From 154899586e686948b47993e3b222854463d38584 Mon Sep 17 00:00:00 2001 From: Marcus Meurs Date: Mon, 10 Dec 2018 23:47:16 +0100 Subject: [PATCH 1/7] Use the same fact syntax throughout the role Create consistency by using the ansible_facts['somefact'] syntax everywhere. --- tasks/authorize_node.yml | 7 ++++--- tasks/install.yml | 2 +- tasks/install/RedHat.yml | 4 ++-- tasks/main.yml | 8 ++++---- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/tasks/authorize_node.yml b/tasks/authorize_node.yml index 62c7308..c48d0fb 100644 --- a/tasks/authorize_node.yml +++ b/tasks/authorize_node.yml @@ -2,7 +2,7 @@ - block: - name: Authorize new members to network uri: - url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local.zerotier.node_id }}" + url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local['zerotier']['node_id'] }}" method: POST headers: Authorization: bearer {{ zerotier_api_accesstoken }} @@ -14,11 +14,12 @@ register: auth_apiresult delegate_to: "{{ zerotier_api_delegate }}" when: - - ansible_local.zerotier.networks[zerotier_network_id] is not defined or ansible_local.zerotier.networks[zerotier_network_id].status != 'OK' + - ansible_local['zerotier']['networks'][zerotier_network_id] is not defined or + ansible_local['zerotier']['networks'][zerotier_network_id]['status'] != 'OK' - name: Configure members in network uri: - url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local.zerotier.node_id }}" + url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local['zerotier']['node_id'] }}" method: POST headers: Authorization: bearer {{ zerotier_api_accesstoken }} diff --git a/tasks/install.yml b/tasks/install.yml index e7a9cf6..8d07188 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,6 +1,6 @@ --- -- include_tasks: install/{{ ansible_os_family }}.yml +- include_tasks: install/{{ ansible_facts['os_family'] }}.yml tags: - installation - repositories diff --git a/tasks/install/RedHat.yml b/tasks/install/RedHat.yml index ed3a695..473b51e 100644 --- a/tasks/install/RedHat.yml +++ b/tasks/install/RedHat.yml @@ -11,7 +11,7 @@ gpgcheck: yes enabled: yes register: zerotier_repo - when: ansible_distribution != "Fedora" + when: ansible_facts['distribution'] != "Fedora" - name: Add zerotier repo for Fedora yum_repository: @@ -21,4 +21,4 @@ gpgcheck: yes enabled: yes register: zerotier_repo - when: ansible_distribution == "Fedora" + when: ansible_facts['distribution'] == "Fedora" diff --git a/tasks/main.yml b/tasks/main.yml index 95fb317..29183f9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,20 +2,20 @@ # tasks file for ansible-role-zerotier - import_tasks: install.yml when: - - not skip_install|default(false)|bool + - not skip_install | default(false) | bool - block: - name: Update ansible_local facts script: set_facts.sh - - name: Re-gather facts - setup: ~ + - name: Re-gather ansible_local facts + setup: filter=ansible_local - import_tasks: authorize_node.yml when: - zerotier_api_accesstoken | length > 0 - - ansible_local.zerotier.node_id is defined + - ansible_local['zerotier']['node_id'] is defined - import_tasks: join_network.yml when: From 2b56aaf46c2cd02186b58037e09b3411001dcf27 Mon Sep 17 00:00:00 2001 From: papanito Date: Sat, 20 Apr 2019 20:53:09 +0200 Subject: [PATCH 2/7] Correct typo in example playbook --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6f73300..814533d 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ Example Playbook - hosts: servers vars: zerotier_network_id: 1234567890qwerty - zerotier_accesstoken: "{{ vault_zerotier_accesstoken }}" + zerotier_api_accesstoken: "{{ vault_zerotier_accesstoken }}" zerotier_register_short_hostname: true roles: From ffba32f382423c09315cae3791920edd4d6c25f4 Mon Sep 17 00:00:00 2001 From: papanito Date: Sat, 20 Apr 2019 20:59:35 +0200 Subject: [PATCH 3/7] Fix some minor typos in text --- README.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 814533d..6e3d065 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,12 @@ Technically this role has no requirements. If it's ran without any variables set [**zerotier_network_id**](#zerotier_network_id): when set hosts are told to join this network. [**zerotier_api_accesstoken**](#zerotier_api_accesstoken): when set the role can handle member authentication and configuration using the ZeroTier API. - Role Variables -------------- ### zerotier_network_id *Type*: string -*Default value*: +*Default value*: *Description*: The 16 character network ID of the network the new members should join. The node will not join any network if omitted. ### zerotier_member_register_short_hostname @@ -29,17 +28,17 @@ Role Variables ### zerotier_member_ip_assignments *Type*: list -*Default value*: `[]` +*Default value*: `[]` *Description*: A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out. ### zerotier_member_description *Type*: string -*Default value*: `""` -*Description*: Optional desription for a member. +*Default value*: `""` +*Description*: Optional description for a member. ### zerotier_api_accesstoken *Type*: string -*Default value*: `""` +*Default value*: `""` *Description*: The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized. ### zerotier_api_url @@ -49,8 +48,8 @@ Role Variables ### zerotier_api_delegate *Type*: string -*Default value*: `localhost` -*Description*: Option to delegate tasks for Zerotier API calls. This is usefull in a situation where API calls can only be made from a whitelisted management server, for example. +*Default value*: `localhost` +*Description*: Option to delegate tasks for Zerotier API calls. This is useful in a situation where API calls can only be made from a white-listed management server, for example. Example Playbook ---------------- @@ -91,4 +90,4 @@ Example Inventory [dbservers:vars] zerotier_member_description=' db cluster node' -``` +``` \ No newline at end of file From 76b57fb097def34b5aa1c64055378a7eb18bc06a Mon Sep 17 00:00:00 2001 From: Randall Mason Date: Sun, 9 Jun 2019 12:50:53 -0500 Subject: [PATCH 4/7] Add PGP key `id` for added security --- tasks/install/Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/install/Debian.yml b/tasks/install/Debian.yml index cf3636e..81de0e7 100644 --- a/tasks/install/Debian.yml +++ b/tasks/install/Debian.yml @@ -1,6 +1,7 @@ - name: Add ZeroTier PGP key apt_key: url: "{{ zerotier_gpg_url }}" + id: "0x74A5E9C458E1A431F1DA57A71657198823E52A61" - name: Check if Ubuntu release has dedicated repo uri: From 0755fa30b2118d9d4ddd9a0d23069d4a4474398c Mon Sep 17 00:00:00 2001 From: Andrea Lora Date: Mon, 8 Jul 2019 11:40:05 +0100 Subject: [PATCH 5/7] Update set_fact.sh to support multiple network Currently the role will fail to regather fact if $network_count > 1 That's because without the quotes echo will suppress the \n writing everything in one line. Thus wc -l will return `1`, confusing the file_content function that will lead to an incorrect json being produced --- files/set_facts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/set_facts.sh b/files/set_facts.sh index 2b7ffe0..a111d59 100644 --- a/files/set_facts.sh +++ b/files/set_facts.sh @@ -6,7 +6,7 @@ NETWORKS=$(zerotier-cli listnetworks | tail -n+2) function file_content { if [ ! -z "$NETWORKS" ]; then - network_count=$(echo $NETWORKS |wc -l) + network_count=$(echo "$NETWORKS" |wc -l) counter=1 echo "{" From c9339c1f3b7cb8febd33d111cb29a71e934923a0 Mon Sep 17 00:00:00 2001 From: Dirk Steinkopf Date: Sat, 16 Nov 2019 18:23:45 +0100 Subject: [PATCH 6/7] fix usage of register variable function --- tasks/authorize_node.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/authorize_node.yml b/tasks/authorize_node.yml index 62c7308..fca04b7 100644 --- a/tasks/authorize_node.yml +++ b/tasks/authorize_node.yml @@ -11,7 +11,7 @@ config: authorized: "{{ zerotier_authorize_member }}" body_format: json - register: auth_apiresult + register: auth_apiresult delegate_to: "{{ zerotier_api_delegate }}" when: - ansible_local.zerotier.networks[zerotier_network_id] is not defined or ansible_local.zerotier.networks[zerotier_network_id].status != 'OK' @@ -28,7 +28,7 @@ config: ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}" body_format: json - register: conf_apiresult + register: conf_apiresult delegate_to: "{{ zerotier_api_delegate }}" when: From 0b9f100aa54915132baf92217e6d874274fe2cee Mon Sep 17 00:00:00 2001 From: Marcus Date: Mon, 9 Mar 2020 02:44:38 +0100 Subject: [PATCH 7/7] Use variable for gpg fingerprint Using the fingerprint in the rpm_key module requires Ansible 2.9. Updated meta file to reflect this requirement. --- meta/main.yml | 2 +- tasks/install/Debian.yml | 2 +- tasks/install/RedHat.yml | 1 + vars/main.yml | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index f589906..7640ef6 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,7 +16,7 @@ galaxy_info: # - CC-BY license: GPLv3 - min_ansible_version: 2.4 + min_ansible_version: 2.9 # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: diff --git a/tasks/install/Debian.yml b/tasks/install/Debian.yml index 81de0e7..1a236db 100644 --- a/tasks/install/Debian.yml +++ b/tasks/install/Debian.yml @@ -1,7 +1,7 @@ - name: Add ZeroTier PGP key apt_key: url: "{{ zerotier_gpg_url }}" - id: "0x74A5E9C458E1A431F1DA57A71657198823E52A61" + id: "{{ zerotier_gpg_fingerprint }}" - name: Check if Ubuntu release has dedicated repo uri: diff --git a/tasks/install/RedHat.yml b/tasks/install/RedHat.yml index 473b51e..db5a0a4 100644 --- a/tasks/install/RedHat.yml +++ b/tasks/install/RedHat.yml @@ -2,6 +2,7 @@ rpm_key: state: present key: "{{ zerotier_gpg_url }}" + fingerprint: "{{ zerotier_gpg_fingerprint }}" - name: Add ZeroTier repo for RHEL/CentOS yum_repository: diff --git a/vars/main.yml b/vars/main.yml index d83c2e2..fd0278b 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,3 +3,4 @@ zerotier_download_base_url: http://download.zerotier.com zerotier_deb_release_repo: "{{ ansible_facts['distribution_release'] }}" zerotier_gpg_url: https://download.zerotier.com/contact@zerotier.com.gpg +zerotier_gpg_fingerprint: 74A5E9C458E1A431F1DA57A71657198823E52A61 \ No newline at end of file