Merge branch 'master' of https://github.com/redbrick/nomad

2022-12-19 23:09:23 +00:00 · 2022-12-19 23:09:23 +00:00 · e3cdfb5785
commit e3cdfb5785
parent bb0e9045a2 2cb77974ea
7 changed files with 67 additions and 27 deletions
--- a/ansible/bin/adhoc.sh
+++ b/ansible/bin/adhoc.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+
+if [ $1 = "help" ]; then
+  cat << EOH
+-- Ad-hoc help --
+
+This command is designed as a helper for running ad-hoc ansible commands.
+
+It takes 2 arguments;
+1. The host pattern match, and
+2. The module followed by the command to run with that module.
+
+-- Examples --
+
+\$ bin/adhoc.sh all ping
+# will run ping on 'all' hosts
+
+\$ bin/adhoc.sh glados shell "cmd='echo hello world'"
+# will run the shell module on the 'glados' host
+EOH
+exit 0
+fi
+
+if [ $# -eq 2 ]; then
+  ansible -i hosts $1 -m $2
+  exit 0
+else
+  ansible -i hosts $1 -m $2 -a "${@:3}"
+  exit 0
+fi
--- a/ansible/redbrick-ansible.yml
+++ b/ansible/redbrick-ansible.yml
@ -1,10 +1,17 @@
 ---
+# check local head is the same as remote head
+# fail if not
+# this is to ensure that the local repository is up to date
+# before running the playbook, ignores uncommitted changes
+- name: Check local repository is up to date
+  hosts: localhost
+  roles: 
+    - { role: git-compare-head } # Prevent execution on out-of-date or divergent branches

 - name: Redbrick general management
  hosts: all
-  gather_facts: true
  roles:
-    - { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
+    #- { role: apt } # update all packages, equivalent to `apt update && apt upgrade`
    #- { role: ssh } # add users defined in roles/defaults/main.yml
    #- { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail`

--- a/ansible/roles/configure-consul/tasks/main.yml
+++ b/ansible/roles/configure-consul/tasks/main.yml
@ -5,6 +5,7 @@
    name: consul
    state: latest
    update_cache: yes
+  when: ansible_check_mode == false

 - name: Add consul user
  become: true
@ -32,12 +33,16 @@
    name: consul
    enabled: yes
    state: started
+  when: ansible_check_mode == false

 - name: Check if consul is running
  become: true
  shell: consul members
  register: consul_members
+  when: ansible_check_mode == false

 - name: Print consul members
  debug:
    msg: "{{ consul_members.stdout_lines }}"
+  when: ansible_check_mode == false
+  
--- a/ansible/roles/configure-nomad/tasks/main.yml
+++ b/ansible/roles/configure-nomad/tasks/main.yml
@ -5,6 +5,7 @@
    name: nomad
    state: latest
    update_cache: yes
+  when: ansible_check_mode == false

 - name: Add nomad user
  become: true
@ -39,21 +40,26 @@
    name: nomad
    enabled: yes
    state: started
+  when: ansible_check_mode == false

 - name: Check nomad status
  become: true
  shell: nomad status
  register: nomad_status
+  when: ansible_check_mode == false

 - name: Print nomad status
  debug:
    msg: '{{ nomad_status.stdout }}'
+  when: ansible_check_mode == false

 - name: Check nomad members
  become: true
  shell: nomad members
  register: nomad_members
+  when: ansible_check_mode == false

 - name: Print nomad members
  debug:
    msg: '{{ nomad_members.stdout }}'
+  when: ansible_check_mode == false
--- a/ansible/roles/git-compare-head/tasks/main.yml
+++ b/ansible/roles/git-compare-head/tasks/main.yml
@ -0,0 +1,13 @@
+---
+- name: Get local HEAD id
+  local_action: command git rev-parse HEAD
+  register: local_head
+
+- name: Get remote HEAD id
+  local_action: command git ls-remote origin HEAD
+  register: remote_head
+
+- name: Compare local and remote
+  fail:
+    msg: "Local repository is not up to date. Please pull latest changes from remote or push your local changes."
+  when: (local_head.stdout != (remote_head.stdout | split('\t') | first)) and ansible_check_mode == false
--- a/ansible/roles/hashicorp-apt/tasks/main.yml
+++ b/ansible/roles/hashicorp-apt/tasks/main.yml
@ -1,29 +1,4 @@
 ---
-#- name: Add hashicorp GPG key
-#  become: true
-#  apt_key:
-#    url: https://apt.releases.hashicorp.com/gpg
-#    state: present
-#
-#- name: Add hashicorp repository
-#  become: true
-#  apt_repository:
-#    repo: deb [arch=amd64] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main
-#    state: present
-
-#- name: Add Vault/Hashicorp apt key
-#  apt_key:
-#    url: "https://apt.releases.hashicorp.com/gpg"
-#    state: present
-#  become: true
-#  when: ansible_pkg_mgr == 'apt'
-#
-#- name: Add Vault/Hashicorp apt repo
-#  apt_repository:
-#    repo: "deb https://apt.releases.hashicorp.com/gpg {{ ansible_distribution_release }} main"
-#    state: present
-#  become: true
-#  when: ansible_pkg_mgr == 'apt'

 - name: Add Hashicorp apt key
  become: true
--- a/ansible/roles/ssh/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@ -25,3 +25,7 @@
  ignore_errors: yes
  register: task_result
  failed_when: "'blah' in task_result"
+
+- name: Tell user to generate openVPN configuration for users
+  debug:
+    msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."