From: Christian Pointner Date: Sat, 12 Jan 2019 22:47:06 +0000 (+0100) Subject: Merge pull request #52 from realraum/preseed/disk-selection X-Git-Url: https://git.realraum.at/?p=noc.git;a=commitdiff_plain;h=6b61708de3c8da34308aa7b4bf7e5694fcf7c8fe;hp=21bf2a6af24fc93a3eb0d12d09f10e866a1b39f6 Merge pull request #52 from realraum/preseed/disk-selection preseed/install: make disk selection work with udev device paths --- diff --git a/.travis.yml b/.travis.yml index a12dac9..5b34819 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,6 @@ --- sudo: no +language: python addons: apt: packages: @@ -10,7 +11,15 @@ addons: - libtext-markdown-discount-perl - libtext-typography-perl -script: make -C doc +install: + - pip install ansible + - pip install ansible-lint + - ansible --version + - ansible-lint --version + +script: + - ansible/lint.sh + - make -C doc deploy: provider: pages diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint new file mode 100644 index 0000000..e8b9c8f --- /dev/null +++ b/ansible/.ansible-lint @@ -0,0 +1,15 @@ +skip_list: + # These default rules (https://docs.ansible.com/ansible-lint/rules/default_rules.html) are deactivated: + # + # This list must contain only strings, so put the rule numbers in quotes + # + # Lines can be big and beautiful and don't need no linter! + - "204" + # Currently buggy in 4.0.0: https://github.com/ansible/ansible-lint/issues/443 + - "404" + # Not a concern for us (internet is either stable or down, retries won't change that): + - "405" + # Our roles are generally not intended to go on Ansible Galaxy + - "701" + - "703" + - "704" diff --git a/ansible/README.md b/ansible/README.md index a020642..a8b88a4 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -40,6 +40,25 @@ ansible-playbook foo.yml ./apply-role.sh servers base -C -D ``` +ansible-lint +------------ + +We use ansible-lint to check all roles when changes are pushed to Github. +Some rules have been globally disabled. See [.ansible-lint](/ansible/.ansible-lint) +for a list of all disabled rules. If ansible-lint produces a false positive for +a specific task you can disable it by adding the following to the task: + +``` + tags: + - skip_ansible_lint +``` + +For now only roles and no playbooks are checked. Every role must be manually added +to the generic playbook [_lint_roles.yml](/ansible/_lint_roles.yml) in order to be +included. +If an entire role should be skipped please add it to the playbook commented out +and supply a reason why this role must be skipped. + Local ssh config ---------------- diff --git a/ansible/_lint_roles.yml b/ansible/_lint_roles.yml new file mode 100644 index 0000000..9fb4482 --- /dev/null +++ b/ansible/_lint_roles.yml @@ -0,0 +1,21 @@ +--- +## +## This playbook is only used by ansible-lint to test all roles +## +## If a role shouldn't be checked, add it commented-out and document a +## reason why it is not included in this list +## +- hosts: invalid_host_name_by_design + roles: + - base + - debian-installer + - localconfig + - openwrt/image + - preseed + - reboot-and-wait + - usb-install + - vm/grub + - vm/guest + - vm/host + - vm/install + - vm/network diff --git a/ansible/lint.sh b/ansible/lint.sh new file mode 100755 index 0000000..17326af --- /dev/null +++ b/ansible/lint.sh @@ -0,0 +1,3 @@ +#!/bin/bash +cd "${BASH_SOURCE%/*}/" +exec ansible-lint _lint_roles.yml diff --git a/ansible/roles/base/tasks/01ssh.yml b/ansible/roles/base/tasks/01ssh.yml index 7e9eab5..c7d1215 100644 --- a/ansible/roles/base/tasks/01ssh.yml +++ b/ansible/roles/base/tasks/01ssh.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: generate list of users allowed to login via ssh + set_fact: sshd_allowusers: >- {{ [ 'root' ] | union(user_groups.noc) | union(sshd_allowusers_group | default([])) diff --git a/ansible/roles/openwrt/image/tasks/fetch.yml b/ansible/roles/openwrt/image/tasks/fetch.yml index f68c87d..66a5657 100644 --- a/ansible/roles/openwrt/image/tasks/fetch.yml +++ b/ansible/roles/openwrt/image/tasks/fetch.yml @@ -48,5 +48,7 @@ - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - - fail: + + - name: the download has failed... + fail: msg: Something borked diff --git a/ansible/roles/openwrt/image/tasks/main.yml b/ansible/roles/openwrt/image/tasks/main.yml index 1781d9e..92e36c8 100644 --- a/ansible/roles/openwrt/image/tasks/main.yml +++ b/ansible/roles/openwrt/image/tasks/main.yml @@ -11,7 +11,8 @@ path: "{{ openwrt_output_dir }}" state: directory - - set_fact: + - name: generate list of packages to add or remove + set_fact: openwrt_packages: >- {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} {{ openwrt_packages_add | join(' ') }} diff --git a/ansible/roles/openwrt/image/tasks/prepare.yml b/ansible/roles/openwrt/image/tasks/prepare.yml index 3414371..a3ab711 100644 --- a/ansible/roles/openwrt/image/tasks/prepare.yml +++ b/ansible/roles/openwrt/image/tasks/prepare.yml @@ -4,7 +4,8 @@ state: directory register: tmpdir -- set_fact: +- name: set variables needed to build images + set_fact: openwrt_imgbuilder_dir: "{{ tmpdir.path }}" openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" @@ -19,7 +20,19 @@ - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" -- name: Copy mixins in place [1/2] +- name: Copy mixins in place [1/3] + file: + dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" + src: "{{ item.value.link }}" + force: yes + follow: no + state: link + with_dict: "{{ openwrt_mixin }}" + when: '"link" in item.value' + loop_control: + label: "{{ item.key }}" + +- name: Copy mixins in place [2/3] copy: src: "{{ item.value.file }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" @@ -29,7 +42,7 @@ loop_control: label: "{{ item.key }}" -- name: Copy mixins in place [2/2] +- name: Copy mixins in place [3/3] copy: content: "{{ item.value.content }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" @@ -83,7 +96,8 @@ trim_blocks: yes when: openwrt_groups is defined or openwrt_users is defined -- unarchive: +- name: extract image builder tarball + unarchive: copy: False src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" dest: "{{ openwrt_imgbuilder_dir }}" diff --git a/ansible/roles/preseed/tasks/main.yml b/ansible/roles/preseed/tasks/main.yml index 51471c5..3575d29 100644 --- a/ansible/roles/preseed/tasks/main.yml +++ b/ansible/roles/preseed/tasks/main.yml @@ -23,3 +23,5 @@ stdin: | preseed.cfg authorized_keys + tags: + - skip_ansible_lint diff --git a/ansible/roles/reboot-and-wait/tasks/main.yml b/ansible/roles/reboot-and-wait/tasks/main.yml index e648f0a..18ae270 100644 --- a/ansible/roles/reboot-and-wait/tasks/main.yml +++ b/ansible/roles/reboot-and-wait/tasks/main.yml @@ -3,6 +3,8 @@ async: 1 poll: 0 ignore_errors: true + tags: + - skip_ansible_lint - name: waiting for host to come back wait_for_connection: