refactor: move references to Ansible Vault variables out of the actual code,...

refactor: move references to Ansible Vault variables out of the actual code, provide sane defaults and overwrite those with the values from the Vault. This is done to improve documentation of the interface used with this role.

refactor: move references to Ansible Vault variables out of the actual code,...
95ec310f · Jörg Sachse · 0e659a13 · 95ec310f · 95ec310f · 95ec310f
Commit 95ec310f authored 4 months ago by Jörg Sachse
--- a/defaults/main.yml
+++ b/defaults/main.yml
+---
+iptables: []
+nfs_mounts: {}
+users: []
+groups: []
+callas_sdk_version: ""
--- a/tasks/compile_callas_binaries.yml
+++ b/tasks/compile_callas_binaries.yml
@@ -44,7 +44,7 @@
 - name: set symlinks for Callas PDF Engine
  ansible.builtin.file:
    state: link
-    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
    path: "/opt/pdfa_webservice/{{ item }}"
  loop:
    - "etc"

--- a/tasks/configure_crontab.yml
+++ b/tasks/configure_crontab.yml
@@ -2,11 +2,11 @@
 ### CRONTAB EINRICHTEN ###
 - name: DEBUG
  ansible.builtin.debug:
-    var: vault_users
+    var: users
 - name: Cronjob zum Löschen alter tmpfiles aus /tmp erstellen
  ansible.builtin.cron:
    name: "delete old tmpfiles from /tmp"
    hour: "0"
    minute: "0"
-    user: "{{ vault_users.0.name }}"
+    user: "{{ users.0.name }}"
    job: 'find /tmp/ -maxdepth 1 -name "tmpfile*" -mtime +1 -exec rm \{\} \; >/dev/null 2>&1'
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -15,6 +15,6 @@
    source_port: "{{ item.src_port | default(omit) }}"
    state: "{{ item.state | default('present') }}"
    table: "filter"
-  loop: "{{ vault_iptables | flatten(levels=1) }}"
+  loop: "{{ iptables | flatten(levels=1) }}"
  notify:
    - save iptables rules
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
 ---
 - name: Mountpoint fuer Logging anlegen
  ansible.builtin.file:
-    path: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+    path: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
    state: directory
    mode: "0400"
 - name: NFS-Shares fuer Logging mounten
  ansible.posix.mount:
-    name: "{{ vault_nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
+    name: "{{ nfs_mounts.log.mountpoint }}{{ ansible_hostname }}"
-    src: "{{ vault_nfs_mounts.log.share }}/{{ ansible_hostname }}"
+    src: "{{ nfs_mounts.log.share }}/{{ ansible_hostname }}"
    state: mounted
    fstype: "nfs"
    opts: "defaults,nodev,nosuid,rsize=65536,wsize=65536,vers=3"

--- a/tasks/create_users_groups.yml
+++ b/tasks/create_users_groups.yml
@@ -4,11 +4,11 @@
    name: "{{ item.name }}"
    gid: "{{ item.gid | default(omit) }}"
    state: "item.state | default('present') }}"
-  loop: "{{ vault_groups | flatten(levels=1) }}"
+  loop: "{{ groups | flatten(levels=1) }}"
 - name: User in Gruppen einfügen und primäre Gruppe setzen
  ansible.builtin.user:
    name: "{{ item.name }}"
    group: "{{ item.group }}"
    groups: "{{ item.groups }}"
-  loop: "{{ vault_users | flatten(levels=1) }}"
+  loop: "{{ users | flatten(levels=1) }}"
--- a/tasks/install_callas_pdf_engine.yml
+++ b/tasks/install_callas_pdf_engine.yml
@@ -26,7 +26,7 @@
 - name: copy callas PDFEngine
  ansible.builtin.get_url:
    url: "http://www.callassoftware.com/extranet/callas_pdfEngineSDK/callas_pdfEngineSDK_x64_Linux.tar.gz"
-    dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    dest: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
    mode: "0644"
  changed_when: false    # This will always change, because we're installing a
                         # fresh version of Callas into a cleaned directory
@@ -36,14 +36,14 @@
 # (https://github.com/ansible/ansible/issues/28569)
 - name: unpack callas PDFEngine
  ansible.builtin.unarchive:
-    src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    src: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
    dest: "/usr/local/lib/callas_pdfEngine_SDK_x64"
    remote_src: true
  changed_when: false    # This will always change.
 - name: ... and remove source (as there's no actual move module in Ansible).
  ansible.builtin.file:
-    path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}.tar.gz"
+    path: "/usr/local/lib/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}.tar.gz"
    state: absent
  changed_when: false    # This will always change. We just downloaded a fresh
                         # archive that now needs to be cleaned up.
@@ -58,7 +58,7 @@
 - name: symlink callas PDFEngine from '/usr/local/lib/callas_pdfEngine_SDK_x64/*' to '/usr/lib/cgi-bin/*'
  ansible.builtin.file:
-    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/{{ item }}"
+    src: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/{{ item }}"
    dest: "/usr/lib/cgi-bin/{{ item }}"
    state: link
  loop:
@@ -92,8 +92,8 @@
 #     state: link
 #   loop:
 #     - src: "/usr/lib/gcc/x86_64-linux-gnu/10/libstdc++.so"
-#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so"
+#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so"
 #     - src: "/usr/lib/x86_64-linux-gnu/libstdc++.so.6"
-#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ vault_callas_sdk_version }}/lib/libstdc++.so.6"
+#       dest: "/usr/local/lib/callas_pdfEngine_SDK_x64/callas_pdfEngineSDK_x64_Linux_{{ callas_sdk_version }}/lib/libstdc++.so.6"
 #   notify: run ldconfig to configure dynamic linker run-time bindings
 #   tags: [molecule-notest]
--- a/vars/main.yml
+++ b/vars/main.yml
 ---
+iptables: "{{ vault_iptables }}"
+nfs_mounts: "{{ vault_nfs_mounts }}"
+users: "{{ vault_users }}"
+groups: "{{ vault_groups }}"
+callas_sdk_version: "{{ vault_callas_sdk_version }}"
--- a/vars/validator.vault.example
+++ b/vars/validator.vault.example
---
-vault_iptables:
-  - comment: "WHAT IS THIS RULE FOR?
-    dest_port: DESTINATION_PORT_NUMBER
-    state: present
-vault_nfs_mounts:
-  log:
-    mountpoint: "/var/log/LOGDIR/"
-    share: "123.234.321.210:/PATH/TO/NFS/SHARE/"
-vault_users:
-  - name: "USERNAME"
-    group: "PRIMARY_GROUP_NAME"
-    groups: "CSV-LIST, OF, SECONDARY, GROUPS"
-vault_groups:
-  - name: "GROUPNAME"
-    gid: "1337"
-vault_callas_sdk_version: "VERSION_STRING_LIKE_12-3-456"