From b726b4117470b76a33605c350a170e07f4bf0742 Mon Sep 17 00:00:00 2001 From: louis Date: Wed, 10 May 2023 10:54:05 +0200 Subject: [PATCH 1/2] Bump Integration Workflow to v1.0.0 --- .github/workflows/main.yml | 4 +--- requirements.yml | 6 ++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c78b5c4..1985a64 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,8 +17,6 @@ on: jobs: integration: name: Integration - uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@main + uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@v1.0.0 with: distros: '[ "debian11", "debian10" ]' - role-dependencies: | - - src: geerlingguy.nodejs diff --git a/requirements.yml b/requirements.yml index f2f8e4b..42a298d 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,6 @@ --- - roles: - - geerlingguy.nodejs + - name: geerlingguy.nodejs + version: 6.1.1 +collections: + - community.general From 6ffbe246d3c3912c5290e5c1cdb7d348b67267ad Mon Sep 17 00:00:00 2001 From: louis Date: Wed, 10 May 2023 11:30:16 +0200 Subject: [PATCH 2/2] Make linter happy --- .ansible-lint | 6 +-- handlers/main.yml | 28 +++++++----- molecule/default/prepare.yml | 7 ++- molecule/default/requirements.yml | 3 -- molecule/default/verify.yml | 75 ------------------------------- tasks/goss.yml | 5 +-- tasks/main.yml | 9 ++-- tasks/monitoring.yml | 23 +++++----- tasks/mumble-web.yml | 35 +++++++-------- tasks/mumble.yml | 38 ++++++++-------- 10 files changed, 74 insertions(+), 155 deletions(-) delete mode 100644 molecule/default/requirements.yml delete mode 100644 molecule/default/verify.yml diff --git a/.ansible-lint b/.ansible-lint index 7ea4c46..cfe50ce 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,4 @@ --- -skip_list: - - fqcn-builtins - - no-handler +exclude_paths: + - molecule/ + - .github/ diff --git a/handlers/main.yml b/handlers/main.yml index 1c8e4cf..c94f9fb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,26 +1,32 @@ --- - -- name: restart murmur - service: +- name: Restart murmur + ansible.builtin.service: name: mumble-server state: restarted -- name: restart munin-node - service: +- name: Restart munin-node + ansible.builtin.service: name: munin-node state: restarted -- name: restart monit - service: +- name: Restart monit + ansible.builtin.service: name: monit state: restarted -- name: set superuser password - command: murmurd -ini /etc/mumble-server.ini -supw "{{ murmur_superuser_password }}" +- name: Set superuser password + ansible.builtin.command: murmurd -ini /etc/mumble-server.ini -supw "{{ murmur_superuser_password }}" + register: murmurd_superuser_password + changed_when: murmurd_superuser_password.rc != 0 failed_when: False -- name: restart mumble-web - systemd: +- name: Restart mumble-web + ansible.builtin.systemd: daemon_reload: True name: mumble-web state: restarted + +- name: Set Python capabilities + community.general.capabilities: + path: /usr/bin/python2.7 + capability: cap_net_bind_service=ei diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 5dae76a..a109391 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,5 +1,4 @@ --- - - name: Prepare hosts: all become: True @@ -9,11 +8,11 @@ nodejs_install_npm_user: root tasks: - name: Install OpenSSL - apt: + ansible.builtin.apt: pkg: openssl cache_valid_time: 3600 - - name: create self-signed SSL cert - command: openssl req -new -nodes -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout {{ murmur_sslkey }} -out {{ murmur_sslcert }} -extensions v3_ca + - name: Create self-signed SSL cert + ansible.builtin.command: "openssl req -new -nodes -x509 -subj '/C=US/ST=Oregon/L=Portland/O=IT/CN=${ansible_fqdn}' -days 3650 -keyout {{ murmur_sslkey }} -out {{ murmur_sslcert }} -extensions v3_ca" args: creates: "{{ murmur_sslcert }}" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml deleted file mode 100644 index df6c7bb..0000000 --- a/molecule/default/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -- geerlingguy.nodejs diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml deleted file mode 100644 index 5116d6b..0000000 --- a/molecule/default/verify.