[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ansible-taler-exchange] branch master updated: address more linter warn
|
From: |
Admin |
|
Subject: |
[ansible-taler-exchange] branch master updated: address more linter warnings |
|
Date: |
Thu, 27 Feb 2025 17:35:50 +0100 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository ansible-taler-exchange.
The following commit(s) were added to refs/heads/master by this push:
new 75193ac address more linter warnings
75193ac is described below
commit 75193aceb38788c8790c93bf74cbfe79f20da483
Author: Florian Dold <florian@dold.me>
AuthorDate: Thu Feb 27 17:35:50 2025 +0100
address more linter warnings
---
.ansible-lint | 3 +
README | 2 +-
local.yml | 11 ++-
playbooks/setup.yml | 5 +-
.../{ansible-pull => ansible_pull}/tasks/main.yml | 32 ++++++--
.../templates/ansible-on-boot.service | 0
.../templates/ansible-pull.sh | 0
.../templates/pull.fact | 0
.../{ansible-pull => ansible_pull}/vars/main.yaml | 0
roles/auditor/handlers/main.yml | 2 +-
roles/auditor/tasks/main.yml | 28 ++++---
roles/borg-ssh-export/tasks/main.yml | 7 +-
roles/borg-start/tasks/main.yml | 7 +-
roles/challenger/handlers/main.yml | 2 +-
roles/challenger/tasks/post-exchange.yml | 9 +-
roles/challenger/tasks/pre-exchange.yml | 95 +++++++++++++---------
roles/common_packages/tasks/main.yml | 2 +-
roles/database/handlers/main.yml | 2 +-
roles/exchange/tasks/main.yml | 16 ++--
roles/libeufin-nexus/tasks/main.yml | 10 ++-
roles/pixel_borg/tasks/main.yml | 2 +-
21 files changed, 153 insertions(+), 82 deletions(-)
diff --git a/.ansible-lint b/.ansible-lint
index cbc9e34..8372f33 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -7,3 +7,6 @@ exclude_paths:
skip_list:
- var-naming
+ - role-name
+ - package-latest
+ - yaml[line-length]
diff --git a/README b/README
index 29e04fa..d52cae4 100644
--- a/README
+++ b/README
@@ -93,7 +93,7 @@ the setup playbook will be run on the container via ssh.
## Roles
-### ansible-pull
+### ansible_pull
This role setups an ansible-pull script on the host, as well as cronjob
which runs the ansible-pull script on regular interval.
diff --git a/local.yml b/local.yml
index b2a0624..5dcebd8 100644
--- a/local.yml
+++ b/local.yml
@@ -1,9 +1,12 @@
---
-- hosts: all
+
+# FIXME(dold): What does this file do / why do we need it?
+# FIXME(dold): Seems incomplete.
