Skip to content

Commit

Permalink
Lint issues (#20)
Browse files Browse the repository at this point in the history 
* Correct lint issues

* Add ansible-lint, remove ansible-lint-ignore

* Add ansible-lint, remove ansible-lint-ignore

* changed yaml to yml

* Correct lint issues in mongo roles

* Edits based on review
  • Loading branch information
@steven-schattenberg-itential
steven-schattenberg-itential authored Jul 8, 2024
1 parent 7e4dd0f commit 55edf5e
Show file tree
Hide file tree
Showing 9 changed files with 37 additions and 18 deletions.
3 changes: 3 additions & 0 deletions roles/mongodb/tasks/configure-selinux.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
- chcon -Rv -u system_u -t mongod_var_lib_t '{{ mongo_data_dir }}'
- restorecon -R -v '{{ mongo_data_dir }}'
register: result
changed_when: result.rc == 0
failed_when:
- result.rc is defined
- result.rc > 0
Expand All @@ -36,6 +37,8 @@
- semanage fcontext -a -t mongod_log_t '{{ mongo_log_dir }}'
- chcon -Rv -u system_u -t mongod_log_t '{{ mongo_log_dir }}'
- restorecon -R -v '{{ mongo_log_dir }}'
register: result
changed_when: result.rc == 0
failed_when:
- result.rc is defined
- result.rc > 0
Expand Down
2 changes: 1 addition & 1 deletion roles/mongodb/tasks/download-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,4 +70,4 @@
tasks_from: fetch-packages
vars:
src_dir: "{{ wheels_download_dir_target_node }}/app"
dest_dir: "{{ wheels_download_dir_control_node }}/app"
dest_dir: "{{ wheels_download_dir_control_node }}/app"
30 changes: 18 additions & 12 deletions roles/mongodb/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
tags: install_base_os_packages

- name: Install MongoDB packages
tags: install_mongodb_packages
block:
- name: Get the list of installed packages
ansible.builtin.package_facts:
Expand All @@ -35,7 +36,6 @@
ansible.builtin.include_tasks:
file: mongodb-offline.yml
when: offline_install
tags: install_mongodb_packages

- name: Install Python
ansible.builtin.include_tasks:
Expand All @@ -53,6 +53,7 @@
ansible.builtin.template:
src: thp.service.j2
dest: "/etc/systemd/system/disable-transparent-huge-pages.service"
mode: "0644"

- name: Reload systemd unit files
ansible.builtin.systemd:
Expand All @@ -74,36 +75,38 @@
path: "/etc/tuned/virtual-guest-no-thp"
owner: root
group: root
mode: "0755"

- name: Ensure tuned does not re-enable THP
ansible.builtin.template:
src: tuned.conf.j2
dest: "/etc/tuned/virtual-guest-no-thp/tuned.conf"
mode: "0644"

- name: Enable tuned profile
ansible.builtin.command: tuned-adm profile virtual-guest-no-thp
ansible.builtin.command:
cmd: tuned-adm profile virtual-guest-no-thp
vars:
ansible_python_interpreter: "{{ python_venv }}/bin/python3"
ignore_errors: true
register: result
changed_when: result.rc == 0
failed_when: result.rc > 0

# Tune Kernel parameters
- name: Adjust keepalive
ansible.posix.sysctl:
name: net.ipv4.tcp_keepalive_time
value: 300
ignore_errors: true

- name: Disable zone reclaim mode
ansible.posix.sysctl:
name: vm.zone_reclaim_mode
value: 0
ignore_errors: true

- name: Increase throughput settings
ansible.posix.sysctl:
name: net.core.somaxconn
value: 65535
ignore_errors: true

# Set Soft User Limits
- name: Set number of procs
Expand All @@ -112,29 +115,29 @@
limit_type: soft
limit_item: nproc
value: 32000
ignore_errors: true

- name: Set number of files
community.general.pam_limits:
domain: mongod
limit_type: soft
limit_item: nofile
value: 64000
ignore_errors: true

- name: Create data directory
ansible.builtin.file:
state: directory
path: "{{ mongo_data_dir }}"
owner: "{{ mongo_owner }}"
group: "{{ mongo_group }}"
mode: "0755"

- name: Create log directory
ansible.builtin.file:
state: directory
path: "{{ mongo_log_dir }}"
owner: "{{ mongo_owner }}"
group: "{{ mongo_group }}"
mode: "0755"

- name: Create pid directory
ansible.builtin.file:
Expand Down Expand Up @@ -165,15 +168,17 @@
- name: Open Port on FirewallD Public Zone
ansible.posix.firewalld:
port: "{{ mongo_port }}/tcp"
permanent: yes
permanent: true
state: enabled
zone: public
immediate: yes
immediate: true
when:
- ansible_facts.services["firewalld.service"] is defined
- (ansible_facts.services["firewalld.service"].state == "running")
- (ansible_facts.services["firewalld.service"].status == "enabled")
ignore_errors: true
register: result
changed_when: result.rc == 0
failed_when: result.rc > 0

- name: Start mongo
ansible.builtin.systemd:
Expand Down Expand Up @@ -250,7 +255,7 @@

- name: Determine mongo version
ansible.builtin.shell:
cmd: mongod --version | grep "db version" | cut -d" " -f3
cmd: set -o pipefail && mongod --version | grep "db version" | cut -d" " -f3
register: result
check_mode: false
changed_when: false
Expand All @@ -267,3 +272,4 @@
regexp: '^MONGODB='
line: "MONGODB={{ mongodb_release }}"
create: true
mode: "0644"
1 change: 0 additions & 1 deletion roles/mongodb_auth/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,3 @@
ansible.builtin.include_role:
name: mongodb_common
tasks_from: restart-mongo.yml

2 changes: 1 addition & 1 deletion roles/mongodb_common/tasks/determine-primary-server.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,4 @@
loop: "{{ lookup('dict', mongodb_status_result.replicaset) }}"
when:
- not mongodb_status_result.failed
- "'PRIMARY' in item.value"
- "'PRIMARY' in item.value"
2 changes: 1 addition & 1 deletion roles/mongodb_replication/defaults/main.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Copyright (c) 2024, Itential, Inc
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
---
---
4 changes: 2 additions & 2 deletions roles/mongodb_tls/tasks/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
ansible.builtin.copy:
src: "{{ mongo_cert_keyfile_source }}"
dest: "{{ mongo_cert_keyfile_destination }}"
mode: 0400
mode: "0400"
group: "{{ mongo_group }}"
owner: "{{ mongo_owner }}"

Expand All @@ -17,7 +17,7 @@
ansible.builtin.copy:
src: "{{ mongo_root_ca_file_source }}"
dest: "{{ mongo_root_ca_file_destination }}"
mode: 0400
mode: "0400"
group: "{{ mongo_group }}"
owner: "{{ mongo_owner }}"

Expand Down
1 change: 1 addition & 0 deletions roles/os/vars/release-9.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ operational_packages:
- tar
- tcpdump
- telnet
- tuned
- unzip
- wget
- which
Expand Down
10 changes: 10 additions & 0 deletions roles/selinux/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ workingdir.path }}/{{ item | basename }}"
mode: "0644"
with_fileglob:
- "{{ ansible_parent_role_paths | first }}/files/*.te"

Expand All @@ -34,6 +35,9 @@
cmd: "checkmodule -M -m -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.mod {{ item.path }}"
with_items:
- "{{ selinux_policies.files }}"
register: result
changed_when: result.rc == 0
failed_when: result.rc > 0

- name: SELinux - Find the compiled modules
ansible.builtin.find:
Expand All @@ -46,12 +50,18 @@
cmd: "semodule_package -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.pp -m {{ item.path }}"
with_items:
- "{{ compiled_modules.files }}"
register: result
changed_when: result.rc == 0
failed_when: result.rc > 0

- name: SELinux - Install the modules
ansible.builtin.shell: semodule -i *.pp
args:
executable: /bin/bash
chdir: "{{ workingdir.path }}"
register: result
changed_when: result.rc == 0
failed_when: result.rc > 0

- name: Remove temporary working directory
ansible.builtin.file:
Expand Down

0 comments on commit 55edf5e

Please sign in to comment.