refactor: restructure GOAD as an Ansible collection and flatten roles#53
Merged
Conversation
…pdate paths **Added:** - Added `galaxy.yml` and `meta/runtime.yml` for Ansible Galaxy compatibility - Created `changelogs/changelog.yaml` and `changelogs/config.yaml` for structured changelog tracking - Added `roles/` directory with flattened role names (no nested directories) - Added `plugins/modules/` for custom PowerShell modules used by roles - Added `playbooks/` directory consolidating all playbooks and included missing playbooks from `ansible/` - Added `README.md` with updated architecture and usage docs for the collection structure **Changed:** - Refactored all playbooks and role references to use fully qualified collection names (e.g., `dreadnode.goad.role`) - Moved and flattened roles from `ansible/roles/` into `roles/` using single-depth names (e.g., `roles/settings/keyboard` → `roles/settings_keyboard`) - Updated all references in playbooks to point to new `roles/` structure and FQCN style - Moved custom modules from role `library/` directories to `plugins/modules/` - Updated `.gitignore` for new build artifact and collection layout, removing obsolete ignores - Refactored `Taskfile.yaml` to use new collection layout, updated paths for roles, playbooks, and artifacts - Updated `requirements.yml` to reflect collection dependencies only (removed playbook-level requirements) - Updated `scripts/check.sh`, `scripts/setup_*.sh` to reference new requirements and collection paths - Updated `playbooks.yml` and all includes/imports to reference `playbooks/` directory and new role paths - Updated all `import_playbook`, `include_role`, and role references for new structure and FQCN use - Updated documentation in `README.md` to describe the collection, role/architecture, and usage patterns - Updated all file paths in scripts and Taskfile to align with new flat structure **Removed:** - Removed all Python-based provisioner code (`goad.py`, `goad/`, and related submodules) - Deleted Vagrant, Packer, and Terraform provider templates and scripts - Removed legacy `packer/`, `template/`, and variant generation tooling - Deleted old requirements and lock files (`requirements.txt`, `requirements_311.yml`, `pyproject.toml`, `poetry.lock`, etc.) - Removed all non-Ansible build and environment files (e.g., `globalsettings.ini`, `.venv`, legacy scripts) - Removed legacy `ansible/` directory in favor of `playbooks/` and `roles/` - Removed all files related to non-Ansible provisioning (Python, shell scripts, variant generators) - Removed deprecated provider support and playbooks no longer relevant to the collection **Changed:** - All role variable, playbook, and module references updated to match the new collection/role structure - All playbooks, roles, and supporting files now reside in a structure compatible with Ansible Galaxy collections - Windows, AWS, Azure, and other provider-specific code and templates removed or refactored to align with collection-only deployment - Updated all usage and contribution documentation for the new layout and collection packaging **Removed:** - All legacy cloud provider provisioning templates, Vagrant, Packer, and Terraform files - All variant generation and Python-based orchestration tooling - Legacy build system and requirements for non-Ansible provisioning - All workspace, lab manager, and instance orchestration code from the previous implementation
dreadnode-renovate-bot
Bot
added
area/taskfiles
**Added:** - GOAD Variant Generator - Introduced `tools/variant_generator`, a robust tool for generating graph-isomorphic GOAD variants with randomized names, realistic passwords, and consistent structural relationships. Includes comprehensive mapping, ordered text replacement, and validation logic. - Packer/Proxmox Build Assets - Added a full set of Packer templates, answer files, scripts, and configuration examples for building Windows/Ubuntu VM templates on Proxmox. Supports Windows 10/2016/2019 variants with cloud-init and sysprep automation. - New `requirements_311.yml` and `noansible_requirements.yml` for Python 3.11+ and Docker-based builds. - Poetry project configuration (`pyproject.toml`) and lockfile (`poetry.lock`) for reproducible Python builds. - `requirements.txt` for pip-based installation. - New Dockerfiles, entrypoint scripts (`goad.sh`, `goad_docker.sh`), and minimal keep files for proper build and workspace initialization. **Changed:** - Enhanced infrastructure-as-code support for Proxmox and Packer, including build scripts for ISO/answer file generation, cloudbase-init automation, and Windows update workflows. - Updated project-level documentation and variant generator README for clear usage instructions and output expectations. **Added (Packer/Proxmox specifics):** - Proxmox answer files for Windows 10, 2016, 2019 (with/without updates) - Cloudbase-init, sysprep, and autounattend scripts for Windows VM customization and cloud-init compatibility - Shell and PowerShell scripts for network fixups, WinRM, screensaver, power plan, and autologon configuration - Build automation for generating ISO images for Proxmox template builds - Example variable and config templates for Proxmox environments **Added (Variant Generator specifics):** - Python modules for name generation, mapping, and graph-preserving transformation of GOAD lab structures - Ordered replacement logic to avoid substring collision in entity renaming - Validation routines to ensure no original names or domains remain in variants - README and mapping documentation for generated variants **Removed:** - No removals; all changes are additive and backward compatible.
Move requirements.yml content to ansible/requirements.yml and merge new collections (microsoft.ad, amazon.aws) from main.
**Changed:** - Relocated all Ansible-related files (roles, playbooks, plugins, configs, etc.) into the `ansible/` directory for improved project structure and clarity - Updated all references to playbooks, roles, requirements, and configuration files throughout scripts, documentation, and Python code to use the new `ansible/` path prefix - Adjusted `.gitignore` entries for build artifacts to match new Ansible file locations - Refactored Python provisioner logic to expect playbooks in `ansible/playbooks` and updated directory joins accordingly - Updated CI, Dockerfile, and helper scripts to use `ansible/requirements.yml` and `ansible/playbooks/` paths - Modified role metadata files to include company, descriptive summaries, and relevant `galaxy_tags` for improved Ansible Galaxy integration - Rewrote `ansible/requirements_311.yml` to be a Python requirements file instead of an Ansible collection requirements file - Removed now-obsolete or duplicate files from the project root that were moved or made redundant by the new structure **Removed:** - Deleted the old `requirements_311.yml` and duplicate role metadata files from their previous locations - Removed the `roles/settings_gpmc/README.md` file (documentation now consolidated or moved) **Added:** - Added a new `ansible/roles/elk/meta/main.yml` with improved metadata and tags for the ELK role **Why:** - Centralizing Ansible artifacts under `ansible/` improves maintainability, discoverability, and supports clearer automation and packaging workflows - Enhances metadata for easier Ansible Galaxy publishing and more informative documentation for users and contributors
dreadnode-renovate-bot
Bot
added
area/github
… files **Added:** - Added README documentation for the new `settings_gpmc` role, describing how to install Group Policy Management Console and providing example usage **Changed:** - Standardized the "Description" section in all role README.md files to provide clear, concise summaries of each role's functionality - Updated company metadata in all roles to consistently attribute "Dreadnode" as the company - Changed license metadata in applicable roles to consistently use "GPL-3.0-or-later" - Improved and corrected platform compatibility sections, specifying "Windows: all", "Ubuntu: all", or "Debian: all" as appropriate - Fixed typos and clarified descriptions in multiple roles for accuracy and professionalism (e.g., correcting "disaule user" to "Disable an Active Directory user account", "memuer server" to "Join a Windows server to an Active Directory domain", etc.) - Updated Ansible version requirements and clarified supported platforms for auditing and logging roles (e.g., `dc_audit_sacl`, `ldap_diagnostic_logging`, `mssql_audit`, `elk`) - Enhanced readability and consistency throughout all role documentation files
…aths The pre-commit workflow needs the collection installed for ansible-lint to resolve dreadnode.goad.* roles. Also updates ansible-lint exclude paths for the ansible/ subdirectory move.
test: add molecule syntax-check scenarios for all roles and CI workflow **Added:** - Introduced `molecule` test scenarios (converge.yml and molecule.yml) for all roles under `ansible/roles`, supporting syntax-check only for Windows and infrastructure-dependent roles - Created a reusable converge playbook in each role to allow `molecule syntax` validation, including the appropriate role under test - Added `molecule.yaml` GitHub Actions workflow to automate syntax-checks for all roles, supporting event triggers (push, PR, schedule, workflow dispatch) and matrix builds for efficiency - Implemented role selection and validation logic in the workflow for targeted testing of changed roles or manual dispatch **Changed:** - No existing files were changed; all additions are new files to enable syntax checking and CI automation for Ansible roles **Removed:** - No files were removed
…update SSM config
**Added:**
- Added `check-ansible-version` Taskfile task to enforce compatible ansible-core
version for AWS SSM Windows connections
- Declared `amazon.aws` dependency in `ansible/galaxy.yml` for explicit collection
requirement
**Changed:**
- Updated ansible-core version pin in `requirements.txt`, `requirements_311.yml`,
and `meta/runtime.yml` to `>=2.17.0,<2.18.0` with detailed comments explaining
SSM pipelining bug in 2.19+
- Updated Taskfile `provision` task to depend on `check-ansible-version` for
safety
- Updated SSM connection plugin usage in inventories from `aws_ssm` to
`amazon.aws.aws_ssm` to match current collection namespace
- Adjusted inventory `data_path` to use correct relative path
- Updated ansible.cfg and meta/runtime.yml with clear warnings about the version
constraint and SSM bug
- Changed `ansible/playbooks/data.yml` to use
`ansible_connection is search('aws_ssm')` for broader compatibility
- Updated playbooks and extension install.yml files to use new data import path
and remove unnecessary `vars: data_path`
- Updated `script_path` and file path variables in playbooks and roles to use
`{{ playbook_dir }}` for correct relative referencing
- Switched `vulns_disable_firewall` role to use PowerShell command for firewall
disabling due to module issues
**Removed:**
- Removed explicit `vars: data_path` from playbooks' data import as it is no
longer necessary with updated path handling
**Changed:** - Fixed conditional block in Molecule workflow to ensure proper error handling and script termination when a test fails. Added missing `fi` to close the conditional statement in `.github/workflows/molecule.yaml`.
…tation **Changed:** - Updated documentation to reference `ansible.windows.win_powershell` instead of `ansible.windows.win_firewall` for disabling the Domain firewall in `main.yml`, clarifying the implementation method for users
…flow **Changed:** - Fixes quoting around bash command substitution when extracting role name from molecule directory in the CI workflow, preventing potential errors with directory names containing spaces or special characters in `.github/workflows/molecule.yaml`
…d clean up molecule configs **Added:** - Introduced a new GitHub Actions workflow `.github/workflows/syntax-check.yaml` for running Ansible syntax checks on roles, with automatic detection of changed roles and support for manual role selection **Changed:** - Updated `.hooks/gen-arch-diagram.py` to remove molecule-specific role/playbook analysis and to use the correct root directory for analysis - Modified `ansible/galaxy.yml` to exclude all `roles/*/molecule` directories from collection build - Cleaned up `.hooks/requirements.txt` by removing Molecule and Docker-related dependencies **Removed:** - Removed the Molecule test workflow `.github/workflows/molecule.yaml` and all Molecule scenario directories under each role (e.g., `roles/*/molecule`), including converge playbooks and molecule configuration files, as these are no longer used for validation or testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
dreadnode.goad)roles/directory with prefix namingplaybooks/and updated all role references to FQCNAdded:
galaxy.ymlandmeta/runtime.ymldefining the collection and requirementschangelogs/directory with initial release summary and changelog configroles/directory for all roles, now flattened and prefixed for clarityplaybooks/directory containing all orchestration playbooksplugins/modules/directory for custom PowerShell modulesREADME.mdwith architecture, usage, and requirementsChanged:
dreadnode.goad.*)playbooks/androles/).gitignoremodernized to reflect collection structure and ignore legacy artifactsansible.cfg) moved to root and updated for new role/collection pathsrequirements.ymlfor Ansible GalaxyRemoved:
ansible/directory, nested role subdirectories, and inventory scriptsRationale:
This refactor transforms the GOAD lab into a modern, maintainable Ansible collection. All roles are now accessible via FQCNs, playbooks are organized for easy reuse, and legacy VM/provisioning code is removed. The new structure simplifies usage for cloud, local, and CI/CD deployments while aligning with best practices for Ansible Galaxy distribution.