From 55edf5ecb1584e961f3cfc1fa52e95b779b8af05 Mon Sep 17 00:00:00 2001
From: Steven Schattenberg
 <122639296+steven-schattenberg-itential@users.noreply.github.com>
Date: Mon, 8 Jul 2024 18:23:15 -0400
Subject: [PATCH] Lint issues (#20)

* Correct lint issues

* Add ansible-lint, remove ansible-lint-ignore

* Add ansible-lint, remove ansible-lint-ignore

* changed yaml to yml

* Correct lint issues in mongo roles

* Edits based on review
---
 roles/mongodb/tasks/configure-selinux.yml     |  3 ++
 roles/mongodb/tasks/download-packages.yml     |  2 +-
 roles/mongodb/tasks/main.yaml                 | 30 +++++++++++--------
 roles/mongodb_auth/tasks/main.yaml            |  1 -
 .../tasks/determine-primary-server.yml        |  2 +-
 roles/mongodb_replication/defaults/main.yaml  |  2 +-
 roles/mongodb_tls/tasks/main.yaml             |  4 +--
 roles/os/vars/release-9.yaml                  |  1 +
 roles/selinux/tasks/main.yml                  | 10 +++++++
 9 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/roles/mongodb/tasks/configure-selinux.yml b/roles/mongodb/tasks/configure-selinux.yml
index 5f606fd..542e65f 100644
--- a/roles/mongodb/tasks/configure-selinux.yml
+++ b/roles/mongodb/tasks/configure-selinux.yml
@@ -24,6 +24,7 @@
             - chcon -Rv -u system_u -t mongod_var_lib_t '{{ mongo_data_dir }}'
             - restorecon -R -v '{{ mongo_data_dir }}'
           register: result
+          changed_when: result.rc == 0
           failed_when:
             - result.rc is defined
             - result.rc > 0
@@ -36,6 +37,8 @@
             - semanage fcontext -a -t mongod_log_t '{{ mongo_log_dir }}'
             - chcon -Rv -u system_u -t mongod_log_t '{{ mongo_log_dir }}'
             - restorecon -R -v '{{ mongo_log_dir }}'
+          register: result
+          changed_when: result.rc == 0
           failed_when:
             - result.rc is defined
             - result.rc > 0
diff --git a/roles/mongodb/tasks/download-packages.yml b/roles/mongodb/tasks/download-packages.yml
index e5eabdc..9a4e2b1 100644
--- a/roles/mongodb/tasks/download-packages.yml
+++ b/roles/mongodb/tasks/download-packages.yml
@@ -70,4 +70,4 @@
     tasks_from: fetch-packages
   vars:
     src_dir: "{{ wheels_download_dir_target_node }}/app"
-    dest_dir: "{{ wheels_download_dir_control_node }}/app"
\ No newline at end of file
+    dest_dir: "{{ wheels_download_dir_control_node }}/app"
diff --git a/roles/mongodb/tasks/main.yaml b/roles/mongodb/tasks/main.yaml
index 9bdb4ef..b21c65b 100644
--- a/roles/mongodb/tasks/main.yaml
+++ b/roles/mongodb/tasks/main.yaml
@@ -21,6 +21,7 @@
   tags: install_base_os_packages
 
 - name: Install MongoDB packages
+  tags: install_mongodb_packages
   block:
     - name: Get the list of installed packages
       ansible.builtin.package_facts:
@@ -35,7 +36,6 @@
       ansible.builtin.include_tasks:
         file: mongodb-offline.yml
       when: offline_install
-  tags: install_mongodb_packages
 
 - name: Install Python
   ansible.builtin.include_tasks:
@@ -53,6 +53,7 @@
   ansible.builtin.template:
     src: thp.service.j2
     dest: "/etc/systemd/system/disable-transparent-huge-pages.service"
+    mode: "0644"
 
 - name: Reload systemd unit files
   ansible.builtin.systemd:
@@ -74,36 +75,38 @@
     path: "/etc/tuned/virtual-guest-no-thp"
     owner: root
     group: root
+    mode: "0755"
 
 - name: Ensure tuned does not re-enable THP
   ansible.builtin.template:
     src: tuned.conf.j2
     dest: "/etc/tuned/virtual-guest-no-thp/tuned.conf"
+    mode: "0644"
 
 - name: Enable tuned profile
-  ansible.builtin.command: tuned-adm profile virtual-guest-no-thp
+  ansible.builtin.command:
+    cmd: tuned-adm profile virtual-guest-no-thp
   vars:
     ansible_python_interpreter: "{{ python_venv }}/bin/python3"
-  ignore_errors: true
+  register: result
+  changed_when: result.rc == 0
+  failed_when: result.rc > 0
 
 # Tune Kernel parameters
 - name: Adjust keepalive
   ansible.posix.sysctl:
     name: net.ipv4.tcp_keepalive_time
     value: 300
-  ignore_errors: true
 
 - name: Disable zone reclaim mode
   ansible.posix.sysctl:
     name: vm.zone_reclaim_mode
     value: 0
-  ignore_errors: true
 
 - name: Increase throughput settings
   ansible.posix.sysctl:
     name: net.core.somaxconn
     value: 65535
-  ignore_errors: true
 
 # Set Soft User Limits
 - name: Set number of procs
@@ -112,7 +115,6 @@
     limit_type: soft
     limit_item: nproc
     value: 32000
-  ignore_errors: true
 
 - name: Set number of files
   community.general.pam_limits:
@@ -120,7 +122,6 @@
     limit_type: soft
     limit_item: nofile
     value: 64000
-  ignore_errors: true
 
 - name: Create data directory
   ansible.builtin.file:
@@ -128,6 +129,7 @@
     path: "{{ mongo_data_dir }}"
     owner: "{{ mongo_owner }}"
     group: "{{ mongo_group }}"
+    mode: "0755"
 
 - name: Create log directory
   ansible.builtin.file:
@@ -135,6 +137,7 @@
     path: "{{ mongo_log_dir }}"
     owner: "{{ mongo_owner }}"
     group: "{{ mongo_group }}"
+    mode: "0755"
 
 - name: Create pid directory
   ansible.builtin.file:
@@ -165,15 +168,17 @@
 - name: Open Port on FirewallD Public Zone
   ansible.posix.firewalld:
     port: "{{ mongo_port }}/tcp"
-    permanent: yes
+    permanent: true
     state: enabled
     zone: public
-    immediate: yes
+    immediate: true
   when:
     - ansible_facts.services["firewalld.service"] is defined
     - (ansible_facts.services["firewalld.service"].state == "running")
     - (ansible_facts.services["firewalld.service"].status == "enabled")
-  ignore_errors: true
+  register: result
+  changed_when: result.rc == 0
+  failed_when: result.rc > 0
 
 - name: Start mongo
   ansible.builtin.systemd:
@@ -250,7 +255,7 @@
 
 - name: Determine mongo version
   ansible.builtin.shell:
-    cmd: mongod --version | grep "db version" | cut -d" " -f3
+    cmd: set -o pipefail && mongod --version | grep "db version" | cut -d" " -f3
   register: result
   check_mode: false
   changed_when: false
@@ -267,3 +272,4 @@
     regexp: '^MONGODB='
     line: "MONGODB={{ mongodb_release }}"
     create: true
+    mode: "0644"
diff --git a/roles/mongodb_auth/tasks/main.yaml b/roles/mongodb_auth/tasks/main.yaml
index df2facb..9245df8 100644
--- a/roles/mongodb_auth/tasks/main.yaml
+++ b/roles/mongodb_auth/tasks/main.yaml
@@ -43,4 +43,3 @@
   ansible.builtin.include_role:
     name: mongodb_common
     tasks_from: restart-mongo.yml
-
diff --git a/roles/mongodb_common/tasks/determine-primary-server.yml b/roles/mongodb_common/tasks/determine-primary-server.yml
index 92a68b0..b06e43f 100644
--- a/roles/mongodb_common/tasks/determine-primary-server.yml
+++ b/roles/mongodb_common/tasks/determine-primary-server.yml
@@ -38,4 +38,4 @@
       loop: "{{ lookup('dict', mongodb_status_result.replicaset) }}"
       when:
         - not mongodb_status_result.failed
-        - "'PRIMARY' in item.value"
\ No newline at end of file
+        - "'PRIMARY' in item.value"
diff --git a/roles/mongodb_replication/defaults/main.yaml b/roles/mongodb_replication/defaults/main.yaml
index 6181765..8a31de0 100644
--- a/roles/mongodb_replication/defaults/main.yaml
+++ b/roles/mongodb_replication/defaults/main.yaml
@@ -1,3 +1,3 @@
 # Copyright (c) 2024, Itential, Inc
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
----
\ No newline at end of file
+---
diff --git a/roles/mongodb_tls/tasks/main.yaml b/roles/mongodb_tls/tasks/main.yaml
index d7afd87..580bb53 100644
--- a/roles/mongodb_tls/tasks/main.yaml
+++ b/roles/mongodb_tls/tasks/main.yaml
@@ -8,7 +8,7 @@
   ansible.builtin.copy:
     src: "{{ mongo_cert_keyfile_source }}"
     dest: "{{ mongo_cert_keyfile_destination }}"
-    mode: 0400
+    mode: "0400"
     group: "{{ mongo_group }}"
     owner: "{{ mongo_owner }}"
 
@@ -17,7 +17,7 @@
   ansible.builtin.copy:
     src: "{{ mongo_root_ca_file_source }}"
     dest: "{{ mongo_root_ca_file_destination }}"
-    mode: 0400
+    mode: "0400"
     group: "{{ mongo_group }}"
     owner: "{{ mongo_owner }}"
 
diff --git a/roles/os/vars/release-9.yaml b/roles/os/vars/release-9.yaml
index 1b5149e..4be192b 100644
--- a/roles/os/vars/release-9.yaml
+++ b/roles/os/vars/release-9.yaml
@@ -36,6 +36,7 @@ operational_packages:
   - tar
   - tcpdump
   - telnet
+  - tuned
   - unzip
   - wget
   - which
diff --git a/roles/selinux/tasks/main.yml b/roles/selinux/tasks/main.yml
index 0952bf0..e6700e1 100644
--- a/roles/selinux/tasks/main.yml
+++ b/roles/selinux/tasks/main.yml
@@ -20,6 +20,7 @@
       ansible.builtin.copy:
         src: "{{ item }}"
         dest: "{{ workingdir.path }}/{{ item | basename }}"
+        mode: "0644"
       with_fileglob:
         - "{{ ansible_parent_role_paths | first }}/files/*.te"
 
@@ -34,6 +35,9 @@
         cmd: "checkmodule -M -m -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.mod {{ item.path }}"
       with_items:
         - "{{ selinux_policies.files }}"
+      register: result
+      changed_when: result.rc == 0
+      failed_when: result.rc > 0
 
     - name: SELinux - Find the compiled modules
       ansible.builtin.find:
@@ -46,12 +50,18 @@
         cmd: "semodule_package -o {{ workingdir.path }}/{{ item.path | basename | splitext | first }}.pp -m {{ item.path }}"
       with_items:
         - "{{ compiled_modules.files }}"
+      register: result
+      changed_when: result.rc == 0
+      failed_when: result.rc > 0
 
     - name: SELinux - Install the modules
       ansible.builtin.shell: semodule -i *.pp
       args:
         executable: /bin/bash
         chdir: "{{ workingdir.path }}"
+      register: result
+      changed_when: result.rc == 0
+      failed_when: result.rc > 0
 
     - name: Remove temporary working directory
       ansible.builtin.file: