diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml deleted file mode 100644 index 4c796c1..0000000 --- a/.github/workflows/ansible-lint.yml +++ /dev/null @@ -1,15 +0,0 @@ -# .github/workflows/ansible-lint.yml -name: Ansible Lint - -on: [pull_request, push] - -jobs: - build: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Run ansible-lint - uses: ansible/ansible-lint@main # or version tag instead of 'main' diff --git a/.github/workflows/galaxy-importer.yml b/.github/workflows/galaxy-importer.yml new file mode 100644 index 0000000..29a959c --- /dev/null +++ b/.github/workflows/galaxy-importer.yml @@ -0,0 +1,59 @@ +# Its role is to performe the same checks that would be performed when publishing to galaxy +# Running them earlier helps to detect issues locally + +name: galaxy-importer + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +on: + pull_request: + branches: + - main + +jobs: + galaxy-importer: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection namespace and name from galaxy.yml + id: collection-name + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "COLLECTION_NAMESPACE=$NAMESPACE" >> $GITHUB_ENV + echo "COLLECTION_NAME=$NAME" >> $GITHUB_ENV + echo "COLLECTION_VERSION=$VERSION" >> $GITHUB_ENV + + - name: Install Ansible and importer + run: | + pip install ansible==9.4.0 + pip install ansible-importer + pip install galaxy-importer + + - name: Build and install the collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + ansible-galaxy collection install $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz + + - name: Run ac-galaxy-importer + run: | + python -m galaxy_importer.main $GITHUB_WORKSPACE/$COLLECTION_NAMESPACE-$COLLECTION_NAME-$COLLECTION_VERSION.tar.gz diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml new file mode 100644 index 0000000..b5487ce --- /dev/null +++ b/.github/workflows/linters.yml @@ -0,0 +1,38 @@ +# .github/workflows/ansible-lint.yml +name: Ansible Lint + +on: + pull_request: + + push: + branches: + - main + +jobs: + analyze-code: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ['3.10'] + defaults: + run: + shell: sh + + + steps: + - name: Check out the repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Run ansible-lint + uses: ansible/ansible-lint@main # or version tag instead of 'main' + + - name: Install detect-secrets + run: pip install detect-secrets==1.4.0 + + - name: Run detect-secrets + run: detect-secrets scan diff --git a/.github/workflows/release-from-tag.yml b/.github/workflows/release-from-tag.yml new file mode 100644 index 0000000..65ab392 --- /dev/null +++ b/.github/workflows/release-from-tag.yml @@ -0,0 +1,70 @@ +name: Release to ansible-galaxy from tag + +on: + push: + tags: + - 'v*.*.*' + +jobs: + publish-release: + runs-on: + - ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.10' + + - name: Get collection version from galaxy.yml + id: collection-version + run: | + NAMESPACE=$(grep '^namespace:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + NAME=$(grep '^name:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + VERSION=$(grep '^version:' galaxy.yml | awk '{print $2}' | tr -d "'\"") + if [[ -z "$NAMESPACE" || -z "$NAME" || -z "$VERSION" ]]; then + echo "Error: Unable to find or parse namespace, name, or version in galaxy.yml" + exit 1 + fi + echo "Collection namespace is $NAMESPACE" + echo "Collection name is $NAME" + echo "Collection version is $VERSION" + echo "AC_NAMESPACE=$NAMESPACE" >> "$GITHUB_ENV" + echo "AC_NAME=$NAME" >> "$GITHUB_ENV" + echo "AC_VERSION=$VERSION" >> "$GITHUB_ENV" + + - name: Get Git tag + id: git-tag + run: | + TAG=${GITHUB_REF#refs/tags/} + echo "Git tag is $TAG" + echo "GIT_TAG=$TAG" >> "$GITHUB_ENV" + + - name: Compare collection version and Git tag + shell: bash + run: | + if [[ "v$AC_VERSION" == "$GIT_TAG" ]]; then + echo "The collection version matches the Git tag." + else + echo "Error: The collection version ($AC_VERSION) does not match the Git tag ($GIT_TAG)." + exit 1 + fi + + - name: Install Ansible + run: | + pip install ansible==9.4.0 + + - name: Build collection + run: | + ansible-galaxy collection build $GITHUB_WORKSPACE --force + + - name: Check collection install locally to verify tar.gz correctness + run: | + ansible-galaxy collection install $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz + + - name: Publish Collection to Ansible-Galaxy + run: | + ansible-galaxy collection publish $GITHUB_WORKSPACE/$AC_NAMESPACE-$AC_NAME-$AC_VERSION.tar.gz --api-key "${{ secrets.ANSIBLE_GALAXY_API_KEY }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2b575ce..26c5838 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,3 +11,8 @@ repos: hooks: - id: ansible-lint files: \.