Initial commit on github

This commit is contained in:
juju4 2016-10-30 15:40:48 -04:00
commit 5d37a8f554
37 changed files with 936 additions and 0 deletions

29
.kitchen.vagrant.yml Normal file

@ -0,0 +1,29 @@
---
driver:
name: vagrant
provider: <%= ENV['KITCHEN_PROVIDER'] || 'virtualbox' %>
## make file transfer faster. need https://github.com/coderanger/kitchen-sync
transport:
name: sftp
provisioner:
name: ansible_playbook
roles_path: ../../roles
hosts: test-kitchen
# ansible_verbose: true
ansible_verbose: false
ansible_verbosity: 3
ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %>
platforms:
- name: ubuntu-16.04
- name: ubuntu-14.04
- name: ubuntu-12.04
- name: centos-7.1
suites:
- name: default
run_list:
attributes:

37
.kitchen.yml Normal file

@ -0,0 +1,37 @@
---
driver:
name: lxd_cli
transport:
name: sftp
provisioner:
name: ansible_playbook
roles_path: ../
hosts: test-kitchen
# ansible_verbose: true
ansible_verbose: false
ansible_verbosity: 3
ansible_extra_flags: <%= ENV['ANSIBLE_EXTRA_FLAGS'] %>
ansible_yum_repo: http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
require_chef_omnibus: false
require_ansible_omnibus: true
# require_chef_for_busser: false
enable_yum_epel: true
ansible_connection: ssh
platforms:
- name: ubuntu-16.04
- name: ubuntu-14.04
- name: ubuntu-12.04
- name: centos-7
# - name: centos-6
## FIXME! 'Installing Chef Omnibus to install busser to run tests' not supported = can disable
## ' sl = self._semlock = _multiprocessing.SemLock(kind, value, maxvalue)\nOSError: [Errno 2] No such file or directory'
# - name: alpine-3.4
suites:
- name: default
run_list:
attributes:

36
.travis.yml Normal file

@ -0,0 +1,36 @@
---
dist: trusty
language: python
python: "2.7"
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
- ln -s ansible-fprobe ../juju4.fprobe
## for local travis execution as we use same default.yml than kitchen
- mkdir /tmp/kitchen
- ln -s /home/travis/build/juju4/ansible-fprobe/test/integration/default/tmp /tmp/kitchen/tmp
## serverspec test
- sudo apt-get install -qq ruby2.0 rake
- sudo gem2.0 install serverspec
- ln -s /home/travis/build/juju4/ansible-fprobe/test/integration/default/serverspec/Rakefile
install:
- pip install ansible
- ansible --version
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
- gem2.0 --version
script:
- "echo \"[test-kitchen]\nlocalhost\" > inventory"
# Check the role/playbook's syntax.
- "ansible-playbook -i inventory --syntax-check test/integration/default/default.yml"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i inventory --connection=local --sudo -vvvv test/integration/default/default.yml"
# Run the role/playbook again, checking to make sure it's idempotent.
- "ansible-playbook -i inventory test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)"
# Serverspec
# - "test/integration/default/serverspec/run-local-tests.sh"
- "cd test/integration/default/serverspec/ && bundle exec rake spec"

78
.travis.yml.docker Normal file

@ -0,0 +1,78 @@
---
## from https://github.com/geerlingguy/ansible-role-apache/blob/master/.travis.yml
sudo: required
env:
# - distribution: centos
# version: 6
# init: /sbin/init
# run_opts: ""
- distribution: centos
version: 7
init: /usr/lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: ubuntu
version: 16.04
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
# run_opts: "--cap-add SYS_ADMIN"
- distribution: ubuntu
version: 14.04
init: /sbin/init
run_opts: ""
# - distribution: ubuntu
# version: 12.04
# init: /sbin/init
# run_opts: ""
# - distribution: alpine
# version: 3.4
# init: /sbin/init
# run_opts: ""
services:
- docker
before_install:
# - sudo apt-get update
# Pull container
- 'sudo docker pull ${distribution}:${version}'
- env
- pwd
- find -ls
- ln -s ansible-fprobe ../juju4.fprobe
- ./get-dependencies.sh
- cp test/travis/initctl_faker test/
# Customize container
- 'sudo docker build --rm=true --file=test/travis/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible test'
script:
- container_id=$(mktemp)
# Run container in detached state
- 'sudo docker run --detach --volume="${PWD%/*}":/etc/ansible/roles:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible --version'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml'
# Test role idempotence.
- >
sudo docker exec "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml
| tee /tmp/idempotency.log
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)
# serverspec tests
## travis/docker: Errno::EROFS: Read-only file system @ dir_s_mkdir - /etc/ansible/roles/ansible-MISP/test/integration/default/serverspec/.bundle
# - 'sudo docker exec --tty "$(cat ${container_id})" /etc/ansible/roles/MISP/test/integration/default/serverspec/run-local-tests.sh'
# Clean up
- 'sudo docker stop "$(cat ${container_id})"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

