Skip to content
Extraits de code Groupes Projets
Valider a43877c9 rédigé par Rémi - Le Filament's avatar Rémi - Le Filament
Parcourir les fichiers

[UPD] ansible-lint

parent 32025784
Branches
Étiquettes v1.7.1
Aucune requête de fusion associée trouvée
---
warn_list: # or 'skip_list' to silence them completely
- command-instead-of-module # systemctl used in place of systemd module
- git-latest # Git checkouts must contain explicit version
- ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
- no-changed-when # Commands should not change things if nothing needs doing
- no-handler # Tasks that run when changed should likely be handlers
- package-latest # Package installs should not use latest
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
# comments enable
comments: enable
comments-indentation: enable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation:
level: warning
indent-sequences: consistent
spaces: 4
check-multi-line-strings: true
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: enable
new-lines:
type: unix
# trailing-spaces enable
trailing-spaces: enable
truthy: enable
--- ---
- name: restart docker daemon - name: Restart docker daemon
ansible.builtin.command: ansible.builtin.command:
cmd: /usr/bin/systemctl reload-or-restart docker.service cmd: /usr/bin/systemctl reload-or-restart docker.service
- name: start inverseproxy docker - name: Start inverseproxy docker
docker_compose: community.docker.docker_compose:
project_src: /home/docker/inverseproxy project_src: /home/docker/inverseproxy
recreate: always recreate: always
restarted: true restarted: true
......
--- ---
galaxy_info: galaxy_info:
author: Rémi author: lefilament
description: Role for deploying and configuring docker daemon and Traefik description: Role for deploying and configuring docker daemon and Traefik
company: Le Filament (https://le-filament.com) company: Le Filament (https://le-filament.com)
license: AGPL-3.0-or-later license: AGPL-3.0-or-later
min_ansible_version: 2.1 min_ansible_version: "2.1"
platforms: platforms:
- name: EL - name: EL
versions: versions:
- 7 - "7"
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic - bionic
......
--- ---
- name: Include OS-specific variables. - name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml" ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install apt-transport-https package - name: Install apt-transport-https package
apt: ansible.builtin.apt:
name: apt-transport-https name: apt-transport-https
install_recommends: false install_recommends: false
state: latest state: latest
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: Install OS packages - name: Install OS packages
package: ansible.builtin.package:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: latest state: latest
async: 120 async: 120
...@@ -18,21 +18,21 @@ ...@@ -18,21 +18,21 @@
when: not ansible_check_mode when: not ansible_check_mode
- name: Check installed OS packages - name: Check installed OS packages
package: ansible.builtin.package:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: latest state: latest
when: ansible_check_mode when: ansible_check_mode
- name: Create /etc/docker repo - name: Create /etc/docker repo
file: ansible.builtin.file:
name: /etc/docker name: /etc/docker
state: directory state: directory
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
- name: securize docker daemon - name: Securize docker daemon
template: ansible.builtin.template:
src: daemon.json.j2 src: daemon.json.j2
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
owner: root owner: root
...@@ -41,7 +41,7 @@ ...@@ -41,7 +41,7 @@
notify: restart docker daemon notify: restart docker daemon
- name: Create .docker repo - name: Create .docker repo
file: ansible.builtin.file:
name: /root/.docker name: /root/.docker
state: directory state: directory
owner: root owner: root
...@@ -49,8 +49,8 @@ ...@@ -49,8 +49,8 @@
mode: '0750' mode: '0750'
when: docker_registry_auth is defined when: docker_registry_auth is defined
- name: add specific repo auth - name: Add specific repo auth
copy: ansible.builtin.copy:
content: "{{ docker_registry_auth }}" content: "{{ docker_registry_auth }}"
dest: /root/.docker/config.json dest: /root/.docker/config.json
owner: root owner: root
...@@ -59,7 +59,7 @@ ...@@ -59,7 +59,7 @@
when: docker_registry_auth is defined when: docker_registry_auth is defined
