majic-ansible-roles Changeset

Changeset - a20ca43cd967

Parent rev.

Child rev.

[Not reviewed]

0 8 0

Branko Majic (branko) - 7 years ago 2018-11-04 21:27:36
branko@majic.rs

MAR-134: Fix Ansible warning about use of apt and with_items:

- The apt module can accept list of names already, and with_items is
considered to be deprecated in this regard (otherwise it would
end-up running one apt command per item).
- Changed multiple roles where apt was used together along with_items.

8 files changed with 27 insertions and 38 deletions:

roles/backup_client/tasks/main.yml

roles/backup_server/tasks/main.yml

roles/common/tasks/main.yml

roles/database_server/tasks/main.yml

roles/mail_server/tasks/main.yml

roles/php_website/tasks/main.yml

roles/web_server/tasks/main.yml

roles/wsgi_website/tasks/main.yml

0 comments (0 inline, 0 general)

roles/backup_client/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install pexpect for pexpect+sftp Duplicity backend (mainly needed on Stretch)
   apt:
     name: "python-pexpect"
     state: present
 - name: Install backup software
   apt:
     name: "{{ item }}"
     name:
       - duplicity
       - duply
     state: present
   with_items:
     - duplicity
     - duply
 - name: Set-up Duply directories
   file:
     path: "{{ item }}"
     state: directory
     owner: root
     group: root
     mode: 0700
   with_items:
     - "/etc/duply"
     - "/etc/duply/main"
     - "/etc/duply/main/patterns"

roles/backup_server/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install backup software
   apt:
     name: "{{ item }}"
     name:
       - duplicity
       - duply
     state: present
   with_items:
     - duplicity
     - duply
 - name: Create directory for storing backups
   file:
     path: "/srv/backups"
     state: directory
     owner: root
     group: root
     mode: 0751
   tags:
     # [ANSIBLE0009] Octal file permissions must contain leading zero
     #   Misleading message, linting is complaining here actually because of the
     #   executable bit without read/write for others (e.g. the "1" in "0751").

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -90,27 +90,26 @@ @@
 - name: Install ssl-cert package
   apt:
     name: ssl-cert
     state: present
 - name: Install rcconf (workaround for systemctl broken handling of SysV)
   apt:
     name: rcconf
     state: present
 - name: Install common packages
   apt:
-    name: "{{ item }}"
+    name: "{{ common_packages }}"
     state: "present"
   with_items: "{{ common_packages }}"
 - name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
   file:
     src: "/usr/bin/mariadb_config"
     dest: "/usr/bin/mysql_config"
     state: link
   when: "'libmariadb-client-lgpl-dev-compat' in common_packages and ansible_distribution_release == 'jessie'"
 - name: Disable electric-indent-mode for Emacs by default for all users
   copy:
     src: "01disable-electric-indent-mode.el"
     dest: "/etc/emacs/site-start.d/01disable-electric-indent-mode.el"

roles/database_server/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install MariaDB
   apt:
     name: "{{ item }}"
     name:
       - mariadb-client
       - mariadb-server
       - python-mysqldb
     state: present
   with_items:
     - mariadb-client
     - mariadb-server
     - python-mysqldb
 - name: Enable MariaDB service on boot (workaround for systemctl broken handling of SysV)
   command: rcconf -on mysql
   register: result
   changed_when: result.stderr == ""
 - name: Enable and start MariaDB
   service:
     name: mysql
     state: started
 - name: Set password for the root database user

roles/mail_server/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install rsync
   apt:
     name: rsync
     state: present
 - name: Install Dovecot packages
   apt:
     name: "{{ item }}"
     name:
       - dovecot-imapd
       - dovecot-ldap
       - dovecot-sieve
       - dovecot-managesieved
     state: present
   with_items:
     - dovecot-imapd
     - dovecot-ldap
     - dovecot-sieve
     - dovecot-managesieved
 - name: Install Postfix packages
   apt:
     name: "{{ item }}"
     name:
       - postfix
       - postfix-ldap
     state: present
   with_items:
     - postfix
     - postfix-ldap
 - name: Purge Exim configuration
   apt:
     name: "exim4*"
     state: absent
     purge: true
 - name: Allow Postfix user to traverse the directory with TLS private keys
   user:
     name: postfix
     append: true
     groups: ssl-cert

roles/php_website/tasks/main.yml

➞

Show inline comments

@@ @@ -50,27 +50,26 @@ @@
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   template:
     src: "forward.j2"
     dest: "{{ home }}/.forward"
     owner: root
     group: "{{ user }}"
     mode: 0640
 - name: Install extra packages for website
   apt:
-    name: "{{ item }}"
+    name: "{{ packages }}"
     state: present
   with_items: "{{ packages }}"
 - name: Set-up MariaDB mysql_config symbolic link for compatibility on Jessie (workaround for Debian bug 766996)
   file:
     src: "/usr/bin/mariadb_config"
     dest: "/usr/bin/mysql_config"
     state: link
   when: "'libmariadb-client-lgpl-dev-compat' in packages and ansible_distribution_release == 'jessie'"
 - name: Deploy PHP FPM configuration file for website
   template:
     src: "fpm_site.conf.j2"
     dest: "{{ php_fpm_pool_directory }}/{{ fqdn }}.conf"

roles/web_server/tasks/main.yml

➞

Show inline comments

@@ @@ -120,31 +120,30 @@ @@
     owner: root
     group: www-data
     mode: 0640
 - name: Enable nginx service
   service:
     name: nginx
     enabled: true
     state: started
 - name: Install base packages for Python web applications
   apt:
     name: "{{ item }}"
     name:
       - python-setuptools
       - python3-setuptools
       - virtualenv
       - virtualenvwrapper
     state: present
   with_items:
     - python-setuptools
     - python3-setuptools
     - virtualenv
     - virtualenvwrapper
 - name: Create directories for storing per-site socket files
   file:
     path: "{{ item }}"
     state: directory
     owner: root
     group: www-data
     mode: 0750
   with_items:
     - "/run/wsgi/"
     - "/run/{{ php_fpm_service_name }}/"
@@ @@ -152,28 +151,26 @@ @@
   copy:
     content: "d /run/{{ item }}/ 0750 root www-data - -"
     dest: "/etc/tmpfiles.d/{{ item }}.conf"
     owner: root
     group: root
     mode: 0644
   with_items:
     - wsgi
     - "{{ php_fpm_service_name }}"
 - name: Install base packages for PHP web applications
   apt:
-    name: "{{ item }}"
+    name: "{{ php_fpm_package_name }}"
     state: present
   with_items:
     - "{{ php_fpm_package_name }}"
 - name: Create directory for storing PHP-FPM service configuration overrides
   file:
     path: "/etc/systemd/system/{{ php_fpm_service_name }}.service.d/"
     state: directory
     owner: root
     group: root
     mode: 0755
 - name: Configure PHP-FPM service to run with umask 0007
   copy:
     src: "php_fpm_umask.conf"

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -66,27 +66,26 @@ @@
 # Ownership set to root so Postfix would not check if correct user owns the
 # file.
 - name: Set-up forwarding for mails delivered to local application user/admin
   template:
     src: "forward.j2"
     dest: "{{ home }}/.forward"
     owner: root
     group: "{{ user }}"
     mode: 0640
 - name: Install extra packages for website
   apt:
-    name: "{{ item }}"
+    name: "{{ packages }}"
     state: present
   with_items: "{{ packages }}"
   register: install_extra_packages
   notify:
     - Restart WSGI services
 - name: Set-up MariaDB mysql_config symbolic link for compatibility (workaround for Debian bug 766996)
   file:
     src: "/usr/bin/mariadb_config"
     dest: "/usr/bin/mysql_config"
     state: link
   when: "'libmariadb-client-lgpl-dev-compat' in packages"
 # Ignore failures - the virtual environment might not have been

0 comments (0 inline, 0 general)