wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-03 02:23:39 +02:00
Code Issues Projects Releases Wiki Activity

Move to ansible-2.4.3

Browse source
This commit is contained in:
Jack Ivanov 2018-02-16 19:33:19 +03:00
parent 4da752b603
commit 80abc9b4f5
14 changed files with 108 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
deploy.yml
View file

@ -7,11 +7,11 @@
pre_tasks: pre_tasks:
- block: - block:
- name: Local pre-tasks - name: Local pre-tasks
include: playbooks/local.yml include_tasks: playbooks/local.yml
tags: [ 'always' ] tags: [ 'always' ]
- name: Local pre-tasks - name: Local pre-tasks
include: playbooks/local_ssh.yml include_tasks: playbooks/local_ssh.yml
become: false become: false
when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y" when: Deployed_By_Algo is defined and Deployed_By_Algo == "Y"
tags: [ 'local' ] tags: [ 'local' ]
@ -31,7 +31,7 @@
post_tasks: post_tasks:
- block: - block:
- name: Local post-tasks - name: Local post-tasks
include: playbooks/post.yml include_tasks: playbooks/post.yml
become: false become: false
tags: [ 'cloud' ] tags: [ 'cloud' ]
rescue: rescue:
@ -51,7 +51,7 @@
pre_tasks: pre_tasks:
- block: - block:
- name: Common pre-tasks - name: Common pre-tasks
include: playbooks/common.yml include_tasks: playbooks/common.yml
tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'local', 'pre' ] tags: [ 'digitalocean', 'ec2', 'gce', 'azure', 'local', 'pre' ]
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint

197
library/digital_ocean_tag.py
View file

@ -1,26 +1,25 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# This file is part of Ansible # Copyright: Ansible Project
# # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by from __future__ import absolute_import, division, print_function
# the Free Software Foundation, either version 3 of the License, or __metaclass__ = type
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful, ANSIBLE_METADATA = {'metadata_version': '1.1',
# but WITHOUT ANY WARRANTY; without even the implied warranty of 'status': ['preview'],
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 'supported_by': 'community'}
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: digital_ocean_tag module: digital_ocean_tag
short_description: Create and remove tag(s) to DigitalOcean resource. short_description: Create and remove tag(s) to DigitalOcean resource.
description: description:
- Create and remove tag(s) to DigitalOcean resource. - Create and remove tag(s) to DigitalOcean resource.
author: "Victor Volle (@kontrafiktion)"
version_added: "2.2" version_added: "2.2"
options: options:
name: name:
@ -31,9 +30,11 @@ options:
resource_id: resource_id:
description: description:
- The ID of the resource to operate on. - The ID of the resource to operate on.
- The data type of resource_id is changed from integer to string, from version 2.5.
aliases: ['droplet_id']
resource_type: resource_type:
description: description:
- The type of resource to operate on. Currently only tagging of - The type of resource to operate on. Currently, only tagging of
droplets is supported. droplets is supported.
default: droplet default: droplet
choices: ['droplet'] choices: ['droplet']
@ -65,7 +66,7 @@ EXAMPLES = '''
- name: tag a resource; creating the tag if it does not exists - name: tag a resource; creating the tag if it does not exists
digital_ocean_tag: digital_ocean_tag:
name: "{{ item }}" name: "{{ item }}"
resource_id: YYY resource_id: "73333005"
state: present state: present
with_items: with_items:
- staging - staging
@ -74,7 +75,7 @@ EXAMPLES = '''
- name: untag a resource - name: untag a resource
digital_ocean_tag: digital_ocean_tag:
name: staging name: staging
resource_id: YYY resource_id: "73333005"
state: absent state: absent
# Deleting a tag also untags all the resources that have previously been # Deleting a tag also untags all the resources that have previously been
@ -104,133 +105,90 @@ data:
} }
''' '''
import json from traceback import format_exc
import os
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.urls import fetch_url from ansible.module_utils.digital_ocean import DigitalOceanHelper
from ansible.module_utils._text import to_native
class Response(object):
def __init__(self, resp, info):
self.body = None
if resp:
self.body = resp.read()
self.info = info
@property
def json(self):
if not self.body:
if "body" in self.info:
return json.loads(self.info["body"])
return None
try:
return json.loads(self.body)
except ValueError:
return None
@property
def status_code(self):
return self.info["status"]
class Rest(object):
def __init__(self, module, headers):
self.module = module
self.headers = headers
self.baseurl = 'https://api.digitalocean.com/v2'
def _url_builder(self, path):
if path[0] == '/':
path = path[1:]
return '%s/%s' % (self.baseurl, path)
def send(self, method, path, data=None, headers=None):
url = self._url_builder(path)
data = self.module.jsonify(data)
resp, info = fetch_url(self.module, url, data=data, headers=self.headers, method=method)
return Response(resp, info)
def get(self, path, data=None, headers=None):
return self.send('GET', path, data, headers)
def put(self, path, data=None, headers=None):
return self.send('PUT', path, data, headers)
def post(self, path, data=None, headers=None):
return self.send('POST', path, data, headers)
def delete(self, path, data=None, headers=None):
return self.send('DELETE', path, data, headers)
def core(module): def core(module):
try:
api_token = module.params['api_token'] or \
os.environ['DO_API_TOKEN'] or os.environ['DO_API_KEY']
except KeyError as e:
module.fail_json(msg='Unable to load %s' % e.message)
state = module.params['state'] state = module.params['state']
name = module.params['name'] name = module.params['name']
resource_id = module.params['resource_id'] resource_id = module.params['resource_id']
resource_type = module.params['resource_type'] resource_type = module.params['resource_type']
rest = Rest(module, {'Authorization': 'Bearer {}'.format(api_token), rest = DigitalOceanHelper(module)
'Content-type': 'application/json'})
if state in ('present'): # Check if api_token is valid or not
if name is None: response = rest.get('account')
module.fail_json(msg='parameter `name` is missing') if response.status_code == 401:
module.fail_json(msg='Failed to login using api_token, please verify '
# Ensure Tag exists 'validity of api_token')
response = rest.post("tags", data={'name': name}) if state == 'present':
response = rest.get('tags/{0}'.format(name))
status_code = response.status_code status_code = response.status_code
json = response.json resp_json = response.json
if status_code == 201: changed = False
changed = True if status_code == 200 and resp_json['tag']['name'] == name:
elif status_code == 422:
changed = False changed = False
else: else:
module.exit_json(changed=False, data=json) # Ensure Tag exists
response = rest.post("tags", data={'name': name})
status_code = response.status_code
resp_json = response.json
if status_code == 201:
changed = True
elif status_code == 422:
changed = False
else:
module.exit_json(changed=False, data=resp_json)
if resource_id is None: if resource_id is None:
# No resource defined, we're done. # No resource defined, we're done.
if json is None: module.exit_json(changed=changed, data=resp_json)
module.exit_json(changed=changed, data=json)
else:
module.exit_json(changed=changed, data=json)
else: else:
# Tag a resource # Check if resource is already tagged or not
url = "tags/{}/resources".format(name) found = False
payload = { url = "{0}?tag_name={1}".format(resource_type, name)
'resources': [{ if resource_type == 'droplet':
'resource_id': resource_id, url = "droplets?tag_name={0}".format(name)
'resource_type': resource_type}]} response = rest.get(url)
response = rest.post(url, data=payload) status_code = response.status_code
if response.status_code == 204: resp_json = response.json
module.exit_json(changed=True) if status_code == 200:
for resource in resp_json['droplets']:
if not found and resource['id'] == int(resource_id):
found = True
break
if not found:
# If resource is not tagged, tag a resource
url = "tags/{0}/resources".format(name)
payload = {
'resources': [{
'resource_id': resource_id,
'resource_type': resource_type}]}
response = rest.post(url, data=payload)
if response.status_code == 204:
module.exit_json(changed=True)
else:
module.fail_json(msg="error tagging resource '{0}': {1}".format(resource_id, response.json["message"]))
else:
# Already tagged resource
module.exit_json(changed=False)
else: else:
module.fail_json(msg="error tagging resource '{}': {}".format( # Unable to find resource specified by user
resource_id, response.json["message"])) module.fail_json(msg=resp_json['message'])
elif state in ('absent'):
if name is None:
module.fail_json(msg='parameter `name` is missing')
elif state == 'absent':
if resource_id: if resource_id:
url = "tags/{}/resources".format(name) url = "tags/{0}/resources".format(name)
payload = { payload = {
'resources': [{ 'resources': [{
'resource_id': resource_id, 'resource_id': resource_id,
'resource_type': resource_type}]} 'resource_type': resource_type}]}
response = rest.delete(url, data=payload) response = rest.delete(url, data=payload)
else: else:
url = "tags/{}".format(name) url = "tags/{0}".format(name)
response = rest.delete(url) response = rest.delete(url)
if response.status_code == 204: if response.status_code == 204:
module.exit_json(changed=True) module.exit_json(changed=True)
@ -252,7 +210,8 @@ def main():
try: try:
core(module) core(module)
except Exception as e: except Exception as e:
module.fail_json(msg=str(e)) module.fail_json(msg=to_native(e), exception=format_exc())
if __name__ == '__main__': if __name__ == '__main__':
main() main()

6
playbooks/common.yml
View file

@ -5,11 +5,11 @@
register: OS register: OS
- name: Ubuntu pre-tasks - name: Ubuntu pre-tasks
include: ubuntu.yml include_tasks: ubuntu.yml
when: '"Ubuntu" in OS.stdout' when: '"Ubuntu" in OS.stdout'
- name: FreeBSD pre-tasks - name: FreeBSD pre-tasks
include: freebsd.yml include_tasks: freebsd.yml
when: '"FreeBSD" in OS.stdout' when: '"FreeBSD" in OS.stdout'
- include: facts/main.yml - include_tasks: facts/main.yml

2
playbooks/freebsd.yml
View file

@ -6,4 +6,4 @@
- name: FreeBSD / HardenedBSD | Configure defaults - name: FreeBSD / HardenedBSD | Configure defaults
raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7 raw: sudo ln -sf /usr/local/bin/python2.7 /usr/bin/python2.7
- include: facts/FreeBSD.yml - include_tasks: facts/FreeBSD.yml

2
playbooks/post.yml
View file

@ -13,4 +13,4 @@
pause: pause:
seconds: 20 seconds: 20
- include: local_ssh.yml - include_tasks: local_ssh.yml

2
requirements.txt
View file

@ -1,6 +1,6 @@
msrestazure msrestazure
setuptools>=11.3 setuptools>=11.3
ansible>=2.1,<2.2.1 ansible==2.4.3
dopy==0.3.5 dopy==0.3.5
boto>=2.5 boto>=2.5
boto3 boto3

2
roles/client/tasks/main.yml
View file

@ -2,7 +2,7 @@
setup: setup:
- name: Include system based facts and tasks - name: Include system based facts and tasks
include: systems/main.yml include_tasks: systems/main.yml
- name: Install prerequisites - name: Install prerequisites
package: name="{{ item }}" state=present package: name="{{ item }}" state=present

8
roles/client/tasks/systems/main.yml
View file

@ -1,13 +1,13 @@
--- ---
- include: Debian.yml - include_tasks: Debian.yml
when: ansible_distribution == 'Debian' when: ansible_distribution == 'Debian'
- include: Ubuntu.yml - include_tasks: Ubuntu.yml
when: ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Ubuntu'
- include: CentOS.yml - include_tasks: CentOS.yml
when: ansible_distribution == 'CentOS' when: ansible_distribution == 'CentOS'
- include: Fedora.yml - include_tasks: Fedora.yml
when: ansible_distribution == 'Fedora' when: ansible_distribution == 'Fedora'

6
roles/cloud-ec2/tasks/main.yml
View file

@ -19,10 +19,10 @@
- set_fact: - set_fact:
ami_image: "{{ ami_search.results[0].ami_id }}" ami_image: "{{ ami_search.results[0].ami_id }}"
- include: encrypt_image.yml - include_tasks: encrypt_image.yml
tags: [encrypted] tags: [encrypted]
- include: cloudformation.yml - include_tasks: cloudformation.yml
- name: Add new instance to host group - name: Add new instance to host group
add_host: add_host:
@ -38,7 +38,7 @@
cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}" cloud_instance_ip: "{{ stack.stack_outputs.ElasticIP }}"
- name: Get EC2 instances - name: Get EC2 instances
ec2_remote_facts: ec2_instance_facts:
aws_access_key: "{{ access_key }}" aws_access_key: "{{ access_key }}"
aws_secret_key: "{{ secret_key }}" aws_secret_key: "{{ secret_key }}"
region: "{{ region }}" region: "{{ region }}"

4
roles/common/tasks/main.yml
View file

@ -1,9 +1,9 @@
--- ---
- block: - block:
- include: ubuntu.yml - include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml - include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD' when: ansible_distribution == 'FreeBSD'
- name: Install tools - name: Install tools

4
roles/dns_adblocking/tasks/main.yml
View file

@ -14,10 +14,10 @@
- name: The dnsmasq directory created - name: The dnsmasq directory created
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
- include: ubuntu.yml - include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml - include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD' when: ansible_distribution == 'FreeBSD'
- name: Dnsmasq configured - name: Dnsmasq configured

12
roles/vpn/tasks/main.yml
View file

@ -6,20 +6,20 @@
- name: Ensure that the strongswan user exist - name: Ensure that the strongswan user exist
user: name=strongswan group=strongswan state=present user: name=strongswan group=strongswan state=present
- include: ubuntu.yml - include_tasks: ubuntu.yml
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- include: freebsd.yml - include_tasks: freebsd.yml
when: ansible_distribution == 'FreeBSD' when: ansible_distribution == 'FreeBSD'
- name: Install strongSwan - name: Install strongSwan
package: name=strongswan state=present package: name=strongswan state=present
- include: ipec_configuration.yml - include_tasks: ipec_configuration.yml
- include: openssl.yml - include_tasks: openssl.yml
tags: update-users tags: update-users
- include: distribute_keys.yml - include_tasks: distribute_keys.yml
- include: client_configs.yml - include_tasks: client_configs.yml
delegate_to: localhost delegate_to: localhost
become: no become: no
tags: update-users tags: update-users

2
roles/vpn/tasks/ubuntu.yml
View file

@ -44,5 +44,5 @@
- daemon-reload - daemon-reload
- restart strongswan - restart strongswan
- include: iptables.yml - include_tasks: iptables.yml
tags: iptables tags: iptables

2
users.yml
View file

@ -45,7 +45,7 @@
pre_tasks: pre_tasks:
- block: - block:
- name: Common pre-tasks - name: Common pre-tasks
include: playbooks/common.yml include_tasks: playbooks/common.yml
tags: always tags: always
rescue: rescue:
- debug: var=fail_hint - debug: var=fail_hint