wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-02 18:13:13 +02:00
Code Issues Projects Releases Wiki Activity

Move to ansible-2.4.3

Browse source
This commit is contained in:
Jack Ivanov 2018-02-16 19:33:19 +03:00
parent 4da752b603
commit 80abc9b4f5
14 changed files with 108 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
deploy.yml
View file

@ -7,11 +7,11 @@
pre_tasks:
- block:
- name: Local pre-tasks
include: playbooks/local.yml
include_tasks: playbooks/local.yml
tags: [ 'always' ]
- name: Local pre-tasks
include: playbooks/local_ssh.yml
include_tasks: playbooks/local_ssh.yml
become: false
when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y"
tags: [ 'local' ]
@ -31,7 +31,7 @@
post_tasks:
- block:
- name: Local post-tasks
include: playbooks/post.yml
include_tasks: playbooks/post.yml
become: false
tags: [ 'cloud' ]
rescue:
@ -51,7 +51,7 @@
pre_tasks:
- block:
- name: Common pre-tasks
include: playbooks/common.yml
include_tasks: playbooks/common.yml
tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'local', 'pre' ]
rescue:
- debug: var=fail_hint

197
library/digital_ocean_tag.py
View file

@ -1,26 +1,25 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: digital_ocean_tag
short_description: Create and remove tag(s) to DigitalOcean resource.
description:
- Create and remove tag(s) to DigitalOcean resource.
author: "Victor Volle (@kontrafiktion)"
version_added: "2.2"
options:
name:
@ -31,9 +30,11 @@ options:
resource_id:
description:
- The ID of the resource to operate on.
- The data type of resource_id is changed from integer to string, from version 2.5.
aliases: ['droplet_id']
resource_type:
description:
- The type of resource to operate on. Currently only tagging of
- The type of resource to operate on. Currently, only tagging of
droplets is supported.
default: droplet
choices: ['droplet']
@ -65,7 +66,7 @@ EXAMPLES = '''
- name: tag a resource; creating the tag if it does not exists
digital_ocean_tag:
name: "{{ item }}"
resource_id: YYY
resource_id: "73333005"
state: present
with_items:
- staging
@ -74,7 +75,7 @@ EXAMPLES = '''
- name: untag a resource
digital_ocean_tag:
name: staging
resource_id: YYY
resource_id: "73333005"
state: absent
# Deleting a tag also untags all the resources that have previously been
@ -104,133 +105,90 @@ data:
}
'''
import json
import os
from traceback import format_exc
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import fetch_url
class Response(object):
def __init__(self, resp, info):
self.body = None
if resp:
self.body = resp.read()
self.info = info
@property
def json(self):
if not self.body:
if "body" in self.info:
return json.loads(self.info["body"])
return None
try:
return json.loads(self.body)
except ValueError:
return None
@property
def status_code(self):
return self.info["status"]
class Rest(object):
def __init__(self, module, headers):
self.module = module
self.headers = headers
self.baseurl = 'https://api.digitalocean.com/v2'
def _url_builder(self, path):
if path[0] == '/':
path = path[1:]
return '%s/%s' % (self.baseurl, path)
def send(self, method, path, data=None, headers=None):
url = self._url_builder(path)
data = self.module.jsonify(data)
resp, info = fetch_url(self.module, url, data=data, headers=self.headers, method=method)
return Response(resp, info)
def get(self, path, data=None, headers=None):
return self.send('GET', path, data, headers)
def put(self, path, data=None, headers=None):
return self.send('PUT', path, data, headers)
def post(self, path, data=None, headers=None):
return self.send('POST', path, data, headers)
def delete(self, path, data=None, headers=None):
return self.send('DELETE', path, data, headers)
from ansible.module_utils.digital_ocean import DigitalOceanHelper
from ansible.module_utils._text import to_native
def core(module):
try:
api_token = module.params['api_token'] or \
os.environ['DO_API_TOKEN'] or os.environ['DO_API_KEY']
except KeyError as e:
module.fail_json(msg='Unable to load %s' % e.message)
state = module.params['state']
name = module.params['name']
resource_id = module.params['resource_id']
resource_type = module.params['resource_type']
rest = Rest(module, {'Authorization': 'Bearer {}'.format(api_token),
'Content-type': 'application/json'})
rest = DigitalOceanHelper(module)
if state in ('present'):
if name is None:
module.fail_json(msg='parameter `name` is missing')
# Ensure Tag exists
response = rest.post("tags", data={'name': name})
# Check if api_token is valid or not
response = rest.get('account')
if response.status_code == 401:
module.fail_json(msg='Failed to login using api_token, please verify '
'validity of api_token')
if state == 'present':
response = rest.get('tags/{0}'.format(name))
status_code = response.status_code
json = response.json
if status_code == 201:
changed = True
elif status_code == 422:
resp_json = response.json
changed = False
if status_code == 200 and resp_json['tag']['name'] == name:
changed = False
else:
module.exit_json(changed=False, data=json)
# Ensure Tag exists
response = rest.post("tags", data={'name': name})
status_code = response.status_code
resp_json = response.json
if status_code == 201:
changed = True
elif status_code == 422:
changed = False
else:
module.exit_json(changed=False, data=resp_json)
if resource_id is None:
# No resource defined, we're done.
if json is None:
module.exit_json(changed=changed, data=json)
else:
module.exit_json(changed=changed, data=json)
module.exit_json(changed=changed, data=resp_json)
else:
# Tag a resource
url = "tags/{}/resources".format(name)
payload = {
'resources': [{
'resource_id': resource_id,
'resource_type': resource_type}]}
response = rest.post(url, data=payload)
if response.status_code == 204:
module.exit_json(changed=True)
# Check if resource is already tagged or not
found = False
url = "{0}?tag_name={1}".format(resource_type, name)
if resource_type == 'droplet':
url = "droplets?tag_name={0}".format(name)
response = rest.get(url)
status_code = response.status_code
resp_json = response.json
if status_code == 200:
for resource in resp_json['droplets']:
if not found and resource['id'] == int(resource_id):
found = True
break
if not found:
# If resource is not tagged, tag a resource
url = "tags/{0}/resources".format(name)
payload = {
'resources': [{
'resource_id': resource_id,
'resource_type': resource_type}]}
response = rest.post(url, data=payload)
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error tagging resource '{0}': {1}".format(resource_id, response.json["message"]))
else:
# Already tagged resource
module.exit_json(changed=False)
else:
module.fail_json(msg="error tagging resource '{}': {}".format(
resource_id, response.json["message"]))
elif state in ('absent'):
if name is None:
module.fail_json(msg='parameter `name` is missing')
# Unable to find resource specified by user
module.fail_json(msg=resp_json['message'])
elif state == 'absent':
if resource_id:
url = "tags/{}/resources".format(name)
url = "tags/{0}/resources".format(name)
payload = {
'resources': [{
'resource_id': resource_id,
'resource_type': resource_type}]}
response = rest.delete(url, data=payload)
else:
url = "tags/{}".format(name)
url = "tags/{0}".format(name)
response = rest.delete(url)
if response.status_code == 204:
module.exit_json(changed=True)
@ -252,7 +210,8 @@ def main():
try:
core(module)
except Exception as e:
module.fail_json(msg=str(e))
module.fail_json(msg=to_native(e), exception=format_exc())
if __name__ == '__main__':
main()

6
playbooks/common.yml
View file

@ -5,11 +5,11 @@
register: OS
- name: Ubuntu pre-tasks
include: ubuntu.yml
include_tasks: ubuntu.yml
when: '"Ubuntu" in OS.stdout'
- name: FreeBSD pre-tasks
include: freebsd.yml
include_tasks: freebsd.yml
when: '"FreeBSD" in OS.stdout'
- include: facts/main.yml
- include_tasks: facts/main.yml

2
playbooks/freebsd.yml
View file

@ -6,4 +6,4 @@
- name: FreeBSD / HardenedBSD | Configure defaults
raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7
- include: facts/FreeBSD.yml
- include_tasks: facts/FreeBSD.yml

2
playbooks/post.yml
View file

@ -13,4 +13,4 @@
pause:
seconds: 20
- include: local_ssh.yml
- include_tasks: local_ssh.yml

2
requirements.txt
View file

@ -1,6 +1,6 @@
msrestazure
setuptools>=11.3
ansible>=2.1,<2.2.1
ansible==2.4.3
dopy==0.3.5
boto>=2.5
boto3

2
roles/client/tasks/main.yml
View file

@ -2,7 +2,7 @@
setup:
- name: Include system based facts and tasks
include: systems/main.yml
include_tasks: systems/main.yml
- name: Install prerequisites
package: name="{{ item }}" state=present

8
roles/client/tasks/systems/main.yml
View file

@ -1,13 +1,13 @@
---
- include: Debian.yml
- include_tasks: Debian.yml
when: ansible_distribution == 'Debian'
- include: Ubuntu.yml
- include_tasks: Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: CentOS.yml
- include_tasks: CentOS.yml
when: ansible_distribution == 'CentOS'
- include: Fedora.yml
- include_tasks: Fedora.yml
when: ansible_distribution == 'Fedora'

6
roles/cloud-ec2/tasks/main.yml
View file

@ -19,10 +19,10 @@
- set_fact:
ami_image: "{{ ami_search.results[0].ami_id }}"
- include: encrypt_image.yml
- include_tasks: encrypt_image.yml
tags: [encrypted]
- include: cloudformation.yml
- include_tasks: cloudformation.yml
- name: Add new instance to host group
add_host:
@ -38,7 +38,7 @@
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
- name: Get EC2 instances
ec2_remote_facts:
ec2_instance_facts:
aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}"
region: "{{ region }}"

4
roles/common/tasks/main.yml
View file

@ -1,9 +1,9 @@
---
- block:
- include: ubuntu.yml
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml
- include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD'
- name: Install tools

4
roles/dns_adblocking/tasks/main.yml
View file

@ -14,10 +14,10 @@
- name: The dnsmasq directory created
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
- include: ubuntu.yml
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml
- include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD'
- name: Dnsmasq configured

12
roles/vpn/tasks/main.yml
View file

@ -6,20 +6,20 @@
- name: Ensure that the strongswan user exist
user: name=strongswan group=strongswan state=present
- include: ubuntu.yml
- include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml
- include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD'
- name: Install strongSwan
package: name=strongswan state=present
- include: ipec_configuration.yml
- include: openssl.yml
- include_tasks: ipec_configuration.yml
- include_tasks: openssl.yml
tags: update-users
- include: distribute_keys.yml
- include: client_configs.yml
- include_tasks: distribute_keys.yml
- include_tasks: client_configs.yml
delegate_to: localhost
become: no
tags: update-users

2
roles/vpn/tasks/ubuntu.yml
View file

@ -44,5 +44,5 @@
- daemon-reload
- restart strongswan
- include: iptables.yml
- include_tasks: iptables.yml
tags: iptables

2
users.yml
View file

@ -45,7 +45,7 @@
pre_tasks:
- block:
- name: Common pre-tasks
include: playbooks/common.yml
include_tasks: playbooks/common.yml
tags: always
rescue:
- debug: var=fail_hint