From 8e54f471100c737585c89a69efcd1eb0ea22f52e Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Thu, 2 Feb 2023 23:58:36 +0100
Subject: [PATCH] Deploy ragent

---
 .../roles/deploy_ragent/files/get.py          | 16 ++++++++
 .../roles/deploy_ragent/tasks/main.yml        | 39 +++++++++++++++++++
 .../roles/deploy_ragent/vars/main.yml         | 26 +++++++++++++
 personal_infra/playbooks/site.yaml            |  6 +++
 personal_infra/puppet/site/00-common.pp       |  5 +++
 personal_infra/requirements.txt               |  1 +
 6 files changed, 93 insertions(+)
 create mode 100755 personal_infra/playbooks/roles/deploy_ragent/files/get.py
 create mode 100644 personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
 create mode 100644 personal_infra/playbooks/roles/deploy_ragent/vars/main.yml

diff --git a/personal_infra/playbooks/roles/deploy_ragent/files/get.py b/personal_infra/playbooks/roles/deploy_ragent/files/get.py
new file mode 100755
index 0000000..d0a7861
--- /dev/null
+++ b/personal_infra/playbooks/roles/deploy_ragent/files/get.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+
+import json
+import sys
+import urllib.request
+
+run_id = sys.argv[1]
+
+if run_id == "last":
+    runs = json.loads(urllib.request.urlopen("https://api.github.com/repos/alexpdp7/ragent/actions/runs?branch=master").read().decode('utf8'))
+    run_id = runs["workflow_runs"][0]["id"]
+
+run = json.loads(urllib.request.urlopen("https://api.github.com/repos/alexpdp7/ragent/actions/runs/%s" % run_id).read().decode('utf8'))
+artifacts = json.loads(urllib.request.urlopen(run['artifacts_url']).read().decode('utf8'))['artifacts']
+urls = {a['name']: 'https://api.github.com/repos/alexpdp7/ragent/actions/artifacts/%s/zip' % a["id"] for a in artifacts}
+print(json.dumps(urls))
diff --git a/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml b/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
new file mode 100644
index 0000000..7739867
--- /dev/null
+++ b/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: get url
+  local_action:
+    module: command
+    cmd: "{{ inventory_dir }}/playbooks/roles/deploy_ragent/files/get.py {{ run_id|default('last') }}"
+  run_once: True
+  register: url
+- name: download package
+  uri:
+    url: "{{ url.stdout|from_json|json_query(ragent['package_key'][ansible_os_family][ansible_distribution_major_version][ansible_architecture]) }}"
+    dest: /tmp/ragent_downloaded_package.zip
+    user: " {{ ragent_download['user'] }}"
+    password: "{{ ragent_download['token'] }}"
+    force_basic_auth: yes
+    follow_redirects: all
+- name: unzip
+  unarchive:
+    src: /tmp/ragent_downloaded_package.zip
+    dest: /tmp
+    list_files: yes
+    remote_src: yes
+  register: unzipped
+- name: remove previous
+  package:
+    name: ragent
+    state: absent
+- name: install package
+  command: "{{ ragent['install_command'][ansible_os_family] }} /tmp/{{ unzipped.files[0] }}"
+- name: configure service
+  service:
+    name: ragent
+    enabled: yes
+    state: restarted
+- name: open firewall
+  command: firewall-cmd --permanent --add-port=21488/tcp
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
+- name: reload firewall
+  command: firewall-cmd --reload
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
diff --git a/personal_infra/playbooks/roles/deploy_ragent/vars/main.yml b/personal_infra/playbooks/roles/deploy_ragent/vars/main.yml
new file mode 100644
index 0000000..9a67c50
--- /dev/null
+++ b/personal_infra/playbooks/roles/deploy_ragent/vars/main.yml
@@ -0,0 +1,26 @@
+---
+ragent:
+  package_key:
+    Debian:
+      '9':
+        x86_64: debian_stretch
+        armv7l: debian_stretch_rpi3
+      '10': # apparently the stretch package works for buster
+        x86_64: debian_stretch
+        armv7l: debian_stretch_rpi3
+      '11': # apparently the stretch package works for bullseye
+        x86_64: debian_stretch
+        armv7l: debian_stretch_rpi3
+      '20': # and it also works for Ubuntu 20.04
+        x86_64: debian_stretch
+    RedHat:
+      '7':
+        x86_64: el7
+      '8':
+        x86_64: el8
+        aarch64: el8_rpi4
+      '9':
+        x86_64: el8
+  install_command:
+    Debian: "dpkg -i"
+    RedHat: "rpm -i"
diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml
index 571e0f1..c6d11b0 100644
--- a/personal_infra/playbooks/site.yaml
+++ b/personal_infra/playbooks/site.yaml
@@ -18,6 +18,12 @@
   roles:
     - join_ipa
 
+- name: deploy ragent
+  hosts: all
+  tags: deploy_ragent
+  roles:
+    - deploy_ragent
+
 - name: verify root mail
   hosts: all
   tags: verify_root_mail
diff --git a/personal_infra/puppet/site/00-common.pp b/personal_infra/puppet/site/00-common.pp
index 58c035c..cb0126b 100644
--- a/personal_infra/puppet/site/00-common.pp
+++ b/personal_infra/puppet/site/00-common.pp
@@ -22,3 +22,8 @@ nagios_service {"${nagios_host}-ssh":
   service_description => "ssh",
   check_command => "check_ssh",
 }
+
+# https://github.com/alexpdp7/ragent/issues/352
+if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '9' {
+  package {'compat-openssl11':}
+}
diff --git a/personal_infra/requirements.txt b/personal_infra/requirements.txt
index b8934aa..769f725 100644
--- a/personal_infra/requirements.txt
+++ b/personal_infra/requirements.txt
@@ -3,6 +3,7 @@ ansible-core==2.14.1
 cffi==1.15.1
 cryptography==38.0.4
 Jinja2==3.1.2
+jmespath==1.0.1
 MarkupSafe==2.1.1
 packaging==22.0
 pycparser==2.21
-- 
2.47.3