forked from google/bms-toolkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-instance.yml
81 lines (71 loc) · 2.81 KB
/
check-instance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: dbasm
gather_facts: false
pre_tasks:
- name: Verify that Ansible on control node meets the version requirements
assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
fail_msg: "You must update Ansible to at least 2.8 to use these playbooks"
success_msg: "Ansible version is {{ ansible_version.full }}, continuing"
- name: Confirm JSON parsing works
assert:
that: "{{ '{}' | json_query('[0]') == None }}"
register: test_json
ignore_errors: true
- name: Check for JSON parse failure
fail:
msg: "Python jmespath is missing; please install the python2-jmespath package on control node."
when: test_json.failed
vars:
allow_install_on_vm: false
tasks:
- name: Test connectivity to target instance via ping
ping:
register: pingrc
- name: Abort if ping module fails
assert:
that: "pingrc.ping == 'pong'"
fail_msg: >-
The instance does not have an usable python distribution
success_msg: >-
The instance has an usable python installation, continuing
- name: Collect facts from target
setup:
- name: Platform verification
fail:
msg: "The system may not be provisioned on VM by default. Use the allow_install_on_vm option for VM testing"
when:
- ansible_system_vendor == "Google"
- ansible_virtualization_type == "kvm"
- ansible_virtualization_role == "guest"
- allow_install_on_vm == false
- name: Test privilege escalation on target
raw: sudo -u root whoami
register: rawrc
changed_when: False
- name: Fail if unable to sudo to root on target
assert:
that: "'root' in rawrc.stdout_lines"
fail_msg: "The account {{ ansible_user }} used to connect does not have sudo privileges to root"
success_msg: "The account {{ ansible_user }} used to connect has sudo root privileges, continuing"
- name: Check for Python installation
raw: test -e /usr/bin/python || test -e /usr/bin/python3
changed_when: false
failed_when: false
register: check_python
- name: Install Python if required
raw: sudo yum -y install python3
when: check_python.rc != 0