-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
140 changed files
with
920 additions
and
685 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,164 @@ | ||
| --- | ||
|
|
||
| # .ansible-lint | ||
|
|
||
| # ref: https://github.com/ansible/ansible-lint/blob/main/.ansible-lint | ||
|
|
||
| profile: production # min, basic, moderate,safety, shared, production | ||
|
|
||
| # Allows dumping of results in SARIF format | ||
| # sarif_file: result.sarif | ||
|
|
||
| # exclude_paths included in this file are parsed relative to this file's location | ||
| # and not relative to the CWD of execution. CLI arguments passed to the --exclude | ||
| # option are parsed relative to the CWD of execution. | ||
| ##################################################### | ||
| ## TODO: phase in the excluded paths below one-by-one until all playbooks/roles conform with KICS lint standards | ||
| ## ideally all playbooks/roles should be tested | ||
| ## scoping non-conforming roles out until each is remedied/tested upon each respective next dev iteration/cycle | ||
| exclude_paths: | ||
| - roles/ | ||
| - files/ | ||
| - .cache/ # implicit unless exclude_paths is defined in config | ||
| - .github/ | ||
| - molecule/ | ||
| - .cache/ | ||
| - files/ | ||
| # - molecule/ | ||
| # - roles/ | ||
| - save/ | ||
| - ${HOME}/.ansible/roles/ | ||
| # - tests/ | ||
| # - site.yml | ||
|
|
||
| parseable: true | ||
| #quiet: true | ||
| # strict: true | ||
| # verbosity: 1 | ||
|
|
||
| # Mock modules or roles in order to pass ansible-playbook --syntax-check | ||
| mock_modules: | ||
| - zuul_return | ||
| # note the foo.bar is invalid as being neither a module or a collection | ||
| - fake_namespace.fake_collection.fake_module | ||
| - fake_namespace.fake_collection.fake_module.fake_submodule | ||
| - dettonville.cyberark.get_account | ||
| - dettonville.cyberark.update_account | ||
| - dettonville.cyberark.link_account | ||
| - redhat.satellite.host | ||
| - k8s_auth | ||
|
|
||
| mock_roles: | ||
| - mocked_role | ||
| - author.role_name # old standalone galaxy role | ||
| - fake_namespace.fake_collection.fake_role # role within a collection | ||
| - dettonville.utils.apply_common_groups | ||
| - dettonville.utils.ping_test | ||
|
|
||
| # Enable checking of loop variable prefixes in roles | ||
| loop_var_prefix: "^(__|{role}_)" | ||
|
|
||
| # Enforce variable names to follow pattern below, in addition to Ansible own | ||
| # requirements, like avoiding python identifiers. To disable add `var-naming` | ||
| # to skip_list. | ||
| var_naming_pattern: "^[a-z_][a-z0-9_]*$" | ||
|
|
||
| use_default_rules: true | ||
| # Load custom rules from this specific folder | ||
| # rulesdir: | ||
| # - ./rule/directory/ | ||
|
|
||
| # Ansible-lint is able to recognize and load skip rules stored inside | ||
| # `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. | ||
| # To skip a rule just enter filename and tag, like "playbook.yml package-latest" | ||
| # on a new line. | ||
| # Optionally you can add comments after the tag, prefixed by "#". We discourage | ||
| # the use of skip_list below because that will hide violations from the output. | ||
| # When putting ignores inside the ignore file, they are marked as ignored, but | ||
| # still visible, making it easier to address later. | ||
| skip_list: | ||
| - experimental | ||
| - skip_this_tag | ||
| - jinja[spacing] | ||
| - name[prefix] | ||
| - var-naming[no-role-prefix] | ||
| - loop-var-prefix[missing] | ||
| - loop-var-prefix[wrong] | ||
| - name[template] | ||
| - package-latest | ||
| - yaml[comments] | ||
| # - yaml[empty-lines] | ||
|
|
||
| # Ansible-lint does not automatically load rules that have the 'opt-in' tag. | ||
| # You must enable opt-in rules by listing each rule 'id' below. | ||
| enable_list: | ||
| - args | ||
| - empty-string-compare # opt-in | ||
| - no-log-password # opt-in | ||
| - no-same-owner # opt-in | ||
| - name[prefix] # opt-in | ||
| # add yaml here if you want to avoid ignoring yaml checks when yamllint | ||
| # library is missing. Normally its absence just skips using that rule. | ||
| - yaml | ||
|
|
||
| # Report only a subset of tags and fully ignore any others | ||
| # tags: | ||
| # - jinja[spacing] | ||
|
|
||
| # Ansible-lint does not fail on warnings from the rules or tags listed below | ||
| warn_list: | ||
| - skip_this_tag | ||
| - experimental # experimental is included in the implicit list | ||
| # - role-name | ||
| # - yaml[document-start] # you can also use sub-rule matches | ||
|
|
||
| # Some rules can transform files to fix (or make it easier to fix) identified | ||
| # errors. `ansible-lint --fix` will reformat YAML files and run these transforms. | ||
| # By default it will run all transforms (effectively `write_list: ["all"]`). | ||
| # You can disable running transforms by setting `write_list: ["none"]`. | ||
| # Or only enable a subset of rule transforms by listing rules/tags here. | ||
| # write_list: | ||
| # - all | ||
|
|
||
| # Offline mode disables installation of requirements.yml and schema refreshing | ||
| offline: true | ||
|
|
||
| ## Define required Ansible's variables to satisfy syntax check | ||
| #extra_vars: | ||
| # foo: bar | ||
| # multiline_string_variable: | | ||
| # line1 | ||
| # line2 | ||
| # complex_variable: ":{;\t$()" | ||
|
|
||
| # Uncomment to enforce action validation with tasks, usually is not | ||
| # needed as Ansible syntax check also covers it. | ||
| # skip_action_validation: false | ||
|
|
||
| ## List of additional kind:pattern to be added at the top of the default | ||
| ## match list, first match determines the file kind. | ||
| ## more info on kinds pattern matching: | ||
| ## https://github.com/ansible/ansible-lint/issues/1774 | ||
| kinds: | ||
| # - playbook: "**/examples/*.{yml,yaml}" | ||
| # - galaxy: "**/folder/galaxy.yml" | ||
| # - tasks: "**/tasks/*.yml" | ||
| # - vars: "**/vars/*.yml" | ||
| # - meta: "**/meta/main.yml" | ||
| - inventory: "**/inventory/*.yml" | ||
| - inventory: "**/_test_inventory/*.yml" | ||
| - inventory: "**/*_inventory_*/*.yml" | ||
|
|
||
| # List of additional collections to allow in only-builtins rule. | ||
| # only_builtins_allow_collections: | ||
| # - example_ns.example_collection | ||
|
|
||
| # List of additions modules to allow in only-builtins rule. | ||
| # only_builtins_allow_modules: | ||
| # - example_module | ||
|
|
||
| # Allow setting custom prefix for name[prefix] rule | ||
| task_name_prefix: "{stem} | " | ||
| # Complexity related settings | ||
|
|
||
| # Limit the depth of the nested blocks: | ||
| # max_block_depth: 20 | ||
|
|
||
| # Also recognize these versions of Ansible as supported: | ||
| supported_ansible_also: | ||
| - "2.14" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| ## ref: https://ansible.readthedocs.io/projects/lint/configuring/#ignoring-rules-for-entire-files | ||
| ##bootstrap-docker-stack.yml syntax-check[specific] | ||
| ##bootstrap-docker.yml syntax-check[specific] | ||
| ##bootstrap-ntp.yml syntax-check[specific] | ||
| ##bootstrap_vm_template.yml syntax-check[specific] | ||
| #create-ocp-route.yml syntax-check[unknown-module] | ||
| #roles/ansible_harden_linux/tasks/minimize_access.yml warning[outdated-tag] | ||
| #roles/ansible_harden_linux/tasks/yum.yml warning[outdated-tag] | ||
| #roles/bootstrap_nfs/tasks/main.yml warning[outdated-tag] | ||
| #rsync_files.yml syntax-check[specific] | ||
| # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| ## ref: https://github.com/adrienverge/yamllint/blob/master/docs/configuration.rst#ignoring-paths | ||
| .git/ | ||
| archive/ | ||
| tests/ | ||
| vars/vault.yml | ||
| #molecule/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,58 @@ | ||
| --- | ||
| # Based on ansible-lint config | ||
| extends: default | ||
| locale: en_US.UTF-8 | ||
|
|
||
| rules: | ||
| line-length: | ||
| max: 120 | ||
| level: warning | ||
| ## ignore paths | ||
| ## ref: https://github.com/adrienverge/yamllint/blob/master/docs/configuration.rst#ignoring-paths | ||
| ignore-from-file: [.gitignore, .yamlignore] | ||
|
|
||
| #ignore: | ||
| # - .github/stale.yml | ||
| # - .travis.yml | ||
| # - archive/ | ||
| # - collections/ | ||
| # - save/ | ||
|
|
||
| ignore: | | ||
| .github/stale.yml | ||
| .travis.yml | ||
| rules: | ||
| braces: | ||
| max-spaces-inside: 1 | ||
| level: error | ||
| brackets: | ||
| max-spaces-inside: 1 | ||
| level: error | ||
| colons: | ||
| max-spaces-after: -1 | ||
| level: error | ||
| commas: | ||
| max-spaces-after: -1 | ||
| level: error | ||
| # comments: disable | ||
| comments: | ||
| ## compatibility with ansible-lint | ||
| ## ref: https://ansible.readthedocs.io/projects/lint/rules/yaml/#yamllint-configuration | ||
| min-spaces-from-content: 1 # prettier compatibility | ||
| comments-indentation: disable | ||
| document-start: disable | ||
| empty-lines: | ||
| max: 3 | ||
| level: error | ||
| hyphens: | ||
| level: error | ||
| # indentation: disable | ||
| key-duplicates: enable | ||
| # key-ordering: enable | ||
| line-length: disable | ||
| # line-length: | ||
| # max: 120 | ||
| # level: warning | ||
| new-line-at-end-of-file: disable | ||
| new-lines: | ||
| type: unix | ||
| octal-values: | ||
| ## compatibility with ansible-lint | ||
| ## ref: https://ansible.readthedocs.io/projects/lint/rules/yaml/#yamllint-configuration | ||
| forbid-implicit-octal: true # yamllint defaults to false | ||
| forbid-explicit-octal: true # yamllint defaults to false | ||
| trailing-spaces: disable | ||
| truthy: disable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 9 additions & 9 deletions
18
molecule/default/verify-docker.yml → .../bootstrap-docker/tasks/verify-docker.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,35 @@ | ||
| --- | ||
|
|
||
| - name: "Set __relative_role_vars_path for bootstrap-docker" | ||
| set_fact: | ||
| __relative_role_vars_path: ../../roles/bootstrap-docker/vars | ||
| - name: "Set __relative_role_vars_path for role" | ||
| ansible.builtin.set_fact: | ||
| __relative_role_vars_path: ../../../roles/bootstrap-docker/vars | ||
|
|
||
| - name: "Include docker {{ ansible_os_family }} Family specific variables" | ||
| include_vars: "{{ item }}" | ||
| ansible.builtin.include_vars: "{{ item }}" | ||
| with_first_found: | ||
| - "{{ __relative_role_vars_path }}/{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower }}.yml" | ||
| - "{{ __relative_role_vars_path }}/{{ ansible_distribution|lower }}.yml" | ||
| - "{{ __relative_role_vars_path }}/{{ ansible_os_family|lower }}.yml" | ||
| - "{{ __relative_role_vars_path }}/default.yml" | ||
|
|
||
| - name: "Check docker package status" | ||
| package: | ||
| ansible.builtin.package: | ||
| name: docker-ce | ||
| state: present | ||
| state: installed | ||
| check_mode: yes | ||
| register: pkg_status_docker | ||
|
|
||
| - name: "Display pkg_status_docker" | ||
| debug: | ||
| ansible.builtin.debug: | ||
| var: pkg_status_docker | ||
|
|
||
| - name: "Check docker packages are installed" | ||
| assert: | ||
| ansible.builtin.assert: | ||
| that: | ||
| - not pkg_status_docker.changed | ||
|
|
||
| - name: "Assert docker service is installed/running" | ||
| assert: | ||
| ansible.builtin.assert: | ||
| that: | ||
| - services | intersect(['docker', 'docker.service'])| d([]) | length > 0 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.