From 8c6c4dc813ffe41abd8e37a839bd09876dcf6aa1 Mon Sep 17 00:00:00 2001 From: Emilien Mantel Date: Wed, 1 Sep 2021 11:58:39 +0200 Subject: [PATCH] Fix Ansible Lint --- .ansible-lint | 2 ++ handlers/main.yml | 16 +++++----- tasks/config.yml | 10 +++--- tasks/htpasswd.yml | 4 +-- tasks/install_Debian.yml | 18 +++++------ tasks/install_FreeBSD.yml | 12 +++---- tasks/main.yml | 16 +++++----- tasks/prepare.yml | 10 +++--- tasks/site.yml | 22 ++++++------- tasks/ssl/acme.yml | 26 +++++++-------- tasks/ssl/standard.yml | 16 +++++----- tasks/upstream.yml | 6 ++-- tests/test.yml | 66 +++++++++++++++++++-------------------- 13 files changed, 113 insertions(+), 111 deletions(-) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..f99f65f --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,2 @@ +enable_list: + - fqcn-builtins diff --git a/handlers/main.yml b/handlers/main.yml index f0a8cb4..f814f55 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,46 +1,46 @@ --- - name: reload nginx - command: nginx -t + ansible.builtin.command: nginx -t notify: - real-reload nginx - docker reload nginx - name: restart nginx - command: nginx -t + ansible.builtin.command: nginx -t notify: - real-restart nginx - docker restart nginx - name: real-reload nginx - service: + ansible.builtin.service: name: nginx state: reloaded when: ansible_virtualization_type != 'docker' - name: real-restart nginx - service: + ansible.builtin.service: name: nginx state: restarted when: ansible_virtualization_type != 'docker' - name: docker reload nginx - command: service nginx reload + ansible.builtin.command: service nginx reload args: warn: false when: ansible_virtualization_type == 'docker' - name: docker restart nginx - command: service nginx restart + ansible.builtin.command: service nginx restart args: warn: false when: ansible_virtualization_type == 'docker' - name: restart nginx freebsd - service: + ansible.builtin.service: name: nginx state: restarted when: ansible_distribution == "FreeBSD" - name: setup - action: setup + ansible.builtin.setup: diff --git a/tasks/config.yml b/tasks/config.yml index 0eb75bf..bff9e0a 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -1,7 +1,7 @@ --- - name: TEMPLATE | Deploy nginx.conf - template: + ansible.builtin.template: src: "etc/nginx/nginx.conf.j2" dest: "{{ nginx_etc_dir }}/nginx.conf" mode: 0644 @@ -10,7 +10,7 @@ notify: reload nginx - name: TEMPLATE | Deploy all helpers - template: + ansible.builtin.template: src: "{{ item }}" dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}" mode: 0644 @@ -20,7 +20,7 @@ notify: reload nginx - name: TEMPLATE | Deploy custom http configuration - template: + ansible.builtin.template: src: "etc/nginx/conf.d/custom.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/custom.conf" mode: 0644 @@ -29,7 +29,7 @@ notify: reload nginx - name: LINEINFILE | Fix path - lineinfile: + ansible.builtin.lineinfile: regexp: '{{ item.0.regexp }}' line: '{{ item.0.line }}' dest: '{{ item.1 }}' @@ -45,7 +45,7 @@ when: nginx_fastcgi_fix_realpath - name: COPY | Add modules manually - copy: + ansible.builtin.copy: content: | {% for m in nginx_load_modules %} load_module {{ m }}; diff --git a/tasks/htpasswd.yml b/tasks/htpasswd.yml index 4c7b3ff..12b86b1 100644 --- a/tasks/htpasswd.yml +++ b/tasks/htpasswd.yml @@ -1,7 +1,7 @@ --- - name: FILE | Delete htpasswd file - file: + ansible.builtin.file: path: "{{ nginx_htpasswd_dir }}/{{ item.name }}" state: absent loop: "{{ nginx_htpasswd }}" @@ -9,7 +9,7 @@ no_log: "{{ not nginx_debug_role }}" - name: HTPASSWD | Manage files - htpasswd: + ansible.builtin.htpasswd: name: "{{ item.1.name }}" password: "{{ item.1.password }}" path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}" diff --git a/tasks/install_Debian.yml b/tasks/install_Debian.yml index 93fb078..9f0d3ab 100644 --- a/tasks/install_Debian.yml +++ b/tasks/install_Debian.yml @@ -1,51 +1,51 @@ --- - name: SET_FACT | Bypass https://github.com/ansible/ansible/issues/19874 - set_fact: + ansible.builtin.set_fact: ansible_distribution_release: 'buster' when: ansible_facts.distribution_major_version == "buster/sid" - name: APT | Update cache - apt: + ansible.builtin.apt: update_cache: true cache_valid_time: 3600 changed_when: false - name: APT | Install nginx and dependencies - apt: + ansible.builtin.apt: pkg: "{{ nginx_apt_package }}" default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}" - name: APT | Install nginx modules - apt: + ansible.builtin.apt: pkg: "{{ nginx_module_packages }}" state: present - name: APT | Install python-passlib - apt: + ansible.builtin.apt: pkg: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}-passlib" state: present - name: STAT | Check acme.sh is installed - stat: + ansible.builtin.stat: path: "{{ nginx_acmesh_dir }}" register: acme - block: - name: APT | Install git - apt: + ansible.builtin.apt: pkg: git - name: GIT | Get acme.sh - git: + ansible.builtin.git: repo: 'https://github.com/Neilpang/acme.sh.git' dest: '{{ nginx_acmesh_git_dir }}' update: false version: master - name: COMMAND | Install acme.sh - command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}" + ansible.builtin.command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}" args: chdir: "{{ nginx_acmesh_git_dir }}" creates: "{{ nginx_acmesh_dir }}" diff --git a/tasks/install_FreeBSD.yml b/tasks/install_FreeBSD.yml index be2c482..2f45f5c 100644 --- a/tasks/install_FreeBSD.yml +++ b/tasks/install_FreeBSD.yml @@ -16,20 +16,20 @@ - block: - name: COMMAND | Create /usr/local/etc/fdfs/http.conf - command: touch /usr/local/etc/fdfs/http.conf + ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf args: creates: /usr/local/etc/fdfs/http.conf register: fd1 - name: LINEINFILE | Tune fdfs - lineinfile: + ansible.builtin.lineinansible.builtin.file: regexp: ^load_fdfs_parameters_from_tracker line: load_fdfs_parameters_from_tracker=false path: /usr/local/etc/fdfs/mod_fastdfs.conf register: fd2 - name: SERVICE | Restart nginx when fdfs is tuned - service: + ansible.builtin.service: name: nginx state: restarted when: fd1.changed or fd2.changed @@ -37,7 +37,7 @@ when: true - name: FILE | Create configuration dir (like Debian) - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/{{ item }}" state: directory mode: 0755 @@ -49,7 +49,7 @@ - sites-enabled - name: FILE | Create log directory - file: + ansible.builtin.file: path: "{{ nginx_log_dir }}" owner: "{{ nginx_user }}" group: wheel @@ -57,6 +57,6 @@ state: directory - name: SERVICE | Enable nginx - service: + ansible.builtin.service: name: nginx enabled: true diff --git a/tasks/main.yml b/tasks/main.yml index 9409d21..6080100 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,30 +1,30 @@ --- - name: INCLUDE_VARS | Related to OS - include_vars: "{{ ansible_distribution }}.yml" + ansible.builtin.include_vars: "{{ ansible_distribution }}.yml" tags: ['nginx::site', 'nginx::ssl'] - name: INCLUDE_TASKS | Install - include_tasks: "install_{{ ansible_distribution }}.yml" + ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml" tags: ['nginx::site', 'nginx::ssl'] - name: IMPORT_TASKS| Prepare - import_tasks: prepare.yml + ansible.builtin.import_tasks: prepare.yml tags: ['nginx::site', 'nginx::ssl'] - name: IMPORT_TASKS| Install - import_tasks: config.yml + ansible.builtin.import_tasks: config.yml - name: IMPORT_TASKS| Upstream configuration - import_tasks: upstream.yml + ansible.builtin.import_tasks: upstream.yml - name: IMPORT_TASKS| htpasswd configuration - import_tasks: htpasswd.yml + ansible.builtin.import_tasks: htpasswd.yml - name: IMPORT_TASKS| SSL configuration - import_tasks: ssl/main.yml + ansible.builtin.import_tasks: ssl/main.yml tags: ['nginx::ssl'] - name: IMPORT_TASKS| Sites configuration - import_tasks: site.yml + ansible.builtin.import_tasks: site.yml tags: ['nginx::site'] diff --git a/tasks/prepare.yml b/tasks/prepare.yml index 5388d95..0e5e889 100644 --- a/tasks/prepare.yml +++ b/tasks/prepare.yml @@ -1,7 +1,7 @@ --- - name: SHELL | Get Nginx version - shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1 + ansible.builtin.shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1 args: executable: /bin/sh register: nginx_version @@ -11,7 +11,7 @@ - skip_ansible_lint - name: SHELL | Get module list - shell: | + ansible.builtin.shell: | nginx -V 2>&1 | tr -- - '\n' | grep -A 1 with | @@ -27,11 +27,11 @@ - skip_ansible_lint - name: SET_FACT | Save modules - set_fact: + ansible.builtin.set_fact: nginx_modules: "{{ shell_modules.stdout_lines }}" - name: FILE | Create folders - file: + ansible.builtin.file: dest: "{{ item.dir }}" owner: "{{ item.owner }}" mode: "{{ item.mode }}" @@ -39,7 +39,7 @@ loop: "{{ nginx_dirs }}" - name: FILE | Create ansible facts dir - file: + ansible.builtin.file: path: /etc/ansible/facts.d state: directory mode: 0755 diff --git a/tasks/site.yml b/tasks/site.yml index 42dc5e9..2fda5db 100644 --- a/tasks/site.yml +++ b/tasks/site.yml @@ -1,7 +1,7 @@ --- - name: FAIL | Check filenames - fail: + ansible.builtin.fail: msg: "Forbidden keyword default on site {{ item | nginx_site_name }}" when: item.filename is defined and item.filename == 'default' loop: "{{ nginx_sites }}" @@ -9,7 +9,7 @@ label: "{{ item | nginx_site_name }}" - name: FAIL | Check HTTPS redir and proto - fail: + ansible.builtin.fail: msg: "You can't have HTTP proto and HTTPS redirection at the same time" when: ((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and @@ -19,7 +19,7 @@ label: "{{ item | nginx_site_name }}" - name: FILE | Create root directory - file: + ansible.builtin.file: path: "{{ nginx_root }}" state: directory mode: 0755 @@ -27,7 +27,7 @@ group: root - name: FILE | Create root public folders (foreach nginx_sites) - file: + ansible.builtin.file: path: "{{ nginx_root }}/{{ item | nginx_site_filename }}/public" state: directory owner: "{{ item.owner | default(nginx_user) }}" @@ -43,7 +43,7 @@ label: "{{ item | nginx_site_name }}" - name: TEMPLATE | Create sites - template: + ansible.builtin.template: src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2" dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" mode: 0644 @@ -56,7 +56,7 @@ label: "{{ item | nginx_site_name }}" - name: FILE | Delete sites - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}" state: absent loop: "{{ nginx_sites | product(dirs) | list }}" @@ -68,7 +68,7 @@ label: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}" - name: FILE | Enable sites - file: + ansible.builtin.file: src: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}" state: link @@ -80,7 +80,7 @@ label: "{{ item | nginx_site_name }}" - name: FILE | Disable sites - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}" state: absent loop: "{{ nginx_sites }}" @@ -90,14 +90,14 @@ label: "{{ item | nginx_site_name }}" - name: FILE | Delete default site when explicitely defined - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/sites-enabled/default" state: absent notify: ['reload nginx', 'restart nginx freebsd'] when: nginx_default_site is not none - name: FILE | Auto set default site - file: + ansible.builtin.file: src: "{{ nginx_etc_dir }}/sites-available/default" dest: "{{ nginx_etc_dir }}/sites-enabled/default" state: link @@ -105,7 +105,7 @@ when: nginx_default_site is none - name: TEMPLATE | Deploy facts - template: + ansible.builtin.template: src: etc/ansible/facts.d/nginx.fact.j2 dest: /etc/ansible/facts.d/nginx.fact mode: 0644 diff --git a/tasks/ssl/acme.yml b/tasks/ssl/acme.yml index a0ccf8b..24f2306 100644 --- a/tasks/ssl/acme.yml +++ b/tasks/ssl/acme.yml @@ -1,18 +1,18 @@ --- - name: SET_FACT | Assign default... - set_fact: + ansible.builtin.set_fact: acme_create: [] - name: STAT | Check if certificates are already installed - stat: + ansible.builtin.stat: path: "{{ item | nginx_cert_path(nginx_ssl_dir) }}" loop: "{{ nginx_ssl_pairs }}" when: item.acme is defined and item.acme register: acme_installed_certs - name: SET_FACT | Assign var with certificates to create - set_fact: + ansible.builtin.set_fact: acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}" loop: "{{ acme_installed_certs.results }}" when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0) @@ -21,7 +21,7 @@ block: - name: TEMPLATE | Create fake site - template: + ansible.builtin.template: src: "etc/nginx/conf.d/FAKESITE.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" mode: 0644 @@ -31,26 +31,26 @@ register: fake_site - name: FILE | Delete current site if needed - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" state: absent loop: "{{ acme_create }}" when: fake_site.changed - name: SERVICE | Restart nginx - service: + ansible.builtin.service: name: nginx state: restarted when: fake_site.changed and ansible_virtualization_type != 'docker' - name: COMMAND | Restart nginx - command: service nginx restart + ansible.builtin.command: service nginx restart args: warn: false when: fake_site.changed and ansible_virtualization_type == 'docker' - name: COMMAND | Get certificates - command: | + ansible.builtin.command: | {{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %} @@ -64,12 +64,12 @@ no_log: "{{ not nginx_debug_role }}" - name: FILE | Create SSL dir per site - file: + ansible.builtin.file: path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}" loop: "{{ acme_create }}" - name: COMMAND | Install certificates - command: | + ansible.builtin.command: | {{ nginx_acmesh_bin }} --home {{ nginx_acmesh_dir }} --install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }} @@ -85,17 +85,17 @@ rescue: - name: FAIL | Explicit - fail: + ansible.builtin.fail: msg: "Something is bad... Auto crash!" always: - name: FILE | Delete fake sites - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" state: absent loop: "{{ acme_create }}" notify: restart nginx - name: META | Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/tasks/ssl/standard.yml b/tasks/ssl/standard.yml index 281f923..57166ce 100644 --- a/tasks/ssl/standard.yml +++ b/tasks/ssl/standard.yml @@ -3,26 +3,26 @@ - block: - name: STAT | Get info about DH file - stat: + ansible.builtin.stat: path: "{{ nginx_dh_path }}" get_checksum: false register: stat_dh_file - name: SHELL | Get info about DH file - shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }' + ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }' changed_when: false register: dh_info when: stat_dh_file.stat.exists - name: COMMAND | Generate DH file - command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} + ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }} when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int) notify: restart nginx when: nginx_dh is not string - name: COPY | Deploy DH file from vars - copy: + ansible.builtin.copy: content: "{{ nginx_dh }}" dest: "{{ nginx_dh_path }}" owner: root @@ -32,7 +32,7 @@ notify: restart nginx - name: FILE | Create SSL directories - file: + ansible.builtin.file: path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}" state: directory owner: root @@ -43,7 +43,7 @@ no_log: "{{ not nginx_debug_role }}" - name: COPY | Deploy SSL keys - copy: + ansible.builtin.copy: content: "{{ item.key }}" dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}" owner: root @@ -55,7 +55,7 @@ no_log: "{{ not nginx_debug_role }}" - name: COPY | Deploy SSL certs - copy: + ansible.builtin.copy: content: "{{ item.cert }}" dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}" owner: root @@ -67,7 +67,7 @@ no_log: "{{ not nginx_debug_role }}" - name: COMMAND | Create self-signed certificates - command: | + ansible.builtin.command: | openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' diff --git a/tasks/upstream.yml b/tasks/upstream.yml index 63e7447..0fb1636 100644 --- a/tasks/upstream.yml +++ b/tasks/upstream.yml @@ -1,7 +1,7 @@ --- - name: TEMPLATE | Deploy PHP upstream to Nginx - template: + ansible.builtin.template: src: "etc/nginx/conf.d/php.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/php.conf" mode: 0644 @@ -10,7 +10,7 @@ notify: reload nginx - name: TEMPLATE | Deploy other upstreams - template: + ansible.builtin.template: src: "etc/nginx/conf.d/_upstream.conf.j2" dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf" mode: 0644 @@ -21,7 +21,7 @@ notify: reload nginx - name: FILE | Delete other upstreams - file: + ansible.builtin.file: path: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf" state: absent loop: "{{ nginx_upstreams }}" diff --git a/tests/test.yml b/tests/test.yml index 29130b3..9af416c 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -4,13 +4,13 @@ pre_tasks: - name: INCLUDE_TASKS | Pre_tasks related to OS version - include_tasks: "includes/pre_{{ ansible_distribution }}.yml" + ansible.builtin.include_tasks: "includes/pre_{{ ansible_distribution }}.yml" - name: IMPORT_TASKS | Pre_tasks common - import_tasks: "includes/pre_common.yml" + ansible.builtin.import_tasks: "includes/pre_common.yml" - name: FILE | Create an internal SSL dir - file: + ansible.builtin.file: path: "{{ int_ansible_ssl_dir }}" state: directory mode: 0750 @@ -18,7 +18,7 @@ group: root - name: COPY | Deploy test certificate - copy: + ansible.builtin.copy: src: "file/test.crt" dest: "{{ int_ansible_ssl_dir }}/test.crt" mode: 0640 @@ -26,7 +26,7 @@ group: root - name: COPY | Deploy test key - copy: + ansible.builtin.copy: src: "file/test.key" dest: "{{ int_ansible_ssl_dir }}/test.key" mode: 0640 @@ -34,7 +34,7 @@ group: root - name: COPY | Add all hosts in /etc/hosts - copy: + ansible.builtin.copy: content: | 127.0.0.1 localhost {% for s in nginx_sites %} @@ -299,13 +299,13 @@ # Apps # -------------------------------- - name: INCLUDE_TASKS | Post_tasks related to OS version - include_tasks: "includes/post_{{ ansible_distribution }}.yml" + ansible.builtin.include_tasks: "includes/post_{{ ansible_distribution }}.yml" # -------------------------------- # Deploy index files # -------------------------------- - name: -- Add PHP file -- - copy: + ansible.builtin.copy: dest: "{{ nginx_root }}/{{ item }}/public/index.php" content: " /dev/null | grep -q h2 + ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2 args: executable: /bin/bash changed_when: false