Bump ansible from 2.9.20 to 4.4.0

.gitignore

@@ -7,3 +7,4 @@ inventory_users
 .DS_Store
 venvs/*
 !venvs/.gitinit
+.vagrant

Vagrantfile

@@ -0,0 +1,36 @@
+Vagrant.configure("2") do |config| 
+  config.vm.box = "bento/ubuntu-20.04" 
+
+  config.vm.provider "virtualbox" do |v| 
+    v.name = "algo-20.04"
+    v.memory = "512" 
+    v.cpus = "1" 
+  end
+
+  config.vm.synced_folder "./", "/opt/algo", create: true
+
+  config.vm.provision "ansible_local" do |ansible|
+    ansible.playbook = "/opt/algo/main.yml"
+
+    # https://github.com/hashicorp/vagrant/issues/12204
+    ansible.pip_install_cmd = "sudo apt-get install -y python3-pip python-is-python3 && sudo ln -s -f /usr/bin/pip3 /usr/bin/pip"
+    ansible.install_mode = "pip_args_only"
+    ansible.pip_args = "-r /opt/algo/requirements.txt"
+    ansible.inventory_path = "/opt/algo/inventory"
+    ansible.limit = "local"
+    ansible.verbose = "-vvvv"
+    ansible.extra_vars = {
+      provider: "local",
+      server: "localhost",
+      ssh_user: "",
+      endpoint: "127.0.0.1",
+      ondemand_cellular: true,
+      ondemand_wifi: false,
+      dns_adblocking: true,
+      ssh_tunneling: true,
+      store_pki: true,
+      tests: true,
+      no_log: false
+    }
+  end
+end

config.cfg

@@ -197,7 +197,7 @@ cloud_providers:
     image: ubuntu-20.04
   openstack:
     flavor_ram: ">=512"
-    image:  Ubuntu-18.04
+    image:  Ubuntu-20.04
   cloudstack:
     size: Micro
     image: Linux Ubuntu 20.04 LTS 64-bit

docs/cloud-cloudstack.md

@@ -1,20 +1,11 @@
 ### Configuration file
 
-You need to create a configuration file in INI format with your api key in `$HOME/.cloudstack.ini`
+Algo scripts will ask you for the API detail. You need to fetch the API credentials and the endpoint from the provider cocntrol panel.
 
-```
-[cloudstack]
-endpoint = <endpoint>
-key = <your api key>
-secret = <your secret>
-timeout = 30
-```
+Example for Exoscale (European cloud provider exposing CloudStack API), visit https://portal.exoscale.com/u/<your@account>/account/profile/api to gather the required information: CloudStack api key and secret.
 
-Example for Exoscale (European cloud provider exposing CloudStack API), visit https://portal.exoscale.com/u/<your@account>/account/profile/api to gather the required information:  
-```
-[exoscale]
-endpoint = https://api.exoscale.com/compute
-key = <your api key>
-secret = <your secret>
-timeout = 30
+```bash
+export CLOUDSTACK_KEY="<your api key>"
+export CLOUDSTACK_SECRET="<your secret>"
+export CLOUDSTACK_ENDPOINT="https://api.exoscale.com/compute"
 ```

main.yml

@@ -9,7 +9,7 @@
 
     - name: Ensure Ansible is not being run in a world writable directory
       assert:
-        that: _playbook_dir.stat.mode|int <= 0775
+        that: _playbook_dir.stat.mode|int <= 775
         msg: >
           Ansible is being run in a world writable directory ({{ playbook_dir }}), ignoring it as an ansible.cfg source.
           For more information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir
@@ -24,9 +24,9 @@
     - name: Set required ansible version as a fact
       set_fact:
         required_ansible_version:
-          "{{ item |  regex_replace('^ansible[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$',
+          "{{ item |  regex_replace('^ansible-core[\\s+]?(?P<op>[=,>,<]+)[\\s+]?(?P<ver>\\d.\\d+(.\\d+)?)$',
                       '{\"op\": \"\\g<op>\",\"ver\": \"\\g<ver>\" }') }}"
-      when: '"ansible" in item'
+      when: '"ansible-core" in item'
       with_items: "{{ lookup('file', 'requirements.txt').splitlines() }}"
 
     - name: Verify Python meets Algo VPN requirements

playbooks/cloud-pre.yml

@@ -13,7 +13,7 @@
         'algo_ssh_tunneling "{{ algo_ssh_tunneling }}"' \
         'wireguard_enabled "{{ wireguard_enabled }}"' \
         'dns_encryption "{{ dns_encryption }}"' \
-        > /dev/tty
+        > /dev/tty || true
     tags: debug
 
   - name: Install the requirements

requirements.txt

@@ -1,3 +1,4 @@
-ansible==2.9.20
-jinja2==2.11.3
+ansible-core==2.11.3
+ansible==4.4.0
+jinja2~=3.0.1
 netaddr

roles/cloud-azure/tasks/venv.yml

@@ -1,45 +1,6 @@
 ---
 - name: Install requirements
   pip:
-    name:
-      - packaging
-      - requests[security]
-      - xmltodict
-      - azure-cli-core==2.16.0
-      - azure-cli-nspkg==3.0.2
-      - azure-common==1.1.11
-      - azure-mgmt-authorization==0.51.1
-      - azure-mgmt-batch==5.0.1
-      - azure-mgmt-cdn==3.0.0
-      - azure-mgmt-compute==4.4.0
-      - azure-mgmt-containerinstance==1.4.0
-      - azure-mgmt-containerregistry==2.0.0
-      - azure-mgmt-containerservice==4.4.0
-      - azure-mgmt-dns==2.1.0
-      - azure-mgmt-keyvault==1.1.0
-      - azure-mgmt-marketplaceordering==0.1.0
-      - azure-mgmt-monitor==0.5.2
-      - azure-mgmt-network==2.3.0
-      - azure-mgmt-nspkg==2.0.0
-      - azure-mgmt-redis==5.0.0
-      - azure-mgmt-resource==2.1.0
-      - azure-mgmt-rdbms==1.4.1
-      - azure-mgmt-servicebus==0.5.3
-      - azure-mgmt-sql==0.10.0
-      - azure-mgmt-storage==3.1.0
-      - azure-mgmt-trafficmanager==0.50.0
-      - azure-mgmt-web==0.41.0
-      - azure-nspkg==2.0.0
-      - azure-storage==0.35.1
-      - msrest==0.6.1
-      - msrestazure==0.6.4
-      - azure-keyvault==1.0.0a1
-      - azure-graphrbac==0.40.0
-      - azure-mgmt-cosmosdb==0.5.2
-      - azure-mgmt-hdinsight==0.1.0
-      - azure-mgmt-devtestlabs==3.0.0
-      - azure-mgmt-loganalytics==0.2.0
-      - azure-mgmt-automation==0.1.1
-      - azure-mgmt-iothub==0.7.0
+    requirements: https://raw.githubusercontent.com/ansible-collections/azure/v1.9.0/requirements-azure.txt
     state: latest
     virtualenv_python: python3

roles/cloud-cloudstack/tasks/main.yml

@@ -54,5 +54,6 @@
         ansible_ssh_port: "{{ ssh_port }}"
         cloudinit: true
   environment:
-    CLOUDSTACK_CONFIG: "{{ algo_cs_config }}"
-    CLOUDSTACK_REGION: "{{ algo_cs_region }}"
+    CLOUDSTACK_KEY: "{{ algo_cs_key }}"
+    CLOUDSTACK_SECRET: "{{ algo_cs_token }}"
+    CLOUDSTACK_ENDPOINT: "{{ algo_cs_url }}"

roles/cloud-cloudstack/tasks/prompts.yml

@@ -2,36 +2,47 @@
 - block:
   - pause:
       prompt: |
-        Enter path for cloudstack.ini file (https://trailofbits.github.io/algo/cloud-cloudstack.html)
-        [~/.cloudstack.ini]
-    register: _cs_config
+        Enter the API key (https://trailofbits.github.io/algo/cloud-cloudstack.html):
+      echo: false
+    register: _cs_key
     when:
-      - cs_config is undefined
-      - lookup('env', 'CLOUDSTACK_CONFIG') | length <= 0
+      - cs_key is undefined
+      - lookup('env','CLOUDSTACK_KEY')|length <= 0
 
   - pause:
       prompt: |
-        Specify region to use in cloudstack.ini file
-        [exoscale]
-    register: _cs_region
+        Enter the API ssecret (https://trailofbits.github.io/algo/cloud-cloudstack.html):
+      echo: false
+    register: _cs_secret
     when:
-      - cs_region is undefined
-      - lookup('env', 'CLOUDSTACK_REGION') | length <= 0
+      - cs_secret is undefined
+      - lookup('env','CLOUDSTACK_SECRET')|length <= 0
+
+  - pause:
+      prompt: |
+        Enter the API endpoint (https://trailofbits.github.io/algo/cloud-cloudstack.html)
+        [https://api.exoscale.com/compute]
+    register: _cs_url
+    when:
+      - cs_url is undefined
+      - lookup('env', 'CLOUDSTACK_ENDPOINT') | length <= 0
 
   - set_fact:
-      algo_cs_config: "{{ cs_config | default(_cs_config.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_CONFIG'), true) | default('~/.cloudstack.ini', true) }}"
-      algo_cs_region:  "{{ cs_region | default(_cs_region.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_REGION'), true) | default('exoscale', true) }}"
+      algo_cs_key: "{{ cs_key | default(_cs_key.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_KEY'), true) }}"
+      algo_cs_token: "{{ cs_secret | default(_cs_secret.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_SECRET'), true) }}"
+      algo_cs_url: "{{ cs_url | default(_cs_url.user_input|default(None)) | default(lookup('env', 'CLOUDSTACK_ENDPOINT'), true) | default('https://api.exoscale.com/compute', true) }}"
 
   - name: Get zones on cloud
-    cloudstack_zones:
+    cs_zone_info:
     register: _cs_zones
     environment:
-      CLOUDSTACK_CONFIG: "{{ algo_cs_config }}"
-      CLOUDSTACK_REGION: "{{ algo_cs_region }}"
+      CLOUDSTACK_KEY: "{{ algo_cs_key }}"
+      CLOUDSTACK_SECRET: "{{ algo_cs_token }}"
+      CLOUDSTACK_ENDPOINT: "{{ algo_cs_url }}"
 
   - name: Extract zones from output
     set_fact:
-      cs_zones: "{{ _cs_zones['zone'] | sort(attribute='name') }}"
+      cs_zones: "{{ _cs_zones['zones'] | sort(attribute='name') }}"
 
   - name: Set the default zone
     set_fact:

roles/cloud-ec2/tasks/main.yml

@@ -6,7 +6,7 @@
   import_tasks: prompts.yml
 
 - name: Locate official AMI for region
-  ec2_ami_facts:
+  ec2_ami_info:
     aws_access_key: "{{ access_key }}"
     aws_secret_key: "{{ secret_key }}"
     owners: "{{ cloud_providers.ec2.image.owner }}"

roles/cloud-ec2/tasks/prompts.yml

@@ -24,7 +24,7 @@
 
 - block:
   - name: Get regions
-    aws_region_facts:
+    aws_region_info:
       aws_access_key: "{{ access_key }}"
       aws_secret_key: "{{ secret_key }}"
       region: us-east-1
@@ -64,7 +64,7 @@
 
 - block:
   - name: Get existing available Elastic IPs
-    ec2_eip_facts:
+    ec2_eip_info:
       aws_access_key: "{{ access_key }}"
       aws_secret_key: "{{ secret_key }}"
       region: "{{ algo_region }}"