From af7b3b36fe9b60987e62759fee392a324f05fe6a Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Fri, 22 May 2020 11:49:18 -0400 Subject: [PATCH 01/16] Ansible-lint and yamllint Does not fix all warnings, but gets rid of the purely cosmetic ones. (roles/accounts/tasks/main.yml) --- evolixisation.yml | 16 +++++++--------- prerequisite.yml | 12 ++++++------ roles/accounts/tasks/main.yml | 7 ++++--- tasks/commit_etc_git.yml | 4 ++-- vars/main.yml | 34 +++++++++++++++++----------------- 5 files changed, 36 insertions(+), 37 deletions(-) diff --git a/evolixisation.yml b/evolixisation.yml index 003d941..49ebd97 100644 --- a/evolixisation.yml +++ b/evolixisation.yml @@ -10,13 +10,13 @@ become: true become_user: root become_method: sudo -# become_method: su + # become_method: su vars_files: - vars/main.yml -# - vars/secrets.yml -# - vars/openbsd-secret.yml + # - vars/secrets.yml + # - vars/openbsd-secret.yml roles: - etc-git @@ -27,9 +27,9 @@ - nagios-nrpe - evocheck - post-install - #- openvpn - #- ospf - #- bgp + # - openvpn + # - ospf + # - bgp post_tasks: - include: "tasks/commit_etc_git.yml" @@ -40,6 +40,4 @@ tasks_from: exec.yml # environment: -# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/" - -# vim:ft=ansible +# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/" diff --git a/prerequisite.yml b/prerequisite.yml index 4695566..64b4549 100644 --- a/prerequisite.yml +++ b/prerequisite.yml @@ -2,13 +2,13 @@ # ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME --- - - hosts: all - become: yes - become_method: su - user: root - gather_facts: no +- hosts: all + become: yes + become_method: su + user: root + gather_facts: no - tasks: + tasks: - name: Install ansible's prerequisite raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-2 diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 704d908..c205a97 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -30,12 +30,13 @@ check_mode: false register: grep_allowusers_ssh -- assert: +- name: "Check that AllowUsers and AllowGroup do not override each other" + assert: that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" msg: "We can't deal with AllowUsers and AllowGroups at the same time" -- set_fact: - # If "AllowGroups is present" +- name: "If AllowGroups is present then use it" + set_fact: ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" - name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'" diff --git a/tasks/commit_etc_git.yml b/tasks/commit_etc_git.yml index 032e898..8420431 100644 --- a/tasks/commit_etc_git.yml +++ b/tasks/commit_etc_git.yml @@ -8,7 +8,7 @@ when: not ansible_check_mode ignore_errors: yes tags: - - commit-etc + - commit-etc - name: /etc modifications are committed shell: "git add -A . && git commit -m \"{{ commit_message | default('Ansible run') }}\" --author=\"{{ ansible_env.SUDO_USER | default('Root') }} <{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>\"" @@ -18,4 +18,4 @@ when: not ansible_check_mode and git_status.stdout != "" ignore_errors: yes tags: - - commit-etc + - commit-etc diff --git a/vars/main.yml b/vars/main.yml index 098a8d2..7e70b75 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,29 +3,29 @@ ## Edit and uncomment to overwrite the default values ## ######################################################## -#ntpd_servers: -#- "ntp.evolix.net" +# ntpd_servers: +# - "ntp.evolix.net" # -#general_alert_email: "root@localhost" -#general_technical_realm: "example.com" +# general_alert_email: "root@localhost" +# general_technical_realm: "example.com" evolinux_ssh_group: "evolinux-ssh" evolinux_sudo_group: "evolinux-sudo" evolinux_root_disable_ssh: true # -#evomaintenance_realm: "example.com" -#evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" -#evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" -#evomaintenance_pg_host: Null -#evomaintenance_pg_passwd: Null -#evomaintenance_pg_db: Null -#evomaintenance_pg_table: Null -#evomaintenance_from_domain: "{{ evomaintenance_realm }}" -#evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" -#evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" -#evomaintenance_urgency_from: mama.doe@example.com -#evomaintenance_urgency_tel: "06.00.00.00.00" +# evomaintenance_realm: "example.com" +# evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" +# evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" +# evomaintenance_pg_host: Null +# evomaintenance_pg_passwd: Null +# evomaintenance_pg_db: Null +# evomaintenance_pg_table: Null +# evomaintenance_from_domain: "{{ evomaintenance_realm }}" +# evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" +# evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" +# evomaintenance_urgency_from: mama.doe@example.com +# evomaintenance_urgency_tel: "06.00.00.00.00" # -#evolix_users: +# evolix_users: # foo: # name: foo # uid: 1042 From e29e0e9e6296a08c97ac39e360a7d80726ce4022 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Mon, 1 Jun 2020 11:37:15 +0200 Subject: [PATCH 02/16] Ansible-lint and yamllint again Lot of truthy variables, indentation and trailing spaces --- prerequisite.yml | 4 +- roles/base/defaults/main.yml | 26 ++++++------ roles/base/tasks/doas.yml | 6 +-- roles/base/tasks/dotfiles.yml | 6 +-- roles/base/tasks/evobackup.yml | 4 +- roles/base/tasks/evomaintenance.yml | 6 +-- roles/base/tasks/mail.yml | 4 +- roles/base/tasks/packages.yml | 16 ++++---- roles/base/tasks/sudo.yml | 12 +++--- roles/bgp/tasks/main.yml | 6 +-- roles/etc-git/defaults/main.yml | 2 +- roles/etc-git/tasks/commit.yml | 34 ++++++++-------- roles/etc-git/tasks/main.yml | 16 ++++---- roles/evocheck/tasks/exec.yml | 8 ++-- roles/evocheck/tasks/install.yml | 6 +-- roles/forwarding/tasks/main.yml | 4 +- roles/nagios-nrpe/tasks/main.yml | 2 +- roles/openvpn/tasks/main.yml | 63 ++++++++++++++--------------- roles/ospf/tasks/main.yml | 2 +- roles/pf/tasks/main.yml | 2 +- tasks/commit_etc_git.yml | 6 +-- 21 files changed, 115 insertions(+), 120 deletions(-) diff --git a/prerequisite.yml b/prerequisite.yml index 64b4549..c2fcfbe 100644 --- a/prerequisite.yml +++ b/prerequisite.yml @@ -3,10 +3,10 @@ --- - hosts: all - become: yes + become: true become_method: su user: root - gather_facts: no + gather_facts: false tasks: diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 0748c9f..b2173a8 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -1,6 +1,6 @@ --- ntpd_servers: -- "ntp.evolix.net" + - "ntp.evolix.net" general_alert_email: "root@localhost" general_technical_realm: "example.com" @@ -8,23 +8,23 @@ general_technical_realm: "example.com" evomaintenance_realm: "example.com" evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" -evomaintenance_pg_host: Null -evomaintenance_pg_passwd: Null -evomaintenance_pg_db: Null -evomaintenance_pg_table: Null +evomaintenance_pg_host: null +evomaintenance_pg_passwd: null +evomaintenance_pg_db: null +evomaintenance_pg_table: null evomaintenance_from_domain: "{{ evomaintenance_realm }}" evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" evomaintenance_urgency_from: mama.doe@example.com evomaintenance_urgency_tel: "06.00.00.00.00" -evomaintenance_install_vendor: False -evomaintenance_force_config: True -evomaintenance_api_endpoint: Null -evomaintenance_api_key: Null -evomaintenance_hook_api: True -evomaintenance_hook_db: False -evomaintenance_hook_commit: True -evomaintenance_hook_mail: True +evomaintenance_install_vendor: false +evomaintenance_force_config: true +evomaintenance_api_endpoint: null +evomaintenance_api_key: null +evomaintenance_hook_api: true +evomaintenance_hook_db: false +evomaintenance_hook_commit: true +evomaintenance_hook_mail: true evomaintenance_default_hosts: [] evomaintenance_additional_hosts: [] evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}" diff --git a/roles/base/tasks/doas.yml b/roles/base/tasks/doas.yml index 9c866a5..538b1af 100644 --- a/roles/base/tasks/doas.yml +++ b/roles/base/tasks/doas.yml @@ -6,8 +6,6 @@ owner: root group: wheel mode: "0640" - backup: no + backup: false tags: - - doas - - + - doas diff --git a/roles/base/tasks/dotfiles.yml b/roles/base/tasks/dotfiles.yml index a132e03..f8598df 100644 --- a/roles/base/tasks/dotfiles.yml +++ b/roles/base/tasks/dotfiles.yml @@ -39,10 +39,10 @@ dest: /etc/skel/.profile insertafter: EOF line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0' - create: yes + create: true tags: - - admin - - dotfiles + - admin + - dotfiles - name: Add vim configuration to dotfiles for new users copy: diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index ba5a24a..6ec8db5 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -6,7 +6,7 @@ owner: root group: wheel mode: "0755" - force: no + force: false tags: - evobackup @@ -16,6 +16,6 @@ line: '#sh /usr/share/scripts/zzz_evobackup' owner: root mode: "0644" - create: yes + create: true tags: - evobackup diff --git a/roles/base/tasks/evomaintenance.yml b/roles/base/tasks/evomaintenance.yml index f1d1c18..e963256 100644 --- a/roles/base/tasks/evomaintenance.yml +++ b/roles/base/tasks/evomaintenance.yml @@ -12,8 +12,8 @@ - name: Copy evomaintenance script and template copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755" with_items: - - { src: 'evomaintenance.sh', dest: '/usr/share/scripts/' } - - { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/' } + - {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'} + - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'} tags: - evomaintenance - script-evomaintenance @@ -25,6 +25,6 @@ owner: root group: wheel mode: "0600" - backup: no + backup: false tags: - evomaintenance diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index 321d837..dae151c 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -3,7 +3,7 @@ lineinfile: path: /etc/rc.local line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' - create: yes + create: true tags: - misc @@ -12,7 +12,7 @@ dest: /etc/mail/aliases regexp: "# root:" replace: "root: {{ general_alert_email }}" - backup: no + backup: false notify: - newaliases tags: diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 695ffe1..4decaee 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -10,20 +10,20 @@ - name: Install packages (vim rsync mtr etc) openbsd_pkg: name: - - wget - - vim--no_x11 - - rsync-- - - mtr-- - - iftop - - sudo-- - - postgresql-client + - wget + - vim--no_x11 + - rsync-- + - mtr-- + - iftop + - sudo-- + - postgresql-client tags: - pkg - name: Disable sndiod service: name: sndiod - enabled: no + enabled: false state: stopped tags: - pkg diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index 8ba489e..0d0467d 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -4,11 +4,11 @@ lineinfile: dest: /etc/sudoers insertafter: '# and set environment variables.' - line: '%wheel ALL=(ALL) SETENV: ALL' + line: '%wheel ALL=(ALL) SETENV: ALL' validate: 'visudo -cf %s' - backup: no + backup: false tags: - - sudo + - sudo - name: Configure sudoers for evomaintenance and monitoring blockinfile: @@ -19,8 +19,6 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh %wheel ALL=NOPASSWD: MAINT validate: 'visudo -cf %s' - backup: no + backup: false tags: - - sudo - - + - sudo diff --git a/roles/bgp/tasks/main.yml b/roles/bgp/tasks/main.yml index b67ab8f..c08f47a 100644 --- a/roles/bgp/tasks/main.yml +++ b/roles/bgp/tasks/main.yml @@ -5,7 +5,7 @@ dest: /usr/share/scripts/bgpd-check-peers.sh when: group_names | select('search','bgp') | list | count > 0 tags: - - bgp + - bgp - name: Cron job for bgp check script is installed cron: @@ -15,13 +15,13 @@ tags: - bgp -- name: Create bgp log directory +- name: Create bgp log directory file: path: /var/log/bgp state: directory when: group_names | select('search','bgp') | list | count > 0 tags: - - bgp + - bgp - name: weekly best routes cron job is installed cron: diff --git a/roles/etc-git/defaults/main.yml b/roles/etc-git/defaults/main.yml index 8a822ab..f160858 100644 --- a/roles/etc-git/defaults/main.yml +++ b/roles/etc-git/defaults/main.yml @@ -1,4 +1,4 @@ --- commit_message: Ansible run -etc_git_monitor_status: True +etc_git_monitor_status: true diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml index e4166e7..a816d81 100644 --- a/roles/etc-git/tasks/commit.yml +++ b/roles/etc-git/tasks/commit.yml @@ -3,20 +3,20 @@ command: git status --porcelain args: chdir: /etc - changed_when: False + changed_when: false register: git_status when: not ansible_check_mode - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - debug: var: git_status verbosity: 3 tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: fetch current Git user.email git_config: @@ -24,18 +24,18 @@ repo: /etc scope: local register: git_config_user_email - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: set commit author set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' - commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - name: /etc modifications are committed shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" @@ -43,14 +43,14 @@ chdir: /etc register: etc_commit_end_run when: not ansible_check_mode and git_status.stdout != "" - ignore_errors: yes + ignore_errors: true tags: - - etc-git - - commit-etc + - etc-git + - commit-etc - debug: var: etc_commit_end_run verbosity: 4 tags: - - etc-git - - commit-etc + - etc-git + - commit-etc diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index e81c2f5..e4c01e2 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -12,7 +12,7 @@ args: chdir: /etc creates: /etc/.git/ - warn: no + warn: false register: git_init tags: - etc-git @@ -48,11 +48,11 @@ command: "git log" args: chdir: /etc - warn: no - changed_when: False - failed_when: False + warn: false + changed_when: false + failed_when: false register: git_log - check_mode: no + check_mode: false tags: - etc-git @@ -60,7 +60,7 @@ shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" args: chdir: /etc - warn: no + warn: false register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init.changed) tags: @@ -72,7 +72,7 @@ line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet' owner: root mode: "0644" - create: yes + create: true tags: - etc-git @@ -82,7 +82,7 @@ line: "{{ item }}" owner: root mode: "0644" - create: yes + create: true when: etc_git_monitor_status tags: - etc-git diff --git a/roles/evocheck/tasks/exec.yml b/roles/evocheck/tasks/exec.yml index 244d034..d7f9ac6 100644 --- a/roles/evocheck/tasks/exec.yml +++ b/roles/evocheck/tasks/exec.yml @@ -2,9 +2,9 @@ - name: run evocheck command: "{{ evocheck_bin_dir }}/evocheck.sh" register: evocheck_run - changed_when: False - failed_when: False - check_mode: no + changed_when: false + failed_when: false + check_mode: false tags: - evocheck-exec @@ -12,4 +12,4 @@ var: evocheck_run.stdout_lines when: evocheck_run.stdout != "" tags: - - evocheck-exec + - evocheck-exec diff --git a/roles/evocheck/tasks/install.yml b/roles/evocheck/tasks/install.yml index 915bc98..6b88c17 100644 --- a/roles/evocheck/tasks/install.yml +++ b/roles/evocheck/tasks/install.yml @@ -15,7 +15,7 @@ dest: "{{ evocheck_bin_dir }}/evocheck.sh" mode: "0700" owner: root - force: yes + force: true tags: - evocheck @@ -23,7 +23,7 @@ copy: src: evocheck.cf dest: /etc/evocheck.cf - force: no + force: false tags: - evocheck @@ -33,6 +33,6 @@ line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron' owner: root mode: "0644" - create: yes + create: true tags: - evocheck diff --git a/roles/forwarding/tasks/main.yml b/roles/forwarding/tasks/main.yml index d424c35..f97c4af 100644 --- a/roles/forwarding/tasks/main.yml +++ b/roles/forwarding/tasks/main.yml @@ -4,7 +4,7 @@ name: net.inet.ip.forwarding value: 1 state: present - reload: yes + reload: true tags: - net @@ -13,6 +13,6 @@ name: net.inet6.ip6.forwarding value: 1 state: present - reload: yes + reload: true tags: - net diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index 270de2f..2b4abd0 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -54,5 +54,5 @@ - name: Starting and enabling nrpe service: name: nrpe - enabled: yes + enabled: true state: started diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 79299c4..05e7b83 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -3,7 +3,7 @@ openbsd_pkg: name: "openvpn--" tags: - - openvpn + - openvpn - name: Create /etc/openvpn directory file: @@ -13,59 +13,58 @@ group: "wheel" mode: "0755" tags: - - openvpn + - openvpn - name: Deploy OpenVPN configuration - template: - src: "server.conf.j2" + template: + src: "server.conf.j2" dest: "/etc/openvpn/server.conf" - mode: "0600" + mode: "0600" notify: restart openvpn tags: - - openvpn + - openvpn - name: Enabling OpenVPN service: name: openvpn - enabled: yes + enabled: true tags: - - openvpn + - openvpn - name: Set OpenVPN flag shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"' tags: - - openvpn + - openvpn - name: Create shellpki user user: name: "_shellpki" - system: yes - state: present - system: yes + system: true + state: present home: "/etc/shellpki/" shell: "/sbin/nologin" tags: - - openvpn + - openvpn - name: Copy some shellpki files - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root group: wheel mode: "{{ item.mode }}" - force: yes + force: true with_items: - - { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' } - - { src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755' } + - {src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640'} + - {src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755'} tags: - openvpn - name: Deploy DH PARAMETERS - template: - src: "dh2048.pem.j2" + template: + src: "dh2048.pem.j2" dest: "/etc/shellpki/dh2048.pem" - mode: "0600" + mode: "0600" tags: - openvpn @@ -77,7 +76,7 @@ group: "wheel" mode: "0755" tags: - - openvpn + - openvpn - name: Include /etc/sudoers.d in sudoers configuration file lineinfile: @@ -91,20 +90,20 @@ src: "sudo_shellpki" dest: "/etc/sudoers.d/shellpki" force: true - mode: "0440" + mode: "0440" validate: '/usr/local/sbin/visudo -cf %s' tags: - - openvpn + - openvpn - name: Copy check_openvpn - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: root + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: root group: wheel mode: "{{ item.mode }}" - force: yes + force: true with_items: - - { src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755' } + - {src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755'} tags: - openvpn diff --git a/roles/ospf/tasks/main.yml b/roles/ospf/tasks/main.yml index aa04759..d1b28be 100644 --- a/roles/ospf/tasks/main.yml +++ b/roles/ospf/tasks/main.yml @@ -8,7 +8,7 @@ - "ospf6d-check-peers.sh" when: group_names | select('search','ospf') | list | count > 0 tags: - - ospf + - ospf - name: Cron job for ospf check scripts is installed cron: diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index 30aef63..8df8414 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -4,4 +4,4 @@ src: pf.conf.j2 dest: /etc/pf.conf mode: "0600" - backup: yes + backup: true diff --git a/tasks/commit_etc_git.yml b/tasks/commit_etc_git.yml index 8420431..bb8d5dd 100644 --- a/tasks/commit_etc_git.yml +++ b/tasks/commit_etc_git.yml @@ -3,10 +3,10 @@ command: git status --porcelain args: chdir: /etc - changed_when: False + changed_when: false register: git_status when: not ansible_check_mode - ignore_errors: yes + ignore_errors: true tags: - commit-etc @@ -16,6 +16,6 @@ chdir: /etc register: etc_commit_end_evolinux when: not ansible_check_mode and git_status.stdout != "" - ignore_errors: yes + ignore_errors: true tags: - commit-etc From a6213719ae7830d03d9941ac3b82f388293e3e88 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Wed, 3 Jun 2020 16:45:42 -0400 Subject: [PATCH 03/16] Add linting step to the ci We will need to go through code and ignore any warnings we dont want to fix. --- .drone.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..d88076c --- /dev/null +++ b/.drone.yml @@ -0,0 +1,11 @@ +--- +kind: pipeline +type: docker +name: default + +steps: +- name: lint ansible scripts + image: pipelinecomponents/ansible-lint:latest + commands: + - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-playbook --syntax-check --list-tasks" + - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-lint" From 4e8fca725ca3707ed10b29199d496d6a6203b95d Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 11:21:21 -0400 Subject: [PATCH 04/16] mention linting in CONTRIBUTING.md more of a test for the drone ci hook honestly --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c50afd9..9495015 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -10,7 +10,7 @@ created. you're updating the CHANGELOG file. 3. Use feature branches for anything else, once they've passed all -CI tests and have been reviewed by other contributors through a +CI test, lints and have been reviewed by other contributors through a pull request, they may be merged into the dev branch. From f8d6a0be86073041dab99c5c953ffaedebbce701 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 11:41:49 -0400 Subject: [PATCH 05/16] add a yaml linting step to the ci catches problems in the drone ci file as well --- .drone.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.drone.yml b/.drone.yml index d88076c..70bc054 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,6 +4,11 @@ type: docker name: default steps: +- name: lint yaml files + image: pipelinecomponents/yamllint:latest + commands: + - "yamllint ." + - name: lint ansible scripts image: pipelinecomponents/ansible-lint:latest commands: From 896548c14ccf2a9192854276fae8b11c632eccc7 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 11:42:46 -0400 Subject: [PATCH 06/16] lint markdown files Makes sure the documentation will render correctly --- .drone.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.drone.yml b/.drone.yml index 70bc054..b5a3161 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,6 +4,11 @@ type: docker name: default steps: +- name: lint markdown files + image: pipelinecomponents/remark-lint:latest + commands: + - "remark --no-stdout --color --use preset-lint-recommended ." + - name: lint yaml files image: pipelinecomponents/yamllint:latest commands: From e877b721f9d511018b5f9a423a2fdd119b54f6b4 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 11:47:08 -0400 Subject: [PATCH 07/16] Fix readme markdown --- CONTRIBUTING.md | 8 ++++---- README.md | 14 +++++++------- roles/bgp/README.md | 6 +++--- roles/nagios-nrpe/README.md | 2 +- roles/ospf/README.md | 6 +++--- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9495015..6a76452 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,17 +2,17 @@ Contributions are welcome, as long as they respect our current workflow: -1. The master branch is only for releases. Once properly tested, + 1. The master branch is only for releases. Once properly tested, the dev branch can be merged, the release tagged and a tar archive created. -2. The dev branch should never be commited to directly, unless + 2. The dev branch should never be commited to directly, unless you're updating the CHANGELOG file. -3. Use feature branches for anything else, once they've passed all + 3. Use feature branches for anything else, once they've passed all CI test, lints and have been reviewed by other contributors through a pull request, they may be merged into the dev branch. Open issues liberally, but please review closed and opened issues -for duplicates before hand. \ No newline at end of file +for duplicates before hand. diff --git a/README.md b/README.md index 2d65ac2..ea3b1e0 100644 --- a/README.md +++ b/README.md @@ -26,19 +26,19 @@ ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME Changes can be tested by using [Packer](https://www.packer.io/) and [vmm(4)](https://man.openbsd.org/vmm.4) : -* This process depends on the [Go](https://golang.org/) programming language. + * This process depends on the [Go](https://golang.org/) programming language. ``` # pkg_add go packer ``` -* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) + * We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) ``` $ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm ``` -* Here is an example build file + * Here is an example build file ``` $ vim openbsd.json @@ -101,25 +101,25 @@ $ vim openbsd.json } -* You need your unprivileged user to be able to run vmctl(8) through doas(1) + * You need your unprivileged user to be able to run vmctl(8) through doas(1) ``` # echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf ``` -* Build the virtual machine + * Build the virtual machine ``` $ packer build openbsd.json ``` -* Start it + * Start it ``` doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2 ``` -* Enable NAT on your host machine + * Enable NAT on your host machine ``` pass out on em0 inet from tap0:network to any nat-to (em0) diff --git a/roles/bgp/README.md b/roles/bgp/README.md index 51aad44..827529a 100644 --- a/roles/bgp/README.md +++ b/roles/bgp/README.md @@ -1,5 +1,5 @@ # BGP - + Deployment of BGP check script with its cron, and a best route log cron. ## Tasks @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. -* `bgp_mailto` : email address the output of the script will be sent to when a change is detected -* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked + * `bgp_mailto` : email address the output of the script will be sent to when a change is detected + * `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked diff --git a/roles/nagios-nrpe/README.md b/roles/nagios-nrpe/README.md index 3f3f9a9..0870336 100644 --- a/roles/nagios-nrpe/README.md +++ b/roles/nagios-nrpe/README.md @@ -8,6 +8,6 @@ Everything is in the `tasks/main.yml` file. ## Available variables -* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). + * `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/roles/ospf/README.md b/roles/ospf/README.md index f0e929c..2cec045 100644 --- a/roles/ospf/README.md +++ b/roles/ospf/README.md @@ -1,5 +1,5 @@ # OSPF - + Deployment of OSPF check scripts with their cron. ## Tasks @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. -* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected -* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs + * `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected + * `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs From 98089a3274c889fd6aab48ee1188ed1bad533918 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 12:51:53 -0400 Subject: [PATCH 08/16] Fix yaml lint lines too long In some cases I used block scalars: https://yaml-multiline.info/ In other cases I added newlines In rare cases I just ignored the rule: https://yamllint.readthedocs.io/en/stable/disable_with_comments.html --- .drone.yml | 34 ++++++++++++++++++----------- evolixisation.yml | 1 + prerequisite.yml | 1 + roles/accounts/tasks/main.yml | 3 ++- roles/base/defaults/main.yml | 11 +++++++--- roles/base/tasks/evomaintenance.yml | 7 +++++- roles/base/tasks/mail.yml | 3 ++- roles/bgp/tasks/main.yml | 4 +++- roles/etc-git/tasks/commit.yml | 2 ++ roles/etc-git/tasks/main.yml | 19 +++++++++++++--- roles/nagios-nrpe/defaults/main.yml | 3 ++- roles/openvpn/tasks/main.yml | 12 +++++++--- tasks/commit_etc_git.yml | 10 +++++++-- vars/main.yml | 6 +++-- 14 files changed, 85 insertions(+), 31 deletions(-) diff --git a/.drone.yml b/.drone.yml index b5a3161..13451c1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,18 +4,26 @@ type: docker name: default steps: -- name: lint markdown files - image: pipelinecomponents/remark-lint:latest - commands: - - "remark --no-stdout --color --use preset-lint-recommended ." + - name: lint markdown files + image: pipelinecomponents/remark-lint:latest + commands: + - "remark --no-stdout --color --use preset-lint-recommended ." -- name: lint yaml files - image: pipelinecomponents/yamllint:latest - commands: - - "yamllint ." + - name: lint yaml files + image: pipelinecomponents/yamllint:latest + commands: + - "yamllint ." -- name: lint ansible scripts - image: pipelinecomponents/ansible-lint:latest - commands: - - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-playbook --syntax-check --list-tasks" - - "find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' | xargs ansible-lint" + - name: lint ansible scripts + image: pipelinecomponents/ansible-lint:latest + commands: + - > + find . -maxdepth 1 -name '*.yml' + | sort + | grep -v '.drone.yml' + | xargs ansible-playbook --syntax-check --list-tasks + - > + find . -maxdepth 1 -name '*.yml' + | sort + | grep -v '.drone.yml' + | xargs ansible-lint" diff --git a/evolixisation.yml b/evolixisation.yml index 49ebd97..da873e6 100644 --- a/evolixisation.yml +++ b/evolixisation.yml @@ -40,4 +40,5 @@ tasks_from: exec.yml # environment: +# yamllint disable-line rule:line-length # PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/" diff --git a/prerequisite.yml b/prerequisite.yml index c2fcfbe..aaf5bbb 100644 --- a/prerequisite.yml +++ b/prerequisite.yml @@ -11,6 +11,7 @@ tasks: - name: Install ansible's prerequisite + # yamllint disable-line rule:line-length raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-2 # vim:ft=ansible diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index c205a97..02d8749 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -37,7 +37,8 @@ - name: "If AllowGroups is present then use it" set_fact: - ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" + ssh_allowgroups: + "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" - name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'" lineinfile: diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index b2173a8..9be1d76 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -6,8 +6,10 @@ general_alert_email: "root@localhost" general_technical_realm: "example.com" evomaintenance_realm: "example.com" -evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" -evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" +evomaintenance_alert_email: + "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" +evomaintenance_hostname: + "{{ inventory_hostname }}.{{ general_technical_realm }}" evomaintenance_pg_host: null evomaintenance_pg_passwd: null evomaintenance_pg_db: null @@ -27,4 +29,7 @@ evomaintenance_hook_commit: true evomaintenance_hook_mail: true evomaintenance_default_hosts: [] evomaintenance_additional_hosts: [] -evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}" +evomaintenance_hosts: > + {{ evomaintenance_default_hosts + | union(evomaintenance_additional_hosts) + | unique }} diff --git a/roles/base/tasks/evomaintenance.yml b/roles/base/tasks/evomaintenance.yml index e963256..9d51c7a 100644 --- a/roles/base/tasks/evomaintenance.yml +++ b/roles/base/tasks/evomaintenance.yml @@ -10,7 +10,12 @@ - evomaintenance - name: Copy evomaintenance script and template - copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755" + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: 'root' + group: 'wheel' + mode: '0755' with_items: - {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'} - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'} diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index dae151c..dacd60d 