diff --git a/.ansible-lint b/.ansible-lint
index 9c9323e8df825eddaf10a9188e0fd26583c5dde0..f18a6472898d714ef85310cdbe01e39500977528 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -6,7 +6,7 @@
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
# option will be parsed relative to the CWD of execution.
exclude_paths:
- - .cache/ # implicit unless exclude_paths is defined in config
+ - .cache/ # implicit unless exclude_paths is defined in config
- .git/
- .githooks/
- backups/
@@ -15,24 +15,19 @@ exclude_paths:
# verbosity: 1
# Mock modules or roles in order to pass ansible-playbook --syntax-check
-#mock_modules:
-# - zuul_return
-# # note the foo.bar is invalid as being neither a module or a collection
-# - fake_namespace.fake_collection.fake_module
-# - fake_namespace.fake_collection.fake_module.fake_submodule
-#mock_roles:
-# - mocked_role
-# - author.role_name # old standalone galaxy role
-# - fake_namespace.fake_collection.fake_role # role within a collection
+# mock_modules:
+# - zuul_return
+# # note the foo.bar is invalid as being neither a module or a collection
+# - fake_namespace.fake_collection.fake_module
+# - fake_namespace.fake_collection.fake_module.fake_submodule
+# mock_roles:
+# - mocked_role
+# - author.role_name # old standalone galaxy role
+# - fake_namespace.fake_collection.fake_role # role within a collection
# Enable checking of loop variable prefixes in roles
loop_var_prefix: "{role}_"
-# Enforce variable names to follow pattern below, in addition to Ansible own
-# requirements, like avoiding python identifiers. To disable add `var-naming`
-# to skip_list.
-var_naming_pattern: "^[a-z_][a-z0-9_]*$"
-
use_default_rules: true
# Load custom rules from this specific folder
# rulesdir:
@@ -46,9 +41,9 @@ skip_list:
# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
# mentioned in the enable_list:
enable_list:
- - empty-string-compare # opt-in
- - no-log-password # opt-in
- - no-same-owner # opt-in
+ - empty-string-compare # opt-in
+ - no-log-password # opt-in
+ - no-same-owner # opt-in
# add yaml here if you want to avoid ignoring yaml checks when yamllint
# library is missing. Normally its absence just skips using that rule.
- yaml
@@ -60,19 +55,19 @@ enable_list:
warn_list:
- skip_this_tag
- git-latest
- - experimental # experimental is included in the implicit list
+ - experimental # experimental is included in the implicit list
# - role-name
# Offline mode disables installation of requirements.yml
offline: false
# Define required Ansible's variables to satisfy syntax check
-#extra_vars:
-# foo: bar
-# multiline_string_variable: |
-# line1
-# line2
-# complex_variable: ":{;\t$()"
+# extra_vars:
+# foo: bar
+# multiline_string_variable: |
+# line1
+# line2
+# complex_variable: ":{;\t$()"
# Uncomment to enforce action validation with tasks, usually is not
# needed as Ansible syntax check also covers it.
diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ece7ff6dd671a6a55ec8f7e9e498c0310e52d4cc
--- /dev/null
+++ b/.config/molecule/config.yml
@@ -0,0 +1,2 @@
+---
+prerun: false
diff --git a/.gitignore b/.gitignore
index cf8725056a3045ad01146762678ab62bf3f756fe..ed783329d62a4c1e481a467fe674eb420a2b81dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,6 +51,8 @@ Thumbs.db
*.retry
*.vault
+inventory.*
+inv.*
# Vim #
#######
@@ -73,7 +75,14 @@ tags
.vagrant/
*.box
-# Misc #
-########
+# Temporary/Build/Backup #
+##########################
backups/
+build/
+
+# CONFIDENTIAL #
+################
+
+ssh_host_*
+
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e2d64b3247a3514de3a7b8fe682d29918d9ce847
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,36 @@
+---
+# A pipeline is composed of independent jobs that run scripts, grouped into stages.
+# Stages run in sequential order, but jobs within stages run in parallel.
+#
+# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
+
+stages: # List of stages for jobs, and their order of execution
+ - test
+
+default:
+ before_script:
+ - source /opt/molecule/bin/activate
+ - ansible --version
+ - molecule --version
+
+test-job:
+ stage: test
+ tags:
+ - "shell"
+ script:
+ # make sure that Ansible Vaults are present and can be decrypted
+ - echo "${VAULT_INSTALL_COMMON}" > ../lza_install_common.pass
+ - echo "${VAULT_ROSETTA_APP}" > ../lza_rosetta_app.pass
+ - export ANSIBLE_VAULT_IDENTITY_LIST="../lza_install_common.pass, ../lza_rosetta_app.pass"
+ - rm -rf ../ansible_vaults/
+ - rm -rf ../ansible_lza_install_common/
+ - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/;
+ - git clone https://git.slub-dresden.de/digital-preservation/ansible_lza_install_common.git ../ansible_lza_install_common/;
+ # run Molecule tests
+ - molecule syntax --scenario-name default
+ - molecule lint --scenario-name default
+ - molecule create --scenario-name default
+ - molecule converge --scenario-name default
+ - molecule idempotence --scenario-name default
+ # - molecule verify --scenario-name default
+ - molecule destroy --scenario-name default
diff --git a/.gitlab/issue_templates/Default.md b/.gitlab/issue_templates/Default.md
new file mode 100644
index 0000000000000000000000000000000000000000..acc60bf704eb7d16e00ff44ad58e5b18f8cc0d07
--- /dev/null
+++ b/.gitlab/issue_templates/Default.md
@@ -0,0 +1,16 @@
+## Expected Behavior
+
+
+## Actual Behavior
+
+
+## Steps to Reproduce the Problem
+
+ 1.
+ 1.
+ 1.
+
+## Specifications
+
+ - Version/Commit:
+ - Platform:
diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md
new file mode 100644
index 0000000000000000000000000000000000000000..4030f6fe7d82d4a78fe30cfa9c959eedce2249ed
--- /dev/null
+++ b/.gitlab/merge_request_templates/Default.md
@@ -0,0 +1,7 @@
+Fixes #
+
+## Proposed Changes
+
+ -
+ -
+ -
diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md
new file mode 100644
index 0000000000000000000000000000000000000000..19d2d20a7ef607c068c5a56a45e0eabef5efba31
--- /dev/null
+++ b/CODE-OF-CONDUCT.md
@@ -0,0 +1,3 @@
+# Code of Conduct
+
+Just be excellent to each other. That's it. EoC.
diff --git a/molecule/oracle/tests/parameter_files/__init__.py b/CONTRIBUTING.md
similarity index 100%
rename from molecule/oracle/tests/parameter_files/__init__.py
rename to CONTRIBUTING.md
diff --git a/README.md b/README.md
index 2e0f6287e61121285b734f76e36d3b244da8f3a4..835b657bdd0759fe482bec852f290bde66bcb3c9 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,12 @@
# Ansible-Role "ansible_lza_rosetta_app"
-## Description
+## What does it do?
This role provides all necessary tasks to prepare Rosetta/Oracle servers for SLUBArchiv.
-## Prerequisites
+## What do I need?
+
+### Prerequisites
To use this role, the following software must be installed on your workstation:
* ansible
@@ -12,30 +14,34 @@ To use this role, the following software must be installed on your workstation:
To deploy this role to a managed host, the following software must be installed on the target:
* Python3
* SSHd
+* <INSERT MORE HERE IF NEEDED>
+
+### Dependencies
Other roles required by this role can be easily installed using `ansible-galaxy` if necessary. As the roles reside in SLUB's local Git server instance, you might need a password for certain repositories despite most of them being publicly available. This command will install the required roles in the correct location so they are found in the search path:
```
ansible-galaxy install -r requirements.yml -p ../
```
-It is recommended to use this role with Red Hat Enterprise Linux VMs as prepared by the "ansible_lza_create_rhel_iso" and "ansible_lza_bootstrap_rhel_server" roles.
+### Infrastructure
+
+It is recommended to use Debian VMs as deployed by SLUB's GUBS tool with this role. Otherwise you will not have access to the software packages that are located in SLUB's private Debian package repository.
-## Quick start
+## Can i have a Quick Start?
Most options already have sensible defaults in `ansible.cfg`. However, you can override these defaults using CLI options/flags if you want to. The flags can be combined if necessary, and most of them have long versions as well. Get more information using `ansible-playbook --help`.
To simply run the playbook, just call the `site.yml` playbook like this:
+```bash
+ansible-playbook site.yml -u <username>
```
- ansible-playbook site.yml -u <username>
-```
-
If you want to limit the execution to a subset of all hosts that are listed in the inventory, use the `-l` or `--limit` option like this:
-```
- ansible-playbook site.yml -l <hostna*>
- ansible-playbook site.yml -l <hostname>
- ansible-playbook site.yml -l <hostname1>:<hostname2>:...
- ansible-playbook site.yml -l <inventory_group>
- ansible-playbook site.yml --limit=<hostna*>
+```bash
+ansible-playbook site.yml -l <hostna*>
+ansible-playbook site.yml -l <hostname>
+ansible-playbook site.yml -l <hostname1>:<hostname2>:...
+ansible-playbook site.yml -l <inventory_group>
+ansible-playbook site.yml --limit=<hostna*>
```
If you do not have Vault password files in the directory above the role direcory, you have to give the Vault password before execution:
@@ -60,20 +66,62 @@ You can then run only certain tagged tasks by using the `--tags` option:
ansible-playbook site.yml --tags=tag1,tag2,...,tagN
```
-## Testing the role
+## How can I run tests?
Tests have been implemented using the Molecule framework. The details on using the test suite are described below `molecule/`.
-## Variables
+To run some quick tests, you can do:
+```bash
+# pure syntax check
+molecule syntax
+# run yamllint and ansible-lint
+molecule lint
+# list available test scenarios, e.g. based on different OS images or platforms
+molecule list
+# create the test environment for a specific scenario (can be left out for "default")
+molecule create [-s scenario]
+# run your tasks against the test env
+molecule converge [-s scenario] # multiple times if needed
+# run idempotence checks to se if any of the tasks keeps changing (subsequent runs shouldn't trigger changes)
+molecule idempotence [-s scenario]
+# cleanup test env (remove VM/container)
+molecule destroy [-s scenario]
+```
+
+We recommend running those tests before pushing any code to the Git server.
+
+On every `git push`, the GitLab-CI pipeline will run a similar set of tests to ensure that all changes are working. Find the details in the `.gitlab-ci.yml` file located at the project root directory.
+
+## What can be configured?
+
+### Ansible Role
Many variables have been "hidden" in encrypted Ansible Vaults. For security reasons, these Vaults are maintained in a separate private internal repository of SLUB's Git. However, in order to better understand the data within the vaults, you can find `\*.vault.example` files below the `vars/` directory.
If you work outside of SLUBArchive and have no access to the vault repository, make sure to put the necessary vaults in the expected paths at `../ansible_vaults/<ROLENAME>/`.
-## git configuration
+Variable defaults have been set in `defaults/main.yml`. You can overwrite them with your own values by setting them in `vars/main.yml`.
+
+### Git configuration
Just run the `setup_gitconfig.sh` script that comes with the repo to correctly setup all necessary local Git configurations.
-## Author Information
+## What changes have been made lately?
+
+All changes can be found in the `CHANGELOG` file located at the project root directory. Alternatively, you can have a look at the commit log to get a detailed view.
+
+## Who is maintaining this project?
+
+All authors/maintainers are listed in the `kudos.txt` file located at the project root directory.
+
+## How can I contribute?
+
+If you have any comments or find bugs, please contact langzeitarchiv@slub-dresden.de, create an issue or send us a pull request.
+
+Details on how to contribute to this project can be found at the `CONTRIBUTING.md` file located at the project root directory.
+
+If you have commited to the project yourself, you can leave a note in the `kudos.txt` file located at the project root directory. Be assured of our eternal gratitude.
+
+## Is there a Code of Conduct?
-If you have any comments or find bugs, please contact langzeitarchiv@slub-dresden.de or issue a pull request.
+Yes there is. You can find it in the `CODE-OF-CONDUCT.md` file located at the project root directory. It's kept very brief by design.
diff --git a/ansible.cfg b/ansible.cfg
index 50ed693183f499c2ea43f0c495073c28c4bcf5bb..6470d45ac9ea9b0e9142f1526e41ffc84d4a44e1 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -30,7 +30,8 @@ roles_path = ../:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
# default callback.
# https://docs.ansible.com/ansible/latest/reference_appendices/config.html#display-skipped-hosts
# DEFAULT: display_skipped_hosts = true
-display_skipped_hosts = false
+#display_skipped_hosts = false
+#display_ok_hosts: false
use_persistent_connections=true
diff --git a/handlers/main.yml b/handlers/main.yml
index 9d366ba642c91297ddee1ef35d987799615b4751..04e5555a50bf08996706fb54c2a6e17377152394 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,41 +2,42 @@
- name: save iptables rules
block:
- name: Ordner für iptables-Config erstellen
- file:
+ ansible.builtin.file:
path: "/etc/iptables"
state: directory
owner: "root"
group: "root"
- mode: 0755
+ mode: "0755"
listen: "save iptables rules"
- name: install netfilter-persistent to be able to save iptables rules
- apt:
+ ansible.builtin.apt:
name: "netfilter-persistent"
state: present
listen: "save iptables rules"
- name: save iptables rules
- command: "netfilter-persistent save"
+ ansible.builtin.command: "netfilter-persistent save"
listen: "save iptables rules"
- when: ansible_distribution == "Debian"
+ changed_when: false
+ when: ansible_os_family == "Debian"
- name: save iptables rules
block:
- name: make sure iptables config file exists
- file:
+ ansible.builtin.file:
path: "/etc/sysconfig/iptables"
state: touch
owner: "root"
group: "root"
- mode: 0600
+ mode: "0600"
listen: "save iptables rules"
- name: save iptables rules
- command: /usr/sbin/iptables-save # noqa 303
+ ansible.builtin.command: /usr/sbin/iptables-save # noqa 303
listen: "save iptables rules"
+ changed_when: false
when: ansible_os_family == "RedHat"
- name: activate kernel parameter changes
- command: sysctl -p
- ignore_errors: true
+ ansible.builtin.command: sysctl -p
- name: daemon-reload
ansible.builtin.systemd:
diff --git a/kudos.txt b/kudos.txt
new file mode 100644
index 0000000000000000000000000000000000000000..56616d7cfc0e67922f1afbad2c7e34bf7083dd0f
--- /dev/null
+++ b/kudos.txt
@@ -0,0 +1,48 @@
+# kudos.txt - Express gratitude to your contributors.
+# https://github.com/kudos-txt
+
+project:
+ - name: ansible_role_name
+ site: https://git.slub-dresden.de/path/to/repo
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
+
+contributor:
+# - name: <name or nick of the contributor>
+# role: <role in the project>
+# site: <website url>
+# blog: <blog url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# home: <country>, <region>, <zip>, <city>, <address>
+# work: <company>, <job title>, <job description>
+# note: <free text notes>
+ - name: Jörg Sachse
+ role: Maintainer
+ mail: Joerg.Sachse@slub-dresden.de
+ home: Germany, Saxony, 01059, Dresden, Zellescher Weg 18
+ work: SLUB Dresden, Digital Preservationist &IT Administrator & Installation Wizard
+
+#partner:
+# - name: <name of the partner>
+# site: <website url>
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
+
+#software:
+# - name: <name of the software>
+# site: <website url>
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
diff --git a/meta/main.yml b/meta/main.yml
index b8de9e36777a00b364d21c6b5da73b51e904f14a..6d9a5bc8dd1c77af38ccfadbc8fdb1d2990dc4be 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,29 +1,38 @@
---
galaxy_info:
- author: Jörg Sachse
- description: role to install Rosetta application server for the SLUBarchiv digital preservation repository
+ author: Jörg Sachse (<Joerg.Sachse@slub-dresden.de>)
company: SLUB Dresden
- # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker Some suggested licenses: - BSD
- # (default) - MIT - GPLv2 - GPLv3 - Apache - CC-BY
- license: public domain
- min_ansible_version: 2.4
- # If this a Container Enabled role, provide the minimum Ansible Container version. min_ansible_container_version: Optionally specify the branch Galaxy will use when accessing the GitHub repo
- # for this role. During role install, if no tags are available, Galaxy will use this branch. During import Galaxy will access files on this branch. If Travis integration is configured, only
- # notifications for this branch will be accepted. Otherwise, in all cases, the repo's default branch (usually master) will be used. github_branch:
- #
+ description: role to install Rosetta application server for the SLUBarchiv digital preservation repository
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
+ # add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+ # issue_tracker_url: "https://example.com/"
+ # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker
+
+ # Choose a valid license ID from https://spdx.org - some suggested licenses:
+ # - BSD-3-Clause (default)
+ # - MIT
+ # - GPL-2.0-or-later
+ # - GPL-3.0-only
+ # - Apache-2.0
+ # - CC-BY-4.0
+ license: GPL-3.0-or-later
+
+ min_ansible_version: "2.5"
+ # If this a Container Enabled role, provide the minimum Ansible Container version. min_ansible_container_version: Optionally specify the branch Galaxy will use when accessing the GitHub repo
+ # for this role. During role install, if no tags are available, Galaxy will use this branch. During import Galaxy will access files on this branch. If Travis integration is configured, only
+ # notifications for this branch will be accepted. Otherwise, in all cases, the repo's default branch (usually master) will be used. github_branch:
# Provide a list of supported platforms, and for each platform a list of versions. If you don't wish to enumerate all versions for a particular platform, use 'all'. To view available
# platforms and versions (or releases), visit: https://galaxy.ansible.com/api/v1/platforms/
#
# platforms: - name: Fedora
# versions: - all - 25 - name: SomePlatform versions: - all - 1.0 - 7 - 99.99
platforms:
- - name: RedHat
+ - name: EL
versions:
- - 7
- galaxy_tags: []
- # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
- # add tags to this list.
- #
- # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
- # Maximum 20 tags per role.
+ - "7"
+ - "8"
dependencies: []
diff --git a/molecule/README.md b/molecule/README.md
index 33a7eb56b8f65d94165fbc812cf391d629d8fd2a..fdb41fe522e28da231b23e705509e2d0fd254317 100644
--- a/molecule/README.md
+++ b/molecule/README.md
@@ -4,39 +4,53 @@
In order to be able to use the tests, you need to have some software packages installed. You may need sudo privileges for some of these operations.
- ### install VirtualBox
- # do NOT use distribution packages
- # process documented at https://www.virtualbox.org/wiki/Linux_Downloads
- #
- # add repository URL
- sudo echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian stretch contrib" > /etc/apt/sources.d/virtualbox.list
- # add GPG key
- wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
- # update sources
- sudo apt update
- # install VirtualBox
- sudo apt-get install virtualbox-6.1
-
- ### install Vagrant
- # do NOT use distribution packages
- #
- # download Debian package from Hashicorp
- wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
- # install package
- sudo dpkg -i vagrant_2.2.9_x86_64.deb
-
- ### install Molecule et. al.
- # prepare directories
- mkdir ~/python-envs/ && cd ~/python-env/
- # create Python Virtual Environment with Python3 interpreter (Python2 is deprecated!)
- virtualenv -p python3 molecule-env
- # enter the Virtual Environment in your current shell (other shells will be unaffected)
- source molecule-env/bin/activate
- # install packages
- pip3 install molecule ansible testinfra ansible-lint molecule-vagrant molecule-docker
-
- # leave the Virtual Environment only when you're done
- deactivate
+There are two ways to accomplish this.
+
+### Option 1: use `molecule-skel` (SLUB staff only)
+
+1. Clone the project at [molecule-skel](https://git.slub-dresden.de/slub-referat-2-3/molecule-skel): `git clone https://git.slub-dresden.de/slub-referat-2-3/molecule-skel.git`
+2. Switch to the `molecule-skel` repository directory and run `./install_testenv.sh`.
+3. PROFIT!
+
+ Check the `README.md` over at [molecule-skel](https://git.slub-dresden.de/slub-referat-2-3/molecule-skel) for details on how to use that. It's easy, I promise.
+
+### Option 2: manual installation
+
+Run these steps on your terminal.
+
+```bash
+### install VirtualBox
+# do NOT use distribution packages, as they may be too old!
+# process documented at https://www.virtualbox.org/wiki/Linux_Downloads
+#
+# add GPG key
+wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
+# add repository URL
+sudo echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian stretch contrib" > /etc/apt/sources.d/virtualbox.list
+# update sources and install VirtualBox
+sudo apt update; sudo apt-get install virtualbox-6.1
+
+### install Vagrant
+# do NOT use distribution packages, as they may be too old!
+#
+# download Debian package from Hashicorp
+wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
+# install package
+sudo dpkg -i vagrant_2.2.9_x86_64.deb
+
+### install Molecule et. al.
+# prepare directories
+mkdir ~/python-envs/ && cd ~/python-env/
+# create Python Virtual Environment with Python3 interpreter (Python2 is deprecated!)
+virtualenv -p python3 molecule-env
+# enter the Virtual Environment in your current shell (other shells will be unaffected)
+source molecule-env/bin/activate
+# install packages
+pip3 install molecule ansible testinfra ansible-lint molecule-vagrant molecule-docker
+
+# leave the Virtual Environment only when you're done
+deactivate
+```
You can find suitable documentation at the respective vendors' websites.
* [Vagrant Installation Guide](https://www.vagrantup.com/docs/installation/)
@@ -46,10 +60,14 @@ You can find suitable documentation at the respective vendors' websites.
## Initialising a new Molecule scenario
If you have already created a role without the Molecule test framework or you want to add test scenarios, you can use:
- molecule init scenario --scenario-name <my_scenario> --driver [azure|delegated|docker|ec2|gce|linode|lxc|lxd|openstack|vagrant] --verifier-name [ansible|testinfra]
+```bash
+molecule init scenario --scenario-name <my_scenario> --driver [azure|delegated|docker|ec2|gce|linode|lxc|lxd|openstack|vagrant] --verifier-name [ansible|testinfra]
+```
If you need any help with the options, please use:
- molecule init role --help
+```bash
+molecule init role --help
+```
## Running Tests
@@ -60,26 +78,31 @@ Various test environments are separated into so-called "scenarios" that can be b
In the simplest configuration, the `molecule/` directory only contains one `default/` directory that contains the default scenario. This scenario is run if no other scenario is chosen using the `-s` CLI option.
This is the basic usage of Molecule:
- # create test infrastructure
- cd <role_directory>
- molecule create
- # run playbooks against test infrastructure
- molecule converge
- # run Testinfra tests
- molecule verify
- # remove test infrastructure
- molecule destroy
-
- # run all steps at once:
- molecule test
-
-It has proven helpful to use Vagrant to create a snapshot of the VM after the creation phase has completed.
- # First, get UUID of the VM
- vagrant global-status
- # Then, create the snapshot
- vagrant snapshot save <uuid> <snapshot_name>
- # To restore the snapshot, use
- vagrant snapshot restore <uuid> <snapshot_name>
- # And to remove the snapshot, use
- vagrant snapshot delete <uuid> <snapshot_name>
-
+```bash
+# create test infrastructure
+cd <role_directory>
+molecule create
+# run playbooks against test infrastructure
+molecule converge
+# run idempotence tests
+molecule idempotence
+# run tests, if they exist
+molecule verify
+# remove test infrastructure
+molecule destroy
+
+# run all steps at once:
+molecule test
+```
+
+It has proven helpful to use Vagrant to create a snapshot of the VM after the creation phase has completed. Just like this:
+```bash
+# First, get UUID of the VM
+vagrant global-status
+# Then, create the snapshot
+vagrant snapshot save <uuid> <snapshot_name>
+# To restore the snapshot, use
+vagrant snapshot restore <uuid> <snapshot_name>
+# And to remove the snapshot, use
+vagrant snapshot delete <uuid> <snapshot_name>
+```
diff --git a/molecule/default b/molecule/default
new file mode 120000
index 0000000000000000000000000000000000000000..0a8acd21180777d88330a691df946bff9f05e547
--- /dev/null
+++ b/molecule/default
@@ -0,0 +1 @@
+virtualbox_centos7
\ No newline at end of file
diff --git a/molecule/oracle/converge.yml b/molecule/oracle/converge.yml
deleted file mode 100644
index e7418406afebcb1111c9069c9549c5864f17d13d..0000000000000000000000000000000000000000
--- a/molecule/oracle/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/oracle/molecule.yml b/molecule/oracle/molecule.yml
deleted file mode 100644
index 0b0d2ad7b9b5496ca8170e3160e3f3fffabb9b58..0000000000000000000000000000000000000000
--- a/molecule/oracle/molecule.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: vagrant
- provider:
- name: virtualbox
-lint: |
- set -e
- yamllint .
- ansible-lint -x formatting
- flake8 --ignore=E501
-platforms:
- - name: molecule-rosoramol
- box: centos/7
- memory: 512
- cpus: 1
-provisioner:
- name: ansible
- log: true
- config_options:
- defaults:
- vault_identity_list: "@$HOME/.ansible/roles/molecule_prepare.pass, @$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/lza_server_hardening.pass, @$HOME/.ansible/roles/lza_rosetta_app.pass"
- lint: |
- set -e
- ansible-lint
- vvv: false
-verifier:
- name: testinfra
- env:
- PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning"
- lint: |
- set -e
- flake8
- options:
- v: 1
diff --git a/molecule/oracle/prepare.yml b/molecule/oracle/prepare.yml
deleted file mode 100644
index 8f86242457ed89cf46521c5bbc627efa5bc52c18..0000000000000000000000000000000000000000
--- a/molecule/oracle/prepare.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: true
- pre_tasks:
- - name: include vars
- include_vars: "../../../ansible_vaults/molecule_prepare/{{ item }}"
- loop:
- - "prepare.vault"
- - name: Install python for Ansible
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python2-dnf python3-dnf)
- become: true
- changed_when: false
- - name: Install DNF Python packages
- raw: yum install -y python2-dnf python3-dnf
- become: true
- changed_when: false
- - name: create users (as deployed in production)
- user:
- name: "{{ item.name }}"
- uid: "{{ item.uid }}"
- create_home: "yes"
- shell: "/bin/bash"
- loop: "{{ vault_molecule_users | flatten(levels=1) }}"
- become: true
- - name: Install required packages
- yum:
- name: [
- 'gpg',
- 'less',
- 'libuser'
- ]
- state: present
- become: true
- roles:
- - {role: ansible_lza_install_common, become: true}
- - {role: ansible_lza_server_hardening, become: true}
diff --git a/molecule/oracle/tests/conftest.py b/molecule/oracle/tests/conftest.py
deleted file mode 100644
index ba0f1e81239226ea76950de710f5ec996831b7bc..0000000000000000000000000000000000000000
--- a/molecule/oracle/tests/conftest.py
+++ /dev/null
@@ -1,20 +0,0 @@
-"""PyTest Fixtures."""
-from __future__ import absolute_import
-import os
-import pytest
-
-
-def pytest_runtest_setup(item):
- """Run tests only when under molecule with testinfra installed."""
- try:
- import testinfra
- except ImportError:
- pytest.skip("Test requires testinfra", allow_module_level=True)
- if "MOLECULE_INVENTORY_FILE" in os.environ:
- pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
- ).get_hosts("all")
- else:
- pytest.skip(
- "Test should run only from inside molecule.", allow_module_level=True
- )
diff --git a/molecule/oracle/tests/parameter_files/redhat_6_packages.py b/molecule/oracle/tests/parameter_files/redhat_6_packages.py
deleted file mode 100644
index fefe07e3f054061b026eda8947078155eeb125ab..0000000000000000000000000000000000000000
--- a/molecule/oracle/tests/parameter_files/redhat_6_packages.py
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-@pytest.mark.parametrize("redhat_6_packages", [
- "avahi.x86_64"
- "avahi-glib.x86_64"
- "binutils.x86_64"
- "bzip2-libs.i686"
- "celt051.x86_64"
- "cloog-ppl.x86_64"
- "compat-db.x86_64"
- "compat-db42.x86_64"
- "compat-db43.x86_64"
- "compat-expat1.i686"
- "compat-expat1.x86_64"
- "compat-gcc-34.x86_64"
- "compat-gcc-34-c++.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "compat-readline5.i686"
- "ConsoleKit-x11.x86_64"
- "cpp.x86_64"
- "e2fsprogs-libs.i686"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "gcc.x86_64"
- "gcc-c++.x86_64"
- "gdbm.i686"
- "GConf2.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "keyutils-libs.i686"
- "krb5-libs.i686"
- "ksh.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libaio.i686"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgcc.i686"
- "libgcrypt.i686"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libgpg-error.i686"
- "libICE.i686"
- "libIDL.x86_64"
- "libmcpp.x86_64"
- "libselinux.i686"
- "libsepol.i686"
- "libSM.i686"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libXau.i686"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libxml2.i686"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libxslt.i686"
- "libXt.i686"
- "libXt.x86_64"
- "libXtst.i686"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mcpp.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "nss-softokn-freebl.i686"
- "ompat-expat1.i686"
- "ORBit2.x86_64"
- "pcre.i686"
- "ppl.x86_64"
- "readline.i686"
- "readline-devel.x86_64"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/oracle/tests/parameter_files/redhat_7_packages.py b/molecule/oracle/tests/parameter_files/redhat_7_packages.py
deleted file mode 100644
index 16d3337de6ce3925f2e3517040425bf94dc2be22..0000000000000000000000000000000000000000
--- a/molecule/oracle/tests/parameter_files/redhat_7_packages.py
+++ /dev/null
@@ -1,105 +0,0 @@
-@pytest.mark.parametrize("redhat_7_packages", [
- "avahi-glib.x86_64"
- "avahi.x86_64"
- "binutils.x86_64"
- "celt051.x86_64"
- "compat-db.x86_64"
- "compat-gcc-44-c++.x86_64"
- "compat-gcc-44.x86_64"
- "compat-glibc-headers.x86_64"
- "compat-libcap1-1.10-7.el7.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "cpp.x86_64"
- "dos2unix.x86_64"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "expat.x86_64"
- "fontconfig.i686"
- "fontconfig.x86_64"
- "freetype.x86_64"
- "gcc-c++.x86_64"
- "gcc.x86_64"
- "GConf2.x86_64"
- "gdbm.i686"
- "giflib.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "ksh.x86_64"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libICE.i686"
- "libICE.x86_64"
- "libicu-devel.i686"
- "libIDL.x86_64"
- "libidn.i686"
- "libjpeg-turbo.x86_64"
- "libSM.i686"
- "libSM.x86_64"
- "libstdc++-devel.i686"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libX11.x86_64"
- "libXau.i686"
- "libXau.x86_64"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libXi.x86_64"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libXt.i686"
- "libXtst.i686"
- "libXtst.x86_64"
- "libXt.x86_64"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "ORBit2.x86_64"
- "readline-devel.x86_64"
- "readline.i686"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "xz-libs.i686"
- "zlib-devel.i686"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/oracle/tests/test_default.py b/molecule/oracle/tests/test_default.py
deleted file mode 100644
index 6df0ae3bb3395708092b025abc230af976d560a8..0000000000000000000000000000000000000000
--- a/molecule/oracle/tests/test_default.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# https://docs.pytest.org/en/latest/parametrize.html#pytest-mark-parametrize-parametrizing-test-functions
-
-
-@pytest.mark.parametrize("name,version", [
- ("python", "2.7"),
-])
-def test_configure_yum_repositories(host):
- print("not implemented")
-
-
-def test_configure_iptables_qos(host):
- ipt_pre = host.iptables.rules("mangle", "PREROUTING")
- print(ipt_pre)
- ipt_post = host.iptables.rules("mangle", "POSTROUTING")
- print(ipt_post)
-
-
-@pytest.mark.parametrize("mountpoint", [
- {'path': "/exlibris", 'device': ""},
- {'path': "/operational_shared", 'device': ""},
- {'path': "/operational_storage", 'device': ""},
- {'path': "/permanent_storage", 'device': ""}
-])
-def test_configure_nfs_mounts(host):
- mount = host.mount_point(mountpoint)
- assert mount.exists
- assert mount.device == mount(device)
- assert mount.filesystem == "nfs"
-
-
-@pytest.mark.parametrize("rman_file", [
- "/home/oracle/expdump_dps3.sh",
- "/home/oracle/impdump_dps3.sh",
- "/home/oracle/rman_backup.cmd",
- "/home/oracle/trigger_oracle_backup_storage_lvl.sh",
- "/home/oracle/tsm_error_mail.sh",
- "/home/oracle/rman_dps3_fullbackup.sh"
-])
-def test_configure_rman_backup(host):
- d = host.file("/var/log/oracle")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o750
- f = host.file(f"/home/oracle/{rman_file}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o755
-
-
-def test_configure_selinux(host):
- f = host.file("/etc/selinux/config")
- assert f.exists
- assert f.if_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- assert f.contains("SELINUX=permissive")
- assert f.contains("SELINUXTYPE=targeted")
- assert f.md5sum == "edb80f9889245e2f31b3d6ab33684b1a"
-
-
-@pytest.mark.parametrize("tsm_file", [
- "dsm.sys",
- "dsm.opt"
-])
-def test_configure_tsmclient(host):
- f = host.file(f"/opt/tivoli/tsm/client/ba/bin/{tsm_file}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- s = host.service("dsmcad")
- assert s.is_running
- assert s.is_enabled
-
-
-@pytest.mark.parametrize("check_mk_plugin", [
- "checkmk_dsmcad.sh",
- "check_oracle_db_segment_size.sh",
- "mk_inventory",
- "mk_logwatch",
- "mk_oracle"
-])
-def test_install_checkmk_plugins(host):
- f = host.file(f"/usr/lib/check_mk_agent/plugins/{check_mk_plugin}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o750
-
-
-def test_install_packages(host):
- print(f"RELEASE: '{host.systeminfo.release}'")
- print(f"CODENAME: '{host.systeminfo.codename}'")
- if host.systeminfo.release == "6":
- from parameter_files import redhat_6_packages
- else:
- from parameter_files import redhat_7_packages
- pkg = host.package(name)
- assert pkg.is_installed
- assert pkg.version.startswith(version)
-
-
-@pytest.mark.parametrize("sql_scripts", [
- "create_user_dbsnmp.sql",
- "create_user_nagios.sql",
- "qry_workers_conf.sql"
-])
-def test_install_sql_scripts(host):
- d = host.file("/home/oracle/sql-scripts")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o644
- f = host.file(f"/home/oracle/sql-scripts/{sql_scripts}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o644
diff --git a/molecule/oracle/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst
similarity index 84%
rename from molecule/oracle/INSTALL.rst
rename to molecule/resources/playbooks/INSTALL.rst
index 4f44b6745beb4e4a1ca19e93e42ccc8e98919d41..0c4bf5c7eb43b1b428b1824a62f8fb8a213f3600 100644
--- a/molecule/oracle/INSTALL.rst
+++ b/molecule/resources/playbooks/INSTALL.rst
@@ -1,6 +1,6 @@
-*******
+*********************************
Vagrant driver installation guide
-*******
+*********************************
Requirements
============
@@ -20,4 +20,4 @@ widely recommended `'--user' flag`_ when invoking ``pip``.
.. code-block:: bash
- $ pip install 'molecule[vagrant]'
+ $ pip install 'molecule_vagrant'
diff --git a/molecule/resources/playbooks/README.md b/molecule/resources/playbooks/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..0c91883011699e3b0ec08bad9bcc19d201ef6331
--- /dev/null
+++ b/molecule/resources/playbooks/README.md
@@ -0,0 +1,3 @@
+This drectory contains shared playbooks and a shared Dockerfile.
+
+Visit https://molecule.readthedocs.io/en/latest/examples.html#sharing-across-scenarios for details on sharing playbooks, tests etc. across multiple scenarios.
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1aca87300fa27ebc87b68fc2e95b8514edc28134
--- /dev/null
+++ b/molecule/resources/playbooks/converge.yml
@@ -0,0 +1,17 @@
+---
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: update apt cache
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: dist
+ become: true
+ when: ansible_os_family == "Debian"
+ - name: update yum cache
+ ansible.builtin.yum:
+ update_cache: true
+ become: true
+ when: ansible_os_family == "RedHat"
+ roles:
+ - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
new file mode 100644
index 0000000000000000000000000000000000000000..37d1289bce4cb0b9d35f10c0b555dc64f7999001
--- /dev/null
+++ b/molecule/resources/playbooks/prepare.yml
@@ -0,0 +1,70 @@
+---
+- name: Prepare
+ hosts: "*"
+ pre_tasks:
+ - name: configure additional package repositories for Debian
+ block:
+ - name: install GPG
+ ansible.builtin.apt:
+ name: "gnupg"
+ state: latest
+ update_cache: true
+ become: true
+ - name: add GPG key for SLUB Debian repository
+ ansible.builtin.apt_key:
+ url: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+ state: present
+ become: true
+ - name: add repo URL to sources.list
+ ansible.builtin.apt_repository:
+ repo: "deb https://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main"
+ state: present
+ update_cache: true
+ mode: "0644"
+ become: true
+ when: ansible_os_family == "Debian"
+
+ - name: configure additional package repositories for RedHat
+ block:
+ - name: add custom repositories
+ ansible.builtin.yum_repository:
+ name: "{{ item.name }}"
+ description: "{{ item.description }}"
+ baseurl: "{{ item.baseurl }}"
+ gpgcheck: "{{ item.gpgcheck | default('true') }}"
+ gpgkey: "{{ item.gpgkey | default(omit) }}"
+ loop:
+ - name: "epel"
+ description: EPEL YUM repo
+ baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/"
+ gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+ - name: "slub"
+ description: SLUB YUM repo
+ baseurl: "http://sdvrhelrepo.slub-dresden.de/"
+ gpgcheck: "false"
+ become: true
+ - name: remove legacy repo configuration to avoid double configuration for SLUB repo
+ ansible.builtin.file:
+ path: "/etc/yum.repos.d/SLUB.repo"
+ state: absent
+ become: true
+ when: ansible_os_family == "RedHat"
+ - name: create sudo group, because we ignore RHEL's wheel group
+ ansible.builtin.group:
+ name: "sudo"
+ system: true
+ become: true
+ - name: get DFN certificate chain
+ ansible.builtin.get_url:
+ url: "https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/chain.txt"
+ dest: "/etc/pki/ca-trust/source/anchors/dfn-ca-global-g2.pem"
+ mode: "0644"
+ become: true
+ register: pki
+ - name: update CA trust anchors
+ ansible.builtin.command: "update-ca-trust"
+ become: true
+ when: pki.failed is false
+
+ roles:
+ - { role: "ansible_lza_install_common", become: true }
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e707420ab5c87edfa59c7805ce4534ff1b387177
--- /dev/null
+++ b/molecule/resources/playbooks/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Example assertion
+ ansible.builtin.assert:
+ that: true
diff --git a/molecule/rosetta/INSTALL.rst b/molecule/rosetta/INSTALL.rst
deleted file mode 100644
index 4f44b6745beb4e4a1ca19e93e42ccc8e98919d41..0000000000000000000000000000000000000000
--- a/molecule/rosetta/INSTALL.rst
+++ /dev/null
@@ -1,23 +0,0 @@
-*******
-Vagrant driver installation guide
-*******
-
-Requirements
-============
-
-* Vagrant
-* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
-
-Install
-=======
-
-Please refer to the `Virtual environment`_ documentation for installation best
-practices. If not using a virtual environment, please consider passing the
-widely recommended `'--user' flag`_ when invoking ``pip``.
-
-.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
-.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
-
-.. code-block:: bash
-
- $ pip install 'molecule[vagrant]'
diff --git a/molecule/rosetta/converge.yml b/molecule/rosetta/converge.yml
deleted file mode 100644
index e7418406afebcb1111c9069c9549c5864f17d13d..0000000000000000000000000000000000000000
--- a/molecule/rosetta/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/rosetta/molecule.yml b/molecule/rosetta/molecule.yml
deleted file mode 100644
index 117cfc8f72a9c05dc957c3046fe1f87eaecf5c28..0000000000000000000000000000000000000000
--- a/molecule/rosetta/molecule.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: vagrant
- provider:
- name: virtualbox
-lint: |
- set -e
- yamllint .
- ansible-lint -x formatting
- flake8 --ignore=E501
-platforms:
- - name: molecule-rosappmol
- box: centos/7
- memory: 512
- cpus: 1
-provisioner:
- name: ansible
- log: true
- config_options:
- defaults:
- vault_identity_list: "@$HOME/.ansible/roles/molecule_prepare.pass, @$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/lza_server_hardening.pass, @$HOME/.ansible/roles/lza_rosetta_app.pass"
- lint: |
- set -e
- ansible-lint
- vvv: false
-verifier:
- name: testinfra
- env:
- PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning"
- lint: |
- set -e
- flake8
- options:
- v: 1
diff --git a/molecule/rosetta/prepare.yml b/molecule/rosetta/prepare.yml
deleted file mode 100644
index 8f86242457ed89cf46521c5bbc627efa5bc52c18..0000000000000000000000000000000000000000
--- a/molecule/rosetta/prepare.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: true
- pre_tasks:
- - name: include vars
- include_vars: "../../../ansible_vaults/molecule_prepare/{{ item }}"
- loop:
- - "prepare.vault"
- - name: Install python for Ansible
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python2-dnf python3-dnf)
- become: true
- changed_when: false
- - name: Install DNF Python packages
- raw: yum install -y python2-dnf python3-dnf
- become: true
- changed_when: false
- - name: create users (as deployed in production)
- user:
- name: "{{ item.name }}"
- uid: "{{ item.uid }}"
- create_home: "yes"
- shell: "/bin/bash"
- loop: "{{ vault_molecule_users | flatten(levels=1) }}"
- become: true
- - name: Install required packages
- yum:
- name: [
- 'gpg',
- 'less',
- 'libuser'
- ]
- state: present
- become: true
- roles:
- - {role: ansible_lza_install_common, become: true}
- - {role: ansible_lza_server_hardening, become: true}
diff --git a/molecule/rosetta/tests/conftest.py b/molecule/rosetta/tests/conftest.py
deleted file mode 100644
index ba0f1e81239226ea76950de710f5ec996831b7bc..0000000000000000000000000000000000000000
--- a/molecule/rosetta/tests/conftest.py
+++ /dev/null
@@ -1,20 +0,0 @@
-"""PyTest Fixtures."""
-from __future__ import absolute_import
-import os
-import pytest
-
-
-def pytest_runtest_setup(item):
- """Run tests only when under molecule with testinfra installed."""
