Merge pull request #67 from luthersystems/bastion-venv

Bastion python virtualenv
luthersystems · Jun 20, 2024 · 97c6a6c · 97c6a6c
2 parents 62453a7 + bdbbf12
commit 97c6a6c
Show file tree

Hide file tree

Showing 12 changed files with 251 additions and 40 deletions.
diff --git a/ansible-roles/bastion_init/defaults/main.yml b/ansible-roles/bastion_init/defaults/main.yml
@@ -3,3 +3,4 @@
 # must be declared in either the inventory or playbook.
 kubectl_eks_cluster_name: ""
 aws_cli_version_desired: "2.7.0"
+bastion_init_virtualenv: /opt/ansible_venv
diff --git a/ansible-roles/bastion_init/files/bashrc b/ansible-roles/bastion_init/files/bashrc
@@ -30,7 +30,7 @@ shopt -s checkwinsize
 
 # set a fancy prompt (non-color, unless we know we "want" color)
 case "$TERM" in
-    xterm-color|*-256color) color_prompt=yes;;
+    xterm-color|*-256color|xterm-24bit*) color_prompt=yes;;
 esac
 
 # uncomment for a colored prompt, if the terminal has the capability; turned

diff --git a/ansible-roles/bastion_init/files/requirements.in b/ansible-roles/bastion_init/files/requirements.in
@@ -0,0 +1,4 @@
+boto3
+botocore
+kubernetes
+packaging
diff --git a/ansible-roles/bastion_init/files/requirements.python3.12.txt b/ansible-roles/bastion_init/files/requirements.python3.12.txt
@@ -0,0 +1,70 @@
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    pip-compile --output-file=requirements.3.12.txt requirements.in
+#
+boto3==1.34.129
+    # via -r requirements.in
+botocore==1.34.129
+    # via
+    #   -r requirements.in
+    #   boto3
+    #   s3transfer
+cachetools==5.3.3
+    # via google-auth
+certifi==2024.6.2
+    # via
+    #   kubernetes
+    #   requests
+charset-normalizer==3.3.2
+    # via requests
+google-auth==2.30.0
+    # via kubernetes
+idna==3.7
+    # via requests
+jmespath==1.0.1
+    # via
+    #   boto3
+    #   botocore
+kubernetes==30.1.0
+    # via -r requirements.in
+oauthlib==3.2.2
+    # via
+    #   kubernetes
+    #   requests-oauthlib
+packaging==24.1
+    # via -r requirements.in
+pyasn1==0.6.0
+    # via
+    #   pyasn1-modules
+    #   rsa
+pyasn1-modules==0.4.0
+    # via google-auth
+python-dateutil==2.9.0.post0
+    # via
+    #   botocore
+    #   kubernetes
+pyyaml==6.0.1
+    # via kubernetes
+requests==2.32.3
+    # via
+    #   kubernetes
+    #   requests-oauthlib
+requests-oauthlib==2.0.0
+    # via kubernetes
+rsa==4.9
+    # via google-auth
+s3transfer==0.10.1
+    # via boto3
+six==1.16.0
+    # via
+    #   kubernetes
+    #   python-dateutil
+urllib3==2.2.2
+    # via
+    #   botocore
+    #   kubernetes
+    #   requests
+websocket-client==1.8.0
+    # via kubernetes
diff --git a/ansible-roles/bastion_init/files/requirements.python3.6.txt b/ansible-roles/bastion_init/files/requirements.python3.6.txt
@@ -0,0 +1,74 @@
+#
+# This file is autogenerated by pip-compile with python 3.6
+# To update, run:
+#
+#    pip-compile --output-file=requirements.3.6.txt requirements.in
+#
+boto3==1.23.10
+    # via -r requirements.in
+botocore==1.26.10
+    # via
+    #   -r requirements.in
+    #   boto3
+    #   s3transfer
+cachetools==4.2.4
+    # via google-auth
+certifi==2024.6.2
+    # via
+    #   kubernetes
+    #   requests
+charset-normalizer==2.0.12
+    # via requests
+google-auth==2.22.0
+    # via kubernetes
+idna==3.7
+    # via requests
+jmespath==0.10.0
+    # via
+    #   boto3
+    #   botocore
+kubernetes==30.1.0
+    # via -r requirements.in
+oauthlib==3.2.2
+    # via
+    #   kubernetes
+    #   requests-oauthlib
+packaging==21.3
+    # via -r requirements.in
+pyasn1==0.5.1
+    # via
+    #   pyasn1-modules
+    #   rsa
+pyasn1-modules==0.3.0
+    # via google-auth
+pyparsing==3.1.2
+    # via packaging
+python-dateutil==2.9.0.post0
+    # via
+    #   botocore
+    #   kubernetes
+pyyaml==6.0.1
+    # via kubernetes
+requests==2.27.1
+    # via
+    #   kubernetes
+    #   requests-oauthlib
+requests-oauthlib==2.0.0
+    # via kubernetes
+rsa==4.9
+    # via google-auth
+s3transfer==0.5.2
+    # via boto3
+six==1.16.0
+    # via
+    #   google-auth
+    #   kubernetes
+    #   python-dateutil
+urllib3==1.26.18
+    # via
+    #   botocore
+    #   google-auth
+    #   kubernetes
+    #   requests
+websocket-client==1.3.1
+    # via kubernetes
diff --git a/ansible-roles/bastion_init/files/xterm-24bit.terminfo b/ansible-roles/bastion_init/files/xterm-24bit.terminfo
@@ -0,0 +1,10 @@
+# Use colon separators.
+xterm-24bit|xterm with 24-bit direct color mode,
+  use=xterm-256color,
+  setb24=\E[48:2:%p1%{65536}%/%d:%p1%{256}%/%{255}%&%d:%p1%{255}%&%dm,
+  setf24=\E[38:2:%p1%{65536}%/%d:%p1%{256}%/%{255}%&%d:%p1%{255}%&%dm,
+# Use semicolon separators.
+xterm-24bits|xterm with 24-bit direct color mode,
+  use=xterm-256color,
+  setb24=\E[48;2;%p1%{65536}%/%d;%p1%{256}%/%{255}%&%d;%p1%{255}%&%dm,
+  setf24=\E[38;2;%p1%{65536}%/%d;%p1%{256}%/%{255}%&%d;%p1%{255}%&%dm,
diff --git a/ansible-roles/bastion_init/meta/main.yaml b/ansible-roles/bastion_init/meta/main.yaml
@@ -1,4 +1 @@
 ---
-dependencies:
-  - role: kubectl
-    kubectl_upgrade: yes
diff --git a/ansible-roles/bastion_init/tasks/main.yaml b/ansible-roles/bastion_init/tasks/main.yaml
@@ -8,28 +8,43 @@
   debug:
     var: kubectl_version
 
-- name: Update the APT cache
+- name: Install apt packages
   apt:
     update_cache: yes
     cache_valid_time: 36400
-
-- name: jq is installed
-  apt:
-    name: jq
-    state: present
-
-- name: Pip is installed
-  apt:
-    name: python3-pip
-    state: present
-
-- name: Ensure python modules are installed
-  pip:
-    name:
-      - boto3==1.23.10
-      - botocore==1.26.10
-      - kubernetes==30.1.0
-      - packaging==21.3
+    install_recommends: no
+    pkg:
+      - jq
+      - python3-pip
+      - python3-venv
+
+- name: Install python modules
+  block:
+  - name: Create temporary requirements file
+    ansible.builtin.tempfile:
+       state: file
+       suffix: .txt
+       prefix: requirements_
+    register: requirements_tempfile
+  - name: Copy pip requirements.txt
+    copy:
+      src: "requirements.python{{ python_minor }}.txt"
+      dest: "{{ requirements_tempfile.path }}"
+      owner: root
+      group: root
+      mode: '0644'
+    vars:
+      python_minor: "{{ ansible_python_version | splitext | first }}"
+  - name: Ensure python modules are installed
+    pip:
+      requirements: "{{ requirements_tempfile.path }}"
+      virtualenv: "{{ bastion_init_virtualenv }}"
+      virtualenv_command: "{{ ansible_python.executable }} -m venv"
+  always:
+  - name: Remove temporary requirements file
+    file:
+        path: "{{ requirements_tempfile.path }}"
+        state: absent
 
 - name: Print AWS CLI desired version
   debug:
@@ -103,6 +118,9 @@
     - "/tmp/aws"
   when: not aws_cli_installed
 
+- import_role:
+    name: kubectl
+
 - name: Configure kubectl for EKS
   command:
     argv:
@@ -149,6 +167,43 @@
       owner: root
       group: root
 
+- name: check terminfo for xterm-24bit
+  command:
+    cmd: infocmp xterm-24bit
+  register: infocmp
+  failed_when: infocmp.rc > 1
+  changed_when: no
+
+- name: Install terminfo for xterm-24bit
+  when: infocmp.rc == 1
+  block:
+  - name: Create temporary terminfo file
+    ansible.builtin.tempfile:
+       state: file
+       suffix: .terminfo
+       prefix: xterm-24bit_
+    register: xterm24_tempfile
+  - name: Copy xterm-24bit terminfo
+    copy:
+      src: xterm-24bit.terminfo
+      dest: "{{ xterm24_tempfile.path }}"
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Compile xterm-24bit terminfo
+    command:
+      argv:
+        - tic
+        - -x
+        - -o
+        - /etc/terminfo
+        - "{{ xterm24_tempfile.path }}"
+  always:
+  - name: Remove temporary terminfo file
+    file:
+        path: "{{ xterm24_tempfile.path }}"
+        state: absent
+
 - name: Configure unattended upgrades
   copy:
     src: 51unattended-upgrades-custom

diff --git a/ansible-roles/kubectl/tasks/env.yml b/ansible-roles/kubectl/tasks/env.yml
@@ -29,6 +29,10 @@
       KUBECONFIG: "{{kubectl_config_path}}"
       K8S_AUTH_KUBECONFIG: "{{kubectl_config_path}}"
 
+- name: override ansible interpreter
+  set_fact:
+    ansible_python_interpreter: /opt/ansible_venv/bin/python
+
 - name: Configure kubectl for EKS
   command:
     argv:

diff --git a/ansible-roles/ntp/handlers/main.yaml b/ansible-roles/ntp/handlers/main.yaml
@@ -0,0 +1,6 @@
+---
+- name: Restart the NTP service to enable timedate synchronization
+  service:
+    name: ntp
+    enabled: true
+    state: restarted
diff --git a/ansible-roles/ntp/tasks/main.yaml b/ansible-roles/ntp/tasks/main.yaml
@@ -1,9 +1,9 @@
 ---
-- name: Ensure that NTP is installed
-  apt: name=ntp state=present
-
-- name: "TODO: install a static NTP config to /etc/ntp.conf"
-  command: "true"
+- name: Set the timezone to UTC
+  command: timedatectl set-timezone UTC
 
-- name: Restart the NTP service to enable timedate synchronization
-  service: name=ntp state=started
+- name: Ensure that NTP is installed
+  apt:
+    pkg: ntp
+    state: present
+  notify: Restart ntp
diff --git a/ansible-roles/timedatectl/tasks/main.yaml b/ansible-roles/timedatectl/tasks/main.yaml