From b050850f310baaa1c92b711e80a6c340e6a820f3 Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Mon, 19 Dec 2022 20:38:52 +0000
Subject: [PATCH 1/5] creates an adhoc script

---
 ansible/bin/adhoc.sh | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 ansible/bin/adhoc.sh

diff --git a/ansible/bin/adhoc.sh b/ansible/bin/adhoc.sh
new file mode 100644
index 0000000..89b073b
--- /dev/null
+++ b/ansible/bin/adhoc.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+if [ $1 = "help" ]; then
+  cat << EOH
+-- Ad-hoc help --
+
+This command is designed as a helper for running ad-hoc ansible commands.
+
+It takes 2 arguments;
+1. The host pattern match, and
+2. The module followed by the command to run with that module.
+
+-- Examples --
+
+\$ bin/adhoc.sh all ping
+# will run ping on 'all' hosts
+
+\$ bin/adhoc.sh glados shell "cmd='echo hello world'"
+# will run the shell module on the 'glados' host
+EOH
+exit 0
+fi
+
+if [ $# -eq 2 ]; then
+  ansible -i hosts $1 -m $2
+  exit 0
+else
+  ansible -i hosts $1 -m $2 -a "${@:3}"
+  exit 0
+fi

From 47f000e6416491d2dd5f7232d1c47909208c30e1 Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Mon, 19 Dec 2022 20:40:25 +0000
Subject: [PATCH 2/5] adds a check to ensure that local and remote have same
 head

---
 ansible/redbrick-ansible.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ansible/redbrick-ansible.yml b/ansible/redbrick-ansible.yml
index 010957e..4bd63d3 100644
--- a/ansible/redbrick-ansible.yml
+++ b/ansible/redbrick-ansible.yml
@@ -1,10 +1,17 @@
 ---
+# check local head is the same as remote head
+# fail if not
+# this is to ensure that the local repository is up to date
+# before running the playbook, ignores uncommitted changes
+- name: Check local repository is up to date
+  hosts: localhost
+  roles: 
+    - { role: git-compare-head } # Prevent execution on out-of-date or divergent branches
 
 - name: Redbrick general management
   hosts: all
-  gather_facts: true
   roles:
-    - { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
+    #- { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
     #- { role: ssh } # add users defined in roles/defaults/main.yml
     #- { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail`
 

From 77570effb508cd6a9289fbecb1bbc983f57fe151 Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Mon, 19 Dec 2022 20:45:08 +0000
Subject: [PATCH 3/5] adds role to check local and remote heads

---
 ansible/roles/git-compare-head/tasks/main.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 ansible/roles/git-compare-head/tasks/main.yml

diff --git a/ansible/roles/git-compare-head/tasks/main.yml b/ansible/roles/git-compare-head/tasks/main.yml
new file mode 100644
index 0000000..5fb5807
--- /dev/null
+++ b/ansible/roles/git-compare-head/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Get local HEAD id
+  local_action: command git rev-parse HEAD
+  register: local_head
+
+- name: Get remote HEAD id
+  local_action: command git ls-remote origin HEAD
+  register: remote_head
+
+- name: Compare local and remote
+  fail:
+    msg: "Local repository is not up to date. Please pull latest changes from remote or push your local changes."
+  when: (local_head.stdout != (remote_head.stdout | split('\t') | first)) and ansible_check_mode == false

From b6c49df58c1d8d23f411327d93b189613e7f6242 Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Mon, 19 Dec 2022 20:45:26 +0000
Subject: [PATCH 4/5] adds check for ansible check_mode

---
 ansible/roles/configure-consul/tasks/main.yml | 5 +++++
 ansible/roles/configure-nomad/tasks/main.yml  | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/ansible/roles/configure-consul/tasks/main.yml b/ansible/roles/configure-consul/tasks/main.yml
index e20eaf3..dcda34c 100644
--- a/ansible/roles/configure-consul/tasks/main.yml
+++ b/ansible/roles/configure-consul/tasks/main.yml
@@ -5,6 +5,7 @@
     name: consul
     state: latest
     update_cache: yes
+  when: ansible_check_mode == false
 
