Skip to content

Commit

Permalink
PRE - default and variable standardisation
Browse files Browse the repository at this point in the history
  • Loading branch information
@aybarsm
aybarsm committed Oct 19, 2024
1 parent af019d0 commit 69c1262
Show file tree
Hide file tree
Showing 19 changed files with 223 additions and 74 deletions.
70 changes: 59 additions & 11 deletions plugins/modules/pvesh_get.py
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,74 @@
#
# Copyright (c) 2016 Musee Ullah
# Author: Musee Ullah (@lae)
# Forked from https://github.com/lae/ansible-role-proxmox
#

#!/usr/bin/python

ANSIBLE_METADATA = {
'metadata_version': '1.0',
'status': ['stableinterface'],
'supported_by': 'lae'
}

DOCUMENTATION = '''
---
module: proxmox_query
short_description: Uses pvesh to query Proxmox API
options:
query:
required: true
aliases: [ "name" ]
description:
- Specifies what resource to query
author:
- Musee Ullah (@lae)
'''

EXAMPLES = '''
- name: Query cluster status
proxmox_query:
query: cluster/status
- name: Collect a list of running LXC containers for some hosts
proxmox_query:
query: "nodes/{{ item }}/lxc"
with_items:
- node01
- node02
- node03
'''

RETURN = '''
response:
description: JSON response from pvesh provided by a query
type: json
'''

from ansible.module_utils.basic import AnsibleModule
# import ansible_collections.aybarsm.linux.plugins.module_utils.pvecm as pvecm
from ansible_collections.aybarsm.linux.plugins.module_utils.pvesh import ProxmoxShellError
import ansible_collections.aybarsm.linux.plugins.module_utils.pvesh as pvesh

def main():
module = AnsibleModule(
argument_spec = dict(
path=dict(type='path', required=True),
options=dict(type='dict', required=False),
noproxy=dict(type='bool', required=False, default=False),
human_readable=dict(type='bool', required=False, default=False),
noborder=dict(type='bool', required=False, default=False),
noheader=dict(type='bool', required=False, default=False),
output_format=dict(type='str', required=False, default='json', choices=['json', 'json-pretty', 'text', 'yaml']),
query=dict(type='str', required=True, aliases=['name']),
),
supports_check_mode=True
)

# rc, out, err = pvecm.status(module)

result = {"changed": False}
result['response'] = module.params

try:
result['response'] = pvesh.get(module.params['query'])
except ProxmoxShellError as e:
if e.data:
result["response"] = e.data

module.fail_json(msg=e.message, status_code=e.status_code, **result)

module.exit_json(**result)

Expand Down
4 changes: 2 additions & 2 deletions roles/auth/tasks/ssh_renew_host_keys.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
- ansible__role_enabled | default(false) | bool
- ansible__manage_local_facts | default(false) | bool
- ansible__local_fact_name is defined
fail_msg: "aybarsm.linux.ansible role, local fact management must be enabled and local fact name needs to be defined. \
fail_msg: "aybarsm.helper.ansible role, local fact management must be enabled and local fact name needs to be defined. \
(ansible__role_enabled: true & ansible__manage_local_facts: true & ansible__local_fact_name is defined)"
success_msg: "Ansible requirements are met for one time ssh host key renewal."
register: auth__ssh_host_keys_assert_ansible_role
Expand Down Expand Up @@ -52,7 +52,7 @@

- name: Include update local facts tasks when ssh host keys renewed
ansible.builtin.include_role:
name: aybarsm.linux.ansible
name: aybarsm.helper.ansible
tasks_from: update_local_facts.yml
vars:
ansible__local_fact_updates:
Expand Down
17 changes: 17 additions & 0 deletions roles/network/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ network__manage_hostname: false
network__manage_hosts: false
network__manage_iptables: false
network__manage_udev_rules: false
network__manage_gai: false

network__default: []
network__group: []
Expand Down Expand Up @@ -98,9 +99,25 @@ network__hosts_auto_discovery: false
network__hosts_auto_discovery_inventories: 'webservers:&atlanta'
##### END: network hosts vars

