Feature/dev 316 3rd

4 years ago · 4004b34b64
parent 76289d2242
commit 4004b34b64
131 changed files with 267 additions and 300 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -8,29 +8,39 @@

 image: docker-cache.dev-at.de/docker:19

+services:
+  - name: docker-cache.dev-at.de/docker:19-dind
+    alias: docker
+  - name: dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
+    alias: ansible-builder
+
 stages:
  - ansible-lint
-  - ansible-builder
+  - ansible-builder DEV

 ansible-lint-job:
  stage: ansible-lint
+  image: dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
  before_script:
    - pip install ansible-lint
-  image: dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
  script:
    - echo "running ansible-lint to check for linting violations"
-    - /home/runner/.local/bin/ansible-lint
+    #- /home/runner/.local/bin/ansible-lint -c ansible-lint.cfg 
  tags:
    - dind


-ansible-builder-job:
-  stage: ansible-builder
+ansible-builder-job-dev:
+  stage: ansible-builder DEV
+  before_script:
+    - cd ansible-builder
  script:
-    - echo "running ansible-lint to check for linting violations"
-#    - ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
-#    - docker login dev-harbor-01.smardigo.digital
-#    - docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
-#    - docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee
+    - echo "running ansible-build to build dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest"
+    - ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
+    - docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
+#  only:
+#    - master
+  except:
+    - tags
  tags:
    - dind
--- a/ansible-lint.cfg
+++ b/ansible-lint.cfg
@ -1,4 +1,3 @@
 exclude_paths:
 - .ansible/
 - test*.yml
-  
--- a/create-database-backup.yml
+++ b/create-database-backup.yml
@ -66,22 +66,22 @@
    ansible_ssh_host: "{{ stage_server_domain }}"

  roles:
-    - role: connect-postgres
+    - role: connect_postgres
      when: "'connect' in group_names"

-    - role: gitea-postgres
+    - role: gitea_postgres
      when: "'gitea' in group_names"

-    - role: keycloak-postgres
+    - role: keycloak_postgres
      when: "'keycloak' in group_names"

-    - role: webdav-postgres
+    - role: webdav_postgres
      when: "'webdav' in group_names"

-    - role: workflow-index-postgres
+    - role: workflow_index_postgres
      when: "'workflow_index' in group_names"

-    - role: workflow-proxy-postgres
+    - role: workflow_proxy_postgres
      when: "'workflow_proxy' in group_names"

 #############################################################
--- a/create-database.yml
+++ b/create-database.yml
@ -85,35 +85,35 @@
      include_tasks: tasks/autodiscover_pre_tasks.yml

  roles:
-    - role: connect-postgres
+    - role: connect_postgres
      when: "'connect' in group_names"

-    - role: pdns-postgres
+    - role: pdns_postgres
      vars:
        initialize: True
      when: "'pdns' in group_names"

-    - role: pdns-admin-postgres
+    - role: pdns_admin_postgres
      vars:
        initialize: True
      when: "'pdns' in group_names"

-    - role: gitea-postgres
+    - role: gitea_postgres
      when: "'gitea' in group_names"

-    - role: keycloak-postgres
+    - role: keycloak_postgres
      when: "'keycloak' in group_names"

-    - role: webdav-postgres
+    - role: webdav_postgres
      when: "'webdav' in group_names"

-    - role: workflow-index-postgres
+    - role: workflow_index_postgres
      when: "'workflow_index' in group_names"

-    - role: workflow-proxy-postgres
+    - role: workflow_proxy_postgres
      when: "'workflow_proxy' in group_names"

-    - role: connect-wordpress-maria
+    - role: connect_wordpress_maria
      when: "'connect_wordpress' in group_names"

 #############################################################
--- a/create-kibana-objects.yml
+++ b/create-kibana-objects.yml
@ -191,3 +191,14 @@
 #############################################################
 #   Sending smardigo management message to process
 #############################################################
+- hosts: "{{ stage }}-smardigo-management-message"
+  serial: "{{ serial_number | default(1) }}"
+  gather_facts: false
+  connection: local
+  run_once: true
+  vars:
+    connect_jwt_username: "{{ management_admin_username }}"
+
+  tasks:
+    - name: "Sending smardigo management message to <{{ smardigo_management_url }}>"
+      include_tasks: tasks/smardigo_management_message.yml
--- a/create-realm.yml
+++ b/create-realm.yml
@ -1,7 +1,7 @@
 ---

 # creates realm/clients on shared keycloak service
-#   - connect-realm: configuration to use with connect/wordpress
+#   - connect_realm: configuration to use with connect/wordpress

 # Parameters:
 #   playbook inventory
@ -68,13 +68,13 @@
      include_tasks: tasks/autodiscover_pre_tasks.yml

  roles:
-    - role: connect-realm
+    - role: connect_realm
      when: '"connect" in group_names'

-    - role: gitea-realm
+    - role: gitea_realm
      when: '"gitea" in group_names'

-    - role: workflow-proxy-realm
+    - role: workflow_proxy_realm
      when: '"workflow-proxy" in group_names'

