From 2f0f1796ff2e618e6c8d8814e31afa72d17fdb6e Mon Sep 17 00:00:00 2001 From: MonsterDruide1 <5958456@gmail.com> Date: Wed, 22 Jun 2022 17:04:33 +0200 Subject: [PATCH] Fix ansible-lint --- defaults/main.yml | 2 +- handlers/main.yml | 4 +-- meta/main.yml | 2 +- tasks/certpaths.yml | 2 +- tasks/configure.yml | 58 ++++++++++++++++++++-------------------- tasks/install.yml | 26 +++++++++--------- tasks/standalone_tls.yml | 4 +-- tasks/tls.yml | 4 +-- 8 files changed, 51 insertions(+), 51 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 255e294..eabc53c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,7 +11,7 @@ haproxy_wanted_acme_domains: [] haproxy_acme_backend_name: "acmetool" _haproxy_ssl_options: 'no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets' -_haproxy_ssl_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384' # noqa line-length +_haproxy_ssl_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384' # noqa yaml[line-length] _haproxy_ssl_ciphersuites: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256' haproxy_default_compression_algo: gzip diff --git a/handlers/main.yml b/handlers/main.yml index fe8112a..158559c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,11 +3,11 @@ # handlers file for haproxy - name: restart haproxy - service: + ansible.builtin.service: name: haproxy state: restarted - name: reload haproxy - service: + ansible.builtin.service: name: haproxy state: reloaded diff --git a/meta/main.yml b/meta/main.yml index b503816..06fb8bf 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ galaxy_info: author: Fachschaft Informatik, TU Dortmund description: Install and configure a HAProxy reverse proxy license: Apache-2.0 - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: Ubuntu versions: diff --git a/tasks/certpaths.yml b/tasks/certpaths.yml index f7af67d..1ad6187 100644 --- a/tasks/certpaths.yml +++ b/tasks/certpaths.yml @@ -1,7 +1,7 @@ --- - name: "{{ item.name }}: Generate certpaths file" notify: reload haproxy - template: + ansible.builtin.template: src: certpaths.j2 dest: "/etc/haproxy/{{ item.name }}.certpaths" owner: root diff --git a/tasks/configure.yml b/tasks/configure.yml index fcbac9c..bc0a49a 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,18 +1,18 @@ --- - name: Collect all extern certpaths - set_fact: + ansible.builtin.set_fact: haproxy_wanted_certpaths: "{{ haproxy_wanted_certs }} + {{ (item.ssl | default([])).cert | default([]) }}" loop: "{{ haproxy_frontends }}" when: haproxy_frontends is defined - name: Collect all LE certs - set_fact: + ansible.builtin.set_fact: haproxy_wanted_acme_domains: "{{ haproxy_wanted_acme_domains }} + {{ (item.ssl | default([])).acme_domains | default([]) }}" loop: "{{ haproxy_frontends }}" when: haproxy_frontends is defined - name: Check if haproxy backend is already configured - lineinfile: + ansible.builtin.lineinfile: path: /etc/haproxy/haproxy.cfg line: "backend {{ haproxy_acme_backend_name }}" state: present @@ -34,7 +34,7 @@ ## ASSEMBLE CONFIG - FRONTEND - name: 'Create directory for the frontend' - file: + ansible.builtin.file: path: "{{ haproxy_config_dir }}/frontends.d" state: directory owner: root @@ -42,21 +42,21 @@ mode: 0755 - name: "List files for the frontends" - find: + ansible.builtin.find: paths: "{{ haproxy_config_dir }}/frontends.d" patterns: "*.cfg" register: directory_contents changed_when: false - name: "Remove unmanaged files for the frontends" - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent when: (item.path | basename) not in (haproxy_frontends | json_query('[*].name') | map('regex_replace', '(^.*$)', '\\1.cfg') | list) loop: "{{ directory_contents.files }}" - name: 'Build up the frontends' - template: + ansible.builtin.template: src: "frontend.cfg" dest: "{{ haproxy_config_dir }}/frontends.d/{{ item.name }}.cfg" owner: root @@ -68,7 +68,7 @@ ## ASSEMBLE CONFIG - BACKEND - name: 'Create directory for the backends' - file: + ansible.builtin.file: path: "{{ haproxy_config_dir }}/backends.d" state: directory owner: root @@ -76,21 +76,21 @@ mode: 0755 - name: "List files for the backends" - find: + ansible.builtin.find: paths: "{{ haproxy_config_dir }}/backends.d" patterns: "*.cfg" register: directory_contents changed_when: false - name: "Remove unmanaged files for the backends" - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent when: (item.path | basename) not in (haproxy_backends | json_query('[*].name') | map('regex_replace', '(^.*$)', '\\1.cfg') | list) loop: "{{ directory_contents.files }}" - name: 'Build up the backends' - template: + ansible.builtin.template: src: "backend.cfg" dest: "{{ haproxy_config_dir }}/backends.d/{{ item.name }}.cfg" owner: root @@ -102,7 +102,7 @@ ## ASSEMBLE CONFIG - LISTEN - name: 'Create directory for the listen sections' - file: + ansible.builtin.file: path: "{{ haproxy_config_dir }}/listen.d" state: directory owner: root @@ -110,21 +110,21 @@ mode: 0755 - name: "List files the listen sections" - find: + ansible.builtin.find: paths: "{{ haproxy_config_dir }}/listen.d" patterns: "*.cfg" register: directory_contents changed_when: false - name: "Remove unmanaged files the listen sections" - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent when: (item.path | basename) not in (haproxy_listen | json_query('[*].name') | map('regex_replace', '(^.*$)', '\\1.cfg') | list) loop: "{{ directory_contents.files }}" - name: 'Build up the listen sections' - template: + ansible.builtin.template: src: "listen.cfg" dest: "{{ haproxy_config_dir }}/listen.d/{{ item.name }}.cfg" owner: root @@ -136,7 +136,7 @@ ## ASSEMBLE CONFIG - USERLIST - name: 'Create directory for the userlists' - file: + ansible.builtin.file: path: "{{ haproxy_config_dir }}/userlists.d" state: directory owner: root @@ -144,21 +144,21 @@ mode: 0755 - name: "List files for the userlists" - find: + ansible.builtin.find: paths: "{{ haproxy_config_dir }}/userlists.d" patterns: "*.cfg" register: directory_contents changed_when: false - name: "Remove unmanaged files for the userlists" - file: + ansible.builtin.file: path: "{{ item.path }}" state: absent when: (item.path | basename) not in (haproxy_userlists | json_query('[*].name') | map('regex_replace', '(^.*$)', '\\1.cfg') | list) loop: "{{ directory_contents.files }}" - name: 'Build up the userlist sections' - template: + ansible.builtin.template: src: userlist.cfg dest: "{{ haproxy_config_dir }}/userlists.d/{{ item.name }}.cfg" owner: root @@ -170,7 +170,7 @@ ## ASSEMBLE CONFIG - GLOBAL & DEFAULT - name: 'Create the compiled folder' - file: + ansible.builtin.file: path: "{{ haproxy_config_dir }}/compiled" state: directory owner: root @@ -178,11 +178,11 @@ mode: 0755 - name: 'Merge global config' - set_fact: + ansible.builtin.set_fact: haproxy_global_final: "{{ _haproxy_global | combine(haproxy_global, recursive=true) }}" - name: 'Build up the global config' - template: + ansible.builtin.template: src: "global.cfg" dest: "{{ haproxy_config_dir }}/compiled/01-global.cfg" owner: root @@ -190,11 +190,11 @@ mode: 0644 - name: 'Merge default config' - set_fact: + ansible.builtin.set_fact: haproxy_defaults_final: "{{ _haproxy_defaults | combine(haproxy_defaults, recursive=true) }}" - name: 'Build up the default config' - template: + ansible.builtin.template: src: "defaults.cfg" dest: "{{ haproxy_config_dir }}/compiled/02-defaults.cfg" owner: root @@ -205,7 +205,7 @@ ## ASSEMBLE FINAL CONFIG - name: 'Assemble the backends configuration file' - assemble: + ansible.builtin.assemble: src: "{{ haproxy_config_dir }}/backends.d" dest: "{{ haproxy_config_dir }}/compiled/03-backends.cfg" owner: root @@ -213,7 +213,7 @@ mode: 0644 - name: 'Assemble the frontends configuration file' - assemble: + ansible.builtin.assemble: src: "{{ haproxy_config_dir }}/frontends.d" dest: "{{ haproxy_config_dir }}/compiled/04-frontends.cfg" owner: root @@ -221,7 +221,7 @@ mode: 0644 - name: 'Assemble the listen sections configuration file' - assemble: + ansible.builtin.assemble: src: "{{ haproxy_config_dir }}/listen.d" dest: "{{ haproxy_config_dir }}/compiled/05-listen.cfg" owner: root @@ -229,7 +229,7 @@ mode: 0644 - name: 'Assemble the userlists sections configuration file' - assemble: + ansible.builtin.assemble: src: "{{ haproxy_config_dir }}/userlists.d" dest: "{{ haproxy_config_dir }}/compiled/06-userlists.cfg" owner: root @@ -237,7 +237,7 @@ mode: 0644 - name: 'Assemble the final configuration file' - assemble: + ansible.builtin.assemble: src: "{{ haproxy_config_dir }}/compiled" dest: "{{ haproxy_config_file }}" owner: root diff --git a/tasks/install.yml b/tasks/install.yml index 32bc0f2..a62b056 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,58 +1,58 @@ --- - name: Add HAProxy 2.6 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.6' state: present - name: Remove HAProxy 2.5 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.5' state: absent - name: Remove HAProxy 2.4 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.4' state: absent - name: Remove HAProxy 2.3 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.3' state: absent - name: Remove HAProxy 2.2 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.2' state: absent - name: Remove HAProxy 2.1 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.1' state: absent - name: Remove HAProxy 2.0 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-2.0' state: absent - name: Remove HAProxy 1.8 PPA - apt_repository: + ansible.builtin.apt_repository: repo: 'ppa:vbernat/haproxy-1.8' state: absent - name: Install HAProxy - apt: + ansible.builtin.apt: name: "haproxy=2.6.*" state: present update_cache: true - name: 'Enable haproxy unit' - systemd: + ansible.builtin.systemd: name: haproxy enabled: true - name: 'Ensure chroot directory exists' - file: + ansible.builtin.file: name: "{{ haproxy_global.chroot }}" state: directory owner: root @@ -61,7 +61,7 @@ when: haproxy_global.chroot is defined and haproxy_global.chroot - name: Create service override directory - file: + ansible.builtin.file: path: /etc/systemd/system/haproxy.service.d state: directory owner: root @@ -69,7 +69,7 @@ mode: 0755 - name: Copy service override - copy: + ansible.builtin.copy: dest: /etc/systemd/system/haproxy.service.d/override.conf content: | [Unit] diff --git a/tasks/standalone_tls.yml b/tasks/standalone_tls.yml index 32e7a17..79a8fc0 100644 --- a/tasks/standalone_tls.yml +++ b/tasks/standalone_tls.yml @@ -1,6 +1,6 @@ --- - name: Copy temporary haproxy.cfg - template: + ansible.builtin.template: src: tls_temp.cfg dest: /etc/haproxy/haproxy.cfg owner: root @@ -8,6 +8,6 @@ mode: 0644 - name: Restart haproxy - systemd: + ansible.builtin.systemd: name: haproxy state: restarted diff --git a/tasks/tls.yml b/tasks/tls.yml index d57b5b8..864fc6c 100644 --- a/tasks/tls.yml +++ b/tasks/tls.yml @@ -1,11 +1,11 @@ --- - name: "<{{ item }}> Gather Cert stats" - stat: + ansible.builtin.stat: path: "/var/lib/acme/live/{{ item }}/haproxy" register: cert - name: "<{{ item }}> Run acmetool (Make sure your system is accessible from the internet!)" - shell: "acmetool want --batch {{ item }}" + ansible.builtin.command: "acmetool want --batch {{ item }}" register: result changed_when: "result.stdout" when: not cert.stat.exists -- GitLab