diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e91a45ce78a77e01b7eab1fd7ea3a3cf6e750fc8..40017a3ddfc3e409d640ab8536097de55d685c7c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,13 +2,20 @@ sha: 97b88d9610bcc03982ddac33caba98bb2b751f5f hooks: - id: check-added-large-files - - id: check-json - - id: check-xml - id: check-yaml - id: check-merge-conflict - id: flake8 - repo: https://github.com/adarnimrod/shell-pre-commit - sha: e48c7fbdadf14a548dcbda32895b67f90fa0f12b + sha: v0.1.0 hooks: - id: shell-lint files: collectd/collectd_facts|nginx/nginx_facts|ssl/dhparams +- repo: https://github.com/adarnimrod/ansible-pre-commit.git + sha: v0.4.0 + hooks: + - id: ansible-syntax-check +- repo: https://github.com/willthames/ansible-lint + sha: 959ab0f525e9abb19cf75f34381015cf33695f61 + hooks: + - id: ansible-lint + files: playbook.yml diff --git a/.travis.yml b/.travis.yml index a304f5e21f7bc178799b0e64c90441bffcf3b5da..6984f6138d5ca49e2eaf3190db56c7a49cf1eb32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,9 +3,23 @@ language: python python: "2.7" dist: trusty sudo: false +services: [docker] +cache: + - pip + - directories: + - $HOME/.pre-commit + +env: + - DOCKER=ubuntu:trusty + - DOCKER=ubuntu:xenial + - DOCKER=debian:jessie install: - - pip install pre_commit + - pip install pre_commit ansible | cat + +before_script: + - docker run --detach --name $(echo $DOCKER | sed 's/:/_/g') $DOCKER tail -f /.dockerenv script: - pre-commit run --all-files + - ansible-playbook -i $(echo $DOCKER | sed 's/:/_/g'), -c docker -vv playbook.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000000000000000000000000000000000000..b6d3a7e457b49292d5795a17fee30f145ac009bc --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +library = ./ +host_key_checking = False diff --git a/collectd/collectd_facts b/collectd/collectd_facts index e91024d72c4594469d4ee0dbdf0c2b5144e91643..1637f105c930870d6056b6d10a29b8fbbf6d8232 100755 --- a/collectd/collectd_facts +++ b/collectd/collectd_facts @@ -7,6 +7,6 @@ fail () exit } -which collectd || fail "Can't find collectd executable." +which collectd 2>&1 > /dev/null || fail "Can't find collectd executable." -collectd -h | sed -n 's/[a-zA-Z ]*\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/{"changed": false, "ansible_facts": {"collectd": {"major":\1, "minor":\2, "patch":\3}}}/p' +collectd -h 2>&1 | sed -n 's/[a-zA-Z ]*\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/{"changed": false, "ansible_facts": {"collectd": {"major":\1, "minor":\2, "patch":\3}}}/p' diff --git a/nginx/nginx_facts b/nginx/nginx_facts index 349a3ad5ae5b1f03ec0607ac18baf6029b8f23c6..1c37c9b657ef66823978ddb0d8bf92172f7c1d4c 100755 --- a/nginx/nginx_facts +++ b/nginx/nginx_facts @@ -7,6 +7,6 @@ fail () exit } -which nginx || fail "Can't find nginx executable." +which nginx 2>&1 > /dev/null || fail "Can't find nginx executable." -nginx -v 2>&1 | sed -n 's/[a-zA-Z :\/]*\([0-9]*\)\.\([0-9]*\)\.\([0-9]\)*/{"changed": false, "ansible_facts": {"nginx": {"major":\1, "minor":\2, "patch":\3, "version":"\1.\2.\3"}}}/gp' +nginx -v 2>&1 | sed -n 's/[a-zA-Z :\/]*\([0-9]*\)\.\([0-9]*\)\.\([0-9]\)*.*$/{"changed": false, "ansible_facts": {"nginx": {"major":\1, "minor":\2, "patch":\3, "version":"\1.\2.\3"}}}/gp' diff --git a/playbook.yml b/playbook.yml new file mode 100644 index 0000000000000000000000000000000000000000..f11d3a7183286ce4fb4d9c3cc0788fb2b3beeaf0 --- /dev/null +++ b/playbook.yml @@ -0,0 +1,96 @@ +--- +- hosts: all + gather_facts: False + tasks: + - name: Update APT sources + raw: DEBIAN_FRONTEND=noninteractive apt-get update + changed_when: False + + - name: APT install Python + raw: DEBIAN_FRONTEND=noninteractive apt-get install -qy python2.7 python + register: debian_bootstrap_install_python + changed_when: "'Unpacking' in debian_bootstrap_install_python.stdout" + + - name: Gather facts + setup: + + - name: APT install + apt: + name: ['nginx-light', 'collectd-core', 'openssl'] + state: present + install_recommends: no + + - name: Collectd facts + collectd_facts: + register: collectd_facts + + - name: Debug + debug: + var: collectd_facts + verbosity: 2 + + - name: Assertions + assert: + that: + - collectd_facts|changed == False + - collectd.major is number + - collectd.minor is number + - collectd.patch is number + + - name: Nginx facts + nginx_facts: + register: nginx_facts + + - name: Debug + debug: + var: nginx_facts + verbosity: 2 + + - name: Assertions + assert: + that: + - nginx_facts|changed == False + - nginx.major is number + - nginx.minor is number + - nginx.patch is number + - nginx.version is defined + + - name: DH params for missing file + ignore_errors: True + dhparams: + path: /etc/ssl/dhparams.pem + register: missing_dhparams + + - name: Debug + debug: + var: missing_dhparams + verbosity: 2 + + - name: Assertions + assert: + that: + - missing_dhparams.bits == 0 + - missing_dhparams|failed == True + - missing_dhparams|changed == False + + - name: Generate DH params + command: openssl dhparam -out /etc/ssl/dhparams.pem 2048 + changed_when: True + + - name: DH params for existing file + dhparams: + path: /etc/ssl/dhparams.pem + register: existing_dhparams + + - name: Debug + debug: + var: existing_dhparams + verbosity: 2 + + - name: Assertions + assert: + that: + - existing_dhparams.bits == 2048 + - existing_dhparams|failed == False + - existing_dhparams|changed == False + - existing_dhparams.path == '/etc/ssl/dhparams.pem'