+
+- name: Local setup
+ hosts: all
roles:
- common_packages
- - ansible-pull
+ - ansible_pull
- webserver
- database
- - taler-packages
- - configuration
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
index 272cfba..aeced3d 100644
--- a/playbooks/setup.yml
+++ b/playbooks/setup.yml
@@ -3,11 +3,12 @@
hosts: all
pre_tasks:
- name: "Fail if secrets are not defined"
- ansible.builtin.fail: msg="Secrets are not defined (HAVE_SECRETS not
set)"
+ ansible.builtin.fail:
+ msg: "Secrets are not defined (HAVE_SECRETS not set)"
when: HAVE_SECRETS is undefined
roles:
- role: common_packages
- - role: ansible-pull
+ - role: ansible_pull
- role: webserver
- role: database
- role: libeufin-nexus
diff --git a/roles/ansible-pull/tasks/main.yml
b/roles/ansible_pull/tasks/main.yml
similarity index 55%
rename from roles/ansible-pull/tasks/main.yml
rename to roles/ansible_pull/tasks/main.yml
index ccb80c1..8c32d96 100644
--- a/roles/ansible-pull/tasks/main.yml
+++ b/roles/ansible_pull/tasks/main.yml
@@ -1,5 +1,6 @@
- name: Update apt cache
- apt: update_cache=yes
+ apt:
+ update_cache: true
- name: Install depends
apt:
@@ -10,23 +11,37 @@
file:
path: /etc/ansible/facts.d
state: directory
- recurse: yes
+ recurse: true
+ mode: "0700"
+ owner: root
+ group: root
- name: Make /etc/ansible/facts.d/pull.fact
template:
src: pull.fact
dest: /etc/ansible/facts.d/pull.fact
+ mode: "0700"
+ owner: root
+ group: root
-- name: recollect facts
+- name: Recollect facts
setup:
- name: Install the ansible-pull script
- template: src=ansible-pull.sh dest=/usr/sbin/run-ansible-pull mode=0755
owner=root group=root
+ template:
+ src: ansible-pull.sh
+ dest: /usr/sbin/run-ansible-pull
+ mode: "0755"
+ owner: root
+ group: root
- name: Install cronjob
- cron: name="Ansible Pull" minute="{{ ansible_local.pull.minute | default(59
| random) }}" job="/usr/sbin/run-ansible-pull"
+ cron:
+ name: "Ansible Pull"
+ minute: "{{ ansible_local.pull.minute | default(59 | random) }}"
+ job: /usr/sbin/run-ansible-pull
-- name: remove old ansible-pull on boot cronjob
+- name: Remove old ansible-pull on boot cronjob
cron:
name: run ansible on reboot
state: absent
@@ -35,8 +50,11 @@
template:
src: ansible-on-boot.service
dest: /etc/systemd/system/ansible-on-boot.service
+ mode: "0755"
+ owner: root
+ group: root
- name: Enable ansible pull on boot
service:
name: ansible-on-boot
- enabled: yes
+ enabled: true
diff --git a/roles/ansible-pull/templates/ansible-on-boot.service
b/roles/ansible_pull/templates/ansible-on-boot.service
similarity index 100%
rename from roles/ansible-pull/templates/ansible-on-boot.service
rename to roles/ansible_pull/templates/ansible-on-boot.service
diff --git a/roles/ansible-pull/templates/ansible-pull.sh
b/roles/ansible_pull/templates/ansible-pull.sh
similarity index 100%
rename from roles/ansible-pull/templates/ansible-pull.sh
rename to roles/ansible_pull/templates/ansible-pull.sh
diff --git a/roles/ansible-pull/templates/pull.fact
b/roles/ansible_pull/templates/pull.fact
similarity index 100%
rename from roles/ansible-pull/templates/pull.fact
rename to roles/ansible_pull/templates/pull.fact
diff --git a/roles/ansible-pull/vars/main.yaml
b/roles/ansible_pull/vars/main.yaml
similarity index 100%
rename from roles/ansible-pull/vars/main.yaml
rename to roles/ansible_pull/vars/main.yaml
diff --git a/roles/auditor/handlers/main.yml b/roles/auditor/handlers/main.yml
index 5463835..1fff601 100644
--- a/roles/auditor/handlers/main.yml
+++ b/roles/auditor/handlers/main.yml
@@ -1,4 +1,4 @@
-- name: restart nginx
+- name: Restart nginx
service:
name: nginx
state: restarted
diff --git a/roles/auditor/tasks/main.yml b/roles/auditor/tasks/main.yml
index 3f3083c..73f5af5 100644
--- a/roles/auditor/tasks/main.yml
+++ b/roles/auditor/tasks/main.yml
@@ -17,9 +17,10 @@
when: ansible_os_family == 'Debian'
- name: Ensure Taler auditor config dir exists from installation
- file:
+ ansible.builtin.stat:
path: "/etc/taler-auditor"
- state: directory
+ register: st
+ failed_when: not (st.stat.exists is defined and st.stat.exists)
- name: Ensure Taler letsencrypt auditor dir exists from installation
file:
@@ -27,7 +28,7 @@
state: directory
owner: www-data
group: www-data
- mode: 0755
+ mode: "0755"
- name: Ensure Taler auditor virtualhost configuration file exists
template:
@@ -35,7 +36,7 @@
dest: "/etc/nginx/sites-available/auditor-nginx.conf"
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: restart nginx
- name: Ensure Taler auditor HTTP virtualhost configuration file exists
@@ -44,7 +45,7 @@
dest: "/etc/nginx/sites-available/auditor-http.conf"
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: restart nginx
- name: Enable Taler HTTP auditor reverse proxy configuration
@@ -89,9 +90,10 @@
notify: restart nginx
- name: Ensure /etc/taler-auditor/conf.d/ directory exists
- file:
+ ansible.builtin.stat:
path: "/etc/taler-auditor/conf.d/"
- state: directory
+ register: st
+ failed_when: not (st.stat.exists is defined and st.stat.exists)
- name: Place taler-auditor master config
template:
@@ -99,10 +101,10 @@
dest: "/etc/taler-auditor/conf.d/taler-auditor-master.conf"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Setup Taler Auditor database
- shell:
+ ansible.builtin.command:
cmd: taler-auditor-dbconfig -c /etc/taler-auditor/taler-auditor.conf
chdir: /tmp
@@ -112,7 +114,7 @@
dest:
/etc/taler-auditor/secrets/auditor-accountcredentials-primary.secret.conf
owner: taler-auditor-httpd
group: root
- mode: 0400
+ mode: "0400"
- name: Grant access to exchange database
community.postgresql.postgresql_privs:
@@ -123,7 +125,7 @@
objs: ALL_IN_SCHEMA
role: taler-auditor-httpd
grant_option: false
- become: yes
+ become: true
become_user: postgres
- name: Grant access to exchange database versioning
@@ -135,7 +137,7 @@
objs: ALL_IN_SCHEMA
role: taler-auditor-httpd
grant_option: false
- become: yes
+ become: true
become_user: postgres
- name: Grant usage to exchange database versioning
@@ -147,7 +149,7 @@
objs: _v
role: taler-auditor-httpd
grant_option: false
- become: yes
+ become: true
become_user: postgres
- name: Ensure taler-auditor service is enabled and started
diff --git a/roles/borg-ssh-export/tasks/main.yml
b/roles/borg-ssh-export/tasks/main.yml
index 857f79a..49d06f7 100644
--- a/roles/borg-ssh-export/tasks/main.yml
+++ b/roles/borg-ssh-export/tasks/main.yml
@@ -13,12 +13,15 @@
file:
path: "/root/.ssh/"
state: directory
+ owner: root
+ group: root
+ mode: "0744"
- name: Create SSH key pair for use for backups by root
- ansible.builtin.shell:
+ ansible.builtin.command:
cmd: "ssh-keygen -P '' -t ed25519 -f /root/.ssh/borg"
creates: /root/.ssh/borg.pub
- become: yes
+ become: true
become_user: root
- name: Fetch file to local system
diff --git a/roles/borg-start/tasks/main.yml b/roles/borg-start/tasks/main.yml
index 0821460..2378a15 100644
--- a/roles/borg-start/tasks/main.yml
+++ b/roles/borg-start/tasks/main.yml
@@ -3,6 +3,9 @@
file:
path: "/root/bin/"
state: directory
+ owner: root
+ group: root
+ mode: "0700"
- name: Place shell script to do backups
ansible.builtin.template:
@@ -10,7 +13,7 @@
dest: /root/bin/borg-backup.sh
owner: root
group: root
- mode: 0700
+ mode: "0700"
- name: Check SSH key for backups exists
stat:
@@ -23,7 +26,7 @@
dest: /root/.ssh/config
owner: root
group: root
