Cleanup: Update changelog

Probably the most dangerous part of the cleanup, replace call to the
shell module that don't seems to make use of shell features with the
command module.

CHANGELOG.md

@@ -22,6 +22,10 @@ The **patch** part changes incrementally at each release.
 
 ### Security
 
+### Other
+
+* Generic cleanup of roles
+
 ## [10.3.0] 2020-12-21
 
 ### Added

amazon-ec2/tasks/create-instance.yml

@@ -3,34 +3,34 @@
 - name: Launch new instance(s)
   ec2:
     state: present
-    aws_access_key: "{{aws_access_key}}"
+    aws_access_key: "{{ aws_access_key }}"
-    aws_secret_key: "{{aws_secret_key}}"
+    aws_secret_key: "{{ aws_secret_key }}"
-    region: "{{aws_region}}"
+    region: "{{ aws_region }}"
-    image: "{{ec2_base_ami}}"
+    image: "{{ ec2_base_ami }}"
-    instance_type: "{{ec2_instance_type}}"
+    instance_type: "{{ ec2_instance_type }}"
-    count: "{{ec2_instance_count}}"
+    count: "{{ ec2_instance_count }}"
-    assign_public_ip: "{{ec2_public_ip}}"
+    assign_public_ip: "{{ ec2_public_ip }}"
-    group: "{{ec2_security_group.name}}"
+    group: "{{ ec2_security_group.name }}"
-    key_name: "{{ec2_keyname}}"
+    key_name: "{{ ec2_keyname }}"
     wait: yes
   register: ec2
 
 - name: Add newly created instance(s) to inventory
   add_host:
-    hostname: "{{item.public_dns_name}}"
+    hostname: "{{ item.public_dns_name }}"
     groupname: launched-instances
     ansible_user: admin
     ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
-  with_items: "{{ec2.instances}}"
+  with_items: "{{ ec2.instances }}"
 
 - debug:
-    msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
+    msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
-  with_items: "{{ec2.instances}}"
+  with_items: "{{ ec2.instances }}"
 
 - name: Wait for SSH to come up on all instances (give up after 2m)
   wait_for:
     state: started
-    host: "{{item.public_dns_name}}"
+    host: "{{ item.public_dns_name }}"
     port: 22
     timeout: 120
-  with_items: "{{ec2.instances}}"
+  with_items: "{{ ec2.instances }}"

apache/tasks/auth.yml

@@ -10,7 +10,7 @@
     force: no
   tags:
     - apache
-    
+
 - name: Load IP whitelist task
   include: ip_whitelist.yml
 

apache/tasks/server_status.yml

@@ -14,7 +14,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ apache_serverstatus_suffix }}\u000A"
     force: yes
-  when: apache_serverstatus_suffix != ""
+  when: apache_serverstatus_suffix
 
 - name: generate random string for server-status suffix
   shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"

apt/tasks/hold_packages.yml

@@ -4,7 +4,7 @@
   shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
   register: apt_mark
   changed_when: "item + ' set on hold.' in apt_mark.stdout"
-  failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
+  failed_when: apt_mark.rc != 0 and apt_mark.stdout
   loop: "{{ apt_hold_packages }}"
   tags:
     - apt

bind/tasks/main.yml

@@ -94,7 +94,7 @@
 
 - debug:
     var: chrootbind_run.stdout_lines
-  when: bind_chroot_set and chrootbind_run.stdout != ""
+  when: bind_chroot_set and chrootbind_run.stdout
 
 - name: Modify OPTIONS in /etc/default/bind9 for chroot
   replace:

elasticsearch/tasks/datadir.yml

@@ -16,7 +16,7 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
+    - elasticsearch_custom_datadir
     - elasticsearch_custom_datadir != None
 
