Linting and Formatting

This commit appends the README.md to state that yaml files should start
with `---` and end with `...`. This also addresses some linting
warnings that were not appearing during pre-commit on local system.
This commit is contained in:
nazunalika 2021-08-29 22:02:24 -07:00
parent 26854b91b2
commit fcdf86b31c
Signed by: label
GPG Key ID: 6735C0E1BD65D048
139 changed files with 193 additions and 37 deletions

View File

@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run
When the linter passes, the push will complete and you will be able to open a PR. When the linter passes, the push will complete and you will be able to open a PR.
## General YAML Formatting
It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file.
### Plugin and Formatting Assistance
The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful:
```
stephpy/vim-yaml
pearofducks/ansible-vim
vim-syntastic/syntastic
```
These can be installed using [vim-plug](https://github.com/junegunn/vim-plug).
## Initializing the Ansible Host ## Initializing the Ansible Host
When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run. When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run.

View File

@ -2,3 +2,4 @@
chrony_server: true chrony_server: true
chrony_allow_cidr: "10.0.0.0/16" chrony_allow_cidr: "10.0.0.0/16"
...

View File

@ -0,0 +1,3 @@
---
# ipa vars
...

View File

@ -7,3 +7,4 @@ ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaclient_ssh_trust_dns: true ipaclient_ssh_trust_dns: true
ipasssd_enable_dns_updates: true ipasssd_enable_dns_updates: true
...

View File

@ -10,3 +10,4 @@ ipareplica_setup_ca: true
ipareplica_setup_kra: true ipareplica_setup_kra: true
ipareplica_setup_dns: true ipareplica_setup_dns: true
ipa_dns_master: 10.100.1.110 ipa_dns_master: 10.100.1.110
...

View File

@ -13,3 +13,4 @@ ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaserver_no_hbac_allow: true ipaserver_no_hbac_allow: true
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
...

View File

@ -3,3 +3,4 @@
rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_name: "rabbit"
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
rabbitmq_env: "production" rabbitmq_env: "production"
...

View File

@ -2,3 +2,4 @@
chrony_server: true chrony_server: true
chrony_allow_cidr: "10.0.0.0/16" chrony_allow_cidr: "10.0.0.0/16"
...

View File

@ -0,0 +1,3 @@
---
# ipa vars
...

View File

@ -7,3 +7,4 @@ ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaclient_ssh_trust_dns: true ipaclient_ssh_trust_dns: true
ipasssd_enable_dns_updates: true ipasssd_enable_dns_updates: true
...

View File

@ -10,3 +10,4 @@ ipareplica_setup_ca: true
ipareplica_setup_kra: true ipareplica_setup_kra: true
ipareplica_setup_dns: true ipareplica_setup_dns: true
ipa_dns_master: 10.100.1.110 ipa_dns_master: 10.100.1.110
...

View File

@ -13,3 +13,4 @@ ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaserver_no_hbac_allow: true ipaserver_no_hbac_allow: true
ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."] ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
...

View File

@ -3,3 +3,4 @@
rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_name: "rabbit"
rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
rabbitmq_env: "staging" rabbitmq_env: "staging"
...

View File

@ -5,3 +5,4 @@
- name: Force a fact refresh to have those available in local cache - name: Force a fact refresh to have those available in local cache
setup: setup:
gather_timeout: 30 gather_timeout: 30
...

View File

@ -38,3 +38,4 @@
visibility: "{{ gitlab_visibility|default('private') }}" visibility: "{{ gitlab_visibility|default('private') }}"
delegate_to: localhost delegate_to: localhost
register: gitlab_group_return register: gitlab_group_return
...

View File

@ -41,3 +41,4 @@
validate_certs: true validate_certs: true
visibility: "{{ gitlab_visibility|default('private') }}" visibility: "{{ gitlab_visibility|default('private') }}"
delegate_to: localhost delegate_to: localhost
...

View File

@ -35,3 +35,4 @@
state: absent state: absent
validate_certs: true validate_certs: true
delegate_to: localhost delegate_to: localhost
...

