diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000000000000000000000000000000000000..8d40d067c46c42adf88f5922bc7fc9c6407ce7bb
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,7 @@
+---
+warn_list: # or 'skip_list' to silence them completely
+ - git-latest # Git checkouts must contain explicit version
+ - ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
+ - no-changed-when # Commands should not change things if nothing needs doing
+ - no-handler # Tasks that run when changed should likely be handlers
+ - package-latest # Package installs should not use latest
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000000000000000000000000000000000000..fbebdb8c3eabfec06b071490a73331e2e80152fe
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,39 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ # comments enable
+ comments: enable
+ comments-indentation: enable
+ document-start: enable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation:
+ level: warning
+ indent-sequences: consistent
+ spaces: 4
+ check-multi-line-strings: true
+ key-duplicates: enable
+ line-length: disable
+ new-line-at-end-of-file: enable
+ new-lines:
+ type: unix
+ # trailing-spaces enable
+ trailing-spaces: enable
+ truthy: enable
diff --git a/handlers/main.yml b/handlers/main.yml
index 2f7cbb9f27107ffd4662e52a314724860062ff59..70caa65943cc168681320ed0fdbd3e47f4d5e604 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,6 @@
---
-- name: restart-sshd
- service: name=sshd state=restarted
+- name: Restart SSHD
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index f877ec6dac92ae0d600215749339c400a9108617..aed1e41bdbd0db1c44207701d66f89d5dde19878 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,18 +1,15 @@
---
galaxy_info:
- author: RĂ©mi
- description: Role to configure backup server to allow SFTP connection from all other servers
- company: Le Filament (https://le-filament.com)
- license: AGPL-3.0-or-later
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- - name: Ubuntu
- versions:
- - bionic
- - focal
- galaxy_tags:
- - backup
- - sftp
+ author: lefilament
+ description: Role to configure backup server to allow SFTP connection from all other servers
+ company: Le Filament (https://le-filament.com)
+ license: AGPL-3.0-or-later
+ min_ansible_version: "2.1"
+ platforms:
+ - name: Ubuntu
+ versions:
+ - bionic
+ - focal
+ galaxy_tags:
+ - backup
+ - sftp
diff --git a/tasks/main.yml b/tasks/main.yml
index 3bcf5d9d58ae9e0002b734d066cf17768653dbb2..d879ba533cc4cd1fa7cd671bb1401b60a7fa0082 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,111 +1,111 @@
---
- name: Create SFTP group
- group:
- name: sftpgroup
+ ansible.builtin.group:
+ name: sftpgroup
- name: Create SFTP users
- user:
- name: "{{ hostvars[item].backup_sftp_user }}"
- group: sftpgroup
- password: "!"
- shell: /sbin/nologin
+ ansible.builtin.user:
+ name: "{{ hostvars[item].backup_sftp_user }}"
+ group: sftpgroup
+ password: "!"
+ shell: /sbin/nologin
with_items: "{{ groups.all | difference(groups.backup_server) }}"
-- name: add SFTP users public key to authorized keys
- authorized_key:
- key: "{{ hostvars[item].host_user_public_key }}"
- user: "{{ hostvars[item].backup_sftp_user }}"
- exclusive: true
+- name: Add SFTP users public key to authorized keys
+ ansible.posix.authorized_key:
+ key: "{{ hostvars[item].host_user_public_key }}"
+ user: "{{ hostvars[item].backup_sftp_user }}"
+ exclusive: true
with_items: "{{ groups.all | difference(groups.backup_server) }}"
-- name: create templates directory
- file:
- name: templates
- state: directory
- mode: '0755'
+- name: Create templates directory
+ ansible.builtin.file:
+ name: templates
+ state: directory
+ mode: '0755'
connection: local
become: false
delegate_to: localhost
tags: sshd
- name: Get sshd_config file from init_server role locally
- get_url:
- url: "https://sources.le-filament.com/lefilament/ansible-roles/init_server/-/raw/master/templates/sshd_config.j2"
- dest: templates/sshd_config.j2
- mode: '0644'
+ ansible.builtin.get_url:
+ url: "https://sources.le-filament.com/lefilament/ansible-roles/init_server/-/raw/master/templates/sshd_config.j2"
+ dest: templates/sshd_config.j2
+ mode: '0644'
connection: local
become: false
delegate_to: localhost
tags: sshd
- name: Copy sshd_config file
- template:
- src: templates/sshd_config.j2
- dest: /etc/ssh/sshd_config
- owner: root
- group: root
- mode: '0644'
- notify: restart-sshd
+ ansible.builtin.template:
+ src: templates/sshd_config.j2
+ dest: /etc/ssh/sshd_config
+ owner: root
+ group: root
+ mode: '0644'
+ notify: Restart SSHD
tags: sshd
-- name: add pip package
- apt:
- name: "{{ python_apt_packages }}"
- force: true
- install_recommends: false
+- name: Add pip package
+ ansible.builtin.apt:
+ name: "{{ python_apt_packages }}"
+ force: true
+ install_recommends: false
-- name: check that chroot directory for SFTP users exist
- file:
- name: /backup/sftp
- state: directory
- owner: root
- group: root
- mode: '0755'
+- name: Check that chroot directory for SFTP users exist
+ ansible.builtin.file:
+ name: /backup/sftp
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
-- name: check that directories for SFTP for all servers exist
- file:
- name: /backup/sftp/{{ hostvars[item].inventory_hostname | lower }}
- state: directory
- owner: "{{ hostvars[item].backup_sftp_user }}"
- group: sftpgroup
- mode: '0755'
+- name: Check that directories for SFTP for all servers exist
+ ansible.builtin.file:
+ name: /backup/sftp/{{ hostvars[item].inventory_hostname | lower }}
+ state: directory
+ owner: "{{ hostvars[item].backup_sftp_user }}"
+ group: sftpgroup
+ mode: '0755'
with_items: "{{ groups.all | difference(groups.backup_server) }}"
-- name: check that directory for collecting openstack Cloud facts exists
- file:
- name: /backup/{{ item }}
- state: directory
- owner: lefilament
- group: lefilament
- mode: '0755'
+- name: Check that directory for collecting openstack Cloud facts exists
+ ansible.builtin.file:
+ name: /backup/{{ item }}
+ state: directory
+ owner: lefilament
+ group: lefilament
+ mode: '0755'
with_items:
- - cloud
- - odoo
- - odoo2
- - versions
+ - cloud
+ - odoo
+ - odoo2
+ - versions
-- name: install swift client
- pip:
- name: "{{ swift_pip_packages }}"
+- name: Install swift client
+ ansible.builtin.pip:
+ name: "{{ swift_pip_packages }}"
- name: Copy OpenStack Fact Collection scripts on server
- template:
- src: "{{ item.script }}.j2"
- dest: /root/{{ item.script }}
- owner: root
- group: root
- mode: '0700'
+ ansible.builtin.template:
+ src: "{{ item.script }}.j2"
+ dest: /root/{{ item.script }}
+ owner: root
+ group: root
+ mode: '0700'
with_items: '{{ collect_backups }}'
loop_control:
- label: '{{ item.name }}'
+ label: '{{ item.name }}'
-- name: add cron job to retrieve backup list every day
- cron:
- name: "{{ item.name }}"
- minute: "{{ item.minute }}"
- hour: "{{ item.hour }}"
- job: /root/{{ item.script }}
+- name: Add cron job to retrieve backup list every day
+ ansible.builtin.cron:
+ name: "{{ item.name }}"
+ minute: "{{ item.minute }}"
+ hour: "{{ item.hour }}"
+ job: /root/{{ item.script }}
with_items: '{{ collect_backups }}'
loop_control:
- label: '{{ item.name }}'
+ label: '{{ item.name }}'
diff --git a/vars/main.yml b/vars/main.yml
index 4097c671f6ee2df96e58b2c522848cc549d56d8e..bb3c6042ede52c7d705bdd004e61f515329e561d 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,28 +1,28 @@
---
python_apt_packages:
- - python3-pip
- - python3-dev
- - python3-setuptools
- - python3-wheel
+ - python3-pip
+ - python3-dev
+ - python3-setuptools
+ - python3-wheel
swift_pip_packages:
- - python-swiftclient
- - python-keystoneclient
+ - python-swiftclient
+ - python-keystoneclient
collect_backups:
- - name: "check openstack cloud facts"
- script: retrieve_openstack_cloud_facts.sh
- hour: 4
- minute: 30
- - name: "check openstack odoo facts"
- script: retrieve_openstack_odoo_facts.sh
- hour: 4
- minute: 45
- - name: "check openstack odoo2 facts"
- script: retrieve_openstack_odoo2_facts.sh
- hour: 2
- minute: 0
- - name: "move versioned files"
- script: move_versioned_files.sh
- hour: 7
- minute: 0
+ - name: "check openstack cloud facts"
+ script: retrieve_openstack_cloud_facts.sh
+ hour: 4
+ minute: 30
+ - name: "check openstack odoo facts"
+ script: retrieve_openstack_odoo_facts.sh
+ hour: 4
+ minute: 45
+ - name: "check openstack odoo2 facts"
+ script: retrieve_openstack_odoo2_facts.sh
+ hour: 2
+ minute: 0
+ - name: "move versioned files"
+ script: move_versioned_files.sh
+ hour: 7
+ minute: 0