93
.travis.yml.lxd Normal file

@ -0,0 +1,93 @@
---
dist: trusty
sudo: required
rvm:
- 2.2
env:
## those images need pre-configuration before being usable (openssh...)
# - distribution: centos
# version: 6
# - distribution: centos
# version: 7
- distribution: ubuntu
version: 16.04
- distribution: ubuntu
version: 14.04
- distribution: ubuntu
version: 12.04
# - distribution: alpine
# version: 3.4
before_install:
- env
- pwd
- find -ls
## use appropriate role path and not github name
- ln -s ansible-fprobe ../juju4.fprobe
- ./get-dependencies.sh
## No Xenial, https://github.com/travis-ci/travis-ci/issues/5821
# - sudo apt install lxd
- echo "deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/trusty-backports.list
- sudo apt-get update -qq
- sudo apt -t trusty-backports -y install lxd acl -q
## change of group implies logout+login to apply... can't do with travis = run as root (sic)
## https://github.com/travis-ci/travis-ci/issues/1839 or chain: sudo -E su $USER -c "..."
- sudo usermod -G lxd travis
# Pull container
- sudo -E su $USER -c "lxc remote list"
- sudo -E su $USER -c "lxc image list"
## pre-download base images
- 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] || lxc image copy images:/${distribution}/${version}/amd64 local: --alias=${distribution}-${version}"'
- 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] && lxc image copy ubuntu:${version} local: --alias=${distribution}-${version}" || true'
## configure lxd-bridge
- sudo perl -pi -e 's@^LXD_IPV4_ADDR=""@LXD_IPV4_ADDR="10.252.116.1"@;s@^LXD_IPV4_NETMASK=""@LXD_IPV4_NETMASK="255.255.255.0"@;s@^LXD_IPV4_NETWORK=""@LXD_IPV4_NETWORK="10.252.116.1/24"@;s@^LXD_IPV4_DHCP_RANGE=""@LXD_IPV4_DHCP_RANGE="10.252.116.2,10.252.116.254"@;s@^LXD_IPV4_DHCP_MAX=""@LXD_IPV4_DHCP_MAX="252"@;s@LXD_IPV6_PROXY="true"@LXD_IPV6_PROXY="false"@' /etc/default/lxd-bridge
# - cat /etc/default/lxd-bridge
# - service --status-all
- sudo service lxd restart
## ssh key for lxd_cli ?
- ls ~/.ssh
- ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -P ""
## sudo/su get us a non-usual PATH ...
- sudo -E su $USER -c "lxc launch ${distribution}-${version} run-${distribution}-${version//./}"
# - sudo -E su $USER -c "lxc start run-${distribution}-${version//./}"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- env"
- '[ "X${distribution}" != "Xalpine" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- dhclient eth0" || true'
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ping -c 1 8.8.8.8"
- '[ "X${distribution}" == "Xubuntu" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- apt-get update" || true'
- '[ "X${distribution}" == "Xubuntu" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- apt-get -y install python python-apt aptitude python-pip libssl-dev python-dev libffi-dev" || true'
- '[ "X${distribution}" == "Xcentos" -a "X${version}" == "X6" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" || true'
- '[ "X${distribution}" == "Xcentos" -a "X${version}" == "X7" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm" || true'
- '[ "X${distribution}" == "Xcentos" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- yum update" || true'
- '[ "X${distribution}" == "Xcentos" ] && sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- yum -y install python python-pip openssl-devel python-devel libffi-devel \"@Development tools\"" || true'
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- pip install ansible"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible --version"
- "echo localhost > inventory"
## enable ansible profiling (https://github.com/jlafon/ansible-profile)
# - "printf '[defaults]\ncallback_whitelist = profile_tasks' > ansible.cfg"
# - sudo -E su $USER -c "lxc file push inventory ansible.cfg run-${distribution}-${version//./}/root/"
- sudo -E su $USER -c "lxc file push inventory run-${distribution}-${version//./}/root/"
## these lines are necessary so lxc mount is read-write, https://github.com/lxc/lxd/issues/1879
- chmod -R go+w $PWD
## OR
- sudo -E su $USER -c "lxc config show run-${distribution}-${version//./}"
## FIXME! awk extraction is working in shell but not in travis... relying on global chmod as test ephemeral environment. DON'T USE IN PRODUCTION!
- sudo -E su $USER -c "lxc config show run-${distribution}-${version//./} | awk -F'[\":,]' '/Hostid/ { print $13 }'"
- CUID=`sudo -E su $USER -c "lxc config show run-${distribution}-${version//./} | awk -F'[\":,]' '/Hostid/ { print $13 }'"`
- "echo setfacl -Rm user:$CUID:rwx ${PWD%/*}"
- "setfacl -Rm user:$CUID:rwx ${PWD%/*}"
- sudo -E su $USER -c "lxc config device add run-${distribution}-${version//./} sharedroles disk path=/etc/ansible/roles source=${PWD%/*}"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- mount"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- pwd"
script:
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory --syntax-check /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory --connection=local --sudo -vvvv /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml"
## FIXME! Travis request: Build config file had a parse error: "mapping values are not allowed in this context at line 72 column 321".
# - sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- ansible-playbook -i inventory /etc/ansible/roles/juju4.fprobe/test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)"
- sudo -E su $USER -c "lxc exec run-${distribution}-${version//./} -- time sh -x /etc/ansible/roles/juju4.fprobe/test/integration/default/serverspec/run-local-tests.sh"
- sudo -E su $USER -c "lxc stop run-${distribution}-${version//./}"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

81
.travis.yml.lxd-kitchen Normal file

@ -0,0 +1,81 @@
---
dist: trusty
sudo: required
rvm:
- 2.2
env:
## those images need pre-configuration before being usable (openssh...)
# - distribution: centos
# version: 6
# - distribution: centos
# version: 7
- distribution: ubuntu
version: 16.04
- distribution: ubuntu
version: 14.04
- distribution: ubuntu
version: 12.04
# - distribution: alpine
# version: 3.4
before_install:
- env
- pwd
- find -ls
## use appropriate role path and not github name
- ln -s ansible-fprobe ../juju4.fprobe
## No Xenial, https://github.com/travis-ci/travis-ci/issues/5821
# - sudo apt install lxd
- echo "deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse" | sudo tee /etc/apt/sources.list.d/trusty-backports.list
- sudo apt-get update -qq
- sudo apt -t trusty-backports -y install lxd acl -q
## change of group implies logout+login to apply... can't do with travis = run as root (sic)
## https://github.com/travis-ci/travis-ci/issues/1839 or chain: sudo -E su $USER -c "..."
- sudo usermod -G lxd travis
# Pull container
# - lxc remote add images images.linuxcontainers.org
- sudo -E su $USER -c "lxc remote list"
- sudo -E su $USER -c "lxc image list"
## pre-download base images
- 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] || lxc image copy images:/${distribution}/${version}/amd64 local: --alias=${distribution}-${version}"'
- 'sudo -E su $USER -c "[ ${distribution} == ubuntu ] && lxc image copy ubuntu:${version} local: --alias=${distribution}-${version}" || true'
## configure lxd-bridge
- sudo perl -pi -e 's@^LXD_IPV4_ADDR=""@LXD_IPV4_ADDR="10.252.116.1"@;s@^LXD_IPV4_NETMASK=""@LXD_IPV4_NETMASK="255.255.255.0"@;s@^LXD_IPV4_NETWORK=""@LXD_IPV4_NETWORK="10.252.116.1/24"@;s@^LXD_IPV4_DHCP_RANGE=""@LXD_IPV4_DHCP_RANGE="10.252.116.2,10.252.116.254"@;s@^LXD_IPV4_DHCP_MAX=""@LXD_IPV4_DHCP_MAX="252"@;s@LXD_IPV6_PROXY="true"@LXD_IPV6_PROXY="false"@' /etc/default/lxd-bridge
# - cat /etc/default/lxd-bridge
# - service --status-all
- sudo service lxd restart
- sudo pip install ansible
## need to use chef gem for some reason? BAD PATH https://github.com/chef/chef-dk/issues/15
# - chef gem install kitchen
- gem install kitchen
- gem install kitchen-ansible
- gem install kitchen-sync
- gem install kitchen-lxd_cli
## Message: Unable to activate kitchen-ansible-0.45.0, because net-ssh-2.9.2 conflicts with net-ssh (~> 3.0)
# - chef gem uninstall net-ssh -v 2.9.2 -q ?-y
# - chef gem list
- gem list
- which kitchen
# - which chef
# - find /var/lib/gems $HOME/.gem /usr/local/rvm/gems /opt/chefdk/embedded/lib/ruby/gem -iname '*lxd_cli*' || true
- wget -q https://releases.hashicorp.com/vagrant/1.8.5/vagrant_1.8.5_x86_64.deb && sudo dpkg -i vagrant_1.8.5_x86_64.deb
## ssh key for lxd_cli ?
- ls ~/.ssh
- ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -P ""
## sudo/su get us a non-usual PATH ...
- sudo -E su $USER -c "env"
## The command "sudo -E su $USER -c "which kitchen"" failed and exited with 1 during .
# - sudo -E su $USER -c "which kitchen"
- sudo -E su $USER -c "env PATH=$PATH kitchen diagnose --all"
# - sudo -E su $USER -c "kitchen diagnose --all"
# - sudo -E -u $USER kitchen diagnose --all
script:
# - KITCHEN_LOCAL_YAML=.kitchen.local.yml bundle exec kitchen verify ${INSTANCE}
- sudo -E su $USER -c "env PATH=$PATH kitchen verify default-${distribution}-${version//./} -l debug || (cat $HOME/.kitchen/logs/default-${distribution}-${version//./}.log; find /tmp/kitchen)"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

34
.travis.yml.simple Normal file

@ -0,0 +1,34 @@
---
dist: trusty
language: python
python: "2.7"
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
- ln -s ansible-fprobe ../juju4.fprobe
- ./get-dependencies.sh
## for local travis execution as we use same default.yml than kitchen
- mkdir /tmp/kitchen
## serverspec test
- sudo apt-get install -qq ruby2.0 rake
- sudo gem2.0 install serverspec
install:
- pip install ansible
- ansible --version
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
- gem2.0 --version
script:
- "echo \"[test-kitchen]\nlocalhost\" > inventory"
# Check the role/playbook's syntax.
- "ansible-playbook -i inventory --syntax-check test/integration/default/default.yml"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i inventory --connection=local --sudo -vvvv test/integration/default/default.yml"
# Run the role/playbook again, checking to make sure it's idempotent.
- "ansible-playbook -i inventory test/integration/default/default.yml --connection=local --sudo | tee /tmp/idempotency.log | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && cat /tmp/idempotency.log && exit 1)"
# Serverspec
# - "test/integration/default/serverspec/run-local-tests.sh"
- "cd test/integration/default/serverspec/ && bundle exec rake spec"

24
LICENSE Normal file

@ -0,0 +1,24 @@
Copyright (c) 2015, juju4@users.noreply.github.com
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

59
README.md Normal file

@ -0,0 +1,59 @@
[![Build Status](https://travis-ci.org/juju4/ansible-fprobe.svg?branch=master)](https://travis-ci.org/juju4/ansible-fprobe)
# Fprobe ansible role
Ansible role to setup fprobe as netflow exporter
http://fprobe.sourceforge.net/
## Requirements & Dependencies
### Ansible
It was tested on the following versions:
* 1.9
* 2.0
### Operating systems
Ubuntu 14.04, 16.04 and Centos 7
## Example Playbook
Just include this role in your list.
For example
```
- host: all
roles:
- juju4.fprobe
```
## Variables
Nothing specific for now.
## Continuous integration
This role has a travis basic test (for github), more advanced with kitchen and also a Vagrantfile (test/vagrant).
Default kitchen config (.kitchen.yml) is lxd-based, while (.kitchen.vagrant.yml) is vagrant/virtualbox based.
Once you ensured all necessary roles are present, You can test with:
```
$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.fprobe
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify
```
or
```
$ cd /path/to/roles/juju4.fprobe/test/vagrant
$ vagrant up
$ vagrant ssh
```
## Troubleshooting & Known issues
## License
BSD 2-clause

9
defaults/main.yml Normal file

@ -0,0 +1,9 @@
---
fprobe_if: 'eth0'
fprobe_flow_collector: '127.0.0.1:9995'
#fprobe_args: '-fip'
## downgrade user and chroot to dir
#fprobe_args: '-fip -u nobody -c /var/empty' ## not working with user nobody or non-existing chrooted dir
fprobe_args: '-fip -c /var/tmp'

13
get-dependencies.sh Executable file

@ -0,0 +1,13 @@
#!/bin/sh
## one script to be used by travis, jenkins, packer...
umask 022
if [ $# != 0 ]; then
rolesdir=$1
else
rolesdir=$(dirname $0)/..
fi
[ ! -d $rolesdir/juju4.redhat-epel ] && git clone https://github.com/juju4/ansible-redhat-epel $rolesdir/juju4.redhat-epel

6
handlers/main.yml Normal file

@ -0,0 +1,6 @@
---
- name: restart fprobe
service: name={{ fprobe_svc }} state=restarted sleep=5
ignore_errors: true

32
meta/main.yml Normal file

@ -0,0 +1,32 @@
---
galaxy_info:
author: juju4
description: TEMPLATE
license: BSD
min_ansible_version: 2.0
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
platforms:
- name: EL
versions:
- 6
- 7
- name: Ubuntu
versions:
- precise
- trusty
- xenial
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
galaxy_tags:
- system
- security
#dependencies: []
dependencies:
- juju4.redhat-epel

41
tasks/fprobe.yml Normal file

@ -0,0 +1,41 @@
---
- name: install fprobe from packages
package: name={{ item }} state=present
with_items: "{{ fprobe_pkg }}"
- name: Debian | update fprobe config
replace: "dest=/etc/default/fprobe regexp={{ item.re }} replace={{ item.rep }} backup=yes"
with_items:
- { re: '^INTERFACE=.*', rep: "INTERFACE=\"{{ fprobe_if }}\"" }
- { re: '^FLOW_COLLECTOR=.*', rep: "FLOW_COLLECTOR=\"{{ fprobe_flow_collector }}\"" }
- { re: '^OTHER_ARGS=.*', rep: "OTHER_ARGS=\"{{ fprobe_args }}\"" }
when: ansible_os_family == 'Debian'
notify:
- restart fprobe
- name: RedHat | update fprobe config
lineinfile: "dest=/etc/sysconfig/fprobe regexp={{ item.re }} line={{ item.rep }} backup=yes create=yes"
with_items:
- { re: '^FLOW_COLLECTOR=.*', rep: "FLOW_COLLECTOR=\"{{ fprobe_flow_collector }}\"" }
# - { re: '^OTHER_ARGS=.*', rep: "OTHER_ARGS=\"{{ fprobe_args }}\"" }
when: ansible_os_family == 'RedHat'
notify:
#- block:
# - name: RedHat | check if fprobe is running
# shell: "ps axu |grep fprobe-ulog"
# register: ps
# changed_when: false
# - name: RedHat | start fprobe manually
# command: "fprobe-ulog -c /var/tmp {{ fprobe_flow_collector }}"
# when: ansible_os_family == 'RedHat' and ps is defined and ps.stdout is defined and ps.stdout.find(" fprobe-ulog ") == -1
- name: add init.d script
template: src=init.d-fprobe.j2 dest=/etc/rc.d/init.d/fprobe-ulog mode=0755
when: ansible_os_family == 'RedHat'
- name: ensure service is enabled and started
service: name={{ fprobe_svc }} state=started enabled=yes
## fail on trusty and centos7 but works in cli
ignore_errors: true

20
tasks/main.yml Normal file

@ -0,0 +1,20 @@
---
#- fail: msg="This role is only compatible with Ubuntu"
# when: ansible_distribution != 'Ubuntu'
- name: Include version-specific variables for Ubuntu.
include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
when: ansible_distribution == 'Ubuntu'
- name: Include version-specific variables for RedHat
include_vars: "RedHat-{{ ansible_distribution_version.split('.')[0] }}.yml"
when: ansible_os_family == "RedHat" or ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
#- include: debian.yml
# when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
#- include: redhat.yml
# when: ansible_os_family == "RedHat" or ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- include: fprobe.yml