View File

@ -35,3 +35,4 @@
state: absent state: absent
validate_certs: true validate_certs: true
delegate_to: localhost delegate_to: localhost
...

View File

@ -39,3 +39,4 @@
file: file:
path: "/tmp/binder.update" path: "/tmp/binder.update"
state: absent state: absent
...

View File

@ -55,3 +55,4 @@
managedby: managedby:
- "{{ ipa_name_value[:-1] }}" - "{{ ipa_name_value[:-1] }}"
ignore_errors: true ignore_errors: true
...

View File

@ -27,3 +27,4 @@
name: "{{ ipa_zone }}" name: "{{ ipa_zone }}"
tags: tags:
- dns - dns
...

View File

@ -32,3 +32,4 @@
roles: roles:
- role: rockylinux.ipagetcert - role: rockylinux.ipagetcert
state: present state: present
...

View File

@ -135,3 +135,4 @@
state: file state: file
tags: tags:
- keytab - keytab
...

View File

@ -47,3 +47,4 @@
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
when: ipa_fas when: ipa_fas
...

View File

@ -28,3 +28,4 @@
force: "{{ ipa_force | default(false) }}" force: "{{ ipa_force | default(false) }}"
tags: tags:
- services - services
...

View File

@ -82,3 +82,4 @@
server_uri: ldap://localhost/ server_uri: ldap://localhost/
bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
bind_pw: "{{ ipaadmin_password }}" bind_pw: "{{ ipaadmin_password }}"
...

View File

@ -27,3 +27,4 @@
state: disabled state: disabled
tags: tags:
- users - users
...

View File

@ -27,3 +27,4 @@
state: enabled state: enabled
tags: tags:
- users - users
...

View File

@ -38,3 +38,4 @@
update_password: on_create update_password: on_create
tags: tags:
- users - users
...

View File

@ -85,3 +85,4 @@
loop_var: routing_item loop_var: routing_item
tags: tags:
- rabbitmq - rabbitmq
...

View File

@ -33,3 +33,4 @@
state: present state: present
tags: tags:
- rabbitmq - rabbitmq
...

View File

@ -45,3 +45,4 @@
service: service:
name: postfix name: postfix
state: restarted state: restarted
...

View File

@ -12,3 +12,4 @@
loop: "{{ ipagroups }}" loop: "{{ ipagroups }}"
tags: tags:
- groups - groups
...

View File

@ -42,3 +42,4 @@
when: iparoles is defined when: iparoles is defined
tags: tags:
- rbac - rbac
...

View File

@ -14,3 +14,4 @@
loop: "{{ ipapwpolicies }}" loop: "{{ ipapwpolicies }}"
tags: tags:
- groups - groups
...

View File

@ -10,3 +10,4 @@
- rockyadm - rockyadm
hostcat: all hostcat: all
cmdcat: all cmdcat: all
...

View File

@ -68,3 +68,4 @@
file: file:
path: "/tmp/binder.update" path: "/tmp/binder.update"
state: absent state: absent
...

View File

@ -32,3 +32,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -54,3 +54,4 @@
path: "../tmp/known_hosts" path: "../tmp/known_hosts"
state: touch state: touch
mode: "0644" mode: "0644"
...

View File

@ -57,3 +57,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -34,3 +34,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -38,3 +38,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -57,3 +57,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -30,3 +30,4 @@
name: '{{ item }}' name: '{{ item }}'
dynamic_update: true dynamic_update: true
with_items: '{{ fdns }}' with_items: '{{ fdns }}'
...

View File

@ -33,3 +33,4 @@
- name: "Start privileges for services" - name: "Start privileges for services"
import_tasks: import-rockyipaprivs.yml import_tasks: import-rockyipaprivs.yml
...

View File

@ -32,3 +32,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -57,3 +57,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -38,3 +38,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -32,3 +32,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -32,3 +32,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -54,3 +54,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -38,3 +38,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -56,3 +56,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -46,3 +46,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -63,3 +63,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -39,3 +39,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -51,3 +51,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -61,3 +61,4 @@
freeipa.ansible_freeipa.ipadnsconfig: freeipa.ansible_freeipa.ipadnsconfig:
ipaadmin_password: '{{ ipaadmin_password }}' ipaadmin_password: '{{ ipaadmin_password }}'
allow_sync_ptr: true allow_sync_ptr: true
...

View File

@ -75,3 +75,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -88,3 +88,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -88,3 +88,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -121,3 +121,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -121,3 +121,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -61,3 +61,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -59,3 +59,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -19,3 +19,4 @@
port: 9100/tcp port: 9100/tcp
permanent: true permanent: true
state: enabled state: enabled
...

View File

@ -64,3 +64,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -75,3 +75,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -39,3 +39,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -89,3 +89,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -76,3 +76,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -38,3 +38,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -56,7 +56,7 @@
port: "{{ item.port }}" port: "{{ item.port }}"
permanent: "{{ item.permanent }}" permanent: "{{ item.permanent }}"
state: "{{ item.state }}" state: "{{ item.state }}"
immediate: yes immediate: true
loop: "{{ firewall_rules }}" loop: "{{ firewall_rules }}"
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
@ -67,3 +67,4 @@
mode: '0644' mode: '0644'
owner: root owner: root
group: root group: root
...

View File

@ -24,3 +24,4 @@
name: httpd name: httpd
state: running state: running
enabled: true enabled: true
...

View File

@ -33,3 +33,4 @@
- regenerate_auditd_rules - regenerate_auditd_rules
tags: tags:
- harden - harden
...

View File

@ -66,3 +66,4 @@
when: when:
- ansible_facts['os_family'] == 'RedHat' - ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '8' - ansible_facts['distribution_major_version'] == '8'
...

View File

@ -52,3 +52,4 @@
- name: Install necessary pieces - name: Install necessary pieces
import_tasks: bugzilla_install.yml import_tasks: bugzilla_install.yml
...

View File

@ -57,3 +57,4 @@
file: file:
path: "{{ bugzilla_dir }}/answer" path: "{{ bugzilla_dir }}/answer"
state: absent state: absent
...

View File

@ -30,3 +30,4 @@
name: "{{ chrony_service_name }}" name: "{{ chrony_service_name }}"
state: "{{ chrony_service_state }}" state: "{{ chrony_service_state }}"
enabled: "{{ chrony_service_enabled }}" enabled: "{{ chrony_service_enabled }}"
...

View File

@ -3,19 +3,18 @@
# #
- name: "Installing amazon-efs-utils" - name: "Installing amazon-efs-utils"
become: yes become: true
become_user: root become_user: root
yum: yum:
name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false' name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false'
disable_gpg_check: yes disable_gpg_check: true
validate_certs: yes validate_certs: true
state: present state: present
tags: tags:
- amazon_efs_utils - amazon_efs_utils
- packages - packages
- mounts - mounts
- name: "Gathering ec2 facts" - name: "Gathering ec2 facts"
amazon.aws.ec2_metadata_facts: amazon.aws.ec2_metadata_facts:
tags: tags:
@ -23,18 +22,17 @@
# "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1 # "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1
- name: "Install custom hosts file because fmlC-w amazon said so." - name: "Install custom hosts file because fmlC-w amazon said so."
become: yes become: true
become_user: root become_user: root
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/hosts path: /etc/hosts
line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com" line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com"
create: yes create: true
tags: tags:
- mounts - mounts
- name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}" - name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}"
become: yes become: true
become_user: root become_user: root
ansible.posix.mount: ansible.posix.mount:
path: "{{ item.mount_point }}" path: "{{ item.mount_point }}"
@ -44,3 +42,4 @@
state: "{{ item.state | default('mounted') }}" state: "{{ item.state | default('mounted') }}"
tags: tags:
- mounts - mounts
...

View File

@ -62,3 +62,4 @@
owner: root owner: root
group: root group: root
mode: '0750' mode: '0750'
...

View File

@ -23,8 +23,9 @@
become: true become: true
- name: Create gitlab-runner user - name: Create gitlab-runner user
become: yes become: true
user: user:
name: gitlab-runner name: gitlab-runner
shell: /bin/bash shell: /bin/bash
system: yes system: true
...

View File

@ -2,3 +2,4 @@
- name: Add kernel boot options to all kernels and default config - name: Add kernel boot options to all kernels and default config
command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}" command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
changed_when: "1 != 1" changed_when: "1 != 1"
...

View File

@ -214,3 +214,4 @@
state: absent state: absent
tags: tags:
- harden - harden
...

View File

@ -4,7 +4,7 @@
shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG" shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG"
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
become: yes become: true
become_user: koji become_user: koji
when: rockykoji_has_password | bool when: rockykoji_has_password | bool
@ -12,14 +12,14 @@
shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG" shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG"
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
become: yes become: true
become_user: koji become_user: koji
when: not rockykoji_has_password | bool when: not rockykoji_has_password | bool
- name: Import current necessary tags - name: Import current necessary tags
shell: "set -o pipefail && koji add-tag {{ item }}" shell: "set -o pipefail && koji add-tag {{ item }}"
changed_when: "1 != 1" changed_when: "1 != 1"
become: yes become: true
become_user: koji become_user: koji
loop: loop:
- build-modules - build-modules
@ -60,3 +60,4 @@
- module-rocky-8.4.0-build - module-rocky-8.4.0-build
- trash - trash
- trashcan - trashcan
...

View File

@ -20,7 +20,7 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/hosts path: /etc/hosts
line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}" line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}"
create: yes create: true
tags: tags:
- mounts - mounts
@ -33,3 +33,4 @@
state: "{{ koji_efs_fs_state | default('mounted') }}" state: "{{ koji_efs_fs_state | default('mounted') }}"
tags: tags:
- mounts - mounts
...

View File

@ -1 +1,2 @@
--- ---
...

View File

@ -90,3 +90,4 @@
- name: Patch up some pages - name: Patch up some pages
import_tasks: mantispatch.yml import_tasks: mantispatch.yml
...

View File

@ -23,3 +23,4 @@
path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php" path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
state: absent state: absent
regex: 'LDAP != config_get_global' regex: 'LDAP != config_get_global'
...

View File

@ -86,3 +86,4 @@
lineinfile: lineinfile:
path: "/opt/noggin/noggin/noggin/app.py" path: "/opt/noggin/noggin/noggin/app.py"
line: "app = create_app()" line: "app = create_app()"
...

View File

@ -35,3 +35,4 @@
name: postfix name: postfix
state: restarted state: restarted
enabled: true enabled: true
...

View File

@ -1,2 +1,3 @@
--- ---
# RabbitMQ Additional Changes # RabbitMQ Additional Changes
...

View File

@ -1,2 +1,3 @@
--- ---
# no tasks yet # no tasks yet
...

View File

@ -7,3 +7,4 @@
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
...

View File

@ -7,3 +7,4 @@
with_items: with_items:
- httpd_can_network_connect_db - httpd_can_network_connect_db
- httpd_can_network_connect - httpd_can_network_connect
...

View File

@ -43,3 +43,4 @@
with_items: with_items:
- /etc/ssh/ssh_host_dsa_key.pub - /etc/ssh/ssh_host_dsa_key.pub
- /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_dsa_key
...

View File

@ -19,3 +19,4 @@
always: always:
- debug: msg="Variables are now loaded" - debug: msg="Variables are now loaded"
...

View File

@ -159,3 +159,4 @@ enable_svc:
syslog_packages: syslog_packages:
- rsyslog - rsyslog
...

View File

@ -50,3 +50,4 @@ ipa_getcert_requested_hostnames:
postcmd: "/bin/systemctl reload httpd" postcmd: "/bin/systemctl reload httpd"
cnames: cnames:
- "bugs.rockylinux.org" - "bugs.rockylinux.org"
...

View File

@ -3,3 +3,4 @@
smtp_user_name: "username" smtp_user_name: "username"
smtp_user_pass: "password" smtp_user_pass: "password"
smtp_relayhost: "smtp.rockylinux.org" smtp_relayhost: "smtp.rockylinux.org"
...

Some files were not shown because too many files have changed in this diff Show More