From 76289d224269a33eb9e2e20b6bd6ee6cfbd8d312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=B6rz=2C=20Friedrich?= Date: Tue, 25 Jan 2022 16:42:38 +0000 Subject: [PATCH] DEV-316: fixing linter problems --- ansible-lint.cfg | 4 +++ group_vars/all/plain.yml | 4 ++- provisioning.yml | 2 +- roles/_digitalocean/tasks/_create_server.yml | 8 +++-- roles/_digitalocean/tasks/domain.yml | 6 ++-- roles/_docker/tasks/networks.yml | 25 ++++--------- roles/_shared_service/tasks/main.yml | 21 ++++------- roles/awx/defaults/main.yml | 10 +++--- roles/awx/tasks/awx-config-get-typ-id.yml | 3 +- .../awx-config-job-template-credential.yml | 5 +-- roles/awx/tasks/awx-config-job-template.yml | 5 +-- roles/awx/tasks/awx-config.yml | 8 +++-- roles/awx/tasks/main.yml | 1 + roles/awx/templates/awx-deployment.yml.j2 | 12 +++---- roles/common/tasks/main.yml | 25 ++++++------- roles/harbor/handlers/main.yml | 4 +++ roles/harbor/tasks/configure.yml | 36 ++++++++++++------- roles/harbor/tasks/configure_project_crud.yml | 3 +- .../tasks/configure_project_members_crud.yml | 6 ++-- .../tasks/configure_project_metadata_crud.yml | 3 +- roles/harbor/tasks/configure_robot_tokens.yml | 8 +++-- .../tasks/configure_robot_tokens_crud.yml | 23 +++++++----- roles/harbor/tasks/install.yml | 36 ++++++++++++------- roles/hcloud/tasks/configure-firewall.yml | 5 +-- roles/hcloud/tasks/configure-firewall2.yml | 9 +++-- .../defaults/main.yml | 0 .../handlers/main.yml | 0 .../meta/main.yml | 0 .../tasks/main.yml | 0 .../vars/main.yml | 0 roles/keycloak/tasks/_configure_client.yml | 2 +- .../keycloak/tasks/_configure_client_crud.yml | 5 +-- .../tasks/_configure_realm_admin_users.yml | 6 ++-- .../_configure_user_groupmembership_crud.yml | 6 ++-- roles/keycloak/tasks/_create_realm_admin.yml | 2 +- roles/keycloak/tasks/_create_realm_users.yml | 2 +- roles/keycloak/tasks/configure_client.yml | 2 +- roles/keycloak/tasks/create_realm_groups.yml | 2 +- roles/keycloak/tasks/main.yml | 13 ++++--- roles/kibana/tasks/_configure_dashboards.yml | 34 +++++++++++------- .../kibana/tasks/_configure_indexpattern.yml | 12 ++++--- roles/kibana/tasks/_configure_roles.yml | 12 ++++--- roles/kibana/tasks/_configure_searches.yml | 27 +++++++++----- roles/kibana/tasks/_configure_spaces.yml | 15 +++++--- roles/kibana/tasks/_configure_users.yml | 15 +++++--- roles/kibana/tasks/_import_savedobjects.yml | 2 +- roles/kibana/tasks/import_service_ojects.yml | 11 +++--- roles/kibana/tasks/main.yaml | 23 +++++------- roles/kubernetes/apps/tasks/argocd.yml | 18 ++++++---- roles/kubernetes/base/tasks/main.yml | 4 +-- .../tasks/base-requirements_backup.yml | 3 +- 51 files changed, 278 insertions(+), 210 deletions(-) create mode 100644 ansible-lint.cfg rename roles/{hetzner-state => hetzner_state}/defaults/main.yml (100%) rename roles/{hetzner-state => hetzner_state}/handlers/main.yml (100%) rename roles/{hetzner-state => hetzner_state}/meta/main.yml (100%) rename roles/{hetzner-state => hetzner_state}/tasks/main.yml (100%) rename roles/{hetzner-state => hetzner_state}/vars/main.yml (100%) diff --git a/ansible-lint.cfg b/ansible-lint.cfg new file mode 100644 index 0000000..09c0a32 --- /dev/null +++ b/ansible-lint.cfg @@ -0,0 +1,4 @@ +exclude_paths: +- .ansible/ +- test*.yml + diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml index b3704f5..82277c7 100644 --- a/group_vars/all/plain.yml +++ b/group_vars/all/plain.yml @@ -41,7 +41,9 @@ common_apt_dependencies: - bash-completion - python3-pip -common_pip_dependencies: [] +common_pip_dependencies: + - docker-compose + use_ssl: true http_s: "http{{ use_ssl | ternary('s', '', omit) }}" diff --git a/provisioning.yml b/provisioning.yml index 96b9e03..06b2371 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -53,7 +53,7 @@ - role: hcloud when: "'hcloud' in group_names" - - role: hetzner-state + - role: hetzner_state vars: hetzner_state: 'started' when: "'hcloud' in group_names" diff --git a/roles/_digitalocean/tasks/_create_server.yml b/roles/_digitalocean/tasks/_create_server.yml index 0755c72..d832977 100644 --- a/roles/_digitalocean/tasks/_create_server.yml +++ b/roles/_digitalocean/tasks/_create_server.yml @@ -14,11 +14,13 @@ oauth_token: "{{ digitalocean_authentication_token }}" register: do_sshkeys_found -- set_fact: +- name: "Combine default droplet config with settings vor inventory_hostname" + set_fact: droplet_combined: "{{ droplet_defaults | combine(droplet) }}" - block: - - set_fact: + - name: "Creating tag names by RegEx on droplet name" + set_fact: tag_service: "{{ droplet.name | regex_search('[a-z]+-([a-z]+)-[0-9]+','\\1') | first | string }}" tag_stage: "{{ droplet.name | regex_search('([a-z]+)-[a-z]+-[0-9]+','\\1') | first | string }}" @@ -48,7 +50,7 @@ register: tag_response loop: "{{ droplet.tags }}" - - name: "Set fact" + - name: "Set server_ip by fact parsing" delegate_to: localhost set_fact: stage_server_ip: "{{ item }}" diff --git a/roles/_digitalocean/tasks/domain.yml b/roles/_digitalocean/tasks/domain.yml index 71d6583..c909dcb 100644 --- a/roles/_digitalocean/tasks/domain.yml +++ b/roles/_digitalocean/tasks/domain.yml @@ -39,7 +39,7 @@ tags: - update_dns -- name: "Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary" +- name: "Delete DNS entry for <{{ record_data }}:{{ record_name }}> if necessary" uri: method: DELETE url: "https://api.digitalocean.com/v2/domains/{{ domain }}/records/{{ domain_record.id }}" @@ -48,8 +48,8 @@ return_content: yes status_code: 204 when: - domain_record.ip != '-' - and record_data != domain_record.ip + - domain_record.ip != '-' + - record_data != domain_record.ip delegate_to: 127.0.0.1 become: false tags: diff --git a/roles/_docker/tasks/networks.yml b/roles/_docker/tasks/networks.yml index b2e9bb8..78f9d71 100644 --- a/roles/_docker/tasks/networks.yml +++ b/roles/_docker/tasks/networks.yml @@ -1,20 +1,7 @@ --- - -- name: "Register variable for docker networks" - shell: docker network ls - register: docker_networks - changed_when: false - when: docker_enabled - -- name: "Docker network create back-tier" - shell: docker network create back-tier - when: - - docker_enabled - - docker_networks.stdout.find("back-tier") == -1 - -- name: "Docker network create front-tier" - shell: docker network create front-tier - when: - - docker_enabled - - docker_networks.stdout.find("front-tier") == -1 - +- name: "Create Docker network" + docker_network: + name: "{{ item }}" + loop: + - front-tier + - back-tier diff --git a/roles/_shared_service/tasks/main.yml b/roles/_shared_service/tasks/main.yml index e684402..c681dff 100644 --- a/roles/_shared_service/tasks/main.yml +++ b/roles/_shared_service/tasks/main.yml @@ -39,11 +39,10 @@ - update_deployment - name: "Stopping <{{ current_service_id }}>" - shell: docker-compose down - args: - chdir: '{{ service_base_path }}/{{ current_service_id }}' + community.docker.docker_compose: + project_src: '{{ service_base_path }}/{{ current_service_id }}' + state: absent when: check_docker_compose_file.stat.exists - ignore_errors: yes tags: - update_deployment @@ -70,16 +69,10 @@ current_owner: "{{ docker_owner }}" current_group: "{{ docker_group }}" -- name: "Updating docker image for <{{ current_service_id }}>" - shell: docker-compose pull - args: - chdir: '{{ service_base_path }}/{{ current_service_id }}' - tags: - - update_deployment - - name: "Starting <{{ current_service_id }}>" - shell: docker-compose up -d - args: - chdir: '{{ service_base_path }}/{{ current_service_id }}' + community.docker.docker_compose: + project_src: '{{ service_base_path }}/{{ current_service_id }}' + state: present + pull: true tags: - update_deployment diff --git a/roles/awx/defaults/main.yml b/roles/awx/defaults/main.yml index 611b89c..902e249 100644 --- a/roles/awx/defaults/main.yml +++ b/roles/awx/defaults/main.yml @@ -7,19 +7,19 @@ awx_operator_url: "https://raw.githubusercontent.com/ansible/awx-operator/{{ awx kubernetes_awx_namespace: "awx-test" kubernetes_awx_postgres_volume_size: "50Gi" -kubernetes_awx_postgres_volume_accessMode: "ReadWriteOnce" +kubernetes_awx_postgres_volume_accessmode: "ReadWriteOnce" kubernetes_awx_postgres_volume_path: "/mnt/{{ kubernetes_awx_namespace }}/data/postgres" kubernetes_awx_postgres_pvc_size: "50Gi" -kubernetes_awx_postgres_pvc_accessMode: "ReadWriteOnce" +kubernetes_awx_postgres_pvc_accessmode: "ReadWriteOnce" kubernetes_awx_project_volume_size: "10Gi" -kubernetes_awx_project_volume_accessMode: "ReadWriteOnce" +kubernetes_awx_project_volume_accessmode: "ReadWriteOnce" kubernetes_awx_project_volume_path: "/mnt/{{ kubernetes_awx_namespace }}/data/project" kubernetes_awx_project_pvc_size: "10Gi" -kubernetes_awx_project_pvc_accessMode: "ReadWriteOnce" +kubernetes_awx_project_pvc_accessmode: "ReadWriteOnce" kubernetes_awx_service_port: "80" -kubernetes_awx_service_targetPort: "80" +kubernetes_awx_service_targetport: "80" awx_ansible_username: "ansible" awx_ansible_password: "ansible" diff --git a/roles/awx/tasks/awx-config-get-typ-id.yml b/roles/awx/tasks/awx-config-get-typ-id.yml index 1e4afb7..db0ea48 100644 --- a/roles/awx/tasks/awx-config-get-typ-id.yml +++ b/roles/awx/tasks/awx-config-get-typ-id.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Initilize VARs" + set_fact: awx_type_id: "None" changed_when: False tags: diff --git a/roles/awx/tasks/awx-config-job-template-credential.yml b/roles/awx/tasks/awx-config-job-template-credential.yml index ba4e58f..ecfa4f1 100644 --- a/roles/awx/tasks/awx-config-job-template-credential.yml +++ b/roles/awx/tasks/awx-config-job-template-credential.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initilize VARs" + set_fact: found_credential_id: "" tags: - awx_config @@ -78,4 +79,4 @@ when: > (found_credential_id | default("") | length == 0) and (awx_credential_id is defined) and - (awx_job_template_id | default("") | length > 0) \ No newline at end of file + (awx_job_template_id | default("") | length > 0) diff --git a/roles/awx/tasks/awx-config-job-template.yml b/roles/awx/tasks/awx-config-job-template.yml index a46f423..c145fda 100644 --- a/roles/awx/tasks/awx-config-job-template.yml +++ b/roles/awx/tasks/awx-config-job-template.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Initialize VARs" + set_fact: awx_job_template_id: "None" changed_when: False tags: @@ -74,4 +75,4 @@ loop_var: awx_credential_id when: awx_job_template_id is defined tags: - - awx_config \ No newline at end of file + - awx_config diff --git a/roles/awx/tasks/awx-config.yml b/roles/awx/tasks/awx-config.yml index bd3f258..3ff37c9 100644 --- a/roles/awx/tasks/awx-config.yml +++ b/roles/awx/tasks/awx-config.yml @@ -473,7 +473,11 @@ - awx_config - name: "Create archive for repository " - shell: cd {{ playbook_dir }} && git archive --format tar.gz -o /tmp/hetzner-ansible.tar.gz HEAD + git: + archive: hetzner-ansible.tar.gz + dest: /tmp/gitrepo + repo: "{{ playbook_dir }}" + version: HEAD delegate_to: 127.0.0.1 become: false tags: @@ -501,7 +505,7 @@ - name: "Extract repository archive for " unarchive: - src: /tmp/hetzner-ansible.tar.gz + src: /tmp/gitrepo/hetzner-ansible.tar.gz dest: "{{ awx_project_path }}/hetzner-ansible" tags: - awx_config diff --git a/roles/awx/tasks/main.yml b/roles/awx/tasks/main.yml index 644a133..ea75298 100644 --- a/roles/awx/tasks/main.yml +++ b/roles/awx/tasks/main.yml @@ -53,6 +53,7 @@ file: path: "{{ item }}" state: directory + mode: '0755' owner: 'root' group: 'root' loop: diff --git a/roles/awx/templates/awx-deployment.yml.j2 b/roles/awx/templates/awx-deployment.yml.j2 index b5fce64..829f010 100644 --- a/roles/awx/templates/awx-deployment.yml.j2 +++ b/roles/awx/templates/awx-deployment.yml.j2 @@ -11,7 +11,7 @@ spec: capacity: storage: {{ kubernetes_awx_postgres_volume_size }} accessModes: - - {{ kubernetes_awx_postgres_volume_accessMode }} + - {{ kubernetes_awx_postgres_volume_accessmode }} hostPath: path: "{{ kubernetes_awx_postgres_volume_path }}" @@ -28,7 +28,7 @@ spec: capacity: storage: {{ kubernetes_awx_project_volume_size }} accessModes: - - {{ kubernetes_awx_project_volume_accessMode }} + - {{ kubernetes_awx_project_volume_accessmode }} hostPath: path: "{{ kubernetes_awx_project_volume_path }}" @@ -41,7 +41,7 @@ metadata: spec: storageClassName: manual accessModes: - - {{ kubernetes_awx_postgres_pvc_accessMode }} + - {{ kubernetes_awx_postgres_pvc_accessmode }} resources: requests: storage: {{ kubernetes_awx_postgres_pvc_size }} @@ -55,7 +55,7 @@ metadata: spec: storageClassName: manual accessModes: - - {{ kubernetes_awx_project_pvc_accessMode }} + - {{ kubernetes_awx_project_pvc_accessmode }} resources: requests: storage: {{ kubernetes_awx_project_pvc_size }} @@ -70,7 +70,7 @@ spec: admin_user: {{ awx_admin_username }} projects_persistence: true projects_existing_claim: awx-project-claim-0 - projects_storage_access_mode: {{ kubernetes_awx_project_pvc_accessMode }} + projects_storage_access_mode: {{ kubernetes_awx_project_pvc_accessmode }} projects_storage_size: {{ kubernetes_awx_project_pvc_size }} --- @@ -84,7 +84,7 @@ spec: - name: http protocol: TCP port: {{ kubernetes_awx_service_port }} - targetPort: {{ kubernetes_awx_service_targetPort }} + targetPort: {{ kubernetes_awx_service_targetport }} externalIPs: - {{ stage_server_ip }} diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9b6fb46..6a9315a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -16,6 +16,7 @@ blockinfile: marker: "# {mark} managed by ansible (hosts config for {{ inventory_hostname }})" path: "/etc/hosts" + mode: '0644' state: present create: yes block: | @@ -53,7 +54,7 @@ - users - name: "Remove outdated users" - user: name={{item}} state=absent remove=yes + user: name={{ item }} state=absent remove=yes with_items: "{{ current_users.stdout_lines }}" when: not ((item in default_plattform_users) or (item in smardigo_plattform_users)) tags: @@ -89,6 +90,7 @@ state: directory owner: '{{ item }}' group: '{{ item }}' + mode: '0755' loop: '{{ smardigo_plattform_users }}' when: docker_enabled tags: @@ -132,6 +134,7 @@ file: state: directory path: '/etc/bash_completion.d' + mode: '0755' tags: - install @@ -148,15 +151,15 @@ ansible.builtin.get_url: url: "https://raw.githubusercontent.com/docker/compose/{{ docker_compose_version }}/contrib/completion/bash/docker-compose" dest: "/etc/bash_completion.d/docker-compose" - mode: '644' + mode: '0644' when: docker_enabled tags: - install - name: "Upgrade all packages" apt: - name: '*' - state: latest + update_cache: yes + upgrade: yes tags: - install - upgrade @@ -168,6 +171,7 @@ state: directory owner: 'root' group: 'root' + mode: '0755' when: docker_enabled tags: - config @@ -191,16 +195,7 @@ state: directory owner: 'root' group: 'root' - when: docker_enabled - tags: - - config - -- name: "Ensure docker daemon configuration directory exists" - file: - path: '/etc/docker' - state: directory - owner: 'root' - group: 'root' + mode: '0755' when: docker_enabled tags: - config @@ -209,7 +204,7 @@ file: state: absent path: '/etc/docker/daemon.json' - when: docker_enabled == false + when: not docker_enabled tags: - config diff --git a/roles/harbor/handlers/main.yml b/roles/harbor/handlers/main.yml index ed97d53..093fc53 100644 --- a/roles/harbor/handlers/main.yml +++ b/roles/harbor/handlers/main.yml @@ -1 +1,5 @@ --- +- name: harbor restart + systemd: + name: harbor + state: restarted diff --git a/roles/harbor/tasks/configure.yml b/roles/harbor/tasks/configure.yml index a2a85d0..526813d 100644 --- a/roles/harbor/tasks/configure.yml +++ b/roles/harbor/tasks/configure.yml @@ -1,19 +1,29 @@ --- -#- name: "harbor BASE settings" -# block: -# - set_fact: -# harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}' +- name: "Check if harbor is up and running" + delegate_to: 127.0.0.1 + become: false + uri: + url: "{{ harbor_external_url }}/api/v2.0/configurations" + user: '{{ harbor_admin_username }}' + password: '{{ harbor_admin_password }}' + method: GET + body_format: json + force_basic_auth: yes + status_code: [200] + register: check_harbor + delay: 10 + retries: 20 + until: check_harbor.status in [200] -# - name: "BLOCK: Configure harbor BASE settings" -# include_tasks: configure_base_config.yml -# vars: -# base_configuration: '{{ harbor_base_configuration_merged }}' -# args: -# apply: -# tags: -# - harbor-configure-base -## end of block for base settings +- name: "Configure harbor BASE settings" + include_tasks: configure_base_config.yml + vars: + base_configuration: '{{ harbor_base_configuration }}' + args: + apply: + tags: + - harbor-configure-base - name: "Create object of templated harbor projects" set_fact: diff --git a/roles/harbor/tasks/configure_project_crud.yml b/roles/harbor/tasks/configure_project_crud.yml index 53799e5..6e02af1 100644 --- a/roles/harbor/tasks/configure_project_crud.yml +++ b/roles/harbor/tasks/configure_project_crud.yml @@ -17,7 +17,8 @@ delay: 10 retries: 3 -- debug: +- name: "DEBUG" + debug: msg: 'found projects: {{ project_exists.json }}' when: debug diff --git a/roles/harbor/tasks/configure_project_members_crud.yml b/roles/harbor/tasks/configure_project_members_crud.yml index d0b7a0c..6c4cf8b 100644 --- a/roles/harbor/tasks/configure_project_members_crud.yml +++ b/roles/harbor/tasks/configure_project_members_crud.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Initialze VARs due to hardcoded stuff in harbor API" + set_fact: member_state: '{{ member.member_state | default("present") }}' harbor_member_roles: - @@ -43,7 +44,8 @@ delay: 10 retries: 3 -- set_fact: +- name: "Set fact" + set_fact: group_type: "{{ ( harbor_member_grouptypes | selectattr('name','==',( member.group_type | lower )) | list | first ).group_type }}" role_id: "{{ ( harbor_member_roles | selectattr('name','==',( member.role| lower ) ) | list | first ).role_id | int }}" diff --git a/roles/harbor/tasks/configure_project_metadata_crud.yml b/roles/harbor/tasks/configure_project_metadata_crud.yml index 7bd7ef8..cc249de 100644 --- a/roles/harbor/tasks/configure_project_metadata_crud.yml +++ b/roles/harbor/tasks/configure_project_metadata_crud.yml @@ -17,7 +17,8 @@ delay: 10 retries: 3 -- set_fact: +- name: "Set fact" + set_fact: body_content: "{ \"{{ meta_data_elem.key }}\":\"{{ meta_data_elem.value }}\" }" - name: "Add meta_data: <<{{ meta_data_elem.key }}>>" diff --git a/roles/harbor/tasks/configure_robot_tokens.yml b/roles/harbor/tasks/configure_robot_tokens.yml index db766f4..db0bd14 100644 --- a/roles/harbor/tasks/configure_robot_tokens.yml +++ b/roles/harbor/tasks/configure_robot_tokens.yml @@ -1,15 +1,17 @@ --- -- set_fact: +- name: "Initialze VARs" + set_fact: tok_obj: {} -- debug: +- name: "DEBUG" + debug: msg: "DEBUGGING - robot_token: {{ robot_token }}" when: - debug - name: "Drop token_state from dict to avoid rejecting object by harbor API due to unknown field" set_fact: - tok_obj: "{{ tok_obj |combine({item.key: item.value})}}" + tok_obj: "{{ tok_obj | combine( { item.key: item.value } ) }}" when: item.key not in ['token_state'] with_dict: "{{ robot_token }}" diff --git a/roles/harbor/tasks/configure_robot_tokens_crud.yml b/roles/harbor/tasks/configure_robot_tokens_crud.yml index 09a872b..b251fe5 100644 --- a/roles/harbor/tasks/configure_robot_tokens_crud.yml +++ b/roles/harbor/tasks/configure_robot_tokens_crud.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialze VARs" + set_fact: token_object_combined: {} - name: "Get all robot tokens" @@ -41,7 +42,8 @@ - all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | length == 0 - token_state == 'present' -- set_fact: +- name: "Set VARs if current robot token object already exists" + set_fact: robots_id: "{{ ( all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | first ).id }}" remote_robot_token_object: "{{ all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | first }}" token_object_combined: "{{ all_robot_tokens.json | selectattr('name','contains',token_object.name) | list | first | combine(token_object, recursive=True) }}" @@ -82,7 +84,8 @@ - name: "Block to Update robot token data" block: - - debug: + - name: "DEBUG" + debug: msg: "DEBUGGING before dropping - combined token_object_combined: {{ token_object_combined }}" when: - debug @@ -91,9 +94,10 @@ # therefore we drop $keys from dict - name: "Drop some keys from updated robot token object" set_fact: - token_object_dropped: "{{ token_object_dropped | combine({item.key: item.value})}}" + token_object_dropped: "{{ token_object_dropped | combine( { item.key: item.value } ) }}" with_dict: "{{ token_object_combined }}" - when: "{{ item.key not in ['secret','secret_refresh'] }}" + when: + - item.key not in ['secret','secret_refresh'] # harbor API behaviour: # in case of initial creation for robot token objects, harbor creates a name for this @@ -105,14 +109,17 @@ # so harbor API forces me to create this workaround to avoid such errors # # part 1: define name of object - - set_fact: + - name: "Set fact" + set_fact: robot_token_name_cleaned: name: 'robot${{ token_object_dropped.name }}' # part 2: override name with new defined name of object - - set_fact: + - name: "Set fact" + set_fact: token_object_finished: '{{ token_object_dropped | combine(robot_token_name_cleaned, recursive=True) }}' - - debug: + - name: "DEBUG" + debug: msg: "DEBUGGING after dropping - combined token_object_finished: {{ token_object_finished }}" when: - debug diff --git a/roles/harbor/tasks/install.yml b/roles/harbor/tasks/install.yml index 691f6c6..c337773 100644 --- a/roles/harbor/tasks/install.yml +++ b/roles/harbor/tasks/install.yml @@ -14,6 +14,9 @@ file: state: directory path: '{{ service_base_path }}/{{ inventory_hostname }}' + mode: 0755 + owner: root + group: root tags: - update_deployment - update_config @@ -55,7 +58,8 @@ when: - not harbor_tarball.stat.exists -- set_fact: +- name: "Set fact" + set_fact: remote_docker_compose_file_path: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/docker-compose.yml' - name: "Check if {{ inventory_hostname }}/harbor/docker-compose.yml exists" @@ -79,13 +83,17 @@ group: 'root' mode: 0644 +# due to missing customized docker-compose-file for smardigo enviroment, +# every start of harbor standard installation will fail in current smardigo enviroment +# therefore we do whitlisting for all non-zero script return codes +# => failed_when statement for ansible-lint - name: "Exec harbor install.sh " - ansible.builtin.shell: + ansible.builtin.command: cmd: './install.sh {{ harbor_install_opts | default("--with-trivy --with-chartmuseum") }}' chdir: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/' + creates: '{{ remote_docker_compose_file_path }}' + register: run_installscript ignore_errors: yes - when: - - not harbor_installation.stat.exists - name: "Stopping harbor" community.docker.docker_compose: @@ -106,7 +114,10 @@ - name: "Create backup of generated docker-compose.yml by install.sh" copy: src: '{{ remote_docker_compose_file_path }}' - dest: '{{ remote_docker_compose_file_path}}_from_installsh' + dest: '{{ remote_docker_compose_file_path }}_from_installsh' + owner: 'root' + group: 'root' + mode: 0644 remote_src: yes when: - not harbor_installation.stat.exists @@ -115,11 +126,14 @@ copy: src: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf' dest: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf_orig' + owner: 'root' + group: 'root' + mode: 0644 remote_src: yes when: - not harbor_installation.stat.exists -- name: +- name: "Removing lines with proxy_set_header due to running behind traefik" ansible.builtin.lineinfile: path: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf' state: absent @@ -130,7 +144,8 @@ src: '{{ remote_docker_compose_file_path }}' register: docker_compose_file_remote_encoded -- set_fact: +- name: "Set fact" + set_fact: harbor_dockercompose_merged: '{{ docker_compose_file_remote_encoded.content | b64decode | from_yaml | combine(harbor_dockercompose_customized, recursive=True) }}' - name: "Create docker-compose.yml with merged VARs" @@ -141,12 +156,7 @@ group: 'root' mode: '0644' register: docker_compose_change - -- name: "Ensure harbor systemd service restarted" - systemd: - name: harbor - state: restarted - when: docker_compose_change.changed + notify: harbor restart - name: "Ensure harbor systemd service started" systemd: diff --git a/roles/hcloud/tasks/configure-firewall.yml b/roles/hcloud/tasks/configure-firewall.yml index dbf9270..ab8c7de 100644 --- a/roles/hcloud/tasks/configure-firewall.yml +++ b/roles/hcloud/tasks/configure-firewall.yml @@ -5,6 +5,7 @@ - name: "Reading firewall entry for <{{ current_firewall_name }}>" set_fact: firewall_record: "{{ firewall_records | selectattr('name', 