@ -0,0 +1,52 @@
#!/bin/bash
#
# /etc/rc.d/init.d/fprobe-ulog
#
# NetFlow probe
# chkconfig: 2345 10 90
# description: Netflow Probe
# config: /etc/sysconfig/fprobe
[ -f /etc/sysconfig/fprobe ] && . /etc/sysconfig/fprobe
# Source function library. = redirect to systemd...
#. /etc/init.d/functions
start() {
echo -n "Starting fprobe-ulog: "
fprobe-ulog -c /var/tmp $FLOW_COLLECTOR
touch /var/lock/subsys/fprobe-ulog
echo.
return 0
}
stop() {
echo -n "Shutting down fprobe-ulog: "
pkill fprobe-ulog
rm -f /var/lock/subsys/fprobe-ulog
echo.
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
ps axu | egrep '[f]probe-ulog'
;;
restart)
stop
start
;;
*)
echo "Usage: fprobe-ulog {start|stop|status|restart}"
exit 1
;;
esac
exit $?

@ -0,0 +1,14 @@
#!/usr/bin/env bats
#
#
# Idempotence test
# from https://github.com/neillturner/kitchen-ansible/issues/92
#
@test "Second run should change nothing" {
# skip
run bash -c "ansible-playbook -i /tmp/kitchen/hosts /tmp/kitchen/default.yml -c local 2>&1 | tee /tmp/idempotency.test | grep -q 'changed=0.*failed=0' && exit 0 || exit 1"
[ "$status" -eq 0 ]
}

@ -0,0 +1,9 @@
---
- hosts: all
#- hosts: test-kitchen
# vars:
# - a:
roles:
- juju4.fprobe

@ -0,0 +1,8 @@
source 'https://rubygems.org'
gem 'serverspec'
gem 'rake'
## for junit output and jenkins support
## FIXME! travis: 'Could not find gem 'yarjuf' in any of the gem sources listed in your Gemfile or available on this machine.'
#gem 'yarjuf'

@ -0,0 +1,9 @@
require 'rake'
require 'rspec/core/rake_task'
RSpec::Core::RakeTask.new(:spec) do |t|
t.pattern = '*_spec.rb'
end
task :default => :spec

@ -0,0 +1,36 @@
require 'serverspec'
# Required by serverspec
set :backend, :exec
## Use Junit formatter output, supported by jenkins
#require 'yarjuf'
#RSpec.configure do |c|
# c.formatter = 'JUnit'
#end
describe package('fprobe-ulog'), :if => os[:family] == 'redhat' do
it { should be_installed }
end
describe package('fprobe'), :if => os[:family] == 'ubuntu' || os[:family] == 'debian' do
it { should be_installed }
end
#describe service('fprobe-ulog'), :if => os[:family] == 'redhat' do
# it { should be_enabled }
# it { should be_running }
#end
describe service('fprobe'), :if => os[:family] == 'ubuntu' || os[:family] == 'debian' do
it { should be_enabled }
it { should be_running }
end
describe file('/usr/bin/fprobe-ulog'), :if => os[:family] == 'redhat' do
it { should be_executable }
end
describe process("fprobe-ulog"), :if => os[:family] == 'redhat' do
its(:user) { should eq "root" }
# its(:args) { should match /-c 32000\b/ }
end

@ -0,0 +1,32 @@
#!/bin/sh -x
## get consistent ruby2+bundler env on each distribution
location=`dirname "$0"`
cd $location
v=2.3
## docker environment in travis missing few utils
[ -f /etc/debian_version ] && apt-get install -y curl
[ -f /etc/redhat-release ] && yum -y install which
curl -sSL https://get.rvm.io | bash
#[ -f $HOME/.rvm/scripts/rvm ] && . $HOME/.rvm/scripts/rvm
#[ -d /usr/local/rvm ] && . /etc/profile.d/rvm.sh
## troubleshoot
type rvm | head -1
env
#export PATH=/usr/local/rvm/bin:$PATH
bash -l -c "rvm install $v"
bash -l -c "rvm use $v"
bash -l -c "rvm use $v --default"
bash -l -c "gem install bundler"
bash -l -c "bundle install --path ./gems"
if [ "X$USER" != "Xroot" -a "X$USER" != "X" ]; then
bash -l -c "env rvmsudo_secure_path=1 rvmsudo bundle exec rake spec"
else
bash -l -c "bundle exec rake spec"
fi

@ -0,0 +1,9 @@
FROM alpine:3.4
RUN apk update
# Install Ansible
RUN apk add git ansible python python-dev py-pip
RUN mkdir /etc/ansible
# Install Ansible inventory file
RUN (echo "[local]"; echo "localhost ansible_connection=local") > /etc/ansible/hosts

@ -0,0 +1,15 @@
FROM centos:6
# Install Ansible
RUN yum -y update; yum clean all;
RUN yum -y install epel-release
RUN yum -y install git ansible sudo python-pip
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
CMD ["/usr/sbin/init"]

@ -0,0 +1,27 @@
FROM centos:7
# Install systemd -- See https://hub.docker.com/_/centos/
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
# Install Ansible
RUN yum -y install epel-release
RUN yum -y install git ansible sudo python-pip
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

@ -0,0 +1,11 @@
FROM ubuntu:12.04
RUN apt-get update
# Install Ansible
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common python-software-properties git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible python-pip
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

@ -0,0 +1,11 @@
FROM ubuntu:14.04
RUN apt-get update
# Install Ansible
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible python-pip
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

@ -0,0 +1,11 @@
FROM ubuntu:16.04
RUN apt-get update
# Install Ansible
RUN env DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible python sudo python-pip
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

25
test/travis/initctl_faker Normal file

@ -0,0 +1,25 @@
#!/bin/sh
## from https://github.com/oxyc/drupal-vm/blob/84b3ad6cf65fb87ac60777c5aca55bb82a45b4aa/tests/initctl_faker
ALIAS_CMD="$(echo ""$0"" | sed -e 's?/sbin/??')"
case "$ALIAS_CMD" in
start|stop|restart|reload|status)
exec service $1 $ALIAS_CMD
;;
esac
case "$1" in
list )
exec service --status-all
;;
reload-configuration )
exec service $2 restart
;;
start|stop|restart|reload|status)
exec service $2 $1
;;
\?)
exit 0
;;
esac

31
test/vagrant/Vagrantfile vendored Normal file

@ -0,0 +1,31 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
VAGRANTFILE_API_VERSION = "2"
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox'
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
## for xenial, need to manually install python as python v2 is not in default image.
#config.vm.box = "ubuntu/xenial64"
#config.vm.box = "boxcutter/ubuntu1604"
config.vm.box = "ubuntu/trusty64"
#config.vm.box = "centos/7"
config.vm.provision :ansible do |ansible|
ansible.playbook = "site.yml"
#ansible.verbose = "vvvv"
#ansible.host_key_checking = false
#ansible.limit = 'all'
ansible.sudo = true
ansible.extra_vars = { ansible_ssh_user: 'vagrant' }
ansible.groups = {
"myrole" => ["vfprobe" ],
}
end
config.vm.define "vfprobe" do |vfprobe|
vfprobe.vm.hostname = "vfprobe"
end
end

3
test/vagrant/ansible.cfg Normal file

@ -0,0 +1,3 @@
[defaults]
roles_path = ../../../

6
test/vagrant/site.yml Normal file

@ -0,0 +1,6 @@
---
- hosts: all
roles:
- juju4.fprobe

7
vars/RedHat-6.yml Normal file

@ -0,0 +1,7 @@
---
fprobe_pkg:
- fprobe-ulog
fprobe_svc: fprobe-ulog

7
vars/RedHat-7.yml Normal file

@ -0,0 +1,7 @@
---
fprobe_pkg:
- fprobe-ulog
fprobe_svc: fprobe-ulog

7
vars/Ubuntu-12.04.yml Normal file

@ -0,0 +1,7 @@
---
fprobe_pkg:
- fprobe
fprobe_svc: fprobe

7
vars/Ubuntu-14.04.yml Normal file

@ -0,0 +1,7 @@
---
fprobe_pkg:
- fprobe
fprobe_svc: fprobe

7
vars/Ubuntu-16.04.yml Normal file

@ -0,0 +1,7 @@
---
fprobe_pkg:
- fprobe
fprobe_svc: fprobe