(yaml|yml)$ + + - repo: https://github.com/Yelp/detect-secrets + rev: v1.4.0 + hooks: + - id: detect-secrets diff --git a/README.md b/README.md index 8a8903a..a691eda 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,16 @@ Ansible roles and playbooks for deployment and teardown of Cisco SD-WAN on AWS a - [Overview](#overview) - [Roadmap](#roadmap) -- [Prerequisites](#prerequisites) -- [Getting Started](#getting-started) +- [Requirements](#requirements) +- [Installing this collection](#installing-this-collection) +- [Using this collection](#using-this-collection) - [Troubleshooting](#troubleshooting) - [Useful Links](#useful-links) - [Contact Information](#contact-information) - [License](#license) - [Contributing](#contributing) +- [Code of Conduct](#code-of-conduct) +- [Releasing, Versioning and Deprecation](#releasing-versioning-and-deprecation) --- @@ -69,9 +72,9 @@ Future Goals: --- -## Prerequisites +## Requirements -This collection is based on `ansible-core==2.16`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix). +This collection is based on `ansible-core==2.16.6`, see [ansible-core-support-matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix). Before you begin, ensure you have met the following requirements: @@ -79,11 +82,19 @@ Before you begin, ensure you have met the following requirements: - You have an AWS or Azure account with the necessary permissions - You have access to a Cisco SD-WAN AMIs on AWS or images on Azure +### Python dependencies + +The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip: + +```bash +pip install -r requirements.txt +``` + --- -## Getting started +## Installing this collection -### Using collection in your playbooks +### Using `requirements.yml` In `requirements.yml` inside your project add: @@ -110,13 +121,7 @@ At the end always run: ansible-galaxy install -r requirements.yml ``` -### Python dependencies - -The python module dependencies are not installed by ansible-galaxy. They can be manually installed using pip: - -```bash -pip install -r requirements.txt -``` +## Using this collection ### Prepare your configuration @@ -274,3 +279,11 @@ See [LICENSE](./LICENSE) file. ## Contributing See [Contributing](./docs/CONTRIBUTING.md) file. + +## Code of Conduct + +See [Code of Conduct](./docs/CODE_OF_CONDUCT.md) file. + +## Releasing, Versioning and Deprecation + +This collection follows Semantic Versioning. More details on versioning can be found in [Understanding collection versioning](https://docs.ansible.com/ansible/latest/dev_guide/developing_collections_distributing.html#understanding-collection-versioning). diff --git a/galaxy.yml b/galaxy.yml index a7e1628..9cc5810 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,70 +1,24 @@ -# The namespace of the collection. This can be a company/brand/organization or product namespace under which all -# content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with -# underscores or numbers and cannot contain consecutive underscores namespace: cisco - -# The name of the collection. Has the same character restrictions as 'namespace' name: sdwan_deployment - -# The version of the collection. Must be compatible with semantic versioning version: 0.1.0 - -# The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md - -# A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) -# @nicks:irc/im.site#channel' authors: - Arkadiusz Cichon +description: Ansible collection to deploy Cisco SD-WAN on AWS and Azure -### OPTIONAL but strongly recommended -# A short summary description of the collection -description: Ansible collection to deploy Cisco SD-WAN on AWS (Azure in roadmap) +repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment +documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md +homepage: https://github.com/cisco-open/ansible-collection-sdwan-deployment +issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues -# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only -# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: - - "Apache-2.0" + - "GPL-3.0-only" -# The path to the license file for the collection. This path is relative to the root of the collection. This key is -# mutually exclusive with 'license' -# license_file: '' #TODO - -# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character -# requirements as 'namespace' and 'name' tags: - - demo - - collection - - cloud - - infrastructure + - cisco + - sdwan + - catalystwan + - networking -# Collections that this collection requires to be installed for it to be usable. The key of the dict is the -# collection label 'namespace.name'. The value is a version range -# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version -# range specifiers can be set and are separated by ',' dependencies: {} - -# The URL of the originating SCM repository -repository: https://github.com/cisco-open/ansible-collection-sdwan-deployment - -# The URL to any online docs -documentation: https://github.com/cisco-open/ansible-collection-sdwan-deployment/blob/main/README.md - -# The URL to the homepage of the collection/project -homepage: http://cisco.com - -# The URL to the collection issue tracker -issues: https://github.com/cisco-open/ansible-collection-sdwan-deployment/issues - -# A list of file glob-like patterns used to filter any files or directories that should not be included in the build -# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This -# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', -# and '.git' are always filtered. Mutually exclusive with 'manifest' build_ignore: [] - -# A dict controlling use of manifest directives used in building the collection artifact. The key 'directives' is a -# list of MANIFEST.in style -# L(directives,https://packaging.python.org/en/latest/guides/using-manifest-in/#manifest-in-commands). The key -# 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive -# with 'build_ignore' -# manifest: null diff --git a/meta/runtime.yml b/meta/runtime.yml index 1add115..f3a037e 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,2 +1,3 @@ --- -requires_ansible: ">=2.15.6" + +requires_ansible: '>=2.16.6' diff --git a/playbooks/aws_sdwan_config.yml b/playbooks/aws_sdwan_config.yml index 9c1d527..63abecf 100644 --- a/playbooks/aws_sdwan_config.yml +++ b/playbooks/aws_sdwan_config.yml @@ -65,7 +65,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 # vbond_transport_private_ip: null # note that default: 192.168.1.199 # vbond_transport_public_ip: null # note that default: 192.168.1.199 diff --git a/playbooks/template_cloudinit_config.yml b/playbooks/template_cloudinit_config.yml index 8130b47..86c7f28 100644 --- a/playbooks/template_cloudinit_config.yml +++ b/playbooks/template_cloudinit_config.yml @@ -18,7 +18,7 @@ cloud_provider: null # can be either aws or azure # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 vbond_transport_private_ip: null vbond_transport_public_ip: null diff --git a/roles/aws_controllers/defaults/main.yml b/roles/aws_controllers/defaults/main.yml index fc61fa4..4f1926b 100644 --- a/roles/aws_controllers/defaults/main.yml +++ b/roles/aws_controllers/defaults/main.yml @@ -28,7 +28,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides # vpn0_interface_color: default diff --git a/roles/aws_edges/defaults/main.yml b/roles/aws_edges/defaults/main.yml index 4bb0343..410f11d 100644 --- a/roles/aws_edges/defaults/main.yml +++ b/roles/aws_edges/defaults/main.yml @@ -28,7 +28,7 @@ aws_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides # vpn0_interface_color: default diff --git a/roles/azure_controllers/defaults/main.yml b/roles/azure_controllers/defaults/main.yml index 520ec66..3304180 100644 --- a/roles/azure_controllers/defaults/main.yml +++ b/roles/azure_controllers/defaults/main.yml @@ -48,7 +48,7 @@ azure_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # vpn0_interface_color: default diff --git a/roles/azure_edges/defaults/main.yml b/roles/azure_edges/defaults/main.yml index 5296342..bf01002 100644 --- a/roles/azure_edges/defaults/main.yml +++ b/roles/azure_edges/defaults/main.yml @@ -48,7 +48,7 @@ azure_key_name: null # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # vpn0_interface_color: default diff --git a/roles/template_cloudinit/defaults/main.yml b/roles/template_cloudinit/defaults/main.yml index e4f48f7..9d8e9ad 100644 --- a/roles/template_cloudinit/defaults/main.yml +++ b/roles/template_cloudinit/defaults/main.yml @@ -22,7 +22,7 @@ userdata_vsmart_path: "{{ results_dir }}/.userdata_vsmart" # Cloud-init general configurations admin_username: admin -admin_password: Cisco#123@Viptela +admin_password: example_password # pragma: allowlist secret vbond_port: 12346 default_vbond_ip: 192.168.1.199 # default ips from official Cisco guides vbond_transport_private_ip: null