##### BEGIN: network udev rules vars
network__iptables_comment_prefix: ''
network__iptables_comment_suffix: ''
network__iptables_cleanup_v4: false
network__iptables_cleanup_v4_cleanup_regex: []
network__iptables_cleanup_v4_state_file: /tmp/iptables_state.v4
network__iptables_cleanup_v6: false
network__iptables_cleanup_v6_cleanup_regex: []
network__iptables_cleanup_v6_state_file: /tmp/iptables_state.v6
##### END: network udev rules vars

##### BEGIN: network udev rules vars
network__udev_rules_file: /etc/udev/rules.d/70-persistent-net.rules
network__udev_rules_template: etc/udev/rules.d/70-persistent-net.rules.j2
network__udev_rules_backup: true
network__udev_rules_remove: false
##### END: network udev rules vars

##### BEGIN: network udev rules vars
# Prefer IPv4 over IPv6 > precedence ::ffff:0:0/96 100
network__gai_prefer_ipv4: false
##### END: network udev rules vars
23 changes: 22 additions & 1 deletion roles/network/tasks/iptables.yml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,27 @@
---
- name: Include iptables IPv4 cleanup tasks
ansible.builtin.include_tasks: iptables_cleanup.yml
vars:
iptables_cleanup_ip_ver: ipv4
iptables_cleanup_state_file: "{{ network__iptables_cleanup_v4_state_file }}"
iptables_cleanup_regex: "{{ network__iptables_cleanup_v4_cleanup_regex }}"
when: network__iptables_cleanup_v4 | bool and network__iptables_cleanup_v4_cleanup_regex | length > 0

- name: Include iptables IPv6 cleanup tasks
ansible.builtin.include_tasks: iptables_cleanup.yml
vars:
iptables_cleanup_ip_ver: ipv6
iptables_cleanup_state_file: "{{ network__iptables_cleanup_v6_state_file }}"
iptables_cleanup_regex: "{{ network__iptables_cleanup_v6_cleanup_regex }}"
when: network__iptables_cleanup_v6 | bool and network__iptables_cleanup_v6_cleanup_regex | length > 0

- name: Deploy iptables configuration
become: true
ansible.builtin.iptables:
action: "{{ item.action | default(omit) }}"
chain: "{{ item.chain | default(omit) }}"
chain_management: "{{ item.chain_management | default(omit) }}"
comment: "{{ item.comment | default(omit) }}"
comment: "{{ rule_comment | default(omit, true) }}"
ctstate: "{{ item.ctstate | default(omit) }}"
destination: "{{ item.destination | default(omit) }}"
destination_port: "{{ item.destination_port | default(omit) }}"
Expand Down Expand Up @@ -48,6 +64,11 @@
to_source: "{{ item.to_source | default(omit) }}"
uid_owner: "{{ item.uid_owner | default(omit) }}"
wait: "{{ item.wait | default(omit) }}"
vars:
rule_comment: "{{ [(network__iptables_comment_prefix | default('')), (item.comment | default('')), (network__iptables_comment_suffix | default(''))] |
join(' ') | trim }}"
loop: "{{ network__iptables_all }}"
register: network__iptables_deploy
when: network__iptables_all | default([]) | length > 0

#TODO: Iptables cleanup regex
26 changes: 26 additions & 0 deletions roles/network/tasks/iptables_cleanup.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
- name: "Cleanup iptables {{ iptables_cleanup_ip_ver }} rules"
block:
- name: "Save iptables {{ iptables_cleanup_ip_ver }} rules"
community.general.iptables_state:
ip_version: "{{ iptables_cleanup_ip_ver }}"
path: "{{ iptables_cleanup_state_file }}"
state: saved
- name: "Cleanup iptables {{ iptables_cleanup_ip_ver }} rules"
ansible.builtin.lineinfile:
path: "{{ iptables_cleanup_state_file }}"
regexp: "{{ item }}"
state: absent
loop: "{{ iptables_cleanup_regex }}"
- name: "Assert check mode for restoring iptables {{ iptables_cleanup_ip_ver }} rules"
ansible.builtin.assert:
that: True
success_msg: "{{ 'Check mode is %s. Iptables rule restore errors will %s.' | format(*format_args) }}"
vars:
format_args: "{{ ['on', 'be ignored'] if ansible_check_mode else ['off', 'not be ignored'] }}"
- name: "Restore iptables {{ iptables_cleanup_ip_ver }} rules"
community.general.iptables_state:
ip_version: "{{ iptables_cleanup_ip_ver }}"
path: "{{ iptables_cleanup_state_file }}"
state: restored
ignore_errors: "{{ ansible_check_mode }}"
3 changes: 3 additions & 0 deletions roles/network/templates/etc/network/interfaces.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ iface {{ iface.name }} {{ addr_family }} {{ ifaceMethod }}
{{ ifaceParams | aybarsm.helper.to_querystring('name', 'value', ' ', '\n') | indent(4, true) }}
{% endif %}
{% endif %}
{% if iface.comment is defined %}
{{ iface.comment | comment }}
{% endif %}

{% endif %}
{% endfor %}
Expand Down
62 changes: 23 additions & 39 deletions roles/network/vars/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,26 @@
network__all: "{{ (network__host + network__group + network__default) | selectattr('type', 'defined') | rejectattr('entry__skip', 'defined') }}"
network__all: "{{ (network__host + network__group + network__default) |
map('aybarsm.helper.combine_reverse', {'keep__entry': true, 'skip__entry': false}) |
rejectattr('keep__entry', 'eq', false) | rejectattr('skip__entry', 'eq', true) | rejectattr('type', 'undefined') |
aybarsm.helper.all_except(['keep__entry', 'skip__entry']) }}"

##### BEGIN: network systemd vars
__network_systemd_available_change_modules: ['systemd_service', 'command']
__network__systemd_link_name: '{"type":"systemd","name":"__SYSTEMD_LINK_NAME__","children":[{"name":"Match","children":[{"name":"MACAddress","value":"__MAC_ADDRESS__"},{"name":"Type","value":"ether"}]},{"name":"Link","children":[{"name":"NamePolicy","value":""},{"name":"Name","value":"__LINK_NAME__"}]}]}'
# REVIEW: There is room for optimisation
__network__systemd_configs: >-
{%- set __cfgs = [] -%}
{%- for cfg in network__all | reverse if cfg -%}
{%- set __cfgs_grp = (cfg | selectattr('type', 'eq', 'systemd') |
selectattr('name', 'defined') | selectattr('name', 'search', '\\.(network|link|netdev)$') | selectattr('children', 'defined')) -%}
{%- set __cfgs_rnm = (cfg | selectattr('type', 'eq', 'systemd_link_rename') |
selectattr('name', 'defined') | selectattr('name', 'search', '^(?:[0-9]|[1-9][0-9])-[a-zA-Z]+\\d+\\.link$') |
selectattr('macaddress', 'defined') | selectattr('macaddress', 'ansible.utils.mac') | default([])) -%}
{%- if __cfgs_rnm | length > 0 -%}
{%- for cfgrnm in __cfgs_rnm if cfgrnm -%}
{%- set __cfgs_grp = __cfgs_grp.append(__network__systemd_link_name |
replace('__SYSTEMD_LINK_NAME__', cfgrnm.name) | replace('__MAC_ADDRESS__', cfgrnm.macaddress) |
replace('__LINK_NAME__', (cfgrnm.name | regex_replace('^(?:[0-9]|[1-9][0-9])-(.*).link$', '\\1'))) | from_json) -%}
{%- endfor -%}
{%- endif -%}
{%- set __cfgs = __cfgs.append(__cfgs_grp) -%}
__network__systemd_rename: >-
{%- set __rtr = [] -%}
{%- set __cfgs = (network__all | selectattr('type', 'eq', 'systemd_link_rename') |
selectattr('name', 'defined') | selectattr('name', 'match', '^(?:[0-9]|[1-9][0-9])-[a-zA-Z]+\\d+\\.link$') |
selectattr('macaddress', 'defined') | selectattr('macaddress', 'match', '^([0-9A-Fa-f]{2}([:])?){5}([0-9A-Fa-f]{2})$') | default([])) -%}
{%- for cfg in __cfgs if cfg -%}
{%- set __rtr = __rtr.append(__network__systemd_link_name |
replace('__SYSTEMD_LINK_NAME__', cfg.name) | replace('__MAC_ADDRESS__', cfg.macaddress) |
replace('__LINK_NAME__', (cfg.name | regex_replace('^(?:[0-9]|[1-9][0-9])-(.*).link$', '\\1'))) | from_json) -%}
{%- endfor -%}
{{ __cfgs }}
{{ __rtr }}
network__systemd_all: "{{ __network__systemd_configs |
network__systemd_all: "{{ ((network__all | selectattr('type', 'eq', 'systemd') |
selectattr('name', 'defined') | selectattr('name', 'search', '\\.(network|link|netdev)$') |
selectattr('children', 'defined') | default([])) + __network__systemd_rename) | reverse |
community.general.lists_mergeby('name', recursive=true, list_merge='prepend') |
aybarsm.helper.unique_recursive(attributes='name', recurse='children') }}"

Expand All @@ -44,14 +41,6 @@ network__systemd_cleanup_patterns: ["(?!{{ __network__systemd_cleanup_regex | jo
##### BEGIN: network interfaces vars
__network_interfaces_available_change_modules: ['service', 'systemd_service', 'command']

# REVIEW: There is room for optimisation
__network__interfaces_configs: >-
{%- set __configs_prepared = [] -%}
{%- for config in [network__default, network__group, network__host] if config -%}
{%- set __configs_prepared = __configs_prepared.append(config | selectattr('type', 'defined') | selectattr('type', 'eq', 'interface') | selectattr('name', 'defined')) -%}
{%- endfor -%}
{{ __configs_prepared }}
# Sort interfaces by name to avoid unneccessary changes
network__interfaces_all: "{{ network__all | reverse |
selectattr('type', 'eq', 'interface') | selectattr('name', 'defined') |
Expand All @@ -61,7 +50,7 @@ network__interfaces_all: "{{ network__all | reverse |
sort(attribute='name') }}"

##### BEGIN: network sysctl vars
network__sysctl_all: "{{ (network__host + network__group + network__default) |
network__sysctl_all: "{{ network__all |
selectattr('type', 'defined') | selectattr('type', 'equalto', 'sysctl') |
aybarsm.helper.replace_aliases(__ansible.modules.ansible_posix_sysctl.aliases) |
selectattr('name', 'defined') | selectattr('value', 'defined') | unique(attribute='name') }}"
Expand All @@ -84,24 +73,19 @@ __network__hosts_auto_discovered: >-
{%- endif -%}
{{ auto_discovered }}
network__hosts_all: "{{ (network__host + network__group + network__default + __network__hosts_auto_discovered) |
selectattr('type', 'defined') | selectattr('type', 'equalto', 'host') |
selectattr('ip', 'defined') | selectattr('hostname', 'defined') |
aybarsm.helper.replace_aliases({'fqdn': ['hostname']}) |
aybarsm.helper.unique_recursive(attributes=['ip', 'hostname', 'fqdn']) }}"
network__hosts_all: "{{ (network__all + __network__hosts_auto_discovered) |
selectattr('type', 'eq', 'host') | selectattr('ip', 'defined') | selectattr('hostname', 'defined') |
aybarsm.helper.replace_aliases({'fqdn': ['hostname']}) | unique(attribute='ip') }}"

# Sort hosts by hostname to avoid unneccessary changes
network__hosts_all_ipv4: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv4') | sort(attribute='hostname') }}"
network__hosts_all_ipv6: "{{ network__hosts_all | selectattr('ip', 'ansible.utils.ipv6') | sort(attribute='hostname') }}"
##### END: network hosts vars

##### BEGIN: network iptables vars
network__iptables_all: "{{ (network__host + network__group + network__default) |
selectattr('type', 'defined') | selectattr('type', 'equalto', 'iptables') }}"
network__iptables_all: "{{ network__all | selectattr('type', 'eq', 'iptables') }}"
##### END: network iptables vars

##### BEGIN: network udev rules vars
network__udev_rules_all: "{{ (network__host + network__group + network__default) |
selectattr('type', 'defined') | selectattr('type', 'equalto', 'udev_rule') |
selectattr('entries', 'defined') }}"
network__udev_rules_all: "{{ network__all | selectattr('type', 'eq', 'udev_rule') | selectattr('entries', 'defined') }}"
##### END: network udev rules vars
4 changes: 1 addition & 3 deletions roles/package_manager/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,4 @@ package_manager__repo_list_use_regex: true

package_manager__default: []
package_manager__group: []
package_manager__host: []

package_manager__all: "{{ package_manager__host + package_manager__group + package_manager__default }}"
package_manager__host: []
13 changes: 12 additions & 1 deletion roles/package_manager/handlers/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
# - name: Update local facts for the host upgrade
# ansible.builtin.include_role:
# name: aybarsm.linux.ansible
# name: aybarsm.helper.ansible
# tasks_from: update_local_facts.yml
# vars:
# ansible__local_fact_updates:
Expand Down Expand Up @@ -31,3 +31,14 @@
when:
- ansible_os_family | lower == 'redhat'

- name: DEB APT Full Clean (autoclean, clean, autoremove and purge)
become: true
ansible.builtin.apt:
clean: true
autoclean: true
autoremove: true
purge: true
register: package_manager__deb_full_clean
listen: "package_manager__manager_full_clean"
when:
- ansible_os_family | lower == 'debian'
2 changes: 1 addition & 1 deletion roles/package_manager/tasks/upgrade.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@

- name: Include update local facts tasks when upgrade is successful
ansible.builtin.include_role:
name: aybarsm.linux.ansible
name: aybarsm.helper.ansible
tasks_from: update_local_facts.yml
vars:
ansible__local_fact_updates:
Expand Down
6 changes: 3 additions & 3 deletions roles/package_manager/vars/common-pre.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ __package_manager__upgrade_execute: >-
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy is set to clean, but no default repo list configuration found.'} -%}
{%- elif __package_manager__upgrade_once -%}
{%- if ansible__local_fact_name is undefined -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.linux.ansible role imported.'} -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.helper.ansible role imported.'} -%}
{%- elif ansible__role_enabled is undefined or not ansible__role_enabled -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.linux.ansible role enabled. (ansible__role_enabled: true)'} -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.helper.ansible role enabled. (ansible__role_enabled: true)'} -%}
{%- elif not ansible__manage_local_facts -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.linux.ansible role local fact management enabled. (ansible__manage_local_facts: true)'} -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Upgrade strategy once requires aybarsm.helper.ansible role local fact management enabled. (ansible__manage_local_facts: true)'} -%}
{%- elif ansible_local[ansible__local_fact_name].package_manager.upgrade is defined -%}
{%- set exec_upgrade = {'decision': false, 'reason': 'Host already upgraded.'} -%}
{%- endif -%}
Expand Down
Loading

0 comments on commit 69c1262

Please sign in to comment.