diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..bda25be --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,9 @@ +profile: production +exclude_paths: + - .github/workflows/ + - .tox/ + - .venv/ + - changelogs/changelog.yaml +warn_list: + - command-instead-of-shell + - yaml[line-length] diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5ed6a22..767912d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,19 +1,29 @@ name: CI on: - workflow_dispatch: pull_request: branches: ["*"] paths-ignore: + - "**.md" - "LICENSE" - - "README.md" + workflow_dispatch: + +concurrency: + group: ${{ github.workflow}}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: - lint_ansible: - uses: trfore/ansible-role/.github/workflows/lint_ansible.yml@main # remote repo + format: + uses: trfore/ansible-role/.github/workflows/format.yml@main - molecule_test: + lint: needs: - - lint_ansible + - format + uses: trfore/ansible-role/.github/workflows/lint_ansible.yml@main + + test: + needs: + - format + - lint strategy: fail-fast: false matrix: @@ -32,3 +42,18 @@ jobs: distro: ${{ matrix.distro }} experimental: ${{ matrix.experimental }} molecule_scenario: ${{ matrix.molecule_scenario }} + requirements_file: "requirements/dev-requirements.txt" + + check: + needs: + - format + - lint + - test + runs-on: ubuntu-latest + steps: + - run: >- + python -c "assert set([ + '${{ needs.format.result }}', + '${{ needs.lint.result }}', + '${{ needs.test.result }}', + ]) == {'success'}" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8cda803..4a3781c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,12 +1,30 @@ name: Lint on: - workflow_dispatch: + pull_request: + branches: ["main"] + paths: + - "**.md" + - "LICENSE" push: branches: ["*"] - paths-ignore: + paths: + - "**.md" - "LICENSE" - - "README.md" + +concurrency: + group: ${{ github.workflow}}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true jobs: - lint_ansible: - uses: trfore/ansible-role/.github/workflows/lint_ansible.yml@main # remote repo + format: + uses: trfore/ansible-role/.github/workflows/format.yml@main + + check: + needs: + - format + runs-on: ubuntu-latest + steps: + - run: >- + python -c "assert set([ + '${{ needs.format.result }}', + ]) == {'success'}" diff --git a/.gitignore b/.gitignore index 19977ac..385e812 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,154 @@ # ansible *.retry */__pycache__ -*.pyc +*.py[cod] +*$py.class .cache +/tests/output/ +/changelogs/.plugin-cache.yaml # ansible extras - typical development *.deb *.tgz *.tar.gz* +# ansible docs - sphinx local build files +docs/rst +docs/.gitignore +docs/antsibull-docs.cfg +docs/build.sh +docs/conf.py +docs/requirements.txt + # general extras .DS_Store + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9a5aaf0..66bf309 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,28 +4,17 @@ repos: hooks: - id: check-merge-conflict - id: check-symlinks + - id: check-yaml + args: [--allow-multiple-documents] - id: debug-statements - id: end-of-file-fixer - id: no-commit-to-branch args: [--branch, main] - id: trailing-whitespace args: [--markdown-linebreak-ext=md] - - id: check-yaml - args: [--allow-multiple-documents] - - - repo: https://github.com/asottile/add-trailing-comma - rev: v3.0.0 - hooks: - - id: add-trailing-comma - - - repo: https://github.com/adrienverge/yamllint - rev: v1.31.0 - hooks: - - id: yamllint - args: [-c=.yamllint] - - repo: https://github.com/robertdebock/pre-commit - rev: v1.5.2 + - repo: https://github.com/trfore/pre-commit + rev: v1.5.3 