'equalto', current_firewall_name) | list | first | default({'name': '-', 'id': '-'}) }}" + firewall_template: "firewall-{{ current_firewall_name }}.json.j2" tags: - update_networks @@ -21,7 +22,7 @@ method: POST url: "https://api.hetzner.cloud/v1/firewalls" body_format: json - body: "{{ lookup('template','firewall-{{ current_firewall_name }}.json.j2') }}" + body: "{{ lookup('template',firewall_template) }}" headers: accept: application/json authorization: Bearer {{ hetzner_authentication_token }} @@ -39,7 +40,7 @@ method: PUT url: "https://api.hetzner.cloud/v1/firewalls/{{ firewall_record.id }}" body_format: json - body: "{{ lookup('template','firewall-{{ current_firewall_name }}.json.j2') }}" + body: "{{ lookup('template',firewall_template) }}" headers: accept: application/json authorization: Bearer {{ hetzner_authentication_token }} diff --git a/roles/hcloud/tasks/configure-firewall2.yml b/roles/hcloud/tasks/configure-firewall2.yml index a82963b..45a70ce 100644 --- a/roles/hcloud/tasks/configure-firewall2.yml +++ b/roles/hcloud/tasks/configure-firewall2.yml @@ -22,7 +22,8 @@ - name: "BLOCK << WITHOUT >> pagination" block: - - set_fact: + - name: "Get firewall object from list" + set_fact: lookup_fw_obj: "{{ hcloud_firewalls_all.json.firewalls | community.general.json_query(jsonquery_find_firewall_name) }}" vars: jsonquery_find_firewall_name: "[?name=='{{ firewall_object.name }}']" @@ -45,7 +46,8 @@ delegate_to: 127.0.0.1 become: false - - set_fact: + - name: "Get firewall object from list" + set_fact: lookup_fw_obj: "{{ hcloud_firewalls_all.json.results | community.general.json_query(querystr1) | first | community.general.json_query(querystr2) | community.general.json_query(querystr2) }}" vars: querystr1: "[[*].json.firewalls]" @@ -91,7 +93,8 @@ - name: "Delete firewall rule for <<{{ firewall_object.name }}>>" block: - - set_fact: + - name: "Create firewall object for deactivation" + set_fact: deactivate_fw_obj: remove_from: "{{ firewall_object.apply_to }}" diff --git a/roles/hetzner-state/defaults/main.yml b/roles/hetzner_state/defaults/main.yml similarity index 100% rename from roles/hetzner-state/defaults/main.yml rename to roles/hetzner_state/defaults/main.yml diff --git a/roles/hetzner-state/handlers/main.yml b/roles/hetzner_state/handlers/main.yml similarity index 100% rename from roles/hetzner-state/handlers/main.yml rename to roles/hetzner_state/handlers/main.yml diff --git a/roles/hetzner-state/meta/main.yml b/roles/hetzner_state/meta/main.yml similarity index 100% rename from roles/hetzner-state/meta/main.yml rename to roles/hetzner_state/meta/main.yml diff --git a/roles/hetzner-state/tasks/main.yml b/roles/hetzner_state/tasks/main.yml similarity index 100% rename from roles/hetzner-state/tasks/main.yml rename to roles/hetzner_state/tasks/main.yml diff --git a/roles/hetzner-state/vars/main.yml b/roles/hetzner_state/vars/main.yml similarity index 100% rename from roles/hetzner-state/vars/main.yml rename to roles/hetzner_state/vars/main.yml diff --git a/roles/keycloak/tasks/_configure_client.yml b/roles/keycloak/tasks/_configure_client.yml index c52562b..3ad2bdd 100644 --- a/roles/keycloak/tasks/_configure_client.yml +++ b/roles/keycloak/tasks/_configure_client.yml @@ -15,7 +15,7 @@ body_format: json body: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}" headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [201] changed_when: True when: realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0 diff --git a/roles/keycloak/tasks/_configure_client_crud.yml b/roles/keycloak/tasks/_configure_client_crud.yml index 2a95dd0..d1d8110 100644 --- a/roles/keycloak/tasks/_configure_client_crud.yml +++ b/roles/keycloak/tasks/_configure_client_crud.yml @@ -25,8 +25,9 @@ delegate_to: 127.0.0.1 become: false -- set_fact: - id: '{{ ( get_all_clients.json | selectattr("clientId","equalto",argo_client_id) | first ).id }}' +- name: "Extract client_id from all_clients" + set_fact: + id: '{{ ( get_all_clients.json | selectattr("clientId","equalto",client_id) | first ).id }}' when: - get_all_clients.json | selectattr('clientId', 'equalto', client_id) | list | length == 1 diff --git a/roles/keycloak/tasks/_configure_realm_admin_users.yml b/roles/keycloak/tasks/_configure_realm_admin_users.yml index 8aceaf2..f736a1e 100644 --- a/roles/keycloak/tasks/_configure_realm_admin_users.yml +++ b/roles/keycloak/tasks/_configure_realm_admin_users.yml @@ -5,7 +5,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_users delegate_to: 127.0.0.1 @@ -38,7 +38,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_clients delegate_to: 127.0.0.1 @@ -71,7 +71,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_admin_user_client_available_roles_response delegate_to: 127.0.0.1 diff --git a/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml b/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml index 6d5cc70..5125209 100644 --- a/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml +++ b/roles/keycloak/tasks/_configure_user_groupmembership_crud.yml @@ -21,7 +21,8 @@ status_code: [200] register: get_all_users -- set_fact: +- name: "Extract group_id/user_id we are searching for from all available ones" + set_fact: group_id: '{{ ( get_all_groups.json | selectattr("name","equalto",destination_group) | first ).id }}' user_id: '{{ ( get_all_users.json | selectattr("username","equalto",username) | first ).id }}' @@ -36,9 +37,6 @@ status_code: [200] register: get_all_groups_for_current_user -- set_fact: - already_in_group: '{{ get_all_groups_for_current_user.json | selectattr("name","equalto",destination_group) }}' - - name: "ADDING USER <{{ client_id }}> for realm <{{ realm_name }}> to Group <<{{ destination_group }}>>" delegate_to: 127.0.0.1 become: false diff --git a/roles/keycloak/tasks/_create_realm_admin.yml b/roles/keycloak/tasks/_create_realm_admin.yml index 20b87b4..6586f67 100644 --- a/roles/keycloak/tasks/_create_realm_admin.yml +++ b/roles/keycloak/tasks/_create_realm_admin.yml @@ -4,7 +4,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_users delegate_to: 127.0.0.1 diff --git a/roles/keycloak/tasks/_create_realm_users.yml b/roles/keycloak/tasks/_create_realm_users.yml index 0b5131f..c0420c9 100644 --- a/roles/keycloak/tasks/_create_realm_users.yml +++ b/roles/keycloak/tasks/_create_realm_users.yml @@ -5,7 +5,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_users delegate_to: 127.0.0.1 diff --git a/roles/keycloak/tasks/configure_client.yml b/roles/keycloak/tasks/configure_client.yml index aa4eb2f..2b5566a 100644 --- a/roles/keycloak/tasks/configure_client.yml +++ b/roles/keycloak/tasks/configure_client.yml @@ -16,7 +16,7 @@ body_format: json body: "{{ lookup('template','keycloak-realm-create-client.json.j2') }}" headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [201] when: realm_client_ids | selectattr('clientId', 'equalto', client_id) | list | length == 0 tags: diff --git a/roles/keycloak/tasks/create_realm_groups.yml b/roles/keycloak/tasks/create_realm_groups.yml index 4051472..5e3c79d 100644 --- a/roles/keycloak/tasks/create_realm_groups.yml +++ b/roles/keycloak/tasks/create_realm_groups.yml @@ -5,7 +5,7 @@ url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/groups" method: GET headers: - Authorization: "Bearer {{ access_token}} " + Authorization: "Bearer {{ access_token }} " status_code: [200] register: realm_groups tags: diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml index 0880cf2..a89ced9 100644 --- a/roles/keycloak/tasks/main.yml +++ b/roles/keycloak/tasks/main.yml @@ -23,11 +23,10 @@ - update_deployment - name: "Stop {{ inventory_hostname }}" - shell: docker-compose down - args: - chdir: '{{ service_base_path }}/{{ inventory_hostname }}' + community.docker.docker_compose: + project_src: '{{ service_base_path }}/{{ inventory_hostname }}' + state: absent when: check_docker_compose_file.stat.exists - ignore_errors: yes tags: - update_deployment @@ -62,9 +61,9 @@ # - update_deployment - name: "Start {{ inventory_hostname }}" - shell: docker-compose up -d - args: - chdir: '{{ service_base_path }}/{{ inventory_hostname }}' + community.docker.docker_compose: + state: restart + project_src: '{{ service_base_path }}/{{ inventory_hostname }}' tags: - update_deployment diff --git a/roles/kibana/tasks/_configure_dashboards.yml b/roles/kibana/tasks/_configure_dashboards.yml index 68f6d3a..f48e7bb 100644 --- a/roles/kibana/tasks/_configure_dashboards.yml +++ b/roles/kibana/tasks/_configure_dashboards.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialize VARs" + set_fact: api_path: '/s/{{ es_space }}/api/saved_objects' es_object_type: dashboard dashboard_exists: False @@ -18,19 +19,22 @@ register: all_dashboards become: false -- set_fact: +- name: "Lookup dashboard object" + set_fact: lookup_dashboard_object: '{{ all_dashboards.json | community.general.json_query(querystr1) | first | community.general.json_query(dashboard_query) }}' vars: querystr1: "[saved_objects[*]]" dashboard_query: "[?attributes.title=='{{ elastic_dashboard.attributes.title }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: dashboard_exists: True when: - lookup_dashboard_object | length > 0 -- set_fact: - elastic_dashboard_cleaned: "{{ elastic_dashboard_cleaned | combine({item.key: item.value}) }}" +- name: "Drop not needed keys from dict" + set_fact: + elastic_dashboard_cleaned: "{{ elastic_dashboard_cleaned | combine( { item.key: item.value } ) }}" with_dict: '{{ elastic_dashboard }}' when: - item.key not in ['elastic_state'] @@ -52,35 +56,40 @@ register: all_searches become: false - - set_fact: + - name: "Lookup search object" + set_fact: lookup_search_object: '{{ all_searches.json | community.general.json_query(querystr1) | first | community.general.json_query(search_query) }}' vars: querystr1: "[saved_objects[*]]" search_query: "[?attributes.title=='{{ elastic_dashboard.references[0].search_refname }}']" - - set_fact: + - name: "Set switch VAR" + set_fact: search_exists: True when: - lookup_search_object | length > 0 - - debug: + - name: "DEBUG" + debug: msg: 'lookup_search_object{{ lookup_search_object }}' - - set_fact: + - name: "Set VAR" + set_fact: panelindex_uuid: '{{ elastic_dashboard.references[0].search_refname | to_uuid }}' - name: "Doing evil string concatination with ansible in addition with variables" delegate_to: localhost set_fact: - panelsJSON: '{{ (''[{"version":"7.16.1","type":"search","gridData":{"x":0,"y":0,"w":48,"h":28,"i":"'' + ( panelindex_uuid | string ) + ''"},"panelIndex":"'' + ( panelindex_uuid | string ) + ''","embeddableConfig":{"enhancements":{}},"panelRefName":"panel_'' + ( panelindex_uuid | string ) + ''"}]'') | string }}' + panelsjson: '{{ (''[ { "version":"7.16.1","type":"search","gridData":{"x":0,"y":0,"w":48,"h":28,"i":"'' + ( panelindex_uuid | string ) + ''"},"panelIndex":"'' + ( panelindex_uuid | string ) + ''","embeddableConfig":{"enhancements":{} },"panelRefName":"panel_'' + ( panelindex_uuid | string ) + ''" } ]'') | string }}' - + name: "Prepare step for merging dashboard objects" delegate_to: localhost set_fact: ref_obj_modified: attributes: title: '{{ elastic_dashboard.attributes.title }}' - panelsJSON: '{{ panelsJSON | string }}' + panelsJSON: '{{ panelsjson | string }}' references: - name: '{{ panelindex_uuid }}' @@ -105,7 +114,8 @@ set_fact: elastic_dashboard_cleaned: "{{ elastic_dashboard_cleaned | combine( ref_obj_modified ) }}" -- debug: +- name: "DEBUG" + debug: msg: 'DEBUG elastic_dashboard_cleaned: {{ elastic_dashboard_cleaned }}' - name: "Create {{ es_object_type }} <<{{ elastic_dashboard.attributes.title }}>>" diff --git a/roles/kibana/tasks/_configure_indexpattern.yml b/roles/kibana/tasks/_configure_indexpattern.yml index cb12e06..e233ed4 100644 --- a/roles/kibana/tasks/_configure_indexpattern.yml +++ b/roles/kibana/tasks/_configure_indexpattern.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialize VARs" + set_fact: api_path: '/s/{{ es_space }}/api/saved_objects' es_object_type: 'index-pattern' indexpattern_exists: False @@ -17,18 +18,21 @@ register: all_indexpatterns become: false -- set_fact: +- name: "Lookup index pattern object if exists" + set_fact: lookup_indexpattern_object: '{{ all_indexpatterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}' vars: querystr1: "[saved_objects[*]]" indexpattern_query: "[?attributes.title=='{{ elastic_indexpattern.attributes.title }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: indexpattern_exists: True when: - lookup_indexpattern_object | length > 0 -- set_fact: +- name: "Drop not needed key from dict" + set_fact: elastic_indexpattern_cleaned: "{{ elastic_indexpattern_cleaned | combine({item.key: item.value}) }}" with_dict: '{{ elastic_indexpattern }}' when: diff --git a/roles/kibana/tasks/_configure_roles.yml b/roles/kibana/tasks/_configure_roles.yml index 4d7b513..75762cf 100644 --- a/roles/kibana/tasks/_configure_roles.yml +++ b/roles/kibana/tasks/_configure_roles.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initlize VARs" + set_fact: api_path: '/api/security/role' role_exists: False elastic_role_cleaned: {} @@ -16,17 +17,20 @@ register: all_roles become: false -- set_fact: +- name: "Lookup role object if exists" + set_fact: lookup_role_object: '{{ all_roles.json | community.general.json_query(roles_query) }}' vars: roles_query: "[?name=='{{ elastic_role.name }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: role_exists: True when: - lookup_role_object | length > 0 -- set_fact: +- name: "Drop not needed keys from dict" + set_fact: elastic_role_cleaned: "{{ elastic_role_cleaned | combine({item.key: item.value}) }}" with_dict: '{{ elastic_role }}' when: diff --git a/roles/kibana/tasks/_configure_searches.yml b/roles/kibana/tasks/_configure_searches.yml index 3b22675..decd6b9 100644 --- a/roles/kibana/tasks/_configure_searches.yml +++ b/roles/kibana/tasks/_configure_searches.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialze VARs" + set_fact: api_path: '/s/{{ es_space }}/api/saved_objects' es_object_type: search search_exists: False @@ -18,18 +19,21 @@ register: all_searches become: false -- set_fact: +- name: "Lookup search object if exists" + set_fact: lookup_search_object: '{{ all_searches.json | community.general.json_query(querystr1) | first | community.general.json_query(search_query) }}' vars: querystr1: "[saved_objects[*]]" search_query: "[?attributes.title=='{{ elastic_search.attributes.title }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: search_exists: True when: - lookup_search_object | length > 0 -- set_fact: +- name: "Drop not needed keys from dict" + set_fact: elastic_search_cleaned: "{{ elastic_search_cleaned | combine({item.key: item.value}) }}" with_dict: '{{ elastic_search }}' when: @@ -51,21 +55,25 @@ register: all_indexpatterns become: false - - set_fact: + - name: "Lookup index pattern object if exists" + set_fact: lookup_indexpattern_object: '{{ all_indexpatterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}' vars: querystr1: "[saved_objects[*]]" indexpattern_query: "[?attributes.title=='{{ elastic_search.references[0].ref_name }}']" - - set_fact: + - name: "Set switch VAR" + set_fact: indexpattern_exists: True when: - lookup_indexpattern_object | length > 0 - - debug: + - name: "DEBUG" + debug: msg: 'lookup_indexpattern_object:{{ lookup_indexpattern_object }}' - + name: "Prepare step to combine dicts" delegate_to: localhost set_fact: ref_obj_modified: @@ -83,7 +91,7 @@ - name: "Kick out not needed keys in search dict" delegate_to: localhost set_fact: - elastic_search_cleaned: "{{ elastic_search_cleaned | combine({item.key: item.value}) }}" + elastic_search_cleaned: "{{ elastic_search_cleaned | combine( { item.key: item.value } ) }}" with_dict: '{{ elastic_search }}' when: - item.key not in ['elastic_state','references'] @@ -93,7 +101,8 @@ set_fact: elastic_search_cleaned: "{{ elastic_search_cleaned | combine( ref_obj_modified ) }}" -- debug: +- name: "DEBUG" + debug: msg: 'DEBUG elastic_search_cleaned: {{ elastic_search_cleaned }}' diff --git a/roles/kibana/tasks/_configure_spaces.yml b/roles/kibana/tasks/_configure_spaces.yml index 91f58e3..ce37935 100644 --- a/roles/kibana/tasks/_configure_spaces.yml +++ b/roles/kibana/tasks/_configure_spaces.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialize VARs" + set_fact: api_path: '/api/spaces/space' space_exists: False elastic_space_cleaned: {} @@ -16,23 +17,27 @@ register: all_spaces become: false -- set_fact: +- name: "Lookup space object if exists" + set_fact: lookup_space_object: "{{ all_spaces.json | community.general.json_query(spaces_query) }}" vars: spaces_query: "[?name=='{{ elastic_space.name }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: space_exists: True when: - lookup_space_object | length > 0 -- set_fact: +- name: "Drop not needed keys from dict" + set_fact: elastic_space_cleaned: "{{ elastic_space_cleaned | combine({item.key: item.value}) }}" with_dict: "{{ elastic_space }}" when: - item.key not in ['elastic_state'] -- debug: +- name: "DEBUG" + debug: msg: "{{ lookup_space_object | to_json }}" - name: "Create space <<{{ elastic_space.name }}>>" diff --git a/roles/kibana/tasks/_configure_users.yml b/roles/kibana/tasks/_configure_users.yml index bd55e91..1be1998 100644 --- a/roles/kibana/tasks/_configure_users.yml +++ b/roles/kibana/tasks/_configure_users.yml @@ -1,5 +1,6 @@ --- -- set_fact: +- name: "Initialize VARs" + set_fact: api_path: '/internal/security/users' user_exists: False elastic_user_cleaned__create: {} @@ -17,24 +18,28 @@ register: all_users become: false -- set_fact: +- name: "Lookup user object if exists" + set_fact: lookup_user_object: '{{ all_users.json | community.general.json_query(users_query) }}' vars: users_query: "[?username=='{{ elastic_user.username }}']" -- set_fact: +- name: "Set switch VAR" + set_fact: user_exists: True when: - lookup_user_object | length > 0 -- set_fact: +- name: "Drop not needed keys from dict" + set_fact: elastic_user_cleaned__create: "{{ elastic_user_cleaned__create | combine({item.key: item.value}) }}" with_dict: '{{ elastic_user }}' when: - item.key not in ['elastic_state'] # make sure to not override userdefined password with initial password -- set_fact: +- name: "Drop not needed keys from dict" + set_fact: elastic_user_cleaned__update: "{{ elastic_user_cleaned__update | combine({item.key: item.value}) }}" with_dict: '{{ elastic_user_cleaned__create }}' when: diff --git a/roles/kibana/tasks/_import_savedobjects.yml b/roles/kibana/tasks/_import_savedobjects.yml index 3a19f00..1a4fb46 100644 --- a/roles/kibana/tasks/_import_savedobjects.yml +++ b/roles/kibana/tasks/_import_savedobjects.yml @@ -1,4 +1,4 @@ ---- +--- - name: "Importing kibana objects to <{{ api_endpoint }}>" include_tasks: import_service_ojects.yml loop: "{{ es_index_pattern_services }}" diff --git a/roles/kibana/tasks/import_service_ojects.yml b/roles/kibana/tasks/import_service_ojects.yml index 7941084..7c5d5bb 100644 --- a/roles/kibana/tasks/import_service_ojects.yml +++ b/roles/kibana/tasks/import_service_ojects.yml @@ -1,11 +1,12 @@ --- -- set_fact: +- name: "Initializing service variables for <{{ es_index_pattern_service.name }}>" + set_fact: api_path: '/s/{{ es_space }}/api/saved_objects' es_search_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ es_index_pattern_service.name }}' es_dashboard_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ es_index_pattern_service.name }}' es_container_name: '{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-01-{{ es_index_pattern_service.name }}' -- name: "Import smardigo default dashboard and its related objects (index-pattern,search,...)" +- name: "Importing smardigo default dashboard and its related objects (index-pattern,search,...)" delegate_to: localhost set_fact: es_object_smardigo_index_pattern_tenant: "{{ lookup('template','smardigo_index_pattern_tenant.json.j2') }}" @@ -15,7 +16,7 @@ when: - elastic_state == 'present' -- name: "Print objects to local file" +- name: "Printing service objects to local ndjson file" delegate_to: localhost copy: dest: '/tmp/es_objects_ready_to_import__objects.ndjson' @@ -27,7 +28,7 @@ when: - elastic_state == 'present' -- name: "Import elastic objects ..." +- name: "Importing service objects to kibana" delegate_to: localhost uri: url: "https://{{ api_endpoint }}{{ api_path }}/_import?overwrite=true" @@ -47,7 +48,7 @@ when: - elastic_state == 'present' -- name: "Remove temporarily created file" +- name: "Removing temporarily created file" delegate_to: localhost file: state: absent diff --git a/roles/kibana/tasks/main.yaml b/roles/kibana/tasks/main.yaml index df73297..2e806fb 100644 --- a/roles/kibana/tasks/main.yaml +++ b/roles/kibana/tasks/main.yaml @@ -22,11 +22,10 @@ - update_deployment - name: "Stop {{ kibana_id }}" - shell: docker-compose down - args: - chdir: '{{ service_base_path }}/{{ kibana_id }}' + community.docker.docker_compose: + project_src: '{{ service_base_path }}/{{ kibana_id }}' + state: absent when: check_docker_compose_file.stat.exists - ignore_errors: yes tags: - update_config - update_deployment @@ -63,7 +62,7 @@ name: _deploy tasks_from: templates vars: - current_config: "elastic-certs/{{ stage}}-certs" + current_config: "elastic-certs/{{ stage }}-certs" current_base_path: "{{ service_base_path }}" current_destination: "{{ kibana_id }}/certs" current_owner: "{{ docker_owner }}" @@ -73,17 +72,11 @@ - update_certs - update_config -- name: "Update {{ kibana_id }}" - shell: docker-compose pull - args: - chdir: '{{ service_base_path }}/{{ kibana_id }}' - tags: - - update_deployment - - name: "Start {{ kibana_id }}" - shell: docker-compose up -d - args: - chdir: '{{ service_base_path }}/{{ kibana_id }}' + community.docker.docker_compose: + project_src: '{{ service_base_path }}/{{ kibana_id }}' + state: present + pull: true tags: - update_certs - update_config diff --git a/roles/kubernetes/apps/tasks/argocd.yml b/roles/kubernetes/apps/tasks/argocd.yml index 8b4ccc9..d027adf 100644 --- a/roles/kubernetes/apps/tasks/argocd.yml +++ b/roles/kubernetes/apps/tasks/argocd.yml @@ -86,7 +86,8 @@ # using template from exported keycloak client object # due to needed params but missing in community.general.keycloak_client # e.g. defaultClientScopes -- set_fact: +- name: "Create json object as VAR from template" + set_fact: keycloak_realm_create_client: "{{ lookup('template','keycloak-realm-create-client-argocd.json.j2') }}" vars: client_redirect_uri: '{{ argo_client_redirect_uris }}' @@ -129,7 +130,8 @@ - inventory_hostname == groups['kube_control_plane'][0] # available clients: get needed ID -- set_fact: +- name: "Get ID of client by paring argo_realm_clients object" + set_fact: id_of_client: '{{ ( argo_realm_clients.json | selectattr("clientId","equalto",argo_client_id ) | first ).id }}' when: - inventory_hostname == groups['kube_control_plane'][0] @@ -148,13 +150,15 @@ when: - inventory_hostname == groups['kube_control_plane'][0] -- debug: +- name: "DEBUG" + debug: msg: "DEBUGGING: {{ client_secret.json.value }}" when: - debug - inventory_hostname == groups['kube_control_plane'][0] -- set_fact: +- name: "Create VAR to overwrite specific helm value - prepare combining dicts" + set_fact: additional_helm_values: configs: secret: @@ -163,12 +167,14 @@ when: - inventory_hostname == groups['kube_control_plane'][0] -- set_fact: +- name: "Combining helm release values" + set_fact: combined_helm__release_values: '{{ k8s_argocd_helm__release_values | combine(additional_helm_values, recursive=True) }}' when: - inventory_hostname == groups['kube_control_plane'][0] -- debug: +- name: "DEBUG" + debug: msg: "DEBUGGING: {{ combined_helm__release_values }}" when: - debug diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index 0f05d01..7034c7c 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -6,9 +6,9 @@ - name: Install dependencies ansible.builtin.package: name: "{{ item }}" - state: latest + state: present loop: - - python3-pip + - python3-pip=20.0.2-5ubuntu1.6 when: - inventory_hostname == groups['kube_control_plane'][0] tags: diff --git a/roles/postgres/tasks/base-requirements_backup.yml b/roles/postgres/tasks/base-requirements_backup.yml index fab2ae6..f9f96c9 100644 --- a/roles/postgres/tasks/base-requirements_backup.yml +++ b/roles/postgres/tasks/base-requirements_backup.yml @@ -23,7 +23,8 @@ delegate_to: localhost become: false -- set_fact: +- name: "Setting LVM related VARs" + set_fact: pvs: "{{ hcloud_volumes_found.hcloud_volume_info | json_query(jmesquery) }}" vg_name: vg.postgres_backup lv_name: lv.postgres_backup