Added rsc01 mounts for new umcg-grip and umcg-hlhs groups.

group_vars/gearshift_cluster/vars.yml

@@ -393,9 +393,11 @@ lfs_mounts:
         mode: '2750'
       - name: umcg-griac
       - name: umcg-grip
+        mode: '2750'
       - name: umcg-gsad
       - name: umcg-hematology
       - name: umcg-hlhs
+        mode: '2750'
       - name: umcg-immunogenetics
       - name: umcg-impact
       - name: umcg-lifelines
@@ -566,8 +568,10 @@ lfs_mounts:
       - name: umcg-gdio
       - name: umcg-gonl
       - name: umcg-griac
+      - name: umcg-grip
       - name: umcg-gsad
       - name: umcg-hematology
+      - name: umcg-hlhs
       - name: umcg-immunogenetics
       - name: umcg-impact
       - name: umcg-lifelines

roles/grafana/meta/main.yml

@@ -3,10 +3,10 @@ galaxy_info:
   role_name: grafana
   author: Pieter Neerincx (UMCG)  Egon Rijpkema (UG)
   description: runs grafana in a docker container.
-  min_ansible_version: 2.4
+  min_ansible_version: '2.4'
   license: "license (GPLv3)"
   platforms:
-    - name: CentOS
+    - name: EL
       versions:
         - all
 

roles/grafana/tasks/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: '0755'
     owner: '65534'
   with_items:
     - '/srv/grafana/lib'
@@ -15,7 +15,7 @@
   ansible.builtin.template:
     src: 'templates/grafana.service'
     dest: '/etc/systemd/system/grafana.service'
-    mode: 0644
+    mode: '0644'
     owner: root
     group: root
   tags:

roles/grafana_proxy/tasks/main.yml

@@ -10,7 +10,7 @@
   ansible.builtin.template:
     src: templates/nginx.conf
     dest: /etc/nginx/nginx.conf
-    mode: 0644
+    mode: '0644'
     owner: root
     group: root
   become: true
@@ -19,7 +19,7 @@
   ansible.builtin.file:
     path: /etc/certificates/live/airlock.hpc.rug.nl
     state: directory
-    mode: 0751
+    mode: '0751'
   become: true
 
 - name: Copy certificate and chain files in place.

roles/iptables/tasks/main.yml

@@ -72,7 +72,7 @@
     dest: '/etc/sysconfig/iptables-init.bash'
     owner: root
     group: root
-    mode: 0700
+    mode: '0700'
   notify: configure_iptables
   become: true
 

roles/online_docs/tasks/main.yml

@@ -279,7 +279,7 @@
     owner: 'root'
     group: 'root'
     mode: '0750'
-  with_filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs"
+  with_community.general.filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs"
   when: item.state == 'directory'
   notify:
     - 'build_mkdocs'
@@ -398,7 +398,7 @@
     owner: 'root'
     group: 'root'
     mode: '0640'
-  with_filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs"
+  with_community.general.filetree: "{{ playbook_dir }}/roles/online_docs/templates/mkdocs"
   # Exclude temporary *.html preview files, which are also exlcuded in .gitignore and should not be transferred.
   when: item.state == 'file' and '.md.html' not in item.path
   notify:

roles/pulp_server/tasks/main.yml

@@ -188,7 +188,7 @@
   ansible.builtin.template:
     src: templates/repo_management_user.netrc.j2
     dest: "/admin/{{ repo_management_user }}/.netrc"
-    mode: 0600
+    mode: '0600'
     owner: "{{ repo_management_user }}"
     group: "{{ repo_management_user }}"
   become: true
@@ -198,7 +198,7 @@
   ansible.builtin.template:
     src: templates/repo_management_user.settings.toml.j2
     dest: "/admin/{{ repo_management_user }}/.config/pulp/settings.toml"
-    mode: 0600
+    mode: '0600'
     owner: "{{ repo_management_user }}"
     group: "{{ repo_management_user }}"
   become: true

roles/rsyslog_client/tasks/client.yml

@@ -50,7 +50,7 @@
   ansible.builtin.template:
     src: templates/client_template.csr
     dest: /tmp/client_template.csr
-    mode: 0600
+    mode: '0600'
     force: true
   when: not remote_client_key_status.stat.exists or verify_certificate_result.rc == 1
 
@@ -100,7 +100,7 @@
   ansible.builtin.template:
     src: templates/client_template.csr
     dest: /tmp/{{ inventory_hostname }}_client_template.csr
-    mode: 0600
+    mode: '0600'
     force: true
   become: true
   when: not remote_client_key_status.stat.exists or verify_certificate_result.rc == 1

roles/rsyslog_client/tasks/deploy.yml

@@ -19,7 +19,7 @@
     src: templates/rsyslog.conf
     dest: /etc/rsyslog.conf
     force: true
-    mode: 0644
+    mode: '0644'
   become: true
   when: inventory_hostname not in groups['rsyslog']
   notify: client_restart_rsyslog
@@ -29,7 +29,7 @@
     src: templates/rsyslog_managed.conf
     dest: /etc/rsyslog.d/managed.conf
     force: true
-    mode: 0644
+    mode: '0644'
   become: true
   when: inventory_hostname not in groups['rsyslog']
   notify: client_restart_rsyslog
@@ -39,7 +39,7 @@
     src: templates/rsyslog_unmanaged.conf
     dest: /etc/rsyslog.d/unmanaged.conf
     force: true
-    mode: 0644
+    mode: '0644'
   become: true
   when: inventory_hostname not in groups['rsyslog']
   notify: client_restart_rsyslog

roles/rsyslog_server/tasks/create_ca.yml

@@ -24,7 +24,7 @@
   ansible.builtin.template:
     src: roles/rsyslog_server/templates/ca.template
     dest: /tmp/ca.template
-    mode: 0600
+    mode: '0600'
   when: not ca_key_on_server.stat.exists
 
 - name: Generate CA cert on managed rsyslog server

roles/rsyslog_server/tasks/rsyslog.yml

@@ -93,7 +93,7 @@
     src: roles/rsyslog_server/templates/rsyslog.conf
     dest: /etc/rsyslog.conf
     force: true
-    mode: 0644
+    mode: '0644'
   become: true
   notify: restart-rsyslog.service
 

roles/ssh_known_hosts/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Create /etc/ssh/ssh_known_hosts file with public key from CA that signed the host keys.
   ansible.builtin.copy:
     dest: /etc/ssh/ssh_known_hosts
-    mode: 0644
+    mode: '0644'
     owner: root
     group: root
     content: "@cert-authority * {{ lookup('file', ssh_host_signer_ca_private_key + '.pub') }}"

roles/static_hostname_lookup/tasks/main.yml

@@ -3,7 +3,7 @@
   ansible.builtin.template:
     src: templates/hosts.j2
     dest: /etc/hosts
-    mode: 0644
+    mode: '0644'
     owner: root
     group: root
     backup: true

roles/subgroup_directories/tasks/create_subgroup_directories.yml

@@ -1,5 +1,8 @@
 ---
 - name: "Create directory structure for releases with version number on {{ lfs }}."
+  when: versioned_sub_groups | length > 0
+  become: true
+  become_user: "{{ main_group }}-dm"
   block:
     - name: "Create /groups/{{ main_group }}/{{ lfs }}/releases/ directory."
       ansible.builtin.file:
@@ -28,11 +31,11 @@
       with_items: "{{ versioned_sub_groups }}"
       # Continue if this specific subgroup failed and try to create other subgroup folders.
       ignore_errors: true  # noqa ignore-errors
-  when: versioned_sub_groups | length > 0
-  become: true
-  become_user: "{{ main_group }}-dm"
 
 - name: "Create directory structure for projects on {{ lfs }}."
+  when: unversioned_sub_groups | length > 0
+  become: true
+  become_user: "{{ main_group }}-dm"
   block:
     - name: "Create /groups/{{ main_group }}/{{ lfs }}/projects directory."
       ansible.builtin.file:
@@ -51,7 +54,4 @@
       with_items: "{{ unversioned_sub_groups }}"
       # Continue if this specific subgroup failed and try to create other subgroup folders.
       ignore_errors: true  # noqa ignore-errors
-  when: unversioned_sub_groups | length > 0
-  become: true
-  become_user: "{{ main_group }}-dm"
 ...

roles/swap/tasks/enable_swap.yml

@@ -18,7 +18,7 @@
     path: "{{ swap_file_path }}"
     owner: root
     group: root
-    mode: 0600
+    mode: '0600'
   become: true
 
 - name: Add swap file entry to fstab.

single_group_playbooks/pre_deploy_checks.yml

@@ -9,28 +9,28 @@
     # Disable Ansible's interpretor detection logic,
     # which would fail to use the interpretor from an activated virtual environment.
     #
-    - ansible_python_interpreter: python
+    ansible_python_interpreter: python
   pre_tasks:
     - name: 'Verify Ansible version meets requirements.'
       ansible.builtin.assert:
         that: "ansible_version.full is version_compare(minimal_ansible_version, '>=')"
         msg: "You must update Ansible to at least {{ minimal_ansible_version }}.x to use this playbook."
       vars:
         minimal_ansible_version: 2.10
-      run_once: true
+      run_once: true  # noqa run-once
       delegate_to: localhost
       connection: local
     - name: 'Verify that the group_vars were parsed.'
       ansible.builtin.assert:
         that: stack_name is defined
         msg: "FATAL: the stack_name Ansible variable is undefined, which suggests that the group_vars were not parsed."
-      run_once: true
+      run_once: true  # noqa run-once
       delegate_to: localhost
       connection: local
     - name: 'Download dependencies from Ansible Galaxy on the Ansible control host.'
       ansible.builtin.command:
         cmd: ansible-galaxy install -r requirements.yml
-      run_once: true
+      run_once: true  # noqa run-once
       delegate_to: localhost
       connection: local
       changed_when: "'installed successfully' in resolved_dependencies.stdout"