From 95ec310f3b5766589d774f0151741d46a3449b25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 20 Jan 2025 14:11:10 +0100
Subject: [PATCH] refactor: move references to Ansible Vault variables out of
the actual code, provide sane defaults and overwrite those with the values
from the Vault. This is done to improve documentation of the interface used
with this role.
---
defaults/main.yml | 6 ++++++
tasks/compile_callas_binaries.yml | 2 +-
tasks/configure_crontab.yml | 4 ++--
tasks/configure_iptables.yml | 2 +-
tasks/configure_nfs_mounts.yml | 6 +++---
tasks/create_users_groups.yml | 4 ++--
tasks/install_callas_pdf_engine.yml | 12 ++++++------
vars/main.yml | 5 +++++
vars/validator.vault.example | 21 ---------------------
9 files changed, 26 insertions(+), 36 deletions(-)
create mode 100644 defaults/main.yml
delete mode 100644 vars/validator.vault.example
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..3f991fb
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+iptables: []
+nfs_mounts: {}
+users: []
+groups: []
+callas_sdk_version: ""
diff --git a/tasks/compile_callas_binaries.yml b/tasks/compile_callas_binaries.yml
index ec9a289..19741fa 100644
--- a/tasks/compile_callas_binaries.yml
+++ b/tasks/compile_callas_binaries.yml
@@ -44,7 +44,7 @@
- name: set symlinks for Callas PDF Engine
ansible.builtin.file:
state: link
- src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+ src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
path: "/opt/pdfa_webservice/{{ item }}"
loop:
- "etc"
diff --git a/tasks/configure_crontab.yml b/tasks/configure_crontab.yml
index e96eb71..2cbbed8 100644
--- a/tasks/configure_crontab.yml
+++ b/tasks/configure_crontab.yml
@@ -2,11 +2,11 @@
### CRONTAB EINRICHTEN ###
- name: DEBUG
ansible.builtin.debug:
- var: vault_users
+ var: users
- name: Cronjob zum Löschen alter tmpfiles aus /tmp erstellen
ansible.builtin.cron:
name: "delete old tmpfiles from /tmp"
hour: "0"
minute: "0"
- user: "{{ vault_users.0.name }}"
+ user: "{{ users.0.name }}"
job: 'find /tmp/ -maxdepth 1 -name "tmpfile*" -mtime +1 -exec rm \{\} \; >/dev/null 2>&1'
diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index 57a6333..32d13f9 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -15,6 +15,6 @@
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state | default('present') }}"
table: "filter"
- loop: "{{ vault_iptables | flatten(levels=1) }}"
+ loop: "{{ iptables | flatten(levels=1) }}"
notify:
- save iptables rules
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index e307af2..a3c217f 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -1,14 +1,14 @@
---
- name: Mountpoint fuer Logging anlegen
ansible.builtin.file:
- path: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+ path: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
state: directory
mode: "0400"
- name: NFS-Shares fuer Logging mounten
ansible.posix.mount:
- name: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
- src: "{{ vault_nfs_mounts.log.share }}/{{ ansible_hostname }}"
+ name: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+ src: "{{ nfs_mounts.log.share }}/{{ ansible_hostname }}"
state: mounted
fstype: "nfs"
opts: "defaults,nodev,nosuid,rsize=65536,wsize=65536,vers=3"
diff --git a/tasks/create_users_groups.yml b/tasks/create_users_groups.yml
index bdb7abf..3810e8e 100644
--- a/tasks/create_users_groups.yml
+++ b/tasks/create_users_groups.yml
@@ -4,11 +4,11 @@
name: "{{ item.name }}"
gid: "{{ item.gid | default(omit) }}"
state: "item.state | default('present') }}"
- loop: "{{ vault_groups | flatten(levels=1) }}"
+ loop: "{{ groups | flatten(levels=1) }}"
- name: User in Gruppen einfügen und primäre Gruppe setzen
ansible.builtin.user:
name: "{{ item.name }}"
group: "{{ item.group }}"
groups: "{{ item.groups }}"
- loop: "{{ vault_users | flatten(levels=1) }}"
+ loop: "{{ users | flatten(levels=1) }}"
diff --git a/tasks/install_callas_pdf_engine.yml b/tasks/install_callas_pdf_engine.yml
index 8b56961..c51c211 100644
--- a/tasks/install_callas_pdf_engine.yml
+++ b/tasks/install_callas_pdf_engine.yml
@@ -26,7 +26,7 @@
- name: copy callas PDFEngine
ansible.builtin.get_url:
url: "http://www.callassoftware.com/extranet/callas_pdfEngineSDK/callas_pdfEngineSDK_x64_Linux.tar.gz"
- dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+ dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
mode: "0644"
changed_when: false # This will always change, because we're installing a
# fresh version of Callas into a cleaned directory
@@ -36,14 +36,14 @@
# (https://github.com/ansible/ansible/issues/28569)
- name: unpack callas PDFEngine
ansible.builtin.unarchive:
- src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+ src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
dest: "/usr/local/lib/callas_pdfEngine_SDK_x64"
remote_src: true
changed_when: false # This will always change.
- name: ... and remove source (as there's no actual move module in Ansible).
ansible.builtin.file:
- path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+ path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
state: absent
changed_when: false # This will always change. We just downloaded a fresh
# archive that now needs to be cleaned up.
@@ -58,7 +58,7 @@
- name: symlink callas PDFEngine from '/usr/local/lib/callas_pdfEngine_SDK_x64/*' to '/usr/lib/cgi-bin/*'
ansible.builtin.file:
- src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+ src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
dest: "/usr/lib/cgi-bin/{{ item }}"
state: link
loop:
@@ -92,8 +92,8 @@
# state: link
# loop:
# - src: "/usr/lib/gcc/x86_64-linux-gnu/10/libstdc++.so"
-# dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so"
+# dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so"
# - src: "/usr/lib/x86_64-linux-gnu/libstdc++.so.6"
-# dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so.6"
+# dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so.6"
# notify: run ldconfig to configure dynamic linker run-time bindings
# tags: [molecule-notest]
diff --git a/vars/main.yml b/vars/main.yml
index ed97d53..285fb92 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1 +1,6 @@
---
+iptables: "{{ vault_iptables }}"
+nfs_mounts: "{{ vault_nfs_mounts }}"
+users: "{{ vault_users }}"
+groups: "{{ vault_groups }}"
+callas_sdk_version: "{{ vault_callas_sdk_version }}"
diff --git a/vars/validator.vault.example b/vars/validator.vault.example
deleted file mode 100644
index 1c3d3b6..0000000
--- a/vars/validator.vault.example
+++ /dev/null
@@ -1,21 +0,0 @@
----
-vault_iptables:
- - comment: "WHAT IS THIS RULE FOR?
- dest_port: DESTINATION_PORT_NUMBER
- state: present
-
-vault_nfs_mounts:
- log:
- mountpoint: "/var/log/LOGDIR/"
- share: "123.234.321.210:/PATH/TO/NFS/SHARE/"
-
-vault_users:
- - name: "USERNAME"
- group: "PRIMARY_GROUP_NAME"
- groups: "CSV-LIST, OF, SECONDARY, GROUPS"
-
-vault_groups:
- - name: "GROUPNAME"
- gid: "1337"
-
-vault_callas_sdk_version: "VERSION_STRING_LIKE_12-3-456"
--
GitLab