From a43877c9a3dd58e3b47a22a68b747f719ee788ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Wed, 5 Jul 2023 15:29:01 +0200
Subject: [PATCH] [UPD] ansible-lint
---
.ansible-lint | 8 ++
.yamllint | 39 ++++++++++
handlers/main.yml | 16 ++--
meta/main.yml | 34 ++++----
tasks/main.yml | 192 +++++++++++++++++++++++-----------------------
vars/Debian.yml | 22 +++---
vars/RedHat.yml | 32 ++++----
7 files changed, 195 insertions(+), 148 deletions(-)
create mode 100644 .ansible-lint
create mode 100644 .yamllint
diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..21ef1b8
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,8 @@
+---
+warn_list: # or 'skip_list' to silence them completely
+ - command-instead-of-module # systemctl used in place of systemd module
+ - git-latest # Git checkouts must contain explicit version
+ - ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
+ - no-changed-when # Commands should not change things if nothing needs doing
+ - no-handler # Tasks that run when changed should likely be handlers
+ - package-latest # Package installs should not use latest
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..fbebdb8
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,39 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ colons:
+ max-spaces-after: -1
+ level: error
+ commas:
+ max-spaces-after: -1
+ level: error
+ # comments enable
+ comments: enable
+ comments-indentation: enable
+ document-start: enable
+ empty-lines:
+ max: 3
+ level: error
+ hyphens:
+ level: error
+ indentation:
+ level: warning
+ indent-sequences: consistent
+ spaces: 4
+ check-multi-line-strings: true
+ key-duplicates: enable
+ line-length: disable
+ new-line-at-end-of-file: enable
+ new-lines:
+ type: unix
+ # trailing-spaces enable
+ trailing-spaces: enable
+ truthy: enable
diff --git a/handlers/main.yml b/handlers/main.yml
index 8d537de..4b6238c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,15 +1,15 @@
---
-- name: restart docker daemon
+- name: Restart docker daemon
ansible.builtin.command:
- cmd: /usr/bin/systemctl reload-or-restart docker.service
+ cmd: /usr/bin/systemctl reload-or-restart docker.service
-- name: start inverseproxy docker
- docker_compose:
- project_src: /home/docker/inverseproxy
- recreate: always
- restarted: true
- remove_orphans: true
+- name: Start inverseproxy docker
+ community.docker.docker_compose:
+ project_src: /home/docker/inverseproxy
+ recreate: always
+ restarted: true
+ remove_orphans: true
async: 120
poll: 10
when: not ansible_check_mode
diff --git a/meta/main.yml b/meta/main.yml
index d4c963e..880f5a6 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,19 +1,19 @@
---
galaxy_info:
- author: Rémi
- description: Role for deploying and configuring docker daemon and Traefik
- company: Le Filament (https://le-filament.com)
- license: AGPL-3.0-or-later
- min_ansible_version: 2.1
- platforms:
- - name: EL
- versions:
- - 7
- - name: Ubuntu
- versions:
- - bionic
- - focal
- galaxy_tags:
- - docker
- - traefik
- - inverseproxy
+ author: lefilament
+ description: Role for deploying and configuring docker daemon and Traefik
+ company: Le Filament (https://le-filament.com)
+ license: AGPL-3.0-or-later
+ min_ansible_version: "2.1"
+ platforms:
+ - name: EL
+ versions:
+ - "7"
+ - name: Ubuntu
+ versions:
+ - bionic
+ - focal
+ galaxy_tags:
+ - docker
+ - traefik
+ - inverseproxy
diff --git a/tasks/main.yml b/tasks/main.yml
index ed8c063..6e3c48e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,161 +1,161 @@
---
- name: Include OS-specific variables.
- include_vars: "{{ ansible_os_family }}.yml"
+ ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
- name: Install apt-transport-https package
- apt:
- name: apt-transport-https
- install_recommends: false
- state: latest
+ ansible.builtin.apt:
+ name: apt-transport-https
+ install_recommends: false
+ state: latest
when: ansible_os_family == "Debian"
- name: Install OS packages
- package:
- name: "{{ packages_to_install }}"
- state: latest
+ ansible.builtin.package:
+ name: "{{ packages_to_install }}"
+ state: latest
async: 120
poll: 10
when: not ansible_check_mode
- name: Check installed OS packages
- package:
- name: "{{ packages_to_install }}"
- state: latest
+ ansible.builtin.package:
+ name: "{{ packages_to_install }}"
+ state: latest
when: ansible_check_mode
- name: Create /etc/docker repo
- file:
- name: /etc/docker
- state: directory
- owner: root
- group: root
- mode: '0755'
-
-- name: securize docker daemon
- template:
- src: daemon.json.j2
- dest: /etc/docker/daemon.json
- owner: root
- group: root
- mode: '0644'
+ ansible.builtin.file:
+ name: /etc/docker
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
+
+- name: Securize docker daemon
+ ansible.builtin.template:
+ src: daemon.json.j2
+ dest: /etc/docker/daemon.json
+ owner: root
+ group: root
+ mode: '0644'
notify: restart docker daemon
- name: Create .docker repo
- file:
- name: /root/.docker
- state: directory
- owner: root
- group: root
- mode: '0750'
+ ansible.builtin.file:
+ name: /root/.docker
+ state: directory
+ owner: root
+ group: root
+ mode: '0750'
when: docker_registry_auth is defined
-- name: add specific repo auth
- copy:
- content: "{{ docker_registry_auth }}"
- dest: /root/.docker/config.json
- owner: root
- group: root
- mode: '0644'
+- name: Add specific repo auth
+ ansible.builtin.copy:
+ content: "{{ docker_registry_auth }}"
+ dest: /root/.docker/config.json
+ owner: root
+ group: root
+ mode: '0644'
when: docker_registry_auth is defined
- name: Create docker repo
- file:
- name: /home/docker/backups
- state: directory
- owner: root
- group: root
- mode: '0755'
+ ansible.builtin.file:
+ name: /home/docker/backups
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
## Install Proxy docker
- name: Create Inverse Proxy docker structure on server in /home/docker/inverseproxy
- file:
- name: /home/docker/inverseproxy
- state: directory
- owner: root
- group: root
- mode: '0755'
+ ansible.builtin.file:
+ name: /home/docker/inverseproxy
+ state: directory
+ owner: root
+ group: root
+ mode: '0755'
tags: docker_proxy
- name: Install proxy docker
- template:
- src: inverseproxy.yaml.j2
- dest: /home/docker/inverseproxy/docker-compose.yaml
- owner: root
- group: root
- mode: '0644'
+ ansible.builtin.template:
+ src: inverseproxy.yaml.j2
+ dest: /home/docker/inverseproxy/docker-compose.yaml
+ owner: root
+ group: root
+ mode: '0644'
tags: docker_proxy
notify:
- - start inverseproxy docker
+ - Start inverseproxy docker
- name: Copy Traefik configuration file
- template:
- src: traefik.toml.j2
- dest: "/home/docker/inverseproxy/traefik.toml"
- owner: root
- group: root
- mode: '0644'
+ ansible.builtin.template:
+ src: traefik.toml.j2
+ dest: "/home/docker/inverseproxy/traefik.toml"
+ owner: root
+ group: root
+ mode: '0644'
tags: docker_proxy
notify:
- - start inverseproxy docker
+ - Start inverseproxy docker
- name: Copy Docker Facts Collection script on server
- template:
- src: collect_docker_facts.sh.j2
- dest: /root/collect_docker_facts.sh
- owner: root
- group: root
- mode: '0700'
-
-- name: add cron job to check Docker versions every day
- cron:
- name: collect docker facts
- minute: "1"
- hour: "2"
- job: /root/collect_docker_facts.sh
+ ansible.builtin.template:
+ src: collect_docker_facts.sh.j2
+ dest: /root/collect_docker_facts.sh
+ owner: root
+ group: root
+ mode: '0700'
+
+- name: Add cron job to check Docker versions every day
+ ansible.builtin.cron:
+ name: collect docker facts
+ minute: "1"
+ hour: "2"
+ job: /root/collect_docker_facts.sh
# Flush handlers in order to be able to restart docker daemon with new config and retrieve vars
- name: Flush handlers
- meta: flush_handlers
+ ansible.builtin.meta: flush_handlers
- name: Enable service docker
ansible.builtin.service:
- name: docker
- enabled: yes
+ name: docker
+ enabled: true
- name: Start service docker, if not started
ansible.builtin.service:
- name: docker
- state: started
+ name: docker
+ state: started
- name: Retrieve subuid for dockremap
- command: grep dockremap /etc/subuid
+ ansible.builtin.command: grep dockremap /etc/subuid
register: dockremap_subuid_output
when: docker_userns_remap
- name: Retrieve subgid for dockremap
- command: grep dockremap /etc/subgid
+ ansible.builtin.command: grep dockremap /etc/subgid
register: dockremap_subgid_output
when: docker_userns_remap
- name: Save uid to hostvars for dockremap user
- lineinfile:
- name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
- regexp: "dockremap_subuid:"
- line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
- create: true
- mode: '0664'
+ ansible.builtin.lineinfile:
+ name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
+ regexp: "dockremap_subuid:"
+ line: "dockremap_subuid: {{ dockremap_subuid_output.stdout.split(':')[1] }}"
+ create: true
+ mode: '0664'
connection: local
become: false
delegate_to: localhost
when: docker_userns_remap and dockremap_subuid_output.stdout is defined and not ansible_check_mode
- name: Save gid to hostvars for dockremap user
- lineinfile:
- name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
- regexp: "dockremap_subgid:"
- line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
- create: true
- mode: '0664'
+ ansible.builtin.lineinfile:
+ name: "{{ inventory_dir }}/host_vars/{{ inventory_hostname }}"
+ regexp: "dockremap_subgid:"
+ line: "dockremap_subgid: {{ dockremap_subgid_output.stdout.split(':')[1] }}"
+ create: true
+ mode: '0664'
connection: local
become: false
delegate_to: localhost
diff --git a/vars/Debian.yml b/vars/Debian.yml
index 31c2c6d..a98252f 100644
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -1,13 +1,13 @@
---
packages_to_install:
- - build-essential
- - ca-certificates
- - curl
- - docker.io
- - docker-compose
- - git
- - python3-dev
- - python3-docker
- - python3-pip
- - python3-setuptools
- - software-properties-common
+ - build-essential
+ - ca-certificates
+ - curl
+ - docker.io
+ - docker-compose
+ - git
+ - python3-dev
+ - python3-docker
+ - python3-pip
+ - python3-setuptools
+ - software-properties-common
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 191baf6..f65e35f 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -1,19 +1,19 @@
---
packages_to_remove:
- - docker
- - docker-client
- - docker-client-latest
- - docker-common
- - docker-engine
- - docker-latest
- - docker-latest-logrotate
- - docker-logrotate
+ - docker
+ - docker-client
+ - docker-client-latest
+ - docker-common
+ - docker-engine
+ - docker-latest
+ - docker-latest-logrotate
+ - docker-logrotate
packages_to_install:
- - device-mapper-persistent-data
- - docker-ce
- - gcc
- - lvm2
- - python3-devel
- - python3-docker
- - python3-pip
- - python3-setuptools
+ - device-mapper-persistent-data
+ - docker-ce
+ - gcc
+ - lvm2
+ - python3-devel
+ - python3-docker
+ - python3-pip
+ - python3-setuptools
--
GitLab