From 80abc9b4f5fbc4ca220b8a28875247501097dc72 Mon Sep 17 00:00:00 2001 From: Jack Ivanov Date: Fri, 16 Feb 2018 19:33:19 +0300 Subject: [PATCH] Move to ansible-2.4.3 --- deploy.yml | 8 +- library/digital_ocean_tag.py | 197 +++++++++++----------------- playbooks/common.yml | 6 +- playbooks/freebsd.yml | 2 +- playbooks/post.yml | 2 +- requirements.txt | 2 +- roles/client/tasks/main.yml | 2 +- roles/client/tasks/systems/main.yml | 8 +- roles/cloud-ec2/tasks/main.yml | 6 +- roles/common/tasks/main.yml | 4 +- roles/dns_adblocking/tasks/main.yml | 4 +- roles/vpn/tasks/main.yml | 12 +- roles/vpn/tasks/ubuntu.yml | 2 +- users.yml | 2 +- 14 files changed, 108 insertions(+), 149 deletions(-) diff --git a/deploy.yml b/deploy.yml index 6caa70c8..9869d866 100644 --- a/deploy.yml +++ b/deploy.yml @@ -7,11 +7,11 @@ pre_tasks: - block: - name: Local pre-tasks - include: playbooks/local.yml + include_tasks: playbooks/local.yml tags: [ 'always' ] - name: Local pre-tasks - include: playbooks/local_ssh.yml + include_tasks: playbooks/local_ssh.yml become: false when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y" tags: [ 'local' ] @@ -31,7 +31,7 @@ post_tasks: - block: - name: Local post-tasks - include: playbooks/post.yml + include_tasks: playbooks/post.yml become: false tags: [ 'cloud' ] rescue: @@ -51,7 +51,7 @@ pre_tasks: - block: - name: Common pre-tasks - include: playbooks/common.yml + include_tasks: playbooks/common.yml tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'local', 'pre' ] rescue: - debug: var=fail_hint diff --git a/library/digital_ocean_tag.py b/library/digital_ocean_tag.py index b80d18b5..30a31852 100644 --- a/library/digital_ocean_tag.py +++ b/library/digital_ocean_tag.py @@ -1,26 +1,25 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . +# Copyright: Ansible Project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + + DOCUMENTATION = ''' --- module: digital_ocean_tag short_description: Create and remove tag(s) to DigitalOcean resource. description: - Create and remove tag(s) to DigitalOcean resource. +author: "Victor Volle (@kontrafiktion)" version_added: "2.2" options: name: @@ -31,9 +30,11 @@ options: resource_id: description: - The ID of the resource to operate on. + - The data type of resource_id is changed from integer to string, from version 2.5. + aliases: ['droplet_id'] resource_type: description: - - The type of resource to operate on. Currently only tagging of + - The type of resource to operate on. Currently, only tagging of droplets is supported. default: droplet choices: ['droplet'] @@ -65,7 +66,7 @@ EXAMPLES = ''' - name: tag a resource; creating the tag if it does not exists digital_ocean_tag: name: "{{ item }}" - resource_id: YYY + resource_id: "73333005" state: present with_items: - staging @@ -74,7 +75,7 @@ EXAMPLES = ''' - name: untag a resource digital_ocean_tag: name: staging - resource_id: YYY + resource_id: "73333005" state: absent # Deleting a tag also untags all the resources that have previously been @@ -104,133 +105,90 @@ data: } ''' -import json -import os - +from traceback import format_exc from ansible.module_utils.basic import AnsibleModule -from ansible.module_utils.urls import fetch_url - - -class Response(object): - - def __init__(self, resp, info): - self.body = None - if resp: - self.body = resp.read() - self.info = info - - @property - def json(self): - if not self.body: - if "body" in self.info: - return json.loads(self.info["body"]) - return None - try: - return json.loads(self.body) - except ValueError: - return None - - @property - def status_code(self): - return self.info["status"] - - -class Rest(object): - - def __init__(self, module, headers): - self.module = module - self.headers = headers - self.baseurl = 'https://api.digitalocean.com/v2' - - def _url_builder(self, path): - if path[0] == '/': - path = path[1:] - return '%s/%s' % (self.baseurl, path) - - def send(self, method, path, data=None, headers=None): - url = self._url_builder(path) - data = self.module.jsonify(data) - - resp, info = fetch_url(self.module, url, data=data, headers=self.headers, method=method) - - return Response(resp, info) - - def get(self, path, data=None, headers=None): - return self.send('GET', path, data, headers) - - def put(self, path, data=None, headers=None): - return self.send('PUT', path, data, headers) - - def post(self, path, data=None, headers=None): - return self.send('POST', path, data, headers) - - def delete(self, path, data=None, headers=None): - return self.send('DELETE', path, data, headers) +from ansible.module_utils.digital_ocean import DigitalOceanHelper +from ansible.module_utils._text import to_native def core(module): - try: - api_token = module.params['api_token'] or \ - os.environ['DO_API_TOKEN'] or os.environ['DO_API_KEY'] - except KeyError as e: - module.fail_json(msg='Unable to load %s' % e.message) - state = module.params['state'] name = module.params['name'] resource_id = module.params['resource_id'] resource_type = module.params['resource_type'] - rest = Rest(module, {'Authorization': 'Bearer {}'.format(api_token), - 'Content-type': 'application/json'}) + rest = DigitalOceanHelper(module) - if state in ('present'): - if name is None: - module.fail_json(msg='parameter `name` is missing') - - # Ensure Tag exists - response = rest.post("tags", data={'name': name}) + # Check if api_token is valid or not + response = rest.get('account') + if response.status_code == 401: + module.fail_json(msg='Failed to login using api_token, please verify ' + 'validity of api_token') + if state == 'present': + response = rest.get('tags/{0}'.format(name)) status_code = response.status_code - json = response.json - if status_code == 201: - changed = True - elif status_code == 422: + resp_json = response.json + changed = False + if status_code == 200 and resp_json['tag']['name'] == name: changed = False else: - module.exit_json(changed=False, data=json) + # Ensure Tag exists + response = rest.post("tags", data={'name': name}) + status_code = response.status_code + resp_json = response.json + if status_code == 201: + changed = True + elif status_code == 422: + changed = False + else: + module.exit_json(changed=False, data=resp_json) if resource_id is None: # No resource defined, we're done. - if json is None: - module.exit_json(changed=changed, data=json) - else: - module.exit_json(changed=changed, data=json) + module.exit_json(changed=changed, data=resp_json) else: - # Tag a resource - url = "tags/{}/resources".format(name) - payload = { - 'resources': [{ - 'resource_id': resource_id, - 'resource_type': resource_type}]} - response = rest.post(url, data=payload) - if response.status_code == 204: - module.exit_json(changed=True) + # Check if resource is already tagged or not + found = False + url = "{0}?tag_name={1}".format(resource_type, name) + if resource_type == 'droplet': + url = "droplets?tag_name={0}".format(name) + response = rest.get(url) + status_code = response.status_code + resp_json = response.json + if status_code == 200: + for resource in resp_json['droplets']: + if not found and resource['id'] == int(resource_id): + found = True + break + if not found: + # If resource is not tagged, tag a resource + url = "tags/{0}/resources".format(name) + payload = { + 'resources': [{ + 'resource_id': resource_id, + 'resource_type': resource_type}]} + response = rest.post(url, data=payload) + if response.status_code == 204: + module.exit_json(changed=True) + else: + module.fail_json(msg="error tagging resource '{0}': {1}".format(resource_id, response.json["message"])) + else: + # Already tagged resource + module.exit_json(changed=False) else: - module.fail_json(msg="error tagging resource '{}': {}".format( - resource_id, response.json["message"])) - - elif state in ('absent'): - if name is None: - module.fail_json(msg='parameter `name` is missing') + # Unable to find resource specified by user + module.fail_json(msg=resp_json['message']) + elif state == 'absent': if resource_id: - url = "tags/{}/resources".format(name) + url = "tags/{0}/resources".format(name) payload = { 'resources': [{ 'resource_id': resource_id, 'resource_type': resource_type}]} response = rest.delete(url, data=payload) else: - url = "tags/{}".format(name) + url = "tags/{0}".format(name) response = rest.delete(url) if response.status_code == 204: module.exit_json(changed=True) @@ -252,7 +210,8 @@ def main(): try: core(module) except Exception as e: - module.fail_json(msg=str(e)) + module.fail_json(msg=to_native(e), exception=format_exc()) + if __name__ == '__main__': main() diff --git a/playbooks/common.yml b/playbooks/common.yml index 04a3966c..5628c37f 100644 --- a/playbooks/common.yml +++ b/playbooks/common.yml @@ -5,11 +5,11 @@ register: OS - name: Ubuntu pre-tasks - include: ubuntu.yml + include_tasks: ubuntu.yml when: '"Ubuntu" in OS.stdout' - name: FreeBSD pre-tasks - include: freebsd.yml + include_tasks: freebsd.yml when: '"FreeBSD" in OS.stdout' -- include: facts/main.yml +- include_tasks: facts/main.yml diff --git a/playbooks/freebsd.yml b/playbooks/freebsd.yml index 8cf0579f..316c92ac 100644 --- a/playbooks/freebsd.yml +++ b/playbooks/freebsd.yml @@ -6,4 +6,4 @@ - name: FreeBSD / HardenedBSD | Configure defaults raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7 -- include: facts/FreeBSD.yml +- include_tasks: facts/FreeBSD.yml diff --git a/playbooks/post.yml b/playbooks/post.yml index f9f41983..e594b973 100644 --- a/playbooks/post.yml +++ b/playbooks/post.yml @@ -13,4 +13,4 @@ pause: seconds: 20 -- include: local_ssh.yml +- include_tasks: local_ssh.yml diff --git a/requirements.txt b/requirements.txt index 67ec4a10..dfeefe81 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ msrestazure setuptools>=11.3 -ansible>=2.1,<2.2.1 +ansible==2.4.3 dopy==0.3.5 boto>=2.5 boto3 diff --git a/roles/client/tasks/main.yml b/roles/client/tasks/main.yml index 68397148..0a3eedce 100644 --- a/roles/client/tasks/main.yml +++ b/roles/client/tasks/main.yml @@ -2,7 +2,7 @@ setup: - name: Include system based facts and tasks - include: systems/main.yml + include_tasks: systems/main.yml - name: Install prerequisites package: name="{{ item }}" state=present diff --git a/roles/client/tasks/systems/main.yml b/roles/client/tasks/systems/main.yml index 85da1ebd..ba24c939 100644 --- a/roles/client/tasks/systems/main.yml +++ b/roles/client/tasks/systems/main.yml @@ -1,13 +1,13 @@ --- -- include: Debian.yml +- include_tasks: Debian.yml when: ansible_distribution == 'Debian' -- include: Ubuntu.yml +- include_tasks: Ubuntu.yml when: ansible_distribution == 'Ubuntu' -- include: CentOS.yml +- include_tasks: CentOS.yml when: ansible_distribution == 'CentOS' -- include: Fedora.yml +- include_tasks: Fedora.yml when: ansible_distribution == 'Fedora' diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml index e32e70a5..7d5894c7 100644 --- a/roles/cloud-ec2/tasks/main.yml +++ b/roles/cloud-ec2/tasks/main.yml @@ -19,10 +19,10 @@ - set_fact: ami_image: "{{ ami_search.results[0].ami_id }}" - - include: encrypt_image.yml + - include_tasks: encrypt_image.yml tags: [encrypted] - - include: cloudformation.yml + - include_tasks: cloudformation.yml - name: Add new instance to host group add_host: @@ -38,7 +38,7 @@ cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" - name: Get EC2 instances - ec2_remote_facts: + ec2_instance_facts: aws_access_key: "{{ access_key }}" aws_secret_key: "{{ secret_key }}" region: "{{ region }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 781930e2..5b6aa438 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,9 +1,9 @@ --- - block: - - include: ubuntu.yml + - include_tasks: ubuntu.yml when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - - include: freebsd.yml + - include_tasks: freebsd.yml when: ansible_distribution == 'FreeBSD' - name: Install tools diff --git a/roles/dns_adblocking/tasks/main.yml b/roles/dns_adblocking/tasks/main.yml index 2ba74b77..43c06d5a 100644 --- a/roles/dns_adblocking/tasks/main.yml +++ b/roles/dns_adblocking/tasks/main.yml @@ -14,10 +14,10 @@ - name: The dnsmasq directory created file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup - - include: ubuntu.yml + - include_tasks: ubuntu.yml when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - - include: freebsd.yml + - include_tasks: freebsd.yml when: ansible_distribution == 'FreeBSD' - name: Dnsmasq configured diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 8e732e1d..e0d0d1bf 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -6,20 +6,20 @@ - name: Ensure that the strongswan user exist user: name=strongswan group=strongswan state=present - - include: ubuntu.yml + - include_tasks: ubuntu.yml when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - - include: freebsd.yml + - include_tasks: freebsd.yml when: ansible_distribution == 'FreeBSD' - name: Install strongSwan package: name=strongswan state=present - - include: ipec_configuration.yml - - include: openssl.yml + - include_tasks: ipec_configuration.yml + - include_tasks: openssl.yml tags: update-users - - include: distribute_keys.yml - - include: client_configs.yml + - include_tasks: distribute_keys.yml + - include_tasks: client_configs.yml delegate_to: localhost become: no tags: update-users diff --git a/roles/vpn/tasks/ubuntu.yml b/roles/vpn/tasks/ubuntu.yml index ccc561b3..d3a858ca 100644 --- a/roles/vpn/tasks/ubuntu.yml +++ b/roles/vpn/tasks/ubuntu.yml @@ -44,5 +44,5 @@ - daemon-reload - restart strongswan -- include: iptables.yml +- include_tasks: iptables.yml tags: iptables diff --git a/users.yml b/users.yml index 92792085..46a2d79c 100644 --- a/users.yml +++ b/users.yml @@ -45,7 +45,7 @@ pre_tasks: - block: - name: Common pre-tasks - include: playbooks/common.yml + include_tasks: playbooks/common.yml tags: always rescue: - debug: var=fail_hint