- name: Create docker repo - name: Create docker repo
file: ansible.builtin.file:
name: /home/docker/backups name: /home/docker/backups
state: directory state: directory
owner: root owner: root
...@@ -68,7 +68,7 @@ ...@@ -68,7 +68,7 @@
## Install Proxy docker ## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy - name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
file: ansible.builtin.file:
name: /home/docker/inverseproxy name: /home/docker/inverseproxy
state: directory state: directory
owner: root owner: root
...@@ -77,7 +77,7 @@ ...@@ -77,7 +77,7 @@
tags: docker_proxy tags: docker_proxy
- name: Install proxy docker - name: Install proxy docker
template: ansible.builtin.template:
src: inverseproxy.yaml.j2 src: inverseproxy.yaml.j2
dest: /home/docker/inverseproxy/docker-compose.yaml dest: /home/docker/inverseproxy/docker-compose.yaml
owner: root owner: root
...@@ -85,10 +85,10 @@ ...@@ -85,10 +85,10 @@
mode: '0644' mode: '0644'
tags: docker_proxy tags: docker_proxy
notify: notify:
- start inverseproxy docker - Start inverseproxy docker
- name: Copy Traefik configuration file - name: Copy Traefik configuration file
template: ansible.builtin.template:
src: traefik.toml.j2 src: traefik.toml.j2
dest: "/home/docker/inverseproxy/traefik.toml" dest: "/home/docker/inverseproxy/traefik.toml"
owner: root owner: root
...@@ -96,18 +96,18 @@ ...@@ -96,18 +96,18 @@
mode: '0644' mode: '0644'
tags: docker_proxy tags: docker_proxy
notify: notify:
- start inverseproxy docker - Start inverseproxy docker
- name: Copy Docker Facts Collection script on server - name: Copy Docker Facts Collection script on server
template: ansible.builtin.template:
src: collect_docker_facts.sh.j2 src: collect_docker_facts.sh.j2
dest: /root/collect_docker_facts.sh dest: /root/collect_docker_facts.sh
owner: root owner: root
group: root group: root
mode: '0700' mode: '0700'
- name: add cron job to check Docker versions every day - name: Add cron job to check Docker versions every day
cron: ansible.builtin.cron:
name: collect docker facts name: collect docker facts
minute: "1" minute: "1"
hour: "2" hour: "2"
...@@ -115,12 +115,12 @@ ...@@ -115,12 +115,12 @@
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars # Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers - name: Flush handlers
meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Enable service docker - name: Enable service docker
ansible.builtin.service: ansible.builtin.service:
name: docker name: docker
enabled: yes enabled: true
- name: Start service docker, if not started - name: Start service docker, if not started
ansible.builtin.service: ansible.builtin.service:
...@@ -128,17 +128,17 @@ ...@@ -128,17 +128,17 @@
state: started state: started
- name: Retrieve subuid for dockremap - name: Retrieve subuid for dockremap
command: grep dockremap /etc/subuid ansible.builtin.command: grep dockremap /etc/subuid
register: dockremap_subuid_output register: dockremap_subuid_output
when: docker_userns_remap when: docker_userns_remap
- name: Retrieve subgid for dockremap - name: Retrieve subgid for dockremap
command: grep dockremap /etc/subgid ansible.builtin.command: grep dockremap /etc/subgid
register: dockremap_subgid_output register: dockremap_subgid_output
when: docker_userns_remap when: docker_userns_remap
- name: Save uid to hostvars for dockremap user - name: Save uid to hostvars for dockremap user
lineinfile: ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}" name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subuid:" regexp: "dockremap_subuid:"
line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}" line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
...@@ -150,7 +150,7 @@ ...@@ -150,7 +150,7 @@
when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
- name: Save gid to hostvars for dockremap user - name: Save gid to hostvars for dockremap user
lineinfile: ansible.builtin.lineinfile:
name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}" name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
regexp: "dockremap_subgid:" regexp: "dockremap_subgid:"
line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}" line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
......
0% Chargement en cours ou .
You are about to add 0 people to the discussion. Proceed with caution.
Veuillez vous inscrire ou vous pour commenter