Initial code push

Add all the basics to deploy CoreDNS.

.github/stale.yml

@@ -0,0 +1,25 @@
+---
+# Configuration for probot-stale - https://github.com/probot/stale
+
+daysUntilStale: 45
+daysUntilClose: 14
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - bug
+
+exemptProjects: false
+exemptMilestones: true
+staleLabel: wontfix
+
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+
+limitPerRun: 4
+
+issues:
+  exemptLabels:
+    - bug
+    - enhancement

.gitignore

@@ -0,0 +1,14 @@
+*.swp
+*.swo
+*.idea
+.vagrant/
+*.retry
+*.log
+*.swp
+*.swo
+*.idea
+.molecule
+.cache
+__pycache__/
+.pytest_cache
+.tox

.travis.yml

@@ -0,0 +1,27 @@
+---
+sudo: required
+language: python
+cache: pip
+services:
+  - docker
+env:
+  - ANSIBLE=2.5
+  - ANSIBLE=2.6
+  - ANSIBLE=2.7
+matrix:
+  fast_finish: true
+install:
+  - pip install tox-travis git-semver
+script:
+  - tox
+deploy:
+  provider: script
+  skip_cleanup: true
+  script: .travis/releaser.sh
+  on:
+    branch: master
+branches:
+  only:
+    - master
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.travis/releaser.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+#
+# Copyright (C) 2018 Pawel Krupa (@paulfantom) - All Rights Reserved
+# Permission to copy and modify is granted under the MIT license
+#
+# Script to automatically do a couple of things:
+#   - generate a new tag according to semver (https://semver.org/)
+#   - generate CHANGELOG.md by using https://github.com/skywinder/github-changelog-generator
+#   - sync CHANGELOG with GitHub releases by using https://github.com/mattbrictson/chandler
+#
+# Tags are generated by searching for a keyword in last commit message. Keywords are:
+#  - [patch] or [fix] to bump patch number
+#  - [minor], [feature] or [feat] to bump minor number
+#  - [major] or [breaking change] to bump major number
+# All keywords MUST be surrounded with square braces.
+#
+# Script uses git mechanisms for locking, so it can be used in parallel builds
+#
+# Requirements:
+#   - GH_TOKEN variable set with GitHub token. Access level: repo.public_repo
+#   - docker
+#   - git-semver python package (pip install git-semver)
+
+# Exit when latest commit is tagged
+[[ $(git tag --points-at) ]] && exit 0
+
+# Some basic variables
+GIT_MAIL="cloudalchemybot@gmail.com"
+GIT_USER="cloudalchemybot"
+ORGANIZATION=$(echo "$TRAVIS_REPO_SLUG" | awk -F '/' '{print $1}')
+PROJECT=$(echo "$TRAVIS_REPO_SLUG" | awk -F '/' '{print $2}')
+GALAXY_URL="https://galaxy.ansible.com/${ORGANIZATION}/${PROJECT#ansible-}"
+
+# Git config
+git config --global user.email "${GIT_MAIL}"
+git config --global user.name "${GIT_USER}"
+GIT_URL=$(git config --get remote.origin.url)
+GIT_URL=${GIT_URL#*//}
+
+# Generate TAG
+GIT_TAG=none
+echo "Last commit message: $TRAVIS_COMMIT_MESSAGE"
+case "${TRAVIS_COMMIT_MESSAGE}" in
+  *"[patch]"*|*"[fix]"* )                GIT_TAG=$(git semver --next-patch) ;;
+  *"[minor]"*|*"[feat]"*|*"[feature]"* ) GIT_TAG=$(git semver --next-minor) ;;
+  *"[major]"*|*"[breaking change]"* )    GIT_TAG=$(git semver --next-major) ;;
+  *) echo "Keyword not detected. Doing nothing" ;;
+esac
+if [ "$GIT_TAG" != "none" ]; then
+    echo "Assigning new tag: $GIT_TAG"
+    git tag "$GIT_TAG" -a -m "Automatic tag generation for travis build no. $TRAVIS_BUILD_NUMBER"
+    git push "https://${GH_TOKEN}:@${GIT_URL}" --tags || exit 0
+fi
+
+# Generate CHANGELOG.md
+git checkout master
+git pull
+docker run -it --rm -v "$(pwd)":/usr/local/src/your-app ferrarimarco/github-changelog-generator:1.14.3 \
+               -u "${ORGANIZATION}" -p "${PROJECT}" --token "${GH_TOKEN}" \
+               --release-url "${GALAXY_URL}" \
+               --unreleased-label "**Next release**" --no-compare-link
+
+git add CHANGELOG.md
+git commit -m '[ci skip] Automatic changelog update'
+
+git push "https://${GH_TOKEN}:@${GIT_URL}" || exit 0
+
+# Sync changelog to github releases
+if [ "$GIT_TAG" != "none" ]; then
+    docker run -e CHANDLER_GITHUB_API_TOKEN="${GH_TOKEN}" -v "$(pwd)":/chandler -ti whizark/chandler push "${GIT_TAG}"
+fi

.yamllint

@@ -0,0 +1,14 @@
+extends: default
+ignore: |
+  .travis/
+  .travis.yml
+  meta/
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable

CHANGELOG.md

@@ -1,3 +1,4 @@
 # Change Log
 
+
 \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

create.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# To create a new role using this skeleton fill variables and run this script. Remove this file after role creation.
+
+# This variable ideally should contain the name of an application which will be deployed with ansible role.
+# Do not use whitespaces.
+APPLICATION=""
+
+# Port on which your application is listening
+PORT=""
+
+# Your name. Preferably your full name.
+AUTHOR=""
+
+rm -rf .git
+rm README.md
+mv ROLE_README.md README.md
+mv "templates/application.service.j2" "templates/${APPLICATION}.service.j2"
+
+find ./ -type f -exec sed -i "s/<<AUTHOR>>/$AUTHOR/g" {} \;
+find ./ -type f -exec sed -i "s/<<APPLICATION>>/$APPLICATION/g" {} \;
+find ./ -type f -exec sed -i "s/<<PORT>>/$PORT/g" {} \;

defaults/main.yml

@@ -0,0 +1,5 @@
+---
+coredns_version: 1.3.0
+coredns_dns_port: 53
+
+coredns_config_file: "/etc/coredns/Corefile"

handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart coredns
+  become: true
+  systemd:
+    daemon_reload: true
+    name: coredns
+    state: restarted

molecule/default/create.yml

@@ -0,0 +1,37 @@
+---
+- name: Create
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  tasks:
+    - name: Create molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}"
+        hostname: "{{ item.name }}"
+        image: "{{ item.image }}"
+        state: started
+        recreate: false
+        log_driver: json-file
+        command: "{{ item.command | default(omit) }}"
+        privileged: "{{ item.privileged | default(omit) }}"
+        volumes: "{{ item.volumes | default(omit) }}"
+        capabilities: "{{ item.capabilities | default(omit) }}"
+        exposed_ports: "{{ item.exposed_ports | default(omit) }}"
+        published_ports: "{{ item.published_ports | default(omit) }}"
+        ulimits: "{{ item.ulimits | default(omit) }}"
+        networks: "{{ item.networks | default(omit) }}"
+        dns_servers: "{{ item.dns_servers | default(omit) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+
+    - name: Wait for instance(s) creation to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"

molecule/default/destroy.yml

@@ -0,0 +1,32 @@
+---
+- name: Destroy
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}"
+  tasks:
+    - name: Destroy molecule instance(s)
+      docker_container:
+        name: "{{ item.name }}"
+        docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}"
+        state: absent
+        force_kill: "{{ item.force_kill | default(true) }}"
+      register: server
+      with_items: "{{ molecule_yml.platforms }}"
+      async: 7200
+      poll: 0
+
+    - name: Wait for instance(s) deletion to complete
+      async_status:
+        jid: "{{ item.ansible_job_id }}"
+      register: docker_jobs
+      until: docker_jobs.finished
+      retries: 300
+      with_items: "{{ server.results }}"
+
+    - name: Delete docker network(s)
+      docker_network:
+        name: "{{ item }}"
+        docker_host: "{{ item.docker_host | default('unix://var/run/docker.sock') }}"
+        state: absent
+      with_items: "{{ molecule_yml.platforms | molecule_get_docker_networks }}"

molecule/default/molecule.yml

@@ -0,0 +1,66 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: bionic
+    image: paulfantom/ubuntu-molecule:18.04
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: xenial
+    image: paulfantom/ubuntu-molecule:16.04
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: stretch
+    image: paulfantom/debian-molecule:9
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: jessie
+    image: paulfantom/debian-molecule:8
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: centos7
+    image: paulfantom/centos-molecule:7
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: fedora
+    image: paulfantom/fedora-molecule:27
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+  - name: clearlinux
+    image: paulfantom/clearlinux-molecule:latest
+    docker_host: "${DOCKER_HOST:-unix://var/run/docker.sock}"
+    privileged: true
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+provisioner:
+  name: ansible
+  lint:
+    name: ansible-lint
+  playbooks:
+    create: create.yml
+    prepare: prepare.yml
+    converge: playbook.yml
+    destroy: destroy.yml
+scenario:
+  name: default
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
+    enabled: true

molecule/default/playbook.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  any_errors_fatal: true
+  roles:
+    - ansible-<<APPLICATION>>

molecule/default/prepare.yml

@@ -0,0 +1,5 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: false
+  tasks: []

molecule/default/tests/test_default.py

@@ -0,0 +1,5 @@
+import os
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')

tasks/install.yml

@@ -0,0 +1,69 @@
+---
+- name: Install dependencies
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items: "{{ coredns_dependencies }}"
+
+- name: Create the coredns group
+  group:
+    name: "{{ coredns_system_group }}"
+    state: present
+    system: true
+
+- name: Create the coredns user
+  user:
+    name: "{{ coredns_system_user }}"
+    groups: "{{ coredns_system_group }}"
+    append: true
+    shell: /usr/sbin/nologin
+    system: true
+    createhome: false
+    home: /
+
+- name: Download coredns binary to local folder
+  become: false
+  get_url:
+    url: "https://github.com/prometheus/coredns/releases/download/v{{ coredns_version }}/coredns-{{ coredns_version }}.linux-{{ go_arch }}.tar.gz"
+    dest: "/tmp/coredns-{{ coredns_version }}.linux-{{ go_arch }}.tar.gz"
+    checksum: "sha256:{{ coredns_checksum }}"
+  register: _download_binary
+  until: _download_binary is succeeded
+  retries: 5
+  delay: 2
+  delegate_to: localhost
+  check_mode: false
+
+- name: Unpack coredns binary
+  become: false
+  unarchive:
+    src: "/tmp/coredns-{{ coredns_version }}.linux-{{ go_arch }}.tar.gz"
+    dest: "/tmp/coredns-{{ coredns_version }}.linux-{{ go_arch }}/"
+    creates: "/tmp/coredns-{{ coredns_version }}.linux-{{ go_arch }}/coredns"
+  delegate_to: localhost
+  check_mode: false
+
+- name: Create /usr/local/bin
+  file:
+    path: /usr/local/bin
+    state: directory
+    mode: 0755
+
+- name: Propagate coredns binaries
+  copy:
+    src: "/tmp/coredns-{{ coredns_version }}.linux-{{ go_arch }}/coredns"
+    dest: "/usr/local/bin/coredns"
+    mode: 0750
+    owner: "{{ coredns_system_user }}"
+    group: "{{ coredns_system_group }}"
+  notify: restart coredns
+  when: not ansible_check_mode
+
+- name: Copy the Node Exporter systemd service file
+  template:
+    src: coredns.service.j2
+    dest: /etc/systemd/system/coredns.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart coredns

tasks/main.yml

@@ -0,0 +1,33 @@
+---
+- name: Gather variables for each operating system
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution_file_variety | lower }}.yml"
+    - "{{ ansible_distribution | lower }}.yml"
+    - "{{ ansible_os_family | lower }}.yml"
+  tags:
+    - always
+
+- import_tasks: preflight.yml
+  tags:
+    - install
+    - configure
+
+- import_tasks: install.yml
+  become: true
+  tags:
+    - install
+
+- import_tasks: configure.yml
+  become: true
+  tags:
+    - configure
+
+- name: Ensure CoreDNS is enabled on boot
+  become: true
+  systemd:
+    daemon_reload: true
+    name: coredns
+    enabled: true
+  tags:
+    - run

tasks/preflight.yml

@@ -0,0 +1,15 @@
+---
+- name: Naive assertion of proper DNS port number
+  assert:
+    that:
+      - "coredns_dns_port <= 65535"
+
+- name: Fail on unsupported init systems
+  fail:
+    msg: "This module only works with systemd"
+  when: ansible_service_mgr != 'systemd'
+
+- name: "Get checksum for {{ go_arch }} architecture"
+  set_fact:
+    coredns_checksum: "{{ lookup('url', 'https://github.com/coredns/coredns/releases/download/v' + coredns_version + '/coredns_' + coredns_version + '_linux_' + go_arch + '.tgz.sha256') }}"
+  run_once: true

templates/coredns.service.j2

@@ -0,0 +1,28 @@
+{{ ansible_managed | comment }}
+
+[Unit]
+Description=CoreDNS
+Documentation=https://coredns.io
+After=network.target
+
+[Service]
+Type=simple
+PermissionsStartOnly=true
+LimitNOFILE=1048576
+LimitNPROC=512
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+User={{ coredns_system_user }}
+Group={{ coredns_system_group }}
+ExecStart=/usr/local/bin/coredns \
+    -conf {{ coredns_config_file }}
+    -dns.port "{{ coredns_dns_port }}"
+
+SyslogIdentifier=coredns
+ExecReload=/bin/kill -SIGUSR1 $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

test-requirements.txt

@@ -0,0 +1,5 @@
+molecule>=2.15.0
+docker
+ansible-lint>=3.4.0
+testinfra>=1.7.0
+jmespath

tox.ini

@@ -0,0 +1,20 @@
+[tox]
+minversion = 1.8
+envlist = py{27}-ansible{25,26,27}
+skipsdist = true
+
+[travis:env]
+ANSIBLE=
+  2.5: ansible25
+  2.6: ansible26
+  2.7: ansible27
+
+[testenv]
+passenv = *
+deps =
+    -rtest-requirements.txt
+    ansible25: ansible<2.6
+    ansible26: ansible<2.7
+    ansible27: ansible<2.8
+commands =
+    {posargs:molecule test --all --destroy always}

vars/clearlinux.yml

@@ -0,0 +1,3 @@
+---
+coredns_dependencies:
+  - sysadmin-basic

vars/debian.yml

@@ -0,0 +1,2 @@
+---
+coredns_dependencies: []

vars/main.yml

@@ -0,0 +1,12 @@
+---
+go_arch_map:
+  i386: '386'
+  x86_64: 'amd64'
+  aarch64: 'arm64'
+  armv7l: 'armv7'
+  armv6l: 'armv6'
+
+go_arch: "{{ go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
+
+coredns_system_group: "coredns"
+coredns_system_user: "{{ coredns_system_group }}"

vars/redhat.yml

@@ -0,0 +1,4 @@
+---
+coredns_dependencies:
+  - libselinux-python
+  - policycoreutils-python