From c5e3890de6cbe852ed2c7849afd99eb09dbf7c1f Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 12:40:25 +0100 Subject: [PATCH 01/11] linter --- .../roles/wordpress/tasks/main.yml | 139 ++++++++++++------ .../{wp-config.php => wp-config.php.j2} | 0 2 files changed, 95 insertions(+), 44 deletions(-) rename wordpress-nginx_rhel7/roles/wordpress/templates/{wp-config.php => wp-config.php.j2} (100%) diff --git a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml index 811e69bd3..65f0b50be 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml @@ -1,60 +1,111 @@ --- -- name: Download WordPress - get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz - sha256sum="{{ wp_sha256sum }}" - -- name: Extract archive - command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress - - name: Add group "wordpress" - group: name=wordpress + ansible.builtin.group: + name: wordpress - name: Add user "wordpress" - user: name=wordpress group=wordpress home=/srv/wordpress/ + ansible.builtin.user: + name: wordpress + group: wordpress + home: /srv/wordpress/ + +- name: Download & Extract WordPress + ansible.builtin.unarchive: + src: "http://wordpress.org/wordpress-{{ wp_version }}.tar.gz" + dest: /srv/wordpress + owner: wordpress + group: wordpress + mode: u=rwX,g=rwX,o=rX + remote_src: true - name: Fetch random salts for WordPress config - local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/ - register: "wp_salt" - become: no + ansible.builtin.uri: + url: https://api.wordpress.org/secret-key/1.1/salt/ + delegate_to: localhost + register: wp_salt + become: false - name: Create WordPress database - mysql_db: name={{ wp_db_name }} state=present + community.mysql.mysql_db: + name: "{{ wp_db_name }}" + state: present - name: Create WordPress database user - mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present + community.mysql.mysql_user: + name: "{{ wp_db_user }}" + password: "{{ wp_db_password }}" + priv: "{{ wp_db_name }}.*:ALL" + host: localhost + state: present - name: Copy WordPress config file - template: src=wp-config.php dest=/srv/wordpress/ + ansible.builtin.template: + src: wp-config.php.j2 + dest: /srv/wordpress/ + owner: wordpress + group: wordpress + mode: u=r,g=r,o= - name: Change ownership of WordPress installation - file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes - -- name: install SEManage - yum: pkg=policycoreutils-python state=present - -- name: set the SELinux policy for the Wordpress directory - command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?" - -- name: set the SELinux policy for wp-config.php - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php" - -- name: set the SELinux policy for wp-content directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?" - -- name: set the SELinux policy for the *.php files - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php" - -- name: set the SELinux policy for the Upgrade directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?" - -- name: set the SELinux policy for the Uploads directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?" - -- name: set the SELinux policy for the wp-includes php files - command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php" - -- name: set the SELinux on all the Files - command: restorecon -Rv /srv/wordpress + ansible.builtin.file: + path: /srv/wordpress/ + owner: wordpress + group: wordpress + state: directory + recurse: true + +- name: Install SEManage + ansible.builtin.yum: + pkg: policycoreutils-python + state: present + +- name: Set the SELinux policy for the Wordpress directory + community.general.sefcontext: + target: '/srv/wordpress(/.*)?' + setype: httpd_sys_content_t + state: present + +- name: Set the SELinux policy for wp-config.php + community.general.sefcontext: + target: '/srv/wordpress/wp-config\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux policy for wp-content directory + community.general.sefcontext: + target: '/srv/wordpress/wp-content(/.*)?' + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the *.php files + community.general.sefcontext: + target: '/srv/wordpress/.*\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux policy for the Upgrade directory + community.general.sefcontext: + target: "/srv/wordpress/wp-content/upgrade(/.*)?" + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the Uploads directory + community.general.sefcontext: + target: "/srv/wordpress/wp-content/uploads(/.*)?" + setype: httpd_sys_rw_content_t + state: present + +- name: Set the SELinux policy for the wp-includes php files + community.general.sefcontext: + target: '/srv/wordpress/wp-includes/.*\.php' + setype: httpd_sys_script_exec_t + state: present + +- name: Set the SELinux on all the Files + ansible.builtin.command: restorecon -Rv /srv/wordpress # noqa no-changed-when - name: Start php-fpm Service - service: name=php-fpm state=started enabled=yes + ansible.builtin.service: + name: php-fpm + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php b/wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php.j2 similarity index 100% rename from wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php rename to wordpress-nginx_rhel7/roles/wordpress/templates/wp-config.php.j2 From 6a5ca9ea0e643d75920e23efc244bbbaa64133a0 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 13:21:54 +0100 Subject: [PATCH 02/11] wordpress linter --- .../LICENSE.md | 0 .../README.md | 0 .../group_vars/all | 0 .../hosts.example | 0 .../roles/common/files/RPM-GPG-KEY-EPEL-6 | 0 .../roles/common/files/epel.repo | 0 .../roles/common/files/iptables-save | 0 .../roles/common/handlers/main.yml | 0 .../roles/common/tasks/main.yml | 0 .../roles/mysql/handlers/main.yml | 0 .../roles/mysql/tasks/main.yml | 10 +-- .../roles/mysql/templates/my.cnf.j2 | 0 .../roles/nginx/handlers/main.yml | 0 .../roles/nginx/tasks/main.yml | 0 .../roles/nginx/templates/default.conf | 0 .../roles/php-fpm/handlers/main.yml | 0 .../roles/php-fpm/tasks/main.yml | 0 .../roles/php-fpm/templates/wordpress.conf | 0 .../roles/wordpress/tasks/main.yml | 7 +- .../roles/wordpress/templates/wp-config.php | 0 .../site.yml | 0 .../roles/common/files/RPM-GPG-KEY-EPEL-7 | 29 -------- .../roles/common/files/RPM-GPG-KEY-NGINX | 28 -------- .../roles/common/files/RPM-GPG-KEY-remi | 24 ------- .../roles/common/files/epel.repo | 8 --- .../roles/common/files/nginx.repo | 18 +++-- .../roles/common/files/remi.repo | 67 ------------------- .../roles/common/tasks/main.yml | 43 ++++++++---- .../roles/mariadb/handlers/main.yml | 7 +- .../roles/mariadb/tasks/main.yml | 51 +++++++++----- .../roles/nginx/handlers/main.yml | 8 ++- .../roles/nginx/tasks/main.yml | 29 +++++--- .../{default.conf => default.conf.j2} | 0 .../roles/php-fpm/handlers/main.yml | 6 +- .../roles/php-fpm/tasks/main.yml | 12 +++- 35 files changed, 132 insertions(+), 215 deletions(-) rename {wordpress-nginx => wordpress-nginx_rhel6}/LICENSE.md (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/README.md (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/group_vars/all (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/hosts.example (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/RPM-GPG-KEY-EPEL-6 (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/epel.repo (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/files/iptables-save (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/common/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/tasks/main.yml (79%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/mysql/templates/my.cnf.j2 (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/nginx/templates/default.conf (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/handlers/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/tasks/main.yml (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/php-fpm/templates/wordpress.conf (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/wordpress/tasks/main.yml (90%) rename {wordpress-nginx => wordpress-nginx_rhel6}/roles/wordpress/templates/wp-config.php (100%) rename {wordpress-nginx => wordpress-nginx_rhel6}/site.yml (100%) delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX delete mode 100644 wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi delete mode 100644 wordpress-nginx_rhel7/roles/common/files/epel.repo delete mode 100644 wordpress-nginx_rhel7/roles/common/files/remi.repo rename wordpress-nginx_rhel7/roles/nginx/templates/{default.conf => default.conf.j2} (100%) diff --git a/wordpress-nginx/LICENSE.md b/wordpress-nginx_rhel6/LICENSE.md similarity index 100% rename from wordpress-nginx/LICENSE.md rename to wordpress-nginx_rhel6/LICENSE.md diff --git a/wordpress-nginx/README.md b/wordpress-nginx_rhel6/README.md similarity index 100% rename from wordpress-nginx/README.md rename to wordpress-nginx_rhel6/README.md diff --git a/wordpress-nginx/group_vars/all b/wordpress-nginx_rhel6/group_vars/all similarity index 100% rename from wordpress-nginx/group_vars/all rename to wordpress-nginx_rhel6/group_vars/all diff --git a/wordpress-nginx/hosts.example b/wordpress-nginx_rhel6/hosts.example similarity index 100% rename from wordpress-nginx/hosts.example rename to wordpress-nginx_rhel6/hosts.example diff --git a/wordpress-nginx/roles/common/files/RPM-GPG-KEY-EPEL-6 b/wordpress-nginx_rhel6/roles/common/files/RPM-GPG-KEY-EPEL-6 similarity index 100% rename from wordpress-nginx/roles/common/files/RPM-GPG-KEY-EPEL-6 rename to wordpress-nginx_rhel6/roles/common/files/RPM-GPG-KEY-EPEL-6 diff --git a/wordpress-nginx/roles/common/files/epel.repo b/wordpress-nginx_rhel6/roles/common/files/epel.repo similarity index 100% rename from wordpress-nginx/roles/common/files/epel.repo rename to wordpress-nginx_rhel6/roles/common/files/epel.repo diff --git a/wordpress-nginx/roles/common/files/iptables-save b/wordpress-nginx_rhel6/roles/common/files/iptables-save similarity index 100% rename from wordpress-nginx/roles/common/files/iptables-save rename to wordpress-nginx_rhel6/roles/common/files/iptables-save diff --git a/wordpress-nginx/roles/common/handlers/main.yml b/wordpress-nginx_rhel6/roles/common/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/common/handlers/main.yml rename to wordpress-nginx_rhel6/roles/common/handlers/main.yml diff --git a/wordpress-nginx/roles/common/tasks/main.yml b/wordpress-nginx_rhel6/roles/common/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/common/tasks/main.yml rename to wordpress-nginx_rhel6/roles/common/tasks/main.yml diff --git a/wordpress-nginx/roles/mysql/handlers/main.yml b/wordpress-nginx_rhel6/roles/mysql/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/mysql/handlers/main.yml rename to wordpress-nginx_rhel6/roles/mysql/handlers/main.yml diff --git a/wordpress-nginx/roles/mysql/tasks/main.yml b/wordpress-nginx_rhel6/roles/mysql/tasks/main.yml similarity index 79% rename from wordpress-nginx/roles/mysql/tasks/main.yml rename to wordpress-nginx_rhel6/roles/mysql/tasks/main.yml index 4236c52eb..ce0043e99 100644 --- a/wordpress-nginx/roles/mysql/tasks/main.yml +++ b/wordpress-nginx_rhel6/roles/mysql/tasks/main.yml @@ -2,10 +2,10 @@ - name: Install Mysql package yum: name={{ item }} state=present with_items: - - mysql-server - - MySQL-python - - libselinux-python - - libsemanage-python + - mysql-server + - MySQL-python + - libselinux-python + - libsemanage-python - name: Configure SELinux to start mysql on any port seboolean: name=mysql_connect_any state=true persistent=yes @@ -14,7 +14,7 @@ - name: Create Mysql configuration file template: src=my.cnf.j2 dest=/etc/my.cnf notify: - - restart mysql + - restart mysql - name: Start Mysql Service service: name=mysqld state=started enabled=yes diff --git a/wordpress-nginx/roles/mysql/templates/my.cnf.j2 b/wordpress-nginx_rhel6/roles/mysql/templates/my.cnf.j2 similarity index 100% rename from wordpress-nginx/roles/mysql/templates/my.cnf.j2 rename to wordpress-nginx_rhel6/roles/mysql/templates/my.cnf.j2 diff --git a/wordpress-nginx/roles/nginx/handlers/main.yml b/wordpress-nginx_rhel6/roles/nginx/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/nginx/handlers/main.yml rename to wordpress-nginx_rhel6/roles/nginx/handlers/main.yml diff --git a/wordpress-nginx/roles/nginx/tasks/main.yml b/wordpress-nginx_rhel6/roles/nginx/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/nginx/tasks/main.yml rename to wordpress-nginx_rhel6/roles/nginx/tasks/main.yml diff --git a/wordpress-nginx/roles/nginx/templates/default.conf b/wordpress-nginx_rhel6/roles/nginx/templates/default.conf similarity index 100% rename from wordpress-nginx/roles/nginx/templates/default.conf rename to wordpress-nginx_rhel6/roles/nginx/templates/default.conf diff --git a/wordpress-nginx/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel6/roles/php-fpm/handlers/main.yml similarity index 100% rename from wordpress-nginx/roles/php-fpm/handlers/main.yml rename to wordpress-nginx_rhel6/roles/php-fpm/handlers/main.yml diff --git a/wordpress-nginx/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel6/roles/php-fpm/tasks/main.yml similarity index 100% rename from wordpress-nginx/roles/php-fpm/tasks/main.yml rename to wordpress-nginx_rhel6/roles/php-fpm/tasks/main.yml diff --git a/wordpress-nginx/roles/php-fpm/templates/wordpress.conf b/wordpress-nginx_rhel6/roles/php-fpm/templates/wordpress.conf similarity index 100% rename from wordpress-nginx/roles/php-fpm/templates/wordpress.conf rename to wordpress-nginx_rhel6/roles/php-fpm/templates/wordpress.conf diff --git a/wordpress-nginx/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml similarity index 90% rename from wordpress-nginx/roles/wordpress/tasks/main.yml rename to wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml index 9028a89ed..001531c06 100644 --- a/wordpress-nginx/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel6/roles/wordpress/tasks/main.yml @@ -1,7 +1,6 @@ --- - name: Download WordPress - get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz - sha256sum="{{ wp_sha256sum }}" + get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz sha256sum="{{ wp_sha256sum }}" - name: Extract archive unarchive: @@ -18,8 +17,8 @@ - name: Fetch random salts for WordPress config get_url: url: https://api.wordpress.org/secret-key/1.1/salt/ - register: "wp_salt" - become: no + register: wp_salt + become: false become_method: sudo changed_when: true delegate_to: localhost diff --git a/wordpress-nginx/roles/wordpress/templates/wp-config.php b/wordpress-nginx_rhel6/roles/wordpress/templates/wp-config.php similarity index 100% rename from wordpress-nginx/roles/wordpress/templates/wp-config.php rename to wordpress-nginx_rhel6/roles/wordpress/templates/wp-config.php diff --git a/wordpress-nginx/site.yml b/wordpress-nginx_rhel6/site.yml similarity index 100% rename from wordpress-nginx/site.yml rename to wordpress-nginx_rhel6/site.yml diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index a1d6f2583..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX deleted file mode 100644 index 2528b45b7..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-NGINX +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (FreeBSD) - -mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH -W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I -QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE -fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt -97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5 -XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg -a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoBQJOTjJiAhsDBQkJ -ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCr9b2Ce9m/YpvjB/98uV4t -94d0oEh5XlqEZzVMrcTgPQ3BZt05N5xVuYaglv7OQtdlErMXmRWaFZEqDaMHdniC -sF63jWMd29vC4xpzIfmsLK3ce9oYo4t9o4WWqBUdf0Ff1LMz1dfLG2HDtKPfYg3C -8NESud09zuP5NohaE8Qzj/4p6rWDiRpuZ++4fnL3Dt3N6jXILwr/TM/Ma7jvaXGP -DO3kzm4dNKp5b5bn2nT2QWLPnEKxvOg5Zoej8l9+KFsUnXoWoYCkMQ2QTpZQFNwF -xwJGoAz8K3PwVPUrIL6b1lsiNovDgcgP0eDgzvwLynWKBPkRRjtgmWLoeaS9FAZV -ccXJMmANXJFuCf26iQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S -YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx -JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/ -Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk -RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J -SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf -Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6 -cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f -YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y -Va3l3WuB+rgKjsQ= -=A015 ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi b/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi deleted file mode 100644 index 328338606..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/RPM-GPG-KEY-remi +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.7 (GNU/Linux) - -mQGiBEJny1wRBACRnbQgZ6qLmJSuGvi/EwrRL6aW610BbdpLQRL3dnwy5wI5t9T3 -/JEiEJ7GTvAwfiisEHifMfk2sRlWRf2EDQFttHyrrYXfY5L6UAF2IxixK5FL7PWA -/2a7tkw1IbCbt4IGG0aZJ6/xgQejrOLi4ewniqWuXCc+tLuWBZrGpE2QfwCggZ+L -0e6KPTHMP97T4xV81e3Ba5MD/3NwOQh0pVvZlW66Em8IJnBgM+eQh7pl4xq7nVOh -dEMJwVU0wDRKkXqQVghOxALOSAMapj5mDppEDzGLZHZNSRcvGEs2iPwo9vmY+Qhp -AyEBzE4blNR8pwPtAwL0W3cBKUx7ZhqmHr2FbNGYNO/hP4tO2ochCn5CxSwAfN1B -Qs5pBACOkTZMNC7CLsSUT5P4+64t04x/STlAFczEBcJBLF1T16oItDITJmAsPxbY -iee6JRfXmZKqmDP04fRdboWMcRjfDfCciSdIeGqP7vMcO25bDZB6x6++fOcmQpyD -1Fag3ZUq2yojgXWqVrgFHs/HB3QE7UQkykNp1fjQGbKK+5mWTrQkUmVtaSBDb2xs -ZXQgPFJQTVNARmFtaWxsZUNvbGxldC5jb20+iGAEExECACAFAkZ+MYoCGwMGCwkI -BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAATm9HAPl/Vv/UAJ9EL8ioMTsz/2EPbNuQ -MP5Xx/qPLACeK5rk2hb8VFubnEsbVxnxfxatGZ25AQ0EQmfLXRAEANwGvY+mIZzj -C1L5Nm2LbSGZNTN3NMbPFoqlMfmym8XFDXbdqjAHutGYEZH/PxRI6GC8YW5YK4E0 -HoBAH0b0F97JQEkKquahCakj0P5mGuH6Q8gDOfi6pHimnsSAGf+D+6ZwAn8bHnAa -o+HVmEITYi6s+Csrs+saYUcjhu9zhyBfAAMFA/9Rmfj9/URdHfD1u0RXuvFCaeOw -CYfH2/nvkx+bAcSIcbVm+tShA66ybdZ/gNnkFQKyGD9O8unSXqiELGcP8pcHTHsv -JzdD1k8DhdFNhux/WPRwbo/es6QcpIPa2JPjBCzfOTn9GXVdT4pn5tLG2gHayudK -8Sj1OI2vqGLMQzhxw4hJBBgRAgAJBQJCZ8tdAhsMAAoJEABOb0cA+X9WcSAAn11i -gC5ns/82kSprzBOU0BNwUeXZAJ0cvNmY7rvbyiJydyLsSxh/la6HKw== -=6Rbg ------END PGP PUBLIC KEY BLOCK----- diff --git a/wordpress-nginx_rhel7/roles/common/files/epel.repo b/wordpress-nginx_rhel7/roles/common/files/epel.repo deleted file mode 100644 index 0301cc746..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/epel.repo +++ /dev/null @@ -1,8 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux 7 - $basearch -#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch -mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch -failovermethod=priority -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/nginx.repo b/wordpress-nginx_rhel7/roles/common/files/nginx.repo index 9060b8d7c..fd254d868 100644 --- a/wordpress-nginx_rhel7/roles/common/files/nginx.repo +++ b/wordpress-nginx_rhel7/roles/common/files/nginx.repo @@ -1,7 +1,15 @@ -[nginx] -name=Nginx repo - $basearch -baseurl=http://nginx.org/packages/centos/7/$basearch -failovermethod=priority +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NGINX +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true \ No newline at end of file diff --git a/wordpress-nginx_rhel7/roles/common/files/remi.repo b/wordpress-nginx_rhel7/roles/common/files/remi.repo deleted file mode 100644 index aaae795ec..000000000 --- a/wordpress-nginx_rhel7/roles/common/files/remi.repo +++ /dev/null @@ -1,67 +0,0 @@ -# Repository: http://rpms.remirepo.net/ -# Blog: http://blog.remirepo.net/ -# Forum: http://forum.remirepo.net/ - -[remi] -name=Remi's RPM repository for Enterprise Linux 7 - $basearch -baseurl=http://rpms.remirepo.net/enterprise/7/remi/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/remi/mirror -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php55] -name=Remi's PHP 5.5 RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/php55/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/php55/mirror -# NOTICE: common dependencies are in "remi-safe" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php56] -name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/php56/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror -# NOTICE: common dependencies are in "remi-safe" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-test] -name=Remi's test RPM repository for Enterprise Linux 7 - $basearch -#baseurl=http://rpms.remirepo.net/enterprise/7/test/$basearch/ -mirrorlist=http://rpms.remirepo.net/enterprise/7/test/mirror -# WARNING: If you enable this repository, you must also enable "remi" -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-debuginfo] -name=Remi's RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-remi/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php55-debuginfo] -name=Remi's PHP 5.5 RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-php55/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-php56-debuginfo] -name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-php56/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - -[remi-test-debuginfo] -name=Remi's test RPM repository for Enterprise Linux 7 - $basearch - debuginfo -baseurl=http://rpms.remirepo.net/enterprise/7/debug-test/$basearch/ -enabled=0 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi - diff --git a/wordpress-nginx_rhel7/roles/common/tasks/main.yml b/wordpress-nginx_rhel7/roles/common/tasks/main.yml index 7bf0738ea..03e4c65fc 100644 --- a/wordpress-nginx_rhel7/roles/common/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/common/tasks/main.yml @@ -1,24 +1,41 @@ --- - name: Copy the NGINX repository definition - copy: src=nginx.repo dest=/etc/yum.repos.d/ + ansible.builtin.copy: + src: nginx.repo + dest: /etc/yum.repos.d/ -- name: Copy the EPEL repository definition - copy: src=epel.repo dest=/etc/yum.repos.d/ +- name: Install the EPEL repository definition + ansible.builtin.yum: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" + state: present -- name: Copy the REMI repository definition - copy: src=remi.repo dest=/etc/yum.repos.d/ +- name: Install the REMI repository definition + ansible.builtin.yum: + name: https://rpms.remirepo.net/enterprise/remi-release-7.rpm + state: present - name: Create the GPG key for NGINX - copy: src=RPM-GPG-KEY-NGINX dest=/etc/pki/rpm-gpg + ansible.builtin.rpm_key: + state: present + key: https://nginx.org/keys/nginx_signing.key -- name: Create the GPG key for EPEL - copy: src=RPM-GPG-KEY-EPEL-7 dest=/etc/pki/rpm-gpg +- name: Create the GPG key for EPEL 7 + ansible.builtin.rpm_key: + state: present + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + +- name: Create the GPG key for Remi Repo EL 7 + ansible.builtin.rpm_key: + state: present + key: https://rpms.remirepo.net/enterprise/7/RPM-GPG-KEY-remi -- name: Create the GPG key for REMI - copy: src=RPM-GPG-KEY-remi dest=/etc/pki/rpm-gpg - - name: Install Firewalld - yum: name=firewalld state=present + ansible.builtin.yum: + name: firewalld + state: present - name: Firewalld service state - service: name=firewalld state=started enabled=yes + ansible.builtin.service: + name: firewalld + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml index 37c068354..2dd99755f 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/handlers/main.yml @@ -1,5 +1,8 @@ --- # Handler to handle DB tier notifications -- name: restart mariadb - service: name=mariadb state=restarted +- name: Restart mariadb + ansible.builtin.service: + name: mariadb + state: restarted + listen: restart_mariadb diff --git a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml index 5f930bf8c..1aa3f2ff5 100644 --- a/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/mariadb/tasks/main.yml @@ -1,28 +1,49 @@ --- # This playbook will install MariaDB and create db user and give permissions. - - name: Install MariaDB package - yum: name={{ item }} state=installed - with_items: - - mariadb-server - - MySQL-python - - libselinux-python - - libsemanage-python + ansible.builtin.yum: + name: "{{ mariadb_packages }}" + state: installed + vars: + mariadb_packages: + - mariadb-server + - MySQL-python + - libselinux-python + - libsemanage-python - name: Configure SELinux to start mysql on any port - seboolean: name=mysql_connect_any state=true persistent=yes + ansible.posix.seboolean: + name: mysql_connect_any + state: true + persistent: true - name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf + ansible.builtin.template: + src: my.cnf.j2 + dest: /etc/my.cnf + owner: root + group: mysql + mode: u=rw,g=r,o=r notify: - - restart mariadb + - restart_mariadb - name: Create MariaDB log file - file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775 + ansible.builtin.file: + path: /var/log/mysqld.log + state: touch + owner: mysql + group: mysql + mode: u=rwx,g=rwx,o=rx - name: Start MariaDB Service - service: name=mariadb state=started enabled=yes + ansible.builtin.service: + name: mariadb + state: started + enabled: true -- name: insert firewalld rule - firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes - ignore_errors: yes +- name: Insert firewalld rule + ansible.posix.firewalld: + port: "{{ mysql_port }}/tcp " + permanent: true + state: enabled + immediate: true diff --git a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml index 16d819248..14f7cca86 100644 --- a/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/handlers/main.yml @@ -1,3 +1,7 @@ --- -- name: restart nginx - service: name=nginx state=restarted enabled=yes +- name: Restart nginx + ansible.builtin.service: + name: nginx + state: restarted + enabled: true + listen: restart_nginx diff --git a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml index 14fae22f7..4cff0caa7 100644 --- a/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/nginx/tasks/main.yml @@ -1,14 +1,27 @@ --- - name: Install nginx - yum: name=nginx state=present + ansible.builtin.yum: + name: nginx + state: present - name: Copy nginx configuration for wordpress - template: src=default.conf dest=/etc/nginx/conf.d/default.conf - notify: restart nginx + ansible.builtin.template: + src: default.conf + dest: /etc/nginx/conf.d/default.conf + owner: nginx + group: nginx + mode: u=rwX,g=rwX,o=rX + notify: restart_nginx -- name: insert firewalld rule for nginx - firewalld: port={{ nginx_port }}/tcp permanent=true state=enabled immediate=yes - ignore_errors: yes +- name: Insert firewalld rule for nginx + ansible.posix.firewalld: + port: "{{ nginx_port }}/tcp" + permanent: true + state: enabled + immediate: true -- name: http service state - service: name=nginx state=started enabled=yes +- name: Http service state + ansible.builtin.service: + name: nginx + state: started + enabled: true diff --git a/wordpress-nginx_rhel7/roles/nginx/templates/default.conf b/wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 similarity index 100% rename from wordpress-nginx_rhel7/roles/nginx/templates/default.conf rename to wordpress-nginx_rhel7/roles/nginx/templates/default.conf.j2 diff --git a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml index 6a975ad85..88af85037 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/handlers/main.yml @@ -1,3 +1,5 @@ --- -- name: restart php-fpm - service: name=php-fpm state=restarted +- name: Restart php-fpm + ansible.builtin.service: + name: php-fpm + state: restarted diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml index 4778ce157..9efd11a71 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml @@ -1,6 +1,9 @@ --- - name: Install php-fpm and deps - yum: name={{ item }} state=present + ansible.builtin.yum: + name: "{{" + state: present + cmd: item }} with_items: - php - php-fpm @@ -14,9 +17,12 @@ - php-xml - name: Disable default pool - command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled + ansible.builtin.command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled notify: restart php-fpm - name: Copy php-fpm configuration - template: src=wordpress.conf dest=/etc/php-fpm.d/ + ansible.builtin.template: + src: wordpress.conf + dest: /etc/php-fpm.d/ + notify: restart php-fpm From 60cd937ce70ea2242a93e36303cfcc14a9830b7d Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 14:08:48 +0100 Subject: [PATCH 03/11] linted tomcat-standalone & windows --- .../roles/lb-nginx/tasks/main.yml | 20 +-- .../roles/tomcat/tasks/main.yml | 42 ++--- tomcat-memcached-failover/site.yml | 8 +- .../roles/selinux/tasks/main.yml | 34 ++-- .../roles/tomcat/handlers/main.yml | 13 +- tomcat-standalone/roles/tomcat/tasks/main.yml | 161 ++++++++++++------ .../{iptables-save => iptables-save.j2} | 0 .../templates/{server.xml => server.xml.j2} | 0 .../{tomcat-users.xml => tomcat-users.xml.j2} | 0 tomcat-standalone/site.yml | 5 +- windows/create-user.yml | 2 +- windows/deploy-site.yml | 10 +- windows/enable-iis.yml | 10 +- windows/install-msi.yml | 17 +- windows/ping.yml | 9 +- windows/run-powershell.yml | 4 +- windows/test.yml | 39 +++-- windows/wamp_haproxy/demo-aws-wamp-launch.yml | 86 +++++----- windows/wamp_haproxy/roles/elb/tasks/main.yml | 5 +- windows/wamp_haproxy/roles/iis/tasks/main.yml | 10 +- .../wamp_haproxy/roles/mssql/tasks/main.yml | 5 +- windows/wamp_haproxy/roles/web/tasks/main.yml | 6 +- windows/wamp_haproxy/rolling_update.yml | 49 +++--- windows/wamp_haproxy/site.yml | 84 ++++----- .../roles/php-fpm/tasks/main.yml | 2 +- .../roles/wordpress/tasks/main.yml | 16 +- 26 files changed, 352 insertions(+), 285 deletions(-) rename tomcat-standalone/roles/tomcat/templates/{iptables-save => iptables-save.j2} (100%) rename tomcat-standalone/roles/tomcat/templates/{server.xml => server.xml.j2} (100%) rename tomcat-standalone/roles/tomcat/templates/{tomcat-users.xml => tomcat-users.xml.j2} (100%) diff --git a/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml b/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml index 6a9c9359b..79c5dd6d0 100644 --- a/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml +++ b/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml @@ -1,14 +1,14 @@ --- - - name: Install nginx - yum: name=nginx state=present +- name: Install nginx + yum: name=nginx state=present - - name: Deliver main configuration file - template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf - notify: restart nginx +- name: Deliver main configuration file + template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf + notify: restart nginx - - name: Copy configuration file to nginx/sites-avaiable - template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf - notify: restart nginx +- name: Copy configuration file to nginx/sites-avaiable + template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf + notify: restart nginx - - name: Make sure nginx start with boot - service: name=nginx state=started enabled=yes +- name: Make sure nginx start with boot + service: name=nginx state=started enabled=yes diff --git a/tomcat-memcached-failover/roles/tomcat/tasks/main.yml b/tomcat-memcached-failover/roles/tomcat/tasks/main.yml index bae4ee6a2..4639eab93 100644 --- a/tomcat-memcached-failover/roles/tomcat/tasks/main.yml +++ b/tomcat-memcached-failover/roles/tomcat/tasks/main.yml @@ -1,27 +1,27 @@ --- - - name: Install OpenJDK - yum: name=java-1.7.0-openjdk state=present +- name: Install OpenJDK + yum: name=java-1.7.0-openjdk state=present - - name: Install Tomcat - yum: name=tomcat state=present +- name: Install Tomcat + yum: name=tomcat state=present - - name: Deliver configuration files for tomcat - template: src={{ item.src }} dest={{ item.dest }} backup=yes - with_items: - - { src: 'default.j2', dest: '/etc/tomcat/default' } - - { src: 'server.xml.j2', dest: '/etc/tomcat/server.xml' } - - { src: 'context.xml.j2', dest: '/etc/tomcat/context.xml' } - notify: restart tomcat +- name: Deliver configuration files for tomcat + template: src={{ item.src }} dest={{ item.dest }} backup=yes + with_items: + - { src: default.j2, dest: /etc/tomcat/default } + - { src: server.xml.j2, dest: /etc/tomcat/server.xml } + - { src: context.xml.j2, dest: /etc/tomcat/context.xml } + notify: restart tomcat - - name: Deliver libraries support memcached - get_url: url="{{ item }}" dest=/usr/share/tomcat/lib/ - with_items: - - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/1.8.0/memcached-session-manager-1.8.0.jar - - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc7/1.8.0/memcached-session-manager-tc7-1.8.0.jar - - https://spymemcached.googlecode.com/files/spymemcached-2.10.2.jar +- name: Deliver libraries support memcached + get_url: url="{{ item }}" dest=/usr/share/tomcat/lib/ + with_items: + - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/1.8.0/memcached-session-manager-1.8.0.jar + - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc7/1.8.0/memcached-session-manager-tc7-1.8.0.jar + - https://spymemcached.googlecode.com/files/spymemcached-2.10.2.jar - - name: Deploy sample app - copy: src=msm-sample-webapp-1.0-SNAPSHOT.war dest=/var/lib/tomcat/webapps/ROOT.war owner=tomcat group=tomcat +- name: Deploy sample app + copy: src=msm-sample-webapp-1.0-SNAPSHOT.war dest=/var/lib/tomcat/webapps/ROOT.war owner=tomcat group=tomcat - - name: Start tomcat service - service: name=tomcat state=started enabled=yes +- name: Start tomcat service + service: name=tomcat state=started enabled=yes diff --git a/tomcat-memcached-failover/site.yml b/tomcat-memcached-failover/site.yml index 718c199d9..47839925d 100644 --- a/tomcat-memcached-failover/site.yml +++ b/tomcat-memcached-failover/site.yml @@ -2,19 +2,19 @@ - hosts: all remote_user: root roles: - - common + - common - hosts: lb_servers remote_user: root roles: - - lb-nginx + - lb-nginx - hosts: backend_servers remote_user: root roles: - - tomcat + - tomcat - hosts: memcached_servers remote_user: root roles: - - memcached + - memcached diff --git a/tomcat-standalone/roles/selinux/tasks/main.yml b/tomcat-standalone/roles/selinux/tasks/main.yml index 441030156..d21337440 100644 --- a/tomcat-standalone/roles/selinux/tasks/main.yml +++ b/tomcat-standalone/roles/selinux/tasks/main.yml @@ -1,21 +1,21 @@ --- -# Download and install EPEL for Centos/RHEL version 6 -- name: Download EPEL Repo - Centos/RHEL 6 - get_url: url=http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm dest=/tmp/epel-release-latest-6.noarch.rpm - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'" +- name: Download and install EPEL for Centos/RHEL version 6 + ansible.builtin.yum: + name: http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm + state: present + when: + - ansible_os_family is match('RedHat') + - ansible_distribution_major_version is version('6') -- name: Install EPEL Repo - Centos/RHEL 6 - command: rpm -ivh /tmp/epel-release-latest-6.noarch.rpm creates=/etc/yum.repos.d/epel.repo - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'" - -# Download and install EPEL for Centos/RHEL version 7 -- name: Download EPEL Repo - Centos/RHEL 7 - get_url: url=http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm dest=/tmp/epel-release-latest-7.noarch.rpm - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'" - -- name: Install EPEL Repo - Centos/RHEL 7 - command: rpm -ivh /tmp/epel-release-latest-7.noarch.rpm creates=/etc/yum.repos.d/epel.repo - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'" +- name: Download and install EPEL for Centos/RHEL version 7 + ansible.builtin.yum: + name: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + state: present + when: + - ansible_os_family is match('RedHat') + - ansible_distribution_major_version is version('7') - name: Install libselinux-python - yum: name=libselinux-python + ansible.builtin.yum: + name: libselinux-python + state: present diff --git a/tomcat-standalone/roles/tomcat/handlers/main.yml b/tomcat-standalone/roles/tomcat/handlers/main.yml index 14a7028df..1d847dbb9 100644 --- a/tomcat-standalone/roles/tomcat/handlers/main.yml +++ b/tomcat-standalone/roles/tomcat/handlers/main.yml @@ -1,6 +1,11 @@ --- -- name: restart tomcat - service: name=tomcat state=restarted +- name: Restart tomcat + ansible.builtin.service: + name: tomcat + state: restarted + +- name: Restart iptables + ansible.builtin.service: + name: iptables + state: restarted -- name: restart iptables - service: name=iptables state=restarted diff --git a/tomcat-standalone/roles/tomcat/tasks/main.yml b/tomcat-standalone/roles/tomcat/tasks/main.yml index 8942adced..04b99e13f 100644 --- a/tomcat-standalone/roles/tomcat/tasks/main.yml +++ b/tomcat-standalone/roles/tomcat/tasks/main.yml @@ -1,53 +1,108 @@ ---- -- name: Install Java 1.7 - yum: name=java-1.7.0-openjdk state=present - -- name: add group "tomcat" - group: name=tomcat - -- name: add user "tomcat" - user: name=tomcat group=tomcat home=/usr/share/tomcat createhome=no - become: True - become_method: sudo - -- name: Download Tomcat - get_url: url=http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.61/bin/apache-tomcat-7.0.61.tar.gz dest=/opt/apache-tomcat-7.0.61.tar.gz - -- name: Extract archive - command: chdir=/usr/share /bin/tar xvf /opt/apache-tomcat-7.0.61.tar.gz -C /opt/ creates=/opt/apache-tomcat-7.0.61 - -- name: Symlink install directory - file: src=/opt/apache-tomcat-7.0.61 path=/usr/share/tomcat state=link - -- name: Change ownership of Tomcat installation - file: path=/usr/share/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes - -- name: Configure Tomcat server - template: src=server.xml dest=/usr/share/tomcat/conf/ - notify: restart tomcat - -- name: Configure Tomcat users - template: src=tomcat-users.xml dest=/usr/share/tomcat/conf/ - notify: restart tomcat - -- name: Install Tomcat init script - copy: src=tomcat-initscript.sh dest=/etc/init.d/tomcat mode=0755 - -- name: Start Tomcat - service: name=tomcat state=started enabled=yes - -- name: deploy iptables rules - template: src=iptables-save dest=/etc/sysconfig/iptables - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '6'" - notify: restart iptables - -- name: insert firewalld rule for tomcat http port - firewalld: port={{ http_port }}/tcp permanent=true state=enabled immediate=yes - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'" - -- name: insert firewalld rule for tomcat https port - firewalld: port={{ https_port }}/tcp permanent=true state=enabled immediate=yes - when: "ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'" - -- name: wait for tomcat to start - wait_for: port={{http_port}} +--- +- name: Install Java 1.7 + ansible.builtin.yum: + name: java-1.7.0-openjdk + state: present + +- name: Add group "tomcat" + ansible.builtin.group: + name: tomcat + +- name: Add user "tomcat" + ansible.builtin.user: + name: tomcat + group: tomcat + home: /usr/share/tomcat + createhome: false + become: true + +- name: Download & Extract Tomcat + ansible.builtin.unarchive: + src: http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.61/bin/apache-tomcat-7.0.61.tar.gz + dest: /opt/ + owner: tomcat + group: tomcat + mode: u=rwX,g=rwX,o=rX + remote_src: true + +- name: Symlink install directory + ansible.builtin.file: + src: /opt/apache-tomcat-7.0.61 + path: /usr/share/tomcat + state: link + +- name: Change ownership of Tomcat installation + ansible.builtin.file: + path: /usr/share/tomcat/ + owner: tomcat + group: tomcat + state: directory + recurse: true + +- name: Configure Tomcat server + ansible.builtin.template: + src: server.xml.j2 + dest: /usr/share/tomcat/conf/ + owner: root + group: tomcat + mode: u=rw,g=r,o=r + notify: restart tomcat + +- name: Configure Tomcat users + ansible.builtin.template: + src: tomcat-users.xml.j2 + dest: /usr/share/tomcat/conf/ + owner: root + group: tomcat + mode: u=rw,g=r,o=r + notify: restart tomcat + +- name: Install Tomcat init script + ansible.builtin.copy: + src: tomcat-initscript.sh + dest: /etc/init.d/tomcat + owner: root + group: root + mode: u=rwx,g=rx,o=rx + +- name: Start Tomcat + ansible.builtin.service: + name: tomcat + state: started + enabled: true + +- name: Deploy iptables rules + ansible.builtin.template: + src: iptables-save.j2 + dest: /etc/sysconfig/iptables + owner: root + group: root + mode: u=rw,g=,o= + when: + - ansible_os_family is match('RedHat') + - ansible_distribution_major_version is version('6') + notify: restart iptables + +- name: Insert firewalld rule for tomcat http port + ansible.posix.firewalld: + port: "{{ http_port }}/tcp " + permanent: true + state: enabled + immediate: true + when: + - ansible_os_family is match('RedHat') + - ansible_distribution_major_version is version('7') + +- name: Insert firewalld rule for tomcat https port + ansible.posix.firewalld: + port: "{{ https_port }}/tcp" + permanent: true + state: enabled + immediate: true + when: + - ansible_os_family is match('RedHat') + - ansible_distribution_major_version is version('7') + +- name: Wait for tomcat to start + ansible.builtin.wait_for: + port: "{{ http_port }}" diff --git a/tomcat-standalone/roles/tomcat/templates/iptables-save b/tomcat-standalone/roles/tomcat/templates/iptables-save.j2 similarity index 100% rename from tomcat-standalone/roles/tomcat/templates/iptables-save rename to tomcat-standalone/roles/tomcat/templates/iptables-save.j2 diff --git a/tomcat-standalone/roles/tomcat/templates/server.xml b/tomcat-standalone/roles/tomcat/templates/server.xml.j2 similarity index 100% rename from tomcat-standalone/roles/tomcat/templates/server.xml rename to tomcat-standalone/roles/tomcat/templates/server.xml.j2 diff --git a/tomcat-standalone/roles/tomcat/templates/tomcat-users.xml b/tomcat-standalone/roles/tomcat/templates/tomcat-users.xml.j2 similarity index 100% rename from tomcat-standalone/roles/tomcat/templates/tomcat-users.xml rename to tomcat-standalone/roles/tomcat/templates/tomcat-users.xml.j2 diff --git a/tomcat-standalone/site.yml b/tomcat-standalone/site.yml index 11e487053..103e4310b 100644 --- a/tomcat-standalone/site.yml +++ b/tomcat-standalone/site.yml @@ -1,9 +1,10 @@ --- # This playbook deploys a simple standalone Tomcat 7 server. -- hosts: tomcat-servers +- name: Deploy a simple standalone Tomcat 7 server + hosts: tomcat-servers remote_user: root - become: yes + become: true become_method: sudo roles: diff --git a/windows/create-user.yml b/windows/create-user.yml index 09ce6be38..31a5331be 100644 --- a/windows/create-user.yml +++ b/windows/create-user.yml @@ -4,7 +4,7 @@ gather_facts: false tasks: - name: Add User - win_user: + ansible.windows.win_user: name: ansible password: "@ns1bl3" state: present diff --git a/windows/deploy-site.yml b/windows/deploy-site.yml index 73f12c4ee..ece45b2ba 100644 --- a/windows/deploy-site.yml +++ b/windows/deploy-site.yml @@ -1,11 +1,11 @@ --- # This playbook uses the win_get_url module to download a simple HTML file for IIS -- name: Download simple web site - hosts: all +- name: Download simple web site + hosts: all gather_facts: false tasks: - name: Download simple web site to 'C:\inetpub\wwwroot\ansible.html' - win_get_url: - url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html' - dest: 'C:\inetpub\wwwroot\ansible.html' + ansible.windows.win_get_url: + url: https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html + dest: C:\inetpub\wwwroot\ansible.html diff --git a/windows/enable-iis.yml b/windows/enable-iis.yml index bc48aa319..8a1f85345 100644 --- a/windows/enable-iis.yml +++ b/windows/enable-iis.yml @@ -6,9 +6,9 @@ gather_facts: false tasks: - name: Install IIS - win_feature: - name: "Web-Server" + ansible.windows.win_feature: + name: Web-Server state: present - restart: yes - include_sub_features: yes - include_management_tools: yes + restart: true + include_sub_features: true + include_management_tools: true diff --git a/windows/install-msi.yml b/windows/install-msi.yml index 795287357..4acc066d1 100644 --- a/windows/install-msi.yml +++ b/windows/install-msi.yml @@ -1,15 +1,14 @@ --- -- name: Install Apache from an MSI - hosts: all - +- name: Install Apache from an MSI + hosts: all + tasks: - name: Download the Apache installer - win_get_url: - url: 'http://mirror.cc.columbia.edu/pub/software/apache//httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi' - dest: 'C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi' + ansible.windows.win_get_url: + url: http://mirror.cc.columbia.edu/pub/software/apache//httpd/binaries/win32/httpd-2.2.25-win32-x86-no_ssl.msi + dest: C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi - name: Install MSI - win_package: - path: 'C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi' + ansible.windows.win_package: + path: C:\Users\Administrator\Downloads\httpd-2.2.25-win32-x86-no_ssl.msi state: present - diff --git a/windows/ping.yml b/windows/ping.yml index 62f4707cf..c7c4ab227 100644 --- a/windows/ping.yml +++ b/windows/ping.yml @@ -1,9 +1,8 @@ --- # This playbook uses the win_ping module to test connectivity to Windows hosts -- name: Ping - hosts: all +- name: Ping + hosts: all tasks: - - name: ping - win_ping: - + - name: Ping + ansible.windows.win_ping: diff --git a/windows/run-powershell.yml b/windows/run-powershell.yml index e00ed5012..8c760eff3 100644 --- a/windows/run-powershell.yml +++ b/windows/run-powershell.yml @@ -2,8 +2,8 @@ # This playbook tests the script module on Windows hosts - name: Run powershell script - hosts: all + hosts: all gather_facts: false tasks: - name: Run powershell script - script: files/helloworld.ps1 + ansible.builtin.script: files/helloworld.ps1 diff --git a/windows/test.yml b/windows/test.yml index fa416f229..dbff849eb 100644 --- a/windows/test.yml +++ b/windows/test.yml @@ -1,25 +1,32 @@ --- -- name: test raw module - hosts: all +- name: Test raw module + hosts: all tasks: - - name: run ipconfig - raw: ipconfig + - name: Run ipconfig + ansible.builtin.raw: ipconfig register: ipconfig - - debug: var=ipconfig + changed_when: false -- name: test stat module + - name: Print ipconfig + ansible.builtin.debug: + var: ipconfig + +- name: Test stat module hosts: windows tasks: - - name: test stat module on file - win_stat: path="C:/Windows/win.ini" + - name: Test stat module on file + ansible.windows.win_stat: + path: C:/Windows/win.ini register: stat_file - - debug: var=stat_file + - name: Print stat_file + ansible.builtin.debug: + var: stat_file - - name: check stat_file result - assert: - that: - - "stat_file.stat.exists" - - "not stat_file.stat.isdir" - - "stat_file.stat.size > 0" - - "stat_file.stat.md5" + - name: Check stat_file result + ansible.builtin.assert: + that: + - stat_file.stat.exists + - not stat_file.stat.isdir + - stat_file.stat.size > 0 + - stat_file.stat.md5 diff --git a/windows/wamp_haproxy/demo-aws-wamp-launch.yml b/windows/wamp_haproxy/demo-aws-wamp-launch.yml index 2923f9290..4314bab09 100644 --- a/windows/wamp_haproxy/demo-aws-wamp-launch.yml +++ b/windows/wamp_haproxy/demo-aws-wamp-launch.yml @@ -1,53 +1,53 @@ --- -#Provision some instances: -- hosts: localhost +- name: Provision some instances + hosts: localhost connection: local - gather_facts: False + gather_facts: false vars_files: - - group_vars/all - - tasks: - - name: Launch webserver instances - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="ami-0d789266" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'windows_webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="{{ ec2_instance_count }}" - wait=true - register: ec2 + - group_vars/all - tags: - - web + tasks: + - name: Launch webserver instances + ec2: > + access_key="{{ ec2_access_key }}" + secret_key="{{ ec2_secret_key }}" + keypair="{{ ec2_keypair }}" + group="{{ ec2_security_group }}" + type="{{ ec2_instance_type }}" + image="ami-0d789266" + region="{{ ec2_region }}" + instance_tags="{'ansible_group':'windows_webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name + }}'}" + count="{{ ec2_instance_count }}" + wait=true + register: ec2 - - name: Launch database instance - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="ami-17d66f7c" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'windows_dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="1" - wait=true - register: ec2 + tags: + - web - tags: - - db + - name: Launch database instance + ec2: > + access_key="{{ ec2_access_key }}" + secret_key="{{ ec2_secret_key }}" + keypair="{{ ec2_keypair }}" + group="{{ ec2_security_group }}" + type="{{ ec2_instance_type }}" + image="ami-17d66f7c" + region="{{ ec2_region }}" + instance_tags="{'ansible_group':'windows_dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name + }}'}" + count="1" + wait=true + register: ec2 - - name: Wait for WinRM to come up - local_action: wait_for host={{ item.public_dns_name }} - port=5986 delay=60 timeout=320 state=started - with_items: ec2.instances + tags: + - db - tags: - - web - - db + - name: Wait for WinRM to come up + local_action: wait_for host={{ item.public_dns_name }} port=5986 delay=60 timeout=320 state=started + with_items: ec2.instances + tags: + - web + - db diff --git a/windows/wamp_haproxy/roles/elb/tasks/main.yml b/windows/wamp_haproxy/roles/elb/tasks/main.yml index 942bb42b0..614219c86 100644 --- a/windows/wamp_haproxy/roles/elb/tasks/main.yml +++ b/windows/wamp_haproxy/roles/elb/tasks/main.yml @@ -1,8 +1,8 @@ --- # This role creates the AWS ELB and configures it. - name: Create the ELB in AWS - ec2_elb_lb: - name: "ansible-windows-demo-lb" + amazon.aws.elb_classic_lb: + name: ansible-windows-demo-lb state: present region: us-east-1 zones: @@ -13,4 +13,3 @@ - protocol: http # options are http, https, ssl, tcp load_balancer_port: 80 instance_port: 80 - diff --git a/windows/wamp_haproxy/roles/iis/tasks/main.yml b/windows/wamp_haproxy/roles/iis/tasks/main.yml index 90c2b1e26..0701ac945 100644 --- a/windows/wamp_haproxy/roles/iis/tasks/main.yml +++ b/windows/wamp_haproxy/roles/iis/tasks/main.yml @@ -1,9 +1,9 @@ --- # This playbook installs and enables IIS on Windows hosts - name: Install IIS - win_feature: - name: "Web-Server" + ansible.windows.win_feature: + name: Web-Server state: present - restart: yes - include_sub_features: yes - include_management_tools: yes + restart: true + include_sub_features: true + include_management_tools: true diff --git a/windows/wamp_haproxy/roles/mssql/tasks/main.yml b/windows/wamp_haproxy/roles/mssql/tasks/main.yml index 1ebbe2922..062ad665d 100644 --- a/windows/wamp_haproxy/roles/mssql/tasks/main.yml +++ b/windows/wamp_haproxy/roles/mssql/tasks/main.yml @@ -5,7 +5,4 @@ # win_copy: src=create-db.ps1 dest=c:\create-db.ps1 - name: Create Application Database - script: "create-db.ps1" - - - + ansible.builtin.script: create-db.ps1 diff --git a/windows/wamp_haproxy/roles/web/tasks/main.yml b/windows/wamp_haproxy/roles/web/tasks/main.yml index 1a1691d6f..ddd1b3a76 100644 --- a/windows/wamp_haproxy/roles/web/tasks/main.yml +++ b/windows/wamp_haproxy/roles/web/tasks/main.yml @@ -2,6 +2,6 @@ # This playbook uses the win_get_url module to download a simple HTML file for IIS - name: Download simple web site to 'C:\inetpub\wwwroot\ansible.html' - win_get_url: - url: 'https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html' - dest: 'C:\inetpub\wwwroot\ansible.html' + ansible.windows.win_get_url: + url: https://raw.githubusercontent.com/thisdavejohnson/mywebapp/master/index.html + dest: C:\inetpub\wwwroot\ansible.html diff --git a/windows/wamp_haproxy/rolling_update.yml b/windows/wamp_haproxy/rolling_update.yml index d9fe61a4a..4d45d6b8a 100644 --- a/windows/wamp_haproxy/rolling_update.yml +++ b/windows/wamp_haproxy/rolling_update.yml @@ -4,39 +4,42 @@ # # The three roles that apply to the webserver hosts will be applied: web -- hosts: tag_ansible_group_windows_webservers +- name: Rolling update for all webservers + hosts: tag_ansible_group_windows_webservers serial: 1 - gather_facts: False + gather_facts: false connection: winrm vars: - ansible_ssh_port : 5986 + ansible_ssh_port: 5986 # These are the tasks to run before applying updates: pre_tasks: - - name: Remove host from load balancing pool - local_action: - module: ec2_elb - region: us-east-1 - instance_id: "{{ ec2_id }}" - ec2_elbs: "ansible-windows-demo-lb" - wait_timeout: 330 - state: 'absent' + - name: Remove host from load balancing pool + community.aws.elb_instance: + region: us-east-1 + instance_id: "{{ ec2_id }}" + ec2_elbs: ansible-windows-demo-lb + wait_timeout: 330 + state: absent roles: -# - iis - - web + # - iis + - web # These tasks run after the roles: post_tasks: - - name: Wait for webserver to come up - local_action: wait_for host={{ inventory_hostname }} port=80 state=started timeout=80 + - name: Wait for webserver to come up + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: 80 + state: started + timeout: 80 - - name: Add host to load balancing pool - local_action: - module: ec2_elb - region: us-east-1 - instance_id: "{{ ec2_id }}" - ec2_elbs: "ansible-windows-demo-lb" - wait_timeout: 330 - state: 'present' + - name: Add host to load balancing pool + community.aws.elb_instance: + region: us-east-1 + instance_id: "{{ ec2_id }}" + ec2_elbs: ansible-windows-demo-lb + wait_timeout: 330 + state: present diff --git a/windows/wamp_haproxy/site.yml b/windows/wamp_haproxy/site.yml index 6b11c16e3..f3499032a 100644 --- a/windows/wamp_haproxy/site.yml +++ b/windows/wamp_haproxy/site.yml @@ -1,67 +1,69 @@ --- -## This playbook deploys the whole application stack in this site. +## This playbook deploys the whole application stack in this site. -# Configure and deploy database servers. -- hosts: tag_ansible_group_windows_dbservers +- name: Configure and deploy database servers + hosts: tag_ansible_group_windows_dbservers connection: winrm - vars: - ansible_ssh_port : 5986 + ansible_ssh_port: 5986 roles: - - mssql + - mssql - tags: - - db + tags: + - db -# Configure and deploy the web servers. Note that we include two roles here, +# Note that we include two roles here, # the 'base-apache' role which simply sets up Apache, and 'web' which includes # our example web application. -- hosts: tag_ansible_group_windows_webservers +- name: Configure and deploy the web servers + hosts: tag_ansible_group_windows_webservers connection: winrm - vars: - ansible_ssh_port : 5986 + ansible_ssh_port: 5986 roles: - - iis - - web + - iis + - web - tags: - - web + tags: + - web -# Configure and deploy the load balancer(s). -- hosts: localhost - connection: local - gather_facts: False +- name: Configure and deploy the load balancer(s) + hosts: localhost + connection: local + gather_facts: false roles: - - elb - - tags: - - lb + - elb -# Add the webservers to the load balancer(s) -- hosts: tag_ansible_group_windows_webservers + tags: + - lb + +- name: Add the webservers to the load balancer(s) + hosts: tag_ansible_group_windows_webservers connection: winrm - gather_facts: False + gather_facts: false vars: - ansible_ssh_port : 5986 + ansible_ssh_port: 5986 tasks: - - - name: Wait for webserver to come up - local_action: wait_for host={{ inventory_hostname }} port=80 state=started timeout=80 - - - name: Add host to load balancing pool - local_action: - module: ec2_elb - region: us-east-1 - instance_id: "{{ ec2_id }}" - ec2_elbs: "ansible-windows-demo-lb" - wait_timeout: 330 - state: 'present' + - name: Wait for webserver to come up + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: 80 + state: started + timeout: 80 + delegate_to: localhost + + - name: Add host to load balancing pool + community.aws.elb_instance: + region: us-east-1 + instance_id: "{{ ec2_id }}" + ec2_elbs: ansible-windows-demo-lb + wait_timeout: 330 + state: present tags: - - lb + - lb diff --git a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml index 9efd11a71..21ca8e98f 100644 --- a/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/php-fpm/tasks/main.yml @@ -24,5 +24,5 @@ ansible.builtin.template: src: wordpress.conf dest: /etc/php-fpm.d/ - + notify: restart php-fpm diff --git a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml index 65f0b50be..26c959c88 100644 --- a/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml +++ b/wordpress-nginx_rhel7/roles/wordpress/tasks/main.yml @@ -11,7 +11,7 @@ - name: Download & Extract WordPress ansible.builtin.unarchive: - src: "http://wordpress.org/wordpress-{{ wp_version }}.tar.gz" + src: http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest: /srv/wordpress owner: wordpress group: wordpress @@ -61,43 +61,43 @@ - name: Set the SELinux policy for the Wordpress directory community.general.sefcontext: - target: '/srv/wordpress(/.*)?' + target: /srv/wordpress(/.*)? setype: httpd_sys_content_t state: present - name: Set the SELinux policy for wp-config.php community.general.sefcontext: - target: '/srv/wordpress/wp-config\.php' + target: /srv/wordpress/wp-config\.php setype: httpd_sys_script_exec_t state: present - name: Set the SELinux policy for wp-content directory community.general.sefcontext: - target: '/srv/wordpress/wp-content(/.*)?' + target: /srv/wordpress/wp-content(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the *.php files community.general.sefcontext: - target: '/srv/wordpress/.*\.php' + target: /srv/wordpress/.*\.php setype: httpd_sys_script_exec_t state: present - name: Set the SELinux policy for the Upgrade directory community.general.sefcontext: - target: "/srv/wordpress/wp-content/upgrade(/.*)?" + target: /srv/wordpress/wp-content/upgrade(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the Uploads directory community.general.sefcontext: - target: "/srv/wordpress/wp-content/uploads(/.*)?" + target: /srv/wordpress/wp-content/uploads(/.*)? setype: httpd_sys_rw_content_t state: present - name: Set the SELinux policy for the wp-includes php files community.general.sefcontext: - target: '/srv/wordpress/wp-includes/.*\.php' + target: /srv/wordpress/wp-includes/.*\.php setype: httpd_sys_script_exec_t state: present From bd3411dfbd9dae76ce50305b2d0a6484b0efb961 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 14:25:19 +0100 Subject: [PATCH 04/11] linted tomcat-memcached-failover --- .../roles/jboss-standalone/tasks/main.yml | 3 ++ lamp_haproxy/aws/roles/common/tasks/main.yml | 3 ++ .../roles/common/handlers/main.yml | 7 +++- .../roles/common/tasks/main.yml | 21 ++++++++--- .../roles/lb-nginx/handlers/main.yml | 7 +++- .../roles/lb-nginx/tasks/main.yml | 27 +++++++++++--- .../roles/memcached/handlers/main.yml | 7 +++- .../roles/memcached/tasks/main.yml | 28 +++++++++++--- .../roles/tomcat/handlers/main.yml | 7 +++- .../roles/tomcat/tasks/main.yml | 37 +++++++++++++++---- 10 files changed, 115 insertions(+), 32 deletions(-) diff --git a/jboss-standalone/roles/jboss-standalone/tasks/main.yml b/jboss-standalone/roles/jboss-standalone/tasks/main.yml index f44ac1884..fefaca07c 100644 --- a/jboss-standalone/roles/jboss-standalone/tasks/main.yml +++ b/jboss-standalone/roles/jboss-standalone/tasks/main.yml @@ -72,6 +72,9 @@ template: src: iptables-save dest: /etc/sysconfig/iptables + owner: root + group: root + mode: u=rw,g=,o= when: ansible_distribution_major_version != "7" notify: restart iptables diff --git a/lamp_haproxy/aws/roles/common/tasks/main.yml b/lamp_haproxy/aws/roles/common/tasks/main.yml index fd72ac8f3..2a3fabb0b 100644 --- a/lamp_haproxy/aws/roles/common/tasks/main.yml +++ b/lamp_haproxy/aws/roles/common/tasks/main.yml @@ -56,6 +56,9 @@ template: src: iptables.j2 dest: /etc/sysconfig/iptables + owner: root + group: root + mode: u=rw,g=,o= when: ansible_distribution_major_version != '7' notify: restart iptables diff --git a/tomcat-memcached-failover/roles/common/handlers/main.yml b/tomcat-memcached-failover/roles/common/handlers/main.yml index 29856ccdd..4ee204ee5 100644 --- a/tomcat-memcached-failover/roles/common/handlers/main.yml +++ b/tomcat-memcached-failover/roles/common/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: restart iptables - service: name=iptables state=restarted +- name: Restart iptables + ansible.builtin.service: + name: iptables + state: restarted + listen: restart_iptables diff --git a/tomcat-memcached-failover/roles/common/tasks/main.yml b/tomcat-memcached-failover/roles/common/tasks/main.yml index 8a0c8d577..a76bc9b3e 100644 --- a/tomcat-memcached-failover/roles/common/tasks/main.yml +++ b/tomcat-memcached-failover/roles/common/tasks/main.yml @@ -1,13 +1,24 @@ --- - name: Install libselinux-python - yum: name=libselinux-python state=present + ansible.builtin.yum: + name: libselinux-python + state: present - name: Install GPG key for EPEL - get_url: url=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 + ansible.builtin.rpm_key: + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 + state: present - name: Install EPEL repository - yum: name=https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm state=present + ansible.builtin.yum: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm + state: present - name: Setup Iptables rules - template: src=iptables.j2 dest=/etc/sysconfig/iptables - notify: restart iptables + ansible.builtin.template: + src: iptables.j2 + dest: /etc/sysconfig/iptables + owner: root + group: root + mode: u=rw,g=,o= + notify: restart_iptables diff --git a/tomcat-memcached-failover/roles/lb-nginx/handlers/main.yml b/tomcat-memcached-failover/roles/lb-nginx/handlers/main.yml index 92971d2cd..d2c85eaa9 100644 --- a/tomcat-memcached-failover/roles/lb-nginx/handlers/main.yml +++ b/tomcat-memcached-failover/roles/lb-nginx/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: restart nginx - service: name=nginx state=restarted +- name: Restart nginx + ansible.builtin.service: + name: nginx + state: restarted + listen: restart_nginx diff --git a/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml b/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml index 79c5dd6d0..6902fd8fb 100644 --- a/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml +++ b/tomcat-memcached-failover/roles/lb-nginx/tasks/main.yml @@ -1,14 +1,29 @@ --- - name: Install nginx - yum: name=nginx state=present + ansible.builtin.yum: + name: nginx + state: present - name: Deliver main configuration file - template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf - notify: restart nginx + ansible.builtin.template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: u=rw,g=,o= + notify: restart_nginx - name: Copy configuration file to nginx/sites-avaiable - template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf - notify: restart nginx + ansible.builtin.template: + src: default.conf.j2 + dest: /etc/nginx/conf.d/default.conf + owner: root + group: root + mode: u=rw,g=,o= + notify: restart_nginx - name: Make sure nginx start with boot - service: name=nginx state=started enabled=yes + ansible.builtin.service: + name: nginx + state: started + enabled: true diff --git a/tomcat-memcached-failover/roles/memcached/handlers/main.yml b/tomcat-memcached-failover/roles/memcached/handlers/main.yml index 9aaea02cb..ef63a0bda 100644 --- a/tomcat-memcached-failover/roles/memcached/handlers/main.yml +++ b/tomcat-memcached-failover/roles/memcached/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: restart memcached - service: name=memcached state=restarted +- name: Restart memcached + ansible.builtin.service: + name: memcached + state: restarted + listen: restart_memcached diff --git a/tomcat-memcached-failover/roles/memcached/tasks/main.yml b/tomcat-memcached-failover/roles/memcached/tasks/main.yml index 7502de609..6107e9892 100644 --- a/tomcat-memcached-failover/roles/memcached/tasks/main.yml +++ b/tomcat-memcached-failover/roles/memcached/tasks/main.yml @@ -1,14 +1,30 @@ --- - name: Install memcached - yum: name=memcached state=present + ansible.builtin.yum: + name: memcached + state: present - name: Deliver configuration file - template: src=memcached.conf.j2 dest=/etc/sysconfig/memcached backup=yes - notify: restart memcached + ansible.builtin.template: + src: memcached.conf.j2 + dest: /etc/sysconfig/memcached + backup: true + owner: root + group: memcache + mode: u=rw,g=r,o= + notify: restart_memcached - name: Deliver init script - template: src=init.sh.j2 dest=/etc/init.d/memcached mode=0755 - notify: restart memcached + ansible.builtin.template: + src: init.sh.j2 + dest: /etc/init.d/memcached + owner: root + group: root + mode: u=rwx,g=rx,o=rx + notify: restart_memcached - name: Start memcached service - service: name=memcached state=started enabled=yes + ansible.builtin.service: + name: memcached + state: started + enabled: true diff --git a/tomcat-memcached-failover/roles/tomcat/handlers/main.yml b/tomcat-memcached-failover/roles/tomcat/handlers/main.yml index c6c4a35d7..7c5019aa3 100644 --- a/tomcat-memcached-failover/roles/tomcat/handlers/main.yml +++ b/tomcat-memcached-failover/roles/tomcat/handlers/main.yml @@ -1,3 +1,6 @@ --- -- name: restart tomcat - service: name=tomcat state=restarted +- name: Restart tomcat + ansible.builtin.service: + name: tomcat + state: restarted + listen: restart_tomcat diff --git a/tomcat-memcached-failover/roles/tomcat/tasks/main.yml b/tomcat-memcached-failover/roles/tomcat/tasks/main.yml index 4639eab93..e2f89f49a 100644 --- a/tomcat-memcached-failover/roles/tomcat/tasks/main.yml +++ b/tomcat-memcached-failover/roles/tomcat/tasks/main.yml @@ -1,27 +1,50 @@ --- - name: Install OpenJDK - yum: name=java-1.7.0-openjdk state=present + ansible.builtin.yum: + name: java-1.7.0-openjdk + state: present - name: Install Tomcat - yum: name=tomcat state=present + ansible.builtin.yum: + name: tomcat + state: present - name: Deliver configuration files for tomcat - template: src={{ item.src }} dest={{ item.dest }} backup=yes + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: tomcat + mode: u=rwX,g=rX,o=rX + backup: true with_items: - { src: default.j2, dest: /etc/tomcat/default } - { src: server.xml.j2, dest: /etc/tomcat/server.xml } - { src: context.xml.j2, dest: /etc/tomcat/context.xml } - notify: restart tomcat + notify: restart_tomcat - name: Deliver libraries support memcached - get_url: url="{{ item }}" dest=/usr/share/tomcat/lib/ + ansible.builtin.get_url: + url: "{{ item }}" + dest: /usr/share/tomcat/lib/ + owner: root + group: tomcat + mode: u=rwX,g=rX,o=rX with_items: - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager/1.8.0/memcached-session-manager-1.8.0.jar - http://repo1.maven.org/maven2/de/javakaffee/msm/memcached-session-manager-tc7/1.8.0/memcached-session-manager-tc7-1.8.0.jar - https://spymemcached.googlecode.com/files/spymemcached-2.10.2.jar - name: Deploy sample app - copy: src=msm-sample-webapp-1.0-SNAPSHOT.war dest=/var/lib/tomcat/webapps/ROOT.war owner=tomcat group=tomcat + ansible.builtin.copy: + src: msm-sample-webapp-1.0-SNAPSHOT.war + dest: /var/lib/tomcat/webapps/ROOT.war + owner: tomcat + group: tomcat + mode: u=rw,g=r,o=r - name: Start tomcat service - service: name=tomcat state=started enabled=yes + ansible.builtin.service: + name: tomcat + state: started + enabled: true From 382710ab20d11c17d3f960cd570800b0225574b3 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 14:30:47 +0100 Subject: [PATCH 05/11] linted rust --- rust-module-hello-world/rust.yml | 96 +++++++++++++++----------------- 1 file changed, 46 insertions(+), 50 deletions(-) diff --git a/rust-module-hello-world/rust.yml b/rust-module-hello-world/rust.yml index 5694869ab..fa892abea 100644 --- a/rust-module-hello-world/rust.yml +++ b/rust-module-hello-world/rust.yml @@ -1,53 +1,49 @@ --- - hosts: localhost tasks: - - debug: - msg: Testing a binary module written in Rust - - - debug: - var: ansible_system - - - name: ping - ping: - - - name: Hello, World! - rust_helloworld: - register: hello_world - - - assert: - that: - - > - hello_world.msg == "Hello, World!" - - - name: Hello, Ansible! - rust_helloworld: - name: Ansible - register: hello_ansible - - - assert: - that: - - > - hello_ansible.msg == "Hello, Ansible!" - - - name: Async Hello, World! - rust_helloworld: - async: 10 - poll: 1 - register: async_hello_world - - - assert: - that: - - > - async_hello_world.msg == "Hello, World!" - - - name: Async Hello, Ansible! - rust_helloworld: - name: Ansible - async: 10 - poll: 1 - register: async_hello_ansible - - - assert: - that: - - > - async_hello_ansible.msg == "Hello, Ansible!" + - ansible.builtin.debug: + msg: Testing a binary module written in Rust + + - ansible.builtin.debug: + var: ansible_system + + - name: ping + ansible.builtin.ping: + + - name: Hello, World! + rust_helloworld: + register: hello_world + + - ansible.builtin.assert: + that: + - hello_world.msg is match("Hello, World!") + + - name: Hello, Ansible! + rust_helloworld: + name: Ansible + register: hello_ansible + + - ansible.builtin.assert: + that: + - hello_ansible.msg is match("Hello, Ansible!") + + - name: Async Hello, World! + rust_helloworld: + async: 10 + poll: 1 + register: async_hello_world + + - ansible.builtin.assert: + that: + - async_hello_world.msg is match("Hello, World!") + + - name: Async Hello, Ansible! + rust_helloworld: + name: Ansible + async: 10 + poll: 1 + register: async_hello_ansible + + - ansible.builtin.assert: + that: + - async_hello_ansible.msg is match("Hello, Ansible!") From 314d31a516d3d1f78283a7a5fa9600759b80df82 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 14:33:48 +0100 Subject: [PATCH 06/11] linted phillips hue --- phillips_hue/ansible_colors.yml | 80 +++++++++++++++--------------- phillips_hue/effect.yml | 58 +++++++++++----------- phillips_hue/on_off.yml | 88 +++++++++++++++++---------------- phillips_hue/register.yml | 47 +++++++++--------- phillips_hue/username_info.yml | 4 +- 5 files changed, 142 insertions(+), 135 deletions(-) diff --git a/phillips_hue/ansible_colors.yml b/phillips_hue/ansible_colors.yml index 8daae665b..4b99c27e3 100644 --- a/phillips_hue/ansible_colors.yml +++ b/phillips_hue/ansible_colors.yml @@ -1,51 +1,53 @@ -- hosts: localhost - gather_facts: no +--- +- name: Show some Colors + hosts: localhost + gather_facts: false connection: local vars: ansible_mango: "on": true - "bri": 254 - "xy": [0.5701, 0.313] + bri: 254 + xy: [!!float "0.5701", !!float "0.313"] ansible_pool: "on": true - "bri": 254 - "xy": [0.1593, 0.2522] + bri: 254 + xy: [!!float "0.1593", !!float "0.2522"] tasks: - - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML - include_vars: - file: username_info.yml + - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML + ansible.builtin.include_vars: + file: username_info.yml - - name: GRAB HUE LIGHT INFORMATION - uri: - url: "http://{{ip_address}}/api/{{username}}" - method: GET - body: '{{body_info|to_json}}' - register: light_info + - name: GRAB HUE LIGHT INFORMATION + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }} + method: GET + body: "{{ body_info | to_json }}" + register: light_info - - name: TURN LIGHTS TO MANGO - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_mango|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS TO MANGO + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_mango | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - - name: TURN LIGHTS TO POOL - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_pool|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS TO POOL + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_pool | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - - name: TURN LIGHTS TO MANGO - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_mango|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS TO MANGO + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_mango | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - - name: TURN LIGHTS TO POOL - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_pool|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS TO POOL + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_pool | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" diff --git a/phillips_hue/effect.yml b/phillips_hue/effect.yml index a1f1b2846..2d7c6652d 100644 --- a/phillips_hue/effect.yml +++ b/phillips_hue/effect.yml @@ -1,39 +1,41 @@ -- hosts: localhost - gather_facts: no +--- +- name: EFFECT + hosts: localhost + gather_facts: false connection: local vars: ansible_effect: "on": true - "effect": "colorloop" + effect: colorloop ansible_none: "on": true - "effect": "none" + effect: none tasks: - - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML - include_vars: - file: username_info.yml + - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML + ansible.builtin.include_vars: + file: username_info.yml - - name: GRAB HUE LIGHT INFORMATION - uri: - url: "http://{{ip_address}}/api/{{username}}" - method: GET - body: '{{body_info|to_json}}' - register: light_info + - name: GRAB HUE LIGHT INFORMATION + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }} + method: GET + body: "{{ body_info | to_json }}" + register: light_info - - name: TURN LIGHTS INTO COLORLOOP EFFECT - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_effect|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS INTO COLORLOOP EFFECT + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_effect | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - # Pause for 10 seconds - - pause: - seconds: 5 + # Pause for 10 seconds + - ansible.builtin.pause: + seconds: 5 - - name: TURN LIGHTS INTO COLORLOOP EFFECT - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{ansible_none|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: TURN LIGHTS INTO COLORLOOP EFFECT + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ ansible_none | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" diff --git a/phillips_hue/on_off.yml b/phillips_hue/on_off.yml index c3c807df6..767d3c566 100644 --- a/phillips_hue/on_off.yml +++ b/phillips_hue/on_off.yml @@ -1,5 +1,7 @@ -- hosts: localhost - gather_facts: no +--- +- name: On and Off + hosts: localhost + gather_facts: false connection: local vars: @@ -9,44 +11,44 @@ "on": true tasks: - - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML - include_vars: - file: username_info.yml - - - name: GRAB HUE LIGHT INFORMATION - uri: - url: "http://{{ip_address}}/api/{{username}}" - method: GET - body: '{{body_info|to_json}}' - register: light_info - - - name: PRINT DATA TO TERMINAL WINDOW - debug: - var: light_info.json.lights - - - name: PRINT AMOUNT OF LIGHTS TO TERMINAL WINDOW - debug: - msg: "THERE ARE {{light_info.json.lights | length}} HUE LIGHTS PRESENT" - - # - name: PRINT OUT LOOP VARS - # debug: - # msg: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - # loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - - - name: TURN LIGHTS OFF - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{off_state|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" - - - name: PROMPT USER TO TURN BACK ON - pause: - prompt: "Turn them back on?" - - - name: TURN LIGHTS ON - uri: - url: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" - method: PUT - body: '{{on_state|to_json}}' - loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + - name: INCLUDE UNIQUE USERNAME FROM REGISTER.YML + ansible.builtin.include_vars: + file: username_info.yml + + - name: GRAB HUE LIGHT INFORMATION + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }} + method: GET + body: "{{ body_info | to_json }}" + register: light_info + + - name: PRINT DATA TO TERMINAL WINDOW + ansible.builtin.debug: + var: light_info.json.lights + + - name: PRINT AMOUNT OF LIGHTS TO TERMINAL WINDOW + ansible.builtin.debug: + msg: THERE ARE {{ light_info.json.lights | length }} HUE LIGHTS PRESENT + + # - name: PRINT OUT LOOP VARS + # debug: + # msg: "http://{{ip_address}}/api/{{username}}/lights/{{item}}/state" + # loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + + - name: TURN LIGHTS OFF + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ off_state | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" + + - name: PROMPT USER TO TURN BACK ON + ansible.builtin.pause: + prompt: Turn them back on? + + - name: TURN LIGHTS ON + ansible.builtin.uri: + url: http://{{ ip_address }}/api/{{ username }}/lights/{{ item }}/state + method: PUT + body: "{{ on_state | to_json }}" + loop: "{{ range(1, light_info.json.lights | length + 1)|list }}" diff --git a/phillips_hue/register.yml b/phillips_hue/register.yml index 38a7d6c60..e66af681b 100644 --- a/phillips_hue/register.yml +++ b/phillips_hue/register.yml @@ -1,29 +1,30 @@ -- hosts: localhost - gather_facts: no +--- +- name: Register + hosts: localhost + gather_facts: false connection: local tasks: + - name: PROMPT USER TO PRESS PHYSICAL BUTTON HUE HUB + ansible.builtin.pause: + prompt: Press the button on the hub now... - - name: PROMPT USER TO PRESS PHYSICAL BUTTON HUE HUB - pause: - prompt: "Press the button on the hub now..." + - name: INCLUDE IP ADDRESS FROM username_info.yml + ansible.builtin.include_vars: + file: username_info.yml - - name: INCLUDE IP ADDRESS FROM username_info.yml - include_vars: - file: username_info.yml + - name: GRAB UNIQUE USERNAME + ansible.builtin.uri: + url: http://{{ ip_address }}/api + method: POST + body: "{{ body_info | to_json }}" + register: username_info - - name: GRAB UNIQUE USERNAME - uri: - url: "http://{{ip_address}}/api" - method: POST - body: '{{body_info|to_json}}' - register: username_info - - - name: PRINT DATA TO TERMINAL WINDOW - debug: - var: username_info.json - - lineinfile: - path: "./username_info.yml" - regexp: '^username' - insertafter: EOF - line: 'username: {{username_info.json[0]["success"]["username"]}}' + - name: PRINT DATA TO TERMINAL WINDOW + ansible.builtin.debug: + var: username_info.json + - ansible.builtin.lineinfile: + path: ./username_info.yml + regexp: ^username + insertafter: EOF + line: 'username: {{ username_info.json[0]["success"]["username"] }}' diff --git a/phillips_hue/username_info.yml b/phillips_hue/username_info.yml index 7df8c118c..4e1b398f4 100644 --- a/phillips_hue/username_info.yml +++ b/phillips_hue/username_info.yml @@ -1,5 +1,5 @@ --- username: elY1xx9p5twUBYDjELgMUuQT99kLaVqGT1p0eDrl -ip_address: "192.168.86.30" +ip_address: 192.168.86.30 body_info: - devicetype: "Ansible!" + devicetype: Ansible! From b600d6d82c0159606ab4467c6784390f3d20eb0c Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 14:48:08 +0100 Subject: [PATCH 07/11] linted mongodb --- mongodb/playbooks/testsharding.yml | 27 +++++++---- mongodb/roles/common/handlers/main.yml | 7 ++- mongodb/roles/common/tasks/main.yml | 51 +++++++++++++++------ mongodb/roles/mongoc/tasks/main.yml | 48 ++++++++++++++------ mongodb/roles/mongod/tasks/main.yml | 63 ++++++++++++++++++-------- mongodb/roles/mongod/tasks/shards.yml | 20 ++++---- mongodb/roles/mongos/tasks/main.yml | 40 +++++++++++----- mongodb/site.yml | 10 ++-- 8 files changed, 180 insertions(+), 86 deletions(-) diff --git a/mongodb/playbooks/testsharding.yml b/mongodb/playbooks/testsharding.yml index dc8514d68..4b165c4b9 100644 --- a/mongodb/playbooks/testsharding.yml +++ b/mongodb/playbooks/testsharding.yml @@ -1,17 +1,26 @@ --- # The playbook creates a new database test and populates data in the database to test the sharding. -- hosts: $servername +- name: Creat a new database test and populate the database to sharding + hosts: mongo_servers remote_user: root tasks: - - name: Create a new database and user - mongodb_user: login_user=admin login_password=${mongo_admin_pass} login_port=${mongos_port} database=test user=admin password=${mongo_admin_pass} state=present + - name: Create a new database and user + community.mongodb.mongodb_user: + login_user: admin + login_password: "{{ mongo_admin_pass }}" + login_port: "{{ mongos_port }}" + database: test + user: admin + password: "{{ mongo_admin_pass }}" + state: present - - name: Pause for the user to get created and replicated - pause: minutes=3 + - name: Pause for the user to get created and replicated + ansible.builtin.pause: + minutes: "3" - - name: Execute the collection creation script - command: /usr/bin/mongo localhost:${mongos_port}/test -u admin -p ${mongo_admin_pass} /tmp/testsharding.js + - name: Execute the collection creation script + ansible.builtin.command: /usr/bin/mongo localhost:{{ mongos_port }}/test -u admin -p {{ mongo_admin_pass }} /tmp/testsharding.js - - name: Enable sharding on the database and collection - command: /usr/bin/mongo localhost:${mongos_port}/admin -u admin -p ${mongo_admin_pass} /tmp/enablesharding.js + - name: Enable sharding on the database and collection + ansible.builtin.command: /usr/bin/mongo localhost:{{ mongos_port }}/admin -u admin -p {{ mongo_admin_pass }} /tmp/enablesharding.js diff --git a/mongodb/roles/common/handlers/main.yml b/mongodb/roles/common/handlers/main.yml index 0f563a9c2..d8ae972cd 100644 --- a/mongodb/roles/common/handlers/main.yml +++ b/mongodb/roles/common/handlers/main.yml @@ -1,5 +1,8 @@ --- # Handler for mongod -- name: restart iptables - service: name=iptables state=restarted +- name: Restart iptables + ansible.builtin.service: + name: iptables + state: restarted + listen: restart_iptables diff --git a/mongodb/roles/common/tasks/main.yml b/mongodb/roles/common/tasks/main.yml index e8f4803f6..6a12f0fd3 100644 --- a/mongodb/roles/common/tasks/main.yml +++ b/mongodb/roles/common/tasks/main.yml @@ -2,35 +2,56 @@ # This Playbook runs all the common plays in the deployment - name: Create the hosts file for all machines - template: src=hosts.j2 dest=/etc/hosts + ansible.builtin.template: + src: hosts.j2 + dest: /etc/hosts - name: Create the repository for 10Gen - copy: src=10gen.repo.j2 dest=/etc/yum.repos.d/10gen.repo + ansible.builtin.copy: + src: 10gen.repo.j2 + dest: /etc/yum.repos.d/10gen.repo - name: Create the EPEL Repository. - copy: src=epel.repo.j2 dest=/etc/yum.repos.d/epel.repo + ansible.builtin.copy: + src: epel.repo.j2 + dest: /etc/yum.repos.d/epel.repo - name: Create the GPG key for EPEL - copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg + ansible.builtin.copy: + src: RPM-GPG-KEY-EPEL-6 + dest: /etc/pki/rpm-gpg - name: Create the mongod user - user: name=mongod comment="MongoD" + ansible.builtin.user: + name: mongod + comment: '"MongoD"' - name: Create the data directory for the namenode metadata - file: path={{ mongodb_datadir_prefix }} owner=mongod group=mongod state=directory + ansible.builtin.file: + path: "{{ mongodb_datadir_prefix }}" + owner: mongod + group: mongod + state: directory - name: Install the mongodb package - yum: name={{ item }} state=installed + ansible.builtin.yum: + name: "{{ item }}" + state: installed with_items: - - libselinux-python - - mongo-10gen - - mongo-10gen-server - - bc - - python-pip + - libselinux-python + - mongo-10gen + - mongo-10gen-server + - bc + - python-pip - name: Install the latest pymongo package - pip: name=pymongo state=latest use_mirrors=no + ansible.builtin.pip: + name: pymongo + state: latest # noqa package-latest + use_mirrors: false - name: Create the iptables file - template: src=iptables.j2 dest=/etc/sysconfig/iptables - notify: restart iptables + ansible.builtin.template: + src: iptables.j2 + dest: /etc/sysconfig/iptables + notify: restart_iptables diff --git a/mongodb/roles/mongoc/tasks/main.yml b/mongodb/roles/mongoc/tasks/main.yml index 7b91f16d4..3d2445d56 100644 --- a/mongodb/roles/mongoc/tasks/main.yml +++ b/mongodb/roles/mongoc/tasks/main.yml @@ -2,25 +2,45 @@ # This playbook deploys the mongodb configurationdb servers - name: Create data directory for mongoc configuration server - file: path={{ mongodb_datadir_prefix }}/configdb state=directory owner=mongod group=mongod + ansible.builtin.file: + path: "{{ mongodb_datadir_prefix }}/configdb" + state: directory + owner: mongod + group: mongod - name: Create the mongo configuration server startup file - template: src=mongoc.j2 dest=/etc/init.d/mongoc mode=0655 - + ansible.builtin.template: + src: mongoc.j2 + dest: /etc/init.d/mongoc + mode: "0655" - name: Create the mongo configuration server file - template: src=mongoc.conf.j2 dest=/etc/mongoc.conf - + ansible.builtin.template: + src: mongoc.conf.j2 + dest: /etc/mongoc.conf - name: Copy the keyfile for authentication - copy: src=roles/mongod/files/secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400 + ansible.builtin.copy: + src: roles/mongod/files/secret + dest: "{{ mongodb_datadir_prefix }}/secret" + owner: mongod + group: mongod + mode: "0400" - name: Start the mongo configuration server service - command: creates=/var/lock/subsys/mongoc /etc/init.d/mongoc start - -- name: pause - pause: seconds=20 - -- name: add the admin user - mongodb_user: database=admin name=admin password={{ mongo_admin_pass }} login_port={{ mongoc_port }} state=present - ignore_errors: yes + ansible.builtin.command: + creates: /var/lock/subsys/mongoc + cmd: /etc/init.d/mongoc start + +- name: Pause + ansible.builtin.pause: + seconds: "20" + +- name: Add the admin user + community.mongodb.mongodb_user: + name: admin + database: admin + password: "{{ mongo_admin_pass }}" + login_port: "{{ mongoc_port }}" + state: present + ignore_errors: true diff --git a/mongodb/roles/mongod/tasks/main.yml b/mongodb/roles/mongod/tasks/main.yml index c18d3ebac..870228389 100644 --- a/mongodb/roles/mongod/tasks/main.yml +++ b/mongodb/roles/mongod/tasks/main.yml @@ -1,42 +1,67 @@ --- # This role deploys the mongod processes and sets up the replication set. -- name: create data directory for mongodb - file: path={{ mongodb_datadir_prefix }}/mongo-{{ inventory_hostname }} state=directory owner=mongod group=mongod - delegate_to: '{{ item }}' +- name: Create data directory for mongodb + ansible.builtin.file: + path: "{{ mongodb_datadir_prefix }}/mongo-{{ inventory_hostname }} " + state: directory + owner: mongod + group: mongod + delegate_to: "{{ item }}" with_items: groups.replication_servers -- name: create log directory for mongodb - file: path=/var/log/mongo state=directory owner=mongod group=mongod +- name: Create log directory for mongodb + ansible.builtin.file: + path: /var/log/mongo + state: directory + owner: mongod + group: mongod -- name: create run directory for mongodb - file: path=/var/run/mongo state=directory owner=mongod group=mongod +- name: Create run directory for mongodb + ansible.builtin.file: + path: /var/run/mongo + state: directory + owner: mongod + group: mongod - name: Create the mongodb startup file - template: src=mongod.j2 dest=/etc/init.d/mongod-{{ inventory_hostname }} mode=0655 - delegate_to: '{{ item }}' + ansible.builtin.template: + src: mongod.j2 + dest: "/etc/init.d/mongod-{{ inventory_hostname }}" + mode: "0655" + delegate_to: "{{ item }}" with_items: groups.replication_servers - - name: Create the mongodb configuration file - template: src=mongod.conf.j2 dest=/etc/mongod-{{ inventory_hostname }}.conf - delegate_to: '{{ item }}' + ansible.builtin.template: + src: mongod.conf.j2 + dest: "/etc/mongod-{{ inventory_hostname }}.conf" + delegate_to: "{{ item }}" with_items: groups.replication_servers - name: Copy the keyfile for authentication - copy: src=secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400 - + ansible.builtin.copy: + src: secret + dest: "{{ mongodb_datadir_prefix }}/secret " + owner: mongod + group: mongod + mode: "0400" - name: Start the mongodb service - command: creates=/var/lock/subsys/mongod-{{ inventory_hostname }} /etc/init.d/mongod-{{ inventory_hostname }} start - delegate_to: '{{ item }}' + ansible.builtin.command: + creates: /var/lock/subsys/mongod-{{ inventory_hostname }} + cmd: /etc/init.d/mongod-{{ inventory_hostname }} start + delegate_to: "{{ item }}" with_items: groups.replication_servers - name: Create the file to initialize the mongod replica set - template: src=repset_init.j2 dest=/tmp/repset_init.js + ansible.builtin.template: + src: repset_init.j2 + dest: /tmp/repset_init.js - name: Pause for a while - pause: seconds=20 + ansible.builtin.pause: + seconds: "20" - name: Initialize the replication set - shell: /usr/bin/mongo --port "{{ mongod_port }}" /tmp/repset_init.js + ansible.builtin.command: /usr/bin/mongo --port "{{ mongod_port }}" /tmp/repset_init.js diff --git a/mongodb/roles/mongod/tasks/shards.yml b/mongodb/roles/mongod/tasks/shards.yml index 538722046..5f6c0fbdb 100644 --- a/mongodb/roles/mongod/tasks/shards.yml +++ b/mongodb/roles/mongod/tasks/shards.yml @@ -1,15 +1,13 @@ --- -#This Playbooks adds shards to the mongos servers once everythig is added - - +# This Playbooks adds shards to the mongos servers once everythig is added - name: Create the file to initialize the mongod Shard - template: src=shard_init.j2 dest=/tmp/shard_init_{{ inventory_hostname }}.js - delegate_to: '{{ item }}' - with_items: groups.mongos_servers + ansible.builtin.template: + src: shard_init.j2 + dest: "/tmp/shard_init_{{ inventory_hostname }}.js" + delegate_to: "{{ item }}" + loop: groups.mongos_servers - name: Add the shard to the mongos - shell: /usr/bin/mongo localhost:{{ mongos_port }}/admin -u admin -p {{ mongo_admin_pass }} /tmp/shard_init_{{ inventory_hostname }}.js - delegate_to: '{{ item }}' - with_items: groups.mongos_servers - - + ansible.builtin.command: /usr/bin/mongo localhost:{{ mongos_port }}/admin -u admin -p {{ mongo_admin_pass }} /tmp/shard_init_{{ inventory_hostname }}.js + delegate_to: "{{ item }}" + loop: groups.mongos_servers diff --git a/mongodb/roles/mongos/tasks/main.yml b/mongodb/roles/mongos/tasks/main.yml index 6ecbfd95f..ccbbef221 100644 --- a/mongodb/roles/mongos/tasks/main.yml +++ b/mongodb/roles/mongos/tasks/main.yml @@ -2,22 +2,40 @@ #This Playbook configures the mongos service of mongodb - name: Create the mongos startup file - template: src=mongos.j2 dest=/etc/init.d/mongos mode=0655 - + ansible.builtin.template: + src: mongos.j2 + dest: /etc/init.d/mongos + mode: "0655" - name: Create the mongos configuration file - template: src=mongos.conf.j2 dest=/etc/mongos.conf + ansible.builtin.template: + src: mongos.conf.j2 + dest: /etc/mongos.conf - name: Copy the keyfile for authentication - copy: src=roles/mongod/files/secret dest={{ mongodb_datadir_prefix }}/secret owner=mongod group=mongod mode=0400 + ansible.builtin.copy: + src: roles/mongod/files/secret + dest: "{{ mongodb_datadir_prefix }}/secret" + owner: mongod + group: mongod + mode: "0400" - name: Start the mongos service - command: creates=/var/lock/subsys/mongos /etc/init.d/mongos start -- name: pause - pause: seconds=20 + ansible.builtin.command: + creates: /var/lock/subsys/mongos + cmd: /etc/init.d/mongos start + +- name: Pause + ansible.builtin.pause: + seconds: "20" + +- name: Copy the file for shard test + ansible.builtin.template: + src: testsharding.j2 + dest: /tmp/testsharding.js -- name: copy the file for shard test - template: src=testsharding.j2 dest=/tmp/testsharding.js +- name: Copy the file enable sharding + ansible.builtin.template: + src: enablesharding.j2 + dest: /tmp/enablesharding.js -- name: copy the file enable sharding - template: src=enablesharding.j2 dest=/tmp/enablesharding.js diff --git a/mongodb/site.yml b/mongodb/site.yml index 2caa62fe3..5d56d894d 100644 --- a/mongodb/site.yml +++ b/mongodb/site.yml @@ -3,20 +3,20 @@ - hosts: all roles: - - role: common + - role: common - hosts: mongo_servers roles: - - role: mongod + - role: mongod - hosts: mongoc_servers roles: - - role: mongoc + - role: mongoc - hosts: mongos_servers roles: - - role: mongos + - role: mongos - hosts: mongo_servers tasks: - - include: roles/mongod/tasks/shards.yml + - include: roles/mongod/tasks/shards.yml From 65f6d0591e40a48ebba1c42d21cb9829e978c4df Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 15:17:02 +0100 Subject: [PATCH 08/11] linted language_features --- language_features/ansible_pull.yml | 43 ++++++++--- language_features/batch_size_control.yml | 17 ++--- language_features/cloudformation.yaml | 56 +++++++------- language_features/complex_args.yml | 11 +-- language_features/conditionals_part1.yml | 44 +++++------ language_features/conditionals_part2.yml | 47 ++++++------ language_features/custom_filters.yml | 3 +- language_features/delegation.yml | 27 +++---- language_features/environment.yml | 10 +-- language_features/eucalyptus-ec2.yml | 13 ++-- language_features/file_secontext.yml | 3 +- language_features/get_url.yml | 20 ++--- language_features/group_by.yml | 17 ++--- language_features/group_commands.yml | 3 +- language_features/handlers/handlers.yml | 16 ++-- language_features/intermediate_example.yml | 24 +++--- language_features/intro_example.yml | 60 +++++++-------- language_features/loop_nested.yml | 14 ++-- language_features/loop_plugins.yml | 6 +- language_features/loop_with_items.yml | 33 ++++---- language_features/mysql.yml | 1 - language_features/nested_playbooks.yml | 6 +- language_features/postgresql.yml | 35 +++++---- language_features/prompts.yml | 76 +++++++++---------- language_features/rabbitmq.yml | 50 ++++++------ language_features/register_logic.yml | 54 +++++++------ language_features/roles/foo/handlers/main.yml | 2 - language_features/roles/foo/tasks/main.yml | 3 - language_features/roles/foo/vars/main.yml | 3 +- language_features/roletest.yml | 48 +++++------- language_features/roletest2.yml | 33 ++++---- language_features/selective_file_sources.yml | 27 +++---- language_features/tags.yml | 24 +++--- language_features/tasks/base.yml | 15 ++-- language_features/upgraded_vars.yml | 51 ++++++------- language_features/user_commands.yml | 56 ++++++++++---- language_features/zfs.yml | 63 +++++++++------ 37 files changed, 497 insertions(+), 517 deletions(-) diff --git a/language_features/ansible_pull.yml b/language_features/ansible_pull.yml index cba67d18b..46454823a 100644 --- a/language_features/ansible_pull.yml +++ b/language_features/ansible_pull.yml @@ -14,14 +14,13 @@ # # --- - -- hosts: pull_mode_hosts +- name: Ansible-pull setup + hosts: pull_mode_hosts remote_user: root vars: - # schedule is fed directly to cron - schedule: '*/15 * * * *' + schedule: "*/15 * * * *" # User to run ansible-pull as from cron cron_user: root @@ -34,23 +33,43 @@ # Repository to check out -- YOU MUST CHANGE THIS # repo must contain a local.yml file at top level - #repo_url: git://github.com/sfromm/ansible-playbooks.git + # repo_url: git://github.com/sfromm/ansible-playbooks.git repo_url: SUPPLY_YOUR_OWN_GIT_URL_HERE tasks: - - name: Install ansible - yum: pkg=ansible state=installed + ansible.builtin.yum: + pkg: ansible + state: installed - name: Create local directory to work from - file: path={{workdir}} state=directory owner=root group=root mode=0751 + ansible.builtin.file: + path: "{{ workdir }}" + state: directory + owner: root + group: root + mode: "0751" - name: Copy ansible inventory file to client - copy: src=/etc/ansible/hosts dest=/etc/ansible/hosts - owner=root group=root mode=0644 + ansible.builtin.copy: + src: /etc/ansible/hosts + dest: /etc/ansible/hosts + owner: root + group: root + mode: "0644" - name: Create crontab entry to clone/pull git repository - template: src=templates/etc_cron.d_ansible-pull.j2 dest=/etc/cron.d/ansible-pull owner=root group=root mode=0644 + ansible.builtin.template: + src: templates/etc_cron.d_ansible-pull.j2 + dest: /etc/cron.d/ansible-pull + owner: root + group: root + mode: "0644" - name: Create logrotate entry for ansible-pull.log - template: src=templates/etc_logrotate.d_ansible-pull.j2 dest=/etc/logrotate.d/ansible-pull owner=root group=root mode=0644 + ansible.builtin.template: + src: templates/etc_logrotate.d_ansible-pull.j2 + dest: /etc/logrotate.d/ansible-pull + owner: root + group: root + mode: "0644" diff --git a/language_features/batch_size_control.yml b/language_features/batch_size_control.yml index 8abbacebc..05cee16bf 100644 --- a/language_features/batch_size_control.yml +++ b/language_features/batch_size_control.yml @@ -3,17 +3,16 @@ # before moving on to the remaining hosts, use the 'serial' keyword like so: --- -- hosts: all +- name: Batch size controll + hosts: all serial: 3 -# now each of the tasks below will complete on 3 hosts before moving on to the next 3, regardless of how many -# hosts are selected by the "hosts:" line + # now each of the tasks below will complete on 3 hosts before moving on to the next 3, regardless of how many + # hosts are selected by the "hosts:" line tasks: + - name: Ping + ansible.builtin.ping: - - name: ping - ping: - - name: ping2 - ping: - - + - name: Ping2 + ansible.builtin.ping: diff --git a/language_features/cloudformation.yaml b/language_features/cloudformation.yaml index 76ab56a95..6df5a50ae 100644 --- a/language_features/cloudformation.yaml +++ b/language_features/cloudformation.yaml @@ -4,24 +4,24 @@ # This module requires that the boto python library is installed, and that you have your AWS credentials # in $HOME/.boto -#The thought here is to bring up a bare infrastructure with CloudFormation, but use ansible to configure it. -#I generally do this in 2 different playbook runs as to allow the ec2.py inventory to be updated. +# The thought here is to bring up a bare infrastructure with CloudFormation, but use ansible to configure it. +# I generally do this in 2 different playbook runs as to allow the ec2.py inventory to be updated. -#This module also uses "complex arguments" which were introduced in ansible 1.1 allowing you to specify the -#Cloudformation template parameters +# This module also uses "complex arguments" which were introduced in ansible 1.1 allowing you to specify the +# Cloudformation template parameters -#This example launches a 3 node AutoScale group, with a security group, and an InstanceProfile with root permissions. +# This example launches a 3 node AutoScale group, with a security group, and an InstanceProfile with root permissions. -#If a stack does not exist, it will be created. If it does exist and the template file has changed, the stack will be updated. -#If the parameters are different, the stack will also be updated. +# If a stack does not exist, it will be created. If it does exist and the template file has changed, the stack will be updated. +# If the parameters are different, the stack will also be updated. -#CloudFormation stacks can take awhile to provision, if you are curious about its status, use the AWS -#web console or one of the CloudFormation CLI's. +# CloudFormation stacks can take awhile to provision, if you are curious about its status, use the AWS +# web console or one of the CloudFormation CLI's. -#Example update -- try first launching the stack with 3 as the ClusterSize. After it is launched, change it to 4 -#and run the playbook again. +# Example update -- try first launching the stack with 3 as the ClusterSize. After it is launched, change it to 4 +# and run the playbook again. -- name: provision stack +- name: Provision stack hosts: localhost connection: local gather_facts: false @@ -29,17 +29,21 @@ # Launch the cloudformation-example.json template. Register the output. tasks: - - name: launch ansible cloudformation example - cloudformation: > - stack_name="ansible-cloudformation" state=present - region=us-east-1 disable_rollback=true - template=files/cloudformation-example.json - args: - template_parameters: - KeyName: jmartin - DiskType: ephemeral - InstanceType: m1.small - ClusterSize: 3 - register: stack - - name: show stack outputs - debug: msg="My stack outputs are {{stack.stack_outputs}}" + - name: Launch ansible cloudformation example + amazon.aws.cloudformation: + stack_name: "ansible-cloudformation" + state: present + region: us-east-1 + disable_rollback: true + template: files/cloudformation-example.json + args: + template_parameters: + KeyName: jmartin + DiskType: ephemeral + InstanceType: m1.small + ClusterSize: 3 + register: stack + + - name: Show stack outputs + ansible.builtin.debug: + msg: "My stack outputs are {{ stack.stack_outputs }}" diff --git a/language_features/complex_args.yml b/language_features/complex_args.yml index ebbb1d953..b08d3a0f6 100644 --- a/language_features/complex_args.yml +++ b/language_features/complex_args.yml @@ -1,5 +1,4 @@ --- - # this is a bit of an advanced topic. # # generally Ansible likes to pass simple key=value arguments to modules. It @@ -19,15 +18,13 @@ # different. - hosts: localhost - gather_facts: no + gather_facts: false vars: complex: - ghostbusters: [ 'egon', 'ray', 'peter', 'winston' ] - mice: [ 'pinky', 'brain', 'larry' ] - + ghostbusters: [egon, ray, peter, winston] + mice: [pinky, brain, larry] tasks: - - name: this is the basic way data passing works for any module action: ping data='Hi Mom' @@ -38,7 +35,7 @@ ping: data: moo: cow - asdf: [1,2,3,4] + asdf: [1, 2, 3, 4] - name: can we make that cleaner? sure! ping: diff --git a/language_features/conditionals_part1.yml b/language_features/conditionals_part1.yml index 6c8c920ec..8ee6f0d80 100644 --- a/language_features/conditionals_part1.yml +++ b/language_features/conditionals_part1.yml @@ -8,43 +8,35 @@ # # what to do if the service for apache is named 'httpd' on CentOS # but is named 'apache' on Debian? - - # there is only one play in this playbook, it runs on all hosts # as root - hosts: all remote_user: root -# we have a common list of variables stored in /vars/external_vars.yml -# that we will always import + # we have a common list of variables stored in /vars/external_vars.yml + # that we will always import -# next, we want to import files that are different per operating system -# and if no per operating system file is found, load a defaults file. -# for instance, if the OS was "CentOS", we'd try to load vars/CentOS.yml. -# if that was found, we would immediately stop. However if that wasn't -# present, we'd try to load vars/defaults.yml. If that in turn was not -# found, we would fail immediately, because we had gotten to the end of -# the list without importing anything. + # next, we want to import files that are different per operating system + # and if no per operating system file is found, load a defaults file. + # for instance, if the OS was "CentOS", we'd try to load vars/CentOS.yml. + # if that was found, we would immediately stop. However if that wasn't + # present, we'd try to load vars/defaults.yml. If that in turn was not + # found, we would fail immediately, because we had gotten to the end of + # the list without importing anything. vars_files: + - vars/external_vars.yml - - "vars/external_vars.yml" + - ["vars/{{ facter_operatingsystem }}.yml", vars/defaults.yml] - - [ "vars/{{ facter_operatingsystem }}.yml", "vars/defaults.yml" ] - -# and this is just a regular task line from a playbook, as we're used to. -# but with variables in it that come from above. Note that the variables -# from above are *also* available in templates + # and this is just a regular task line from a playbook, as we're used to. + # but with variables in it that come from above. Note that the variables + # from above are *also* available in templates tasks: + - name: ensure apache is latest + action: "{{ packager }} pkg={{ apache }} state=latest" - - name: ensure apache is latest - action: "{{ packager }} pkg={{ apache }} state=latest" - - - name: ensure apache is running - service: name={{ apache }} state=running - - - - + - name: ensure apache is running + service: name={{ apache }} state=running diff --git a/language_features/conditionals_part2.yml b/language_features/conditionals_part2.yml index 332e88e18..71f83c43c 100644 --- a/language_features/conditionals_part2.yml +++ b/language_features/conditionals_part2.yml @@ -6,35 +6,32 @@ remote_user: root vars: - favcolor: "red" - dog: "fido" - cat: "whiskers" - ssn: 8675309 + favcolor: red + dog: fido + cat: whiskers + ssn: 8675309 tasks: + - name: do this if my favcolor is blue, and my dog is named fido + shell: /bin/false + when: favcolor == 'blue' and dog == 'fido' - - name: "do this if my favcolor is blue, and my dog is named fido" - shell: /bin/false - when: favcolor == 'blue' and dog == 'fido' + - name: do this if my favcolor is not blue, and my dog is named fido + shell: /bin/true + when: favcolor != 'blue' and dog == 'fido' - - name: "do this if my favcolor is not blue, and my dog is named fido" - shell: /bin/true - when: favcolor != 'blue' and dog == 'fido' + - name: do this if my SSN is over 9000 + shell: /bin/true + when: ssn > 9000 - - name: "do this if my SSN is over 9000" - shell: /bin/true - when: ssn > 9000 - - - name: "do this if I have one of these SSNs" - shell: /bin/true - when: ssn in [ 8675309, 8675310, 8675311 ] - - - name: "do this if a variable named hippo is NOT defined" - shell: /bin/true - when: hippo is not defined - - - name: "do this if a variable named hippo is defined" - shell: /bin/true - when: hippo is defined + - name: do this if I have one of these SSNs + shell: /bin/true + when: ssn in [ 8675309, 8675310, 8675311 ] + - name: do this if a variable named hippo is NOT defined + shell: /bin/true + when: hippo is not defined + - name: do this if a variable named hippo is defined + shell: /bin/true + when: hippo is defined diff --git a/language_features/custom_filters.yml b/language_features/custom_filters.yml index 1eb8cb9fb..96e3466b2 100644 --- a/language_features/custom_filters.yml +++ b/language_features/custom_filters.yml @@ -1,6 +1,5 @@ --- - - name: Demonstrate custom jinja2 filters hosts: all tasks: - - template: src=templates/custom-filters.j2 dest=/tmp/custom-filters.txt + - template: src=templates/custom-filters.j2 dest=/tmp/custom-filters.txt diff --git a/language_features/delegation.yml b/language_features/delegation.yml index b2ad34047..7a67221eb 100644 --- a/language_features/delegation.yml +++ b/language_features/delegation.yml @@ -1,5 +1,4 @@ --- - # this is an example of how we can perform actions on a given host on behalf of all the hosts # in a play. # @@ -20,20 +19,18 @@ serial: 5 tasks: + - name: take the machine out of rotation + command: echo taking out of rotation {{inventory_hostname}} + delegate_to: 127.0.0.1 - - name: take the machine out of rotation - command: echo taking out of rotation {{inventory_hostname}} - delegate_to: 127.0.0.1 - -# here's an alternate notation if you are delegating to 127.0.0.1, you can use 'local_action' -# instead of 'action' and leave off the 'delegate_to' part. -# -# - local_action: command echo taking out of rotation {{inventory_hostname}} - - - name: do several things on the actual host - command: echo hi mom {{inventory_hostname}} + # here's an alternate notation if you are delegating to 127.0.0.1, you can use 'local_action' + # instead of 'action' and leave off the 'delegate_to' part. + # + # - local_action: command echo taking out of rotation {{inventory_hostname}} - - name: put machine back into rotation - command: echo inserting into rotation {{inventory_hostname}} - delegate_to: 127.0.0.1 + - name: do several things on the actual host + command: echo hi mom {{inventory_hostname}} + - name: put machine back into rotation + command: echo inserting into rotation {{inventory_hostname}} + delegate_to: 127.0.0.1 diff --git a/language_features/environment.yml b/language_features/environment.yml index af686362d..d773fc82e 100644 --- a/language_features/environment.yml +++ b/language_features/environment.yml @@ -1,29 +1,25 @@ --- - # it is often useful to be able to set the environment for one command and have that environment be totally # different for another. An example is you might use a HTTP proxy for some packages but not for others. # # in Ansible 1.1 and later, you can pass the environment to any module using either a dictionary variable # or a dictionary itself. - - - hosts: all remote_user: root # here we make a variable named "env" that is a dictionary vars: env: - HI: test2 - http_proxy: http://proxy.example.com:8080 + HI: test2 + http_proxy: http://proxy.example.com:8080 tasks: - # here we just define the dictionary directly and use it # (here $HI is the shell variable as nothing in Ansible will replace it) - shell: echo $HI environment: - HI: test1 + HI: test1 # here we are using the "env" map variable above diff --git a/language_features/eucalyptus-ec2.yml b/language_features/eucalyptus-ec2.yml index f74b52f7c..6c6963c73 100644 --- a/language_features/eucalyptus-ec2.yml +++ b/language_features/eucalyptus-ec2.yml @@ -18,18 +18,16 @@ gather_facts: false vars: - keypair: mykeypair - instance_type: m1.small - security_group: default - image: emi-048B3A37 + keypair: mykeypair + instance_type: m1.small + security_group: default + image: emi-048B3A37 # Launch 5 instances with the following parameters. Register the output. tasks: - name: Launch instance - ec2: keypair={{keypair}} group={{security_group}} - instance_type={{instance_type}} image={{image}} - wait=true count=5 + ec2: keypair={{keypair}} group={{security_group}} instance_type={{instance_type}} image={{image}} wait=true count=5 register: ec2 # Use with_items to add each instances public IP to a new hostgroup for use in the next play. @@ -49,7 +47,6 @@ ec2_vol: volume_size=20 instance={{item.id}} with_items: ec2.instances - # This play targets the new host group - name: Configure instance hosts: deploy diff --git a/language_features/file_secontext.yml b/language_features/file_secontext.yml index c12c1fd00..65b0d31fa 100644 --- a/language_features/file_secontext.yml +++ b/language_features/file_secontext.yml @@ -13,6 +13,5 @@ command: /bin/touch /tmp/foo - name: Change setype of /tmp/foo file: path=/tmp/foo setype=default_t - - name: Try to set secontext to default, but this will fail - because of the lack of a default in the policy + - name: Try to set secontext to default, but this will fail because of the lack of a default in the policy file: path=/tmp/foo context=default diff --git a/language_features/get_url.yml b/language_features/get_url.yml index 3a0401bfc..b21c04f13 100644 --- a/language_features/get_url.yml +++ b/language_features/get_url.yml @@ -1,16 +1,16 @@ --- - hosts: webservers vars: - - jquery_directory: /var/www/html/javascript - - person: 'Susie%20Smith' + - jquery_directory: /var/www/html/javascript + - person: Susie%20Smith tasks: - - name: Create directory for jQuery - file: dest={{jquery_directory}} state=directory mode=0755 - - name: Grab a bunch of jQuery stuff - get_url: url=http://code.jquery.com/{{item}} dest={{jquery_directory}} mode=0444 - with_items: - - jquery.min.js - - mobile/latest/jquery.mobile.min.js - - ui/jquery-ui-git.css + - name: Create directory for jQuery + file: dest={{jquery_directory}} state=directory mode=0755 + - name: Grab a bunch of jQuery stuff + get_url: url=http://code.jquery.com/{{item}} dest={{jquery_directory}} mode=0444 + with_items: + - jquery.min.js + - mobile/latest/jquery.mobile.min.js + - ui/jquery-ui-git.css #- name: Pass urlencoded name to CGI # get_url: url=http://example.com/name.cgi?name='{{person}}' dest=/tmp/test diff --git a/language_features/group_by.yml b/language_features/group_by.yml index c14305cd2..a8908afa5 100644 --- a/language_features/group_by.yml +++ b/language_features/group_by.yml @@ -11,9 +11,8 @@ - hosts: all tasks: - - - name: Create a group of all hosts by operating system - group_by: key={{ansible_distribution}}-{{ansible_distribution_version}} + - name: Create a group of all hosts by operating system + group_by: key={{ansible_distribution}}-{{ansible_distribution_version}} # the following host group does not exist in inventory and was created by the group_by # module. @@ -21,15 +20,11 @@ - hosts: CentOS-6.2 tasks: - - - name: ping all CentOS 6.2 hosts - ping: + - name: ping all CentOS 6.2 hosts + ping: - hosts: CentOS-6.3 tasks: - - - name: ping all CentOS 6.3 hosts - ping: - - + - name: ping all CentOS 6.3 hosts + ping: diff --git a/language_features/group_commands.yml b/language_features/group_commands.yml index 96b7e84e4..aa773783b 100644 --- a/language_features/group_commands.yml +++ b/language_features/group_commands.yml @@ -3,11 +3,10 @@ - hosts: all remote_user: root - become: yes + become: true become_method: sudo tasks: - # Walk through group creation, modification, and deletion - name: create a group group: name=tset diff --git a/language_features/handlers/handlers.yml b/language_features/handlers/handlers.yml index db2e109ef..4c30ba631 100644 --- a/language_features/handlers/handlers.yml +++ b/language_features/handlers/handlers.yml @@ -1,10 +1,16 @@ --- - # this is an example to show that handlers can be included from yaml files, # to promote reuse between different plays or even playbooks. They work # just like normal handlers. -- name: restart apache - service: name=httpd state=restarted -- name: restart memcached - service: name=memcached state=restarted +- name: Restart apache + ansible.builtin.service: + name: httpd + state: restarted + listen: restart_apache + +- name: Restart memcached + ansible.builtin.service: + name: memcached + state: restarted + listen: restart_memcached diff --git a/language_features/intermediate_example.yml b/language_features/intermediate_example.yml index 5ab4ac204..9f8536935 100644 --- a/language_features/intermediate_example.yml +++ b/language_features/intermediate_example.yml @@ -21,16 +21,15 @@ # as with before, every play has a list of tasks in it tasks: - # tasks can be written the normal way... - - name: arbitrary command - command: /bin/true + - name: arbitrary command + command: /bin/true - # or we can promote reuse and simplicity by including tasks - # from other files, for instance, to reuse common tasks + # or we can promote reuse and simplicity by including tasks + # from other files, for instance, to reuse common tasks - - include: tasks/base.yml + - include: tasks/base.yml # we could also have done something like: # - include: wordpress.yml user=timmy @@ -39,7 +38,6 @@ # and vars_files are also available inside include files handlers: - # handlers can also be included from files, to promote reuse # and simpler recipes, you may wish to only have one # handler file for all your plays and playbooks. This example really @@ -75,17 +73,13 @@ # those set in vars. vars: - release: 2.0 + release: 2.0 vars_files: - - vars/external_vars.yml - + - vars/external_vars.yml # these all runs as the user 'mdehaan'. If there were any handlers # they would as well. tasks: - - - name: some random command - command: /bin/true - - + - name: some random command + command: /bin/true diff --git a/language_features/intro_example.yml b/language_features/intro_example.yml index d2580efb1..fdf5d6749 100644 --- a/language_features/intro_example.yml +++ b/language_features/intro_example.yml @@ -11,10 +11,10 @@ hosts: all remote_user: root -# could have also have done: -# remote_user: mdehaan -# become: yes -# become_method: sudo + # could have also have done: + # remote_user: mdehaan + # become: yes + # become_method: sudo # make these variables available inside of templates # for when we use the 'template' action/module later on... @@ -26,52 +26,48 @@ # define the tasks that are part of this play... tasks: - # task #1 is to run an arbitrary command # we'll simulate a long running task, wait for up to 45 seconds, poll every 5 # obviously this does nothing useful but you get the idea - - name: longrunner - command: /bin/sleep 15 - async: 45 - poll: 5 + - name: longrunner + command: /bin/sleep 15 + async: 45 + poll: 5 - # let's demo file operations. - # - # We can 'copy' files or 'template' them instead, using jinja2 - # as the templating engine. This is done using the variables - # from the vars section above mixed in with variables bubbled up - # automatically from tools like facter and ohai. 'copy' - # works just like 'template' but does not do variable subsitution. - # - # If and only if the file changes, restart apache at the very - # end of the playbook run + # let's demo file operations. + # + # We can 'copy' files or 'template' them instead, using jinja2 + # as the templating engine. This is done using the variables + # from the vars section above mixed in with variables bubbled up + # automatically from tools like facter and ohai. 'copy' + # works just like 'template' but does not do variable subsitution. + # + # If and only if the file changes, restart apache at the very + # end of the playbook run - - name: write some_random_foo configuration - template: src=templates/foo.j2 dest=/etc/some_random_foo.conf - notify: - - restart apache + - name: write some_random_foo configuration + template: src=templates/foo.j2 dest=/etc/some_random_foo.conf + notify: + - restart apache - # make sure httpd is installed at the latest version + # make sure httpd is installed at the latest version - - name: install httpd - yum: pkg=httpd state=latest + - name: install httpd + yum: pkg=httpd state=latest - # make sure httpd is running + # make sure httpd is running - - name: httpd start - service: name=httpd state=running + - name: httpd start + service: name=httpd state=running # handlers are only run when things change, at the very end of each # play. Let's define some. The names are significant and must # match the 'notify' sections above handlers: - # this particular handler is run when some_random_foo.conf # is changed, and only then - name: restart apache service: name=httpd state=restarted - - diff --git a/language_features/loop_nested.yml b/language_features/loop_nested.yml index 2741ea5b5..f53a3c121 100644 --- a/language_features/loop_nested.yml +++ b/language_features/loop_nested.yml @@ -5,20 +5,20 @@ tasks: - shell: echo "nested test a={{ item[0] }} b={{ item[1] }} c={{ item[2] }}" with_nested: - - [ 'red', 'blue', 'green' ] - - [ 1, 2, 3 ] - - [ 'up', 'down', 'strange'] + - [red, blue, green] + - [1, 2, 3] + - [up, down, strange] # you can reference a raw variable name without putting it in {{ brackets }} - hosts: all vars: listvar1: - - 'a' - - 'b' - - 'c' + - a + - b + - c tasks: - shell: echo "nested test a={{ item[0] }} b={{ item[1] }}" with_nested: - listvar1 - - [ 1, 2, 3 ] + - [1, 2, 3] diff --git a/language_features/loop_plugins.yml b/language_features/loop_plugins.yml index 65c3e3c92..bc7ebb7f7 100644 --- a/language_features/loop_plugins.yml +++ b/language_features/loop_plugins.yml @@ -1,20 +1,16 @@ --- - # in addition to loop_with_items, the loop that works over a variable, ansible can do more sophisticated looping. # developer types: these are powered by 'lookup_plugins' should you ever decide to write your own # see lib/ansible/runner/lookup_plugins/fileglob.py -- they can do basically anything! - hosts: all - gather_facts: no + gather_facts: false tasks: - # this will copy a bunch of config files over -- dir must be created first - file: dest=/etc/fooapp state=directory - copy: src={{ item }} dest=/etc/fooapp/ owner=root mode=600 with_fileglob: /playbooks/files/fooapp/* - - diff --git a/language_features/loop_with_items.yml b/language_features/loop_with_items.yml index ee2191550..9b05f575a 100644 --- a/language_features/loop_with_items.yml +++ b/language_features/loop_with_items.yml @@ -7,28 +7,27 @@ remote_user: root tasks: + - name: install packages + yum: name={{ item }} state=installed + with_items: + - cobbler + - httpd - - name: install packages - yum: name={{ item }} state=installed - with_items: - - cobbler - - httpd - - - name: configure users - user: name={{ item }} state=present groups=wheel - with_items: - - testuser1 - - testuser2 + - name: configure users + user: name={{ item }} state=present groups=wheel + with_items: + - testuser1 + - testuser2 - - name: remove users - user: name={{ item }} state=absent - with_items: + - name: remove users + user: name={{ item }} state=absent + with_items: - testuser1 - testuser2 - - name: copy templates - template: src={{ item.src }} dest={{ item.dest }} - with_items: + - name: copy templates + template: src={{ item.src }} dest={{ item.dest }} + with_items: - src: templates/testsource1 dest: /example/dest1/test.conf - src: templates/testsource2 diff --git a/language_features/mysql.yml b/language_features/mysql.yml index 912b84041..bb7fc0459 100644 --- a/language_features/mysql.yml +++ b/language_features/mysql.yml @@ -7,7 +7,6 @@ remote_user: root tasks: - - name: Create database user mysql_user: user=bob password=12345 priv=*.*:ALL state=present diff --git a/language_features/nested_playbooks.yml b/language_features/nested_playbooks.yml index 46e44a4af..de2992ba9 100644 --- a/language_features/nested_playbooks.yml +++ b/language_features/nested_playbooks.yml @@ -12,9 +12,9 @@ hosts: all remote_user: root tasks: - - name: say hi - tags: foo - shell: echo "hi..." + - name: say hi + tags: foo + shell: echo "hi..." # and this is how we include another playbook, be careful and # don't recurse infinitely or anything. Note you can't use diff --git a/language_features/postgresql.yml b/language_features/postgresql.yml index bc1d6bcf0..b1c971bd3 100644 --- a/language_features/postgresql.yml +++ b/language_features/postgresql.yml @@ -7,23 +7,23 @@ # --- - hosts: webservers - become: yes - gather_facts: no + become: true + gather_facts: false tasks: - - name: ensure apt cache is up to date - apt: update_cache=yes - - name: ensure packages are installed - apt: name={{item}} - with_items: + - name: ensure apt cache is up to date + apt: update_cache=yes + - name: ensure packages are installed + apt: name={{item}} + with_items: - postgresql - libpq-dev - python-psycopg2 - hosts: webservers - become: yes + become: true become_user: postgres - gather_facts: no + gather_facts: false vars: dbname: myapp @@ -31,15 +31,14 @@ dbpassword: mysupersecretpassword tasks: - - name: ensure database is created - postgresql_db: name={{dbname}} + - name: ensure database is created + postgresql_db: name={{dbname}} - - name: ensure user has access to database - postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL + - name: ensure user has access to database + postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL - - name: ensure user does not have unnecessary privilege - postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB - - - name: ensure no other user can access the database - postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent + - name: ensure user does not have unnecessary privilege + postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB + - name: ensure no other user can access the database + postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent diff --git a/language_features/prompts.yml b/language_features/prompts.yml index e0ab95d6d..687dfaa73 100644 --- a/language_features/prompts.yml +++ b/language_features/prompts.yml @@ -1,60 +1,54 @@ --- - # it is possible to ask for variables from the user at the start # of a playbook run, for example, as part of a release script. - hosts: all remote_user: root -# regular variables are a dictionary of keys and values + # regular variables are a dictionary of keys and values vars: - this_is_a_regular_var: 'moo' - so_is_this: 'quack' + this_is_a_regular_var: moo + so_is_this: quack -# alternatively, they can ALSO be passed in from the outside: -# ansible-playbook foo.yml --extra-vars="foo=100 bar=101" -# or through external inventory scripts (see online API docs) + # alternatively, they can ALSO be passed in from the outside: + # ansible-playbook foo.yml --extra-vars="foo=100 bar=101" + # or through external inventory scripts (see online API docs) -# here's basic mode prompting. Specify a hash of variable names and a prompt for -# each. -# -# vars_prompt: -# release_version: "product release version" + # here's basic mode prompting. Specify a hash of variable names and a prompt for + # each. + # + # vars_prompt: + # release_version: "product release version" -# prompts can also be specified like this, allowing for hiding the prompt as -# entered. In the future, this may also be used to support crypted variables + # prompts can also be specified like this, allowing for hiding the prompt as + # entered. In the future, this may also be used to support crypted variables vars_prompt: - - name: "some_password" - prompt: "Enter password" - private: yes - - - name: "release_version" - prompt: "Product release version" - default: "my_default_version" - private: no - - - name: "my_password2" - prompt: "Enter password2" - private: yes - encrypt: "md5_crypt" - confirm: yes + - name: some_password + prompt: Enter password + private: true + + - name: release_version + prompt: Product release version + default: my_default_version + private: false + + - name: my_password2 + prompt: Enter password2 + private: true + encrypt: md5_crypt + confirm: true salt_size: 7 - salt: "foo" + salt: foo -# this is just a simple example to show that vars_prompt works, but -# you might ask for a tag to use with the git module or perhaps -# a package version to use with the yum module. + # this is just a simple example to show that vars_prompt works, but + # you might ask for a tag to use with the git module or perhaps + # a package version to use with the yum module. tasks: + - name: imagine this did something interesting with {{release_version}} + shell: echo foo >> /tmp/{{release_version}}-alpha - - name: imagine this did something interesting with {{release_version}} - shell: echo foo >> /tmp/{{release_version}}-alpha - - - name: look we crypted a password - shell: echo my password is {{my_password2}} - - - - + - name: look we crypted a password + shell: echo my password is {{my_password2}} diff --git a/language_features/rabbitmq.yml b/language_features/rabbitmq.yml index db6ebc7ce..953756554 100644 --- a/language_features/rabbitmq.yml +++ b/language_features/rabbitmq.yml @@ -6,37 +6,37 @@ rabbitmq_version: 3.0.2-1 tasks: - - name: ensure python-software-properties is installed - apt: pkg=python-software-properties state=installed + - name: ensure python-software-properties is installed + apt: pkg=python-software-properties state=installed - - name: add rabbitmq official apt repository - apt_repository: repo='deb http://www.rabbitmq.com/debian/ testing main' state=present + - name: add rabbitmq official apt repository + apt_repository: repo='deb http://www.rabbitmq.com/debian/ testing main' state=present - - name: add trusted key - apt_key: url=https://www.rabbitmq.com/rabbitmq-signing-key-public.asc state=present + - name: add trusted key + apt_key: url=https://www.rabbitmq.com/rabbitmq-signing-key-public.asc state=present - - name: install package - apt: name={{ item }} update_cache=yes state=installed - with_items: - - rabbitmq-server + - name: install package + apt: name={{ item }} update_cache=yes state=installed + with_items: + - rabbitmq-server - - name: enable rabbitmq plugins - rabbitmq_plugin: names=rabbitmq_management,rabbitmq_tracing,rabbitmq_federation state=enabled - notify: - - restart rabbitmq + - name: enable rabbitmq plugins + rabbitmq_plugin: names=rabbitmq_management,rabbitmq_tracing,rabbitmq_federation state=enabled + notify: + - restart rabbitmq - - name: add users - rabbitmq_user: user={{item.username}} password={{item.password}} tags=administrator,{{item.username}} vhost=/ configure_priv=.* write_priv=.* read_priv=.* state=present - with_items: - - { username: user1, password: changeme } - - { username: user2, password: changeme } + - name: add users + rabbitmq_user: user={{item.username}} password={{item.password}} tags=administrator,{{item.username}} vhost=/ configure_priv=.* write_priv=.* read_priv=.* state=present + with_items: + - { username: user1, password: changeme } + - { username: user2, password: changeme } - - name: remove default guest user - rabbitmq_user: user=guest state=absent + - name: remove default guest user + rabbitmq_user: user=guest state=absent - - name: ensure vhost /test is present - rabbitmq_vhost: name=/test state=present + - name: ensure vhost /test is present + rabbitmq_vhost: name=/test state=present handlers: - - name: restart rabbitmq - service: name=rabbitmq-server state=restarted + - name: restart rabbitmq + service: name=rabbitmq-server state=restarted diff --git a/language_features/register_logic.yml b/language_features/register_logic.yml index f31c0452f..398fcccdb 100644 --- a/language_features/register_logic.yml +++ b/language_features/register_logic.yml @@ -1,3 +1,4 @@ +--- # here's a cool advanced topic about how to perform conditional logic in ansible without resorting # to writing your own module that defines facts. You can do that too, and it's easy to do, but # often you just want to run a command and then decide whether to run some steps or not. That's @@ -8,41 +9,38 @@ hosts: all tasks: + # it is possible to save the result of any command in a named register. This variable will be made + # available to tasks and templates made further down in the execution flow. - # it is possible to save the result of any command in a named register. This variable will be made - # available to tasks and templates made further down in the execution flow. + - shell: grep hi /etc/motd + ignore_errors: true + register: motd_result - - shell: grep hi /etc/motd - ignore_errors: yes - register: motd_result + # and here we access the register. Note that variable is structured data because + # it is a return from the command module. The shell module makes available variables such as + # as 'stdout', 'stderr', and 'rc'. - # and here we access the register. Note that variable is structured data because - # it is a return from the command module. The shell module makes available variables such as - # as 'stdout', 'stderr', and 'rc'. + # here we run the next action only if the previous grep returned true - # here we run the next action only if the previous grep returned true + - shell: echo "motd contains the word hi" + when: motd_result.rc == 0 - - shell: echo "motd contains the word hi" - when: motd_result.rc == 0 + # alternatively: - # alternatively: + - shell: echo "motd contains the word hi" + when: motd_result.stdout.find('hi') != -1 - - shell: echo "motd contains the word hi" - when: motd_result.stdout.find('hi') != -1 + # or also: - # or also: - - - shell: echo "motd contains word hi" - when: "'hi' in motd_result.stdout" - - # you can use 'stdout_lines' to loop over the registered output lines - - name: motd lines matching 'hi' - shell: echo "{{ item }}" - with_items: motd_result.stdout_lines - - # you can also split 'stdout' yourself - - name: motd lines matching 'hi' - shell: echo "{{ item }}" - with_items: motd_result.stdout.split('\n') + - shell: echo "motd contains word hi" + when: "'hi' in motd_result.stdout" + # you can use 'stdout_lines' to loop over the registered output lines + - name: motd lines matching 'hi' + shell: echo "{{ item }}" + with_items: motd_result.stdout_lines + # you can also split 'stdout' yourself + - name: motd lines matching 'hi' + shell: echo "{{ item }}" + with_items: motd_result.stdout.split('\n') diff --git a/language_features/roles/foo/handlers/main.yml b/language_features/roles/foo/handlers/main.yml index 030b30f5e..ad093154c 100644 --- a/language_features/roles/foo/handlers/main.yml +++ b/language_features/roles/foo/handlers/main.yml @@ -1,5 +1,4 @@ --- - - name: blippy shell: echo notifier called, and the value of x is '{{ x }}' @@ -7,4 +6,3 @@ # can reference files in the same directory without doing anything special: # - include: other.yml - diff --git a/language_features/roles/foo/tasks/main.yml b/language_features/roles/foo/tasks/main.yml index 1642311f5..9bae9839d 100644 --- a/language_features/roles/foo/tasks/main.yml +++ b/language_features/roles/foo/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: copy operation copy: src=foo.txt dest=/tmp/roles_test1.txt @@ -10,5 +9,3 @@ - name: demo that parameterized roles work shell: echo just FYI, param1={{ param1 }}, param2 ={{ param2 }} - - diff --git a/language_features/roles/foo/vars/main.yml b/language_features/roles/foo/vars/main.yml index 68576ba28..833666250 100644 --- a/language_features/roles/foo/vars/main.yml +++ b/language_features/roles/foo/vars/main.yml @@ -1,3 +1,2 @@ --- -x: '{{ ansible_machine }}' - +x: "{{ ansible_machine }}" diff --git a/language_features/roletest.yml b/language_features/roletest.yml index ba320eca9..816b531d4 100644 --- a/language_features/roletest.yml +++ b/language_features/roletest.yml @@ -23,18 +23,15 @@ # referencing a "src=foo.j2" rather than having to explicitly path src=roles/foo/templates/foo.j2. --- +- hosts: all - - hosts: all + pre_tasks: + # these tasks are executed prior to roles. + # this might be a good time to signal an outage window or take a host out of a load balanced pool - pre_tasks: - - # these tasks are executed prior to roles. - # this might be a good time to signal an outage window or take a host out of a load balanced pool - - - local_action: shell echo "hi this is a pre_task step about {{ inventory_hostname }}" - - roles: + - local_action: shell echo "hi this is a pre_task step about {{ inventory_hostname }}" + roles: # a role can be listed flat like this: # # - common @@ -44,28 +41,23 @@ # a role more than once with different parameters too. It might look like the section # below. Note I can also declare tags at this time. - - { role: foo, param1: 1000, param2: 2000, tags: [ 'foo', 'bar' ] } - - { role: foo, param1: 8000, param2: 9000, tags: [ 'baz' ] } - - # add as many roles as you like, roles takes a list of roles names - # these paths can be qualified, but if bare, it will look from them in - # roles/{{rolename}} relative to the playbook - - # explicit tasks and handlers can be used, but are not required. - # they will run after the roles if present. - - tasks: - - # you can still have loose tasks/handlers and they will execute after roles are applied - - - shell: echo 'this is a loose task' + - { role: foo, param1: 1000, param2: 2000, tags: [foo, bar] } + - { role: foo, param1: 8000, param2: 9000, tags: [baz] } - post_tasks: + # add as many roles as you like, roles takes a list of roles names + # these paths can be qualified, but if bare, it will look from them in + # roles/{{rolename}} relative to the playbook - # just to provide a syntactic mirroring to 'pre_tasks', these run absolute last in the play. - # this might be a good time to put a host back in a load balanced pool or end an outage window + # explicit tasks and handlers can be used, but are not required. + # they will run after the roles if present. - - local_action: shell echo 'this is a post_task about {{ inventory_hostname }}' + tasks: + # you can still have loose tasks/handlers and they will execute after roles are applied + - shell: echo 'this is a loose task' + post_tasks: + # just to provide a syntactic mirroring to 'pre_tasks', these run absolute last in the play. + # this might be a good time to put a host back in a load balanced pool or end an outage window + - local_action: shell echo 'this is a post_task about {{ inventory_hostname }}' diff --git a/language_features/roletest2.yml b/language_features/roletest2.yml index 6042e869f..8d3b514f4 100644 --- a/language_features/roletest2.yml +++ b/language_features/roletest2.yml @@ -23,10 +23,8 @@ # referencing a "src=foo.j2" rather than having to explicitly path src=roles/foo/templates/foo.j2. --- - - - hosts: all - roles: - +- hosts: all + roles: # a role can be listed flat like this: # # - common @@ -35,22 +33,19 @@ # but you can also pass variables to them, so they can be parameterized. You can call # a role more than once with different parameters too. It might look like this: - - role: foo - param1: '{{ foo }}' - param2: '{{ some_var1 + "/" + some_var2 }}' - when: ansible_os_family == 'RedHat' - - # add as many roles as you like, roles takes a list of roles names - # these paths can be qualified, but if bare, it will look from them in - # roles/{{rolename}} relative to the playbook - - # explicit tasks and handlers can be used, but are not required. - # they will run after the roles if present. - - tasks: + - role: foo + param1: "{{ foo }}" + param2: '{{ some_var1 + "/" + some_var2 }}' + when: ansible_os_family == 'RedHat' - # you can still have loose tasks/handlers and they will execute after roles + # add as many roles as you like, roles takes a list of roles names + # these paths can be qualified, but if bare, it will look from them in + # roles/{{rolename}} relative to the playbook - - shell: echo 'this is a loose task' + # explicit tasks and handlers can be used, but are not required. + # they will run after the roles if present. + tasks: + # you can still have loose tasks/handlers and they will execute after roles + - shell: echo 'this is a loose task' diff --git a/language_features/selective_file_sources.yml b/language_features/selective_file_sources.yml index 49ae4193e..02d414600 100644 --- a/language_features/selective_file_sources.yml +++ b/language_features/selective_file_sources.yml @@ -7,22 +7,17 @@ - hosts: all tasks: + - name: template a config file + template: dest=/etc/imaginary_file.conf + first_available_file: + # first see if we have a file for this specific host + - /srv/whatever/{{ansible_hostname}}.conf - - name: template a config file - template: dest=/etc/imaginary_file.conf - first_available_file: - - # first see if we have a file for this specific host - - /srv/whatever/{{ansible_hostname}}.conf - - # next try to load something like CentOS6.2.conf - - /srv/whatever/{{ansible_distribution}}{{ansible_distribution_version}}.conf - - # next see if there's a CentOS.conf - - /srv/whatever/{{ansible_distribution}}.conf - - # finally give up and just use something generic - - /srv/whatever/default - + # next try to load something like CentOS6.2.conf + - /srv/whatever/{{ansible_distribution}}{{ansible_distribution_version}}.conf + # next see if there's a CentOS.conf + - /srv/whatever/{{ansible_distribution}}.conf + # finally give up and just use something generic + - /srv/whatever/default diff --git a/language_features/tags.yml b/language_features/tags.yml index 7a87e1419..728dad0f7 100644 --- a/language_features/tags.yml +++ b/language_features/tags.yml @@ -20,26 +20,24 @@ # the tag extra tags: - - extra + - extra tasks: - # this task will run if you don't specify any tags, # if you specify 'foo' or if you specify 'extra' - - name: hi - tags: ['foo'] - shell: echo "first task ran" + - name: hi + tags: [foo] + shell: echo "first task ran" - name: example play two hosts: all remote_user: root tasks: - - name: hi - tags: - - bar - shell: echo "second task ran" - - include: tasks/base.yml - tags: - - base - + - name: hi + tags: + - bar + shell: echo "second task ran" + - include: tasks/base.yml + tags: + - base diff --git a/language_features/tasks/base.yml b/language_features/tasks/base.yml index 475176c94..861c94efb 100644 --- a/language_features/tasks/base.yml +++ b/language_features/tasks/base.yml @@ -1,5 +1,4 @@ --- - # this is the example of an included tasks file. It contains a flat list of tasks # they can notify other tasks, and have full access to variables from 'vars' # or 'vars_files' directives. Further, if ohai or facter were installed on @@ -11,11 +10,13 @@ # like defining what makes up a webserver, or you might have a common 'base.yml' # (like this) that might be applied to all your systems as well. -- name: no selinux - command: /usr/sbin/setenforce 0 +- name: No selinux + ansible.builtin.command: /usr/sbin/setenforce 0 -- name: no iptables - service: name=iptables state=stopped +- name: No iptables + ansible.builtin.service: + name: iptables + state: stopped -- name: made up task just to show variables work here - command: /bin/echo release is $release +- name: Made up task just to show variables work here + ansible.builtin.command: /bin/echo release is $release diff --git a/language_features/upgraded_vars.yml b/language_features/upgraded_vars.yml index 1e5ee6971..371434550 100644 --- a/language_features/upgraded_vars.yml +++ b/language_features/upgraded_vars.yml @@ -1,30 +1,27 @@ # this just shows some tricks possible with variables in Ansible 1.2 and later. --- - - - hosts: all - - vars: - a_list: - - a - - b - - c - - tasks: - - debug: msg="hello {{ ansible_hostname.upper() }}" - - - shell: echo match - when: 2 == 2 - - - shell: echo no match - when: 2 == 2 + 1 - - - debug: msg="{{ ansible_os_family }}" - - - shell: echo {{ item }} - with_items: a_list - - - shell: echo 'RedHat' - when: ansible_os_family == 'RedHat' - - +- hosts: all + + vars: + a_list: + - a + - b + - c + + tasks: + - ansible.builtin.debug: + msg: '"hello {{ ansible_hostname.upper() }}"' + - ansible.builtin.command: echo match + when: 2 == 2 + + - ansible.builtin.command: echo no match + when: 2 == 2 + 1 + + - ansible.builtin.debug: + msg: '"{{ ansible_os_family }}"' + - ansible.builtin.command: echo {{ item }} + with_items: a_list + + - ansible.builtin.command: echo 'RedHat' + when: ansible_os_family == 'RedHat' diff --git a/language_features/user_commands.yml b/language_features/user_commands.yml index a2f49677c..5c9dc95cb 100644 --- a/language_features/user_commands.yml +++ b/language_features/user_commands.yml @@ -2,7 +2,8 @@ # this is a demo of how the user commands work and how to reference salted passwords # in vars sections. You could also use vars_files if you like (see other examples) -- hosts: all +- name: User commands + hosts: all remote_user: root vars: # created with: @@ -10,29 +11,52 @@ password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. tasks: - # Walk through account creation, modification, and deletion - - name: test basic user account creation - user: name=tset comment=TsetUser group=users shell=/sbin/nologin createhome=no - - # the following is just a simple example of how you don't have to include - # the 'name' element for each task - - - user: name=tset comment=NyetUser - - user: name=tset password={{password}} + - name: Test basic user account creation + ansible.builtin.user: + name: tset + comment: TsetUser + group: users + shell: /sbin/nologin + createhome: false + + # the following is just a simple example of how + + - name: Create user + ansible.builtin.user: + name: tset + comment: NyetUser + + - name: Create user + ansible.builtin.user: + name: tset + password: "{{ password }}" # The following will add the user to supplementary groups. - # Add the user to the groups dialout and uucp. - - user: name=tset groups=dialout,uucp + - name: Add the user to supplementary groups + ansible.builtin.user: + name: tset + groups: dialout,uucp # Add the user to the groups dialout and wheel, # This will remove tset from the group uucp. - - user: name=tset groups=dialout,wheel + - name: Add the user to the groups dialout and wheel + ansible.builtin.user: + name: tset + groups: dialout,wheel + append: true - # Add the user to the group uucp. Because append=yes, the user + # Add the user to the group uucp. Because # will not be removed from the groups dialout and wheel. - - user: name=tset groups=uucp append=yes + - name: Add the user to the group uucp + ansible.builtin.user: + name: tset + groups: uucp + append: true # Finally, remove the user. - - user: name=tset state=absent + - name: Remove user + ansible.builtin.user: + name: tset + state: absent diff --git a/language_features/zfs.yml b/language_features/zfs.yml index 6e7f76745..5798d1d0f 100644 --- a/language_features/zfs.yml +++ b/language_features/zfs.yml @@ -2,33 +2,46 @@ ## # Example Ansible playbook that uses the Zfs module. # - -- hosts: webservers - gather_facts: no - become: yes - become_method: sudo +- name: Zfs + hosts: webservers + gather_facts: false + become: true vars: pool: rpool tasks: - - - name: Create a zfs file system - zfs: name={{pool}}/var/log/httpd state=present - - - name: Create a zfs file system with quota of 10GiB and visible snapdir - zfs: name={{pool}}/ansible quota='10G' snapdir=visible state=present - - - name: Create zfs snapshot of the above file system - zfs: name={{pool}}/ansible@mysnapshot state=present - - - name: Create zfs volume named smallvol with a size of 10MiB - zfs: name={{pool}}/smallvol volsize=10M state=present - - - name: Removes snapshot of rpool/oldfs - zfs: name={{pool}}/oldfs@oldsnapshot state=absent - - - name: Removes file system rpool/oldfs - zfs: name={{pool}}/oldfs state=absent - - + - name: Create a zfs file system + community.general.zfs: + name: "{{ pool }}/var/log/httpd" + state: present + + - name: Create a zfs file system with quota of 10GiB and visible snapdir + community.general.zfs: + name: "{{ pool }}/ansible" + extra_zfs_properties: + quota: 10M + snapdir: enabled + state: present + + - name: Create zfs snapshot of the above file system + community.general.zfs: + name: "{{ pool }}/ansible@mysnapshot" + state: present + + - name: Create zfs volume named smallvol with a size of 10MiB + community.general.zfs: + name: "{{ pool }}/smallvol" + extra_zfs_properties: + volsize: 10M + state: present + + - name: Removes snapshot of rpool/oldfs + community.general.zfs: + name: "{{ pool }}/oldfs@oldsnapshot" + state: absent + + - name: Removes file system rpool/oldfs + community.general.zfs: + name: "{{ pool }}/oldfs" + state: absent From 48573acfee99ad26c6e8c0fdff876df5076d64dc Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 15:44:26 +0100 Subject: [PATCH 09/11] linter --- language_features/cloudformation.yaml | 4 +- language_features/complex_args.yml | 7 +-- language_features/postgresql.yml | 29 +++++++++--- language_features/prompts.yml | 5 +-- language_features/rabbitmq.yml | 65 ++++++++++++++++++--------- language_features/register_logic.yml | 14 +++--- language_features/roletest.yml | 4 +- language_features/roletest2.yml | 4 +- 8 files changed, 86 insertions(+), 46 deletions(-) diff --git a/language_features/cloudformation.yaml b/language_features/cloudformation.yaml index 6df5a50ae..7dd142dba 100644 --- a/language_features/cloudformation.yaml +++ b/language_features/cloudformation.yaml @@ -31,7 +31,7 @@ tasks: - name: Launch ansible cloudformation example amazon.aws.cloudformation: - stack_name: "ansible-cloudformation" + stack_name: ansible-cloudformation state: present region: us-east-1 disable_rollback: true @@ -46,4 +46,4 @@ - name: Show stack outputs ansible.builtin.debug: - msg: "My stack outputs are {{ stack.stack_outputs }}" + msg: My stack outputs are {{ stack.stack_outputs }} diff --git a/language_features/complex_args.yml b/language_features/complex_args.yml index b08d3a0f6..bcdb3320b 100644 --- a/language_features/complex_args.yml +++ b/language_features/complex_args.yml @@ -29,14 +29,15 @@ action: ping data='Hi Mom' - name: of course this can also be written like so, which is shorter - ping: data='Hi Mom' + ansible.builtin.ping: + data: 'Hi Mom' - name: but what if you have a complex module that needs complicated data? - ping: + ansible.builtin.ping: data: moo: cow asdf: [1, 2, 3, 4] - name: can we make that cleaner? sure! - ping: + ansible.builtin.ping: data: "{{ complex }}" diff --git a/language_features/postgresql.yml b/language_features/postgresql.yml index b1c971bd3..858726a5c 100644 --- a/language_features/postgresql.yml +++ b/language_features/postgresql.yml @@ -12,9 +12,13 @@ tasks: - name: ensure apt cache is up to date - apt: update_cache=yes + ansible.builtin.apt: + update_cache: true + - name: ensure packages are installed - apt: name={{item}} + ansible.builtin.apt: + name: "{{ item }}" + with_items: - postgresql - libpq-dev @@ -32,13 +36,26 @@ tasks: - name: ensure database is created - postgresql_db: name={{dbname}} + community.postgresql.postgresql_db: + name: "{{ dbname }}" - name: ensure user has access to database - postgresql_user: db={{dbname}} name={{dbuser}} password={{dbpassword}} priv=ALL + community.postgresql.postgresql_user: + name: "{{ dbuser }}" + db: "{{ dbname }}" + password: "{{ dbpassword }}" + priv: ALL - name: ensure user does not have unnecessary privilege - postgresql_user: name={{dbuser}} role_attr_flags=NOSUPERUSER,NOCREATEDB + community.postgresql.postgresql_user: + name: "{{ dbuser }}" + role_attr_flags: NOSUPERUSER,NOCREATEDB - name: ensure no other user can access the database - postgresql_privs: db={{dbname}} role=PUBLIC type=database priv=ALL state=absent + community.postgresql.postgresql_privs: + db: "{{ dbname }}" + role: PUBLIC + type: database + priv: ALL + state: absent + diff --git a/language_features/prompts.yml b/language_features/prompts.yml index 687dfaa73..6193e64dd 100644 --- a/language_features/prompts.yml +++ b/language_features/prompts.yml @@ -48,7 +48,6 @@ tasks: - name: imagine this did something interesting with {{release_version}} - shell: echo foo >> /tmp/{{release_version}}-alpha - + ansible.builtin.shell: echo foo >> /tmp/{{release_version}}-alpha - name: look we crypted a password - shell: echo my password is {{my_password2}} + ansible.builtin.shell: echo my password is {{my_password2}} diff --git a/language_features/rabbitmq.yml b/language_features/rabbitmq.yml index 953756554..9c982649c 100644 --- a/language_features/rabbitmq.yml +++ b/language_features/rabbitmq.yml @@ -6,37 +6,60 @@ rabbitmq_version: 3.0.2-1 tasks: - - name: ensure python-software-properties is installed - apt: pkg=python-software-properties state=installed + - name: Ensure python-software-properties is installed + ansible.builtin.apt: + pkg: python-software-properties + state: installed - - name: add rabbitmq official apt repository - apt_repository: repo='deb http://www.rabbitmq.com/debian/ testing main' state=present + - name: Add rabbitmq official apt repository + ansible.builtin.apt_repository: + repo: "deb http://www.rabbitmq.com/debian/ testing main" + state: present - - name: add trusted key - apt_key: url=https://www.rabbitmq.com/rabbitmq-signing-key-public.asc state=present + - name: Add trusted key + ansible.builtin.apt_key: + url: https://www.rabbitmq.com/rabbitmq-signing-key-public.asc + state: present - - name: install package - apt: name={{ item }} update_cache=yes state=installed + - name: Install package + ansible.builtin.apt: + name: "{{ item }}" + update_cache: "yes" + state: installed with_items: - rabbitmq-server - - name: enable rabbitmq plugins - rabbitmq_plugin: names=rabbitmq_management,rabbitmq_tracing,rabbitmq_federation state=enabled + - name: Enable rabbitmq plugins + community.rabbitmq.rabbitmq_plugin: + names: rabbitmq_management,rabbitmq_tracing,rabbitmq_federation + state: enabled notify: - - restart rabbitmq + - Restart rabbitmq - - name: add users - rabbitmq_user: user={{item.username}} password={{item.password}} tags=administrator,{{item.username}} vhost=/ configure_priv=.* write_priv=.* read_priv=.* state=present + - name: Add users + community.rabbitmq.rabbitmq_user: + user: "{{ item.username }}" + password: "{{ item.password }}" + tags: administrator,{{ item.username }} + vhost: / + configure_priv: .* + write_priv: .* + read_priv: .* + state: present with_items: - { username: user1, password: changeme } - { username: user2, password: changeme } - - name: remove default guest user - rabbitmq_user: user=guest state=absent - - - name: ensure vhost /test is present - rabbitmq_vhost: name=/test state=present - + - name: Remove default guest user + community.rabbitmq.rabbitmq_user: + user: guest + state: absent + - name: Ensure vhost /test is present + community.rabbitmq.rabbitmq_vhost: + name: /test + state: present handlers: - - name: restart rabbitmq - service: name=rabbitmq-server state=restarted + - name: Restart rabbitmq + ansible.builtin.service: + name: rabbitmq-server + state: restarted diff --git a/language_features/register_logic.yml b/language_features/register_logic.yml index 398fcccdb..faecacca8 100644 --- a/language_features/register_logic.yml +++ b/language_features/register_logic.yml @@ -4,7 +4,7 @@ # often you just want to run a command and then decide whether to run some steps or not. That's # easy to do, and here we'll show you how. -- name: test playbook +- name: Test playbook remote_user: root hosts: all @@ -12,7 +12,7 @@ # it is possible to save the result of any command in a named register. This variable will be made # available to tasks and templates made further down in the execution flow. - - shell: grep hi /etc/motd + - ansible.builtin.shell: grep hi /etc/motd ignore_errors: true register: motd_result @@ -22,25 +22,25 @@ # here we run the next action only if the previous grep returned true - - shell: echo "motd contains the word hi" + - ansible.builtin.shell: echo "motd contains the word hi" when: motd_result.rc == 0 # alternatively: - - shell: echo "motd contains the word hi" + - ansible.builtin.shell: echo "motd contains the word hi" when: motd_result.stdout.find('hi') != -1 # or also: - - shell: echo "motd contains word hi" + - ansible.builtin.shell: echo "motd contains word hi" when: "'hi' in motd_result.stdout" # you can use 'stdout_lines' to loop over the registered output lines - name: motd lines matching 'hi' - shell: echo "{{ item }}" + ansible.builtin.shell: echo "{{ item }}" with_items: motd_result.stdout_lines # you can also split 'stdout' yourself - name: motd lines matching 'hi' - shell: echo "{{ item }}" + ansible.builtin.shell: echo "{{ item }}" with_items: motd_result.stdout.split('\n') diff --git a/language_features/roletest.yml b/language_features/roletest.yml index 816b531d4..24d53c2b5 100644 --- a/language_features/roletest.yml +++ b/language_features/roletest.yml @@ -41,8 +41,8 @@ # a role more than once with different parameters too. It might look like the section # below. Note I can also declare tags at this time. - - { role: foo, param1: 1000, param2: 2000, tags: [foo, bar] } - - { role: foo, param1: 8000, param2: 9000, tags: [baz] } + - { role: foo, foo_param1: 1000, foo_param2: 2000, tags: [foo, bar] } + - { role: foo, foo_param1: 8000, foo_param2: 9000, tags: [baz] } # add as many roles as you like, roles takes a list of roles names # these paths can be qualified, but if bare, it will look from them in diff --git a/language_features/roletest2.yml b/language_features/roletest2.yml index 8d3b514f4..ca55a3eaa 100644 --- a/language_features/roletest2.yml +++ b/language_features/roletest2.yml @@ -34,8 +34,8 @@ # a role more than once with different parameters too. It might look like this: - role: foo - param1: "{{ foo }}" - param2: '{{ some_var1 + "/" + some_var2 }}' + foo_param1: "{{ foo }}" + foo_param2: '{{ some_var1 + "/" + some_var2 }}' when: ansible_os_family == 'RedHat' # add as many roles as you like, roles takes a list of roles names From b5f2d6f2e442d23014e7c3796bb553a48e2ad830 Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 16:36:53 +0100 Subject: [PATCH 10/11] linter --- lamp_haproxy/aws/demo-aws-launch.yml | 124 ++++++++-------- .../aws/roles/base-apache/tasks/main.yml | 12 +- lamp_haproxy/aws/roles/common/tasks/main.yml | 18 +-- lamp_haproxy/aws/roles/db/handlers/main.yml | 1 - lamp_haproxy/aws/roles/db/tasks/main.yml | 12 +- .../aws/roles/haproxy/handlers/main.yml | 1 - lamp_haproxy/aws/roles/haproxy/tasks/main.yml | 2 +- lamp_haproxy/aws/roles/nagios/tasks/main.yml | 18 +-- lamp_haproxy/aws/rolling_update.yml | 42 +++--- lamp_haproxy/aws/site.yml | 22 +-- lamp_haproxy/provision.yml | 134 ++++++++++-------- lamp_haproxy/roles/base-apache/tasks/main.yml | 20 +-- lamp_haproxy/roles/common/handlers/main.yml | 14 +- lamp_haproxy/roles/common/tasks/main.yml | 68 ++++++--- lamp_haproxy/roles/db/handlers/main.yml | 8 +- lamp_haproxy/roles/db/tasks/main.yml | 38 +++-- lamp_haproxy/roles/haproxy/handlers/main.yml | 16 ++- lamp_haproxy/roles/haproxy/tasks/main.yml | 15 +- lamp_haproxy/roles/nagios/handlers/main.yml | 14 +- lamp_haproxy/roles/nagios/tasks/main.yml | 72 ++++++---- lamp_haproxy/roles/web/tasks/main.yml | 5 +- lamp_haproxy/rolling_update.yml | 57 +++++--- lamp_haproxy/site.yml | 22 +-- lamp_simple/roles/common/handlers/main.yml | 5 +- lamp_simple/roles/common/tasks/main.yml | 14 +- lamp_simple/roles/db/handlers/main.yml | 10 +- lamp_simple/roles/db/tasks/main.yml | 36 ++--- lamp_simple/roles/web/handlers/main.yml | 5 +- lamp_simple/roles/web/tasks/copy_code.yml | 4 +- lamp_simple/roles/web/tasks/install_httpd.yml | 37 ++--- lamp_simple/roles/web/tasks/main.yml | 4 +- lamp_simple/site.yml | 6 +- .../roles/common/handlers/main.yml | 7 +- lamp_simple_rhel7/roles/common/tasks/main.yml | 28 ++-- lamp_simple_rhel7/roles/db/handlers/main.yml | 7 +- lamp_simple_rhel7/roles/db/tasks/main.yml | 66 +++++++-- .../roles/web/tasks/copy_code.yml | 9 +- .../roles/web/tasks/install_httpd.yml | 42 ++++-- lamp_simple_rhel7/site.yml | 6 +- language_features/complex_args.yml | 4 +- language_features/conditionals_part1.yml | 5 +- language_features/conditionals_part2.yml | 12 +- language_features/custom_filters.yml | 4 +- language_features/delegation.yml | 16 +-- language_features/environment.yml | 4 +- language_features/eucalyptus-ec2.yml | 32 ++++- language_features/file_secontext.yml | 27 +++- language_features/get_url.yml | 15 +- language_features/group_by.yml | 14 +- language_features/group_commands.yml | 18 ++- language_features/intermediate_example.yml | 23 +-- language_features/intro_example.yml | 30 ++-- language_features/loop_nested.yml | 4 +- language_features/loop_plugins.yml | 10 +- language_features/loop_with_items.yml | 33 +++-- language_features/mysql.yml | 15 +- language_features/netscaler.yml | 20 ++- language_features/rabbitmq.yml | 2 +- language_features/roles/foo/handlers/main.yml | 9 +- language_features/roles/foo/tasks/main.yml | 16 ++- 60 files changed, 798 insertions(+), 536 deletions(-) diff --git a/lamp_haproxy/aws/demo-aws-launch.yml b/lamp_haproxy/aws/demo-aws-launch.yml index 6c1d4092c..72e5f6c27 100644 --- a/lamp_haproxy/aws/demo-aws-launch.yml +++ b/lamp_haproxy/aws/demo-aws-launch.yml @@ -3,74 +3,74 @@ - name: Provision instances in AWS hosts: localhost connection: local - gather_facts: False + gather_facts: false # load AWS variables from this group vars file vars_files: - - group_vars/all + - group_vars/all tasks: - - name: Launch webserver instances - ec2: - access_key: "{{ ec2_access_key }}" - secret_key: "{{ ec2_secret_key }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_group }}" - type: "{{ ec2_instance_type }}" - image: "{{ ec2_image }}" - region: "{{ ec2_region }}" - instance_tags: "{'ansible_group':'webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count: "{{ ec2_instance_count }}" - wait: true - register: ec2 + - name: Launch webserver instances + ec2: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: "{'ansible_group':'webservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count: "{{ ec2_instance_count }}" + wait: true + register: ec2 - - name: Launch database instance - ec2: - access_key: "{{ ec2_access_key }}" - secret_key: "{{ ec2_secret_key }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_group }}" - type: "{{ ec2_instance_type }}" - image: "{{ ec2_image }}" - region: "{{ ec2_region }}" - instance_tags: "{'ansible_group':'dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count: "1" - wait: true - register: ec2 + - name: Launch database instance + ec2: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: "{'ansible_group':'dbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count: "1" + wait: true + register: ec2 - - name: Launch load balancing instance - ec2: - access_key: "{{ ec2_access_key }}" - secret_key: "{{ ec2_secret_key }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_group }}" - type: "{{ ec2_instance_type }}" - image: "{{ ec2_image }}" - region: "{{ ec2_region }}" - instance_tags: "{'ansible_group':'lbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count: "1" - wait: true - register: ec2 + - name: Launch load balancing instance + ec2: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: "{'ansible_group':'lbservers', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count: "1" + wait: true + register: ec2 - - name: Launch monitoring instance - ec2: - access_key: "{{ ec2_access_key }}" - secret_key: "{{ ec2_secret_key }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_group }}" - type: "{{ ec2_instance_type }}" - image: "{{ ec2_image }}" - region: "{{ ec2_region }}" - instance_tags: "{'ansible_group':'monitoring', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count: "1" - wait: true - register: ec2 + - name: Launch monitoring instance + ec2: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: "{'ansible_group':'monitoring', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count: "1" + wait: true + register: ec2 - - name: Wait for SSH to come up - wait_for: - host: "{{ item.public_dns_name }}" - port: 22 - delay: 60 - timeout: 320 - state: started - with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + wait_for: + host: "{{ item.public_dns_name }}" + port: 22 + delay: 60 + timeout: 320 + state: started + with_items: "{{ ec2.instances }}" diff --git a/lamp_haproxy/aws/roles/base-apache/tasks/main.yml b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml index 310d16404..9b6e4217e 100644 --- a/lamp_haproxy/aws/roles/base-apache/tasks/main.yml +++ b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml @@ -6,20 +6,20 @@ name: "{{ item }}" state: present with_items: - - httpd - - php - - php-mysql - - git + - httpd + - php + - php-mysql + - git - name: Configure SELinux to allow httpd to connect to remote database seboolean: name: httpd_can_network_connect_db state: true - persistent: yes + persistent: true when: sestatus.rc != 0 - name: http service state service: name: httpd state: started - enabled: yes + enabled: true diff --git a/lamp_haproxy/aws/roles/common/tasks/main.yml b/lamp_haproxy/aws/roles/common/tasks/main.yml index 2a3fabb0b..a0f416448 100644 --- a/lamp_haproxy/aws/roles/common/tasks/main.yml +++ b/lamp_haproxy/aws/roles/common/tasks/main.yml @@ -6,8 +6,8 @@ name: "{{ item }}" state: present with_items: - - libselinux-python - - libsemanage-python + - libselinux-python + - libsemanage-python - name: Create the repository for EPEL copy: @@ -24,12 +24,12 @@ name: "{{ item }}" state: present with_items: - - nagios-nrpe - - nagios-plugins-swap - - nagios-plugins-users - - nagios-plugins-procs - - nagios-plugins-load - - nagios-plugins-disk + - nagios-nrpe + - nagios-plugins-swap + - nagios-plugins-users + - nagios-plugins-procs + - nagios-plugins-load + - nagios-plugins-disk - name: Install ntp yum: @@ -48,7 +48,7 @@ service: name: ntpd state: started - enabled: yes + enabled: true tags: ntp # work around RHEL 7, for now diff --git a/lamp_haproxy/aws/roles/db/handlers/main.yml b/lamp_haproxy/aws/roles/db/handlers/main.yml index 0014f1426..0189f6c55 100644 --- a/lamp_haproxy/aws/roles/db/handlers/main.yml +++ b/lamp_haproxy/aws/roles/db/handlers/main.yml @@ -3,4 +3,3 @@ - name: restart mysql service: name=mysqld state=restarted - diff --git a/lamp_haproxy/aws/roles/db/tasks/main.yml b/lamp_haproxy/aws/roles/db/tasks/main.yml index b6b2f1fa3..7fcbad478 100644 --- a/lamp_haproxy/aws/roles/db/tasks/main.yml +++ b/lamp_haproxy/aws/roles/db/tasks/main.yml @@ -6,14 +6,14 @@ name: "{{ item }}" state: present with_items: - - mysql-server - - MySQL-python + - mysql-server + - MySQL-python - name: Configure SELinux to start mysql on any port seboolean: name: mysql_connect_any state: true - persistent: yes + persistent: true when: sestatus.rc != 0 - name: Create Mysql configuration file @@ -21,13 +21,13 @@ src: my.cnf.j2 dest: /etc/my.cnf notify: - - restart mysql + - restart mysql - name: Start Mysql Service service: name: mysqld state: started - enabled: yes + enabled: true - name: Create Application Database mysql_db: @@ -39,5 +39,5 @@ name: "{{ dbuser }}" password: "{{ upassword }}" priv: "*.*:ALL" - host: '%' + host: "%" state: present diff --git a/lamp_haproxy/aws/roles/haproxy/handlers/main.yml b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml index 1eade088e..4cff96e6d 100644 --- a/lamp_haproxy/aws/roles/haproxy/handlers/main.yml +++ b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml @@ -6,4 +6,3 @@ - name: reload haproxy service: name=haproxy state=reloaded - diff --git a/lamp_haproxy/aws/roles/haproxy/tasks/main.yml b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml index 637695ead..3a5c320c9 100644 --- a/lamp_haproxy/aws/roles/haproxy/tasks/main.yml +++ b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml @@ -16,4 +16,4 @@ service: name: haproxy state: started - enabled: yes + enabled: true diff --git a/lamp_haproxy/aws/roles/nagios/tasks/main.yml b/lamp_haproxy/aws/roles/nagios/tasks/main.yml index c4d2950ea..b364c24a9 100644 --- a/lamp_haproxy/aws/roles/nagios/tasks/main.yml +++ b/lamp_haproxy/aws/roles/nagios/tasks/main.yml @@ -6,14 +6,14 @@ pkg: "{{ item }}" state: present with_items: - - nagios - - nagios-plugins - - nagios-plugins-nrpe - - nagios-plugins-ping - - nagios-plugins-ssh - - nagios-plugins-http - - nagios-plugins-mysql - - nagios-devel + - nagios + - nagios-plugins + - nagios-plugins-nrpe + - nagios-plugins-ping + - nagios-plugins-ssh + - nagios-plugins-http + - nagios-plugins-mysql + - nagios-devel notify: restart httpd - name: create nagios config dir @@ -41,7 +41,7 @@ - name: create the nagios object files template: src: "{{ item + '.j2' }}" - dest: "/etc/nagios/ansible-managed/{{ item }}" + dest: /etc/nagios/ansible-managed/{{ item }} with_items: - webservers.cfg - dbservers.cfg diff --git a/lamp_haproxy/aws/rolling_update.yml b/lamp_haproxy/aws/rolling_update.yml index 7c01f4d60..93ab329b3 100644 --- a/lamp_haproxy/aws/rolling_update.yml +++ b/lamp_haproxy/aws/rolling_update.yml @@ -16,33 +16,33 @@ # These are the tasks to run before applying updates: pre_tasks: - - name: disable nagios alerts for this host webserver service - nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver' - delegate_to: "{{ item }}" - with_items: "{{ groups.tag_ansible_group_monitoring }}" + - name: disable nagios alerts for this host webserver service + nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver + delegate_to: "{{ item }}" + with_items: "{{ groups.tag_ansible_group_monitoring }}" - - name: disable the server in haproxy - haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' - delegate_to: "{{ item }}" - with_items: "{{ groups.tag_ansible_group_lbservers }}" + - name: disable the server in haproxy + haproxy: state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: "{{ groups.tag_ansible_group_lbservers }}" roles: - - web + - web ## Optionally, re-run the common and base-apache roles #- common #- base-apache # These tasks run after the roles: post_tasks: - - name: wait for webserver to come up - wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80' - - - name: enable the server in haproxy - haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' - delegate_to: "{{ item }}" - with_items: "{{ groups.tag_ansible_group_lbservers }}" - - - name: re-enable nagios alerts - nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver' - delegate_to: "{{ item }}" - with_items: "{{ groups.tag_ansible_group_monitoring }}" + - name: wait for webserver to come up + wait_for: host={{ inventory_hostname }} port=80 state=started timeout=80 + + - name: enable the server in haproxy + haproxy: state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: "{{ groups.tag_ansible_group_lbservers }}" + + - name: re-enable nagios alerts + nagios: action=enable_alerts host={{ inventory_hostname }} services=webserver + delegate_to: "{{ item }}" + with_items: "{{ groups.tag_ansible_group_monitoring }}" diff --git a/lamp_haproxy/aws/site.yml b/lamp_haproxy/aws/site.yml index 3ca193988..434eb2c79 100644 --- a/lamp_haproxy/aws/site.yml +++ b/lamp_haproxy/aws/site.yml @@ -5,16 +5,16 @@ - hosts: all roles: - - common + - common # Configure and deploy database servers. - hosts: tag_ansible_group_dbservers roles: - - db + - db tags: - - db + - db # Configure and deploy the web servers. Note that we include two roles here, # the 'base-apache' role which simply sets up Apache, and 'web' which includes @@ -22,27 +22,27 @@ - hosts: tag_ansible_group_webservers roles: - - base-apache - - web + - base-apache + - web tags: - - web + - web # Configure and deploy the load balancer(s). - hosts: tag_ansible_group_lbservers roles: - - haproxy + - haproxy tags: - - lb + - lb # Configure and deploy the Nagios monitoring node(s). - hosts: tag_ansible_group_monitoring roles: - - base-apache - - nagios + - base-apache + - nagios tags: - - monitoring + - monitoring diff --git a/lamp_haproxy/provision.yml b/lamp_haproxy/provision.yml index df5b7d4b6..a58ff9071 100644 --- a/lamp_haproxy/provision.yml +++ b/lamp_haproxy/provision.yml @@ -1,67 +1,87 @@ --- -#Provision some instances: -- hosts: localhost +- name: Provision some instances + hosts: localhost connection: local - gather_facts: False + gather_facts: false vars_files: - - group_vars/all + - group_vars/all tasks: - - name: Launch webserver instances - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="{{ ec2_image }}" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'{{ ec2_tag_webservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="{{ ec2_instance_count }}" - register: ec2 + - name: Launch webserver instances + amazon.aws.ec2_instance: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: + ansible_group: "{{ ec2_tag_webservers }}" + type: "{{ ec2_instance_type }}" + group: "{{ ec2_security_group }}" + Name: demo_{{ tower_user_name }} + count: "{{ ec2_instance_count }}" + register: ec2 - - name: Launch database instance - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="{{ ec2_image }}" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'{{ ec2_tag_dbservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="1" - register: ec2 + - name: Launch database instance + amazon.aws.ec2_instance: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: + ansible_group: "{{ ec2_tag_dbservers }}" + type: "{{ ec2_instance_type }}" + group: "{{ ec2_security_group }}" + Name: demo_{{ tower_user_name }} + count: "1" + register: ec2 - - name: Launch load balancing instance - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="{{ ec2_image }}" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'{{ ec2_tag_lbservers }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="1" - register: ec2 + - name: Launch load balancing instance + amazon.aws.ec2_instance: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: + ansible_group: "{{ ec2_tag_lbservers }}" + type: "{{ ec2_instance_type }}" + group: "{{ ec2_security_group }}" + Name: demo_{{ tower_user_name }} + count: "1" + register: ec2 - - name: Launch monitoring instance - ec2: > - access_key="{{ ec2_access_key }}" - secret_key="{{ ec2_secret_key }}" - keypair="{{ ec2_keypair }}" - group="{{ ec2_security_group }}" - type="{{ ec2_instance_type }}" - image="{{ ec2_image }}" - region="{{ ec2_region }}" - instance_tags="{'ansible_group':'{{ ec2_tag_monitoring }}', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count="1" - register: ec2 + - name: Launch monitoring instance + amazon.aws.ec2_instance: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: + ansible_group: "{{ ec2_tag_monitoring }}" + type: "{{ ec2_instance_type }}" + group: "{{ ec2_security_group }}" + Name: demo_{{ tower_user_name }} + count: "1" + register: ec2 - - - name: Wait for SSH to come up - local_action: wait_for host={{ item.public_dns_name }} - port=22 delay=60 timeout=320 state=started - with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + ansible.builtin.wait_for: + host: "{{ item.public_dns_name }} " + port: 22 + delay: 60 + timeout: 320 + state: started + delegate_to: localhost + with_items: "{{ ec2.instances }}" diff --git a/lamp_haproxy/roles/base-apache/tasks/main.yml b/lamp_haproxy/roles/base-apache/tasks/main.yml index 310d16404..65db24f68 100644 --- a/lamp_haproxy/roles/base-apache/tasks/main.yml +++ b/lamp_haproxy/roles/base-apache/tasks/main.yml @@ -2,24 +2,24 @@ # This role installs httpd - name: Install http - yum: + ansible.builtin.yum: name: "{{ item }}" state: present with_items: - - httpd - - php - - php-mysql - - git + - httpd + - php + - php-mysql + - git - name: Configure SELinux to allow httpd to connect to remote database - seboolean: + ansible.posix.seboolean: name: httpd_can_network_connect_db state: true - persistent: yes + persistent: true when: sestatus.rc != 0 -- name: http service state - service: +- name: Http service state + ansible.builtin.service: name: httpd state: started - enabled: yes + enabled: true diff --git a/lamp_haproxy/roles/common/handlers/main.yml b/lamp_haproxy/roles/common/handlers/main.yml index bca073701..37bb20368 100644 --- a/lamp_haproxy/roles/common/handlers/main.yml +++ b/lamp_haproxy/roles/common/handlers/main.yml @@ -1,8 +1,14 @@ --- # Handlers for common notifications -- name: restart ntp - service: name=ntpd state=restarted +- name: Restart ntp + ansible.builtin.service: + name: ntpd + state: restarted + listen: restart_ntp -- name: restart iptables - service: name=iptables state=restarted +- name: Restart iptables + ansible.builtin.service: + name: iptables + state: restarted + listen: restart_iptables diff --git a/lamp_haproxy/roles/common/tasks/main.yml b/lamp_haproxy/roles/common/tasks/main.yml index b82900c93..c22473f30 100644 --- a/lamp_haproxy/roles/common/tasks/main.yml +++ b/lamp_haproxy/roles/common/tasks/main.yml @@ -2,47 +2,69 @@ # This role contains common plays that will run on all nodes. - name: Install python bindings for SE Linux - yum: name={{ item }} state=present - with_items: - - libselinux-python - - libsemanage-python + ansible.builtin.yum: + name: "{{ item }}" + state: present + + loop: + - libselinux-python + - libsemanage-python - name: Create the repository for EPEL - copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo + ansible.builtin.copy: + src: epel.repo + dest: /etc/yum.repos.d/epel.repo - name: Create the GPG key for EPEL - copy: src=RPM-GPG-KEY-EPEL-6 dest=/etc/pki/rpm-gpg - -- name: install some useful nagios plugins - yum: name={{ item }} state=present - with_items: - - nagios-nrpe - - nagios-plugins-swap - - nagios-plugins-users - - nagios-plugins-procs - - nagios-plugins-load - - nagios-plugins-disk + ansible.builtin.copy: + src: RPM-GPG-KEY-EPEL-6 + dest: /etc/pki/rpm-gpg + +- name: Install some useful nagios plugins + ansible.builtin.yum: + name: "{{ item }}" + state: present + loop: + - nagios-nrpe + - nagios-plugins-swap + - nagios-plugins-users + - nagios-plugins-procs + - nagios-plugins-load + - nagios-plugins-disk - name: Install ntp - yum: name=ntp state=present + ansible.builtin.yum: + name: ntp + state: present + tags: ntp - name: Configure ntp file - template: src=ntp.conf.j2 dest=/etc/ntp.conf + ansible.builtin.template: + src: ntp.conf.j2 + dest: /etc/ntp.conf + tags: ntp notify: restart ntp - name: Start the ntp service - service: name=ntpd state=started enabled=yes + ansible.builtin.service: + name: ntpd + state: started + enabled: true + tags: ntp # work around RHEL 7, for now -- name: insert iptables template - template: src=iptables.j2 dest=/etc/sysconfig/iptables +- name: Insert iptables template + ansible.builtin.template: + src: iptables.j2 + dest: /etc/sysconfig/iptables + when: ansible_distribution_major_version != '7' notify: restart iptables -- name: test to see if selinux is running - command: getenforce +- name: Test to see if selinux is running + ansible.builtin.command: getenforce register: sestatus changed_when: false diff --git a/lamp_haproxy/roles/db/handlers/main.yml b/lamp_haproxy/roles/db/handlers/main.yml index 0014f1426..5ef1ed8bb 100644 --- a/lamp_haproxy/roles/db/handlers/main.yml +++ b/lamp_haproxy/roles/db/handlers/main.yml @@ -1,6 +1,8 @@ --- # Handler to handle DB tier notifications -- name: restart mysql - service: name=mysqld state=restarted - +- name: Restart mysql + ansible.builtin.service: + name: mysqld + state: restarted + listen: restart_mysql \ No newline at end of file diff --git a/lamp_haproxy/roles/db/tasks/main.yml b/lamp_haproxy/roles/db/tasks/main.yml index 71052795f..dc492c94c 100644 --- a/lamp_haproxy/roles/db/tasks/main.yml +++ b/lamp_haproxy/roles/db/tasks/main.yml @@ -2,25 +2,41 @@ # This role will install MySQL and create db user and give permissions. - name: Install Mysql package - yum: name={{ item }} state=present - with_items: - - mysql-server - - MySQL-python + ansible.builtin.yum: + name: "{{ item }}" + state: present + loop: + - mysql-server + - MySQL-python - name: Configure SELinux to start mysql on any port - seboolean: name=mysql_connect_any state=true persistent=yes + ansible.posix.seboolean: + name: mysql_connect_any + state: "true" + persistent: true when: sestatus.rc != 0 - name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf + ansible.builtin.template: + src: my.cnf.j2 + dest: /etc/my.cnf notify: - - restart mysql + - restart_mysql - name: Start Mysql Service - service: name=mysqld state=started enabled=yes - + ansible.builtin.service: + name: mysqld + state: started + enabled: true - name: Create Application Database - mysql_db: name={{ dbname }} state=present + community.mysql.mysql_db: + name: "{{ dbname }}" + state: present - name: Create Application DB User - mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present + community.mysql.mysql_user: + name: "{{ dbuser }}" + password: "{{ upassword }}" + priv: "*.*:ALL" + host: "'%'" + state: present diff --git a/lamp_haproxy/roles/haproxy/handlers/main.yml b/lamp_haproxy/roles/haproxy/handlers/main.yml index 1eade088e..8028d684f 100644 --- a/lamp_haproxy/roles/haproxy/handlers/main.yml +++ b/lamp_haproxy/roles/haproxy/handlers/main.yml @@ -1,9 +1,13 @@ --- # Handlers for HAproxy -- name: restart haproxy - service: name=haproxy state=restarted - -- name: reload haproxy - service: name=haproxy state=reloaded - +- name: Restart haproxy + ansible.builtin.service: + name: haproxy + state: restarted + listen: restart_haproxy +- name: Reload haproxy + ansible.builtin.service: + name: haproxy + state: reloaded + listen: reload_haproxy diff --git a/lamp_haproxy/roles/haproxy/tasks/main.yml b/lamp_haproxy/roles/haproxy/tasks/main.yml index aac53093d..e71953a97 100644 --- a/lamp_haproxy/roles/haproxy/tasks/main.yml +++ b/lamp_haproxy/roles/haproxy/tasks/main.yml @@ -2,11 +2,18 @@ # This role installs HAProxy and configures it. - name: Download and install haproxy - yum: name=haproxy state=present + ansible.builtin.yum: + name: haproxy + state: present - name: Configure the haproxy cnf file with hosts - template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg - notify: restart haproxy + ansible.builtin.template: + src: haproxy.cfg.j2 + dest: /etc/haproxy/haproxy.cfg + notify: restart_haproxy - name: Start the haproxy service - service: name=haproxy state=started enabled=yes + ansible.builtin.service: + name: haproxy + state: started + enabled: true diff --git a/lamp_haproxy/roles/nagios/handlers/main.yml b/lamp_haproxy/roles/nagios/handlers/main.yml index c0d887553..4e93a95d8 100644 --- a/lamp_haproxy/roles/nagios/handlers/main.yml +++ b/lamp_haproxy/roles/nagios/handlers/main.yml @@ -1,7 +1,13 @@ --- # handlers for nagios -- name: restart httpd - service: name=httpd state=restarted +- name: Restart httpd + ansible.builtin.service: + name: httpd + state: restarted + listen: restart_httpd -- name: restart nagios - service: name=nagios state=restarted +- name: Restart nagios + ansible.builtin.service: + name: nagios + state: restarted + listen: restart_nagios diff --git a/lamp_haproxy/roles/nagios/tasks/main.yml b/lamp_haproxy/roles/nagios/tasks/main.yml index 69e2d43ad..7fcf8e8db 100644 --- a/lamp_haproxy/roles/nagios/tasks/main.yml +++ b/lamp_haproxy/roles/nagios/tasks/main.yml @@ -1,41 +1,55 @@ --- # This will install nagios -- name: install nagios - yum: pkg={{ item }} state=present - with_items: - - nagios - - nagios-plugins - - nagios-plugins-nrpe - - nagios-plugins-ping - - nagios-plugins-ssh - - nagios-plugins-http - - nagios-plugins-mysql - - nagios-devel - notify: restart httpd +- name: Install nagios + ansible.builtin.yum: + pkg: "{{ item }}" + state: present + loop: + - nagios + - nagios-plugins + - nagios-plugins-nrpe + - nagios-plugins-ping + - nagios-plugins-ssh + - nagios-plugins-http + - nagios-plugins-mysql + - nagios-devel + notify: restart_httpd -- name: create nagios config dir - file: path=/etc/nagios/ansible-managed state=directory +- name: Create nagios config dir + ansible.builtin.file: + path: /etc/nagios/ansible-managed + state: directory -- name: configure nagios - copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg - notify: restart nagios +- name: Configure nagios + ansible.builtin.copy: + src: nagios.cfg + dest: /etc/nagios/nagios.cfg + notify: restart_nagios -- name: configure localhost monitoring - copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg - notify: restart nagios +- name: Configure localhost monitoring + ansible.builtin.copy: + src: localhost.cfg + dest: /etc/nagios/objects/localhost.cfg + notify: restart_nagios -- name: configure nagios services - copy: src=ansible-managed-services.cfg dest=/etc/nagios/ +- name: Configure nagios services + ansible.builtin.copy: + src: ansible-managed-services.cfg + dest: /etc/nagios/ -- name: create the nagios object files - template: src={{ item + ".j2" }} - dest=/etc/nagios/ansible-managed/{{ item }} - with_items: +- name: Create the nagios object files + ansible.builtin.template: + src: "{{ item }}" + dest: /etc/nagios/ansible-managed/ + loop: - webservers.cfg - dbservers.cfg - lbservers.cfg - notify: restart nagios + notify: restart_nagios -- name: start nagios - service: name=nagios state=started enabled=yes +- name: Start nagios + ansible.builtin.service: + name: nagios + state: started + enabled: true diff --git a/lamp_haproxy/roles/web/tasks/main.yml b/lamp_haproxy/roles/web/tasks/main.yml index e3141ac5e..62086e4c7 100644 --- a/lamp_haproxy/roles/web/tasks/main.yml +++ b/lamp_haproxy/roles/web/tasks/main.yml @@ -1,3 +1,6 @@ --- - name: Copy the code from repository - git: repo={{ repository }} version={{ webapp_version }} dest=/var/www/html/ + ansible.builtin.git: + repo: "{{ repository }}" + version: "{{ webapp_version }}" + dest: /var/www/html/ diff --git a/lamp_haproxy/rolling_update.yml b/lamp_haproxy/rolling_update.yml index 19569ea2f..5f99ca0a0 100644 --- a/lamp_haproxy/rolling_update.yml +++ b/lamp_haproxy/rolling_update.yml @@ -16,32 +16,43 @@ # These are the tasks to run before applying updates: pre_tasks: - - name: disable nagios alerts for this host webserver service - nagios: 'action=disable_alerts host={{ inventory_hostname }} services=webserver' - delegate_to: "{{ item }}" - with_items: "{{ groups.monitoring }}" + - name: Disable nagios alerts for this host webserver service + community.general.monitoring.nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver + delegate_to: "{{ item }}" + with_items: "{{ groups.monitoring }}" - - name: disable the server in haproxy - haproxy: 'state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' - delegate_to: "{{ item }}" - with_items: "{{ groups.lbservers }}" + - name: Disable the server in haproxy + community.general.net_tools.haproxy: state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: "{{ groups.lbservers }}" roles: - - common - - base-apache - - web + - common + - base-apache + - web # These tasks run after the roles: post_tasks: - - name: wait for webserver to come up - wait_for: 'host={{ inventory_hostname }} port=80 state=started timeout=80' - - - name: enable the server in haproxy - haproxy: 'state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats' - delegate_to: "{{ item }}" - with_items: "{{ groups.lbservers }}" - - - name: re-enable nagios alerts - nagios: 'action=enable_alerts host={{ inventory_hostname }} services=webserver' - delegate_to: "{{ item }}" - with_items: "{{ groups.monitoring }}" + - name: Wait for webserver to come up + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: "80" + state: started + timeout: "80" + + - name: Enable the server in haproxy + community.general.haproxy: + state: enabled + backend: myapplb + host: "{{ inventory_hostname }}" + socket: /var/lib/haproxy/stats + delegate_to: "{{ item }}" + with_items: "{{ groups.lbservers }}" + + - name: Re-enable nagios alerts + community.general.nagios: + action: enable_alerts + host: "{{ inventory_hostname }}" + services: webserver + delegate_to: "{{ item }}" + with_items: "{{ groups.monitoring }}" diff --git a/lamp_haproxy/site.yml b/lamp_haproxy/site.yml index 9cfc7562d..ae81d6353 100644 --- a/lamp_haproxy/site.yml +++ b/lamp_haproxy/site.yml @@ -5,16 +5,16 @@ - hosts: all roles: - - common + - common # Configure and deploy database servers. - hosts: dbservers roles: - - db + - db tags: - - db + - db # Configure and deploy the web servers. Note that we include two roles here, # the 'base-apache' role which simply sets up Apache, and 'web' which includes @@ -22,27 +22,27 @@ - hosts: webservers roles: - - base-apache - - web + - base-apache + - web tags: - - web + - web # Configure and deploy the load balancer(s). - hosts: lbservers roles: - - haproxy + - haproxy tags: - - lb + - lb # Configure and deploy the Nagios monitoring node(s). - hosts: monitoring roles: - - base-apache - - nagios + - base-apache + - nagios tags: - - monitoring + - monitoring diff --git a/lamp_simple/roles/common/handlers/main.yml b/lamp_simple/roles/common/handlers/main.yml index 89e2374fe..34607cccb 100644 --- a/lamp_simple/roles/common/handlers/main.yml +++ b/lamp_simple/roles/common/handlers/main.yml @@ -2,7 +2,8 @@ # Handler to handle common notifications. Handlers are called by other plays. # See http://docs.ansible.com/playbooks_intro.html for more information about handlers. -- name: restart ntp - service: +- name: Restart ntp + ansible.builtin.service: name: ntpd state: restarted + listen: restart_ntp diff --git a/lamp_simple/roles/common/tasks/main.yml b/lamp_simple/roles/common/tasks/main.yml index ceef3da09..9cecf47a3 100644 --- a/lamp_simple/roles/common/tasks/main.yml +++ b/lamp_simple/roles/common/tasks/main.yml @@ -2,26 +2,26 @@ # This playbook contains common plays that will be run on all nodes. - name: Install ntp - yum: + ansible.builtin.yum: name: ntp state: present tags: ntp - name: Configure ntp file - template: + ansible.builtin.template: src: ntp.conf.j2 dest: /etc/ntp.conf tags: ntp - notify: restart ntp + notify: restart_ntp - name: Start the ntp service - service: + ansible.builtin.service: name: ntpd state: started - enabled: yes + enabled: true tags: ntp -- name: test to see if selinux is running - command: getenforce +- name: Test to see if selinux is running + ansible.builtin.command: getenforce register: sestatus changed_when: false diff --git a/lamp_simple/roles/db/handlers/main.yml b/lamp_simple/roles/db/handlers/main.yml index 43e3c9a5d..9e438ac88 100644 --- a/lamp_simple/roles/db/handlers/main.yml +++ b/lamp_simple/roles/db/handlers/main.yml @@ -1,12 +1,14 @@ --- # Handler to handle DB tier notifications -- name: restart mysql - service: +- name: Restart mysql + ansible.builtin.service: name: mysqld state: restarted + listen: restart_mysql -- name: restart iptables - service: +- name: Restart iptables + ansible.builtin.service: name: iptables state: restarted + listen: restart_iptables diff --git a/lamp_simple/roles/db/tasks/main.yml b/lamp_simple/roles/db/tasks/main.yml index 2afc4061c..3ddef63d4 100644 --- a/lamp_simple/roles/db/tasks/main.yml +++ b/lamp_simple/roles/db/tasks/main.yml @@ -2,53 +2,53 @@ # This playbook will install mysql and create db user and give permissions. - name: Install Mysql package - yum: + ansible.builtin.yum: name: "{{ item }}" state: installed with_items: - - mysql-server - - MySQL-python - - libselinux-python - - libsemanage-python + - mysql-server + - MySQL-python + - libselinux-python + - libsemanage-python - name: Configure SELinux to start mysql on any port - seboolean: + ansible.posix.seboolean: name: mysql_connect_any state: true - persistent: yes + persistent: true when: sestatus.rc != 0 - name: Create Mysql configuration file - template: + ansible.builtin.template: src: my.cnf.j2 dest: /etc/my.cnf notify: - - restart mysql + - restart_mysql - name: Start Mysql Service - service: + ansible.builtin.service: name: mysqld state: started - enabled: yes + enabled: true -- name: insert iptables rule - lineinfile: +- name: Insert iptables rule + ansible.builtin.lineinfile: dest: /etc/sysconfig/iptables state: present regexp: "{{ mysql_port }}" insertafter: "^:OUTPUT " - line: "-A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT" - notify: restart iptables + line: -A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT + notify: restart_iptables - name: Create Application Database - mysql_db: + community.mysql.mysql_db: name: "{{ dbname }}" state: present - name: Create Application DB User - mysql_user: + community.mysql.mysql_user: name: "{{ dbuser }}" password: "{{ upassword }}" priv: "*.*:ALL" - host: '%' + host: "%" state: present diff --git a/lamp_simple/roles/web/handlers/main.yml b/lamp_simple/roles/web/handlers/main.yml index 52ef3c90d..fa32ad8f5 100644 --- a/lamp_simple/roles/web/handlers/main.yml +++ b/lamp_simple/roles/web/handlers/main.yml @@ -2,7 +2,8 @@ # Handler for the webtier: handlers are called by other plays. # See http://docs.ansible.com/playbooks_intro.html for more information about handlers. -- name: restart iptables - service: +- name: Restart iptables + ansible.builtin.service: name: iptables state: restarted + listen: restart_iptables diff --git a/lamp_simple/roles/web/tasks/copy_code.yml b/lamp_simple/roles/web/tasks/copy_code.yml index 71c8971ec..3767d967f 100644 --- a/lamp_simple/roles/web/tasks/copy_code.yml +++ b/lamp_simple/roles/web/tasks/copy_code.yml @@ -3,11 +3,11 @@ # the version control system. - name: Copy the code from repository - git: + ansible.builtin.git: repo: "{{ repository }}" dest: /var/www/html/ - name: Creates the index.php file - template: + ansible.builtin.template: src: index.php.j2 dest: /var/www/html/index.php diff --git a/lamp_simple/roles/web/tasks/install_httpd.yml b/lamp_simple/roles/web/tasks/install_httpd.yml index 4de593d95..00f542fe2 100644 --- a/lamp_simple/roles/web/tasks/install_httpd.yml +++ b/lamp_simple/roles/web/tasks/install_httpd.yml @@ -2,36 +2,37 @@ # These tasks install http and the php modules. - name: Install http and php etc - yum: - name: "{{ item }}" + ansible.builtin.yum: + name: "{{ packages }}" state: present - with_items: - - httpd - - php - - php-mysql - - git - - libsemanage-python - - libselinux-python + vars: + packages: + - httpd + - php + - php-mysql + - git + - libsemanage-python + - libselinux-python -- name: insert iptables rule for httpd - lineinfile: +- name: Insert iptables rule for httpd + ansible.builtin.lineinfile: dest: /etc/sysconfig/iptables - create: yes + create: true state: present regexp: "{{ httpd_port }}" insertafter: "^:OUTPUT " - line: "-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT" + line: -A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT notify: restart iptables -- name: http service state - service: +- name: Http service state + ansible.builtin.service: name: httpd state: started - enabled: yes + enabled: true - name: Configure SELinux to allow httpd to connect to remote database - seboolean: + ansible.posix.seboolean: name: httpd_can_network_connect_db state: true - persistent: yes + persistent: true when: sestatus.rc != 0 diff --git a/lamp_simple/roles/web/tasks/main.yml b/lamp_simple/roles/web/tasks/main.yml index 796842edf..7e92a59d6 100644 --- a/lamp_simple/roles/web/tasks/main.yml +++ b/lamp_simple/roles/web/tasks/main.yml @@ -1,3 +1,3 @@ --- -- include: install_httpd.yml -- include: copy_code.yml +- ansible.builtin.include_tasks: install_httpd.yml +- ansible.builtin.include_tasks: copy_code.yml diff --git a/lamp_simple/site.yml b/lamp_simple/site.yml index 44a74bf30..0f8a8538a 100644 --- a/lamp_simple/site.yml +++ b/lamp_simple/site.yml @@ -1,21 +1,21 @@ --- # This playbook deploys the whole application stack in this site. -- name: apply common configuration to all nodes +- name: Apply common configuration to all nodes hosts: all remote_user: root roles: - common -- name: configure and deploy the webservers and application code +- name: Configure and deploy the webservers and application code hosts: webservers remote_user: root roles: - web -- name: deploy MySQL and configure the databases +- name: Deploy MySQL and configure the databases hosts: dbservers remote_user: root diff --git a/lamp_simple_rhel7/roles/common/handlers/main.yml b/lamp_simple_rhel7/roles/common/handlers/main.yml index 007bd67f0..34607cccb 100644 --- a/lamp_simple_rhel7/roles/common/handlers/main.yml +++ b/lamp_simple_rhel7/roles/common/handlers/main.yml @@ -2,5 +2,8 @@ # Handler to handle common notifications. Handlers are called by other plays. # See http://docs.ansible.com/playbooks_intro.html for more information about handlers. -- name: restart ntp - service: name=ntpd state=restarted +- name: Restart ntp + ansible.builtin.service: + name: ntpd + state: restarted + listen: restart_ntp diff --git a/lamp_simple_rhel7/roles/common/tasks/main.yml b/lamp_simple_rhel7/roles/common/tasks/main.yml index 3a19948af..572a00e75 100644 --- a/lamp_simple_rhel7/roles/common/tasks/main.yml +++ b/lamp_simple_rhel7/roles/common/tasks/main.yml @@ -2,21 +2,31 @@ # This playbook contains common plays that will be run on all nodes. - name: Install ntp - yum: name=ntp state=present + ansible.builtin.yum: + name: ntp + state: present tags: ntp - name: Install common dependencies - yum: name={{ item }} state=installed - with_items: - - libselinux-python - - libsemanage-python - - firewalld + ansible.builtin.yum: + name: "{{ packages }}" + state: installed + vars: + packages: + - libselinux-python + - libsemanage-python + - firewalld - name: Configure ntp file - template: src=ntp.conf.j2 dest=/etc/ntp.conf + ansible.builtin.template: + src: ntp.conf.j2 + dest: /etc/ntp.conf tags: ntp - notify: restart ntp + notify: restart_ntp - name: Start the ntp service - service: name=ntpd state=started enabled=yes + ansible.builtin.service: + name: ntpd + state: started + enabled: true tags: ntp diff --git a/lamp_simple_rhel7/roles/db/handlers/main.yml b/lamp_simple_rhel7/roles/db/handlers/main.yml index 37c068354..cc34ca14a 100644 --- a/lamp_simple_rhel7/roles/db/handlers/main.yml +++ b/lamp_simple_rhel7/roles/db/handlers/main.yml @@ -1,5 +1,8 @@ --- # Handler to handle DB tier notifications -- name: restart mariadb - service: name=mariadb state=restarted +- name: Restart mariadb + ansible.builtin.service: + name: mariadb + state: restarted + listen: restart_mariadb diff --git a/lamp_simple_rhel7/roles/db/tasks/main.yml b/lamp_simple_rhel7/roles/db/tasks/main.yml index 27a2f42cc..f32ea3953 100644 --- a/lamp_simple_rhel7/roles/db/tasks/main.yml +++ b/lamp_simple_rhel7/roles/db/tasks/main.yml @@ -2,36 +2,72 @@ # This playbook will install MariaDB and create db user and give permissions. - name: Install MariaDB package - yum: name={{ item }} state=installed - with_items: - - mariadb-server - - MySQL-python + ansible.builtin.yum: + name: "{{ packages }}" + state: installed + vars: + packages: + - mariadb-server + - MySQL-python - name: Configure SELinux to start mysql on any port - seboolean: name=mysql_connect_any state=true persistent=yes + ansible.posix.seboolean: + name: mysql_connect_any + state: true + persistent: true - name: Create Mysql configuration file - template: src=my.cnf.j2 dest=/etc/my.cnf + ansible.builtin.template: + src: my.cnf.j2 + dest: /etc/my.cnf notify: - - restart mariadb + - restart_mariadb - name: Create MariaDB log file - file: path=/var/log/mysqld.log state=touch owner=mysql group=mysql mode=0775 + ansible.builtin.file: + path: /var/log/mysqld.log + state: touch + owner: mysql + group: mysql + mode: "0775" - name: Create MariaDB PID directory - file: path=/var/run/mysqld state=directory owner=mysql group=mysql mode=0775 + ansible.builtin.file: + path: /var/run/mysqld + state: directory + owner: mysql + group: mysql + mode: "0775" - name: Start MariaDB Service - service: name=mariadb state=started enabled=yes + ansible.builtin.service: + name: mariadb + state: started + enabled: true - name: Start firewalld - service: name=firewalld state=started enabled=yes + ansible.builtin.service: + name: firewalld + state: started + enabled: true -- name: insert firewalld rule - firewalld: port={{ mysql_port }}/tcp permanent=true state=enabled immediate=yes +- name: Insert firewalld rule + ansible.posix.firewalld: + port: "{{ mysql_port }}/tcp" + permanent: true + state: enabled + immediate: true - name: Create Application Database - mysql_db: name={{ dbname }} state=present + community.mysql.mysql_db: + name: "{{ dbname }}" + state: present - name: Create Application DB User - mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present + community.mysql.mysql_user: + name: "{{ dbuser }}" + password: "{{ upassword }} " + priv: "*.*:ALL" + host: "'%'" + state: present + diff --git a/lamp_simple_rhel7/roles/web/tasks/copy_code.yml b/lamp_simple_rhel7/roles/web/tasks/copy_code.yml index 6677cab99..5bb47b84e 100644 --- a/lamp_simple_rhel7/roles/web/tasks/copy_code.yml +++ b/lamp_simple_rhel7/roles/web/tasks/copy_code.yml @@ -3,7 +3,12 @@ # the version control system. - name: Copy the code from repository - git: repo={{ repository }} dest=/var/www/html/ + ansible.builtin.git: + repo: "{{ repository }}" + dest: /var/www/html/ - name: Creates the index.php file - template: src=index.php.j2 dest=/var/www/html/index.php + ansible.builtin.template: + src: index.php.j2 + dest: /var/www/html/index.php + diff --git a/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml b/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml index ede2ea823..b229c5c9a 100644 --- a/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml +++ b/lamp_simple_rhel7/roles/web/tasks/install_httpd.yml @@ -2,25 +2,43 @@ # These tasks install http and the php modules. - name: Install httpd and php - yum: name={{ item }} state=present + ansible.builtin.yum: + name: "{{ item }}" + state: present with_items: - - httpd - - php - - php-mysql + - httpd + - php + - php-mysql - name: Install web role specific dependencies - yum: name={{ item }} state=installed + ansible.builtin.yum: + name: "{{ item }}" + state: installed with_items: - - git + - git - name: Start firewalld - service: name=firewalld state=started enabled=yes + ansible.builtin.service: + name: firewalld + state: started + enabled: true -- name: insert firewalld rule for httpd - firewalld: port={{ httpd_port }}/tcp permanent=true state=enabled immediate=yes +- name: Insert firewalld rule for httpd + ansible.posix.firewalld: + port: "{{ httpd_port }}/tcp" + permanent: true + state: enabled + immediate: true -- name: http service state - service: name=httpd state=started enabled=yes +- name: Http service state + ansible.builtin.service: + name: httpd + state: started + enabled: true - name: Configure SELinux to allow httpd to connect to remote database - seboolean: name=httpd_can_network_connect_db state=true persistent=yes + ansible.posix.seboolean: + name: httpd_can_network_connect_db + state: true + persistent: true + diff --git a/lamp_simple_rhel7/site.yml b/lamp_simple_rhel7/site.yml index 44a74bf30..0f8a8538a 100644 --- a/lamp_simple_rhel7/site.yml +++ b/lamp_simple_rhel7/site.yml @@ -1,21 +1,21 @@ --- # This playbook deploys the whole application stack in this site. -- name: apply common configuration to all nodes +- name: Apply common configuration to all nodes hosts: all remote_user: root roles: - common -- name: configure and deploy the webservers and application code +- name: Configure and deploy the webservers and application code hosts: webservers remote_user: root roles: - web -- name: deploy MySQL and configure the databases +- name: Deploy MySQL and configure the databases hosts: dbservers remote_user: root diff --git a/language_features/complex_args.yml b/language_features/complex_args.yml index bcdb3320b..61c8c005d 100644 --- a/language_features/complex_args.yml +++ b/language_features/complex_args.yml @@ -29,8 +29,8 @@ action: ping data='Hi Mom' - name: of course this can also be written like so, which is shorter - ansible.builtin.ping: - data: 'Hi Mom' + ansible.builtin.ping: + data: Hi Mom - name: but what if you have a complex module that needs complicated data? ansible.builtin.ping: diff --git a/language_features/conditionals_part1.yml b/language_features/conditionals_part1.yml index 8ee6f0d80..444935a36 100644 --- a/language_features/conditionals_part1.yml +++ b/language_features/conditionals_part1.yml @@ -27,7 +27,6 @@ vars_files: - vars/external_vars.yml - - ["vars/{{ facter_operatingsystem }}.yml", vars/defaults.yml] # and this is just a regular task line from a playbook, as we're used to. @@ -39,4 +38,6 @@ action: "{{ packager }} pkg={{ apache }} state=latest" - name: ensure apache is running - service: name={{ apache }} state=running + ansible.builtin.service: + name: "{{ apache }}" + state: running diff --git a/language_features/conditionals_part2.yml b/language_features/conditionals_part2.yml index 71f83c43c..ec609a322 100644 --- a/language_features/conditionals_part2.yml +++ b/language_features/conditionals_part2.yml @@ -13,25 +13,25 @@ tasks: - name: do this if my favcolor is blue, and my dog is named fido - shell: /bin/false + ansible.builtin.command: /bin/false when: favcolor == 'blue' and dog == 'fido' - name: do this if my favcolor is not blue, and my dog is named fido - shell: /bin/true + ansible.builtin.command: /bin/true when: favcolor != 'blue' and dog == 'fido' - name: do this if my SSN is over 9000 - shell: /bin/true + ansible.builtin.command: /bin/true when: ssn > 9000 - name: do this if I have one of these SSNs - shell: /bin/true + ansible.builtin.command: /bin/true when: ssn in [ 8675309, 8675310, 8675311 ] - name: do this if a variable named hippo is NOT defined - shell: /bin/true + ansible.builtin.command: /bin/true when: hippo is not defined - name: do this if a variable named hippo is defined - shell: /bin/true + ansible.builtin.command: /bin/true when: hippo is defined diff --git a/language_features/custom_filters.yml b/language_features/custom_filters.yml index 96e3466b2..daed4a8c2 100644 --- a/language_features/custom_filters.yml +++ b/language_features/custom_filters.yml @@ -2,4 +2,6 @@ - name: Demonstrate custom jinja2 filters hosts: all tasks: - - template: src=templates/custom-filters.j2 dest=/tmp/custom-filters.txt + - ansible.builtin.template: + src: templates/custom-filters.j2 + dest: /tmp/custom-filters.txt diff --git a/language_features/delegation.yml b/language_features/delegation.yml index 7a67221eb..d0bf5794b 100644 --- a/language_features/delegation.yml +++ b/language_features/delegation.yml @@ -9,7 +9,7 @@ # This example cheats by replacing the load balancer script with the 'echo' command, # leaving actual communication with the load balancer as an exercise to the reader. In reality, # you could call anything you want, the main thing is that it should do something with -# {{inventory_hostname}} +# {{ inventory_hostname }} # NOTE: see batch_size_control.yml for an example of the 'serial' keyword, which you almost certainly # want to use in this kind of example. Here we have a mocked up example that does something to @@ -19,18 +19,18 @@ serial: 5 tasks: - - name: take the machine out of rotation - command: echo taking out of rotation {{inventory_hostname}} + - name: Take the machine out of rotation + ansible.builtin.command: echo taking out of rotation {{ inventory_hostname }} delegate_to: 127.0.0.1 # here's an alternate notation if you are delegating to 127.0.0.1, you can use 'local_action' # instead of 'action' and leave off the 'delegate_to' part. # - # - local_action: command echo taking out of rotation {{inventory_hostname}} + # - local_action: command echo taking out of rotation {{ inventory_hostname }} - - name: do several things on the actual host - command: echo hi mom {{inventory_hostname}} + - name: Do several things on the actual host + ansible.builtin.command: echo hi mom {{ inventory_hostname }} - - name: put machine back into rotation - command: echo inserting into rotation {{inventory_hostname}} + - name: Put machine back into rotation + ansible.builtin.command: echo inserting into rotation {{ inventory_hostname }} delegate_to: 127.0.0.1 diff --git a/language_features/environment.yml b/language_features/environment.yml index d773fc82e..334e158c6 100644 --- a/language_features/environment.yml +++ b/language_features/environment.yml @@ -17,11 +17,11 @@ # here we just define the dictionary directly and use it # (here $HI is the shell variable as nothing in Ansible will replace it) - - shell: echo $HI + - ansible.builtin.shell: echo $HI environment: HI: test1 # here we are using the "env" map variable above - - shell: echo $HI + - ansible.builtin.shell: echo $HI environment: "{{ env }}" diff --git a/language_features/eucalyptus-ec2.yml b/language_features/eucalyptus-ec2.yml index 6c6963c73..851762e64 100644 --- a/language_features/eucalyptus-ec2.yml +++ b/language_features/eucalyptus-ec2.yml @@ -27,24 +27,39 @@ tasks: - name: Launch instance - ec2: keypair={{keypair}} group={{security_group}} instance_type={{instance_type}} image={{image}} wait=true count=5 + amazon.aws.ec2_instance: + keypair: "{{ keypair }}" + group: "{{ security_group }}" + instance_type: "{{ instance_type }}" + image: "{{ image }}" + wait: "true" + count: "5" register: ec2 # Use with_items to add each instances public IP to a new hostgroup for use in the next play. - name: Add new instances to host group - add_host: hostname={{item.public_ip}} groupname=deploy + ansible.builtin.add_host: + hostname: "{{ item.public_ip }}" + groupname: deploy with_items: ec2.instances - name: Wait for the instances to boot by checking the ssh port - wait_for: host={{item.public_dns_name}} port=22 delay=60 timeout=320 state=started + ansible.builtin.wait_for: + host: "{{ item.public_dns_name }}" + port: "22" + delay: "60" + timeout: "320" + state: started with_items: ec2.instances # Use the ec2_vol module to create volumes for attachment to each instance. # Use with_items to attach to each instance (by returned id) launched previously. - name: Create a volume and attach - ec2_vol: volume_size=20 instance={{item.id}} + amazon.aws.ec2_vol: + volume_size: "20" + instance: "{{ item.id }}" with_items: ec2.instances # This play targets the new host group @@ -56,7 +71,10 @@ tasks: - name: Ensure NTP is up and running - service: name=ntpd state=started - + ansible.builtin.service: + name: ntpd + state: started - name: Install Apache Web Server - yum: pkg=httpd state=latest + ansible.builtin.yum: + pkg: httpd + state: latest # noqa package-latest diff --git a/language_features/file_secontext.yml b/language_features/file_secontext.yml index 65b0d31fa..86d5511b8 100644 --- a/language_features/file_secontext.yml +++ b/language_features/file_secontext.yml @@ -4,14 +4,29 @@ remote_user: root tasks: - name: Change setype of /etc/exports to non-default value - file: path=/etc/exports setype=etc_t + ansible.builtin.file: + path: /etc/exports + setype: etc_t + - name: Change seuser of /etc/exports to non-default value - file: path=/etc/exports seuser=unconfined_u + ansible.builtin.file: + path: /etc/exports + seuser: unconfined_u + - name: Set selinux context back to default value - file: path=/etc/exports context=default + ansible.builtin.file: + path: /etc/exports + context: default + - name: Create empty file - command: /bin/touch /tmp/foo + ansible.builtin.command: /bin/touch /tmp/foo - name: Change setype of /tmp/foo - file: path=/tmp/foo setype=default_t + ansible.builtin.file: + path: /tmp/foo + setype: default_t + - name: Try to set secontext to default, but this will fail because of the lack of a default in the policy - file: path=/tmp/foo context=default + ansible.builtin.file: + path: /tmp/foo + context: default + diff --git a/language_features/get_url.yml b/language_features/get_url.yml index b21c04f13..64013dcb0 100644 --- a/language_features/get_url.yml +++ b/language_features/get_url.yml @@ -5,12 +5,19 @@ - person: Susie%20Smith tasks: - name: Create directory for jQuery - file: dest={{jquery_directory}} state=directory mode=0755 + ansible.builtin.file: + dest: "{{ jquery_directory }}" + state: directory + mode: "0755" + - name: Grab a bunch of jQuery stuff - get_url: url=http://code.jquery.com/{{item}} dest={{jquery_directory}} mode=0444 - with_items: + ansible.builtin.get_url: + url: http://code.jquery.com/{{ item }} + dest: "{{ jquery_directory }}" + mode: "0444" + loop: - jquery.min.js - mobile/latest/jquery.mobile.min.js - ui/jquery-ui-git.css #- name: Pass urlencoded name to CGI - # get_url: url=http://example.com/name.cgi?name='{{person}}' dest=/tmp/test + # get_url: url=http://example.com/name.cgi?name='{{ person }}' dest=/tmp/test diff --git a/language_features/group_by.yml b/language_features/group_by.yml index a8908afa5..df4e6d9e3 100644 --- a/language_features/group_by.yml +++ b/language_features/group_by.yml @@ -12,19 +12,17 @@ tasks: - name: Create a group of all hosts by operating system - group_by: key={{ansible_distribution}}-{{ansible_distribution_version}} - -# the following host group does not exist in inventory and was created by the group_by -# module. + ansible.builtin.group_by: + key: "{{ ansible_distribution }}-{{ ansible_distribution_version }}" - hosts: CentOS-6.2 tasks: - - name: ping all CentOS 6.2 hosts - ping: + - name: Ping all CentOS 6.2 hosts + ansible.builtin.ping: - hosts: CentOS-6.3 tasks: - - name: ping all CentOS 6.3 hosts - ping: + - name: Ping all CentOS 6.3 hosts + ansible.builtin.ping: diff --git a/language_features/group_commands.yml b/language_features/group_commands.yml index aa773783b..a9a817c45 100644 --- a/language_features/group_commands.yml +++ b/language_features/group_commands.yml @@ -8,11 +8,17 @@ tasks: # Walk through group creation, modification, and deletion - - name: create a group - group: name=tset + - name: Create a group + ansible.builtin.group: + name: tset - # You can only modify the group's gid - - group: name=tset gid=7777 + - name: Set a gid + ansible.builtin.group: + name: tset + gid: "7777" + + - name: Delete a group + ansible.builtin.group: + name: tset + state: absent - # And finally remove the group - - group: name=tset state=absent diff --git a/language_features/intermediate_example.yml b/language_features/intermediate_example.yml index 9f8536935..b99e58ecc 100644 --- a/language_features/intermediate_example.yml +++ b/language_features/intermediate_example.yml @@ -24,11 +24,7 @@ # tasks can be written the normal way... - name: arbitrary command - command: /bin/true - - # or we can promote reuse and simplicity by including tasks - # from other files, for instance, to reuse common tasks - + ansible.builtin.command: /bin/true - include: tasks/base.yml # we could also have done something like: @@ -51,18 +47,9 @@ # handlers that have been notified get executed - name: restart foo - service: name=foo state=restarted - -# =============================================================== - -# Here's a second play in the same playbook. This will be run -# after the first playbook completes on all hosts. You may want -# a different play for each class of systems, or may want a different -# play for each stage in a complex multi-node deployment push -# process. How you use them are up to you. - -# any play in a playbook can be executed by a user other than root -# if you want. sudo support is coming too. + ansible.builtin.service: + name: foo + state: restarted - hosts: webservers remote_user: mdehaan @@ -82,4 +69,4 @@ tasks: - name: some random command - command: /bin/true + ansible.builtin.command: /bin/true diff --git a/language_features/intro_example.yml b/language_features/intro_example.yml index fdf5d6749..65ad64cc2 100644 --- a/language_features/intro_example.yml +++ b/language_features/intro_example.yml @@ -31,7 +31,7 @@ # obviously this does nothing useful but you get the idea - name: longrunner - command: /bin/sleep 15 + ansible.builtin.command: /bin/sleep 15 async: 45 poll: 5 @@ -47,27 +47,31 @@ # end of the playbook run - name: write some_random_foo configuration - template: src=templates/foo.j2 dest=/etc/some_random_foo.conf + ansible.builtin.template: + src: templates/foo.j2 + dest: /etc/some_random_foo.conf + cmd: "" notify: - restart apache # make sure httpd is installed at the latest version - name: install httpd - yum: pkg=httpd state=latest - - # make sure httpd is running - + ansible.builtin.yum: + pkg: httpd + state: latest + cmd: "" - name: httpd start - service: name=httpd state=running - - # handlers are only run when things change, at the very end of each - # play. Let's define some. The names are significant and must - # match the 'notify' sections above - + ansible.builtin.service: + name: httpd + state: running + cmd: "" handlers: # this particular handler is run when some_random_foo.conf # is changed, and only then - name: restart apache - service: name=httpd state=restarted + ansible.builtin.service: + name: httpd + state: restarted + cmd: "" diff --git a/language_features/loop_nested.yml b/language_features/loop_nested.yml index f53a3c121..e0e58553f 100644 --- a/language_features/loop_nested.yml +++ b/language_features/loop_nested.yml @@ -3,7 +3,7 @@ - hosts: all tasks: - - shell: echo "nested test a={{ item[0] }} b={{ item[1] }} c={{ item[2] }}" + - ansible.builtin.command: echo "nested test a={{ item[0] }} b={{ item[1] }} c={{ item[2] }}" with_nested: - [red, blue, green] - [1, 2, 3] @@ -18,7 +18,7 @@ - b - c tasks: - - shell: echo "nested test a={{ item[0] }} b={{ item[1] }}" + - ansible.builtin.command: echo "nested test a={{ item[0] }} b={{ item[1] }}" with_nested: - listvar1 - [1, 2, 3] diff --git a/language_features/loop_plugins.yml b/language_features/loop_plugins.yml index bc7ebb7f7..60e3e6518 100644 --- a/language_features/loop_plugins.yml +++ b/language_features/loop_plugins.yml @@ -10,7 +10,13 @@ tasks: # this will copy a bunch of config files over -- dir must be created first - - file: dest=/etc/fooapp state=directory + - ansible.builtin.file: + dest: /etc/fooapp + state: directory - - copy: src={{ item }} dest=/etc/fooapp/ owner=root mode=600 + - ansible.builtin.copy: + src: "{{ item }}" + dest: /etc/fooapp/ + owner: root + mode: "600" with_fileglob: /playbooks/files/fooapp/* diff --git a/language_features/loop_with_items.yml b/language_features/loop_with_items.yml index 9b05f575a..7abf06712 100644 --- a/language_features/loop_with_items.yml +++ b/language_features/loop_with_items.yml @@ -7,27 +7,36 @@ remote_user: root tasks: - - name: install packages - yum: name={{ item }} state=installed - with_items: + - name: Install packages + ansible.builtin.yum: + name: "{{ item }}" + state: installed + loop: - cobbler - httpd - - name: configure users - user: name={{ item }} state=present groups=wheel - with_items: + - name: Configure users + ansible.builtin.user: + name: "{{ item }}" + state: present + groups: wheel + loop: - testuser1 - testuser2 - - name: remove users - user: name={{ item }} state=absent - with_items: + - name: Remove users + ansible.builtin.user: + name: "{{ item }}" + state: absent + loop: - testuser1 - testuser2 - - name: copy templates - template: src={{ item.src }} dest={{ item.dest }} - with_items: + - name: Copy templates + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + loop: - src: templates/testsource1 dest: /example/dest1/test.conf - src: templates/testsource2 diff --git a/language_features/mysql.yml b/language_features/mysql.yml index bb7fc0459..d0bddd3ea 100644 --- a/language_features/mysql.yml +++ b/language_features/mysql.yml @@ -8,10 +8,19 @@ tasks: - name: Create database user - mysql_user: user=bob password=12345 priv=*.*:ALL state=present + community.mysql.mysql_user: + user: bob + password: "12345" + priv: "*.*:ALL" + state: present - name: Create database - mysql_db: db=bobdata state=present + community.mysql.mysql_db: + db: bobdata + state: present - name: Ensure no user named 'sally' exists and delete if found. - mysql_user: user=sally state=absent + community.mysql.mysql_user: + user: sally + state: absent + diff --git a/language_features/netscaler.yml b/language_features/netscaler.yml index e957a1f42..a385bbedc 100644 --- a/language_features/netscaler.yml +++ b/language_features/netscaler.yml @@ -12,14 +12,26 @@ # type of the netscaler object you want to manipulate type: service # netscaler object name - name: "{{facter_fqdn}}:8080" + name: "{{ facter_fqdn }}:8080" tasks: - name: disable service in the lb - netscaler: nsc_host={{nsc_host}} user={{nsc_user}} password={{nsc_pass}} name={{name}} type={{type}} action=disable + community.network.netscaler_service: + name: "{{ name }}" + nsc_host: "{{ nsc_host }}" + user: "{{ nsc_user }}" + password: "{{ nsc_pass }}" + type: "{{ type }}" + action: disable - name: deploy new code - shell: yum upgrade -y + ansible.builtin.command: yum upgrade -y - name: enable in the lb - netscaler: nsc_host={{nsc_host}} user={{nsc_user}} password={{nsc_pass}} name={{name}} type={{type}} action=enable + community.network.netscaler_service: + name: "{{ name }}" + nsc_host: "{{ nsc_host }}" + user: "{{ nsc_user }}" + password: "{{ nsc_pass }}" + type: "{{ type }}" + action: enable diff --git a/language_features/rabbitmq.yml b/language_features/rabbitmq.yml index 9c982649c..c6fe00e35 100644 --- a/language_features/rabbitmq.yml +++ b/language_features/rabbitmq.yml @@ -24,7 +24,7 @@ - name: Install package ansible.builtin.apt: name: "{{ item }}" - update_cache: "yes" + update_cache: true state: installed with_items: - rabbitmq-server diff --git a/language_features/roles/foo/handlers/main.yml b/language_features/roles/foo/handlers/main.yml index ad093154c..0d09c96aa 100644 --- a/language_features/roles/foo/handlers/main.yml +++ b/language_features/roles/foo/handlers/main.yml @@ -1,8 +1,3 @@ --- -- name: blippy - shell: echo notifier called, and the value of x is '{{ x }}' - -# within a role, it's possible to include other task files as well. By default, we -# can reference files in the same directory without doing anything special: - -# - include: other.yml +- name: Blippy + ansible.builtin.command: echo notifier called, and the value of x is '{{ x }}' diff --git a/language_features/roles/foo/tasks/main.yml b/language_features/roles/foo/tasks/main.yml index 9bae9839d..1f211bb20 100644 --- a/language_features/roles/foo/tasks/main.yml +++ b/language_features/roles/foo/tasks/main.yml @@ -1,11 +1,15 @@ --- -- name: copy operation - copy: src=foo.txt dest=/tmp/roles_test1.txt +- name: Copy operation + ansible.builtin.copy: + src: foo.txt + dest: /tmp/roles_test1.txt -- name: template operation - template: src=foo.j2 dest=/tmp/roles_test2.txt +- name: Template operation + ansible.builtin.template: + src: foo.j2 + dest: /tmp/roles_test2.txt notify: - blippy -- name: demo that parameterized roles work - shell: echo just FYI, param1={{ param1 }}, param2 ={{ param2 }} +- name: Demo that parameterized roles work + ansible.builtin.command: echo just FYI, param1={{ param1 }}, param2 ={{ param2 }} From ff480cc2de60e1382e5e9e899bdf51c2f8a5555c Mon Sep 17 00:00:00 2001 From: Simon Bachenberg Date: Fri, 15 Mar 2024 16:47:31 +0100 Subject: [PATCH 11/11] linter --- jboss-standalone/demo-aws-launch.yml | 46 ++++++------- jboss-standalone/deploy-application.yml | 4 +- .../roles/java-app/tasks/main.yml | 8 +-- .../roles/jboss-standalone/handlers/main.yml | 10 +-- .../roles/jboss-standalone/tasks/main.yml | 69 +++++++++---------- .../aws/roles/base-apache/tasks/main.yml | 8 +-- .../aws/roles/common/handlers/main.yml | 15 ++-- lamp_haproxy/aws/roles/common/tasks/main.yml | 28 ++++---- lamp_haproxy/aws/roles/db/handlers/main.yml | 7 +- lamp_haproxy/aws/roles/db/tasks/main.yml | 14 ++-- .../aws/roles/haproxy/handlers/main.yml | 14 ++-- lamp_haproxy/aws/roles/haproxy/tasks/main.yml | 8 +-- .../aws/roles/nagios/handlers/main.yml | 14 ++-- lamp_haproxy/aws/roles/nagios/tasks/main.yml | 44 ++++++------ lamp_haproxy/aws/roles/web/tasks/main.yml | 2 +- lamp_haproxy/aws/rolling_update.yml | 38 +++++++--- lamp_haproxy/roles/db/tasks/main.yml | 2 +- lamp_haproxy/rolling_update.yml | 11 ++- language_features/eucalyptus-ec2.yml | 2 +- 19 files changed, 197 insertions(+), 147 deletions(-) diff --git a/jboss-standalone/demo-aws-launch.yml b/jboss-standalone/demo-aws-launch.yml index 5894465cd..fa72e9fdc 100644 --- a/jboss-standalone/demo-aws-launch.yml +++ b/jboss-standalone/demo-aws-launch.yml @@ -2,32 +2,32 @@ - name: Provision instances hosts: localhost connection: local - gather_facts: False + gather_facts: false # load AWS variables from this group vars file vars_files: - - group_vars/all + - group_vars/all tasks: - - name: Launch instances - ec2: - access_key: "{{ ec2_access_key }}" - secret_key: "{{ ec2_secret_key }}" - keypair: "{{ ec2_keypair }}" - group: "{{ ec2_security_group }}" - type: "{{ ec2_instance_type }}" - image: "{{ ec2_image }}" - region: "{{ ec2_region }}" - instance_tags: "{'ansible_group':'jboss', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" - count: "{{ ec2_instance_count }}" - wait: true - register: ec2 + - name: Launch instances + amazon.aws.ec2_instance: + access_key: "{{ ec2_access_key }}" + secret_key: "{{ ec2_secret_key }}" + keypair: "{{ ec2_keypair }}" + group: "{{ ec2_security_group }}" + type: "{{ ec2_instance_type }}" + image: "{{ ec2_image }}" + region: "{{ ec2_region }}" + instance_tags: "{'ansible_group':'jboss', 'type':'{{ ec2_instance_type }}', 'group':'{{ ec2_security_group }}', 'Name':'demo_''{{ tower_user_name }}'}" + count: "{{ ec2_instance_count }}" + wait: true + register: ec2 - - name: Wait for SSH to come up - wait_for: - host: "{{ item.public_dns_name }}" - port: 22 - delay: 60 - timeout: 320 - state: started - with_items: "{{ ec2.instances }}" + - name: Wait for SSH to come up + ansible.builtin.wait_for: + host: "{{ item.public_dns_name }}" + port: 22 + delay: 60 + timeout: 320 + state: started + with_items: "{{ ec2.instances }}" diff --git a/jboss-standalone/deploy-application.yml b/jboss-standalone/deploy-application.yml index fb9876cbc..156985ee0 100644 --- a/jboss-standalone/deploy-application.yml +++ b/jboss-standalone/deploy-application.yml @@ -4,6 +4,6 @@ - hosts: all roles: -# Optionally, (re)deploy JBoss here. -# - jboss-standalone + # Optionally, (re)deploy JBoss here. + # - jboss-standalone - java-app diff --git a/jboss-standalone/roles/java-app/tasks/main.yml b/jboss-standalone/roles/java-app/tasks/main.yml index 4a92ab2b1..983842499 100644 --- a/jboss-standalone/roles/java-app/tasks/main.yml +++ b/jboss-standalone/roles/java-app/tasks/main.yml @@ -1,23 +1,23 @@ --- - name: Copy application WAR file to host - copy: + ansible.builtin.copy: src: jboss-helloworld.war dest: /tmp - name: Deploy HelloWorld to JBoss - jboss: + community.general.web_infrastructure.jboss: deploy_path: /usr/share/jboss-as/standalone/deployments/ src: /tmp/jboss-helloworld.war deployment: helloworld.war state: present - name: Copy application WAR file to host - copy: + ansible.builtin.copy: src: ticket-monster.war dest: /tmp - name: Deploy Ticket Monster to JBoss - jboss: + community.general.web_infrastructure.jboss: deploy_path: /usr/share/jboss-as/standalone/deployments/ src: /tmp/ticket-monster.war deployment: ticket-monster.war diff --git a/jboss-standalone/roles/jboss-standalone/handlers/main.yml b/jboss-standalone/roles/jboss-standalone/handlers/main.yml index cc9b8b596..f7452db62 100644 --- a/jboss-standalone/roles/jboss-standalone/handlers/main.yml +++ b/jboss-standalone/roles/jboss-standalone/handlers/main.yml @@ -1,10 +1,12 @@ --- -- name: restart jboss - service: +- name: Restart jboss + ansible.builtin.service: name: jboss state: restarted + listen: restart_jboss -- name: restart iptables - service: +- name: Restart iptables + ansible.builtin.service: name: iptables state: restarted + listen: restart_iptables diff --git a/jboss-standalone/roles/jboss-standalone/tasks/main.yml b/jboss-standalone/roles/jboss-standalone/tasks/main.yml index fefaca07c..bb2e9982f 100644 --- a/jboss-standalone/roles/jboss-standalone/tasks/main.yml +++ b/jboss-standalone/roles/jboss-standalone/tasks/main.yml @@ -1,103 +1,102 @@ --- - name: Install Java 1.7 and some basic dependencies - yum: + ansible.builtin.yum: name: "{{ item }}" state: present with_items: - - unzip - - java-1.7.0-openjdk - - libselinux-python - - libsemanage-python + - unzip + - java-1.7.0-openjdk + - libselinux-python + - libsemanage-python - name: Download JBoss from jboss.org - get_url: + ansible.builtin.get_url: url: http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip dest: /opt/jboss-as-7.1.1.Final.zip - name: Extract archive - unarchive: + ansible.builtin.unarchive: dest: /usr/share src: /opt/jboss-as-7.1.1.Final.zip creates: /usr/share/jboss-as - copy: no + copy: false - # Rename the dir to avoid encoding the version in the init script +# Rename the dir to avoid encoding the version in the init script - name: Rename install directory - command: /bin/mv jboss-as-7.1.1.Final jboss-as + ansible.builtin.command: /bin/mv jboss-as-7.1.1.Final jboss-as args: - chdir: /usr/share + chdir: /usr/share creates: /usr/share/jboss-as - name: Copying standalone.xml configuration file - template: + ansible.builtin.template: src: standalone.xml dest: /usr/share/jboss-as/standalone/configuration/ - notify: restart jboss + notify: restart_jboss - name: Add group "jboss" - group: + ansible.builtin.group: name: jboss - name: Add user "jboss" - user: + ansible.builtin.user: name: jboss group: jboss home: /usr/share/jboss-as - name: Change ownership of JBoss installation - file: + ansible.builtin.file: path: /usr/share/jboss-as/ owner: jboss group: jboss state: directory - recurse: yes + recurse: true - name: Copy the init script - copy: + ansible.builtin.copy: src: jboss-as-standalone.sh dest: /etc/init.d/jboss - mode: 0755 + mode: "0755" - name: Workaround for systemd bug - shell: service jboss start && chkconfig jboss on - ignore_errors: yes + ansible.builtin.shell: service jboss start && chkconfig jboss on + ignore_errors: true - name: Enable JBoss to be started at boot - service: + ansible.builtin.service: name: jboss - enabled: yes + enabled: true state: started -- name: deploy iptables rules - template: +- name: Deploy iptables rules + ansible.builtin.template: src: iptables-save dest: /etc/sysconfig/iptables owner: root group: root mode: u=rw,g=,o= when: ansible_distribution_major_version != "7" - notify: restart iptables + notify: restart_iptables - name: Ensure that firewalld is installed - yum: + ansible.builtin.yum: name: firewalld state: present when: ansible_distribution_major_version == "7" - name: Ensure that firewalld is started - service: + ansible.builtin.service: name: firewalld state: started when: ansible_distribution_major_version == "7" -- name: deploy firewalld rules - firewalld: - immediate: yes +- name: Deploy firewalld rules + ansible.posix.firewalld: + immediate: true port: "{{ item }}" state: enabled - permanent: yes + permanent: true when: ansible_distribution_major_version == "7" with_items: - - "{{ http_port }}/tcp" - - "{{ https_port }}/tcp" - + - "{{ http_port }}/tcp" + - "{{ https_port }}/tcp" diff --git a/lamp_haproxy/aws/roles/base-apache/tasks/main.yml b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml index 9b6e4217e..65db24f68 100644 --- a/lamp_haproxy/aws/roles/base-apache/tasks/main.yml +++ b/lamp_haproxy/aws/roles/base-apache/tasks/main.yml @@ -2,7 +2,7 @@ # This role installs httpd - name: Install http - yum: + ansible.builtin.yum: name: "{{ item }}" state: present with_items: @@ -12,14 +12,14 @@ - git - name: Configure SELinux to allow httpd to connect to remote database - seboolean: + ansible.posix.seboolean: name: httpd_can_network_connect_db state: true persistent: true when: sestatus.rc != 0 -- name: http service state - service: +- name: Http service state + ansible.builtin.service: name: httpd state: started enabled: true diff --git a/lamp_haproxy/aws/roles/common/handlers/main.yml b/lamp_haproxy/aws/roles/common/handlers/main.yml index bca073701..06eb72bae 100644 --- a/lamp_haproxy/aws/roles/common/handlers/main.yml +++ b/lamp_haproxy/aws/roles/common/handlers/main.yml @@ -1,8 +1,13 @@ --- # Handlers for common notifications -- name: restart ntp - service: name=ntpd state=restarted - -- name: restart iptables - service: name=iptables state=restarted +- name: Restart ntp + ansible.builtin.service: + name: ntpd + state: restarted + listen: restart_ntp +- name: Restart iptables + ansible.builtin.service: + name: iptables + state: restarted + listen: restart_iptables diff --git a/lamp_haproxy/aws/roles/common/tasks/main.yml b/lamp_haproxy/aws/roles/common/tasks/main.yml index a0f416448..f540a3dc4 100644 --- a/lamp_haproxy/aws/roles/common/tasks/main.yml +++ b/lamp_haproxy/aws/roles/common/tasks/main.yml @@ -2,7 +2,7 @@ # This role contains common plays that will run on all nodes. - name: Install python bindings for SE Linux - yum: + ansible.builtin.yum: name: "{{ item }}" state: present with_items: @@ -10,17 +10,17 @@ - libsemanage-python - name: Create the repository for EPEL - copy: + ansible.builtin.copy: src: epel.repo dest: /etc/yum.repos.d/epel.repo - name: Create the GPG key for EPEL - copy: + ansible.builtin.copy: src: RPM-GPG-KEY-EPEL-6 dest: /etc/pki/rpm-gpg -- name: install some useful nagios plugins - yum: +- name: Install some useful nagios plugins + ansible.builtin.yum: name: "{{ item }}" state: present with_items: @@ -32,37 +32,37 @@ - nagios-plugins-disk - name: Install ntp - yum: + ansible.builtin.yum: name: ntp state: present tags: ntp - name: Configure ntp file - template: + ansible.builtin.template: src: ntp.conf.j2 dest: /etc/ntp.conf tags: ntp - notify: restart ntp + notify: restart_ntp - name: Start the ntp service - service: + ansible.builtin.service: name: ntpd state: started enabled: true tags: ntp # work around RHEL 7, for now -- name: insert iptables template - template: +- name: Insert iptables template + ansible.builtin.template: src: iptables.j2 dest: /etc/sysconfig/iptables owner: root group: root mode: u=rw,g=,o= when: ansible_distribution_major_version != '7' - notify: restart iptables + notify: restart_iptables -- name: test to see if selinux is running - command: getenforce +- name: Test to see if selinux is running + ansible.builtin.command: getenforce register: sestatus changed_when: false diff --git a/lamp_haproxy/aws/roles/db/handlers/main.yml b/lamp_haproxy/aws/roles/db/handlers/main.yml index 0189f6c55..77f0d30f7 100644 --- a/lamp_haproxy/aws/roles/db/handlers/main.yml +++ b/lamp_haproxy/aws/roles/db/handlers/main.yml @@ -1,5 +1,8 @@ --- # Handler to handle DB tier notifications -- name: restart mysql - service: name=mysqld state=restarted +- name: Restart mysql + ansible.builtin.service: + name: mysqld + state: restarted + listen: restart_mysql diff --git a/lamp_haproxy/aws/roles/db/tasks/main.yml b/lamp_haproxy/aws/roles/db/tasks/main.yml index 7fcbad478..6a11d2306 100644 --- a/lamp_haproxy/aws/roles/db/tasks/main.yml +++ b/lamp_haproxy/aws/roles/db/tasks/main.yml @@ -2,7 +2,7 @@ # This role will install MySQL and create db user and give permissions. - name: Install Mysql package - yum: + ansible.builtin.yum: name: "{{ item }}" state: present with_items: @@ -10,32 +10,32 @@ - MySQL-python - name: Configure SELinux to start mysql on any port - seboolean: + ansible.posix.seboolean: name: mysql_connect_any state: true persistent: true when: sestatus.rc != 0 - name: Create Mysql configuration file - template: + ansible.builtin.template: src: my.cnf.j2 dest: /etc/my.cnf notify: - - restart mysql + - restart_mysql - name: Start Mysql Service - service: + ansible.builtin.service: name: mysqld state: started enabled: true - name: Create Application Database - mysql_db: + community.mysql.mysql_db: name: "{{ dbname }}" state: present - name: Create Application DB User - mysql_user: + community.mysql.mysql_user: name: "{{ dbuser }}" password: "{{ upassword }}" priv: "*.*:ALL" diff --git a/lamp_haproxy/aws/roles/haproxy/handlers/main.yml b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml index 4cff96e6d..47df5dd95 100644 --- a/lamp_haproxy/aws/roles/haproxy/handlers/main.yml +++ b/lamp_haproxy/aws/roles/haproxy/handlers/main.yml @@ -1,8 +1,14 @@ --- # Handlers for HAproxy -- name: restart haproxy - service: name=haproxy state=restarted +- name: Restart haproxy + ansible.builtin.service: + name: haproxy + state: restarted + listen: restart_haproxy -- name: reload haproxy - service: name=haproxy state=reloaded +- name: Reload haproxy + ansible.builtin.service: + name: haproxy + state: reloaded + listen: reload_haproxy diff --git a/lamp_haproxy/aws/roles/haproxy/tasks/main.yml b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml index 3a5c320c9..e71953a97 100644 --- a/lamp_haproxy/aws/roles/haproxy/tasks/main.yml +++ b/lamp_haproxy/aws/roles/haproxy/tasks/main.yml @@ -2,18 +2,18 @@ # This role installs HAProxy and configures it. - name: Download and install haproxy - yum: + ansible.builtin.yum: name: haproxy state: present - name: Configure the haproxy cnf file with hosts - template: + ansible.builtin.template: src: haproxy.cfg.j2 dest: /etc/haproxy/haproxy.cfg - notify: restart haproxy + notify: restart_haproxy - name: Start the haproxy service - service: + ansible.builtin.service: name: haproxy state: started enabled: true diff --git a/lamp_haproxy/aws/roles/nagios/handlers/main.yml b/lamp_haproxy/aws/roles/nagios/handlers/main.yml index c0d887553..4e93a95d8 100644 --- a/lamp_haproxy/aws/roles/nagios/handlers/main.yml +++ b/lamp_haproxy/aws/roles/nagios/handlers/main.yml @@ -1,7 +1,13 @@ --- # handlers for nagios -- name: restart httpd - service: name=httpd state=restarted +- name: Restart httpd + ansible.builtin.service: + name: httpd + state: restarted + listen: restart_httpd -- name: restart nagios - service: name=nagios state=restarted +- name: Restart nagios + ansible.builtin.service: + name: nagios + state: restarted + listen: restart_nagios diff --git a/lamp_haproxy/aws/roles/nagios/tasks/main.yml b/lamp_haproxy/aws/roles/nagios/tasks/main.yml index b364c24a9..6abc07b34 100644 --- a/lamp_haproxy/aws/roles/nagios/tasks/main.yml +++ b/lamp_haproxy/aws/roles/nagios/tasks/main.yml @@ -1,8 +1,8 @@ --- # This will install nagios -- name: install nagios - yum: +- name: Install nagios + ansible.builtin.yum: pkg: "{{ item }}" state: present with_items: @@ -14,39 +14,43 @@ - nagios-plugins-http - nagios-plugins-mysql - nagios-devel - notify: restart httpd + notify: restart_httpd -- name: create nagios config dir - file: +- name: Create nagios config dir + ansible.builtin.file: path: /etc/nagios/ansible-managed state: directory -- name: configure nagios - copy: +- name: Configure nagios + ansible.builtin.copy: src: nagios.cfg dest: /etc/nagios/nagios.cfg - notify: restart nagios + notify: restart_nagios -- name: configure localhost monitoring - copy: +- name: Configure localhost monitoring + ansible.builtin.copy: src: localhost.cfg dest: /etc/nagios/objects/localhost.cfg - notify: restart nagios + notify: restart_nagios -- name: configure nagios services - copy: +- name: Configure nagios services + ansible.builtin.copy: src: ansible-managed-services.cfg dest: /etc/nagios/ -- name: create the nagios object files - template: - src: "{{ item + '.j2' }}" - dest: /etc/nagios/ansible-managed/{{ item }} +- name: Create the nagios object files + ansible.builtin.template: + src: "{{ item }}" + dest: /etc/nagios/ansible-managed/ with_items: - webservers.cfg - dbservers.cfg - lbservers.cfg - notify: restart nagios + notify: restart_nagios -- name: start nagios - service: name=nagios state=started enabled=yes +- name: Start nagios + ansible.builtin.service: + name: nagios + state: started + enabled: "yes" + cmd: "" diff --git a/lamp_haproxy/aws/roles/web/tasks/main.yml b/lamp_haproxy/aws/roles/web/tasks/main.yml index 5a14c2d34..62086e4c7 100644 --- a/lamp_haproxy/aws/roles/web/tasks/main.yml +++ b/lamp_haproxy/aws/roles/web/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Copy the code from repository - git: + ansible.builtin.git: repo: "{{ repository }}" version: "{{ webapp_version }}" dest: /var/www/html/ diff --git a/lamp_haproxy/aws/rolling_update.yml b/lamp_haproxy/aws/rolling_update.yml index 93ab329b3..62918780b 100644 --- a/lamp_haproxy/aws/rolling_update.yml +++ b/lamp_haproxy/aws/rolling_update.yml @@ -16,13 +16,20 @@ # These are the tasks to run before applying updates: pre_tasks: - - name: disable nagios alerts for this host webserver service - nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver + - name: Disable nagios alerts for this host webserver service + community.general.nagios: + action: disable_alerts + host: "{{ inventory_hostname }}" + services: webserver delegate_to: "{{ item }}" with_items: "{{ groups.tag_ansible_group_monitoring }}" - - name: disable the server in haproxy - haproxy: state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + - name: Disable the server in haproxy + community.general.haproxy: + state: disabled + backend: myapplb + host: "{{ inventory_hostname }}" + socket: /var/lib/haproxy/stats delegate_to: "{{ item }}" with_items: "{{ groups.tag_ansible_group_lbservers }}" @@ -34,15 +41,26 @@ # These tasks run after the roles: post_tasks: - - name: wait for webserver to come up - wait_for: host={{ inventory_hostname }} port=80 state=started timeout=80 + - name: Wait for webserver to come up + ansible.builtin.wait_for: + host: "{{ inventory_hostname }}" + port: "80" + state: started + timeout: "80" - - name: enable the server in haproxy - haproxy: state=enabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + - name: Enable the server in haproxy + community.general.haproxy: + state: enabled + backend: myapplb + host: "{{ inventory_hostname }}" + socket: /var/lib/haproxy/stats delegate_to: "{{ item }}" with_items: "{{ groups.tag_ansible_group_lbservers }}" - - name: re-enable nagios alerts - nagios: action=enable_alerts host={{ inventory_hostname }} services=webserver + - name: Re-enable nagios alerts + community.general.nagios: + action: enable_alerts + host: "{{ inventory_hostname }}" + services: webserver delegate_to: "{{ item }}" with_items: "{{ groups.tag_ansible_group_monitoring }}" diff --git a/lamp_haproxy/roles/db/tasks/main.yml b/lamp_haproxy/roles/db/tasks/main.yml index dc492c94c..9ba36f567 100644 --- a/lamp_haproxy/roles/db/tasks/main.yml +++ b/lamp_haproxy/roles/db/tasks/main.yml @@ -12,7 +12,7 @@ - name: Configure SELinux to start mysql on any port ansible.posix.seboolean: name: mysql_connect_any - state: "true" + state: true persistent: true when: sestatus.rc != 0 diff --git a/lamp_haproxy/rolling_update.yml b/lamp_haproxy/rolling_update.yml index 5f99ca0a0..34813c2cc 100644 --- a/lamp_haproxy/rolling_update.yml +++ b/lamp_haproxy/rolling_update.yml @@ -17,12 +17,19 @@ # These are the tasks to run before applying updates: pre_tasks: - name: Disable nagios alerts for this host webserver service - community.general.monitoring.nagios: action=disable_alerts host={{ inventory_hostname }} services=webserver + community.general.nagios: + action: disable_alerts + host: "{{ inventory_hostname }}" + services: webserver delegate_to: "{{ item }}" with_items: "{{ groups.monitoring }}" - name: Disable the server in haproxy - community.general.net_tools.haproxy: state=disabled backend=myapplb host={{ inventory_hostname }} socket=/var/lib/haproxy/stats + community.general.haproxy: + state: disabled + backend: myapplb + host: "{{ inventory_hostname }}" + socket: /var/lib/haproxy/stats delegate_to: "{{ item }}" with_items: "{{ groups.lbservers }}" diff --git a/language_features/eucalyptus-ec2.yml b/language_features/eucalyptus-ec2.yml index 851762e64..5c915dc48 100644 --- a/language_features/eucalyptus-ec2.yml +++ b/language_features/eucalyptus-ec2.yml @@ -32,7 +32,7 @@ group: "{{ security_group }}" instance_type: "{{ instance_type }}" image: "{{ image }}" - wait: "true" + wait: true count: "5" register: ec2