Fix Ansible Lint

2021-09-01 11:45:44 +02:00 · 2021-09-01 11:45:44 +02:00 · a2780d3d95
parent 6c7e0c2a47
commit a2780d3d95
11 changed files with 79 additions and 6 deletions
--- a/meta/main.yml
+++ b/meta/main.yml
@ -2,6 +2,8 @@

 galaxy_info:
  author: Emilien Mantel
+  namespace: hanxhx
+  role_name: nginx
  description: Nginx for Debian / FreeBSD
  company:
  license: GPLv2
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -4,12 +4,18 @@
  template:
    src: "etc/nginx/nginx.conf.j2"
    dest: "{{ nginx_etc_dir }}/nginx.conf"
+    mode: 0644
+    owner: root
+    group: root
  notify: reload nginx

 - name: TEMPLATE | Deploy all helpers
  template:
    src: "{{ item }}"
    dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}"
+    mode: 0644
+    owner: root
+    group: root
  with_fileglob: '../templates/etc/nginx/helper/*.j2'
  notify: reload nginx

@ -17,6 +23,9 @@
  template:
    src: "etc/nginx/conf.d/custom.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/custom.conf"
+    mode: 0644
+    owner: root
+    group: root
  notify: reload nginx

 - name: LINEINFILE | Fix path
@ -42,4 +51,7 @@
      load_module {{ m }};
      {% endfor %}
    dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf"
+    mode: 0644
+    owner: root
+    group: root
  notify: reload nginx
--- a/tasks/htpasswd.yml
+++ b/tasks/htpasswd.yml
@ -13,6 +13,9 @@
    name: "{{ item.1.name }}"
    password: "{{ item.1.password }}"
    path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"
+    mode: 0644
+    owner: root
+    group: root
  loop: "{{ nginx_htpasswd | subelements('users') }}"
  when: item.0.state is not defined or item.0.state == 'present'
  no_log: "{{ not nginx_debug_role }}"
--- a/tasks/install_FreeBSD.yml
+++ b/tasks/install_FreeBSD.yml
@ -40,6 +40,9 @@
  file:
    path: "{{ nginx_etc_dir }}/{{ item }}"
    state: directory
+    mode: 0755
+    owner: root
+    group: root
  loop:
    - conf.d
    - sites-available
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@ -42,3 +42,6 @@
  file:
    path: /etc/ansible/facts.d
    state: directory
+    mode: 0755
+    owner: root
+    group: root
--- a/tasks/site.yml
+++ b/tasks/site.yml
@ -22,6 +22,9 @@
  file:
    path: "{{ nginx_root }}"
    state: directory
+    mode: 0755
+    owner: root
+    group: root

 - name: FILE | Create root public folders (foreach nginx_sites)
  file:
@ -43,6 +46,9 @@
  template:
    src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
    dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
+    mode: 0644
+    owner: root
+    group: root
  notify: ['reload nginx', 'restart nginx freebsd']
  when: item.state is not defined or item.state != 'absent'
  loop: "{{ nginx_sites }}"
--- a/tasks/ssl/acme.yml
+++ b/tasks/ssl/acme.yml
@ -24,6 +24,9 @@
      template:
        src: "etc/nginx/conf.d/FAKESITE.conf.j2"
        dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+        mode: 0644
+        owner: root
+        group: root
      loop: "{{ acme_create }}"
      register: fake_site

--- a/tasks/ssl/standard.yml
+++ b/tasks/ssl/standard.yml
@ -25,6 +25,9 @@
  copy:
    content: "{{ nginx_dh }}"
    dest: "{{ nginx_dh_path }}"
+    owner: root
+    group: root
+    mode: 0640
  when: nginx_dh is string
  notify: restart nginx

@ -32,6 +35,9 @@
  file:
    path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
    state: directory
+    owner: root
+    group: root
+    mode: 0750
  loop: "{{ nginx_ssl_pairs }}"
  when: item.dest_key is not defined or item.dest_cert is not defined
  no_log: "{{ not nginx_debug_role }}"
@ -40,6 +46,8 @@
  copy:
    content: "{{ item.key }}"
    dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
+    owner: root
+    group: root
    mode: 0640
  loop: "{{ nginx_ssl_pairs }}"
  when: item.key is defined
@ -50,6 +58,8 @@
  copy:
    content: "{{ item.cert }}"
    dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
+    owner: root
+    group: root
    mode: 0644
  loop: "{{ nginx_ssl_pairs }}"
  when: item.cert is defined
--- a/tasks/upstream.yml
+++ b/tasks/upstream.yml
@ -4,12 +4,18 @@
  template:
    src: "etc/nginx/conf.d/php.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
+    mode: 0644
+    owner: root
+    group: root
  notify: reload nginx

 - name: TEMPLATE | Deploy other upstreams
  template:
    src: "etc/nginx/conf.d/_upstream.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
+    mode: 0644
+    owner: root
+    group: root
  loop: "{{ nginx_upstreams }}"
  when: item.state is not defined or item.state == 'present'
  notify: reload nginx
--- a/tests/includes/pre_FreeBSD.yml
+++ b/tests/includes/pre_FreeBSD.yml
@ -25,6 +25,7 @@
    state: present
  vars:
    packages:
+      - bash
      - curl
      - daemonize
      - fcgiwrap
--- a/tests/test.yml
+++ b/tests/test.yml
@ -13,16 +13,25 @@
      file:
        path: "{{ int_ansible_ssl_dir }}"
        state: directory
+        mode: 0750
+        owner: root
+        group: root

    - name: COPY | Deploy test certificate
      copy:
        src: "file/test.crt"
        dest: "{{ int_ansible_ssl_dir }}/test.crt"
+        mode: 0640
+        owner: root
+        group: root

    - name: COPY | Deploy test key
      copy:
        src: "file/test.key"
        dest: "{{ int_ansible_ssl_dir }}/test.key"
+        mode: 0640
+        owner: root
+        group: root

    - name: COPY | Add all hosts in /etc/hosts
      copy:
@ -39,6 +48,9 @@
          {% endif %}
          {% endfor %}
        dest: "/etc/hosts"
+        mode: 0644
+        owner: root
+        group: root
        unsafe_writes: true

  vars:
@ -296,6 +308,9 @@
      copy:
        dest: "{{ nginx_root }}/{{ item }}/public/index.php"
        content: "<?php phpinfo();"
+        mode: 0644
+        owner: root
+        group: root
      loop:
        - 'test-php.local'
        - 'test-php-index.local'
@ -305,6 +320,9 @@
      copy:
        dest: "{{ item }}/index.html"
        content: "Index HTML test OK\n"
+        mode: 0644
+        owner: root
+        group: root
      loop:
        - '{{ nginx_root }}/first-test/public'
        - '/var/tmp'
@ -319,11 +337,17 @@
      file:
        path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
        state: directory
+        mode: 0755
+        owner: root
+        group: root

    - name: -- Add HTML file hello --
      copy:
        dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
        content: "hello\n"
+        mode: 0644
+        owner: root
+        group: root

    # --------------------------------
    # Test custom facts
@ -512,16 +536,16 @@
    - block:

        - name: SHELL | Check HTTP proxy protocol
-          shell: curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
+          shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
          args:
-            executable: /bin/sh
+            executable: /bin/bash
            warn: false
          changed_when: false

        - name: SHELL | Check HTTPS proxy protocol
-          shell: curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
+          shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
          args:
-            executable: /bin/sh
+            executable: /bin/bash
            warn: false
          changed_when: false

@ -531,8 +555,8 @@
    # Check HTTP2
    # --------------------------------
    - name: SHELL | Check HTTP2
-      shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2
+      shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
      args:
-        executable: /bin/sh
+        executable: /bin/bash
      changed_when: false
      when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules