diff --git a/.ansible-lint b/.ansible-lint
index 2076d8dd087e7c91a8fcecb2e25551b68e68f0fa..071c3f4c392c67e9a662816a8f234975d2db78df 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -37,6 +37,7 @@ use_default_rules: true
skip_list:
- skip_this_tag
- git-latest
+ - name[casing]
# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
# mentioned in the enable_list:
diff --git a/DEBUG.yml b/DEBUG.yml
index 55f0926e6e8a42c22e5e34f06b2c709007f3567f..36021d2192bd7adea76c4d16dde2a52aecfd086e 100644
--- a/DEBUG.yml
+++ b/DEBUG.yml
@@ -1,19 +1,21 @@
---
-- hosts: "*"
+- name: debug tasks
+ hosts: "*"
become: true
gather_facts: true
tasks:
# - name: include vars
# include_vars: ../vars/stichprobe.yml
- # - debug:
+ # - ansible.builtin.debug:
# msg: "{{ item.value.institute_code }} {{ stichprobe_user }}"
# loop: "{{ lookup('dict', stichprobe_hosts) }}"
# when: ansible_hostname == item.key
# ignore_errors: true
- # - debug:
+ # - ansible.builtin.debug:
# msg: "{{ user }}"
# msg: "{{ systemdunits }}"
- # - debug:
+ # - ansible.builtin.debug:
# msg: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
- - debug:
+ - name: debug
+ ansible.builtin.debug:
msg: "{{ role_path }}/../ansible_vaults/{{ role_name }}/"
diff --git a/handlers/main.yml b/handlers/main.yml
index e8c34e8abd9a3d0ece7c0399cde7d41ab3f55d83..54be91b79cc4d46c14483e5862d08f1722b2ee42 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -17,6 +17,7 @@
- name: save iptables rules
ansible.builtin.command: 'netfilter-persistent save'
listen: "save iptables rules"
+ changed_when: false
- name: restart sshd
ansible.builtin.systemd:
@@ -40,9 +41,11 @@
- name: activate kernel parameter changes
ansible.builtin.command: sysctl -p
+ changed_when: false
- name: create PIDfiles
ansible.builtin.command: systemd-tmpfiles --create
+ changed_when: false
- name: daemon-reload
ansible.builtin.systemd:
diff --git a/meta/main.yml b/meta/main.yml
index 0ec57be17fbee280cd68957edb1db85781d5b1b2..b3ff7cfc1522546c482346ee1ddabe7775928d7f 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -3,6 +3,8 @@ galaxy_info:
author: Jörg Sachse
company: SLUB Dresden
description: role to install Submission Application processing server for the SLUBarchiv digital preservation repository
+ role_name: ansible_lza_ingest
+ namespace: slub
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
# add tags to this list.
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420ab5c87edfa59c7805ce4534ff1b387177..a5cfa75e4c765f52891877bfca5f823b69a2c23b 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -5,6 +5,6 @@
hosts: all
gather_facts: false
tasks:
- - name: Example assertion
- ansible.builtin.assert:
- that: true
+ - name: Example assertion
+ ansible.builtin.assert:
+ that: true
diff --git a/site.yml b/site.yml
index a6f2e4eb3f5a37c49d63c50faa86a5ed87b4ff6f..cb7d4390694cabc64487eb4c708aafd1b6d809a1 100644
--- a/site.yml
+++ b/site.yml
@@ -1,9 +1,10 @@
---
-- hosts: localhost
+- name: preparations
+ hosts: localhost
connection: local
post_tasks:
- name: check for FIXMEs
- find:
+ ansible.builtin.find:
path: "{{ playbook_dir }}"
pattern: "*.yml"
recurse: true
@@ -12,12 +13,13 @@
- "site.yml"
register: result_fixmes
- name: CHECK FOR UNRESOLVED ISSUES/TODOs
- debug:
+ ansible.builtin.debug:
msg: "Unresolved FIXME/TODO in {{ item.path }}"
loop: "{{ result_fixmes.files }}"
when: result_fixmes.matched > 0
-- hosts: lza_ingest_*
+- name: install SubApp host
+ hosts: lza_ingest_*
# strategy plugin setting, default: linear, docu: https://docs.ansible.com/ansible/latest/plugins/strategy.html
# execution strategy, possible values: debug, linear, serial, free (https://docs.ansible.com/ansible/latest/user_guide/playbooks_strategies.html)
@@ -27,7 +29,7 @@
pre_tasks:
- name: Verify that the installed version of Ansible meets this playbook's version requirements.
- assert:
+ ansible.builtin.assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
msg: >
"You must update Ansible to at least 2.8 to use this playbook."
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index 359c4c1b5fd5f8ac357b25a9ad8b640abbaac8db..37ee02d53c3f280bb66b6c682a1b294623cbe666 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -33,7 +33,7 @@
src: "{{ item.src | default(omit) }}"
state: "{{ item.state | default('mounted') }}"
fstype: "{{ item.fstype | default('nfs') }}"
- opts: "{{ item.opts | default( nfs_opts.v3 ) }}"
+ opts: "{{ item.opts | default(nfs_opts.v3) }}"
loop:
# common Log - use this once the migration to the separated dis-/subapp is finished
- path: "/mnt/logs/"
@@ -72,7 +72,7 @@
src: "{{ item.src }}"
state: "{{ item.state | default('mounted') }}"
fstype: "{{ item.fstype | default('nfs') }}"
- opts: "{{ item.opts | default( nfs_opts.v3 ) }}"
+ opts: "{{ item.opts | default(nfs_opts.v3) }}"
loop:
# DisApp
- path: "{{ paths.log_disapp.mountpoint }}"
diff --git a/tasks/configure_ssh_publickeys.yml b/tasks/configure_ssh_publickeys.yml
index 36283972a7f9ec7b9b7e26d349d0fcc3f85a7f3a..f04a8029a046447207e5c932421321961a74dea1 100644
--- a/tasks/configure_ssh_publickeys.yml
+++ b/tasks/configure_ssh_publickeys.yml
@@ -1,6 +1,6 @@
---
- name: deploy SSH PublicKeys for SubApp-/SFTP-Users
- ansible.builtin.authorized_key:
+ ansible.posix.authorized_key:
user: "{{ item.user | default(vault_ssh_user) }}"
comment: "{{ item.comment }}"
key: "{{ item.key }}"
diff --git a/tasks/install_subapp.yml b/tasks/install_subapp.yml
index c6752575f50b501a7b6a5b0bbeff7ddcfbf19602..f6bccb4c4ce27be2080f9dbec757bc9ce44b1e04 100644
--- a/tasks/install_subapp.yml
+++ b/tasks/install_subapp.yml
@@ -92,7 +92,7 @@
tags: [systemd]
- name: Services automatisch bei jedem Booten starten
- ansible.builtin.command: "systemctl enable /etc/systemd/user/{{ item.item }}" # noqak 301 303
+ ansible.builtin.command: "systemctl enable /etc/systemd/user/{{ item.item }}" # noqak no-changed-when command-instead-of-module
loop: "{{ subapp_services_enabled.results }}"
when: item.stdout != "enabled"
tags: [systemd]
@@ -146,7 +146,7 @@
owner: "{{ vault_subapp_vars.files.disapp.owner }}"
group: "{{ vault_subapp_vars.files.disapp.group }}"
mode: "{{ vault_subapp_vars.files.disapp.mode | default('0400') }}"
- loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
+# loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
- name: write new SubApp config file
ansible.builtin.template:
src: "subapp.cfg.j2"
@@ -154,7 +154,7 @@
owner: "{{ vault_subapp_vars.files.subapp.owner }}"
group: "{{ vault_subapp_vars.files.subapp.group }}"
mode: "{{ vault_subapp_vars.files.subapp.mode | default('0400') }}"
- loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
+# loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
- name: Quarantaeneverzeichnis & Lockverzeichnis anlegen
ansible.builtin.file:
diff --git a/tasks/install_ta_tools.yml b/tasks/install_ta_tools.yml
index f156e941272666c62fe06301213b2ae64897a933..8edd02c77a5b434de2fdee88360319d0fb93e8ef 100644
--- a/tasks/install_ta_tools.yml
+++ b/tasks/install_ta_tools.yml
@@ -35,8 +35,10 @@
# This is THE main purpose of this task file, so we won't run this as a handler
# but set "noqa: no-handler" instead.
+# Also, OF COURSE we want to run it every time. We just pulled a fresh copy
+# from Git and it's onyl run when that action changed.
- name: install ta-tools
- ansible.builtin.command:
+ ansible.builtin.command: # noqa: no-changed-when
cmd: "dzil install"
chdir: "/tmp/tools-for-technical-analysts/"
when: ta_tools_git.changed # noqa: no-handler
diff --git a/tasks/remove_packages.yml b/tasks/remove_packages.yml
index 97d0e2b5bbd2808e94e8865a5e86b9ea12880b04..a2176b765d06425b834ea7e0738966cbb4e1f553 100644
--- a/tasks/remove_packages.yml
+++ b/tasks/remove_packages.yml
@@ -13,6 +13,8 @@
- ( "0 unit files listed." not in check_clamav_installed.stdout )
- ( check_clamav_installed.rc != 0 )
- name: clamav Deinstallation
+ when:
+ - ( "0 unit files listed." not in check_clamav_installed.stdout )
block:
- name: clamav systemd Services deaktivieren
ansible.builtin.systemd:
@@ -32,5 +34,3 @@
state: absent
purge: true
autoremove: true
- when:
- - ( "0 unit files listed." not in check_clamav_installed.stdout )