Let users choose the distro version #449 (#466)

Make dpdaction great again add 1704 to travis Make EC2 image name more convenient modify apparmor profile
7 years ago · c3fcfe5d0d
parent cbb8237a4c
commit c3fcfe5d0d
10 changed files with 30 additions and 12 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -31,6 +31,7 @@ before_cache:

 env:
  - LXC_NAME=ubuntu1604 LXC_DISTRO=ubuntu LXC_RELEASE=xenial
+  - LXC_NAME=ubuntu1704 LXC_DISTRO=ubuntu LXC_RELEASE=zesty

 install:
  - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
--- a/config.cfg
+++ b/config.cfg
@ -61,10 +61,20 @@ SSH_keys:
 cloud_providers:
  azure:
    size: Basic_A0
+    image:
+      offer: UbuntuServer
+      publisher: Canonical
+      sku: '16.04-LTS' # 16.04-LTS
+      version: latest
  digitalocean:
    size: 512mb
+    image: "ubuntu-16-04-x64" # ubuntu-16-04-x64 / ubuntu-17-04-x64
  ec2:
    size: t2.micro
+    image:
+      name: "ubuntu-zesty-17.04" # ubuntu-xenial-16.04 / ubuntu-zesty-17.04
+      owner: "099720109477"
  gce:
    size: f1-micro
+    image: ubuntu-1604 # ubuntu-1604 / ubuntu-1704
  local:
--- a/roles/cloud-azure/tasks/main.yml
+++ b/roles/cloud-azure/tasks/main.yml
@ -89,11 +89,7 @@
      Environment: Algo
    ssh_public_keys:
      - { path: "/home/ubuntu/.ssh/authorized_keys", key_data: "{{ lookup('file', '{{ SSH_keys.public }}') }}" }
-    image:
-      offer: UbuntuServer
-      publisher: Canonical
-      sku: '16.04-LTS'
-      version: latest
+    image: "{{ cloud_providers.azure.image }}"
  register: azure_rm_virtualmachine

  # To-do: Add error handling - if vm_size requested is not available, can we fall back to another, ideally with a prompt?
--- a/roles/cloud-digitalocean/tasks/main.yml
+++ b/roles/cloud-digitalocean/tasks/main.yml
@ -46,7 +46,7 @@
    name: "{{ do_server_name }}"
    region_id: "{{ do_region }}"
    size_id: "{{ cloud_providers.digitalocean.size }}"
-    image_id: "ubuntu-16-04-x64"
+    image_id: "{{ cloud_providers.digitalocean.image }}"
    ssh_key_ids: "{{ do_ssh_key.ssh_key.id }}"
    unique_name: yes
    api_token: "{{ do_token }}"
--- a/roles/cloud-ec2/tasks/main.yml
+++ b/roles/cloud-ec2/tasks/main.yml
@ -3,12 +3,12 @@
    secret_key: "{{ aws_secret_key | default(lookup('env','AWS_SECRET_ACCESS_KEY'), true) }}"
    stack_name: "{{ aws_server_name | replace('.', '-') }}"

- name: Locate official Ubuntu 16.04 AMI for region
+- name: Locate official AMI for region
  ec2_ami_find:
    aws_access_key: "{{ access_key }}"
    aws_secret_key: "{{ secret_key }}"
-    name: "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"
-    owner:  099720109477
+    name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
+    owner: "{{ cloud_providers.ec2.image.owner }}"
    sort: creationDate
    sort_order: descending
    sort_end: 1
--- a/roles/cloud-gce/tasks/main.yml
+++ b/roles/cloud-gce/tasks/main.yml
@ -14,7 +14,7 @@
    instance_names: "{{ server_name }}"
    zone: "{{ zone }}"
    machine_type: "{{ cloud_providers.gce.size }}"
-    image: ubuntu-1604
+    image: "{{ cloud_providers.gce.image }}"
    service_account_email: "{{ service_account_email }}"
    credentials_file: "{{ credentials_file_path }}"
    project_id: "{{ project_id }}"
--- a/roles/dns_adblocking/tasks/main.yml
+++ b/roles/dns_adblocking/tasks/main.yml
@ -15,8 +15,6 @@
 - include: freebsd.yml
  when: ansible_distribution == 'FreeBSD'

- meta: flush_handlers
-
 - name: Dnsmasq configured
  template: src=dnsmasq.conf.j2 dest="{{ config_prefix|default('/') }}etc/dnsmasq.conf"
  notify:
@ -37,5 +35,7 @@
  shell: >
    sudo -u dnsmasq "/usr/local/sbin/adblock.sh"

+- meta: flush_handlers
+
 - name: Dnsmasq enabled and started
  service: name=dnsmasq state=started enabled=yes
--- a/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2
+++ b/roles/dns_adblocking/templates/usr.sbin.dnsmasq.j2
@ -15,6 +15,8 @@
  /etc/dnsmasq.d/* r,
  /var/lib/dnsmasq/ r,
  /var/lib/dnsmasq/block.hosts r,
+  /etc/dnsmasq.d-available/ r,
+  /etc/dnsmasq.d-available/* r,

  /usr/sbin/dnsmasq mr,

--- a/roles/vpn/tasks/main.yml
+++ b/roles/vpn/tasks/main.yml
@ -15,6 +15,11 @@
 - name: Install strongSwan
  package: name=strongswan state=present

+- name: Get StrongSwan versions
+  shell: >
+    ipsec --versioncode | grep -oE "^U([0-9]*|\.)*" | sed "s/^U\|\.//g"
+  register: strongswan_version
+
 - include: ipec_configuration.yml
 - include: openssl.yml
 - include: distribute_keys.yml
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@ -5,7 +5,11 @@ config setup
 conn %default
    fragmentation=yes
    rekey=no
+{% if strongswan_version.stdout is defined and strongswan_version.stdout > '550' %}
+    dpdaction=clear
+{% else %}
    dpdaction=none
+{% endif %}
    keyexchange=ikev2
    compress=yes
    dpddelay=35s