From 948ef76e56f16d2df7355e9b0fa5e90f4fb5fa7f Mon Sep 17 00:00:00 2001 From: Tobias Huste Date: Wed, 28 Jun 2023 12:53:40 +0200 Subject: [PATCH 1/2] style: fix ansible-lint violations --- .github/workflows/ci.yml | 2 +- handlers/main.yml | 15 ++++++--------- meta/main.yml | 2 +- molecule/default/converge.yml | 8 ++++---- molecule/default/prepare.yml | 6 +++--- molecule/default/verify.yml | 2 +- tasks/install.yml | 18 ++++++++++-------- tasks/main.yml | 6 +++--- tasks/nginx-config.yml | 4 ++-- tasks/ssl.yml | 10 +++++----- 10 files changed, 36 insertions(+), 37 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1d1559..bd6dcfa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,7 +28,7 @@ jobs: - name: Lint code. run: | pipenv run yamllint --strict --format colored . - pipenv run ansible-lint -v --force-color --exclude .cache/ . ./molecule + pipenv run ansible-lint -v --force-color --exclude=.cache/ . ./molecule test: name: Run Molecule tests. diff --git a/handlers/main.yml b/handlers/main.yml index b241b48..046bc47 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,18 +1,15 @@ --- -- name: reload nginx - service: +- name: Reload nginx + ansible.builtin.service: name: nginx state: reloaded -- name: restart elasticsearch - service: - name: elasticsearch - state: restarted - - name: Set Elasticsearch server address - command: zammad run rails r "Setting.set('es_url', '{{ elasticsearch_url | quote }}')" + ansible.builtin.command: zammad run rails r "Setting.set('es_url', '{{ elasticsearch_url | quote }}')" + changed_when: true - name: Build search index - command: zammad run rake searchindex:rebuild + ansible.builtin.command: zammad run rake searchindex:rebuild + changed_when: true ... diff --git a/meta/main.yml b/meta/main.yml index 5b7d15c..c7ee86a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: company: Helmholtz Association of German Research Centres license: MIT issue_tracker_url: https://github.com/Helmholtz-UFZ/ansible-role-zammad/issues - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: Ubuntu diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 9d7b25a..ebac3a1 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -4,22 +4,22 @@ tasks: - name: Get private key content - command: cat /etc/ssl/private/ssl-cert-snakeoil.key + ansible.builtin.command: cat /etc/ssl/private/ssl-cert-snakeoil.key changed_when: false check_mode: false register: private_key - name: Get SSL certificate content - command: cat /etc/ssl/certs/ssl-cert-snakeoil.pem + ansible.builtin.command: cat /etc/ssl/certs/ssl-cert-snakeoil.pem changed_when: false check_mode: false register: certificate - name: Pass SSL key pair to zammad role - set_fact: + ansible.builtin.set_fact: zammad_ssl_key: "{{ private_key.stdout }}" zammad_ssl_cert: "{{ certificate.stdout }}" - name: "Include ansible-role-zammad" - include_role: + ansible.builtin.include_role: name: "ansible-role-zammad" diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 6ba72b2..6cb2bba 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -15,7 +15,7 @@ tasks: - name: Install required packages - apt: + ansible.builtin.apt: name: - sudo - gpg @@ -26,9 +26,9 @@ update_cache: yes - name: "Include geerlingguy.elasticsearch" - include_role: + ansible.builtin.include_role: name: "geerlingguy.elasticsearch" - name: "Include geerlingguy.postgresql" - include_role: + ansible.builtin.include_role: name: "geerlingguy.postgresql" diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 5f9193a..b923f5d 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -3,7 +3,7 @@ hosts: all tasks: - name: Check that Zammad web interface is available - uri: + ansible.builtin.uri: url: https://localhost validate_certs: no return_content: yes diff --git a/tasks/install.yml b/tasks/install.yml index 2f98aec..4c036f8 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,15 +1,16 @@ --- -- when: ansible_distribution | lower == 'centos' +- name: "Configure Zammad repository for Centos-like" + when: ansible_distribution | lower == 'centos' block: - name: Install | Install EPEL repo - yum: + ansible.builtin.yum: name: epel-release state: present - name: Install | Add Zammad yum repository - yum_repository: + ansible.builtin.yum_repository: name: zammad state: present description: Repository for zammad/zammad ({{ zammad_release_channel }}) packages. @@ -20,16 +21,17 @@ gpgkey: https://dl.packager.io/srv/zammad/zammad/key mode: 0644 -- when: ansible_distribution | lower == 'ubuntu' +- name: "Configure Zammad repository for Ubuntu" + when: ansible_distribution | lower == 'ubuntu' block: - name: Install | Add Zammad apt key - apt_key: + ansible.builtin.apt_key: url: https://dl.packager.io/srv/zammad/zammad/key state: present - name: Install | Add Zammad DEB repository - apt_repository: + ansible.builtin.apt_repository: repo: deb https://dl.packager.io/srv/deb/zammad/zammad/{{ zammad_release_channel }}/ubuntu {{ ansible_distribution_version }} main state: present filename: zammad @@ -37,7 +39,7 @@ mode: 0644 - name: Install | Install Zammad package - package: + ansible.builtin.package: name: zammad={{ zammad_version }}* state: present force: yes @@ -46,7 +48,7 @@ - Build search index - name: Install | Start and enable services - service: + ansible.builtin.service: name: "{{ item }}" state: started enabled: yes diff --git a/tasks/main.yml b/tasks/main.yml index b27a9f3..0fe446c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,12 +1,12 @@ --- - name: Install zammad - import_tasks: install.yml + ansible.builtin.import_tasks: install.yml - name: Set up SSL/TLS - import_tasks: ssl.yml + ansible.builtin.import_tasks: ssl.yml - name: Configure nginx - import_tasks: nginx-config.yml + ansible.builtin.import_tasks: nginx-config.yml ... diff --git a/tasks/nginx-config.yml b/tasks/nginx-config.yml index 0525a28..777000c 100644 --- a/tasks/nginx-config.yml +++ b/tasks/nginx-config.yml @@ -1,12 +1,12 @@ --- - name: Nginx | Create config - template: + ansible.builtin.template: src: nginx-zammad.conf.j2 dest: "{{ zammad_nginx_config_path }}" mode: 0644 owner: root group: root - notify: reload nginx + notify: Reload nginx ... diff --git a/tasks/ssl.yml b/tasks/ssl.yml index ab4af97..553791f 100644 --- a/tasks/ssl.yml +++ b/tasks/ssl.yml @@ -1,7 +1,7 @@ --- - name: SSL | Insert private key - blockinfile: + ansible.builtin.blockinfile: path: "{{ zammad_ssl_key_path }}" create: true block: | @@ -12,7 +12,7 @@ when: zammad_ssl_key is defined or zammad_ssl_key|length > 0 - name: SSL | Insert certificate - blockinfile: + ansible.builtin.blockinfile: path: "{{ zammad_ssl_cert_path }}" create: true block: | @@ -23,19 +23,19 @@ when: zammad_ssl_cert is defined or zammad_ssl_cert|length > 0 - name: SSL | Check if certificate is still valid, ignoring failures - openssl_certificate_info: + community.crypto.x509_certificate_info: path: "{{ zammad_ssl_cert_path }}" register: certificate ignore_errors: "{{ ansible_check_mode }}" - name: SSL | Ensure certificate and private key match - openssl_privatekey_info: + community.crypto.openssl_privatekey_info: path: "{{ zammad_ssl_key_path }}" register: private_key ignore_errors: "{{ ansible_check_mode }}" - name: SSL | Validate that certificate is still valid - assert: + ansible.builtin.assert: that: - not certificate.expired - certificate.public_key == private_key.public_key From e29242319e348d94474398dd7618210940a20d50 Mon Sep 17 00:00:00 2001 From: Tobias Huste Date: Thu, 29 Jun 2023 12:06:00 +0200 Subject: [PATCH 2/2] chore: raise minimal ansible version Co-authored-by: Norman Ziegner --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index c7ee86a..3ec6471 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: company: Helmholtz Association of German Research Centres license: MIT issue_tracker_url: https://github.com/Helmholtz-UFZ/ansible-role-zammad/issues - min_ansible_version: "2.9" + min_ansible_version: "2.13" platforms: - name: Ubuntu