Merge pull request 'feat-test-playbooks' (#5) from feat-test-playbooks into master
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Reviewed-on: #5
This commit is contained in:
commit
74cd88322d
17 changed files with 222 additions and 304 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -161,3 +161,4 @@ cython_debug/
|
||||||
#.idea/
|
#.idea/
|
||||||
ansible/credentials/
|
ansible/credentials/
|
||||||
terraform/mcaptcha/mcaptcha
|
terraform/mcaptcha/mcaptcha
|
||||||
|
sec/
|
||||||
|
|
27
.woodpecker.yml
Normal file
27
.woodpecker.yml
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
steps:
|
||||||
|
backend:
|
||||||
|
image: python:3-bookworm
|
||||||
|
environment:
|
||||||
|
- ANSIBLE_HOST_KEY_CHECKING=False
|
||||||
|
commands:
|
||||||
|
- export PATH=$PATH:/root/.local/bin
|
||||||
|
- eval "$(ssh-agent -s)"
|
||||||
|
- make ci.init
|
||||||
|
- cat terraform/mcaptcha/hosts.ini
|
||||||
|
# db: mariadb cache: redis
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=redis" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# db: postgres cache: redis
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=redis" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.cache
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# embedded cache
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=postgres cache_type=embedded" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
# embedded cache
|
||||||
|
- . venv/bin/activate && ansible-playbook --become -i terraform/mcaptcha/hosts.ini --extra-vars "database_type=mariadb cache_type=embedded" ./ansible/mcaptcha.yml
|
||||||
|
- INVENTORY=terraform/mcaptcha/hosts.ini make test.mcaptcha
|
||||||
|
|
||||||
|
- make ci.clean
|
||||||
|
secrets: [TEST_NODE_SSH_KEY]
|
24
Makefile
24
Makefile
|
@ -134,5 +134,29 @@ test.cache: ## Test cache configuration
|
||||||
test.mcaptcha: ## Test mcaptcha configuration
|
test.mcaptcha: ## Test mcaptcha configuration
|
||||||
$(call test_mcaptcha)
|
$(call test_mcaptcha)
|
||||||
|
|
||||||
|
ci.init:
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y ca-certificates curl gnupg tar wget libssl-dev python3-pip cython3 pipx apt-transport-https coreutils iputils-ping openssh-client libvirt-clients genisoimage
|
||||||
|
./scripts/ci.sh --init "$$TEST_NODE_SSH_KEY"
|
||||||
|
ssh-add /tmp/ci-ssh-id
|
||||||
|
ssh -o StrictHostKeyChecking=accept-new mcaptcha-ci@192.168.0.102 "echo f"
|
||||||
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
|
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu.gpg
|
||||||
|
chmod a+r /etc/apt/keyrings/opentofu.gpg
|
||||||
|
echo "deb [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" > /etc/apt/sources.list.d/opentofu.list
|
||||||
|
echo "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main" >> /etc/apt/sources.list.d/opentofu.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install -y tofu
