m4rcu5nl / ansible-role-zerotier Goto Github PK
View Code? Open in Web Editor NEWAnsible role to install Zerotier-One and join a Zerotier network
License: GNU General Public License v3.0
Ansible role to install Zerotier-One and join a Zerotier network
License: GNU General Public License v3.0
The role in the playbook is listed as:
role: m4rcu5nl.zerotier
On ansible galaxy the role name is zerotier-one so it worked better with:
role: m4rcu5nl.zerotier-one
Hi, I'm trying to use this, but I don't know how. Where do I put "m4rcu5nl.zerotier"? I don't see a role named zerotier or a file name zerotier.yml.
This ansible module is ignoring my variables 'zerotier_member_ip_assignments' and 'zerotier_member_description'. They aren't being set in the zerotier web ui. The IP is auto and there is no description.
Am I doing something wrong here? I'm new to ansible, so I probably am :-)
Playbook:
- hosts: pis
remote_user: pi
vars:
zerotier_network_id: ...
roles:
- { role: m4rcu5nl.zerotier-one, become: true }
Inventory:
[pis]
raspberry-1 zerotier_member_ip_assignments='["10.144.100.1"]'
[pis:vars]
zerotier_member_description='Rasberry Pi'
user_basedir=/home/pi
On a Cosmic Cuttlefish system, role will fail when trying to install the deb package from ZerotierOne.
The core problem is the "Add ZerotTier APT repository" task which generates the repository string based on the ansible_distribution_release variable. Zerotier does not provide a repository for cosmic. (I'm guessing Zerotier will only provide repos for LTS releases),
I worked around the issue by adding a new variable - zerotier_apt_repo - which then permits one to override the generated value.
I'd be happy to submit my changes - including doc updates - as a patch or pull request if this solution is acceptable.
Update tasks/main.yml
conform deprecation warning to prevent stuff from breaking with future Ansible update.
Would be great if it could be updated to support. Notice it is not one of the listed OS's on ansible galaxy. Had to go with the less full-featured cchurch.zerotier.
The script to create the facts file splits the output of the zerotier-cli command based on spaces. If the ZT network name contains a space then indexing is out resulting in incorrect field mapping.
Hi,
I tried to setup my network with a custom IP and it failed.
I set this var to a host and it did not work.
Commenting that line fixed it, but no IP assignement.
zerotier_member_ip_assignments: '["172.23.0.1"]'
Playbook output
TASK [m4rcu5nl.zerotier-one : Configure members in network] **************************************************************************************************************************************
task path: ansible/roles/m4rcu5nl.zerotier-one/tasks/authorize_node.yml:20
fatal: [daos-v]: FAILED! => {"accept_ranges": "bytes", "access_control_allow_origin": "*", "changed": false, "connection": "close", "content": "{\"type\":\"internal\",\"message\":\"Error updating member: ERROR: invalid input syntax for type inet: \\\"2\\\" (SQLSTATE 22P02)\"}", "content_length": "120", "content_type": "application/json", "date": "Fri, 09 Apr 2021 13:13:18 GMT", "elapsed": 0, "json": {"message": "Error updating member: ERROR: invalid input syntax for type inet: \"2\" (SQLSTATE 22P02)", "type": "internal"}, "msg": "Status code was 500 and not [200]: HTTP Error 500: Internal Server Error", "redirected": false, "status": 500, "strict_transport_security": "max-age=300", "url": "https://my.zerotier.com/api/network/REDACTED/member/REDACTED", "via": "1.1 google, 1.1 varnish", "x_cache": "MISS", "x_cache_hits": "0", "x_frame_options": "SAMEORIGIN", "x_served_by": "cache-hhn4078-HHN", "x_timer": "S1617973998.358212,VS0,VE194"}
Heya!
Not sure this is a bug or a misunderstanding on my part.
The role is not idempotent - the Update ansible_local facts block always reports changed.
Also, if the purpose here is to reload inventory, I think there may be another option using the meta module with the refresh_inventory setting.
Hi,
We're seeing issues where the package doesn't get installed:
TASK [ansible-role-zerotier : Check if zerotier is already installed] **********
task path: /tmp/kitchen/roles/ansible-role-zerotier/tasks/install.yml:25
fatal: [localhost]: FAILED! => {"changed": false, "msg": "No package matching 'zerotier-one' is available"}
It looks as though the when
conditional isn't set correctly - the code attempts to install the package before the repo is configured.
This is using Ubuntu 16.04, the role modified to suit. The ansible machine has v2.3.2.0.
Looks like it's not creating a proper record in my.zerotier. The record looks OK, but the name field is blank. And regardless, the client machine is unable to join.
ubuntu@dove1:~$ sudo zerotier-cli info
200 info 8576d20e72 1.2.4 ONLINE
ubuntu@dove1:~$ sudo zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks xxxxxxxxxxxxxxxx 6a:0b:45:ce:90:08 ACCESS_DENIED PRIVATE zt0 -
Running the role with -vvv
shows this as the call to Add and Authorize : Note that the name
field in the json block is empty, so that looks like a problem with ansible ?
ok: [dove1.local] => {
"access_control_allow_methods": "GET,PUT,POST,DELETE",
"access_control_allow_origin": "*",
"cache_control": "no-cache, no-store, must-revalidate, private, no-transform, proxy-revalidate, max-age=0",
"changed": false,
"connection": "close",
"content_length": "836",
"content_security_policy": "default-src 'self' blob:;style-src 'self' 'unsafe-inline' https://support.zerotier.com
;object-src 'self' blob:;connect-src 'self' https://community.zerotier.com/ https://support.zerotier.com https://api.
stripe.com https://checkout.stripe.com https://piwik.zerotier.com;frame-src 'self' https://community.zerotier.com/ htt
ps://support.zerotier.com https://js.stripe.com https://api.stripe.com https://checkout.stripe.com;script-src 'self' '
unsafe-inline' 'unsafe-eval' https://support.zerotier.com https://piwik.zerotier.com https://js.stripe.com https://api
.stripe.com https://checkout.stripe.com;img-src 'self' https://support.zerotier.com https://piwik.zerotier.com https:/
/api.stripe.com https://js.stripe.com https://q.stripe.com https://checkout.stripe.com https://stripe.com https://www.
stripe.com data: blob:;font-src 'self' data:",
"content_type": "application/json; charset=utf-8",
"date": "Tue, 29 Aug 2017 17:42:31 GMT",
"etag": "0509e94589bc62",
"invocation": {
"module_args": {
"attributes": null,
"backup": null,
"body": {
"config": {
"authorized": true
},
"hidden": false,
"name": "dove1.local"
},
"body_format": "json",
"content": null,
"creates": null,
"delimiter": null,
"dest": null,
"directory_mode": null,
"follow": false,
"follow_redirects": "safe",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": {
"Authorization": "bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"Content-Type": "application/json"
},
"http_agent": "ansible-httpget",
"method": "POST",
"mode": null,
"owner": null,
"regexp": null,
"remote_src": null,
"removes": null,
"return_content": false,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": null,
"status_code": [
200
],
"timeout": 30,
"unsafe_writes": null,
"url": "https://my.zerotier.com/api/network/xxxxxxxxxxxxxxxx/member/8576d20e72",
"url_password": null,
"url_username": null,
"use_proxy": true,
"validate_certs": true
}
},
"json": {
"clientVersion": null,
"clock": 1504028551677,
"config": {
"activeBridge": false,
"address": "0000000000",
"authorized": true,
"capabilities": [],
"creationTime": 0,
"id": "0000000000",
"identity": null,
"ipAssignments": [],
"lastAuthorizedCredential": null,
"lastAuthorizedCredentialType": null,
"lastAuthorizedTime": 0,
"lastDeauthorizedTime": 0,
"noAutoAssignIps": false,
"nwid": "0000000000000000",
"objtype": "member",
"physicalAddr": "",
"remoteTraceTarget": null,
"revision": 0,
"tags": [],
"vMajor": 0,
"vMinor": 0,
"vProto": 0,
"vRev": 0
},
"controllerId": "e5cd7a9e1c",
"description": "",
"hidden": false,
"id": "xxxxxxxxxxxxxxxx-8576d20e72",
"lastOffline": 0,
"lastOnline": 0,
"name": "",
"networkId": "xxxxxxxxxxxxxxxx",
"nodeId": "8576d20e72",
"offlineNotifyDelay": 0,
"online": false,
"physicalAddress": null,
"physicalLocation": null,
"protocolVersion": 0,
"supportsRulesEngine": false,
"type": "Member"
},
"msg": "OK (836 bytes)",
"p3p": "CP=",
"redirected": false,
"server": "nginx",
"status": 200,
"strict_transport_security": "max-age=63072000; includeSubdomains;",
"url": "https://my.zerotier.com/api/network/xxxxxxxxxxxxxxxx/member/8576d20e72",
"x_content_type_options": "nosniff",
"x_frame_options": "SAMEORIGIN",
"x_zerotier_central_api_version": "3",
"x_zerotier_central_version": "1.2.8"
}
I put in a debug: var=apiresult
after that to see what comes back from the POST ...
ok: [dove1.local] => {
"apiresult": {
"access_control_allow_methods": "GET,PUT,POST,DELETE",
"access_control_allow_origin": "*",
"cache_control": "no-cache, no-store, must-revalidate, private, no-transform, proxy-revalidate, max-age=0",
"changed": false,
"connection": "close",
"content_length": "836",
"content_security_policy": "default-src 'self' blob:;style-src 'self' 'unsafe-inline' https://support.zerotier
.com ;object-src 'self' blob:;connect-src 'self' https://community.zerotier.com/ https://support.zerotier.com https://
api.stripe.com https://checkout.stripe.com https://piwik.zerotier.com;frame-src 'self' https://community.zerotier.com/
https://support.zerotier.com https://js.stripe.com https://api.stripe.com https://checkout.stripe.com;script-src 'sel
f' 'unsafe-inline' 'unsafe-eval' https://support.zerotier.com https://piwik.zerotier.com https://js.stripe.com https:/
/api.stripe.com https://checkout.stripe.com;img-src 'self' https://support.zerotier.com https://piwik.zerotier.com htt
ps://api.stripe.com https://js.stripe.com https://q.stripe.com https://checkout.stripe.com https://stripe.com https://
www.stripe.com data: blob:;font-src 'self' data:",
"content_type": "application/json; charset=utf-8",
"date": "Tue, 29 Aug 2017 17:42:31 GMT",
"etag": "0509e94589bc62",
"json": {
"clientVersion": null,
"clock": 1504028551677,
"config": {
"activeBridge": false,
"address": "0000000000",
"authorized": true,
"capabilities": [],
"creationTime": 0,
"id": "0000000000",
"identity": null,
"ipAssignments": [],
"lastAuthorizedCredential": null,
"lastAuthorizedCredentialType": null,
"lastAuthorizedTime": 0,
"lastDeauthorizedTime": 0,
"noAutoAssignIps": false,
"nwid": "0000000000000000",
"objtype": "member",
"physicalAddr": "",
"remoteTraceTarget": null,
"revision": 0,
"tags": [],
"vMajor": 0,
"vMinor": 0,
"vProto": 0,
"vRev": 0
},
"controllerId": "e5cd7a9e1c",
"description": "",
"hidden": false,
"id": "xxxxxxxxxxxxxxxx-8576d20e72",
"lastOffline": 0,
"lastOnline": 0,
"name": "",
"networkId": "xxxxxxxxxxxxxxxx",
"nodeId": "8576d20e72",
"offlineNotifyDelay": 0,
"online": false,
"physicalAddress": null,
"physicalLocation": null,
"protocolVersion": 0,
"supportsRulesEngine": false,
"type": "Member"
},
"msg": "OK (836 bytes)",
"p3p": "CP=",
"redirected": false,
"server": "nginx",
"status": 200,
"strict_transport_security": "max-age=63072000; includeSubdomains;",
"url": "https://my.zerotier.com/api/network/xxxxxxxxxxxxxxxx/member/8576d20e72",
"x_content_type_options": "nosniff",
"x_frame_options": "SAMEORIGIN",
"x_zerotier_central_api_version": "3",
"x_zerotier_central_version": "1.2.8"
}
}
Everything looks fine, except for the name
field being empty. That's not a problem. The BIG issue is that the machine can't join the network - gets denied.
ubuntu@dove1:~$ sudo zerotier-cli info
200 info 8576d20e72 1.2.4 ONLINE
ubuntu@dove1:~$ sudo zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks xxxxxxxxxxxxxxxx 6a:0b:45:ce:90:08 ACCESS_DENIED PRIVATE zt0 -
If I stop zerotier, delete the /var/lib/zerotier
directory and restart it, then join manually (auth'ing the new machine in the UI on my.zerotier.com ... then it works fine. So it seems that something about the creation of the new record is bad, and completely blocks that new system from joining the network.
Update to latest ansible version (2.9.0) on ubuntu 18.04 lead to the message Unsupported parameters for (uri) module: register
.
fixed by PR #32
Either the network ID check (the task before it) needs to always run, or this tasks needs to be set to skip in check-mode
When applying the role to a fresh machine the hostname and description aren't being populated in ZeroTier.
The machine is a VirtualBox VM running Raspbian (2017-06-22-rpd-x86-jessie) which is based on Debian 8.10. I've tested using the current ansible-galaxy version of the role as well as the latest version from master.
I can see that the necessary fields are included correctly in the JSON data being POSTed to the API:
{
"hidden": false,
"config": {
"ipAssignments": [],
"authorized": true
},
"name": "MYTEST",
"description": "Test member"
}
When I view the member in the ZeroTier web console I can see that it has been automatically authorized and connected to the network as expected, however the name and description are left blank.
I've been able to reproduce the issue by calling the ZeroTier API manually. If I POST a new member to the API before it has ever actually connected to the ZeroTier network, the name and description don't get set. If I send exactly the same request to the API after the machine first appears in the ZeroTier web console then the name and description are populated correctly.
This makes me think it is a timing issue: Ansible is running the task to authorize the new member after telling the machine to join the network but before it has actually managed to do so. For whatever reason ZeroTier doesn't retain the name and description when this happens.
Interestingly, if I repeat the POST a second time the name and description get populated even if the machine hasn't yet connected to the network. I seem to have been able to work around the issue successfully by including the role twice to exploit this behaviour:
roles:
- { role: m4rcu5nl.zerotier-one, duplicate_run: 1 }
- { role: m4rcu5nl.zerotier-one, duplicate_run: 2 }
If I'm right this is probably more of a bug in the ZeroTier API than an issue with the Ansible role, but I wanted to raise it here in case there is a better workaround and/or I'm missing something obvious.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.