From 5b506d2ec188ff30400f6b11c2f6b4b5ff0de7ee Mon Sep 17 00:00:00 2001 From: Pieter Neerincx Date: Thu, 16 Feb 2023 10:10:37 +0100 Subject: [PATCH 1/5] Added rsc01 mounts for new umcg-grip and umcg-hlhs groups. --- group_vars/gearshift_cluster/vars.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/group_vars/gearshift_cluster/vars.yml b/group_vars/gearshift_cluster/vars.yml index 64922d7b0..a91a299af 100644 --- a/group_vars/gearshift_cluster/vars.yml +++ b/group_vars/gearshift_cluster/vars.yml @@ -393,9 +393,11 @@ lfs_mounts: mode: '2750' - name: umcg-griac - name: umcg-grip + mode: '2750' - name: umcg-gsad - name: umcg-hematology - name: umcg-hlhs + mode: '2750' - name: umcg-immunogenetics - name: umcg-impact - name: umcg-lifelines @@ -566,8 +568,10 @@ lfs_mounts: - name: umcg-gdio - name: umcg-gonl - name: umcg-griac + - name: umcg-grip - name: umcg-gsad - name: umcg-hematology + - name: umcg-hlhs - name: umcg-immunogenetics - name: umcg-impact - name: umcg-lifelines From ee1c86cf701730506e97b53616e2c59d46a6006b Mon Sep 17 00:00:00 2001 From: Pieter Neerincx Date: Thu, 16 Feb 2023 18:47:03 +0100 Subject: [PATCH 2/5] Fixed new linter issues. --- roles/grafana/meta/main.yml | 2 +- roles/grafana/tasks/main.yml | 4 ++-- roles/grafana_proxy/tasks/main.yml | 4 ++-- roles/iptables/tasks/main.yml | 2 +- roles/pulp_server/tasks/main.yml | 4 ++-- roles/rsyslog_client/tasks/client.yml | 4 ++-- roles/rsyslog_client/tasks/deploy.yml | 6 +++--- roles/rsyslog_server/tasks/create_ca.yml | 2 +- roles/rsyslog_server/tasks/rsyslog.yml | 2 +- roles/ssh_known_hosts/tasks/main.yml | 2 +- roles/static_hostname_lookup/tasks/main.yml | 2 +- roles/swap/tasks/enable_swap.yml | 2 +- 12 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/grafana/meta/main.yml b/roles/grafana/meta/main.yml index a957ba5ad..490d3911f 100644 --- a/roles/grafana/meta/main.yml +++ b/roles/grafana/meta/main.yml @@ -3,7 +3,7 @@ galaxy_info: role_name: grafana author: Pieter Neerincx (UMCG) Egon Rijpkema (UG) description: runs grafana in a docker container. - min_ansible_version: 2.4 + min_ansible_version: '2.4' license: "license (GPLv3)" platforms: - name: CentOS diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 7c05eed17..238814058 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -3,7 +3,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory - mode: 0755 + mode: '0755' owner: '65534' with_items: - '/srv/grafana/lib' @@ -15,7 +15,7 @@ ansible.builtin.template: src: 'templates/grafana.service' dest: '/etc/systemd/system/grafana.service' - mode: 0644 + mode: '0644' owner: root group: root tags: diff --git a/roles/grafana_proxy/tasks/main.yml b/roles/grafana_proxy/tasks/main.yml index ba197fbc1..608edc0da 100644 --- a/roles/grafana_proxy/tasks/main.yml +++ b/roles/grafana_proxy/tasks/main.yml @@ -10,7 +10,7 @@ ansible.builtin.template: src: templates/nginx.conf dest: /etc/nginx/nginx.conf - mode: 0644 + mode: '0644' owner: root group: root become: true @@ -19,7 +19,7 @@ ansible.builtin.file: path: /etc/certificates/live/airlock.hpc.rug.nl state: directory - mode: 0751 + mode: '0751' become: true - name: Copy certificate and chain files in place. diff --git a/roles/iptables/tasks/main.yml b/roles/iptables/tasks/main.yml index 6b94b7975..aa4b8af37 100644 --- a/roles/iptables/tasks/main.yml +++ b/roles/iptables/tasks/main.yml @@ -72,7 +72,7 @@ dest: '/etc/sysconfig/iptables-init.bash' owner: root group: root - mode: 0700 + mode: '0700' notify: configure_iptables become: true diff --git a/roles/pulp_server/tasks/main.yml b/roles/pulp_server/tasks/main.yml index f10bdaf0a..bee8098e4 100644 --- a/roles/pulp_server/tasks/main.yml +++ b/roles/pulp_server/tasks/main.yml @@ -188,7 +188,7 @@ ansible.builtin.template: src: templates/repo_management_user.netrc.j2 dest: "/admin/{{ repo_management_user }}/.netrc" - mode: 0600 + mode: '0600' owner: "{{ repo_management_user }}" group: "{{ repo_management_user }}" become: true @@ -198,7 +198,7 @@ ansible.builtin.template: src: templates/repo_management_user.settings.toml.j2 dest: "/admin/{{ repo_management_user }}/.config/pulp/settings.toml" - mode: 0600 + mode: '0600' owner: "{{ repo_management_user }}" group: "{{ repo_management_user }}" become: true diff --git a/roles/rsyslog_client/tasks/client.yml b/roles/rsyslog_client/tasks/client.yml index 0323f9bea..7a41cc2cb 100644 --- a/roles/rsyslog_client/tasks/client.yml +++ b/roles/rsyslog_client/tasks/client.yml @@ -50,7 +50,7 @@ ansible.builtin.template: src: templates/client_template.csr dest: /tmp/client_template.csr - mode: 0600 + mode: '0600' force: true when: not remote_client_key_status.stat.exists or verify_certificate_result.rc == 1 @@ -100,7 +100,7 @@ ansible.builtin.template: src: templates/client_template.csr dest: /tmp/{{ inventory_hostname }}_client_template.csr - mode: 0600 + mode: '0600' force: true become: true when: not remote_client_key_status.stat.exists or verify_certificate_result.rc == 1 diff --git a/roles/rsyslog_client/tasks/deploy.yml b/roles/rsyslog_client/tasks/deploy.yml index bba4ce6b7..ad650f98f 100644 --- a/roles/rsyslog_client/tasks/deploy.yml +++ b/roles/rsyslog_client/tasks/deploy.yml @@ -19,7 +19,7 @@ src: templates/rsyslog.conf dest: /etc/rsyslog.conf force: true - mode: 0644 + mode: '0644' become: true when: inventory_hostname not in groups['rsyslog'] notify: client_restart_rsyslog @@ -29,7 +29,7 @@ src: templates/rsyslog_managed.conf dest: /etc/rsyslog.d/managed.conf force: true - mode: 0644 + mode: '0644' become: true when: inventory_hostname not in groups['rsyslog'] notify: client_restart_rsyslog @@ -39,7 +39,7 @@ src: templates/rsyslog_unmanaged.conf dest: /etc/rsyslog.d/unmanaged.conf force: true - mode: 0644 + mode: '0644' become: true when: inventory_hostname not in groups['rsyslog'] notify: client_restart_rsyslog diff --git a/roles/rsyslog_server/tasks/create_ca.yml b/roles/rsyslog_server/tasks/create_ca.yml index 56ce27f93..b559bf410 100644 --- a/roles/rsyslog_server/tasks/create_ca.yml +++ b/roles/rsyslog_server/tasks/create_ca.yml @@ -24,7 +24,7 @@ ansible.builtin.template: src: roles/rsyslog_server/templates/ca.template dest: /tmp/ca.template - mode: 0600 + mode: '0600' when: not ca_key_on_server.stat.exists - name: Generate CA cert on managed rsyslog server diff --git a/roles/rsyslog_server/tasks/rsyslog.yml b/roles/rsyslog_server/tasks/rsyslog.yml index 4a8462d73..f4869bf09 100644 --- a/roles/rsyslog_server/tasks/rsyslog.yml +++ b/roles/rsyslog_server/tasks/rsyslog.yml @@ -93,7 +93,7 @@ src: roles/rsyslog_server/templates/rsyslog.conf dest: /etc/rsyslog.conf force: true - mode: 0644 + mode: '0644' become: true notify: restart-rsyslog.service diff --git a/roles/ssh_known_hosts/tasks/main.yml b/roles/ssh_known_hosts/tasks/main.yml index d511e463c..174fe638c 100644 --- a/roles/ssh_known_hosts/tasks/main.yml +++ b/roles/ssh_known_hosts/tasks/main.yml @@ -2,7 +2,7 @@ - name: Create /etc/ssh/ssh_known_hosts file with public key from CA that signed the host keys. ansible.builtin.copy: dest: /etc/ssh/ssh_known_hosts - mode: 0644 + mode: '0644' owner: root group: root content: "@cert-authority * {{ lookup('file', ssh_host_signer_ca_private_key + '.pub') }}" diff --git a/roles/static_hostname_lookup/tasks/main.yml b/roles/static_hostname_lookup/tasks/main.yml index 19c75c4cb..de5d65f99 100644 --- a/roles/static_hostname_lookup/tasks/main.yml +++ b/roles/static_hostname_lookup/tasks/main.yml @@ -3,7 +3,7 @@ ansible.builtin.template: src: templates/hosts.j2 dest: /etc/hosts - mode: 0644 + mode: '0644' owner: root group: root backup: true diff --git a/roles/swap/tasks/enable_swap.yml b/roles/swap/tasks/enable_swap.yml index f9700f7e1..ad912a0d0 100644 --- a/roles/swap/tasks/enable_swap.yml +++ b/roles/swap/tasks/enable_swap.yml @@ -18,7 +18,7 @@ path: "{{ swap_file_path }}" owner: root group: root - mode: 0600 + mode: '0600' become: true - name: Add swap file entry to fstab. From c3cdb8e05dcd6cafca463c00b15f5a2a840e66f6 Mon Sep 17 00:00:00 2001 From: Pieter Neerincx Date: Thu, 16 Feb 2023 19:39:25 +0100 Subject: [PATCH 3/5] Fixed more linter issues. --- roles/grafana/meta/main.yml | 2 +- roles/online_docs/tasks/main.yml | 4 ++-- .../tasks/create_subgroup_directories.yml | 12 ++++++------ single_group_playbooks/pre_deploy_checks.yml | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/grafana/meta/main.yml b/roles/grafana/meta/main.yml index 490d3911f..71c29c339 100644 --- a/roles/grafana/meta/main.yml +++ b/roles/grafana/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: min_ansible_version: '2.4' license: "license (GPLv3)" platforms: - - name: CentOS + - name: EL versions: - all diff --git a/roles/online_docs/tasks/main.yml b/roles/online_docs/tasks/main.yml index 48ccc84bc..f57f54875 100644 --- a/roles/online_docs/tasks/main.yml +++ b/roles/online_docs/tasks/main.yml @@ -279,7 +279,7 @@ owner: 'root' group: 'root' mode: '0750' - with_filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs" + with_community.general.filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs" when: item.state == 'directory' notify: - 'build_mkdocs' @@ -398,7 +398,7 @@ owner: 'root' group: 'root' mode: '0640' - with_filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs" + with_community.general.filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs" # Exclude temporary *.html preview files, which are also exlcuded in .gitignore and should not be transferred. when: item.state == 'file' and '.md.html' not in item.path notify: diff --git a/roles/subgroup_directories/tasks/create_subgroup_directories.yml b/roles/subgroup_directories/tasks/create_subgroup_directories.yml index d66ce6816..53f4fd873 100644 --- a/roles/subgroup_directories/tasks/create_subgroup_directories.yml +++ b/roles/subgroup_directories/tasks/create_subgroup_directories.yml @@ -1,5 +1,8 @@ --- - name: "Create directory structure for releases with version number on {{ lfs }}." + when: versioned_sub_groups | length > 0 + become: true + become_user: "{{ main_group }}-dm" block: - name: "Create /groups/{{ main_group }}/{{ lfs }}/releases/ directory." ansible.builtin.file: @@ -28,11 +31,11 @@ with_items: "{{ versioned_sub_groups }}" # Continue if this specific subgroup failed and try to create other subgroup folders. ignore_errors: true # noqa ignore-errors - when: versioned_sub_groups | length > 0 - become: true - become_user: "{{ main_group }}-dm" - name: "Create directory structure for projects on {{ lfs }}." + when: unversioned_sub_groups | length > 0 + become: true + become_user: "{{ main_group }}-dm" block: - name: "Create /groups/{{ main_group }}/{{ lfs }}/projects directory." ansible.builtin.file: @@ -51,7 +54,4 @@ with_items: "{{ unversioned_sub_groups }}" # Continue if this specific subgroup failed and try to create other subgroup folders. ignore_errors: true # noqa ignore-errors - when: unversioned_sub_groups | length > 0 - become: true - become_user: "{{ main_group }}-dm" ... diff --git a/single_group_playbooks/pre_deploy_checks.yml b/single_group_playbooks/pre_deploy_checks.yml index 39bafc3d7..5acb8e206 100644 --- a/single_group_playbooks/pre_deploy_checks.yml +++ b/single_group_playbooks/pre_deploy_checks.yml @@ -17,20 +17,20 @@ msg: "You must update Ansible to at least {{ minimal_ansible_version }}.x to use this playbook." vars: minimal_ansible_version: 2.10 - run_once: true + run_once: true # noqa run-once delegate_to: localhost connection: local - name: 'Verify that the group_vars were parsed.' ansible.builtin.assert: that: stack_name is defined msg: "FATAL: the stack_name Ansible variable is undefined, which suggests that the group_vars were not parsed." - run_once: true + run_once: true # noqa run-once delegate_to: localhost connection: local - name: 'Download dependencies from Ansible Galaxy on the Ansible control host.' ansible.builtin.command: cmd: ansible-galaxy install -r requirements.yml - run_once: true + run_once: true # noqa run-once delegate_to: localhost connection: local changed_when: "'installed successfully' in resolved_dependencies.stdout" From 9ea08796acdce0fc6d2bf04c4c83fff2ec095ead Mon Sep 17 00:00:00 2001 From: Pieter Neerincx Date: Thu, 16 Feb 2023 19:51:57 +0100 Subject: [PATCH 4/5] Fixed more linter issues. --- single_group_playbooks/pre_deploy_checks.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/single_group_playbooks/pre_deploy_checks.yml b/single_group_playbooks/pre_deploy_checks.yml index 5acb8e206..9bc6cfeda 100644 --- a/single_group_playbooks/pre_deploy_checks.yml +++ b/single_group_playbooks/pre_deploy_checks.yml @@ -50,4 +50,6 @@ with_items: "{{ ip_addresses_files.files | map(attribute='path') | list }}" delegate_to: localhost connection: local + tasks: + # No tasks here, but added to make it pass the schema[playbook] check from ansible-lint. ... From ae8cddc024c2e30793d88ab6bbb14bcf2dad7945 Mon Sep 17 00:00:00 2001 From: Pieter Neerincx Date: Thu, 16 Feb 2023 22:00:36 +0100 Subject: [PATCH 5/5] Fixed last linter issue. --- single_group_playbooks/pre_deploy_checks.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/single_group_playbooks/pre_deploy_checks.yml b/single_group_playbooks/pre_deploy_checks.yml index 9bc6cfeda..a133831a9 100644 --- a/single_group_playbooks/pre_deploy_checks.yml +++ b/single_group_playbooks/pre_deploy_checks.yml @@ -9,7 +9,7 @@ # Disable Ansible's interpretor detection logic, # which would fail to use the interpretor from an activated virtual environment. # - - ansible_python_interpreter: python + ansible_python_interpreter: python pre_tasks: - name: 'Verify Ansible version meets requirements.' ansible.builtin.assert: @@ -50,6 +50,4 @@ with_items: "{{ ip_addresses_files.files | map(attribute='path') | list }}" delegate_to: localhost connection: local - tasks: - # No tasks here, but added to make it pass the schema[playbook] check from ansible-lint. ...