Merge pull request #2 from outsideopen/dl/updates

Updates for systemd restart
outsideopen · Feb 20, 2024 · 4b4d3d4 · 4b4d3d4
2 parents 7065767 + 5f1d807
commit 4b4d3d4
Show file tree

Hide file tree

Showing 14 changed files with 113 additions and 89 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,38 @@
+---
+profile: null # min, basic, moderate,safety, shared, production
+
+exclude_paths:
+  - .cache/
+  - .github/
+  - .ansible-lint
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: "^(__|{role}_)"
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: "^[a-z_][a-z0-9_]*$"
+
+use_default_rules: true
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  - yaml
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - experimental # experimental is included in the implicit list
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: true
+
+# Allow setting custom prefix for name[prefix] rule
+#task_name_prefix: "{stem} | "
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,6 +1,6 @@
 ---
 name: CI
-'on':
+on:  # yamllint disable-line rule:truthy
   pull_request:
   push:
     branches:
@@ -11,18 +11,17 @@ defaults:
     working-directory: 'outsideopen.duologsync'
 
 jobs:
-
   lint:
     name: Lint
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'outsideopen.duologsync'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -40,24 +39,22 @@ jobs:
     strategy:
       matrix:
         include:
-          - distro: centos7
-            playbook: converge.yml
           - distro: centos8
             playbook: converge.yml
-          - distro: ubuntu1804
-            playbook: converge.yml
           - distro: ubuntu2004
             playbook: converge.yml
-          - distro: debian10
+          - distro: ubuntu2204
+            playbook: converge.yml
+          - distro: debian11
             playbook: converge.yml
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'outsideopen.duologsync'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -71,18 +68,3 @@ jobs:
           ANSIBLE_FORCE_COLOR: '1'
           MOLECULE_DISTRO: ${{ matrix.distro }}
           MOLECULE_PLAYBOOK: ${{ matrix.playbook }}
-
-  slack:
-    name: Slack
-    needs: molecule
-    runs-on: ubuntu-latest
-    if: always()
-    steps:
-      - uses: technote-space/workflow-conclusion-action@v2
-      - uses: 8398a7/action-slack@v3
-        with:
-          author_name: Molecule tests
-          status: ${{ env.WORKFLOW_CONCLUSION }} # neutral, success, skipped, cancelled, timed_out, action_required, failure
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml
@@ -1,32 +1,15 @@
 ---
 name: Release to Ansible Galaxy
-
-'on':
-  push:
-    tags:
-      - '*'
-  schedule:
-    - cron: '1 10 14 * *'
+on:  # yamllint disable-line rule:truthy
+  workflow_dispatch:
+  release:
+    types: [published]
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - name: galaxy
-        uses: robertdebock/galaxy-action@1.0.1
+      - name: publish to galaxy
+        uses: ansible-actions/ansible-galaxy-action@v1.2.0
         with:
           galaxy_api_key: ${{ secrets.galaxy_api_key }}
-  slack:
-    name: Slack
-    needs: release
-    runs-on: ubuntu-latest
-    if: always()
-    steps:
-      - uses: technote-space/workflow-conclusion-action@v2
-      - uses: 8398a7/action-slack@v3
-        with:
-          author_name: Galaxy Release
-          status: ${{ env.WORKFLOW_CONCLUSION }} # neutral, success, skipped, cancelled, timed_out, action_required, failure
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.yamllint b/.yamllint
@@ -1,7 +1,17 @@
 ---
 extends: default
-
+ignore: |
+  venv/
 rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
   line-length:
     max: 120
     level: warning
+  indentation:
+    spaces: 2
+    indent-sequences: consistent
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ Installs Duo log sync package for Python.
 
 ### duologsync_servers
 
-The valid endpoints are defined the duo_log_sync [template_config.yml](https://github.com/duosecurity/duo_log_sync/blob/master/template_config.yml#L120) file.
+The valid endpoints are defined in the duo_log_sync [template_config.yml](https://github.com/duosecurity/duo_log_sync/blob/master/template_config.yml#L120) file.
 
 Note: the `duologsync_log_format` is a global option, so set up the servers according to using `CEF` or `JSON`.
 
@@ -44,7 +44,7 @@ duologsync_servers:
 Testing requires Molecule and Docker
 
 ```
-pip3 install -r requirements.txt
+pip3 install -r molecule/requirements.txt
 molecule test
 ```
 

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
 - name: Restart duologsync
-  systemd:
+  ansible.builtin.systemd:
     name: duologsync
     state: started
diff --git a/meta/main.yml b/meta/main.yml
@@ -1,20 +1,23 @@
 ---
 dependencies: []
 galaxy_info:
+  namespace: outsideopen
   role_name: duologsync
+  standalone: true
   author: David Lundgren
   company: Outside Open
   description: Installs Duo log sync
   license: MIT
-  min_ansible_version: 2.9
+  min_ansible_version: "2.9"
   platforms:
-    - name: CentOS
+    - name: EL
       versions:
-        - 7
-        - 8
+        - "7"
+        - "8"
     - name: Debian
       versions:
-        - 10
+        - buster
+        - bullseye
     - name: Ubuntu
       versions:
         - bionic