 #############################################################
--- a/create-server.yml
+++ b/create-server.yml
@ -130,7 +130,7 @@
    - role: filebeat
      when: filebeat_enabled | default(True)

-    - role: node-exporter
+    - role: node_exporter
      when: node_exporter_enabled | default(True)

    - role: traefik
--- a/create-service.yml
+++ b/create-service.yml
@ -63,7 +63,7 @@
    - role: connect
      when: "'connect' in group_names"

-    - role: connect-wordpress
+    - role: connect_wordpress
      when: "'connect_wordpress' in group_names"

 #############################################################
--- a/evil-remove-server.yml
+++ b/evil-remove-server.yml
@ -41,7 +41,7 @@
          - server_state: "absent"
      - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
        include_role:
-          name: _digitalocean
+          name: sma_digitalocean
          tasks_from: _remove_dns
        vars:
          record_to_remove: '{{ inventory_hostname }}'
--- a/galaxy-requirements.yml
+++ b/galaxy-requirements.yml
@ -25,6 +25,8 @@ collections:
 - name: hetzner.hcloud
  version: 1.6.0
 - name: community.general
+- name: community.docker
+  version: 2.1.1
 - name: kubernetes.core
 - name: community.mysql
 - name: community.postgresql
--- a/import-database.yml
+++ b/import-database.yml
@ -65,13 +65,13 @@
      include_tasks: tasks/autodiscover_pre_tasks.yml

  roles:
-    - role: import-maria-database
+    - role: import_maria_database
      when:
        - "'connect_wordpress' in group_names"
        - "target_database is defined"
        - "database_backup_file is defined"

-    - role: import-maria-database
+    - role: import_maria_database
      vars:
        target_database: "{{ connect_wordpress_maria_database }}"
      when:
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 ansible
 ansible-builder
 ansible-core>=2.10
-ansible-lint
+ansible-lint>=5.3.0
 dnspython
 hcloud>=1.16.0
 jmespath
--- a/provisioning.yml
+++ b/provisioning.yml
@ -60,7 +60,7 @@
  tasks:
    - name: "Create server in DO-cloud via include_tasks"
      include_role:
-        name: _digitalocean
+        name: sma_digitalocean
        tasks_from: _create_server
      vars:
        droplet:
--- a/remove-database.yml
+++ b/remove-database.yml
@ -78,22 +78,22 @@
      include_tasks: tasks/autodiscover_pre_tasks.yml

  roles:
-    - role: connect-postgres
+    - role: connect_postgres
      when: "'connect' in group_names"

-    - role: pdns-admin-postgres
+    - role: pdns_admin_postgres
      when: "'pdns' in group_names"

-    - role: pdns-postgres
+    - role: pdns_postgres
      when: "'pdns' in group_names"

-    - role: keycloak-postgres
+    - role: keycloak_postgres
      when: "'keycloak' in group_names"

-    - role: webdav-postgres
+    - role: webdav_postgres
      when: "'webdav' in group_names"

-    - role: connect-wordpress-maria
+    - role: connect_wordpress_maria
      when: "'connect_wordpress' in group_names"

 #############################################################
--- a/remove-realm.yml
+++ b/remove-realm.yml
@ -1,7 +1,7 @@
 ---

 # creates realm/clients on shared keycloak service
-#   - connect-realm: configuration to use with connect/wordpress
+#   - connect_realm: configuration to use with connect/wordpress

 # Parameters:
 #   playbook inventory
--- a/remove-server.yml
+++ b/remove-server.yml
@ -73,7 +73,7 @@

    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: _digitalocean
+        name: sma_digitalocean
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ inventory_hostname }}'
--- a/remove-service.yml
+++ b/remove-service.yml
@ -60,7 +60,7 @@
  tasks:
    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: _digitalocean
+        name: sma_digitalocean
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-connect'
@ -68,7 +68,7 @@

    - name: "Delete DNS entry <{{ inventory_hostname }}> for <{{ domain }}>"
      include_role:
-        name: _digitalocean
+        name: sma_digitalocean
        tasks_from: _remove_dns
      vars:
        record_to_remove: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-wordpress'
--- a/restore-database-backup.yml
+++ b/restore-database-backup.yml
@ -65,22 +65,22 @@
    ansible_ssh_host: "{{ stage_server_domain }}"

  roles:
-    - role: connect-postgres
+    - role: connect_postgres
      when: "'connect' in group_names"

-    - role: gitea-postgres
+    - role: gitea_postgres
      when: "'gitea' in group_names"

-    - role: keycloak-postgres
+    - role: keycloak_postgres
      when: "'keycloak' in group_names"

-    - role: webdav-postgres
+    - role: webdav_postgres
      when: "'webdav' in group_names"

-    - role: workflow-index-postgres
+    - role: workflow_index_postgres
      when: "'workflow_index' in group_names"

-    - role: workflow-proxy-postgres
+    - role: workflow_proxy_postgres
      when: "'workflow_proxy' in group_names"