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# This is an example playbook to execute goss tests. -# Tests need distributed to the appropriate ansible host/groups -# prior to execution by `goss validate`. - -- name: Verify - hosts: all - become: true - vars: - goss_version: v0.3.16 - goss_arch: amd64 - goss_bin: /usr/local/bin/goss - goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb - goss_test_directory: /tmp/molecule/goss - goss_format: documentation - tasks: - - name: Download and install Goss - get_url: - url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" - dest: "{{ goss_bin }}" - checksum: "sha256:{{ goss_sha256sum }}" - mode: 0755 - - - name: Create Molecule directory for test files # noqa 208 - file: - path: "{{ goss_test_directory }}" - state: directory - - - name: Find Goss tests on localhost - find: - paths: "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}" - patterns: - - "test[-.\\w]*.yml" - - "test_host_{{ ansible_hostname }}[-.\\w]*.yml" - excludes: - - "test_host_(?!{{ ansible_hostname }})[-.\\w]*.yml" - use_regex: true - delegate_to: localhost - register: test_files - changed_when: false - become: false - - - name: debug - debug: - msg: "{{ test_files.files }}" - verbosity: 3 - - - name: Copy Goss tests to remote # noqa 208 - copy: - src: "{{ item.path }}" - dest: "{{ goss_test_directory }}/{{ item.path | basename }}" - mode: 0644 - with_items: - - "{{ test_files.files }}" - - - name: Register test files - shell: "ls {{ goss_test_directory }}/test_*.yml" # noqa 301 - register: test_files - - - name: Execute Goss tests - command: "{{ goss_bin }} -g {{ item }} validate --format {{ goss_format }}" # noqa 301 - register: test_results - with_items: "{{ test_files.stdout_lines }}" - failed_when: false - - - name: Display details about the Goss results - debug: - msg: "{{ item.stdout_lines }}" - with_items: "{{ test_results.results }}" - - - name: Fail when tests fail - fail: - msg: "Goss failed to validate" - when: item.rc != 0 - with_items: "{{ test_results.results }}" diff --git a/tasks/goss.yml b/tasks/goss.yml index 66ea968..1943fd3 100644 --- a/tasks/goss.yml +++ b/tasks/goss.yml @@ -1,13 +1,12 @@ --- - - name: Check is goss test directory exists - stat: + ansible.builtin.stat: path: "{{ goss_test_directory }}" when: goss_test_directory is defined register: dir - name: Copy goss tests - template: + ansible.builtin.template: src: "test_{{ item }}.yml.j2" dest: "{{ goss_test_directory }}/test_{{ item }}.yml" owner: root diff --git a/tasks/main.yml b/tasks/main.yml index ff36557..c685195 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,18 +1,17 @@ --- - - name: Import mumble tasks - import_tasks: mumble.yml + ansible.builtin.import_tasks: mumble.yml - name: Import mumble-web tasks - import_tasks: mumble-web.yml + ansible.builtin.import_tasks: mumble-web.yml when: mumble_web tags: mumble-web - name: Import monitoring tasks - import_tasks: monitoring.yml + ansible.builtin.import_tasks: monitoring.yml when: murmur_monitoring_monit_enabled or murmur_monitoring_munin_enabled - name: Import goss tasks - import_tasks: goss.yml + ansible.builtin.import_tasks: goss.yml tags: - goss diff --git a/tasks/monitoring.yml b/tasks/monitoring.yml index b32ad7b..a8b650c 100644 --- a/tasks/monitoring.yml +++ b/tasks/monitoring.yml @@ -1,32 +1,31 @@ --- - - name: Install dependencies to make munin plugin work - apt: + ansible.builtin.apt: pkg: "{{ murmur_monitoring_munin_packages }}" # plugin taken from https://github.com/Natenom/munin-plugins/issues/10 -- name: copy munin plugin - copy: +- name: Copy munin plugin + ansible.builtin.copy: src: murmur-munin.py dest: /usr/local/share/ owner: root group: root - mode: 0755 + mode: "0755" -- name: ensure mumble plugins are present - file: +- name: Ensure mumble plugins are present + ansible.builtin.file: src: "/usr/local/share/murmur-munin.py" dest: "/etc/munin/plugins/mumble" state: link when: murmur_monitoring_munin_enabled - notify: restart munin-node + notify: Restart munin-node -- name: ensure monit service config is latest - copy: +- name: Ensure monit service config is latest + ansible.builtin.copy: src: "monit/conf.d/mumble-server" dest: "/etc/monit/conf.d/mumble-server" owner: root group: root - mode: 0600 - notify: restart monit + mode: "0600" + notify: Restart monit when: murmur_monitoring_monit_enabled diff --git a/tasks/mumble-web.yml b/tasks/mumble-web.yml index 02c1c67..09021ef 100644 --- a/tasks/mumble-web.yml +++ b/tasks/mumble-web.yml @@ -1,40 +1,35 @@ --- - -- name: install dependencies - apt: +- name: Install dependencies + ansible.builtin.apt: pkg: websockify -- name: install mumble-web - npm: +- name: Install mumble-web + community.general.npm: name: mumble-web global: True -- name: copy mumble-web unit file - template: +- name: Copy mumble-web unit file + ansible.builtin.template: src: mumble-web.service.j2 dest: /etc/systemd/system/mumble-web.service owner: root group: root - mode: 0644 + mode: "0644" register: servicefile - notify: restart mumble-web - -- name: Allow to python to inherit socket binding capability - capabilities: - path: /usr/bin/python2.7 - capability: cap_net_bind_service=ei - when: servicefile.changed + notify: + - Set Python capabilities + - Restart mumble-web -- name: configure mumble-web - template: +- name: Configure mumble-web + ansible.builtin.template: src: config.local.js.j2 dest: "{{ mumble_web_path }}/dist/config.local.js" owner: root group: root - mode: 0644 + mode: "0644" -- name: enable and start mumble-web - systemd: +- name: Wnable and start mumble-web + ansible.builtin.systemd: name: mumble-web daemon-reload: yes enabled: True diff --git a/tasks/mumble.yml b/tasks/mumble.yml index b0bd70d..bfb6a19 100644 --- a/tasks/mumble.yml +++ b/tasks/mumble.yml @@ -1,53 +1,53 @@ --- -- name: check if murmurd is already installed. - stat: +- name: Check if murmurd is already installed. + ansible.builtin.stat: path: /usr/sbin/murmurd register: murmurd_installed -- name: ensure required packages are present - apt: +- name: Ensure required packages are present + ansible.builtin.apt: pkg: mumble-server cache_valid_time: 3600 -- name: generate the Murmur config file - template: +- name: Generate the Murmur config file + ansible.builtin.template: src: "mumble-server.ini.j2" dest: "/etc/mumble-server.ini" owner: root group: mumble-server - mode: 0640 - notify: restart murmur + mode: "0640" + notify: Restart murmur - name: Allow mumble user to access sslkey block: - - name: check if we can access key - command: cat "{{ murmur_sslkey }}" + - name: Check if we can access key + ansible.builtin.command: cat "{{ murmur_sslkey }}" become: true become_user: mumble-server changed_when: false check_mode: false rescue: - - name: ensure mumble owns key - file: + - name: Ensure mumble owns key + ansible.builtin.file: path: "{{ murmur_sslkey }}" owner: root group: mumble-server - mode: 0640 - notify: restart murmur + mode: "0640" + notify: Restart murmur -- name: always start service - service: +- name: Always start service + ansible.builtin.service: name: mumble-server enabled: True state: started -- name: write superuser password to a file - copy: +- name: Write superuser password to a file + ansible.builtin.copy: content: "{{ murmur_superuser_password }}" dest: /etc/mumble-superuser owner: root group: root mode: 0600 when: murmur_superuser_password is defined - notify: set superuser password + notify: Set superuser password