dsk-dev kubespray 이동

2023-12-19 14:31:22 +09:00
parent a35325e16b
commit 5671a92148
2568 changed files with 0 additions and 0 deletions
--- a/ansible/kubespray/roles/adduser/defaults/main.yml
+++ b/ansible/kubespray/roles/adduser/defaults/main.yml
@@ -0,0 +1,27 @@
+---
+kube_owner: kube
+kube_cert_group: kube-cert
+etcd_data_dir: "/var/lib/etcd"
+
+addusers:
+  etcd:
+    name: etcd
+    comment: "Etcd user"
+    create_home: no
+    system: yes
+    shell: /sbin/nologin
+  kube:
+    name: kube
+    comment: "Kubernetes user"
+    create_home: no
+    system: yes
+    shell: /sbin/nologin
+    group: "{{ kube_cert_group }}"
+
+adduser:
+  name: "{{ user.name }}"
+  group: "{{ user.name|default(None) }}"
+  comment: "{{ user.comment|default(None) }}"
+  shell: "{{ user.shell|default(None) }}"
+  system: "{{ user.system|default(None) }}"
+  create_home: "{{ user.create_home|default(None) }}"
--- a/ansible/kubespray/roles/adduser/molecule/default/converge.yml
+++ b/ansible/kubespray/roles/adduser/molecule/default/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  become: true
+  gather_facts: false
+  roles:
+    - role: adduser
+  vars:
+    user:
+      name: foo
--- a/ansible/kubespray/roles/adduser/molecule/default/molecule.yml
+++ b/ansible/kubespray/roles/adduser/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+lint: |
+  set -e
+  yamllint -c ../../.yamllint .
+driver:
+  name: vagrant
+  provider:
+    name: libvirt
+platforms:
+  - name: adduser-01
+    box: generic/ubuntu2004
+    cpus: 1
+    memory: 512
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      callbacks_enabled: profile_tasks
+      timeout: 120
+  lint:
+    name: ansible-lint
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
--- a/ansible/kubespray/roles/adduser/molecule/default/tests/test_default.py
+++ b/ansible/kubespray/roles/adduser/molecule/default/tests/test_default.py
@@ -0,0 +1,37 @@
+import os
+import yaml
+import glob
+import testinfra.utils.ansible_runner
+from ansible.playbook import Playbook
+from ansible.cli.playbook import PlaybookCLI
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+def read_playbook(playbook):
+    cli_args = [os.path.realpath(playbook), testinfra_hosts]
+    cli = PlaybookCLI(cli_args)
+    cli.parse()
+    loader, inventory, variable_manager = cli._play_prereqs()
+
+    pb = Playbook.load(cli.args[0], variable_manager, loader)
+
+    for play in pb.get_plays():
+        yield variable_manager.get_vars(play)
+
+def get_playbook():
+    with open(os.path.realpath(' '.join(map(str,glob.glob('molecule.*')))), 'r') as yamlfile:
+        data = yaml.load(yamlfile, Loader=yaml.FullLoader)
+        if 'playbooks' in data['provisioner'].keys():
+            if 'converge' in data['provisioner']['playbooks'].keys():
+                return data['provisioner']['playbooks']['converge']
+        else:
+            return ' '.join(map(str,glob.glob('converge.*')))
+
+def test_user(host):
+    for vars in read_playbook(get_playbook()):
+        assert host.user(vars['user']['name']).exists
+        if 'group' in vars['user'].keys():
+            assert host.group(vars['user']['group']).exists
+        else:
+            assert host.group(vars['user']['name']).exists
--- a/ansible/kubespray/roles/adduser/tasks/main.yml
+++ b/ansible/kubespray/roles/adduser/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: User | Create User Group
+  group:
+    name: "{{ user.group|default(user.name) }}"
+    system: "{{ user.system|default(omit) }}"
+
+- name: User | Create User
+  user:
+    comment: "{{ user.comment|default(omit) }}"
+    create_home: "{{ user.create_home|default(omit) }}"
+    group: "{{ user.group|default(user.name) }}"
+    home: "{{ user.home|default(omit) }}"
+    shell: "{{ user.shell|default(omit) }}"
+    name: "{{ user.name }}"
+    system: "{{ user.system|default(omit) }}"
+  when: user.name != "root"
--- a/ansible/kubespray/roles/adduser/vars/coreos.yml
+++ b/ansible/kubespray/roles/adduser/vars/coreos.yml
@@ -0,0 +1,8 @@
+---
+addusers:
+  - name: kube
+    comment: "Kubernetes user"
+    shell: /sbin/nologin
+    system: yes
+    group: "{{ kube_cert_group }}"
+    create_home: no
--- a/ansible/kubespray/roles/adduser/vars/debian.yml
+++ b/ansible/kubespray/roles/adduser/vars/debian.yml
@@ -0,0 +1,15 @@
+---
+addusers:
+  - name: etcd
+    comment: "Etcd user"
+    create_home: yes
+    home: "{{ etcd_data_dir }}"
+    system: yes
+    shell: /sbin/nologin
+
+  - name: kube
+    comment: "Kubernetes user"
+    create_home: no
+    system: yes
+    shell: /sbin/nologin
+    group: "{{ kube_cert_group }}"
--- a/ansible/kubespray/roles/adduser/vars/redhat.yml
+++ b/ansible/kubespray/roles/adduser/vars/redhat.yml
@@ -0,0 +1,15 @@
+---
+addusers:
+  - name: etcd
+    comment: "Etcd user"
+    create_home: yes
+    home: "{{ etcd_data_dir }}"
+    system: yes
+    shell: /sbin/nologin
+
+  - name: kube
+    comment: "Kubernetes user"
+    create_home: no
+    system: yes
+    shell: /sbin/nologin
+    group: "{{ kube_cert_group }}"