ansible/xoxys.pve
1
0
Fork 0
Code Issues Pull Requests Releases Activity

ci: migrate to woodpecker
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/docs Pipeline was successful
Details
ci/woodpecker/push/notify Pipeline was successful
Details

Browse Source
This commit is contained in:
Robert Kaussow 2024-02-19 10:50:15 +01:00
parent 22fcd4707b
commit 627ff15f0f
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
20 changed files with 189 additions and 386 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
.drone.jsonnet
View File

@ -1,124 +0,0 @@
local PipelineLinting = {
kind: 'pipeline',
name: 'linting',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'ansible-later',
image: 'thegeeklab/ansible-later',
commands: [
'ansible-later',
],
},
{
name: 'python-format',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq yapf',
'[ -z "$(find . -type f -name *.py)" ] || (yapf -rd ./)',
],
},
{
name: 'python-flake8',
image: 'python:3.11',
environment: {
PY_COLORS: 1,
},
commands: [
'pip install -qq flake8',
'flake8',
],
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
};
local PipelineDocumentation = {
kind: 'pipeline',
name: 'documentation',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
name: 'generate',
image: 'thegeeklab/ansible-doctor',
environment: {
ANSIBLE_DOCTOR_LOG_LEVEL: 'INFO',
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true,
ANSIBLE_DOCTOR_EXCLUDE_FILES: 'molecule/',
ANSIBLE_DOCTOR_TEMPLATE: 'hugo-book',
ANSIBLE_DOCTOR_ROLE_NAME: '${DRONE_REPO_NAME#*.}',
ANSIBLE_DOCTOR_OUTPUT_DIR: '_docs/',
},
},
{
name: 'publish',
image: 'plugins/gh-pages',
settings: {
remote_url: 'https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}',
netrc_machine: 'gitea.rknet.org',
username: { from_secret: 'gitea_username' },
password: { from_secret: 'gitea_token' },
pages_directory: '_docs/',
target_branch: 'docs',
},
when: {
ref: ['refs/heads/main'],
},
},
],
trigger: {
ref: ['refs/heads/main', 'refs/tags/**', 'refs/pull/**'],
},
depends_on: [
'linting',
],
};
local PipelineNotification = {
kind: 'pipeline',
name: 'notification',
platform: {
os: 'linux',
arch: 'amd64',
},
clone: {
disable: true,
},
steps: [
{
name: 'matrix',
image: 'thegeeklab/drone-matrix',
settings: {
homeserver: { from_secret: 'matrix_homeserver' },
roomid: { from_secret: 'matrix_roomid' },
template: 'Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}',
username: { from_secret: 'matrix_username' },
password: { from_secret: 'matrix_password' },
},
},
],
depends_on: [
'documentation',
],
trigger: {
status: ['success', 'failure'],
ref: ['refs/heads/main', 'refs/tags/**'],
},
};
[
PipelineLinting,
PipelineDocumentation,
PipelineNotification,
]

120
.drone.yml
View File

@ -1,120 +0,0 @@
---
kind: pipeline
name: linting
platform:
os: linux
arch: amd64
steps:
- name: ansible-later
image: thegeeklab/ansible-later
commands:
- ansible-later
- name: python-format
image: python:3.11
commands:
- pip install -qq yapf
- "[ -z \"$(find . -type f -name *.py)\" ] || (yapf -rd ./)"
environment:
PY_COLORS: 1
- name: python-flake8
image: python:3.11
commands:
- pip install -qq flake8
- flake8
environment:
PY_COLORS: 1
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
---
kind: pipeline
name: documentation
platform:
os: linux
arch: amd64
steps:
- name: generate
image: thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: true
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_OUTPUT_DIR: _docs/
ANSIBLE_DOCTOR_ROLE_NAME: ${DRONE_REPO_NAME#*.}
ANSIBLE_DOCTOR_TEMPLATE: hugo-book
- name: publish
image: plugins/gh-pages
settings:
netrc_machine: gitea.rknet.org
pages_directory: _docs/
password:
from_secret: gitea_token
remote_url: https://gitea.rknet.org/ansible/${DRONE_REPO_NAME}
target_branch: docs
username:
from_secret: gitea_username
when:
ref:
- refs/heads/main
trigger:
ref:
- refs/heads/main
- refs/tags/**
- refs/pull/**
depends_on:
- linting
---
kind: pipeline
name: notification
platform:
os: linux
arch: amd64
clone:
disable: true
steps:
- name: matrix
image: thegeeklab/drone-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
username:
from_secret: matrix_username
trigger:
ref:
- refs/heads/main
- refs/tags/**
status:
- success
- failure
depends_on:
- documentation
---
kind: signature
hmac: 1a3ce5b5857b054706ade18a5857e0ee7ad6edb68e38fe41eef57dac6caf4e05
...

