-pip"
- "lxc"
#- include_role: name=init_lxd
- include_role: name=install_terraform
vars:
terraform_version: latest
terraform_default_path: "~/.local/bin"

31
Playbooks/Manifests/OpenLDAP/main.tf Normal file
View File

@ -0,0 +1,31 @@
terraform {
required_providers {
lxd = {
source = "terraform-lxd/lxd"
}
}
}
provider "lxd" {
generate_client_certificates = true
accept_remote_certificate = true
}
resource "lxd_cached_image" "image" {
source_remote = "ubuntu"
source_image = "focal/amd64"
}
resource "lxd_container" "container1" {
name = "OpenLDAP"
image = lxd_cached_image.image.fingerprint
ephemeral = false
config = {
"boot.autostart" = true
}
limits = {
cpu = 2
}
}
output "container_info" {
value = lxd_container.container1
}

5
Playbooks/Manifests/OpenLDAP/profile.yml.j2 Normal file
View File

@ -0,0 +1,5 @@
config:
user.user-data: |
#cloud-config
ssh_authorized_keys:
- {{ lookup('file', SSH_KEY_PATH) }}

12
Playbooks/files/OpenLDAP.tf → Playbooks/Manifests/PHPLDAPAdmin/main.tf
View File

@ -5,22 +5,20 @@ terraform {
}
}
}
provider "lxd" {
generate_client_certificates = true
accept_remote_certificate = true
}
resource "lxd_cached_image" "focal" {
resource "lxd_cached_image" "image" {
source_remote = "ubuntu"
source_image = "focal/amd64"
}
resource "lxd_container" "test1" {
name = "test1"
image = lxd_cached_image.focal.fingerprint
resource "lxd_container" "container1" {
name = "PHPLDAPAdmin"
image = lxd_cached_image.image.fingerprint
ephemeral = false
config = {
config = {
"boot.autostart" = true
}
limits = {

25
Playbooks/files/OpenLDAP.py
View File

@ -1,25 +0,0 @@
from pylxd import Client
# Project
lxd_proj = "MPS-LDAP"
lxd_proj_desc = "Proyecto para OpenLDAP & su cliente PHP LDAP Admin"
lxd_proj_config = {'limits.instances': '2'}
f = False
for project in Client().projects.all():
if project.name == lxd_proj:
f = True
break
if not f:
project = Client().projects.create(
lxd_proj, description=lxd_proj_desc, config=lxd_proj_config)
LXD = Client(project=lxd_client)
# Create Network if not exists
# Create Storage Pool if not exists
# Create instance if not exists
ldap_instance = "OpenLDAP"

5
Playbooks/roles/init_lxd/tasks/main.yml
View File

@ -6,6 +6,11 @@
name: lxd
classic: yes
- register: tmp_file_stat
stat: path="{{lxd_init_template_processed_path}}"
- ansible.builtin.meta: end_batch
when: tmp_file_stat.stat.exists
- ansible.builtin.debug:
var: hostvars[inventory_hostname]['ansible_default_ipv4']['address']
verbosity: 1

135
Playbooks/roles/install_terraform/README.md Normal file
View File

@ -0,0 +1,135 @@
# ansible-role-terraform
[![molecule](https://github.com/diodonfrost/ansible-role-terraform/workflows/molecule/badge.svg)](https://github.com/diodonfrost/ansible-role-terraform/actions)
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-diodonfrost.terraform-660198.svg)](https://galaxy.ansible.com/diodonfrost/terraform)
This role provide a compliance for install terraform on your target host.
## Requirements
This role was developed using Ansible 2.5 Backwards compatibility is not guaranteed.
Use `ansible-galaxy install diodonfrost.terraform` to install the role on your system.
* Ansible >= 2.8
* Python >= 2.7
## Role Variables
This role has multiple variables. The defaults for all these variables are the following:
```yaml
---
# defaults file for ansible-role-terraform
# Define terraform version to install
# Possible values: https://releases.hashicorp.com/terraform/index.json
# Default: latest
terraform_version: latest
# Define where to install terraform binary
# Default: use local system path defined in Ansible vars/*.yml
terraform_path: "{{ terraform_default_path }}"
```
## Dependencies
None
## Example Playbook
This is a sample playbook file for deploying the Ansible Galaxy terraform role in a localhost and installing the latest version of Terraform.
```yaml
---
- hosts: localhost
become: true
roles:
- role: diodonfrost.terraform
```
This role can also install a specific version of terraform.
```yaml
---
- hosts: localhost
become: true
roles:
- role: ansible-role-terraform
vars:
terraform_version: 0.12.0-rc1
```
Install Terraform 0.11.14
```yaml
---
- hosts: localhost
become: true
roles:
- role: ansible-role-terraform
vars:
terraform_version: 0.11.14
```
## Local Testing
This project uses [Molecule](http://molecule.readthedocs.io/) to aid in the
development and testing.
To develop or test you'll need to have installed the following:
* Linux (e.g. [Ubuntu](http://www.ubuntu.com/))
* [Docker](https://www.docker.com/)
* [Python](https://www.python.org/) (including python-pip)
* [Ansible](https://www.ansible.com/)
* [Molecule](http://molecule.readthedocs.io/)
* [Virtualbox](https://www.virtualbox.org/) (if you test windows system)
* [Vagrant](https://www.vagrantup.com/downloads.html) (if you test windows system)
### Testing with Docker
```shell
# Install requirements
pip install -r requirements-dev.txt
# Test ansible role with centos 8
molecule test
# Test ansible role with ubuntu 20.04
image=ansible-ubuntu:20.04 molecule test
# Test ansible role with alpine latest
image=ansible-alpine:latest molecule test
# Create centos 7 instance
image=ansible-centos:7 molecule create
# Apply role on centos 7 instance
image=ansible-centos:7 molecule converge
# Launch tests on centos 7 instance
image=ansible-centos:7 molecule verify
```
### Testing with Vagrant and Virtualbox
```shell
# Test ansible role with FreeBSD
molecule test -s freebsd
# Test ansible role with OpenBSD
molecule test -s openbsd
# Test ansible role with Solaris
molecule test -s solaris
# Test ansible role with Windows
molecule test -s windows
```
## License
Apache 2
## Author Information
This role was created in 2019 by diodonfrost.

11
Playbooks/roles/install_terraform/defaults/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
# defaults file for ansible-role-terraform
# Define terraform version to install
# Possible values: https://releases.hashicorp.com/terraform/index.json
# Default: latest
terraform_version: latest
# Define where to install terraform binary
# Default: use local system path defined in Ansible vars/*.yml
terraform_path: "{{ terraform_default_path }}"

BIN
Playbooks/roles/install_terraform/filter_plugins/__pycache__/sort_versions.cpython-310.pyc Normal file
View File

Binary file not shown.

25
Playbooks/roles/install_terraform/filter_plugins/sort_versions.py Normal file
View File

@ -0,0 +1,25 @@
"""Sort complex versions"""
from distutils.version import LooseVersion
def filter_sort_versions(value):
"""
Ansible entrypoint function
"""
return sorted(value, key=LooseVersion)
class FilterModule(object):
"""
Sort complex versions like 0.10.2, 0.1.1, 0.10.12
"""
filter_sort = {
'sort_versions': filter_sort_versions,
}
def filters(self):
"""
Return the sorted values
"""
return self.filter_sort

8
Playbooks/roles/install_terraform/tasks/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
# tasks file for ansible-role-terraform
- name: Include OS specific variables.
include_vars: "{{ ansible_system }}.yml"
- name: Install Terraform
include_tasks: "setup-{{ base_os[ansible_system] | default('Linux-Unix') }}.yml"

44
Playbooks/roles/install_terraform/tasks/setup-Linux-Unix.yml Normal file
View File

@ -0,0 +1,44 @@
---
# tasks file for install terraform on Linux and Unix system
- name: Linux/Unix | Find all versions of Terraform
uri:
url: https://releases.hashicorp.com/terraform/index.json
return_content: yes
register: terraform_index
when: terraform_version == "latest"
check_mode: no
- name: Linux/Unix | Finds the latest Terraform version when latest var is define
set_fact:
terraform_version_to_install: "{{ (terraform_index.content | from_json).versions | reject('search','-') | list | sort_versions | last }}"
when: terraform_version == 'latest'
- name: Linux/Unix | Use the specified Terraform version when latest var is not define
set_fact:
terraform_version_to_install: "{{ terraform_version }}"
when: terraform_version != 'latest'
# This task avoids downloading Terraform every time
- name: Linux/Unix | Check if Terraform is present with the right version
command: "{{ terraform_path }}/terraform -version"
register: terraform_installed_version
ignore_errors: yes
changed_when: false
failed_when: false
- name: Linux/Unix | Install Terraform
unarchive:
src: "{{ terraform_pkg_url }}"
dest: "{{ terraform_path }}"
remote_src: yes
when: terraform_version_to_install not in ( terraform_installed_version.stdout_lines | default(['empty'], true) | first )
- name: Link terraform to /usr/local/bin
become: true
file:
src: "{{ terraform_path }}/terraform"
dest: "/usr/local/bin/terraform"
state: link
force: yes
mode: 744

49
Playbooks/roles/install_terraform/tasks/setup-Windows.yml Normal file
View File

@ -0,0 +1,49 @@
---
# tasks file for install terraform on Windows system
- name: Windows | Find all versions of Terraform
win_uri:
url: https://releases.hashicorp.com/terraform/index.json
return_content: yes
register: terraform_index
when: terraform_version == 'latest'
check_mode: no
- name: Windows | Finds the latest Terraform version when latest var is define
set_fact:
terraform_version_to_install: "{{ (terraform_index.content | from_json).versions | reject('search','-') | list | sort_versions | last }}"
when: terraform_version == 'latest'
- name: Windows | Use the specified Terraform version when latest var is not define
set_fact:
terraform_version_to_install: "{{ terraform_version }}"
when: terraform_version != 'latest'
# This task avoids downloading Terraform every time
- name: Windows | Check if terraform is present on Windows with the right version
win_command: terraform -version
register: terraform_installed_version
ignore_errors: yes
changed_when: false
failed_when: false
- name: Windows | Download Terraform
win_get_url:
url: "{{ terraform_pkg_url }}"
dest: '%TEMP%\terraform_{{ terraform_version_to_install }}_windows_amd64.zip'
when: terraform_version_to_install not in ( terraform_installed_version.stdout_lines | default(['empty']) | first )
- name: Windows | Create Terraform folder
win_file:
path: "{{ terraform_path }}"
state: directory
- name: Windows | Install Terraform
win_unzip:
src: '%TEMP%\terraform_{{ terraform_version_to_install }}_windows_amd64.zip'
dest: "{{ terraform_path }}"
when: terraform_version_to_install not in ( terraform_installed_version.stdout_lines | default(['empty']) | first )
- name: Windows | Add Terraform to PATH
win_path:
elements: "{{ terraform_path }}"

5
Playbooks/roles/install_terraform/vars/Darwin.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in Mac osx system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_{{ os_type }}_amd64.zip"
terraform_default_path: /usr/local/bin/
os_type: darwin

5
Playbooks/roles/install_terraform/vars/FreeBSD.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in FreeBSD system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_{{ os_type }}_{{ base_arch[ansible_architecture] | default('amd64') }}.zip"
terraform_default_path: /usr/local/bin/
os_type: freebsd

5
Playbooks/roles/install_terraform/vars/Linux.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in Linux system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_{{ os_type }}_{{ base_arch[ansible_architecture] | default('amd64') }}.zip"
terraform_default_path: /usr/local/bin/
os_type: linux

5
Playbooks/roles/install_terraform/vars/OpenBSD.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in OpenBSD system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_{{ os_type }}_{{ base_arch[ansible_architecture] | default('amd64') }}.zip"
terraform_default_path: /usr/local/bin/
os_type: openbsd

5
Playbooks/roles/install_terraform/vars/SunOS.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in SunOS system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_{{ os_type }}_amd64.zip"
terraform_default_path: /usr/sbin
os_type: solaris

5
Playbooks/roles/install_terraform/vars/Win32NT.yml Normal file
View File

@ -0,0 +1,5 @@
---
# vars file for terraform in Windows system
terraform_pkg_url: "https://releases.hashicorp.com/terraform/{{ terraform_version_to_install }}/terraform_{{ terraform_version_to_install }}_windows_{{ base_arch[ansible_architecture] | default('amd64') }}.zip"
terraform_default_path: C:\HashiCorp\terraform\bin\
os_type: windows

17
Playbooks/roles/install_terraform/vars/main.yml Normal file
View File

@ -0,0 +1,17 @@
---
# vars file for ansible-role-terraform
base_arch:
i386: '386'
x86_64: 'amd64'
amd64: 'amd64'
aarch64: 'arm64'
armv7l: 'arm'
armv6l: 'arm'
base_os:
Linux: 'Linux-Unix'
FreeBSD: 'Linux-Unix'
OpenBSD: 'Linux-Unix'
Solaris: 'Linux-Unix'
Darwin: 'Linux-Unix'
Win32NT: 'Windows'

8
Playbooks/roles/lxc_configue_ssh/defaults/main.yml Normal file
View File

@ -0,0 +1,8 @@
---
# defaults file for roles/init_lxd
profile: default
ssh_user: renzo
ssh_key_path: ~/.ssh/lxd_ssh
ssh_key_name: lxd_ssh
ssh_key_passphrase: set_a_password!

48
Playbooks/roles/lxc_configue_ssh/tasks/main.yml Normal file
View File

@ -0,0 +1,48 @@
---
# profile: default
# lxc
# ssh_user: renzo
# ssh_key_path: ~/.ssh/lxd_ssh
# ssh_key_name: lxd_ssh
# ssh_key_passphrase: set_a_password!
# tasks file for roles/init_lxd
- name: generate SSH key "{{ssh_key_name}}"
register: SSH_KEY
user:
name: "{{ssh_user}}"
generate_ssh_key: yes
ssh_key_type: rsa
ssh_key_bits: 4096
ssh_key_file: "{{ssh_key_path}}"
ssh_key_passphrase: "{{ssh_passphrase}}"
force: no
# Default profile
- shell: "lxc profile show {{profile}}"
become: true
register: profile
# Process of custom profile with my new SSH Key
- set_fact:
lookup_custom_conf: |
config:
user.user-data: |
ssh_authorized_keys:
- {{SSH_KEY.ssh_public_key}}
# Apply merge in LXD
- ansible.builtin.tempfile: {}
register: temp_lxd_config
- set_fact: custom_config="{{ lookup_custom_conf | from_yaml }}"
- set_fact: profile_yaml_path="{{temp_lxd_config.path}}"
- copy:
dest: "{{profile_yaml_path}}"
content: |
{{ profile.stdout | from_yaml | combine(custom_config) | to_yaml }}
- shell: "lxc profile edit {{profile}} < {{profile_yaml_path}}"
become: true
- file: path="{{profile_yaml_path}}" state=absent