Merge pull request #35 from m4rcu5nl/develop

Release v1.2.3

README.md

@@ -3,38 +3,53 @@
 ZeroTier
 =========
 
-This Ansible role installs the `zerotier-one` package, adds and authorizes new members to (existing) ZeroTier networks, and tells the new member to join the network.
+This Ansible role adds the ZeroTier repository and installs the `zerotier-one` package using your system's package manager. Depending on the provided variables this role can also add and authorize new members to (existing) ZeroTier networks, and tell the new member to join the network.
 
 Requirements
 ------------
 
-This role has an optional access token variable to authorize the member using the ZeroTier API. The role also takes the ID of the ZeroTier network to automatically join the new member.
+Technically this role has no requirements. If it's ran without any variables set it will only run the installation tasks. The following variables impact the role's behavior:
+
+[**zerotier_network_id**](#zerotier_network_id): when set hosts are told to join this network.  
+[**zerotier_api_accesstoken**](#zerotier_api_accesstoken): when set the role can handle member authentication and configuration using the ZeroTier API.  
 
 Role Variables
 --------------
 
-### zerotier_api_url
-The url where the Zerotier API lives. Must use HTTPS protocol.
-Default: https://my.zerotier.com
-
-### zerotier_accesstoken
-The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.
-
 ### zerotier_network_id
-The 16 character network ID of the network the new members should join. The node will not join any network if omitted.
+*Type*: string  
+*Default value*:  
+*Description*: The 16 character network ID of the network the new members should join. The node will not join any network if omitted.
 
-### zerotier_register_short_hostname
-Used to register the short hostname (without the FQDN) on the network instead of the long one.
-Default: `false`
+### zerotier_member_register_short_hostname
+*Type*: boolean  
+*Default value*: `false`  
+*Description*: By default `inventory_hostname` will be used to name a member in a network. If set to `true`, `inventory_hostname_short` will be used instead.
 
 ### zerotier_member_ip_assignments
-A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.
+*Type*: list  
+*Default value*: `[]`  
+*Description*: A list of IP addresses to assign this member. The member will be automatically assigned an address on the network if left out.
 
 ### zerotier_member_description
-Optional desription for a member.
+*Type*: string  
+*Default value*: `""`  
+*Description*: Optional description for a member.
+
+### zerotier_api_accesstoken
+*Type*: string  
+*Default value*: `""`  
+*Description*: The access token needed to authorize with the ZeroTier API. You can generate one in your account settings at https://my.zerotier.com/. If this is left out then the newly joined member will not be automatically authorized.
+
+### zerotier_api_url
+*Type*: string  
+*Default value*: `https://my.zerotier.com`  
+*Description*: The url where the Zerotier API lives. Must use HTTPS protocol.  
 
 ### zerotier_api_delegate
-Option to delegate tasks for Zerotier API calls. By default the API calls are made from the machine running the role.
+*Type*: string  
+*Default value*: `localhost`  
+*Description*: Option to delegate tasks for Zerotier API calls. This is useful in a situation where API calls can only be made from a white-listed management server, for example.
 
 Example Playbook
 ----------------
@@ -43,7 +58,7 @@ Example Playbook
     - hosts: servers
       vars:
          zerotier_network_id: 1234567890qwerty
-         zerotier_accesstoken: "{{ vault_zerotier_accesstoken }}"
+         zerotier_api_accesstoken: "{{ vault_zerotier_accesstoken }}"
          zerotier_register_short_hostname: true
 
       roles:
@@ -75,4 +90,4 @@ Example Inventory
 
     [dbservers:vars]
     zerotier_member_description='<AppName> db cluster node'
-```
+```

defaults/main.yml

@@ -1,7 +1,8 @@
 ---
 # defaults file for ansible-role-zerotier
+zerotier_api_accesstoken: "{{ zerotier_accesstoken | default() }}" # For backwards compatibility
 zerotier_api_url: https://my.zerotier.com
 zerotier_api_delegate: localhost
 zerotier_apt_state: present
-zerotier_register_short_hostname: false
+zerotier_member_register_short_hostname: "{{ zerotier_register_short_hostname | default(false) }}" # For backwards compatibility
 zerotier_authorize_member: true

