You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/2020-10-11-ansible-collection.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: "Migrating our roles to a collection"
2
+
title: "Migrating our Ansible roles to a collection"
3
3
date: 2020-11-08 09:00:00
4
4
authors:
5
5
- name: Sebastian Gumprich
@@ -27,11 +27,11 @@ All the roles that lived in separate repositories should move to the `roles`-dir
27
27
The roles were tested with the help of test-kitchen (I wrote about it [here](https://www.zufallsheld.de/2016/01/05/testing-ansible-roles/)) and our trusted [Inspec Baselines](https://dev-sec.io/baselines/). We kept the baselines but replaced test-kitchen with molecule, the de-facto standard for testing Ansible content. This made it possible to test our collection in the same way locally as done in CI. Speaking of CI: We replaced travis (good riddance - Travis [changed](https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing) their pricing model) with [Github Actions](https://github.com/features/actions).
28
28
Now every role inside the collection has its own pipeline that only runs when files from the role change. We still test our roles on a plethora of operating systems and the most important ones (CentOS and Ubuntu in its various versions) are all supported with all roles.
29
29
30
-
One problem with the new releases existed: since we wanted to re-use the ansible-os-hardening repository for the collection, we could not start from version 1.0.0 for the collection since the tag already existed. So to no break the old role we decided to continue the version from the role in the collection. This is why we starte with version 7 in the collection.
30
+
One problem with the new releases existed: since we wanted to re-use the ansible-os-hardening repository for the collection, we could not start from version 1.0.0 for the collection since the tag already existed. So to no break the old role we decided to continue the version from the role in the collection. This is why we started with version 7 in the collection.
31
31
32
32
Releasing new versions with a changelog was something we already [automated](https://github.com/dev-sec/ansible-os-hardening/issues/269) some time ago. We wanted to keep the nicely formatted changelogs and automatic releases and modifying the existing Github Actions was no problem.
33
33
34
-
Our plan how to actually migrate the roles into the collection was looked like this: Start building the collection and use the roles as submodules inside the monorepo. This way we can continue to support the separate roles and the roles inside the collection cannot diverge from the legacy roles.
34
+
Our plan how to actually migrate the roles into the collection looked like this: Start building the collection and use the roles as submodules inside the monorepo. This way we can continue to support the separate roles and the roles inside the collection cannot diverge from the legacy roles.
35
35
36
36
When everything was migrated, we planned to archive the old roles and link to the collection.
37
37
@@ -54,16 +54,18 @@ And Github Actions run on a Ubuntu 18.04 virtual machine with AppArmor enabled.
54
54
It took some days to figure this one out. However once I found out the reason for this, the solution was found much faster. [Robert de Bock](https://robertdebock.nl/) also had this problem and fixed it [here](https://github.com/robertdebock/ansible-role-mysql/commit/7562e99099b06282391ab7ed102b393a0406d212)
55
55
56
56
We also dropped support for some operating systems:
57
+
57
58
* CentOS 6 because support ends in November 2020
58
59
* Oracle-Linux because supporting it is really cumbersome and we don't know anyone that uses our roles on Oracle
*[Repository on Github](https://github.com/dev-sec/ansible-os-hardening/)
65
67
66
-
Please share yore feedback with us, ask questions on the mailing list, open issues and pull requests on our repo!
68
+
Please share your feedback with us, ask questions on the mailing list, open issues and pull requests on our repo!
67
69
68
70
# The future
69
71
@@ -74,4 +76,4 @@ Of course we want to continue working on the collection and support more operati
74
76
75
77
# Thanks
76
78
77
-
I want to thank the devsec team, especially [@schurzi](https://github.com/schurzi/), [@micheelengronne](https://github.com/schurzi/) and [@chris-rock](https://github.com/chris-rock) for their work and support in creating the collection and this awesome opensource community!
79
+
I want to thank the devsec team, especially [@micheelengronne](https://github.com/micheelengronne), [@schurzi](https://github.com/schurzi/) and [@chris-rock](https://github.com/chris-rock) for their work and support in creating the collection and this awesome opensource community!
0 commit comments