Ansible-lint and yamllint again

Lot of truthy variables, indentation and trailing spaces
This commit is contained in:
Jérémy Dubois 2020-06-01 11:37:15 +02:00
parent af7b3b36fe
commit e29e0e9e62
21 changed files with 115 additions and 120 deletions

View File

@ -3,10 +3,10 @@
---
- hosts: all
become: yes
become: true
become_method: su
user: root
gather_facts: no
gather_facts: false
tasks:

View File

@ -1,6 +1,6 @@
---
ntpd_servers:
- "ntp.evolix.net"
- "ntp.evolix.net"
general_alert_email: "root@localhost"
general_technical_realm: "example.com"
@ -8,23 +8,23 @@ general_technical_realm: "example.com"
evomaintenance_realm: "example.com"
evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
evomaintenance_pg_host: Null
evomaintenance_pg_passwd: Null
evomaintenance_pg_db: Null
evomaintenance_pg_table: Null
evomaintenance_pg_host: null
evomaintenance_pg_passwd: null
evomaintenance_pg_db: null
evomaintenance_pg_table: null
evomaintenance_from_domain: "{{ evomaintenance_realm }}"
evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
evomaintenance_urgency_from: mama.doe@example.com
evomaintenance_urgency_tel: "06.00.00.00.00"
evomaintenance_install_vendor: False
evomaintenance_force_config: True
evomaintenance_api_endpoint: Null
evomaintenance_api_key: Null
evomaintenance_hook_api: True
evomaintenance_hook_db: False
evomaintenance_hook_commit: True
evomaintenance_hook_mail: True
evomaintenance_install_vendor: false
evomaintenance_force_config: true
evomaintenance_api_endpoint: null
evomaintenance_api_key: null
evomaintenance_hook_api: true
evomaintenance_hook_db: false
evomaintenance_hook_commit: true
evomaintenance_hook_mail: true
evomaintenance_default_hosts: []
evomaintenance_additional_hosts: []
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"

View File

@ -6,8 +6,6 @@
owner: root
group: wheel
mode: "0640"
backup: no
backup: false
tags:
- doas
- doas

View File

@ -39,10 +39,10 @@
dest: /etc/skel/.profile
insertafter: EOF
line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0'
create: yes
create: true
tags:
- admin
- dotfiles
- admin
- dotfiles
- name: Add vim configuration to dotfiles for new users
copy:

View File

@ -6,7 +6,7 @@
owner: root
group: wheel
mode: "0755"
force: no
force: false
tags:
- evobackup
@ -16,6 +16,6 @@
line: '#sh /usr/share/scripts/zzz_evobackup'
owner: root
mode: "0644"
create: yes
create: true
tags:
- evobackup

View File

@ -12,8 +12,8 @@
- name: Copy evomaintenance script and template
copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755"
with_items:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/' }
- {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'}
- {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'}
tags:
- evomaintenance
- script-evomaintenance
@ -25,6 +25,6 @@
owner: root
group: wheel
mode: "0600"
backup: no
backup: false
tags:
- evomaintenance

View File

@ -3,7 +3,7 @@
lineinfile:
path: /etc/rc.local
line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
create: yes
create: true
tags:
- misc
@ -12,7 +12,7 @@
dest: /etc/mail/aliases
regexp: "# root:"
replace: "root: {{ general_alert_email }}"
backup: no
backup: false
notify:
- newaliases
tags:

View File

@ -10,20 +10,20 @@
- name: Install packages (vim rsync mtr etc)
openbsd_pkg:
name:
- wget
- vim--no_x11
- rsync--
- mtr--
- iftop
- sudo--
- postgresql-client
- wget
- vim--no_x11
- rsync--
- mtr--
- iftop
- sudo--
- postgresql-client
tags:
- pkg
- name: Disable sndiod
service:
name: sndiod
enabled: no
enabled: false
state: stopped
tags:
- pkg

View File

@ -4,11 +4,11 @@
lineinfile:
dest: /etc/sudoers
insertafter: '# and set environment variables.'
line: '%wheel ALL=(ALL) SETENV: ALL'
line: '%wheel ALL=(ALL) SETENV: ALL'
validate: 'visudo -cf %s'
backup: no
backup: false
tags:
- sudo
- sudo
- name: Configure sudoers for evomaintenance and monitoring
blockinfile:
@ -19,8 +19,6 @@
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
%wheel ALL=NOPASSWD: MAINT
validate: 'visudo -cf %s'
backup: no
backup: false
tags:
- sudo
- sudo

View File

@ -5,7 +5,7 @@
dest: /usr/share/scripts/bgpd-check-peers.sh
when: group_names | select('search','bgp') | list | count > 0
tags:
- bgp
- bgp
- name: Cron job for bgp check script is installed
cron:
@ -15,13 +15,13 @@
tags:
- bgp
- name: Create bgp log directory
- name: Create bgp log directory
file:
path: /var/log/bgp
state: directory
when: group_names | select('search','bgp') | list | count > 0
tags:
- bgp
- bgp
- name: weekly best routes cron job is installed
cron:

View File

@ -1,4 +1,4 @@
---
commit_message: Ansible run
etc_git_monitor_status: True
etc_git_monitor_status: true

View File

@ -3,20 +3,20 @@
command: git status --porcelain
args:
chdir: /etc
changed_when: False
changed_when: false
register: git_status
when: not ansible_check_mode
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- debug:
var: git_status
verbosity: 3
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: fetch current Git user.email
git_config:
@ -24,18 +24,18 @@
repo: /etc
scope: local
register: git_config_user_email
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: set commit author
set_fact:
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}'
commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}'
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: /etc modifications are committed
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
@ -43,14 +43,14 @@
chdir: /etc
register: etc_commit_end_run
when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- debug:
var: etc_commit_end_run
verbosity: 4
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc

View File

@ -12,7 +12,7 @@
args:
chdir: /etc
creates: /etc/.git/
warn: no
warn: false
register: git_init
tags:
- etc-git
@ -48,11 +48,11 @@
command: "git log"
args:
chdir: /etc
warn: no
changed_when: False
failed_when: False
warn: false
changed_when: false
failed_when: false
register: git_log
check_mode: no
check_mode: false
tags:
- etc-git
@ -60,7 +60,7 @@
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
args:
chdir: /etc
warn: no
warn: false
register: git_commit
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
tags:
@ -72,7 +72,7 @@
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
owner: root
mode: "0644"
create: yes
create: true
tags:
- etc-git
@ -82,7 +82,7 @@
line: "{{ item }}"
owner: root
mode: "0644"
create: yes
create: true
when: etc_git_monitor_status
tags:
- etc-git

View File

@ -2,9 +2,9 @@
- name: run evocheck
command: "{{ evocheck_bin_dir }}/evocheck.sh"
register: evocheck_run
changed_when: False
failed_when: False
check_mode: no
changed_when: false
failed_when: false
check_mode: false
tags:
- evocheck-exec
@ -12,4 +12,4 @@
var: evocheck_run.stdout_lines
when: evocheck_run.stdout != ""
tags:
- evocheck-exec
- evocheck-exec

View File

@ -15,7 +15,7 @@
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
mode: "0700"
owner: root
force: yes
force: true
tags:
- evocheck
@ -23,7 +23,7 @@
copy:
src: evocheck.cf
dest: /etc/evocheck.cf
force: no
force: false
tags:
- evocheck
@ -33,6 +33,6 @@
line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
owner: root
mode: "0644"
create: yes
create: true
tags:
- evocheck

View File

@ -4,7 +4,7 @@
name: net.inet.ip.forwarding
value: 1
state: present
reload: yes
reload: true
tags:
- net
@ -13,6 +13,6 @@
name: net.inet6.ip6.forwarding
value: 1
state: present
reload: yes
reload: true
tags:
- net

View File

@ -54,5 +54,5 @@
- name: Starting and enabling nrpe
service:
name: nrpe
enabled: yes
enabled: true
state: started

View File

@ -3,7 +3,7 @@
openbsd_pkg:
name: "openvpn--"
tags:
- openvpn
- openvpn
- name: Create /etc/openvpn directory
file:
@ -13,59 +13,58 @@
group: "wheel"
mode: "0755"
tags:
- openvpn
- openvpn
- name: Deploy OpenVPN configuration
template:
src: "server.conf.j2"
template:
src: "server.conf.j2"
dest: "/etc/openvpn/server.conf"
mode: "0600"
mode: "0600"
notify: restart openvpn
tags:
- openvpn
- openvpn
- name: Enabling OpenVPN
service:
name: openvpn
enabled: yes
enabled: true
tags:
- openvpn
- openvpn
- name: Set OpenVPN flag
shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"'
tags:
- openvpn
- openvpn
- name: Create shellpki user
user:
name: "_shellpki"
system: yes
state: present
system: yes
system: true
state: present
home: "/etc/shellpki/"
shell: "/sbin/nologin"
tags:
- openvpn
- openvpn
- name: Copy some shellpki files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: yes
force: true
with_items:
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
- { src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755' }
- {src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640'}
- {src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755'}
tags:
- openvpn
- name: Deploy DH PARAMETERS
template:
src: "dh2048.pem.j2"
template:
src: "dh2048.pem.j2"
dest: "/etc/shellpki/dh2048.pem"
mode: "0600"
mode: "0600"
tags:
- openvpn
@ -77,7 +76,7 @@
group: "wheel"
mode: "0755"
tags:
- openvpn
- openvpn
- name: Include /etc/sudoers.d in sudoers configuration file
lineinfile:
@ -91,20 +90,20 @@
src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki"
force: true
mode: "0440"
mode: "0440"
validate: '/usr/local/sbin/visudo -cf %s'
tags:
- openvpn
- openvpn
- name: Copy check_openvpn
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: yes
force: true
with_items:
- { src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755' }
- {src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755'}
tags:
- openvpn

View File

@ -8,7 +8,7 @@
- "ospf6d-check-peers.sh"
when: group_names | select('search','ospf') | list | count > 0
tags:
- ospf
- ospf
- name: Cron job for ospf check scripts is installed
cron:

View File

@ -4,4 +4,4 @@
src: pf.conf.j2
dest: /etc/pf.conf
mode: "0600"
backup: yes
backup: true

View File

@ -3,10 +3,10 @@
command: git status --porcelain
args:
chdir: /etc
changed_when: False
changed_when: false
register: git_status
when: not ansible_check_mode
ignore_errors: yes
ignore_errors: true
tags:
- commit-etc
@ -16,6 +16,6 @@
chdir: /etc
register: etc_commit_end_evolinux
when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes
ignore_errors: true
tags:
- commit-etc