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -13,5 +13,5 @@
           - telephony
   tasks:
     - name: Include duologsync
-      include_role:
+      ansible.builtin.include_role:
         name: outsideopen.duologsync
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -5,15 +5,22 @@ driver:
   name: docker
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2204}-ansible:latest"
     privileged: true
     pre_build_image: true
+    cgroupns_mode: host
+    command: ${MOLECULE_DOCKER_COMMAND:-""}
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /run
+      - /run/lock
 provisioner:
   name: ansible
-  playbooks:
-    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+  config_options:
+    defaults:
+      stdout_callback: yaml
+      bin_ansible_callbacks: true
+scenario:
+  name: default
 verifier:
   name: ansible
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -6,7 +6,7 @@
   gather_facts: false
   tasks:
     - name: Confirm duologsync service is running
-      command: "/opt/duologsync/duologsync.venv/bin/duologsync -h"
+      ansible.builtin.command: "/opt/duologsync/duologsync.venv/bin/duologsync -h"
       register: duologsync_test
       changed_when: false
       failed_when: duologsync_test.rc != 0
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,13 +1,13 @@
 ---
 - name: Setup OS for DUO logsync
-  include_tasks: "setup-{{ ansible_os_family }}.yml"
+  ansible.builtin.include_tasks: "setup-{{ ansible_os_family }}.yml"
 
 - name: Ensure group exists
-  group:
+  ansible.builtin.group:
     name: "{{ duologsync_group }}"
 
 - name: Ensure user exists
-  user:
+  ansible.builtin.user:
     name: "{{ duologsync_user }}"
     group: "{{ duologsync_group }}"
     home: "{{ duologsync_path }}"
@@ -16,74 +16,74 @@
   become: true
   become_user: "{{ duologsync_user }}"
   block:
-    - name: Ensure the log paths exist
-      file:
+    - name: Ensure paths exist
+      ansible.builtin.file:
         path: "{{ duologsync_path }}/{{ item }}"
         state: directory
         mode: "0755"
       loop:
         - shared/logs
+        - shared/checkpoints
 
     - name: Clone duo_log_sync repository
-      git:
+      ansible.builtin.git:
         repo: "{{ duologsync_repo_url }}"
         dest: "{{ duologsync_path }}/duologsync"
         version: master
         depth: 1
         update: true
       register: duologsync_clone
 
-    - name: Create virtual env
-      block:
-        - name: Create virtualenv
-          command: "python3 -m venv {{ duologsync_path }}/duologsync.venv"
-          args:
-            chdir: "{{ duologsync_path }}"
-            creates: "{{ duologsync_path }}/duologsync.venv"
+    - name: Create virtualenv
+      ansible.builtin.command: "python3 -m venv {{ duologsync_path }}/duologsync.venv"
+      args:
+        chdir: "{{ duologsync_path }}"
+        creates: "{{ duologsync_path }}/duologsync.venv"
 
     - name: Install setuptools
       when:
         - duologsync_install_setuptools
         - duologsync_clone.after != duologsync_clone.before
-      pip:
+      ansible.builtin.pip:
         chdir: "{{ duologsync_path }}/duologsync"
         name: setuptools
         virtualenv: "{{ duologsync_path }}/duologsync.venv"
 
     - name: Install duologsync requirements
       when: duologsync_clone.after != duologsync_clone.before
-      pip:
+      ansible.builtin.pip:
         chdir: "{{ duologsync_path }}/duologsync"
         requirements: "{{ duologsync_path }}/duologsync/requirements.txt"
         virtualenv: "{{ duologsync_path }}/duologsync.venv"
 
     - name: Configure duologsync
-      template:
+      ansible.builtin.template:
         src: config.yml.j2
         dest: "{{ duologsync_path }}/config.yml"
         mode: 0600
 
     - name: Setup venv wrapper script
-      template:
+      ansible.builtin.template:
         src: venv-run.sh.j2
         dest: "{{ duologsync_path }}/venv-run.sh"
         mode: 0755
 
     - name: Run duologsync python setup
       when: duologsync_clone.after != duologsync_clone.before
-      command: "{{ duologsync_path }}/venv-run.sh python3 setup.py install"
+      ansible.builtin.command: "{{ duologsync_path }}/venv-run.sh python3 setup.py install"
+      changed_when: false
       args:
         chdir: "{{ duologsync_path }}/duologsync"
 
 - name: Setup systemd service
-  template:
+  ansible.builtin.template:
     src: duologsync.service.j2
     dest: "{{ duologsync_systemd_path }}/duologsync.service"
     mode: "0644"
   register: duologsync_config_change
 
 - name: Start duologsync
-  systemd:
+  ansible.builtin.systemd:
     name: duologsync
     state: started
     enabled: true

diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml
@@ -1,7 +1,7 @@
 ---
 - name: Install dependencies (Debian/Ubuntu)
   when: duologsync_install_os_dependencies
-  apt:
+  ansible.builtin.apt:
     name:
       - git
       - python3-virtualenv