4
.gitignore vendored
View File

@ -1,6 +1,6 @@
# ---> Ansible
*.retry
filter/plugins/
plugins
library
# ---> Python
@ -9,5 +9,3 @@ __pycache__/
*.py[cod]
*$py.class
# ---> Docs
/_docs

4
.later.yml
View File

@ -10,10 +10,6 @@ ansible:
rules:
exclude_files:
- molecule/
- "LICENSE*"
- "**/*.md"
- "**/*.ini"
exclude_filter:
- LINT0009

7
.markdownlint.yml Normal file
View File

@ -0,0 +1,7 @@
---
default: True
MD013: False
MD041: False
MD024: False
MD004:
style: dash

1
.prettierignore Normal file
View File

@ -0,0 +1 @@
LICENSE

47
.woodpecker/docs.yaml Normal file
View File

@ -0,0 +1,47 @@
---
when:
- event: [pull_request]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: generate
image: quay.io/thegeeklab/ansible-doctor
environment:
ANSIBLE_DOCTOR_EXCLUDE_FILES: molecule/
ANSIBLE_DOCTOR_FORCE_OVERWRITE: "true"
ANSIBLE_DOCTOR_LOG_LEVEL: INFO
ANSIBLE_DOCTOR_ROLE_NAME: ${CI_REPO_NAME}
ANSIBLE_DOCTOR_TEMPLATE: readme
- name: format
image: quay.io/thegeeklab/alpine-tools
commands:
- prettier -w README.md
- name: diff
image: quay.io/thegeeklab/alpine-tools
commands:
- git diff --color=always README.md
- name: publish
image: quay.io/thegeeklab/wp-git-action
settings:
action:
- commit
- push
author_email: ci-bot@rknet.org
author_name: ci-bot
branch: main
message: "[skip ci] automated docs update"
netrc_machine: gitea.rknet.org
netrc_password:
from_secret: gitea_token
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
depends_on:
- lint

30
.woodpecker/lint.yaml Normal file
View File

@ -0,0 +1,30 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: ansible-later
image: quay.io/thegeeklab/ansible-later:4
commands:
- ansible-later
environment:
FORCE_COLOR: "1"
- name: python-format
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff format --check --diff .
environment:
PY_COLORS: "1"
- name: python-lint
image: docker.io/python:3.12
commands:
- pip install -qq ruff
- ruff .
environment:
PY_COLORS: "1"

26
.woodpecker/notify.yml Normal file
View File

@ -0,0 +1,26 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

11
README.md
View File

@ -1,12 +1 @@
# xoxys.pve
[![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server. Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform.
You can find the full documentation at [https://galaxy.geekdocs.de](https://galaxy.geekdocs.de/roles/cloud/pve/).
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

3
defaults/main.yml
View File

@ -1,9 +1,6 @@
---
pve_nodes:
- node1
pve_tls_enabled: False
pve_tls_cert_source: mycert.pem
pve_tls_key_source: mykey.pem
pve_pamd_motd_enabled: True

8
handlers/main.yml
View File

@ -1,8 +0,0 @@
---
- name: Restart pveproxy
service:
state: restarted
name: pveproxy
listen: __pveproxy_restart
become: True
become_user: root

12
meta/main.yml
View File

@ -1,4 +1,3 @@
# Standards: 0.2
---
galaxy_info:
# @meta author:value: [Robert Kaussow](https://gitea.rknet.org/xoxys)
@ -6,9 +5,8 @@ galaxy_info:
namespace: xoxys
role_name: pve
# @meta description: >
# [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.pve)
# [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.pve?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.pve)
# [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
# [![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.pve/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.pve)
# [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.pve/src/branch/main/LICENSE)
#
# Basic role to configure a [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) server.
# Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization
@ -21,11 +19,11 @@ galaxy_info:
# @end
description: Basic role to configure a Proxmox VE server
license: MIT
min_ansible_version: 2.10
min_ansible_version: "2.10"
platforms:
- name: EL
- name: Debian
versions:
- 7
- "bookworm"
galaxy_tags:
- pve
- kvm

17
pyproject.toml Normal file
View File

@ -0,0 +1,17 @@
[tool.ruff]
exclude = [".git", "__pycache__"]
line-length = 99
indent-width = 4
[tool.ruff.lint]
ignore = ["W191", "E111", "E114", "E117", "S101", "S105"]
select = ["F", "E", "I", "W", "S"]
[tool.ruff.format]
quote-style = "double"
indent-style = "space"
line-ending = "lf"
[tool.pytest.ini_options]
filterwarnings = ["ignore::FutureWarning", "ignore::DeprecationWarning"]

12
setup.cfg
View File

@ -1,12 +0,0 @@
[flake8]
ignore = D100, D101, D102, D103, D105, D107, E402, W503
max-line-length = 99
inline-quotes = double
exclude = .git,.tox,__pycache__,build,dist,tests,*.pyc,*.egg-info,.cache,.eggs,env*
[yapf]
based_on_style = google
column_limit = 99
dedent_closing_brackets = true
coalesce_brackets = true
split_before_logical_operator = true

55
tasks/auth.yml
View File

@ -1,47 +1,42 @@
---
- block:
- name: Create tmp folder for pve
file:
path: "{{ __pve_tmp_dir }}"
recurse: yes
state: directory
- name: Create tmp folder for pve
ansible.builtin.file:
path: "{{ __pve_tmp_dir }}"
recurse: True
state: directory
- name: Configure auth provider
template:
src: etc/pve/domains.cfg.j2
dest: "{{ __pve_tmp_dir }}/domains.cfg"
owner: root
group: www-data
mode: 0640
register: __pve_domains_copy
- name: Configure auth provider
ansible.builtin.template:
src: etc/pve/domains.cfg.j2
dest: "{{ __pve_tmp_dir }}/domains.cfg"
owner: root
group: www-data
mode: "0640"
register: __pve_domains_copy
- name: Copy auth provider to pve filesystem
command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
changed_when: __pve_domains_copy.changed
become: True
become_user: root
- name: Copy auth provider to pve filesystem
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
changed_when: __pve_domains_copy.changed
- block:
- when:
- pve_auth_ldap_enabled | bool
- pve_auth_ldap_bind_password is defined
block:
- name: Ensure path for auth file exists
file:
ansible.builtin.file:
path: "{{ __pve_base_dir }}/priv/ldap"
recurse: yes
recurse: True
state: directory
- name: Add passwd file for ldap bind
template:
ansible.builtin.template:
src: etc/pve/priv/ldap.pw.j2
dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
owner: root
group: www-data
mode: 0640
mode: "0640"
register: __pve_auth_copy
- name: Copy passwd file to pve filesystem
command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
changed_when: __pve_auth_copy.changed
become: True
become_user: root
when:
- pve_auth_ldap_enabled | bool
- pve_auth_ldap_bind_password is defined

9
tasks/main.yml
View File

@ -1,7 +1,4 @@
---
- import_tasks: pve.yml
- import_tasks: pam.yml
- import_tasks: auth.yml
- import_tasks: tls.yml
when: pve_tls_enabled | bool
tags: tls_renewal
- ansible.builtin.import_tasks: pve.yml
- ansible.builtin.import_tasks: pam.yml
- ansible.builtin.import_tasks: auth.yml

14
tasks/pam.yml
View File

@ -1,14 +1,18 @@
---
- name: Remove motd from oam stack
pamd:
community.general.pamd:
name: "{{ item.name }}"
type: "{{ item.type }}"
control: "{{ item.control }}"
module_path: "{{ item.path }}"
state: absent
loop:
- { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
- { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
become: True
become_user: root
- name: "login"
type: "session"
control: "optional"
path: "pam_motd.so"
- name: "sshd"
type: "session"
control: "optional"
path: "pam_motd.so"
when: not pve_pamd_motd_enabled | bool

39
tasks/pve.yml
View File

@ -1,23 +1,20 @@
---
- block:
- name: Ensure mountpoints are present
file:
path: "{{ item.path }}"
recurse: yes
state: directory
loop: "{{ pve_disk_mount }}"
loop_control:
label: "{{ item.path }}"
- name: Ensure mountpoints are present
ansible.builtin.file:
path: "{{ item.path }}"
recurse: yes
state: directory
loop: "{{ pve_disk_mount }}"
loop_control:
label: "{{ item.path }}"
- name: Add diskmounts to fstab
mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: "{{ item.fstype }}"
opts: "{{ item.opts | default(omit) }}"
state: "{{ item.state | default('mounted') }}"
loop: "{{ pve_disk_mount }}"
loop_control:
label: "{{ item.src }} {{ item.path }}"
become: True
become_user: root
- name: Add diskmounts to fstab
ansible.posix.mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: "{{ item.fstype }}"
opts: "{{ item.opts | default(omit) }}"
state: "{{ item.state | default('mounted') }}"
loop: "{{ pve_disk_mount }}"
loop_control:
label: "{{ item.src }} {{ item.path }}"

32
tasks/tls.yml
View File

@ -1,32 +0,0 @@
---
- block:
- name: Create pki folder structure
file:
path: "{{ item }}"
state: directory
recurse: True
loop:
- /etc/pki/tls/certs
- /etc/pki/tls/private
- name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "{{ pve_tls_cert_source }}", dest: "/etc/pki/tls/certs/pveproxy-ssl.pem", mode: "0750" }
- { src: "{{ pve_tls_key_source }}", dest: "/etc/pki/tls/private/pveproxy-ssl.key", mode: "0600" }
loop_control:
label: "{{ item.dest }}"
register: __pve_tls_copy
- name: Copy cert/key to pve filesystem
command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
changed_when: item[0].changed
loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
loop_control:
label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
notify: __pveproxy_restart
become: True
become_user: root