files/set_facts.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+FACTS_DIR='/etc/ansible/facts.d'
+FACT_FILE="${FACTS_DIR}/zerotier.fact"
+NODE_STATUS=($(zerotier-cli status))
+NETWORKS=$(zerotier-cli listnetworks | tail -n+2)
+
+function file_content {
+    if [ ! -z "$NETWORKS" ]; then
+        network_count=$(echo "$NETWORKS" |wc -l)
+        counter=1
+
+        echo "{"
+        echo "  \"node_id\":\"${NODE_STATUS[2]}\","
+        echo "  \"networks\": {"
+        while read -r; do
+            network=($REPLY)
+            echo "    \"${network[2]}\": {"
+            echo "        \"status\":\"${network[5]}\","
+            echo "        \"device\":\"${network[7]}\""
+
+            if [ "$counter" -eq "$network_count" ]; then
+                echo "    }"
+            else
+                echo "    },"
+            fi
+            ((counter++))
+        done <<< $NETWORKS
+        echo "  }"
+        echo "}"
+    else
+        echo "{\"node_id\":\"${NODE_STATUS[2]}\",\"networks\":{}}"
+    fi
+}
+
+if [ ! -d "$FACTS_DIR" ]; then
+    mkdir -p $FACTS_DIR
+fi
+
+file_content > $FACT_FILE
+
+
+# TO-DO
+# Handle different states than "OK". Other statuses can mess up positions.

meta/main.yml

@@ -16,7 +16,7 @@ galaxy_info:
   # - CC-BY
   license: GPLv3
 
-  min_ansible_version: 2.4
+  min_ansible_version: 2.9
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
@@ -27,7 +27,7 @@ galaxy_info:
   # this branch. If Travis integration is configured, only notifications for this
   # branch will be accepted. Otherwise, in all cases, the repo's default branch
   # (usually master) will be used.
-  #github_branch:
+  github_branch: master
 
   #
   # platforms is a list of platforms, and each platform has a name and a list of versions.
@@ -39,6 +39,10 @@ galaxy_info:
   - name: Debian
     versions:
     - stretch
+  - name: Ubuntu
+    versions:
+    - Bionic
+    - Cosmic
   - name: Fedora
     versions:
     - 28

tasks/authorize_node.yml

@@ -1,52 +1,38 @@
 ---
 - block:
-  - name: Get Zerotier NodeID
-    shell: zerotier-cli info | awk '{print $3}'
-    register: nodeid
-    changed_when: false
-
-  - name: Set NodeID as fact
-    set_fact:
-      zerotier_node_id: "{{ nodeid.stdout }}"
-
-  when:
-  - zerotier_accesstoken is defined
-  - not ansible_check_mode
-  tags:
-  - configuration
-
-- block:
-  - name: Authorize members to network
+  - name: Authorize new members to network
     uri:
-      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
+      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local['zerotier']['node_id'] }}"
       method: POST
       headers:
-        Authorization: bearer {{ zerotier_accesstoken }}
+        Authorization: bearer {{ zerotier_api_accesstoken }}
       body:
         hidden: false
         config:
           authorized: "{{ zerotier_authorize_member }}"
       body_format: json
-      register: auth_apiresult
+    register: auth_apiresult
     delegate_to: "{{ zerotier_api_delegate }}"
+    when:
+    - ansible_local['zerotier']['networks'][zerotier_network_id] is not defined or
+      ansible_local['zerotier']['networks'][zerotier_network_id]['status'] != 'OK'
 
   - name: Configure members in network
     uri:
-      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
+      url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ ansible_local['zerotier']['node_id'] }}"
       method: POST
       headers:
-        Authorization: bearer {{ zerotier_accesstoken }}
+        Authorization: bearer {{ zerotier_api_accesstoken }}
       body:
-        name: "{{ zerotier_register_short_hostname | ternary(inventory_hostname_short, inventory_hostname) }}"
+        name: "{{ zerotier_member_register_short_hostname | ternary(inventory_hostname_short, inventory_hostname) }}"
         description: "{{ zerotier_member_description | default() }}"
         config:
           ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}"
       body_format: json
-      register: conf_apiresult
+    register: conf_apiresult
     delegate_to: "{{ zerotier_api_delegate }}"
 
   when:
-  - zerotier_accesstoken is defined
   - not ansible_check_mode
   tags:
   - configuration

tasks/install.yml

@@ -1,6 +1,6 @@
 ---
 
-- include_tasks: install/{{ ansible_os_family }}.yml
+- include_tasks: install/{{ ansible_facts['os_family'] }}.yml
   tags:
   - installation
   - repositories

tasks/install/Debian.yml

@@ -1,9 +1,31 @@
 - name: Add ZeroTier PGP key
   apt_key:
     url: "{{ zerotier_gpg_url }}"
+    id: "{{ zerotier_gpg_fingerprint }}"
+
+- name: Check if Ubuntu release has dedicated repo
+  uri:
+    url: "{{ zerotier_download_base_url }}/debian/{{ zerotier_deb_release_repo }}"
+  failed_when: false
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+  register: release_repo
+
+- block:
+  - name: Overwrite Ubuntu release repo name
+    set_fact:
+      zerotier_deb_release_repo: bionic
+
+  - name: Re-gather facts
+    setup: ~
+
+  when:
+    - ansible_facts['distribution'] == "Ubuntu"
+    - ansible_facts['distribution_major_version'] == "18"
+    - release_repo.status == 404
 
 - name: Add ZeroTier APT repository
   apt_repository:
-    repo: deb {{ zerotier_download_base_url }}/debian/{{ ansible_distribution_release }} {{ ansible_distribution_release }} main
+    repo: deb {{ zerotier_download_base_url }}/debian/{{ zerotier_deb_release_repo }} {{ zerotier_deb_release_repo }} main
     filename: zerotier
   register: zerotier_repo

tasks/install/RedHat.yml

@@ -2,6 +2,7 @@
   rpm_key:
     state: present
     key: "{{ zerotier_gpg_url }}"
+    fingerprint: "{{ zerotier_gpg_fingerprint }}"
 
 - name: Add ZeroTier repo for RHEL/CentOS
   yum_repository:
@@ -11,7 +12,7 @@
     gpgcheck: yes
     enabled: yes
   register: zerotier_repo
-  when: ansible_distribution != "Fedora"
+  when: ansible_facts['distribution'] != "Fedora"
 
 - name: Add zerotier repo for Fedora
   yum_repository:
@@ -21,4 +22,4 @@
     gpgcheck: yes
     enabled: yes
   register: zerotier_repo
-  when: ansible_distribution == "Fedora"
+  when: ansible_facts['distribution'] == "Fedora"

tasks/main.yml

@@ -2,11 +2,20 @@
 # tasks file for ansible-role-zerotier
 - import_tasks: install.yml
   when:
-  - not skip_install|default(false)|bool
+  - not skip_install | default(false) | bool
+
+- block:
+  - name: Update ansible_local facts
+    script: set_facts.sh
+
+  - name: Re-gather ansible_local facts
+    setup: filter=ansible_local
+
 
 - import_tasks: authorize_node.yml
   when:
-  - zerotier_accesstoken is defined
+  - zerotier_api_accesstoken | length > 0
+  - ansible_local['zerotier']['node_id'] is defined
 
 - import_tasks: join_network.yml
   when:

vars/main.yml

@@ -1,4 +1,6 @@
 ---
 # vars file for ansible-role-zerotier
 zerotier_download_base_url: http://download.zerotier.com
+zerotier_deb_release_repo: "{{ ansible_facts['distribution_release'] }}"
 zerotier_gpg_url: https://download.zerotier.com/contact@zerotier.com.gpg
+zerotier_gpg_fingerprint: 74A5E9C458E1A431F1DA57A71657198823E52A61