diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index c54c799b891625f0f0e32e8db94e329f87435f6f..29db9f6282f696abbefc6fb48d91e7a5accc9269 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -1,6 +1,6 @@ --- -enable_backup: False +enable_backup: false common_packages: [] os_users: [] os_groups: [] diff --git a/roles/common/molecule/default/create.yml b/roles/common/molecule/default/create.yml index f8eb37cd4df02c540216c02791d0c50870986202..ce8657f9bae3be7f42731fd1efe77e87a62afcd9 100644 --- a/roles/common/molecule/default/create.yml +++ b/roles/common/molecule/default/create.yml @@ -2,7 +2,7 @@ - name: Create hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" diff --git a/roles/common/molecule/default/destroy.yml b/roles/common/molecule/default/destroy.yml index 3972a2df8fafe515b30a74f951499b83aae8449c..8f0a3703672765e77f4f1a3a8046a1f2b561a7a8 100644 --- a/roles/common/molecule/default/destroy.yml +++ b/roles/common/molecule/default/destroy.yml @@ -3,7 +3,7 @@ - name: Destroy hosts: localhost connection: local - gather_facts: False + gather_facts: false no_log: "{{ not lookup('env', 'MOLECULE_DEBUG') | bool }}" vars: molecule_file: "{{ lookup('env', 'MOLECULE_FILE') }}" diff --git a/roles/common/molecule/default/group_vars/parameters-mandatory.yml b/roles/common/molecule/default/group_vars/parameters-mandatory.yml new file mode 100644 index 0000000000000000000000000000000000000000..ed97d539c095cf1413af30cc23dea272095b97dd --- /dev/null +++ b/roles/common/molecule/default/group_vars/parameters-mandatory.yml @@ -0,0 +1 @@ +--- diff --git a/roles/common/molecule/default/group_vars/parameters-optional.yml b/roles/common/molecule/default/group_vars/parameters-optional.yml new file mode 100644 index 0000000000000000000000000000000000000000..23aa5cd33714bdcb21712593ef6ee85264e28502 --- /dev/null +++ b/roles/common/molecule/default/group_vars/parameters-optional.yml @@ -0,0 +1,61 @@ +--- + +enable_backup: true +apt_proxy: "http://10.31.127.2:3142/" +os_users: + - name: user1 + - name: user2 + uid: 2001 + additional_groups: + - group1 + - group2 + authorized_keys: + - "{{ lookup('file', 'tests/data/ssh/clientkey1.pub') }}" + - "{{ lookup('file', 'tests/data/ssh/clientkey2.pub') }}" + # Password is 'user2'. + password: "$6$wdXOQiMe09ugh0$VRIph2XA2QQyEYlAlH7zT4TPACDUalf/4FKpqG9JRHfKxANTcTug2ANCt450htcs0LikJfHLWofLP54jraFU61" + - name: user3 + uid: 2002 + additional_groups: + - group3 + authorized_keys: + - "{{ lookup('file', 'tests/data/ssh/clientkey3.pub') }}" + # Password is 'user3'. + password: "$6$nmx.21uLqT$9LrUqNUgUwIM.l0KFKgr2.kDEwe2lo7IbBIhnG70AGW7GTFdWBUFnGAxH15YxikTXhDJD/uxd.NNgojEOjRvx1" +os_groups: + - name: group1 + - name: group2 + gid: 3001 + - name: group3 + gid: 3002 +common_packages: + - units + - gnutls-bin + - "{{ 'libmariadb-client-lgpl-dev-compat' if ansible_distribution_release == 'jessie' + else 'libmariadbclient-dev-compat' if ansible_distribution_release == 'stretch' }}" + - emacs24-nox +ca_certificates: + cacert1: "{{ lookup('file', 'tests/data/x509/ca1.cert.pem') }}" + cacert2: "{{ lookup('file', 'tests/data/x509/ca2.cert.pem') }}" +extra_backup_patterns: + - /home/user1 + - /home/user2 +incoming_connection_limit: 5/second +incoming_connection_limit_burst: 5 +pipreqcheck_uid: 2500 +pipreqcheck_gid: 2500 +prompt_colour: cyan +prompt_id: test +# Purposefully set this to 3 servers to make sure we are +# overriding the default configuration. +ntp_servers: + - "0.debian.pool.ntp.org" + - "1.debian.pool.ntp.org" + - "2.debian.pool.ntp.org" +# From backup_client role meta dependency. +backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/backup_encryption_key') }}" +backup_server: backup-server +backup_server_host_ssh_public_keys: + - bougs-backup-server-key-1 + - bougs-backup-server-key-2 +backup_ssh_key: "bogus-backup-client-key" diff --git a/roles/common/molecule/default/molecule.yml b/roles/common/molecule/default/molecule.yml index 4e1aafd942b349d48dcda9d3cef3e0f47cac0743..551efe9253b27b809664125e70d9e81774da7efe 100644 --- a/roles/common/molecule/default/molecule.yml +++ b/roles/common/molecule/default/molecule.yml @@ -9,6 +9,8 @@ driver: lint: name: yamllint + options: + config-file: ../../.yamllint.yml platforms: - name: helper diff --git a/roles/common/molecule/default/playbook.yml b/roles/common/molecule/default/playbook.yml index eb0cc6b215a3cbe3554b8d49dae65a2ba4e67604..dc3adc6f7d043986309e2cab6cbfa4186b613488 100644 --- a/roles/common/molecule/default/playbook.yml +++ b/roles/common/molecule/default/playbook.yml @@ -1,7 +1,7 @@ --- - hosts: helper - become: yes + become: true tasks: - name: Install apt-cacher-ng @@ -9,70 +9,7 @@ name: apt-cacher-ng state: installed -- hosts: parameters-mandatory - become: yes +- hosts: parameters-mandatory,parameters-optional + become: true roles: - - role: common - -- hosts: parameters-optional - become: yes - roles: - - role: common - enable_backup: yes - apt_proxy: "http://10.31.127.2:3142/" - os_users: - - name: user1 - - name: user2 - uid: 2001 - additional_groups: - - group1 - - group2 - authorized_keys: - - "{{ lookup('file', 'tests/data/ssh/clientkey1.pub') }}" - - "{{ lookup('file', 'tests/data/ssh/clientkey2.pub') }}" - # Password is 'user2'. - password: "$6$wdXOQiMe09ugh0$VRIph2XA2QQyEYlAlH7zT4TPACDUalf/4FKpqG9JRHfKxANTcTug2ANCt450htcs0LikJfHLWofLP54jraFU61" - - name: user3 - uid: 2002 - additional_groups: - - group3 - authorized_keys: - - "{{ lookup('file', 'tests/data/ssh/clientkey3.pub') }}" - # Password is 'user3'. - password: "$6$nmx.21uLqT$9LrUqNUgUwIM.l0KFKgr2.kDEwe2lo7IbBIhnG70AGW7GTFdWBUFnGAxH15YxikTXhDJD/uxd.NNgojEOjRvx1" - os_groups: - - name: group1 - - name: group2 - gid: 3001 - - name: group3 - gid: 3002 - common_packages: - - units - - gnutls-bin - - "{{ 'libmariadb-client-lgpl-dev-compat' if ansible_distribution_release == 'jessie' else 'libmariadbclient-dev-compat' if ansible_distribution_release == 'stretch' }}" - - emacs24-nox - ca_certificates: - cacert1: "{{ lookup('file', 'tests/data/x509/ca1.cert.pem') }}" - cacert2: "{{ lookup('file', 'tests/data/x509/ca2.cert.pem') }}" - extra_backup_patterns: - - /home/user1 - - /home/user2 - incoming_connection_limit: 5/second - incoming_connection_limit_burst: 5 - pipreqcheck_uid: 2500 - pipreqcheck_gid: 2500 - prompt_colour: cyan - prompt_id: test - # Purposefully set this to 3 servers to make sure we are - # overriding the default configuration. - ntp_servers: - - "0.debian.pool.ntp.org" - - "1.debian.pool.ntp.org" - - "2.debian.pool.ntp.org" - # From backup_client role meta dependency. - backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/backup_encryption_key') }}" - backup_server: backup-server - backup_server_host_ssh_public_keys: - - bougs-backup-server-key-1 - - bougs-backup-server-key-2 - backup_ssh_key: "bogus-backup-client-key" + - common diff --git a/roles/common/molecule/default/prepare.yml b/roles/common/molecule/default/prepare.yml index da6db4aeb78655b297d2acdacfbd877e045955f3..59567b5e85a899689a70209645fc87dbbbbdcaf3 100644 --- a/roles/common/molecule/default/prepare.yml +++ b/roles/common/molecule/default/prepare.yml @@ -2,22 +2,22 @@ - name: Prepare hosts: all - gather_facts: False + gather_facts: false tasks: - name: Install python for Ansible raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) - become: True - changed_when: False + become: true + changed_when: false - hosts: all - become: yes + become: true tasks: - name: Update all caches to avoid errors due to missing remote archives apt: - update_cache: yes - changed_when: False + update_cache: true + changed_when: false - name: Install net-tools for running Testinfra host.socket tests apt: diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index d04ee6e5e876aa8aff391764d1d3a5f43ce2b7b3..dc48754070199fb602cc1f7a2672f5d11eaad892 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -29,7 +29,7 @@ lineinfile: dest: "/etc/login.defs" state: present - backrefs: yes + backrefs: true regexp: '^UMASK(\s+)' line: 'UMASK\g<1>027' @@ -37,7 +37,7 @@ lineinfile: dest: "/etc/adduser.conf" state: present - backrefs: yes + backrefs: true regexp: '^DIR_MODE=' line: 'DIR_MODE=0750' @@ -139,7 +139,7 @@ uid: "{{ item.uid | default(omit) }}" group: "{{ item.name }}" groups: "{{ ','.join(item.additional_groups | default([])) }}" - append: yes + append: true shell: /bin/bash state: present password: "{{ item.password | default('!') }}" @@ -308,7 +308,7 @@ command: "/usr/bin/virtualenv --prompt '(pipreqcheck)' '/var/lib/pipreqcheck/virtualenv'" args: creates: '/var/lib/pipreqcheck/virtualenv/bin/activate' - become: yes + become: true become_user: "pipreqcheck" tags: # [ANSIBLE0012] Commands should not change things if nothing needs doing @@ -353,7 +353,7 @@ name: - "pip>=9.0.0,<10.0.0" virtualenv: "~pipreqcheck/virtualenv" - become: yes + become: true become_user: "pipreqcheck" - name: Install pip-tools if not present @@ -361,14 +361,14 @@ name: pip-tools state: present virtualenv: "~pipreqcheck/virtualenv" - become: yes + become: true become_user: "pipreqcheck" - name: Synchronise pip-tools virtual environment via deployed requirements file shell: "source ~pipreqcheck/virtualenv/bin/activate && pip-sync /etc/pip_check_requirements_upgrades/pipreqcheck/requirements.txt" args: executable: /bin/bash - become: yes + become: true become_user: "pipreqcheck" register: pipreqcheck_pip_sync changed_when: "pipreqcheck_pip_sync.stdout != 'Everything up-to-date'"