diff --git a/.drone.jsonnet b/.drone.jsonnet
new file mode 100644
index 0000000..65ea016
--- /dev/null
+++ b/.drone.jsonnet
@@ -0,0 +1,109 @@
+local AnsibleVersions(version="latest", package="ansible") = {
+ name: "ansible-" + version,
+ image: "python:3.7",
+ pull: "always",
+ environment: {
+ PY_COLORS: 1
+ },
+ commands: [
+ "pip install " + package + " ansible-later~=0.2.0 -qq",
+ "git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy",
+ "ansible-later -c ~/policy/config.yml"
+ ],
+ depends_on: [
+ "clone",
+ ],
+};
+
+local PipelineLinting = {
+ kind: "pipeline",
+ name: "linting",
+ platform: {
+ os: "linux",
+ arch: "amd64",
+ },
+ steps: [
+ AnsibleVersions(version="latest", package="ansible"),
+ AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"),
+ ],
+ trigger: {
+ ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
+ },
+};
+
+local PipelineDeployment = {
+ kind: "pipeline",
+ name: "deployment",
+ platform: {
+ os: "linux",
+ arch: "amd64",
+ },
+ workspace: {
+ base: "/drone/src",
+ path: "xoxys.unifi"
+ },
+ steps: [
+ {
+ name: "molecule",
+ image: "xoxys/molecule:ec2-linux-amd64",
+ pull: "always",
+ environment: {
+ ANSIBLE_ROLES_PATH: "/drone/src",
+ AWS_ACCESS_KEY_ID: { "from_secret": "aws_access_key_id" },
+ AWS_SECRET_ACCESS_KEY: { "from_secret": "aws_secret_access_key" },
+ AWS_REGION: "eu-central-1",
+ MOLECULE_CUSTOM_MODULES_REPO: "https://gitea.rknet.org/ansible/custom_modules",
+ MOLECULE_CUSTOM_FILTERS_REPO: "https://gitea.rknet.org/ansible/custom_filters",
+ PY_COLORS: 1
+ },
+ commands: [
+ "/bin/bash /docker-entrypoint.sh",
+ "molecule test --scenario-name ec2-centos-7",
+ ],
+ },
+ ],
+ depends_on: [
+ "linting",
+ ],
+ trigger: {
+ ref: ["refs/heads/master", "refs/tags/**"],
+ },
+};
+
+local PipelineNotifications = {
+ kind: "pipeline",
+ name: "notifications",
+ platform: {
+ os: "linux",
+ arch: "amd64",
+ },
+ clone: {
+ disable: true,
+ },
+ steps: [
+ {
+ name: "matrix",
+ image: "plugins/matrix",
+ settings: {
+ homeserver: "https://matrix.rknet.org",
+ roomid: "MtidqQXWWAtQcByBhH:rknet.org",
+ template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}",
+ username: { "from_secret": "matrix_username" },
+ password: { "from_secret": "matrix_password" },
+ },
+ },
+ ],
+ depends_on: [
+ "deployment",
+ ],
+ trigger: {
+ status: [ "success", "failure" ],
+ ref: ["refs/heads/master", "refs/tags/**"],
+ },
+};
+
+[
+ PipelineLinting,
+ PipelineDeployment,
+ PipelineNotifications,
+]
diff --git a/.drone.yml b/.drone.yml
index 53d816a..6f0f61c 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,42 +1,116 @@
---
kind: pipeline
-name: default
+name: linting
+
+platform:
+ os: linux
+ arch: amd64
steps:
- - name: ansible-latest
- image: python:2.7
- pull: always
- commands:
- - pip install ansible ansible-later -q
- - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
- depends_on:
- - clone
+- name: ansible-latest
+ pull: always
+ image: python:3.7
+ commands:
+ - pip install ansible ansible-later~=0.2.0 -qq
+ - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
+ - ansible-later -c ~/policy/config.yml
+ environment:
+ PY_COLORS: 1
+ depends_on:
+ - clone
- - name: ansible-master
- image: python:2.7
- pull: always
- commands:
- - pip install ansible ansible-later -q
- - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- - git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini
- depends_on:
- - clone
+- name: ansible-master
+ pull: always
+ image: python:3.7
+ commands:
+ - "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq"
+ - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
+ - ansible-later -c ~/policy/config.yml
+ environment:
+ PY_COLORS: 1
+ depends_on:
+ - clone
- - name: notify
- image: plugins/matrix
- settings:
- homeserver: https://matrix.rknet.org
- roomid: MtidqQXWWAtQcByBhH:rknet.org
- template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}"
- username:
- from_secret: matrix_username
- password:
- from_secret: matrix_password
- depends_on:
- - ansible-latest
- - ansible-master
- when:
- status:
- - success
- - failure
+trigger:
+ ref:
+ - refs/heads/master
+ - "refs/tags/**"
+ - "refs/pull/**"
+
+---
+kind: pipeline
+name: deployment
+
+platform:
+ os: linux
+ arch: amd64
+
+workspace:
+ base: /drone/src
+ path: xoxys.unifi
+
+steps:
+- name: molecule
+ pull: always
+ image: xoxys/molecule:ec2-linux-amd64
+ commands:
+ - /bin/bash /docker-entrypoint.sh
+ - molecule test --scenario-name ec2-centos-7
+ environment:
+ ANSIBLE_ROLES_PATH: /drone/src
+ AWS_ACCESS_KEY_ID:
+ from_secret: aws_access_key_id
+ AWS_REGION: eu-central-1
+ AWS_SECRET_ACCESS_KEY:
+ from_secret: aws_secret_access_key
+ MOLECULE_CUSTOM_FILTERS_REPO: https://gitea.rknet.org/ansible/custom_filters
+ MOLECULE_CUSTOM_MODULES_REPO: https://gitea.rknet.org/ansible/custom_modules
+ PY_COLORS: 1
+
+trigger:
+ ref:
+ - refs/heads/master
+ - "refs/tags/**"
+
+depends_on:
+- linting
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+ os: linux
+ arch: amd64
+
+clone:
+ disable: true
+
+steps:
+- name: matrix
+ image: plugins/matrix
+ settings:
+ homeserver: https://matrix.rknet.org
+ password:
+ from_secret: matrix_password
+ roomid: MtidqQXWWAtQcByBhH:rknet.org
+ template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}"
+ username:
+ from_secret: matrix_username
+
+trigger:
+ ref:
+ - refs/heads/master
+ - "refs/tags/**"
+ status:
+ - success
+ - failure
+
+depends_on:
+- deployment
+
+---
+kind: signature
+hmac: 76a0df88a943b54c3f46ecd8b84bacbca16e1aca765b0ba7fc838568de44ded9
+
+...
diff --git a/defaults/main.yml b/defaults/main.yml
index c06c983..efd63f6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -54,16 +54,3 @@ unifi_tls_cert_file: "{{ unifi_tls_certs_dir }}/mycert.pem"
unifi_tls_key_file: "{{ unifi_tls_key_dir }}/mykey.pem"
unifi_tls_cert_source: mycert.pem
unifi_tls_key_source: mykey.pem
-
-unifi_nginx_vhost_enabled: False
-unifi_server_name: unifi.example.com
-unifi_server_ip: 127.0.0.1
-unifi_server_port: 8443
-unifi_nginx_server: myinventoryname
-unifi_nginx_vhost_dir: /etc/nginx/sites-available
-unifi_nginx_vhost_symlink: /etc/nginx/sites-enabled
-unifi_nginx_iptables_enabled: False
-
-unifi_nginx_tls_enabled: True
-unifi_nginx_tls_cert_file: mycert.pem
-unifi_nginx_tls_key_file: mykey.pem
diff --git a/handlers/main.yml b/handlers/main.yml
index ef30b50..ad2a078 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -7,12 +7,3 @@
listen: __unifi_restart
become: True
become_user: root
-
-- name: Reload nginx
- systemd:
- state: reloaded
- name: nginx
- listen: __nginx_reload
- delegate_to: "{{ radicale_nginx_server }}"
- become: True
- become_user: root
diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst
new file mode 100644
index 0000000..f305f0b
--- /dev/null
+++ b/molecule/default/INSTALL.rst
@@ -0,0 +1,22 @@
+*******
+Amazon Web Services driver installation guide
+*******
+
+Requirements
+============
+
+* An AWS credentials rc file
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+ $ pip install 'molecule[ec2]'
diff --git a/molecule/default/create.yml b/molecule/default/create.yml
new file mode 100644
index 0000000..4ed1a0c
--- /dev/null
+++ b/molecule/default/create.yml
@@ -0,0 +1,125 @@
+---
+- name: Create
+ hosts: localhost
+ connection: local
+ gather_facts: false
+ no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+ vars:
+ ssh_user: ubuntu
+ ssh_port: 22
+
+ security_group_name: molecule
+ security_group_description: Security group for testing Molecule
+ security_group_rules:
+ - proto: tcp
+ from_port: "{{ ssh_port }}"
+ to_port: "{{ ssh_port }}"
+ cidr_ip: '0.0.0.0/0'
+ - proto: icmp
+ from_port: 8
+ to_port: -1
+ cidr_ip: '0.0.0.0/0'
+ security_group_rules_egress:
+ - proto: -1
+ from_port: 0
+ to_port: 0
+ cidr_ip: '0.0.0.0/0'
+
+ keypair_name: molecule_key
+ keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
+ tasks:
+ - name: Create security group
+ ec2_group:
+ name: "{{ security_group_name }}"
+ description: "{{ security_group_name }}"
+ rules: "{{ security_group_rules }}"
+ rules_egress: "{{ security_group_rules_egress }}"
+
+ - name: Test for presence of local keypair
+ stat:
+ path: "{{ keypair_path }}"
+ register: keypair_local
+
+ - name: Delete remote keypair
+ ec2_key:
+ name: "{{ keypair_name }}"
+ state: absent
+ when: not keypair_local.stat.exists
+
+ - name: Create keypair
+ ec2_key:
+ name: "{{ keypair_name }}"
+ register: keypair
+
+ - name: Persist the keypair
+ copy:
+ dest: "{{ keypair_path }}"
+ content: "{{ keypair.key.private_key }}"
+ mode: 0600
+ when: keypair.changed
+
+ - name: Create molecule instance(s)
+ ec2:
+ key_name: "{{ keypair_name }}"
+ image: "{{ item.image }}"
+ instance_type: "{{ item.instance_type }}"
+ vpc_subnet_id: "{{ item.vpc_subnet_id }}"
+ group: "{{ security_group_name }}"
+ instance_tags:
+ instance: "{{ item.name }}"
+ wait: true
+ assign_public_ip: true
+ exact_count: 1
+ count_tag:
+ instance: "{{ item.name }}"
+ register: server
+ with_items: "{{ molecule_yml.platforms }}"
+ async: 7200
+ poll: 0
+
+ - name: Wait for instance(s) creation to complete
+ async_status:
+ jid: "{{ item.ansible_job_id }}"
+ register: ec2_jobs
+ until: ec2_jobs.finished
+ retries: 300
+ with_items: "{{ server.results }}"
+
+ # Mandatory configuration for Molecule to function.
+
+ - name: Populate instance config dict
+ set_fact:
+ instance_conf_dict: {
+ 'instance': "{{ item.instances[0].tags.instance }}",
+ 'address': "{{ item.instances[0].public_ip }}",
+ 'user': "{{ ssh_user }}",
+ 'port': "{{ ssh_port }}",
+ 'identity_file': "{{ keypair_path }}",
+ 'instance_ids': "{{ item.instance_ids }}", }
+ with_items: "{{ ec2_jobs.results }}"
+ register: instance_config_dict
+ when: server.changed | bool
+
+ - name: Convert instance config dict to a list
+ set_fact:
+ instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
+ when: server.changed | bool
+
+ - name: Dump instance config
+ copy:
+ content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
+ dest: "{{ molecule_instance_config }}"
+ when: server.changed | bool
+
+ - name: Wait for SSH
+ wait_for:
+ port: "{{ ssh_port }}"
+ host: "{{ item.address }}"
+ search_regex: SSH
+ delay: 10
+ timeout: 320
+ with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}"
+
+ - name: Wait for boot process to finish
+ pause:
+ minutes: 2
diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml
new file mode 100644
index 0000000..b460c1e
--- /dev/null
+++ b/molecule/default/destroy.yml
@@ -0,0 +1,47 @@
+---
+- name: Destroy
+ hosts: localhost
+ connection: local
+ gather_facts: false
+ no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+ tasks:
+ - block:
+ - name: Populate instance config
+ set_fact:
+ instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}"
+ skip_instances: false
+ rescue:
+ - name: Populate instance config when file missing
+ set_fact:
+ instance_conf: {}
+ skip_instances: true
+
+ - name: Destroy molecule instance(s)
+ ec2:
+ state: absent
+ instance_ids: "{{ item.instance_ids }}"
+ register: server
+ with_items: "{{ instance_conf }}"
+ when: not skip_instances
+ async: 7200
+ poll: 0
+
+ - name: Wait for instance(s) deletion to complete
+ async_status:
+ jid: "{{ item.ansible_job_id }}"
+ register: ec2_jobs
+ until: ec2_jobs.finished
+ retries: 300
+ with_items: "{{ server.results }}"
+
+ # Mandatory configuration for Molecule to function.
+
+ - name: Populate instance config
+ set_fact:
+ instance_conf: {}
+
+ - name: Dump instance config
+ copy:
+ content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
+ dest: "{{ molecule_instance_config }}"
+ when: server.changed | bool
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..6f88100
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,20 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: ec2
+lint:
+ name: yamllint
+platforms:
+ - name: instance
+ image: ami-a5b196c0
+ instance_type: t2.micro
+ vpc_subnet_id: subnet-6456fd1f
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
new file mode 100644
index 0000000..2332ef5
--- /dev/null
+++ b/molecule/default/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: xoxys.unifi
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
new file mode 100644
index 0000000..ddb01fb
--- /dev/null
+++ b/molecule/default/prepare.yml
@@ -0,0 +1,9 @@
+---
+- name: Prepare
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Install python for Ansible
+ raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-zipstream)
+ become: true
+ changed_when: false
diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..eedd64a
--- /dev/null
+++ b/molecule/default/tests/test_default.py
@@ -0,0 +1,14 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_hosts_file(host):
+ f = host.file('/etc/hosts')
+
+ assert f.exists
+ assert f.user == 'root'
+ assert f.group == 'root'
diff --git a/molecule/ec2-centos-7/INSTALL.rst b/molecule/ec2-centos-7/INSTALL.rst
new file mode 100644
index 0000000..f305f0b
--- /dev/null
+++ b/molecule/ec2-centos-7/INSTALL.rst
@@ -0,0 +1,22 @@
+*******
+Amazon Web Services driver installation guide
+*******
+
+Requirements
+============
+
+* An AWS credentials rc file
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+ $ pip install 'molecule[ec2]'
diff --git a/molecule/ec2-centos-7/create.yml b/molecule/ec2-centos-7/create.yml
new file mode 100644
index 0000000..aa96f57
--- /dev/null
+++ b/molecule/ec2-centos-7/create.yml
@@ -0,0 +1,124 @@
+---
+- name: Create
+ hosts: localhost
+ connection: local
+ gather_facts: false
+ no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+ vars:
+ ssh_user: centos
+ ssh_port: 22
+
+ security_group_name: molecule
+ security_group_description: Security group for testing Molecule
+ security_group_rules:
+ - proto: tcp
+ from_port: "{{ ssh_port }}"
+ to_port: "{{ ssh_port }}"
+ cidr_ip: '0.0.0.0/0'
+ - proto: icmp
+ from_port: 8
+ to_port: -1
+ cidr_ip: '0.0.0.0/0'
+ security_group_rules_egress:
+ - proto: -1
+ from_port: 0
+ to_port: 0
+ cidr_ip: '0.0.0.0/0'
+
+ keypair_name: molecule_key_unifi
+ keypair_path: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/ssh_key"
+ tasks:
+ - name: Create security group
+ ec2_group:
+ name: "{{ security_group_name }}"
+ description: "{{ security_group_name }}"
+ rules: "{{ security_group_rules }}"
+ rules_egress: "{{ security_group_rules_egress }}"
+
+ - name: Delete remote keypair
+ ec2_key:
+ name: "{{ keypair_name }}"
+ state: absent
+
+ - name: Create keypair
+ ec2_key:
+ name: "{{ keypair_name }}"
+ register: keypair
+
+ - name: Persist the keypair
+ copy:
+ dest: "{{ keypair_path }}"
+ content: "{{ keypair.key.private_key }}"
+ mode: 0600
+ when: keypair.changed
+
+ - name: Create molecule instance(s)
+ ec2:
+ key_name: "{{ keypair_name }}"
+ image: "{{ item.image }}"
+ instance_type: "{{ item.instance_type }}"
+ vpc_subnet_id: "{{ item.vpc_subnet_id }}"
+ group: "{{ security_group_name }}"
+ instance_tags:
+ instance: "{{ item.name }}"
+ wait: true
+ assign_public_ip: true
+ exact_count: 1
+ count_tag:
+ instance: "{{ item.name }}"
+ volumes:
+ - device_name: /dev/sda1
+ volume_type: gp2
+ volume_size: 8
+ delete_on_termination: yes
+ register: server
+ with_items: "{{ molecule_yml.platforms }}"
+ async: 7200
+ poll: 0
+
+ - name: Wait for instance(s) creation to complete
+ async_status:
+ jid: "{{ item.ansible_job_id }}"
+ register: ec2_jobs
+ until: ec2_jobs.finished
+ retries: 300
+ with_items: "{{ server.results }}"
+
+ # Mandatory configuration for Molecule to function.
+
+ - name: Populate instance config dict
+ set_fact:
+ instance_conf_dict: {
+ 'instance': "{{ item.instances[0].tags.instance }}",
+ 'address': "{{ item.instances[0].public_ip }}",
+ 'user': "{{ ssh_user }}",
+ 'port': "{{ ssh_port }}",
+ 'identity_file': "{{ keypair_path }}",
+ 'instance_ids': "{{ item.instance_ids }}", }
+ with_items: "{{ ec2_jobs.results }}"
+ register: instance_config_dict
+ when: server.changed | bool
+
+ - name: Convert instance config dict to a list
+ set_fact:
+ instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
+ when: server.changed | bool
+
+ - name: Dump instance config
+ copy:
+ content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
+ dest: "{{ molecule_instance_config }}"
+ when: server.changed | bool
+
+ - name: Wait for SSH
+ wait_for:
+ port: "{{ ssh_port }}"
+ host: "{{ item.address }}"
+ search_regex: SSH
+ delay: 10
+ timeout: 320
+ with_items: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}"
+
+ - name: Wait for boot process to finish
+ pause:
+ minutes: 2
diff --git a/molecule/ec2-centos-7/destroy.yml b/molecule/ec2-centos-7/destroy.yml
new file mode 100644
index 0000000..b460c1e
--- /dev/null
+++ b/molecule/ec2-centos-7/destroy.yml
@@ -0,0 +1,47 @@
+---
+- name: Destroy
+ hosts: localhost
+ connection: local
+ gather_facts: false
+ no_log: "{{ not (lookup('env', 'MOLECULE_DEBUG') | bool or molecule_yml.provisioner.log|default(false) | bool) }}"
+ tasks:
+ - block:
+ - name: Populate instance config
+ set_fact:
+ instance_conf: "{{ lookup('file', molecule_instance_config) | molecule_from_yaml }}"
+ skip_instances: false
+ rescue:
+ - name: Populate instance config when file missing
+ set_fact:
+ instance_conf: {}
+ skip_instances: true
+
+ - name: Destroy molecule instance(s)
+ ec2:
+ state: absent
+ instance_ids: "{{ item.instance_ids }}"
+ register: server
+ with_items: "{{ instance_conf }}"
+ when: not skip_instances
+ async: 7200
+ poll: 0
+
+ - name: Wait for instance(s) deletion to complete
+ async_status:
+ jid: "{{ item.ansible_job_id }}"
+ register: ec2_jobs
+ until: ec2_jobs.finished
+ retries: 300
+ with_items: "{{ server.results }}"
+
+ # Mandatory configuration for Molecule to function.
+
+ - name: Populate instance config
+ set_fact:
+ instance_conf: {}
+
+ - name: Dump instance config
+ copy:
+ content: "{{ instance_conf | to_json | from_json | molecule_to_yaml | molecule_header }}"
+ dest: "{{ molecule_instance_config }}"
+ when: server.changed | bool
diff --git a/molecule/ec2-centos-7/molecule.yml b/molecule/ec2-centos-7/molecule.yml
new file mode 100644
index 0000000..047424f
--- /dev/null
+++ b/molecule/ec2-centos-7/molecule.yml
@@ -0,0 +1,22 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: ec2
+platforms:
+ - name: centos-7-unifi
+ image: ami-04cf43aca3e6f3de3
+ instance_type: t2.micro
+ vpc_subnet_id: subnet-9b6896f1
+lint:
+ name: yamllint
+ enabled: False
+provisioner:
+ name: ansible
+ lint:
+ name: ansible-lint
+ enabled: False
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
diff --git a/molecule/ec2-centos-7/playbook.yml b/molecule/ec2-centos-7/playbook.yml
new file mode 100644
index 0000000..2332ef5
--- /dev/null
+++ b/molecule/ec2-centos-7/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+ hosts: all
+ roles:
+ - role: xoxys.unifi
diff --git a/molecule/ec2-centos-7/prepare.yml b/molecule/ec2-centos-7/prepare.yml
new file mode 100644
index 0000000..ddb01fb
--- /dev/null
+++ b/molecule/ec2-centos-7/prepare.yml
@@ -0,0 +1,9 @@
+---
+- name: Prepare
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Install python for Ansible
+ raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-zipstream)
+ become: true
+ changed_when: false
diff --git a/molecule/ec2-centos-7/tests/test_default.py b/molecule/ec2-centos-7/tests/test_default.py
new file mode 100644
index 0000000..9ae3c64
--- /dev/null
+++ b/molecule/ec2-centos-7/tests/test_default.py
@@ -0,0 +1,20 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+import warnings
+warnings.filterwarnings("ignore", category=DeprecationWarning)
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_unifi_running_and_enabled(host):
+ unifi = host.service("unifi")
+ assert unifi.is_running
+ assert unifi.is_enabled
+
+
+def test_unifi_socket(host):
+ # Verify the socket is listening for HTTP traffic
+ assert host.socket("tcp://0.0.0.0:8443").is_listening
diff --git a/molecule/pytest.ini b/molecule/pytest.ini
new file mode 100644
index 0000000..c24fe5b
--- /dev/null
+++ b/molecule/pytest.ini
@@ -0,0 +1,3 @@
+[pytest]
+filterwarnings =
+ ignore::DeprecationWarning
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..cdcc608
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,5 @@
+---
+- src: https://gitea.rknet.org/ansible/xoxys.mongodb.git
+ name: xoxys.mongodb
+ scm: git
+ version: master
diff --git a/tasks/install.yml b/tasks/install.yml
index 01b8d1c..2bc39d1 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -5,7 +5,6 @@
state: directory
owner: "{{ unifi_user }}"
group: "{{ unifi_group }}"
- recurse: True
loop:
- "{{ unifi_base_dir }}"
- "{{ unifi_base_dir }}/{{ unifi_version }}"
@@ -29,10 +28,10 @@
- name: Cleanup
file:
path: /tmp/UniFi.unix.zip
- state: absent
+ state:
+ when: unifi_version is version(unifi_current_version, ">") or unifi_current_version is version('0.0.0', "=")
become: True
become_user: "{{ unifi_user }}"
- when: unifi_version is version(unifi_current_version, ">") or unifi_current_version is version('0.0.0', "=")
- block:
- name: Remove data folder from new version
@@ -97,21 +96,5 @@
dest: "/etc/systemd/system/unifi.service"
mode: 0644
notify: __unifi_restart
-
- - name: Ensure service is up and running
- systemd:
- state: started
- daemon_reload: yes
- enabled: yes
- name: unifi
-
- - name: Set current version to custom fact
- template:
- src: etc/ansible/facts.d/unifi.fact.j2
- dest: /etc/ansible/facts.d/unifi.fact
- mode: 0644
- owner: root
- group: root
- when: unifi_version is version(unifi_current_version, ">") or unifi_current_version is version('0.0.0', "=")
become: True
become_user: root
diff --git a/tasks/main.yml b/tasks/main.yml
index 431c31a..651ce35 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,5 +6,4 @@
- import_tasks: tls.yml
when: unifi_tls_enabled
tags: tls_renewal
-- import_tasks: nginx.yml
- when: unifi_nginx_vhost_enabled
+- include_tasks: post.yml
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
deleted file mode 100644
index d77aaad..0000000
--- a/tasks/nginx.yml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-- block:
- - name: Copy certs and private key to nginx proxy
- copy:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: "{{ item.mode }}"
- loop:
- - { src: "{{ unifi_tls_key_source }}", dest: '/etc/pki/tls/private/{{ unifi_nginx_tls_key_file }}', mode: '0600' }
- - { src: "{{ unifi_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ unifi_nginx_tls_cert_file }}', mode: '0750' }
- loop_control:
- label: "{{ item.dest }}"
- notify: __nginx_reload
- delegate_to: "{{ unifi_nginx_server }}"
- when: unifi_nginx_tls_enabled
- become: True
- become_user: root
- tags: tls_renewal
-
-- block:
- - name: Add vhost configuration file
- template:
- src: nginx/vhost.j2
- dest: "{{ unifi_nginx_vhost_dir }}/unifi"
- owner: root
- group: root
- mode: 0640
- notify: __nginx_reload
-
- - name: Enable unifi vhost
- file:
- src: "{{ unifi_nginx_vhost_dir }}/unifi"
- dest: "{{ unifi_nginx_vhost_symlink }}/unifi"
- owner: root
- group: root
- state: link
- notify: __nginx_reload
- when: unifi_nginx_vhost_symlink is defined
-
- - name: Open ports in iptables
- iptables_raw:
- name: allow_unifi_nginx_proxy
- state: present
- rules: '-A OUTPUT -m state --state NEW -p tcp -d {{ unifi_server_ip }} --dport {{ unifi_server_port }} -j ACCEPT'
- when: unifi_nginx_iptables_enabled
- delegate_to: "{{ unifi_nginx_server }}"
- become: True
- become_user: root
diff --git a/tasks/post.yml b/tasks/post.yml
new file mode 100644
index 0000000..7ec9691
--- /dev/null
+++ b/tasks/post.yml
@@ -0,0 +1,19 @@
+---
+- block:
+ - name: Ensure service is up and running
+ systemd:
+ state: started
+ daemon_reload: yes
+ enabled: yes
+ name: unifi
+
+ - name: Set current version to custom fact
+ template:
+ src: etc/ansible/facts.d/unifi.fact.j2
+ dest: /etc/ansible/facts.d/unifi.fact
+ mode: 0644
+ owner: root
+ group: root
+ when: unifi_version is version(unifi_current_version, ">") or unifi_current_version is version('0.0.0', "=")
+ become: True
+ become_user: root
diff --git a/tasks/storage.yml b/tasks/storage.yml
index e56a8e2..8d1dc82 100644
--- a/tasks/storage.yml
+++ b/tasks/storage.yml
@@ -4,6 +4,7 @@
lvg:
vg: "{{ unifi_lvm_vg }}"
pvs: "{{ unifi_lvm_pvs|join(',') }}"
+ pesize: "4"
- name: Create logical volume '{{ unifi_lvm_lv }}'
lvol:
diff --git a/tasks/tls.yml b/tasks/tls.yml
index fb7f78f..ef3f20b 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -14,7 +14,7 @@
become_user: root
- block:
- - name: Copy certs and private key (file)
+ - name: Copy certs and private key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@@ -24,21 +24,7 @@
- { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
loop_control:
label: "{{ item.dest }}"
- register: __unifi_certs_file
- when: unifi_tls_source_use_files
-
- - name: Copy certs and private key (content)
- copy:
- content: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: "{{ item.mode }}"
- loop:
- - { src: "{{ unifi_tls_key_source }}", dest: '{{ unifi_tls_key_file }}', mode: '0600' }
- - { src: "{{ unifi_tls_cert_source }}", dest: '{{ unifi_tls_cert_file }}', mode: '0750' }
- loop_control:
- label: "{{ item.dest }}"
- register: __unifi_certs_content
- when: unifi_tls_source_use_content
+ register: __unifi_tls
- name: Set internal control variables
set_fact:
@@ -85,6 +71,6 @@
file:
path: "{{ __unifi_pkcs12_path }}"
state: absent
+ when: __unifi_tls.changed
become: True
become_user: "{{ unifi_user }}"
- when: __unifi_certs_file.changed or __unifi_certs_content.changed
diff --git a/templates/nginx/vhost.j2 b/templates/nginx/vhost.j2
deleted file mode 100644
index 67396b0..0000000
--- a/templates/nginx/vhost.j2
+++ /dev/null
@@ -1,46 +0,0 @@
-#jinja2: lstrip_blocks: True
-# {{ ansible_managed }}
-upstream backend_unifi {
- server {{ unifi_server_ip }}:{{ unifi_server_port }};
-}
-
-server {
- listen 80;
- server_name {{ unifi_server_name }};
-
- {% if unifi_nginx_tls_enabled %}
- return 301 https://$server_name$request_uri;
- {% else %}
- location / {
- proxy_pass https://backend_unifi;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
- {% endif %}
-}
-
-{% if unifi_nginx_tls_enabled %}
-server {
- listen 443 ssl;
- server_name {{ unifi_server_name }};
-
- location / {
- proxy_pass https://backend_unifi;
-
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Host $server_name;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- }
-
- ssl_certificate /etc/pki/tls/certs/{{ unifi_nginx_tls_cert_file }};
- ssl_certificate_key /etc/pki/tls/private/{{ unifi_nginx_tls_key_file }};
-}
-{% endif %}