From fcdf86b31c586d74b0ad5bdad7efa4fa79f48722 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 29 Aug 2021 22:02:24 -0700 Subject: [PATCH] Linting and Formatting This commit appends the README.md to state that yaml files should start with `---` and end with `...`. This also addresses some linting warnings that were not appearing during pre-commit on local system. --- ansible/README.md | 16 ++++++++++++++ .../group_vars/chronyservers/main.yml | 1 + .../production/group_vars/ipa/main.yml | 3 +++ .../production/group_vars/ipaclients/main.yml | 1 + .../group_vars/ipareplicas/main.yml | 1 + .../production/group_vars/ipaserver/main.yml | 1 + .../production/group_vars/rabbitmq/main.yml | 1 + .../staging/group_vars/chronyservers/main.yml | 1 + .../staging/group_vars/ipa/main.yml | 3 +++ .../staging/group_vars/ipaclients/main.yml | 1 + .../staging/group_vars/ipareplicas/main.yml | 1 + .../staging/group_vars/ipaserver/main.yml | 1 + .../staging/group_vars/rabbitmq/main.yml | 1 + ansible/playbooks/adhoc-facts-refresh.yml | 1 + .../playbooks/adhoc-gitlab-creategroup.yml | 1 + .../playbooks/adhoc-gitlab-createproject.yml | 1 + .../playbooks/adhoc-gitlab-deletegroup.yml | 1 + .../playbooks/adhoc-gitlab-deleteproject.yml | 1 + ansible/playbooks/adhoc-ipabinder.yml | 1 + ansible/playbooks/adhoc-ipadnsrecord.yml | 1 + ansible/playbooks/adhoc-ipadnszone.yml | 1 + ansible/playbooks/adhoc-ipagetcert.yml | 1 + ansible/playbooks/adhoc-ipagetkeytab.yml | 1 + ansible/playbooks/adhoc-ipagroup.yml | 1 + ansible/playbooks/adhoc-ipaservice.yml | 1 + .../playbooks/adhoc-ipauser-disable-pdr.yml | 1 + ansible/playbooks/adhoc-ipauser-disable.yml | 1 + ansible/playbooks/adhoc-ipauser-enable.yml | 1 + ansible/playbooks/adhoc-ipauser.yml | 1 + ansible/playbooks/adhoc-rabbitmqqueue.yml | 1 + ansible/playbooks/adhoc-rabbitmquser.yml | 1 + ansible/playbooks/handlers/main.yml | 1 + ansible/playbooks/import-rockygroups.yml | 1 + ansible/playbooks/import-rockyipaprivs.yml | 1 + ansible/playbooks/import-rockypwpolicy.yml | 1 + ansible/playbooks/import-rockysudo.yml | 1 + ansible/playbooks/import-rockyusers.yml | 1 + .../playbooks/init-rocky-account-services.yml | 1 + ansible/playbooks/init-rocky-ansible-host.yml | 21 ++++++++++--------- ansible/playbooks/init-rocky-bugzilla.yml | 1 + .../playbooks/init-rocky-builder-postfix.yml | 1 + ansible/playbooks/init-rocky-chrony.yml | 1 + .../init-rocky-install-kvm-hosts.yml | 1 + .../playbooks/init-rocky-ipa-internal-dns.yml | 1 + ansible/playbooks/init-rocky-ipa-team.yml | 1 + .../playbooks/init-rocky-koji-ecosystem.yml | 1 + ansible/playbooks/init-rocky-mantisbt.yml | 1 + ansible/playbooks/init-rocky-noggin-theme.yml | 1 + ansible/playbooks/init-rocky-noggin.yml | 1 + ansible/playbooks/init-rocky-repo-servers.yml | 1 + .../playbooks/init-rocky-system-config.yml | 1 + .../role-rocky-bootstrap_staging.yml | 1 + ansible/playbooks/role-rocky-gitlab-ee.yml | 1 + .../playbooks/role-rocky-gitlab-runner.yml | 1 + ansible/playbooks/role-rocky-graylog.yml | 1 + ansible/playbooks/role-rocky-ipa-client.yml | 1 + ansible/playbooks/role-rocky-ipa-replica.yml | 1 + ansible/playbooks/role-rocky-ipa.yml | 1 + ansible/playbooks/role-rocky-ipsilon.yml | 1 + .../playbooks/role-rocky-kojid-staging.yml | 1 + ansible/playbooks/role-rocky-kojid.yml | 1 + .../playbooks/role-rocky-kojihub-staging.yml | 1 + ansible/playbooks/role-rocky-kojihub.yml | 1 + ansible/playbooks/role-rocky-monitoring.yml | 5 +++-- ansible/playbooks/role-rocky-mqtt.yml | 1 + .../playbooks/role-rocky-node_exporter.yml | 1 + ansible/playbooks/role-rocky-pinnwand.yml | 9 ++++---- ansible/playbooks/role-rocky-rabbitmq.yml | 1 + ansible/playbooks/role-rocky-repopool.yml | 1 + ansible/playbooks/role-rocky-sigul-bridge.yml | 1 + ansible/playbooks/role-rocky-sigul-server.yml | 1 + ansible/playbooks/role-rocky-srpmproc.yml | 1 + ansible/playbooks/role-rocky-wikijs.yml | 3 ++- ansible/playbooks/tasks/account_services.yml | 1 + ansible/playbooks/tasks/auditd.yml | 1 + ansible/playbooks/tasks/authentication.yml | 1 + ansible/playbooks/tasks/bugzilla.yml | 1 + ansible/playbooks/tasks/bugzilla_install.yml | 1 + ansible/playbooks/tasks/chrony.yml | 1 + ansible/playbooks/tasks/efs_mount.yml | 15 +++++++------ .../playbooks/tasks/gitlab-reconfigure.yml | 1 + ansible/playbooks/tasks/gitlab-runner.yml | 5 +++-- ansible/playbooks/tasks/grub.yml | 1 + ansible/playbooks/tasks/harden.yml | 1 + ansible/playbooks/tasks/init-koji.yml | 7 ++++--- ansible/playbooks/tasks/koji_efs.yml | 3 ++- ansible/playbooks/tasks/main.yml | 1 + ansible/playbooks/tasks/mantis.yml | 1 + ansible/playbooks/tasks/mantispatch.yml | 1 + ansible/playbooks/tasks/noggin.yml | 1 + ansible/playbooks/tasks/postfix_relay.yml | 1 + .../playbooks/tasks/rabbitmq-reconfigure.yml | 1 + ansible/playbooks/tasks/repository.yml | 1 + ansible/playbooks/tasks/scripts.yml | 1 + ansible/playbooks/tasks/srpmproc.yml | 1 + ansible/playbooks/tasks/ssh_config.yml | 1 + .../tasks/variable_loader_common.yml | 1 + ansible/playbooks/vars/RedHat.yml | 1 + ansible/playbooks/vars/bugzilla.yml | 1 + ansible/playbooks/vars/buildsys.yml | 1 + ansible/playbooks/vars/chrony.yml | 1 + ansible/playbooks/vars/chronyserver.yml | 1 + ansible/playbooks/vars/common.yml | 1 + ansible/playbooks/vars/gitlab.yml | 1 + ansible/playbooks/vars/gitlab_runner.yml | 1 + ansible/playbooks/vars/graylog.yml | 1 + ansible/playbooks/vars/ipa/adminusers.yml | 1 + ansible/playbooks/vars/ipa/agreements.yml | 1 + ansible/playbooks/vars/ipa/fdns.yml | 1 + ansible/playbooks/vars/ipa/groups.yml | 1 + ansible/playbooks/vars/ipa/ipaclient.yml | 1 + ansible/playbooks/vars/ipa/ipaprivs.yml | 1 + ansible/playbooks/vars/ipa/ipareplica.yml | 1 + ansible/playbooks/vars/ipa/ipaserver.yml | 1 + ansible/playbooks/vars/ipa/rdns.yml | 1 + ansible/playbooks/vars/ipa/sudorules.yml | 1 + ansible/playbooks/vars/ipa/svcusers.yml | 1 + ansible/playbooks/vars/ipa/users.yml | 1 + ansible/playbooks/vars/ipaserver.yml | 1 + ansible/playbooks/vars/ipsilon.yml | 1 + ansible/playbooks/vars/mantis.yml | 1 + ansible/playbooks/vars/matterbridge.yml | 1 + ansible/playbooks/vars/monitoring.yml | 1 + .../vars/mounts/bootstrap_staging.yml | 1 + ansible/playbooks/vars/mounts/repopool.yml | 1 + ansible/playbooks/vars/mounts/srpmproc.yml | 1 + ansible/playbooks/vars/mqtt.yml | 1 + ansible/playbooks/vars/pinnwand.yml | 1 + .../playbooks/vars/production/koji-common.yml | 1 + ansible/playbooks/vars/production/kojid.yml | 1 + ansible/playbooks/vars/production/kojihub.yml | 3 ++- ansible/playbooks/vars/rabbitmq.yml | 9 ++++---- ansible/playbooks/vars/sigul_bridge.yml | 1 + ansible/playbooks/vars/sigul_server.yml | 1 + .../playbooks/vars/staging/koji-common.yml | 1 + ansible/playbooks/vars/staging/kojid.yml | 1 + ansible/playbooks/vars/staging/kojihub.yml | 3 ++- ansible/playbooks/vars/wikijs.yml | 1 + ansible/roles/requirements.yml | 1 + 139 files changed, 193 insertions(+), 37 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 536ac08..eded3be 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run When the linter passes, the push will complete and you will be able to open a PR. +## General YAML Formatting + +It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file. + +### Plugin and Formatting Assistance + +The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful: + +``` +stephpy/vim-yaml +pearofducks/ansible-vim +vim-syntastic/syntastic +``` + +These can be installed using [vim-plug](https://github.com/junegunn/vim-plug). + ## Initializing the Ansible Host When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run. diff --git a/ansible/inventories/production/group_vars/chronyservers/main.yml b/ansible/inventories/production/group_vars/chronyservers/main.yml index 354d2aa..58b4ddf 100644 --- a/ansible/inventories/production/group_vars/chronyservers/main.yml +++ b/ansible/inventories/production/group_vars/chronyservers/main.yml @@ -2,3 +2,4 @@ chrony_server: true chrony_allow_cidr: "10.0.0.0/16" +... diff --git a/ansible/inventories/production/group_vars/ipa/main.yml b/ansible/inventories/production/group_vars/ipa/main.yml index e69de29..f968b2e 100644 --- a/ansible/inventories/production/group_vars/ipa/main.yml +++ b/ansible/inventories/production/group_vars/ipa/main.yml @@ -0,0 +1,3 @@ +--- +# ipa vars +... diff --git a/ansible/inventories/production/group_vars/ipaclients/main.yml b/ansible/inventories/production/group_vars/ipaclients/main.yml index abd0ae9..24b45f3 100644 --- a/ansible/inventories/production/group_vars/ipaclients/main.yml +++ b/ansible/inventories/production/group_vars/ipaclients/main.yml @@ -7,3 +7,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true +... diff --git a/ansible/inventories/production/group_vars/ipareplicas/main.yml b/ansible/inventories/production/group_vars/ipareplicas/main.yml index 13ab775..e0cc521 100644 --- a/ansible/inventories/production/group_vars/ipareplicas/main.yml +++ b/ansible/inventories/production/group_vars/ipareplicas/main.yml @@ -10,3 +10,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipa_dns_master: 10.100.1.110 +... diff --git a/ansible/inventories/production/group_vars/ipaserver/main.yml b/ansible/inventories/production/group_vars/ipaserver/main.yml index c09acd8..9915f7d 100644 --- a/ansible/inventories/production/group_vars/ipaserver/main.yml +++ b/ansible/inventories/production/group_vars/ipaserver/main.yml @@ -13,3 +13,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] +... diff --git a/ansible/inventories/production/group_vars/rabbitmq/main.yml b/ansible/inventories/production/group_vars/rabbitmq/main.yml index 16dd22f..ef073a9 100644 --- a/ansible/inventories/production/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/production/group_vars/rabbitmq/main.yml @@ -3,3 +3,4 @@ rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "production" +... diff --git a/ansible/inventories/staging/group_vars/chronyservers/main.yml b/ansible/inventories/staging/group_vars/chronyservers/main.yml index 354d2aa..58b4ddf 100644 --- a/ansible/inventories/staging/group_vars/chronyservers/main.yml +++ b/ansible/inventories/staging/group_vars/chronyservers/main.yml @@ -2,3 +2,4 @@ chrony_server: true chrony_allow_cidr: "10.0.0.0/16" +... diff --git a/ansible/inventories/staging/group_vars/ipa/main.yml b/ansible/inventories/staging/group_vars/ipa/main.yml index e69de29..f968b2e 100644 --- a/ansible/inventories/staging/group_vars/ipa/main.yml +++ b/ansible/inventories/staging/group_vars/ipa/main.yml @@ -0,0 +1,3 @@ +--- +# ipa vars +... diff --git a/ansible/inventories/staging/group_vars/ipaclients/main.yml b/ansible/inventories/staging/group_vars/ipaclients/main.yml index abd0ae9..24b45f3 100644 --- a/ansible/inventories/staging/group_vars/ipaclients/main.yml +++ b/ansible/inventories/staging/group_vars/ipaclients/main.yml @@ -7,3 +7,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true +... diff --git a/ansible/inventories/staging/group_vars/ipareplicas/main.yml b/ansible/inventories/staging/group_vars/ipareplicas/main.yml index 13ab775..e0cc521 100644 --- a/ansible/inventories/staging/group_vars/ipareplicas/main.yml +++ b/ansible/inventories/staging/group_vars/ipareplicas/main.yml @@ -10,3 +10,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipa_dns_master: 10.100.1.110 +... diff --git a/ansible/inventories/staging/group_vars/ipaserver/main.yml b/ansible/inventories/staging/group_vars/ipaserver/main.yml index c09acd8..9915f7d 100644 --- a/ansible/inventories/staging/group_vars/ipaserver/main.yml +++ b/ansible/inventories/staging/group_vars/ipaserver/main.yml @@ -13,3 +13,4 @@ ipaclient_no_ntp: true ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] +... diff --git a/ansible/inventories/staging/group_vars/rabbitmq/main.yml b/ansible/inventories/staging/group_vars/rabbitmq/main.yml index efe73c5..5806cc1 100644 --- a/ansible/inventories/staging/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/staging/group_vars/rabbitmq/main.yml @@ -3,3 +3,4 @@ rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "staging" +... diff --git a/ansible/playbooks/adhoc-facts-refresh.yml b/ansible/playbooks/adhoc-facts-refresh.yml index 4a9e645..b43b928 100644 --- a/ansible/playbooks/adhoc-facts-refresh.yml +++ b/ansible/playbooks/adhoc-facts-refresh.yml @@ -5,3 +5,4 @@ - name: Force a fact refresh to have those available in local cache setup: gather_timeout: 30 +... diff --git a/ansible/playbooks/adhoc-gitlab-creategroup.yml b/ansible/playbooks/adhoc-gitlab-creategroup.yml index 8eb15ea..7ffdfd3 100644 --- a/ansible/playbooks/adhoc-gitlab-creategroup.yml +++ b/ansible/playbooks/adhoc-gitlab-creategroup.yml @@ -38,3 +38,4 @@ visibility: "{{ gitlab_visibility|default('private') }}" delegate_to: localhost register: gitlab_group_return +... diff --git a/ansible/playbooks/adhoc-gitlab-createproject.yml b/ansible/playbooks/adhoc-gitlab-createproject.yml index 8c40715..c29c3ae 100644 --- a/ansible/playbooks/adhoc-gitlab-createproject.yml +++ b/ansible/playbooks/adhoc-gitlab-createproject.yml @@ -41,3 +41,4 @@ validate_certs: true visibility: "{{ gitlab_visibility|default('private') }}" delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-gitlab-deletegroup.yml b/ansible/playbooks/adhoc-gitlab-deletegroup.yml index c0a4f34..cbc185f 100644 --- a/ansible/playbooks/adhoc-gitlab-deletegroup.yml +++ b/ansible/playbooks/adhoc-gitlab-deletegroup.yml @@ -35,3 +35,4 @@ state: absent validate_certs: true delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-gitlab-deleteproject.yml b/ansible/playbooks/adhoc-gitlab-deleteproject.yml index 9dbc3a3..60463ee 100644 --- a/ansible/playbooks/adhoc-gitlab-deleteproject.yml +++ b/ansible/playbooks/adhoc-gitlab-deleteproject.yml @@ -35,3 +35,4 @@ state: absent validate_certs: true delegate_to: localhost +... diff --git a/ansible/playbooks/adhoc-ipabinder.yml b/ansible/playbooks/adhoc-ipabinder.yml index 7da5cd4..74b4304 100644 --- a/ansible/playbooks/adhoc-ipabinder.yml +++ b/ansible/playbooks/adhoc-ipabinder.yml @@ -39,3 +39,4 @@ file: path: "/tmp/binder.update" state: absent +... diff --git a/ansible/playbooks/adhoc-ipadnsrecord.yml b/ansible/playbooks/adhoc-ipadnsrecord.yml index 4c8ec9d..39f4a79 100644 --- a/ansible/playbooks/adhoc-ipadnsrecord.yml +++ b/ansible/playbooks/adhoc-ipadnsrecord.yml @@ -55,3 +55,4 @@ managedby: - "{{ ipa_name_value[:-1] }}" ignore_errors: true +... diff --git a/ansible/playbooks/adhoc-ipadnszone.yml b/ansible/playbooks/adhoc-ipadnszone.yml index b24f588..d2956dd 100644 --- a/ansible/playbooks/adhoc-ipadnszone.yml +++ b/ansible/playbooks/adhoc-ipadnszone.yml @@ -27,3 +27,4 @@ name: "{{ ipa_zone }}" tags: - dns +... diff --git a/ansible/playbooks/adhoc-ipagetcert.yml b/ansible/playbooks/adhoc-ipagetcert.yml index 8007411..6947810 100644 --- a/ansible/playbooks/adhoc-ipagetcert.yml +++ b/ansible/playbooks/adhoc-ipagetcert.yml @@ -32,3 +32,4 @@ roles: - role: rockylinux.ipagetcert state: present +... diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml index c89d3d7..b58e373 100644 --- a/ansible/playbooks/adhoc-ipagetkeytab.yml +++ b/ansible/playbooks/adhoc-ipagetkeytab.yml @@ -135,3 +135,4 @@ state: file tags: - keytab +... diff --git a/ansible/playbooks/adhoc-ipagroup.yml b/ansible/playbooks/adhoc-ipagroup.yml index 793eb11..4ab20cf 100644 --- a/ansible/playbooks/adhoc-ipagroup.yml +++ b/ansible/playbooks/adhoc-ipagroup.yml @@ -47,3 +47,4 @@ check_mode: false changed_when: "1 != 1" when: ipa_fas +... diff --git a/ansible/playbooks/adhoc-ipaservice.yml b/ansible/playbooks/adhoc-ipaservice.yml index d4f0fd5..3014bc1 100644 --- a/ansible/playbooks/adhoc-ipaservice.yml +++ b/ansible/playbooks/adhoc-ipaservice.yml @@ -28,3 +28,4 @@ force: "{{ ipa_force | default(false) }}" tags: - services +... diff --git a/ansible/playbooks/adhoc-ipauser-disable-pdr.yml b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml index a5fc316..57996c4 100644 --- a/ansible/playbooks/adhoc-ipauser-disable-pdr.yml +++ b/ansible/playbooks/adhoc-ipauser-disable-pdr.yml @@ -82,3 +82,4 @@ server_uri: ldap://localhost/ bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_pw: "{{ ipaadmin_password }}" +... diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml index dd0153b..1aed0fb 100644 --- a/ansible/playbooks/adhoc-ipauser-disable.yml +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -27,3 +27,4 @@ state: disabled tags: - users +... diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml index 1ccea7e..7eae854 100644 --- a/ansible/playbooks/adhoc-ipauser-enable.yml +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -27,3 +27,4 @@ state: enabled tags: - users +... diff --git a/ansible/playbooks/adhoc-ipauser.yml b/ansible/playbooks/adhoc-ipauser.yml index 2019125..4f6e9ee 100644 --- a/ansible/playbooks/adhoc-ipauser.yml +++ b/ansible/playbooks/adhoc-ipauser.yml @@ -38,3 +38,4 @@ update_password: on_create tags: - users +... diff --git a/ansible/playbooks/adhoc-rabbitmqqueue.yml b/ansible/playbooks/adhoc-rabbitmqqueue.yml index 5be4723..14355c1 100644 --- a/ansible/playbooks/adhoc-rabbitmqqueue.yml +++ b/ansible/playbooks/adhoc-rabbitmqqueue.yml @@ -85,3 +85,4 @@ loop_var: routing_item tags: - rabbitmq +... diff --git a/ansible/playbooks/adhoc-rabbitmquser.yml b/ansible/playbooks/adhoc-rabbitmquser.yml index 14b326b..df454dc 100644 --- a/ansible/playbooks/adhoc-rabbitmquser.yml +++ b/ansible/playbooks/adhoc-rabbitmquser.yml @@ -33,3 +33,4 @@ state: present tags: - rabbitmq +... diff --git a/ansible/playbooks/handlers/main.yml b/ansible/playbooks/handlers/main.yml index 83aa26b..43de0a9 100644 --- a/ansible/playbooks/handlers/main.yml +++ b/ansible/playbooks/handlers/main.yml @@ -45,3 +45,4 @@ service: name: postfix state: restarted +... diff --git a/ansible/playbooks/import-rockygroups.yml b/ansible/playbooks/import-rockygroups.yml index 46eb8c7..6f9dcec 100644 --- a/ansible/playbooks/import-rockygroups.yml +++ b/ansible/playbooks/import-rockygroups.yml @@ -12,3 +12,4 @@ loop: "{{ ipagroups }}" tags: - groups +... diff --git a/ansible/playbooks/import-rockyipaprivs.yml b/ansible/playbooks/import-rockyipaprivs.yml index c6497b7..dd5d012 100644 --- a/ansible/playbooks/import-rockyipaprivs.yml +++ b/ansible/playbooks/import-rockyipaprivs.yml @@ -42,3 +42,4 @@ when: iparoles is defined tags: - rbac +... diff --git a/ansible/playbooks/import-rockypwpolicy.yml b/ansible/playbooks/import-rockypwpolicy.yml index 0759fea..df4e36b 100644 --- a/ansible/playbooks/import-rockypwpolicy.yml +++ b/ansible/playbooks/import-rockypwpolicy.yml @@ -14,3 +14,4 @@ loop: "{{ ipapwpolicies }}" tags: - groups +... diff --git a/ansible/playbooks/import-rockysudo.yml b/ansible/playbooks/import-rockysudo.yml index a9a3009..8705940 100644 --- a/ansible/playbooks/import-rockysudo.yml +++ b/ansible/playbooks/import-rockysudo.yml @@ -10,3 +10,4 @@ - rockyadm hostcat: all cmdcat: all +... diff --git a/ansible/playbooks/import-rockyusers.yml b/ansible/playbooks/import-rockyusers.yml index 8f7f20d..50e01f4 100644 --- a/ansible/playbooks/import-rockyusers.yml +++ b/ansible/playbooks/import-rockyusers.yml @@ -68,3 +68,4 @@ file: path: "/tmp/binder.update" state: absent +... diff --git a/ansible/playbooks/init-rocky-account-services.yml b/ansible/playbooks/init-rocky-account-services.yml index 312a4f7..16a9656 100644 --- a/ansible/playbooks/init-rocky-account-services.yml +++ b/ansible/playbooks/init-rocky-account-services.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-ansible-host.yml b/ansible/playbooks/init-rocky-ansible-host.yml index 5559fca..ebc5b58 100644 --- a/ansible/playbooks/init-rocky-ansible-host.yml +++ b/ansible/playbooks/init-rocky-ansible-host.yml @@ -8,16 +8,16 @@ collection_installation_dir: collections installation_prefix: ../ pre_tasks: -# example prepare ansible box for execution -# - name: install required pip modules on the host running ansible -# pip: -# name: -# - jmespath -# - netaddr -# - python-consul -# - pyvmomi -# - python-ldap -# - twine + # example prepare ansible box for execution + # - name: install required pip modules on the host running ansible + # pip: + # name: + # - jmespath + # - netaddr + # - python-consul + # - pyvmomi + # - python-ldap + # - twine - name: Remove existing public roles file: @@ -54,3 +54,4 @@ path: "../tmp/known_hosts" state: touch mode: "0644" +... diff --git a/ansible/playbooks/init-rocky-bugzilla.yml b/ansible/playbooks/init-rocky-bugzilla.yml index 081d8c1..600ff6a 100644 --- a/ansible/playbooks/init-rocky-bugzilla.yml +++ b/ansible/playbooks/init-rocky-bugzilla.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-builder-postfix.yml b/ansible/playbooks/init-rocky-builder-postfix.yml index 97bf800..3892d56 100644 --- a/ansible/playbooks/init-rocky-builder-postfix.yml +++ b/ansible/playbooks/init-rocky-builder-postfix.yml @@ -34,3 +34,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-chrony.yml b/ansible/playbooks/init-rocky-chrony.yml index d013d4b..dd0f6fa 100644 --- a/ansible/playbooks/init-rocky-chrony.yml +++ b/ansible/playbooks/init-rocky-chrony.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-install-kvm-hosts.yml b/ansible/playbooks/init-rocky-install-kvm-hosts.yml index a59dad5..fe5826d 100644 --- a/ansible/playbooks/init-rocky-install-kvm-hosts.yml +++ b/ansible/playbooks/init-rocky-install-kvm-hosts.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-ipa-internal-dns.yml b/ansible/playbooks/init-rocky-ipa-internal-dns.yml index 8772ba4..64eb00c 100644 --- a/ansible/playbooks/init-rocky-ipa-internal-dns.yml +++ b/ansible/playbooks/init-rocky-ipa-internal-dns.yml @@ -30,3 +30,4 @@ name: '{{ item }}' dynamic_update: true with_items: '{{ fdns }}' +... diff --git a/ansible/playbooks/init-rocky-ipa-team.yml b/ansible/playbooks/init-rocky-ipa-team.yml index d3bd6fc..02d3e54 100644 --- a/ansible/playbooks/init-rocky-ipa-team.yml +++ b/ansible/playbooks/init-rocky-ipa-team.yml @@ -33,3 +33,4 @@ - name: "Start privileges for services" import_tasks: import-rockyipaprivs.yml +... diff --git a/ansible/playbooks/init-rocky-koji-ecosystem.yml b/ansible/playbooks/init-rocky-koji-ecosystem.yml index f2f7a37..2668701 100644 --- a/ansible/playbooks/init-rocky-koji-ecosystem.yml +++ b/ansible/playbooks/init-rocky-koji-ecosystem.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-mantisbt.yml b/ansible/playbooks/init-rocky-mantisbt.yml index f5cc2bb..659bb3b 100644 --- a/ansible/playbooks/init-rocky-mantisbt.yml +++ b/ansible/playbooks/init-rocky-mantisbt.yml @@ -57,3 +57,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-noggin-theme.yml b/ansible/playbooks/init-rocky-noggin-theme.yml index 7d80e0f..befd1eb 100644 --- a/ansible/playbooks/init-rocky-noggin-theme.yml +++ b/ansible/playbooks/init-rocky-noggin-theme.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-noggin.yml b/ansible/playbooks/init-rocky-noggin.yml index 13dde78..0f09e25 100644 --- a/ansible/playbooks/init-rocky-noggin.yml +++ b/ansible/playbooks/init-rocky-noggin.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-repo-servers.yml b/ansible/playbooks/init-rocky-repo-servers.yml index 24a1f4d..433dd87 100644 --- a/ansible/playbooks/init-rocky-repo-servers.yml +++ b/ansible/playbooks/init-rocky-repo-servers.yml @@ -32,3 +32,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml index 3c20900..cf8478a 100644 --- a/ansible/playbooks/init-rocky-system-config.yml +++ b/ansible/playbooks/init-rocky-system-config.yml @@ -54,3 +54,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-bootstrap_staging.yml b/ansible/playbooks/role-rocky-bootstrap_staging.yml index 7154846..c2eae66 100644 --- a/ansible/playbooks/role-rocky-bootstrap_staging.yml +++ b/ansible/playbooks/role-rocky-bootstrap_staging.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-gitlab-ee.yml b/ansible/playbooks/role-rocky-gitlab-ee.yml index b9e9a84..429e1f1 100644 --- a/ansible/playbooks/role-rocky-gitlab-ee.yml +++ b/ansible/playbooks/role-rocky-gitlab-ee.yml @@ -56,3 +56,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-gitlab-runner.yml b/ansible/playbooks/role-rocky-gitlab-runner.yml index 18cd8b6..19e2ce5 100644 --- a/ansible/playbooks/role-rocky-gitlab-runner.yml +++ b/ansible/playbooks/role-rocky-gitlab-runner.yml @@ -46,3 +46,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-graylog.yml b/ansible/playbooks/role-rocky-graylog.yml index e6e7cbe..2e46c6e 100644 --- a/ansible/playbooks/role-rocky-graylog.yml +++ b/ansible/playbooks/role-rocky-graylog.yml @@ -63,3 +63,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml index fc1a864..3beea05 100644 --- a/ansible/playbooks/role-rocky-ipa-client.yml +++ b/ansible/playbooks/role-rocky-ipa-client.yml @@ -39,3 +39,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml index 64a3b42..06f2367 100644 --- a/ansible/playbooks/role-rocky-ipa-replica.yml +++ b/ansible/playbooks/role-rocky-ipa-replica.yml @@ -51,3 +51,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml index 0283c05..4203b38 100644 --- a/ansible/playbooks/role-rocky-ipa.yml +++ b/ansible/playbooks/role-rocky-ipa.yml @@ -61,3 +61,4 @@ freeipa.ansible_freeipa.ipadnsconfig: ipaadmin_password: '{{ ipaadmin_password }}' allow_sync_ptr: true +... diff --git a/ansible/playbooks/role-rocky-ipsilon.yml b/ansible/playbooks/role-rocky-ipsilon.yml index bc9f883..4305937 100644 --- a/ansible/playbooks/role-rocky-ipsilon.yml +++ b/ansible/playbooks/role-rocky-ipsilon.yml @@ -75,3 +75,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojid-staging.yml b/ansible/playbooks/role-rocky-kojid-staging.yml index a6a29f9..6b33570 100644 --- a/ansible/playbooks/role-rocky-kojid-staging.yml +++ b/ansible/playbooks/role-rocky-kojid-staging.yml @@ -88,3 +88,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojid.yml b/ansible/playbooks/role-rocky-kojid.yml index e365219..a8fe405 100644 --- a/ansible/playbooks/role-rocky-kojid.yml +++ b/ansible/playbooks/role-rocky-kojid.yml @@ -88,3 +88,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojihub-staging.yml b/ansible/playbooks/role-rocky-kojihub-staging.yml index 0ac3884..e0a1be8 100644 --- a/ansible/playbooks/role-rocky-kojihub-staging.yml +++ b/ansible/playbooks/role-rocky-kojihub-staging.yml @@ -121,3 +121,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-kojihub.yml b/ansible/playbooks/role-rocky-kojihub.yml index d28afe6..7790731 100644 --- a/ansible/playbooks/role-rocky-kojihub.yml +++ b/ansible/playbooks/role-rocky-kojihub.yml @@ -121,3 +121,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-monitoring.yml b/ansible/playbooks/role-rocky-monitoring.yml index 3743cfe..8d1b34e 100644 --- a/ansible/playbooks/role-rocky-monitoring.yml +++ b/ansible/playbooks/role-rocky-monitoring.yml @@ -37,8 +37,8 @@ state: present roles: - #- role: rockylinux.ipagetcert - # state: present + # - role: rockylinux.ipagetcert + # state: present - role: cloudalchemy.prometheus state: present - role: cloudalchemy.alertmanager @@ -61,3 +61,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-mqtt.yml b/ansible/playbooks/role-rocky-mqtt.yml index e7972ff..6bd77b9 100644 --- a/ansible/playbooks/role-rocky-mqtt.yml +++ b/ansible/playbooks/role-rocky-mqtt.yml @@ -59,3 +59,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-node_exporter.yml b/ansible/playbooks/role-rocky-node_exporter.yml index 6e95cf1..0457451 100644 --- a/ansible/playbooks/role-rocky-node_exporter.yml +++ b/ansible/playbooks/role-rocky-node_exporter.yml @@ -19,3 +19,4 @@ port: 9100/tcp permanent: true state: enabled +... diff --git a/ansible/playbooks/role-rocky-pinnwand.yml b/ansible/playbooks/role-rocky-pinnwand.yml index aae89e9..534e4e0 100644 --- a/ansible/playbooks/role-rocky-pinnwand.yml +++ b/ansible/playbooks/role-rocky-pinnwand.yml @@ -31,8 +31,8 @@ state: present tasks: - #- include_tasks: tasks/pinnwand.yml - # tags: ['includetasks'] + # - include_tasks: tasks/pinnwand.yml + # tags: ['includetasks'] roles: - role: rockylinux.ipagetcert @@ -46,8 +46,8 @@ # Define variables in vars/matomo/nginx.yml - role: nginxinc.nginx_core.nginx tags: ['nginx'] - #- role: nginxinc.nginx_core.nginx_config - # tags: ['nginx'] + # - role: nginxinc.nginx_core.nginx_config + # tags: ['nginx'] post_tasks: - name: Open firewalld ports @@ -64,3 +64,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-rabbitmq.yml b/ansible/playbooks/role-rocky-rabbitmq.yml index 8fd9985..7cbd6b5 100644 --- a/ansible/playbooks/role-rocky-rabbitmq.yml +++ b/ansible/playbooks/role-rocky-rabbitmq.yml @@ -75,3 +75,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-repopool.yml b/ansible/playbooks/role-rocky-repopool.yml index b0dae60..ac21641 100644 --- a/ansible/playbooks/role-rocky-repopool.yml +++ b/ansible/playbooks/role-rocky-repopool.yml @@ -39,3 +39,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-sigul-bridge.yml b/ansible/playbooks/role-rocky-sigul-bridge.yml index de26d7e..e291e33 100644 --- a/ansible/playbooks/role-rocky-sigul-bridge.yml +++ b/ansible/playbooks/role-rocky-sigul-bridge.yml @@ -89,3 +89,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-sigul-server.yml b/ansible/playbooks/role-rocky-sigul-server.yml index 12a7e7b..594183b 100644 --- a/ansible/playbooks/role-rocky-sigul-server.yml +++ b/ansible/playbooks/role-rocky-sigul-server.yml @@ -76,3 +76,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-srpmproc.yml b/ansible/playbooks/role-rocky-srpmproc.yml index ca6241f..7562a3b 100644 --- a/ansible/playbooks/role-rocky-srpmproc.yml +++ b/ansible/playbooks/role-rocky-srpmproc.yml @@ -38,3 +38,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/role-rocky-wikijs.yml b/ansible/playbooks/role-rocky-wikijs.yml index 78e06e5..6f69704 100644 --- a/ansible/playbooks/role-rocky-wikijs.yml +++ b/ansible/playbooks/role-rocky-wikijs.yml @@ -56,7 +56,7 @@ port: "{{ item.port }}" permanent: "{{ item.permanent }}" state: "{{ item.state }}" - immediate: yes + immediate: true loop: "{{ firewall_rules }}" - name: Touching run file that ansible has ran here @@ -67,3 +67,4 @@ mode: '0644' owner: root group: root +... diff --git a/ansible/playbooks/tasks/account_services.yml b/ansible/playbooks/tasks/account_services.yml index 506a293..4bd38a8 100644 --- a/ansible/playbooks/tasks/account_services.yml +++ b/ansible/playbooks/tasks/account_services.yml @@ -24,3 +24,4 @@ name: httpd state: running enabled: true +... diff --git a/ansible/playbooks/tasks/auditd.yml b/ansible/playbooks/tasks/auditd.yml index c4e1570..455f99a 100644 --- a/ansible/playbooks/tasks/auditd.yml +++ b/ansible/playbooks/tasks/auditd.yml @@ -33,3 +33,4 @@ - regenerate_auditd_rules tags: - harden +... diff --git a/ansible/playbooks/tasks/authentication.yml b/ansible/playbooks/tasks/authentication.yml index 14794c9..cfe0cec 100644 --- a/ansible/playbooks/tasks/authentication.yml +++ b/ansible/playbooks/tasks/authentication.yml @@ -66,3 +66,4 @@ when: - ansible_facts['os_family'] == 'RedHat' - ansible_facts['distribution_major_version'] == '8' +... diff --git a/ansible/playbooks/tasks/bugzilla.yml b/ansible/playbooks/tasks/bugzilla.yml index fb24b71..f514496 100644 --- a/ansible/playbooks/tasks/bugzilla.yml +++ b/ansible/playbooks/tasks/bugzilla.yml @@ -52,3 +52,4 @@ - name: Install necessary pieces import_tasks: bugzilla_install.yml +... diff --git a/ansible/playbooks/tasks/bugzilla_install.yml b/ansible/playbooks/tasks/bugzilla_install.yml index 505c999..0d7213e 100644 --- a/ansible/playbooks/tasks/bugzilla_install.yml +++ b/ansible/playbooks/tasks/bugzilla_install.yml @@ -57,3 +57,4 @@ file: path: "{{ bugzilla_dir }}/answer" state: absent +... diff --git a/ansible/playbooks/tasks/chrony.yml b/ansible/playbooks/tasks/chrony.yml index db72733..005fb2a 100644 --- a/ansible/playbooks/tasks/chrony.yml +++ b/ansible/playbooks/tasks/chrony.yml @@ -30,3 +30,4 @@ name: "{{ chrony_service_name }}" state: "{{ chrony_service_state }}" enabled: "{{ chrony_service_enabled }}" +... diff --git a/ansible/playbooks/tasks/efs_mount.yml b/ansible/playbooks/tasks/efs_mount.yml index dc0eb3a..c790cbd 100644 --- a/ansible/playbooks/tasks/efs_mount.yml +++ b/ansible/playbooks/tasks/efs_mount.yml @@ -3,19 +3,18 @@ # - name: "Installing amazon-efs-utils" - become: yes + become: true become_user: root yum: name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false' - disable_gpg_check: yes - validate_certs: yes + disable_gpg_check: true + validate_certs: true state: present tags: - amazon_efs_utils - packages - mounts - - name: "Gathering ec2 facts" amazon.aws.ec2_metadata_facts: tags: @@ -23,18 +22,17 @@ # "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1 - name: "Install custom hosts file because fmlC-w amazon said so." - become: yes + become: true become_user: root ansible.builtin.lineinfile: path: /etc/hosts line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com" - create: yes + create: true tags: - mounts - - name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}" - become: yes + become: true become_user: root ansible.posix.mount: path: "{{ item.mount_point }}" @@ -44,3 +42,4 @@ state: "{{ item.state | default('mounted') }}" tags: - mounts +... diff --git a/ansible/playbooks/tasks/gitlab-reconfigure.yml b/ansible/playbooks/tasks/gitlab-reconfigure.yml index e5d9446..4781ebb 100644 --- a/ansible/playbooks/tasks/gitlab-reconfigure.yml +++ b/ansible/playbooks/tasks/gitlab-reconfigure.yml @@ -62,3 +62,4 @@ owner: root group: root mode: '0750' +... diff --git a/ansible/playbooks/tasks/gitlab-runner.yml b/ansible/playbooks/tasks/gitlab-runner.yml index 19b18bd..131e2f1 100644 --- a/ansible/playbooks/tasks/gitlab-runner.yml +++ b/ansible/playbooks/tasks/gitlab-runner.yml @@ -23,8 +23,9 @@ become: true - name: Create gitlab-runner user - become: yes + become: true user: name: gitlab-runner shell: /bin/bash - system: yes + system: true +... diff --git a/ansible/playbooks/tasks/grub.yml b/ansible/playbooks/tasks/grub.yml index 69516d3..b06e7f1 100644 --- a/ansible/playbooks/tasks/grub.yml +++ b/ansible/playbooks/tasks/grub.yml @@ -2,3 +2,4 @@ - name: Add kernel boot options to all kernels and default config command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}" changed_when: "1 != 1" +... diff --git a/ansible/playbooks/tasks/harden.yml b/ansible/playbooks/tasks/harden.yml index 997ce49..8bca3f9 100644 --- a/ansible/playbooks/tasks/harden.yml +++ b/ansible/playbooks/tasks/harden.yml @@ -214,3 +214,4 @@ state: absent tags: - harden +... diff --git a/ansible/playbooks/tasks/init-koji.yml b/ansible/playbooks/tasks/init-koji.yml index a040b60..e029636 100644 --- a/ansible/playbooks/tasks/init-koji.yml +++ b/ansible/playbooks/tasks/init-koji.yml @@ -4,7 +4,7 @@ shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG" check_mode: false changed_when: "1 != 1" - become: yes + become: true become_user: koji when: rockykoji_has_password | bool @@ -12,14 +12,14 @@ shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG" check_mode: false changed_when: "1 != 1" - become: yes + become: true become_user: koji when: not rockykoji_has_password | bool - name: Import current necessary tags shell: "set -o pipefail && koji add-tag {{ item }}" changed_when: "1 != 1" - become: yes + become: true become_user: koji loop: - build-modules @@ -60,3 +60,4 @@ - module-rocky-8.4.0-build - trash - trashcan +... diff --git a/ansible/playbooks/tasks/koji_efs.yml b/ansible/playbooks/tasks/koji_efs.yml index de57bb7..e35867c 100644 --- a/ansible/playbooks/tasks/koji_efs.yml +++ b/ansible/playbooks/tasks/koji_efs.yml @@ -20,7 +20,7 @@ ansible.builtin.lineinfile: path: /etc/hosts line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}" - create: yes + create: true tags: - mounts @@ -33,3 +33,4 @@ state: "{{ koji_efs_fs_state | default('mounted') }}" tags: - mounts +... diff --git a/ansible/playbooks/tasks/main.yml b/ansible/playbooks/tasks/main.yml index ed97d53..91da2a7 100644 --- a/ansible/playbooks/tasks/main.yml +++ b/ansible/playbooks/tasks/main.yml @@ -1 +1,2 @@ --- +... diff --git a/ansible/playbooks/tasks/mantis.yml b/ansible/playbooks/tasks/mantis.yml index 8d8730b..b786cc1 100644 --- a/ansible/playbooks/tasks/mantis.yml +++ b/ansible/playbooks/tasks/mantis.yml @@ -90,3 +90,4 @@ - name: Patch up some pages import_tasks: mantispatch.yml +... diff --git a/ansible/playbooks/tasks/mantispatch.yml b/ansible/playbooks/tasks/mantispatch.yml index 0e4a4b8..5ccbe0f 100644 --- a/ansible/playbooks/tasks/mantispatch.yml +++ b/ansible/playbooks/tasks/mantispatch.yml @@ -23,3 +23,4 @@ path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php" state: absent regex: 'LDAP != config_get_global' +... diff --git a/ansible/playbooks/tasks/noggin.yml b/ansible/playbooks/tasks/noggin.yml index 48ee659..735afcd 100644 --- a/ansible/playbooks/tasks/noggin.yml +++ b/ansible/playbooks/tasks/noggin.yml @@ -86,3 +86,4 @@ lineinfile: path: "/opt/noggin/noggin/noggin/app.py" line: "app = create_app()" +... diff --git a/ansible/playbooks/tasks/postfix_relay.yml b/ansible/playbooks/tasks/postfix_relay.yml index ba984a5..c25b5b7 100644 --- a/ansible/playbooks/tasks/postfix_relay.yml +++ b/ansible/playbooks/tasks/postfix_relay.yml @@ -35,3 +35,4 @@ name: postfix state: restarted enabled: true +... diff --git a/ansible/playbooks/tasks/rabbitmq-reconfigure.yml b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml index d8480c8..b2a4de3 100644 --- a/ansible/playbooks/tasks/rabbitmq-reconfigure.yml +++ b/ansible/playbooks/tasks/rabbitmq-reconfigure.yml @@ -1,2 +1,3 @@ --- # RabbitMQ Additional Changes +... diff --git a/ansible/playbooks/tasks/repository.yml b/ansible/playbooks/tasks/repository.yml index 55bf307..ca86fa3 100644 --- a/ansible/playbooks/tasks/repository.yml +++ b/ansible/playbooks/tasks/repository.yml @@ -1,2 +1,3 @@ --- # no tasks yet +... diff --git a/ansible/playbooks/tasks/scripts.yml b/ansible/playbooks/tasks/scripts.yml index 7f430ff..5b81a8d 100644 --- a/ansible/playbooks/tasks/scripts.yml +++ b/ansible/playbooks/tasks/scripts.yml @@ -7,3 +7,4 @@ owner: root group: root mode: '0755' +... diff --git a/ansible/playbooks/tasks/srpmproc.yml b/ansible/playbooks/tasks/srpmproc.yml index c15207e..23a0ae2 100644 --- a/ansible/playbooks/tasks/srpmproc.yml +++ b/ansible/playbooks/tasks/srpmproc.yml @@ -7,3 +7,4 @@ with_items: - httpd_can_network_connect_db - httpd_can_network_connect +... diff --git a/ansible/playbooks/tasks/ssh_config.yml b/ansible/playbooks/tasks/ssh_config.yml index 6b34484..15941ac 100644 --- a/ansible/playbooks/tasks/ssh_config.yml +++ b/ansible/playbooks/tasks/ssh_config.yml @@ -43,3 +43,4 @@ with_items: - /etc/ssh/ssh_host_dsa_key.pub - /etc/ssh/ssh_host_dsa_key +... diff --git a/ansible/playbooks/tasks/variable_loader_common.yml b/ansible/playbooks/tasks/variable_loader_common.yml index a0c4f48..ab182af 100644 --- a/ansible/playbooks/tasks/variable_loader_common.yml +++ b/ansible/playbooks/tasks/variable_loader_common.yml @@ -19,3 +19,4 @@ always: - debug: msg="Variables are now loaded" +... diff --git a/ansible/playbooks/vars/RedHat.yml b/ansible/playbooks/vars/RedHat.yml index 858d593..2af88ed 100644 --- a/ansible/playbooks/vars/RedHat.yml +++ b/ansible/playbooks/vars/RedHat.yml @@ -159,3 +159,4 @@ enable_svc: syslog_packages: - rsyslog +... diff --git a/ansible/playbooks/vars/bugzilla.yml b/ansible/playbooks/vars/bugzilla.yml index 0293b5b..43e8b5b 100644 --- a/ansible/playbooks/vars/bugzilla.yml +++ b/ansible/playbooks/vars/bugzilla.yml @@ -50,3 +50,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl reload httpd" cnames: - "bugs.rockylinux.org" +... diff --git a/ansible/playbooks/vars/buildsys.yml b/ansible/playbooks/vars/buildsys.yml index ccb2f5f..1afd6fb 100644 --- a/ansible/playbooks/vars/buildsys.yml +++ b/ansible/playbooks/vars/buildsys.yml @@ -3,3 +3,4 @@ smtp_user_name: "username" smtp_user_pass: "password" smtp_relayhost: "smtp.rockylinux.org" +... diff --git a/ansible/playbooks/vars/chrony.yml b/ansible/playbooks/vars/chrony.yml index e40f9d6..7d9338d 100644 --- a/ansible/playbooks/vars/chrony.yml +++ b/ansible/playbooks/vars/chrony.yml @@ -31,3 +31,4 @@ chrony_timeservers: # is chrony ntp server - allows client connections chrony_server: false +... diff --git a/ansible/playbooks/vars/chronyserver.yml b/ansible/playbooks/vars/chronyserver.yml index 84d67c1..293795e 100644 --- a/ansible/playbooks/vars/chronyserver.yml +++ b/ansible/playbooks/vars/chronyserver.yml @@ -7,3 +7,4 @@ chrony_timeservers: # is chrony ntp server - allows client connections chrony_server: true +... diff --git a/ansible/playbooks/vars/common.yml b/ansible/playbooks/vars/common.yml index 73afb11..b431f6e 100644 --- a/ansible/playbooks/vars/common.yml +++ b/ansible/playbooks/vars/common.yml @@ -11,3 +11,4 @@ rocky_ipaserver_lb: "ipa-lb.rockylinux.org" rocky_ldap_bind_pw: "{{ ipa_binder_password }}" rocky_ldap_userman_dn: "uid=userman,cn=users,cn=accounts,dc=rockylinux,dc=org" rocky_ldap_userman_pw: "{{ ipa_userman_password }}" +... diff --git a/ansible/playbooks/vars/gitlab.yml b/ansible/playbooks/vars/gitlab.yml index 09ff50d..35fbe97 100644 --- a/ansible/playbooks/vars/gitlab.yml +++ b/ansible/playbooks/vars/gitlab.yml @@ -84,3 +84,4 @@ ipa_getcert_requested_hostnames: postcmd: "/usr/local/bin/fix_gitlab_certs.sh" cnames: - "git.rockylinux.org" +... diff --git a/ansible/playbooks/vars/gitlab_runner.yml b/ansible/playbooks/vars/gitlab_runner.yml index 7e57b37..28a779f 100644 --- a/ansible/playbooks/vars/gitlab_runner.yml +++ b/ansible/playbooks/vars/gitlab_runner.yml @@ -7,3 +7,4 @@ gitlab_runner_runners: tags: [] gitlab_runner_timeout_stop_seconds: 60 +... diff --git a/ansible/playbooks/vars/graylog.yml b/ansible/playbooks/vars/graylog.yml index f8c3298..5565dc5 100644 --- a/ansible/playbooks/vars/graylog.yml +++ b/ansible/playbooks/vars/graylog.yml @@ -29,3 +29,4 @@ graylog_ipa_dnsrecord_name: graylog graylog_ipa_dnsrecord_record_type: CNAME graylog_ipa_dnsrecord_record_value: graylog002.rockylinux.org. graylog_ipa_dnsrecord_state: present +... diff --git a/ansible/playbooks/vars/ipa/adminusers.yml b/ansible/playbooks/vars/ipa/adminusers.yml index 4a15dec..4fd54d7 100644 --- a/ansible/playbooks/vars/ipa/adminusers.yml +++ b/ansible/playbooks/vars/ipa/adminusers.yml @@ -60,3 +60,4 @@ adminusers: password: ThisIsNotMyPassword1! title: Security Director loginshell: /bin/bash +... diff --git a/ansible/playbooks/vars/ipa/agreements.yml b/ansible/playbooks/vars/ipa/agreements.yml index 2c6aed1..2640c2c 100644 --- a/ansible/playbooks/vars/ipa/agreements.yml +++ b/ansible/playbooks/vars/ipa/agreements.yml @@ -1,2 +1,3 @@ --- # Vars for Agreements for the Rocky Linux Project +... diff --git a/ansible/playbooks/vars/ipa/fdns.yml b/ansible/playbooks/vars/ipa/fdns.yml index c721d4e..06bc340 100644 --- a/ansible/playbooks/vars/ipa/fdns.yml +++ b/ansible/playbooks/vars/ipa/fdns.yml @@ -2,3 +2,4 @@ fdns: - rockylinux.org. - aws.rockylinux.org. +... diff --git a/ansible/playbooks/vars/ipa/groups.yml b/ansible/playbooks/vars/ipa/groups.yml index c11d1dd..e3723a9 100644 --- a/ansible/playbooks/vars/ipa/groups.yml +++ b/ansible/playbooks/vars/ipa/groups.yml @@ -96,3 +96,4 @@ ipagroups: - label - group: mq_pub_readonly description: RabbitMQ ReadOnly +... diff --git a/ansible/playbooks/vars/ipa/ipaclient.yml b/ansible/playbooks/vars/ipa/ipaclient.yml index 5dc1f47..682098c 100644 --- a/ansible/playbooks/vars/ipa/ipaclient.yml +++ b/ansible/playbooks/vars/ipa/ipaclient.yml @@ -8,3 +8,4 @@ ipaclient_mkhomedir: true ipaclient_ssh_trust_dns: true ipasssd_enable_dns_updates: true ipatype: client +... diff --git a/ansible/playbooks/vars/ipa/ipaprivs.yml b/ansible/playbooks/vars/ipa/ipaprivs.yml index 00260f2..c8bed98 100644 --- a/ansible/playbooks/vars/ipa/ipaprivs.yml +++ b/ansible/playbooks/vars/ipa/ipaprivs.yml @@ -40,3 +40,4 @@ iparoles: - "Stage User Administrators" - "User Administrators" - "FAS Agreement Administrators" +... diff --git a/ansible/playbooks/vars/ipa/ipareplica.yml b/ansible/playbooks/vars/ipa/ipareplica.yml index feb8faf..38dd5f4 100644 --- a/ansible/playbooks/vars/ipa/ipareplica.yml +++ b/ansible/playbooks/vars/ipa/ipareplica.yml @@ -11,3 +11,4 @@ ipareplica_setup_ca: true ipareplica_setup_kra: true ipareplica_setup_dns: true ipatype: replica +... diff --git a/ansible/playbooks/vars/ipa/ipaserver.yml b/ansible/playbooks/vars/ipa/ipaserver.yml index 44adc67..efaefbb 100644 --- a/ansible/playbooks/vars/ipa/ipaserver.yml +++ b/ansible/playbooks/vars/ipa/ipaserver.yml @@ -13,3 +13,4 @@ ipaclient_mkhomedir: true ipaserver_no_hbac_allow: true ipaserver_reverse_zones: ["32.10.in-addr.arpa."] ipatype: server +... diff --git a/ansible/playbooks/vars/ipa/rdns.yml b/ansible/playbooks/vars/ipa/rdns.yml index 1149231..2e52d7b 100644 --- a/ansible/playbooks/vars/ipa/rdns.yml +++ b/ansible/playbooks/vars/ipa/rdns.yml @@ -1,3 +1,4 @@ --- rdns: - 32.10.in-addr.arpa. +... diff --git a/ansible/playbooks/vars/ipa/sudorules.yml b/ansible/playbooks/vars/ipa/sudorules.yml index ed97d53..91da2a7 100644 --- a/ansible/playbooks/vars/ipa/sudorules.yml +++ b/ansible/playbooks/vars/ipa/sudorules.yml @@ -1 +1,2 @@ --- +... diff --git a/ansible/playbooks/vars/ipa/svcusers.yml b/ansible/playbooks/vars/ipa/svcusers.yml index e19bfaa..d5bf8e1 100644 --- a/ansible/playbooks/vars/ipa/svcusers.yml +++ b/ansible/playbooks/vars/ipa/svcusers.yml @@ -42,3 +42,4 @@ svcusers: password: ThisIsNotMyPassword1! title: System Account - Automation loginshell: /sbin/nologin +... diff --git a/ansible/playbooks/vars/ipa/users.yml b/ansible/playbooks/vars/ipa/users.yml index 2c90cee..a291293 100644 --- a/ansible/playbooks/vars/ipa/users.yml +++ b/ansible/playbooks/vars/ipa/users.yml @@ -70,3 +70,4 @@ users: password: ThisIsNotMyPassword1! title: Security Director loginshell: /bin/bash +... diff --git a/ansible/playbooks/vars/ipaserver.yml b/ansible/playbooks/vars/ipaserver.yml index b6854f0..b4216b4 100644 --- a/ansible/playbooks/vars/ipaserver.yml +++ b/ansible/playbooks/vars/ipaserver.yml @@ -1,2 +1,3 @@ --- ipatype: server +... diff --git a/ansible/playbooks/vars/ipsilon.yml b/ansible/playbooks/vars/ipsilon.yml index 587c4d8..38532ba 100644 --- a/ansible/playbooks/vars/ipsilon.yml +++ b/ansible/playbooks/vars/ipsilon.yml @@ -63,3 +63,4 @@ apache_vhosts: SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 CustomLog logs/ssl-seven.rockylinux.org.org_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" +... diff --git a/ansible/playbooks/vars/mantis.yml b/ansible/playbooks/vars/mantis.yml index 5b12fb8..c54af44 100644 --- a/ansible/playbooks/vars/mantis.yml +++ b/ansible/playbooks/vars/mantis.yml @@ -29,3 +29,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl reload httpd" cnames: - "bugs.rockylinux.org" +... diff --git a/ansible/playbooks/vars/matterbridge.yml b/ansible/playbooks/vars/matterbridge.yml index d9c820b..37d3498 100644 --- a/ansible/playbooks/vars/matterbridge.yml +++ b/ansible/playbooks/vars/matterbridge.yml @@ -14,3 +14,4 @@ mbridge_mattermost_ignore_nicks: mbridge_mattermost_label: MM mbridge_mattermost_server: ws.chat.rockylinux.org mbridge_mattermost_team: rocky-linux +... diff --git a/ansible/playbooks/vars/monitoring.yml b/ansible/playbooks/vars/monitoring.yml index 962ab43..1dc9e62 100644 --- a/ansible/playbooks/vars/monitoring.yml +++ b/ansible/playbooks/vars/monitoring.yml @@ -39,3 +39,4 @@ ipa_getcert_requested_hostnames: # - host2 # labels: # env: production +... diff --git a/ansible/playbooks/vars/mounts/bootstrap_staging.yml b/ansible/playbooks/vars/mounts/bootstrap_staging.yml index 3618d8a..4c71a43 100644 --- a/ansible/playbooks/vars/mounts/bootstrap_staging.yml +++ b/ansible/playbooks/vars/mounts/bootstrap_staging.yml @@ -16,3 +16,4 @@ mounts: us-east-2a: 10.100.100.250 us-east-2b: 10.100.101.250 us-east-2c: 10.100.102.250 +... diff --git a/ansible/playbooks/vars/mounts/repopool.yml b/ansible/playbooks/vars/mounts/repopool.yml index 0af64c0..4419869 100644 --- a/ansible/playbooks/vars/mounts/repopool.yml +++ b/ansible/playbooks/vars/mounts/repopool.yml @@ -24,3 +24,4 @@ mounts: us-east-2a: 10.101.100.246 us-east-2b: 10.101.101.246 us-east-2c: 10.101.102.246 +... diff --git a/ansible/playbooks/vars/mounts/srpmproc.yml b/ansible/playbooks/vars/mounts/srpmproc.yml index c98df6b..88a3579 100644 --- a/ansible/playbooks/vars/mounts/srpmproc.yml +++ b/ansible/playbooks/vars/mounts/srpmproc.yml @@ -48,3 +48,4 @@ mounts: us-east-2a: 10.101.100.246 us-east-2b: 10.101.101.246 us-east-2c: 10.101.102.246 +... diff --git a/ansible/playbooks/vars/mqtt.yml b/ansible/playbooks/vars/mqtt.yml index 48a8ffb..ae97f27 100644 --- a/ansible/playbooks/vars/mqtt.yml +++ b/ansible/playbooks/vars/mqtt.yml @@ -3,3 +3,4 @@ mqtt_tls_ca_cert: "/etc/pki/tls/certs/ca-bundle.crt" mqtt_tls_cert: "/etc/pki/tls/certs/{{ ansible_fqdn }}.crt" mqtt_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" +... diff --git a/ansible/playbooks/vars/pinnwand.yml b/ansible/playbooks/vars/pinnwand.yml index 773d0af..87d65c6 100644 --- a/ansible/playbooks/vars/pinnwand.yml +++ b/ansible/playbooks/vars/pinnwand.yml @@ -62,3 +62,4 @@ pinnwand_config: consume: 2 refill: 1 spamscore: 50 +... diff --git a/ansible/playbooks/vars/production/koji-common.yml b/ansible/playbooks/vars/production/koji-common.yml index a08c2df..feab453 100644 --- a/ansible/playbooks/vars/production/koji-common.yml +++ b/ansible/playbooks/vars/production/koji-common.yml @@ -11,3 +11,4 @@ koji_efs_fs_opts: - _netdev - tls - iam +... diff --git a/ansible/playbooks/vars/production/kojid.yml b/ansible/playbooks/vars/production/kojid.yml index 51b8abe..813ad90 100644 --- a/ansible/playbooks/vars/production/kojid.yml +++ b/ansible/playbooks/vars/production/kojid.yml @@ -13,3 +13,4 @@ kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt kojid_keytab: /etc/kojid.keytab kojid_smtp_host: smtp.rockylinux.org kojid_allowed_scm: "git.rockylinux.org:/staging/rpms/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/rocky/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/original/rpms/*:off:/var/srpmproc/srpmproc_wrapper" +... diff --git a/ansible/playbooks/vars/production/kojihub.yml b/ansible/playbooks/vars/production/kojihub.yml index 28f4677..0c0d7de 100644 --- a/ansible/playbooks/vars/production/kojihub.yml +++ b/ansible/playbooks/vars/production/kojihub.yml @@ -1,7 +1,7 @@ --- # koji hub settings # This should be the front-facing URL of koji -#koji_url_name: koji.rockylinux.org +# koji_url_name: koji.rockylinux.org # Use an internal CA (IPA) koji_internal_ca: true @@ -117,3 +117,4 @@ postgresql_users: postgresql_global_config_options: - option: listen_addresses value: '*' +... diff --git a/ansible/playbooks/vars/rabbitmq.yml b/ansible/playbooks/vars/rabbitmq.yml index b69071c..6428d19 100644 --- a/ansible/playbooks/vars/rabbitmq.yml +++ b/ansible/playbooks/vars/rabbitmq.yml @@ -9,16 +9,16 @@ rabbitmq_tls_key: "/etc/pki/tls/private/{{ ansible_fqdn }}.key" #rabbitmq_cookie: ... # Admin passwords - these should be in a vault -#rabbitmq_admin_password: ... +# rabbitmq_admin_password: ... # rabbitmq cluster list and information should be defined in hostvars to ensure # that the configuration is idempotent. -#rabbitmq_cluster_name: -#rabbitmq_env: +# rabbitmq_cluster_name: +# rabbitmq_env: # Federation / Public Queues rabbitmq_enable_public: false -#pubsub_federation_pass: +# pubsub_federation_pass: # THIS IS DYNAMIC. IT'S ADVISED IT NOT BE STATIC. # This should be changed depending on how inventory is managed. For example, if @@ -42,3 +42,4 @@ ipa_getcert_requested_hostnames: postcmd: "/bin/systemctl restart rabbitmq-server" cnames: - "rabbitmq-{{ rabbitmq_env }}.rockylinux.org" +... diff --git a/ansible/playbooks/vars/sigul_bridge.yml b/ansible/playbooks/vars/sigul_bridge.yml index e483f5e..378fd20 100644 --- a/ansible/playbooks/vars/sigul_bridge.yml +++ b/ansible/playbooks/vars/sigul_bridge.yml @@ -14,3 +14,4 @@ ipa_getcert_requested_hostnames: owner: sigul nss_db_dir: "{{ sigul_nss_dir }}" nss_nickname: "{{ sigul_bridge_cert_nickname }}" +... diff --git a/ansible/playbooks/vars/sigul_server.yml b/ansible/playbooks/vars/sigul_server.yml index 5b2ef00..8bf07ed 100644 --- a/ansible/playbooks/vars/sigul_server.yml +++ b/ansible/playbooks/vars/sigul_server.yml @@ -12,3 +12,4 @@ ipa_getcert_requested_hostnames: owner: sigul nss_db_dir: "{{ sigul_nss_dir }}" nss_nickname: "{{ sigul_server_cert_nickname }}" +... diff --git a/ansible/playbooks/vars/staging/koji-common.yml b/ansible/playbooks/vars/staging/koji-common.yml index a08c2df..feab453 100644 --- a/ansible/playbooks/vars/staging/koji-common.yml +++ b/ansible/playbooks/vars/staging/koji-common.yml @@ -11,3 +11,4 @@ koji_efs_fs_opts: - _netdev - tls - iam +... diff --git a/ansible/playbooks/vars/staging/kojid.yml b/ansible/playbooks/vars/staging/kojid.yml index 65cb973..b547cad 100644 --- a/ansible/playbooks/vars/staging/kojid.yml +++ b/ansible/playbooks/vars/staging/kojid.yml @@ -13,3 +13,4 @@ kojid_ca_bundle: /etc/pki/tls/certs/ca-bundle.crt kojid_keytab: /etc/kojid.keytab kojid_smtp_host: smtp.rockylinux.org kojid_allowed_scm: "git.rockylinux.org:/staging/rpms/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/rocky/*:off:/var/srpmproc/srpmproc_wrapper git.rockylinux.org:/original/rpms/*:off:/var/srpmproc/srpmproc_wrapper" +... diff --git a/ansible/playbooks/vars/staging/kojihub.yml b/ansible/playbooks/vars/staging/kojihub.yml index 7d6cf0b..1d6d705 100644 --- a/ansible/playbooks/vars/staging/kojihub.yml +++ b/ansible/playbooks/vars/staging/kojihub.yml @@ -1,7 +1,7 @@ --- # koji hub settings # This should be the front-facing URL of koji -#koji_url_name: kojistg.rockylinux.org +# koji_url_name: kojistg.rockylinux.org # Use an internal CA (IPA) koji_internal_ca: true @@ -117,3 +117,4 @@ postgresql_users: postgresql_global_config_options: - option: listen_addresses value: '*' +... diff --git a/ansible/playbooks/vars/wikijs.yml b/ansible/playbooks/vars/wikijs.yml index e66085a..bbea24d 100644 --- a/ansible/playbooks/vars/wikijs.yml +++ b/ansible/playbooks/vars/wikijs.yml @@ -107,3 +107,4 @@ nginx_config_http_template: custom_options: - "proxy_pass http://localhost:3000/;" http_demo_conf: false +... diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index ac9e165..ddde038 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -62,3 +62,4 @@ collections: # source: https://github.com/rocky-linux/taiga-ansible.git # type: git # version: master +...