ci/cd - enabled routed_ip on servers, remove unused files and update OS to bookworm

2026-05-24 09:28:37 +00:00 · 2024-03-06 12:09:03 +01:00 · 2024-03-06 12:09:03 +01:00 · c558145582
commit c558145582
parent 8876ec8e37
27 changed files with 12 additions and 262 deletions
--- a/tests/ansible/ovh_roles/common/files/20auto-upgrades
+++ b/tests/ansible/ovh_roles/common/files/20auto-upgrades
@ -1,2 +0,0 @@
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
--- a/tests/ansible/ovh_roles/common/files/50unattended-upgrades
+++ b/tests/ansible/ovh_roles/common/files/50unattended-upgrades
@ -1,3 +0,0 @@
-Unattended-Upgrade::Origins-Pattern {
-        "origin=Debian,codename=${distro_codename},label=Debian-Security";
-};
--- a/tests/ansible/ovh_roles/common/files/99-disable-network-config.cfg
+++ b/tests/ansible/ovh_roles/common/files/99-disable-network-config.cfg
@ -1 +0,0 @@
-network: {config: disabled}
--- a/tests/ansible/ovh_roles/common/files/defaults-debian.conf
+++ b/tests/ansible/ovh_roles/common/files/defaults-debian.conf
@ -1,6 +0,0 @@
-[sshd]
-enabled = true
-port = 22
-findtime = 10m
-bantime = 24h
-maxretry = 3
--- a/tests/ansible/ovh_roles/common/files/ipv6.conf
+++ b/tests/ansible/ovh_roles/common/files/ipv6.conf
@ -1,5 +0,0 @@
-net.ipv6.conf.all.disable_ipv6 = 1
-net.ipv6.conf.default.disable_ipv6 = 1
-net.ipv6.conf.lo.disable_ipv6 = 1
-net.ipv6.conf.ens3.disable_ipv6 = 1
-net.ipv6.conf.ens4.disable_ipv6 = 1
--- a/tests/ansible/ovh_roles/common/files/sources.list
+++ b/tests/ansible/ovh_roles/common/files/sources.list
@ -1,3 +0,0 @@
-deb http://deb.debian.org/debian bullseye main
-deb http://deb.debian.org/debian-security/ bullseye-security main
-deb http://deb.debian.org/debian bullseye-updates main
--- a/tests/ansible/ovh_roles/common/handlers/main.yml
+++ b/tests/ansible/ovh_roles/common/handlers/main.yml
@ -1,8 +0,0 @@
---
- name: Restart networking
-  service:
-    name: networking
-    state: restarted
-
- name: Reload sysctl
-  shell: sysctl -p -f /etc/sysctl.d/70-disable-ipv6.conf
--- a/tests/ansible/ovh_roles/common/tasks/apt.yml
+++ b/tests/ansible/ovh_roles/common/tasks/apt.yml
@ -1,27 +0,0 @@
---
- name: Update /etc/apt/sources.list
-  copy:
-    src: sources.list
-    dest: /etc/apt/sources.list
-    owner: root
-    group: root
-    mode: "0644"
-
- name: Update APT cache and install dependencies
-  shell: apt update && apt autoclean && apt install -y unattended-upgrades python3-apt rename python3-pip
-
- name: copy 50unattended-upgrades
-  copy:
-    src: 50unattended-upgrades
-    dest: /etc/apt/apt.conf.d/50unattended-upgrades
-    owner: root
-    group: root
-    mode: "0644"
-
- name: copy 20auto-upgrades
-  copy:
-    src: 20auto-upgrades
-    dest: /etc/apt/apt.conf.d/20auto-upgrades
-    owner: root
-    group: root
-    mode: "0644"
--- a/tests/ansible/ovh_roles/common/tasks/fail2ban.yml
+++ b/tests/ansible/ovh_roles/common/tasks/fail2ban.yml
@ -1,13 +0,0 @@
---
- name: Install fail2ban
-  apt:
-    name: fail2ban
-    state: present
-
- name: Update /etc/fail2ban/jail.d/defaults-debian.conf
-  copy:
-    src: defaults-debian.conf
-    dest: /etc/fail2ban/jail.d/defaults-debian.conf
-    owner: root
-    group: root
-    mode: "0644"
--- a/tests/ansible/ovh_roles/common/tasks/hostname.yml
+++ b/tests/ansible/ovh_roles/common/tasks/hostname.yml
@ -1,4 +0,0 @@
---
- name: Set the hostname
-  hostname:
-    name: "{{ inventory_hostname }}"
--- a/tests/ansible/ovh_roles/common/tasks/main.yml
+++ b/tests/ansible/ovh_roles/common/tasks/main.yml
@ -1,5 +0,0 @@
---
- include_tasks: network.yml
- include_tasks: apt.yml
- include_tasks: hostname.yml
- include_tasks: fail2ban.yml
--- a/tests/ansible/ovh_roles/common/tasks/network.yml
+++ b/tests/ansible/ovh_roles/common/tasks/network.yml
@ -1,28 +0,0 @@
---
- name: Update /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-  copy:
-    src: 99-disable-network-config.cfg
-    dest: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-    owner: root
-    group: root
-    mode: "0644"
-
- name: Update /etc/network/interfaces.d/50-cloud-init
-  template:
-    src: 50-cloud-init
-    dest: /etc/network/interfaces.d/50-cloud-init
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - Restart networking
-
- name: Update /etc/sysctl.d/70-disable-ipv6.conf
-  copy:
-    src: ipv6.conf
-    dest: /etc/sysctl.d/70-disable-ipv6.conf
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - Reload sysctl
--- a/tests/ansible/ovh_roles/common/templates/50-cloud-init
+++ b/tests/ansible/ovh_roles/common/templates/50-cloud-init
@ -1,13 +0,0 @@
-auto lo
-iface lo inet loopback
-    dns-nameservers 213.186.33.99 0.0.0.0
-
-auto ens3
-iface ens3 inet dhcp
-    accept_ra 0
-    mtu 1500
-
-auto ens3:0
-iface ens3:0 inet static
-    address {{ failover_ip }}
-    netmask 255.255.255.255
--- a/tests/ansible/ovh_roles/docker/files/docker.list
+++ b/tests/ansible/ovh_roles/docker/files/docker.list
@ -1 +0,0 @@
-deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
--- a/tests/ansible/ovh_roles/docker/tasks/main.yml
+++ b/tests/ansible/ovh_roles/docker/tasks/main.yml
@ -1,38 +0,0 @@
---
- name: Install docker dependencies
-  apt:
-    name:
-      - ca-certificates
-      - gnupg
-    update_cache: yes
-    state: present
-
- name: Update /etc/apt/sources.list.d/docker.list
-  copy:
-    src: docker.list
-    dest: /etc/apt/sources.list.d/docker.list
-    owner: root
-    group: root
-    mode: "0644"
-
- name: Trust docker key
-  apt_key:
-    url: https://download.docker.com/linux/debian/gpg
-    state: present
-
- name: Install docker
-  apt:
-    name:
-      - docker-ce
-      - docker-ce-cli
-    update_cache: yes
-    state: present
-
- name: Install /usr/local/bin/docker-compose
-  shell: curl -L https://github.com/docker/compose/releases/download/v2.12.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
-
- name: Add debian user to docker group
-  user:
-    name: debian
-    groups: docker
-    append: yes
--- a/tests/ansible/ovh_roles/linux/tasks/main.yml
+++ b/tests/ansible/ovh_roles/linux/tasks/main.yml
@ -1,11 +0,0 @@
---
- name: Install ruby
-  apt:
-    name:
-      - ruby-full
-    state: present
-
- name: Install package_cloud package
-  community.general.gem:
-    name: package_cloud
-    state: present
--- a/tests/ansible/ovh_roles/private_net/handlers/main.yml
+++ b/tests/ansible/ovh_roles/private_net/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: Restart networking
-  service:
-    name: networking
-    state: restarted
--- a/tests/ansible/ovh_roles/private_net/tasks/main.yml
+++ b/tests/ansible/ovh_roles/private_net/tasks/main.yml
@ -1,2 +0,0 @@
---
- include_tasks: network.yml
--- a/tests/ansible/ovh_roles/private_net/tasks/network.yml
+++ b/tests/ansible/ovh_roles/private_net/tasks/network.yml
@ -1,10 +0,0 @@
---
- name: Update /etc/network/interfaces.d/ens4
-  template:
-    src: ens4
-    dest: /etc/network/interfaces.d/ens4
-    owner: root
-    group: root
-    mode: "0644"
-  notify:
-    - Restart networking
--- a/tests/ansible/ovh_roles/private_net/templates/ens4
+++ b/tests/ansible/ovh_roles/private_net/templates/ens4
@ -1,5 +0,0 @@
-auto ens4
-allow-hotplug ens4
-iface ens4 inet static
-    address {{ local_ip }}/24
-    mtu 9000
--- a/tests/ansible/ovh_roles/swarm/tasks/main.yml
+++ b/tests/ansible/ovh_roles/swarm/tasks/main.yml
@ -1,64 +0,0 @@
---
- name: Install pip
-  apt:
-    name:
-      - python3
-      - python3-pip
-      - virtualenv
-      - python3-setuptools
-      - python
-      - python-setuptools
-
- name: Upgrade pip3
-  pip:
-    name: pip
-    state: latest
-    executable: pip3
-
- name: Install dockerpy for py3
-  pip:
-    name: docker[tls]
-    state: forcereinstall
-    executable: pip3
-
- name: Init Docker Swarm
-  community.general.docker_swarm:
-    advertise_addr: "{{ local_ip }}"
-    listen_addr: "{{ local_ip }}"
-    ssl_version: "1.3"
-    validate_certs: yes
-    state: present
-  register: result
-  when: inventory_hostname == groups['managers'][0]
-
- name: Get join-token for manager nodes
-  set_fact:
-    join_token_manager: "{{ hostvars[groups['managers'][0]].result.swarm_facts.JoinTokens.Manager }}"
-
- name: Get join-token for worker nodes
-  set_fact:
-    join_token_worker: "{{ hostvars[groups['managers'][0]].result.swarm_facts.JoinTokens.Worker }}"
-
- name: Join Swarm as managers
-  community.general.docker_swarm:
-    advertise_addr: "{{ local_ip }}"
-    listen_addr: "{{ local_ip }}"
-    ssl_version: "1.3"
-    validate_certs: yes
-    state: join
-    join_token: "{{ join_token_manager }}"
-    remote_addrs: ["{{ hostvars[groups['managers'][0]].local_ip }}:2377"]
-  when:
-    - inventory_hostname in groups['managers']
-    - inventory_hostname != groups['managers'][0]
-
- name: Join Swarm as workers
-  community.general.docker_swarm:
-    advertise_addr: "{{ local_ip }}"
-    listen_addr: "{{ local_ip }}"
-    ssl_version: 1.3
-    validate_certs: yes
-    state: join
-    join_token: "{{ join_token_worker }}"
-    remote_addrs: ["{{ hostvars[groups['managers'][0]].local_ip }}:2377"]
-  when: inventory_hostname in groups['workers']
--- a/tests/ansible/roles/common/files/sources.list
+++ b/tests/ansible/roles/common/files/sources.list
@ -1,3 +1,3 @@
-deb http://deb.debian.org/debian bullseye main
-deb http://deb.debian.org/debian-security/ bullseye-security main
-deb http://deb.debian.org/debian bullseye-updates main
+deb http://deb.debian.org/debian bookworm main
+deb http://deb.debian.org/debian-security/ bookworm-security main
+deb http://deb.debian.org/debian bookworm-updates main
--- a/tests/ansible/roles/docker/files/docker.list
+++ b/tests/ansible/roles/docker/files/docker.list
@ -1 +1 @@
-deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
+deb [arch=amd64] https://download.docker.com/linux/debian bookworm stable
--- a/tests/terraform/autoconf.tf
+++ b/tests/terraform/autoconf.tf
@ -21,7 +21,8 @@ resource "scaleway_instance_server" "instance" {
  depends_on = [scaleway_account_ssh_key.ssh_key]
  name = "cicd_bw_autoconf"
  type = "DEV1-M"
-  image = "debian_bullseye"
+  image = "debian_bookworm"
+  routed_ip_enabled = true
  ip_id = var.autoconf_ip_id
 }

--- a/tests/terraform/docker.tf
+++ b/tests/terraform/docker.tf
@ -21,7 +21,8 @@ resource "scaleway_instance_server" "instance" {
  depends_on = [scaleway_account_ssh_key.ssh_key]
  name = "cicd_bw_docker"
  type = "DEV1-M"
-  image = "debian_bullseye"
+  image = "debian_bookworm"
+  routed_ip_enabled = true
  ip_id = var.docker_ip_id
 }

--- a/tests/terraform/linux.tf
+++ b/tests/terraform/linux.tf
@ -21,7 +21,8 @@ resource "scaleway_instance_server" "instance" {
  depends_on = [scaleway_account_ssh_key.ssh_key]
  name = "cicd_bw_linux"
  type = "DEV1-M"
-  image = "debian_bullseye"
+  image = "debian_bookworm"
+  routed_ip_enabled = true
  ip_id = var.linux_ip_id
 }

--- a/tests/terraform/swarm.tf
+++ b/tests/terraform/swarm.tf
@ -27,7 +27,8 @@ resource "scaleway_instance_server" "instances" {
  depends_on = [scaleway_account_ssh_key.ssh_key]
  name = "cicd_bw_swarm_${count.index}"
  type = "DEV1-L"
-  image = "debian_bullseye"
+  image = "debian_bookworm"
+  routed_ip_enabled = true
  ip_id = var.swarm_ips_id[count.index]
  private_network {
    pn_id = scaleway_vpc_private_network.pn.id
				`@ -1 +0,0 @@`
				`deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable`