Merge branch 'release/v1.2.1'

README.md

@@ -3,38 +3,54 @@
 ZeroTier
 =========
 
-This Ansible role installs the `zerotier-one` package, adds and authorizes new members to (existing) ZeroTier networks, and tells the new member to join the network.
+This Ansible role adds the ZeroTier repository and installs the `zerotier-one` package using your system's package manager. Depending on the provided variables this role can also add and authorize new members to (existing) ZeroTier networks, and tell the new member to join the network.
 
 Requirements
 ------------
 
-This role has an optional access token variable to authorize the member using the ZeroTier API. The role also takes the ID of the ZeroTier network to automatically join the new member.
+Technically this role has no requirements. If it's ran without any variables set it will only run the installation tasks. The following variables impact the role's behavior:
 
-Role Variables
---------------
+[**zerotier_network_id**](#zerotier_network_id): when set hosts are told to join this network.  
+[**zerotier_api_accesstoken**](#zerotier_api_accesstoken): when set the role can handle member authentication and configuration using the ZeroTier API.  
 
-### zerotier_api_url
-The url where the Zerotier API lives. Must use HTTPS protocol.
-Default: https://my.zerotier.com
 
-### zerotier_accesstoken
-The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.
+Role Variables
+--------------
 
 ### zerotier_network_id
-The 16 character network ID of the network the new members should join. The node will not join any network if omitted.
+*Type*: string  
+*Default value*:   
+*Description*: The 16 character network ID of the network the new members should join. The node will not join any network if omitted.
 
-### zerotier_register_short_hostname
-Used to register the short hostname (without the FQDN) on the network instead of the long one.
-Default: `false`
+### zerotier_member_register_short_hostname
+*Type*: boolean  
+*Default value*: `false`  
+*Description*: By default `inventory_hostname` will be used to name a member in a network. If set to `true`, `inventory_hostname_short` will be used instead.
 
 ### zerotier_member_ip_assignments
-A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.
+*Type*: list  
+*Default value*: `[]`    
+*Description*: A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.
 
 ### zerotier_member_description
-Optional desription for a member.
+*Type*: string  
+*Default value*: `""`      
+*Description*: Optional desription for a member.
+
+### zerotier_api_accesstoken
+*Type*: string  
+*Default value*: `""`   
+*Description*: The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.
+
+### zerotier_api_url
+*Type*: string  
+*Default value*: `https://my.zerotier.com`  
+*Description*: The url where the Zerotier API lives. Must use HTTPS protocol.  
 
 ### zerotier_api_delegate
-Option to delegate tasks for Zerotier API calls. By default the API calls are made from the machine running the role.
+*Type*: string  
+*Default value*: `localhost`      
+*Description*: Option to delegate tasks for Zerotier API calls. This is usefull in a situation where API calls can only be made from a whitelisted management server, for example.
 
 Example Playbook
 ----------------

defaults/main.yml

@@ -1,7 +1,8 @@
 ---
 # defaults file for ansible-role-zerotier
+zerotier_api_accesstoken: "{{ zerotier_accesstoken | default() }}" # For backwards compatibility
 zerotier_api_url: https://my.zerotier.com
 zerotier_api_delegate: localhost
 zerotier_apt_state: present
-zerotier_register_short_hostname: false
+zerotier_member_register_short_hostname: "{{ zerotier_register_short_hostname | default(false) }}" # For backwards compatibility
 zerotier_authorize_member: true

files/set_facts.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+FACTS_DIR='/etc/ansible/facts.d'
+FACT_FILE="${FACTS_DIR}/zerotier.fact"
+NODE_STATUS=($(zerotier-cli status))
+NETWORKS=$(zerotier-cli listnetworks | tail -n+2)
+
+function file_content {
+    if [ ! -z "$NETWORKS" ]; then
+        network_count=$(echo $NETWORKS |wc -l)
+        counter=1
+
+        echo "{"
+        echo "  \"node_id\":\"${NODE_STATUS[2]}\","
+        echo "  \"networks\": {"
+        while read -r; do
+            network=($REPLY)
+            echo "    \"${network[2]}\": {"
+            echo "        \"status\":\"${network[5]}\""
+            echo "        \"device\":\"${network[7]}\""
+
+            if [ "$counter" -eq "$network_count" ]; then
+                echo "    }"
+            else
+                echo "    },"
+            fi
+            ((counter++))
+        done <<< $NETWORKS
+        echo "  }"
+        echo "}"
+    else
+        echo "{\"node_id\":\"${NODE_STATUS[2]}\",\"networks\":{}}"
+    fi
+}
+
+if [ ! -d "$FACTS_DIR" ]; then
+    mkdir -p $FACTS_DIR
+fi
+
+file_content > $FACT_FILE
+
+
+# TO-DO
+# Handle different states than "OK". Other statuses can mess up positions.

meta/main.yml

@@ -27,7 +27,7 @@ galaxy_info:
   # this branch. If Travis integration is configured, only notifications for this
   # branch will be accepted. Otherwise, in all cases, the repo's default branch
   # (usually master) will be used.
-  #github_branch:
+  github_branch: master
 
   #
   # platforms is a list of platforms, and each platform has a name and a list of versions.
@@ -39,6 +39,10 @@ galaxy_info:
   - name: Debian
     versions:
     - stretch
+  - name: Ubuntu
+    versions:
+    - Bionic
+    - Cosmic
   - name: Fedora
     versions:
     - 28

tasks/authorize_node.yml

@@ -1,43 +1,29 @@
 ---
 - block:
-  - name: Get Zerotier NodeID
-    shell: zerotier-cli info | awk '{print $3}'
-    register: nodeid
-    changed_when: false
-
-  - name: Set NodeID as fact
-    set_fact:
-      zerotier_node_id: "{{ nodeid.stdout }}"
-
-  when:
-  - zerotier_accesstoken is defined
-  - not ansible_check_mode
-  tags:
-  - configuration
-
-- block:
-  - name: Authorize members to network
+  - name: Authorize new members to network
     uri:
-      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
+      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local.zerotier.node_id }}"
       method: POST
       headers:
-        Authorization: bearer {{ zerotier_accesstoken }}
+        Authorization: bearer {{ zerotier_api_accesstoken }}
       body:
         hidden: false
         config:
           authorized: "{{ zerotier_authorize_member }}"
       body_format: json
       register: auth_apiresult
     delegate_to: "{{ zerotier_api_delegate }}"
+    when:
+      - ansible_local.zerotier.networks[zerotier_network_id] is not defined or ansible_local.zerotier.networks[zerotier_network_id].status != 'OK'
 
   - name: Configure members in network
     uri:
-      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
+      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local.zerotier.node_id }}"
       method: POST
       headers:
-        Authorization: bearer {{ zerotier_accesstoken }}
+        Authorization: bearer {{ zerotier_api_accesstoken }}
       body:
-        name: "{{ zerotier_register_short_hostname | ternary(inventory_hostname_short, inventory_hostname) }}"
+        name: "{{ zerotier_member_register_short_hostname | ternary(inventory_hostname_short, inventory_hostname) }}"
         description: "{{ zerotier_member_description | default() }}"
         config:
           ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}"
@@ -46,7 +32,6 @@
     delegate_to: "{{ zerotier_api_delegate }}"
 
   when:
-  - zerotier_accesstoken is defined
   - not ansible_check_mode
   tags:
   - configuration

tasks/install/Debian.yml

@@ -2,8 +2,29 @@
   apt_key:
     url: "{{ zerotier_gpg_url }}"
 
+- name: Check if Ubuntu release has dedicated repo
+  uri:
+    url: "{{ zerotier_download_base_url }}/debian/{{ zerotier_deb_release_repo }}"
+  failed_when: false
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+  register: release_repo
+
+- block:
+  - name: Overwrite Ubuntu release repo name
+    set_fact:
+      zerotier_deb_release_repo: bionic
+
+  - name: Re-gather facts
+    setup: ~
+
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_major_version'] == "18"
+    - release_repo.status == 404
+
 - name: Add ZeroTier APT repository
   apt_repository:
-    repo: deb {{ zerotier_download_base_url }}/debian/{{ ansible_distribution_release }} {{ ansible_distribution_release }} main
+    repo: deb {{ zerotier_download_base_url }}/debian/{{ zerotier_deb_release_repo }} {{ zerotier_deb_release_repo }} main
     filename: zerotier
   register: zerotier_repo

tasks/main.yml

@@ -4,9 +4,18 @@
   when:
   - not skip_install|default(false)|bool
 
+- block:
+  - name: Update ansible_local facts
+    script: set_facts.sh
+
+  - name: Re-gather facts
+    setup: ~
+
+
 - import_tasks: authorize_node.yml
   when:
-  - zerotier_accesstoken is defined
+  - zerotier_api_accesstoken | length > 0
+  - ansible_local.zerotier.node_id is defined
 
 - import_tasks: join_network.yml
   when:

vars/main.yml

@@ -1,4 +1,5 @@
 ---
 # vars file for ansible-role-zerotier
 zerotier_download_base_url: http://download.zerotier.com
+zerotier_deb_release_repo: "{{ ansible_facts['distribution_release'] }}"
 zerotier_gpg_url: https://download.zerotier.com/[email protected]