hooks: - id: ansible_role_find_unused_variable - id: ansible_role_fix_readability @@ -34,3 +23,19 @@ repos: - id: ansible_role_find_horizontal_when - id: ansible_role_find_empty_files - id: ansible_role_find_empty_directories + + - repo: https://github.com/pre-commit/mirrors-prettier + rev: v3.1.0 + hooks: + - id: prettier + + - repo: https://github.com/adrienverge/yamllint + rev: v1.35.1 + hooks: + - id: yamllint + args: [-c=.yamllint] + + - repo: https://github.com/ansible/ansible-lint + rev: v24.2.2 + hooks: + - id: ansible-lint diff --git a/.prettierignore b/.prettierignore index 6977fdc..91b6439 100644 --- a/.prettierignore +++ b/.prettierignore @@ -1,4 +1,11 @@ -# linted by yamllint -*.yaml -*.yml -.pylintrc +# environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# formatted by antsibull-changelog +changelogs/changelog.yaml diff --git a/.prettierrc.yaml b/.prettierrc.yaml new file mode 100644 index 0000000..8e025a9 --- /dev/null +++ b/.prettierrc.yaml @@ -0,0 +1,10 @@ +# .prettierrc.yaml +bracketSpacing: true +endOfLine: "lf" +printWidth: 160 +proseWrap: "preserve" +quoteProps: "as-needed" +semi: true +singleQuote: false +tabWidth: 2 +trailingComma: "es5" diff --git a/.yamllint b/.yamllint index 8827676..e8c07f9 100644 --- a/.yamllint +++ b/.yamllint @@ -2,6 +2,10 @@ # Based on ansible-lint config extends: default +ignore: + - .tox/ + - .venv/ + rules: braces: max-spaces-inside: 1 @@ -15,7 +19,8 @@ rules: commas: max-spaces-after: -1 level: error - comments: disable + comments: + min-spaces-from-content: 1 # prettier compatibility comments-indentation: disable document-start: disable empty-lines: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a6013ee --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,41 @@ +# Contributing + +## Contribute + +### Setup a Dev Environment + +```sh +python3 -m venv .venv && source .venv/bin/activate +python3 -m pip install -r requirements/dev-requirements.txt +pre-commit install +``` + +### Running Test + +```sh +pre-commit run --all-files + +# list environments and test +tox list +# lint all files +tox -e lint run +# run a specific test environment +tox -e py-ansible2.16-ubuntu20 run +# run all test in parallel +tox run-parallel +``` + +- For iterative development and testing, the tox molecule environments are written to accept `molecule` arguments. This allows for codebase changes to be tested as you write across multiple distros and versions of `ansible-core`. + +```sh +# molecule converge +tox -e py-ansible2.16-ubuntu20 run -- converge -s default +# molecule test w/o destroying the container +tox -r -e py-ansible2.16-ubuntu20-jre8 -- test -s ubuntu20-jre8 --destroy=never +``` + +## Additional References + +- [Ansible community guide](https://docs.ansible.com/ansible/devel/community/index.html) +- [Github Docs: Forking a repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo#forking-a-repository) +- [Ansible Docs: `ansible-core` support matrix](https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix) diff --git a/README.md b/README.md index 5258342..65573d1 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ ansible-galaxy role install trfore.omada_install ## Tested Platforms and Versions - MongoDB Community: `4.4.x` -- Omada SDN: `5.9.x` +- Omada SDN: `5.x.x` - CentOS Stream 8 - Debian 10 - Ubuntu 20.04 @@ -48,7 +48,7 @@ ansible-galaxy role install trfore.omada_install - NOTE: For **Ubuntu 20.04** targets, this role installs **OpenJDK 11**. While `jsvc` is available via APT, it is `< 1.1.0` and will **only work with OpenJDK 8**. If you prefer to use this older version, set `omada_dependencies` to the following in your playbook (see 'Example Playbooks' section below): ```yaml - omada_dependencies: ['curl', 'openjdk-8-jre-headless', 'jsvc'] + omada_dependencies: ["curl", "openjdk-8-jre-headless", "jsvc"] ``` ## Role Variables @@ -64,7 +64,7 @@ Available variables are listed below, along with default values (see `defaults/m | omada_non_root | `true` | Boolean, configure Omada SDN to run as a non-root user | No | | omada_remove_tar_folder | `false` | Boolean, remove the temporary directory on the remote host | No | -OS specific variables are listed below, along with default values (see `vars/debian.yml` and `vars/redhat.yml`): +OS specific variables are listed below, along with default values (see `vars/main.yml`): | Variable | Default | Description | Required | | ------------------ | --------------------------------------------- | ---------------------------------------- | -------- | @@ -90,6 +90,18 @@ OS specific variables are listed below, along with default values (see `vars/deb - name: Install Omada SDN role: trfore.omada_install + + post_tasks: + - name: Test Omada SDN Is Running + tags: ["omada", "test"] + ansible.builtin.uri: + url: https://127.0.0.1:8043/login + status_code: 200 + validate_certs: false + register: result + until: result.status == 200 + retries: 12 + delay: 10 ``` - If you manually download the tar file. @@ -117,7 +129,7 @@ OS specific variables are listed below, along with default values (see `vars/deb - hosts: servers become: true vars: - omada_dependencies: ['curl', 'openjdk-8-jre-headless', 'jsvc'] + omada_dependencies: ["curl", "openjdk-8-jre-headless", "jsvc"] roles: - name: Install MongoDB Community role: trfore.mongodb_install @@ -135,14 +147,13 @@ MIT Taylor Fore (https://github.com/trfore) -## Related Roles & Playbooks +## Related Roles | Github | Ansible Galaxy | | ------------------------------ | ------------------------ | | [ansible-role-jsvc] | [trfore.jsvc] | | [ansible-role-mongodb-install] | [trfore.mongodb_install] | | [ansible-role-omada-install] | [trfore.omada_install] | -| [ansible-playbook-omada] | | ## References @@ -162,6 +173,5 @@ Taylor Fore (https://github.com/trfore) [trfore.jsvc]: https://galaxy.ansible.com/trfore/jsvc [ansible-role-mongodb-install]: https://github.com/trfore/ansible-role-mongodb-install [trfore.mongodb_install]: https://galaxy.ansible.com/trfore/mongodb_install -[ansible-playbook-omada]: https://github.com/trfore/ansible-playbook-omada [ansible-role-omada-install]: https://github.com/trfore/ansible-role-omada-install [trfore.omada_install]: https://galaxy.ansible.com/trfore/omada_install diff --git a/defaults/main.yml b/defaults/main.yml index e71dd96..297b7b8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,5 @@ omada_tar_src: https://static.tp-link.com/upload/software/2024/202402/20240227/Omada_SDN_Controller_v5.13.30.8_linux_x64.tar.gz omada_tar_src_remote: true omada_tar_dir: /var/tmp -omada_tar_folder: "{{ omada_tar_src | basename | splitext | first | splitext | first }}" omada_non_root: true omada_remove_tar_folder: false diff --git a/handlers/main.yml b/handlers/main.yml index c5e0dc1..c1e678f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Remove tar folder ansible.builtin.file: - path: '{{ omada_tar.dest }}' + path: "{{ omada_tar.dest }}" state: absent when: omada_remove_tar_folder diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 1410aac..89b326b 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,10 +1,8 @@ --- - name: Converge hosts: all - vars: mongodb_pkg_install: true - pre_tasks: - name: Update APT cache ansible.builtin.apt: @@ -24,4 +22,4 @@ tasks: - name: Install Omada SDN ansible.builtin.include_role: - name: 'ansible-role-omada-install' + name: "ansible-role-omada-install" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index daf2142..74f5f37 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,4 +1,4 @@ --- roles: - - trfore.jsvc - - trfore.mongodb_install + - name: trfore.jsvc + - name: trfore.mongodb_install diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 4b959f5..15aee36 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,10 +1,29 @@ --- - name: Verify hosts: all - gather_facts: false - + gather_facts: true + vars: + jdk_pkg: "{{ 'java-11-openjdk-headless' if ansible_os_family == 'RedHat' else 'openjdk-11-jre-headless' }}" tasks: - - name: Test Omada SDN is running + - name: Test | Gather Package Facts + ansible.builtin.package_facts: + + - name: Test | Check OpenJDK Package + ansible.builtin.assert: + that: "jdk_pkg in ansible_facts.packages" + + - name: Test | Get Binary File Info + ansible.builtin.stat: + path: /usr/bin/tpeap + register: file_info + + - name: Test | Check Omada Binary Exists + ansible.builtin.assert: + that: + - file_info.stat.exists + quiet: true + + - name: Test | Check Omada SDN is running ansible.builtin.uri: url: https://127.0.0.1:8043/login status_code: 200 diff --git a/molecule/pkg-install/requirements.yml b/molecule/pkg-install/requirements.yml new file mode 120000 index 0000000..b6f4a01 --- /dev/null +++ b/molecule/pkg-install/requirements.yml @@ -0,0 +1 @@ +../default/requirements.yml \ No newline at end of file diff --git a/molecule/ubuntu-jre8/converge.yml b/molecule/ubuntu-jre8/converge.yml index e35b4f0..e027841 100644 --- a/molecule/ubuntu-jre8/converge.yml +++ b/molecule/ubuntu-jre8/converge.yml @@ -4,7 +4,7 @@ vars: mongodb_pkg_install: true - omada_dependencies: ['curl', 'openjdk-8-jre-headless', 'jsvc'] + omada_dependencies: ["curl", "openjdk-8-jre-headless", "jsvc"] pre_tasks: - name: Update APT cache @@ -22,5 +22,5 @@ tasks: - name: Install Omada SDN ansible.builtin.include_role: - name: 'ansible-role-omada-install' + name: "ansible-role-omada-install" when: ansible_distribution == 'Ubuntu' diff --git a/molecule/ubuntu-jre8/verify.yml b/molecule/ubuntu-jre8/verify.yml deleted file mode 120000 index 15a7868..0000000 --- a/molecule/ubuntu-jre8/verify.yml +++ /dev/null @@ -1 +0,0 @@ -../default/verify.yml \ No newline at end of file diff --git a/molecule/ubuntu-jre8/verify.yml b/molecule/ubuntu-jre8/verify.yml new file mode 100644 index 0000000..024bbc8 --- /dev/null +++ b/molecule/ubuntu-jre8/verify.yml @@ -0,0 +1,32 @@ +--- +- name: Verify + hosts: all + gather_facts: true + tasks: + - name: Test | Gather Package Facts + ansible.builtin.package_facts: + + - name: Test | Check OpenJDK Package + ansible.builtin.assert: + that: "'openjdk-8-jre-headless' in ansible_facts.packages" + + - name: Test | Get Binary File Info + ansible.builtin.stat: + path: /usr/bin/tpeap + register: file_info + + - name: Test | Check Omada Binary Exists + ansible.builtin.assert: + that: + - file_info.stat.exists + quiet: true + + - name: Test | Check Omada SDN is running + ansible.builtin.uri: + url: https://127.0.0.1:8043/login + status_code: 200 + validate_certs: false + register: result + until: result.status == 200 + retries: 12 + delay: 10 diff --git a/requirements.txt b/requirements.txt index ddb3646..b05ec0b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1 @@ -ansible>=7.4 -ansible-compat>=4.1.7 -ansible-core>=2.14 -ansible-lint>=6.14.0 -molecule>=4.0.0,<25.0.0 -molecule-plugins[docker]>=23.0.0 -paramiko>=3.0.0 -pre-commit>=3.2.0 -pylint>=2.17.0 -pytest-testinfra>=7.0.0 -yamllint>=1.30.0 +ansible-core>=2.14.0 diff --git a/requirements/dev-requirements.txt b/requirements/dev-requirements.txt new file mode 100644 index 0000000..227ef4c --- /dev/null +++ b/requirements/dev-requirements.txt @@ -0,0 +1,11 @@ +-r ../requirements.txt +ansible>=7.4.0 +ansible-compat>=4.1.7 +ansible-lint>=6.14.0 +molecule>=4.0.0,<25.0.0 +molecule-plugins[docker]>=23.0.0 +paramiko>=3.0.0 +pre-commit>=3.2.0 +pylint>=3.0.0 +tox>=4.0.0 +yamllint>=1.30.0 diff --git a/tasks/debian-container.yml b/tasks/debian-container.yml deleted file mode 100644 index 2b40e80..0000000 --- a/tasks/debian-container.yml +++ /dev/null @@ -1,8 +0,0 @@ -# openjdk dep issue when installed in a container without man directory -# ref: https://github.com/geerlingguy/ansible-role-java/issues/64 -# sol: https://github.com/geerlingguy/ansible-role-java/commit/ee7c12b13aa594dc747892860e563f45794e94d0 -- name: Ensure 'man' directory exists. - ansible.builtin.file: - path: /usr/share/man/man1 - state: directory - recurse: true diff --git a/tasks/debian.yml b/tasks/debian.yml index dcb8173..a476859 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,6 +1,12 @@ --- -- name: Create 'man' directory when containerized - ansible.builtin.include_tasks: debian-container.yml +# openjdk dep issue when installed in a container without man directory +# ref: https://github.com/geerlingguy/ansible-role-java/issues/64 +# sol: https://github.com/geerlingguy/ansible-role-java/commit/ee7c12b13aa594dc747892860e563f45794e94d0 +- name: Ensure 'man' Directory Exists (Debian & Ubuntu) + ansible.builtin.file: + path: /usr/share/man/man1 + state: directory + recurse: true when: - ansible_virtualization_type in ['docker', 'container', 'containerd'] - ansible_os_family == 'Debian' diff --git a/tasks/main.yml b/tasks/main.yml index fdec18a..6168d38 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,16 +1,23 @@ -- name: Install essential packages - ansible.builtin.include_tasks: '{{ ansible_os_family | lower }}.yml' +- name: Install Essential Packages + ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml" when: ansible_os_family == 'Debian' -- name: Add OS specific variables - ansible.builtin.include_vars: '{{ ansible_os_family | lower }}.yml' - when: omada_dependencies is not defined +- name: Check Required Variables + ansible.builtin.assert: + that: "{{ req_var }} is defined and {{ req_var }} | length > 0 and {{ req_var }} != None" + fail_msg: "{{ req_var }} needs to be set for the role to work" + success_msg: "{{ req_var }} is defined" + quiet: true + loop: + - omada_tar_src + loop_control: + loop_var: req_var -- name: Install omada dependencies +- name: Install Omada Dependencies ansible.builtin.package: - name: '{{ omada_dep_pkg }}' + name: "{{ omada_dep_pkg }}" state: present - loop: '{{ omada_dependencies }}' + loop: "{{ omada_dependencies }}" loop_control: loop_var: omada_dep_pkg register: package_status @@ -18,72 +25,61 @@ delay: 10 retries: 6 -- name: Verify that required string variables are defined - ansible.builtin.assert: - that: omada_req_var is defined and omada_req_var | length > 0 and omada_req_var != None - fail_msg: ' needs to be set for the role to work' - success_msg: 'required variable is defined' - loop: - - omada_tar_src - - omada_tar_src_remote - loop_control: - loop_var: omada_req_var - -- name: Gather the package facts - ansible.builtin.package_facts: - manager: auto - tags: jsvc +- name: Check for jsvc Binary + block: + - name: Gather the package facts + ansible.builtin.package_facts: + manager: auto -- name: Check for jsvc binary - ansible.builtin.stat: - path: /usr/bin/jsvc - register: jsvc_binary - tags: jsvc + - name: Check for jsvc Binary + ansible.builtin.stat: + path: /usr/bin/jsvc + register: jsvc_binary -- name: Error when jsvc is missing - ansible.builtin.fail: - msg: 'Error: jsvc is not present, Omada SDN requires jsvc' - when: - - "'jsvc' not in ansible_facts.packages" - - not jsvc_binary.stat.exists - tags: jsvc + - name: Error When jsvc Is Missing + ansible.builtin.fail: + msg: "Error: jsvc is not present, Omada SDN requires jsvc" + when: + - "'jsvc' not in ansible_facts.packages" + - not jsvc_binary.stat.exists -- name: Check for omada binary +- name: Check for Omada Binary ansible.builtin.stat: path: /usr/bin/tpeap register: omada_binary -- name: Create a temporary directory for omada tar file - ansible.builtin.file: - path: '{{ omada_tar_dir }}/{{ omada_tar_folder }}' - state: directory - mode: '0775' +- name: Install Omada SDN Using Tar File when: not omada_binary.stat.exists - register: omada_temp_dir + block: + - name: Create a Temporary Directory for Omada Tar File + ansible.builtin.file: + path: "{{ omada_tar_dir }}/{{ omada_tar_folder }}" + state: directory + mode: "0775" + register: omada_temp_dir -- name: Download and extract omada software - ansible.builtin.unarchive: - src: '{{ omada_tar_src }}' - dest: '{{ omada_temp_dir.path }}' - remote_src: '{{ omada_tar_src_remote }}' - extra_opts: - - --strip-components=1 - register: omada_tar - when: not omada_binary.stat.exists + - name: Download and Extract Omada Software + ansible.builtin.unarchive: + src: "{{ omada_tar_src }}" + dest: "{{ omada_temp_dir.path }}" + remote_src: "{{ omada_tar_src_remote }}" + extra_opts: + - --strip-components=1 + register: omada_tar -- name: Run omada install script - become: true - ansible.builtin.command: './install.sh -y' - args: - chdir: '{{ omada_tar.dest }}' - creates: /opt/tplink/EAPController/bin/control.sh - register: omada_install - when: omada_tar.changed # noqa: no-handler - notify: - - Remove tar folder - - Enable omada service + - name: Run Omada Install Script + become: true + ansible.builtin.command: "./install.sh -y" + args: + chdir: "{{ omada_tar.dest }}" + creates: /opt/tplink/EAPController/bin/control.sh + register: omada_install + when: omada_tar.changed # noqa: no-handler + notify: + - Remove tar folder + - Enable omada service -- name: Configure omada to run as non-root user +- name: Configure Omada to Run as Non-root User ansible.builtin.include_tasks: omada-non-root.yml when: - omada_install.changed # noqa: no-handler diff --git a/tasks/omada-non-root.yml b/tasks/omada-non-root.yml index 0267533..f27ecf5 100644 --- a/tasks/omada-non-root.yml +++ b/tasks/omada-non-root.yml @@ -1,39 +1,39 @@ --- -- name: Create omada user +- name: Omada Non-root | Create 'omada' User ansible.builtin.user: name: omada - comment: 'omada service account' + comment: "omada service account" system: true shell: /usr/sbin/nologin home: /opt/tplink/EAPController/data state: present -- name: Stop omada service +- name: Omada Non-root | Stop Omada Service ansible.builtin.command: tpeap stop register: tpeap_status changed_when: tpeap_status.rc != 0 -- name: Modify 'control.sh', change default 'OMADA_USER' +- name: Omada Non-root | Modify 'control.sh', Change Default 'OMADA_USER' ansible.builtin.lineinfile: path: /opt/tplink/EAPController/bin/control.sh - search_string: 'OMADA_USER=${OMADA_USER:-root}' + search_string: "OMADA_USER=${OMADA_USER:-root}" line: OMADA_USER=${OMADA_USER:-omada} -- name: Modify 'control.sh', change 'PID_FILE' path +- name: Omada Non-root | Modify 'control.sh', Change 'PID_FILE' Path ansible.builtin.lineinfile: path: /opt/tplink/EAPController/bin/control.sh search_string: 'PID_FILE="/var/run/${NAME}.pid"' line: 'PID_FILE="${OMADA_HOME}/data/${NAME}.pid"' -- name: Modify 'control.sh', remove 'check_root_perms' func call +- name: Omada Non-root | Modify 'control.sh', Remove 'check_root_perms' Func Call ansible.builtin.lineinfile: path: /opt/tplink/EAPController/bin/control.sh - search_string: 'check_root_perms' - line: '#check_root_perms' + search_string: "check_root_perms" + line: "#check_root_perms" -- name: Change omada directories to non-root owner & group +- name: Omada Non-root | Change Omada Directories Owner & Group ansible.builtin.file: - path: '{{ omada_dir }}' + path: "{{ omada_dir }}" state: directory recurse: true owner: omada diff --git a/tasks/redhat.yml b/tasks/redhat.yml deleted file mode 100644 index ed97d53..0000000 --- a/tasks/redhat.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..268cb5e --- /dev/null +++ b/tox.ini @@ -0,0 +1,46 @@ +[tox] +minversion = 4.0.0 +envlist = + lint + py-ansible{2.16}-ubuntu{20}-{default} + py-ansible{2.16}-ubuntu20-{jre8} + py-ansible{2.16}-{centos,debian}-{default} + +[testenv] +description = + default-ubuntu20: Run molecule scenario on Ubuntu 20.04 (default) + default-centos: Run molecule scenario on CentOS 8 (default) + default-debian: Run molecule scenario on Debian 10 (default) + jre8: Run molecule scenario on Ubuntu 20.04 (JRE 8) +deps = + ansible2.16: ansible-core == 2.16.* + docker + molecule + molecule-plugins[docker] + pytest + pytest-testinfra +commands = + default: molecule {posargs:test -s default} + jre8: molecule {posargs:test -s ubuntu-jre8} +setenv = + ANSIBLE_ROLES_PATH={work_dir}/{env_name}/.ansible/roles + MOLECULE_EPHEMERAL_DIRECTORY={work_dir}/{env_name}/.cache/molecule + MOLECULE_NAME={env_name} + centos: MOLECULE_IMAGE=trfore/docker-centos8-systemd + debian: MOLECULE_IMAGE=trfore/docker-debian10-systemd + ubuntu20: MOLECULE_IMAGE=trfore/docker-ubuntu2004-systemd + PY_COLORS=1 + TOX_ENVNAME={env_name} +passenv = + DOCKER_HOST + MOLECULE_IMAGE + +[testenv:lint] +description = Run all linting tasks +skip_install = true +deps = + pre-commit +commands = + pre-commit run {posargs:--all --show-diff-on-failure} +setenv = + TOX_ENVNAME={env_name} diff --git a/vars/debian.yml b/vars/debian.yml deleted file mode 100644 index 33976b4..0000000 --- a/vars/debian.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -omada_dependencies: - - curl - - openjdk-11-jre-headless # OpenJDK 11 or higher, requires JSVC 1.1.0+ diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..aa05d01 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,5 @@ +--- +omada_dependencies: + - curl + - "{{ 'java-11-openjdk-headless.x86_64' if ansible_os_family == 'RedHat' else 'openjdk-11-jre-headless' }}" # OpenJDK 11 or higher, requires JSVC 1.1.0+ +omada_tar_folder: "{{ omada_tar_src | basename | splitext | first | splitext | first }}" diff --git a/vars/redhat.yml b/vars/redhat.yml deleted file mode 100644 index cd73e3e..0000000 --- a/vars/redhat.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -omada_dependencies: - - curl - - java-11-openjdk-headless.x86_64