Commit 24745520 authored by Lars Beckers's avatar Lars Beckers
Browse files

lint yaml files

parent 3fe60124
---
extends: default
rules:
comments-indentation:
level: warning
document-start:
level: error
empty-lines:
max: 1
empty-values:
forbid-in-flow-mappings: true
forbid-in-block-mappings: true
line-length:
level: warning
octal-values:
forbid-implicit-octal: true
level: warning
......@@ -2,4 +2,3 @@
- name: restart apcupsd
service: name=apcupsd state=restarted
......@@ -2,59 +2,75 @@
# file: roles/baremetal/tasks/apcupsd.yml
- name: ensure apcupsd is installed
apt: state=present name=apcupsd
apt:
state: present
name: apcupsd
notify:
- restart apcupsd
tags:
- usv
- packages
- name: ensure apcupsd is configured
template: src=apcupsd.conf.j2 dest=/etc/apcupsd/apcupsd.conf owner=root group=root mode=0644
template:
src: apcupsd.conf.j2
dest: /etc/apcupsd/apcupsd.conf
owner: root
group: root
mode: '0644'
notify:
- restart apcupsd
tags:
- usv
- config
- name: gather apcupsd killpower files
local_action: stat path=apcupsd/killpower/{{ ansible_hostname }}
register: killpower
tags:
- usv
- config
- name: ensure apcupsd killpower is configured
copy: src=apcupsd/killpower/{{ ansible_hostname }} dest=/etc/apcupsd/killpower owner=root group=root mode=0755
copy:
src: apcupsd/killpower/{{ ansible_hostname }}
dest: /etc/apcupsd/killpower
owner: root
group: root
mode: '0755'
when: killpower.stat.exists
tags:
- usv
- config
- name: gather apcupsd onbattery files
local_action: stat path=apcupsd/onbattery/{{ ansible_hostname }}
register: onbattery
tags:
- usv
- config
- name: ensure apcupsd onbattery is configured
copy: src=apcupsd/onbattery/{{ ansible_hostname }} dest=/etc/apcupsd/onbattery owner=root group=root mode=0755
copy:
src: apcupsd/onbattery/{{ ansible_hostname }}
dest: /etc/apcupsd/onbattery
owner: root
group: root
mode: '0755'
when: onbattery.stat.exists
tags:
- usv
- config
- name: ensure on vm hosts there is our fancy onbattery script
copy: src=apcupsd/vm-onbattery.py dest=/etc/apcupsd/onbattery.py owner=root group=root mode=0755
copy:
src: apcupsd/vm-onbattery.py
dest: /etc/apcupsd/onbattery.py
owner: root
group: root
mode: '0755'
when: "'vm' in ansible_hostname"
tags:
- usv
- config
- name: ensure apcupsd is enabled and running
service: name=apcupsd state=started enabled=yes
service:
name: apcupsd
state: started
enabled: true
tags:
- usv
- service
......@@ -2,15 +2,18 @@
# file: roles/server/tasks/apticron.yml
- name: ensure apticron is installed
apt: name=apticron state=latest
apt:
name: apticron
state: present
tags:
- packages
- server
- apticron
- name: ensure our apticron config is deployed
template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf owner=root group=root mode=0644
template:
src: apticron.conf.j2
dest: /etc/apticron/apticron.conf
owner: root
group: root
mode: '0644'
tags:
- config
- server
- apticron
......@@ -5,4 +5,3 @@
service:
name: lldpd
state: restarted
......@@ -20,7 +20,7 @@
dest: /etc/default/lldpd
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- restart lldpd
tags:
......@@ -30,7 +30,7 @@
service:
name: lldpd
state: started
enabled: yes
enabled: true
tags:
- baremetal
......
......@@ -2,4 +2,3 @@
- name: update apt cache
apt: update_cache=yes
......@@ -7,7 +7,7 @@
dest: /etc/motd
owner: root
group: root
mode: 0644
mode: '0644'
when:
- branding_motd is defined
- branding_motd != ""
......@@ -21,7 +21,7 @@
dest: /etc/issue.net
owner: root
group: root
mode: 0644
mode: '0644'
when:
- branding_issuenet is defined
- branding_issuenet != ""
......@@ -35,20 +35,20 @@
dest: /root/.gitconfig
owner: root
group: root
mode: 0640
mode: '0640'
tags:
- branding
- shell
- root
- name: ensure dir for CA certs exisits
file:
path: /etc/ssl/certs
state: directory
owner: root
group: root
mode: 0755
recurse: yes
mode: '0755'
recurse: true
tags:
- branding
- tls
......@@ -59,7 +59,7 @@
dest: "/etc/ssl/certs/{{ item|basename }}"
owner: root
group: root
mode: 0644
mode: '0644'
with_items: "{{ branding_cacerts }}"
when: branding_cacerts is defined
tags:
......@@ -101,4 +101,3 @@
tags:
- branding
- repos
......@@ -9,27 +9,35 @@
state: latest
tags:
- cups-client
- packages
- name: ensure there is a cups folder
file: path=/etc/cups state=directory
file:
path: /etc/cups
state: directory
tags:
- cups-client
- packages
- name: ensure cups-client is properly configured
template: src=cups-client.conf.j2 dest=/etc/cups/client.conf owner=root group=root mode=0644
template:
src: cups-client.conf.j2
dest: /etc/cups/client.conf
owner: root
group: root
mode: '0644'
tags:
- cups-client
- config
# currently this is fsmpi-only
- name: ensure we got a usable shell printing interface
copy: src=drucken.py dest=/usr/local/bin/drucken owner=root group=root mode=0755
copy:
src: drucken.py
dest: /usr/local/bin/drucken
owner: root
group: root
mode: '0755'
when: domain == "fsmpi.rwth-aachen.de"
tags:
- cups-client
- fsmpi
- software
- meta: flush_handlers
......@@ -2,14 +2,16 @@
# file: roles/custom-sudoers/tasks/main.yml
- name: ensure deployment of customized sudoers
template: src=sudoers.j2 dest=/etc/sudoers.d/custom owner=root group=root mode=0440
template:
src: sudoers.j2
dest: /etc/sudoers.d/custom
owner: root
group: root
mode: '0440'
tags:
- sudo
- config
- name: check whole sudo config
command: visudo -q -c -f /etc/sudoers
tags:
- sudo
- test
......@@ -26,17 +26,17 @@
dest: /root/.ssh/debian_updates
owner: root
group: root
mode: 0600
mode: '0600'
tags:
- debian-updates
# https://github.com/ansible/ansible/issues/27699
- name: ensure fucking git module is able to clone
- name: ensure git module is able to clone
command: mount -o remount,exec /tmp
tags:
- debian-updates
- name: ensure the git is at the current revision
- name: ensure git is at the current revision
git:
repo: git@git.fsmpi.rwth-aachen.de:larsb/debian-updates.git
dest: /opt/debian-updates
......@@ -45,7 +45,7 @@
tags:
- debian-updates
- name: ensure fucking git module is not able to clone anymore
- name: ensure git module is not able to clone anymore
command: mount -o remount,noexec /tmp
tags:
- debian-updates
......@@ -54,22 +54,22 @@
copy:
src: /opt/debian-updates/apticron.json.example
dest: /opt/debian-updates/apticron.json
mode: 0666 # mail is delivered by nobody
mode: '0666' # mail is delivered by nobody
owner: root
group: root
remote_src: True
force: False
remote_src: true
force: false
tags:
- debian-updates
- name: ensure the lock file exists
copy:
content: "" # no, the file module is not sufficient
content: "" # no, the file module is not sufficient
dest: /opt/debian-updates/.json-sync.lock
owner: root
group: root
mode: 0666 # mail is delivered by nobody
force: False
mode: '0666' # mail is delivered by nobody
force: false
tags:
- debian-updates
......@@ -77,7 +77,7 @@
template:
src: config.py.j2
dest: /opt/debian-updates/config.py
mode: 0644
mode: '0644'
owner: root
group: root
tags:
......@@ -93,6 +93,7 @@
- name: ensure apticron messages are retrieved
lineinfile:
# yamllint disable-line rule:line-length
line: '{{ apticron_to|regex_replace("@.*$") }}:"|/opt/debian-updates/receive.py"'
path: /etc/aliases
state: present
......@@ -100,4 +101,3 @@
- rebuild alias database
tags:
- debian-updates
......@@ -9,4 +9,3 @@
command: python setup.py egg_info
args:
chdir: /opt/ansible
......@@ -7,10 +7,10 @@
- python-jinja2
- python-paramiko
- python-cryptography
- python-sphinx # documentation
- python-sphinx # documentation
- python-packaging
- asciidoc # documentation
- squashfs-tools # needed for guest-overlay
- asciidoc # documentation
- squashfs-tools # needed for guest-overlay
state: present
tags:
- management
......@@ -19,7 +19,7 @@
- name: ensure ansible is up to date
git:
dest: /opt/ansible
recursive: yes
recursive: true
repo: https://github.com/ansible/ansible.git
version: "{{ mgmt_ansible_version }}"
notify:
......@@ -35,7 +35,7 @@
dest: /etc/profile.d/ansible.sh
owner: root
group: root
mode: 0644
mode: '0644'
tags:
- management
- ansible
......
......@@ -2,17 +2,18 @@
# file: roles/nullmailer/tasks/main.yml
- name: ensure nullmailer is installed
apt: name=nullmailer state=latest
apt:
name: nullmailer
state: present
notify:
- restart nullmailer
tags:
- packages
- nullmailer
- name: ensure other smtp daemons are uninstalled
apt:
state: absent
purge: yes
purge: true
name:
- exim4
- postfix
......@@ -30,67 +31,62 @@
- exim4-daemon-heavy
- exim4-daemon-light
tags:
- packages
- nullmailer
- name: ensure nullmailer got a hostname
template: src=me.j2 dest=/etc/nullmailer/me owner=root group=root mode=0644
template:
src: "{{ item }}.j2"
dest: "/etc/nullmailer/{{ item }}"
owner: root
group: root
mode: '0644'
with_items:
- me
- defaultdomain
- defaulthost
- remotes
notify:
- restart nullmailer
tags:
- config
- nullmailer
- name: ensure nullmailer got a default domain
template: src=defaultdomain.j2 dest=/etc/nullmailer/defaultdomain owner=root group=root mode=0644
notify:
- restart nullmailer
tags:
- config
- nullmailer
- name: ensure the system got a default domain
template: src=defaultdomain.j2 dest=/etc/mailname owner=root group=root mode=0644
template:
src: defaultdomain.j2
dest: /etc/mailname
owner: root
group: root
mode: '0644'
notify:
- restart nullmailer
tags:
- config
- nullmailer
- name: ensure nullmailer got a default mailhost suffix
template: src=defaulthost.j2 dest=/etc/nullmailer/defaulthost owner=root group=root mode=0644
notify:
- restart nullmailer
tags:
- config
- nullmailer
- name: ensure nullmailer has no admin address
file: state=absent path=/etc/nullmailer/adminaddr
file:
state: absent
path: /etc/nullmailer/adminaddr
notify:
- restart nullmailer
tags:
- config
- nullmailer
- name: ensure we got some aliases in case they are needed
template: src=aliases.j2 dest=/etc/aliases owner=root group=root mode=0644
tags:
- config
- nullmailer
- name: ensure nullmailer got some remotes to send mail to
template: src=remotes.j2 dest=/etc/nullmailer/remotes owner=root group=root mode=0644
notify:
- restart nullmailer
template:
src: aliases.j2
dest: /etc/aliases
owner: root
group: root
mode: '0644'
tags:
- config
- nullmailer
- name: ensure nullmailer is enabled and running
service: name=nullmailer state=started enabled=yes
service:
name: nullmailer
state: started
enabled: true
tags:
- service
- nullmailer
- meta: flush_handlers
---
# file: roles/texlive/tasks/main.yml
# this should be a real subset of texlive-full but not more than necessary
- name: ensure texlive is installed
apt:
......@@ -20,31 +19,30 @@
- texlive-bibtex-extra
- biber
state: present
install_recommends: no
install_recommends: false
tags:
- texlive
- packages
- name: ensure some texlive recommandations are installed
- name: ensure some texlive recommendations are installed
apt:
name:
- ghostscript
- lmodern
- texlive-fonts-recommended-doc
- ghostscript
- lmodern
- texlive-fonts-recommended-doc
- tex-gyre
- texlive-humanities-doc
- texlive-latex-base-doc
- texlive-humanities-doc
- texlive-latex-base-doc
- texlive-latex-extra-doc
- prosper
- texlive-latex-recommended-doc
- texlive-pictures-doc
- prerex
- texlive-publishers-doc
- texlive-latex-recommended-doc
- texlive-pictures-doc
- prerex
- texlive-publishers-doc
- texlive-science-doc
- libfile-mimeinfo-perl
- libnet-dbus-perl
- libx11-protocol-perl
- x11-utils
- libfile-mimeinfo-perl
- libnet-dbus-perl
- libx11-protocol-perl
- x11-utils
- x11-xserver-utils
- texlive-lang-greek
- fonts-cmu
......@@ -52,44 +50,24 @@
- texlive-fonts-extra
- texlive-generic-extra
state: present
install_recommends: no
install_recommends: false
tags:
- texlive
- packages
- name: ensure some texlive recommandations are installed for jessie
apt: name=fonts-droid state=latest install_recommends=no
- name: ensure some texlive recommendations are installed for jessie
apt:
name: fonts-droid
state: present
install_recommends: false
when: ansible_distribution_release == "jessie"
tags:
- texlive
- packages
- name: ensure some texlive recommandations are installed for stretch
apt: name=fonts-droid-fallback state=latest install_recommends=no
- name: ensure some texlive recommendations are installed for stretch
apt:
name: fonts-droid-fallback
state: present
install_recommends: false
when: ansible_distribution_release == "stretch"
tags:
- texlive
- packages
#- name: figure out if texlive is installed
# command: dpkg -L texlive-full
# failed_when: False
# changed_when: False
# register: texlive_installed
# tags:
# - texlive
# - packages
# we do not check here for unmet dependencies because apt and dpkg do not let
# us know about stuff easily for a single package, also apt wants to correct,
# if any. because install actions fail with apt when there are broken deps and
# we got some update everything tasks, this should be handled anyway.
#- name: ensure texlive is installed
# apt: name=texlive-full state=latest
# when: texlive_installed.rc == 1
# tags:
# - texlive
# - packages