From 17b89e07d6a32fd6328acc392f012a18a99a4705 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 29 Aug 2023 16:18:01 -0400 Subject: [PATCH 01/10] added pre-commit configuration for ansible-lint - updated .ansible-lint - added .yamllint - added missing collection used by linux/temp_sudo.yml no lint errors were fixed in this commit, only the scaffolding for using pre-commit was put in place. --- .ansible-lint | 8 ++++++++ .pre-commit-config.yaml | 9 +++++++++ .yamllint | 19 +++++++++++++++++++ collections/requirements.yml | 2 ++ 4 files changed, 38 insertions(+) create mode 100644 .pre-commit-config.yaml create mode 100644 .yamllint diff --git a/.ansible-lint b/.ansible-lint index 672be3d89..57840f9b9 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,4 +1,12 @@ --- +profile: production +offline: false + +skip_list: + - "galaxy[no-changelog]" + exclude_paths: + # would be better to move the roles here to the top-level roles directory - collections/ansible_collections/demo/compliance/roles/ + - roles/redhatofficial.* - .github/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 000000000..250e922e1 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,9 @@ +--- +repos: + - repo: https://github.com/ansible/ansible-lint.git + # get latest release tag from https://github.com/ansible/ansible-lint/releases/ + rev: v6.18.0 + hooks: + - id: ansible-lint + +... diff --git a/.yamllint b/.yamllint new file mode 100644 index 000000000..9c6a6111f --- /dev/null +++ b/.yamllint @@ -0,0 +1,19 @@ +--- +extends: default + +rules: + line-length: disable + trailing-spaces: enable + colons: + max-spaces-before: 0 + max-spaces-after: -1 + indentation: + level: error + indent-sequences: true # consistent with ansible-lint + truthy: + level: error + allowed-values: + - 'true' + - 'false' + +... diff --git a/collections/requirements.yml b/collections/requirements.yml index 45fc493e8..435dff281 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -5,6 +5,8 @@ collections: - name: redhat_cop.controller_configuration version: 2.3.1 # linux + - name: ansible.posix + version: 1.5.4 - name: redhat.insights version: 1.0.7 - name: redhat.rhel_system_roles From d9b3dcfb1ebe4b42d36a547e9622cd09b0f4f5d2 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 29 Aug 2023 16:43:51 -0400 Subject: [PATCH 02/10] set offline mode --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 57840f9b9..883549814 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,6 @@ --- profile: production -offline: false +offline: true skip_list: - "galaxy[no-changelog]" From b47876461cc16c98c4fbedb523ba79f506b5f14e Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 29 Aug 2023 17:12:32 -0400 Subject: [PATCH 03/10] fixed ansible-lint errors --- .devfile.yaml | 3 +- cloud/create_vpc.yml | 58 +++++++++---------- cloud/setup.yml | 44 +++++++------- .../cloud/roles/aws/tasks/create_infra.yml | 56 +++++++++--------- .../roles/build_report_network/tasks/main.yml | 1 + .../roles/build_report_network/vars/main.yml | 1 + .../roles/build_report_windows/tasks/main.yml | 1 + .../roles/build_report_windows/vars/main.yml | 1 + .../defaults/main.yml | 1 + .../build_report_windows_patch/tasks/main.yml | 1 + .../build_report_windows_patch/vars/main.yml | 1 + .../patching/roles/patch_linux/tasks/main.yml | 4 +- .../roles/report_linux/tasks/main.yml | 1 + .../patching/roles/report_linux/vars/main.yml | 1 + .../report_linux_patching/defaults/main.yml | 1 + .../report_linux_patching/tasks/main.yml | 1 + .../roles/report_linux_patching/vars/main.yml | 1 + .../report_windows_patching/tasks/main.yml | 1 + .../roles/register_host/defaults/main.yml | 2 +- .../roles/scap_client/defaults/main.yaml | 1 + linux/deploy_application.yml | 3 +- linux/ec2_register.yml | 4 +- linux/patching.yml | 4 +- linux/run_script.yml | 2 +- linux/tshoot.yml | 6 +- network/report.yml | 8 +-- openshift/devspaces.yml | 14 ++--- satellite/satellite_promote.yml | 2 +- satellite/satellite_publish.yml | 2 +- satellite/server_openscap.yml | 2 +- satellite/setup.yml | 1 + satellite/setup_satellite.yml | 8 +-- setup_demo.yml | 4 +- windows/compliance.yml | 4 +- windows/create_ad_domain.yml | 12 ++-- 35 files changed, 136 insertions(+), 121 deletions(-) diff --git a/.devfile.yaml b/.devfile.yaml index db71b4c9d..2b4277cca 100644 --- a/.devfile.yaml +++ b/.devfile.yaml @@ -1,10 +1,11 @@ +--- schemaVersion: 2.2.0 metadata: name: product-demos components: - name: product-demos-ee container: - image: quay.io/mloriedo/ansible-creator-ee:latest # workaround for https://github.com/eclipse/che/issues/21778 + image: quay.io/mloriedo/ansible-creator-ee:latest # workaround for https://github.com/eclipse/che/issues/21778 memoryRequest: 256M memoryLimit: 5Gi cpuRequest: 250m diff --git a/cloud/create_vpc.yml b/cloud/create_vpc.yml index 67be5cbce..4afd4e704 100644 --- a/cloud/create_vpc.yml +++ b/cloud/create_vpc.yml @@ -46,12 +46,12 @@ rules: - proto: tcp ports: - - 80 # HTTP - - 443 # HTTPS - - 22 # SSH - - 5986 # WinRM - - 3389 # RDP - - 9090 # Cockpit + - 80 # HTTP + - 443 # HTTPS + - 22 # SSH + - 5986 # WinRM + - 3389 # RDP + - 9090 # Cockpit cidr_ip: 0.0.0.0/0 - proto: icmp to_port: -1 @@ -59,32 +59,32 @@ cidr_ip: 0.0.0.0/0 - proto: tcp ports: - - 80 # HTTP - - 5986 # WinRM - - 3389 # RDP - - 53 # DNS - - 88 # Kerberos Authentication - - 135 # RPC - - 139 # Netlogon - - 389 # LDAP - - 445 # SMB - - 464 # Kerberos Authentication - - 5432 # PostgreSQL - - 636 # LDAPS (LDAP over TLS) - - 873 # Rsync - - 3268-3269 # Global Catalog - - 1024-65535 # Ephemeral RPC ports + - 80 # HTTP + - 5986 # WinRM + - 3389 # RDP + - 53 # DNS + - 88 # Kerberos Authentication + - 135 # RPC + - 139 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 5432 # PostgreSQL + - 636 # LDAPS (LDAP over TLS) + - 873 # Rsync + - 3268-3269 # Global Catalog + - 1024-65535 # Ephemeral RPC ports cidr_ip: "{{ aws_vpc_cidr_block }}" - proto: udp ports: - - 53 # DNS - - 88 # Kerberos Authentication - - 123 # NTP - - 137-138 # Netlogon - - 389 # LDAP - - 445 # SMB - - 464 # Kerberos Authentication - - 1024-65535 # Ephemeral RPC ports + - 53 # DNS + - 88 # Kerberos Authentication + - 123 # NTP + - 137-138 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 1024-65535 # Ephemeral RPC ports cidr_ip: "{{ aws_vpc_cidr_block }}" rules_egress: - proto: -1 diff --git a/cloud/setup.yml b/cloud/setup.yml index cc7bc1db1..f3d7a8339 100644 --- a/cloud/setup.yml +++ b/cloud/setup.yml @@ -31,12 +31,12 @@ controller_credentials: username: REPLACEME password: REPLACEME - # - name: Azure - # credential_type: Microsoft Azure Resource Manager - # organization: Default - # update_secrets: false - # inputs: - # subscription: REPLACEME +# - name: Azure +# credential_type: Microsoft Azure Resource Manager +# organization: Default +# update_secrets: false +# inputs: +# subscription: REPLACEME controller_inventory_sources: - name: AWS Inventory @@ -62,22 +62,22 @@ controller_inventory_sources: - key: tags.owner prefix: owner - # - name: Azure Inventory - # organization: Default - # source: azure_rm - # inventory: Demo Inventory - # credential: Azure - # execution_environment: Ansible Engine 2.9 execution environment - # overwrite: true - # source_vars: - # hostnames: - # - tags.Name - # - default - # keyed_groups: - # - key: os_profile.system - # prefix: os - # conditional_groups: - # cloud_azure: true +# - name: Azure Inventory +# organization: Default +# source: azure_rm +# inventory: Demo Inventory +# credential: Azure +# execution_environment: Ansible Engine 2.9 execution environment +# overwrite: true +# source_vars: +# hostnames: +# - tags.Name +# - default +# keyed_groups: +# - key: os_profile.system +# prefix: os +# conditional_groups: +# cloud_azure: true controller_groups: - name: cloud_aws diff --git a/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml b/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml index 04ce4747b..3337479ae 100644 --- a/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml +++ b/collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml @@ -31,11 +31,11 @@ rules: - proto: tcp ports: - - 80 # HTTP - - 443 # HTTPS - - 22 # SSH - - 5986 # WinRM - - 3389 # RDP + - 80 # HTTP + - 443 # HTTPS + - 22 # SSH + - 5986 # WinRM + - 3389 # RDP cidr_ip: 0.0.0.0/0 - proto: icmp to_port: -1 @@ -43,32 +43,32 @@ cidr_ip: 0.0.0.0/0 - proto: tcp ports: - - 80 # HTTP - - 5986 # WinRM - - 3389 # RDP - - 53 # DNS - - 88 # Kerberos Authentication - - 135 # RPC - - 139 # Netlogon - - 389 # LDAP - - 445 # SMB - - 464 # Kerberos Authentication - - 5432 # PostgreSQL - - 636 # LDAPS (LDAP over TLS) - - 873 # Rsync - - 3268-3269 # Global Catalog - - 1024-65535 # Ephemeral RPC ports + - 80 # HTTP + - 5986 # WinRM + - 3389 # RDP + - 53 # DNS + - 88 # Kerberos Authentication + - 135 # RPC + - 139 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 5432 # PostgreSQL + - 636 # LDAPS (LDAP over TLS) + - 873 # Rsync + - 3268-3269 # Global Catalog + - 1024-65535 # Ephemeral RPC ports cidr_ip: 10.0.0.0/16 - proto: udp ports: - - 53 # DNS - - 88 # Kerberos Authentication - - 123 # NTP - - 137-138 # Netlogon - - 389 # LDAP - - 445 # SMB - - 464 # Kerberos Authentication - - 1024-65535 # Ephemeral RPC ports + - 53 # DNS + - 88 # Kerberos Authentication + - 123 # NTP + - 137-138 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 1024-65535 # Ephemeral RPC ports cidr_ip: 10.0.0.0/16 rules_egress: - proto: -1 diff --git a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml index 882f64171..862b0feb4 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create web directory if it does not exist ansible.builtin.file: path: "{{ file_path }}" diff --git a/collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml index 4b645cb2b..a14fdcfdd 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml @@ -1,3 +1,4 @@ +--- file_path: "{{ web_path | default('/var/www/html/reports') }}" vendor: ios: &my_value 'Cisco' diff --git a/collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml index af7e3f1f1..d093c19df 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create HTML report ansible.builtin.template: src: report.j2 diff --git a/collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml index e9da5bb12..491f36ab1 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml @@ -1 +1,2 @@ +--- file_path: /var/www/html diff --git a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml index dcd86a254..8aa09a6b9 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml @@ -1,3 +1,4 @@ +--- email_from: tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails_list: "{{ to_emails.split(',') }}" diff --git a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml index a7b72331a..6e1a083ad 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create HTML report ansible.builtin.template: src: report.j2 diff --git a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml index e9da5bb12..491f36ab1 100644 --- a/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml +++ b/collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml @@ -1 +1,2 @@ +--- file_path: /var/www/html diff --git a/collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml index 127b2147e..d1722f0e3 100644 --- a/collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml @@ -10,7 +10,7 @@ - name: Upgrade packages (yum) ansible.builtin.yum: name: '*' - state: latest # noqa: package-latest - Intended to update packages to latest + state: latest # noqa: package-latest - Intended to update packages to latest exclude: "{{ exclude_packages }}" when: ansible_pkg_mgr == "yum" register: patchingresult_yum @@ -18,7 +18,7 @@ - name: Upgrade packages (dnf) ansible.builtin.dnf: name: '*' - state: latest # noqa: package-latest - Intended to update packages to latest + state: latest # noqa: package-latest - Intended to update packages to latest exclude: "{{ exclude_packages }}" when: ansible_pkg_mgr == "dnf" register: patchingresult_dnf diff --git a/collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml index 978fc6b2b..1bf8b5bf2 100644 --- a/collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create HTML report ansible.builtin.template: src: report.j2 diff --git a/collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml b/collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml index ce0a730f6..6fe0b79a1 100644 --- a/collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml @@ -1 +1,2 @@ +--- file_path: /var/www/html/reports diff --git a/collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml b/collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml index dcd86a254..8aa09a6b9 100644 --- a/collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml @@ -1,3 +1,4 @@ +--- email_from: tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails_list: "{{ to_emails.split(',') }}" diff --git a/collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml index a0d145f56..8736ed7e4 100644 --- a/collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create HTML report ansible.builtin.template: src: report.j2 diff --git a/collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml b/collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml index ce0a730f6..6fe0b79a1 100644 --- a/collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml @@ -1 +1,2 @@ +--- file_path: /var/www/html/reports diff --git a/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml b/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml index a7224fd3c..a78d89d24 100644 --- a/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml +++ b/collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create HTML report ansible.windows.win_template: src: report.j2 diff --git a/collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml b/collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml index 186ca6143..d2bf1af80 100644 --- a/collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml +++ b/collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml @@ -1,5 +1,5 @@ --- instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}" activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}" -rex_user: root # "{{ ansible_user }}" +rex_user: root # "{{ ansible_user }}" force_register: true diff --git a/collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml b/collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml index 255b0ab55..343df82d6 100644 --- a/collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml +++ b/collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml @@ -1,3 +1,4 @@ +--- foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}" foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}" foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}" diff --git a/linux/deploy_application.yml b/linux/deploy_application.yml index 712d03198..ac5d773fa 100644 --- a/linux/deploy_application.yml +++ b/linux/deploy_application.yml @@ -21,7 +21,7 @@ register: result notify: Printing to terminal application information - - name: Printing to terminal application information # noqa: no-handler + - name: Printing to terminal application information # noqa: no-handler ansible.builtin.debug: msg: "The application: {{ application }} was already installed" when: not result.changed | bool @@ -30,4 +30,3 @@ - name: Printing to terminal application information ansible.builtin.debug: msg: "The application: {{ application }} has been installed" - when: result.changed | bool diff --git a/linux/ec2_register.yml b/linux/ec2_register.yml index 789209dd1..4aba9d3b8 100644 --- a/linux/ec2_register.yml +++ b/linux/ec2_register.yml @@ -18,7 +18,7 @@ ansible.builtin.hostname: name: "{{ inventory_hostname | regex_replace('_', '-') }}" -# Install subscription-manager if it's not there + # Install subscription-manager if it's not there - name: Install subscription-manager ansible.builtin.yum: name: subscription-manager @@ -65,7 +65,7 @@ - name: Configure Red Hat insights ansible.builtin.import_role: name: redhat.insights.insights_client - vars: + vars: # noqa var-naming[no-role-prefix] insights_display_name: "{{ inventory_hostname }}" insights_tags: env: "{{ env }}" diff --git a/linux/patching.yml b/linux/patching.yml index d567292eb..e7f6a2162 100644 --- a/linux/patching.yml +++ b/linux/patching.yml @@ -22,7 +22,7 @@ when: - ansible_local.insights.system_id is not defined - - name: Run the Insights Client Scan # noqa: no-changed-when + - name: Run the Insights Client Scan # noqa: no-changed-when ansible.builtin.command: insights-client when: - not ansible_check_mode @@ -31,7 +31,7 @@ - name: Deploy report server when: not ansible_check_mode delegate_to: "{{ report_server }}" - run_once: true # noqa: run-once[task] + run_once: true # noqa: run-once[task] block: - name: Install firewall dependencies ansible.builtin.dnf: diff --git a/linux/run_script.yml b/linux/run_script.yml index e4159f465..b207d4872 100644 --- a/linux/run_script.yml +++ b/linux/run_script.yml @@ -11,7 +11,7 @@ ansible.builtin.shell: "{{ shell_script }}" register: shell_output tags: - - skip_ansible_lint # provided variable could require shell modele + - skip_ansible_lint # provided variable could require shell modele - name: Print script output ansible.builtin.debug: diff --git a/linux/tshoot.yml b/linux/tshoot.yml index e11f6c427..6abe42949 100644 --- a/linux/tshoot.yml +++ b/linux/tshoot.yml @@ -4,15 +4,15 @@ become: true tasks: - - name: Gather recent vmstat info # noqa: no-changed-when + - name: Gather recent vmstat info # noqa: no-changed-when ansible.builtin.command: /bin/vmstat 1 5 register: vmstat - - name: Gather top CPU hogs # noqa: no-changed-when + - name: Gather top CPU hogs # noqa: no-changed-when ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu register: pscpu - - name: Gather top memory hogs # noqa: no-changed-when + - name: Gather top memory hogs # noqa: no-changed-when ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-size register: pssize diff --git a/network/report.yml b/network/report.yml index a4b3ee5a6..8a562f402 100644 --- a/network/report.yml +++ b/network/report.yml @@ -26,10 +26,10 @@ gather_network_resources: all when: ansible_network_os == 'cisco.iosxr.iosxr' - # The dig lookup requires the python 'dnspython' library - # - name: Resolve IP address - # ansible.builtin.set_fact: - # ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}" +# # The dig lookup requires the python 'dnspython' library +# - name: Resolve IP address +# ansible.builtin.set_fact: +# ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}" - name: Create network reports hosts: "{{ report_server }}" diff --git a/openshift/devspaces.yml b/openshift/devspaces.yml index dc7304ddb..a42290fda 100644 --- a/openshift/devspaces.yml +++ b/openshift/devspaces.yml @@ -4,14 +4,14 @@ gather_facts: false tasks: - - name: create namespace + - name: Create namespace redhat.openshift.k8s: name: eclipse-che api_version: v1 kind: Namespace state: present - - name: create dev spaces subscription + - name: Create dev spaces subscription redhat.openshift.k8s: state: present definition: @@ -29,8 +29,8 @@ source: redhat-operators sourceNamespace: openshift-marketplace - - name: wait for dev spaces operator to install - k8s_info: + - name: Wait for dev spaces operator to install + kubernetes.core.k8s_info: api_version: apiextensions.k8s.io/v1 kind: CustomResourceDefinition name: checlusters.org.eclipse.che @@ -40,17 +40,17 @@ delay: 30 - name: Wait until devspaces-operator is up - k8s_info: + kubernetes.core.k8s_info: api_version: v1 kind: Deployment name: devspaces-operator namespace: openshift-operators register: pod_list - until: pod_list|json_query('resources[*].status.readyReplicas')|unique == [1] + until: pod_list | json_query('resources[*].status.readyReplicas') | unique == [1] retries: 10 delay: 30 - - name: deploy dev spaces + - name: Deploy dev spaces redhat.openshift.k8s: state: present definition: diff --git a/satellite/satellite_promote.yml b/satellite/satellite_promote.yml index 8cb5fefe1..ac2e8a5a2 100644 --- a/satellite/satellite_promote.yml +++ b/satellite/satellite_promote.yml @@ -10,7 +10,7 @@ content_view: undef tasks: - - name: Promote Content View # noqa: args[module] - required parameters provided with environment vars + - name: Promote Content View # noqa: args[module] - required parameters provided with environment vars redhat.satellite.content_view_version: content_view: "{{ content_view }}" organization: "{{ organization }}" diff --git a/satellite/satellite_publish.yml b/satellite/satellite_publish.yml index 728f97476..b48e7d91b 100644 --- a/satellite/satellite_publish.yml +++ b/satellite/satellite_publish.yml @@ -12,7 +12,7 @@ publish_retry_interval: 15 tasks: - - name: Publish content view # noqa: args[module] - required parameters provided with environment vars + - name: Publish content view # noqa: args[module] - required parameters provided with environment vars redhat.satellite.content_view_version: content_view: "{{ content_view }}" organization: "{{ organization }}" diff --git a/satellite/server_openscap.yml b/satellite/server_openscap.yml index 71edabeff..2c0ddf19e 100644 --- a/satellite/server_openscap.yml +++ b/satellite/server_openscap.yml @@ -12,7 +12,7 @@ ansible.builtin.pause: seconds: "{{ 5 | random }}" - - name: Run SCAP Scan # noqa: no-changed-when - purpose is to run everytime + - name: Run SCAP Scan # noqa: no-changed-when - purpose is to run everytime ansible.builtin.command: "/usr/bin/foreman_scap_client {{ item.id }}" loop: "{{ policy }}" when: policy_scan == 'all' or item.name in policy_scan diff --git a/satellite/setup.yml b/satellite/setup.yml index 2ae885791..76507a621 100644 --- a/satellite/setup.yml +++ b/satellite/setup.yml @@ -1,3 +1,4 @@ +--- user_message: controller_components: diff --git a/satellite/setup_satellite.yml b/satellite/setup_satellite.yml index 6fbacc4be..d7df7a2ab 100644 --- a/satellite/setup_satellite.yml +++ b/satellite/setup_satellite.yml @@ -7,7 +7,7 @@ refresh_satellite_manifest: true tasks: - - name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars + - name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars redhat.satellite.subscription_manifest: organization: "Default Organization" state: refreshed @@ -20,7 +20,7 @@ - name: Publish CV ansible.builtin.include_role: name: redhat.satellite.content_view_publish - vars: + vars: # noqa var-naming[no-role-prefix] satellite_content_views: - RHEL7 - RHEL8 @@ -29,7 +29,7 @@ ansible.builtin.include_role: name: redhat.satellite.lifecycle_environments - - name: Content view publish # noqa: args[module] - required parameters provided with environment vars + - name: Content view publish # noqa: args[module] - required parameters provided with environment vars redhat.satellite.content_view_version: organization: "{{ satellite_organization }}" content_view: "{{ item }}" @@ -45,7 +45,7 @@ ansible.builtin.include_role: name: redhat.satellite.activation_keys - - name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars + - name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars redhat.satellite.scap_tailoring_file: name: RHEL7_STIG organizations: "{{ satellite_organization }}" diff --git a/setup_demo.yml b/setup_demo.yml index f72aa855a..485263474 100644 --- a/setup_demo.yml +++ b/setup_demo.yml @@ -8,7 +8,7 @@ ansible.builtin.include_role: name: "redhat_cop.controller_configuration.{{ item }}" loop: "{{ controller_components }}" - vars: + vars: # noqa var-naming[no-role-prefix] controller_components: - notification_templates - job_templates @@ -69,7 +69,7 @@ url: https://docs.google.com/forms/d/e/1FAIpQLSdIZ77YpETjEfGOoYlXtMnQiU-6M7QFlb2hJA4ujo25QYb2jw/formResponse method: POST body: "ifq&entry.1569353616={{ demo }} &entry.498055740={{ lookup('ansible.builtin.env', 'AWX_HOST') }}&sumbit=Submit" - ignore_errors: true # noqa: ignore-errors - connectivity should not fail play + ignore_errors: true # noqa: ignore-errors - connectivity should not fail play - name: Print Message ansible.builtin.debug: diff --git a/windows/compliance.yml b/windows/compliance.yml index 47722db5f..e3f53572f 100644 --- a/windows/compliance.yml +++ b/windows/compliance.yml @@ -2,8 +2,8 @@ - name: STIG a Windows 2022 Server hosts: "{{ HOSTS | default('os_windows') }}" vars: - win2022STIG_stigrule_254269_Manage: false # noqa var-naming - win2022STIG_stigrule_254276_Manage: false # noqa var-naming + win2022STIG_stigrule_254269_Manage: false # noqa var-naming + win2022STIG_stigrule_254276_Manage: false # noqa var-naming tasks: - name: Include win2022STIG role diff --git a/windows/create_ad_domain.yml b/windows/create_ad_domain.yml index 8b8030ee2..feb1303a1 100644 --- a/windows/create_ad_domain.yml +++ b/windows/create_ad_domain.yml @@ -34,9 +34,9 @@ name: "{{ item.name }}" scope: global loop: - - { name: "GroupA" } - - { name: "GroupB" } - - { name: "GroupC" } + - {name: "GroupA"} + - {name: "GroupB"} + - {name: "GroupC"} retries: 5 delay: 10 @@ -47,8 +47,8 @@ password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" update_password: on_create loop: - - { name: "UserA", groups: "GroupA" } - - { name: "UserB", groups: "GroupB" } - - { name: "UserC", groups: "GroupC" } + - {name: "UserA", groups: "GroupA"} + - {name: "UserB", groups: "GroupB"} + - {name: "UserC", groups: "GroupC"} retries: 5 delay: 10 From a492e06982f0b76d3251f841a1d8187e2ec91826 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 12 Sep 2023 13:14:47 -0400 Subject: [PATCH 04/10] additional ansible-lint fixes after rebase --- .pre-commit-config.yaml | 2 ++ .../demo/cloud/roles/aws/vars/snapshot_vm.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 250e922e1..71bceb0a7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,5 +5,7 @@ repos: rev: v6.18.0 hooks: - id: ansible-lint + additional_dependencies: + - jmespath ... diff --git a/collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml b/collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml index e1be6a492..623ee619b 100644 --- a/collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml +++ b/collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml @@ -1,3 +1,4 @@ +--- # Set stat_snapshots with model: # [ # { From 829d96669cd33ad1a1c3fea9cfc0d7c26560bc9f Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 12 Sep 2023 16:11:29 -0400 Subject: [PATCH 05/10] additional pre-commit hooks --- .pre-commit-config.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 71bceb0a7..d6f431d67 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,10 @@ --- repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace - repo: https://github.com/ansible/ansible-lint.git # get latest release tag from https://github.com/ansible/ansible-lint/releases/ rev: v6.18.0 From 690996641827c2b0c49bd253e7d40db24ae8b8d7 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 19 Sep 2023 14:02:11 -0400 Subject: [PATCH 06/10] switch back to `offline: false` --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 883549814..57840f9b9 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,6 @@ --- profile: production -offline: true +offline: false skip_list: - "galaxy[no-changelog]" From 115f6de423a47816eefc6ff3b147c834a555cb9b Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Tue, 19 Sep 2023 15:23:20 -0400 Subject: [PATCH 07/10] updated github build action - ansible-lint-action action is deprecated, switching to ansible-lint action at https://github.com/marketplace/actions/run-ansible-lint - pinned ansible-lint version to match the same one in .pre-commit-config.yaml --- .github/workflows/ansible-lint.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index a085b8286..80d43780d 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -5,11 +5,7 @@ on: - pull_request env: - ANSIBLE_GALAXY_SERVER_LIST: ah,galaxy - ANSIBLE_GALAXY_SERVER_AH_URL: https://console.redhat.com/api/automation-hub/ - ANSIBLE_GALAXY_SERVER_AH_AUTH_URL: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }} - ANSIBLE_GALAXY_SERVER_GALAXY_URL: https://galaxy.ansible.com/ jobs: build: @@ -22,4 +18,4 @@ jobs: fetch-depth: 0 # needed for progressive mode to work - name: Run ansible-lint - uses: ansible/ansible-lint-action@v6.11.0 + uses: ansible/ansible-lint@v6.18.0 From 348e21ff88f127aeee001fb9367027ded4d2c204 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Wed, 20 Sep 2023 18:13:33 -0400 Subject: [PATCH 08/10] ansible-lint action updates - named build action - removed unneeded call to actions/checkout@v3 - updated ansible.cfg galaxy server configuration per current documentation --- .github/workflows/ansible-lint.yml | 8 ++------ ansible.cfg | 2 +- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 80d43780d..311fe5b11 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -9,13 +9,9 @@ env: jobs: build: + name: Ansible Lint runs-on: ubuntu-latest - steps: - # Important: This sets up your GITHUB_WORKSPACE environment variable - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # needed for progressive mode to work - + # this action implicitly calls actions/checkout - name: Run ansible-lint uses: ansible/ansible-lint@v6.18.0 diff --git a/ansible.cfg b/ansible.cfg index 8e1f70d86..ab7aa17eb 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,7 @@ roles_path=./roles server_list = ah,galaxy [galaxy_server.ah] -url=https://console.redhat.com/api/automation-hub/ +url=https://cloud.redhat.com/api/automation-hub/ auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token [galaxy_server.galaxy] From 1bd51f881f993ed830fe87bde04f0e5a6bdef855 Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Mon, 25 Sep 2023 15:21:26 -0400 Subject: [PATCH 09/10] trying different hub URL --- ansible.cfg | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible.cfg b/ansible.cfg index ab7aa17eb..321f02ae1 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,8 @@ roles_path=./roles server_list = ah,galaxy [galaxy_server.ah] -url=https://cloud.redhat.com/api/automation-hub/ +#url=https://cloud.redhat.com/api/automation-hub/ +url=https://console.redhat.com/api/automation-hub/content/published/ auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token [galaxy_server.galaxy] From fadc8d00968301c7723c2a46ea6558fa31d3f69b Mon Sep 17 00:00:00 2001 From: Chris Edillon Date: Mon, 25 Sep 2023 15:48:16 -0400 Subject: [PATCH 10/10] switched to pull_request_target --- .github/workflows/ansible-lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 311fe5b11..706d48cc6 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -1,8 +1,8 @@ --- name: Ansible Lint on: - - push - - pull_request + push: + pull_request_target: env: ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }}