diff --git a/.ansible-lint b/.ansible-lint index 9ad380b3..8e32636a 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -2,3 +2,4 @@ warn_list: - no-handler - galaxy[no-changelog] - galaxy[tags] + - var-naming[no-role-prefix] diff --git a/.gitignore b/.gitignore index c4ce5734..7e8f8adf 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,3 @@ .envrc .venv .vscode - diff --git a/README.md b/README.md index 02eded09..54c6ffa4 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # ansible-collection-infra + Ansible Collection to configure infrastructure for XNAT and OMERO diff --git a/galaxy.yml b/galaxy.yml index 5ba2d0a7..5cc1dddd 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -5,7 +5,7 @@ namespace: mirsg # The name of the collection. Has the same character restrictions as 'namespace' -name: xnat +name: infrastructure # The version of the collection. Must be compatible with semantic versioning version: 1.0.0 diff --git a/roles/docker/molecule/centos7/molecule.yml b/roles/docker/molecule/centos7/molecule.yml deleted file mode 100644 index 428e0234..00000000 --- a/roles/docker/molecule/centos7/molecule.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: meta/collections.yml - force: true - -driver: - name: docker - -platforms: - - name: server - image: centos:7 - dockerfile: ../resources/Dockerfile.j2 - command: "" - cgroupns_mode: host - privileged: true - -provisioner: - name: ansible - log: true - config_options: - defaults: - callbacks_enabled: profile_tasks, timer, yaml - inventory: - links: - host_vars: ../resources/inventory/host_vars/ - playbooks: - prepare: ./prepare.yml - converge: ../resources/converge.yml - env: - ANSIBLE_VERBOSITY: "1" -verifier: - name: ansible - env: - ANSIBLE_VERBOSITY: "1" - -lint: | - set -e - yamllint . - ansible-lint . diff --git a/roles/docker/molecule/centos7/prepare.yml b/roles/docker/molecule/centos7/prepare.yml deleted file mode 100644 index 6b63c36f..00000000 --- a/roles/docker/molecule/centos7/prepare.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Prepare - hosts: all - become: false - gather_facts: true - tasks: - - name: Install EPEL-release - ansible.builtin.yum: - name: "epel-release" - state: installed - - - name: Install Python - ansible.builtin.package: - name: "{{ item }}" - update_cache: true - state: present - loop: - - python - - python-pip - - python-setuptools - - - name: Update pip - ansible.builtin.pip: - name: pip - version: "20.3.4" - - - name: Install cryptography with pip - needed to generate certificates - ansible.builtin.pip: - name: - - cryptography diff --git a/roles/docker/molecule/resources/Dockerfile.j2 b/roles/docker/molecule/resources/Dockerfile.j2 deleted file mode 100644 index 8a51d4e9..00000000 --- a/roles/docker/molecule/resources/Dockerfile.j2 +++ /dev/null @@ -1,22 +0,0 @@ -FROM {{ item.image }} -ENV container=docker - -# Install systemd -- See https://hub.docker.com/_/centos/ -RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*;\ -rm -f /etc/systemd/system/*.wants/*;\ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*;\ -rm -f /lib/systemd/system/anaconda.target.wants/*; - -RUN if [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes update && dnf --assumeyes install /usr/bin/dnf-3 bash sudo wget which && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum -y update && yum install -y bash sudo wget which && yum clean all; fi - -# Disable requiretty. -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -VOLUME ["/sys/fs/cgroup"] -CMD ["/usr/lib/systemd/systemd"] diff --git a/roles/docker/molecule/resources/converge.yml b/roles/docker/molecule/resources/converge.yml deleted file mode 100644 index 64861e16..00000000 --- a/roles/docker/molecule/resources/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Converge - hosts: all - become: true - gather_facts: true - - pre_tasks: - - name: Wait for systemd to complete initialization. - ansible.builtin.command: systemctl is-system-running - register: systemctl_status - until: > - 'running' in systemctl_status.stdout or - 'degraded' in systemctl_status.stdout - retries: 30 - delay: 5 - when: ansible_service_mgr == 'systemd' - changed_when: false - failed_when: systemctl_status.rc > 1 - - roles: - - role: mirsg.docker diff --git a/roles/docker/molecule/resources/inventory/host_vars/server.yml b/roles/docker/molecule/resources/inventory/host_vars/server.yml deleted file mode 100644 index 1346869a..00000000 --- a/roles/docker/molecule/resources/inventory/host_vars/server.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -docker_generate_certificates: true -docker_client_hostnames: ["docker-client.com"] diff --git a/roles/docker/molecule/rocky8/molecule.yml b/roles/docker/molecule/rocky8/molecule.yml deleted file mode 100644 index fa0637cb..00000000 --- a/roles/docker/molecule/rocky8/molecule.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -dependency: - name: galaxy - options: - requirements-file: meta/collections.yml - force: true - -driver: - name: docker - -platforms: - - name: server - image: rockylinux:8 - dockerfile: ../resources/Dockerfile.j2 - command: "" - cgroupns_mode: host - privileged: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:rw - -provisioner: - name: ansible - log: true - config_options: - defaults: - callbacks_enabled: profile_tasks, timer, yaml - inventory: - links: - host_vars: ../resources/inventory/host_vars/ - playbooks: - prepare: ./prepare.yml - converge: ../resources/converge.yml - env: - ANSIBLE_VERBOSITY: "1" -verifier: - name: ansible - env: - ANSIBLE_VERBOSITY: "1" - -lint: | - set -e - yamllint . - ansible-lint . diff --git a/roles/docker/molecule/rocky8/prepare.yml b/roles/docker/molecule/rocky8/prepare.yml deleted file mode 100644 index 63e62ba3..00000000 --- a/roles/docker/molecule/rocky8/prepare.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Prepare - hosts: all - become: false - gather_facts: true - tasks: - - name: Install EPEL-release - ansible.builtin.yum: - name: "epel-release" - state: installed - - - name: Install Python - ansible.builtin.package: - name: "{{ item }}" - update_cache: true - state: present - loop: - - python3 - - python3-pip - - python3-setuptools - - - name: Update pip - ansible.builtin.pip: - name: pip - version: "21.3.1" - - - name: Install cryptography with pip - needed to generate certificates - ansible.builtin.pip: - name: - - cryptography diff --git a/roles/install_python/README.md b/roles/install_python/README.md index d508612d..03352c4c 100644 --- a/roles/install_python/README.md +++ b/roles/install_python/README.md @@ -9,7 +9,7 @@ If you would like to run Ansible Molecule to test this role, the requirements ar ## Role Variables -`install_python` is a dictionary that contains the following varialbes: +`install_python` is a dictionary that contains the following variables: `version`: the version of Python to install. This defaults to `"3"`. diff --git a/roles/install_python/tasks/RedHat.yml b/roles/install_python/tasks/RedHat.yml index 06c12ff7..b9bdaa49 100644 --- a/roles/install_python/tasks/RedHat.yml +++ b/roles/install_python/tasks/RedHat.yml @@ -1,6 +1,6 @@ --- # OS specific tasks for the RedHat family -- name: Instal EPEL for RedHat OSes +- name: Install EPEL for RedHat OSes ansible.builtin.yum: name: "epel-release" state: installed diff --git a/roles/postgresql/README.md b/roles/postgresql/README.md index dc45dd2e..5ba71cd7 100644 --- a/roles/postgresql/README.md +++ b/roles/postgresql/README.md @@ -25,7 +25,7 @@ See [this example](molecule/resources/inventory/host_vars/db/vars) `host_vars` f See [this example](molecule/resources/inventory/host_vars/web/vars) `host_vars` file. -### Required varaibles for both the server and client +### Required variables for both the server and client `postgresql_rpm_gpg_key_pgdg`: URL from which to download the RPM GPP key; not needed for CentOS 7 diff --git a/roles/postgresql/tasks/configure_cron_backup.yml b/roles/postgresql/tasks/configure_cron_backup.yml index 57436761..c8975fd1 100644 --- a/roles/postgresql/tasks/configure_cron_backup.yml +++ b/roles/postgresql/tasks/configure_cron_backup.yml @@ -5,7 +5,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Generate Postgresql backup script ansible.builtin.template: @@ -13,7 +13,7 @@ dest: "{{ postgresql_backup.script }}" owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" - mode: 0550 + mode: "0550" force: true - name: "Ensure cron nightly backup exists for postgresql" diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 8f1e1d01..92626100 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -47,7 +47,7 @@ owner: "root" group: "root" state: directory - mode: 0755 + mode: "0755" - name: Set custom postgresql service configuration ansible.builtin.template: @@ -55,7 +55,7 @@ dest: "{{ postgresql_service.filename }}" owner: "root" group: "root" - mode: 0644 + mode: "0644" register: postgresql_custom_service_config - name: Ensure postgresql storage subdirectory exists @@ -64,7 +64,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Ensure postgres storage data subdirectory exists ansible.builtin.file: @@ -72,7 +72,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Ensure postgresql base directory exists - {{ postgresql.base_directory }} ansible.builtin.file: @@ -80,7 +80,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Ensure postgresql logging directory exists ansible.builtin.file: @@ -88,7 +88,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Check the status of the postgresql data directory symlink ansible.builtin.stat: @@ -127,7 +127,7 @@ owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" state: directory - mode: 0700 + mode: "0700" - name: Set postgresql host-based authentication configuration ansible.builtin.template: @@ -135,7 +135,7 @@ dest: "{{ postgresql.hba_configuration_filename }}" owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" - mode: 0640 + mode: "0640" - name: Set postgresql configuration ansible.builtin.template: @@ -143,7 +143,7 @@ dest: "{{ postgresql.configuration_filename }}" owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" - mode: 0640 + mode: "0640" - name: Noop to restart postgresql tags: restart @@ -168,7 +168,7 @@ dest: "{{ postgresql_connection.client_certificate_filename }}" owner: "{{ postgresql.owner }}" group: "{{ postgresql.group }}" - mode: 0600 + mode: "0600" - name: Allow postgresql to modify files in data directory community.general.sefcontext: @@ -197,6 +197,6 @@ - name: Configure cron job for automatic postgres backups ansible.builtin.include_tasks: configure_cron_backup.yml -- name: Create databse +- name: Create database ansible.builtin.include_tasks: file: create_database.yml diff --git a/roles/provision/README.md b/roles/provision/README.md index 50f5b7ca..9547093f 100644 --- a/roles/provision/README.md +++ b/roles/provision/README.md @@ -12,7 +12,7 @@ If you would like to run Ansible Molecule to test this role, the requirements ar `server_locale`: the sets the user's language, region, etc. This is set to "en_GB.UTF-8" -`EXTERNAL_STORAGE_DRIVE`: path to mounted storage. By default this is undefined. +`external_storage_drive`: path to mounted storage. By default this is undefined. ## Dependencies diff --git a/roles/provision/tasks/CentOS.yml b/roles/provision/tasks/CentOS.yml index dce9b867..cc3785a4 100644 --- a/roles/provision/tasks/CentOS.yml +++ b/roles/provision/tasks/CentOS.yml @@ -6,7 +6,7 @@ option: mirrorlist value: http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os backup: true - mode: 0644 + mode: "0644" - name: Ensure updates mirrorlist is in repository file (CentOS) community.general.ini_file: @@ -15,7 +15,7 @@ option: mirrorlist value: http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates backup: true - mode: 0644 + mode: "0644" - name: Check if locale already set ansible.builtin.shell: | diff --git a/roles/provision/tasks/check_mounts.yml b/roles/provision/tasks/check_mounts.yml index 8436fc7b..82fbe413 100644 --- a/roles/provision/tasks/check_mounts.yml +++ b/roles/provision/tasks/check_mounts.yml @@ -1,14 +1,14 @@ --- - name: Ensure correct permissions are set for the mountpoint ansible.builtin.file: - path: "{{ EXTERNAL_STORAGE_DRIVE }}" + path: "{{ external_storage_drive }}" owner: root group: root state: directory mode: "0755" -- name: "Check if storage is mounted: {{ EXTERNAL_STORAGE_DRIVE }}" - ansible.builtin.command: mountpoint {{ EXTERNAL_STORAGE_DRIVE }} +- name: "Check if storage is mounted: {{ external_storage_drive }}" + ansible.builtin.command: mountpoint {{ external_storage_drive }} register: check_mountpoint failed_when: false changed_when: false @@ -20,7 +20,7 @@ when: "'is not a mountpoint' in check_mountpoint.stdout" - name: Check that storage has been mounted correctly if it was previously not mounted - ansible.builtin.command: mountpoint {{ EXTERNAL_STORAGE_DRIVE }} + ansible.builtin.command: mountpoint {{ external_storage_drive }} when: "'is not a mountpoint' in check_mountpoint.stdout" register: check_mountpoint_again failed_when: "'is not a mountpoint' in check_mountpoint_again.stdout" diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml index edee7848..a755f160 100644 --- a/roles/provision/tasks/main.yml +++ b/roles/provision/tasks/main.yml @@ -2,7 +2,7 @@ - name: "Check mounts are available" tags: restart ansible.builtin.include_tasks: check_mounts.yml - when: EXTERNAL_STORAGE_DRIVE is defined + when: external_storage_drive is defined - name: "Set up for specific distribution" ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml" diff --git a/roles/ssl_certificates/README.md b/roles/ssl_certificates/README.md index 6a33f5b6..cc19e4cd 100644 --- a/roles/ssl_certificates/README.md +++ b/roles/ssl_certificates/README.md @@ -50,7 +50,7 @@ The following values **must be included** in the `ssl_certificate` dictionary: ### Optional variables -The following are **optional** vaules for the `ssl_certificate` dictionary: +The following are **optional** values for the `ssl_certificate` dictionary: `cache_filename`: location to copy the self-signed certificate to diff --git a/roles/ssl_certificates/tasks/main.yml b/roles/ssl_certificates/tasks/main.yml index dad63b54..3b424e13 100644 --- a/roles/ssl_certificates/tasks/main.yml +++ b/roles/ssl_certificates/tasks/main.yml @@ -6,14 +6,14 @@ state: directory owner: "{{ ssl_certificate.owner }}" group: "{{ ssl_certificate.group }}" - mode: 0755 + mode: "0755" - name: Generate OpenSSL private key community.crypto.openssl_privatekey: path: "{{ ssl_certificate.privatekey_filename }}" owner: "{{ ssl_certificate.owner }}" group: "{{ ssl_certificate.group }}" - mode: 0400 + mode: "0400" register: new_privatekey_generated - name: Convert private key to PKCS8 for use by JDBC # noqa no-changed-when @@ -34,7 +34,7 @@ privatekey_path: "{{ ssl_certificate.privatekey_filename }}" csr_path: "{{ ssl_certificate.csr_filename }}" provider: "{{ ssl_certificate.provider }}" - mode: 0400 + mode: "0400" owner: "{{ ssl_certificate.owner }}" group: "{{ ssl_certificate.group }}" @@ -43,7 +43,7 @@ path: "{{ ssl_certificate.pk8_filename }}" owner: "{{ ssl_certificate.owner }}" group: "{{ ssl_certificate.owner }}" - mode: 0400 + mode: "0400" when: new_privatekey_generated.changed and ssl_certificate.use_pk8 - name: Copy certificate to Ansible cache diff --git a/roles/tomcat/defaults/main.yml b/roles/tomcat/defaults/main.yml index e80fa4ed..ad061e76 100644 --- a/roles/tomcat/defaults/main.yml +++ b/roles/tomcat/defaults/main.yml @@ -1,5 +1,5 @@ --- -# mirsg.tomcat: selinux +# mirsg.tomcat: selinux selinux_enabled: false # mirsg.tomcat: java settings diff --git a/tests/molecule/centos7/molecule.yml b/tests/molecule/centos7/molecule.yml index b830ec60..794dd81d 100644 --- a/tests/molecule/centos7/molecule.yml +++ b/tests/molecule/centos7/molecule.yml @@ -11,7 +11,7 @@ driver: platforms: - name: instance - hostname: molecule.instnace.local + hostname: molecule.instance.local image: ${MOLECULE_DOCKER_IMAGE:-geerlingguy/docker-centos7-ansible:latest} required: true command: "" diff --git a/tests/molecule/resources/inventory/group_vars/all.yml b/tests/molecule/resources/inventory/group_vars/all.yml index 614f72d8..a5e1931f 100644 --- a/tests/molecule/resources/inventory/group_vars/all.yml +++ b/tests/molecule/resources/inventory/group_vars/all.yml @@ -1,5 +1,5 @@ --- -EXTERNAL_STORAGE_DRIVE: "/storage/molecule" +external_storage_drive: "/storage/molecule" # mirsg.infrastructure.provision server_locale: "en_GB.UTF-8" diff --git a/tests/molecule/resources/verify.yml b/tests/molecule/resources/verify.yml index 31fea53b..191a53f1 100644 --- a/tests/molecule/resources/verify.yml +++ b/tests/molecule/resources/verify.yml @@ -5,7 +5,7 @@ tasks: - name: Verify firewalld ansible.builtin.include_tasks: - file: verify-firewalld.yml + file: verify/firewalld.yml apply: tags: - firewalld diff --git a/tests/molecule/resources/verify-firewalld.yml b/tests/molecule/resources/verify/firewalld.yml similarity index 100% rename from tests/molecule/resources/verify-firewalld.yml rename to tests/molecule/resources/verify/firewalld.yml