initial commit of common Ansible and role template
Change-Id: I73b59340d2481c1c6b7e7c5806d4f5bc5a60ab26
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3119a73
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+*.html
+*.pyc
+.DS_Store
+__pycache__
+ansible_collections
+cookiecutter/*default*
+roles/*
+venv_onfansible
diff --git a/.gitreview b/.gitreview
new file mode 100644
index 0000000..2ea9737
--- /dev/null
+++ b/.gitreview
@@ -0,0 +1,5 @@
+[gerrit]
+host=gerrit.opencord.org
+port=29418
+project=ansible/onf-ansible.git
+defaultremote=origin
diff --git a/.reuse/dep5 b/.reuse/dep5
new file mode 100644
index 0000000..5b49913
--- /dev/null
+++ b/.reuse/dep5
@@ -0,0 +1,5 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: VERSION .gitreview
+Copyright: 2020 Open Networking Foundation
+License: Apache-2.0
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..8ba4395
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,105 @@
+# ONF Ansbile Makefile
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# Use bash for pushd/popd, and to fail quickly.
+# No -u as virtualenv activate script has undefined vars
+SHELL = bash -e -o pipefail
+
+# tooling
+VIRTUALENV ?= python -m venv
+
+# ansible files is all top-level playbooks
+ANSIBLE_PLAYBOOKS ?= $(wildcard *.yml)
+ANSIBLE_ROLES ?= $(wildcard roles/*)
+
+# YAML files, excluding venv and cookiecutter directories
+YAML_FILES ?= $(shell find . -type d \( -path "./venv_onfansible" -o -path "./cookiecutters" -o -path "./ansible_collections" -o -path "./roles" \) -prune -o -type f \( -name '*.yaml' -o -name '*.yml' \) -print )
+
+# all files with extensions
+PYTHON_FILES ?= $(wildcard filter_plugins/*.py lint_rules/*.py cookiecutters/*/hooks/*.py roles/*/filter_plugins/*.py)
+
+.DEFAULT_GOAL := help
+.PHONY: test lint yamllint ansiblelint license help
+
+# Create the virtualenv with all the tools installed
+VENV_NAME = venv_onfansible
+
+$(VENV_NAME): requirements.txt
+ $(VIRTUALENV) $@ ;\
+ source ./$@/bin/activate ; set -u ;\
+ python -m pip install --upgrade pip;\
+ python -m pip install -r requirements.txt
+ echo "To enter virtualenv, run 'source $@/bin/activate'"
+
+galaxy: $(VENV_NAME) galaxy.yml ## Download ansible galaxy provided collection and roles
+ source ./$</bin/activate ; set -u ;\
+ ansible-galaxy collection install -r galaxy.yml
+
+license: $(VENV_NAME) ## Check license with the reuse tool
+ source ./$</bin/activate ; set -u ;\
+ reuse --version ;\
+ reuse --root . lint
+
+# Cookiecutter tests
+test: yamllint ansiblelint flake8 pylint black ## run all standard tests
+
+yamllint: $(VENV_NAME) ## lint YAML format using yamllint
+ source ./$</bin/activate ; set -u ;\
+ yamllint --version ;\
+ yamllint \
+ -d "{extends: default, rules: {line-length: {max: 99}}}" \
+ -s $(YAML_FILES)
+
+ansiblelint: $(VENV_NAME) ## lint ansible-specific format using ansible-lint
+ source ./$</bin/activate ; set -u ;\
+ ansible-lint --version ;\
+ ansible-lint -R -v $(ANSIBLE_PLAYBOOKS) $(ANSIBLE_ROLES)
+
+flake8: $(VENV_NAME) ## check python formatting with flake8
+ source ./$</bin/activate ; set -u ;\
+ flake8 --version ;\
+ flake8 --max-line-length 99 $(PYTHON_FILES)
+
+pylint: $(VENV_NAME) ## pylint check for python 3 compliance
+ source ./$</bin/activate ; set -u ;\
+ pylint --version ;\
+ pylint --py3k $(PYTHON_FILES)
+
+black: $(VENV_NAME) ## run black on python files in check mode
+ source ./$</bin/activate ; set -u ;\
+ black --version ;\
+ black --check $(PYTHON_FILES)
+
+blacken: $(VENV_NAME) ## run black on python files to reformat
+ source ./$</bin/activate ; set -u ;\
+ black --version ;\
+ black $(PYTHON_FILES)
+
+# Password generation for use with ansible
+# from: https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module
+# Ref on supported crypt types per OS: https://passlib.readthedocs.io/en/stable/modular_crypt_format.html#os-defined-hashes
+
+# sha512 linux passwords
+sha512_passwd: $(VENV_NAME)
+ source ./$</bin/activate ; set -u ;\
+ python -c "from passlib.hash import sha512_crypt; import getpass; print(sha512_crypt.using(rounds=5000).hash(getpass.getpass()))"
