Added useful extension folder and Makefile so things like make update now update external roles

.gitignore

@@ -1,3 +1,4 @@
+.vault-password
 .vagrant
 .kitchen/
 .kitchen.*.yml

Makefile

@@ -0,0 +1,35 @@
+ANSIBLE=ansible-playbook -i inventory
+
+.PHONY: setup test update endpoints baseline manage-users vpc-deploy check-playbooks
+
+export EC2_INI_PATH=./ec2.ini
+
+setup:
+	./extensions/setup/setup.sh
+
+update:
+	./extensions/setup/role_update.sh
+
+test: check-playbooks
+	./extensions/test/execute_tests.sh
+
+check-playbooks:
+	./extensions/test/check_playbooks.sh
+
+endpoints:
+	$(ANSIBLE) -l $(HOST) playbooks/vpn-endpoints.yml
+
+baseline:
+	$(ANSIBLE) -k -l $(HOST) playbooks/baseline.yml
+
+endpoint-prepare:
+	$(ANSIBLE) -l $(HOST) playbooks/endpoint-prepare.yml
+
+manage-users:
+	$(ANSIBLE) playbooks/manage-users.yml
+
+vpc-deploy: 
+	cd terraform && $(MAKE) apply
+	echo "Waiting for resources to be available" && sleep 120
+	EC2_INI_PATH="./ec2_public.ini" $(ANSIBLE) playbooks/vpc-base.yml
+	EC2_INI_PATH="./ec2_public.ini" $(ANSIBLE) playbooks/fetch-vpn-config.yml

extensions/setup/python_requirements.txt

@@ -0,0 +1,11 @@
+# Required python packages for ansible
+PyYAML
+Jinja2
+httplib2
+
+# Ansible
+ansible
+
+#Other packages
+boto
+netaddr

extensions/setup/role_update.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+#TODO: Support python virtual environments for now global
+
+COLOR_END='\e[0m'
+COLOR_RED='\e[0;31m'
+
+# This current directory.
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+ROOT_DIR=$(cd "$DIR/../../" && pwd)
+EXTERNAL_ROLE_DIR="$ROOT_DIR/roles/external"
+ROLES_REQUIREMNTS_FILE="$ROOT_DIR/roles/thirdparty_roles.yml"
+
+# Exit msg
+msg_exit() {
+    printf "$COLOR_RED$@$COLOR_END"
+    printf "\n"
+    printf "Exiting...\n"
+    exit 1
+}
+
+# Trap if ansible-galaxy failed and warn user
+cleanup() {
+    msg_exit "Update failed. Please don't commit or push roles till you fix the issue"
+}
+trap "cleanup"  ERR INT TERM
+
+# Check ansible-galaxy
+[[ -z "$(which ansible-galaxy)" ]] && msg_exit "Ansible is not installed or not in your path."
+
+# Check roles req file
+[[ ! -f "$ROLES_REQUIREMNTS_FILE" ]]  && msg_exit "roles_requirements '$ROLES_REQUIREMNTS_FILE' does not exist or permssion issue.\nPlease check and rerun."
+
+# Remove existing roles
+if [ -d "$EXTERNAL_ROLE_DIR" ]; then
+    cd "$EXTERNAL_ROLE_DIR"
+	if [ "$(pwd)" == "$EXTERNAL_ROLE_DIR" ];then
+	  echo "Removing current roles in '$EXTERNAL_ROLE_DIR/*'"
+	  rm -rf *
+	else
+	  msg_exit "Path error could not change dir to $EXTERNAL_ROLE_DIR"
+	fi
+fi
+
+
+
+# Install roles
+ansible-galaxy install -r "$ROLES_REQUIREMNTS_FILE" --force --no-deps -p "$EXTERNAL_ROLE_DIR"
+
+exit 0

extensions/setup/setup.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+set -e
+#TODO: Support python virtual environments for now global
+
+COLOR_END='\e[0m'
+COLOR_RED='\e[0;31m' # Red
+COLOR_YEL='\e[0;33m' # Yellow
+# This current directory.
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+ROOT_DIR=$(cd "$DIR/../../" && pwd)
+
+PYTHON_REQUIREMNTS_FILE="$DIR/python_requirements.txt"
+GEMFILE="$ROOT_DIR/Gemfile"
+
+msg_exit() {
+    printf "$COLOR_RED$@$COLOR_END"
+    printf "\n"
+    printf "Exiting...\n"
+    exit 1
+}
+
+msg_warning() {
+    printf "$COLOR_YEL$@$COLOR_END"
+    printf "\n"
+}
+# Check your environment 
+system=$(uname)
+
+if [ "$system" == "Linux" ]; then
+    distro=$(lsb_release -i)
+    if [[ $distro == *"Ubuntu"* ]] || [[ $distro == *"Debian"* ]] ;then
+        msg_warning "Your running Debian based linux.\n You might need to install 'sudo apt-get install build-essential python-dev\n."
+        # TODO: check if ubuntu and install build-essential, and python-dev
+    else
+        msg_warning "Your linux system was not tested"
+    fi
+fi
+
+
+# Check if root
+# Since we need to make sure paths are okay we need to run as normal user he will use ansible
+[[ "$(whoami)" == "root" ]] && msg_exit "Please run as a normal user not root"
+
+# Check python
+[[ -z "$(which python)" ]] && msg_exit "Opps python is not installed or not in your path."
+# Check pip
+[[ -z "$(which pip)" ]] && msg_exit "pip is not installed!\nYou can try'sudo easy_install pip'"
+# Check python file
+[[ ! -f "$PYTHON_REQUIREMNTS_FILE" ]]  && msg_exit "python_requirements '$PYTHON_REQUIREMNTS_FILE' does not exist or permssion issue.\nPlease check and rerun."
+# Check for bundler
+[[ -z "$(which bundle)" ]] && msg_exit "Oops you need bundler to install ruby dependencies (http://bundler.io/)"
+
+# Install 
+# By default we upgrade all packges to latest. if we need to pin packages use the python_requirements
+echo "This script install python packages defined in '$PYTHON_REQUIREMNTS_FILE' "
+echo "Since we only support global packages installation for now we need root password."
+echo "You will be asked for your password."
+sudo -H pip install --upgrade --requirement "$PYTHON_REQUIREMNTS_FILE"
+
+echo "This script will now install ruby dependencies via bundler"
+bundle install --gemfile=$GEMFILE
+
+
+#Touch vault password file
+echo "Touching vault password file"
+if [ -w "$ROOT_DIR" ]
+then
+   touch "$ROOT_DIR/.vault-password"
+else
+  sudo touch "$ROOT_DIR/.vault-password"
+fi
+exit 0

extensions/test/check_playbooks.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set +e
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+ROOT_DIR=$(cd "$DIR/../../" && pwd)
+PLAYBOOK_DIR="$ROOT_DIR/playbooks"
+
+COLOR_END='\e[0m'
+COLOR_RED='\e[0;31m' # Red
+COLOR_YEL='\e[0;33m' # Yellow
+COLOR_GREEN='\e[0;32m' # Green
+
+msg_fail() {
+  printf "$COLOR_RED$@$COLOR_END"
+  printf "\n"
+}
+
+msg_ok() {
+  printf "$COLOR_GREEN$@$COLOR_END"
+  printf "\n"
+}
+execute_test() {
+  playbook=$1
+  msg_ok "Testing playbook $playbook"
+  ansible-playbook --syntax-check --list-tasks -i "localhost," $PLAYBOOK_DIR/$playbook
+}
+
+EXIT_RC=0
+FAILED_PLAYBOOKS=()
+cd $ROOT_DIR
+for playbook in $(ls $PLAYBOOK_DIR)
+do
+  if [ "${playbook##*.}" = "yml" ]; then
+    execute_test $playbook
+    RC=$?
+    if [ "$RC" != "0" ]; then
+      FAILED_PLAYBOOKS+=("$playbook")
+      EXIT_RC=$RC
+    fi
+  fi
+done
+
+if [ "$EXIT_RC" != "0" ]; then
+  for playbook in ${FAILED_PLAYBOOKS[@]}
+  do
+    msg_fail "Playbook $playbook failed"
+  done
+else
+  msg_ok "Everything checks out just fine"
+fi
+
+exit $EXIT_RC

extensions/test/execute_tests.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+set +e
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+ROOT_DIR=$(cd "$DIR/../../" && pwd)
+ROLE_DIR="$ROOT_DIR/roles/internal"
+
+export CI=true
+
+execute_test() {
+  role=$1
+  echo "Testing role $role"
+  cd $ROLE_DIR/$role
+  env KITCHEN_YAML=.kitchen.travis.yml kitchen test
+}
+
+EXIT_RC=0
+FAILED_ROLES=()
+cd $ROOT_DIR
+for role in $(ls $ROLE_DIR)
+do
+  if [ -d "$ROLE_DIR/$role/test" ]; then
+    execute_test $role
+    RC=$?
+    cd $ROOT_DIR
+    if [ "$RC" != "0" ]; then
+      FAILED_ROLES+=("$role")
+      EXIT_RC=$RC
+    fi
+    sleep 5
+  fi
+done
+
+if [ "$EXIT_RC" != "0" ]; then
+  for role in ${FAILED_ROLES[@]}
+  do
+    echo "Role $role failed"
+  done
+fi
+
+exit $EXIT_RC