Skip to content

Commit

Permalink
Merge pull request #43 from systemli/patch-1
Browse files Browse the repository at this point in the history
Bump Integration Workflow to v1.0.0
  • Loading branch information
0x46616c6b authored May 10, 2023
2 parents 85135c6 + 6ffbe24 commit 721d0a4
Show file tree
Hide file tree
Showing 12 changed files with 79 additions and 160 deletions.
6 changes: 3 additions & 3 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---
skip_list:
- fqcn-builtins
- no-handler
exclude_paths:
- molecule/
- .github/
4 changes: 1 addition & 3 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,6 @@ on:
jobs:
integration:
name: Integration
uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@main
uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@v1.0.0
with:
distros: '[ "debian11", "debian10" ]'
role-dependencies: |
- src: geerlingguy.nodejs
28 changes: 17 additions & 11 deletions handlers/main.yml
Original file line number Diff line number Diff line change
@@ -1,26 +1,32 @@
---

- name: restart murmur
service:
- name: Restart murmur
ansible.builtin.service:
name: mumble-server
state: restarted

- name: restart munin-node
service:
- name: Restart munin-node
ansible.builtin.service:
name: munin-node
state: restarted

- name: restart monit
service:
- name: Restart monit
ansible.builtin.service:
name: monit
state: restarted

- name: set superuser password
command: murmurd -ini /etc/mumble-server.ini -supw "{{ murmur_superuser_password }}"
- name: Set superuser password
ansible.builtin.command: murmurd -ini /etc/mumble-server.ini -supw "{{ murmur_superuser_password }}"
register: murmurd_superuser_password
changed_when: murmurd_superuser_password.rc != 0
failed_when: False

- name: restart mumble-web
systemd:
- name: Restart mumble-web
ansible.builtin.systemd:
daemon_reload: True
name: mumble-web
state: restarted

- name: Set Python capabilities
community.general.capabilities:
path: /usr/bin/python2.7
capability: cap_net_bind_service=ei
7 changes: 3 additions & 4 deletions molecule/default/prepare.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
---

- name: Prepare
hosts: all
become: True
Expand All @@ -9,11 +8,11 @@
nodejs_install_npm_user: root
tasks:
- name: Install OpenSSL
apt:
ansible.builtin.apt:
pkg: openssl
cache_valid_time: 3600

- name: create self-signed SSL cert
command: openssl req -new -nodes -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout {{ murmur_sslkey }} -out {{ murmur_sslcert }} -extensions v3_ca
- name: Create self-signed SSL cert
ansible.builtin.command: "openssl req -new -nodes -x509 -subj '/C=US/ST=Oregon/L=Portland/O=IT/CN=${ansible_fqdn}' -days 3650 -keyout {{ murmur_sslkey }} -out {{ murmur_sslcert }} -extensions v3_ca"
args:
creates: "{{ murmur_sslcert }}"
3 changes: 0 additions & 3 deletions molecule/default/requirements.yml

This file was deleted.

75 changes: 0 additions & 75 deletions molecule/default/verify.yml

This file was deleted.

6 changes: 4 additions & 2 deletions requirements.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
---

roles:
- geerlingguy.nodejs
- name: geerlingguy.nodejs
version: 6.1.1
collections:
- community.general
5 changes: 2 additions & 3 deletions tasks/goss.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
---

- name: Check is goss test directory exists
stat:
ansible.builtin.stat:
path: "{{ goss_test_directory }}"
when: goss_test_directory is defined
register: dir

- name: Copy goss tests
template:
ansible.builtin.template:
src: "test_{{ item }}.yml.j2"
dest: "{{ goss_test_directory }}/test_{{ item }}.yml"
owner: root
Expand Down
9 changes: 4 additions & 5 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
---

- name: Import mumble tasks
import_tasks: mumble.yml
ansible.builtin.import_tasks: mumble.yml

- name: Import mumble-web tasks
import_tasks: mumble-web.yml
ansible.builtin.import_tasks: mumble-web.yml
when: mumble_web
tags: mumble-web

- name: Import monitoring tasks
import_tasks: monitoring.yml
ansible.builtin.import_tasks: monitoring.yml
when: murmur_monitoring_monit_enabled or murmur_monitoring_munin_enabled

- name: Import goss tasks
import_tasks: goss.yml
ansible.builtin.import_tasks: goss.yml
tags:
- goss
23 changes: 11 additions & 12 deletions tasks/monitoring.yml
Original file line number Diff line number Diff line change
@@ -1,32 +1,31 @@
---

- name: Install dependencies to make munin plugin work
apt:
ansible.builtin.apt:
pkg: "{{ murmur_monitoring_munin_packages }}"

# plugin taken from https://github.com/Natenom/munin-plugins/issues/10
- name: copy munin plugin
copy:
- name: Copy munin plugin
ansible.builtin.copy:
src: murmur-munin.py
dest: /usr/local/share/
owner: root
group: root
mode: 0755
mode: "0755"

- name: ensure mumble plugins are present
file:
- name: Ensure mumble plugins are present
ansible.builtin.file:
src: "/usr/local/share/murmur-munin.py"
dest: "/etc/munin/plugins/mumble"
state: link
when: murmur_monitoring_munin_enabled
notify: restart munin-node
notify: Restart munin-node

- name: ensure monit service config is latest
copy:
- name: Ensure monit service config is latest
ansible.builtin.copy:
src: "monit/conf.d/mumble-server"
dest: "/etc/monit/conf.d/mumble-server"
owner: root
group: root
mode: 0600
notify: restart monit
mode: "0600"
notify: Restart monit
when: murmur_monitoring_monit_enabled
35 changes: 15 additions & 20 deletions tasks/mumble-web.yml
Original file line number Diff line number Diff line change
@@ -1,40 +1,35 @@
---

- name: install dependencies
apt:
- name: Install dependencies
ansible.builtin.apt:
pkg: websockify

- name: install mumble-web
npm:
- name: Install mumble-web
community.general.npm:
name: mumble-web
global: True

- name: copy mumble-web unit file
template:
- name: Copy mumble-web unit file
ansible.builtin.template:
src: mumble-web.service.j2
dest: /etc/systemd/system/mumble-web.service
owner: root
group: root
mode: 0644
mode: "0644"
register: servicefile
notify: restart mumble-web

- name: Allow to python to inherit socket binding capability
capabilities:
path: /usr/bin/python2.7
capability: cap_net_bind_service=ei
when: servicefile.changed
notify:
- Set Python capabilities
- Restart mumble-web

- name: configure mumble-web
template:
- name: Configure mumble-web
ansible.builtin.template:
src: config.local.js.j2
dest: "{{ mumble_web_path }}/dist/config.local.js"
owner: root
group: root
mode: 0644
mode: "0644"

- name: enable and start mumble-web
systemd:
- name: Wnable and start mumble-web
ansible.builtin.systemd:
name: mumble-web
daemon-reload: yes
enabled: True
Expand Down
38 changes: 19 additions & 19 deletions tasks/mumble.yml
Original file line number Diff line number Diff line change
@@ -1,53 +1,53 @@
---
- name: check if murmurd is already installed.
stat:
- name: Check if murmurd is already installed.
ansible.builtin.stat:
path: /usr/sbin/murmurd
register: murmurd_installed

- name: ensure required packages are present
apt:
- name: Ensure required packages are present
ansible.builtin.apt:
pkg: mumble-server
cache_valid_time: 3600

- name: generate the Murmur config file
template:
- name: Generate the Murmur config file
ansible.builtin.template:
src: "mumble-server.ini.j2"
dest: "/etc/mumble-server.ini"
owner: root
group: mumble-server
mode: 0640
notify: restart murmur
mode: "0640"
notify: Restart murmur

- name: Allow mumble user to access sslkey
block:
- name: check if we can access key
command: cat "{{ murmur_sslkey }}"
- name: Check if we can access key
ansible.builtin.command: cat "{{ murmur_sslkey }}"
become: true
become_user: mumble-server
changed_when: false
check_mode: false

rescue:
- name: ensure mumble owns key
file:
- name: Ensure mumble owns key
ansible.builtin.file:
path: "{{ murmur_sslkey }}"
owner: root
group: mumble-server
mode: 0640
notify: restart murmur
mode: "0640"
notify: Restart murmur

- name: always start service
service:
- name: Always start service
ansible.builtin.service:
name: mumble-server
enabled: True
state: started

- name: write superuser password to a file
copy:
- name: Write superuser password to a file
ansible.builtin.copy:
content: "{{ murmur_superuser_password }}"
dest: /etc/mumble-superuser
owner: root
group: root
mode: 0600
when: murmur_superuser_password is defined
notify: set superuser password
notify: Set superuser password

0 comments on commit 721d0a4

Please sign in to comment.