+
+# bcrypt openbsd passwords, per https://man.openbsd.org/crypt.3
+bcrypt_passwd: $(VENV_NAME)
+ source ./$</bin/activate ; set -u ;\
+ python -c "from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=8).hash(getpass.getpass()))"
+
+passwd: $(VENV_NAME) ## encrypt a password using required formats
+ source ./$</bin/activate ; set -u ;\
+ python -c "from passlib.hash import bcrypt,sha512_crypt; import getpass; pw=getpass.getpass(); print('bcrypt: %s\nsha512crypt: %s' % (bcrypt.using(rounds=8).hash(pw), sha512_crypt.using(rounds=5000).hash(pw)))"
+
+clean:
+ rm -rf $(VENV_NAME) ansible_collections
+
+help: ## Print help for each target
+ @echo infra-playbooks make targets
+ @echo
+ @grep '^[[:alnum:]_-]*:.* ##' $(MAKEFILE_LIST) \
+ | sort | awk 'BEGIN {FS=":.* ## "}; {printf "%-25s %s\n", $$1, $$2};'
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..288e4a9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,328 @@
+<!--
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+--!>
+ONF Ansible
+===========
+
+Ansible is an automation tool used to install software and configure systems.
+It's frequently used either standalone or in concert with other
+operations-focused software.
+
+The primary advantage of Ansible is that it is "target neutral" - the system
+being configured can be a physical device, a virtual server, a VM image, a
+docker container image, etc., which reduces duplication of effort. For example,
+the executors used in Jenkins can be a Packer images or physical servers. Being
+able to share the same roles to install and configure software on both helps
+reduce overhead and increase uniformity.
+
+It also can targets basically any system that has a command line interface,
+even unusual platforms with non-Unix CLIs such as on networking equipment or
+Windows.
+
+Ansible Docs and Reference
+--------------------------
+
+A good place to start learning about Ansible is the [Intro to
+Playbooks](https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html).
+
+Additional useful references:
+
+- [Ansible Best Practices: The
+ Essentials](https://www.ansible.com/blog/ansible-best-practices-essentials).
+- [high quality ansible
+ playbooks](https://sysdogs.com/en/on-code-quality-with-ansible/).
+- [Jinja2 template
+ documentation](https://jinja.palletsprojects.com/en/master/templates/)
+- [filters](https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html)
+- [module return
+ values](https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html)
+
+We\'re following the Linux Foundation hierarchy and naming scheme for Ansible
+roles - see the [ansible/role/\* repos on LF
+Gerrit](https://gerrit.linuxfoundation.org/infra/admin/repos), and the [LF
+Ansible guide](https://docs.releng.linuxfoundation.org/en/latest/ansible.html).
+
+This aligns with how things work across a variety of tools and systems -
+see the [gerrit docs on
+replication](https://gerrit.googlesource.com/plugins/replication/+doc/master/src/main/resources/Documentation/config.md),
+specifically the [remote.NAME.remoteNameStyle]{.title-ref} section -
+if/when these are replicated on GitHub, that config will cause the repo
+to be renamed from [ansible/role/\<rolename\>]{.title-ref} to
+[ansible-role-\<rolename\>]{.title-ref}, which goes along with how
+[Ansible Galaxy has traditionally named
+roles](https://galaxy.ansible.com/docs/contributing/creating_role.html#role-names).
+
+Running Playbooks
+-----------------
+
+Playbooks are run from within a python virtualenv, to ensure that all the
+correct versions are available. The `galaxy` target will create this virtualenv
+and also download dependent roles and collections from [ansible
+galaxy](https://galaxy.ansible.com/):
+
+ $ make galaxy
+ ...
+ $ source venv_onfansible/bin/activate
+
+Once you've done this, you can run the `ansible-plabook` command.
+
+Starting a New Role
+-------------------
+
+1. Create the virtualenv with the Makefile, and source the activate
+ script:
+
+ $ make venv_onfansible
+ ...
+ $ source venv_onfansible/bin/activate
+
+2. Run cookiecutter with the path to the role cookiecutter template:
+
+ $ cd roles
+ $ cookiecutter ../cookiecutters/role
+
+ Answer the questions given, especially the name which will be the name of the
+ role, and it will create a role directory with those answers. The default
+ answers will result in Ubuntu 16.04 and 18.04 molecule tests, using a docker
+ image that runs the systemd init system, to allow daemons to be run in the
+ container.
+
+3. Initialize git and commit the files as created by cookiecutter:
+
+ $ cd <rolename>
+ $ git init
+ $ git add .
+ $ git commit -m "initial <rolename> role"
+
+4. Lint and test the role with `make lint` (runs static checks) and `make test`
+ (tests the role with Molecule). This should be done before making changes,
+ to make sure the test process works locally on your system.
+
+5. Make changes to the role, running the tests given in #3 periodically. See
+ the `Testing`{.interpreted-text role="ref"} section below for how to run
+ Molecule tests incrementally.
+
+6. Add comprehensive tests to the files in the `molecule/default/verify.yml`
+ file. See the `nginx` role as an example.
+
+Role and Playbook Style Guide
+-----------------------------
+
+Use the `.yml` extension for all YAML files. This is a convention used by most
+Ansible roles and when autogenerating a role with various tools like Galaxy or
+Molecule.
+
+Ansible roles and playbooks should pass both
+[ansible-lint](https://github.com/ansible/ansible-lint) and
+[yamllint](https://github.com/adrienverge/yamllint) in strict mode, to verify
+that they are well structured and formatted. [yamllint]{.title-ref} in
+particular differs from most Ansible examples when it comes to booleans -
+lowercase [true]{.title-ref} and [false]{.title-ref} should be used instead of
+other \"truthy\" values like [yes]{.title-ref} and [no]{.title-ref}. There are
+some cases when an Ansible modules will require that you use these \"truthy\"
+values, in which case you can [disable
+yamllint](https://yamllint.readthedocs.io/en/stable/disable_with_comments.html)
+for just that line. `ansible-lint` can also be [disabled per-line or
+ per-task](https://github.com/ansible/ansible-lint#false-positives-skipping-rules)
+ but this should be avoided when possible.
+
+If you need to separate a long line to pass lint, make use of the YAML `>`
+folded block scalar syntax which replaces whitespace/newlines replaced with
+single spaces (good for wrapping long lines) or `|` literal block scalar syntax
+which will retain newlines but replace whitespace with single spaces (good for
+inserting multiple lines of text into the output). More information is
+available at [yaml multiline strings](https://yaml-multiline.info/). The flow
+scalar syntax is less obvious and easier to accidentally introduce mistakes
+with, so using it isn\'t recommended.
+
+When listing parameters within a task, put parameters each on their own line
+(the YAML style). Even though there are examples of the `key=value` one-line
+syntax for assigning parameters, avoid using it in favor of the YAML syntax.
+This makes diffs shorter and easier to inspect, and helps with linting.
+
+Roles have to places to define variables - `defaults` and `vars`. The major
+difference between these is how [variable precedence works in
+Ansible](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable).
+In general, you should only define variables that will never need to be
+overridden by a user or playbook (for example platform-specific or OS-specific
+variables) in the `vars/<platformname>.yml` files. The `defaults/main.yml` file
+should contain examples variables or defaults values that work across all
+platforms supported by a role.
+
+To ensure the integrity of artifacts and other items downloaded from the
+internet as a part of the role, you should provide checksums and keys as a part
+of the role. Some examples of this are:
+
+- Using the `checksum` field on
+ [get_url](https://docs.ansible.com/ansible/latest/modules/get_url_module.html)
+ and similar modules. This will also save time, as during subsequent runs if
+ the checksum matches an already-downloaded file, the download won\'t be
+ required.
+
+- For package signing keys and GPG keys, put them as files within the role
+ and use a file lookup when using the
+ [apt_key](https://docs.ansible.com/ansible/latest/modules/apt_key_module.html)
+ and similar modules.
+
+When optionally executing a task using `when`, it's easier to follow if you
+put the `when` condition right after the name of the task, not at the end of
+the action as is shown in many examples:
+
+``` {.yaml}
+- name: Run command only on Debian (and Ubuntu)
+ when: ansible_os_family == "Debian"
+ command:
+ cmd: echo "Only run on Debian"
+```
+
+The `with_items` and other `with_*` iterators should be put at the end of the
+task.
+
+If you are iterating on lists that contains password or other secure data that
+should not be leaked into the output, set `no_log: true` so the items being
+iterated on are not printed.
+
+Avoid using `tags`, as these are generally used to change the behavior
+of a role or playbook in an arbitrary way - instead use information
+derived from setup to control optional actions, or use different roles
+to separate which tasks are run. Use of tags other than the
+`skip_ansible_lint` tag will cause the lint to fail. See also [Ansible:
+Tags are a code
+smell](https://medium.com/@gswallow/ansible-tags-are-a-code-smell-bf80bd88cb79)
+for additional perspective.
+
+If you need to modify behavior in a platform-specific way, use the setup
+facts to determine which tasks to run. You can get a list of setup facts
+by running `ansible -m setup` against a target system.
+
+Do not change the default value of the
+[hash\_behaviour](https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html#hash-behaviour)
+variable - the default `replace` setting is more deterministic, easier
+to understand, and handles removal of items, all of which can\'t be
+achieved with other values of this setting.
+
+What goes where?
+----------------
+
+Generally, roles are split into two major groups:
+
+### Configuration roles
+
+These roles configure or set up basic system functionality or do basic
+scripting and maintenance of the system.
+
+Examples:
+
+- Configuration of the \"base system\" (anything that is pre-installed
+ by the default installation)
+ - Configuring cron, logging, etc.
+ - Adding scripts for system tasks like backup
+- Creating user accounts (see the `provision-users` role)
+- Changing network settings (Firewall, VPN, etc.)
+
+### Installation Roles
+
+These are roles that add software to the base system, in various ways,
+and should install and configure software that is not automatically
+installed in the base installation.
+
+Examples:
+
+- Installing software like `nginx`, `acme.sh`, or `postgres`
+ - Creating limited privilege role accounts for running the
+ software
+ - Configuring the software installed
+
+### Group Vars
+
+The `group_vars` directory should contain variables specific to a
+sub-classification of hosts - this is usually done on a per-site, or
+per-function basis. These are named `<groupname>.yml`.
+
+### Host Vars
+
+The `host_vars` contains variables specific to a host, and should have
+files named `<hostname>.yml`.
+
+### Inventory
+
+Inventory is the list of hosts and what group they should be assigned
+into.
+
+Currently these lists are being kept in flat files in the `inventory`
+directory, but in the future they\'ll be dynamically built from NetBox
+or a similar IPAM system.
+
+Linting and code quality
+------------------------
+
+All Ansible playbooks and roles are scanned with `ansible-lint`.
+
+All YAML files (including Ansible playbooks, roles, etc. ) are scanned
+with `yamllint`.
+
+Python code is formatted with [black](https://github.com/psf/black), and
+must pass [flake8](https://flake8.pycqa.org/) and [pylint (py3k compat
+check only)](https://www.pylint.org/) .
+
+Testing
+-------
+
+Tests are done on a per-role basis using
+[Molecule](https://molecule.readthedocs.io/), which can test the role
+against Docker containers (the default) or Vagrant VMs (more complicated
+to set up).
+
+If the role will run a daemon you should request that the container is
+run in privileged mode, which will run an init daemon to start the
+services (in most cases, `systemd`). The `-priv` Docker images that are
+used includes a working copy of `systemd`, like a physical system would
+have, and are created from the
+[paulfantom/dockerfiles](https://github.com/paulfantom/dockerfiles)
+repo.
+
+If the role depends on other roles to function (needs a database or JRE)
+you can install those other roles in the `prepare.yml` playbook. See the
+`netbox` role for an example. This prepare playbook will only be run
+once during the initial setup of the container/VM, not every time the
+`converge` is run.
+
+Individual steps of the test process can be run from Molecule - see the
+[test sequence
+commands](https://molecule.readthedocs.io/en/latest/getting-started.html#run-test-sequence-commands).
+
+The most frequently used commands during role development are:
+
+- `molecule converge`: Bring up the container and run the playbook against it
+- `molecule verify`: Run the `verify.yaml` playbook to test
+- `molecule login`: Create an interactive shell session inside the container/VM
+ to debug
+- `molecule destroy`: Stop/destroy all the containers
+- `molecule test`: Run all the steps automatically
+
+A common devel loop when editing the role is to run:
+
+ molecule converge; molecule verify
+
+OS Differences
+--------------
+
+The setup module isn't regular between OS's with the `ansible_processor_*`
+options. OpenBSD has quoted numbers for quantities, Linux does not.
+`ansible_processor_count` is sockets on Linux, but the same as number of cores
+on OpenBSD. There are also sometimes differences between Linux distros - YMMV.
+
+Similar issues with network interface configuration - on Linux the
+`ansible_eth0['ipv4']` is a dict, but it's a list in OpenBSD.
+
+Known Issues
+------------
+
+Currently [ansible-lint throws exceptions when using modules from
+collections](https://github.com/ansible/ansible-lint/issues/538), which makes
+checking some playbooks difficult with that tool. This primarily affects the
+NetBox related tasks.
+
+This repo does not pass the REUSE check because of [REUSE issue
+246](https://github.com/fsfe/reuse-tool/issues/246).
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..c0ab82c
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+0.0.1-dev
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..9ee1e9a
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,10 @@
+; SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+; SPDX-License-Identifier: Apache-2.0
+[defaults]
+
+; paths
+collections_paths = ./
+roles_path = ./roles
+
+; don't use cowsay
+nocows = True
diff --git a/cookiecutters/role/README.md b/cookiecutters/role/README.md
new file mode 100644
index 0000000..cfd29e1
--- /dev/null
+++ b/cookiecutters/role/README.md
@@ -0,0 +1,14 @@
+<!--
+SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+SPDX-License-Identifier: Apache-2.0
+--!>
+
+# Cookiecutter for Ansible roles
+
+Goals of this cookiecutter
+
+- Creates sepearate per-platform includes for vars/tasks
+- Passes both ansible-lint and yamllint
+- Passes reuse licensing check
+- Has tests runnable with Molecule 3
+- Has a Makefile with lint and test targets, and passes by default
diff --git a/cookiecutters/role/cookiecutter.json b/cookiecutters/role/cookiecutter.json
new file mode 100644
index 0000000..a5c1aa7
--- /dev/null
+++ b/cookiecutters/role/cookiecutter.json
@@ -0,0 +1,25 @@
+{
+ "role_name": "roledefault",
+ "description": "Description for README and Galaxy",
+ "issue_tracker_url": "https://jira.opennetworking.org/",
+
+ "role_defaults":{
+ "example_default1":"example_value1",
+ "example_default2":"example_value2"
+ },
+
+ "platform": "deleteme",
+ "platforms":{
+ "Ubuntu": ["16.04","18.04"]
+ },
+
+ "author": "Open Networking Foundation",
+ "email": "support@opennetworking.org",
+ "company": "Open Networking Foundation",
+
+ "year": "{% now 'utc', '%Y' %}",
+ "license": ["Apache-2.0", "BSD-2-Clause", "MIT"],
+
+ "min_ansible_version": "2.9.5",
+ "molecule_privileged": ["true", "false"]
+}
diff --git a/cookiecutters/role/hooks/post_gen_project.py b/cookiecutters/role/hooks/post_gen_project.py
new file mode 100644
index 0000000..49667ae
--- /dev/null
+++ b/cookiecutters/role/hooks/post_gen_project.py
@@ -0,0 +1,108 @@
+#!/usr/bin/env python3
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+# role/hooks/post_gen_project.py
+# Generates platform-specific files for ansible roles
+
+from __future__ import absolute_import
+import os
+import jinja2
+
+from cookiecutter import generate as ccg
+from cookiecutter.environment import StrictEnvironment
+import cookiecutter.utils as utils
+
+# Docs for hooks
+# https://cookiecutter.readthedocs.io/en/latest/advanced/hooks.html
+
+# Tickets related to what thei above
+# https://github.com/cookiecutter/cookiecutter/issues/474
+# https://github.com/cookiecutter/cookiecutter/issues/851
+
+# other implementations
+# https://github.com/ckan/ckan/blob/master/contrib/cookiecutter/ckan_extension/hooks/post_gen_project.py
+
+# CWD is output dir
+PROJECT_DIR = os.path.realpath(os.path.join("..", os.path.curdir))
+
+# Hack, but 'cookiecutter._template' is a relative path
+TEMPLATE_DIR = os.path.realpath(
+ os.path.join(os.path.curdir, "../{{ cookiecutter._template }}")
+)
+
+# script is rendered as a template, so this will be filled in with the
+# cookiecutter dict, which is why noqa is needed.
+CONTEXT = {{cookiecutter | jsonify}} # noqa: F821, E227
+
+
+def delete_file(filepath):
+ """ delete generated file from output directory """
+ os.remove(os.path.join(PROJECT_DIR, filepath))
+
+
+def generate_platforms():
+ """ Generate files specific to each platform in platforms dict """
+
+ # list all platform tmplated files here
+ # {% raw %}
+ platform_files = [
+ "{{cookiecutter.role_name}}/tasks/{{cookiecutter.platform}}.yml",
+ "{{cookiecutter.role_name}}/vars/{{cookiecutter.platform}}.yml",
+ ]
+ # {% endraw %}
+
+ # delete the unneded file generated by platform_files earlier
+ env = StrictEnvironment(context={"cookiecutter": CONTEXT})
+ for infile in platform_files:
+ outfile_tmpl = env.from_string(infile)
+ delete_file(outfile_tmpl.render({"cookiecutter": CONTEXT}))
+
+ platforms = list(CONTEXT["platforms"].keys())
+
+ # Combine Ubuntu and Debian as they're the same ansible_os_family
+ if "Ubuntu" in platforms and "Debian" not in platforms:
+ platforms.remove("Ubuntu")
+ platforms.append("Debian")
+
+ # Iterate over platforms creating files
+ for platform in platforms:
+
+ # assign platform name to cookiecutter.platform
+ CONTEXT.update({"platform": platform})
+
+ # build jinja2 environment
+ env = StrictEnvironment(
+ context={"cookiecutter": CONTEXT}, keep_trailing_newline=True,
+ )
+
+ # must be in template dir for generate_file to work
+ with utils.work_in(TEMPLATE_DIR):
+ env.loader = jinja2.FileSystemLoader(".")
+
+ for infile in platform_files:
+ ccg.generate_file(
+ project_dir=PROJECT_DIR,
+ infile=infile,
+ context={"cookiecutter": CONTEXT},
+ env=env,
+ )
+
+
+def delete_inactive_licenses():
+
+ # get list of licenses written to output
+ license_dir = os.path.join(os.path.curdir, "LICENSES")
+ license_files = os.listdir(license_dir)
+
+ # delete any files that don't start with the license identifier
+ for licfile in license_files:
+ if not licfile.startswith(CONTEXT["license"]):
+ os.remove(os.path.join(os.path.curdir, "LICENSES", licfile))
+
+
+if __name__ == "__main__":
+
+ generate_platforms()
+ delete_inactive_licenses()
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.cookiecutter_params.json" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.cookiecutter_params.json"
new file mode 100644
index 0000000..b07ca2a
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.cookiecutter_params.json"
@@ -0,0 +1 @@
+{{ cookiecutter | jsonify }}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5"
new file mode 100644
index 0000000..f488d8a
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5"
@@ -0,0 +1,5 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: .cookiecutter_params.json LICENSE .gitreview
+Copyright: {{ cookiecutter.year }} {{ cookiecutter.author }}
+License: {{ cookiecutter.license }}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/Apache-2.0.txt" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/Apache-2.0.txt"
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/Apache-2.0.txt"
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/BSD-2-Clause.txt" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/BSD-2-Clause.txt"
new file mode 100644
index 0000000..232c21f
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/BSD-2-Clause.txt"
@@ -0,0 +1,25 @@
+BSD 2-Clause License
+
+Copyright (c) {{ cookiecutter.year }}, {{ cookiecutter.author }}
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/MIT.txt" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/MIT.txt"
new file mode 100644
index 0000000..6caffc7
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/LICENSES/MIT.txt"
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) {{ cookiecutter.year }} {{ cookiecutter.author }}
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/Makefile" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/Makefile"
new file mode 100644
index 0000000..1c1bb02
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/Makefile"
@@ -0,0 +1,39 @@
+# {{ cookiecutter.role_name }} Makefile
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+
+SHELL = bash -eu -o pipefail
+
+.DEFAULT_GOAL := help
+.PHONY: test lint yamllint ansiblelint license help
+
+test: ## run tests on the playbook with molecule
+ molecule --version
+ molecule test
+
+lint: yamllint ansiblelint ## run all lint checks
+
+# all YAML files
+YAML_FILES ?= $(shell find . -type f \( -name '*.yaml' -o -name '*.yml' \) -print )
+
+yamllint: ## lint check with yamllint
+ yamllint --version
+ yamllint \
+ -d "{extends: default, rules: {line-length: {max: 99}}}" \
+ -s $(YAML_FILES)
+
+ansiblelint: ## lint check with ansible-lint
+ ansible-lint --version
+ ansible-lint -v .
+ ansible-lint -v molecule/*/*
+
+license: ## Check license with the reuse tool
+ reuse --version
+ reuse --root . lint
+
+help: ## Print help for each target
+ @echo {{ cookiecutter.role_name }} test targets
+ @echo
+ @grep '^[[:alnum:]_-]*:.* ##' $(MAKEFILE_LIST) \
+ | sort | awk 'BEGIN {FS=":.* ## "}; {printf "%-25s %s\n", $$1, $$2};'
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/README.md" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/README.md"
new file mode 100644
index 0000000..dca0c0c
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/README.md"
@@ -0,0 +1,38 @@
+<!--
+SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+SPDX-License-Identifier: {{ cookiecutter.license }}
+--!>
+# {{ cookiecutter.role_name }}
+
+{{ cookiecutter.description }}
+
+## Requirements
+
+Minimum ansible version: {{ cookiecutter.min_ansible_version }}
+
+## Defaults
+
+List of default values for variables:
+
+{%- for key, val in cookiecutter.role_defaults|dictsort %}
+* `{{ key }}: {{ val }}`
+{%- endfor %}
+
+## Example Playbook
+
+```yaml
+- hosts: all
+ vars:
+{%- for key, val in cookiecutter.role_defaults|dictsort %}
+ {{ key }}: {{ val }}
+{%- endfor %}
+ roles:
+ - {{ cookiecutter.role_name }}
+
+```
+
+## License and Author
+
+© {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+
+License: {{ cookiecutter.license }}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/VERSION" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/VERSION"
new file mode 100644
index 0000000..c0ab82c
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/VERSION"
@@ -0,0 +1 @@
+0.0.1-dev
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/defaults/main.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/defaults/main.yml"
new file mode 100644
index 0000000..c418946
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/defaults/main.yml"
@@ -0,0 +1,8 @@
+---
+# {{ cookiecutter.role_name }} defaults/main.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+{% for key, val in cookiecutter.role_defaults|dictsort %}
+{{ key }}: {{ val }}
+{%- endfor %}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/handlers/main.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/handlers/main.yml"
new file mode 100644
index 0000000..b904b65
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/handlers/main.yml"
@@ -0,0 +1,5 @@
+---
+# {{ cookiecutter.role_name }} handlers/main.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/meta/main.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/meta/main.yml"
new file mode 100644
index 0000000..fa586ab
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/meta/main.yml"
@@ -0,0 +1,30 @@
+---
+# {{ cookiecutter.role_name }} meta/main.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+
+galaxy_info:
+ author: {{ cookiecutter.author }}
+ description: {{ cookiecutter.description }}
+ company: {{ cookiecutter.company }}
+
+ issue_tracker_url: {{ cookiecutter.issue_tracker_url }}
+
+ license: {{ cookiecutter.license }}
+
+ min_ansible_version: {{ cookiecutter.min_ansible_version }}
+
+ platforms:
+{%- for platform, versions in cookiecutter.platforms.items() %}
+ - name: {{ platform }}
+ versions:
+{%- for version in versions %}
+ - "{{ version }}"
+{%- endfor %}
+{%- endfor %}
+
+ galaxy_tags:
+ - {{ cookiecutter.role_name }}
+
+dependencies: []
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/converge.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/converge.yml"
new file mode 100644
index 0000000..00e5fa4
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/converge.yml"
@@ -0,0 +1,12 @@
+---
+# {{ cookiecutter.role_name }} molecule/default/verify.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+
+- name: Converge
+ hosts: all
+ tasks:
+ - name: "Include {{ cookiecutter.role_name }}"
+ include_role:
+ name: "{{ cookiecutter.role_name }}"
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/molecule.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/molecule.yml"
new file mode 100644
index 0000000..4264731
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/molecule.yml"
@@ -0,0 +1,30 @@
+---
+# {{ cookiecutter.role_name }} molecule/default/molecule.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+
+dependency:
+ name: galaxy
+driver:
+ name: docker
+platforms:
+{%- for platform, versions in cookiecutter.platforms.items() %}
+{%- set platform = platform | lower %}
+{%- for version in versions %}
+{%- if not cookiecutter.molecule_privileged %}
