From 2036db938bf644b983c3920b3182d0f23fb3b023 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Thu, 18 Jun 2020 15:53:52 +0200
Subject: [PATCH 01/23] [Cleanup] Cleanup the mysql role

Remove the useless call for `cat` as `grep` take a file as it's second
argument that tell it to search for the pattern in a specific file
instead of whatever is passed to it through stdin.

Name both task defining the position of the config directory for
self-documentation purposes (and please ansible-lint defaults).

Change role description to it's description in the readme instead of the
default description asking for the role to be described.

Don't compare to empty string, an empty string is already false while a
non-empty string is true.
---
 mysql/meta/main.yml            | 2 +-
 mysql/tasks/config_jessie.yml  | 3 ++-
 mysql/tasks/config_stretch.yml | 3 ++-
 mysql/tasks/datadir.yml        | 4 ++--
 mysql/tasks/logdir.yml         | 4 ++--
 mysql/tasks/tmpdir.yml         | 2 +-
 mysql/tasks/utils.yml          | 2 +-
 7 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/mysql/meta/main.yml b/mysql/meta/main.yml
index 82be1e3c..fef37b27 100644
--- a/mysql/meta/main.yml
+++ b/mysql/meta/main.yml
@@ -1,6 +1,6 @@
 galaxy_info:
   author: Evolix
-  description: your description
+  description: Install and configure mysql
 
   issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
 
diff --git a/mysql/tasks/config_jessie.yml b/mysql/tasks/config_jessie.yml
index a5dd4d77..6b82de47 100644
--- a/mysql/tasks/config_jessie.yml
+++ b/mysql/tasks/config_jessie.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the config directory of mysql"
+  set_fact:
     mysql_config_directory: /etc/mysql/conf.d
 
 - name: "Copy MySQL defaults config file (jessie)"
diff --git a/mysql/tasks/config_stretch.yml b/mysql/tasks/config_stretch.yml
index d6d59efd..16aef4f9 100644
--- a/mysql/tasks/config_stretch.yml
+++ b/mysql/tasks/config_stretch.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the config directory of mysql"
+  set_fact:
     mysql_config_directory: /etc/mysql/mariadb.conf.d
 
 - name: "Copy MySQL defaults config file (Debian 9 or later)"
diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml
index 28beb1ed..ee4e7bcf 100644
--- a/mysql/tasks/datadir.yml
+++ b/mysql/tasks/datadir.yml
@@ -14,7 +14,7 @@
     register: mysql_current_real_datadir_test
   tags:
     - mysql
-  when: mysql_custom_datadir != ''
+  when: mysql_custom_datadir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_datadir != ''
+    - mysql_custom_datadir
     - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
     - not mysql_custom_datadir_test.stat.exists
diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml
index a1b3a8d8..959d8796 100644
--- a/mysql/tasks/logdir.yml
+++ b/mysql/tasks/logdir.yml
@@ -14,7 +14,7 @@
     register: mysql_current_real_logdir_test
   tags:
     - mysql
-  when: mysql_custom_logdir != ''
+  when: mysql_custom_logdir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_logdir != ''
+    - mysql_custom_logdir
     - mysql_custom_logdir != mysql_current_real_logdir_test.stdout
     - not mysql_custom_logdir_test.stat.exists
diff --git a/mysql/tasks/tmpdir.yml b/mysql/tasks/tmpdir.yml
index e2c13dc5..69b4a4f4 100644
--- a/mysql/tasks/tmpdir.yml
+++ b/mysql/tasks/tmpdir.yml
@@ -20,4 +20,4 @@
     notify: "{{ mysql_restart_handler_name }}"
     tags:
       - mysql
-  when: mysql_custom_tmpdir != ''
+  when: mysql_custom_tmpdir
diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml
index 164507aa..48bc4d93 100644
--- a/mysql/tasks/utils.yml
+++ b/mysql/tasks/utils.yml
@@ -41,7 +41,7 @@
   when: ansible_distribution_major_version is version('10', '>=')
 
 - name: Read debian-sys-maint password
-  shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
+  shell: 'grep -m1 "password = .*" /etc/mysql/debian.cnf | cut -d" " -f3'
   register: mysql_debian_password
   changed_when: False
   check_mode: no
-- 
2.39.2


From 3ec85f9560dcb7e327c2306a221b7d639b564194 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Thu, 18 Jun 2020 16:20:13 +0200
Subject: [PATCH 02/23] [Cleanup] Clean up evolinux-base and evolinux-users

evolinux-users: Add name to all tasks for self documentation purposes
and don't compare with empty string.

evolinux-base: Remove trailing whitespaces.
---
 evolinux-base/tasks/hardware.yml | 2 +-
 evolinux-base/tasks/postfix.yml  | 3 +--
 evolinux-users/tasks/ssh.yml     | 6 ++++--
 evolinux-users/tasks/user.yml    | 4 ++--
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml
index c44c1248..b6e1b3f0 100644
--- a/evolinux-base/tasks/hardware.yml
+++ b/evolinux-base/tasks/hardware.yml
@@ -29,7 +29,7 @@
 # HP gen <10: Hewlett-Packard Company Smart Array
 # HP gen >=10: Adaptec Smart Storage PQI
 - name: Detect if RAID is installed
-  shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"
+  shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"'
   check_mode: no
   register: raidmodel
   changed_when: "'FAILED' in raidmodel.stdout"
diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml
index aa60e737..50ecf0a4 100644
--- a/evolinux-base/tasks/postfix.yml
+++ b/evolinux-base/tasks/postfix.yml
@@ -32,9 +32,8 @@
     - postfix
 
 - name: fetch users list
-  shell: getent passwd | cut -d":" -f 1 | grep -v root
+  shell: 'getent passwd | cut -d":" -f 1 | grep -v root'
   check_mode: no
-
   register: non_root_users_list
   changed_when: False
   tags:
diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml
index e21f0978..132cba6c 100644
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@@ -22,11 +22,13 @@
     var: grep_allowusers_ssh
     verbosity: 1
 
-- assert:
+- name: "Check that only AllowUsers or AllowGroups is present"
+  assert:
     that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
     msg: "We can't deal with AllowUsers and AllowGroups at the same time"
 
-- set_fact:
+- name: "Define which protection method to use"
+  set_fact:
     # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
     ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
     # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml
index b8dda1d2..383a25cc 100644
--- a/evolinux-users/tasks/user.yml
+++ b/evolinux-users/tasks/user.yml
@@ -102,7 +102,7 @@
     state: present
   when:
     - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
@@ -112,7 +112,7 @@
     append: yes
   when:
     - evolinux_internal_group is defined
-    - evolinux_internal_group != ""
+    - evolinux_internal_group
     - ansible_distribution_major_version is version('9', '>=')
 
 ## Optional secondary groups, defined per user
-- 
2.39.2


From 0825d88552e8a4e890779a0df8c86776522b0cc3 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Thu, 18 Jun 2020 17:34:22 +0200
Subject: [PATCH 03/23] [Cleanup] Clean up evoacme and evocheck roles

Don't compare with empty string as an empty string is already false and
a non-empty string is already true.

Name all tasks.
---
 apt/tasks/hold_packages.yml    | 2 +-
 evoacme/tasks/conf.yml         | 3 ++-
 evoacme/tasks/evoacme_hook.yml | 2 +-
 evocheck/tasks/exec.yml        | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/apt/tasks/hold_packages.yml b/apt/tasks/hold_packages.yml
index f93c34a7..a73904c6 100644
--- a/apt/tasks/hold_packages.yml
+++ b/apt/tasks/hold_packages.yml
@@ -4,7 +4,7 @@
   shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
   register: apt_mark
   changed_when: "item + ' set on hold.' in apt_mark.stdout"
-  failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
+  failed_when: apt_mark.rc != 0 and apt_mark.stdout
   loop: "{{ apt_hold_packages }}"
   tags:
     - apt
diff --git a/evoacme/tasks/conf.yml b/evoacme/tasks/conf.yml
index 4d9f6704..ba982d01 100644
--- a/evoacme/tasks/conf.yml
+++ b/evoacme/tasks/conf.yml
@@ -1,5 +1,6 @@
 ---
-- ini_file:
+- name: "Configure openssl key generation"
+  ini_file:
     dest: "{{ evoacme_crt_dir }}/openssl.cnf"
     section: 'req'
     option: "{{ item.name }}"
diff --git a/evoacme/tasks/evoacme_hook.yml b/evoacme/tasks/evoacme_hook.yml
index 51dbb21c..74369047 100644
--- a/evoacme/tasks/evoacme_hook.yml
+++ b/evoacme/tasks/evoacme_hook.yml
@@ -16,4 +16,4 @@
     src: "hooks/{{ hook_name }}"
     dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
     mode: "0750"
-  when: _find_hook.stdout == ""
+  when: not _find_hook.stdout
diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml
index 244d0347..b818025f 100644
--- a/evocheck/tasks/exec.yml
+++ b/evocheck/tasks/exec.yml
@@ -10,6 +10,6 @@
 
 - debug:
     var: evocheck_run.stdout_lines
-  when: evocheck_run.stdout != ""
+  when: evocheck_run.stdout
   tags:
   - evocheck-exec
-- 
2.39.2


From 26eec48954cd75f2c59ab4afbfb933f91b7aeaee Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Thu, 18 Jun 2020 17:52:10 +0200
Subject: [PATCH 04/23] =?UTF-8?q?[Cleanup]=C2=A0amazon-ec2,=20apache,=20bi?=
 =?UTF-8?q?nd,=20evolinux-todo,=20evomaintenance?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't compare with empty string

Name all tasks

Variables should have space before and after their name
---
 amazon-ec2/tasks/create-instance.yml | 30 ++++++++++++++--------------
 apache/tasks/auth.yml                |  2 +-
 apache/tasks/server_status.yml       |  2 +-
 bind/tasks/main.yml                  |  2 +-
 evolinux-todo/tasks/cat.yml          |  2 +-
 evomaintenance/tasks/main.yml        |  6 ++++--
 6 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/amazon-ec2/tasks/create-instance.yml b/amazon-ec2/tasks/create-instance.yml
index 470cac72..c784b0b9 100644
--- a/amazon-ec2/tasks/create-instance.yml
+++ b/amazon-ec2/tasks/create-instance.yml
@@ -3,34 +3,34 @@
 - name: Launch new instance(s)
   ec2:
     state: present
-    aws_access_key: "{{aws_access_key}}"
-    aws_secret_key: "{{aws_secret_key}}"
-    region: "{{aws_region}}"
-    image: "{{ec2_base_ami}}"
-    instance_type: "{{ec2_instance_type}}"
-    count: "{{ec2_instance_count}}"
-    assign_public_ip: "{{ec2_public_ip}}"
-    group: "{{ec2_security_group.name}}"
-    key_name: "{{ec2_keyname}}"
+    aws_access_key: "{{ aws_access_key }}"
+    aws_secret_key: "{{ aws_secret_key }}"
+    region: "{{ aws_region }}"
+    image: "{{ ec2_base_ami }}"
+    instance_type: "{{ ec2_instance_type }}"
+    count: "{{ ec2_instance_count }}"
+    assign_public_ip: "{{ ec2_public_ip }}"
+    group: "{{ ec2_security_group.name }}"
+    key_name: "{{ ec2_keyname }}"
     wait: yes
   register: ec2
 
 - name: Add newly created instance(s) to inventory
   add_host:
-    hostname: "{{item.public_dns_name}}"
+    hostname: "{{ item.public_dns_name }}"
     groupname: launched-instances
     ansible_user: admin
     ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
-  with_items: "{{ec2.instances}}"
+  with_items: "{{ ec2.instances }}"
 
 - debug:
-    msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
-  with_items: "{{ec2.instances}}"
+    msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
+  with_items: "{{ ec2.instances }}"
 
 - name: Wait for SSH to come up on all instances (give up after 2m)
   wait_for:
     state: started
-    host: "{{item.public_dns_name}}"
+    host: "{{ item.public_dns_name }}"
     port: 22
     timeout: 120
-  with_items: "{{ec2.instances}}"
+  with_items: "{{ ec2.instances }}"
diff --git a/apache/tasks/auth.yml b/apache/tasks/auth.yml
index b785c704..d8488405 100644
--- a/apache/tasks/auth.yml
+++ b/apache/tasks/auth.yml
@@ -10,7 +10,7 @@
     force: no
   tags:
     - apache
-    
+
 - name: Load IP whitelist task
   include: ip_whitelist.yml
 
diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml
index 1d6cd8df..79703d70 100644
--- a/apache/tasks/server_status.yml
+++ b/apache/tasks/server_status.yml
@@ -14,7 +14,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ apache_serverstatus_suffix }}\u000A"
     force: yes
-  when: apache_serverstatus_suffix != ""
+  when: apache_serverstatus_suffix
 
 - name: generate random string for server-status suffix
   shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
diff --git a/bind/tasks/main.yml b/bind/tasks/main.yml
index 3ae02f24..625d3fe2 100644
--- a/bind/tasks/main.yml
+++ b/bind/tasks/main.yml
@@ -94,7 +94,7 @@
 
 - debug:
     var: chrootbind_run.stdout_lines
-  when: bind_chroot_set and chrootbind_run.stdout != ""
+  when: bind_chroot_set and chrootbind_run.stdout
 
 - name: Modify OPTIONS in /etc/default/bind9 for chroot
   replace:
diff --git a/evolinux-todo/tasks/cat.yml b/evolinux-todo/tasks/cat.yml
index 9cebeca5..30d13bce 100644
--- a/evolinux-todo/tasks/cat.yml
+++ b/evolinux-todo/tasks/cat.yml
@@ -10,4 +10,4 @@
 - name: "Content of /etc/evolinux/todo.txt"
   debug:
     var: evolinux_todo.stdout_lines
-  when: evolinux_todo.stdout != ""
+  when: evolinux_todo.stdout
diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml
index d56a124a..d58feaaa 100644
--- a/evomaintenance/tasks/main.yml
+++ b/evomaintenance/tasks/main.yml
@@ -1,9 +1,11 @@
 ---
 
-- set_fact:
+- name: "Choose if minifirewall will need to be restarted"
+  set_fact:
     minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
 
-- assert:
+- name: "Check that API variables are set"
+  assert:
     that:
       - evomaintenance_api_endpoint is not none
       - evomaintenance_api_key is not none
-- 
2.39.2


From 63a0894906272564dbc806134fbadf5b8580867a Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Thu, 18 Jun 2020 17:58:37 +0200
Subject: [PATCH 05/23] [Cleanup] Clean up elasticsearch role

Don't compare with empty string

Explicitly checkout master branch of head repository.

Space after variable name
---
 elasticsearch/tasks/datadir.yml     | 4 ++--
 elasticsearch/tasks/plugin_head.yml | 1 +
 elasticsearch/tasks/tmpdir.yml      | 2 +-
 java/tasks/openjdk.yml              | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml
index 66ec48a1..920e7337 100644
--- a/elasticsearch/tasks/datadir.yml
+++ b/elasticsearch/tasks/datadir.yml
@@ -16,7 +16,7 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
+    - elasticsearch_custom_datadir
     - elasticsearch_custom_datadir != None
 
 - name: Datadir is moved to custom path
@@ -44,7 +44,7 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
+    - elasticsearch_custom_datadir
     - elasticsearch_custom_datadir != None
     - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
     - not elasticsearch_custom_datadir_test.stat.exists
diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml
index 2f7cae39..6b7176d1 100644
--- a/elasticsearch/tasks/plugin_head.yml
+++ b/elasticsearch/tasks/plugin_head.yml
@@ -15,6 +15,7 @@
         repo: "https://github.com/mobz/elasticsearch-head.git"
         dest: "{{ elasticsearch_plugin_head_clone_dir }}"
         clone: yes
+        version: master
       tags:
         - packages
 
diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml
index 086870fe..e971c396 100644
--- a/elasticsearch/tasks/tmpdir.yml
+++ b/elasticsearch/tasks/tmpdir.yml
@@ -54,4 +54,4 @@
       tags:
         - elasticsearch
       when: elastic_stack_version is version('6', '>=')
-  when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
+  when: (elasticsearch_custom_tmpdir and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
diff --git a/java/tasks/openjdk.yml b/java/tasks/openjdk.yml
index 8e187d1b..14500442 100644
--- a/java/tasks/openjdk.yml
+++ b/java/tasks/openjdk.yml
@@ -15,7 +15,7 @@
 
 - name: Install openjdk package
   apt:
-    name: "openjdk-{{ java_version}}-jre-headless"
+    name: "openjdk-{{ java_version }}-jre-headless"
     default_release: "{{ java_apt_release }}"
     state: present
   tags:
-- 
2.39.2


From 440bec2febc6fb779b04c64d96082723a4bde8b8 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 10:33:25 +0200
Subject: [PATCH 06/23] [Cleanup] fail2ban

Name all tasks.

It would seems that the task creating the `fail2ban_ignore_ips` fact for
the whitelist exist in both main.yml and ip_whitelist.yml, one of them
might be superfluous.
---
 fail2ban/tasks/ip_whitelist.yml | 5 +++--
 fail2ban/tasks/main.yml         | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/fail2ban/tasks/ip_whitelist.yml b/fail2ban/tasks/ip_whitelist.yml
index f899e618..089b70b1 100644
--- a/fail2ban/tasks/ip_whitelist.yml
+++ b/fail2ban/tasks/ip_whitelist.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the whitelist from variables"
+  set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
 
 - name: Update ignoreips lists
@@ -12,4 +13,4 @@
   notify: restart fail2ban
   tags:
     - fail2ban
-    - ips
\ No newline at end of file
+    - ips
diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml
index e496c07e..13ae8163 100644
--- a/fail2ban/tasks/main.yml
+++ b/fail2ban/tasks/main.yml
@@ -15,7 +15,8 @@
   tags:
     - fail2ban
 
-- set_fact:
+- name: "Define ip whitelist from variables"
+  set_fact:
     fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
   tags:
     - fail2ban
-- 
2.39.2


From 5cf81335e6a1b2a5c38e3fe965fa5c5314bc4d0e Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 10:47:35 +0200
Subject: [PATCH 07/23] [Cleanup] multiple small role cleaning

Mostly whitespace and comparison with empty strings
---
 kvm-host/tasks/images.yml | 4 ++--
 logstash/tasks/logs.yml   | 2 +-
 logstash/tasks/tmpdir.yml | 2 +-
 lxc-php/tasks/main.yml    | 2 +-
 lxc/meta/main.yml         | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/kvm-host/tasks/images.yml b/kvm-host/tasks/images.yml
index 420e83ec..c75279eb 100644
--- a/kvm-host/tasks/images.yml
+++ b/kvm-host/tasks/images.yml
@@ -13,7 +13,7 @@
       changed_when: False
       check_mode: no
       register: kvm_libvirt_images_current_real_path_test
-  when: kvm_custom_libvirt_images_path != ''
+  when: kvm_custom_libvirt_images_path
 
 - name: Images directory is moved to custom path
   block:
@@ -35,6 +35,6 @@
         dest: '/var/lib/libvirt/images'
         state: link
   when:
-    - kvm_custom_libvirt_images_path != ''
+    - kvm_custom_libvirt_images_path
     - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
     - not kvm_custom_libvirt_images_path_test.stat.exists
diff --git a/logstash/tasks/logs.yml b/logstash/tasks/logs.yml
index 4417bd89..bfeb1a1b 100644
--- a/logstash/tasks/logs.yml
+++ b/logstash/tasks/logs.yml
@@ -4,7 +4,7 @@
   failed_when: False
   changed_when: False
   register: is_cron_installed
-  
+
 - name: "log rotation script"
   template:
     src: rotate_logstash_logs.j2
diff --git a/logstash/tasks/tmpdir.yml b/logstash/tasks/tmpdir.yml
index 4149f5af..bbf4cc91 100644
--- a/logstash/tasks/tmpdir.yml
+++ b/logstash/tasks/tmpdir.yml
@@ -28,4 +28,4 @@
       - restart logstash
     tags:
       - logstash
-  when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
+  when: (logstash_custom_tmpdir and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml
index d3fcad4a..4cd9ec4f 100644
--- a/lxc-php/tasks/main.yml
+++ b/lxc-php/tasks/main.yml
@@ -4,7 +4,7 @@
     msg: Please configure var lxc_php_version
   when: lxc_php_version is none
 
-- name: "Update APT cache in container {{lxc_php_version}}"
+- name: "Update APT cache in container {{ lxc_php_version }}"
   lxc_container:
     name: "{{ lxc_php_version }}"
     container_command: "apt-get update"
diff --git a/lxc/meta/main.yml b/lxc/meta/main.yml
index f6af051d..6208702b 100644
--- a/lxc/meta/main.yml
+++ b/lxc/meta/main.yml
@@ -1,6 +1,6 @@
 galaxy_info:
   author: Evolix
-  description: Creation of LXC Containers 
+  description: Creation of LXC Containers
 
   issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
 
-- 
2.39.2


From d206ae4c85b88037650cfc0181fd86691a99b216 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 12:18:33 +0200
Subject: [PATCH 08/23] [Cleanup] lxc-solr

Replaced direct call to lxc-attach with the lxc_container module calling
a container_command.

(+ spaces before and after variable name)
---
 lxc-solr/tasks/main.yml |  2 +-
 lxc-solr/tasks/solr.yml | 32 +++++++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/lxc-solr/tasks/main.yml b/lxc-solr/tasks/main.yml
index a18c46dc..fe3ea131 100644
--- a/lxc-solr/tasks/main.yml
+++ b/lxc-solr/tasks/main.yml
@@ -11,6 +11,6 @@
   with_items:
     - "{{ lxc_containers }}"
 
-- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
+- include: "solr.yml name={{ item.name }} solr_version={{ item.solr_version }} solr_port={{ item.solr_port }}"
   with_items:
     - "{{ lxc_containers }}"
diff --git a/lxc-solr/tasks/solr.yml b/lxc-solr/tasks/solr.yml
index 4cf521ae..8983f107 100644
--- a/lxc-solr/tasks/solr.yml
+++ b/lxc-solr/tasks/solr.yml
@@ -1,6 +1,9 @@
 ---
 - name: Install openjdk-8-jre-headless and lsof packages
-  command: "lxc-attach -n {{name}} -- apt-get install -y openjdk-8-jre-headless lsof"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "apt-get install -y openjdk-8-jre-headless lsof"
+    state: started
 
 - name: "Download Solr {{ solr_version }}"
   get_url:
@@ -15,10 +18,16 @@
     remote_src: yes
 
 - name: "Install Solr {{ solr_version }}"
-  command: "lxc-attach -n {{name}} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
+    state: started
 
 - name: "Stop Solr"
-  command: "lxc-attach -n {{name}} -- /etc/init.d/solr stop"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/etc/init.d/solr stop"
+    state: started
   ignore_errors: True
 
 - name: "Make sure /home/solr exists"
@@ -27,11 +36,17 @@
     state: directory
     mode: '0755'
 
-- name: "Move Solr data directory to /home/solr/{{name}}"
-  command: "lxc-attach -n {{name}} -- mv /var/solr /home/solr/{{name}}"
+- name: "Move Solr data directory to /home/solr/{{ name }}"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "mv /var/solr /home/solr/{{ name }}"
+    state: started
 
 - name: "Create a symbolic link to /home/solr/{{name}}"
-  command: "lxc-attach -n {{name}} -- ln -s /home/solr/{{name}} /var/solr"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "ln -s /home/solr/{{ name }} /var/solr"
+    state: started
 
 - name: "Set Solr port to {{ solr_port }}"
   lineinfile:
@@ -39,4 +54,7 @@
     line: "SOLR_PORT={{ solr_port }}"
 
 - name: "Start Solr"
-  command: "lxc-attach -n {{name}} -- /etc/init.d/solr start"
+  lxc_container:
+    name: "{{ name }}"
+    container_command: "/etc/init.d/solr start"
+    state: started
-- 
2.39.2


From 93f981be3be6546340135d71f419745c3acf1d62 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 12:23:39 +0200
Subject: [PATCH 09/23] [Cleanup] memcached and metricbeat

Don't compare with empty string
---
 memcached/tasks/main.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml
index 0bf81713..3e32eae2 100644
--- a/memcached/tasks/main.yml
+++ b/memcached/tasks/main.yml
@@ -13,7 +13,7 @@
   notify: restart memcached
   tags:
     - memcached
-  when: memcached_instance_name == ""
+  when: memcached_instance_name
 
 - name: Memcached is running and enabled on boot.
   service:
@@ -22,7 +22,7 @@
     state: started
   tags:
     - memcached
-  when: memcached_instance_name == ""
+  when: memcached_instance_name
 
 - name: Add systemd template
   copy:
@@ -30,7 +30,7 @@
     dest: /etc/systemd/system/memcached@.service
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Delete default memcached systemd configuration file
   systemd:
@@ -39,7 +39,7 @@
     state: stopped
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Make sure memcached.conf is absent
   file:
@@ -47,7 +47,7 @@
     state: absent
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Create a configuration file
   template:
@@ -56,7 +56,7 @@
     mode: "0644"
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - name: Enable and start the memcached instance
   systemd:
@@ -67,7 +67,7 @@
     masked: no
   tags:
     - memcached
-  when: memcached_instance_name != ""
+  when: memcached_instance_name
 
 - include: munin.yml
 
-- 
2.39.2


From 478beab8565abd5ed44b8c1e0d73eb544679d184 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 12:28:23 +0200
Subject: [PATCH 10/23] [Cleanup] mysql-oracle (name + comparison with empty
 string)

---
 mysql-oracle/tasks/config.yml   | 3 ++-
 mysql-oracle/tasks/datadir.yml  | 4 ++--
 mysql-oracle/tasks/main.yml     | 3 ++-
 mysql-oracle/tasks/packages.yml | 3 ++-
 mysql-oracle/tasks/tmpdir.yml   | 2 +-
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml
index 16590a59..ebd861f3 100644
--- a/mysql-oracle/tasks/config.yml
+++ b/mysql-oracle/tasks/config.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define the mysql config directory"
+  set_fact:
     mysql_config_directory: "/etc/mysql/mysql.conf.d"
 
 - name: "Copy MySQL defaults config file"
diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml
index 28beb1ed..ee4e7bcf 100644
--- a/mysql-oracle/tasks/datadir.yml
+++ b/mysql-oracle/tasks/datadir.yml
@@ -14,7 +14,7 @@
     register: mysql_current_real_datadir_test
   tags:
     - mysql
-  when: mysql_custom_datadir != ''
+  when: mysql_custom_datadir
 
 - block:
   - name: MySQL is stopped
@@ -40,6 +40,6 @@
   tags:
     - mysql
   when:
-    - mysql_custom_datadir != ''
+    - mysql_custom_datadir
     - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
     - not mysql_custom_datadir_test.stat.exists
diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml
index 2e2f09bf..b0b708fa 100644
--- a/mysql-oracle/tasks/main.yml
+++ b/mysql-oracle/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: 'Define which handler will be called to "restart" mysql'
+  set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
 - include: packages.yml
diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml
index af1a0460..c16967d1 100644
--- a/mysql-oracle/tasks/packages.yml
+++ b/mysql-oracle/tasks/packages.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define which configuration package will be installed"
+  set_fact:
     mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
 
 - name: Set default MySQL version to 5.7
diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml
index 8d518160..2fce8a2f 100644
--- a/mysql-oracle/tasks/tmpdir.yml
+++ b/mysql-oracle/tasks/tmpdir.yml
@@ -20,4 +20,4 @@
     notify: "{{ mysql_restart_handler_name }}"
     tags:
       - mysql
-  when: mysql_custom_tmpdir != ''
+  when: mysql_custom_tmpdir
-- 
2.39.2


From 97d3d292105296c5361dcfde55b2a5d4c82b7eb9 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:17:43 +0200
Subject: [PATCH 11/23] [Cleanup] networkd-to-ifconfig

Add changed_when: false to shell command that does not change anything.
---
 networkd-to-ifconfig/tasks/set_facts_from_systemd.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
index d21012fd..59b5c76d 100644
--- a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
+++ b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml
@@ -2,11 +2,13 @@
 
 - name: "Parse addresses"
   shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  changed_when: false
   register: network_address_grep
   check_mode: no
 
 - name: "Parse gateways"
   shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
+  changed_when: false
   register: network_gateway_grep
   check_mode: no
 
-- 
2.39.2


From c3caa31bf205b861b34f7bc0f567468299d8f2e0 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:20:19 +0200
Subject: [PATCH 12/23] [Cleanup] newrelic, don't compare to empty string

---
 newrelic/tasks/php.yml     | 4 ++--
 newrelic/tasks/sysmond.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/newrelic/tasks/php.yml b/newrelic/tasks/php.yml
index 7d1177dc..c5c55ea0 100644
--- a/newrelic/tasks/php.yml
+++ b/newrelic/tasks/php.yml
@@ -6,7 +6,7 @@
     question: "newrelic-php5/application-name"
     value: "{{ newrelic_appname }}"
     vtype: string
-  when: newrelic_appname != ""
+  when: newrelic_appname
 
 - name: Pre-seed package configuration with license
   debconf:
@@ -14,7 +14,7 @@
     question: "newrelic-php5/license-key"
     value: "{{ newrelic_license }}"
     vtype: "string"
-  when: newrelic_license != ""
+  when: newrelic_license
 
 - name: list newrelic config files
   shell: "find /etc/php* -type f -name newrelic.ini"
diff --git a/newrelic/tasks/sysmond.yml b/newrelic/tasks/sysmond.yml
index 5d72a470..50060387 100644
--- a/newrelic/tasks/sysmond.yml
+++ b/newrelic/tasks/sysmond.yml
@@ -9,5 +9,5 @@
     dest: /etc/newrelic/nrsysmond.cfg
     regexp: "license_key=REPLACE_WITH_REAL_KEY"
     replace: "license_key={{ newrelic_license }}"
-  when: newrelic_license != ""
+  when: newrelic_license
   notify: restart newrelic-sysmond
-- 
2.39.2


From 498d85b5495729315057172adaf7dc3a639a37b3 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:21:46 +0200
Subject: [PATCH 13/23] [Cleanup] nginx: whitespace + comparison with empty
 string

---
 nginx/tasks/packages.yml           | 2 +-
 nginx/tasks/server_status_read.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nginx/tasks/packages.yml b/nginx/tasks/packages.yml
index 76350424..de6cb27c 100644
--- a/nginx/tasks/packages.yml
+++ b/nginx/tasks/packages.yml
@@ -10,7 +10,7 @@
   tags:
     - nginx
     - packages
-    
+
 - name: Ensure nginx service is running as configured.
   service:
     name: nginx
diff --git a/nginx/tasks/server_status_read.yml b/nginx/tasks/server_status_read.yml
index 570febf9..4d6e8a37 100644
--- a/nginx/tasks/server_status_read.yml
+++ b/nginx/tasks/server_status_read.yml
@@ -14,7 +14,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ nginx_serverstatus_suffix }}\u000A"
     force: yes
-  when: nginx_serverstatus_suffix != ""
+  when: nginx_serverstatus_suffix
 
 - name: generate random string for server-status suffix
   shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
-- 
2.39.2


From dc5d20648853ac21b46056caa4674756ea03bcf7 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:25:22 +0200
Subject: [PATCH 14/23] [Cleanup] packweb-apache

---
 packweb-apache/tasks/main.yml       | 3 ++-
 packweb-apache/tasks/phpmyadmin.yml | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml
index 922dcea8..4e1fa251 100644
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
     - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml
index fc3e6d32..42e2d8a8 100644
--- a/packweb-apache/tasks/phpmyadmin.yml
+++ b/packweb-apache/tasks/phpmyadmin.yml
@@ -48,7 +48,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ packweb_phpmyadmin_suffix }}\u000A"
     force: yes
-  when: packweb_phpmyadmin_suffix != ""
+  when: packweb_phpmyadmin_suffix
 
 - name: generate random string for phpmyadmin suffix
   shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
-- 
2.39.2


From 119e1343739acea0d7e28d1d63be84e843a45501 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:29:30 +0200
Subject: [PATCH 15/23] [Cleanup] php and postfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Comparison with litteral True and False ( `var == False` ⇔ `not var` or
`var is boolean and var` or ` var is sameas False` should there be a
need to check if it is really a boolean that is False and not only
something evaluationg to False)
---
 php/tasks/main.yml     |  3 ++-
 postfix/meta/main.yml  | 10 +++++-----
 postfix/tasks/main.yml |  4 ++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/php/tasks/main.yml b/php/tasks/main.yml
index 2fd1a250..514c0202 100644
--- a/php/tasks/main.yml
+++ b/php/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
   - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
diff --git a/postfix/meta/main.yml b/postfix/meta/main.yml
index fe59228a..91cd3862 100644
--- a/postfix/meta/main.yml
+++ b/postfix/meta/main.yml
@@ -14,8 +14,8 @@ galaxy_info:
     - jessie
 
 dependencies:
-  - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail == True }
-  - { role: evolix/spamassasin, when: postfix_packmail == True }
-  - { role: evolix/clamav, when: postfix_packmail == True }
-  - { role: evolix/opendkim, when: postfix_packmail == True }
-  - { role: evolix/dovecot, when: postfix_packmail == True }
+  - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail }
+  - { role: evolix/spamassasin, when: postfix_packmail }
+  - { role: evolix/clamav, when: postfix_packmail }
+  - { role: evolix/opendkim, when: postfix_packmail }
+  - { role: evolix/dovecot, when: postfix_packmail }
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index 0e0fff2d..5d7d4958 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -3,10 +3,10 @@
 - include: common.yml
 
 - include: minimal.yml
-  when: postfix_packmail == False
+  when: not postfix_packmail
 
 - include: packmail.yml
-  when: postfix_packmail == True
+  when: postfix_packmail
 
 - include: slow_transport.yml
   when: postfix_slow_transport_include
-- 
2.39.2


From 9e0202d3de03143218911ba685562dbda632c133 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:39:20 +0200
Subject: [PATCH 16/23] [Cleanup] postgresql: space before and after variable
 name

---
 postgresql/tasks/config.yml          |  6 +++---
 postgresql/tasks/munin.yml           | 10 +++++-----
 postgresql/tasks/nrpe.yml            |  2 +-
 postgresql/tasks/packages_jessie.yml |  4 ++--
 postgresql/tasks/pgdg-repo.yml       |  2 +-
 postgresql/tasks/postgis.yml         |  2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml
index dc3fc1b1..796e6bca 100644
--- a/postgresql/tasks/config.yml
+++ b/postgresql/tasks/config.yml
@@ -10,13 +10,13 @@
 
 - name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
   lineinfile:
-    name: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf"
+    name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
     line: include_dir = 'conf.d'
   notify: restart postgresql
 
 - name: Create conf.d directory
   file:
-    name: "/etc/postgresql/{{postgresql_version}}/main/conf.d/"
+    name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/"
     state: directory
     owner: postgres
     group: postgres
@@ -25,7 +25,7 @@
 - name: Copy PostgreSQL config file
   template:
     src: postgresql.conf.j2
-    dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/zz-evolinux.conf"
+    dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf"
     owner: postgres
     group: postgres
     mode: "0644"
diff --git a/postgresql/tasks/munin.yml b/postgresql/tasks/munin.yml
index e576b4cd..0b1ef152 100644
--- a/postgresql/tasks/munin.yml
+++ b/postgresql/tasks/munin.yml
@@ -12,8 +12,8 @@
 - name: Add Munin plugins for PostgreSQL
   file:
     state: link
-    src: '/usr/share/munin/plugins/{{item}}'
-    dest: '/etc/munin/plugins/{{item}}'
+    src: '/usr/share/munin/plugins/{{ item }}'
+    dest: '/etc/munin/plugins/{{ item }}'
   with_items:
   - postgres_bgwriter
   - postgres_checkpoints
@@ -26,10 +26,10 @@
 - name: Add Munin plugins for PostgreSQL (for specific databases)
   file:
     state: link
-    src: '/usr/share/munin/plugins/{{item[0]}}'
-    dest: '/etc/munin/plugins/{{item[0]}}{{item[1]}}'
+    src: '/usr/share/munin/plugins/{{ item[0] }}'
+    dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}'
   with_nested:
   - ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_']
-  - '{{postgresql_databases}}'
+  - '{{ postgresql_databases }}'
   notify: restart munin-node
   when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists
diff --git a/postgresql/tasks/nrpe.yml b/postgresql/tasks/nrpe.yml
index 8ce178e9..b9472b66 100644
--- a/postgresql/tasks/nrpe.yml
+++ b/postgresql/tasks/nrpe.yml
@@ -35,7 +35,7 @@
     lineinfile:
       name: /etc/nagios/nrpe.d/evolix.cfg
       regexp: '^command\[check_pgsql\]='
-      line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"'
+      line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
     notify: restart nagios-nrpe-server
     when: postgresql_create_nrpe_user.changed
   when: nrpe_evolix_config.stat.exists
diff --git a/postgresql/tasks/packages_jessie.yml b/postgresql/tasks/packages_jessie.yml
index 3e21bc0e..a3142306 100644
--- a/postgresql/tasks/packages_jessie.yml
+++ b/postgresql/tasks/packages_jessie.yml
@@ -10,8 +10,8 @@
 
 - name: Install postgresql package
   apt:
-    name: '{{item}}'
+    name: '{{ item }}'
   with_items:
-  - "postgresql-{{postgresql_version}}"
+  - "postgresql-{{ postgresql_version }}"
   - ptop
   - libdbd-pg-perl
diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml
index 8d937b82..bdabfed8 100644
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@@ -10,7 +10,7 @@
 
 - name: Add PGDG repository
   apt_repository:
-    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
     update_cache: yes
 
 - name: Add GPG key for PGDG repository
diff --git a/postgresql/tasks/postgis.yml b/postgresql/tasks/postgis.yml
index 0c18cb51..f2300943 100644
--- a/postgresql/tasks/postgis.yml
+++ b/postgresql/tasks/postgis.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install PostGIS extention 
+- name: Install PostGIS extention
   apt:
     name:
       - postgis
-- 
2.39.2


From 082e02fe6f8a1c2f15d4340578e45668fb74fcaf Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 13:53:05 +0200
Subject: [PATCH 17/23] [Cleanup] redis

Space before and after variable names, comparison with empty strings and
naming two tasks
---
 redis/tasks/default-munin.yml  | 6 +++---
 redis/tasks/instance-munin.yml | 2 +-
 redis/tasks/main.yml           | 6 ++++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/redis/tasks/default-munin.yml b/redis/tasks/default-munin.yml
index b7edce3a..6dd01670 100644
--- a/redis/tasks/default-munin.yml
+++ b/redis/tasks/default-munin.yml
@@ -39,7 +39,7 @@
 - name: Enable redis munin plugin
   file:
     src: /usr/local/share/munin/plugins/redis_
-    dest: "/etc/munin/plugins/redis_{{item}}"
+    dest: "/etc/munin/plugins/redis_{{ item }}"
     state: link
   with_items:
     - connected_clients
@@ -67,7 +67,7 @@
     value: '{{ redis_password }}'
   notify: restart munin-node
   when:
-    - redis_password != ''
+    - redis_password
     - redis_password != None
     - (munin_redis_blocs_in_config.stdout | int) <= 1
   tags: redis
@@ -77,6 +77,6 @@
   debug:
     msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
   when:
-    - redis_password != ''
+    - redis_password
     - redis_password != None
     - (munin_redis_blocs_in_config.stdout | int) > 1
diff --git a/redis/tasks/instance-munin.yml b/redis/tasks/instance-munin.yml
index 8d0e207c..b2896153 100644
--- a/redis/tasks/instance-munin.yml
+++ b/redis/tasks/instance-munin.yml
@@ -39,7 +39,7 @@
 - name: Enable redis munin plugin
   file:
     src: /usr/local/share/munin/plugins/redis_
-    dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}"
+    dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ item }}"
     state: link
   with_items:
     - connected_clients
diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml
index 28fda65a..39abc78b 100644
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- set_fact:
+- name: "Define if redis needs to restart or not"
+  set_fact:
     redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
 
 - name: Redis is installed.
@@ -30,7 +31,8 @@
   tags:
     - redis
 
-- set_fact:
+- name: "Define which version of redis is installed"
+  set_fact:
     redis_installed_version: "{{ _redis_installed_version.stdout }}"
   check_mode: no
   tags:
-- 
2.39.2


From 2b08a2d81d8ab6fe207844e57a9ba0104fa0b18a Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 14:01:09 +0200
Subject: [PATCH 18/23] [Cleanup] redmine

Add galaxy_info to meta/main (based on the one on the wiki)

Add become to all tasks that have become_user defined
---
 redmine/meta/main.yml     | 16 ++++++++++++++++
 redmine/tasks/mysql.yml   |  2 +-
 redmine/tasks/release.yml |  6 ++++++
 redmine/tasks/source.yml  |  2 ++
 4 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/redmine/meta/main.yml b/redmine/meta/main.yml
index ffa48751..578388a4 100644
--- a/redmine/meta/main.yml
+++ b/redmine/meta/main.yml
@@ -1,3 +1,19 @@
 ---
+galaxy_info:
+  author: Evolix
+  description: Install redmine on a Debian install
+
+  issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
+
+  license: GPLv2
+
+  min_ansible_version: 2.2
+
+  platforms:
+    - name: Debian
+      version:
+        - jessie
+        - stretch
+
 dependencies:
   - { role: evolix/nginx }
diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml
index 414da319..075aee96 100644
--- a/redmine/tasks/mysql.yml
+++ b/redmine/tasks/mysql.yml
@@ -13,7 +13,7 @@
   register: redmine_generate_mysql_password
   check_mode: no
   changed_when: False
-  when: redmine_get_mysql_password.stdout == ""
+  when: not redmine_get_mysql_password.stdout
   tags:
   - redmine
 
diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml
index 730b0877..1155d31b 100644
--- a/redmine/tasks/release.yml
+++ b/redmine/tasks/release.yml
@@ -22,6 +22,7 @@
     state: stopped
     user: yes
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -79,6 +80,7 @@
     chdir: "/home/{{ redmine_user }}/www"
     creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -88,6 +90,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -97,6 +100,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   when: redmine_mysql_create.changed
   tags:
@@ -107,6 +111,7 @@
   args:
     chdir: "/home/{{ redmine_user }}/www/"
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
@@ -118,6 +123,7 @@
     state: started
     user: yes
   become_user: "{{ redmine_user }}"
+  become: yes
   environment: "{{ user_env }}"
   tags:
     - redmine
diff --git a/redmine/tasks/source.yml b/redmine/tasks/source.yml
index 51427acf..94a1f552 100644
--- a/redmine/tasks/source.yml
+++ b/redmine/tasks/source.yml
@@ -57,6 +57,7 @@
     version: "{{ item.tree | default('master') }}"
     umask: "027"
   become_user: "{{ redmine_user }}"
+  become: yes
   when: item.git is defined
   with_items: "{{ redmine_plugins }}"
   tags:
@@ -82,6 +83,7 @@
     version: "{{ item.tree | default('master') }}"
     umask: "027"
   become_user: "{{ redmine_user }}"
+  become: yes
   when: item.git is defined
   with_items: "{{ redmine_themes }}"
   tags:
-- 
2.39.2


From c51669531ba9106a33cb363d11eb2a022660c0f0 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 14:14:23 +0200
Subject: [PATCH 19/23] [Cleanup] squid: Compare with empty string + name tasks

---
 squid/tasks/main.yml    | 9 +++++----
 squid/tasks/systemd.yml | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml
index 68f721f8..22c23bc1 100644
--- a/squid/tasks/main.yml
+++ b/squid/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
-- fail:
+- name: Check for role compatibility
+  fail:
     msg: only compatible with Debian >= 8
   when:
   - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
@@ -79,7 +80,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux http_access for local proxy (Debian 9 or later)"
   copy:
@@ -95,7 +96,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: "evolinux overrides for local proxy (Debian 9 or later)"
   template:
@@ -111,7 +112,7 @@
     content: |
       # Put customized values here.
     force: no
-  when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
+  when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
 
 - name: add some URL in whitelist (Debian 8)
   lineinfile:
diff --git a/squid/tasks/systemd.yml b/squid/tasks/systemd.yml
index 4d06fa5d..39f72bc9 100644
--- a/squid/tasks/systemd.yml
+++ b/squid/tasks/systemd.yml
@@ -6,7 +6,7 @@
   failed_when: False
   check_mode: no
   register: _squid_systemd_active
-  
+
 - name: Squid systemd overrides directory exists
   file:
     dest: /etc/systemd/system/squid.service.d/
-- 
2.39.2


From 6fb78be66c65421e750409e1077c8c31d169ae5d Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 14:17:28 +0200
Subject: [PATCH 20/23] [Cleanup] munin: space before and after variable names

---
 varnish/tasks/main.yml  | 4 ++--
 varnish/tasks/munin.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/varnish/tasks/main.yml b/varnish/tasks/main.yml
index 7274cba8..3899cb0c 100644
--- a/varnish/tasks/main.yml
+++ b/varnish/tasks/main.yml
@@ -64,8 +64,8 @@
 - name: Patch logrotate conf
   replace:
     name: /etc/logrotate.d/varnish
-    regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{item}}.*)'
-    replace: '\1systemctl -q is-active {{item}} && \2'
+    regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)'
+    replace: '\1systemctl -q is-active {{ item }} && \2'
   with_items:
     - varnishlog
     - varnishncsa
diff --git a/varnish/tasks/munin.yml b/varnish/tasks/munin.yml
index 6e307c49..4964886c 100644
--- a/varnish/tasks/munin.yml
+++ b/varnish/tasks/munin.yml
@@ -33,7 +33,7 @@
 - name: Enable varnish4 munin plugin
   file:
     src: /usr/local/share/munin/plugins/varnish4_
-    dest: "/etc/munin/plugins/varnish4_{{item}}"
+    dest: "/etc/munin/plugins/varnish4_{{ item }}"
     state: link
   with_items:
     - backend_traffic
-- 
2.39.2


From 208d7d603c8f81616a81d64240de990ab87145cb Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 14:23:00 +0200
Subject: [PATCH 21/23] [Cleanup] webapps

Probably the most dangerous part of the cleanup, replace call to the
shell module that don't seems to make use of shell features with the
command module.
---
 webapps/evoadmin-mail/tasks/nginx.yml | 2 +-
 webapps/roundcube/tasks/main.yml      | 2 +-
 webapps/wordpress/tasks/main.yml      | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/webapps/evoadmin-mail/tasks/nginx.yml b/webapps/evoadmin-mail/tasks/nginx.yml
index 5ede64e7..ff335893 100644
--- a/webapps/evoadmin-mail/tasks/nginx.yml
+++ b/webapps/evoadmin-mail/tasks/nginx.yml
@@ -15,7 +15,7 @@
   tags:
     - evoadmin-mail
 
-- name: Active evoadminmail VHost     
+- name: Active evoadminmail VHost
   file:
     src: "/etc/nginx/sites-available/evoadminmail.conf"
     dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
diff --git a/webapps/roundcube/tasks/main.yml b/webapps/roundcube/tasks/main.yml
index 2efd1823..cabbc242 100644
--- a/webapps/roundcube/tasks/main.yml
+++ b/webapps/roundcube/tasks/main.yml
@@ -116,7 +116,7 @@
     src: "/etc/nginx/sites-available/roundcube.conf"
     dest: "/etc/nginx/sites-enabled/roundcube.conf"
     state: link
-  when: roundcube_webserver == "nginx" 
+  when: roundcube_webserver == "nginx"
   notify: reload nginx
 
 - name: enable roundcube link in default site index
diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml
index 6b6a67e2..c8bdb3f8 100644
--- a/webapps/wordpress/tasks/main.yml
+++ b/webapps/wordpress/tasks/main.yml
@@ -12,7 +12,7 @@
     mode: "0750"
 
 - name: Download Wordpress
-  shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
+  command: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/index.php"
 
@@ -42,12 +42,12 @@
   delegate_to: localhost
 
 - name: Configure Wordpress (wp-config.php)
-  shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
+  command: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
   args:
     creates: "{{ ansible_env.HOME }}/www/wp-config.php"
 
 - name: Configure site
-  shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
+  command: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
   changed_when: false
 
 - name: Check if Wordpress is up to date
@@ -58,7 +58,7 @@
   changed_when: check_version.rc
 
 - name: Update Wordpress
-  shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
+  command: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
   args:
     removes: "{{ ansible_env.HOME }}/www/index.php"
   when: check_version.rc
-- 
2.39.2


From fe7d9290bf52025dbe4c0d7922cba6e277b61f42 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Fri, 19 Jun 2020 14:44:29 +0200
Subject: [PATCH 22/23] [Cleanup] whitespaces + missed space before/after var
 name

---
 lxc-solr/tasks/solr.yml    | 2 +-
 memcached/tasks/munin.yml  | 2 +-
 spamassasin/tasks/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lxc-solr/tasks/solr.yml b/lxc-solr/tasks/solr.yml
index 8983f107..798ab1c0 100644
--- a/lxc-solr/tasks/solr.yml
+++ b/lxc-solr/tasks/solr.yml
@@ -42,7 +42,7 @@
     container_command: "mv /var/solr /home/solr/{{ name }}"
     state: started
 
-- name: "Create a symbolic link to /home/solr/{{name}}"
+- name: "Create a symbolic link to /home/solr/{{ name }}"
   lxc_container:
     name: "{{ name }}"
     container_command: "ln -s /home/solr/{{ name }} /var/solr"
diff --git a/memcached/tasks/munin.yml b/memcached/tasks/munin.yml
index c7ea3da9..ef9c711d 100644
--- a/memcached/tasks/munin.yml
+++ b/memcached/tasks/munin.yml
@@ -2,7 +2,7 @@
 - name: Choose packages (Oracle)
   set_fact:
      multi: "multi_"
-  when: memcached_instance_name !=""
+  when: memcached_instance_name
 
 - name: is Munin present ?
   stat:
diff --git a/spamassasin/tasks/main.yml b/spamassasin/tasks/main.yml
index 53c6725b..f0678111 100644
--- a/spamassasin/tasks/main.yml
+++ b/spamassasin/tasks/main.yml
@@ -60,7 +60,7 @@
   failed_when: False
   changed_when: False
   register: is_cron_installed
-  
+
 - name: enable sa-update.sh cron
   lineinfile:
     dest: /etc/cron.d/sa-update
-- 
2.39.2


From 62dce66cbdb0c168f02a3f7a76943d65621fe757 Mon Sep 17 00:00:00 2001
From: Mathieu Trossevin <mtrossevin+git@evolix.fr>
Date: Tue, 20 Oct 2020 17:36:23 +0200
Subject: [PATCH 23/23] Cleanup: Update changelog

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c7a40bd..6f830e7b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,10 @@ The **patch** part changes incrementally at each release.
 
 ### Security
 
+### Other
+
+* Generic cleanup of roles
+
 ## [10.3.0] 2020-12-21
 
 ### Added
-- 
2.39.2