From 3fb4787bf3b6a23389f7298ada312d8cc3862885 Mon Sep 17 00:00:00 2001 From: Laur Ivan Date: Tue, 20 Sep 2022 22:52:41 +0200 Subject: [PATCH] Initial addition. Role functional. --- .ansible-lint | 9 ++++++ .gitignore | 7 +++++ .travis.yml | 29 +++++++++++++++++ .yamllint | 33 ++++++++++++++++++++ LICENSE | 20 ++++++++++++ README.md | 59 +++++++++++++++++++++++++++++++++++ defaults/main.yml | 10 ++++++ handlers/main.yml | 2 ++ meta/main.yml | 33 ++++++++++++++++++++ molecule/default/INSTALL.rst | 15 +++++++++ molecule/default/converge.yml | 27 ++++++++++++++++ molecule/default/destroy.yml | 24 ++++++++++++++ molecule/default/molecule.yml | 30 ++++++++++++++++++ molecule/default/prepare.yml | 12 +++++++ molecule/default/verify.yml | 10 ++++++ molecule/requirements.yml | 3 ++ tasks/main.yml | 35 +++++++++++++++++++++ templates/geoip.conf.j2 | 5 +++ tests/inventory | 2 ++ tests/test.yml | 5 +++ vars/main.yml | 2 ++ 21 files changed, 372 insertions(+) create mode 100644 .ansible-lint create mode 100644 .gitignore create mode 100644 .travis.yml create mode 100644 .yamllint create mode 100644 LICENSE create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/destroy.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/prepare.yml create mode 100644 molecule/default/verify.yml create mode 100644 molecule/requirements.yml create mode 100644 tasks/main.yml create mode 100644 templates/geoip.conf.j2 create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..757cb2c --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,9 @@ +skip_list: + - 'yaml' + - 'risky-shell-pipe' + - 'role-name' + +kinds: + - meta: "**/meta/main.yml" + - tasks: "**/tasks/*.yml" + - vars: "**/vars/*.yml" \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bcb54e9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.retry +*/__pycache__ +*.pyc +.cache +.venv +.env.yml +docker-compose.yml \ No newline at end of file diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..37f76e9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2022 Laur Ivan + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..42e4c50 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# laurivan.geoip + +This role installs MaxMind GeoIP DB downloader on your system + +## Requirements + +N/A + +## Role Variables + + +This role uses the variables listed below, along with default values (see defaults/main.yml). + +You need GeoIP credentials in order to use this image. Get them for free at [MaxMind](https://dev.maxmind.com/?lang=en). Once you have them, please set: + +```yaml +geoip_account_id: +geoip_license_key: +``` + +If you don't have the credentials set, the role will skip most tasks. + +Second step is to decide the frequency of update and the type of data you want (country- or city-level). Once you have decided, please set: + +```yaml +geoip_update_edition_ids: "GeoLite2-City" +geoip_update_frequency: "168" +``` + +As you can see, there are already defaults: get the city-level data every 7 days (because, let's be honest, geoip data doesn't change massively that often). + +Now that all server-side parameters are set, we need a location where the data is downloaded. This is sete via `geoip_volume` which defaults to */var/local/geoip/*. + +Note: It is important to remember this location and set its rights properly because you'll need it for other software which uses GeoIP. + +## Dependencies + +None + +## Example Playbook + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + vars: + geoip_account_id: "123456" + geoip_license_key: "FakeLicenseKey" + geoip_update_edition_ids: "GeoLite2-City GeoLite2-Country" + geoip_update_frequency: "72" + roles: + - { role: username.rolename, x: 42 } + +## License + +MIT + +## Author Information + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..0979d65 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# defaults file for geoip +geoip_account_id: +geoip_license_key: +geoip_update_edition_ids: "GeoLite2-City" +geoip_update_frequency: "8" + +# Location of the geoip database +# +geoip_volume: "/var/local/geoip/" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..5e570a7 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for geoip diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..243da14 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,33 @@ +galaxy_info: + author: Laur Ivan + namespace: laurivan + role_name: geoip + description: GeoIP installation via docker + license: MIT + + min_ansible_version: "2.4" + min_ansible_container_version: "2.4" + + platforms: + - name: Debian + versions: + - buster + - bullseye + - name: Ubuntu + versions: + - bionic + - focal + - jammy + - name: Alpine + version: + - all + - name: ArchLinux + versions: + - all + + galaxy_tags: + - docker + - plausible + - metrics + +dependencies: [] diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..1b38d09 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,15 @@ +*********************************** +Delegated driver installation guide +*********************************** + +Requirements +============ + +This driver is delegated to the developer. Up to the developer to implement +requirements. + +Install +======= + +This driver is delegated to the developer. Up to the developer to implement +requirements. diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..37271ff --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,27 @@ +--- +- name: Converge + hosts: all + #gather_facts: false + + pre_tasks: + - name: Update apt cache. + apt: update_cache=yes cache_valid_time=600 + when: ansible_os_family == 'Debian' + - name: Install python requests + pip: + name: + - requests + - docker + - name: Install docker + vars: + docker_service_manage: false + include_role: + name: geerlingguy.docker + + tasks: + - name: "Include necessary variables" + ansible.builtin.include_vars: + file: "../../.env.yml" + - name: "Include laurivan.geoip" + ansible.builtin.include_role: + name: "laurivan.geoip" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 0000000..dd6e220 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ molecule_no_log }}" + tasks: + # Developer must implement. + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + ansible.builtin.set_fact: + instance_conf: {} + + - name: Dump instance config + ansible.builtin.copy: + content: | + # Molecule managed + + {{ instance_conf | to_json | from_json | to_yaml }} + dest: "{{ molecule_instance_config }}" + mode: 0600 + when: server.changed | default(false) | bool diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..8c86437 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,30 @@ +--- +role_name_check: 1 +dependency: + name: galaxy + options: + ignore-certs: true + ignore-errors: true + role-file: molecule/requirements.yml + requirements-file: molecule/requirements.yml +driver: + name: docker +platforms: + - name: instance-geoip + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /var/run/docker.sock:/tmp/docker_mounted.sock + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} +verifier: + name: ansible +lint: | + set -e + yamllint . + ansible-lint . \ No newline at end of file diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml new file mode 100644 index 0000000..da64ddf --- /dev/null +++ b/molecule/default/prepare.yml @@ -0,0 +1,12 @@ +--- +- name: Setup the test machine + hosts: instance-geoip + tasks: + - name: Create docker.sock + raw: touch /var/run/docker.sock + become: true + changed_when: false + - name: Move docker.sock from tmp + raw: mount --move /tmp/docker_mounted.sock /var/run/docker.sock + become: true + changed_when: false diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..e707420 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,10 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Example assertion + ansible.builtin.assert: + that: true diff --git a/molecule/requirements.yml b/molecule/requirements.yml new file mode 100644 index 0000000..0a095b9 --- /dev/null +++ b/molecule/requirements.yml @@ -0,0 +1,3 @@ +--- +roles: + - geerlingguy.docker diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e350adf --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,35 @@ +--- +# tasks file for geoip +- name: Set up directories + ansible.builtin.file: + state: directory + path: "{{ item }}" + owner: "{{ ansible_user_id }}" + mode: '0755' + with_items: + - "{{ geoip_volume }}" + + become: true + tags: + - configuration + +- name: Write GeoIP configuration + ansible.builtin.template: + src: geoip.conf.j2 + dest: "{{ geoip_volume }}/env.conf" + mode: '0600' + owner: "{{ ansible_user_id }}" + when: geoip_account_id and geoip_license_key + tags: + - configuration + +- name: Install geoip + docker_container: + name: "geoip" + recreate: true + restart_policy: unless-stopped + image: "maxmindinc/geoipupdate" + env_file: "{{ geoip_volume }}/env.conf" + volumes: + - "{{ geoip_volume }}:/usr/share/GeoIP" + when: geoip_account_id and geoip_license_key diff --git a/templates/geoip.conf.j2 b/templates/geoip.conf.j2 new file mode 100644 index 0000000..e70523c --- /dev/null +++ b/templates/geoip.conf.j2 @@ -0,0 +1,5 @@ +GEOIPUPDATE_ACCOUNT_ID={{ geoip_account_id }} +GEOIPUPDATE_LICENSE_KEY={{ geoip_license_key }} + +GEOIPUPDATE_EDITION_IDS={{ geoip_update_edition_ids }} +GEOIPUPDATE_FREQUENCY={{ geoip_update_frequency }} \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..4bab128 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - geoip diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..7171c33 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for geoip