 - name: Add consul user
   become: true
@@ -32,12 +33,16 @@
     name: consul
     enabled: yes
     state: started
+  when: ansible_check_mode == false
 
 - name: Check if consul is running
   become: true
   shell: consul members
   register: consul_members
+  when: ansible_check_mode == false
 
 - name: Print consul members
   debug:
     msg: "{{ consul_members.stdout_lines }}"
+  when: ansible_check_mode == false
+  
diff --git a/ansible/roles/configure-nomad/tasks/main.yml b/ansible/roles/configure-nomad/tasks/main.yml
index 79e6980..a5f89f7 100644
--- a/ansible/roles/configure-nomad/tasks/main.yml
+++ b/ansible/roles/configure-nomad/tasks/main.yml
@@ -5,6 +5,7 @@
     name: nomad
     state: latest
     update_cache: yes
+  when: ansible_check_mode == false
 
 - name: Add nomad user
   become: true
@@ -39,21 +40,26 @@
     name: nomad
     enabled: yes
     state: started
+  when: ansible_check_mode == false
 
 - name: Check nomad status
   become: true
   shell: nomad status
   register: nomad_status
+  when: ansible_check_mode == false
 
 - name: Print nomad status
   debug:
     msg: '{{ nomad_status.stdout }}'
+  when: ansible_check_mode == false
 
 - name: Check nomad members
   become: true
   shell: nomad members
   register: nomad_members
+  when: ansible_check_mode == false
 
 - name: Print nomad members
   debug:
     msg: '{{ nomad_members.stdout }}'
+  when: ansible_check_mode == false

From 2cb77974ea555d574b9eaec09e5a52723105fc3e Mon Sep 17 00:00:00 2001
From: James Hackett <jamesthackett1@gmail.com>
Date: Mon, 19 Dec 2022 20:45:56 +0000
Subject: [PATCH 5/5] advises users to create vpn configs for users added via
 role

---
 ansible/roles/hashicorp-apt/tasks/main.yml | 25 ----------------------
 ansible/roles/ssh/tasks/main.yml           |  4 ++++
 2 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/ansible/roles/hashicorp-apt/tasks/main.yml b/ansible/roles/hashicorp-apt/tasks/main.yml
index 4259153..ea6a548 100644
--- a/ansible/roles/hashicorp-apt/tasks/main.yml
+++ b/ansible/roles/hashicorp-apt/tasks/main.yml
@@ -1,29 +1,4 @@
 ---
-#- name: Add hashicorp GPG key
-#  become: true
-#  apt_key:
-#    url: https://apt.releases.hashicorp.com/gpg
-#    state: present
-#
-#- name: Add hashicorp repository
-#  become: true
-#  apt_repository:
-#    repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main
-#    state: present
-
-#- name: Add Vault/Hashicorp apt key
-#  apt_key:
-#    url: "https://apt.releases.hashicorp.com/gpg"
-#    state: present
-#  become: true
-#  when: ansible_pkg_mgr == 'apt'
-#
-#- name: Add Vault/Hashicorp apt repo
-#  apt_repository:
-#    repo: "deb https://apt.releases.hashicorp.com/gpg {{ ansible_distribution_release }} main"
-#    state: present
-#  become: true
-#  when: ansible_pkg_mgr == 'apt'
 
 - name: Add Hashicorp apt key
   become: true
diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml
index 69099df..bef5d4a 100644
--- a/ansible/roles/ssh/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@@ -25,3 +25,7 @@
   ignore_errors: yes
   register: task_result
   failed_when: "'blah' in task_result"
+
+- name: Tell user to generate openVPN configuration for users
+  debug:
+    msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."
\ No newline at end of file