Initial commit

579eb1f9 · Benjamin Bertrand · 579eb1f9 · 579eb1f9 · 579eb1f9 · 579eb1f9
Commit 579eb1f9 authored 7 years ago by Benjamin Bertrand
--- a/.flake8
+++ b/.flake8
+[flake8]
+ignore = E501
--- a/.gitignore
+++ b/.gitignore
+.molecule
+.vagrant
+.cache
+*.swp
+.DS_Store
+__pycache__
+*.pyc
+playbook.retry
--- a/.yamllint
+++ b/.yamllint
+extends: default
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  # NOTE(retr0h): Templates no longer fail this lint rule.
+  #               Uncomment if running old Molecule templates.
+  # truthy: disable
--- a/LICENSE
+++ b/LICENSE
+BSD 2-Clause License
+Copyright (c) 2018, European Spallation Source ERIC
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/README.md
+++ b/README.md
+ics-ans-eee-mirror
+==================
+Ansible playbook to install an EEE server mirror (EPICS base, modules and startup directories).
+*/export/epics* and */export/startup* are exported via NFS in read-only mode.
+Requirements
+------------
+- ansible >= 2.4
+- molecule >= 2.6
+License
+-------
+BSD 2-clause
--- a/group_vars/eee_mirror
+++ b/group_vars/eee_mirror
+---
+nfs_server_exports:
+ - path: /export/epics
+   options: "*(async,ro,insecure,crossmnt)"
+ - path: /export/startup
+   options: "*(async,ro,insecure,crossmnt)"
--- a/molecule/default/Dockerfile.j2
+++ b/molecule/default/Dockerfile.j2
+# Molecule managed
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get upgrade -y && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum update -y && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper update -y && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; fi
--- a/molecule/default/create.yml
+++ b/molecule/default/create.yml
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_ephemeral_directory: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}"
+    molecule_scenario_directory: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+  tasks:
+    - name: Create Dockerfiles from image names
+      template:
+        src: "{{ molecule_scenario_directory }}/Dockerfile.j2"
+        dest: "{{ molecule_ephemeral_directory }}/Dockerfile_{{ item.image | regex_replace('[^a-zA-Z0-9_]', '_') }}"
+      with_items: "{{ molecule_yml.platforms }}"
+      register: platforms
+    - name: Discover local Docker images
+      docker_image_facts:
+        name: "molecule_local/{{ item.item.name }}"
+      with_items: "{{ platforms.results }}"
+      register: docker_images
+    - name: Build an Ansible compatible image
+      docker_image:
+        path: "{{ molecule_ephemeral_directory }}"
+        name: "molecule_local/{{ item.item.image }}"
+        dockerfile: "{{ item.item.dockerfile | default(item.invocation.module_args.dest) }}"
+        force: "{{ item.item.force | default(true) }}"
+      with_items: "{{ platforms.results }}"
+      when: platforms.changed or docker_images.results | map(attribute='images') | select('equalto', []) | list | count >= 0
+    - name: Create docker network(s)
+      docker_network:
+        name: "{{ item }}"
+        state: present
+      with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}"
+    - name: Create molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        hostname: "{{ item.name }}"
+        image: "molecule_local/{{ item.image }}"
+        state: started
+        recreate: false
+        log_driver: json-file
+        command: "{{ item.command | default('bash -c \"while true; do sleep 10000; done\"') }}"
+        privileged: "{{ item.privileged | default(omit) }}"
+        volumes: "{{ item.volumes | default(omit) }}"
+        capabilities: "{{ item.capabilities | default(omit) }}"
+        exposed_ports: "{{ item.exposed_ports | default(omit) }}"
+        published_ports: "{{ item.published_ports | default(omit) }}"
+        ulimits: "{{ item.ulimits | default(omit) }}"
+        networks: "{{ item.networks | default(omit) }}"
+        dns_servers: "{{ item.dns_servers | default(omit) }}"
+        tmpfs: "{{ item.tmpfs | default(omit) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+    - name: Wait for instance(s) creation to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"
--- a/molecule/default/destroy.yml
+++ b/molecule/default/destroy.yml
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  vars:
+    molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}"
+    molecule_yml: "{{ lookup('file', molecule_file) | molecule_from_yaml }}"
+  tasks:
+    - name: Destroy molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        state: absent
+        force_kill: "{{ item.force_kill | default(true) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+    - name: Wait for instance(s) deletion to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"
+    - name: Delete docker network(s)
+      docker_network:
+        name: "{{ item }}"
+        state: absent
+      with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
+---
+dependency:
+  name: galaxy
+  options:
+    role-file: roles/requirements.yml
+lint:
+  name: yamllint
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  playbooks:
+    converge: ../../playbook.yml
+  inventory:
+    group_vars:
+      eee_mirror:
+scenario:
+  name: default
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+driver:
+  name: docker
+platforms:
+  - name: ics-ans-eee-mirror-default
+    image: registry.esss.lu.se/ics-docker/centos-systemd:7
+    capabilities:
+      - SYS_ADMIN
+    tmpfs:
+      - /run
+    command: /sbin/init
+    groups:
+      - eee_mirror
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
+---
+- name: Prepare
+  hosts: all
+  gather_facts: false
+  tasks: []
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
+import os
+import pytest
+import testinfra.utils.ansible_runner
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('eee_mirror')
+def test_eee_local_directories(host):
+    for item in ('/export/epics/modules',
+                 '/export/startup/boot'):
+        directory = host.file(item)
+        assert directory.is_directory
+        assert directory.user == 'ess'
+@pytest.mark.parametrize('service', [
+    'nfs-server',
+    'rpcbind',
+    'rsync-epics.service',
+    'rsync-startup.service'])
+def test_service_is_enabled(host, service):
+    host.service(service).is_enabled
--- a/playbook.yml
+++ b/playbook.yml
+---
+- hosts: eee_mirror
+  become: true
+  roles:
+    - role: ics-ans-role-repository
+    - role: ics-ans-role-rsync-client
+    - role: ics-ans-role-nfs-server
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
+---
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-repository.git
+  version: v0.6.1
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-rsync-client.git
+  version: v0.2.0
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-nfs-server.git
+  version: v0.5.0