- try:
- import testinfra
- except ImportError:
- pytest.skip("Test requires testinfra", allow_module_level=True)
- if "MOLECULE_INVENTORY_FILE" in os.environ:
- pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
- ).get_hosts("all")
- else:
- pytest.skip(
- "Test should run only from inside molecule.", allow_module_level=True
- )
diff --git a/molecule/rosetta/tests/parameter_files/__init__.py b/molecule/rosetta/tests/parameter_files/__init__.py
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/molecule/rosetta/tests/parameter_files/redhat_6_packages.py b/molecule/rosetta/tests/parameter_files/redhat_6_packages.py
deleted file mode 100644
index fefe07e3f054061b026eda8947078155eeb125ab..0000000000000000000000000000000000000000
--- a/molecule/rosetta/tests/parameter_files/redhat_6_packages.py
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-@pytest.mark.parametrize("redhat_6_packages", [
- "avahi.x86_64"
- "avahi-glib.x86_64"
- "binutils.x86_64"
- "bzip2-libs.i686"
- "celt051.x86_64"
- "cloog-ppl.x86_64"
- "compat-db.x86_64"
- "compat-db42.x86_64"
- "compat-db43.x86_64"
- "compat-expat1.i686"
- "compat-expat1.x86_64"
- "compat-gcc-34.x86_64"
- "compat-gcc-34-c++.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "compat-readline5.i686"
- "ConsoleKit-x11.x86_64"
- "cpp.x86_64"
- "e2fsprogs-libs.i686"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "gcc.x86_64"
- "gcc-c++.x86_64"
- "gdbm.i686"
- "GConf2.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "keyutils-libs.i686"
- "krb5-libs.i686"
- "ksh.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libaio.i686"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgcc.i686"
- "libgcrypt.i686"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libgpg-error.i686"
- "libICE.i686"
- "libIDL.x86_64"
- "libmcpp.x86_64"
- "libselinux.i686"
- "libsepol.i686"
- "libSM.i686"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libXau.i686"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libxml2.i686"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libxslt.i686"
- "libXt.i686"
- "libXt.x86_64"
- "libXtst.i686"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mcpp.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "nss-softokn-freebl.i686"
- "ompat-expat1.i686"
- "ORBit2.x86_64"
- "pcre.i686"
- "ppl.x86_64"
- "readline.i686"
- "readline-devel.x86_64"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/rosetta/tests/parameter_files/redhat_7_packages.py b/molecule/rosetta/tests/parameter_files/redhat_7_packages.py
deleted file mode 100644
index 16d3337de6ce3925f2e3517040425bf94dc2be22..0000000000000000000000000000000000000000
--- a/molecule/rosetta/tests/parameter_files/redhat_7_packages.py
+++ /dev/null
@@ -1,105 +0,0 @@
-@pytest.mark.parametrize("redhat_7_packages", [
- "avahi-glib.x86_64"
- "avahi.x86_64"
- "binutils.x86_64"
- "celt051.x86_64"
- "compat-db.x86_64"
- "compat-gcc-44-c++.x86_64"
- "compat-gcc-44.x86_64"
- "compat-glibc-headers.x86_64"
- "compat-libcap1-1.10-7.el7.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "cpp.x86_64"
- "dos2unix.x86_64"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "expat.x86_64"
- "fontconfig.i686"
- "fontconfig.x86_64"
- "freetype.x86_64"
- "gcc-c++.x86_64"
- "gcc.x86_64"
- "GConf2.x86_64"
- "gdbm.i686"
- "giflib.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "ksh.x86_64"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libICE.i686"
- "libICE.x86_64"
- "libicu-devel.i686"
- "libIDL.x86_64"
- "libidn.i686"
- "libjpeg-turbo.x86_64"
- "libSM.i686"
- "libSM.x86_64"
- "libstdc++-devel.i686"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libX11.x86_64"
- "libXau.i686"
- "libXau.x86_64"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libXi.x86_64"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libXt.i686"
- "libXtst.i686"
- "libXtst.x86_64"
- "libXt.x86_64"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "ORBit2.x86_64"
- "readline-devel.x86_64"
- "readline.i686"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "xz-libs.i686"
- "zlib-devel.i686"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/rosetta/tests/test_default.py b/molecule/rosetta/tests/test_default.py
deleted file mode 100644
index 6df0ae3bb3395708092b025abc230af976d560a8..0000000000000000000000000000000000000000
--- a/molecule/rosetta/tests/test_default.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# https://docs.pytest.org/en/latest/parametrize.html#pytest-mark-parametrize-parametrizing-test-functions
-
-
-@pytest.mark.parametrize("name,version", [
- ("python", "2.7"),
-])
-def test_configure_yum_repositories(host):
- print("not implemented")
-
-
-def test_configure_iptables_qos(host):
- ipt_pre = host.iptables.rules("mangle", "PREROUTING")
- print(ipt_pre)
- ipt_post = host.iptables.rules("mangle", "POSTROUTING")
- print(ipt_post)
-
-
-@pytest.mark.parametrize("mountpoint", [
- {'path': "/exlibris", 'device': ""},
- {'path': "/operational_shared", 'device': ""},
- {'path': "/operational_storage", 'device': ""},
- {'path': "/permanent_storage", 'device': ""}
-])
-def test_configure_nfs_mounts(host):
- mount = host.mount_point(mountpoint)
- assert mount.exists
- assert mount.device == mount(device)
- assert mount.filesystem == "nfs"
-
-
-@pytest.mark.parametrize("rman_file", [
- "/home/oracle/expdump_dps3.sh",
- "/home/oracle/impdump_dps3.sh",
- "/home/oracle/rman_backup.cmd",
- "/home/oracle/trigger_oracle_backup_storage_lvl.sh",
- "/home/oracle/tsm_error_mail.sh",
- "/home/oracle/rman_dps3_fullbackup.sh"
-])
-def test_configure_rman_backup(host):
- d = host.file("/var/log/oracle")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o750
- f = host.file(f"/home/oracle/{rman_file}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o755
-
-
-def test_configure_selinux(host):
- f = host.file("/etc/selinux/config")
- assert f.exists
- assert f.if_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- assert f.contains("SELINUX=permissive")
- assert f.contains("SELINUXTYPE=targeted")
- assert f.md5sum == "edb80f9889245e2f31b3d6ab33684b1a"
-
-
-@pytest.mark.parametrize("tsm_file", [
- "dsm.sys",
- "dsm.opt"
-])
-def test_configure_tsmclient(host):
- f = host.file(f"/opt/tivoli/tsm/client/ba/bin/{tsm_file}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- s = host.service("dsmcad")
- assert s.is_running
- assert s.is_enabled
-
-
-@pytest.mark.parametrize("check_mk_plugin", [
- "checkmk_dsmcad.sh",
- "check_oracle_db_segment_size.sh",
- "mk_inventory",
- "mk_logwatch",
- "mk_oracle"
-])
-def test_install_checkmk_plugins(host):
- f = host.file(f"/usr/lib/check_mk_agent/plugins/{check_mk_plugin}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o750
-
-
-def test_install_packages(host):
- print(f"RELEASE: '{host.systeminfo.release}'")
- print(f"CODENAME: '{host.systeminfo.codename}'")
- if host.systeminfo.release == "6":
- from parameter_files import redhat_6_packages
- else:
- from parameter_files import redhat_7_packages
- pkg = host.package(name)
- assert pkg.is_installed
- assert pkg.version.startswith(version)
-
-
-@pytest.mark.parametrize("sql_scripts", [
- "create_user_dbsnmp.sql",
- "create_user_nagios.sql",
- "qry_workers_conf.sql"
-])
-def test_install_sql_scripts(host):
- d = host.file("/home/oracle/sql-scripts")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o644
- f = host.file(f"/home/oracle/sql-scripts/{sql_scripts}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o644
diff --git a/molecule/virtualbox_centos7/molecule.yml b/molecule/virtualbox_centos7/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d1b7f16aab47ea64e86f3c59fd440cb8dadf5911
--- /dev/null
+++ b/molecule/virtualbox_centos7/molecule.yml
@@ -0,0 +1,55 @@
+---
+dependency:
+ name: galaxy
+ enabled: false
+driver:
+ name: vagrant
+lint: |
+ set -e
+ yamllint .
+ ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
+platforms:
+ # Check out the documentation at
+ # https://github.com/ansible-community/molecule-vagrant#documentation
+ # for more platform parameters.
+ - name: vm-rosapp-mol
+ # box: rockylinux/8
+ box: centos/7
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+ - name: vm-rosora-mol
+ # box: rockylinux/8
+ box: centos/7
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+ # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+ vault_identity_list: "../lza_install_common.pass, ../lza_rosetta_app.pass"
+ vvv: false
+ playbooks:
+ # create: ../resources/playbooks/create.yml
+ # destroy: ../resources/playbooks/destroy.yml
+ converge: ../resources/playbooks/converge.yml
+ prepare: ../resources/playbooks/prepare.yml
+ verify: ../resources/playbooks/verify.yml
+verifier:
+ name: ansible
diff --git a/molecule/virtualbox_rocky8/molecule.yml b/molecule/virtualbox_rocky8/molecule.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e7db0dd2a425dc36acaba7edec63c775f5999707
--- /dev/null
+++ b/molecule/virtualbox_rocky8/molecule.yml
@@ -0,0 +1,53 @@
+---
+dependency:
+ name: galaxy
+ enabled: false
+driver:
+ name: vagrant
+lint: |
+ set -e
+ yamllint .
+ ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
+platforms:
+ # Check out the documentation at
+ # https://github.com/ansible-community/molecule-vagrant#documentation
+ # for more platform parameters.
+ - name: vm-rosapp-mol
+ box: rockylinux/8
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+ - name: vm-rosora-mol
+ box: rockylinux/8
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+ # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+ vault_identity_list: "../lza_install_common.pass, ../lza_rosetta_app.pass"
+ vvv: false
+ playbooks:
+ # create: ../resources/playbooks/create.yml
+ # destroy: ../resources/playbooks/destroy.yml
+ converge: ../resources/playbooks/converge.yml
+ prepare: ../resources/playbooks/prepare.yml
+ verify: ../resources/playbooks/verify.yml
+verifier:
+ name: ansible
diff --git a/requirements.yml b/requirements.yml
deleted file mode 100644
index 1c25f02816982d5aeec44d2d14b1968373fff96b..0000000000000000000000000000000000000000
--- a/requirements.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file
-- src: git+https://git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git
- scm: git
-- src: git+https://git.slub-dresden.de/digital-preservation/ansible_lza_install_common.git
- scm: git
-- src: git+https://git.slub-dresden.de/digital-preservation/ansible_lza_server_hardening.git
- scm: git
-#- src: git+
-# scm: git
diff --git a/requirements.yml.example b/requirements.yml.example
new file mode 100644
index 0000000000000000000000000000000000000000..97bfe9c0c57a4ee9c76049915a074e8d946b1f73
--- /dev/null
+++ b/requirements.yml.example
@@ -0,0 +1,4 @@
+---
+# https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file
+- src: git+https://git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git
+ scm: git
diff --git a/site.yml b/site.yml
index cc4373707120b833cca20139cf363d2a19f8cb78..eb9ceb40a083a13627e229398f9984432d8a392c 100644
--- a/site.yml
+++ b/site.yml
@@ -25,6 +25,6 @@
force_handlers: true
roles:
- # - { role: ansible_lza_install_common, become: true }
- # - { role: ansible_lza_server_hardening, become: true }
+# - { role: ansible_lza_install_common, become: true }
+# - { role: ansible_lza_server_hardening, become: true }
- { role: ansible_lza_rosetta_app, become: true }
diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index 51629110aa6f2309986feacd950721a2305df5a3..acab8b42d12cceec5fce6867dceaf801e9b6c464 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_general|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_general | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/configure_kdump.yml b/tasks/configure_kdump.yml
index ccacf9004173c3eeedc31520f3b02f068ed3e2f5..04448344ed0572a60f16dacfc7ea1ee0c7fc912e 100644
--- a/tasks/configure_kdump.yml
+++ b/tasks/configure_kdump.yml
@@ -7,7 +7,13 @@
# of the crash. Kernel core dumps may consume a considerable amount of disk
# space and may result in denial of service by exhausting the available space
# on the target file system partition."
+- name: find out if kdump.service exists
+ ansible.builtin.command: "systemctl list-unit-files kdump.service"
+ register: kdump
+ changed_when: false
+
- name: disable kdump as per DoD STIG V-72057
- systemd:
+ ansible.builtin.systemd:
name: "kdump.service"
enabled: false
+ when: '"kdump.service" in kdump.stdout'
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index b36364dc8fb14ff1d03f14400a296d74d04db022..278fd1fe40091613c4696a1079b35a57c771d3e4 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -1,34 +1,36 @@
---
-#- name: DEBUG
-# debug:
-# msg: "{{ item.1 }}"
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: DEBUG
+# ansible.builtin.debug:
+# msg: "{{ item.1 }}"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
# Logic shamelessly stolen from https://stackoverflow.com/a/56086694
# Use Notepad++ with JSON viewer to better understand the logic here.
-#- name: create mount points (separately, because shares cannot be mounted when servers use temporary setuip IPs)
-# file:
-# path: "{{ item.1.path }}"
-# state: directory
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: create mount points (separately, because shares cannot be mounted when servers use temporary setup IPs)
+# ansible.builtin.file:
+# path: "{{ item.1.path }}"
+# state: directory
+# mode: "0755"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
-#- name: create temporary mount points for shares from source RHEL 6 servers below /mnt/
-# file:
-# path: "/mnt/LEGACY{{ item.1.path }}"
-# state: directory
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: create temporary mount points for shares from source RHEL 6 servers below /mnt/
+# ansible.builtin.file:
+# path: "/mnt/LEGACY{{ item.1.path }}"
+# state: directory
+# mode: "0755"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
- name: create mount points and mount shares for Rosetta & DB
- mount:
+ ansible.posix.mount:
fstype: "{{ item.1.fstype | default('nfs') }}"
opts: "{{ item.1.mount_opts | default('auto,nfsvers=4,minorversion=0') }}"
src: "{{ item.1.src }}"
@@ -39,38 +41,38 @@
label: "{{ item.0 }}"
when: ansible_hostname in item.0.hosts
-#- name: create mount points and mount shares for Rosetta DEV
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.dev }}"
-# when: ansible_hostname == "sdvlzarosappdev"
+# - name: create mount points and mount shares for Rosetta DEV
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop: "{{ volumes.dev | dict2items }}"
+# when: ansible_hostname == "sdvlzarosappdev"
#
-#- name: create mount points and mount shares for Rosetta TEST
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.test }}"
-# when: ansible_hostname == "sdvrosetta-test"
+# - name: create mount points and mount shares for Rosetta TEST
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop: "{{ volumes.test | dict2items }}"
+# when: ansible_hostname == "sdvrosetta-test"
#
-#- name: create mount points and mount shares for Rosetta PROD
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.prod }}"
-# when: ansible_hostname in "sdvlzarosappprod0"
+# - name: create mount points and mount shares for Rosetta PROD
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop:: "{{ volumes.prod | dict2items }}"
+# when: ansible_hostname in "sdvlzarosappprod0"
#
- name: find /mnt/sdvlzasubapp*_access directories
- find:
+ ansible.builtin.find:
paths: "/mnt/"
patterns: '^.*_access'
use_regex: true
@@ -78,31 +80,31 @@
register: access_dirs
- name: find /mnt/sdvlzasubapp*_ingest directories
- find:
+ ansible.builtin.find:
paths: "/mnt/"
patterns: '^.*_ingest'
use_regex: true
file_type: directory
register: ingest_dirs
-# - debug:
+# - ansible.builtin.debug:
# var: access_dirs
-# - debug:
+# - ansible.builtin.debug:
# var: ingest_dirs
- name: set correct permissions/owner/group for Access shares
- file:
+ ansible.builtin.file:
path: "{{ item.path }}"
group: "{{ nfs_access_group }}"
mode: "0770"
state: directory
- with_items: "{{ access_dirs.files }}"
+ loop: "{{ access_dirs.files }}"
- name: set correct permissions/owner/group for ingest shares
- file:
+ ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ nfs_ingest_owner }}"
group: "{{ nfs_ingest_group }}"
mode: "0770"
- with_items: "{{ ingest_dirs.files }}"
+ loop: "{{ ingest_dirs.files }}"
diff --git a/tasks/configure_sanitytest.yml b/tasks/configure_sanitytest.yml
index 532b2935955c5b1cf53167a697a39802186ca7d7..c919bac755c3a18e502077b24f80673c1a67ac0d 100644
--- a/tasks/configure_sanitytest.yml
+++ b/tasks/configure_sanitytest.yml
@@ -4,4 +4,3 @@
comment: "{{ vault_sanitytest_user.comment }}"
key: "{{ vault_sanitytest_user.sshkey }}"
user: "{{ vault_sanitytest_user.name }}"
-
diff --git a/tasks/configure_selinux.yml b/tasks/configure_selinux.yml
index 2fc61b4c15d9f38f37b835dcf9d93852dc043464..e18d08bc63aced4d66fe6b54b6a67ccd21ff0fe1 100644
--- a/tasks/configure_selinux.yml
+++ b/tasks/configure_selinux.yml
@@ -1,6 +1,6 @@
---
- name: set SElinux level
- copy:
+ ansible.builtin.copy:
src: "etc/selinux/config"
dest: "/etc/selinux/config"
owner: "root"
diff --git a/tasks/create_users.yml b/tasks/create_users.yml
index eda152f0ec4e39fed08eb727ab8713be262f9883..574fac49c4b2eee100ed5afa0945b206a4300032 100644
--- a/tasks/create_users.yml
+++ b/tasks/create_users.yml
@@ -1,13 +1,13 @@
---
- name: create Rosetta groups
- group:
+ ansible.builtin.group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
state: "{{ item.state | default('present') }}"
loop: "{{ vault_groups }}"
- name: create Rosetta users
- user:
+ ansible.builtin.user:
name: "{{ item.user }}"
comment: "{{ item.comment | default(omit) }}"
uid: "{{ item.uid }}"
@@ -20,3 +20,4 @@
shell: "{{ item.shell | default('/bin/bash') }}"
state: "{{ item.state | default('present') }}"
loop: "{{ vault_users }}"
+ no_log: true
diff --git a/tasks/install_checkmk_plugins.yml b/tasks/install_checkmk_plugins.yml
index 8d964ebb63185e0531ce1767a9339f64435dfbd8..f250373520696dd599a2695466f0241b3c607917 100644
--- a/tasks/install_checkmk_plugins.yml
+++ b/tasks/install_checkmk_plugins.yml
@@ -1,6 +1,6 @@
---
- name: delete legacy Check_MK plugins
- file:
+ ansible.builtin.file:
path: "/usr/lib/check_mk_agent/plugins/{{ item }}"
state: absent
loop:
@@ -8,7 +8,7 @@
- "mk_logwatch"
- name: install self-developed Check_MK plugins
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "root"
@@ -19,7 +19,7 @@
# get vendor plugins straight from monitoring server to make sure we get the latest version
- name: install vendor Check_MK plugins
- get_url:
+ ansible.builtin.get_url:
url: "https://cmk.slub-dresden.de/slubmon/check_mk/agents/plugins/{{ item }}"
dest: "/usr/lib/check_mk_agent/plugins/"
owner: "root"
@@ -30,7 +30,7 @@
- "mk_logwatch.py"
- name: configure logwatch for IBMSP backup
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/logwatch.cfg"
state: present
marker: "# {mark} ANSIBLE MANAGED BLOCK - TSM backup"
@@ -52,11 +52,11 @@
C ANS1071E
- name: run Rosetta-specific CheckMK tasks
- import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
+ ansible.builtin.import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
when: ( ansible_hostname is search("rosapp") ) or
( ansible_hostname is search("rosetta-") )
- name: run Oracle-specific CheckMK tasks
- import_tasks: "oracle/install_checkmk_plugins_oracle.yml"
+ ansible.builtin.import_tasks: "oracle/install_checkmk_plugins_oracle.yml"
when: ( ansible_hostname is search("rosora") ) or
( ansible_hostname is search("rosettaora") )
diff --git a/tasks/install_packages.yml b/tasks/install_packages.yml
index 0fabfd235eb2b797699cc945678a8db9bb707d92..c04a75415c71604d8924a83731aa5b71c63a0ec7 100644
--- a/tasks/install_packages.yml
+++ b/tasks/install_packages.yml
@@ -1,10 +1,10 @@
---
- name: include vars redhat_7_packages
- include_vars: redhat_7_packages.yml
+ ansible.builtin.include_vars: redhat_7_packages.yml
when: ( ansible_os_family == 'RedHat' ) and
( ansible_distribution_major_version == "7" )
- name: install packages required by ExLibris
- yum:
+ ansible.builtin.yum:
name: "{{ redhat_packages }}"
state: present
diff --git a/tasks/main.yml b/tasks/main.yml
index 963347017c5713f44bfe3cb0ab4653bcd56bc95d..b532c0a0dc3981747d98f3123422eb64f283c891 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: include Ansible Vaults
- include_vars: "{{ role_path }}/../ansible_vaults/{{ role_name }}/{{ item }}"
+ ansible.builtin.include_vars: "{{ role_path }}/../ansible_vaults/{{ role_name }}/{{ item }}"
loop:
- "dsm.vault"
- "iptables.vault"
@@ -12,39 +12,39 @@
### COMMON TASKS
-- import_tasks: install_packages.yml
+- ansible.builtin.import_tasks: "install_packages.yml"
tags: [yum, packages]
-- import_tasks: create_users.yml
+- ansible.builtin.import_tasks: "create_users.yml"
tags: [users]
-- import_tasks: "configure_sanitytest.yml"
+- ansible.builtin.import_tasks: "configure_sanitytest.yml"
tags: [users, sanitytest]
- name: find out if Rosetta is running, to make sure NFS tasks are only executed if Rosetta is OFF
- shell: 'ps -ef | grep -v "grep" | grep "DAPP_ROLE"'
+ ansible.builtin.shell: |
+ set -o pipefail
+ ps -ef | grep -v "grep" | grep "DAPP_ROLE"
register: rosetta_status
+ changed_when: false
failed_when: false
tags: [mount, nfs]
-- import_tasks: "configure_nfs_mounts.yml"
+- ansible.builtin.import_tasks: "configure_nfs_mounts.yml"
# when: ansible_facts.services['exlibris'].state != "running"
when: rosetta_status.rc != 0
tags: [mount, nfs]
-- import_tasks: install_checkmk_plugins.yml
+- ansible.builtin.import_tasks: "install_checkmk_plugins.yml"
tags: [checkmk, monitoring]
-- import_tasks: configure_iptables.yml
+- ansible.builtin.import_tasks: "configure_iptables.yml"
tags: [iptables]
-- import_tasks: configure_selinux.yml
+- ansible.builtin.import_tasks: "configure_selinux.yml"
tags: [selinux]
-- import_tasks: "configure_kdump.yml"
+- ansible.builtin.import_tasks: "configure_kdump.yml"
tags: [security, kdump]
### ROSETTA TASKS
-- debug:
- var: ansible_hostname
-
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html#tag-inheritance-adding-tags-to-multiple-tasks
-- include_tasks: rosetta/main_rosetta.yml
+- ansible.builtin.include_tasks: "rosetta/main_rosetta.yml"
when:
- ( ansible_hostname is search("rosapp") ) or
( ansible_hostname is search("rosetta-test") )
@@ -52,7 +52,7 @@
### ORACLE TASKS
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html#tag-inheritance-adding-tags-to-multiple-tasks
-- include_tasks: oracle/main_oracle.yml
+- ansible.builtin.include_tasks: "oracle/main_oracle.yml"
when:
- ( ansible_hostname is search("rosora") ) or
( ansible_hostname is search("rosettaora") )
diff --git a/tasks/oracle/configure_iptables_oracle.yml b/tasks/oracle/configure_iptables_oracle.yml
index 34b6ebf21cb60eadacbc2d1a53832945a7d22060..2572aa55b0e6d23e25a3bdbe0417ecd7322b8099 100644
--- a/tasks/oracle/configure_iptables_oracle.yml
+++ b/tasks/oracle/configure_iptables_oracle.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_oracle|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_oracle | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/oracle/configure_logrotate.yml b/tasks/oracle/configure_logrotate.yml
index f43f367c1ff1a6a002974588136de7748f25ba96..d9928a33e0192230a8be4c57cb324255738bca0a 100644
--- a/tasks/oracle/configure_logrotate.yml
+++ b/tasks/oracle/configure_logrotate.yml
@@ -1,6 +1,6 @@
---
- name: configure logrotate for Oracle DB
- template:
+ ansible.builtin.template:
src: "etc/logrotate.d/oracle.j2"
dest: "/etc/logrotate.d/oracle"
owner: "root"
diff --git a/tasks/oracle/configure_rman_backup.yml b/tasks/oracle/configure_rman_backup.yml
index 81219b22809f3ad04129499b6d6cf68f25b2727e..f1e5c81575bef72d5c59183a16b638eaf2cfc43b 100644
--- a/tasks/oracle/configure_rman_backup.yml
+++ b/tasks/oracle/configure_rman_backup.yml
@@ -1,6 +1,6 @@
---
- name: create rman log directory
- file:
+ ansible.builtin.file:
path: "/var/log/backup/{{ vault_oracle_user }}/"
owner: "{{ vault_oracle_user }}"
group: "{{ vault_oracle_group }}"
@@ -8,7 +8,7 @@
state: directory
- name: install the other backup scripts from files
- copy:
+ ansible.builtin.copy:
src: "home/{{ vault_oracle_user }}/{{ item }}"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
owner: "{{ vault_oracle_user }}"
@@ -21,7 +21,7 @@
- "trigger_oracle_backup_storage_lvl.sh"
- name: install the other backup scripts from templates
- template:
+ ansible.builtin.template:
src: "home/{{ vault_oracle_user }}/{{ item }}.j2"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
owner: "{{ vault_oracle_user }}"
@@ -31,7 +31,7 @@
- "tsm_error_mail.sh"
- name: install RMAN backup script
- template:
+ ansible.builtin.template:
src: "rman_dps3_fullbackup.sh.j2"
dest: "/home/{{ vault_oracle_user }}/rman_dps3_fullbackup.sh"
owner: "{{ vault_oracle_user }}"
diff --git a/tasks/oracle/configure_system_limits.yml b/tasks/oracle/configure_system_limits.yml
index e029914ea350e7a929064ff94a2455474ef71f3e..da7ceb0988211d9f0eb07263d19a7226de7c0f4e 100644
--- a/tasks/oracle/configure_system_limits.yml
+++ b/tasks/oracle/configure_system_limits.yml
@@ -3,12 +3,12 @@
# Cannot open connection [Rosetta 6.3.0.0]"
- name: set PAM Limits (man 5 limits.conf)
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/security/limits.d/exlibris.conf"
create: true
owner: "root"
group: "root"
- mode: 0644
+ mode: "0644"
block: |
# for Exlibris users
@exlibris soft nofile 65000
@@ -26,12 +26,12 @@
notify: activate kernel parameter changes
- name: set Kernel parameters (man 5 sysctl.conf)
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/sysctl.conf"
marker: "# {mark} ANSIBLE MANAGED BLOCK - ORACLE"
owner: "root"
group: "root"
- mode: 0644
+ mode: "0644"
block: |
# Exlibris Parameters as set by ExL support/installteam
kernel.sem = 250 32000 100 128
diff --git a/tasks/oracle/configure_tsmclient.yml b/tasks/oracle/configure_tsmclient.yml
index 5a684b89da6b75bd10d384caae13d10dfd529af2..24792d9bcf830666ce400a8d5e6a3a080485c5ec 100644
--- a/tasks/oracle/configure_tsmclient.yml
+++ b/tasks/oracle/configure_tsmclient.yml
@@ -1,6 +1,6 @@
---
- name: create dsmcad config directory
- file:
+ ansible.builtin.file:
path: "/{{ tsm_path }}"
state: directory
owner: "root"
@@ -8,8 +8,8 @@
mode: "0755"
- name: template dsmcad configuration for IBM Spectrum Protect Backup Client
- template:
- src: "{{tsm_path }}oracle_{{ item }}.j2"
+ ansible.builtin.template:
+ src: "{{ tsm_path }}oracle_{{ item }}.j2"
dest: "/{{ tsm_path }}{{ item }}"
owner: "root"
group: "root"
diff --git a/tasks/oracle/create_db_users.yml b/tasks/oracle/create_db_users.yml
index 3a0511f2bfe8abbd094e365b6526a07a90b3646a..8655c907f76eebf065bb0cfe59d389cc8a7d44fb 100644
--- a/tasks/oracle/create_db_users.yml
+++ b/tasks/oracle/create_db_users.yml
@@ -1,12 +1,12 @@
---
- name: create DB group
- group:
+ ansible.builtin.group:
name: "{{ vault_oracle_group }}"
gid: "{{ vault_oracle_gid }}"
state: present
- name: create DB user
- user:
+ ansible.builtin.user:
name: "{{ vault_oracle_user }}"
uid: "{{ vault_oracle_uid }}"
group: "{{ vault_oracle_group }}"
@@ -19,7 +19,7 @@
# The DB user doesn't actually use this dir, but it's nice for admins to put
# stuff there.
- name: create homedir for DB user
- file:
+ ansible.builtin.file:
path: "/home/{{ vault_oracle_user }}"
state: directory
owner: "{{ vault_oracle_user }}"
diff --git a/tasks/oracle/install_checkmk_plugins_oracle.yml b/tasks/oracle/install_checkmk_plugins_oracle.yml
index c1589a9263bcef6879170ad058be132a03912e7d..5016ad695e7c5429795615ea37318151131a41b4 100644
--- a/tasks/oracle/install_checkmk_plugins_oracle.yml
+++ b/tasks/oracle/install_checkmk_plugins_oracle.yml
@@ -1,6 +1,6 @@
---
- name: install self-developed Check_MK plugins for Oracle
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "root"
@@ -11,7 +11,7 @@
- "usr/lib/check_mk_agent/nrpe/check_oracle_db_table_integrity.sh"
- name: configure mrpe
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/mrpe.cfg"
block: |
Get%20Oracle%20database%20segment%20size. (interval=3600) /usr/lib/check_mk_agent/nrpe/check_oracle_db_segment_size.sh
@@ -19,7 +19,7 @@
# get vendor plugins straight from monitoring server to make sure we get the latest version
- name: install vendor Check_MK plugins for Oracle
- get_url:
+ ansible.builtin.get_url:
url: "https://cmk.slub-dresden.de/slubmon/check_mk/agents/plugins/{{ item }}"
dest: "/usr/lib/check_mk_agent/plugins/"
owner: "root"
diff --git a/tasks/oracle/install_sql_scripts.yml b/tasks/oracle/install_sql_scripts.yml
index e8edf19d42e71772704d620e389dc8fe630095d2..5176ff8f6b15e91a617d48a94f09bb6d9149d40a 100644
--- a/tasks/oracle/install_sql_scripts.yml
+++ b/tasks/oracle/install_sql_scripts.yml
@@ -1,6 +1,12 @@
---
+- name: create dest directory for SQL scripts
+ ansible.builtin.file:
+ path: "/home/{{ vault_oracle_user }}/sql-scripts/"
+ state: directory
+ mode: "0755"
+
- name: install SQL scripts
- template:
+ ansible.builtin.template:
src: "home/{{ vault_oracle_user }}/{{ item }}"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
directory_mode: "0750"
diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml
index 6bc06700e84254105141b244bcfd0ec8a601dda2..6d4167c7b2160661a3a92a5465bc9869d7da6dd3 100644
--- a/tasks/oracle/main_oracle.yml
+++ b/tasks/oracle/main_oracle.yml
@@ -1,16 +1,16 @@
---
### ORACLE TASKS
-- import_tasks: oracle/configure_iptables_oracle.yml
+- ansible.builtin.import_tasks: "oracle/configure_iptables_oracle.yml"
tags: [iptables]
-- import_tasks: oracle/create_db_users.yml
+- ansible.builtin.import_tasks: "oracle/create_db_users.yml"
tags: [users]
-- import_tasks: oracle/configure_rman_backup.yml
+- ansible.builtin.import_tasks: "oracle/configure_rman_backup.yml"
tags: [rman, backup]
-- import_tasks: oracle/configure_tsmclient.yml
+- ansible.builtin.import_tasks: "oracle/configure_tsmclient.yml"
tags: [backup, dsm, tsm, ibmsp]
-- import_tasks: oracle/install_sql_scripts.yml
+- ansible.builtin.import_tasks: "oracle/install_sql_scripts.yml"
tags: [scripts]
-- import_tasks: oracle/configure_system_limits.yml
+- ansible.builtin.import_tasks: "oracle/configure_system_limits.yml"
tags: [oracle]
-- import_tasks: oracle/configure_logrotate.yml
+- ansible.builtin.import_tasks: "oracle/configure_logrotate.yml"
tags: [oracle, logrotate]
diff --git a/tasks/rosetta/configure_iptables_qos.yml b/tasks/rosetta/configure_iptables_qos.yml
index 7b44fd9a3354d226a0ee4564871e79587c26f3af..36a23356f1da9cd80d57f7d37f1ec149aa334864 100644
--- a/tasks/rosetta/configure_iptables_qos.yml
+++ b/tasks/rosetta/configure_iptables_qos.yml
@@ -1,6 +1,6 @@
---
- name: iptables-QoS-Regeln setzen
- iptables:
+ ansible.builtin.iptables:
chain: "{{ item.chain }}"
action: "append"
table: "mangle"
diff --git a/tasks/rosetta/configure_iptables_rosetta.yml b/tasks/rosetta/configure_iptables_rosetta.yml
index b6b0bd26d141a40aefc2c8986ecea069b44aa1a0..386ee8e6e678eadaad34cf31923b25be4ce0c5b6 100644
--- a/tasks/rosetta/configure_iptables_rosetta.yml
+++ b/tasks/rosetta/configure_iptables_rosetta.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_rosetta|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_rosetta | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/rosetta/configure_rosetta_prerequisites.yml b/tasks/rosetta/configure_rosetta_prerequisites.yml
index a2803bc073d924c64092a85703ea16cc942a054b..a90c80d9af6a3bd531f0e2bcb0f6e6e83e99ab3b 100644
--- a/tasks/rosetta/configure_rosetta_prerequisites.yml
+++ b/tasks/rosetta/configure_rosetta_prerequisites.yml
@@ -1,6 +1,6 @@
---
- name: template global.properties PROD
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -8,27 +8,27 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_prod.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_prod.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_prod.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_prod.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_prod.http_port }}"
- - https_port: "{{ vault_global_properties_prod.https_port }}"
- - pds_port: "{{ vault_global_properties_prod.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_prod.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_prod.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_prod.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_prod.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_prod.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_prod.http_port }}"
+ https_port: "{{ vault_global_properties_prod.https_port }}"
+ pds_port: "{{ vault_global_properties_prod.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_prod.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "appprod0"
- name: set symlink for correct global.properties PROD
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_http"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
when: ansible_hostname in "appprod0"
- name: template global.properties TEST
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -36,27 +36,27 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_test.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_test.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_test.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_test.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_test.http_port }}"
- - https_port: "{{ vault_global_properties_test.https_port }}"
- - pds_port: "{{ vault_global_properties_test.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_test.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_test.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_test.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_test.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_test.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_test.http_port }}"
+ https_port: "{{ vault_global_properties_test.https_port }}"
+ pds_port: "{{ vault_global_properties_test.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_test.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "-test"
- name: set symlink for correct global.properties TEST
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_https"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
when: ansible_hostname in "-test"
- name: template global.properties DEV
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -64,20 +64,20 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_dev.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_dev.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_dev.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_dev.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_dev.http_port }}"
- - https_port: "{{ vault_global_properties_dev.https_port }}"
- - pds_port: "{{ vault_global_properties_dev.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_dev.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_dev.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_dev.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_dev.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_dev.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_dev.http_port }}"
+ https_port: "{{ vault_global_properties_dev.https_port }}"
+ pds_port: "{{ vault_global_properties_dev.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_dev.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "appdev"
- name: set symlink for correct global.properties DEV
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_https"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
diff --git a/tasks/rosetta/configure_tsmclient.yml b/tasks/rosetta/configure_tsmclient.yml
index 2f875e9c8e3e889432791bbf5fb9e67dd75ea959..655e14fe9e0dae926d8c7fde5bb9aa88a4fdff15 100644
--- a/tasks/rosetta/configure_tsmclient.yml
+++ b/tasks/rosetta/configure_tsmclient.yml
@@ -1,16 +1,16 @@
---
- name: create dsmcad config directory
- file:
- path: "/{{tsm_path }}"
+ ansible.builtin.file:
+ path: "/{{ tsm_path }}"
state: directory
owner: "root"
group: "bin"
mode: "0755"
- name: template dsmcad configuration for IBM Spectrum Protect Backup Client
- template:
- src: "{{tsm_path }}rosetta_{{ item }}.j2"
- dest: "/{{tsm_path }}{{ item }}"
+ ansible.builtin.template:
+ src: "{{ tsm_path }}rosetta_{{ item }}.j2"
+ dest: "/{{ tsm_path }}{{ item }}"
owner: "root"
group: "root"
mode: "0644"
diff --git a/tasks/rosetta/install_checkit_tiff.yml b/tasks/rosetta/install_checkit_tiff.yml
index c6687ff1c93aa83ea9a76b6e85c3ddf686188d5f..abf5243b0bc0cad93717474f9c89eed006f865d3 100644
--- a/tasks/rosetta/install_checkit_tiff.yml
+++ b/tasks/rosetta/install_checkit_tiff.yml
@@ -7,8 +7,14 @@
]
state: latest
+- name: create dest directory for checkit-tiff configs
+ ansible.builtin.file:
+ path: "/operational_shared/software/"
+ state: directory
+ mode: 0755
+
- name: deploy checkit_tiff-Configs
- file:
+ ansible.builtin.file:
src: "/usr/share/{{ item.src }}"
dest: "/operational_shared/software/{{ item.dest }}"
state: link
diff --git a/tasks/rosetta/install_checkmk_plugins_rosetta.yml b/tasks/rosetta/install_checkmk_plugins_rosetta.yml
index 043ac6355a89c00e35218c898721400b0b62dd80..0c26c9fd3d49f5a8d14cf1334ddae9bb824cc60a 100644
--- a/tasks/rosetta/install_checkmk_plugins_rosetta.yml
+++ b/tasks/rosetta/install_checkmk_plugins_rosetta.yml
@@ -1,6 +1,6 @@
---
- name: install self-developed Check_MK plugins for Rosetta
- copy:
+ ansible.builtin.copy:
src: "{{ item.path }}"
dest: "/{{ item.path }}"
owner: "root"
@@ -13,7 +13,7 @@
mode: "0644"
- name: configure logwatch for Rosetta
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/logwatch.cfg"
state: present
marker: "# {mark} ANSIBLE MANAGED BLOCK - Rosetta"
@@ -33,6 +33,6 @@
C GC (Allocation Failure)
- name: uninstall legacy NFS_troubleshoot.sh logwatch & mail notification script
- file:
+ ansible.builtin.file:
path: "/root/mail_rosetta_errors.sh"
state: absent
diff --git a/tasks/rosetta/install_error_summary.yml b/tasks/rosetta/install_error_summary.yml
index b09dc2b6246d3d197a4ae085a1c9f88d099b5695..bb8d5f615219b40d63b306fe8042de3fb0f79825 100644
--- a/tasks/rosetta/install_error_summary.yml
+++ b/tasks/rosetta/install_error_summary.yml
@@ -31,9 +31,6 @@
- "error-summary.timer"
notify: daemon-reload
-
-
-
- name: find error summary systemd units so we don't have to hardcode their names in the loops
ansible.builtin.find:
path: "/etc/systemd/user/"
@@ -58,10 +55,6 @@
register: error_summary_enablecmd
changed_when: error_summary_enablecmd.stdout in "Created symlink"
-
-
-
-
- name: start error summary SystemD timer (the service doesn't need to be started, that's done by the timer)
ansible.builtin.systemd:
name: "error-summary.timer"
diff --git a/tasks/rosetta/install_format_library_xsds.yml b/tasks/rosetta/install_format_library_xsds.yml
index 854a2168cbe5e447546813bfc6b3e5bb7d337024..b0fd134724ad4193f60e7d9cae0c7777287d41b5 100644
--- a/tasks/rosetta/install_format_library_xsds.yml
+++ b/tasks/rosetta/install_format_library_xsds.yml
@@ -16,4 +16,4 @@
group: "{{ vault_rosetta_group }}"
mode: "0664"
checksum: "{{ item.sha1 }}"
- loop: "{{ local_jhove_xsds }}"
\ No newline at end of file
+ loop: "{{ local_jhove_xsds }}"
diff --git a/tasks/rosetta/install_mediaconch.yml b/tasks/rosetta/install_mediaconch.yml
index 68e47c5f20df8bb5b31bb94a613aead1ccf82f68..262482f4d2357311f5ac7c17ce159e789a04c97a 100644
--- a/tasks/rosetta/install_mediaconch.yml
+++ b/tasks/rosetta/install_mediaconch.yml
@@ -27,16 +27,22 @@
ansible.builtin.file:
path: "/tmp/mediaconch-profile/"
state: absent
+ changed_when: false # there's no other way to get this task idempotent
- name: checkout MediaConch-Profile repo
ansible.builtin.git:
repo: "https://git.slub-dresden.de/digital-preservation/mediaconch-profile.git"
dest: "/tmp/mediaconch-profile/"
+ register: mc_profile_repo_cloned
+ changed_when: false # there's no other way to get this task idempotent
- name: compile MediaConch profile
ansible.builtin.command:
- cmd: "bash /tmp/mediaconch-profile/build_all.sh"
+ cmd: "bash ./build_all.sh"
chdir: "/tmp/mediaconch-profile/"
+ when: mc_profile_repo_cloned.before != mc_profile_repo_cloned.after
+ register: mc_profile_repo_built
+ changed_when: false # there's no other way to get this task idempotent
- name: deploy MediaConch profile to Rosetta
ansible.builtin.copy:
@@ -59,6 +65,10 @@
dest: "{{ item.dest }}"
state: link
force: true
- loop:
- - { src: "/etc/mediaconch/current_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
- - { src: "/etc/mediaconch/upcoming_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ mode: "0644"
+ loop:
+ - { src: "/etc/mediaconch/current_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ - { src: "/etc/mediaconch/upcoming_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ when:
+ - mc_profile_repo_cloned.before != mc_profile_repo_cloned.after
+ - mc_profile_repo_built.rc == "0"
diff --git a/tasks/rosetta/install_packages.yml b/tasks/rosetta/install_packages.yml
index 775034d9187bf15bea10c339bed1ce583c9bb6be..8547710357412964905f6a0c12fd0b8e83e2b40c 100644
--- a/tasks/rosetta/install_packages.yml
+++ b/tasks/rosetta/install_packages.yml
@@ -1,6 +1,6 @@
---
- name: install packages for plugins, TA, analysis
- yum:
+ ansible.builtin.yum:
name: [
'libtiff-tools',
'mediaconch',
diff --git a/tasks/rosetta/install_verapdf.yml b/tasks/rosetta/install_verapdf.yml
index ac054d7dc400b2d1843bbab71599673722d8828a..7a647e8e66f2ff5dc97671c71291fc2dc0ffc22a 100644
--- a/tasks/rosetta/install_verapdf.yml
+++ b/tasks/rosetta/install_verapdf.yml
@@ -1,10 +1,11 @@
---
- name: copy veraPDF RPM package
- copy:
+ ansible.builtin.copy:
src: "verapdf-1.16.1-1.el7.x86_64.rpm"
dest: "/tmp/verapdf-1.16.1-1.el7.x86_64.rpm"
+ mode: "0644"
- name: install veraPDF
- yum:
+ ansible.builtin.yum:
name: "/tmp/verapdf-1.16.1-1.el7.x86_64.rpm"
state: present
diff --git a/tasks/rosetta/main_rosetta.yml b/tasks/rosetta/main_rosetta.yml
index 6c56b5b25803e49a4546c8bc6b85c53875f7a7bd..37a03a739100e180dd754dcf834111021cb9e5ee 100644
--- a/tasks/rosetta/main_rosetta.yml
+++ b/tasks/rosetta/main_rosetta.yml
@@ -1,25 +1,25 @@
---
### ROSETTA TASKS
-- import_tasks: rosetta/configure_iptables_rosetta.yml
+- ansible.builtin.import_tasks: "rosetta/configure_iptables_rosetta.yml"
tags: [iptables]
-- import_tasks: rosetta/configure_iptables_qos.yml
+- ansible.builtin.import_tasks: "rosetta/configure_iptables_qos.yml"
tags: [iptables]
-- import_tasks: rosetta/configure_rosetta_prerequisites.yml
+- ansible.builtin.import_tasks: "rosetta/configure_rosetta_prerequisites.yml"
tags: [rosetta]
-- import_tasks: rosetta/install_checkmk_plugins_rosetta.yml
+- ansible.builtin.import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
tags: [checkmk, monitoring]
-- import_tasks: rosetta/install_packages.yml
+- ansible.builtin.import_tasks: "rosetta/install_packages.yml"
tags: [packages, yum]
-- import_tasks: rosetta/install_checkit_tiff.yml
+- ansible.builtin.import_tasks: "rosetta/install_checkit_tiff.yml"
tags: [packages, yum, checkit_tiff, cit]
-- import_tasks: rosetta/install_verapdf.yml
- tags: [packages, yum, verapdf]
-- import_tasks: rosetta/install_mediaconch.yml
+# - ansible.builtin.import_tasks: "rosetta/install_verapdf.yml"
+# tags: [packages, yum, verapdf]
+- ansible.builtin.import_tasks: "rosetta/install_mediaconch.yml"
tags: [packages, yum, mediaconch]
-- import_tasks: rosetta/configure_tsmclient.yml
+- ansible.builtin.import_tasks: "rosetta/configure_tsmclient.yml"
tags: [backup]
-- import_tasks: rosetta/install_format_library_xsds.yml
+- ansible.builtin.import_tasks: "rosetta/install_format_library_xsds.yml"
tags: [rosetta, xsd]
-- import_tasks: "rosetta/install_error_summary.yml"
+- ansible.builtin.import_tasks: "rosetta/install_error_summary.yml"
tags: [monitoring, reporting, visibility, errorsummary]
diff --git a/vars/main.yml b/vars/main.yml
index 7705c015285761732ea20415195c973b75b862c4..65bbae41515ba56fb06a4b930d3dced9379c7c3a 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -104,4 +104,4 @@ local_jhove_xsds:
- { dir: "{{ xsd_base_path }}www.loc.gov/standards/", filename: "xlink.xsd", sha1: "473aca92c2c22c55084afd2c0367bc0a98ca2a7f" }
- { dir: "{{ xsd_base_path }}www.w3.org/2001/03/", filename: "xml.xsd", sha1: "102d87e5e68e7edceb649c80b74a649e7e636541" }
- { dir: "{{ xsd_base_path }}www.w3.org/2004/10/", filename: "xml.xsd", sha1: "a1bb94c788091c087f54cc995212cc1a62c72881" }
- - { dir: "{{ xsd_base_path }}www.w3.org/2007/08/", filename: "xml.xsd", sha1: "c236cd21fe6daf2c096d50ab2b0701b99bd6e597" }
\ No newline at end of file
+ - { dir: "{{ xsd_base_path }}www.w3.org/2007/08/", filename: "xml.xsd", sha1: "c236cd21fe6daf2c096d50ab2b0701b99bd6e597" }
diff --git a/vars/redhat_7_packages.yml b/vars/redhat_7_packages.yml
index 4476c5b7399fb634dd2ebadd5325e9d57d5c410a..f6c8dfefecbd585c9e0f38e7783a64da990b2756 100644
--- a/vars/redhat_7_packages.yml
+++ b/vars/redhat_7_packages.yml
@@ -17,7 +17,6 @@ redhat_packages: [
'cpp.x86_64',
'dos2unix.x86_64',
'elfutils-libelf-devel.x86_64',
- 'expat.i686',
'expat.x86_64',
'fontconfig.i686',
'fontconfig.x86_64',
@@ -45,7 +44,6 @@ redhat_packages: [
'libbonobo.x86_64',
'libdaemon.x86_64',
'libdmx.x86_64',
- 'libgcc.i686',
'libgcc.x86_64',
'libgnome.x86_64',
'libgomp.x86_64',
@@ -99,7 +97,7 @@ redhat_packages: [
'xorg-x11-utils.x86_64',
'xorg-x11-xauth.x86_64',
'xorg-x11-xinit.x86_64',
- 'xz-libs.i686',
+ 'xz-libs',
'zlib-devel.i686',
'zlib.x86_64',
]