This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
forked from geerlingguy/drupal-vm
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
…e 2.2 compatibility.
- Loading branch information
1 parent
173bccb
commit 206b5b2
Showing
21 changed files
with
142 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,41 @@ | ||
--- | ||
- name: Ensure iptables is installed (RedHat). | ||
yum: pkg=iptables state=installed | ||
when: ansible_os_family == 'RedHat' | ||
|
||
- name: Ensure iptables is installed (Debian). | ||
apt: pkg=iptables state=installed | ||
when: ansible_os_family == 'Debian' | ||
- name: Ensure iptables is installed. | ||
package: name=iptables state=installed | ||
|
||
- name: Flush iptables the first time playbook runs. | ||
command: iptables -F creates=/etc/init.d/firewall | ||
command: > | ||
iptables -F | ||
creates=/etc/init.d/firewall | ||
- name: Copy firewall script into place. | ||
template: src=firewall.bash.j2 dest=/etc/firewall.bash owner=root group=root mode=0744 | ||
template: | ||
src: firewall.bash.j2 | ||
dest: /etc/firewall.bash | ||
owner: root | ||
group: root | ||
mode: 0744 | ||
notify: restart firewall | ||
|
||
- name: Copy firewall init script into place. | ||
template: src=firewall.j2 dest=/etc/init.d/firewall owner=root group=root mode=0755 | ||
template: | ||
src: firewall.init.j2 | ||
dest: /etc/init.d/firewall | ||
owner: root | ||
group: root | ||
mode: 0755 | ||
|
||
- name: Copy firewall systemd unit file into place (for systemd systems). | ||
template: | ||
src: firewall.unit.j2 | ||
dest: /etc/systemd/system/firewall.service | ||
owner: root | ||
group: root | ||
mode: 0755 | ||
when: > | ||
(ansible_distribution == 'Ubuntu' and ansible_distribution_version == '16.04') or | ||
(ansible_distribution == 'Debian' and ansible_distribution_version|int >= 8) or | ||
(ansible_distribution == 'CentOS' and ansible_distribution_version|int >= 7) or | ||
(ansible_distribution == 'Fedora') | ||
- name: Ensure the firewall is enabled and will start on boot. | ||
service: name=firewall state=started enabled=yes |
File renamed without changes.
12 changes: 12 additions & 0 deletions
12
provisioning/roles/geerlingguy.firewall/templates/firewall.unit.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[Unit] | ||
Description=Firewall | ||
After=syslog.target network.target | ||
|
||
[Service] | ||
Type=oneshot | ||
ExecStart=/etc/firewall.bash | ||
ExecStop=/sbin/iptables -F | ||
RemainAfterExit=yes | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,67 +1,52 @@ | ||
--- | ||
sudo: required | ||
services: docker | ||
|
||
env: | ||
- distribution: centos | ||
version: 6 | ||
init: /sbin/init | ||
run_opts: "" | ||
- distribution: centos | ||
version: 7 | ||
- distro: centos7 | ||
init: /usr/lib/systemd/systemd | ||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
- distribution: ubuntu | ||
version: 14.04 | ||
- distro: centos6 | ||
init: /sbin/init | ||
run_opts: "" | ||
- distribution: ubuntu | ||
version: 12.04 | ||
- distro: ubuntu1604 | ||
init: /lib/systemd/systemd | ||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" | ||
- distro: ubuntu1404 | ||
init: /sbin/init | ||
run_opts: "" | ||
|
||
services: | ||
- docker | ||
|
||
before_install: | ||
# Pull container | ||
- 'sudo docker pull ${distribution}:${version}' | ||
# Customize container | ||
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' | ||
# Pull container. | ||
- 'docker pull geerlingguy/docker-${distro}-ansible:latest' | ||
|
||
script: | ||
- container_id=$(mktemp) | ||
# Run container in detached state | ||
- 'sudo docker run --detach -p 8025:8025 --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' | ||
# Run container in detached state. | ||
- 'docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} geerlingguy/docker-${distro}-ansible:latest "${init}" > "${container_id}"' | ||
|
||
# Install required Galaxy roles. | ||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-galaxy install geerlingguy.daemonize' | ||
# Install dependencies. | ||
- 'docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/role_under_test/tests/requirements.yml' | ||
|
||
# Ansible syntax check. | ||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' | ||
- 'docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' | ||
|
||
# Test role. | ||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' | ||
- 'docker exec "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' | ||
|
||
# Test role idempotence. | ||
- idempotence=$(mktemp) | ||
- sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | tee -a ${idempotence} | ||
- docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | tee -a ${idempotence} | ||
- > | ||
tail ${idempotence} | ||
| grep -q 'changed=0.*failed=0' | ||
&& (echo 'Idempotence test: pass' && exit 0) | ||
|| (echo 'Idempotence test: fail' && exit 1) | ||
# Make sure mailhog is listening on ports 1025 and 8025. | ||
# TODO. | ||
|
||
# Send an email via mhsendmail. | ||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm sh -c "cat /etc/ansible/roles/role_under_test/tests/message | /opt/mailhog/mhsendmail johndoe@example.com"' | ||
- 'docker exec --tty "$(cat ${container_id})" env TERM=xterm sh -c "cat /etc/ansible/roles/role_under_test/tests/message | /opt/mailhog/mhsendmail johndoe@example.com"' | ||
|
||
# Test retrieving messages via MailHog API. | ||
- 'curl http://localhost:8025/api/v2/messages | grep id' | ||
|
||
# Clean up | ||
- 'sudo docker stop "$(cat ${container_id})"' | ||
- 'docker exec --tty "$(cat ${container_id})" env TERM=xterm sh -c "curl http://localhost:8025/api/v2/messages | grep id"' | ||
|
||
notifications: | ||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.