Initial commit

1c91521b · Stephane Armanet · 1c91521b · 1c91521b · 1c91521b · 1c91521b
Commit 1c91521b authored 3 years ago by Stephane Armanet
--- a/.ansible-lint
+++ b/.ansible-lint
+exclude_paths:
+  - molecule/default/create.yml
+skip_list:
+  - '602'
+  - '204'
+  - '106'
--- a/.flake8
+++ b/.flake8
+[flake8]
+ignore = E501,W503,E203,E402
--- a/.gitignore
+++ b/.gitignore
+.molecule
+.vagrant
+.cache
+*.swp
+.DS_Store
+__pycache__
+*.pyc
+.vault_pass
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+---
+include: 'https://gitlab.esss.lu.se/ics-infrastructure/gitlab-ci-yml/raw/master/Molecule.gitlab-ci.yml'
--- a/.yamllint
+++ b/.yamllint
+---
+extends: default
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  # NOTE(retr0h): Templates no longer fail this lint rule.
+  #               Uncomment if running old Molecule templates.
+  # truthy: disable
--- a/LICENSE
+++ b/LICENSE
+BSD 2-Clause License
+Copyright (c) 2018, European Spallation Source ERIC
+All rights reserved.
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/README.md
+++ b/README.md
+ics-ans-role-nx-terminalsrv
+===========================
+Ansible role to install nomachine-node
+This role install the nomachine terminal node 
+Requirements
+------------
+- ansible >= 2.4
+- molecule >= 2.6
+Role Variables
+--------------
+```yaml
+nx_terminalsrv_rpm: http://artifactory.esss.lu.se/artifactory/swi-pkg/nomachine/nomachine-terminal-server_6.4.6_1_x86_64.rpm
+```
+NoMachine is not installed from the rpm-ics repository because the nomachine (free) and nomachine-terminal-server RPMs conflict otherwise.
+nomachine-terminal-server would always take precedence.
+Example Playbook
+----------------
+```yaml
+- hosts: servers
+  roles:
+    - role: ics-ans-role-nx-terminalsrv
+```
+License
+-------
+BSD 2-clause
--- a/defaults/main.yml
+++ b/defaults/main.yml
+---
+# NoMachine is not installed from the rpm-ics repository because the nomachine (free)
+# and nomachine-terminal-server RPMs conflict otherwise.
+# nomachine-terminal-server would always take precedence.
+nomachine_terminalsrv_rpm: https://artifactory.esss.lu.se/artifactory/swi-pkg/nomachine/nomachine-enterprise-terminal-server_7.3.2_1_x86_64.rpm
+nomachine_node_rpm: https://artifactory.esss.lu.se/artifactory/swi-pkg/nomachine/nomachine-enterprise-terminal-server_7.3.2_1_x86_64.rpm
+desktop_base_xfce_profile_reset: false
+desktop_base_xfce_profile: "1screen"
+nomachine_monitoring_scripts_url: https://gitlab.esss.lu.se/ics-infrastructure/devops-scripts/-/raw/master/nomachine/
+nomachine_monitoring_scripts:
+  - nomachine_stats
+  - cpu_per_nomachine_user
+  - memory_per_user
+node_exporter_textfile_dir: /var/lib/node_exporter/
--- a/handlers/main.yml
+++ b/handlers/main.yml
+---
+- name: create_nxlogfile
+  file:
+    path: /var/log/nxserver.log
+    owner: nx
+    group: nx
+    mode: 0666
+    state: touch
+- name: restart_nx
+  service:
+    name: nxserver.service
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+galaxy_info:
+  author: Stephane Armanet
+  company: European Spallation Source ERIC
+  description: Ansible role to install nx-terminalsrv.
+  license: BSD
+  min_ansible_version: 2.4
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+dependencies:
+  - role: ics-ans-role-desktop-base
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
+---
+- name: Converge
+  hosts: all
+  become: true
+  roles:
+    - role: ics-ans-role-nomachine-node
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
+---
+dependency:
+  name: galaxy
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      default_group:
+      nomachine_nodes:
+scenario:
+  name: default
+verifier:
+  name: testinfra
+driver:
+  name: vagrant
+  provider:
+    name: virtualbox
+platforms:
+  - name: nomachine-node
+    box: centos/7
+    memory: 512
+    cpus: 1
+    instance_raw_config_args:
+      - "vbguest.auto_update = false"
+    groups:
+      - default_group
+      - nomachine_nodes
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
+---
+- name: Prepare
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Install python for Ansible
+      raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+      become: true
+      changed_when: false
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
+---
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-repository.git
+- src: git+https://gitlab.esss.lu.se/ics-ansible-galaxy/ics-ans-role-desktop-base.git
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
+import os
+import testinfra.utils.ansible_runner
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+def test_nx(host):
+    # TODO: implement at least a test
+    service = host.service("nxserver")
+    assert service.is_running
+    assert service.is_enabled
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+- name: install nomachine node and RDP client
+  yum:
+    name:
+      - "{{ nomachine_node_rpm }}"
+      - freerdp.x86_64
+      - remmina.x86_64
+      - remmina-plugins-rdp.x86_64
+    state: present
+  tags: setup
+- name: setup nx node
+  template:
+    src: nx_node.cfg
+    dest: /usr/NX/etc/node.cfg
+    owner: nx
+    group: nx
+    mode: 0644
+  notify: restart_nx
+- name: setup nx desktop
+  template:
+    src: start-desktop
+    dest: /usr/local/bin/start-desktop
+    owner: root
+    group: root
+    mode: 0755
+  when: "'nomachine_nodes' not in group_names"
+- name: copy monitoring scripts to extend node_exporter for nomachine
+  get_url:
+    url: "{{ nomachine_monitoring_scripts_url }}/{{ item }}"
+    dest: "/usr/local/bin/{{ item }}"
+    mode: 0755
+  loop: "{{ nomachine_monitoring_scripts }}"
+- name: setup crontab to collect nomachine metrics
+  cron:
+    name: "{{ item }}"
+    minute: "*"
+    job: "/usr/local/bin/{{ item }} > {{ node_exporter_textfile_dir }}/{{ item }}.prom"
+    user: root
+    cron_file: /etc/crontab
+  loop: "{{ nomachine_monitoring_scripts }}"
--- a/templates/after_session
+++ b/templates/after_session
+#!/bin/bash
+echo "############## `date`  ##############" >> /tmp/session.log
+sudo /usr/local/bin/unset_user_iptables $2 >> /tmp/session.log 2>&1
--- a/templates/before_session
+++ b/templates/before_session
+#!/bin/bash
+sudo /usr/local/bin/set_user_iptables $2 >> /tmp/session.log 2>&1
--- a/templates/nx_node.cfg
+++ b/templates/nx_node.cfg
+# {{ ansible_managed }}
+ConfigFileVersion 4.0
+SessionLogLevel 6
+SystemLogFile /var/log/nxserver.log
+DefaultDesktopCommand "/usr/local/bin/start-desktop"
+AvailableSessionTypes unix-remote,unix-console,unix-default,unix-application,physical-desktop,shadow,unix-xsession-default,unix-gnome,unix-xdm,vnc,windows
+EnableDiskSharing both
+EnableSmartcardSharing 1
+AudioInterface pulseaudio
+CommandStartPulseAudio "/usr/bin/pulseaudio --high-priority=no"
+EnableCUPSSupport 1
+CUPSBinPath /usr/bin
+CUPSSbinPath /usr/sbin
+CUPSBackendPath /usr/lib/cups/backend
+EnableSMBFSSupport 0
+CommandStartGnome "/usr/local/bin/start-desktop"
+CommandStartKDE "/usr/local/bin/start-desktop"
+CommandStartRFB "/usr/bin/xtigervncviewer -FullScreen"
+CommandStartRDP "/bin/xfreerdp --no-nla -f -a 16 "
+CommandFuser /bin/fuser
+CommandLsof /usr/bin/lsof
+CommandXdpyInfo /usr/bin/xdpyinfo
+CommandXmodmap /usr/bin/xmodmap
+CommandXkbComp /usr/bin/xkbcomp
+EnableVirtualGLSupport 0
+DefaultXSession "/etc/X11/Xsession default"
+ClientConnectionMethods NX,SSH
+SSHAuthorizedKeys $(HOME)/.ssh/authorized_keys2
+DisplayServerThreads auto
+DisplayEncoderThreads auto
+DefaultConsole xterm
--- a/templates/nx_server.cfg
+++ b/templates/nx_server.cfg
+# {{ ansible_managed }}
+ConfigFileVersion 4.0
+SessionLogLevel 6
+SystemLogFile /var/log/nxserver.log
+ConnectionsLimit 30
+ConnectionsUserLimit 2
+VirtualDesktopsLimit 30
+VirtualDesktopsUserLimit 2
+EnablePersistentSession all
+EnableClipboard both
+EnableUserDB 0
+EnablePasswordDB 0
+ConnectPolicy autocreate=1,autoconnect=1,automigrate=1,desktop=0,dialog=1
+StartHTTPDaemon Automatic
+StartNXDaemon Automatic
+ClientConnectionMethods NX,SSH,HTTP
+SSHAuthorizedKeys authorized_keys2
+VirtualDesktopSharing 1
+VirtualDesktopMode 2
+VirtualDesktopAuthorization 1
+PhysicalDesktopSharing 0
+UserScriptBeforeSessionStart "/usr/local/bin/before_session"
+UserScriptAfterSessionClose "/usr/local/bin/after_session"
+UserScriptBeforeSessionReconnect "/usr/local/bin/before_session"
+AvailableSessionTypes unix-remote,unix-console,unix-default,unix-application,physical-desktop,shadow,unix-xsession-default,unix-gnome,unix-xdm,vnc,windows
+RunNodeMode 1
+EnableFirewallConfiguration 1
+EnableScreenLock 0