From 7ac7806dc77a4b6d8594f9975615f1f9776e9479 Mon Sep 17 00:00:00 2001 From: Felix Stupp Date: Wed, 4 Sep 2019 22:06:48 +0200 Subject: [PATCH] Fixed some lint errors - Added missing default parameters - Added names to tasks - Configured changed|failed_when options - Used command instead of shell module - Changed local_action to delegate_to - Added line to file ending --- roles/account/tasks/main.yml | 1 + roles/bootstrap/tasks/deprivilege.yml | 3 ++- roles/bootstrap/tasks/shift_back.yml | 5 +++-- roles/bootstrap/tasks/try_else_shift.yml | 6 ++++-- roles/common/tasks/main.yml | 4 ++-- roles/common/tasks/packages.yml | 2 +- roles/common/tasks/sshd.yml | 12 ++++++------ roles/dns/master/tasks/generate_keys.yml | 2 ++ roles/dns/master/tasks/main.yml | 1 + roles/server/nextcloud/tasks/install.yml | 3 +++ roles/server/nextcloud/tasks/main.yml | 4 +++- roles/server/node/tasks/main.yml | 3 +-- site.yml | 4 ++-- 13 files changed, 31 insertions(+), 19 deletions(-) diff --git a/roles/account/tasks/main.yml b/roles/account/tasks/main.yml index 8b5ea65..2135105 100644 --- a/roles/account/tasks/main.yml +++ b/roles/account/tasks/main.yml @@ -41,6 +41,7 @@ become_user: "{{ username }}" git: repo: https://github.com/robbyrussell/oh-my-zsh.git + version: master dest: ~/.oh-my-zsh - name: Configure oh-my-zsh diff --git a/roles/bootstrap/tasks/deprivilege.yml b/roles/bootstrap/tasks/deprivilege.yml index 0998cab..82f17f4 100644 --- a/roles/bootstrap/tasks/deprivilege.yml +++ b/roles/bootstrap/tasks/deprivilege.yml @@ -1,6 +1,7 @@ --- -- user: +- name: Remove temporary privileged user + user: name: "{{ bootstrap_user }}" state: absent become: yes diff --git a/roles/bootstrap/tasks/shift_back.yml b/roles/bootstrap/tasks/shift_back.yml index ec5310d..0c9ba3d 100644 --- a/roles/bootstrap/tasks/shift_back.yml +++ b/roles/bootstrap/tasks/shift_back.yml @@ -1,8 +1,9 @@ --- -- set_fact: +- name: Set variables for shifting back + set_fact: bootstrap_used: no ansible_user: '{{ bootstrap_expected_user }}' ansible_become_pass: '{{ bootstrap_expected_become_pass }}' -- meta: reset_connection \ No newline at end of file +- meta: reset_connection diff --git a/roles/bootstrap/tasks/try_else_shift.yml b/roles/bootstrap/tasks/try_else_shift.yml index 2d7c8d3..b01ac2a 100644 --- a/roles/bootstrap/tasks/try_else_shift.yml +++ b/roles/bootstrap/tasks/try_else_shift.yml @@ -1,11 +1,13 @@ --- -- action: ping +- name: Try to ping host with expected credentials + action: ping ignore_unreachable: true ignore_errors: yes register: pingtest - meta: clear_host_errors -- set_fact: +- name: Shift if ping fails + set_fact: bootstrap_used: yes ansible_user: '{{ bootstrap_user }}' ansible_become_pass: '{{ bootstrap_become_pass }}' diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index fce0f2f..21d69a0 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -25,10 +25,10 @@ register: root_user - name: Store ssh public key local - local_action: - module: copy + copy: content: "{{ root_user.ssh_public_key }}\n" dest: "public_keys/ssh/root@{{ ansible_fqdn }}" + delegate_to: localhost vars: ansible_become: no diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml index cd16d2f..7749c02 100644 --- a/roles/common/tasks/packages.yml +++ b/roles/common/tasks/packages.yml @@ -31,7 +31,7 @@ - vim - wget - zsh - state: latest + state: present allow_unauthenticated: no update_cache: yes cache_valid_time: 3600 diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml index af9f5c7..f99aec5 100644 --- a/roles/common/tasks/sshd.yml +++ b/roles/common/tasks/sshd.yml @@ -45,29 +45,29 @@ check_mode: no - name: Create directory for host keys locally - local_action: - module: file + file: path: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}" state: directory owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rwx,g=rx,o=rx" + delegate_to: localhost - name: Store ssh host keys locally - local_action: - module: copy + copy: content: "{{ item.stdout }}\n" dest: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}/{{ item.item }}" owner: "{{ global_local_user }}" group: "{{ global_local_user }}" mode: "u=rw,g=r,o=r" + delegate_to: localhost loop: "{{ ssh_host_keys.results }}" loop_control: label: "{{ item.item }}" - name: Generate ssh host key dns fingerprints locally - local_action: - module: make + make: chdir: "{{ global_ssh_host_key_directory }}/{{ ansible_fqdn }}" file: "{{ playbook_dir }}/helpers/ssh_dns_fingerprints.makefile" target: dns + delegate_to: localhost diff --git a/roles/dns/master/tasks/generate_keys.yml b/roles/dns/master/tasks/generate_keys.yml index fb28cb1..23c5cf0 100644 --- a/roles/dns/master/tasks/generate_keys.yml +++ b/roles/dns/master/tasks/generate_keys.yml @@ -1,5 +1,7 @@ --- +# TODO Change to makefile call + - name: Generate key signing key for zone {{ domain }} command: >- dnssec-keygen diff --git a/roles/dns/master/tasks/main.yml b/roles/dns/master/tasks/main.yml index 47183b7..c4c6995 100644 --- a/roles/dns/master/tasks/main.yml +++ b/roles/dns/master/tasks/main.yml @@ -35,6 +35,7 @@ notify: reload bind9 register: database_stored +# TODO Change to makefile # TODO test -N=UNIXTIME instead of unix time by ansible - name: Sign zone {{ domain }} shell: >- diff --git a/roles/server/nextcloud/tasks/install.yml b/roles/server/nextcloud/tasks/install.yml index 93f0c2c..f862381 100644 --- a/roles/server/nextcloud/tasks/install.yml +++ b/roles/server/nextcloud/tasks/install.yml @@ -27,6 +27,9 @@ {{ nextcloud_keyring | quote }} args: chdir: "{{ nextcloud_user_directory }}" + register: receive_public_key + changed_when: receive_public_key.rc != 2 + failed_when: receive_public_key.rc != 0 and receive_public_key != 2 - name: Validate signature become_user: "{{ system_user }}" diff --git a/roles/server/nextcloud/tasks/main.yml b/roles/server/nextcloud/tasks/main.yml index 2b6726f..ec54542 100644 --- a/roles/server/nextcloud/tasks/main.yml +++ b/roles/server/nextcloud/tasks/main.yml @@ -94,7 +94,9 @@ chdir: "{{ nextcloud_installation_directory }}" register: nextcloud_apps_install_results changed_when: "'already installed' not in nextcloud_apps_install_results.stdout" - failed_when: nextcloud_apps_install_results.rc != 0 and not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout) + failed_when: >- + nextcloud_apps_install_results.rc != 0 and + not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout) loop: "{{ enabled_apps_list }}" - name: Add background cron job diff --git a/roles/server/node/tasks/main.yml b/roles/server/node/tasks/main.yml index f38b9bd..9061efc 100644 --- a/roles/server/node/tasks/main.yml +++ b/roles/server/node/tasks/main.yml @@ -1,11 +1,10 @@ --- - name: Run install command - shell: "{{ install_command }}" + command: "{{ install_command }}" args: chdir: "{{ src }}" creates: "{{ src }}/node_modules" - executable: /bin/sh - name: Register service for node server template: diff --git a/site.yml b/site.yml index 6bc86b1..347c30f 100644 --- a/site.yml +++ b/site.yml @@ -60,8 +60,8 @@ nvak_dns_slaves: [] pre_tasks: - name: Load ssh host key dns fingerprint for host - local_action: - module: command cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" + command: cat "{{ global_ssh_host_key_directory | quote }}/{{ item | quote }}/dns" + delegate_to: localhost register: ssh_key_dns_fpr_raw changed_when: False loop: "{{ groups['all'] }}"