ansible init

2020-09-27 20:24:51 +02:00 · 2020-09-27 20:24:51 +02:00 · 9df47229c7
commit 9df47229c7
parent 991a221b20
7 changed files with 93 additions and 45 deletions
--- a/.ansible/inventory
+++ b/.ansible/inventory
@ -0,0 +1,10 @@
 [all:vars]
 ansible_user='debian'
 ansible_become=yes
 ansible_become_method=sudo
 ansible_python_interpreter='/usr/bin/env python3'
 project='CyfroweAukcje'
 main_packages="vim, vim-common, curl, wget"
 [servers]
 # example1 ansible_host=ip ansible_port=65522
--- a/.ansible/playbook.yml
+++ b/.ansible/playbook.yml
@ -0,0 +1,39 @@
 ---
 - name: System preconfiguration
  hosts: all
  tasks:
    - name: Prepare motd
      template:
        src: templates/motd.jinja
        dest: /etc/motd
    - name: Trusted ca
      template:
        src: templates/trusted-user-ca-keys.pem
        dest: /etc/ssh/trusted-user-ca-keys.pem
    - name: Configure sshd
      template:
        src: templates/sshd_config
        dest: /etc/ssh/sshd_config
    - name: Restart sshd service
      systemd: 
        name: sshd
        state: reloaded
 - name: Upgrade system
  hosts: all
  tasks:
    - name: Update apt-get repo and cache
      apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
    - name: Upgrade all apt packages
      apt: upgrade=dist force_apt_get=yes
    - name: Remove dependencies that are no longer required
      apt:
        autoremove: yes
 - name: Install my packages
  hosts: all
  tasks:
    - name: Install main packages
      apt:
        name: "{{ main_packages }}"
        state: present
--- a/.ansible/templates/motd.jinja
+++ b/.ansible/templates/motd.jinja
@ -0,0 +1,14 @@
               _____
              /     \
              vvvvvvv  /|__/|
                 I   /O,O   |
                 I /_____   |      /|/|
                J|/^ ^ ^ \  |    /00  |    _//|
                 |^ ^ ^ ^ |W|   |/^^\ |   /oo |
                  \m___m__|_|    \m_m_|   \mm_|
 ======================================:  cynarski.dev
 Development by ansible for {{project}}
 ====================================================:
--- a/.ansible/templates/sshd_config
+++ b/.ansible/templates/sshd_config
@ -0,0 +1,9 @@
 Port 65522
 PasswordAuthentication no
 ChallengeResponseAuthentication yes
 UsePAM yes
 X11Forwarding yes
 PrintMotd no
 AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
--- a/.ansible/templates/trusted-user-ca-keys.pem
+++ b/.ansible/templates/trusted-user-ca-keys.pem
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCazcKMgWAnC5ignX4kt1gjVmZ/L0Sl+SYVn7UIIIydwFdmnlpEjzC4leZegSHTgb8VmhPGFzsM6wLw7zNr2cW2J32q4RtScaez1lU6+fApX3SNWu5kUPsuraNWoQTbWjEQKRyHae8B/F2L8lsirRflgIe9qtUMVFAZBJppsKIjPMACGCTo++Dp+VJT7pseXyx7BEHee582xZi1SJVvlDFsPaWJja/aEhJZSlryBRGF/1tkRsOG98XID0jaNKcBDPN199ZKsrZDG18Sw33GG7qaVMQubMJrJ7uTD1wzgFRBqcU4/XC4HLpD+2klrel67lAphuCqQVWpmTuZwEVlieexywsMrYliV7X+aMBVE5lC0z7oi/f1slV1XAAc4VpCF1yQS5VuCJmaXNYFMSp9GNPLU1pIW5hmBanfVRDk1m6UIyK7rlA15jtb8A/cRexAvcmmPG7tyzWFh3hTrsNpYxUEvcqbg2MFnbDRmpyfQ+Qd/nybIuyGhoviTzxRUeH+NNm4Zss8eZoR0SS//QL1wQjKhpQ5v75gHALrPoISsA/mWVI3wkMbCCdZekwLuqzmuKp9UmlNYTWuHK/+GJLrK7mOMHf/EzMEQ0rNzp4l/7/quoxFwjvPecUg1tr6L9KaFWLUUPeA2yLQccn9hoiKczLElXlt+gVksye5JPUbUFfkKQ==
--- a/.drone.yml
+++ b/.drone.yml
@ -2,34 +2,28 @@ kind: pipeline
 name: default
 steps:
- name: terratest
+- name: check ansible syntax
-  image: plugins/docker
+  image: paramah/drone-ansible
  settings:
-    username:
+    playbook: .ansible/playbook.yml
-      from_secret: hub_username
+    inventory: .ansible/inventory
-    password:
+    syntax_check: true
      from_secret: hub_password
    repo:
      from_secret: hub_repo
    tags: latest
  when:
-    branch:
+    event:
-      - master
+    - pull_request
    - push
- name: notify
+- name: apply ansible playbook
-  image: appleboy/drone-telegram
+  image: paramah/drone-ansible
  environment:
    ANSIBLE_STRATEGY_PLUGINS: /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
    ANSIBLE_STRATEGY: mitogen_linear
  settings:
-    token:
+    playbook: .ansible/playbook.yml
-      from_secret: telegram_bot_token
+    inventory: .ansible/inventory
-    to:
+    private_key:
-      from_secret: telegram_group_id
+      from_secret: ansible_private_key
-    message: >
+    verbose: 1
      {{#success build.status}}
        build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} succeeded
      {{else}}
        build {{build.link}} triggerd by {{commit.link}} from {{commit.author}} failed
      {{/success}}
  when:
-    status:
+    event:
-      - success
+    - tag
      - failure
--- a/TERRATEST_DEPLOY.md
+++ b/TERRATEST_DEPLOY.md
@ -1,19 +0,0 @@
 # Drone docker deploy
 ## Użycie
 ```
 cat ${args[0]} |awk -F\= '{system("drone secret add --repository='${args[1]}' --name="$1 "  --data="$2)}'
 ```
 Wymagane zmienne:
 ```
 hub_username=
 hub_password=
 hub_repo=
 telegram_bot_token=
 telegram_group_id=
 ```
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCazcKMgWAnC5ignX4kt1gjVmZ/L0Sl+SYVn7UIIIydwFdmnlpEjzC4leZegSHTgb8VmhPGFzsM6wLw7zNr2cW2J32q4RtScaez1lU6+fApX3SNWu5kUPsuraNWoQTbWjEQKRyHae8B/F2L8lsirRflgIe9qtUMVFAZBJppsKIjPMACGCTo++Dp+VJT7pseXyx7BEHee582xZi1SJVvlDFsPaWJja/aEhJZSlryBRGF/1tkRsOG98XID0jaNKcBDPN199ZKsrZDG18Sw33GG7qaVMQubMJrJ7uTD1wzgFRBqcU4/XC4HLpD+2klrel67lAphuCqQVWpmTuZwEVlieexywsMrYliV7X+aMBVE5lC0z7oi/f1slV1XAAc4VpCF1yQS5VuCJmaXNYFMSp9GNPLU1pIW5hmBanfVRDk1m6UIyK7rlA15jtb8A/cRexAvcmmPG7tyzWFh3hTrsNpYxUEvcqbg2MFnbDRmpyfQ+Qd/nybIuyGhoviTzxRUeH+NNm4Zss8eZoR0SS//QL1wQjKhpQ5v75gHALrPoISsA/mWVI3wkMbCCdZekwLuqzmuKp9UmlNYTWuHK/+GJLrK7mOMHf/EzMEQ0rNzp4l/7/quoxFwjvPecUg1tr6L9KaFWLUUPeA2yLQccn9hoiKczLElXlt+gVksye5JPUbUFfkKQ==