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -2,7 +2,8 @@ - name: Configure rc.local lineinfile: path: /etc/rc.local - line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' + line: + 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' create: true tags: - misc diff --git a/roles/bgp/tasks/main.yml b/roles/bgp/tasks/main.yml index c08f47a..a0304a7 100644 --- a/roles/bgp/tasks/main.yml +++ b/roles/bgp/tasks/main.yml @@ -29,7 +29,9 @@ minute: 0 hour: 4 weekday: 0 - job: "/usr/sbin/bgpctl show rib selected > /var/log/bgp/rib-selected-$(date +\\%F)" + job: > + /usr/sbin/bgpctl show rib selected + > /var/log/bgp/rib-selected-$(date +\\%F) when: group_names | select('search','bgp') | list | count > 0 tags: - bgp diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml index a816d81..94cd02f 100644 --- a/roles/etc-git/tasks/commit.yml +++ b/roles/etc-git/tasks/commit.yml @@ -29,6 +29,7 @@ - etc-git - commit-etc +# yamllint disable rule:line-length - name: set commit author set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' @@ -47,6 +48,7 @@ tags: - etc-git - commit-etc +# yamllint enable rule:line-length - debug: var: etc_commit_end_run diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index e4c01e2..6b20325 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -93,7 +93,8 @@ - name: cron job for /etc/.git status is removed lineinfile: path: /etc/daily.local - line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' + line: + '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short' owner: root mode: "0644" state: absent @@ -105,7 +106,13 @@ cron: name: git status minute: 42 - job: "who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short" + job: > + who + > /dev/null + || /usr/local/bin/git + --git-dir=/etc/.git + --work-tree=/etc + status --short when: etc_git_monitor_status tags: - etc-git @@ -114,7 +121,13 @@ cron: name: git status minute: 42 - job: "who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short" + job: > + who + > /dev/null + || /usr/local/bin/git + --git-dir=/etc/.git + --work-tree=/etc + status --short state: absent when: not etc_git_monitor_status tags: diff --git a/roles/nagios-nrpe/defaults/main.yml b/roles/nagios-nrpe/defaults/main.yml index 96c3ddd..c27efa8 100644 --- a/roles/nagios-nrpe/defaults/main.yml +++ b/roles/nagios-nrpe/defaults/main.yml @@ -2,7 +2,8 @@ evolix_trusted_ips: [] additional_trusted_ips: [] # Let's merge evolix_trusted_ips with additional_trusted_ips -nagios_nrpe_allowed_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +nagios_nrpe_allowed_hosts: + "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT" nagios_nrpe_ldap_passwd: LDAP_PASSWD nagios_nrpe_pgsql_passwd: PGSQL_PASSWD diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml index 05e7b83..c3b0d80 100644 --- a/roles/openvpn/tasks/main.yml +++ b/roles/openvpn/tasks/main.yml @@ -55,8 +55,12 @@ mode: "{{ item.mode }}" force: true with_items: - - {src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640'} - - {src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755'} + - src: 'files/shellpki/openssl.cnf' + dest: '/etc/shellpki/openssl.cnf' + mode: '0640' + - src: 'files/shellpki/shellpki' + dest: '/usr/local/sbin/shellpki' + mode: '0755' tags: - openvpn @@ -104,6 +108,8 @@ mode: "{{ item.mode }}" force: true with_items: - - {src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755'} + - src: 'files/check_openvpn.pl' + dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl' + mode: '0755' tags: - openvpn diff --git a/tasks/commit_etc_git.yml b/tasks/commit_etc_git.yml index bb8d5dd..2925120 100644 --- a/tasks/commit_etc_git.yml +++ b/tasks/commit_etc_git.yml @@ -9,9 +9,14 @@ ignore_errors: true tags: - commit-etc - +# yamllint disable rule:line-length - name: /etc modifications are committed - shell: "git add -A . && git commit -m \"{{ commit_message | default('Ansible run') }}\" --author=\"{{ ansible_env.SUDO_USER | default('Root') }} <{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>\"" + shell: > + git add -A . + && git commit + -m "{{ commit_message | default('Ansible run') }}" + --author="{{ ansible_env.SUDO_USER | default('Root') }}" + < "{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>" args: chdir: /etc register: etc_commit_end_evolinux @@ -19,3 +24,4 @@ ignore_errors: true tags: - commit-etc +# yamllint enable rule:line-length diff --git a/vars/main.yml b/vars/main.yml index 7e70b75..347a44e 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -13,8 +13,10 @@ evolinux_sudo_group: "evolinux-sudo" evolinux_root_disable_ssh: true # # evomaintenance_realm: "example.com" -# evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" -# evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" +# evomaintenance_alert_email: +# "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" +# evomaintenance_hostname: +# "{{ inventory_hostname }}.{{ general_technical_realm }}" # evomaintenance_pg_host: Null # evomaintenance_pg_passwd: Null # evomaintenance_pg_db: Null From c6410ca1f5c0362c4526e9167f27cf8d263448b4 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:02:47 -0400 Subject: [PATCH 09/16] fix forgotten quote in .drone.yml --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 13451c1..69f9b3f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,8 +22,9 @@ steps: | sort | grep -v '.drone.yml' | xargs ansible-playbook --syntax-check --list-tasks + - > find . -maxdepth 1 -name '*.yml' | sort | grep -v '.drone.yml' - | xargs ansible-lint" + | xargs ansible-lint From db488ba8ef6524ae3b9c20f200724f3a3141d080 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:10:08 -0400 Subject: [PATCH 10/16] Split long lines in git role --- roles/etc-git/tasks/commit.yml | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml index 94cd02f..d41de38 100644 --- a/roles/etc-git/tasks/commit.yml +++ b/roles/etc-git/tasks/commit.yml @@ -29,17 +29,32 @@ - etc-git - commit-etc -# yamllint disable rule:line-length - name: set commit author set_fact: - commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' - commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + commit_author: > + {% if ansible_env.SUDO_USER is not defined %} + root + {% else %} + {{ ansible_env.SUDO_USER }} + {% endif %} + commit_email: > + {% if git_config_user_email.config_value is not defined + or git_config_user_email.config_value == "" %} + root@localhost + {% else %} + {{ git_config_user_email.config_value }} + {% endif %} tags: - etc-git - commit-etc - name: /etc modifications are committed - shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" + shell: > + git add -A . + && git commit + -m "{{ commit_message | mandatory }}" + --author + "{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>" args: chdir: /etc register: etc_commit_end_run @@ -48,7 +63,6 @@ tags: - etc-git - commit-etc -# yamllint enable rule:line-length - debug: var: etc_commit_end_run From aaf22d450e5697ba3d89ef997bdd76d8f7b428f4 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:12:38 -0400 Subject: [PATCH 11/16] Try to fix markdown indentation --- CONTRIBUTING.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6a76452..19602d7 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -3,15 +3,15 @@ Contributions are welcome, as long as they respect our current workflow: 1. The master branch is only for releases. Once properly tested, -the dev branch can be merged, the release tagged and a tar archive -created. + the dev branch can be merged, the release tagged and a tar archive + created. 2. The dev branch should never be commited to directly, unless -you're updating the CHANGELOG file. + you're updating the CHANGELOG file. 3. Use feature branches for anything else, once they've passed all -CI test, lints and have been reviewed by other contributors through a -pull request, they may be merged into the dev branch. + CI test, lints and have been reviewed by other contributors through a + pull request, they may be merged into the dev branch. Open issues liberally, but please review closed and opened issues From 245c80d73fad06be69fee22f963735486aa3b307 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:14:23 -0400 Subject: [PATCH 12/16] Try to fix markdown indentation, again --- CONTRIBUTING.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 19602d7..855cc70 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,16 +2,16 @@ Contributions are welcome, as long as they respect our current workflow: - 1. The master branch is only for releases. Once properly tested, - the dev branch can be merged, the release tagged and a tar archive - created. +1. The master branch is only for releases. Once properly tested, + the dev branch can be merged, the release tagged and a tar archive + created. - 2. The dev branch should never be commited to directly, unless - you're updating the CHANGELOG file. +2. The dev branch should never be commited to directly, unless + you're updating the CHANGELOG file. - 3. Use feature branches for anything else, once they've passed all - CI test, lints and have been reviewed by other contributors through a - pull request, they may be merged into the dev branch. +3. Use feature branches for anything else, once they've passed all + CI test, lints and have been reviewed by other contributors through a + pull request, they may be merged into the dev branch. Open issues liberally, but please review closed and opened issues From ce09c3f81ffd59447388463e7fe46c5effff71a2 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:16:08 -0400 Subject: [PATCH 13/16] Try to fix markdown indentation, again and again --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 855cc70..4518abc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,14 +2,14 @@ Contributions are welcome, as long as they respect our current workflow: -1. The master branch is only for releases. Once properly tested, + 1. The master branch is only for releases. Once properly tested, the dev branch can be merged, the release tagged and a tar archive created. -2. The dev branch should never be commited to directly, unless + 2. The dev branch should never be commited to directly, unless you're updating the CHANGELOG file. -3. Use feature branches for anything else, once they've passed all + 3. Use feature branches for anything else, once they've passed all CI test, lints and have been reviewed by other contributors through a pull request, they may be merged into the dev branch. From 87ff4e635f395d034607fecbc02ca75c0a72d9b0 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:18:28 -0400 Subject: [PATCH 14/16] Try to fix markdown indentation after reading issues See https://github.com/remarkjs/remark-lint/issues/178 --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4518abc..557c3c0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,14 +2,14 @@ Contributions are welcome, as long as they respect our current workflow: - 1. The master branch is only for releases. Once properly tested, +1. The master branch is only for releases. Once properly tested, the dev branch can be merged, the release tagged and a tar archive created. - 2. The dev branch should never be commited to directly, unless +2. The dev branch should never be commited to directly, unless you're updating the CHANGELOG file. - 3. Use feature branches for anything else, once they've passed all +3. Use feature branches for anything else, once they've passed all CI test, lints and have been reviewed by other contributors through a pull request, they may be merged into the dev branch. From b711154722ad6956323463b5992c6a68968a18ab Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:23:06 -0400 Subject: [PATCH 15/16] Apply fix in last commit to other markdown files So a markdown list should be no indentation followed by two spaces. ' ' * one * two --- CONTRIBUTING.md | 2 +- README.md | 18 +++++++++--------- roles/bgp/README.md | 4 ++-- roles/nagios-nrpe/README.md | 2 +- roles/ospf/README.md | 4 ++-- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 557c3c0..d8caf95 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,7 +9,7 @@ Contributions are welcome, as long as they respect our current workflow: 2. The dev branch should never be commited to directly, unless you're updating the CHANGELOG file. -3. Use feature branches for anything else, once they've passed all +3. Use feature branches for anything else, once they've passed all CI test, lints and have been reviewed by other contributors through a pull request, they may be merged into the dev branch. diff --git a/README.md b/README.md index ea3b1e0..0182ec5 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ used by Evolix. Put your public key in the remote root's autorized_keys (/root/.ssh/authorized_keys) -1 - Install ansible's prerequisites +1. Install ansible's prerequisites ``` ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME ``` -2 - Run it +2. Run it ``` ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME @@ -26,19 +26,19 @@ ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME Changes can be tested by using [Packer](https://www.packer.io/) and [vmm(4)](https://man.openbsd.org/vmm.4) : - * This process depends on the [Go](https://golang.org/) programming language. +* This process depends on the [Go](https://golang.org/) programming language. ``` # pkg_add go packer ``` - * We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) +* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) ``` $ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm ``` - * Here is an example build file +* Here is an example build file ``` $ vim openbsd.json @@ -101,25 +101,25 @@ $ vim openbsd.json } - * You need your unprivileged user to be able to run vmctl(8) through doas(1) +* You need your unprivileged user to be able to run vmctl(8) through doas(1) ``` # echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf ``` - * Build the virtual machine +* Build the virtual machine ``` $ packer build openbsd.json ``` - * Start it +* Start it ``` doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2 ``` - * Enable NAT on your host machine +* Enable NAT on your host machine ``` pass out on em0 inet from tap0:network to any nat-to (em0) diff --git a/roles/bgp/README.md b/roles/bgp/README.md index 827529a..3312e75 100644 --- a/roles/bgp/README.md +++ b/roles/bgp/README.md @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. - * `bgp_mailto` : email address the output of the script will be sent to when a change is detected - * `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked +* `bgp_mailto` : email address the output of the script will be sent to when a change is detected +* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked diff --git a/roles/nagios-nrpe/README.md b/roles/nagios-nrpe/README.md index 0870336..840698d 100644 --- a/roles/nagios-nrpe/README.md +++ b/roles/nagios-nrpe/README.md @@ -8,6 +8,6 @@ Everything is in the `tasks/main.yml` file. ## Available variables - * `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). +* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/roles/ospf/README.md b/roles/ospf/README.md index 2cec045..3ebe574 100644 --- a/roles/ospf/README.md +++ b/roles/ospf/README.md @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. - * `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected - * `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs +* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected +* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs From 9f378fc1f9b2158ad9d1b382b00ebf937ed2b54e Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Thu, 4 Jun 2020 13:27:03 -0400 Subject: [PATCH 16/16] Misunderstood syntax for unordered lists in markdown So an unordered list needs three spaces and an ordered list needs a dot and two spaces. --- README.md | 14 +++++++------- roles/bgp/README.md | 4 ++-- roles/nagios-nrpe/README.md | 2 +- roles/ospf/README.md | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 0182ec5..6f3d3dc 100644 --- a/README.md +++ b/README.md @@ -26,19 +26,19 @@ ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME Changes can be tested by using [Packer](https://www.packer.io/) and [vmm(4)](https://man.openbsd.org/vmm.4) : -* This process depends on the [Go](https://golang.org/) programming language. +* This process depends on the [Go](https://golang.org/) programming language. ``` # pkg_add go packer ``` -* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) +* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4) ``` $ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm ``` -* Here is an example build file +* Here is an example build file ``` $ vim openbsd.json @@ -101,25 +101,25 @@ $ vim openbsd.json } -* You need your unprivileged user to be able to run vmctl(8) through doas(1) +* You need your unprivileged user to be able to run vmctl(8) through doas(1) ``` # echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf ``` -* Build the virtual machine +* Build the virtual machine ``` $ packer build openbsd.json ``` -* Start it +* Start it ``` doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2 ``` -* Enable NAT on your host machine +* Enable NAT on your host machine ``` pass out on em0 inet from tap0:network to any nat-to (em0) diff --git a/roles/bgp/README.md b/roles/bgp/README.md index 3312e75..cd6545d 100644 --- a/roles/bgp/README.md +++ b/roles/bgp/README.md @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. -* `bgp_mailto` : email address the output of the script will be sent to when a change is detected -* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked +* `bgp_mailto` : email address the output of the script will be sent to when a change is detected +* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked diff --git a/roles/nagios-nrpe/README.md b/roles/nagios-nrpe/README.md index 840698d..42dde0e 100644 --- a/roles/nagios-nrpe/README.md +++ b/roles/nagios-nrpe/README.md @@ -8,6 +8,6 @@ Everything is in the `tasks/main.yml` file. ## Available variables -* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). +* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none). The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/roles/ospf/README.md b/roles/ospf/README.md index 3ebe574..7be1224 100644 --- a/roles/ospf/README.md +++ b/roles/ospf/README.md @@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file. The full list of variables (with default values) can be found in `defaults/main.yml`. -* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected -* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs +* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected +* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs