Merge branch 'th/ci-alpine' into 'main'

Update CI to reasonable versions and fix resulting issues

See merge request !4

.ansible-lint

-parseable: true
-quiet: true
+---
+
 use_default_rules: true
-skip_list:
-  - '204'  # line length is checked by yamllint
-  - '401'  # git checkout must contain explicit version
-  - '701'  # 7xx is about ansible galaxy guidelines
-  - '702'
-  - '703'

.gitlab-ci.yml

 ---
 
-image: registry.git.fsmpi.rwth-aachen.de/infra/ci-containers/fsmpi-ansible:bullseye
+image: alpine:3.17
 
 variables:
   GIT_SUBMODULE_STRATEGY: recursive
 
 before_script:
+  - apk --no-cache add ansible ansible-lint yamllint ripgrep black
   - export LANG=en_US.UTF-8
   - chmod o-w .
   - ansible --version
@@ -19,5 +20,11 @@ test:
   stage: test
   script:
     - yamllint .
-    - ansible-lint ./*/
+    - >-
+      ansible-lint
+      --format codeclimate
+      > codeclimate.json
     - "! rg --fixed-strings 'passwordstore' ./*/templates"
+  artifacts:
+    reports:
+      codequality: codeclimate.json

alertmanager/handlers/main.yml

 ---
 
 - name: Restart alertmanager
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus-alertmanager.service
     state: restarted
 
 - name: Reload alertmanager
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus-alertmanager.service
     state: reloaded

alertmanager/tasks/main.yml

 ---
 
 - name: Install alertmanager
-  apt:
+  ansible.builtin.apt:
     name: prometheus-alertmanager
     state: present
 
 - name: Configure alertmanager command arguments
-  template:
+  ansible.builtin.template:
     src: default.j2
     dest: /etc/default/prometheus-alertmanager
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart alertmanager
   tags:
     - config
 
 - name: Configure alertmanager
-  template:
+  ansible.builtin.template:
     src: alertmanager.yml.j2
     dest: /etc/prometheus/alertmanager.yml
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload alertmanager
   tags:

grafana/handlers/main.yml

 ---
 
 - name: Restart Grafana
-  systemd:
+  ansible.builtin.systemd:
     name: grafana-server.service
     state: restarted
 
 - name: Reload systemd
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: true

grafana/tasks/main.yml

 ---
 
 - name: Install Grafana repository keys
-  apt_key:
+  ansible.builtin.get_url:
     url: https://packages.grafana.com/gpg.key
-    state: present
+    dest: /etc/apt/trusted.gpg.d/grafana.asc
+    force: true
+    owner: root
+    group: root
+    mode: "0644"
   tags:
     - packages
     - repo
@@ -11,7 +15,7 @@
     - config
 
 - name: Install Grafana repo
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "deb https://packages.grafana.com/enterprise/deb stable main"
   tags:
     - packages
@@ -20,7 +24,7 @@
     - config
 
 - name: Install Grafana
-  apt:
+  ansible.builtin.apt:
     name:
       - grafana-enterprise
     state: present
@@ -29,7 +33,7 @@
     - grafana
 
 - name: Create systemd unit override directory
-  file:
+  ansible.builtin.file:
     path: /etc/systemd/system/grafana-server.service.d
     state: directory
     owner: root
@@ -40,7 +44,7 @@
     - config
 
 - name: Configure Grafana systemd service
-  copy:
+  ansible.builtin.copy:
     src: grafana-server-override.service
     dest: /etc/systemd/system/grafana-server.service.d/ansible-override.conf
     owner: root
@@ -54,7 +58,7 @@
     - config
 
 - name: Configure Grafana
-  template:
+  ansible.builtin.template:
     src: grafana.ini.j2
     dest: /etc/grafana/grafana.ini
     owner: root
@@ -67,7 +71,7 @@
     - grafana
 
 - name: Configure Grafana LDAP auth
-  template:
+  ansible.builtin.template:
     src: ldap.toml.j2
     dest: /etc/grafana/ldap.toml
     owner: root
@@ -81,7 +85,8 @@
     - config
     - grafana
 
-- import_tasks: postgres.yml
+- name: Configure Postgres for Grafana
+  ansible.builtin.import_tasks: postgres.yml
   when:
     - grafana_database is defined
     - grafana_database.type == "postgres"
@@ -90,10 +95,11 @@
     - grafana
     - postgres
 
-- meta: flush_handlers
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
 
 - name: Enable and start Grafana
-  systemd:
+  ansible.builtin.systemd:
     name: grafana-server.service
     state: started
     enabled: true

grafana/tasks/postgres.yml

 ---
 
-- become: true
+- name: Become postgres system user
+  become: true
   become_user: postgres
   block:
     - name: Create postgres user
-      postgresql_user:
+      community.postgresql.postgresql_user:
         name: grafana
         state: present
 
     - name: Create database
-      postgresql_db:
+      community.postgresql.postgresql_db:
         name: grafana
         owner: grafana
         state: present
 
     - name: Grant database privileges
-      postgresql_privs:
+      community.postgresql.postgresql_privs:
         database: grafana
         privs: ALL
         state: present

mysqld_exporter/handlers/main.yml

 ---
 
 - name: Restart mysqld_exporter
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus-mysqld-exporter.service
     state: restarted

mysqld_exporter/tasks/main.yml

 ---
 
 - name: Install mysqld_exporter
-  apt:
+  ansible.builtin.apt:
     name: prometheus-mysqld-exporter
     state: present
   when: ansible_distribution_major_version|int >= 10
@@ -10,7 +10,7 @@
     - prometheus-exporter
 
 - name: Install mysqld_exporter (stretch)
-  apt:
+  ansible.builtin.apt:
     name: prometheus-mysqld-exporter
     state: present
     default_release: stretch-backports
@@ -20,9 +20,12 @@
     - prometheus-exporter
 
 - name: Configure mysqld_exporter
-  template:
+  ansible.builtin.template:
     src: prometheus-mysqld-exporter.j2
     dest: /etc/default/prometheus-mysqld-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart mysqld_exporter
   tags:
@@ -31,9 +34,12 @@
     - config
 
 - name: Configure Prometheus server to scrape us
-  template:
+  ansible.builtin.template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/mysqld_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus

node_exporter/handlers/main.yml

 ---
 
 - name: Restart node_exporter
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus-node-exporter.service
     state: restarted

node_exporter/tasks/main.yml

 ---
 
 - name: Install node_exporter
-  apt:
+  ansible.builtin.apt:
     name: prometheus-node-exporter
     state: present
   when: ansible_distribution_major_version|int >= 10
@@ -10,7 +10,7 @@
     - prometheus-exporter
 
 - name: Install node_exporter (stretch)
-  apt:
+  ansible.builtin.apt:
     name: prometheus-node-exporter
     state: present
     default_release: stretch-backports
@@ -20,7 +20,7 @@
     - prometheus-exporter
 
 - name: Install additional node_exporter collectors
-  apt:
+  ansible.builtin.apt:
     name: prometheus-node-exporter-collectors
     state: present
   when: ansible_distribution_major_version|int >= 11
@@ -29,7 +29,7 @@
     - prometheus-exporter
 
 - name: Ensure smartmontools is present only on bare-metal hosts
-  apt:
+  ansible.builtin.apt:
     name: smartmontools
     state: >-
       {% if force_smartmontools_on_vm_guest or
@@ -41,9 +41,12 @@
       {%- endif %}
 
 - name: Configure node_exporter
-  template:
+  ansible.builtin.template:
     src: prometheus-node-exporter.j2
     dest: /etc/default/prometheus-node-exporter
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart node_exporter
   tags:
@@ -52,14 +55,18 @@
     - config
 
 - name: Configure Prometheus server to scrape us
-  template:
+  ansible.builtin.template:
     src: scrape.yml.j2
     dest: "/etc/prometheus/scrape/node_{{ ansible_fqdn }}.yml"
+    owner: root
+    group: root
+    mode: "0644"
   delegate_to: "{{ prometheus_host }}"
   tags:
     - prometheus
     - prometheus-exporter
     - config
 
-- import_tasks: needrestart.yml
+- name: Configure needrestart integration
+  ansible.builtin.import_tasks: needrestart.yml
   when: node_exporter_needrestart

node_exporter/tasks/needrestart.yml

 ---
 
 - name: Install needrestart
-  apt:
+  ansible.builtin.apt:
     name: needrestart
     state: present
   tags:
@@ -9,7 +9,7 @@
     - prometheus-exporter
 
 - name: Install needrestart2prom
-  get_url:
+  ansible.builtin.get_url:
     url: >-
       https://git.fsmpi.rwth-aachen.de/api/v4/projects/233/packages/generic/needrestart2prom/{{
       needrestart2prom_version }}/needrestart2prom-{{ ansible_system|lower }}-{{
@@ -24,7 +24,7 @@
     - prometheus-exporter
 
 - name: Configure needrestart2prom cronjob PATH
-  cron:
+  ansible.builtin.cron:
     cron_file: needrestart2prom
     user: root
     env: true
@@ -36,7 +36,7 @@
     - prometheus-exporter
 
 - name: Configure needrestart2prom cronjob
-  cron:
+  ansible.builtin.cron:
     cron_file: needrestart2prom
     user: root
     name: needrestart2prom

prometheus/handlers/main.yml

 ---
 
 - name: Restart prometheus
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus.service
     state: restarted
 
 - name: Reload prometheus
-  systemd:
+  ansible.builtin.systemd:
     name: prometheus.service
     state: reloaded

prometheus/tasks/main.yml

 ---
 
 - name: Install prometheus
-  apt:
+  ansible.builtin.apt:
     name:
       - prometheus
     state: present
@@ -9,9 +9,12 @@
     - prometheus
 
 - name: Configure prometheus command arguments
-  template:
+  ansible.builtin.template:
     src: default-prometheus.j2
     dest: /etc/default/prometheus
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Restart prometheus
   tags:
@@ -19,10 +22,13 @@
     - config
 
 - name: Configure prometheus
-  template:
+  ansible.builtin.template:
     src: prometheus.yml.j2
     dest: /etc/prometheus/prometheus.yml
     validate: "promtool check config %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags:
@@ -30,9 +36,12 @@
     - config
 
 - name: Create necessary directories
-  file:
+  ansible.builtin.file:
     path: "/etc/prometheus/{{ item }}"
     state: directory
+    owner: root
+    group: root
+    mode: "0755"
   with_items:
     - alertmanagers
     - rules
@@ -42,10 +51,13 @@
     - config
 
 - name: Configure rules
-  template:
+  ansible.builtin.template:
     src: "rules.yml.j2"
     dest: "/etc/prometheus/rules/ansible_rules.yml"
     validate: "promtool check rules %s"
+    owner: root
+    group: root
+    mode: "0644"
   notify:
     - Reload prometheus
   tags: