From 0cec7930715fefe58b3b925e268303374cde8131 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Wed, 7 Sep 2022 11:12:36 +0200
Subject: [PATCH] feat: implement GitLab-CI, linting, better documentation
---
.ansible-lint | 45 +++---
.config/molecule/config.yml | 2 +
.gitignore | 13 +-
.gitlab-ci.yml | 36 +++++
.gitlab/issue_templates/Default.md | 16 ++
.gitlab/merge_request_templates/Default.md | 7 +
CODE-OF-CONDUCT.md | 3 +
.../__init__.py => CONTRIBUTING.md | 0
README.md | 84 ++++++++---
ansible.cfg | 3 +-
handlers/main.yml | 21 +--
kudos.txt | 48 ++++++
meta/main.yml | 45 +++---
molecule/README.md | 139 ++++++++++--------
molecule/default | 1 +
molecule/oracle/converge.yml | 5 -
molecule/oracle/molecule.yml | 36 -----
molecule/oracle/prepare.yml | 37 -----
molecule/oracle/tests/conftest.py | 20 ---
.../parameter_files/redhat_6_packages.py | 120 ---------------
.../parameter_files/redhat_7_packages.py | 105 -------------
molecule/oracle/tests/test_default.py | 119 ---------------
.../playbooks}/INSTALL.rst | 6 +-
molecule/resources/playbooks/README.md | 3 +
molecule/resources/playbooks/converge.yml | 17 +++
molecule/resources/playbooks/prepare.yml | 70 +++++++++
molecule/resources/playbooks/verify.yml | 10 ++
molecule/rosetta/INSTALL.rst | 23 ---
molecule/rosetta/converge.yml | 5 -
molecule/rosetta/molecule.yml | 36 -----
molecule/rosetta/prepare.yml | 37 -----
molecule/rosetta/tests/conftest.py | 20 ---
.../rosetta/tests/parameter_files/__init__.py | 0
.../parameter_files/redhat_6_packages.py | 120 ---------------
.../parameter_files/redhat_7_packages.py | 105 -------------
molecule/rosetta/tests/test_default.py | 119 ---------------
molecule/virtualbox_centos7/molecule.yml | 55 +++++++
molecule/virtualbox_rocky8/molecule.yml | 53 +++++++
requirements.yml | 10 --
requirements.yml.example | 4 +
site.yml | 4 +-
tasks/configure_iptables.yml | 10 +-
tasks/configure_kdump.yml | 8 +-
tasks/configure_nfs_mounts.yml | 120 +++++++--------
tasks/configure_sanitytest.yml | 1 -
tasks/configure_selinux.yml | 2 +-
tasks/create_users.yml | 5 +-
tasks/install_checkmk_plugins.yml | 12 +-
tasks/install_packages.yml | 4 +-
tasks/main.yml | 30 ++--
tasks/oracle/configure_iptables_oracle.yml | 10 +-
tasks/oracle/configure_logrotate.yml | 2 +-
tasks/oracle/configure_rman_backup.yml | 8 +-
tasks/oracle/configure_system_limits.yml | 8 +-
tasks/oracle/configure_tsmclient.yml | 6 +-
tasks/oracle/create_db_users.yml | 6 +-
.../oracle/install_checkmk_plugins_oracle.yml | 6 +-
tasks/oracle/install_sql_scripts.yml | 8 +-
tasks/oracle/main_oracle.yml | 14 +-
tasks/rosetta/configure_iptables_qos.yml | 2 +-
tasks/rosetta/configure_iptables_rosetta.yml | 10 +-
.../configure_rosetta_prerequisites.yml | 60 ++++----
tasks/rosetta/configure_tsmclient.yml | 10 +-
tasks/rosetta/install_checkit_tiff.yml | 8 +-
.../install_checkmk_plugins_rosetta.yml | 6 +-
tasks/rosetta/install_error_summary.yml | 7 -
tasks/rosetta/install_format_library_xsds.yml | 2 +-
tasks/rosetta/install_mediaconch.yml | 18 ++-
tasks/rosetta/install_packages.yml | 2 +-
tasks/rosetta/install_verapdf.yml | 5 +-
tasks/rosetta/main_rosetta.yml | 24 +--
vars/main.yml | 2 +-
vars/redhat_7_packages.yml | 4 +-
73 files changed, 769 insertions(+), 1253 deletions(-)
create mode 100644 .config/molecule/config.yml
create mode 100644 .gitlab-ci.yml
create mode 100644 .gitlab/issue_templates/Default.md
create mode 100644 .gitlab/merge_request_templates/Default.md
create mode 100644 CODE-OF-CONDUCT.md
rename molecule/oracle/tests/parameter_files/__init__.py => CONTRIBUTING.md (100%)
create mode 100644 kudos.txt
create mode 120000 molecule/default
delete mode 100644 molecule/oracle/converge.yml
delete mode 100644 molecule/oracle/molecule.yml
delete mode 100644 molecule/oracle/prepare.yml
delete mode 100644 molecule/oracle/tests/conftest.py
delete mode 100644 molecule/oracle/tests/parameter_files/redhat_6_packages.py
delete mode 100644 molecule/oracle/tests/parameter_files/redhat_7_packages.py
delete mode 100644 molecule/oracle/tests/test_default.py
rename molecule/{oracle => resources/playbooks}/INSTALL.rst (84%)
create mode 100644 molecule/resources/playbooks/README.md
create mode 100644 molecule/resources/playbooks/converge.yml
create mode 100644 molecule/resources/playbooks/prepare.yml
create mode 100644 molecule/resources/playbooks/verify.yml
delete mode 100644 molecule/rosetta/INSTALL.rst
delete mode 100644 molecule/rosetta/converge.yml
delete mode 100644 molecule/rosetta/molecule.yml
delete mode 100644 molecule/rosetta/prepare.yml
delete mode 100644 molecule/rosetta/tests/conftest.py
delete mode 100644 molecule/rosetta/tests/parameter_files/__init__.py
delete mode 100644 molecule/rosetta/tests/parameter_files/redhat_6_packages.py
delete mode 100644 molecule/rosetta/tests/parameter_files/redhat_7_packages.py
delete mode 100644 molecule/rosetta/tests/test_default.py
create mode 100644 molecule/virtualbox_centos7/molecule.yml
create mode 100644 molecule/virtualbox_rocky8/molecule.yml
delete mode 100644 requirements.yml
create mode 100644 requirements.yml.example
diff --git a/.ansible-lint b/.ansible-lint
index 9c9323e..f18a647 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -6,7 +6,7 @@
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
# option will be parsed relative to the CWD of execution.
exclude_paths:
- - .cache/ # implicit unless exclude_paths is defined in config
+ - .cache/ # implicit unless exclude_paths is defined in config
- .git/
- .githooks/
- backups/
@@ -15,24 +15,19 @@ exclude_paths:
# verbosity: 1
# Mock modules or roles in order to pass ansible-playbook --syntax-check
-#mock_modules:
-# - zuul_return
-# # note the foo.bar is invalid as being neither a module or a collection
-# - fake_namespace.fake_collection.fake_module
-# - fake_namespace.fake_collection.fake_module.fake_submodule
-#mock_roles:
-# - mocked_role
-# - author.role_name # old standalone galaxy role
-# - fake_namespace.fake_collection.fake_role # role within a collection
+# mock_modules:
+# - zuul_return
+# # note the foo.bar is invalid as being neither a module or a collection
+# - fake_namespace.fake_collection.fake_module
+# - fake_namespace.fake_collection.fake_module.fake_submodule
+# mock_roles:
+# - mocked_role
+# - author.role_name # old standalone galaxy role
+# - fake_namespace.fake_collection.fake_role # role within a collection
# Enable checking of loop variable prefixes in roles
loop_var_prefix: "{role}_"
-# Enforce variable names to follow pattern below, in addition to Ansible own
-# requirements, like avoiding python identifiers. To disable add `var-naming`
-# to skip_list.
-var_naming_pattern: "^[a-z_][a-z0-9_]*$"
-
use_default_rules: true
# Load custom rules from this specific folder
# rulesdir:
@@ -46,9 +41,9 @@ skip_list:
# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
# mentioned in the enable_list:
enable_list:
- - empty-string-compare # opt-in
- - no-log-password # opt-in
- - no-same-owner # opt-in
+ - empty-string-compare # opt-in
+ - no-log-password # opt-in
+ - no-same-owner # opt-in
# add yaml here if you want to avoid ignoring yaml checks when yamllint
# library is missing. Normally its absence just skips using that rule.
- yaml
@@ -60,19 +55,19 @@ enable_list:
warn_list:
- skip_this_tag
- git-latest
- - experimental # experimental is included in the implicit list
+ - experimental # experimental is included in the implicit list
# - role-name
# Offline mode disables installation of requirements.yml
offline: false
# Define required Ansible's variables to satisfy syntax check
-#extra_vars:
-# foo: bar
-# multiline_string_variable: |
-# line1
-# line2
-# complex_variable: ":{;\t$()"
+# extra_vars:
+# foo: bar
+# multiline_string_variable: |
+# line1
+# line2
+# complex_variable: ":{;\t$()"
# Uncomment to enforce action validation with tasks, usually is not
# needed as Ansible syntax check also covers it.
diff --git a/.config/molecule/config.yml b/.config/molecule/config.yml
new file mode 100644
index 0000000..ece7ff6
--- /dev/null
+++ b/.config/molecule/config.yml
@@ -0,0 +1,2 @@
+---
+prerun: false
diff --git a/.gitignore b/.gitignore
index cf87250..ed78332 100644
--- a/.gitignore
+++ b/.gitignore
@@ -51,6 +51,8 @@ Thumbs.db
*.retry
*.vault
+inventory.*
+inv.*
# Vim #
#######
@@ -73,7 +75,14 @@ tags
.vagrant/
*.box
-# Misc #
-########
+# Temporary/Build/Backup #
+##########################
backups/
+build/
+
+# CONFIDENTIAL #
+################
+
+ssh_host_*
+
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..e2d64b3
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,36 @@
+---
+# A pipeline is composed of independent jobs that run scripts, grouped into stages.
+# Stages run in sequential order, but jobs within stages run in parallel.
+#
+# For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
+
+stages: # List of stages for jobs, and their order of execution
+ - test
+
+default:
+ before_script:
+ - source /opt/molecule/bin/activate
+ - ansible --version
+ - molecule --version
+
+test-job:
+ stage: test
+ tags:
+ - "shell"
+ script:
+ # make sure that Ansible Vaults are present and can be decrypted
+ - echo "${VAULT_INSTALL_COMMON}" > ../lza_install_common.pass
+ - echo "${VAULT_ROSETTA_APP}" > ../lza_rosetta_app.pass
+ - export ANSIBLE_VAULT_IDENTITY_LIST="../lza_install_common.pass, ../lza_rosetta_app.pass"
+ - rm -rf ../ansible_vaults/
+ - rm -rf ../ansible_lza_install_common/
+ - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/;
+ - git clone https://git.slub-dresden.de/digital-preservation/ansible_lza_install_common.git ../ansible_lza_install_common/;
+ # run Molecule tests
+ - molecule syntax --scenario-name default
+ - molecule lint --scenario-name default
+ - molecule create --scenario-name default
+ - molecule converge --scenario-name default
+ - molecule idempotence --scenario-name default
+ # - molecule verify --scenario-name default
+ - molecule destroy --scenario-name default
diff --git a/.gitlab/issue_templates/Default.md b/.gitlab/issue_templates/Default.md
new file mode 100644
index 0000000..acc60bf
--- /dev/null
+++ b/.gitlab/issue_templates/Default.md
@@ -0,0 +1,16 @@
+## Expected Behavior
+
+
+## Actual Behavior
+
+
+## Steps to Reproduce the Problem
+
+ 1.
+ 1.
+ 1.
+
+## Specifications
+
+ - Version/Commit:
+ - Platform:
diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md
new file mode 100644
index 0000000..4030f6f
--- /dev/null
+++ b/.gitlab/merge_request_templates/Default.md
@@ -0,0 +1,7 @@
+Fixes #
+
+## Proposed Changes
+
+ -
+ -
+ -
diff --git a/CODE-OF-CONDUCT.md b/CODE-OF-CONDUCT.md
new file mode 100644
index 0000000..19d2d20
--- /dev/null
+++ b/CODE-OF-CONDUCT.md
@@ -0,0 +1,3 @@
+# Code of Conduct
+
+Just be excellent to each other. That's it. EoC.
diff --git a/molecule/oracle/tests/parameter_files/__init__.py b/CONTRIBUTING.md
similarity index 100%
rename from molecule/oracle/tests/parameter_files/__init__.py
rename to CONTRIBUTING.md
diff --git a/README.md b/README.md
index 2e0f628..835b657 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,12 @@
# Ansible-Role "ansible_lza_rosetta_app"
-## Description
+## What does it do?
This role provides all necessary tasks to prepare Rosetta/Oracle servers for SLUBArchiv.
-## Prerequisites
+## What do I need?
+
+### Prerequisites
To use this role, the following software must be installed on your workstation:
* ansible
@@ -12,30 +14,34 @@ To use this role, the following software must be installed on your workstation:
To deploy this role to a managed host, the following software must be installed on the target:
* Python3
* SSHd
+* <INSERT MORE HERE IF NEEDED>
+
+### Dependencies
Other roles required by this role can be easily installed using `ansible-galaxy` if necessary. As the roles reside in SLUB's local Git server instance, you might need a password for certain repositories despite most of them being publicly available. This command will install the required roles in the correct location so they are found in the search path:
```
ansible-galaxy install -r requirements.yml -p ../
```
-It is recommended to use this role with Red Hat Enterprise Linux VMs as prepared by the "ansible_lza_create_rhel_iso" and "ansible_lza_bootstrap_rhel_server" roles.
+### Infrastructure
+
+It is recommended to use Debian VMs as deployed by SLUB's GUBS tool with this role. Otherwise you will not have access to the software packages that are located in SLUB's private Debian package repository.
-## Quick start
+## Can i have a Quick Start?
Most options already have sensible defaults in `ansible.cfg`. However, you can override these defaults using CLI options/flags if you want to. The flags can be combined if necessary, and most of them have long versions as well. Get more information using `ansible-playbook --help`.
To simply run the playbook, just call the `site.yml` playbook like this:
+```bash
+ansible-playbook site.yml -u <username>
```
- ansible-playbook site.yml -u <username>
-```
-
If you want to limit the execution to a subset of all hosts that are listed in the inventory, use the `-l` or `--limit` option like this:
-```
- ansible-playbook site.yml -l <hostna*>
- ansible-playbook site.yml -l <hostname>
- ansible-playbook site.yml -l <hostname1>:<hostname2>:...
- ansible-playbook site.yml -l <inventory_group>
- ansible-playbook site.yml --limit=<hostna*>
+```bash
+ansible-playbook site.yml -l <hostna*>
+ansible-playbook site.yml -l <hostname>
+ansible-playbook site.yml -l <hostname1>:<hostname2>:...
+ansible-playbook site.yml -l <inventory_group>
+ansible-playbook site.yml --limit=<hostna*>
```
If you do not have Vault password files in the directory above the role direcory, you have to give the Vault password before execution:
@@ -60,20 +66,62 @@ You can then run only certain tagged tasks by using the `--tags` option:
ansible-playbook site.yml --tags=tag1,tag2,...,tagN
```
-## Testing the role
+## How can I run tests?
Tests have been implemented using the Molecule framework. The details on using the test suite are described below `molecule/`.
-## Variables
+To run some quick tests, you can do:
+```bash
+# pure syntax check
+molecule syntax
+# run yamllint and ansible-lint
+molecule lint
+# list available test scenarios, e.g. based on different OS images or platforms
+molecule list
+# create the test environment for a specific scenario (can be left out for "default")
+molecule create [-s scenario]
+# run your tasks against the test env
+molecule converge [-s scenario] # multiple times if needed
+# run idempotence checks to se if any of the tasks keeps changing (subsequent runs shouldn't trigger changes)
+molecule idempotence [-s scenario]
+# cleanup test env (remove VM/container)
+molecule destroy [-s scenario]
+```
+
+We recommend running those tests before pushing any code to the Git server.
+
+On every `git push`, the GitLab-CI pipeline will run a similar set of tests to ensure that all changes are working. Find the details in the `.gitlab-ci.yml` file located at the project root directory.
+
+## What can be configured?
+
+### Ansible Role
Many variables have been "hidden" in encrypted Ansible Vaults. For security reasons, these Vaults are maintained in a separate private internal repository of SLUB's Git. However, in order to better understand the data within the vaults, you can find `\*.vault.example` files below the `vars/` directory.
If you work outside of SLUBArchive and have no access to the vault repository, make sure to put the necessary vaults in the expected paths at `../ansible_vaults/<ROLENAME>/`.
-## git configuration
+Variable defaults have been set in `defaults/main.yml`. You can overwrite them with your own values by setting them in `vars/main.yml`.
+
+### Git configuration
Just run the `setup_gitconfig.sh` script that comes with the repo to correctly setup all necessary local Git configurations.
-## Author Information
+## What changes have been made lately?
+
+All changes can be found in the `CHANGELOG` file located at the project root directory. Alternatively, you can have a look at the commit log to get a detailed view.
+
+## Who is maintaining this project?
+
+All authors/maintainers are listed in the `kudos.txt` file located at the project root directory.
+
+## How can I contribute?
+
+If you have any comments or find bugs, please contact langzeitarchiv@slub-dresden.de, create an issue or send us a pull request.
+
+Details on how to contribute to this project can be found at the `CONTRIBUTING.md` file located at the project root directory.
+
+If you have commited to the project yourself, you can leave a note in the `kudos.txt` file located at the project root directory. Be assured of our eternal gratitude.
+
+## Is there a Code of Conduct?
-If you have any comments or find bugs, please contact langzeitarchiv@slub-dresden.de or issue a pull request.
+Yes there is. You can find it in the `CODE-OF-CONDUCT.md` file located at the project root directory. It's kept very brief by design.
diff --git a/ansible.cfg b/ansible.cfg
index 50ed693..6470d45 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -30,7 +30,8 @@ roles_path = ../:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
# default callback.
# https://docs.ansible.com/ansible/latest/reference_appendices/config.html#display-skipped-hosts
# DEFAULT: display_skipped_hosts = true
-display_skipped_hosts = false
+#display_skipped_hosts = false
+#display_ok_hosts: false
use_persistent_connections=true
diff --git a/handlers/main.yml b/handlers/main.yml
index 9d366ba..04e5555 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,41 +2,42 @@
- name: save iptables rules
block:
- name: Ordner für iptables-Config erstellen
- file:
+ ansible.builtin.file:
path: "/etc/iptables"
state: directory
owner: "root"
group: "root"
- mode: 0755
+ mode: "0755"
listen: "save iptables rules"
- name: install netfilter-persistent to be able to save iptables rules
- apt:
+ ansible.builtin.apt:
name: "netfilter-persistent"
state: present
listen: "save iptables rules"
- name: save iptables rules
- command: "netfilter-persistent save"
+ ansible.builtin.command: "netfilter-persistent save"
listen: "save iptables rules"
- when: ansible_distribution == "Debian"
+ changed_when: false
+ when: ansible_os_family == "Debian"
- name: save iptables rules
block:
- name: make sure iptables config file exists
- file:
+ ansible.builtin.file:
path: "/etc/sysconfig/iptables"
state: touch
owner: "root"
group: "root"
- mode: 0600
+ mode: "0600"
listen: "save iptables rules"
- name: save iptables rules
- command: /usr/sbin/iptables-save # noqa 303
+ ansible.builtin.command: /usr/sbin/iptables-save # noqa 303
listen: "save iptables rules"
+ changed_when: false
when: ansible_os_family == "RedHat"
- name: activate kernel parameter changes
- command: sysctl -p
- ignore_errors: true
+ ansible.builtin.command: sysctl -p
- name: daemon-reload
ansible.builtin.systemd:
diff --git a/kudos.txt b/kudos.txt
new file mode 100644
index 0000000..56616d7
--- /dev/null
+++ b/kudos.txt
@@ -0,0 +1,48 @@
+# kudos.txt - Express gratitude to your contributors.
+# https://github.com/kudos-txt
+
+project:
+ - name: ansible_role_name
+ site: https://git.slub-dresden.de/path/to/repo
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
+
+contributor:
+# - name: <name or nick of the contributor>
+# role: <role in the project>
+# site: <website url>
+# blog: <blog url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# home: <country>, <region>, <zip>, <city>, <address>
+# work: <company>, <job title>, <job description>
+# note: <free text notes>
+ - name: Jörg Sachse
+ role: Maintainer
+ mail: Joerg.Sachse@slub-dresden.de
+ home: Germany, Saxony, 01059, Dresden, Zellescher Weg 18
+ work: SLUB Dresden, Digital Preservationist &IT Administrator & Installation Wizard
+
+#partner:
+# - name: <name of the partner>
+# site: <website url>
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
+
+#software:
+# - name: <name of the software>
+# site: <website url>
+# blog: <blog url>
+# help: <support url>
+# news: <news url>, <news feed url>
+# mail: <mail@domain.tld>
+# chat: <service:nick>, <service:channel>, <url>
+# note: <free text notes>
diff --git a/meta/main.yml b/meta/main.yml
index b8de9e3..6d9a5bc 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,29 +1,38 @@
---
galaxy_info:
- author: Jörg Sachse
- description: role to install Rosetta application server for the SLUBarchiv digital preservation repository
+ author: Jörg Sachse (<Joerg.Sachse@slub-dresden.de>)
company: SLUB Dresden
- # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker Some suggested licenses: - BSD
- # (default) - MIT - GPLv2 - GPLv3 - Apache - CC-BY
- license: public domain
- min_ansible_version: 2.4
- # If this a Container Enabled role, provide the minimum Ansible Container version. min_ansible_container_version: Optionally specify the branch Galaxy will use when accessing the GitHub repo
- # for this role. During role install, if no tags are available, Galaxy will use this branch. During import Galaxy will access files on this branch. If Travis integration is configured, only
- # notifications for this branch will be accepted. Otherwise, in all cases, the repo's default branch (usually master) will be used. github_branch:
- #
+ description: role to install Rosetta application server for the SLUBarchiv digital preservation repository
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
+ # add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+ # issue_tracker_url: "https://example.com/"
+ # If the issue tracker for your role is not on github, uncomment the next line and provide a value issue_tracker_url: http://example.com/issue/tracker
+
+ # Choose a valid license ID from https://spdx.org - some suggested licenses:
+ # - BSD-3-Clause (default)
+ # - MIT
+ # - GPL-2.0-or-later
+ # - GPL-3.0-only
+ # - Apache-2.0
+ # - CC-BY-4.0
+ license: GPL-3.0-or-later
+
+ min_ansible_version: "2.5"
+ # If this a Container Enabled role, provide the minimum Ansible Container version. min_ansible_container_version: Optionally specify the branch Galaxy will use when accessing the GitHub repo
+ # for this role. During role install, if no tags are available, Galaxy will use this branch. During import Galaxy will access files on this branch. If Travis integration is configured, only
+ # notifications for this branch will be accepted. Otherwise, in all cases, the repo's default branch (usually master) will be used. github_branch:
# Provide a list of supported platforms, and for each platform a list of versions. If you don't wish to enumerate all versions for a particular platform, use 'all'. To view available
# platforms and versions (or releases), visit: https://galaxy.ansible.com/api/v1/platforms/
#
# platforms: - name: Fedora
# versions: - all - 25 - name: SomePlatform versions: - all - 1.0 - 7 - 99.99
platforms:
- - name: RedHat
+ - name: EL
versions:
- - 7
- galaxy_tags: []
- # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
- # add tags to this list.
- #
- # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
- # Maximum 20 tags per role.
+ - "7"
+ - "8"
dependencies: []
diff --git a/molecule/README.md b/molecule/README.md
index 33a7eb5..fdb41fe 100644
--- a/molecule/README.md
+++ b/molecule/README.md
@@ -4,39 +4,53 @@
In order to be able to use the tests, you need to have some software packages installed. You may need sudo privileges for some of these operations.
- ### install VirtualBox
- # do NOT use distribution packages
- # process documented at https://www.virtualbox.org/wiki/Linux_Downloads
- #
- # add repository URL
- sudo echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian stretch contrib" > /etc/apt/sources.d/virtualbox.list
- # add GPG key
- wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
- # update sources
- sudo apt update
- # install VirtualBox
- sudo apt-get install virtualbox-6.1
-
- ### install Vagrant
- # do NOT use distribution packages
- #
- # download Debian package from Hashicorp
- wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
- # install package
- sudo dpkg -i vagrant_2.2.9_x86_64.deb
-
- ### install Molecule et. al.
- # prepare directories
- mkdir ~/python-envs/ && cd ~/python-env/
- # create Python Virtual Environment with Python3 interpreter (Python2 is deprecated!)
- virtualenv -p python3 molecule-env
- # enter the Virtual Environment in your current shell (other shells will be unaffected)
- source molecule-env/bin/activate
- # install packages
- pip3 install molecule ansible testinfra ansible-lint molecule-vagrant molecule-docker
-
- # leave the Virtual Environment only when you're done
- deactivate
+There are two ways to accomplish this.
+
+### Option 1: use `molecule-skel` (SLUB staff only)
+
+1. Clone the project at [molecule-skel](https://git.slub-dresden.de/slub-referat-2-3/molecule-skel): `git clone https://git.slub-dresden.de/slub-referat-2-3/molecule-skel.git`
+2. Switch to the `molecule-skel` repository directory and run `./install_testenv.sh`.
+3. PROFIT!
+
+ Check the `README.md` over at [molecule-skel](https://git.slub-dresden.de/slub-referat-2-3/molecule-skel) for details on how to use that. It's easy, I promise.
+
+### Option 2: manual installation
+
+Run these steps on your terminal.
+
+```bash
+### install VirtualBox
+# do NOT use distribution packages, as they may be too old!
+# process documented at https://www.virtualbox.org/wiki/Linux_Downloads
+#
+# add GPG key
+wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
+# add repository URL
+sudo echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian stretch contrib" > /etc/apt/sources.d/virtualbox.list
+# update sources and install VirtualBox
+sudo apt update; sudo apt-get install virtualbox-6.1
+
+### install Vagrant
+# do NOT use distribution packages, as they may be too old!
+#
+# download Debian package from Hashicorp
+wget https://releases.hashicorp.com/vagrant/2.2.9/vagrant_2.2.9_x86_64.deb
+# install package
+sudo dpkg -i vagrant_2.2.9_x86_64.deb
+
+### install Molecule et. al.
+# prepare directories
+mkdir ~/python-envs/ && cd ~/python-env/
+# create Python Virtual Environment with Python3 interpreter (Python2 is deprecated!)
+virtualenv -p python3 molecule-env
+# enter the Virtual Environment in your current shell (other shells will be unaffected)
+source molecule-env/bin/activate
+# install packages
+pip3 install molecule ansible testinfra ansible-lint molecule-vagrant molecule-docker
+
+# leave the Virtual Environment only when you're done
+deactivate
+```
You can find suitable documentation at the respective vendors' websites.
* [Vagrant Installation Guide](https://www.vagrantup.com/docs/installation/)
@@ -46,10 +60,14 @@ You can find suitable documentation at the respective vendors' websites.
## Initialising a new Molecule scenario
If you have already created a role without the Molecule test framework or you want to add test scenarios, you can use:
- molecule init scenario --scenario-name <my_scenario> --driver [azure|delegated|docker|ec2|gce|linode|lxc|lxd|openstack|vagrant] --verifier-name [ansible|testinfra]
+```bash
+molecule init scenario --scenario-name <my_scenario> --driver [azure|delegated|docker|ec2|gce|linode|lxc|lxd|openstack|vagrant] --verifier-name [ansible|testinfra]
+```
If you need any help with the options, please use:
- molecule init role --help
+```bash
+molecule init role --help
+```
## Running Tests
@@ -60,26 +78,31 @@ Various test environments are separated into so-called "scenarios" that can be b
In the simplest configuration, the `molecule/` directory only contains one `default/` directory that contains the default scenario. This scenario is run if no other scenario is chosen using the `-s` CLI option.
This is the basic usage of Molecule:
- # create test infrastructure
- cd <role_directory>
- molecule create
- # run playbooks against test infrastructure
- molecule converge
- # run Testinfra tests
- molecule verify
- # remove test infrastructure
- molecule destroy
-
- # run all steps at once:
- molecule test
-
-It has proven helpful to use Vagrant to create a snapshot of the VM after the creation phase has completed.
- # First, get UUID of the VM
- vagrant global-status
- # Then, create the snapshot
- vagrant snapshot save <uuid> <snapshot_name>
- # To restore the snapshot, use
- vagrant snapshot restore <uuid> <snapshot_name>
- # And to remove the snapshot, use
- vagrant snapshot delete <uuid> <snapshot_name>
-
+```bash
+# create test infrastructure
+cd <role_directory>
+molecule create
+# run playbooks against test infrastructure
+molecule converge
+# run idempotence tests
+molecule idempotence
+# run tests, if they exist
+molecule verify
+# remove test infrastructure
+molecule destroy
+
+# run all steps at once:
+molecule test
+```
+
+It has proven helpful to use Vagrant to create a snapshot of the VM after the creation phase has completed. Just like this:
+```bash
+# First, get UUID of the VM
+vagrant global-status
+# Then, create the snapshot
+vagrant snapshot save <uuid> <snapshot_name>
+# To restore the snapshot, use
+vagrant snapshot restore <uuid> <snapshot_name>
+# And to remove the snapshot, use
+vagrant snapshot delete <uuid> <snapshot_name>
+```
diff --git a/molecule/default b/molecule/default
new file mode 120000
index 0000000..0a8acd2
--- /dev/null
+++ b/molecule/default
@@ -0,0 +1 @@
+virtualbox_centos7
\ No newline at end of file
diff --git a/molecule/oracle/converge.yml b/molecule/oracle/converge.yml
deleted file mode 100644
index e741840..0000000
--- a/molecule/oracle/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/oracle/molecule.yml b/molecule/oracle/molecule.yml
deleted file mode 100644
index 0b0d2ad..0000000
--- a/molecule/oracle/molecule.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: vagrant
- provider:
- name: virtualbox
-lint: |
- set -e
- yamllint .
- ansible-lint -x formatting
- flake8 --ignore=E501
-platforms:
- - name: molecule-rosoramol
- box: centos/7
- memory: 512
- cpus: 1
-provisioner:
- name: ansible
- log: true
- config_options:
- defaults:
- vault_identity_list: "@$HOME/.ansible/roles/molecule_prepare.pass, @$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/lza_server_hardening.pass, @$HOME/.ansible/roles/lza_rosetta_app.pass"
- lint: |
- set -e
- ansible-lint
- vvv: false
-verifier:
- name: testinfra
- env:
- PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning"
- lint: |
- set -e
- flake8
- options:
- v: 1
diff --git a/molecule/oracle/prepare.yml b/molecule/oracle/prepare.yml
deleted file mode 100644
index 8f86242..0000000
--- a/molecule/oracle/prepare.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: true
- pre_tasks:
- - name: include vars
- include_vars: "../../../ansible_vaults/molecule_prepare/{{ item }}"
- loop:
- - "prepare.vault"
- - name: Install python for Ansible
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python2-dnf python3-dnf)
- become: true
- changed_when: false
- - name: Install DNF Python packages
- raw: yum install -y python2-dnf python3-dnf
- become: true
- changed_when: false
- - name: create users (as deployed in production)
- user:
- name: "{{ item.name }}"
- uid: "{{ item.uid }}"
- create_home: "yes"
- shell: "/bin/bash"
- loop: "{{ vault_molecule_users | flatten(levels=1) }}"
- become: true
- - name: Install required packages
- yum:
- name: [
- 'gpg',
- 'less',
- 'libuser'
- ]
- state: present
- become: true
- roles:
- - {role: ansible_lza_install_common, become: true}
- - {role: ansible_lza_server_hardening, become: true}
diff --git a/molecule/oracle/tests/conftest.py b/molecule/oracle/tests/conftest.py
deleted file mode 100644
index ba0f1e8..0000000
--- a/molecule/oracle/tests/conftest.py
+++ /dev/null
@@ -1,20 +0,0 @@
-"""PyTest Fixtures."""
-from __future__ import absolute_import
-import os
-import pytest
-
-
-def pytest_runtest_setup(item):
- """Run tests only when under molecule with testinfra installed."""
- try:
- import testinfra
- except ImportError:
- pytest.skip("Test requires testinfra", allow_module_level=True)
- if "MOLECULE_INVENTORY_FILE" in os.environ:
- pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
- ).get_hosts("all")
- else:
- pytest.skip(
- "Test should run only from inside molecule.", allow_module_level=True
- )
diff --git a/molecule/oracle/tests/parameter_files/redhat_6_packages.py b/molecule/oracle/tests/parameter_files/redhat_6_packages.py
deleted file mode 100644
index fefe07e..0000000
--- a/molecule/oracle/tests/parameter_files/redhat_6_packages.py
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-@pytest.mark.parametrize("redhat_6_packages", [
- "avahi.x86_64"
- "avahi-glib.x86_64"
- "binutils.x86_64"
- "bzip2-libs.i686"
- "celt051.x86_64"
- "cloog-ppl.x86_64"
- "compat-db.x86_64"
- "compat-db42.x86_64"
- "compat-db43.x86_64"
- "compat-expat1.i686"
- "compat-expat1.x86_64"
- "compat-gcc-34.x86_64"
- "compat-gcc-34-c++.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "compat-readline5.i686"
- "ConsoleKit-x11.x86_64"
- "cpp.x86_64"
- "e2fsprogs-libs.i686"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "gcc.x86_64"
- "gcc-c++.x86_64"
- "gdbm.i686"
- "GConf2.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "keyutils-libs.i686"
- "krb5-libs.i686"
- "ksh.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libaio.i686"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgcc.i686"
- "libgcrypt.i686"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libgpg-error.i686"
- "libICE.i686"
- "libIDL.x86_64"
- "libmcpp.x86_64"
- "libselinux.i686"
- "libsepol.i686"
- "libSM.i686"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libXau.i686"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libxml2.i686"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libxslt.i686"
- "libXt.i686"
- "libXt.x86_64"
- "libXtst.i686"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mcpp.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "nss-softokn-freebl.i686"
- "ompat-expat1.i686"
- "ORBit2.x86_64"
- "pcre.i686"
- "ppl.x86_64"
- "readline.i686"
- "readline-devel.x86_64"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/oracle/tests/parameter_files/redhat_7_packages.py b/molecule/oracle/tests/parameter_files/redhat_7_packages.py
deleted file mode 100644
index 16d3337..0000000
--- a/molecule/oracle/tests/parameter_files/redhat_7_packages.py
+++ /dev/null
@@ -1,105 +0,0 @@
-@pytest.mark.parametrize("redhat_7_packages", [
- "avahi-glib.x86_64"
- "avahi.x86_64"
- "binutils.x86_64"
- "celt051.x86_64"
- "compat-db.x86_64"
- "compat-gcc-44-c++.x86_64"
- "compat-gcc-44.x86_64"
- "compat-glibc-headers.x86_64"
- "compat-libcap1-1.10-7.el7.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "cpp.x86_64"
- "dos2unix.x86_64"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "expat.x86_64"
- "fontconfig.i686"
- "fontconfig.x86_64"
- "freetype.x86_64"
- "gcc-c++.x86_64"
- "gcc.x86_64"
- "GConf2.x86_64"
- "gdbm.i686"
- "giflib.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "ksh.x86_64"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libICE.i686"
- "libICE.x86_64"
- "libicu-devel.i686"
- "libIDL.x86_64"
- "libidn.i686"
- "libjpeg-turbo.x86_64"
- "libSM.i686"
- "libSM.x86_64"
- "libstdc++-devel.i686"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libX11.x86_64"
- "libXau.i686"
- "libXau.x86_64"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libXi.x86_64"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libXt.i686"
- "libXtst.i686"
- "libXtst.x86_64"
- "libXt.x86_64"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "ORBit2.x86_64"
- "readline-devel.x86_64"
- "readline.i686"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "xz-libs.i686"
- "zlib-devel.i686"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/oracle/tests/test_default.py b/molecule/oracle/tests/test_default.py
deleted file mode 100644
index 6df0ae3..0000000
--- a/molecule/oracle/tests/test_default.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# https://docs.pytest.org/en/latest/parametrize.html#pytest-mark-parametrize-parametrizing-test-functions
-
-
-@pytest.mark.parametrize("name,version", [
- ("python", "2.7"),
-])
-def test_configure_yum_repositories(host):
- print("not implemented")
-
-
-def test_configure_iptables_qos(host):
- ipt_pre = host.iptables.rules("mangle", "PREROUTING")
- print(ipt_pre)
- ipt_post = host.iptables.rules("mangle", "POSTROUTING")
- print(ipt_post)
-
-
-@pytest.mark.parametrize("mountpoint", [
- {'path': "/exlibris", 'device': ""},
- {'path': "/operational_shared", 'device': ""},
- {'path': "/operational_storage", 'device': ""},
- {'path': "/permanent_storage", 'device': ""}
-])
-def test_configure_nfs_mounts(host):
- mount = host.mount_point(mountpoint)
- assert mount.exists
- assert mount.device == mount(device)
- assert mount.filesystem == "nfs"
-
-
-@pytest.mark.parametrize("rman_file", [
- "/home/oracle/expdump_dps3.sh",
- "/home/oracle/impdump_dps3.sh",
- "/home/oracle/rman_backup.cmd",
- "/home/oracle/trigger_oracle_backup_storage_lvl.sh",
- "/home/oracle/tsm_error_mail.sh",
- "/home/oracle/rman_dps3_fullbackup.sh"
-])
-def test_configure_rman_backup(host):
- d = host.file("/var/log/oracle")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o750
- f = host.file(f"/home/oracle/{rman_file}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o755
-
-
-def test_configure_selinux(host):
- f = host.file("/etc/selinux/config")
- assert f.exists
- assert f.if_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- assert f.contains("SELINUX=permissive")
- assert f.contains("SELINUXTYPE=targeted")
- assert f.md5sum == "edb80f9889245e2f31b3d6ab33684b1a"
-
-
-@pytest.mark.parametrize("tsm_file", [
- "dsm.sys",
- "dsm.opt"
-])
-def test_configure_tsmclient(host):
- f = host.file(f"/opt/tivoli/tsm/client/ba/bin/{tsm_file}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- s = host.service("dsmcad")
- assert s.is_running
- assert s.is_enabled
-
-
-@pytest.mark.parametrize("check_mk_plugin", [
- "checkmk_dsmcad.sh",
- "check_oracle_db_segment_size.sh",
- "mk_inventory",
- "mk_logwatch",
- "mk_oracle"
-])
-def test_install_checkmk_plugins(host):
- f = host.file(f"/usr/lib/check_mk_agent/plugins/{check_mk_plugin}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o750
-
-
-def test_install_packages(host):
- print(f"RELEASE: '{host.systeminfo.release}'")
- print(f"CODENAME: '{host.systeminfo.codename}'")
- if host.systeminfo.release == "6":
- from parameter_files import redhat_6_packages
- else:
- from parameter_files import redhat_7_packages
- pkg = host.package(name)
- assert pkg.is_installed
- assert pkg.version.startswith(version)
-
-
-@pytest.mark.parametrize("sql_scripts", [
- "create_user_dbsnmp.sql",
- "create_user_nagios.sql",
- "qry_workers_conf.sql"
-])
-def test_install_sql_scripts(host):
- d = host.file("/home/oracle/sql-scripts")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o644
- f = host.file(f"/home/oracle/sql-scripts/{sql_scripts}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o644
diff --git a/molecule/oracle/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst
similarity index 84%
rename from molecule/oracle/INSTALL.rst
rename to molecule/resources/playbooks/INSTALL.rst
index 4f44b67..0c4bf5c 100644
--- a/molecule/oracle/INSTALL.rst
+++ b/molecule/resources/playbooks/INSTALL.rst
@@ -1,6 +1,6 @@
-*******
+*********************************
Vagrant driver installation guide
-*******
+*********************************
Requirements
============
@@ -20,4 +20,4 @@ widely recommended `'--user' flag`_ when invoking ``pip``.
.. code-block:: bash
- $ pip install 'molecule[vagrant]'
+ $ pip install 'molecule_vagrant'
diff --git a/molecule/resources/playbooks/README.md b/molecule/resources/playbooks/README.md
new file mode 100644
index 0000000..0c91883
--- /dev/null
+++ b/molecule/resources/playbooks/README.md
@@ -0,0 +1,3 @@
+This drectory contains shared playbooks and a shared Dockerfile.
+
+Visit https://molecule.readthedocs.io/en/latest/examples.html#sharing-across-scenarios for details on sharing playbooks, tests etc. across multiple scenarios.
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
new file mode 100644
index 0000000..1aca873
--- /dev/null
+++ b/molecule/resources/playbooks/converge.yml
@@ -0,0 +1,17 @@
+---
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: update apt cache
+ ansible.builtin.apt:
+ update_cache: true
+ upgrade: dist
+ become: true
+ when: ansible_os_family == "Debian"
+ - name: update yum cache
+ ansible.builtin.yum:
+ update_cache: true
+ become: true
+ when: ansible_os_family == "RedHat"
+ roles:
+ - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/resources/playbooks/prepare.yml b/molecule/resources/playbooks/prepare.yml
new file mode 100644
index 0000000..37d1289
--- /dev/null
+++ b/molecule/resources/playbooks/prepare.yml
@@ -0,0 +1,70 @@
+---
+- name: Prepare
+ hosts: "*"
+ pre_tasks:
+ - name: configure additional package repositories for Debian
+ block:
+ - name: install GPG
+ ansible.builtin.apt:
+ name: "gnupg"
+ state: latest
+ update_cache: true
+ become: true
+ - name: add GPG key for SLUB Debian repository
+ ansible.builtin.apt_key:
+ url: "https://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key"
+ state: present
+ become: true
+ - name: add repo URL to sources.list
+ ansible.builtin.apt_repository:
+ repo: "deb https://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main"
+ state: present
+ update_cache: true
+ mode: "0644"
+ become: true
+ when: ansible_os_family == "Debian"
+
+ - name: configure additional package repositories for RedHat
+ block:
+ - name: add custom repositories
+ ansible.builtin.yum_repository:
+ name: "{{ item.name }}"
+ description: "{{ item.description }}"
+ baseurl: "{{ item.baseurl }}"
+ gpgcheck: "{{ item.gpgcheck | default('true') }}"
+ gpgkey: "{{ item.gpgkey | default(omit) }}"
+ loop:
+ - name: "epel"
+ description: EPEL YUM repo
+ baseurl: "https://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/x86_64/"
+ gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
+ - name: "slub"
+ description: SLUB YUM repo
+ baseurl: "http://sdvrhelrepo.slub-dresden.de/"
+ gpgcheck: "false"
+ become: true
+ - name: remove legacy repo configuration to avoid double configuration for SLUB repo
+ ansible.builtin.file:
+ path: "/etc/yum.repos.d/SLUB.repo"
+ state: absent
+ become: true
+ when: ansible_os_family == "RedHat"
+ - name: create sudo group, because we ignore RHEL's wheel group
+ ansible.builtin.group:
+ name: "sudo"
+ system: true
+ become: true
+ - name: get DFN certificate chain
+ ansible.builtin.get_url:
+ url: "https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/chain.txt"
+ dest: "/etc/pki/ca-trust/source/anchors/dfn-ca-global-g2.pem"
+ mode: "0644"
+ become: true
+ register: pki
+ - name: update CA trust anchors
+ ansible.builtin.command: "update-ca-trust"
+ become: true
+ when: pki.failed is false
+
+ roles:
+ - { role: "ansible_lza_install_common", become: true }
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
new file mode 100644
index 0000000..e707420
--- /dev/null
+++ b/molecule/resources/playbooks/verify.yml
@@ -0,0 +1,10 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+ hosts: all
+ gather_facts: false
+ tasks:
+ - name: Example assertion
+ ansible.builtin.assert:
+ that: true
diff --git a/molecule/rosetta/INSTALL.rst b/molecule/rosetta/INSTALL.rst
deleted file mode 100644
index 4f44b67..0000000
--- a/molecule/rosetta/INSTALL.rst
+++ /dev/null
@@ -1,23 +0,0 @@
-*******
-Vagrant driver installation guide
-*******
-
-Requirements
-============
-
-* Vagrant
-* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
-
-Install
-=======
-
-Please refer to the `Virtual environment`_ documentation for installation best
-practices. If not using a virtual environment, please consider passing the
-widely recommended `'--user' flag`_ when invoking ``pip``.
-
-.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
-.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
-
-.. code-block:: bash
-
- $ pip install 'molecule[vagrant]'
diff --git a/molecule/rosetta/converge.yml b/molecule/rosetta/converge.yml
deleted file mode 100644
index e741840..0000000
--- a/molecule/rosetta/converge.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Converge
- hosts: all
- roles:
- - {role: "ansible_lza_rosetta_app", become: true}
diff --git a/molecule/rosetta/molecule.yml b/molecule/rosetta/molecule.yml
deleted file mode 100644
index 117cfc8..0000000
--- a/molecule/rosetta/molecule.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-dependency:
- name: galaxy
-driver:
- name: vagrant
- provider:
- name: virtualbox
-lint: |
- set -e
- yamllint .
- ansible-lint -x formatting
- flake8 --ignore=E501
-platforms:
- - name: molecule-rosappmol
- box: centos/7
- memory: 512
- cpus: 1
-provisioner:
- name: ansible
- log: true
- config_options:
- defaults:
- vault_identity_list: "@$HOME/.ansible/roles/molecule_prepare.pass, @$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/lza_server_hardening.pass, @$HOME/.ansible/roles/lza_rosetta_app.pass"
- lint: |
- set -e
- ansible-lint
- vvv: false
-verifier:
- name: testinfra
- env:
- PYTHONWARNINGS: "ignore:.*U.*mode is deprecated:DeprecationWarning"
- lint: |
- set -e
- flake8
- options:
- v: 1
diff --git a/molecule/rosetta/prepare.yml b/molecule/rosetta/prepare.yml
deleted file mode 100644
index 8f86242..0000000
--- a/molecule/rosetta/prepare.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-- name: Prepare
- hosts: all
- gather_facts: true
- pre_tasks:
- - name: include vars
- include_vars: "../../../ansible_vaults/molecule_prepare/{{ item }}"
- loop:
- - "prepare.vault"
- - name: Install python for Ansible
- raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python2-dnf python3-dnf)
- become: true
- changed_when: false
- - name: Install DNF Python packages
- raw: yum install -y python2-dnf python3-dnf
- become: true
- changed_when: false
- - name: create users (as deployed in production)
- user:
- name: "{{ item.name }}"
- uid: "{{ item.uid }}"
- create_home: "yes"
- shell: "/bin/bash"
- loop: "{{ vault_molecule_users | flatten(levels=1) }}"
- become: true
- - name: Install required packages
- yum:
- name: [
- 'gpg',
- 'less',
- 'libuser'
- ]
- state: present
- become: true
- roles:
- - {role: ansible_lza_install_common, become: true}
- - {role: ansible_lza_server_hardening, become: true}
diff --git a/molecule/rosetta/tests/conftest.py b/molecule/rosetta/tests/conftest.py
deleted file mode 100644
index ba0f1e8..0000000
--- a/molecule/rosetta/tests/conftest.py
+++ /dev/null
@@ -1,20 +0,0 @@
-"""PyTest Fixtures."""
-from __future__ import absolute_import
-import os
-import pytest
-
-
-def pytest_runtest_setup(item):
- """Run tests only when under molecule with testinfra installed."""
- try:
- import testinfra
- except ImportError:
- pytest.skip("Test requires testinfra", allow_module_level=True)
- if "MOLECULE_INVENTORY_FILE" in os.environ:
- pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
- os.environ["MOLECULE_INVENTORY_FILE"]
- ).get_hosts("all")
- else:
- pytest.skip(
- "Test should run only from inside molecule.", allow_module_level=True
- )
diff --git a/molecule/rosetta/tests/parameter_files/__init__.py b/molecule/rosetta/tests/parameter_files/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/molecule/rosetta/tests/parameter_files/redhat_6_packages.py b/molecule/rosetta/tests/parameter_files/redhat_6_packages.py
deleted file mode 100644
index fefe07e..0000000
--- a/molecule/rosetta/tests/parameter_files/redhat_6_packages.py
+++ /dev/null
@@ -1,120 +0,0 @@
-
-
-@pytest.mark.parametrize("redhat_6_packages", [
- "avahi.x86_64"
- "avahi-glib.x86_64"
- "binutils.x86_64"
- "bzip2-libs.i686"
- "celt051.x86_64"
- "cloog-ppl.x86_64"
- "compat-db.x86_64"
- "compat-db42.x86_64"
- "compat-db43.x86_64"
- "compat-expat1.i686"
- "compat-expat1.x86_64"
- "compat-gcc-34.x86_64"
- "compat-gcc-34-c++.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "compat-readline5.i686"
- "ConsoleKit-x11.x86_64"
- "cpp.x86_64"
- "e2fsprogs-libs.i686"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "gcc.x86_64"
- "gcc-c++.x86_64"
- "gdbm.i686"
- "GConf2.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "keyutils-libs.i686"
- "krb5-libs.i686"
- "ksh.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libaio.i686"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgcc.i686"
- "libgcrypt.i686"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libgpg-error.i686"
- "libICE.i686"
- "libIDL.x86_64"
- "libmcpp.x86_64"
- "libselinux.i686"
- "libsepol.i686"
- "libSM.i686"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libXau.i686"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libxml2.i686"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libxslt.i686"
- "libXt.i686"
- "libXt.x86_64"
- "libXtst.i686"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mcpp.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "nss-softokn-freebl.i686"
- "ompat-expat1.i686"
- "ORBit2.x86_64"
- "pcre.i686"
- "ppl.x86_64"
- "readline.i686"
- "readline-devel.x86_64"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/rosetta/tests/parameter_files/redhat_7_packages.py b/molecule/rosetta/tests/parameter_files/redhat_7_packages.py
deleted file mode 100644
index 16d3337..0000000
--- a/molecule/rosetta/tests/parameter_files/redhat_7_packages.py
+++ /dev/null
@@ -1,105 +0,0 @@
-@pytest.mark.parametrize("redhat_7_packages", [
- "avahi-glib.x86_64"
- "avahi.x86_64"
- "binutils.x86_64"
- "celt051.x86_64"
- "compat-db.x86_64"
- "compat-gcc-44-c++.x86_64"
- "compat-gcc-44.x86_64"
- "compat-glibc-headers.x86_64"
- "compat-libcap1-1.10-7.el7.x86_64"
- "compat-libstdc++-33.i686"
- "compat-libstdc++-33.x86_64"
- "cpp.x86_64"
- "dos2unix.x86_64"
- "elfutils-libelf-devel.x86_64"
- "expat.i686"
- "expat.x86_64"
- "fontconfig.i686"
- "fontconfig.x86_64"
- "freetype.x86_64"
- "gcc-c++.x86_64"
- "gcc.x86_64"
- "GConf2.x86_64"
- "gdbm.i686"
- "giflib.x86_64"
- "glibc-common.x86_64"
- "glibc-devel.i686"
- "glibc-devel.x86_64"
- "glibc-headers.x86_64"
- "glibc.i686"
- "glibc.x86_64"
- "gmp.i686"
- "gnome-vfs2.x86_64"
- "gtk2-engines.x86_64"
- "kernel-headers.x86_64"
- "ksh.x86_64"
- "libaio-devel.i686"
- "libaio-devel.x86_64"
- "libaio.i686"
- "libaio.x86_64"
- "libbonobo.x86_64"
- "libdaemon.x86_64"
- "libdmx.x86_64"
- "libgcc.i686"
- "libgcc.x86_64"
- "libgnome.x86_64"
- "libgomp.x86_64"
- "libICE.i686"
- "libICE.x86_64"
- "libicu-devel.i686"
- "libIDL.x86_64"
- "libidn.i686"
- "libjpeg-turbo.x86_64"
- "libSM.i686"
- "libSM.x86_64"
- "libstdc++-devel.i686"
- "libstdc++-devel.x86_64"
- "libstdc++.i686"
- "libstdc++.x86_64"
- "libtool-ltdl.i686"
- "libtool-ltdl.x86_64"
- "libuuid.i686"
- "libuuid.x86_64"
- "libX11.i686"
- "libX11.x86_64"
- "libXau.i686"
- "libXau.x86_64"
- "libxcb.i686"
- "libxcb.x86_64"
- "libXext.i686"
- "libXi.i686"
- "libXi.x86_64"
- "libXmu.x86_64"
- "libXp.x86_64"
- "libXt.i686"
- "libXtst.i686"
- "libXtst.x86_64"
- "libXt.x86_64"
- "libXv.x86_64"
- "libXxf86dga.x86_64"
- "libXxf86misc.x86_64"
- "libXxf86vm.x86_64"
- "make.x86_64"
- "mpfr.x86_64"
- "ncurses-devel.x86_64"
- "ncurses-libs.i686"
- "nss-softokn-freebl.i686"
- "ORBit2.x86_64"
- "readline-devel.x86_64"
- "readline.i686"
- "shared-mime-info.x86_64"
- "sysstat.x86_64"
- "unixODBC-devel.i686"
- "unixODBC-devel.x86_64"
- "unixODBC.i686"
- "unixODBC.x86_64"
- "xorg-x11-server-utils.x86_64"
- "xorg-x11-utils.x86_64"
- "xorg-x11-xauth.x86_64"
- "xorg-x11-xinit.x86_64"
- "xz-libs.i686"
- "zlib-devel.i686"
- "zlib.i686"
- "zlib.x86_64"
-])
diff --git a/molecule/rosetta/tests/test_default.py b/molecule/rosetta/tests/test_default.py
deleted file mode 100644
index 6df0ae3..0000000
--- a/molecule/rosetta/tests/test_default.py
+++ /dev/null
@@ -1,119 +0,0 @@
-# https://docs.pytest.org/en/latest/parametrize.html#pytest-mark-parametrize-parametrizing-test-functions
-
-
-@pytest.mark.parametrize("name,version", [
- ("python", "2.7"),
-])
-def test_configure_yum_repositories(host):
- print("not implemented")
-
-
-def test_configure_iptables_qos(host):
- ipt_pre = host.iptables.rules("mangle", "PREROUTING")
- print(ipt_pre)
- ipt_post = host.iptables.rules("mangle", "POSTROUTING")
- print(ipt_post)
-
-
-@pytest.mark.parametrize("mountpoint", [
- {'path': "/exlibris", 'device': ""},
- {'path': "/operational_shared", 'device': ""},
- {'path': "/operational_storage", 'device': ""},
- {'path': "/permanent_storage", 'device': ""}
-])
-def test_configure_nfs_mounts(host):
- mount = host.mount_point(mountpoint)
- assert mount.exists
- assert mount.device == mount(device)
- assert mount.filesystem == "nfs"
-
-
-@pytest.mark.parametrize("rman_file", [
- "/home/oracle/expdump_dps3.sh",
- "/home/oracle/impdump_dps3.sh",
- "/home/oracle/rman_backup.cmd",
- "/home/oracle/trigger_oracle_backup_storage_lvl.sh",
- "/home/oracle/tsm_error_mail.sh",
- "/home/oracle/rman_dps3_fullbackup.sh"
-])
-def test_configure_rman_backup(host):
- d = host.file("/var/log/oracle")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o750
- f = host.file(f"/home/oracle/{rman_file}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o755
-
-
-def test_configure_selinux(host):
- f = host.file("/etc/selinux/config")
- assert f.exists
- assert f.if_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- assert f.contains("SELINUX=permissive")
- assert f.contains("SELINUXTYPE=targeted")
- assert f.md5sum == "edb80f9889245e2f31b3d6ab33684b1a"
-
-
-@pytest.mark.parametrize("tsm_file", [
- "dsm.sys",
- "dsm.opt"
-])
-def test_configure_tsmclient(host):
- f = host.file(f"/opt/tivoli/tsm/client/ba/bin/{tsm_file}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o644
- s = host.service("dsmcad")
- assert s.is_running
- assert s.is_enabled
-
-
-@pytest.mark.parametrize("check_mk_plugin", [
- "checkmk_dsmcad.sh",
- "check_oracle_db_segment_size.sh",
- "mk_inventory",
- "mk_logwatch",
- "mk_oracle"
-])
-def test_install_checkmk_plugins(host):
- f = host.file(f"/usr/lib/check_mk_agent/plugins/{check_mk_plugin}")
- assert f.exists
- assert f.is_file
- assert f.user == "root"
- assert f.group == "root"
- assert f.mode == 0o750
-
-
-def test_install_packages(host):
- print(f"RELEASE: '{host.systeminfo.release}'")
- print(f"CODENAME: '{host.systeminfo.codename}'")
- if host.systeminfo.release == "6":
- from parameter_files import redhat_6_packages
- else:
- from parameter_files import redhat_7_packages
- pkg = host.package(name)
- assert pkg.is_installed
- assert pkg.version.startswith(version)
-
-
-@pytest.mark.parametrize("sql_scripts", [
- "create_user_dbsnmp.sql",
- "create_user_nagios.sql",
- "qry_workers_conf.sql"
-])
-def test_install_sql_scripts(host):
- d = host.file("/home/oracle/sql-scripts")
- assert d.exists
- assert d.is_directory
- assert d.mode == 0o644
- f = host.file(f"/home/oracle/sql-scripts/{sql_scripts}")
- assert f.exists
- assert f.is_file
- assert f.mode == 0o644
diff --git a/molecule/virtualbox_centos7/molecule.yml b/molecule/virtualbox_centos7/molecule.yml
new file mode 100644
index 0000000..d1b7f16
--- /dev/null
+++ b/molecule/virtualbox_centos7/molecule.yml
@@ -0,0 +1,55 @@
+---
+dependency:
+ name: galaxy
+ enabled: false
+driver:
+ name: vagrant
+lint: |
+ set -e
+ yamllint .
+ ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
+platforms:
+ # Check out the documentation at
+ # https://github.com/ansible-community/molecule-vagrant#documentation
+ # for more platform parameters.
+ - name: vm-rosapp-mol
+ # box: rockylinux/8
+ box: centos/7
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+ - name: vm-rosora-mol
+ # box: rockylinux/8
+ box: centos/7
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+ # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+ vault_identity_list: "../lza_install_common.pass, ../lza_rosetta_app.pass"
+ vvv: false
+ playbooks:
+ # create: ../resources/playbooks/create.yml
+ # destroy: ../resources/playbooks/destroy.yml
+ converge: ../resources/playbooks/converge.yml
+ prepare: ../resources/playbooks/prepare.yml
+ verify: ../resources/playbooks/verify.yml
+verifier:
+ name: ansible
diff --git a/molecule/virtualbox_rocky8/molecule.yml b/molecule/virtualbox_rocky8/molecule.yml
new file mode 100644
index 0000000..e7db0dd
--- /dev/null
+++ b/molecule/virtualbox_rocky8/molecule.yml
@@ -0,0 +1,53 @@
+---
+dependency:
+ name: galaxy
+ enabled: false
+driver:
+ name: vagrant
+lint: |
+ set -e
+ yamllint .
+ ansible-lint -x no-loop-var-prefix,command-instead-of-module,package-latest
+platforms:
+ # Check out the documentation at
+ # https://github.com/ansible-community/molecule-vagrant#documentation
+ # for more platform parameters.
+ - name: vm-rosapp-mol
+ box: rockylinux/8
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+ - name: vm-rosora-mol
+ box: rockylinux/8
+ memory: 1024
+ # List of raw Vagrant `config` options.
+ # provider_raw_config_args:
+ # - "customize [ 'modifyvm', :id, '--natdnshostresolver1', 'on' ]"
+ # Dictionary of `config` options.
+ config_options:
+ ssh.keep_alive: true
+ ssh.remote_user: "'lza'"
+ disksize.size: '20GB'
+provisioner:
+ name: ansible
+ log: true
+ config_options:
+ defaults:
+ # https://stackoverflow.com/questions/57435811/ansible-molecule-pass-multiple-vault-ids
+ # vault_identity_list: "@$HOME/.ansible/roles/lza_install_common.pass, @$HOME/.ansible/roles/passfile_1.pass"
+ vault_identity_list: "../lza_install_common.pass, ../lza_rosetta_app.pass"
+ vvv: false
+ playbooks:
+ # create: ../resources/playbooks/create.yml
+ # destroy: ../resources/playbooks/destroy.yml
+ converge: ../resources/playbooks/converge.yml
+ prepare: ../resources/playbooks/prepare.yml
+ verify: ../resources/playbooks/verify.yml
+verifier:
+ name: ansible
diff --git a/requirements.yml b/requirements.yml
deleted file mode 100644
index 1c25f02..0000000
--- a/requirements.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file
-- src: git+https://git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git
- scm: git
-- src: git+https://git.slub-dresden.de/digital-preservation/ansible_lza_install_common.git
- scm: git
-- src: git+https://git.slub-dresden.de/digital-preservation/ansible_lza_server_hardening.git
- scm: git
-#- src: git+
-# scm: git
diff --git a/requirements.yml.example b/requirements.yml.example
new file mode 100644
index 0000000..97bfe9c
--- /dev/null
+++ b/requirements.yml.example
@@ -0,0 +1,4 @@
+---
+# https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-multiple-roles-from-a-file
+- src: git+https://git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git
+ scm: git
diff --git a/site.yml b/site.yml
index cc43737..eb9ceb4 100644
--- a/site.yml
+++ b/site.yml
@@ -25,6 +25,6 @@
force_handlers: true
roles:
- # - { role: ansible_lza_install_common, become: true }
- # - { role: ansible_lza_server_hardening, become: true }
+# - { role: ansible_lza_install_common, become: true }
+# - { role: ansible_lza_server_hardening, become: true }
- { role: ansible_lza_rosetta_app, become: true }
diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index 5162911..acab8b4 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_general|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_general | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/configure_kdump.yml b/tasks/configure_kdump.yml
index ccacf90..0444834 100644
--- a/tasks/configure_kdump.yml
+++ b/tasks/configure_kdump.yml
@@ -7,7 +7,13 @@
# of the crash. Kernel core dumps may consume a considerable amount of disk
# space and may result in denial of service by exhausting the available space
# on the target file system partition."
+- name: find out if kdump.service exists
+ ansible.builtin.command: "systemctl list-unit-files kdump.service"
+ register: kdump
+ changed_when: false
+
- name: disable kdump as per DoD STIG V-72057
- systemd:
+ ansible.builtin.systemd:
name: "kdump.service"
enabled: false
+ when: '"kdump.service" in kdump.stdout'
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index b36364d..278fd1f 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -1,34 +1,36 @@
---
-#- name: DEBUG
-# debug:
-# msg: "{{ item.1 }}"
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: DEBUG
+# ansible.builtin.debug:
+# msg: "{{ item.1 }}"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
# Logic shamelessly stolen from https://stackoverflow.com/a/56086694
# Use Notepad++ with JSON viewer to better understand the logic here.
-#- name: create mount points (separately, because shares cannot be mounted when servers use temporary setuip IPs)
-# file:
-# path: "{{ item.1.path }}"
-# state: directory
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: create mount points (separately, because shares cannot be mounted when servers use temporary setup IPs)
+# ansible.builtin.file:
+# path: "{{ item.1.path }}"
+# state: directory
+# mode: "0755"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
-#- name: create temporary mount points for shares from source RHEL 6 servers below /mnt/
-# file:
-# path: "/mnt/LEGACY{{ item.1.path }}"
-# state: directory
-# loop: "{{ volumes | subelements('shares') }}"
-# loop_control:
-# label: "{{ item.0 }}"
-# when: ansible_hostname in item.0.hosts
+# - name: create temporary mount points for shares from source RHEL 6 servers below /mnt/
+# ansible.builtin.file:
+# path: "/mnt/LEGACY{{ item.1.path }}"
+# state: directory
+# mode: "0755"
+# loop: "{{ volumes | subelements('shares') }}"
+# loop_control:
+# label: "{{ item.0 }}"
+# when: ansible_hostname in item.0.hosts
- name: create mount points and mount shares for Rosetta & DB
- mount:
+ ansible.posix.mount:
fstype: "{{ item.1.fstype | default('nfs') }}"
opts: "{{ item.1.mount_opts | default('auto,nfsvers=4,minorversion=0') }}"
src: "{{ item.1.src }}"
@@ -39,38 +41,38 @@
label: "{{ item.0 }}"
when: ansible_hostname in item.0.hosts
-#- name: create mount points and mount shares for Rosetta DEV
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.dev }}"
-# when: ansible_hostname == "sdvlzarosappdev"
+# - name: create mount points and mount shares for Rosetta DEV
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop: "{{ volumes.dev | dict2items }}"
+# when: ansible_hostname == "sdvlzarosappdev"
#
-#- name: create mount points and mount shares for Rosetta TEST
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.test }}"
-# when: ansible_hostname == "sdvrosetta-test"
+# - name: create mount points and mount shares for Rosetta TEST
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop: "{{ volumes.test | dict2items }}"
+# when: ansible_hostname == "sdvrosetta-test"
#
-#- name: create mount points and mount shares for Rosetta PROD
-# mount:
-# fstype: "{{ item.value.fstype | default('nfs') }}"
-# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
-# src: "{{ item.value.src }}"
-# path: "{{ item.value.path }}"
-# state: "{{ item.value.state | default('mounted') }}"
-# with_dict: "{{ volumes.prod }}"
-# when: ansible_hostname in "sdvlzarosappprod0"
+# - name: create mount points and mount shares for Rosetta PROD
+# ansible.posix.mount:
+# fstype: "{{ item.value.fstype | default('nfs') }}"
+# opts: "{{ item.value.mount_opts | default('auto,nfsvers=4') }}"
+# src: "{{ item.value.src }}"
+# path: "{{ item.value.path }}"
+# state: "{{ item.value.state | default('mounted') }}"
+# loop:: "{{ volumes.prod | dict2items }}"
+# when: ansible_hostname in "sdvlzarosappprod0"
#
- name: find /mnt/sdvlzasubapp*_access directories
- find:
+ ansible.builtin.find:
paths: "/mnt/"
patterns: '^.*_access'
use_regex: true
@@ -78,31 +80,31 @@
register: access_dirs
- name: find /mnt/sdvlzasubapp*_ingest directories
- find:
+ ansible.builtin.find:
paths: "/mnt/"
patterns: '^.*_ingest'
use_regex: true
file_type: directory
register: ingest_dirs
-# - debug:
+# - ansible.builtin.debug:
# var: access_dirs
-# - debug:
+# - ansible.builtin.debug:
# var: ingest_dirs
- name: set correct permissions/owner/group for Access shares
- file:
+ ansible.builtin.file:
path: "{{ item.path }}"
group: "{{ nfs_access_group }}"
mode: "0770"
state: directory
- with_items: "{{ access_dirs.files }}"
+ loop: "{{ access_dirs.files }}"
- name: set correct permissions/owner/group for ingest shares
- file:
+ ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ nfs_ingest_owner }}"
group: "{{ nfs_ingest_group }}"
mode: "0770"
- with_items: "{{ ingest_dirs.files }}"
+ loop: "{{ ingest_dirs.files }}"
diff --git a/tasks/configure_sanitytest.yml b/tasks/configure_sanitytest.yml
index 532b293..c919bac 100644
--- a/tasks/configure_sanitytest.yml
+++ b/tasks/configure_sanitytest.yml
@@ -4,4 +4,3 @@
comment: "{{ vault_sanitytest_user.comment }}"
key: "{{ vault_sanitytest_user.sshkey }}"
user: "{{ vault_sanitytest_user.name }}"
-
diff --git a/tasks/configure_selinux.yml b/tasks/configure_selinux.yml
index 2fc61b4..e18d08b 100644
--- a/tasks/configure_selinux.yml
+++ b/tasks/configure_selinux.yml
@@ -1,6 +1,6 @@
---
- name: set SElinux level
- copy:
+ ansible.builtin.copy:
src: "etc/selinux/config"
dest: "/etc/selinux/config"
owner: "root"
diff --git a/tasks/create_users.yml b/tasks/create_users.yml
index eda152f..574fac4 100644
--- a/tasks/create_users.yml
+++ b/tasks/create_users.yml
@@ -1,13 +1,13 @@
---
- name: create Rosetta groups
- group:
+ ansible.builtin.group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
state: "{{ item.state | default('present') }}"
loop: "{{ vault_groups }}"
- name: create Rosetta users
- user:
+ ansible.builtin.user:
name: "{{ item.user }}"
comment: "{{ item.comment | default(omit) }}"
uid: "{{ item.uid }}"
@@ -20,3 +20,4 @@
shell: "{{ item.shell | default('/bin/bash') }}"
state: "{{ item.state | default('present') }}"
loop: "{{ vault_users }}"
+ no_log: true
diff --git a/tasks/install_checkmk_plugins.yml b/tasks/install_checkmk_plugins.yml
index 8d964eb..f250373 100644
--- a/tasks/install_checkmk_plugins.yml
+++ b/tasks/install_checkmk_plugins.yml
@@ -1,6 +1,6 @@
---
- name: delete legacy Check_MK plugins
- file:
+ ansible.builtin.file:
path: "/usr/lib/check_mk_agent/plugins/{{ item }}"
state: absent
loop:
@@ -8,7 +8,7 @@
- "mk_logwatch"
- name: install self-developed Check_MK plugins
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "root"
@@ -19,7 +19,7 @@
# get vendor plugins straight from monitoring server to make sure we get the latest version
- name: install vendor Check_MK plugins
- get_url:
+ ansible.builtin.get_url:
url: "https://cmk.slub-dresden.de/slubmon/check_mk/agents/plugins/{{ item }}"
dest: "/usr/lib/check_mk_agent/plugins/"
owner: "root"
@@ -30,7 +30,7 @@
- "mk_logwatch.py"
- name: configure logwatch for IBMSP backup
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/logwatch.cfg"
state: present
marker: "# {mark} ANSIBLE MANAGED BLOCK - TSM backup"
@@ -52,11 +52,11 @@
C ANS1071E
- name: run Rosetta-specific CheckMK tasks
- import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
+ ansible.builtin.import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
when: ( ansible_hostname is search("rosapp") ) or
( ansible_hostname is search("rosetta-") )
- name: run Oracle-specific CheckMK tasks
- import_tasks: "oracle/install_checkmk_plugins_oracle.yml"
+ ansible.builtin.import_tasks: "oracle/install_checkmk_plugins_oracle.yml"
when: ( ansible_hostname is search("rosora") ) or
( ansible_hostname is search("rosettaora") )
diff --git a/tasks/install_packages.yml b/tasks/install_packages.yml
index 0fabfd2..c04a754 100644
--- a/tasks/install_packages.yml
+++ b/tasks/install_packages.yml
@@ -1,10 +1,10 @@
---
- name: include vars redhat_7_packages
- include_vars: redhat_7_packages.yml
+ ansible.builtin.include_vars: redhat_7_packages.yml
when: ( ansible_os_family == 'RedHat' ) and
( ansible_distribution_major_version == "7" )
- name: install packages required by ExLibris
- yum:
+ ansible.builtin.yum:
name: "{{ redhat_packages }}"
state: present
diff --git a/tasks/main.yml b/tasks/main.yml
index 9633470..b532c0a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: include Ansible Vaults
- include_vars: "{{ role_path }}/../ansible_vaults/{{ role_name }}/{{ item }}"
+ ansible.builtin.include_vars: "{{ role_path }}/../ansible_vaults/{{ role_name }}/{{ item }}"
loop:
- "dsm.vault"
- "iptables.vault"
@@ -12,39 +12,39 @@
### COMMON TASKS
-- import_tasks: install_packages.yml
+- ansible.builtin.import_tasks: "install_packages.yml"
tags: [yum, packages]
-- import_tasks: create_users.yml
+- ansible.builtin.import_tasks: "create_users.yml"
tags: [users]
-- import_tasks: "configure_sanitytest.yml"
+- ansible.builtin.import_tasks: "configure_sanitytest.yml"
tags: [users, sanitytest]
- name: find out if Rosetta is running, to make sure NFS tasks are only executed if Rosetta is OFF
- shell: 'ps -ef | grep -v "grep" | grep "DAPP_ROLE"'
+ ansible.builtin.shell: |
+ set -o pipefail
+ ps -ef | grep -v "grep" | grep "DAPP_ROLE"
register: rosetta_status
+ changed_when: false
failed_when: false
tags: [mount, nfs]
-- import_tasks: "configure_nfs_mounts.yml"
+- ansible.builtin.import_tasks: "configure_nfs_mounts.yml"
# when: ansible_facts.services['exlibris'].state != "running"
when: rosetta_status.rc != 0
tags: [mount, nfs]
-- import_tasks: install_checkmk_plugins.yml
+- ansible.builtin.import_tasks: "install_checkmk_plugins.yml"
tags: [checkmk, monitoring]
-- import_tasks: configure_iptables.yml
+- ansible.builtin.import_tasks: "configure_iptables.yml"
tags: [iptables]
-- import_tasks: configure_selinux.yml
+- ansible.builtin.import_tasks: "configure_selinux.yml"
tags: [selinux]
-- import_tasks: "configure_kdump.yml"
+- ansible.builtin.import_tasks: "configure_kdump.yml"
tags: [security, kdump]
### ROSETTA TASKS
-- debug:
- var: ansible_hostname
-
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html#tag-inheritance-adding-tags-to-multiple-tasks
-- include_tasks: rosetta/main_rosetta.yml
+- ansible.builtin.include_tasks: "rosetta/main_rosetta.yml"
when:
- ( ansible_hostname is search("rosapp") ) or
( ansible_hostname is search("rosetta-test") )
@@ -52,7 +52,7 @@
### ORACLE TASKS
# https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html#tag-inheritance-adding-tags-to-multiple-tasks
-- include_tasks: oracle/main_oracle.yml
+- ansible.builtin.include_tasks: "oracle/main_oracle.yml"
when:
- ( ansible_hostname is search("rosora") ) or
( ansible_hostname is search("rosettaora") )
diff --git a/tasks/oracle/configure_iptables_oracle.yml b/tasks/oracle/configure_iptables_oracle.yml
index 34b6ebf..2572aa5 100644
--- a/tasks/oracle/configure_iptables_oracle.yml
+++ b/tasks/oracle/configure_iptables_oracle.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_oracle|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_oracle | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/oracle/configure_logrotate.yml b/tasks/oracle/configure_logrotate.yml
index f43f367..d9928a3 100644
--- a/tasks/oracle/configure_logrotate.yml
+++ b/tasks/oracle/configure_logrotate.yml
@@ -1,6 +1,6 @@
---
- name: configure logrotate for Oracle DB
- template:
+ ansible.builtin.template:
src: "etc/logrotate.d/oracle.j2"
dest: "/etc/logrotate.d/oracle"
owner: "root"
diff --git a/tasks/oracle/configure_rman_backup.yml b/tasks/oracle/configure_rman_backup.yml
index 81219b2..f1e5c81 100644
--- a/tasks/oracle/configure_rman_backup.yml
+++ b/tasks/oracle/configure_rman_backup.yml
@@ -1,6 +1,6 @@
---
- name: create rman log directory
- file:
+ ansible.builtin.file:
path: "/var/log/backup/{{ vault_oracle_user }}/"
owner: "{{ vault_oracle_user }}"
group: "{{ vault_oracle_group }}"
@@ -8,7 +8,7 @@
state: directory
- name: install the other backup scripts from files
- copy:
+ ansible.builtin.copy:
src: "home/{{ vault_oracle_user }}/{{ item }}"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
owner: "{{ vault_oracle_user }}"
@@ -21,7 +21,7 @@
- "trigger_oracle_backup_storage_lvl.sh"
- name: install the other backup scripts from templates
- template:
+ ansible.builtin.template:
src: "home/{{ vault_oracle_user }}/{{ item }}.j2"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
owner: "{{ vault_oracle_user }}"
@@ -31,7 +31,7 @@
- "tsm_error_mail.sh"
- name: install RMAN backup script
- template:
+ ansible.builtin.template:
src: "rman_dps3_fullbackup.sh.j2"
dest: "/home/{{ vault_oracle_user }}/rman_dps3_fullbackup.sh"
owner: "{{ vault_oracle_user }}"
diff --git a/tasks/oracle/configure_system_limits.yml b/tasks/oracle/configure_system_limits.yml
index e029914..da7ceb0 100644
--- a/tasks/oracle/configure_system_limits.yml
+++ b/tasks/oracle/configure_system_limits.yml
@@ -3,12 +3,12 @@
# Cannot open connection [Rosetta 6.3.0.0]"
- name: set PAM Limits (man 5 limits.conf)
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/security/limits.d/exlibris.conf"
create: true
owner: "root"
group: "root"
- mode: 0644
+ mode: "0644"
block: |
# for Exlibris users
@exlibris soft nofile 65000
@@ -26,12 +26,12 @@
notify: activate kernel parameter changes
- name: set Kernel parameters (man 5 sysctl.conf)
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/sysctl.conf"
marker: "# {mark} ANSIBLE MANAGED BLOCK - ORACLE"
owner: "root"
group: "root"
- mode: 0644
+ mode: "0644"
block: |
# Exlibris Parameters as set by ExL support/installteam
kernel.sem = 250 32000 100 128
diff --git a/tasks/oracle/configure_tsmclient.yml b/tasks/oracle/configure_tsmclient.yml
index 5a684b8..24792d9 100644
--- a/tasks/oracle/configure_tsmclient.yml
+++ b/tasks/oracle/configure_tsmclient.yml
@@ -1,6 +1,6 @@
---
- name: create dsmcad config directory
- file:
+ ansible.builtin.file:
path: "/{{ tsm_path }}"
state: directory
owner: "root"
@@ -8,8 +8,8 @@
mode: "0755"
- name: template dsmcad configuration for IBM Spectrum Protect Backup Client
- template:
- src: "{{tsm_path }}oracle_{{ item }}.j2"
+ ansible.builtin.template:
+ src: "{{ tsm_path }}oracle_{{ item }}.j2"
dest: "/{{ tsm_path }}{{ item }}"
owner: "root"
group: "root"
diff --git a/tasks/oracle/create_db_users.yml b/tasks/oracle/create_db_users.yml
index 3a0511f..8655c90 100644
--- a/tasks/oracle/create_db_users.yml
+++ b/tasks/oracle/create_db_users.yml
@@ -1,12 +1,12 @@
---
- name: create DB group
- group:
+ ansible.builtin.group:
name: "{{ vault_oracle_group }}"
gid: "{{ vault_oracle_gid }}"
state: present
- name: create DB user
- user:
+ ansible.builtin.user:
name: "{{ vault_oracle_user }}"
uid: "{{ vault_oracle_uid }}"
group: "{{ vault_oracle_group }}"
@@ -19,7 +19,7 @@
# The DB user doesn't actually use this dir, but it's nice for admins to put
# stuff there.
- name: create homedir for DB user
- file:
+ ansible.builtin.file:
path: "/home/{{ vault_oracle_user }}"
state: directory
owner: "{{ vault_oracle_user }}"
diff --git a/tasks/oracle/install_checkmk_plugins_oracle.yml b/tasks/oracle/install_checkmk_plugins_oracle.yml
index c1589a9..5016ad6 100644
--- a/tasks/oracle/install_checkmk_plugins_oracle.yml
+++ b/tasks/oracle/install_checkmk_plugins_oracle.yml
@@ -1,6 +1,6 @@
---
- name: install self-developed Check_MK plugins for Oracle
- copy:
+ ansible.builtin.copy:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "root"
@@ -11,7 +11,7 @@
- "usr/lib/check_mk_agent/nrpe/check_oracle_db_table_integrity.sh"
- name: configure mrpe
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/mrpe.cfg"
block: |
Get%20Oracle%20database%20segment%20size. (interval=3600) /usr/lib/check_mk_agent/nrpe/check_oracle_db_segment_size.sh
@@ -19,7 +19,7 @@
# get vendor plugins straight from monitoring server to make sure we get the latest version
- name: install vendor Check_MK plugins for Oracle
- get_url:
+ ansible.builtin.get_url:
url: "https://cmk.slub-dresden.de/slubmon/check_mk/agents/plugins/{{ item }}"
dest: "/usr/lib/check_mk_agent/plugins/"
owner: "root"
diff --git a/tasks/oracle/install_sql_scripts.yml b/tasks/oracle/install_sql_scripts.yml
index e8edf19..5176ff8 100644
--- a/tasks/oracle/install_sql_scripts.yml
+++ b/tasks/oracle/install_sql_scripts.yml
@@ -1,6 +1,12 @@
---
+- name: create dest directory for SQL scripts
+ ansible.builtin.file:
+ path: "/home/{{ vault_oracle_user }}/sql-scripts/"
+ state: directory
+ mode: "0755"
+
- name: install SQL scripts
- template:
+ ansible.builtin.template:
src: "home/{{ vault_oracle_user }}/{{ item }}"
dest: "/home/{{ vault_oracle_user }}/{{ item }}"
directory_mode: "0750"
diff --git a/tasks/oracle/main_oracle.yml b/tasks/oracle/main_oracle.yml
index 6bc0670..6d4167c 100644
--- a/tasks/oracle/main_oracle.yml
+++ b/tasks/oracle/main_oracle.yml
@@ -1,16 +1,16 @@
---
### ORACLE TASKS
-- import_tasks: oracle/configure_iptables_oracle.yml
+- ansible.builtin.import_tasks: "oracle/configure_iptables_oracle.yml"
tags: [iptables]
-- import_tasks: oracle/create_db_users.yml
+- ansible.builtin.import_tasks: "oracle/create_db_users.yml"
tags: [users]
-- import_tasks: oracle/configure_rman_backup.yml
+- ansible.builtin.import_tasks: "oracle/configure_rman_backup.yml"
tags: [rman, backup]
-- import_tasks: oracle/configure_tsmclient.yml
+- ansible.builtin.import_tasks: "oracle/configure_tsmclient.yml"
tags: [backup, dsm, tsm, ibmsp]
-- import_tasks: oracle/install_sql_scripts.yml
+- ansible.builtin.import_tasks: "oracle/install_sql_scripts.yml"
tags: [scripts]
-- import_tasks: oracle/configure_system_limits.yml
+- ansible.builtin.import_tasks: "oracle/configure_system_limits.yml"
tags: [oracle]
-- import_tasks: oracle/configure_logrotate.yml
+- ansible.builtin.import_tasks: "oracle/configure_logrotate.yml"
tags: [oracle, logrotate]
diff --git a/tasks/rosetta/configure_iptables_qos.yml b/tasks/rosetta/configure_iptables_qos.yml
index 7b44fd9..36a2335 100644
--- a/tasks/rosetta/configure_iptables_qos.yml
+++ b/tasks/rosetta/configure_iptables_qos.yml
@@ -1,6 +1,6 @@
---
- name: iptables-QoS-Regeln setzen
- iptables:
+ ansible.builtin.iptables:
chain: "{{ item.chain }}"
action: "append"
table: "mangle"
diff --git a/tasks/rosetta/configure_iptables_rosetta.yml b/tasks/rosetta/configure_iptables_rosetta.yml
index b6b0bd2..386ee8e 100644
--- a/tasks/rosetta/configure_iptables_rosetta.yml
+++ b/tasks/rosetta/configure_iptables_rosetta.yml
@@ -1,6 +1,6 @@
---
# - name: clean IPtables rules (1)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
@@ -12,7 +12,7 @@
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
-# iptables:
+# ansible.builtin.iptables:
# chain: "INPUT"
# flush: "true"
# notify:
@@ -21,7 +21,7 @@
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
- iptables:
+ ansible.builtin.iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
@@ -38,7 +38,7 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
- loop: "{{ vault_iptables_input_rosetta|flatten(levels=1) }}"
+ loop: "{{ vault_iptables_input_rosetta | flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
@@ -48,7 +48,7 @@
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
-# iptables:
+# ansible.builtin.iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
diff --git a/tasks/rosetta/configure_rosetta_prerequisites.yml b/tasks/rosetta/configure_rosetta_prerequisites.yml
index a2803bc..a90c80d 100644
--- a/tasks/rosetta/configure_rosetta_prerequisites.yml
+++ b/tasks/rosetta/configure_rosetta_prerequisites.yml
@@ -1,6 +1,6 @@
---
- name: template global.properties PROD
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -8,27 +8,27 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_prod.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_prod.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_prod.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_prod.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_prod.http_port }}"
- - https_port: "{{ vault_global_properties_prod.https_port }}"
- - pds_port: "{{ vault_global_properties_prod.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_prod.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_prod.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_prod.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_prod.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_prod.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_prod.http_port }}"
+ https_port: "{{ vault_global_properties_prod.https_port }}"
+ pds_port: "{{ vault_global_properties_prod.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_prod.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "appprod0"
- name: set symlink for correct global.properties PROD
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_http"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
when: ansible_hostname in "appprod0"
- name: template global.properties TEST
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -36,27 +36,27 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_test.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_test.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_test.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_test.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_test.http_port }}"
- - https_port: "{{ vault_global_properties_test.https_port }}"
- - pds_port: "{{ vault_global_properties_test.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_test.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_test.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_test.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_test.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_test.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_test.http_port }}"
+ https_port: "{{ vault_global_properties_test.https_port }}"
+ pds_port: "{{ vault_global_properties_test.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_test.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "-test"
- name: set symlink for correct global.properties TEST
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_https"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
when: ansible_hostname in "-test"
- name: template global.properties DEV
- template:
+ ansible.builtin.template:
src: "{{ item }}"
dest: "/{{ item }}"
owner: "{{ vault_rosetta_user }}"
@@ -64,20 +64,20 @@
mode: "0444"
backup: true
vars:
- - dbconnection_url: "{{ vault_global_properties_dev.dbconnection_url }}"
- - tls_hostname: "{{ vault_global_properties_dev.tls_hostname }}"
- - ora_sid: "{{ vault_global_properties_dev.ora_sid }}"
- - jboss_maxmemory: "{{ vault_global_properties_dev.jboss_maxmemory }}"
- - http_port: "{{ vault_global_properties_dev.http_port }}"
- - https_port: "{{ vault_global_properties_dev.https_port }}"
- - pds_port: "{{ vault_global_properties_dev.pds_port }}"
- - native_ssl_keystore_password: "{{ vault_global_properties_dev.native_ssl_keystore_password }}"
+ dbconnection_url: "{{ vault_global_properties_dev.dbconnection_url }}"
+ tls_hostname: "{{ vault_global_properties_dev.tls_hostname }}"
+ ora_sid: "{{ vault_global_properties_dev.ora_sid }}"
+ jboss_maxmemory: "{{ vault_global_properties_dev.jboss_maxmemory }}"
+ http_port: "{{ vault_global_properties_dev.http_port }}"
+ https_port: "{{ vault_global_properties_dev.https_port }}"
+ pds_port: "{{ vault_global_properties_dev.pds_port }}"
+ native_ssl_keystore_password: "{{ vault_global_properties_dev.native_ssl_keystore_password }}"
loop:
- "exlibris/dps/d4_1/system.dir/conf/global.properties_http"
- "exlibris/dps/d4_1/system.dir/conf/global.properties_https"
when: ansible_hostname in "appdev"
- name: set symlink for correct global.properties DEV
- file:
+ ansible.builtin.file:
src: "/exlibris/dps/d4_1/system.dir/conf/global.properties_https"
dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
state: link
diff --git a/tasks/rosetta/configure_tsmclient.yml b/tasks/rosetta/configure_tsmclient.yml
index 2f875e9..655e14f 100644
--- a/tasks/rosetta/configure_tsmclient.yml
+++ b/tasks/rosetta/configure_tsmclient.yml
@@ -1,16 +1,16 @@
---
- name: create dsmcad config directory
- file:
- path: "/{{tsm_path }}"
+ ansible.builtin.file:
+ path: "/{{ tsm_path }}"
state: directory
owner: "root"
group: "bin"
mode: "0755"
- name: template dsmcad configuration for IBM Spectrum Protect Backup Client
- template:
- src: "{{tsm_path }}rosetta_{{ item }}.j2"
- dest: "/{{tsm_path }}{{ item }}"
+ ansible.builtin.template:
+ src: "{{ tsm_path }}rosetta_{{ item }}.j2"
+ dest: "/{{ tsm_path }}{{ item }}"
owner: "root"
group: "root"
mode: "0644"
diff --git a/tasks/rosetta/install_checkit_tiff.yml b/tasks/rosetta/install_checkit_tiff.yml
index c6687ff..abf5243 100644
--- a/tasks/rosetta/install_checkit_tiff.yml
+++ b/tasks/rosetta/install_checkit_tiff.yml
@@ -7,8 +7,14 @@
]
state: latest
+- name: create dest directory for checkit-tiff configs
+ ansible.builtin.file:
+ path: "/operational_shared/software/"
+ state: directory
+ mode: 0755
+
- name: deploy checkit_tiff-Configs
- file:
+ ansible.builtin.file:
src: "/usr/share/{{ item.src }}"
dest: "/operational_shared/software/{{ item.dest }}"
state: link
diff --git a/tasks/rosetta/install_checkmk_plugins_rosetta.yml b/tasks/rosetta/install_checkmk_plugins_rosetta.yml
index 043ac63..0c26c9f 100644
--- a/tasks/rosetta/install_checkmk_plugins_rosetta.yml
+++ b/tasks/rosetta/install_checkmk_plugins_rosetta.yml
@@ -1,6 +1,6 @@
---
- name: install self-developed Check_MK plugins for Rosetta
- copy:
+ ansible.builtin.copy:
src: "{{ item.path }}"
dest: "/{{ item.path }}"
owner: "root"
@@ -13,7 +13,7 @@
mode: "0644"
- name: configure logwatch for Rosetta
- blockinfile:
+ ansible.builtin.blockinfile:
path: "/etc/check_mk/logwatch.cfg"
state: present
marker: "# {mark} ANSIBLE MANAGED BLOCK - Rosetta"
@@ -33,6 +33,6 @@
C GC (Allocation Failure)
- name: uninstall legacy NFS_troubleshoot.sh logwatch & mail notification script
- file:
+ ansible.builtin.file:
path: "/root/mail_rosetta_errors.sh"
state: absent
diff --git a/tasks/rosetta/install_error_summary.yml b/tasks/rosetta/install_error_summary.yml
index b09dc2b..bb8d5f6 100644
--- a/tasks/rosetta/install_error_summary.yml
+++ b/tasks/rosetta/install_error_summary.yml
@@ -31,9 +31,6 @@
- "error-summary.timer"
notify: daemon-reload
-
-
-
- name: find error summary systemd units so we don't have to hardcode their names in the loops
ansible.builtin.find:
path: "/etc/systemd/user/"
@@ -58,10 +55,6 @@
register: error_summary_enablecmd
changed_when: error_summary_enablecmd.stdout in "Created symlink"
-
-
-
-
- name: start error summary SystemD timer (the service doesn't need to be started, that's done by the timer)
ansible.builtin.systemd:
name: "error-summary.timer"
diff --git a/tasks/rosetta/install_format_library_xsds.yml b/tasks/rosetta/install_format_library_xsds.yml
index 854a216..b0fd134 100644
--- a/tasks/rosetta/install_format_library_xsds.yml
+++ b/tasks/rosetta/install_format_library_xsds.yml
@@ -16,4 +16,4 @@
group: "{{ vault_rosetta_group }}"
mode: "0664"
checksum: "{{ item.sha1 }}"
- loop: "{{ local_jhove_xsds }}"
\ No newline at end of file
+ loop: "{{ local_jhove_xsds }}"
diff --git a/tasks/rosetta/install_mediaconch.yml b/tasks/rosetta/install_mediaconch.yml
index 68e47c5..262482f 100644
--- a/tasks/rosetta/install_mediaconch.yml
+++ b/tasks/rosetta/install_mediaconch.yml
@@ -27,16 +27,22 @@
ansible.builtin.file:
path: "/tmp/mediaconch-profile/"
state: absent
+ changed_when: false # there's no other way to get this task idempotent
- name: checkout MediaConch-Profile repo
ansible.builtin.git:
repo: "https://git.slub-dresden.de/digital-preservation/mediaconch-profile.git"
dest: "/tmp/mediaconch-profile/"
+ register: mc_profile_repo_cloned
+ changed_when: false # there's no other way to get this task idempotent
- name: compile MediaConch profile
ansible.builtin.command:
- cmd: "bash /tmp/mediaconch-profile/build_all.sh"
+ cmd: "bash ./build_all.sh"
chdir: "/tmp/mediaconch-profile/"
+ when: mc_profile_repo_cloned.before != mc_profile_repo_cloned.after
+ register: mc_profile_repo_built
+ changed_when: false # there's no other way to get this task idempotent
- name: deploy MediaConch profile to Rosetta
ansible.builtin.copy:
@@ -59,6 +65,10 @@
dest: "{{ item.dest }}"
state: link
force: true
- loop:
- - { src: "/etc/mediaconch/current_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
- - { src: "/etc/mediaconch/upcoming_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ mode: "0644"
+ loop:
+ - { src: "/etc/mediaconch/current_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ - { src: "/etc/mediaconch/upcoming_slub.cfg", dest: "/operational_shared/software/SLUB_mediaconch_policy_all.xml" }
+ when:
+ - mc_profile_repo_cloned.before != mc_profile_repo_cloned.after
+ - mc_profile_repo_built.rc == "0"
diff --git a/tasks/rosetta/install_packages.yml b/tasks/rosetta/install_packages.yml
index 775034d..8547710 100644
--- a/tasks/rosetta/install_packages.yml
+++ b/tasks/rosetta/install_packages.yml
@@ -1,6 +1,6 @@
---
- name: install packages for plugins, TA, analysis
- yum:
+ ansible.builtin.yum:
name: [
'libtiff-tools',
'mediaconch',
diff --git a/tasks/rosetta/install_verapdf.yml b/tasks/rosetta/install_verapdf.yml
index ac054d7..7a647e8 100644
--- a/tasks/rosetta/install_verapdf.yml
+++ b/tasks/rosetta/install_verapdf.yml
@@ -1,10 +1,11 @@
---
- name: copy veraPDF RPM package
- copy:
+ ansible.builtin.copy:
src: "verapdf-1.16.1-1.el7.x86_64.rpm"
dest: "/tmp/verapdf-1.16.1-1.el7.x86_64.rpm"
+ mode: "0644"
- name: install veraPDF
- yum:
+ ansible.builtin.yum:
name: "/tmp/verapdf-1.16.1-1.el7.x86_64.rpm"
state: present
diff --git a/tasks/rosetta/main_rosetta.yml b/tasks/rosetta/main_rosetta.yml
index 6c56b5b..37a03a7 100644
--- a/tasks/rosetta/main_rosetta.yml
+++ b/tasks/rosetta/main_rosetta.yml
@@ -1,25 +1,25 @@
---
### ROSETTA TASKS
-- import_tasks: rosetta/configure_iptables_rosetta.yml
+- ansible.builtin.import_tasks: "rosetta/configure_iptables_rosetta.yml"
tags: [iptables]
-- import_tasks: rosetta/configure_iptables_qos.yml
+- ansible.builtin.import_tasks: "rosetta/configure_iptables_qos.yml"
tags: [iptables]
-- import_tasks: rosetta/configure_rosetta_prerequisites.yml
+- ansible.builtin.import_tasks: "rosetta/configure_rosetta_prerequisites.yml"
tags: [rosetta]
-- import_tasks: rosetta/install_checkmk_plugins_rosetta.yml
+- ansible.builtin.import_tasks: "rosetta/install_checkmk_plugins_rosetta.yml"
tags: [checkmk, monitoring]
-- import_tasks: rosetta/install_packages.yml
+- ansible.builtin.import_tasks: "rosetta/install_packages.yml"
tags: [packages, yum]
-- import_tasks: rosetta/install_checkit_tiff.yml
+- ansible.builtin.import_tasks: "rosetta/install_checkit_tiff.yml"
tags: [packages, yum, checkit_tiff, cit]
-- import_tasks: rosetta/install_verapdf.yml
- tags: [packages, yum, verapdf]
-- import_tasks: rosetta/install_mediaconch.yml
+# - ansible.builtin.import_tasks: "rosetta/install_verapdf.yml"
+# tags: [packages, yum, verapdf]
+- ansible.builtin.import_tasks: "rosetta/install_mediaconch.yml"
tags: [packages, yum, mediaconch]
-- import_tasks: rosetta/configure_tsmclient.yml
+- ansible.builtin.import_tasks: "rosetta/configure_tsmclient.yml"
tags: [backup]
-- import_tasks: rosetta/install_format_library_xsds.yml
+- ansible.builtin.import_tasks: "rosetta/install_format_library_xsds.yml"
tags: [rosetta, xsd]
-- import_tasks: "rosetta/install_error_summary.yml"
+- ansible.builtin.import_tasks: "rosetta/install_error_summary.yml"
tags: [monitoring, reporting, visibility, errorsummary]
diff --git a/vars/main.yml b/vars/main.yml
index 7705c01..65bbae4 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -104,4 +104,4 @@ local_jhove_xsds:
- { dir: "{{ xsd_base_path }}www.loc.gov/standards/", filename: "xlink.xsd", sha1: "473aca92c2c22c55084afd2c0367bc0a98ca2a7f" }
- { dir: "{{ xsd_base_path }}www.w3.org/2001/03/", filename: "xml.xsd", sha1: "102d87e5e68e7edceb649c80b74a649e7e636541" }
- { dir: "{{ xsd_base_path }}www.w3.org/2004/10/", filename: "xml.xsd", sha1: "a1bb94c788091c087f54cc995212cc1a62c72881" }
- - { dir: "{{ xsd_base_path }}www.w3.org/2007/08/", filename: "xml.xsd", sha1: "c236cd21fe6daf2c096d50ab2b0701b99bd6e597" }
\ No newline at end of file
+ - { dir: "{{ xsd_base_path }}www.w3.org/2007/08/", filename: "xml.xsd", sha1: "c236cd21fe6daf2c096d50ab2b0701b99bd6e597" }
diff --git a/vars/redhat_7_packages.yml b/vars/redhat_7_packages.yml
index 4476c5b..f6c8dfe 100644
--- a/vars/redhat_7_packages.yml
+++ b/vars/redhat_7_packages.yml
@@ -17,7 +17,6 @@ redhat_packages: [
'cpp.x86_64',
'dos2unix.x86_64',
'elfutils-libelf-devel.x86_64',
- 'expat.i686',
'expat.x86_64',
'fontconfig.i686',
'fontconfig.x86_64',
@@ -45,7 +44,6 @@ redhat_packages: [
'libbonobo.x86_64',
'libdaemon.x86_64',
'libdmx.x86_64',
- 'libgcc.i686',
'libgcc.x86_64',
'libgnome.x86_64',
'libgomp.x86_64',
@@ -99,7 +97,7 @@ redhat_packages: [
'xorg-x11-utils.x86_64',
'xorg-x11-xauth.x86_64',
'xorg-x11-xinit.x86_64',
- 'xz-libs.i686',
+ 'xz-libs',
'zlib-devel.i686',
'zlib.x86_64',
]
--
GitLab