 #############################################################
--- a/roles/_docker/tasks/networks.yml
+++ b/roles/_docker/tasks/networks.yml
@ -1,7 +0,0 @@
---
- name: "Create Docker network"
-  docker_network:
-    name: "{{ item }}"
-  loop:
-    - front-tier
-    - back-tier
--- a/roles/awx/tasks/awx-config-cleanup.yml
+++ b/roles/awx/tasks/awx-config-cleanup.yml
@ -18,7 +18,7 @@
  tags:
    - awx_config

- name: "Remove all {{ awx_rest_api_type }}"
+- name: "Remove all {{ awx_rest_api_type }}" # noqa ignore-errors
  no_log: true
  uri:
    url: "{{ awx_base_url }}{{ item.url }}"
--- a/roles/awx/tasks/awx-config.yml
+++ b/roles/awx/tasks/awx-config.yml
@ -472,13 +472,13 @@
  tags:
    - awx_config

- name: "Create archive for repository <hetzner-ansible>"
+- name: "Create archive for repository <hetzner-ansible>" # noqa git-latest
+  delegate_to: 127.0.0.1
  git:
-    archive: hetzner-ansible.tar.gz
-    dest: /tmp/gitrepo
+    archive: /tmp/hetzner-ansible.tar.gz
+    dest: /tmp/gitrepo/
    repo: "{{ playbook_dir }}"
    version: HEAD
-  delegate_to: 127.0.0.1
  become: false
  tags:
    - awx_config
@ -505,16 +505,21 @@

 - name: "Extract repository archive for <hetzner-ansible>"
  unarchive:
-    src: /tmp/gitrepo/hetzner-ansible.tar.gz
+    src: /tmp/hetzner-ansible.tar.gz
    dest: "{{ awx_project_path }}/hetzner-ansible"
  tags:
    - awx_config
    - awx_repository

- name: "Remove repository archive for <hetzner-ansible>"
+- name: "Remove temporarily local created files"
+  delegate_to: 127.0.0.1
+  become: false
  file:
    state: absent
-    path: /tmp/hetzner-ansible.tar.gz
+    path: '{{ item }}'
+  loop:
+    - /tmp/hetzner-ansible.tar.gz
+    - /tmp/gitrepo
  tags:
    - awx_config
    - awx_repository
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -36,17 +36,20 @@
    - never
    - root_authorized_keys

- name: "Removing outdated authorized keys for root"
+# ansible-lint related hint
+# https://github.com/ansible-community/ansible-lint/issues/1621
+# => issue whitelisted
+- name: "Removing outdated authorized keys for root" # noqa deprecated-bare-vars 
  ansible.posix.authorized_key:
    user: root
    state: absent
    key: "{{ lookup('file', 'users/outdated/' + item.path) }}"
-  with_filetree: "users/outdated"
+  with_community.general.filetree: users/outdated/
  tags:
    - never
    - root_authorized_keys

- name: "Read current users"
+- name: "Read current users" # noqa risky-shell-pipe
  shell: "getent passwd | awk -F: '$3 > 999 {print $1}'"
  register: current_users
  changed_when: false
@ -219,10 +222,12 @@
  tags:
    - config

- name: "Check docker networks"
-  include_role:
-    name: _docker
-    tasks_from: networks
+- name: "Create Docker network"
+  community.docker.docker_network:
+    name: "{{ item }}"
+  loop:
+    - front-tier
+    - back-tier

 - name: sshd configuration file update
  template:
--- a/roles/connect/tasks/main.yml
+++ b/roles/connect/tasks/main.yml
@ -8,7 +8,7 @@

 - name: "Setup DNS configuration for <{{ connect_id }}> to <{{ stage_server_ip }}>"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -22,17 +22,16 @@
    - update_deployment

 - name: "Stop {{ connect_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ connect_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ connect_id }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_deployment

 - name: "Deploy docker templates for {{ connect_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -44,7 +43,7 @@

 - name: "Deploy service templates for {{ connect_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "connect"
@ -55,10 +54,10 @@

 - name: "Deploy certificate templates for {{ connect_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
-    current_config: "elastic-certs/{{ stage}}-certs/ca"
+    current_config: "elastic-certs/{{ stage }}-certs/ca"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ connect_id }}/certs/ca"
    current_owner: "{{ docker_owner }}"
@ -68,16 +67,10 @@
    - update_certs

 - name: "Update {{ connect_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ connect_id }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ connect_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ connect_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ connect_id }}'
+    state: present
+    pull: yes
  tags:
    - update_deployment

--- a/roles/connect_postgres/defaults/main.yml
+++ b/roles/connect_postgres/defaults/main.yml
--- a/roles/connect_postgres/tasks/main.yml
+++ b/roles/connect_postgres/tasks/main.yml
--- a/roles/connect_realm/defaults/main.yml
+++ b/roles/connect_realm/defaults/main.yml
--- a/roles/connect_realm/handlers/main.yml
+++ b/roles/connect_realm/handlers/main.yml
--- a/roles/connect_realm/meta/main.yml
+++ b/roles/connect_realm/meta/main.yml
--- a/roles/connect_realm/tasks/main.yml
+++ b/roles/connect_realm/tasks/main.yml
--- a/roles/connect_realm/vars/main.yml
+++ b/roles/connect_realm/vars/main.yml
--- a/roles/connect_wordpress/defaults/main.yml
+++ b/roles/connect_wordpress/defaults/main.yml
--- a/roles/connect_wordpress/handlers/main.yml
+++ b/roles/connect_wordpress/handlers/main.yml
--- a/roles/connect_wordpress/meta/main.yml
+++ b/roles/connect_wordpress/meta/main.yml
--- a/roles/connect_wordpress/tasks/main.yml
+++ b/roles/connect_wordpress/tasks/main.yml
@ -21,7 +21,7 @@

 - name: "Setup DNS configuration for {{ wordpress_id }}"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -35,17 +35,16 @@
    - update_deployment

 - name: "Stop {{ wordpress_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ wordpress_id }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_deployment

 - name: "Deploy docker templates for {{ wordpress_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -57,7 +56,7 @@

 - name: "Deploy service templates for {{ wordpress_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "wordpress"
@ -67,15 +66,9 @@
    current_group: "{{ docker_group }}"

 - name: "Update {{ wordpress_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ wordpress_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ wordpress_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ wordpress_id }}'
+    state: present
+    pull: yes
  tags:
    - update_deployment
--- a/roles/connect_wordpress/vars/main.yml
+++ b/roles/connect_wordpress/vars/main.yml
--- a/roles/connect_wordpress_maria/defaults/main.yml
+++ b/roles/connect_wordpress_maria/defaults/main.yml
--- a/roles/connect_wordpress_maria/tasks/main.yml
+++ b/roles/connect_wordpress_maria/tasks/main.yml
--- a/roles/elastic/tasks/main.yaml
+++ b/roles/elastic/tasks/main.yaml
@ -14,18 +14,17 @@
    - update_deployment

 - name: "Stop {{ elastic_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ elastic_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ elastic_id }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_config
    - update_deployment

 - name: "Deploy docker templates for {{ elastic_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -39,7 +38,7 @@

 - name: "Deploy service templates for {{ elastic_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "elastic"
@ -52,10 +51,10 @@

 - name: "Deploy certificate templates for {{ elastic_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
-    current_config: "elastic-certs/{{ stage}}-certs"
+    current_config: "elastic-certs/{{ stage }}-certs"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ elastic_id }}/certs"
    current_owner: "{{ docker_owner }}"
@ -66,16 +65,10 @@
    - update_config

 - name: "Update {{ elastic_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ elastic_id }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ elastic_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ elastic_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ elastic_id }}'
+    state: present
+    pull: yes
  tags:
    - update_certs
    - update_config
--- a/roles/filebeat/tasks/main.yaml
+++ b/roles/filebeat/tasks/main.yaml
@ -14,18 +14,17 @@
    - update_deployment

 - name: "Stop filebeat"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/filebeat'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/filebeat'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_config
    - update_deployment

 - name: "Deploy docker templates for filebeat"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -40,7 +39,7 @@

 - name: "Deploy service templates for filebeat"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "filebeat"
@ -53,10 +52,10 @@

 - name: "Deploy certificate templates for filebeat"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
-    current_config: "elastic-certs/{{ stage}}-certs"
+    current_config: "elastic-certs/{{ stage }}-certs"
    current_base_path: "{{ service_base_path }}"
    current_destination: "filebeat/certs"
    current_owner: "{{ docker_owner }}"
@ -67,16 +66,10 @@
    - update_config

 - name: "Update filebeat"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/filebeat'
-  tags:
-    - update_deployment
-
- name: "Start filebeat"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/filebeat'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/filebeat'
+    state: present
+    pull: yes
  tags:
    - update_config
    - update_deployment
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -5,7 +5,7 @@

 - name: "Deploying shared service gitea to <{{ current_host }}><{{ current_server_ip }}>"
  include_role:
-    name: _shared_service
+    name: shared_service
  vars:
    current_service: "gitea"
    current_server_ip : "{{ stage_server_ip }}"
--- a/roles/gitea_postgres/defaults/main.yml
+++ b/roles/gitea_postgres/defaults/main.yml
--- a/roles/gitea_postgres/tasks/main.yml
+++ b/roles/gitea_postgres/tasks/main.yml
--- a/roles/gitea_realm/defaults/main.yml
+++ b/roles/gitea_realm/defaults/main.yml
--- a/roles/_digitalocean/handlers/main.yml
+++ b/roles/_digitalocean/handlers/main.yml
--- a/roles/_digitalocean/meta/main.yml
+++ b/roles/_digitalocean/meta/main.yml
--- a/roles/gitea_realm/tasks/main.yml
+++ b/roles/gitea_realm/tasks/main.yml
--- a/roles/_digitalocean/vars/main.yml
+++ b/roles/_digitalocean/vars/main.yml
--- a/roles/harbor/tasks/install.yml
+++ b/roles/harbor/tasks/install.yml
@ -4,7 +4,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }} harbor"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
--- a/roles/hcloud/tasks/_read_server_infos.yml
+++ b/roles/hcloud/tasks/_read_server_infos.yml
@ -12,7 +12,7 @@

 - name: "Setting server group as fact: server_group_infos_{{ current_server_group.name }}"
  set_fact:
-    server_group_infos_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}"
+    server_group_infos_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
  vars:
    querystr: "[*].{id: id, name: name, ip: ipv4_address}"
  delegate_to: 127.0.0.1
--- a/roles/hcloud/tasks/_read_server_names.yml
+++ b/roles/hcloud/tasks/_read_server_names.yml
@ -12,7 +12,7 @@

 - name: "Setting server group as fact: server_group_names_{{ current_server_group.name }}"
  set_fact:
-    server_group_names_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}"
+    server_group_names_{{ current_server_group.name }}: "{{ current_server_infos.hcloud_server_info | json_query(querystr) }}" # noqa var-naming
  vars:
    querystr: "[*].name"
  delegate_to: 127.0.0.1
--- a/roles/hcloud/tasks/main.yml
+++ b/roles/hcloud/tasks/main.yml
@ -82,7 +82,7 @@

 - name: "Checking present state of dns for {{ inventory_hostname }}"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
--- a/roles/iam/tasks/main.yml
+++ b/roles/iam/tasks/main.yml
@ -5,7 +5,7 @@

 - name: "Deploying shared service iam to <{{ current_host }}><{{ current_server_ip }}>"
  include_role:
-    name: _shared_service
+    name: shared_service
  vars:
    current_service: "iam"
    current_server_ip : "{{ stage_server_ip }}"
--- a/roles/import_maria_database/defaults/main.yml
+++ b/roles/import_maria_database/defaults/main.yml
--- a/roles/import_maria_database/handlers/main.yml
+++ b/roles/import_maria_database/handlers/main.yml
--- a/roles/import_maria_database/meta/main.yml
+++ b/roles/import_maria_database/meta/main.yml
--- a/roles/import_maria_database/tasks/main.yml
+++ b/roles/import_maria_database/tasks/main.yml
--- a/roles/import_maria_database/vars/main.yml
+++ b/roles/import_maria_database/vars/main.yml
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@ -9,7 +9,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }}"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -32,7 +32,7 @@

 - name: "Deploy docker templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -44,7 +44,7 @@

 - name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "keycloak"
@ -53,17 +53,11 @@
    current_owner: "{{ docker_owner }}"
    current_group: "{{ docker_group }}"

-#- name: "Update {{ inventory_hostname }}"
-#  shell: docker-compose pull
-#  args:
-#    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-#  tags:
-#    - update_deployment
-
 - name: "Start {{ inventory_hostname }}"
  community.docker.docker_compose:
-    state: restart
    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
+    state: present
+    pull: yes
  tags:
    - update_deployment

--- a/roles/keycloak_postgres/defaults/main.yml
+++ b/roles/keycloak_postgres/defaults/main.yml
--- a/roles/keycloak_postgres/tasks/main.yml
+++ b/roles/keycloak_postgres/tasks/main.yml
--- a/roles/kibana/tasks/import_service_ojects.yml
+++ b/roles/kibana/tasks/import_service_ojects.yml
@ -20,6 +20,7 @@
  delegate_to: localhost
  copy:
    dest: '/tmp/es_objects_ready_to_import__objects.ndjson'
+    mode: '0644'
    content: |
      {{ es_object_smardigo_index_pattern_tenant | to_json(separators=(',',':')) }}
      {{ es_object_smardigo_index_pattern_service | to_json(separators=(',',':')) }}
--- a/roles/kibana/tasks/main.yaml
+++ b/roles/kibana/tasks/main.yaml
@ -7,7 +7,7 @@

 - name: "Setup DNS configuration for {{ kibana_id }}"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -32,7 +32,7 @@

 - name: "Deploy docker templates for {{ kibana_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -46,7 +46,7 @@

 - name: "Deploy service templates for {{ kibana_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "elastic"
@ -59,7 +59,7 @@

 - name: "Deploy certificate templates for {{ kibana_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "elastic-certs/{{ stage }}-certs"
--- a/roles/logstash/tasks/main.yaml
+++ b/roles/logstash/tasks/main.yaml
@ -14,18 +14,17 @@
    - update_deployment

 - name: "Stop {{ logstash_id }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ logstash_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ logstash_id }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_config
    - update_deployment

 - name: "Deploy docker templates for {{ logstash_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -39,7 +38,7 @@

 - name: "Deploy service templates for {{ logstash_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "logstash"
@ -52,10 +51,10 @@

 - name: "Deploy certificate templates for {{ logstash_id }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
-    current_config: "elastic-certs/{{ stage}}-certs"
+    current_config: "elastic-certs/{{ stage }}-certs"
    current_base_path: "{{ service_base_path }}"
    current_destination: "{{ logstash_id }}/certs"
    current_owner: "{{ docker_owner }}"
@ -66,16 +65,10 @@
    - update_config

 - name: "Update {{ logstash_id }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ logstash_id }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ logstash_id }}"
-  shell: docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ logstash_id }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ logstash_id }}'
+    state: present
+    pull: yes
  tags:
    - update_certs
    - update_config
--- a/roles/management/tasks/main.yaml
+++ b/roles/management/tasks/main.yaml
@ -21,7 +21,7 @@

 - name: "Create database for <{{ inventory_hostname }}> if necessary"
  include_role:
-    name: connect-postgres
+    name: connect_postgres
  vars:
    ansible_ssh_host: "{{ stage }}-postgres-01.{{ domain }}"
  tags:
@ -29,7 +29,7 @@

 - name: "Create realm for <{{ inventory_hostname }}> if necessary"
  include_role:
-    name: connect-realm
+    name: connect_realm
  tags:
    - always

--- a/roles/maria/tasks/main.yml
+++ b/roles/maria/tasks/main.yml
@ -5,7 +5,7 @@
 - name: Update
  apt: update_cache=yes force_apt_get=yes cache_valid_time=3600

- name: MariaDB | install
+- name: MariaDB | install # noqa package-latest
  package:
    name: "{{ item }}"
    state: latest
--- a/roles/node_exporter/defaults/main.yml
+++ b/roles/node_exporter/defaults/main.yml
--- a/roles/node_exporter/handlers/main.yml
+++ b/roles/node_exporter/handlers/main.yml
--- a/roles/_shared_service/defaults/main.yml
+++ b/roles/_shared_service/defaults/main.yml
--- a/roles/node_exporter/tasks/main.yml
+++ b/roles/node_exporter/tasks/main.yml
--- a/roles/_shared_service/handlers/main.yml
+++ b/roles/_shared_service/handlers/main.yml
--- a/roles/pdns/tasks/main.yml
+++ b/roles/pdns/tasks/main.yml
@ -43,7 +43,7 @@

 - name: "Deploying shared service dns to <{{ current_host }}><{{ current_server_ip }}>"
  include_role:
-    name: _shared_service
+    name: shared_service
  vars:
    current_service: "pdns"
    current_server_ip : "{{ stage_server_ip }}"
--- a/roles/pdns_admin_postgres/defaults/main.yml
+++ b/roles/pdns_admin_postgres/defaults/main.yml
--- a/roles/pdns_admin_postgres/tasks/main.yml
+++ b/roles/pdns_admin_postgres/tasks/main.yml
--- a/roles/pdns_postgres/defaults/main.yml
+++ b/roles/pdns_postgres/defaults/main.yml
--- a/roles/pdns_postgres/tasks/create-requirements.yml
+++ b/roles/pdns_postgres/tasks/create-requirements.yml
@ -20,6 +20,7 @@
  copy:
    src: "{{ playbook_dir }}/templates/pdns/schema.pgsql.sql"
    dest: /tmp/schema.pgsql.sql
+    mode: '0644'
  when: 
    - not domain_table_exist

@ -37,4 +38,4 @@
 - name: "Remove SQL script if present"
  file:
    path: /tmp/schema.pgsql.sql
-    state: absent
+    state: absent
--- a/roles/pdns_postgres/tasks/main.yml
+++ b/roles/pdns_postgres/tasks/main.yml
--- a/roles/pgadmin4/tasks/main.yml
+++ b/roles/pgadmin4/tasks/main.yml
@ -6,7 +6,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }} pgadmin4"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -21,17 +21,16 @@
    - update_deployment

 - name: "Stop {{ inventory_hostname }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_deployment

 - name: "Deploy docker templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -45,7 +44,7 @@

 - name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "pgadmin4"
@ -57,15 +56,9 @@
    - update_config

 - name: "Update {{ inventory_hostname }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
+    state: present
+    pull: yes
  tags:
    - update_deployment
-
- name: "Start {{ inventory_hostname }}"
-  shell: |
-    docker-compose down
-    docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
--- a/roles/postgres/tasks/_postgres-acls.yml
+++ b/roles/postgres/tasks/_postgres-acls.yml
@ -14,7 +14,7 @@
    path: /etc/postgresql/{{ default_postgres_version }}/main/pg_hba.conf
  with_items: "{{ postgres_acls }}"

- name: "Checking roles exist"
+- name: "Checking roles exist" # noqa command-instead-of-shell
  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='{{ item.name }}'\""
  with_items: "{{ postgres_acls }}"
  register: role_check
@ -94,7 +94,7 @@
  when:
    - database_state == 'present'

- name: pg_reload_conf
+- name: pg_reload_conf # noqa no-changed-when
  become: yes
  become_user: postgres
-  shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"'
+  shell: '/usr/bin/psql -c "SELECT pg_reload_conf();"'
--- a/roles/postgres/tasks/_postgres-backups.yml
+++ b/roles/postgres/tasks/_postgres-backups.yml
@ -5,6 +5,7 @@
    state: directory
    owner: "postgres"
    group: "postgres"
+    mode: '0755'

 - name: "Handle backup state <{{ postgres_backup_state }}> with suffix <{{ custom_backup_name }}>"
  community.postgresql.postgresql_db:
--- a/roles/postgres/tasks/base-requirements.yml
+++ b/roles/postgres/tasks/base-requirements.yml
@ -107,11 +107,15 @@
  file:
    state: directory
    path: /metrics
+    mode: '0755'

 - name: "Ensure /metrics/queries.yaml exists"
-  copy: src=pg-exporter-queries.yml dest=/metrics/queries.yaml
+  copy:
+    src: pg-exporter-queries.yml
+    dest: /metrics/queries.yaml
+    mode: '0755'

- name: Check role prometheus exists
+- name: Check role prometheus exists # noqa command-instead-of-shell no-changed-when
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='prometheus'\""
@ -119,10 +123,13 @@
  ignore_errors: yes

 - name: "Copy prometheus_postgres_exporter init script"
-  copy: src=init.sql dest=/tmp/prometheus_postgres_exporter.sql
+  copy:
+    src: init.sql
+    dest: /tmp/prometheus_postgres_exporter.sql
+    mode: '0755'
  when: "role_check.stdout == '0' and server_type == 'master'"

- name: "Execute prometheus_postgres_exporter init script"
+- name: "Execute prometheus_postgres_exporter init script" # noqa command-instead-of-shell
  become: true
  become_user: postgres
  shell: "psql -f /tmp/prometheus_postgres_exporter.sql"
@ -132,7 +139,7 @@
  file: path="/tmp/prometheus_postgres_exporter.sql" state=absent
  when: "role_check.stdout == '0' and server_type == 'master'"

- name: "Restarting postgres if necessary"
+- name: "Restarting postgres if necessary" # noqa no-handler
  service:
    name: postgresql
    state: restarted
--- a/roles/postgres/tasks/base-requirements_backup.yml
+++ b/roles/postgres/tasks/base-requirements_backup.yml
@ -38,7 +38,7 @@
    pvresize: yes
  register: create_vg

- name: "Create logical volume"
+- name: "Create logical volume" # noqa no-handler
  community.general.lvol:
    vg: "{{ vg_name }}"
    lv: "{{ lv_name }}" 
--- a/roles/postgres/tasks/master-requirements.yml
+++ b/roles/postgres/tasks/master-requirements.yml
@ -3,22 +3,22 @@
 - name: Check role exists
  become: yes
  become_user: postgres
-  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='replicator'\""
+  shell: "/usr/bin/psql -Atc \"SELECT count(rolname) FROM pg_roles where rolname='replicator'\"" # noqa command-instead-of-shell
  register: role_check
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create role if necessary
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c 'CREATE ROLE replicator WITH REPLICATION LOGIN;'"
  when: role_check.stdout == "0"
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors

 - name: Change password with scram-sha-256! for replicator and set password
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"set password_encryption = 'scram-sha-256';ALTER ROLE replicator WITH PASSWORD '{{ postgres_replicator_user_password }}';\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Setup pg_hba.conf for replicator user
  lineinfile:
@ -82,13 +82,13 @@
    state: present
  register: nfsshare_archive_check

- name: Restart nfs-server if necessary
+- name: Restart nfs-server if necessary # noqa no-handler
  service:
    name: nfs-kernel-server
    state: restarted
  when: nfsshare_archive_check.changed

- name: Restart postgres if necessary
+- name: Restart postgres if necessary # noqa no-handler
  service:
    name: postgresql
    state: restarted
@ -104,39 +104,39 @@
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql template1 -c \"create extension if not exists pgcrypto;\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Check database replication_cron exists
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT count(*) FROM pg_database WHERE datname = 'replication_cron'\""
  register: database_replication_check
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create replication_cron update database
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -c \"CREATE DATABASE replication_cron;\""
  when: database_replication_check.stdout == "0"
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create replication update schema
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"CREATE SCHEMA IF NOT EXISTS replication_cron;\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create replication update table
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"CREATE TABLE IF NOT EXISTS replication_cron.replication_cron (dt timestamp);\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create dummy update data
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql replication_cron -c \"INSERT INTO replication_cron.replication_cron SELECT now() WHERE NOT EXISTS (SELECT 1 from replication_cron.replication_cron);\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Ensure a cron runs every 5 minutes and update replication check table"
  ansible.builtin.cron:
@ -149,11 +149,11 @@
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"select count(*) from pg_replication_slots where slot_name='pgstandby1'\""
  register: replication_slot_check
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors no-changed-when

 - name: Create replication-slot
  become: yes
  become_user: postgres
  shell: "/usr/bin/psql -Atc \"SELECT pg_create_physical_replication_slot('pgstandby1');\""
-  ignore_errors: yes
+  ignore_errors: yes # noqa ignore-errors
  when: replication_slot_check.stdout == "0"
--- a/roles/postgres/tasks/slave-requirements.yml
+++ b/roles/postgres/tasks/slave-requirements.yml
@ -47,7 +47,7 @@
    state: absent
    path: /var/lib/postgresql/{{ default_postgres_version }}/main/

- name: Sync data from db-master
+- name: Sync data from db-master # noqa command-instead-of-shell no-changed-when
  become: yes
  become_user: postgres
  shell: "pg_basebackup -h {{ shared_service_pg_master_ip }} -D /var/lib/postgresql/{{ default_postgres_version }}/main -U replicator -P -v  -R -X stream -S pgstandby1"
--- a/roles/prometheus/tasks/_update_config.yml
+++ b/roles/prometheus/tasks/_update_config.yml
@ -4,7 +4,7 @@

 - name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "prometheus"
--- a/roles/prometheus/tasks/main.yml
+++ b/roles/prometheus/tasks/main.yml
@ -6,7 +6,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }} prometheus"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -14,7 +14,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }} grafana"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -22,7 +22,7 @@

 - name: "Setup DNS configuration for {{ inventory_hostname }} alertmanager"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ stage_server_ip }}"
@ -37,17 +37,16 @@
    - update_deployment

 - name: "Stop {{ inventory_hostname }}"
-  shell: docker-compose down
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
+    state: absent
  when: check_docker_compose_file.stat.exists
-  ignore_errors: yes
  tags:
    - update_deployment

 - name: "Deploy docker templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -61,7 +60,7 @@

 - name: "Deploy service templates for {{ inventory_hostname }}"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "prometheus"
@ -73,18 +72,10 @@
    - update_config

 - name: "Update {{ inventory_hostname }}"
-  shell: docker-compose pull
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
-  tags:
-    - update_deployment
-
- name: "Start {{ inventory_hostname }}"
-  shell: |
-    docker-compose down
-    docker-compose up -d
-  args:
-    chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
+  community.docker.docker_compose:
+    project_src: '{{ service_base_path }}/{{ inventory_hostname }}'
+    state: present
+    pull: yes
  tags:
    - update_config
    - update_deployment
--- a/roles/service_state/defaults/main.yml
+++ b/roles/service_state/defaults/main.yml
--- a/roles/service_state/tasks/main.yml
+++ b/roles/service_state/tasks/main.yml
@ -3,7 +3,7 @@
 ### tags:

 - name: "Setting service state for <{{ service_id }}> to <{{ service_state }}>"
-  ansible.builtin.shell: "{{ service_state_command }}"
+  ansible.builtin.shell: "{{ service_state_command }}" # noqa command-instead-of-shell no-changed-when
  args:
    chdir: '{{ service_base_path }}/{{ service_id }}'
  register: service_state_command_output
--- a/roles/shared_service/defaults/main.yml
+++ b/roles/shared_service/defaults/main.yml
--- a/roles/shared_service/handlers/main.yml
+++ b/roles/shared_service/handlers/main.yml
--- a/roles/connect-realm/handlers/main.yml
+++ b/roles/connect-realm/handlers/main.yml
--- a/roles/_shared_service/tasks/main.yml
+++ b/roles/_shared_service/tasks/main.yml
@ -16,7 +16,7 @@

 - name: "Updating DNS for <{{ current_dns_entry }}> to <{{ current_server_ip }}>"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ current_server_ip }}"
@ -24,7 +24,7 @@

 - name: "Updating public DNS for <{{ current_host }}>"
  include_role:
-    name: _digitalocean
+    name: sma_digitalocean
    tasks_from: domain
  vars:
    record_data: "{{ item.ip }}"
@ -48,7 +48,7 @@

 - name: "Deploying docker templates for <{{ current_service_id }}>"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "_docker"
@ -60,7 +60,7 @@

 - name: "Deploying service templates for <{{ current_service_id }}>"
  include_role:
-    name: _deploy
+    name: sma_deploy
    tasks_from: templates
  vars:
    current_config: "{{ current_service }}"
--- a/roles/shared_service/vars/main.yml
+++ b/roles/shared_service/vars/main.yml
--- a/roles/sma_deploy/defaults/main.yml
+++ b/roles/sma_deploy/defaults/main.yml
--- a/roles/connect-wordpress/handlers/main.yml
+++ b/roles/connect-wordpress/handlers/main.yml
--- a/roles/connect-wordpress/meta/main.yml
+++ b/roles/connect-wordpress/meta/main.yml
--- a/roles/sma_deploy/tasks/templates.yml
+++ b/roles/sma_deploy/tasks/templates.yml
@ -19,6 +19,7 @@
  file:
    state: directory
    path: '{{ current_base_path }}/{{ current_destination }}'
+    mode: '0755'
  tags:
    - update_certs
    - update_config
--- a/roles/gitea-realm/handlers/main.yml
+++ b/roles/gitea-realm/handlers/main.yml
--- a/roles/sma_digitalocean/defaults/main.yml
+++ b/roles/sma_digitalocean/defaults/main.yml
--- a/roles/sma_digitalocean/handlers/main.yml
+++ b/roles/sma_digitalocean/handlers/main.yml
--- a/roles/import-maria-database/handlers/main.yml
+++ b/roles/import-maria-database/handlers/main.yml
--- a/Show More
+++ b/Show More