+ - name: "{{ platform }}-{{ version }}"
+ image: "{{ platform }}:{{ version }}"
+{%- else %}{# privileged, running custom images generated by: https://github.com/paulfantom/dockerfiles #}
+ - name: "{{ platform }}-{{ version }}-priv"
+ image: "quay.io/paulfantom/molecule-systemd:{{ platform }}-{{ version }}"
+ privileged: true
+ volumes:
+ - "/sys/fs/cgroup:/sys/fs/cgroup:ro"
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
+provisioner:
+ name: ansible
+verifier:
+ name: ansible
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/verify.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/verify.yml"
new file mode 100644
index 0000000..285b2d7
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/molecule/default/verify.yml"
@@ -0,0 +1,12 @@
+---
+# {{ cookiecutter.role_name }} molecule/default/verify.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+
+- name: Verify
+ hosts: all
+ tasks:
+ - name: example assertion
+ assert:
+ that: true
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/main.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/main.yml"
new file mode 100644
index 0000000..7cced3b
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/main.yml"
@@ -0,0 +1,12 @@
+---
+# {{ cookiecutter.role_name }} tasks/main.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+{% raw %}
+- name: include OS-specific vars
+ include_vars: "{{ ansible_os_family }}.yml"
+
+- name: include OS-specific tasks
+ include_tasks: "{{ ansible_os_family }}.yml"
+{% endraw -%}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/\173\173cookiecutter.platform\175\175.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/\173\173cookiecutter.platform\175\175.yml"
new file mode 100644
index 0000000..1b4df91
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/tasks/\173\173cookiecutter.platform\175\175.yml"
@@ -0,0 +1,5 @@
+---
+# {{ cookiecutter.role_name }} tasks/{{ cookiecutter.platform }}.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/vars/\173\173cookiecutter.platform\175\175.yml" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/vars/\173\173cookiecutter.platform\175\175.yml"
new file mode 100644
index 0000000..feed32c
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/vars/\173\173cookiecutter.platform\175\175.yml"
@@ -0,0 +1,8 @@
+---
+# {{ cookiecutter.role_name }} vars/{{ cookiecutter.platform }}.yml
+#
+# SPDX-FileCopyrightText: © {{ cookiecutter.year }} {{ cookiecutter.author }} <{{ cookiecutter.email }}>
+# SPDX-License-Identifier: {{ cookiecutter.license }}
+#
+# NOTE: Only put platform/OS-specific variables in this file.
+# Put all other variables in the 'defaults/main.yml' file.
diff --git a/galaxy.yml b/galaxy.yml
new file mode 100644
index 0000000..6085673
--- /dev/null
+++ b/galaxy.yml
@@ -0,0 +1,8 @@
+---
+# external Ansible collections and roles we depend on
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+collections:
+ - name: "netbox.netbox"
+ version: "1.0.2"
diff --git a/lint_rules/NoTags.py b/lint_rules/NoTags.py
new file mode 100644
index 0000000..d74eab6
--- /dev/null
+++ b/lint_rules/NoTags.py
@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation
+# SPDX-License-Identifier: Apache-2.0
+
+# NoTags.py
+# ansible-lint rule to mark all tags as errors
+
+from __future__ import absolute_import
+from ansiblelint import AnsibleLintRule
+
+
+class NoTags(AnsibleLintRule):
+ id = "ONF0001"
+ shortdesc = "Don't use tags to modify runtime behavior"
+ description = (
+ "Tags can change which tasks Ansible performs when running a role or"
+ "playbook, which is undesirable. Reorganize your roles to not require"
+ "them, optionally using setup facts or platform vars as workarounds."
+ )
+ tags = ["idiom"]
+ severity = "HIGH"
+
+ def matchtask(self, file, task):
+
+ # Task should not have tags
+ if "tags" in task:
+
+ # allow if only tag is the skip_ansible_lint tag
+ if task["tags"] == ["skip_ansible_lint"]:
+ return False
+
+ return True
+
+ return False
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..c9487b8
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,22 @@
+# Python tools required for Ansible and tests to run
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+ansible-lint~=4.3.3
+ansible~=2.9.11
+bcrypt~=3.1.7
+black~=19.10b0
+cookiecutter~=1.7.2
+docker~=4.2.2
+flake8~=3.8.3
+molecule-vagrant~=0.3
+molecule~=3.0.8
+netaddr~=0.7.19
+passlib~=1.7.2
+pylint~=2.5.3
+pynetbox~=5.0.7
+python-vagrant~=0.5.15
+reuse~=0.11.1
+yamllint~=1.24.2
+zxcvbn~=4.4.28