commit 5d37a8f554b0ef81faf7cf0f74f854f026306940 Author: juju4 Date: Sun Oct 30 15:40:48 2016 -0400 Initial commit on github diff --git a/.kitchen.vagrant.yml b/.kitchen.vagrant.yml new file mode 100644 index 0000000..abfbd20 --- /dev/null +++ b/.kitchen.vagrant.yml @@ -0,0 +1,29 @@ +--- +driver: + name: vagrant + provider: <%= ENV['KITCHEN_PROVIDER'] || 'virtualbox' %> + +## make file transfer faster. need https://github.com/coderanger/kitchen-sync +transport: + name: sftp + +provisioner: + name: ansible_playbook + roles_path: ../../roles + hosts: test-kitchen +# ansible_verbose: true + ansible_verbose: false + ansible_verbosity: 3 + ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %> + +platforms: + - name: ubuntu-16.04 + - name: ubuntu-14.04 + - name: ubuntu-12.04 + - name: centos-7.1 + +suites: + - name: default + run_list: + attributes: + diff --git a/.kitchen.yml b/.kitchen.yml new file mode 100644 index 0000000..348c378 --- /dev/null +++ b/.kitchen.yml @@ -0,0 +1,37 @@ +--- +driver: + name: lxd_cli + +transport: + name: sftp + +provisioner: + name: ansible_playbook + roles_path: ../ + hosts: test-kitchen +# ansible_verbose: true + ansible_verbose: false + ansible_verbosity: 3 + ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %> + ansible_yum_repo: http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm + require_chef_omnibus: false + require_ansible_omnibus: true +# require_chef_for_busser: false + enable_yum_epel: true + ansible_connection: ssh + +platforms: + - name: ubuntu-16.04 + - name: ubuntu-14.04 + - name: ubuntu-12.04 + - name: centos-7 +# - name: centos-6 +## FIXME! 'Installing Chef Omnibus to install busser to run tests' not supported = can disable +## ' sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)\nOSError: [Errno 2] No such file or directory' +# - name: alpine-3.4 + +suites: + - name: default + run_list: + attributes: + diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..2e2bcd5 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,36 @@ +--- +dist: trusty +language: python +python: "2.7" +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq python-apt python-pycurl + - ln -s ansible-fprobe ../juju4.fprobe +## for local travis execution as we use same default.yml than kitchen + - mkdir /tmp/kitchen + - ln -s /home/travis/build/juju4/ansible-fprobe/test/integration/default/tmp /tmp/kitchen/tmp +## serverspec test + - sudo apt-get install -qq ruby2.0 rake + - sudo gem2.0 install serverspec + - ln -s /home/travis/build/juju4/ansible-fprobe/test/integration/default/serverspec/Rakefile +install: + - pip install ansible + - ansible --version + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + - gem2.0 --version +script: + - "echo \"[test-kitchen]\nlocalhost\" > inventory" + +# Check the role/playbook's syntax. + - "ansible-playbook -i inventory --syntax-check test/integration/default/default.yml" + +# Run the role/playbook with ansible-playbook. + - "ansible-playbook -i inventory --connection=local --sudo -vvvv test/integration/default/default.yml" + +# Run the role/playbook again, checking to make sure it's idempotent. + - "ansible-playbook -i inventory test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)" + +# Serverspec +# - "test/integration/default/serverspec/run-local-tests.sh" + - "cd test/integration/default/serverspec/ && bundle exec rake spec" + diff --git a/.travis.yml.docker b/.travis.yml.docker new file mode 100644 index 0000000..1270cb4 --- /dev/null +++ b/.travis.yml.docker @@ -0,0 +1,78 @@ +--- +## from https://github.com/geerlingguy/ansible-role-apache/blob/master/.travis.yml +sudo: required + +env: +# - distribution: centos +# version: 6 +# init: /sbin/init +# run_opts: "" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - distribution: ubuntu + version: 16.04 + init: /lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" +# run_opts: "--cap-add SYS_ADMIN" + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" +# - distribution: ubuntu +# version: 12.04 +# init: /sbin/init +# run_opts: "" +# - distribution: alpine +# version: 3.4 +# init: /sbin/init +# run_opts: "" + +services: + - docker + +before_install: + # - sudo apt-get update + # Pull container + - 'sudo docker pull ${distribution}:${version}' + - env + - pwd + - find -ls + - ln -s ansible-fprobe ../juju4.fprobe + - ./get-dependencies.sh + - cp test/travis/initctl_faker test/ + # Customize container + - 'sudo docker build --rm=true --file=test/travis/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible test' + +script: + - container_id=$(mktemp) + # Run container in detached state + - 'sudo docker run --detach --volume="${PWD%/*}":/etc/ansible/roles:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible --version' + + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml' + + # Test role idempotence. + - > + sudo docker exec "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml + | tee /tmp/idempotency.log + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1) + + # serverspec tests +## travis/docker: Errno::EROFS: Read-only file system @ dir_s_mkdir - /etc/ansible/roles/ansible-MISP/test/integration/default/serverspec/.bundle +# - 'sudo docker exec --tty "$(cat ${container_id})" /etc/ansible/roles/MISP/test/integration/default/serverspec/run-local-tests.sh' + + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + diff --git a/.travis.yml.lxd b/.travis.yml.lxd new file mode 100644 index 0000000..ff1592a --- /dev/null +++ b/.travis.yml.lxd @@ -0,0 +1,93 @@ +--- +dist: trusty +sudo: required +rvm: + - 2.2 + +env: +## those images need pre-configuration before being usable (openssh...) +# - distribution: centos +# version: 6 +# - distribution: centos +# version: 7 + - distribution: ubuntu + version: 16.04 + - distribution: ubuntu + version: 14.04 + - distribution: ubuntu + version: 12.04 +# - distribution: alpine +# version: 3.4 + +before_install: + - env + - pwd + - find -ls +## use appropriate role path and not github name + - ln -s ansible-fprobe ../juju4.fprobe + - ./get-dependencies.sh +## No Xenial, https://github.com/travis-ci/travis-ci/issues/5821 +# - sudo apt install lxd + - echo "deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/trusty-backports.list + - sudo apt-get update -qq + - sudo apt -t trusty-backports -y install lxd acl -q +## change of group implies logout+login to apply... can't do with travis = run as root (sic) +## https://github.com/travis-ci/travis-ci/issues/1839 or chain: sudo -E su $USER -c "..." + - sudo usermod -G lxd travis + # Pull container + - sudo -E su $USER -c "lxc remote list" + - sudo -E su $USER -c "lxc image list" +## pre-download base images + - 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] || lxc image copy images:/${distribution}/${version}/amd64 local: --alias=${distribution}-${version}"' + - 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] && lxc image copy ubuntu:${version} local: --alias=${distribution}-${version}" || true' +## configure lxd-bridge + - sudo perl -pi -e 's@^LXD_IPV4_ADDR=""@LXD_IPV4_ADDR="10.252.116.1"@;s@^LXD_IPV4_NETMASK=""@LXD_IPV4_NETMASK="255.255.255.0"@;s@^LXD_IPV4_NETWORK=""@LXD_IPV4_NETWORK="10.252.116.1/24"@;s@^LXD_IPV4_DHCP_RANGE=""@LXD_IPV4_DHCP_RANGE="10.252.116.2,10.252.116.254"@;s@^LXD_IPV4_DHCP_MAX=""@LXD_IPV4_DHCP_MAX="252"@;s@LXD_IPV6_PROXY="true"@LXD_IPV6_PROXY="false"@' /etc/default/lxd-bridge +# - cat /etc/default/lxd-bridge +# - service --status-all + - sudo service lxd restart +## ssh key for lxd_cli ? + - ls ~/.ssh + - ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -P "" +## sudo/su get us a non-usual PATH ... + - sudo -E su $USER -c "lxc launch ${distribution}-${version} run-${distribution}-${version//./}" +# - sudo -E su $USER -c "lxc start run-${distribution}-${version//./}" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- env" + - '[ "X${distribution}" != "Xalpine" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- dhclient eth0" || true' + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ping -c 1 8.8.8.8" + - '[ "X${distribution}" == "Xubuntu" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- apt-get update" || true' + - '[ "X${distribution}" == "Xubuntu" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- apt-get -y install python python-apt aptitude python-pip libssl-dev python-dev libffi-dev" || true' + - '[ "X${distribution}" == "Xcentos" -a "X${version}" == "X6" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" || true' + - '[ "X${distribution}" == "Xcentos" -a "X${version}" == "X7" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm" || true' + - '[ "X${distribution}" == "Xcentos" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- yum update" || true' + - '[ "X${distribution}" == "Xcentos" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- yum -y install python python-pip openssl-devel python-devel libffi-devel \"@Development tools\"" || true' + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- pip install ansible" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible --version" + - "echo localhost > inventory" +## enable ansible profiling (https://github.com/jlafon/ansible-profile) +# - "printf '[defaults]\ncallback_whitelist = profile_tasks' > ansible.cfg" +# - sudo -E su $USER -c "lxc file push inventory ansible.cfg run-${distribution}-${version//./}/root/" + - sudo -E su $USER -c "lxc file push inventory run-${distribution}-${version//./}/root/" +## these lines are necessary so lxc mount is read-write, https://github.com/lxc/lxd/issues/1879 + - chmod -R go+w $PWD +## OR + - sudo -E su $USER -c "lxc config show run-${distribution}-${version//./}" +## FIXME! awk extraction is working in shell but not in travis... relying on global chmod as test ephemeral environment. DON'T USE IN PRODUCTION! + - sudo -E su $USER -c "lxc config show run-${distribution}-${version//./} | awk -F'[\":,]' '/Hostid/ { print $13 }'" + - CUID=`sudo -E su $USER -c "lxc config show run-${distribution}-${version//./} | awk -F'[\":,]' '/Hostid/ { print $13 }'"` + - "echo setfacl -Rm user:$CUID:rwx ${PWD%/*}" + - "setfacl -Rm user:$CUID:rwx ${PWD%/*}" + - sudo -E su $USER -c "lxc config device add run-${distribution}-${version//./} sharedroles disk path=/etc/ansible/roles source=${PWD%/*}" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- mount" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- pwd" + +script: + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory --syntax-check /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory --connection=local --sudo -vvvv /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml" +## FIXME! Travis request: Build config file had a parse error: "mapping values are not allowed in this context at line 72 column 321". +# - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)" + - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- time sh -x /etc/ansible/roles/juju4.fprobe/test/integration/default/serverspec/run-local-tests.sh" + - sudo -E su $USER -c "lxc stop run-${distribution}-${version//./}" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + diff --git a/.travis.yml.lxd-kitchen b/.travis.yml.lxd-kitchen new file mode 100644 index 0000000..703a341 --- /dev/null +++ b/.travis.yml.lxd-kitchen @@ -0,0 +1,81 @@ +--- +dist: trusty +sudo: required +rvm: + - 2.2 + +env: +## those images need pre-configuration before being usable (openssh...) +# - distribution: centos +# version: 6 +# - distribution: centos +# version: 7 + - distribution: ubuntu + version: 16.04 + - distribution: ubuntu + version: 14.04 + - distribution: ubuntu + version: 12.04 +# - distribution: alpine +# version: 3.4 + +before_install: + - env + - pwd + - find -ls +## use appropriate role path and not github name + - ln -s ansible-fprobe ../juju4.fprobe +## No Xenial, https://github.com/travis-ci/travis-ci/issues/5821 +# - sudo apt install lxd + - echo "deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/trusty-backports.list + - sudo apt-get update -qq + - sudo apt -t trusty-backports -y install lxd acl -q +## change of group implies logout+login to apply... can't do with travis = run as root (sic) +## https://github.com/travis-ci/travis-ci/issues/1839 or chain: sudo -E su $USER -c "..." + - sudo usermod -G lxd travis + # Pull container +# - lxc remote add images images.linuxcontainers.org + - sudo -E su $USER -c "lxc remote list" + - sudo -E su $USER -c "lxc image list" +## pre-download base images + - 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] || lxc image copy images:/${distribution}/${version}/amd64 local: --alias=${distribution}-${version}"' + - 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] && lxc image copy ubuntu:${version} local: --alias=${distribution}-${version}" || true' +## configure lxd-bridge + - sudo perl -pi -e 's@^LXD_IPV4_ADDR=""@LXD_IPV4_ADDR="10.252.116.1"@;s@^LXD_IPV4_NETMASK=""@LXD_IPV4_NETMASK="255.255.255.0"@;s@^LXD_IPV4_NETWORK=""@LXD_IPV4_NETWORK="10.252.116.1/24"@;s@^LXD_IPV4_DHCP_RANGE=""@LXD_IPV4_DHCP_RANGE="10.252.116.2,10.252.116.254"@;s@^LXD_IPV4_DHCP_MAX=""@LXD_IPV4_DHCP_MAX="252"@;s@LXD_IPV6_PROXY="true"@LXD_IPV6_PROXY="false"@' /etc/default/lxd-bridge +# - cat /etc/default/lxd-bridge +# - service --status-all + - sudo service lxd restart + + - sudo pip install ansible +## need to use chef gem for some reason? BAD PATH https://github.com/chef/chef-dk/issues/15 +# - chef gem install kitchen + - gem install kitchen + - gem install kitchen-ansible + - gem install kitchen-sync + - gem install kitchen-lxd_cli +## Message: Unable to activate kitchen-ansible-0.45.0, because net-ssh-2.9.2 conflicts with net-ssh (~> 3.0) +# - chef gem uninstall net-ssh -v 2.9.2 -q ?-y +# - chef gem list + - gem list + - which kitchen +# - which chef +# - find /var/lib/gems $HOME/.gem /usr/local/rvm/gems /opt/chefdk/embedded/lib/ruby/gem -iname '*lxd_cli*' || true + - wget -q https://releases.hashicorp.com/vagrant/1.8.5/vagrant_1.8.5_x86_64.deb && sudo dpkg -i vagrant_1.8.5_x86_64.deb +## ssh key for lxd_cli ? + - ls ~/.ssh + - ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -P "" +## sudo/su get us a non-usual PATH ... + - sudo -E su $USER -c "env" +## The command "sudo -E su $USER -c "which kitchen"" failed and exited with 1 during . +# - sudo -E su $USER -c "which kitchen" + - sudo -E su $USER -c "env PATH=$PATH kitchen diagnose --all" +# - sudo -E su $USER -c "kitchen diagnose --all" +# - sudo -E -u $USER kitchen diagnose --all + +script: +# - KITCHEN_LOCAL_YAML=.kitchen.local.yml bundle exec kitchen verify ${INSTANCE} + - sudo -E su $USER -c "env PATH=$PATH kitchen verify default-${distribution}-${version//./} -l debug || (cat $HOME/.kitchen/logs/default-${distribution}-${version//./}.log; find /tmp/kitchen)" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ + diff --git a/.travis.yml.simple b/.travis.yml.simple new file mode 100644 index 0000000..23ae447 --- /dev/null +++ b/.travis.yml.simple @@ -0,0 +1,34 @@ +--- +dist: trusty +language: python +python: "2.7" +before_install: + - sudo apt-get update -qq + - sudo apt-get install -qq python-apt python-pycurl + - ln -s ansible-fprobe ../juju4.fprobe + - ./get-dependencies.sh +## for local travis execution as we use same default.yml than kitchen + - mkdir /tmp/kitchen +## serverspec test + - sudo apt-get install -qq ruby2.0 rake + - sudo gem2.0 install serverspec +install: + - pip install ansible + - ansible --version + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + - gem2.0 --version +script: + - "echo \"[test-kitchen]\nlocalhost\" > inventory" + +# Check the role/playbook's syntax. + - "ansible-playbook -i inventory --syntax-check test/integration/default/default.yml" + +# Run the role/playbook with ansible-playbook. + - "ansible-playbook -i inventory --connection=local --sudo -vvvv test/integration/default/default.yml" + +# Run the role/playbook again, checking to make sure it's idempotent. + - "ansible-playbook -i inventory test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)" + +# Serverspec +# - "test/integration/default/serverspec/run-local-tests.sh" + - "cd test/integration/default/serverspec/ && bundle exec rake spec" diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..0e06cc8 --- /dev/null +++ b/LICENSE @@ -0,0 +1,24 @@ +Copyright (c) 2015, juju4@users.noreply.github.com +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..389fb90 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +[![Build Status](https://travis-ci.org/juju4/ansible-fprobe.svg?branch=master)](https://travis-ci.org/juju4/ansible-fprobe) +# Fprobe ansible role + +Ansible role to setup fprobe as netflow exporter +http://fprobe.sourceforge.net/ + +## Requirements & Dependencies + +### Ansible +It was tested on the following versions: + * 1.9 + * 2.0 + +### Operating systems + +Ubuntu 14.04, 16.04 and Centos 7 + +## Example Playbook + +Just include this role in your list. +For example + +``` +- host: all + roles: + - juju4.fprobe +``` + +## Variables + +Nothing specific for now. + +## Continuous integration + +This role has a travis basic test (for github), more advanced with kitchen and also a Vagrantfile (test/vagrant). +Default kitchen config (.kitchen.yml) is lxd-based, while (.kitchen.vagrant.yml) is vagrant/virtualbox based. + +Once you ensured all necessary roles are present, You can test with: +``` +$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant +$ cd /path/to/roles/juju4.fprobe +$ kitchen verify +$ kitchen login +$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify +``` +or +``` +$ cd /path/to/roles/juju4.fprobe/test/vagrant +$ vagrant up +$ vagrant ssh +``` + +## Troubleshooting & Known issues + + +## License + +BSD 2-clause + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ad2809c --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,9 @@ +--- + +fprobe_if: 'eth0' +fprobe_flow_collector: '127.0.0.1:9995' +#fprobe_args: '-fip' +## downgrade user and chroot to dir +#fprobe_args: '-fip -u nobody -c /var/empty' ## not working with user nobody or non-existing chrooted dir +fprobe_args: '-fip -c /var/tmp' + diff --git a/get-dependencies.sh b/get-dependencies.sh new file mode 100755 index 0000000..0aa628f --- /dev/null +++ b/get-dependencies.sh @@ -0,0 +1,13 @@ +#!/bin/sh +## one script to be used by travis, jenkins, packer... + +umask 022 + +if [ $# != 0 ]; then +rolesdir=$1 +else +rolesdir=$(dirname $0)/.. +fi + +[ ! -d $rolesdir/juju4.redhat-epel ] && git clone https://github.com/juju4/ansible-redhat-epel $rolesdir/juju4.redhat-epel + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..be754b2 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart fprobe + service: name={{ fprobe_svc }} state=restarted sleep=5 + ignore_errors: true + diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..e940450 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,32 @@ +--- +galaxy_info: + author: juju4 + description: TEMPLATE + license: BSD + min_ansible_version: 2.0 + # + # Below are all platforms currently available. Just uncomment + # the ones that apply to your role. If you don't see your + # platform on this list, let us know and we'll get it added! + # + platforms: + - name: EL + versions: + - 6 + - 7 + - name: Ubuntu + versions: + - precise + - trusty + - xenial + # + # Below are all categories currently available. Just as with + # the platforms above, uncomment those that apply to your role. + # + galaxy_tags: + - system + - security +#dependencies: [] +dependencies: + - juju4.redhat-epel + diff --git a/tasks/fprobe.yml b/tasks/fprobe.yml new file mode 100644 index 0000000..3aef04e --- /dev/null +++ b/tasks/fprobe.yml @@ -0,0 +1,41 @@ +--- + +- name: install fprobe from packages + package: name={{ item }} state=present + with_items: "{{ fprobe_pkg }}" + +- name: Debian | update fprobe config + replace: "dest=/etc/default/fprobe regexp={{ item.re }} replace={{ item.rep }} backup=yes" + with_items: + - { re: '^INTERFACE=.*', rep: "INTERFACE=\"{{ fprobe_if }}\"" } + - { re: '^FLOW_COLLECTOR=.*', rep: "FLOW_COLLECTOR=\"{{ fprobe_flow_collector }}\"" } + - { re: '^OTHER_ARGS=.*', rep: "OTHER_ARGS=\"{{ fprobe_args }}\"" } + when: ansible_os_family == 'Debian' + notify: + - restart fprobe +- name: RedHat | update fprobe config + lineinfile: "dest=/etc/sysconfig/fprobe regexp={{ item.re }} line={{ item.rep }} backup=yes create=yes" + with_items: + - { re: '^FLOW_COLLECTOR=.*', rep: "FLOW_COLLECTOR=\"{{ fprobe_flow_collector }}\"" } +# - { re: '^OTHER_ARGS=.*', rep: "OTHER_ARGS=\"{{ fprobe_args }}\"" } + when: ansible_os_family == 'RedHat' + notify: + +#- block: +# - name: RedHat | check if fprobe is running +# shell: "ps axu |grep fprobe-ulog" +# register: ps +# changed_when: false +# - name: RedHat | start fprobe manually +# command: "fprobe-ulog -c /var/tmp {{ fprobe_flow_collector }}" +# when: ansible_os_family == 'RedHat' and ps is defined and ps.stdout is defined and ps.stdout.find(" fprobe-ulog ") == -1 + +- name: add init.d script + template: src=init.d-fprobe.j2 dest=/etc/rc.d/init.d/fprobe-ulog mode=0755 + when: ansible_os_family == 'RedHat' + +- name: ensure service is enabled and started + service: name={{ fprobe_svc }} state=started enabled=yes +## fail on trusty and centos7 but works in cli + ignore_errors: true + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..103ebe3 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +#- fail: msg="This role is only compatible with Ubuntu" +# when: ansible_distribution != 'Ubuntu' + +- name: Include version-specific variables for Ubuntu. + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml" + when: ansible_distribution == 'Ubuntu' +- name: Include version-specific variables for RedHat + include_vars: "RedHat-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_os_family == "RedHat" or ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + +#- include: debian.yml +# when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + +#- include: redhat.yml +# when: ansible_os_family == "RedHat" or ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + +- include: fprobe.yml + diff --git a/templates/init.d-fprobe.j2 b/templates/init.d-fprobe.j2 new file mode 100644 index 0000000..7d927b3 --- /dev/null +++ b/templates/init.d-fprobe.j2 @@ -0,0 +1,52 @@ +#!/bin/bash +# +# /etc/rc.d/init.d/fprobe-ulog +# +# NetFlow probe +# chkconfig: 2345 10 90 +# description: Netflow Probe +# config: /etc/sysconfig/fprobe + +[ -f /etc/sysconfig/fprobe ] && . /etc/sysconfig/fprobe + +# Source function library. = redirect to systemd... +#. /etc/init.d/functions + + +start() { + echo -n "Starting fprobe-ulog: " + fprobe-ulog -c /var/tmp $FLOW_COLLECTOR + touch /var/lock/subsys/fprobe-ulog + echo. + return 0 +} + +stop() { + echo -n "Shutting down fprobe-ulog: " + pkill fprobe-ulog + rm -f /var/lock/subsys/fprobe-ulog + echo. + return 0 +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + ps axu | egrep '[f]probe-ulog' + ;; + restart) + stop + start + ;; + *) + echo "Usage: fprobe-ulog {start|stop|status|restart}" + exit 1 + ;; +esac +exit $? + diff --git a/test/integration/default/bats/idempotency.bats b/test/integration/default/bats/idempotency.bats new file mode 100644 index 0000000..698166a --- /dev/null +++ b/test/integration/default/bats/idempotency.bats @@ -0,0 +1,14 @@ +#!/usr/bin/env bats +# + +# +# Idempotence test +# from https://github.com/neillturner/kitchen-ansible/issues/92 +# + +@test "Second run should change nothing" { +# skip + run bash -c "ansible-playbook -i /tmp/kitchen/hosts /tmp/kitchen/default.yml -c local 2>&1 | tee /tmp/idempotency.test | grep -q 'changed=0.*failed=0' && exit 0 || exit 1" + [ "$status" -eq 0 ] +} + diff --git a/test/integration/default/default.yml b/test/integration/default/default.yml new file mode 100644 index 0000000..459152a --- /dev/null +++ b/test/integration/default/default.yml @@ -0,0 +1,9 @@ +--- + +- hosts: all +#- hosts: test-kitchen +# vars: +# - a: + roles: + - juju4.fprobe + diff --git a/test/integration/default/serverspec/Gemfile b/test/integration/default/serverspec/Gemfile new file mode 100644 index 0000000..938ed3e --- /dev/null +++ b/test/integration/default/serverspec/Gemfile @@ -0,0 +1,8 @@ +source 'https://rubygems.org' + +gem 'serverspec' +gem 'rake' +## for junit output and jenkins support +## FIXME! travis: 'Could not find gem 'yarjuf' in any of the gem sources listed in your Gemfile or available on this machine.' +#gem 'yarjuf' + diff --git a/test/integration/default/serverspec/Rakefile b/test/integration/default/serverspec/Rakefile new file mode 100644 index 0000000..3699568 --- /dev/null +++ b/test/integration/default/serverspec/Rakefile @@ -0,0 +1,9 @@ +require 'rake' +require 'rspec/core/rake_task' + +RSpec::Core::RakeTask.new(:spec) do |t| + t.pattern = '*_spec.rb' +end + +task :default => :spec + diff --git a/test/integration/default/serverspec/fprobe_spec.rb b/test/integration/default/serverspec/fprobe_spec.rb new file mode 100644 index 0000000..bbe8fa9 --- /dev/null +++ b/test/integration/default/serverspec/fprobe_spec.rb @@ -0,0 +1,36 @@ +require 'serverspec' + +# Required by serverspec +set :backend, :exec + +## Use Junit formatter output, supported by jenkins +#require 'yarjuf' +#RSpec.configure do |c| +# c.formatter = 'JUnit' +#end + +describe package('fprobe-ulog'), :if => os[:family] == 'redhat' do + it { should be_installed } +end + +describe package('fprobe'), :if => os[:family] == 'ubuntu' || os[:family] == 'debian' do + it { should be_installed } +end + +#describe service('fprobe-ulog'), :if => os[:family] == 'redhat' do +# it { should be_enabled } +# it { should be_running } +#end + +describe service('fprobe'), :if => os[:family] == 'ubuntu' || os[:family] == 'debian' do + it { should be_enabled } + it { should be_running } +end + +describe file('/usr/bin/fprobe-ulog'), :if => os[:family] == 'redhat' do + it { should be_executable } +end +describe process("fprobe-ulog"), :if => os[:family] == 'redhat' do + its(:user) { should eq "root" } +# its(:args) { should match /-c 32000\b/ } +end diff --git a/test/integration/default/serverspec/run-local-tests.sh b/test/integration/default/serverspec/run-local-tests.sh new file mode 100755 index 0000000..3905048 --- /dev/null +++ b/test/integration/default/serverspec/run-local-tests.sh @@ -0,0 +1,32 @@ +#!/bin/sh -x +## get consistent ruby2+bundler env on each distribution + +location=`dirname "$0"` +cd $location +v=2.3 + +## docker environment in travis missing few utils +[ -f /etc/debian_version ] && apt-get install -y curl +[ -f /etc/redhat-release ] && yum -y install which + +curl -sSL https://get.rvm.io | bash +#[ -f $HOME/.rvm/scripts/rvm ] && . $HOME/.rvm/scripts/rvm +#[ -d /usr/local/rvm ] && . /etc/profile.d/rvm.sh + +## troubleshoot +type rvm | head -1 +env + +#export PATH=/usr/local/rvm/bin:$PATH + +bash -l -c "rvm install $v" +bash -l -c "rvm use $v" +bash -l -c "rvm use $v --default" +bash -l -c "gem install bundler" +bash -l -c "bundle install --path ./gems" +if [ "X$USER" != "Xroot" -a "X$USER" != "X" ]; then + bash -l -c "env rvmsudo_secure_path=1 rvmsudo bundle exec rake spec" +else + bash -l -c "bundle exec rake spec" +fi + diff --git a/test/travis/Dockerfile.alpine-3.4 b/test/travis/Dockerfile.alpine-3.4 new file mode 100644 index 0000000..861b7cd --- /dev/null +++ b/test/travis/Dockerfile.alpine-3.4 @@ -0,0 +1,9 @@ +FROM alpine:3.4 +RUN apk update + +# Install Ansible +RUN apk add git ansible python python-dev py-pip +RUN mkdir /etc/ansible + +# Install Ansible inventory file +RUN (echo "[local]"; echo "localhost ansible_connection=local") > /etc/ansible/hosts diff --git a/test/travis/Dockerfile.centos-6 b/test/travis/Dockerfile.centos-6 new file mode 100644 index 0000000..3d5f0c8 --- /dev/null +++ b/test/travis/Dockerfile.centos-6 @@ -0,0 +1,15 @@ +FROM centos:6 + +# Install Ansible +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo python-pip +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/usr/sbin/init"] diff --git a/test/travis/Dockerfile.centos-7 b/test/travis/Dockerfile.centos-7 new file mode 100644 index 0000000..89789e2 --- /dev/null +++ b/test/travis/Dockerfile.centos-7 @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo python-pip +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/test/travis/Dockerfile.ubuntu-12.04 b/test/travis/Dockerfile.ubuntu-12.04 new file mode 100644 index 0000000..e0471c1 --- /dev/null +++ b/test/travis/Dockerfile.ubuntu-12.04 @@ -0,0 +1,11 @@ +FROM ubuntu:12.04 +RUN apt-get update + +# Install Ansible +RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common python-software-properties git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible python-pip + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/test/travis/Dockerfile.ubuntu-14.04 b/test/travis/Dockerfile.ubuntu-14.04 new file mode 100644 index 0000000..bf7379b --- /dev/null +++ b/test/travis/Dockerfile.ubuntu-14.04 @@ -0,0 +1,11 @@ +FROM ubuntu:14.04 +RUN apt-get update + +# Install Ansible +RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible python-pip + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/test/travis/Dockerfile.ubuntu-16.04 b/test/travis/Dockerfile.ubuntu-16.04 new file mode 100644 index 0000000..88775f3 --- /dev/null +++ b/test/travis/Dockerfile.ubuntu-16.04 @@ -0,0 +1,11 @@ +FROM ubuntu:16.04 +RUN apt-get update + +# Install Ansible +RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible python sudo python-pip + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts diff --git a/test/travis/initctl_faker b/test/travis/initctl_faker new file mode 100644 index 0000000..8a05ae8 --- /dev/null +++ b/test/travis/initctl_faker @@ -0,0 +1,25 @@ +#!/bin/sh +## from https://github.com/oxyc/drupal-vm/blob/84b3ad6cf65fb87ac60777c5aca55bb82a45b4aa/tests/initctl_faker +ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')" + +case "$ALIAS_CMD" in + start|stop|restart|reload|status) + exec service $1 $ALIAS_CMD + ;; +esac + +case "$1" in + list ) + exec service --status-all + ;; + reload-configuration ) + exec service $2 restart + ;; + start|stop|restart|reload|status) + exec service $2 $1 + ;; + \?) + exit 0 + ;; +esac + diff --git a/test/vagrant/Vagrantfile b/test/vagrant/Vagrantfile new file mode 100644 index 0000000..bbba70f --- /dev/null +++ b/test/vagrant/Vagrantfile @@ -0,0 +1,31 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +VAGRANTFILE_API_VERSION = "2" +ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox' + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| +## for xenial, need to manually install python as python v2 is not in default image. + #config.vm.box = "ubuntu/xenial64" + #config.vm.box = "boxcutter/ubuntu1604" + config.vm.box = "ubuntu/trusty64" + #config.vm.box = "centos/7" + + config.vm.provision :ansible do |ansible| + ansible.playbook = "site.yml" + #ansible.verbose = "vvvv" + #ansible.host_key_checking = false + #ansible.limit = 'all' + ansible.sudo = true + ansible.extra_vars = { ansible_ssh_user: 'vagrant' } + ansible.groups = { + "myrole" => ["vfprobe" ], + } + end + + config.vm.define "vfprobe" do |vfprobe| + vfprobe.vm.hostname = "vfprobe" + end + +end + diff --git a/test/vagrant/ansible.cfg b/test/vagrant/ansible.cfg new file mode 100644 index 0000000..ed6f35f --- /dev/null +++ b/test/vagrant/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] +roles_path = ../../../ + diff --git a/test/vagrant/site.yml b/test/vagrant/site.yml new file mode 100644 index 0000000..a46dbe4 --- /dev/null +++ b/test/vagrant/site.yml @@ -0,0 +1,6 @@ +--- + +- hosts: all + roles: + - juju4.fprobe + diff --git a/vars/RedHat-6.yml b/vars/RedHat-6.yml new file mode 100644 index 0000000..5b1c264 --- /dev/null +++ b/vars/RedHat-6.yml @@ -0,0 +1,7 @@ +--- + +fprobe_pkg: + - fprobe-ulog + +fprobe_svc: fprobe-ulog + diff --git a/vars/RedHat-7.yml b/vars/RedHat-7.yml new file mode 100644 index 0000000..5b1c264 --- /dev/null +++ b/vars/RedHat-7.yml @@ -0,0 +1,7 @@ +--- + +fprobe_pkg: + - fprobe-ulog + +fprobe_svc: fprobe-ulog + diff --git a/vars/Ubuntu-12.04.yml b/vars/Ubuntu-12.04.yml new file mode 100644 index 0000000..91c7f20 --- /dev/null +++ b/vars/Ubuntu-12.04.yml @@ -0,0 +1,7 @@ +--- + +fprobe_pkg: + - fprobe + +fprobe_svc: fprobe + diff --git a/vars/Ubuntu-14.04.yml b/vars/Ubuntu-14.04.yml new file mode 100644 index 0000000..91c7f20 --- /dev/null +++ b/vars/Ubuntu-14.04.yml @@ -0,0 +1,7 @@ +--- + +fprobe_pkg: + - fprobe + +fprobe_svc: fprobe + diff --git a/vars/Ubuntu-16.04.yml b/vars/Ubuntu-16.04.yml new file mode 100644 index 0000000..91c7f20 --- /dev/null +++ b/vars/Ubuntu-16.04.yml @@ -0,0 +1,7 @@ +--- + +fprobe_pkg: + - fprobe + +fprobe_svc: fprobe +