 - name: Datadir is moved to custom path
@@ -44,7 +44,7 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
+    - elasticsearch_custom_datadir
     - elasticsearch_custom_datadir != None
     - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
     - not elasticsearch_custom_datadir_test.stat.exists

elasticsearch/tasks/plugin_head.yml

@@ -15,6 +15,7 @@
         repo: "https://github.com/mobz/elasticsearch-head.git"
         dest: "{{ elasticsearch_plugin_head_clone_dir }}"
         clone: yes
+        version: master
       tags:
         - packages
 

elasticsearch/tasks/tmpdir.yml

@@ -54,4 +54,4 @@
       tags:
         - elasticsearch
       when: elastic_stack_version is version('6', '>=')
-  when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
+  when: (elasticsearch_custom_tmpdir and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

evoacme/tasks/conf.yml

@@ -1,5 +1,6 @@
 ---
-- ini_file:
+- name: "Configure openssl key generation"
+  ini_file:
     dest: "{{ evoacme_crt_dir }}/openssl.cnf"
     section: 'req'
     option: "{{ item.name }}"

evoacme/tasks/evoacme_hook.yml

@@ -16,4 +16,4 @@
     src: "hooks/{{ hook_name }}"
     dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
     mode: "0750"
-  when: _find_hook.stdout == ""
+  when: not _find_hook.stdout

evocheck/tasks/exec.yml

@@ -10,6 +10,6 @@
 
 - debug:
     var: evocheck_run.stdout_lines
-  when: evocheck_run.stdout != ""
+  when: evocheck_run.stdout
   tags:
   - evocheck-exec

evolinux-base/tasks/hardware.yml

@@ -29,7 +29,7 @@
 # HP gen <10: Hewlett-Packard Company Smart Array
 # HP gen >=10: Adaptec Smart Storage PQI
 - name: Detect if RAID is installed
-  shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"
+  shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"'
   check_mode: no
   register: raidmodel
   changed_when: "'FAILED' in raidmodel.stdout"

evolinux-base/tasks/postfix.yml

@@ -32,9 +32,8 @@
     - postfix
 
 - name: fetch users list
-  shell: getent passwd | cut -d":" -f 1 | grep -v root
+  shell: 'getent passwd | cut -d":" -f 1 | grep -v root'
   check_mode: no
-
   register: non_root_users_list
   changed_when: False
   tags:

evolinux-todo/tasks/cat.yml

@@ -10,4 +10,4 @@
 - name: "Content of /etc/evolinux/todo.txt"
   debug:
     var: evolinux_todo.stdout_lines
-  when: evolinux_todo.stdout != ""
+  when: evolinux_todo.stdout

evolinux-users/tasks/ssh.yml

@@ -22,11 +22,13 @@
     var: grep_allowusers_ssh
     verbosity: 1
 
-- assert:
+- name: "Check that only AllowUsers or AllowGroups is present"
+  assert:
     that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
     msg: "We can't deal with AllowUsers and AllowGroups at the same time"
 
-- set_fact:
+- name: "Define which protection method to use"
+  set_fact:
     # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
     ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
     # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"

evolinux-users/tasks/user.yml

@@ -102,7 +102,7 @@
     state: present
   when:
     - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
@@ -112,7 +112,7 @@
     append: yes
   when:
     - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
     - ansible_distribution_major_version is version('9', '>=')
 
 ## Optional secondary groups, defined per user

evomaintenance/tasks/main.yml

@@ -1,9 +1,11 @@
 ---
 
-- set_fact:
+- name: "Choose if minifirewall will need to be restarted"
+  set_fact:
     minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
 
-- assert:
+- name: "Check that API variables are set"
+  assert:
     that:
       - evomaintenance_api_endpoint is not none
       - evomaintenance_api_key is not none

fail2ban/tasks/ip_whitelist.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the whitelist from variables"
+  set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
 
 - name: Update ignoreips lists
@@ -12,4 +13,4 @@
   notify: restart fail2ban
   tags:
     - fail2ban
-    - ips
+    - ips

fail2ban/tasks/main.yml

@@ -15,7 +15,8 @@
   tags:
     - fail2ban
 
-- set_fact:
+- name: "Define ip whitelist from variables"
+  set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
   tags:
     - fail2ban

java/tasks/openjdk.yml

@@ -15,7 +15,7 @@
 
 - name: Install openjdk package
   apt:
-    name: "openjdk-{{ java_version}}-jre-headless"
+    name: "openjdk-{{ java_version }}-jre-headless"
     default_release: "{{ java_apt_release }}"
     state: present
   tags:

kvm-host/tasks/images.yml

@@ -13,7 +13,7 @@
       changed_when: False
       check_mode: no
       register: kvm_libvirt_images_current_real_path_test
-  when: kvm_custom_libvirt_images_path != ''
+  when: kvm_custom_libvirt_images_path
 
 - name: Images directory is moved to custom path
   block:
@@ -35,6 +35,6 @@
         dest: '/var/lib/libvirt/images'
         state: link
   when:
-    - kvm_custom_libvirt_images_path != ''
+    - kvm_custom_libvirt_images_path
     - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
     - not kvm_custom_libvirt_images_path_test.stat.exists

logstash/tasks/logs.yml

@@ -4,7 +4,7 @@
   failed_when: False
   changed_when: False
   register: is_cron_installed
-  
+
 - name: "log rotation script"
   template:
     src: rotate_logstash_logs.j2

logstash/tasks/tmpdir.yml

@@ -28,4 +28,4 @@
       - restart logstash
     tags:
       - logstash
-  when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
+  when: (logstash_custom_tmpdir and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

lxc-php/tasks/main.yml

@@ -4,7 +4,7 @@
     msg: Please configure var lxc_php_version
   when: lxc_php_version is none
 
-- name: "Update APT cache in container {{lxc_php_version}}"
+- name: "Update APT cache in container {{ lxc_php_version }}"
   lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "apt-get update"

lxc-solr/tasks/main.yml

@@ -11,6 +11,6 @@
   with_items:
     - "{{ lxc_containers }}"
 
-- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
+- include: "solr.yml name={{ item.name }} solr_version={{ item.solr_version }} solr_port={{ item.solr_port }}"
   with_items:
     - "{{ lxc_containers }}"

lxc-solr/tasks/solr.yml

@@ -1,6 +1,9 @@
 ---
 - name: Install openjdk-8-jre-headless and lsof packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y openjdk-8-jre-headless lsof"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "apt-get install -y openjdk-8-jre-headless lsof"
+    state: started
 
 - name: "Download Solr {{ solr_version }}"
   get_url:
@@ -15,10 +18,16 @@
     remote_src: yes
 
 - name: "Install Solr {{ solr_version }}"
-  command: "lxc-attach -n {{name}} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
+    state: started
 
 - name: "Stop Solr"
-  command: "lxc-attach -n {{name}} -- /etc/init.d/solr stop"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/etc/init.d/solr stop"
+    state: started
   ignore_errors: True
 
 - name: "Make sure /home/solr exists"
@@ -27,11 +36,17 @@
     state: directory
     mode: '0755'
 
-- name: "Move Solr data directory to /home/solr/{{name}}"
+- name: "Move Solr data directory to /home/solr/{{ name }}"
-  command: "lxc-attach -n {{name}} -- mv /var/solr /home/solr/{{name}}"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "mv /var/solr /home/solr/{{ name }}"
+    state: started
 
-- name: "Create a symbolic link to /home/solr/{{name}}"
+- name: "Create a symbolic link to /home/solr/{{ name }}"
-  command: "lxc-attach -n {{name}} -- ln -s /home/solr/{{name}} /var/solr"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "ln -s /home/solr/{{ name }} /var/solr"
+    state: started
 
 - name: "Set Solr port to {{ solr_port }}"
   lineinfile:
@@ -39,4 +54,7 @@
     line: "SOLR_PORT={{ solr_port }}"
 
 - name: "Start Solr"
-  command: "lxc-attach -n {{name}} -- /etc/init.d/solr start"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/etc/init.d/solr start"
+    state: started

lxc/meta/main.yml

@@ -1,6 +1,6 @@
 galaxy_info:
   author: Evolix
-  description: Creation of LXC Containers 
+  description: Creation of LXC Containers
 
   issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
 

memcached/tasks/main.yml

@@ -13,7 +13,7 @@
   notify: restart memcached
   tags:
     - memcached
-  when: memcached_instance_name == ""
+  when: memcached_instance_name
 
 - name: Memcached is running and enabled on boot.
   service:
@@ -22,7 +22,7 @@
     state: started
   tags:
     - memcached
-  when: memcached_instance_name == ""
+  when: memcached_instance_name
 
 - name: Add systemd template
   copy:
@@ -30,7 +30,7 @@
     dest: /etc/systemd/system/memcached@.service
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Delete default memcached systemd configuration file
   systemd:
@@ -39,7 +39,7 @@
     state: stopped
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Make sure memcached.conf is absent
   file:
@@ -47,7 +47,7 @@
     state: absent
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Create a configuration file
   template:
@@ -56,7 +56,7 @@
     mode: "0644"
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Enable and start the memcached instance
   systemd:
@@ -67,7 +67,7 @@
     masked: no
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - include: munin.yml
 

memcached/tasks/munin.yml

@@ -2,7 +2,7 @@
 - name: Choose packages (Oracle)
   set_fact:
      multi: "multi_"
-  when: memcached_instance_name !=""
+  when: memcached_instance_name
 
 - name: is Munin present ?
   stat:

mysql-oracle/tasks/config.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the mysql config directory"
+  set_fact:
     mysql_config_directory: "/etc/mysql/mysql.conf.d"
 
 - name: "Copy MySQL defaults config file"

mysql-oracle/tasks/datadir.yml

@@ -14,7 +14,7 @@
     register: mysql_current_real_datadir_test
   tags:
     - mysql
-  when: mysql_custom_datadir != ''
+  when: mysql_custom_datadir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_datadir != ''
+    - mysql_custom_datadir
     - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
     - not mysql_custom_datadir_test.stat.exists

mysql-oracle/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: 'Define which handler will be called to "restart" mysql'
+  set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
 - include: packages.yml

mysql-oracle/tasks/packages.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define which configuration package will be installed"
+  set_fact:
     mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
 
 - name: Set default MySQL version to 5.7

mysql-oracle/tasks/tmpdir.yml

@@ -20,4 +20,4 @@
     notify: "{{ mysql_restart_handler_name }}"
     tags:
       - mysql
-  when: mysql_custom_tmpdir != ''
+  when: mysql_custom_tmpdir

mysql/meta/main.yml

@@ -1,6 +1,6 @@
 galaxy_info:
   author: Evolix
-  description: your description
+  description: Install and configure mysql
 
   issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
 

mysql/tasks/config_jessie.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the config directory of mysql"
+  set_fact:
     mysql_config_directory: /etc/mysql/conf.d
 
 - name: "Copy MySQL defaults config file (jessie)"

mysql/tasks/config_stretch.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the config directory of mysql"
+  set_fact:
     mysql_config_directory: /etc/mysql/mariadb.conf.d
 
 - name: "Copy MySQL defaults config file (Debian 9 or later)"

mysql/tasks/datadir.yml

@@ -14,7 +14,7 @@
     register: mysql_current_real_datadir_test
   tags:
     - mysql
-  when: mysql_custom_datadir != ''
+  when: mysql_custom_datadir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_datadir != ''
+    - mysql_custom_datadir
     - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
     - not mysql_custom_datadir_test.stat.exists

mysql/tasks/logdir.yml

@@ -14,7 +14,7 @@
     register: mysql_current_real_logdir_test
   tags:
     - mysql
-  when: mysql_custom_logdir != ''
+  when: mysql_custom_logdir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_logdir != ''
+    - mysql_custom_logdir
     - mysql_custom_logdir != mysql_current_real_logdir_test.stdout
     - not mysql_custom_logdir_test.stat.exists

mysql/tasks/tmpdir.yml

@@ -20,4 +20,4 @@
     notify: "{{ mysql_restart_handler_name }}"
     tags:
       - mysql
-  when: mysql_custom_tmpdir != ''
+  when: mysql_custom_tmpdir

mysql/tasks/utils.yml

@@ -41,7 +41,7 @@
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: Read debian-sys-maint password
-  shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
+  shell: 'grep -m1 "password = .*" /etc/mysql/debian.cnf | cut -d" " -f3'
   register: mysql_debian_password
   changed_when: False
   check_mode: no

networkd-to-ifconfig/tasks/set_facts_from_systemd.yml

@@ -2,11 +2,13 @@
 
 - name: "Parse addresses"
   shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  changed_when: false
   register: network_address_grep
   check_mode: no
 
 - name: "Parse gateways"
   shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  changed_when: false
   register: network_gateway_grep
   check_mode: no
 

newrelic/tasks/php.yml

@@ -6,7 +6,7 @@
     question: "newrelic-php5/application-name"
     value: "{{ newrelic_appname }}"
     vtype: string
-  when: newrelic_appname != ""
+  when: newrelic_appname
 
 - name: Pre-seed package configuration with license
   debconf:
@@ -14,7 +14,7 @@
     question: "newrelic-php5/license-key"
     value: "{{ newrelic_license }}"
     vtype: "string"
-  when: newrelic_license != ""
+  when: newrelic_license
 
 - name: list newrelic config files
   shell: "find /etc/php* -type f -name newrelic.ini"

newrelic/tasks/sysmond.yml

@@ -9,5 +9,5 @@
     dest: /etc/newrelic/nrsysmond.cfg
     regexp: "license_key=REPLACE_WITH_REAL_KEY"
     replace: "license_key={{ newrelic_license }}"
-  when: newrelic_license != ""
+  when: newrelic_license
   notify: restart newrelic-sysmond

nginx/tasks/packages.yml

@@ -10,7 +10,7 @@
   tags:
     - nginx
     - packages
-    
+
 - name: Ensure nginx service is running as configured.
   service:
     name: nginx

nginx/tasks/server_status_read.yml

@@ -14,7 +14,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ nginx_serverstatus_suffix }}\u000A"
     force: yes
-  when: nginx_serverstatus_suffix != ""
+  when: nginx_serverstatus_suffix
 
 - name: generate random string for server-status suffix
   shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"

packweb-apache/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
     - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')

packweb-apache/tasks/phpmyadmin.yml

@@ -48,7 +48,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ packweb_phpmyadmin_suffix }}\u000A"
     force: yes
-  when: packweb_phpmyadmin_suffix != ""
+  when: packweb_phpmyadmin_suffix
 
 - name: generate random string for phpmyadmin suffix
   shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"

php/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
   - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')

postfix/meta/main.yml

@@ -14,8 +14,8 @@ galaxy_info:
     - jessie
 
 dependencies:
-  - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail == True }
+  - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail }
-  - { role: evolix/spamassasin, when: postfix_packmail == True }
+  - { role: evolix/spamassasin, when: postfix_packmail }
-  - { role: evolix/clamav, when: postfix_packmail == True }
+  - { role: evolix/clamav, when: postfix_packmail }
-  - { role: evolix/opendkim, when: postfix_packmail == True }
+  - { role: evolix/opendkim, when: postfix_packmail }
-  - { role: evolix/dovecot, when: postfix_packmail == True }
+  - { role: evolix/dovecot, when: postfix_packmail }

postfix/tasks/main.yml

@@ -3,10 +3,10 @@
 - include: common.yml
 
 - include: minimal.yml
-  when: postfix_packmail == False
+  when: not postfix_packmail
 
 - include: packmail.yml
-  when: postfix_packmail == True
+  when: postfix_packmail
 
 - include: slow_transport.yml
   when: postfix_slow_transport_include

postgresql/tasks/config.yml

@@ -10,13 +10,13 @@
 
 - name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
   lineinfile:
-    name: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf"
+    name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
     line: include_dir = 'conf.d'
   notify: restart postgresql
 
 - name: Create conf.d directory
   file:
-    name: "/etc/postgresql/{{postgresql_version}}/main/conf.d/"
+    name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/"
     state: directory
     owner: postgres
     group: postgres
@@ -25,7 +25,7 @@
 - name: Copy PostgreSQL config file
   template:
     src: postgresql.conf.j2
-    dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/zz-evolinux.conf"
+    dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf"
     owner: postgres
     group: postgres
     mode: "0644"

postgresql/tasks/munin.yml

@@ -12,8 +12,8 @@
 - name: Add Munin plugins for PostgreSQL
   file:
     state: link
-    src: '/usr/share/munin/plugins/{{item}}'
+    src: '/usr/share/munin/plugins/{{ item }}'
-    dest: '/etc/munin/plugins/{{item}}'
+    dest: '/etc/munin/plugins/{{ item }}'
   with_items:
   - postgres_bgwriter
   - postgres_checkpoints
@@ -26,10 +26,10 @@
 - name: Add Munin plugins for PostgreSQL (for specific databases)
   file:
     state: link
-    src: '/usr/share/munin/plugins/{{item[0]}}'
+    src: '/usr/share/munin/plugins/{{ item[0] }}'
-    dest: '/etc/munin/plugins/{{item[0]}}{{item[1]}}'
+    dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}'
   with_nested:
   - ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_']
-  - '{{postgresql_databases}}'
+  - '{{ postgresql_databases }}'
   notify: restart munin-node
   when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists

postgresql/tasks/nrpe.yml

@@ -35,7 +35,7 @@
     lineinfile:
       name: /etc/nagios/nrpe.d/evolix.cfg
       regexp: '^command\[check_pgsql\]='
-      line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"'
+      line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
     notify: restart nagios-nrpe-server
     when: postgresql_create_nrpe_user.changed
   when: nrpe_evolix_config.stat.exists

postgresql/tasks/packages_jessie.yml

@@ -10,8 +10,8 @@
 
 - name: Install postgresql package
   apt:
-    name: '{{item}}'
+    name: '{{ item }}'
   with_items:
-  - "postgresql-{{postgresql_version}}"
+  - "postgresql-{{ postgresql_version }}"
   - ptop
   - libdbd-pg-perl

postgresql/tasks/pgdg-repo.yml

@@ -10,7 +10,7 @@
 
 - name: Add PGDG repository
   apt_repository:
-    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
     update_cache: yes
 
 - name: Add GPG key for PGDG repository

postgresql/tasks/postgis.yml

@@ -1,5 +1,5 @@
 ---
-- name: Install PostGIS extention 
+- name: Install PostGIS extention
   apt:
     name:
       - postgis

redis/tasks/default-munin.yml

@@ -39,7 +39,7 @@
 - name: Enable redis munin plugin
   file:
     src: /usr/local/share/munin/plugins/redis_
-    dest: "/etc/munin/plugins/redis_{{item}}"
+    dest: "/etc/munin/plugins/redis_{{ item }}"
     state: link
   with_items:
     - connected_clients
@@ -67,7 +67,7 @@
     value: '{{ redis_password }}'
   notify: restart munin-node
   when:
-    - redis_password != ''
+    - redis_password
     - redis_password != None
     - (munin_redis_blocs_in_config.stdout | int) <= 1
   tags: redis
@@ -77,6 +77,6 @@
   debug:
     msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
   when:
-    - redis_password != ''
+    - redis_password
     - redis_password != None
     - (munin_redis_blocs_in_config.stdout | int) > 1

redis/tasks/instance-munin.yml

@@ -39,7 +39,7 @@
 - name: Enable redis munin plugin
   file:
     src: /usr/local/share/munin/plugins/redis_
-    dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}"
+    dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ item }}"
     state: link
   with_items:
     - connected_clients

redis/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define if redis needs to restart or not"
+  set_fact:
     redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
 
 - name: Redis is installed.
@@ -30,7 +31,8 @@
   tags:
     - redis
 
-- set_fact:
+- name: "Define which version of redis is installed"
+  set_fact:
     redis_installed_version: "{{ _redis_installed_version.stdout }}"
   check_mode: no
   tags:

redmine/meta/main.yml

@@ -1,3 +1,19 @@
 ---
+galaxy_info:
+  author: Evolix
+  description: Install redmine on a Debian install
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+    - name: Debian
+      version:
+        - jessie
+        - stretch
+
 dependencies:
   - { role: evolix/nginx }

redmine/tasks/mysql.yml

@@ -13,7 +13,7 @@
   register: redmine_generate_mysql_password
   check_mode: no
   changed_when: False
-  when: redmine_get_mysql_password.stdout == ""
+  when: not redmine_get_mysql_password.stdout
   tags:
   - redmine
 

redmine/tasks/release.yml

@@ -22,6 +22,7 @@
     state: stopped
     user: yes
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -79,6 +80,7 @@
     chdir: "/home/{{ redmine_user }}/www"
     creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -88,6 +90,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -97,6 +100,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   when: redmine_mysql_create.changed
   tags:
@@ -107,6 +111,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -118,6 +123,7 @@
     state: started
     user: yes
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine

redmine/tasks/source.yml

@@ -57,6 +57,7 @@
     version: "{{ item.tree | default('master') }}"
     umask: "027"
   become_user: "{{ redmine_user }}"
+  become: yes
   when: item.git is defined
   with_items: "{{ redmine_plugins }}"
   tags:
@@ -82,6 +83,7 @@
     version: "{{ item.tree | default('master') }}"
     umask: "027"
   become_user: "{{ redmine_user }}"
+  become: yes
   when: item.git is defined
   with_items: "{{ redmine_themes }}"
   tags:

spamassasin/tasks/main.yml

@@ -60,7 +60,7 @@
   failed_when: False
   changed_when: False
   register: is_cron_installed
-  
+
 - name: enable sa-update.sh cron
   lineinfile:
     dest: /etc/cron.d/sa-update

squid/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for role compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
   - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
@@ -79,7 +80,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux http_access for local proxy (Debian 9 or later)"
   copy:
@@ -95,7 +96,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux overrides for local proxy (Debian 9 or later)"
   template:
@@ -111,7 +112,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: add some URL in whitelist (Debian 8)
   lineinfile:

squid/tasks/systemd.yml

@@ -6,7 +6,7 @@
   failed_when: False
   check_mode: no
   register: _squid_systemd_active
-  
+
 - name: Squid systemd overrides directory exists
   file:
     dest: /etc/systemd/system/squid.service.d/

varnish/tasks/main.yml

@@ -64,8 +64,8 @@
 - name: Patch logrotate conf
   replace:
     name: /etc/logrotate.d/varnish
-    regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{item}}.*)'
+    regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)'
-    replace: '\1systemctl -q is-active {{item}} && \2'
+    replace: '\1systemctl -q is-active {{ item }} && \2'
   with_items:
     - varnishlog
     - varnishncsa

varnish/tasks/munin.yml

@@ -33,7 +33,7 @@
 - name: Enable varnish4 munin plugin
   file:
     src: /usr/local/share/munin/plugins/varnish4_
-    dest: "/etc/munin/plugins/varnish4_{{item}}"
+    dest: "/etc/munin/plugins/varnish4_{{ item }}"
     state: link
   with_items:
     - backend_traffic

webapps/evoadmin-mail/tasks/nginx.yml

@@ -15,7 +15,7 @@
   tags:
     - evoadmin-mail
 
-- name: Active evoadminmail VHost     
+- name: Active evoadminmail VHost
   file:
     src: "/etc/nginx/sites-available/evoadminmail.conf"
     dest: "/etc/nginx/sites-enabled/evoadminmail.conf"

webapps/roundcube/tasks/main.yml

@@ -116,7 +116,7 @@
     src: "/etc/nginx/sites-available/roundcube.conf"
     dest: "/etc/nginx/sites-enabled/roundcube.conf"
     state: link
-  when: roundcube_webserver == "nginx" 
+  when: roundcube_webserver == "nginx"
   notify: reload nginx
 
 - name: enable roundcube link in default site index

webapps/wordpress/tasks/main.yml

@@ -12,7 +12,7 @@
     mode: "0750"
 
 - name: Download Wordpress
-  shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
+  command: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/index.php"
 
@@ -42,12 +42,12 @@
   delegate_to: localhost
 
 - name: Configure Wordpress (wp-config.php)
-  shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
+  command: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/wp-config.php"
 
 - name: Configure site
-  shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
+  command: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
   changed_when: false
 
 - name: Check if Wordpress is up to date
@@ -58,7 +58,7 @@
   changed_when: check_version.rc
 
 - name: Update Wordpress
-  shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
+  command: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
   args:
     removes: "{{ ansible_env.HOME }}/www/index.php"
   when: check_version.rc