majic-ansible-roles Changeset

Changeset - 0be45939fc2a

Parent rev.

Child rev.

[Not reviewed]

0 4 0

Branko Majic (branko) - 15 months ago 2024-09-03 15:42:49
branko@majic.rs

MAR-218: Fix erroneous replacement of shell attribute (from FQCN fixes).

4 files changed with 6 insertions and 6 deletions:

roles/common/tasks/main.yml

roles/php_website/tasks/main.yml

roles/wsgi_website/tasks/main.yml

roles/xmpp_server/molecule/default/prepare.yml

0 comments (0 inline, 0 general)

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -142,49 +142,49 @@ @@
     mode: "0644"
   when: "['emacs24', 'emacs24-nox', 'emacs25', 'emacs25-nox', 'emacs', 'emacs-nox'] | intersect(common_packages) | length > 0"
 - name: Set-up operating system groups
   ansible.builtin.group:
     name: "{{ item.name }}"
     gid: "{{ item.gid | default(omit) }}"
     state: present
   with_items: "{{ os_groups }}"
 - name: Set-up operating system user groups
   ansible.builtin.group:
     name: "{{ item.name }}"
     gid: "{{ item.uid | default(omit) }}"
     state: present
   with_items: "{{ os_users }}"
 - name: Set-up operating system users
   ansible.builtin.user:
     name: "{{ item.name }}"
     uid: "{{ item.uid | default(omit) }}"
     group: "{{ item.name }}"
     groups: "{{ ','.join(item.additional_groups | default([])) }}"
     append: true
-    ansible.builtin.shell: /bin/bash
     shell: /bin/bash
     state: present
     password: "{{ item.password | default('!') }}"
     update_password: on_create
   with_items: "{{ os_users }}"
 - name: Set-up authorised keys
   ansible.posix.authorized_key:
     user: "{{ item.0.name }}"
     key: "{{ item.1 }}"
   with_subelements:
     - "{{ os_users | selectattr('authorized_keys', 'defined') | list }}"
     - authorized_keys
 - name: Disable remote logins for root
   ansible.builtin.lineinfile:
     dest: "/etc/ssh/sshd_config"
     state: present
     regexp: "^PermitRootLogin"
     line: "PermitRootLogin no"
   notify:
     - Restart SSH
 - name: Disable remote login authentication via password
   ansible.builtin.lineinfile:

roles/php_website/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create PHP website group
   ansible.builtin.group:
     name: "{{ user }}"
     gid: "{{ uid | default(omit) }}"
     state: present
 - name: Create PHP website admin user
   ansible.builtin.user:
     name: "{{ admin }}"
     uid: "{{ admin_uid | default(omit) }}"
     group: "{{ user }}"
-    ansible.builtin.shell: /bin/bash
     shell: /bin/bash
     createhome: true
     home: "{{ home }}"
     state: present
 - name: Set-up directory for storing user profile configuration files
   ansible.builtin.file:
     path: "{{ home }}/.profile.d"
     state: directory
     owner: "{{ admin }}"
     group: "{{ user }}"
     mode: "0750"
 - name: Create PHP website user
   ansible.builtin.user:
     name: "{{ user }}"
     uid: "{{ uid | default(omit) }}"
     group: "{{ user }}"
     comment: "umask=0007"
     system: true
     createhome: false
     state: present
     home: "{{ home }}"
     # This is a workaround for a rather stupid bug that Debian seems
     # uninterested to backport -
     # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
-    ansible.builtin.shell: /bin/sh
     shell: /bin/sh
 - name: Add nginx user to website group
   ansible.builtin.user:
     name: "www-data"
     groups: "{{ user }}"
     append: "yes"
   notify:
     - Restart nginx
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   ansible.builtin.template:
     src: "forward.j2"
     dest: "{{ home }}/.forward"
     owner: root
     group: "{{ user }}"
     mode: "0640"
 - name: Install extra packages for website
   ansible.builtin.apt:
     name: "{{ packages }}"
     state: present

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create WSGI website group
   ansible.builtin.group:
     name: "{{ user }}"
     gid: "{{ uid | default(omit) }}"
     state: present
 - name: Create WSGI website admin user
   ansible.builtin.user:
     name: "{{ admin }}"
     uid: "{{ admin_uid | default(omit) }}"
     group: "{{ user }}"
-    ansible.builtin.shell: /bin/bash
     shell: /bin/bash
     createhome: true
     home: "{{ home }}"
     state: present
 - name: Set-up directory for storing user profile configuration files
   ansible.builtin.file:
     path: "{{ home }}/.profile.d"
     state: directory
     owner: "{{ admin }}"
     group: "{{ user }}"
     mode: "0750"
 - name: Deploy profile configuration file for auto-activating the virtual environment
   ansible.builtin.copy:
     src: "profile_virtualenv.sh"
     dest: "{{ home }}/.profile.d/virtualenv.sh"
     owner: root
     group: "{{ user }}"
     mode: "0640"
 - name: Deploy profile configuration file for setting environment variables
   ansible.builtin.template:
     src: "environment.sh.j2"
     dest: "{{ home }}/.profile.d/environment.sh"
     owner: root
     group: "{{ user }}"
     mode: "0640"
 - name: Create WSGI website user
   ansible.builtin.user:
     name: "{{ user }}"
     uid: "{{ uid | default(omit) }}"
     group: "{{ user }}"
     comment: "umask=0007"
     system: true
     createhome: false
     state: present
     home: "{{ home }}"
     # This is a workaround for a rather stupid bug that Debian seems
     # uninterested to backport -
     # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865762
-    ansible.builtin.shell: /bin/sh
     shell: /bin/sh
 - name: Add nginx user to website group
   ansible.builtin.user:
     name: www-data
     groups: "{{ user }}"
     append: true
   notify:
     - Restart nginx
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   ansible.builtin.template:
     src: "forward.j2"
     dest: "{{ home }}/.forward"
     owner: root
     group: "{{ user }}"
     mode: "0640"
 - name: Install extra packages for website
   ansible.builtin.apt:
     name: "{{ packages }}"
     state: present
   register: install_extra_packages

roles/xmpp_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -130,49 +130,49 @@ @@
         group: root
         mode: "0644"
       notify:
         - Update CA certificate cache
     - name: Install console-based XMPP client (for interactive testing)
       ansible.builtin.apt:
         name: mcabber
         state: present
     - name: Install console-based XMPP tool (for non-interactive testing)
       ansible.builtin.apt:
         name: go-sendxmpp
         state: present
     - name: Create dedicated group for testing
       ansible.builtin.group:
         name: user
         state: present
     - name: Create dedicated user for testing
       ansible.builtin.user:
         name: user
         group: user
-        ansible.builtin.shell: /bin/bash
         shell: /bin/bash
     - name: Deploy mcabber configuration files
       ansible.builtin.template:
         src: tests/data/mcabber.cfg.j2
         dest: "~user/{{ item.jid }}.cfg"
         owner: user
         group: user
         mode: "0600"
       with_items:
         - jid: john.doe@domain1
           password: johnpassword
           server: domain1
           security: tls
           nickname: john.doe
         - jid: jane.doe@domain2
           password: janepassword
           server: domain2
           security: ssl
           nickname: jane.doe
         - jid: mick.doe@domain3
           password: mickpassword
           server: domain3
           security: tls
           nickname: mick.doe

0 comments (0 inline, 0 general)