Merge pull request #16 from m4rcu5nl/develop

Version 1

README.md

@@ -1,36 +1,75 @@
 [![Build Status](https://travis-ci.org/m4rcu5nl/ansible-role-zerotier.svg?branch=master)](https://travis-ci.org/m4rcu5nl/ansible-role-zerotier) [![GitHub issues](https://img.shields.io/github/issues/m4rcu5nl/ansible-role-zerotier.svg)](https://github.com/m4rcu5nl/ansible-role-zerotier/issues)
 
-Zerotier
+ZeroTier
 =========
 
-This Ansible role installs the zerotier-one package from Zerotier's yum repo, adds and authorizes new members to (existing) Zerotier network and tells the new members to join the network.
+This Ansible role installs the `zerotier-one` package, adds and authorizes new members to (existing) ZeroTier networks, and tells the new member to join the network.
 
 Requirements
 ------------
 
-This roles requires an access token for the Zerotier API. This enables the role to add new members to a private network and authorizes them. Also, the role needs the network ID of the Zerotier network the new members should join.
+This role has an optional access token variable to authorize the member using the ZeroTier API. The role also takes the ID of the ZeroTier network to automatically join the new member.
 
 Role Variables
 --------------
 
-###zerotier_api_url
-The url where the Zerotier API lives. Must use https protocol.    
+### zerotier_api_url
+The url where the Zerotier API lives. Must use HTTPS protocol.
 Default: https://my.zerotier.com
 
-###zerotier_accesstoken
-The access token needed to authorize with the Zerotier API. You can generate one in your account settings on my.zerotier.com.
+### zerotier_accesstoken
+The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.
 
-###zerotier_network_id (required)
-The 16 character network ID of the network the new members should join.
+### zerotier_network_id
+The 16 character network ID of the network the new members should join. The node will not join any network if omitted.
+
+### zerotier_register_short_hostname
+Used to register the short hostname (without the FQDN) on the network instead of the long one.
+Default: `false`
+
+### zerotier_member_ip_assignments
+A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.
+
+### zerotier_member_description
+Optional desription for a member.
 
 Example Playbook
 ----------------
 
-
+```yaml
     - hosts: servers
       vars:
          zerotier_network_id: 1234567890qwerty
          zerotier_accesstoken: "{{ vault_zerotier_accesstoken }}"
+         zerotier_register_short_hostname: true
+
       roles:
          - { role: m4rcu5nl.zerotier }
+```
 
+Example Inventory
+----------------
+
+```INI
+    [servers]
+    web1.example.com zerotier_member_ip_assignments='["192.168.195.1", "192.168.195.2"]'
+    web2.example.com zerotier_member_ip_assignments='["192.168.195.3", "192.168.195.4"'
+    db1.example.com zerotier_member_ip_assignments='["192.168.195.10"]'
+    db2.example.com zerotier_member_ip_assignments='["192.168.195.11"]'
+    db3.example.com zerotier_member_ip_assignments='["192.168.195.12"]'
+
+    [webservers]
+    web1.example.com
+    web2.example.com
+
+    [dbservers]
+    db1.example.com
+    db2.example.com
+    db3.example.com
+
+    [webservers:vars]
+    zerotier_member_description='<AppName> webserver'
+
+    [dbservers:vars]
+    zerotier_member_description='<AppName> db cluster node'
+```

defaults/main.yml

@@ -1,3 +1,6 @@
 ---
 # defaults file for ansible-role-zerotier
 zerotier_api_url: https://my.zerotier.com
+zerotier_apt_state: present
+zerotier_register_short_hostname: false
+zerotier_authorize_member: true

meta/main.yml

@@ -16,7 +16,7 @@ galaxy_info:
   # - CC-BY
   license: BSD
 
-  min_ansible_version: 2.0
+  min_ansible_version: 2.4
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
@@ -36,6 +36,9 @@ galaxy_info:
   - name: EL
     versions:
     - 7
+  - name: Debian
+    versions:
+    - stretch
   # - name: Fedora
   #   versions:
   #   - all
@@ -49,7 +52,7 @@ galaxy_info:
 
   galaxy_tags:
   - zerotier-one
-  - CentOS 7
+  - networking
     # List tags for your role here, one per line. A tag is a keyword that describes
     # and categorizes the role. Users find roles by searching for tags. Be sure to
     # remove the '[]' above, if you add tags to this list.

tasks/authorize_node.yml

@@ -0,0 +1,32 @@
+---
+- block:
+  - name: Get Zerotier NodeID
+    shell: zerotier-cli info | awk '{print $3}'
+    register: nodeid
+    changed_when: false
+
+  - name: Set NodeID as fact
+    set_fact:
+      zerotier_node_id: "{{ nodeid.stdout }}"
+
+  - name: Add and authorize members to network
+    uri:
+      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
+      method: POST
+      headers:
+        Authorization: bearer {{ zerotier_accesstoken }}
+      body:
+        name: "{{ zerotier_register_short_hostname | ternary(inventory_hostname_short, inventory_hostname) }}"
+        description: "{{ zerotier_member_description | default() }}"
+        hidden: false
+        config:
+          authorized: "{{ zerotier_authorize_member }}"
+          ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}"
+      body_format: json
+    register: apiresult
+
+  when:
+  - zerotier_accesstoken is defined
+  - not ansible_check_mode
+  tags:
+  - configuration

tasks/install.yml

@@ -1,19 +1,6 @@
 ---
-- block: # Add zerotier repo and it's gpg key
-  - name: Add zerotier gpg key
-    rpm_key:
-      state: present
-      key: https://download.zerotier.com/contact%40zerotier.com.gpg
-
-  - name: Add zerotier repo
-    yum_repository:
-      name: zerotier
-      description: ZeroTier, Inc. RPM Release Repository
-      baseurl: https://download.zerotier.com/redhat/el/$releasever
-      gpgcheck: yes
-      enabled: yes
-    register: zerotier_repo
 
+- include_tasks: install/{{ ansible_os_family }}.yml
   tags:
   - installation
   - repositories
@@ -30,12 +17,13 @@
       name: zerotier-one
       state: started
     when:
-    - zerotier_client|succeeded
+    - zerotier_client is succeeded
     notify:
     - enable zerotier-one
 
   when:
-  - zerotier_repo|succeeded
+  - zerotier_repo is succeeded
+  - not ansible_check_mode
   tags:
   - installation
   - packages

tasks/install/Debian.yml

@@ -0,0 +1,9 @@
+- name: Add ZeroTier PGP key
+  apt_key:
+    url: "{{ zerotier_gpg_url }}"
+
+- name: Add ZeroTier APT repository
+  apt_repository:
+    repo: deb {{ zerotier_download_base_url }}/debian/{{ ansible_distribution_release }} {{ ansible_distribution_release }} main
+    filename: zerotier
+  register: zerotier_repo

tasks/install/RedHat.yml

@@ -0,0 +1,13 @@
+- name: Add ZeroTier gpg key
+  rpm_key:
+    state: present
+    key: "{{ zerotier_gpg_url }}"
+
+- name: Add ZeroTier repo
+  yum_repository:
+    name: zerotier
+    description: ZeroTier, Inc. RPM Release Repository
+    baseurl: https://download.zerotier.com/redhat/el/$releasever
+    gpgcheck: yes
+    enabled: yes
+  register: zerotier_repo

tasks/join_network.yml

@@ -1,33 +1,7 @@
 ---
-- block: # Join Zerotier network
-  - name: Get Zerotier NodeID
-    shell: /sbin/zerotier-cli info | awk '{print $3}'
-    register: nodeid
-
-  - name: Set NodeID as fact
-    set_fact:
-      zerotier_node_id: "{{ nodeid.stdout }}"
-
-  - name: Add and authorize members to network
-    uri:
-      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
-      method: POST
-      headers:
-        Authorization: bearer {{ zerotier_accesstoken }}
-      body:
-        name: "{{ inventory_hostname }}"
-        hidden: false
-        config:
-          authorized: true
-      body_format: json
-    register: apiresult
-
-  - name: Join Zerotier network
-    command: /sbin/zerotier-cli join {{ zerotier_network_id }}
+- name: Join ZeroTier network
+  command: zerotier-cli join {{ zerotier_network_id }}
   args:
     creates: /var/lib/zerotier-one/networks.d/{{ zerotier_network_id }}.conf
-
-  when:
-  - zerotier_accesstoken is defined
   tags:
   - configuration

tasks/main.yml

@@ -1,12 +1,11 @@
 ---
 # tasks file for ansible-role-zerotier
-- include: install.yml
+- import_tasks: install.yml
 
-- name: Check for successfully joined networks
-  shell: zerotier-cli listnetworks | grep 'OK'| awk '{print $3}'
-  register: joinednetworks
-
-- include: join_network.yml
+- import_tasks: authorize_node.yml
   when:
-  - 'zerotier_network_id not in joinednetworks.stdout'
   - zerotier_accesstoken is defined
+
+- import_tasks: join_network.yml
+  when:
+  - zerotier_network_id is defined

vars/main.yml

@@ -1,2 +1,4 @@
 ---
 # vars file for ansible-role-zerotier
+zerotier_download_base_url: http://download.zerotier.com
+zerotier_gpg_url: https://download.zerotier.com/contact@zerotier.com.gpg