- mode: 0600
+ mode: "0600"
- name: Add host key for borg server
ansible.builtin.shell:
diff --git a/roles/challenger/handlers/main.yml
b/roles/challenger/handlers/main.yml
index 5463835..1fff601 100644
--- a/roles/challenger/handlers/main.yml
+++ b/roles/challenger/handlers/main.yml
@@ -1,4 +1,4 @@
-- name: restart nginx
+- name: Restart nginx
service:
name: nginx
state: restarted
diff --git a/roles/challenger/tasks/post-exchange.yml
b/roles/challenger/tasks/post-exchange.yml
index 5a29d0c..d488f10 100644
--- a/roles/challenger/tasks/post-exchange.yml
+++ b/roles/challenger/tasks/post-exchange.yml
@@ -5,7 +5,7 @@
dest: /etc/taler-exchange/secrets/challenger-sms.secret.conf
owner: taler-exchange-httpd
group: taler-exchange-kyc
- mode: 0440
+ mode: "0440"
- name: Place email challenger exchange config
ansible.builtin.template:
@@ -13,7 +13,7 @@
dest: /etc/taler-exchange/secrets/challenger-email.secret.conf
owner: taler-exchange-httpd
group: taler-exchange-kyc
- mode: 0440
+ mode: "0440"
- name: Place postal challenger exchange config
ansible.builtin.template:
@@ -21,12 +21,15 @@
dest: /etc/taler-exchange/secrets/challenger-postal.secret.conf
owner: taler-exchange-httpd
group: taler-exchange-kyc
- mode: 0440
+ mode: "0440"
- name: Place general challenger exchange config
copy:
src: files/etc/taler-exchange/conf.d/challenger.conf
dest: /etc/taler-exchange/conf.d/challenger.conf
+ owner: taler-exchange-httpd
+ group: taler-exchange-kyc
+ mode: "0740"
- name: Ensure taler-exchange service is is restarted with new configuration
service:
diff --git a/roles/challenger/tasks/pre-exchange.yml
b/roles/challenger/tasks/pre-exchange.yml
index 7abd5df..2b5e0b4 100644
--- a/roles/challenger/tasks/pre-exchange.yml
+++ b/roles/challenger/tasks/pre-exchange.yml
@@ -34,7 +34,7 @@
ansible.builtin.group:
name: challenger-sms
state: present
-
+
- name: Ensure user "challenger-sms" exists
ansible.builtin.user:
name: challenger-sms
@@ -47,7 +47,7 @@
ansible.builtin.group:
name: challenger-postal
state: present
-
+
- name: Ensure user "challenger-postal" exists
ansible.builtin.user:
name: challenger-postal
@@ -60,7 +60,7 @@
ansible.builtin.group:
name: challenger-email
state: present
-
+
- name: Ensure user "challenger-email" exists
ansible.builtin.user:
name: challenger-email
@@ -75,7 +75,7 @@
state: directory
owner: challenger-email
group: www-data
- mode: 0755
+ mode: "0755"
- name: Ensure /var/run/challenger-sms/ directory exists
file:
@@ -83,7 +83,7 @@
state: directory
owner: challenger-sms
group: www-data
- mode: 0755
+ mode: "0755"
- name: Ensure /var/run/challenger-postal/ directory exists
file:
@@ -91,12 +91,15 @@
state: directory
owner: challenger-postal
group: www-data
- mode: 0755
+ mode: "0755"
- name: Ensure Ansible facts directory exists
file:
path: "/etc/ansible/facts.d/"
state: directory
+ owner: root
+ group: root
+ mode: "0700"
- name: Ensure /etc/taler-exchange/secrets directory exists
file:
@@ -104,24 +107,30 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0750"
-- name: sms-challenger access secret setup
+- name: Secret setup for sms-challenger
ansible.builtin.shell:
- cmd: echo "[sms-challenger]\nCLIENT_SECRET=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/sms-challenger-client-secret.fact
+ cmd: |
+ set -o pipefail
+ echo "[sms-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random
count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/sms-challenger-client-secret.fact
creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact
-- name: email-challenger access secret setup
+- name: Secret setup for email-challenger
ansible.builtin.shell:
- cmd: echo "[email-challenger]\nCLIENT_SECRET=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/email-challenger-client-secret.fact
+ cmd: |
+ set -o pipefail
+ echo "[email-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random
count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/email-challenger-client-secret.fact
creates: /etc/ansible/facts.d/email-challenger-client-secret.fact
-- name: postal-challenger access secret setup
+- name: Secret setup for postal-challenger
ansible.builtin.shell:
- cmd: echo "[postal-challenger]\nCLIENT_SECRET=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/postal-challenger-client-secret.fact
+ cmd: |
+ set -o pipefail
+ echo "[postal-challenger]\nCLIENT_SECRET=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/postal-challenger-client-secret.fact
creates: /etc/ansible/facts.d/postal-challenger-client-secret.fact
-- name: sms-challenger force ansible to regather just created fact(s)
+- name: Force ansible to regather just created fact(s) about challenger
ansible.builtin.setup:
filter:
- 'sms-challenger-client-secret'
@@ -134,7 +143,7 @@
dest: "/etc/challenger/challenger-sms.conf"
owner: root
group: challenger-sms
- mode: 0640
+ mode: "0640"
- name: Place Postal challenger config
ansible.builtin.template:
@@ -142,7 +151,7 @@
dest: "/etc/challenger/challenger-postal.conf"
owner: root
group: challenger-postal
- mode: 0640
+ mode: "0640"
- name: Place email challenger config
ansible.builtin.template:
@@ -150,7 +159,7 @@
dest: "/etc/challenger/challenger-email.conf"
owner: root
group: challenger-email
- mode: 0640
+ mode: "0640"
- name: Place SMS challenger environment data
ansible.builtin.template:
@@ -158,7 +167,7 @@
dest: /etc/challenger/sms-challenger.env
owner: root
group: challenger-sms
- mode: 0640
+ mode: "0640"
- name: Place postal challenger environment data
ansible.builtin.template:
@@ -166,61 +175,74 @@
dest: /etc/challenger/postal-challenger.env
owner: root
group: challenger-postal
- mode: 0640
+ mode: "0640"
- name: Setup SMS Challenger database
- shell:
+ ansible.builtin.command:
cmd: challenger-dbconfig -c /etc/challenger/challenger-sms.conf -u
challenger-sms -n challenger-sms
chdir: /tmp
- name: Setup Postal Challenger database
- shell:
+ ansible.builtin.command:
cmd: challenger-dbconfig -c /etc/challenger/challenger-postal.conf -u
challenger-postal -n challenger-postal
chdir: /tmp
- name: Setup email Challenger database
- shell:
+ ansible.builtin.command:
cmd: challenger-dbconfig -c /etc/challenger/challenger-email.conf -u
challenger-email -n challenger-email
chdir: /tmp
-- name: sms-challenger force ansible to regather just created fact(s)
+- name: Force ansible to regather newly created fact(s) about sms-challenger
ansible.builtin.setup:
- name: Setup SMS Challenger exchange account
- shell:
- cmd: sudo -u challenger-sms challenger-admin -c
/etc/challenger/challenger-sms.conf --quiet --add={{
ansible_facts['ansible_local']['sms-challenger-client-secret']['sms-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger | awk '{print
"[sms-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/sms-challenger-client-id.fact
+ ansible.builtin.command:
+ cmd: |
+ set -o pipefail
+ sudo -u challenger-sms challenger-admin -c
/etc/challenger/challenger-sms.conf --quiet --add={{
ansible_facts['ansible_local']['sms-challenger-client-secret']['sms-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger | awk '{print
"[sms-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/sms-challenger-client-id.fact
chdir: /tmp
creates: /etc/ansible/facts.d/sms-challenger-client-id.fact
- name: Setup Email Challenger exchange account
- shell:
- cmd: sudo -u challenger-email challenger-admin -c
/etc/challenger/challenger-email.conf --quiet --add={{
ansible_facts['ansible_local']['email-challenger-client-secret']['email-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger | awk '{print
"[email-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/email-challenger-client-id.fact
+ ansible.builtin.command:
+ cmd: |
+ set -o pipefail
+ sudo -u challenger-email challenger-admin -c
/etc/challenger/challenger-email.conf --quiet --add={{
ansible_facts['ansible_local']['email-challenger-client-secret']['email-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger | awk '{print
"[email-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/email-challenger-client-id.fact
chdir: /tmp
creates: /etc/ansible/facts.d/email-challenger-client-id.fact
- name: Setup Postal Challenger exchange account
- shell:
- cmd: sudo -u challenger-postal challenger-admin -c
/etc/challenger/challenger-postal.conf --quiet --add={{
ansible_facts['ansible_local']['postal-challenger-client-secret']['postal-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger | awk '{print
"[postal-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/postal-challenger-client-id.fact
+ ansible.builtin.command:
+ cmd: |
+ set -o pipefail
+ sudo -u challenger-postal challenger-admin -c
/etc/challenger/challenger-postal.conf --quiet --add={{
ansible_facts['ansible_local']['postal-challenger-client-secret']['postal-challenger']['client_secret']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger | awk '{print
"[postal-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/postal-challenger-client-id.fact
chdir: /tmp
creates: /etc/ansible/facts.d/postal-challenger-client-id.fact
-- name: sms-challenger force ansible to regather just created fact(s)
+- name: Force ansible to regather fact(s) just created about sms-challenger
ansible.builtin.setup:
- name: Place sms-challenger systemd service file
copy:
src: etc/systemd/system/sms-challenger-httpd.service
dest: /etc/systemd/system/sms-challenger-httpd.service
+ owner: root
+ group: root
+ mode: "0700"
- name: Place postal-challenger systemd service file
copy:
src: etc/systemd/system/postal-challenger-httpd.service
dest: /etc/systemd/system/postal-challenger-httpd.service
+ owner: root
+ group: root
+ mode: "0700"
- name: Place email-challenger systemd service file
copy:
src: etc/systemd/system/email-challenger-httpd.service
dest: /etc/systemd/system/email-challenger-httpd.service
+ mode: "0700"
- name: Ensure SMS challenger service is enabled and started
ansible.builtin.systemd_service:
@@ -247,7 +269,7 @@
dest: /etc/nginx/sites-available/sms-challenger-http.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Place SMS challenger Nginx configuration
ansible.builtin.template:
@@ -255,7 +277,7 @@
dest: /etc/nginx/sites-available/sms-challenger-nginx.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Enable SMS challenger HTTP reverse proxy configuration
file:
@@ -270,7 +292,7 @@
dest: /etc/nginx/sites-available/email-challenger-http.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Place email challenger Nginx configuration
ansible.builtin.template:
@@ -278,7 +300,7 @@
dest: /etc/nginx/sites-available/email-challenger-nginx.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Enable email challenger HTTP reverse proxy configuration
file:
@@ -293,7 +315,7 @@
dest: /etc/nginx/sites-available/postal-challenger-http.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Place postal challenger Nginx configuration
ansible.builtin.template:
@@ -301,7 +323,7 @@
dest: /etc/nginx/sites-available/postal-challenger-nginx.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Enable postal challenger HTTP reverse proxy configuration
file:
@@ -404,4 +426,3 @@
dest: /etc/nginx/sites-enabled/postal-challenger-nginx.conf
state: link
notify: restart nginx
-
diff --git a/roles/common_packages/tasks/main.yml
b/roles/common_packages/tasks/main.yml
index 9fea96d..c55bfcc 100644
--- a/roles/common_packages/tasks/main.yml
+++ b/roles/common_packages/tasks/main.yml
@@ -83,7 +83,7 @@
args:
chdir: /etc/ssl/private/
creates: /etc/ssl/private/dhparam.pem
- when: (USE_PREGENERATED_DHPARAM | default(False)) == False
+ when: not (USE_PREGENERATED_DHPARAM | default(False))
- name: Deploy pregenerated dhparam.pem
copy:
diff --git a/roles/database/handlers/main.yml b/roles/database/handlers/main.yml
index f282c2d..29064ba 100644
--- a/roles/database/handlers/main.yml
+++ b/roles/database/handlers/main.yml
@@ -1,4 +1,4 @@
-- name: restart postgresql
+- name: Restart postgresql
service:
name: postgresql
state: restarted
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
index 0f66ad2..4cfce9a 100644
--- a/roles/exchange/tasks/main.yml
+++ b/roles/exchange/tasks/main.yml
@@ -75,9 +75,10 @@
notify: restart nginx
- name: Ensure /etc/taler-exchange/config.d/ directory exists
- file:
+ ansible.builtin.stat:
path: "/etc/taler-exchange/conf.d/"
- state: directory
+ register: st
+ failed_when: not (st.stat.exists defined and st.stat.exists)
- name: Place taler-exchange business config
ansible.builtin.template:
@@ -95,10 +96,11 @@
group: root
mode: "0644"
-- name: Ensure /etc/taler-exchange/secrets/ directory exists
- file:
+- name: Check that /etc/taler-exchange/secrets/ directory exists
+ ansible.builtin.stat:
path: "/etc/taler-exchange/secrets/"
- state: directory
+ register: st
+ failed_when: not (st.stat.exists is defined and st.stat.exists)
- name: Place taler-exchange account credentials
ansible.builtin.template:
@@ -142,6 +144,10 @@
copy:
src: files/etc/taler-exchange/conf.d/kyc-rules.conf
dest: /etc/taler-exchange/conf.d/kyc-rules.conf
+ owner: root
+ group: root
+ mode: "0744"
+
when: have_kycrules.stat.exists
- name: Setup Taler Exchange database
diff --git a/roles/libeufin-nexus/tasks/main.yml
b/roles/libeufin-nexus/tasks/main.yml
index c5da77b..7a531a9 100644
--- a/roles/libeufin-nexus/tasks/main.yml
+++ b/roles/libeufin-nexus/tasks/main.yml
@@ -27,16 +27,24 @@
file:
path: "/etc/libeufin"
state: directory
+ mode: "0755"
+ owner: root
+ group: root
# FIXME: is this needed or always there in Ansible?
- name: Ensure Ansible facts directory dir exists
file:
path: "/etc/ansible/facts.d/"
state: directory
+ mode: "0755"
+ owner: root
+ group: root
- name: Libeufin-nexus access secret setup
ansible.builtin.shell:
- cmd: echo "[libeufin-nexus]\nAUTH_BEARER_TOKEN=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/libeufin-nexus-access-token.fact
+ cmd: |
+ set -o pipefail
+ echo "[libeufin-nexus]\nAUTH_BEARER_TOKEN=secret-token:$(dd
if=/dev/random count=1 bs=32 status=none | gnunet-base32)" >
/etc/ansible/facts.d/libeufin-nexus-access-token.fact
creates: /etc/ansible/facts.d/libeufin-nexus-access-token.fact
- name: Libeufin-nexus force ansible to regather just created fact(s)
diff --git a/roles/pixel_borg/tasks/main.yml b/roles/pixel_borg/tasks/main.yml
index 3cdc33f..87cae6d 100644
--- a/roles/pixel_borg/tasks/main.yml
+++ b/roles/pixel_borg/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Install Borg package
- apt:
+ ansible.builtin.apt:
name:
- borgbackup
state: latest
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [ansible-taler-exchange] branch master updated: address more linter warnings,
Admin <=