|
||||||
|
tofu -chdir=terraform/mcaptcha/ init
|
||||||
|
tofu -chdir=terraform/mcaptcha/ plan -var-file="ci.tfvars" -out="mcaptcha"
|
||||||
|
tofu -chdir=terraform/mcaptcha/ apply "mcaptcha"
|
||||||
|
pip install virtualenv && virtualenv venv
|
||||||
|
. venv/bin/activate && pip install -r requirements.txt
|
||||||
|
. venv/bin/activate && ansible-galaxy install -r ./ansible/requirements.yml
|
||||||
|
|
||||||
|
ci.clean:
|
||||||
|
echo yes | tofu -chdir=terraform/mcaptcha/ destroy -var-file="ci.tfvars"
|
||||||
|
./scripts/ci.sh --clean
|
||||||
|
|
||||||
help: ## Prints help for targets with comments
|
help: ## Prints help for targets with comments
|
||||||
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
@cat $(MAKEFILE_LIST) | grep -E '^[a-zA-Z_-].+:.*?## .*$$' | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
ansible.builtin.import_playbook: base.yml
|
ansible.builtin.import_playbook: base.yml
|
||||||
|
|
||||||
- name: Install redis cache
|
- name: Install redis cache
|
||||||
hosts: mcaptcha_hosts
|
hosts: all
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- name: Ensure all VMs are reachable
|
- name: Ensure all VMs are reachable
|
||||||
ansible.builtin.ping:
|
ansible.builtin.ping:
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
ansible.builtin.import_playbook: base.yml
|
ansible.builtin.import_playbook: base.yml
|
||||||
|
|
||||||
- name: Install and configure postgres
|
- name: Install and configure postgres
|
||||||
hosts: mcaptcha_hosts
|
hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/mcaptcha/vars.yml
|
- vars/mcaptcha/vars.yml
|
||||||
|
@ -18,11 +18,11 @@
|
||||||
database_type == "postgres"
|
database_type == "postgres"
|
||||||
|
|
||||||
- name: Install and configure mariadb
|
- name: Install and configure mariadb
|
||||||
hosts: mcaptcha_hosts
|
hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/mcaptcha/vars.yml
|
- vars/mcaptcha/vars.yml
|
||||||
- vars/mcaptcha/mariadb.yml.yml
|
- vars/mcaptcha/mariadb.yml
|
||||||
tasks:
|
tasks:
|
||||||
- ansible.builtin.include_role:
|
- ansible.builtin.include_role:
|
||||||
name: geerlingguy.mysql
|
name: geerlingguy.mysql
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
database_type == "mariadb"
|
database_type == "mariadb"
|
||||||
|
|
||||||
- name: Install and configure cache
|
- name: Install and configure cache
|
||||||
hosts: mcaptcha_hosts
|
hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/mcaptcha/vars.yml
|
- vars/mcaptcha/vars.yml
|
||||||
|
@ -41,7 +41,7 @@
|
||||||
when: cache_type == "redis"
|
when: cache_type == "redis"
|
||||||
|
|
||||||
- name: Install mCaptcha binary
|
- name: Install mCaptcha binary
|
||||||
hosts: mcaptcha_hosts
|
hosts: all
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/mcaptcha/vars.yml
|
- vars/mcaptcha/vars.yml
|
||||||
roles:
|
roles:
|
||||||
|
|
3
ansible/requirements.yml
Normal file
3
ansible/requirements.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
- src: geerlingguy.mysql
|
||||||
|
|
||||||
|
- src: geerlingguy.postgresql
|
|
@ -42,9 +42,9 @@
|
||||||
|
|
||||||
- name: Copy mCaptcha systemd servicefile
|
- name: Copy mCaptcha systemd servicefile
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.copy:
|
ansible.builtin.template:
|
||||||
src: ./artifacts/mcaptcha/mcaptcha.service
|
src: ./templates/mcaptcha/mcaptcha.service.j2
|
||||||
dest: /etc/systemd/system/
|
dest: /etc/systemd/system/mcaptcha.service
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
force: true
|
force: true
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Copy mCaptcha systemd servicefile
|
- name: Copy mCaptcha config file
|
||||||
become: true
|
become: true
|
||||||
notify: restart mcaptcha
|
notify: restart mcaptcha
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
@ -2,18 +2,23 @@
|
||||||
Description=mCaptcha: PoW CAPTCHA system
|
Description=mCaptcha: PoW CAPTCHA system
|
||||||
After=syslog.target
|
After=syslog.target
|
||||||
After=network.target
|
After=network.target
|
||||||
###
|
|
||||||
# Don't forget to add the database service dependencies
|
{% if cache_type == 'redis' %}
|
||||||
###
|
Wants=redis.service
|
||||||
#
|
After=redis.service
|
||||||
#Wants=mariadb.service
|
{% endif %}
|
||||||
#After=mariadb.service
|
|
||||||
#
|
{% if database_type == 'postgres' %}
|
||||||
Wants=postgresql.service
|
Wants=postgresql.service
|
||||||
After=postgresql.service
|
After=postgresql.service
|
||||||
#
|
{% endif %}
|
||||||
#Wants=redis.service
|
|
||||||
#After=redis.service
|
{% if database_type == 'mariadb' %}
|
||||||
|
Wants=mariadb.service
|
||||||
|
After=mariadb.service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
RestartSec=2s
|
RestartSec=2s
|
296
requirements.txt
296
requirements.txt
|
@ -1,289 +1,31 @@
|
||||||
ansible==8.1.0
|
ansible==9.1.0
|
||||||
ansible-core==2.15.1
|
ansible-core==2.16.2
|
||||||
certifi==2023.5.7
|
certifi==2023.11.17
|
||||||
cffi==1.15.1
|
cffi==1.16.0
|
||||||
charset-normalizer==3.2.0
|
charset-normalizer==3.3.2
|
||||||
contextvars==2.4
|
contextvars==2.4
|
||||||
cryptography==41.0.2
|
cryptography==41.0.7
|
||||||
distro==1.8.0
|
distro==1.8.0
|
||||||
execnet==2.0.2
|
execnet==2.0.2
|
||||||
idna==3.4
|
idna==3.6
|
||||||
immutables==0.19
|
immutables==0.20
|
||||||
iniconfig==2.0.0
|
iniconfig==2.0.0
|
||||||
Jinja2==3.1.2
|
Jinja2==3.1.2
|
||||||
jmespath==1.0.1
|
jmespath==1.0.1
|
||||||
looseversion==1.3.0
|
looseversion==1.3.0
|
||||||
MarkupSafe==2.1.3
|
MarkupSafe==2.1.3
|
||||||
msgpack==1.0.5
|
msgpack==1.0.7
|
||||||
packaging==23.1
|
packaging==23.2
|
||||||
pluggy==1.2.0
|
pluggy==1.3.0
|
||||||
psutil==5.9.5
|
psutil==5.9.6
|
||||||
pycparser==2.21
|
pycparser==2.21
|
||||||
pycryptodomex==3.18.0
|
pycryptodomex==3.19.0
|
||||||
pytest==7.4.0
|
pytest==7.4.3
|
||||||
pytest-testinfra==8.1.0
|
pytest-testinfra==10.0.0
|
||||||
pytest-xdist==3.3.1
|
pytest-xdist==3.5.0
|
||||||
PyYAML==6.0
|
|
||||||
pyzmq==25.0.2
|
|
||||||
requests==2.31.0
|
|
||||||
resolvelib==1.0.1
|
|
||||||
salt==3006.1
|
|
||||||
urllib3==2.0.3
|
|
||||||
airdrop-ng==1.1
|
|
||||||
airgraph-ng==1.1
|
|
||||||
apparmor==3.1.6
|
|
||||||
appdirs==1.4.4
|
|
||||||
argcomplete==2.0.0
|
|
||||||
asttokens==2.2.1
|
|
||||||
async-timeout==4.0.2
|
|
||||||
attrs==22.2.0
|
|
||||||
autocommand==2.2.2
|
|
||||||
autopage==0.5.1
|
|
||||||
Babel==2.12.1
|
|
||||||
beautifulsoup4==4.12.2
|
|
||||||
binwalk==2.3.3
|
|
||||||
black==23.7.0
|
|
||||||
borgbackup==1.2.4
|
|
||||||
Brlapi==0.8.5
|
|
||||||
btrfsutil==6.3.3
|
|
||||||
certifi==2023.7.22
|
|
||||||
cffi==1.15.1
|
|
||||||
chardet==5.2.0
|
|
||||||
charset-normalizer==3.2.0
|
|
||||||
click==8.1.6
|
|
||||||
cliff==4.3.0
|
|
||||||
cmd2==2.4.3
|
|
||||||
codespell==2.2.5
|
|
||||||
colorama==0.4.6
|
|
||||||
ConfigArgParse==1.5.3
|
|
||||||
contourpy==1.1.0
|
|
||||||
crit==3.18
|
|
||||||
cryptography==41.0.3
|
|
||||||
cupshelpers==1.0
|
|
||||||
cycler==0.11.0
|
|
||||||
Cython==3.0.0
|
|
||||||
dbus-python==1.3.2
|
|
||||||
debtcollector==2.5.0
|
|
||||||
decorator==5.1.1
|
|
||||||
defusedxml==0.7.1
|
|
||||||
deprecation==2.1.0
|
|
||||||
devtools==0.11.0
|
|
||||||
distlib==0.3.7
|
|
||||||
distro==1.8.0
|
|
||||||
dnspython==2.3.0
|
|
||||||
dogpile.cache==1.1.8
|
|
||||||
executing==1.2.0
|
|
||||||
fastjsonschema==2.18.0
|
|
||||||
filelock==3.12.2
|
|
||||||
fonttools==4.42.0
|
|
||||||
gevent==22.10.2
|
|
||||||
git-filter-repo==2.38.0
|
|
||||||
gpg==1.21.0
|
|
||||||
greenlet==2.0.2
|
|
||||||
html5lib==1.1
|
|
||||||
httpie==3.2.1
|
|
||||||
idna==3.4
|
|
||||||
importlib-metadata==5.0.0
|
|
||||||
inflect==7.0.0
|
|
||||||
iotop==0.6
|
|
||||||
iso8601==2.0.0
|
|
||||||
jaraco.context==4.3.0
|
|
||||||
jaraco.functools==3.8.1
|
|
||||||
jaraco.text==3.11.1
|
|
||||||
jedi==0.18.2
|
|
||||||
jmespath==1.0.1
|
|
||||||
jsonpatch==1.33
|
|
||||||
jsonpointer==2.4
|
|
||||||
jsonschema==4.19.0
|
|
||||||
jsonschema-specifications==2023.7.1
|
|
||||||
keystoneauth1==5.2.1
|
|
||||||
kiwisolver==1.4.4
|
|
||||||
lensfun==0.3.4
|
|
||||||
LibAppArmor==3.1.6
|
|
||||||
libfdt==1.7.0
|
|
||||||
libtorrent==2.0.9
|
|
||||||
libvirt-python==9.6.0
|
|
||||||
lit==15.0.7.dev0
|
|
||||||
louis==3.26.0
|
|
||||||
lxml==4.9.2
|
|
||||||
Mako==1.2.4
|
|
||||||
mallard-ducktype==1.0.2
|
|
||||||
Markdown==3.4.4
|
|
||||||
markdown-it-py==2.2.0
|
|
||||||
MarkupSafe==2.1.3
|
|
||||||
matplotlib==3.7.2
|
|
||||||
mdurl==0.1.2
|
|
||||||
MemoizeDB==2021.11.20.2.41.2
|
|
||||||
meson==1.2.1
|
|
||||||
more-itertools==10.1.0
|
|
||||||
msgpack==1.0.5
|
|
||||||
multidict==6.0.4
|
|
||||||
mypy-extensions==1.0.0
|
|
||||||
netaddr==0.8.0
|
|
||||||
netifaces==0.11.0
|
|
||||||
nftables==0.1
|
|
||||||
numpy==1.25.1
|
|
||||||
openshot-qt==3.1.1
|
|
||||||
openstacksdk==1.0.1
|
|
||||||
ordered-set==4.1.0
|
|
||||||
os-service-types==1.7.0
|
|
||||||
osc-lib==2.8.0
|
|
||||||
oslo.config==9.1.1
|
|
||||||
oslo.i18n==6.0.0
|
|
||||||
oslo.serialization==5.1.1
|
|
||||||
oslo.utils==6.1.0
|
|
||||||
packaging==23.1
|
|
||||||
parso==0.8.3
|
|
||||||
pathspec==0.11.2
|
|
||||||
pbr==5.11.1
|
|
||||||
perf==0.1
|
|
||||||
Pillow==10.0.0
|
|
||||||
pipenv==2023.7.23
|
|
||||||
pipx==1.2.0
|
|
||||||
platformdirs==3.10.0
|
|
||||||
ply==3.11
|
|
||||||
pm2ml==2021.11.20.2.41.2
|
|
||||||
pooch==1.7.0
|
|
||||||
Powerpill==2021.11.20.2.41.2
|
|
||||||
prettytable==3.6.0
|
|
||||||
protobuf==4.23.4
|
|
||||||
psutil==5.9.5
|
|
||||||
pwquality==1.4.5
|
|
||||||
pyalpm==0.10.6
|
|
||||||
pyasn1==0.4.8
|
|
||||||
pybind11==2.11.1
|
|
||||||
pycairo==1.24.0
|
|
||||||
pycparser==2.21
|
|
||||||
pycups==2.0.1
|
|
||||||
pycurl==7.45.2
|
|
||||||
pydantic==1.10.9
|
|
||||||
Pygments==2.16.1
|
|
||||||
PyGObject==3.44.1
|
|
||||||
pynvim==0.4.3
|
|
||||||
pyOpenSSL==23.2.0
|
|
||||||
pyparsing==3.0.9
|
|
||||||
pyperclip==1.8.2
|
|
||||||
PyQt5==5.15.9
|
|
||||||
PyQt5-sip==12.12.2
|
|
||||||
PyQtWebEngine==5.15.6
|
|
||||||
pyrsistent==0.19.3
|
|
||||||
pysequoia==0.1.20
|
|
||||||
PySocks==1.7.1
|
|
||||||
python-cinderclient==9.3.0
|
|
||||||
python-dateutil==2.8.2
|
|
||||||
python-glanceclient==4.1.0
|
|
||||||
python-keystoneclient==5.1.0
|
|
||||||
python-novaclient==18.3.0
|
|
||||||
python-openstackclient==6.2.0
|
|
||||||
pytz==2023.3
|
|
||||||
pyxdg==0.28
|
|
||||||
PyYAML==6.0.1
|
PyYAML==6.0.1
|
||||||
pyzmq==25.1.1
|
pyzmq==25.1.2
|
||||||
redis==4.6.0
|
|
||||||
referencing==0.30.2
|
|
||||||
Reflector==2023.6.28.0.36.1
|
|
||||||
requests==2.28.2
|
|
||||||
requests-toolbelt==1.0.0
|
|
||||||
requestsexceptions==1.4.0
|
|
||||||
rfc3986==2.0.0
|
|
||||||
rich==13.5.2
|
|
||||||
rpds-py==0.9.2
|
|
||||||
rpm==4.18.1
|
|
||||||
scipy==1.11.1
|
|
||||||
simplejson==3.19.1
|
|
||||||
six==1.16.0
|
|
||||||
soupsieve==2.4.1
|
|
||||||
stevedore==5.1.0
|
|
||||||
TBB==0.2
|
|
||||||
tomli==2.0.1
|
|
||||||
torbrowser-launcher==0.3.6
|
|
||||||
tqdm==4.65.0
|
|
||||||
trash-cli==0.23.2.13.2
|
|
||||||
trimage==1.0.6
|
|
||||||
trove-classifiers==2023.8.8
|
|
||||||
typing_extensions==4.7.1
|
|
||||||
uc-micro-py==1.0.2
|
|
||||||
ufw==0.36.2
|
|
||||||
urllib3==1.26.15
|
|
||||||
userpath==1.8.0
|
|
||||||
validate-pyproject==0.13.post1.dev0+gb752273.d20230520
|
|
||||||
vboxapi==1.0
|
|
||||||
virtualenv==20.24.3
|
|
||||||
virtualenv-clone==0.5.7
|
|
||||||
warlock==2.0.1
|
|
||||||
wcwidth==0.2.6
|
|
||||||
webencodings==0.5.1
|
|
||||||
wrapt==1.14.1
|
|
||||||
XCGF==2021.11.20.2.41.3
|
|
||||||
XCPF==2021.12.24.10.22.41
|
|
||||||
youtube-dl==2021.12.17
|
|
||||||
yt-dlp==2023.7.6
|
|
||||||
zipp==3.16.2
|
|
||||||
zope.event==5.0
|
|
||||||
zope.interface==6.0
|
|
||||||
ansible==8.1.0
|
|
||||||
ansible-compat==4.1.6
|
|
||||||
ansible-core==2.15.1
|
|
||||||
ansible-lint==6.17.2
|
|
||||||
astroid==2.15.6
|
|
||||||
attrs==23.1.0
|
|
||||||
black==23.7.0
|
|
||||||
bracex==2.3.post1
|
|
||||||
certifi==2023.5.7
|
|
||||||
cffi==1.15.1
|
|
||||||
charset-normalizer==3.2.0
|
|
||||||
click==8.1.6
|
|
||||||
contextvars==2.4
|
|
||||||
cryptography==41.0.2
|
|
||||||
dill==0.3.7
|
|
||||||
distro==1.8.0
|
|
||||||
execnet==2.0.2
|
|
||||||
filelock==3.12.2
|
|
||||||
gitdb==4.0.10
|
|
||||||
GitPython==3.1.32
|
|
||||||
idna==3.4
|
|
||||||
immutables==0.19
|
|
||||||
iniconfig==2.0.0
|
|
||||||
isort==5.12.0
|
|
||||||
Jinja2==3.1.2
|
|
||||||
jmespath==1.0.1
|
|
||||||
jsonschema==4.19.0
|
|
||||||
jsonschema-specifications==2023.7.1
|
|
||||||
lazy-object-proxy==1.9.0
|
|
||||||
lint==1.2.1
|
|
||||||
looseversion==1.3.0
|
|
||||||
markdown-it-py==3.0.0
|
|
||||||
MarkupSafe==2.1.3
|
|
||||||
mccabe==0.7.0
|
|
||||||
mdurl==0.1.2
|
|
||||||
msgpack==1.0.5
|
|
||||||
mypy-extensions==1.0.0
|
|
||||||
packaging==23.1
|
|
||||||
pathspec==0.11.2
|
|
||||||
platformdirs==3.10.0
|
|
||||||
pluggy==1.2.0
|
|
||||||
psutil==5.9.5
|
|
||||||
pycparser==2.21
|
|
||||||
pycryptodomex==3.18.0
|
|
||||||
Pygments==2.16.1
|
|
||||||
pylint==2.17.5
|
|
||||||
pytest==7.4.0
|
|
||||||
pytest-testinfra==8.1.0
|
|
||||||
pytest-xdist==3.3.1
|
|
||||||
PyYAML==6.0
|
|
||||||
pyzmq==25.0.2
|
|
||||||
referencing==0.30.2
|
|
||||||
requests==2.31.0
|
requests==2.31.0
|
||||||
resolvelib==1.0.1
|
resolvelib==1.0.1
|
||||||
rich==13.5.2
|
salt==3006.4
|
||||||
rpds-py==0.9.2
|
urllib3==2.1.0
|
||||||
ruamel.yaml==0.17.32
|
|
||||||
ruamel.yaml.clib==0.2.7
|
|
||||||
salt==3006.1
|
|
||||||
smmap==5.0.0
|
|
||||||
subprocess-tee==0.4.1
|
|
||||||
tomlkit==0.12.1
|
|
||||||
urllib3==2.0.3
|
|
||||||
wcmatch==8.4.1
|
|
||||||
wrapt==1.15.0
|
|
||||||
yamllint==1.32.0
|
|
||||||
|
|
84
scripts/ci.sh
Executable file
84
scripts/ci.sh
Executable file
|
@ -0,0 +1,84 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# ci.sh: Helper script to automate deployment operations on CI/CD
|
||||||
|
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
set -xEeuo pipefail
|
||||||
|
#source $(pwd)/scripts/lib.sh
|
||||||
|
|
||||||
|
readonly SSH_ID_FILE=/tmp/ci-ssh-id
|
||||||
|
|
||||||
|
match_arg() {
|
||||||
|
if [ $1 == $2 ] || [ $1 == $3 ]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
help() {
|
||||||
|
cat << EOF
|
||||||
|
USAGE: ci.sh [SUBCOMMAND]
|
||||||
|
Helper script to automate deployment operations on CI/CD
|
||||||
|
|
||||||
|
Subcommands
|
||||||
|
|
||||||
|
-c --clean cleanup secrets, SSH key and other runtime data
|
||||||
|
-i --init <SSH_PRIVATE_KEY> initialize environment, write SSH private to file
|
||||||
|
-h --help print this help menu
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
# $1: SSH private key
|
||||||
|
write_ssh(){
|
||||||
|
truncate --size 0 $SSH_ID_FILE
|
||||||
|
echo "$1" > $SSH_ID_FILE
|
||||||
|
chmod 600 $SSH_ID_FILE
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
clean() {
|
||||||
|
if [ -f $SSH_ID_FILE ]
|
||||||
|
then
|
||||||
|
shred $SSH_ID_FILE
|
||||||
|
rm $SSH_ID_FILE
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if (( "$#" < 1 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
if match_arg $1 '-i' '--init'
|
||||||
|
then
|
||||||
|
if (( "$#" < 2 ))
|
||||||
|
then
|
||||||
|
help
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
write_ssh "$2"
|
||||||
|
elif match_arg $1 '-c' '--clean'
|
||||||
|
then
|
||||||
|
clean
|
||||||
|
elif match_arg $1 '-h' '--help'
|
||||||
|
then
|
||||||
|
help
|
||||||
|
else
|
||||||
|
help
|
||||||
|
fi
|
5
terraform/mcaptcha/ci.tfvars
Normal file
5
terraform/mcaptcha/ci.tfvars
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
libvirt_uri = "qemu+ssh://mcaptcha-ci@192.168.0.102/system?keyfile=/tmp/ci-ssh-id&sshauth=privkey&no_verify=1"
|
||||||
|
libvirt_pool_path = "/home/mcaptcha-ci/libvirt/pool/mcaptcha_basic"
|
||||||
|
libvirt_debian_src = "http://192.168.0.102/debian-12-generic-amd64.qcow2"
|
||||||
|
macvtap_ethernet_interface = "enp2s0"
|
||||||
|
ssh_public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBCYagT9/PXoeaUae7Z3BKOPKBiEvJsCTUIhPCcRp5fb mcaptcha-ci@hellbat.batsense.net"
|
|
@ -1,10 +1,17 @@
|
||||||
#cloud-config
|
#cloud-config
|
||||||
# vim: syntax=yaml
|
# vim: syntax=yaml
|
||||||
|
packages:
|
||||||
|
- sudo
|
||||||
|
- qemu-guest-agent
|
||||||
|
runcmd:
|
||||||
|
- [ systemctl, daemon-reload ]
|
||||||
|
- [ systemctl, enable, qemu-guest-agent.service ]
|
||||||
|
- [ systemctl, start, --wait, qemu-guest-agent.service ]
|
||||||
|
|
||||||
users:
|
users:
|
||||||
- name: root
|
- name: root
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com
|
- ${ssh_public_key}
|
||||||
- name: atm
|
- name: atm
|
||||||
gecos: Aravinth Manivannan
|
gecos: Aravinth Manivannan
|
||||||
groups: users, admin
|
groups: users, admin
|
||||||
|
@ -13,7 +20,7 @@ users:
|
||||||
lock_passwd: true
|
lock_passwd: true
|
||||||
plain_text_passwd: fooabr12
|
plain_text_passwd: fooabr12
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com
|
- ${ssh_public_key}
|
||||||
|
|
||||||
ssh_pwauth: true
|
ssh_pwauth: true
|
||||||
chpasswd:
|
chpasswd:
|
||||||
|
|
|
@ -32,6 +32,9 @@ resource "libvirt_volume" "debian-mcaptcha-qcow2" {
|
||||||
|
|
||||||
data "template_file" "user_data" {
|
data "template_file" "user_data" {
|
||||||
template = file("${path.module}/cloud_init.cfg")
|
template = file("${path.module}/cloud_init.cfg")
|
||||||
|
vars = {
|
||||||
|
ssh_public_key = var.ssh_public_key
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
data "template_file" "network_config" {
|
data "template_file" "network_config" {
|
||||||
|
|
|
@ -13,9 +13,10 @@ resource "libvirt_volume" "mcaptcha_volume" {
|
||||||
resource "libvirt_domain" "mcaptcha_mcaptcha" {
|
resource "libvirt_domain" "mcaptcha_mcaptcha" {
|
||||||
count = var.mcaptcha_vm_count
|
count = var.mcaptcha_vm_count
|
||||||
|
|
||||||
name = "mcaptcha_mcaptcha_${count.index}"
|
name = "mcaptcha_mcaptcha_${count.index}"
|
||||||
memory = var.mcaptcha_vm_memory
|
memory = var.mcaptcha_vm_memory
|
||||||
vcpu = var.mcaptcha_vm_vcpu
|
vcpu = var.mcaptcha_vm_vcpu
|
||||||
|
qemu_agent = true
|
||||||
|
|
||||||
cloudinit = libvirt_cloudinit_disk.commoninit.id
|
cloudinit = libvirt_cloudinit_disk.commoninit.id
|
||||||
|
|
||||||
|
@ -31,8 +32,9 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
|
||||||
target_port = "1"
|
target_port = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
network_interface {
|
network_interface {
|
||||||
network_name = "default"
|
macvtap = var.macvtap_ethernet_interface
|
||||||
wait_for_lease = true
|
wait_for_lease = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -41,6 +43,8 @@ resource "libvirt_domain" "mcaptcha_mcaptcha" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]]
|
mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]]
|
||||||
mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name]
|
mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name]
|
||||||
|
|
|
@ -2,3 +2,4 @@ version: 2
|
||||||
ethernets:
|
ethernets:
|
||||||
ens3:
|
ens3:
|
||||||
dhcp4: true
|
dhcp4: true
|
||||||
|
# ip: 192.168.0.115
|
||||||
|
|
|
@ -12,7 +12,7 @@ resource "local_file" "hosts_yml" {
|
||||||
{
|
{
|
||||||
mcaptcha_vms_ips = local.mcaptcha_vm_ips,
|
mcaptcha_vms_ips = local.mcaptcha_vm_ips,
|
||||||
mcaptcha_vms_names = local.mcaptcha_vm_names,
|
mcaptcha_vms_names = local.mcaptcha_vm_names,
|
||||||
mcaptcha_vms = local.mcaptcha_vm_map
|
mcaptcha_vms = local.mcaptcha_vm_map
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -44,3 +44,15 @@ variable "mcaptcha_vm_vcpu" {
|
||||||
type = number
|
type = number
|
||||||
default = 4
|
default = 4
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "macvtap_ethernet_interface" {
|
||||||
|
description = "Ethernet interface on the host machine that can be used as macvtap"
|
||||||
|
type = string
|
||||||
|
default = "enp2s0"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ssh_public_key" {
|
||||||
|
description = "Set up SSH login for this public key"
|
||||||
|
type = string
|
||||||
|
default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com"
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue