From b97263aae6b82681c33e71b9e6509f12b1378371 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 27 Mar 2022 18:54:24 -0700 Subject: [PATCH] use FQCN across the board --- adhoc-ipabinder.yml | 8 ++++---- adhoc-ipadnsrecord.yml | 2 +- adhoc-ipadnszone.yml | 2 +- adhoc-ipagetkeytab.yml | 26 +++++++++++++------------- adhoc-ipagroup.yml | 2 +- adhoc-ipaservice.yml | 2 +- adhoc-ipauser-disable-pdr.yml | 2 +- adhoc-ipauser-disable.yml | 2 +- adhoc-ipauser-enable.yml | 2 +- adhoc-ipauser.yml | 2 +- collections/requirements.yml | 3 +++ import-rockyusers.yml | 6 +++--- init-rocky-ipa-internal-dns.yml | 2 +- init-rocky-ipa-team.yml | 2 +- role-rocky-ipa-client.yml | 6 +++--- role-rocky-ipa-replica.yml | 8 ++++---- role-rocky-ipa.yml | 8 ++++---- roles/requirements.yml | 1 + 18 files changed, 45 insertions(+), 41 deletions(-) diff --git a/adhoc-ipabinder.yml b/adhoc-ipabinder.yml index 7a6a10c..26f79b7 100644 --- a/adhoc-ipabinder.yml +++ b/adhoc-ipabinder.yml @@ -11,7 +11,7 @@ tasks: - name: "Check for user variables" - assert: + ansible.builtin.assert: that: - ipa_binder_name | mandatory - ipa_binder_password | mandatory @@ -19,7 +19,7 @@ fail_msg: "We are missing user information" - name: "Creating bind account template - binder" - template: + ansible.builtin.template: src: "tmp/binder_template.update" dest: "/tmp/binder.update" owner: root @@ -29,14 +29,14 @@ - users - name: "Adding in the bind account" - command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" + ansible.builtin.command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" register: bind_account changed_when: "bind_account.rc == 0" tags: - users - name: "Remove template" - file: + ansible.builtin.file: path: "/tmp/binder.update" state: absent ... diff --git a/adhoc-ipadnsrecord.yml b/adhoc-ipadnsrecord.yml index 3edf935..79f70ad 100644 --- a/adhoc-ipadnsrecord.yml +++ b/adhoc-ipadnsrecord.yml @@ -18,7 +18,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipaadmin_password | mandatory - ipa_zone | mandatory diff --git a/adhoc-ipadnszone.yml b/adhoc-ipadnszone.yml index 23c75ff..365a135 100644 --- a/adhoc-ipadnszone.yml +++ b/adhoc-ipadnszone.yml @@ -10,7 +10,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipagetkeytab.yml b/adhoc-ipagetkeytab.yml index ef24c63..73d8e2e 100644 --- a/adhoc-ipagetkeytab.yml +++ b/adhoc-ipagetkeytab.yml @@ -20,7 +20,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory @@ -31,14 +31,14 @@ fail_msg: "We are missing required information" - name: "Check that a keytab doesn't already exist" - stat: + ansible.builtin.stat: path: "{{ ipa_keytab_fullpath }}" register: keytab_status check_mode: false changed_when: "1 != 1" - name: "Verify keytab existence" - assert: + ansible.builtin.assert: that: - "not keytab_status.stat.exists" success_msg: "Keytab doesn't exist, moving on..." @@ -70,14 +70,14 @@ - name: "Get kerberos ticket" delegate_to: "{{ ipa_server }}" - shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" + ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" check_mode: false changed_when: "1 != 1" when: not keytab_status.stat.exists - name: "Attempt to retrieve keytab" delegate_to: "{{ ipa_server }}" - command: "ipa-getkeytab -r -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" + ansible.builtin.command: "ipa-getkeytab -r -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" register: ret_result check_mode: false changed_when: "1 != 1" @@ -85,30 +85,30 @@ - name: "Create keytab if it didn't exist, based on the last task" delegate_to: "{{ ipa_server }}" - command: "ipa-getkeytab -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" + ansible.builtin.command: "ipa-getkeytab -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" when: "'krbPrincipalKey not found' in ret_result.stderr" - name: "Destroy admin ticket" delegate_to: "{{ ipa_server }}" - command: "kdestroy -A" + ansible.builtin.command: "kdestroy -A" register: kdestroy_result changed_when: "kdestroy_result.rc == 0" - name: "Put the keytab into a register" delegate_to: "{{ ipa_server }}" - command: "base64 /tmp/{{ host }}.kt" + ansible.builtin.command: "base64 /tmp/{{ host }}.kt" register: keytab check_mode: false changed_when: "keytab.rc == 0" - name: "Destroy local keytab" delegate_to: "{{ ipa_server }}" - file: + ansible.builtin.file: path: "/tmp/{{ host }}.kt" state: absent - name: "Deploy keytab to {{ host }} from register" - copy: + ansible.builtin.copy: dest: "{{ ipa_keytab_fullpath }}.b64" content: "{{ keytab.stdout }}" owner: "{{ ipa_owner|default('root') }}" @@ -116,16 +116,16 @@ mode: '0600' - name: "Decode keytab" - shell: "umask 077 && base64 -d {{ ipa_keytab_fullpath }}.b64 > {{ ipa_keytab_fullpath }}" + ansible.builtin.shell: "umask 077 && base64 -d {{ ipa_keytab_fullpath }}.b64 > {{ ipa_keytab_fullpath }}" changed_when: "1 != 1" - name: "Destroy encoded keytab" - file: + ansible.builtin.file: path: "{{ ipa_keytab_fullpath }}.b64" state: absent - name: "Set ownership if applicable, otherwise it's root owned" - file: + ansible.builtin.file: path: "{{ ipa_keytab_fullpath }}" owner: "{{ ipa_owner|default('root') }}" group: "{{ ipa_owner|default('root') }}" diff --git a/adhoc-ipagroup.yml b/adhoc-ipagroup.yml index a0533e2..3aa49e1 100644 --- a/adhoc-ipagroup.yml +++ b/adhoc-ipagroup.yml @@ -14,7 +14,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipaservice.yml b/adhoc-ipaservice.yml index 05bcb07..83caa21 100644 --- a/adhoc-ipaservice.yml +++ b/adhoc-ipaservice.yml @@ -9,7 +9,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipauser-disable-pdr.yml b/adhoc-ipauser-disable-pdr.yml index 4623e86..bf2435c 100644 --- a/adhoc-ipauser-disable-pdr.yml +++ b/adhoc-ipauser-disable-pdr.yml @@ -13,7 +13,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipauser-disable.yml b/adhoc-ipauser-disable.yml index 7aac935..08455df 100644 --- a/adhoc-ipauser-disable.yml +++ b/adhoc-ipauser-disable.yml @@ -9,7 +9,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipauser-enable.yml b/adhoc-ipauser-enable.yml index 21c8fd7..948dffd 100644 --- a/adhoc-ipauser-enable.yml +++ b/adhoc-ipauser-enable.yml @@ -9,7 +9,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/adhoc-ipauser.yml b/adhoc-ipauser.yml index e1cb0aa..df8c50f 100644 --- a/adhoc-ipauser.yml +++ b/adhoc-ipauser.yml @@ -9,7 +9,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipa_admin | mandatory - ipaadmin_password | mandatory diff --git a/collections/requirements.yml b/collections/requirements.yml index 7a1d4d0..6a12dc8 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -2,3 +2,6 @@ # Collections collections: - name: freeipa.ansible_freeipa + - name: community.general + - name: ansible.posix +... diff --git a/import-rockyusers.yml b/import-rockyusers.yml index 50e01f4..296ea91 100644 --- a/import-rockyusers.yml +++ b/import-rockyusers.yml @@ -48,7 +48,7 @@ - users - name: "Creating bind account template - binder" - template: + ansible.builtin.template: src: "tmp/binder.update" dest: "/tmp/binder.update" owner: root @@ -58,14 +58,14 @@ - users - name: "Adding in the bind account - binder" - command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" + ansible.builtin.command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" register: bind_account changed_when: "bind_account.rc == 0" tags: - users - name: "Remove template" - file: + ansible.builtin.file: path: "/tmp/binder.update" state: absent ... diff --git a/init-rocky-ipa-internal-dns.yml b/init-rocky-ipa-internal-dns.yml index fc87eef..09888ac 100644 --- a/init-rocky-ipa-internal-dns.yml +++ b/init-rocky-ipa-internal-dns.yml @@ -10,7 +10,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipaadmin_password | mandatory success_msg: "Required variables provided" diff --git a/init-rocky-ipa-team.yml b/init-rocky-ipa-team.yml index 48f5155..850cc59 100644 --- a/init-rocky-ipa-team.yml +++ b/init-rocky-ipa-team.yml @@ -13,7 +13,7 @@ tasks: - name: "Checking for user variables" - assert: + ansible.builtin.assert: that: - ipaadmin_password | mandatory - users | mandatory diff --git a/role-rocky-ipa-client.yml b/role-rocky-ipa-client.yml index bb43e38..34d4761 100644 --- a/role-rocky-ipa-client.yml +++ b/role-rocky-ipa-client.yml @@ -9,12 +9,12 @@ pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" @@ -32,7 +32,7 @@ post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/role-rocky-ipa-replica.yml b/role-rocky-ipa-replica.yml index ea5b033..6bc10bb 100644 --- a/role-rocky-ipa-replica.yml +++ b/role-rocky-ipa-replica.yml @@ -11,19 +11,19 @@ pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Ensure 'dns=none' is set for Network Manager - ini_file: + community.general.ini_file: path: /etc/NetworkManager/NetworkManager.conf state: present no_extra_spaces: true @@ -43,7 +43,7 @@ post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/role-rocky-ipa.yml b/role-rocky-ipa.yml index e2055f8..630c8e1 100644 --- a/role-rocky-ipa.yml +++ b/role-rocky-ipa.yml @@ -16,19 +16,19 @@ pre_tasks: - name: Check if ansible cannot be run here - stat: + ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible - assert: + ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" - name: Ensure 'dns=none' is set for Network Manager to avoid change - ini_file: + community.general.ini_file: path: /etc/NetworkManager/NetworkManager.conf state: present no_extra_spaces: true @@ -48,7 +48,7 @@ post_tasks: - name: Touching run file that ansible has ran here - file: + ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' diff --git a/roles/requirements.yml b/roles/requirements.yml index 873eeb3..791b158 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -4,3 +4,4 @@ roles: - name: rockylinux.ipagetcert src: https://github.com/rocky-linux/ansible-role-ipa-getcert version: main +...