From ba6ea830197daadf0836702b5f6bef0ccb4584e2 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Fri, 28 Jun 2024 09:54:06 -0400 Subject: [PATCH 1/7] Correct lint issues --- .ansible-lint-ignore | 189 ++++++++++++++++++ roles/common_vars/defaults/main/mongodb.yml | 2 +- roles/gateway/tasks/copy-certs.yml | 6 +- roles/gateway/tasks/main.yaml | 2 + roles/gateway/tasks/update-release-file.yaml | 5 + roles/gateway/tasks/upgrade-iag.yaml | 6 + roles/gateway/vars/2023.2-redhat-8.yaml | 3 +- roles/gateway/vars/2023.2-rocky-8.yaml | 3 +- .../defaults/{main.yaml => main.yml} | 0 .../tasks/{main.yaml => main.yml} | 2 +- .../vars/{main.yaml => main.yml} | 0 ...release-2021.1.yaml => release-2021.1.yml} | 2 +- ...release-2021.2.yaml => release-2021.2.yml} | 2 +- ...release-2022.1.yaml => release-2022.1.yml} | 2 +- ...e-undefined.yaml => release-undefined.yml} | 0 15 files changed, 212 insertions(+), 12 deletions(-) create mode 100644 .ansible-lint-ignore rename roles/gateway_haproxy/defaults/{main.yaml => main.yml} (100%) rename roles/gateway_haproxy/tasks/{main.yaml => main.yml} (96%) rename roles/gateway_haproxy/vars/{main.yaml => main.yml} (100%) rename roles/gateway_haproxy/vars/{release-2021.1.yaml => release-2021.1.yml} (96%) rename roles/gateway_haproxy/vars/{release-2021.2.yaml => release-2021.2.yml} (96%) rename roles/gateway_haproxy/vars/{release-2022.1.yaml => release-2022.1.yml} (96%) rename roles/gateway_haproxy/vars/{release-undefined.yaml => release-undefined.yml} (100%) diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 00000000..8325cbcd --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1,189 @@ +# This file contains ignores rule violations for ansible-lint +#.github/workflows/publish_ansible_collection.yml yaml[trailing-spaces] +#.github/workflows/updateChangelog.yml yaml[comments] +#.gitlab-ci.yml yaml[empty-lines] +#.gitlab-ci.yml yaml[indentation] +#.gitlab-ci.yml yaml[line-length] +#.gitlab-ci.yml yaml[trailing-spaces] +#galaxy.yml galaxy[tags] +#meta/runtime.yml schema[meta-runtime] +#playbooks/download_packages_gateway.yml run-once[task] +#playbooks/download_packages_iag.yml run-once[task] +#playbooks/download_packages_iap.yml run-once[task] +#playbooks/download_packages_mongodb.yml run-once[task] +#playbooks/download_packages_os.yml run-once[task] +#playbooks/download_packages_platform.yml run-once[task] +#playbooks/download_packages_rabbitmq.yml run-once[task] +#playbooks/download_packages_redis.yml run-once[task] +#playbooks/download_packages_vault.yml run-once[task] +#playbooks/install_active_standby.yaml syntax-check[specific] +roles/common_vars/defaults/main/iap.yml var-naming[no-role-prefix] +roles/common_vars/defaults/main/main.yml var-naming[no-role-prefix] +roles/common_vars/defaults/main/mongodb.yml var-naming[no-role-prefix] +#roles/common_vars/defaults/main/mongodb.yml yaml[new-line-at-end-of-file] +roles/common_vars/defaults/main/rabbitmq.yml var-naming[no-role-prefix] +roles/common_vars/defaults/main/redis.yml var-naming[no-role-prefix] +roles/common_vars/defaults/main/vault.yml var-naming[no-role-prefix] +roles/gateway/defaults/main.yaml var-naming[no-role-prefix] +#roles/gateway/tasks/copy-certs.yml yaml[octal-values] +roles/gateway/tasks/download-packages-python.yml var-naming[no-role-prefix] +roles/gateway/tasks/download-packages.yml var-naming[no-role-prefix] +roles/gateway/tasks/download-python-dependencies.yml var-naming[no-role-prefix] +#roles/gateway/tasks/main.yaml risky-file-permissions +#roles/gateway/tasks/update-release-file.yaml risky-file-permissions +#roles/gateway/tasks/upgrade-iag.yaml no-changed-when +roles/gateway/vars/2021.1-centos-7.yaml var-naming[no-role-prefix] +roles/gateway/vars/2021.1-redhat-7.yaml var-naming[no-role-prefix] +roles/gateway/vars/2021.2-redhat-7.yaml var-naming[no-role-prefix] +roles/gateway/vars/2021.2-centos-7.yaml var-naming[no-role-prefix] +roles/gateway/vars/2022.1-redhat-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2022.1-rocky-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.1-redhat-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.1-redhat-9.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.1-rocky-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.1-rocky-9.yaml var-naming[no-role-prefix] +#roles/gateway/vars/2023.2-redhat-8.yaml yaml[empty-lines] +#roles/gateway/vars/2023.2-redhat-8.yaml yaml[trailing-spaces] +roles/gateway/vars/2023.2-rocky-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.2-redhat-8.yaml var-naming[no-role-prefix] +roles/gateway/vars/2023.2-redhat-9.yaml var-naming[no-role-prefix] +#roles/gateway/vars/2023.2-rocky-8.yaml yaml[empty-lines] +#roles/gateway/vars/2023.2-rocky-8.yaml yaml[trailing-spaces] +roles/gateway/vars/2023.2-rocky-9.yaml var-naming[no-role-prefix] +roles/gateway/vars/release-undefined.yaml var-naming[no-role-prefix] +roles/gateway_haproxy/defaults/main.yml var-naming[no-role-prefix] +#roles/gateway_haproxy/tasks/main.yml yaml[trailing-spaces] +#roles/gateway_haproxy/vars/release-2021.1.yml yaml[new-line-at-end-of-file] +#roles/gateway_haproxy/vars/release-2021.2.yml yaml[new-line-at-end-of-file] +#roles/gateway_haproxy/vars/release-2022.1.yml yaml[new-line-at-end-of-file] +roles/gateway_haproxy/vars/release-undefined.yml var-naming[no-role-prefix] +roles/mongodb/defaults/main.yaml var-naming[no-role-prefix] +#roles/mongodb/tasks/configure-selinux.yml no-changed-when +roles/mongodb/tasks/download-packages-python.yml var-naming[no-role-prefix] +roles/mongodb/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/mongodb/tasks/download-packages.yml yaml[line-length] +#roles/mongodb/tasks/download-packages.yml yaml[new-line-at-end-of-file] +#roles/mongodb/tasks/main.yaml ignore-errors +#roles/mongodb/tasks/main.yaml key-order[task] +#roles/mongodb/tasks/main.yaml no-changed-when +#roles/mongodb/tasks/main.yaml risky-file-permissions +#roles/mongodb/tasks/main.yaml risky-shell-pipe +#roles/mongodb/tasks/main.yaml yaml[truthy] +roles/mongodb/vars/2022.1-redhat-9.yaml var-naming[no-role-prefix] +roles/mongodb/vars/2023.1-rocky-8.yaml var-naming[no-role-prefix] +roles/mongodb/vars/2023.2-rocky-9.yaml var-naming[no-role-prefix] +roles/mongodb/vars/release-undefined.yaml var-naming[no-role-prefix] +roles/mongodb_auth/defaults/main.yaml var-naming[no-role-prefix] +#roles/mongodb_auth/tasks/main.yaml yaml[empty-lines] +#roles/mongodb_common/tasks/determine-primary-server.yml yaml[new-line-at-end-of-file] +#roles/mongodb_replication/defaults/main.yaml yaml[new-line-at-end-of-file] +roles/mongodb_tls/defaults/main.yaml var-naming[no-role-prefix] +#roles/mongodb_tls/tasks/main.yaml yaml[octal-values] +#roles/offline/tasks/download-adapter.yaml latest[git] +#roles/offline/tasks/download-adapter.yaml yaml[trailing-spaces] +#roles/offline/tasks/download-rpms.yaml command-instead-of-module +#roles/offline/tasks/download-rpms.yaml yaml[empty-lines] +#roles/offline/tasks/install-rpms.yaml command-instead-of-module +roles/os/defaults/main.yml var-naming[no-role-prefix] +#roles/os/defaults/main.yml yaml[new-line-at-end-of-file] +roles/os/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/os/tasks/redhat-online.yaml package-latest +roles/os/vars/release-7.yaml var-naming[no-role-prefix] +roles/os/vars/release-9.yaml var-naming[no-role-prefix] +roles/os/vars/release-undefined.yaml var-naming[no-role-prefix] +#roles/os/vars/release-undefined.yaml yaml[new-line-at-end-of-file] +roles/platform/defaults/main.yaml var-naming[no-role-prefix] +#roles/platform/tasks/backup-mongo.yml no-changed-when +#roles/platform/tasks/configure-firewalld.yml ignore-errors +#roles/platform/tasks/configure-vault.yml ignore-errors +#roles/platform/tasks/determine-release-vars.yml yaml[line-length] +#roles/platform/tasks/download-adapters.yml command-instead-of-module +roles/platform/tasks/download-adapters.yml var-naming[no-role-prefix] +roles/platform/tasks/download-packages-mongodb.yml var-naming[no-role-prefix] +roles/platform/tasks/download-packages-nodejs.yml var-naming[no-role-prefix] +roles/platform/tasks/download-packages-os.yml var-naming[no-role-prefix] +roles/platform/tasks/download-packages-python.yml var-naming[no-role-prefix] +roles/platform/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/platform/tasks/install-adapters.yaml command-instead-of-module +#roles/platform/tasks/install-adapters.yaml jinja[spacing] +#roles/platform/tasks/install-adapters.yaml latest[git] +roles/platform/tasks/install-adapters.yaml var-naming[no-role-prefix] +#roles/platform/tasks/install-adapters.yaml yaml[trailing-spaces] +#roles/platform/tasks/main.yaml key-order[task] +#roles/platform/tasks/mongo-init.yml no-changed-when +#roles/platform/tasks/update-release-file.yml risky-shell-pipe +roles/platform/vars/2021.2-redhat-7.yml var-naming[no-role-prefix] +roles/platform/vars/2022.1-redhat-9.yml var-naming[no-role-prefix] +roles/platform/vars/2023.2-rocky-9.yml var-naming[no-role-prefix] +#roles/platform/vars/main.yaml yaml[new-line-at-end-of-file] +roles/platform/vars/release-undefined.yaml var-naming[no-role-prefix] +roles/platform_app_artifact/defaults/main.yaml var-naming[no-role-prefix] +#roles/platform_app_artifact/tasks/main.yaml fqcn[action-core] +#roles/platform_app_artifact/tasks/main.yaml no-changed-when +#roles/platform_app_artifact/tasks/main.yaml yaml[octal-values] +#roles/python/tasks/create-symlinks.yml name[template] +roles/python/tasks/install-dependencies.yml var-naming[no-role-prefix] +#roles/python/tasks/python-from-source.yml no-changed-when +roles/rabbitmq/defaults/main.yml var-naming[no-role-prefix] +#roles/rabbitmq/defaults/main.yml yaml[comments] +roles/rabbitmq/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/rabbitmq/tasks/main.yaml ignore-errors +#roles/rabbitmq/tasks/main.yaml no-changed-when +#roles/rabbitmq/tasks/main.yaml risky-file-permissions +roles/rabbitmq/tasks/main.yaml var-naming[pattern] +#roles/rabbitmq/tasks/main.yaml yaml[colons] +#roles/rabbitmq/tasks/main.yaml yaml[octal-values] +#roles/rabbitmq/tasks/main.yaml yaml[truthy] +#roles/rabbitmq/tasks/rabbitmq-online.yml jinja[spacing] +#roles/rabbitmq/tasks/rabbitmq-online.yml yaml[octal-values] +#roles/rabbitmq/vars/main.yml yaml[new-line-at-end-of-file] +#roles/rabbitmq/vars/release-2022.1.yaml yaml[new-line-at-end-of-file] +roles/rabbitmq/vars/release-undefined.yaml var-naming[no-role-prefix] +roles/rabbitmq_cluster/defaults/main.yaml var-naming[no-role-prefix] +#roles/rabbitmq_cluster/tasks/main.yaml ignore-errors +#roles/rabbitmq_cluster/tasks/main.yaml jinja[spacing] +#roles/rabbitmq_cluster/tasks/main.yaml no-changed-when +#roles/rabbitmq_cluster/tasks/main.yaml yaml[line-length] +#roles/rabbitmq_cluster/tasks/main.yaml yaml[truthy] +#roles/rabbitmq_ssl/tasks/main.yaml ignore-errors +#roles/rabbitmq_ssl/tasks/main.yaml yaml[truthy] +roles/redis/defaults/main.yaml var-naming[no-role-prefix] +#roles/redis/handlers/main.yml yaml[truthy] +roles/redis/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/redis/tasks/main.yaml ignore-errors +#roles/redis/tasks/main.yaml key-order[task] +#roles/redis/tasks/main.yaml risky-file-permissions +#roles/redis/tasks/main.yaml risky-shell-pipe +#roles/redis/tasks/redis-offline.yml key-order[task] +#roles/redis/tasks/redis-using-remi-repo.yaml yaml[new-line-at-end-of-file] +#roles/redis/tasks/redis-using-source.yaml fqcn[canonical] +#roles/redis/tasks/redis-using-source.yaml no-handler +#roles/redis/tasks/redis-using-source.yaml yaml[truthy] +#roles/redis/vars/release-2021.1.yaml yaml[trailing-spaces] +#roles/redis/vars/release-2021.2.yaml yaml[trailing-spaces] +#roles/redis/vars/release-2022.1.yaml yaml[trailing-spaces] +#roles/redis/vars/release-2023.1.yaml yaml[trailing-spaces] +#roles/redis/vars/release-2023.2.yaml yaml[trailing-spaces] +roles/redis/vars/release-undefined.yaml var-naming[no-role-prefix] +#roles/redis_auth/defaults/main.yaml yaml[new-line-at-end-of-file] +#roles/redis_auth/tasks/main.yaml fqcn[action-core] +#roles/redis_auth/tasks/main.yaml no-changed-when +roles/redis_replication/defaults/main.yaml var-naming[no-role-prefix] +#roles/redis_replication/tasks/main.yaml fqcn[action-core] +#roles/redis_replication/tasks/main.yaml ignore-errors +#roles/redis_replication/tasks/main.yaml jinja[spacing] +#roles/redis_replication/tasks/main.yaml no-changed-when +#roles/redis_replication/tasks/main.yaml yaml[new-line-at-end-of-file] +#roles/redis_replication/tasks/main.yaml yaml[octal-values] +#roles/redis_replication/tasks/main.yaml yaml[truthy] +#roles/selinux/tasks/main.yml no-changed-when +#roles/selinux/tasks/main.yml risky-file-permissions +roles/vault/defaults/main.yaml var-naming[no-role-prefix] +roles/vault/tasks/download-packages.yml var-naming[no-role-prefix] +#roles/vault/tasks/main.yaml command-instead-of-shell +#roles/vault/tasks/main.yaml no-changed-when +#roles/vault/vars/main.yaml yaml[new-line-at-end-of-file] +roles/vault_unseal/defaults/main.yaml var-naming[no-role-prefix] +#roles/vault_unseal/defaults/main.yaml yaml[trailing-spaces] +#roles/vault_unseal/tasks/main.yaml yaml[trailing-spaces] +#roles/vault_unseal/tasks/main.yaml yaml[truthy] \ No newline at end of file diff --git a/roles/common_vars/defaults/main/mongodb.yml b/roles/common_vars/defaults/main/mongodb.yml index 8c8c2a8c..ccdbd755 100644 --- a/roles/common_vars/defaults/main/mongodb.yml +++ b/roles/common_vars/defaults/main/mongodb.yml @@ -32,4 +32,4 @@ mongo_user_localaaa_password: localaaa mongo_replset_name: rs0 mongodb_release_url: "https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/{{ mongodb_version }}/$basearch/" -mongodb_gpgkey_url: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" \ No newline at end of file +mongodb_gpgkey_url: "https://www.mongodb.org/static/pgp/server-{{ mongodb_version }}.asc" diff --git a/roles/gateway/tasks/copy-certs.yml b/roles/gateway/tasks/copy-certs.yml index b53613bb..b12cf257 100644 --- a/roles/gateway/tasks/copy-certs.yml +++ b/roles/gateway/tasks/copy-certs.yml @@ -6,7 +6,7 @@ ansible.builtin.copy: src: "{{ iag_ssl_cert_src }}" dest: "{{ iag_ssl_cert_dest }}" - mode: 0400 + mode: "0400" owner: "{{ iag_user }}" group: "{{ iag_group }}" @@ -14,7 +14,7 @@ ansible.builtin.copy: src: "{{ iag_ssl_key_src }}" dest: "{{ iag_ssl_key_dest }}" - mode: 0400 + mode: "0400" owner: "{{ iag_user }}" group: "{{ iag_group }}" @@ -22,6 +22,6 @@ ansible.builtin.copy: src: "{{ iag_ssl_rootca_src }}" dest: "{{ iag_ssl_rootca_dest }}" - mode: 0400 + mode: "0400" group: "{{ iag_group }}" owner: "{{ iag_user }}" diff --git a/roles/gateway/tasks/main.yaml b/roles/gateway/tasks/main.yaml index 8f709824..7d12d93f 100644 --- a/roles/gateway/tasks/main.yaml +++ b/roles/gateway/tasks/main.yaml @@ -111,6 +111,7 @@ ansible.builtin.template: src: ansible.cfg.j2 dest: /etc/ansible/ansible.cfg + mode: "0644" backup: true - name: Create empty ansible inventory files @@ -199,6 +200,7 @@ ansible.builtin.template: src: automation-gateway.service.j2 dest: /etc/systemd/system/automation-gateway.service + mode: "0644" backup: true # Check if firewalld is running, if it is then open the appropriate ports diff --git a/roles/gateway/tasks/update-release-file.yaml b/roles/gateway/tasks/update-release-file.yaml index 61488050..31d9b7e2 100644 --- a/roles/gateway/tasks/update-release-file.yaml +++ b/roles/gateway/tasks/update-release-file.yaml @@ -5,6 +5,7 @@ ansible.builtin.lineinfile: path: "{{ itential_release_file }}" line: "GATEWAY={{ iag_release }}" + mode: "0666" create: true changed_when: true @@ -18,6 +19,7 @@ ansible.builtin.lineinfile: path: "{{ itential_release_file }}" line: "PYTHON={{ python_installed_version.stdout }}" + mode: "0666" create: true changed_when: true @@ -31,6 +33,7 @@ ansible.builtin.lineinfile: path: "{{ itential_release_file }}" line: "PIP={{ pip_installed_version.stdout }}" + mode: "0666" create: true changed_when: true @@ -38,6 +41,7 @@ ansible.builtin.lineinfile: path: "{{ itential_release_file }}" line: "ANSIBLE={{ iag_ansible_version }}" + mode: "0666" create: true when: iag_enable_ansible | bool changed_when: true @@ -46,6 +50,7 @@ ansible.builtin.lineinfile: path: "{{ itential_release_file }}" line: "NORNIR=true" + mode: "0666" create: true when: iag_enable_nornir | bool changed_when: true diff --git a/roles/gateway/tasks/upgrade-iag.yaml b/roles/gateway/tasks/upgrade-iag.yaml index 24f6639d..bfa41eda 100644 --- a/roles/gateway/tasks/upgrade-iag.yaml +++ b/roles/gateway/tasks/upgrade-iag.yaml @@ -23,10 +23,16 @@ - name: Set appropriate ownership on all gateway files ansible.builtin.command: cmd: "chown -R {{ iag_user }}:{{ iag_group }} {{ iag_install_dir }}/venv" + register: chown_output + changed_when: chown_output.rc == 0 + failed_when: chown_output.rc != 0 - name: Set appropriate permissions on all gateway files ansible.builtin.command: cmd: "chmod -R 775 {{ iag_install_dir }}/venv" + register: chmod_output + changed_when: chmod_output.rc == 0 + failed_when: chmod_output.rc != 0 - name: Start Automation Gateway service ansible.builtin.service: diff --git a/roles/gateway/vars/2023.2-redhat-8.yaml b/roles/gateway/vars/2023.2-redhat-8.yaml index d51800a1..4012d893 100644 --- a/roles/gateway/vars/2023.2-redhat-8.yaml +++ b/roles/gateway/vars/2023.2-redhat-8.yaml @@ -36,6 +36,5 @@ app_python_dependencies: - nornir-netmiko==0.2.0 - nornir-utils==0.2.0 - pygnmi==0.8.9 - -iag_ansible_version: ansible==7.7.0 +iag_ansible_version: ansible==7.7.0 diff --git a/roles/gateway/vars/2023.2-rocky-8.yaml b/roles/gateway/vars/2023.2-rocky-8.yaml index d51800a1..4012d893 100644 --- a/roles/gateway/vars/2023.2-rocky-8.yaml +++ b/roles/gateway/vars/2023.2-rocky-8.yaml @@ -36,6 +36,5 @@ app_python_dependencies: - nornir-netmiko==0.2.0 - nornir-utils==0.2.0 - pygnmi==0.8.9 - -iag_ansible_version: ansible==7.7.0 +iag_ansible_version: ansible==7.7.0 diff --git a/roles/gateway_haproxy/defaults/main.yaml b/roles/gateway_haproxy/defaults/main.yml similarity index 100% rename from roles/gateway_haproxy/defaults/main.yaml rename to roles/gateway_haproxy/defaults/main.yml diff --git a/roles/gateway_haproxy/tasks/main.yaml b/roles/gateway_haproxy/tasks/main.yml similarity index 96% rename from roles/gateway_haproxy/tasks/main.yaml rename to roles/gateway_haproxy/tasks/main.yml index 2ab088db..fb049a79 100644 --- a/roles/gateway_haproxy/tasks/main.yaml +++ b/roles/gateway_haproxy/tasks/main.yml @@ -11,7 +11,7 @@ - name: Check for valid IAG release ansible.builtin.fail: msg: "Deployer does not support installing HAProxy on {{ iag_release }}" - when: invalid_iag_release is defined + when: invalid_iag_release is defined - name: Install HAProxy ansible.builtin.package: diff --git a/roles/gateway_haproxy/vars/main.yaml b/roles/gateway_haproxy/vars/main.yml similarity index 100% rename from roles/gateway_haproxy/vars/main.yaml rename to roles/gateway_haproxy/vars/main.yml diff --git a/roles/gateway_haproxy/vars/release-2021.1.yaml b/roles/gateway_haproxy/vars/release-2021.1.yml similarity index 96% rename from roles/gateway_haproxy/vars/release-2021.1.yaml rename to roles/gateway_haproxy/vars/release-2021.1.yml index 6181765e..8a31de01 100644 --- a/roles/gateway_haproxy/vars/release-2021.1.yaml +++ b/roles/gateway_haproxy/vars/release-2021.1.yml @@ -1,3 +1,3 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file +--- diff --git a/roles/gateway_haproxy/vars/release-2021.2.yaml b/roles/gateway_haproxy/vars/release-2021.2.yml similarity index 96% rename from roles/gateway_haproxy/vars/release-2021.2.yaml rename to roles/gateway_haproxy/vars/release-2021.2.yml index 6181765e..8a31de01 100644 --- a/roles/gateway_haproxy/vars/release-2021.2.yaml +++ b/roles/gateway_haproxy/vars/release-2021.2.yml @@ -1,3 +1,3 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file +--- diff --git a/roles/gateway_haproxy/vars/release-2022.1.yaml b/roles/gateway_haproxy/vars/release-2022.1.yml similarity index 96% rename from roles/gateway_haproxy/vars/release-2022.1.yaml rename to roles/gateway_haproxy/vars/release-2022.1.yml index 6181765e..8a31de01 100644 --- a/roles/gateway_haproxy/vars/release-2022.1.yaml +++ b/roles/gateway_haproxy/vars/release-2022.1.yml @@ -1,3 +1,3 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file +--- diff --git a/roles/gateway_haproxy/vars/release-undefined.yaml b/roles/gateway_haproxy/vars/release-undefined.yml similarity index 100% rename from roles/gateway_haproxy/vars/release-undefined.yaml rename to roles/gateway_haproxy/vars/release-undefined.yml From 53d9745da09b9c79f1e14fc1639baadac8d28c5e Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Fri, 28 Jun 2024 14:53:17 -0400 Subject: [PATCH 2/7] Add ansible-lint, remove ansible-lint-ignore --- .ansible-lint | 10 +++ .ansible-lint-ignore | 189 ------------------------------------------- 2 files changed, 10 insertions(+), 189 deletions(-) create mode 100644 .ansible-lint delete mode 100644 .ansible-lint-ignore diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..dcd76618 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,10 @@ +--- +# .ansible-lint + +exclude_paths: + - .gitlab + +# Rules that we feel should not be errors but warnings +warn_list: + - yaml[line-length] + - var-naming[no-role-prefix] diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore deleted file mode 100644 index 8325cbcd..00000000 --- a/.ansible-lint-ignore +++ /dev/null @@ -1,189 +0,0 @@ -# This file contains ignores rule violations for ansible-lint -#.github/workflows/publish_ansible_collection.yml yaml[trailing-spaces] -#.github/workflows/updateChangelog.yml yaml[comments] -#.gitlab-ci.yml yaml[empty-lines] -#.gitlab-ci.yml yaml[indentation] -#.gitlab-ci.yml yaml[line-length] -#.gitlab-ci.yml yaml[trailing-spaces] -#galaxy.yml galaxy[tags] -#meta/runtime.yml schema[meta-runtime] -#playbooks/download_packages_gateway.yml run-once[task] -#playbooks/download_packages_iag.yml run-once[task] -#playbooks/download_packages_iap.yml run-once[task] -#playbooks/download_packages_mongodb.yml run-once[task] -#playbooks/download_packages_os.yml run-once[task] -#playbooks/download_packages_platform.yml run-once[task] -#playbooks/download_packages_rabbitmq.yml run-once[task] -#playbooks/download_packages_redis.yml run-once[task] -#playbooks/download_packages_vault.yml run-once[task] -#playbooks/install_active_standby.yaml syntax-check[specific] -roles/common_vars/defaults/main/iap.yml var-naming[no-role-prefix] -roles/common_vars/defaults/main/main.yml var-naming[no-role-prefix] -roles/common_vars/defaults/main/mongodb.yml var-naming[no-role-prefix] -#roles/common_vars/defaults/main/mongodb.yml yaml[new-line-at-end-of-file] -roles/common_vars/defaults/main/rabbitmq.yml var-naming[no-role-prefix] -roles/common_vars/defaults/main/redis.yml var-naming[no-role-prefix] -roles/common_vars/defaults/main/vault.yml var-naming[no-role-prefix] -roles/gateway/defaults/main.yaml var-naming[no-role-prefix] -#roles/gateway/tasks/copy-certs.yml yaml[octal-values] -roles/gateway/tasks/download-packages-python.yml var-naming[no-role-prefix] -roles/gateway/tasks/download-packages.yml var-naming[no-role-prefix] -roles/gateway/tasks/download-python-dependencies.yml var-naming[no-role-prefix] -#roles/gateway/tasks/main.yaml risky-file-permissions -#roles/gateway/tasks/update-release-file.yaml risky-file-permissions -#roles/gateway/tasks/upgrade-iag.yaml no-changed-when -roles/gateway/vars/2021.1-centos-7.yaml var-naming[no-role-prefix] -roles/gateway/vars/2021.1-redhat-7.yaml var-naming[no-role-prefix] -roles/gateway/vars/2021.2-redhat-7.yaml var-naming[no-role-prefix] -roles/gateway/vars/2021.2-centos-7.yaml var-naming[no-role-prefix] -roles/gateway/vars/2022.1-redhat-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2022.1-rocky-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.1-redhat-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.1-redhat-9.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.1-rocky-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.1-rocky-9.yaml var-naming[no-role-prefix] -#roles/gateway/vars/2023.2-redhat-8.yaml yaml[empty-lines] -#roles/gateway/vars/2023.2-redhat-8.yaml yaml[trailing-spaces] -roles/gateway/vars/2023.2-rocky-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.2-redhat-8.yaml var-naming[no-role-prefix] -roles/gateway/vars/2023.2-redhat-9.yaml var-naming[no-role-prefix] -#roles/gateway/vars/2023.2-rocky-8.yaml yaml[empty-lines] -#roles/gateway/vars/2023.2-rocky-8.yaml yaml[trailing-spaces] -roles/gateway/vars/2023.2-rocky-9.yaml var-naming[no-role-prefix] -roles/gateway/vars/release-undefined.yaml var-naming[no-role-prefix] -roles/gateway_haproxy/defaults/main.yml var-naming[no-role-prefix] -#roles/gateway_haproxy/tasks/main.yml yaml[trailing-spaces] -#roles/gateway_haproxy/vars/release-2021.1.yml yaml[new-line-at-end-of-file] -#roles/gateway_haproxy/vars/release-2021.2.yml yaml[new-line-at-end-of-file] -#roles/gateway_haproxy/vars/release-2022.1.yml yaml[new-line-at-end-of-file] -roles/gateway_haproxy/vars/release-undefined.yml var-naming[no-role-prefix] -roles/mongodb/defaults/main.yaml var-naming[no-role-prefix] -#roles/mongodb/tasks/configure-selinux.yml no-changed-when -roles/mongodb/tasks/download-packages-python.yml var-naming[no-role-prefix] -roles/mongodb/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/mongodb/tasks/download-packages.yml yaml[line-length] -#roles/mongodb/tasks/download-packages.yml yaml[new-line-at-end-of-file] -#roles/mongodb/tasks/main.yaml ignore-errors -#roles/mongodb/tasks/main.yaml key-order[task] -#roles/mongodb/tasks/main.yaml no-changed-when -#roles/mongodb/tasks/main.yaml risky-file-permissions -#roles/mongodb/tasks/main.yaml risky-shell-pipe -#roles/mongodb/tasks/main.yaml yaml[truthy] -roles/mongodb/vars/2022.1-redhat-9.yaml var-naming[no-role-prefix] -roles/mongodb/vars/2023.1-rocky-8.yaml var-naming[no-role-prefix] -roles/mongodb/vars/2023.2-rocky-9.yaml var-naming[no-role-prefix] -roles/mongodb/vars/release-undefined.yaml var-naming[no-role-prefix] -roles/mongodb_auth/defaults/main.yaml var-naming[no-role-prefix] -#roles/mongodb_auth/tasks/main.yaml yaml[empty-lines] -#roles/mongodb_common/tasks/determine-primary-server.yml yaml[new-line-at-end-of-file] -#roles/mongodb_replication/defaults/main.yaml yaml[new-line-at-end-of-file] -roles/mongodb_tls/defaults/main.yaml var-naming[no-role-prefix] -#roles/mongodb_tls/tasks/main.yaml yaml[octal-values] -#roles/offline/tasks/download-adapter.yaml latest[git] -#roles/offline/tasks/download-adapter.yaml yaml[trailing-spaces] -#roles/offline/tasks/download-rpms.yaml command-instead-of-module -#roles/offline/tasks/download-rpms.yaml yaml[empty-lines] -#roles/offline/tasks/install-rpms.yaml command-instead-of-module -roles/os/defaults/main.yml var-naming[no-role-prefix] -#roles/os/defaults/main.yml yaml[new-line-at-end-of-file] -roles/os/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/os/tasks/redhat-online.yaml package-latest -roles/os/vars/release-7.yaml var-naming[no-role-prefix] -roles/os/vars/release-9.yaml var-naming[no-role-prefix] -roles/os/vars/release-undefined.yaml var-naming[no-role-prefix] -#roles/os/vars/release-undefined.yaml yaml[new-line-at-end-of-file] -roles/platform/defaults/main.yaml var-naming[no-role-prefix] -#roles/platform/tasks/backup-mongo.yml no-changed-when -#roles/platform/tasks/configure-firewalld.yml ignore-errors -#roles/platform/tasks/configure-vault.yml ignore-errors -#roles/platform/tasks/determine-release-vars.yml yaml[line-length] -#roles/platform/tasks/download-adapters.yml command-instead-of-module -roles/platform/tasks/download-adapters.yml var-naming[no-role-prefix] -roles/platform/tasks/download-packages-mongodb.yml var-naming[no-role-prefix] -roles/platform/tasks/download-packages-nodejs.yml var-naming[no-role-prefix] -roles/platform/tasks/download-packages-os.yml var-naming[no-role-prefix] -roles/platform/tasks/download-packages-python.yml var-naming[no-role-prefix] -roles/platform/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/platform/tasks/install-adapters.yaml command-instead-of-module -#roles/platform/tasks/install-adapters.yaml jinja[spacing] -#roles/platform/tasks/install-adapters.yaml latest[git] -roles/platform/tasks/install-adapters.yaml var-naming[no-role-prefix] -#roles/platform/tasks/install-adapters.yaml yaml[trailing-spaces] -#roles/platform/tasks/main.yaml key-order[task] -#roles/platform/tasks/mongo-init.yml no-changed-when -#roles/platform/tasks/update-release-file.yml risky-shell-pipe -roles/platform/vars/2021.2-redhat-7.yml var-naming[no-role-prefix] -roles/platform/vars/2022.1-redhat-9.yml var-naming[no-role-prefix] -roles/platform/vars/2023.2-rocky-9.yml var-naming[no-role-prefix] -#roles/platform/vars/main.yaml yaml[new-line-at-end-of-file] -roles/platform/vars/release-undefined.yaml var-naming[no-role-prefix] -roles/platform_app_artifact/defaults/main.yaml var-naming[no-role-prefix] -#roles/platform_app_artifact/tasks/main.yaml fqcn[action-core] -#roles/platform_app_artifact/tasks/main.yaml no-changed-when -#roles/platform_app_artifact/tasks/main.yaml yaml[octal-values] -#roles/python/tasks/create-symlinks.yml name[template] -roles/python/tasks/install-dependencies.yml var-naming[no-role-prefix] -#roles/python/tasks/python-from-source.yml no-changed-when -roles/rabbitmq/defaults/main.yml var-naming[no-role-prefix] -#roles/rabbitmq/defaults/main.yml yaml[comments] -roles/rabbitmq/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/rabbitmq/tasks/main.yaml ignore-errors -#roles/rabbitmq/tasks/main.yaml no-changed-when -#roles/rabbitmq/tasks/main.yaml risky-file-permissions -roles/rabbitmq/tasks/main.yaml var-naming[pattern] -#roles/rabbitmq/tasks/main.yaml yaml[colons] -#roles/rabbitmq/tasks/main.yaml yaml[octal-values] -#roles/rabbitmq/tasks/main.yaml yaml[truthy] -#roles/rabbitmq/tasks/rabbitmq-online.yml jinja[spacing] -#roles/rabbitmq/tasks/rabbitmq-online.yml yaml[octal-values] -#roles/rabbitmq/vars/main.yml yaml[new-line-at-end-of-file] -#roles/rabbitmq/vars/release-2022.1.yaml yaml[new-line-at-end-of-file] -roles/rabbitmq/vars/release-undefined.yaml var-naming[no-role-prefix] -roles/rabbitmq_cluster/defaults/main.yaml var-naming[no-role-prefix] -#roles/rabbitmq_cluster/tasks/main.yaml ignore-errors -#roles/rabbitmq_cluster/tasks/main.yaml jinja[spacing] -#roles/rabbitmq_cluster/tasks/main.yaml no-changed-when -#roles/rabbitmq_cluster/tasks/main.yaml yaml[line-length] -#roles/rabbitmq_cluster/tasks/main.yaml yaml[truthy] -#roles/rabbitmq_ssl/tasks/main.yaml ignore-errors -#roles/rabbitmq_ssl/tasks/main.yaml yaml[truthy] -roles/redis/defaults/main.yaml var-naming[no-role-prefix] -#roles/redis/handlers/main.yml yaml[truthy] -roles/redis/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/redis/tasks/main.yaml ignore-errors -#roles/redis/tasks/main.yaml key-order[task] -#roles/redis/tasks/main.yaml risky-file-permissions -#roles/redis/tasks/main.yaml risky-shell-pipe -#roles/redis/tasks/redis-offline.yml key-order[task] -#roles/redis/tasks/redis-using-remi-repo.yaml yaml[new-line-at-end-of-file] -#roles/redis/tasks/redis-using-source.yaml fqcn[canonical] -#roles/redis/tasks/redis-using-source.yaml no-handler -#roles/redis/tasks/redis-using-source.yaml yaml[truthy] -#roles/redis/vars/release-2021.1.yaml yaml[trailing-spaces] -#roles/redis/vars/release-2021.2.yaml yaml[trailing-spaces] -#roles/redis/vars/release-2022.1.yaml yaml[trailing-spaces] -#roles/redis/vars/release-2023.1.yaml yaml[trailing-spaces] -#roles/redis/vars/release-2023.2.yaml yaml[trailing-spaces] -roles/redis/vars/release-undefined.yaml var-naming[no-role-prefix] -#roles/redis_auth/defaults/main.yaml yaml[new-line-at-end-of-file] -#roles/redis_auth/tasks/main.yaml fqcn[action-core] -#roles/redis_auth/tasks/main.yaml no-changed-when -roles/redis_replication/defaults/main.yaml var-naming[no-role-prefix] -#roles/redis_replication/tasks/main.yaml fqcn[action-core] -#roles/redis_replication/tasks/main.yaml ignore-errors -#roles/redis_replication/tasks/main.yaml jinja[spacing] -#roles/redis_replication/tasks/main.yaml no-changed-when -#roles/redis_replication/tasks/main.yaml yaml[new-line-at-end-of-file] -#roles/redis_replication/tasks/main.yaml yaml[octal-values] -#roles/redis_replication/tasks/main.yaml yaml[truthy] -#roles/selinux/tasks/main.yml no-changed-when -#roles/selinux/tasks/main.yml risky-file-permissions -roles/vault/defaults/main.yaml var-naming[no-role-prefix] -roles/vault/tasks/download-packages.yml var-naming[no-role-prefix] -#roles/vault/tasks/main.yaml command-instead-of-shell -#roles/vault/tasks/main.yaml no-changed-when -#roles/vault/vars/main.yaml yaml[new-line-at-end-of-file] -roles/vault_unseal/defaults/main.yaml var-naming[no-role-prefix] -#roles/vault_unseal/defaults/main.yaml yaml[trailing-spaces] -#roles/vault_unseal/tasks/main.yaml yaml[trailing-spaces] -#roles/vault_unseal/tasks/main.yaml yaml[truthy] \ No newline at end of file From 730ced22e4676d72c1f9cfa14b4ebf825bbcf538 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Fri, 28 Jun 2024 14:54:23 -0400 Subject: [PATCH 3/7] Add ansible-lint, remove ansible-lint-ignore --- .ansible-lint | 1 + 1 file changed, 1 insertion(+) diff --git a/.ansible-lint b/.ansible-lint index dcd76618..4e77ee1d 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,7 @@ --- # .ansible-lint +# Exclude these files from the linter exclude_paths: - .gitlab From 89f9ee90c8960cde3cfbd906a478941f7f93ddec Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Mon, 1 Jul 2024 20:50:25 -0400 Subject: [PATCH 4/7] changed yaml to yml --- roles/gateway_haproxy/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/gateway_haproxy/tasks/main.yml b/roles/gateway_haproxy/tasks/main.yml index fb049a79..b508c79e 100644 --- a/roles/gateway_haproxy/tasks/main.yml +++ b/roles/gateway_haproxy/tasks/main.yml @@ -5,8 +5,8 @@ ansible.builtin.include_vars: file: "{{ item }}" with_first_found: - - "release-{{ iag_release }}.yaml" - - "release-undefined.yaml" + - "release-{{ iag_release }}.yml" + - "release-undefined.yml" - name: Check for valid IAG release ansible.builtin.fail: From 911b11335259af433a3d21a46cc44737cac130c5 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Wed, 3 Jul 2024 09:24:21 -0400 Subject: [PATCH 5/7] Correct lint issues in mongo roles --- roles/mongodb/tasks/configure-selinux.yml | 3 ++ roles/mongodb/tasks/download-packages.yml | 2 +- roles/mongodb/tasks/main.yaml | 39 +++++++++++++------ roles/mongodb_auth/tasks/main.yaml | 1 - .../tasks/determine-primary-server.yml | 2 +- roles/mongodb_replication/defaults/main.yaml | 2 +- roles/mongodb_tls/tasks/main.yaml | 4 +- roles/selinux/tasks/main.yml | 10 +++++ 8 files changed, 46 insertions(+), 17 deletions(-) diff --git a/roles/mongodb/tasks/configure-selinux.yml b/roles/mongodb/tasks/configure-selinux.yml index 5f606fda..542e65f8 100644 --- a/roles/mongodb/tasks/configure-selinux.yml +++ b/roles/mongodb/tasks/configure-selinux.yml @@ -24,6 +24,7 @@ - chcon -Rv -u system_u -t mongod_var_lib_t '{{ mongo_data_dir }}' - restorecon -R -v '{{ mongo_data_dir }}' register: result + changed_when: result.rc == 0 failed_when: - result.rc is defined - result.rc > 0 @@ -36,6 +37,8 @@ - semanage fcontext -a -t mongod_log_t '{{ mongo_log_dir }}' - chcon -Rv -u system_u -t mongod_log_t '{{ mongo_log_dir }}' - restorecon -R -v '{{ mongo_log_dir }}' + register: result + changed_when: result.rc == 0 failed_when: - result.rc is defined - result.rc > 0 diff --git a/roles/mongodb/tasks/download-packages.yml b/roles/mongodb/tasks/download-packages.yml index e5eabdc5..9a4e2b10 100644 --- a/roles/mongodb/tasks/download-packages.yml +++ b/roles/mongodb/tasks/download-packages.yml @@ -70,4 +70,4 @@ tasks_from: fetch-packages vars: src_dir: "{{ wheels_download_dir_target_node }}/app" - dest_dir: "{{ wheels_download_dir_control_node }}/app" \ No newline at end of file + dest_dir: "{{ wheels_download_dir_control_node }}/app" diff --git a/roles/mongodb/tasks/main.yaml b/roles/mongodb/tasks/main.yaml index 9bdb4ef9..9f7aa34a 100644 --- a/roles/mongodb/tasks/main.yaml +++ b/roles/mongodb/tasks/main.yaml @@ -21,6 +21,7 @@ tags: install_base_os_packages - name: Install MongoDB packages + tags: install_mongodb_packages block: - name: Get the list of installed packages ansible.builtin.package_facts: @@ -35,7 +36,6 @@ ansible.builtin.include_tasks: file: mongodb-offline.yml when: offline_install - tags: install_mongodb_packages - name: Install Python ansible.builtin.include_tasks: @@ -53,6 +53,7 @@ ansible.builtin.template: src: thp.service.j2 dest: "/etc/systemd/system/disable-transparent-huge-pages.service" + mode: "0644" - name: Reload systemd unit files ansible.builtin.systemd: @@ -74,36 +75,45 @@ path: "/etc/tuned/virtual-guest-no-thp" owner: root group: root + mode: "0755" - name: Ensure tuned does not re-enable THP ansible.builtin.template: src: tuned.conf.j2 dest: "/etc/tuned/virtual-guest-no-thp/tuned.conf" + mode: "0644" - name: Enable tuned profile - ansible.builtin.command: tuned-adm profile virtual-guest-no-thp + ansible.builtin.command: + cmd: tuned-adm profile virtual-guest-no-thp vars: ansible_python_interpreter: "{{ python_venv }}/bin/python3" ignore_errors: true + # register: result + # changed_when: result.rc == 0 + # failed_when: result.rc > 0 # Tune Kernel parameters - name: Adjust keepalive ansible.posix.sysctl: name: net.ipv4.tcp_keepalive_time value: 300 - ignore_errors: true + failed_when: false + changed_when: false - name: Disable zone reclaim mode ansible.posix.sysctl: name: vm.zone_reclaim_mode value: 0 - ignore_errors: true + failed_when: false + changed_when: false - name: Increase throughput settings ansible.posix.sysctl: name: net.core.somaxconn value: 65535 - ignore_errors: true + failed_when: false + changed_when: false # Set Soft User Limits - name: Set number of procs @@ -112,7 +122,8 @@ limit_type: soft limit_item: nproc value: 32000 - ignore_errors: true + failed_when: false + changed_when: false - name: Set number of files community.general.pam_limits: @@ -120,7 +131,8 @@ limit_type: soft limit_item: nofile value: 64000 - ignore_errors: true + failed_when: false + changed_when: false - name: Create data directory ansible.builtin.file: @@ -128,6 +140,7 @@ path: "{{ mongo_data_dir }}" owner: "{{ mongo_owner }}" group: "{{ mongo_group }}" + mode: "0755" - name: Create log directory ansible.builtin.file: @@ -135,6 +148,7 @@ path: "{{ mongo_log_dir }}" owner: "{{ mongo_owner }}" group: "{{ mongo_group }}" + mode: "0755" - name: Create pid directory ansible.builtin.file: @@ -165,15 +179,17 @@ - name: Open Port on FirewallD Public Zone ansible.posix.firewalld: port: "{{ mongo_port }}/tcp" - permanent: yes + permanent: true state: enabled zone: public - immediate: yes + immediate: true when: - ansible_facts.services["firewalld.service"] is defined - (ansible_facts.services["firewalld.service"].state == "running") - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 - name: Start mongo ansible.builtin.systemd: @@ -250,7 +266,7 @@ - name: Determine mongo version ansible.builtin.shell: - cmd: mongod --version | grep "db version" | cut -d" " -f3 + cmd: set -o pipefail && mongod --version | grep "db version" | cut -d" " -f3 register: result check_mode: false changed_when: false @@ -267,3 +283,4 @@ regexp: '^MONGODB=' line: "MONGODB={{ mongodb_release }}" create: true + mode: "0644" diff --git a/roles/mongodb_auth/tasks/main.yaml b/roles/mongodb_auth/tasks/main.yaml index df2facbd..9245df8c 100644 --- a/roles/mongodb_auth/tasks/main.yaml +++ b/roles/mongodb_auth/tasks/main.yaml @@ -43,4 +43,3 @@ ansible.builtin.include_role: name: mongodb_common tasks_from: restart-mongo.yml - diff --git a/roles/mongodb_common/tasks/determine-primary-server.yml b/roles/mongodb_common/tasks/determine-primary-server.yml index 92a68b0b..b06e43f3 100644 --- a/roles/mongodb_common/tasks/determine-primary-server.yml +++ b/roles/mongodb_common/tasks/determine-primary-server.yml @@ -38,4 +38,4 @@ loop: "{{ lookup('dict', mongodb_status_result.replicaset) }}" when: - not mongodb_status_result.failed - - "'PRIMARY' in item.value" \ No newline at end of file + - "'PRIMARY' in item.value" diff --git a/roles/mongodb_replication/defaults/main.yaml b/roles/mongodb_replication/defaults/main.yaml index 6181765e..8a31de01 100644 --- a/roles/mongodb_replication/defaults/main.yaml +++ b/roles/mongodb_replication/defaults/main.yaml @@ -1,3 +1,3 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file +--- diff --git a/roles/mongodb_tls/tasks/main.yaml b/roles/mongodb_tls/tasks/main.yaml index d7afd87d..580bb53c 100644 --- a/roles/mongodb_tls/tasks/main.yaml +++ b/roles/mongodb_tls/tasks/main.yaml @@ -8,7 +8,7 @@ ansible.builtin.copy: src: "{{ mongo_cert_keyfile_source }}" dest: "{{ mongo_cert_keyfile_destination }}" - mode: 0400 + mode: "0400" group: "{{ mongo_group }}" owner: "{{ mongo_owner }}" @@ -17,7 +17,7 @@ ansible.builtin.copy: src: "{{ mongo_root_ca_file_source }}" dest: "{{ mongo_root_ca_file_destination }}" - mode: 0400 + mode: "0400" group: "{{ mongo_group }}" owner: "{{ mongo_owner }}" diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml index 0952bf04..e6700e15 100644 --- a/roles/selinux/tasks/main.yml +++ b/roles/selinux/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.copy: src: "{{ item }}" dest: "{{ workingdir.path }}/{{ item | basename }}" + mode: "0644" with_fileglob: - "{{ ansible_parent_role_paths | first }}/files/*.te" @@ -34,6 +35,9 @@ cmd: "checkmodule -M -m -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.mod {{ item.path }}" with_items: - "{{ selinux_policies.files }}" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 - name: SELinux - Find the compiled modules ansible.builtin.find: @@ -46,12 +50,18 @@ cmd: "semodule_package -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.pp -m {{ item.path }}" with_items: - "{{ compiled_modules.files }}" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 - name: SELinux - Install the modules ansible.builtin.shell: semodule -i *.pp args: executable: /bin/bash chdir: "{{ workingdir.path }}" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 - name: Remove temporary working directory ansible.builtin.file: From 987159d3e7a8a9a8b2bb65fca97c45a01306de59 Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Fri, 5 Jul 2024 08:27:39 -0400 Subject: [PATCH 6/7] Edits based on review --- roles/mongodb/tasks/main.yaml | 17 +++-------------- roles/os/vars/release-9.yaml | 1 + 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/roles/mongodb/tasks/main.yaml b/roles/mongodb/tasks/main.yaml index 9f7aa34a..b21c65b3 100644 --- a/roles/mongodb/tasks/main.yaml +++ b/roles/mongodb/tasks/main.yaml @@ -88,32 +88,25 @@ cmd: tuned-adm profile virtual-guest-no-thp vars: ansible_python_interpreter: "{{ python_venv }}/bin/python3" - ignore_errors: true - # register: result - # changed_when: result.rc == 0 - # failed_when: result.rc > 0 + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 # Tune Kernel parameters - name: Adjust keepalive ansible.posix.sysctl: name: net.ipv4.tcp_keepalive_time value: 300 - failed_when: false - changed_when: false - name: Disable zone reclaim mode ansible.posix.sysctl: name: vm.zone_reclaim_mode value: 0 - failed_when: false - changed_when: false - name: Increase throughput settings ansible.posix.sysctl: name: net.core.somaxconn value: 65535 - failed_when: false - changed_when: false # Set Soft User Limits - name: Set number of procs @@ -122,8 +115,6 @@ limit_type: soft limit_item: nproc value: 32000 - failed_when: false - changed_when: false - name: Set number of files community.general.pam_limits: @@ -131,8 +122,6 @@ limit_type: soft limit_item: nofile value: 64000 - failed_when: false - changed_when: false - name: Create data directory ansible.builtin.file: diff --git a/roles/os/vars/release-9.yaml b/roles/os/vars/release-9.yaml index 1b5149e1..4be192bc 100644 --- a/roles/os/vars/release-9.yaml +++ b/roles/os/vars/release-9.yaml @@ -36,6 +36,7 @@ operational_packages: - tar - tcpdump - telnet + - tuned - unzip - wget - which From df240f32088210f3f3ad551e6f0f37e22dc7011a Mon Sep 17 00:00:00 2001 From: Steven Schattenberg Date: Mon, 8 Jul 2024 19:49:44 -0400 Subject: [PATCH 7/7] Removed unnecessary changed_when, failed_when --- roles/mongodb/tasks/main.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/mongodb/tasks/main.yaml b/roles/mongodb/tasks/main.yaml index b21c65b3..290104d8 100644 --- a/roles/mongodb/tasks/main.yaml +++ b/roles/mongodb/tasks/main.yaml @@ -176,9 +176,6 @@ - ansible_facts.services["firewalld.service"] is defined - (ansible_facts.services["firewalld.service"].state == "running") - (ansible_facts.services["firewalld.service"].status == "enabled") - register: result - changed_when: result.rc == 0 - failed_when: result.rc > 0 - name: Start mongo ansible.builtin.systemd: