style: satisfy linter

6beb8773 · Jörg Sachse · ae911508 · 6beb8773 · 6beb8773 · 6beb8773
Commit 6beb8773 authored 2 years ago by Jörg Sachse
--- a/handlers/main.yml
+++ b/handlers/main.yml
 ---
 - name: save iptables rules (Debian)
+  when: ansible_os_family == "Debian"
  block:
    - name: Ordner für iptables-Config erstellen
      ansible.builtin.file:
@@ -18,9 +19,9 @@
    - name: save iptables rules
      ansible.builtin.command: 'netfilter-persistent save'      # noqa no-changed-when
      listen: "save iptables rules"
-  when: ansible_os_family == "Debian"
 - name: save iptables rules (RedHat)
+  when: ansible_os_family == "RedHat"
  block:
    - name: make sure iptables config file exists
      ansible.builtin.file:
@@ -34,7 +35,6 @@
    - name: save rules
      ansible.builtin.command: /usr/sbin/iptables-save        # noqa no-changed-when
      listen: "save iptables rules"
-  when: ansible_os_family == "RedHat"
 - name: restart exim
  ansible.builtin.systemd:

--- a/meta/main.yml
+++ b/meta/main.yml
 ---
 galaxy_info:
+  role_name: "ansible_lza_install_common"
+  namespace: "slub"
  author: Jörg Sachse
  company: SLUB Dresden
  description: role to deploy a base install of Debian for use in the SLUBarchiv digital preservation repository

--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
--- a/site.yml
+++ b/site.yml
 ---
- hosts: "*"
+- name: "install generic base server"
+  hosts: "*"
  pre_tasks:
    - name: Verify that the installed version of Ansible meets this playbook's version requirements.
-      assert:
+      ansible.builtin.assert:
        that: "ansible_version.full is version_compare('2.2', '>=')"
        msg: >
          "You must update Ansible to at least 2.2 to use this playbook."
@@ -24,4 +25,4 @@
  strategy: linear
  roles:
-    - { role: ansible_lza_install_common, become: true }
+    - { role: "ansible_lza_install_common", become: true }
--- a/tasks/configure_autoupdate.yml
+++ b/tasks/configure_autoupdate.yml
 ---
 - name: remove apt-cron autoupdate (Debian)
+  when: ansible_os_family == "Debian"
  block:
    - name: Uninstall autoupdate packages (Debian)
      ansible.builtin.apt:
@@ -13,11 +14,11 @@
        - "/etc/cron-apt/action.d/3-download"
        - "/etc/cron-apt/config"
        - "/etc/cron.d/cron-apt"
-  when: ansible_os_family == "Debian"
 # unattended-upgrades is the default in Debian 11 and new GUBS installations
 # anyway, so we use it instead of cron-apt.
 - name: Install & configure unattended-upgrades (Debian/Ubuntu)
+  when: ansible_os_family == "Debian"
  block:
    - name: install unattended-upgrades
      ansible.builtin.apt:
@@ -49,10 +50,10 @@
      ansible.builtin.file:
        path: "/etc/apt/apt.conf.d/51only-security-upgrades"
        state: absent
-  when: ansible_os_family == "Debian"
 # based on: https://access.redhat.com/solutions/2823901
 - name: Install & configurate autoupdate (RedHat)
+  when: ansible_os_family == "RedHat"
  block:
    - name: include vars yum-cron.yml
      ansible.builtin.include_vars: "yum-cron.yml"
@@ -70,4 +71,3 @@
        owner: "root"
        group: "root"
        mode: "0644"
-  when: ansible_os_family == "RedHat"
--- a/tasks/configure_package_repositories.yml
+++ b/tasks/configure_package_repositories.yml
 ---
 - name: configure Debian repositories
+  when: "ansible_facts['distribution'] == 'Debian'"
  block:
    - name: öffentlichen Schlüssel hinzufügen (sonst muss bei jeder Installation eine Warnmeldung bestätigt werden)
      ansible.builtin.apt_key:
@@ -12,7 +13,6 @@
        state: present
        update_cache: "yes"
        mode: "0644"
-  when: "ansible_facts['distribution'] == 'Debian'"
 - name: add custom repositories
  ansible.builtin.yum_repository:

--- a/tasks/configure_ssh_keys.yml
+++ b/tasks/configure_ssh_keys.yml
 ---
 - name: gültige SSH-Keys für Public-Key Authentication einspielen (HUMAN_USERS)
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    comment: "{{ item.value.ssh_comment_current | default('') }}"
    key: "{{ item.value.ssh_key_current | default('') }}"
@@ -9,7 +9,7 @@
  when: item.value.state != "absent"
 - name: gültige SSH-Keys für Public-Key Authentication einspielen (ROBOT_USERS)
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ item.key }}"
    comment: "{{ item.value.ssh_comment_current | default('') }}"
    key: "{{ item.value.ssh_key_current | default('') }}"
@@ -18,7 +18,7 @@
  when: item.value.state != "absent"
 - name: alle gültigen SSH-Keys zum Installationsuser hinzufügen
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
    user: "{{ vault_install_username }}"
    comment: "{{ item.value.ssh_comment_current | default('') }}"
    key: "{{ item.value.ssh_key_current | default('') }}"

--- a/tasks/configure_swap.yml
+++ b/tasks/configure_swap.yml
 ---
 - name: configure zram based swap (Debian)
+  when: ansible_os_family == "Debian"
  block:
    - name: install zram
      ansible.builtin.package:
@@ -12,11 +13,11 @@
          ALGO=lz4
          PERCENT=50
      notify: restart zramswap
-  when: ansible_os_family == "Debian"
 # RHEL part is based on https://www.techrepublic.com/article/how-to-enable-zram-rocky-linux/
 # More docu on zram at https://www.kernel.org/doc/html/latest/admin-guide/blockdev/zram.html
 - name: configure zram based swap (RedHat)
+  when: ansible_os_family == "RedHat"
  block:
    - name: disable swapping first, otherwise zram will not work
      ansible.builtin.command: "swapoff -a"
@@ -71,7 +72,6 @@
        dest: "/usr/local/lib/systemd/system/zramswap.service"
        mode: "0644"
      notify: restart zramswap
-  when: ansible_os_family == "RedHat"
 - name: configure zram based swap (common)
  block:

--- a/tasks/install_packages.yml
+++ b/tasks/install_packages.yml
@@ -7,6 +7,7 @@
 # Äquivalent von yum update
 - name: update packages (RedHat)
+  when: ansible_os_family == "RedHat"
  block:
    - name: yum update
      ansible.builtin.yum:
@@ -16,7 +17,6 @@
    - name: yum autoremove
      ansible.builtin.yum:
        autoremove: true
-  when: ansible_os_family == "RedHat"
 - name: uninstall packages
  ansible.builtin.apt:

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,134 +14,134 @@
 ### PAKETINSTALLATIONEN ###
 # - name: Netzwerk konfigurieren
-#   import_tasks: configure-network.yml
+#   ansible.builtin.import_tasks: configure-network.yml
 #   tags: [network,dns]
 # We don't test for idempotence because these tasks can never be idempotent.
 # They are meant to copy fresh Backups of the SSH keys every time they are run.
 - name: Server-SSH-Schlüssel sichern
-  import_tasks: backup_ssh_hostkeys.yml
+  ansible.builtin.import_tasks: "backup_ssh_hostkeys.yml"
  tags: [ssh, molecule-idempotence-notest]
 - name: SLUB-lokales Debian-Repository hinzufügen
-  import_tasks: configure_package_repositories.yml
+  ansible.builtin.import_tasks: "configure_package_repositories.yml"
  tags: [apt, yum, packages]
 - name: NTP-Client
-  import_tasks: migrate_ntpd_to_esxi_timesync.yml
+  ansible.builtin.import_tasks: "migrate_ntpd_to_esxi_timesync.yml"
  when:    # implicit AND when passing a list
    - ansible_facts.virtualization_role == "guest"
    - ansible_facts.virtualization_type == "VMware"
  tags: [ntp, ntpd, time]
 - name: Systempakete installieren
-  import_tasks: install_packages.yml
+  ansible.builtin.import_tasks: "install_packages.yml"
  tags: [apt, yum, packages]
 - name: HotAdd-Scripte für VMware installieren
-  import_tasks: install_hotadd_scripts.yml
+  ansible.builtin.import_tasks: "install_hotadd_scripts.yml"
  tags: [hotadd]
 - name: Lzip-Tools installieren
-  import_tasks: install_lzip_tools.yml
+  ansible.builtin.import_tasks: "install_lzip_tools.yml"
  tags: [lzip, lziptools]
 ### KONFIGURATION ###
 - name: Bash (Prompt, Aliases etc.) konfigurieren
-  import_tasks: configure_bash.yml
+  ansible.builtin.import_tasks: "configure_bash.yml"
  tags: [bash]
 - name: Autoupdate konfigurieren
-  import_tasks: configure_autoupdate.yml
+  ansible.builtin.import_tasks: "configure_autoupdate.yml"
  tags: [apt, yum, packages]
 - name: Konfigurationsdateien einspielen - SSH-Login
-  import_tasks: configure_ssh_login.yml
+  ansible.builtin.import_tasks: "configure_ssh_login.yml"
  tags: [ssh, bash]
 - name: Konfigurationsdateien einspielen - HTOP
-  import_tasks: configure_htop.yml
+  ansible.builtin.import_tasks: "configure_htop.yml"
  tags: [htop]
 - name: tmux konfigurieren
-  import_tasks: configure_tmux.yml
+  ansible.builtin.import_tasks: "configure_tmux.yml"
  tags: [tmux]
 - name: logrotate konfigurieren
-  import_tasks: configure_logrotate.yml
+  ansible.builtin.import_tasks: "configure_logrotate.yml"
  tags: [log, logrotate]
 - name: motd Script einspielen
-  import_tasks: configure_motd.yml
+  ansible.builtin.import_tasks: "configure_motd.yml"
  tags: [motd]
 - name: Gruppen und Benutzer erzeugen
-  import_tasks: create_users_groups.yml
+  ansible.builtin.import_tasks: "create_users_groups.yml"
  tags: [users]
 - name: SSH-Keys verwalten
-  import_tasks: configure_ssh_keys.yml
+  ansible.builtin.import_tasks: "configure_ssh_keys.yml"
  tags: [users]
 - name: ungültige User und SSH-Keys entfernen
-  import_tasks: remove_users_keys.yml
+  ansible.builtin.import_tasks: "remove_users_keys.yml"
  tags: [ssh, users, cleanup]
 - name: Logging auf Syslog-Server einrichten
-  import_tasks: configure_syslog_server_logging.yml
+  ansible.builtin.import_tasks: "configure_syslog_server_logging.yml"
  tags: [log, syslog]
 - name: persistentes Journalctl-Logging einrichten
-  import_tasks: configure_persistent_journald_logging.yml
+  ansible.builtin.import_tasks: "configure_persistent_journald_logging.yml"
  tags: [log]
 - name: Needrestart installieren
-  import_tasks: install_needrestart.yml
+  ansible.builtin.import_tasks: "install_needrestart.yml"
  when: ansible_distribution == "Debian"
  tags: [apt, needrestart]
 - name: Check_MK-Plugins installieren
-  import_tasks: install_checkmk_plugins.yml
+  ansible.builtin.import_tasks: "install_checkmk_plugins.yml"
  tags: [monitoring]
 - name: root-Shell einrichten
-  import_tasks: configure_root_shell.yml
+  ansible.builtin.import_tasks: "configure_root_shell.yml"
  tags: [bash, root, shell, color]
 - name: root-Shell einrichten
-  import_tasks: configure_sudoers.yml
+  ansible.builtin.import_tasks: "configure_sudoers.yml"
  tags: [sudo]
 - name: Configure swap
-  import_tasks: configure_swap.yml
+  ansible.builtin.import_tasks: "configure_swap.yml"
  tags: [swap, vm]
 - name: sar konfigurieren
-  import_tasks: configure_sar.yml
+  ansible.builtin.import_tasks: "configure_sar.yml"
  tags: [sar, sysstat]
 - name: Exim konfigurieren
-  import_tasks: configure_exim.yml
+  ansible.builtin.import_tasks: "configure_exim.yml"
  when: ansible_os_family == "Debian"
  tags: [exim, mail]
 - name: Postfix konfigurieren
-  import_tasks: configure_postfix.yml
+  ansible.builtin.import_tasks: "configure_postfix.yml"
  when: ansible_os_family == "RedHat"
  tags: [postfix, mail]
 # - name: Glances-Server abschalten
-#   import_tasks: configure_glances.yml
+#   ansible.builtin.import_tasks: "configure_glances.yml"
 #   when: ansible_os_family != "RedHat"        # RHEL 7 still runs Glances 2.5, which doesn't come with the glances.service SystemD unit
 #   tags: [glances]
 ### CGROUP FÜR CHECK_MK KONFIGURIEREN ###
 # - name: include cgroup CMK config
-#   import_tasks: cgroup_check_mk.yml
+#   ansible.builtin.import_tasks: "cgroup_check_mk.yml"
 #   tags: [always]
 - name: NTP konfigurieren
-  import_tasks: configure_ntp.yml
+  ansible.builtin.import_tasks: "configure_ntp.yml"
  tags: [ntp]
 - name: Configure Network