diff --git a/.ansible-lint b/.ansible-lint index 4e77ee1..a8d7896 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -3,9 +3,11 @@ # Exclude these files from the linter exclude_paths: - - .gitlab + - .git* # Rules that we feel should not be errors but warnings warn_list: - yaml[line-length] - var-naming[no-role-prefix] + - meta-runtime[unsupported-version] + - run-once[task] diff --git a/galaxy.yml b/galaxy.yml index c892701..9380bdb 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -16,11 +16,11 @@ readme: README.md # A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) # @nicks:irc/im.site#channel' authors: -- Steven Schattenberg -- Travis Nicks -- Kevin Velarde -- Peter Sprygada -- Nick Andreano + - Steven Schattenberg + - Travis Nicks + - Kevin Velarde + - Peter Sprygada + - Nick Andreano ### OPTIONAL but strongly recommended # A short summary description of the collection @@ -38,6 +38,7 @@ license_file: 'LICENSE' # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character # requirements as 'namespace' and 'name' tags: + - tools - itential - deployer diff --git a/playbooks/install_active_standby.yml b/playbooks/install_active_standby.yml index 7bcb7da..89564cd 100644 --- a/playbooks/install_active_standby.yml +++ b/playbooks/install_active_standby.yml @@ -68,13 +68,6 @@ - mongodb - mongodb_install - # Insert some day zero data into the MongoDB, Itential users, profiles, - # configure redis, configure rabbitmq, etc... - - role: itential.deployer.mongodb_init - tags: - - mongodb - - mongodb_init - # Enable MongoDB replication, configure replica set if required # https://www.mongodb.com/docs/manual/replication/ - role: itential.deployer.mongodb_replication @@ -129,12 +122,6 @@ - platform - platform_install - # Install any listed apps and/or adapters - - role: itential.deployer.platform_adapters - tags: - - platform - - platform_adapters - - name: Install IAP hosts: platform become: true diff --git a/playbooks/prometheus.yml b/playbooks/prometheus.yml index eba2d88..c956246 100644 --- a/playbooks/prometheus.yml +++ b/playbooks/prometheus.yml @@ -10,7 +10,7 @@ - role: itential.deployer.common_vars tags: - always - + - role: itential.deployer.prometheus tags: - - prometheus_install \ No newline at end of file + - prometheus_install diff --git a/roles/common_vars/defaults/main/prometheus.yml b/roles/common_vars/defaults/main/prometheus.yml index bf4a6ad..61c8411 100644 --- a/roles/common_vars/defaults/main/prometheus.yml +++ b/roles/common_vars/defaults/main/prometheus.yml @@ -2,4 +2,4 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- prometheus: false -prometheus_grafana: false \ No newline at end of file +prometheus_grafana: false diff --git a/roles/gateway/tasks/download-packages-python.yml b/roles/gateway/tasks/download-packages-python.yml index 729247a..e1a9d26 100644 --- a/roles/gateway/tasks/download-packages-python.yml +++ b/roles/gateway/tasks/download-packages-python.yml @@ -22,7 +22,7 @@ file: download-python-dependencies.yml - name: Uninstall Python rpms - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true diff --git a/roles/gateway/tasks/download-packages.yml b/roles/gateway/tasks/download-packages.yml index 0bce382..d13ecb7 100644 --- a/roles/gateway/tasks/download-packages.yml +++ b/roles/gateway/tasks/download-packages.yml @@ -37,7 +37,7 @@ tags: download_gateway_packages - name: Install Gateway rpms - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: present with_items: "{{ gateway_packages }}" @@ -71,7 +71,7 @@ dest_dir: "{{ rpms_download_dir_control_node }}" - name: Uninstall Gateway packages - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index 414fa1e..ba1060b 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -7,6 +7,7 @@ with_first_found: - "{{ iag_release }}-{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}.yml" - "release-undefined.yml" + tags: always - name: Check for valid IAG release ansible.builtin.fail: @@ -24,7 +25,7 @@ register: workingdir - name: Install Gateway packages (online) - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: present with_items: "{{ gateway_packages }}" @@ -95,9 +96,11 @@ when: iag_https and iag_ssl_copy_certs - name: Install Python - ansible.builtin.include_tasks: - file: install-python.yml tags: install_python + block: + - name: Install Python + ansible.builtin.include_tasks: + file: install-python.yml # Need to install ansible within the virtual environment - name: Install Ansible diff --git a/roles/mongodb/tasks/download-packages-python.yml b/roles/mongodb/tasks/download-packages-python.yml index 933323b..8733865 100644 --- a/roles/mongodb/tasks/download-packages-python.yml +++ b/roles/mongodb/tasks/download-packages-python.yml @@ -39,7 +39,7 @@ - app_python_dependencies | length > 0 - name: Uninstall Python rpms - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true diff --git a/roles/mongodb/tasks/mongodb-online.yml b/roles/mongodb/tasks/mongodb-online.yml index d8655ab..3b842fd 100644 --- a/roles/mongodb/tasks/mongodb-online.yml +++ b/roles/mongodb/tasks/mongodb-online.yml @@ -16,7 +16,7 @@ # Install mongodb if mongodb is not already installed - name: Install MongoDB packages (online) - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ mongodb_packages }}" state: present when: "'mongodb-org' not in ansible_facts.packages" diff --git a/roles/offline/tasks/download-adapter.yml b/roles/offline/tasks/download-adapter.yml index 1a43845..35424d3 100644 --- a/roles/offline/tasks/download-adapter.yml +++ b/roles/offline/tasks/download-adapter.yml @@ -15,7 +15,7 @@ ansible.builtin.set_fact: adapter_name: "{{ adapter | basename | split('.') | first }}" -- name: Git clone {{ adapter }} +- name: Git clone adapter # noqa: latest (always clone the latest) ansible.builtin.git: repo: "{{ adapter }}" dest: "{{ download_dir }}/{{ adapter_name }}" @@ -35,9 +35,9 @@ chdir: "{{ download_dir }}/{{ adapter_name }}" changed_when: true -# The bundleDependencies defines an array of package names that will be bundled +# The bundleDependencies defines an array of package names that will be bundled # when publishing the package. This really should be defined in the package.json -# when it's downloaded. If it is not already defined, set it to true. A value of true +# when it's downloaded. If it is not already defined, set it to true. A value of true # will bundle all dependencies. - name: Check if bundleDependencies is already defined in package.json ansible.builtin.lineinfile: diff --git a/roles/offline/tasks/download-rpms.yml b/roles/offline/tasks/download-rpms.yml index 62fd081..97ecbd3 100644 --- a/roles/offline/tasks/download-rpms.yml +++ b/roles/offline/tasks/download-rpms.yml @@ -29,20 +29,20 @@ mode: '0755' - name: Download packages (ansible yum module) - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ download_packages }}" state: present download_only: true download_dir: "{{ download_dir }}" when: download_method == "yum_module" - - name: Download packages (yum install) + - name: Download packages (yum install) # noqa command-instead-of-module (yum module does not support downloadonly) ansible.builtin.command: cmd: yum install --downloadonly --downloaddir "{{ download_dir }}" -y "{{ download_packages }}" changed_when: true when: download_method == "yum_install" - - name: Download packages (yum reinstall) + - name: Download packages (yum reinstall) # noqa command-instead-of-module (yum module does not support downloadonly) ansible.builtin.command: cmd: yum reinstall --downloadonly --downloaddir "{{ download_dir }}" -y "{{ download_packages }}" changed_when: true @@ -60,7 +60,7 @@ when: download_method == "yumdownloader" block: - name: Install Yum utils - ansible.builtin.yum: + ansible.builtin.dnf: name: yum-utils state: present @@ -69,4 +69,3 @@ cmd: "yumdownloader --resolve --downloaddir {{ download_dir }} {{ download_packages | join(' ') }}" changed_when: true failed_when: false - diff --git a/roles/offline/tasks/install-rpms.yml b/roles/offline/tasks/install-rpms.yml index 862be9c..2317a7a 100644 --- a/roles/offline/tasks/install-rpms.yml +++ b/roles/offline/tasks/install-rpms.yml @@ -28,13 +28,13 @@ ansible.builtin.command: rpmdb --rebuilddb changed_when: false -- name: Get list of yum repos (to disable temporarily) +- name: Get list of yum repos (to disable temporarily) # noqa command-instead-of-module (yum module does not support repolist) ansible.builtin.command: yum -q repolist register: repolist_result changed_when: false - name: Install RPMs - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ rpm_list.files | map(attribute='path') | list | sort }}" state: present disable_gpg_check: true diff --git a/roles/os/defaults/main.yml b/roles/os/defaults/main.yml index 49a3dbb..63a66a14 100644 --- a/roles/os/defaults/main.yml +++ b/roles/os/defaults/main.yml @@ -1,8 +1,7 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -yum_update: false # Offline install settings # Refer to the offline variables in common_vars for additional settings -packages_path: "{{ itential_packages_path }}/{{ iap_release }}/os" \ No newline at end of file +packages_path: "{{ itential_packages_path }}/{{ iap_release }}/os" diff --git a/roles/os/tasks/redhat-online.yml b/roles/os/tasks/redhat-online.yml index 8936409..dc3c29f 100644 --- a/roles/os/tasks/redhat-online.yml +++ b/roles/os/tasks/redhat-online.yml @@ -1,14 +1,8 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -- name: Update the current yum packages - ansible.builtin.yum: - name: '*' - state: latest - when: yum_update | bool - - name: Install OS Packages - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ os_packages }}" state: present validate_certs: false @@ -16,11 +10,11 @@ update_cache: true - name: Install Security Packages - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ security_packages }}" state: present - name: Install Operations Packages - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ operational_packages }}" state: present diff --git a/roles/os/vars/release-undefined.yml b/roles/os/vars/release-undefined.yml index 5601f1f..5ce1d15 100644 --- a/roles/os/vars/release-undefined.yml +++ b/roles/os/vars/release-undefined.yml @@ -1,3 +1,3 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) -invalid_os_release: true \ No newline at end of file +invalid_os_release: true diff --git a/roles/platform/tasks/backup-mongo.yml b/roles/platform/tasks/backup-mongo.yml index 5fc7460..09ae7df 100644 --- a/roles/platform/tasks/backup-mongo.yml +++ b/roles/platform/tasks/backup-mongo.yml @@ -20,3 +20,6 @@ - --out="{{ iap_install_dir }}/current/backups" - --gzip - "{{ mongo_connection_string }}" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 diff --git a/roles/platform/tasks/configure-firewalld.yml b/roles/platform/tasks/configure-firewalld.yml index aef977c..43c1949 100644 --- a/roles/platform/tasks/configure-firewalld.yml +++ b/roles/platform/tasks/configure-firewalld.yml @@ -14,10 +14,9 @@ immediate: true when: - ansible_facts.services["firewalld.service"] is defined - - (ansible_facts.services["firewalld.service"].state == "running") - - (ansible_facts.services["firewalld.service"].status == "enabled") + - ansible_facts.services["firewalld.service"].state == "running" + - ansible_facts.services["firewalld.service"].status == "enabled" - not iap_https | bool - ignore_errors: true - name: Open HTTPS Port on FirewallD Public Zone ansible.posix.firewalld: @@ -28,7 +27,6 @@ immediate: true when: - ansible_facts.services["firewalld.service"] is defined - - (ansible_facts.services["firewalld.service"].state == "running") - - (ansible_facts.services["firewalld.service"].status == "enabled") + - ansible_facts.services["firewalld.service"].state == "running" + - ansible_facts.services["firewalld.service"].status == "enabled" - iap_https | bool - ignore_errors: true diff --git a/roles/platform/tasks/download-adapters.yml b/roles/platform/tasks/download-adapters.yml index 7bd0a88..dba2128 100644 --- a/roles/platform/tasks/download-adapters.yml +++ b/roles/platform/tasks/download-adapters.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install rpms required for download - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: present with_items: @@ -11,10 +11,11 @@ register: install_result - name: Disable safe repository checks - ansible.builtin.command: - cmd: "git config --global --add safe.directory '*'" + community.general.git_config: + name: safe.directory + scope: global + value: '*' when: disable_git_safe_repo_checks - changed_when: true - name: Install NodeJS ansible.builtin.include_tasks: @@ -75,14 +76,14 @@ with_items: "{{ found_custom_adapters.files }}" - name: Uninstall rpms required for download - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true with_items: "{{ install_result.results | selectattr('changed', 'equalto', true) | map(attribute='item') }}" - name: Uninstall nodejs rpms - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true diff --git a/roles/platform/tasks/download-packages-python.yml b/roles/platform/tasks/download-packages-python.yml index e3edc70..8724988 100644 --- a/roles/platform/tasks/download-packages-python.yml +++ b/roles/platform/tasks/download-packages-python.yml @@ -36,7 +36,7 @@ download_dir: "{{ wheels_download_dir_target_node }}/app" - name: Uninstall Python rpms - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: absent autoremove: true diff --git a/roles/platform/tasks/install-adapters.yml b/roles/platform/tasks/install-adapters.yml index 65e50bd..4b670d9 100644 --- a/roles/platform/tasks/install-adapters.yml +++ b/roles/platform/tasks/install-adapters.yml @@ -2,10 +2,11 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Disable safe repository checks - ansible.builtin.command: - cmd: "git config --global --add safe.directory '*'" + community.general.git_config: + name: safe.directory + scope: global + value: '*' when: disable_git_safe_repo_checks - changed_when: true - name: Install any configured opensource adapters when: @@ -27,7 +28,7 @@ # symlinks. - name: Make a list of the adapter names ansible.builtin.set_fact: - adapter_names: "{{ adapter_names + [item | basename | split('.') | first ]}}" + adapter_names: "{{ adapter_names + [item | basename | split('.') | first] }}" loop: "{{ itential_adapters | default([], true) }}" vars: adapter_names: [] @@ -35,7 +36,7 @@ - name: Install opensource adapters (online) when: not offline_install block: - - name: Git clone opensource adapters (online) + - name: Git clone opensource adapters (online) # noqa: latest (always clone the latest) ansible.builtin.git: repo: "{{ item }}" dest: "{{ iap_install_dir }}/current/custom/@itentialopensource/{{ adapter_names[i] }}" @@ -142,7 +143,7 @@ # symlinks. - name: Make a list of the custom adapter names ansible.builtin.set_fact: - custom_names: "{{ custom_names + [item | basename | split('.') | first ]}}" + custom_names: "{{ custom_names + [item | basename | split('.') | first] }}" loop: "{{ custom_adapters | default([], true) }}" vars: custom_names: [] @@ -150,7 +151,7 @@ - name: Install custom adapters (online) when: not offline_install block: - - name: Git clone all custom adapters (online) + - name: Git clone all custom adapters (online) # noqa: latest (always clone the latest) ansible.builtin.git: repo: "{{ item }}" dest: "{{ iap_install_dir }}/current/custom/{{ custom_location }}/{{ custom_names[i] }}" @@ -224,7 +225,7 @@ - name: Restart IAP ansible.builtin.command: /bin/true notify: Restart IAP - when: > + when: > (custom_adapters is defined and (custom_adapters | default([], true)) | length > 0) or (itential_adapters is defined and (itential_adapters | default([], true)) | length > 0) changed_when: true diff --git a/roles/platform/tasks/install-mongodb-tools.yml b/roles/platform/tasks/install-mongodb-tools.yml index c66b051..c893bc4 100644 --- a/roles/platform/tasks/install-mongodb-tools.yml +++ b/roles/platform/tasks/install-mongodb-tools.yml @@ -22,6 +22,6 @@ # Install mongodb tools if they are not already installed - name: Install the MongoDB tools packages - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ mongodb_tools_packages }}" state: present diff --git a/roles/platform/tasks/install-nodejs.yml b/roles/platform/tasks/install-nodejs.yml index 0ad30ed..f80bd32 100644 --- a/roles/platform/tasks/install-nodejs.yml +++ b/roles/platform/tasks/install-nodejs.yml @@ -46,7 +46,7 @@ # This will perform the actual install of nodejs - name: Yum install nodejs - ansible.builtin.yum: + ansible.builtin.dnf: name: nodejs state: present diff --git a/roles/platform/tasks/install-platform-packages.yml b/roles/platform/tasks/install-platform-packages.yml index 1a3bde2..86ff52a 100644 --- a/roles/platform/tasks/install-platform-packages.yml +++ b/roles/platform/tasks/install-platform-packages.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install Platform dependent rpms (online) - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ platform_packages }}" state: present when: not offline_install diff --git a/roles/platform/tasks/main.yml b/roles/platform/tasks/main.yml index 4550336..3772135 100644 --- a/roles/platform/tasks/main.yml +++ b/roles/platform/tasks/main.yml @@ -6,8 +6,11 @@ file: validate-vars.yml - name: Determine release vars - ansible.builtin.include_tasks: - file: determine-release-vars.yml + tags: always + block: + - name: Determine release vars + ansible.builtin.include_tasks: + file: determine-release-vars.yml - name: Install base OS packages ansible.builtin.include_role: @@ -32,9 +35,11 @@ tags: install_nodejs - name: Install Python - ansible.builtin.include_tasks: - file: install-python.yml tags: install_python + block: + - name: Install Python + ansible.builtin.include_tasks: + file: install-python.yml - name: Create itential user ansible.builtin.include_tasks: diff --git a/roles/platform/tasks/mongo-init.yml b/roles/platform/tasks/mongo-init.yml index 06e4e9f..68f04bd 100644 --- a/roles/platform/tasks/mongo-init.yml +++ b/roles/platform/tasks/mongo-init.yml @@ -32,11 +32,13 @@ - --quiet - --eval='EJSON.stringify(db.iap_profiles.find({"id":"Local_AAA"},{"_id":0,"services":1}).toArray());' - "{{ mongo_connection_string }}" - register: local_aaa_profile + register: local_aaa_profile_result + changed_when: local_aaa_profile_result.rc == 0 + failed_when: local_aaa_profile_result.rc > 0 - name: Set discovered services list for Local_AAA ansible.builtin.set_fact: - discovered_services: "{{ local_aaa_profile.stdout }}" + discovered_services: "{{ local_aaa_profile_result.stdout }}" # Create a default profile document in the itential database. This template # contains the logic to modify various properties based on the vars set in @@ -62,11 +64,13 @@ - --quiet - --eval='EJSON.stringify(db.iap_profiles.find({"id":"LDAP"},{"_id":0,"services":1}).toArray());' - "{{ mongo_connection_string }}" - register: ldap_profile + register: ldap_profile_result + changed_when: ldap_profile_result.rc == 0 + failed_when: ldap_profile_result.rc > 0 - name: Set discovered services list for LDAP ansible.builtin.set_fact: - discovered_services: "{{ ldap_profile.stdout }}" + discovered_services: "{{ ldap_profile_result.stdout }}" # Create a second profile document that is configured to use the LDAP adapter. # This still requires the admins to correctly configure the LDAP adapter to @@ -113,11 +117,13 @@ - --quiet - --eval='EJSON.stringify(db.iap_profiles.find({"id":"Primary_Local_AAA"},{"_id":0,"services":1}).toArray());' - "{{ mongo_connection_string }}" - register: primary_local_aaa_profile + register: primary_local_aaa_profile_result + changed_when: primary_local_aaa_profile_result.rc == 0 + failed_when: primary_local_aaa_profile_result.rc > 0 - name: Set discovered services list for Primary_Local_AAA ansible.builtin.set_fact: - discovered_services: "{{ primary_local_aaa_profile.stdout }}" + discovered_services: "{{ primary_local_aaa_profile_result.stdout }}" - name: Create Primary Local AAA profile document non-default production environments ansible.builtin.template: @@ -139,11 +145,13 @@ - --quiet - --eval='EJSON.stringify(db.iap_profiles.find({"id":"Secondary_Local_AAA"},{"_id":0,"services":1}).toArray());' - "{{ mongo_connection_string }}" - register: secondary_local_aaa_profile + register: secondary_local_aaa_profile_result + changed_when: secondary_local_aaa_profile_result.rc == 0 + failed_when: secondary_local_aaa_profile_result.rc > 0 - name: Set discovered services list for Secondary_Local_AAA ansible.builtin.set_fact: - discovered_services: "{{ secondary_local_aaa_profile.stdout }}" + discovered_services: "{{ secondary_local_aaa_profile_result.stdout }}" - name: Create Secondary Local AAA profile document non-default production environments ansible.builtin.template: @@ -218,6 +226,9 @@ - --upsertFields=name - --file="{{ item.path }}" loop: "{{ found_sc_files.files }}" + register: service_configs_result + changed_when: service_configs_result.rc == 0 + failed_when: service_configs_result.rc > 0 - name: Find all rendered template files in /tmp ansible.builtin.find: diff --git a/roles/platform/tasks/update-release-file.yml b/roles/platform/tasks/update-release-file.yml index 250313b..afb3286 100644 --- a/roles/platform/tasks/update-release-file.yml +++ b/roles/platform/tasks/update-release-file.yml @@ -36,7 +36,7 @@ - name: Capture Jinja2 version ansible.builtin.shell: - cmd: "{{ pip_executable }} list --retries 1 --timeout 1 | grep -i jinja2 | awk '{print $2}'" + cmd: "set -o pipefail && {{ pip_executable }} list --retries 1 --timeout 1 | grep -i jinja2 | awk '{print $2}'" register: jinja2_installed_version changed_when: false @@ -49,7 +49,7 @@ - name: Capture MarkupSafe version ansible.builtin.shell: - cmd: "{{ pip_executable }} list --retries 1 --timeout 1 | grep -i markupsafe | awk '{print $2}'" + cmd: "set -o pipefail && {{ pip_executable }} list --retries 1 --timeout 1 | grep -i markupsafe | awk '{print $2}'" register: markupsafe_installed_version changed_when: false @@ -62,7 +62,7 @@ - name: Capture TextFSM version ansible.builtin.shell: - cmd: "{{ pip_executable }} list --retries 1 --timeout 1 | grep -i textfsm | awk '{print $2}'" + cmd: "set -o pipefail && {{ pip_executable }} list --retries 1 --timeout 1 | grep -i textfsm | awk '{print $2}'" register: textfsm_installed_version changed_when: false diff --git a/roles/platform_app_artifact/tasks/main.yml b/roles/platform_app_artifact/tasks/main.yml index 0f9d53f..395c687 100644 --- a/roles/platform_app_artifact/tasks/main.yml +++ b/roles/platform_app_artifact/tasks/main.yml @@ -1,48 +1,53 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -- name: Make directory for app-artifacts - ansible.builtin.file: - path: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" - owner: "{{ iap_user }}" - group: "{{ iap_group }}" - mode: 0775 - state: directory - -- name: Copy to and unarchive app-artifact source code to destination - ansible.builtin.unarchive: - src: "{{ app_artifact_source_file }}" - dest: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" - mode: 0644 - group: "{{ iap_user }}" - owner: "{{ iap_group }}" - extra_opts: - - --strip-components=1 +- name: Install App Artifacts + notify: Restart IAP + block: + - name: Make directory for app-artifacts + ansible.builtin.file: + path: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" + owner: "{{ iap_user }}" + group: "{{ iap_group }}" + mode: '0775' + state: directory -- name: Run npm install - community.general.npm: - path: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" + - name: Copy to and unarchive app-artifact source code to destination + ansible.builtin.unarchive: + src: "{{ app_artifact_source_file }}" + dest: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" + mode: '0644' + group: "{{ iap_user }}" + owner: "{{ iap_group }}" + extra_opts: + - --strip-components=1 -# Using chown and chmod is a faster way to enforce the file ownership and -# permissions. The file module in ansible checks each and every file/dir -# in the tree, 'chown -R ' does not, it just sets it. -- name: Set appropriate ownership on all itential files - ansible.builtin.command: - cmd: "chown -R {{ iap_user }}:{{ iap_group }} {{ iap_install_dir }}/current/custom/@itential/app-artifacts" + - name: Run npm install + community.general.npm: + path: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" -- name: Set appropriate permissions on all itential files - ansible.builtin.command: - cmd: "chmod -R 775 {{ iap_install_dir }}/current/custom/@itential/app-artifacts" + # Using chown and chmod is a faster way to enforce the file ownership and + # permissions. The file module in ansible checks each and every file/dir + # in the tree, 'chown -R ' does not, it just sets it. + - name: Set appropriate ownership on all itential files + ansible.builtin.command: + cmd: "chown -R {{ iap_user }}:{{ iap_group }} {{ iap_install_dir }}/current/custom/@itential/app-artifacts" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 -- name: Add symlink in install directory - ansible.builtin.file: - src: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" - dest: "{{ iap_install_dir }}/current/node_modules/@itential/app-artifacts" - group: "{{ iap_user }}" - owner: "{{ iap_group }}" - state: link - follow: false + - name: Set appropriate permissions on all itential files + ansible.builtin.command: + cmd: "chmod -R 775 {{ iap_install_dir }}/current/custom/@itential/app-artifacts" + register: result + changed_when: result.rc == 0 + failed_when: result.rc > 0 -- name: Restart IAP - command: /bin/true - notify: Restart IAP + - name: Add symlink in install directory + ansible.builtin.file: + src: "{{ iap_install_dir }}/current/custom/@itential/app-artifacts" + dest: "{{ iap_install_dir }}/current/node_modules/@itential/app-artifacts" + group: "{{ iap_user }}" + owner: "{{ iap_group }}" + state: link + follow: false diff --git a/roles/prometheus/tasks/install_grafana.yml b/roles/prometheus/tasks/install_grafana.yml index 1f9b99b..913e063 100644 --- a/roles/prometheus/tasks/install_grafana.yml +++ b/roles/prometheus/tasks/install_grafana.yml @@ -25,7 +25,7 @@ # Install grafana with yum - name: Install Grafana - ansible.builtin.yum: + ansible.builtin.dnf: name: grafana state: present diff --git a/roles/python/tasks/create-symlinks.yml b/roles/python/tasks/create-symlinks.yml index 05b117e..3bb810a 100644 --- a/roles/python/tasks/create-symlinks.yml +++ b/roles/python/tasks/create-symlinks.yml @@ -7,7 +7,7 @@ register: python3_symlink changed_when: false -- name: Create python3 symlink {{ python_executable }} --> /usr/local/bin/python3 +- name: Create python3 symlink to /usr/local/bin/python3 ansible.builtin.file: state: link src: "{{ python_executable }}" @@ -20,7 +20,7 @@ register: pip3_symlink changed_when: false -- name: Create pip3 symlink {{ pip_executable }} --> /usr/local/bin/pip3 +- name: Create pip3 symlink to /usr/local/bin/pip3 ansible.builtin.file: state: link src: "{{ pip_executable }}" diff --git a/roles/python/tasks/python-from-packages.yml b/roles/python/tasks/python-from-packages.yml index 42b934f..bfb18e1 100644 --- a/roles/python/tasks/python-from-packages.yml +++ b/roles/python/tasks/python-from-packages.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install Python packages (online) - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ item }}" state: present with_items: "{{ python_packages }}" diff --git a/roles/python/tasks/python-from-source.yml b/roles/python/tasks/python-from-source.yml index 533f324..8e6a4dd 100644 --- a/roles/python/tasks/python-from-source.yml +++ b/roles/python/tasks/python-from-source.yml @@ -40,6 +40,9 @@ - ./config - make - make install + register: result + changed_when: result.changed + failed_when: result.rc > 0 - name: Check if Python is already installed ansible.builtin.stat: diff --git a/roles/rabbitmq/defaults/main.yml b/roles/rabbitmq/defaults/main.yml index 94a71a4..a68cb3d 100644 --- a/roles/rabbitmq/defaults/main.yml +++ b/roles/rabbitmq/defaults/main.yml @@ -23,7 +23,7 @@ rabbitmq_bind_addr: 127.0.0.1 # The largest allowed message payload size in bytes. Messages of larger size will be # rejected with a suitable channel exception. Default: 134217728, Max value: 536870912 -#rabbit_max_msg_size: 536870911 +# rabbit_max_msg_size: 536870911 # Makes it possible to override the total amount of memory available, as opposed to # inferring it from the environment using OS-specific means. This should only be used @@ -33,7 +33,7 @@ rabbitmq_bind_addr: 127.0.0.1 # of bytes or, alternatively, in information units (e.g `8GB`). For example, when the # value is set to 4 GB, the node will believe it is running on a machine with 4 GB of RAM. # Default: undefined (not set or used). -#rabbit_total_mem_available_override: 8GB +# rabbit_total_mem_available_override: 8GB # Offline install settings # Refer to the offline variables in common_vars for additional settings diff --git a/roles/platform/vars/main.yml b/roles/rabbitmq/handlers/main.yml similarity index 51% rename from roles/platform/vars/main.yml rename to roles/rabbitmq/handlers/main.yml index 6181765..df69586 100644 --- a/roles/platform/vars/main.yml +++ b/roles/rabbitmq/handlers/main.yml @@ -1,3 +1,8 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file +--- +- name: Restart RabbitMQ + ansible.builtin.systemd: + name: rabbitmq-server + enabled: true + state: restarted diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml index 7cd3529..1dfda9d 100644 --- a/roles/rabbitmq/tasks/main.yml +++ b/roles/rabbitmq/tasks/main.yml @@ -32,11 +32,13 @@ ansible.builtin.file: name: /etc/systemd/system/rabbitmq-server.service.d state: directory + mode: "0755" - name: Set rabbitmq filesystem limit ansible.builtin.copy: src: "{{ role_path }}/files/limits.conf" dest: /etc/systemd/system/rabbitmq-server.service.d/limits.conf + mode: "0644" - name: Create rabbitmq config file ansible.builtin.template: @@ -44,7 +46,7 @@ dest: "{{ rabbitmq_config }}" owner: "{{ rabbitmq_owner }}" group: "{{ rabbitmq_group }}" - mode: 0640 + mode: "0640" # Check if firewalld is running, if it is then open the appropriate ports - name: Gather service facts @@ -53,10 +55,10 @@ - name: Open Port on FirewallD Public Zone ansible.posix.firewalld: port: "{{ item }}" - permanent: yes + permanent: true state: enabled zone: public - immediate: yes + immediate: true loop: - "{{ rabbitmq_port }}/tcp" - "{{ rabbitmq_mgt_console_port }}/tcp" @@ -64,25 +66,27 @@ - ansible_facts.services["firewalld.service"] is defined - (ansible_facts.services["firewalld.service"].state == "running") - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true - name: Enable rabbitmq services ansible.builtin.systemd: name: rabbitmq-server - enabled: yes - daemon_reload: yes + enabled: true + daemon_reload: true state: restarted # Enables the rabbitmq UI available at 15672 - name: Enable rabbitmq management console ansible.builtin.command: cmd: rabbitmq-plugins enable rabbitmq_management + register: output + changed_when: output.rc != 0 # Create & tag the required rabbitmq users - name: Create admin user ansible.builtin.command: cmd: "rabbitmqctl add_user {{ rabbitmq_admin_user }} {{ rabbitmq_admin_password }}" register: result + changed_when: result.rc != 0 failed_when: - result.rc is defined - result.rc > 0 @@ -90,20 +94,27 @@ - name: Set administrator tag for admin user ansible.builtin.command: - cmd: "rabbitmqctl set_user_tags {{ rabbitmq_admin_user }} administrator" + cmd: "rabbitmqctl set_user_tags {{ rabbitmq_admin_user }} administrator" + register: output + changed_when: output.rc != 0 - name: Set permissions for admin user ansible.builtin.command: cmd: "rabbitmqctl set_permissions -p / {{ rabbitmq_admin_user }} \".*\" \".*\" \".*\"" + register: output + changed_when: output.rc != 0 - name: Create iap vhost ansible.builtin.command: cmd: "rabbitmqctl add_vhost {{ rabbitmq_vhost }}" + register: output + changed_when: output.rc != 0 - name: Create itential user ansible.builtin.command: cmd: "rabbitmqctl add_user {{ rabbitmq_user }} {{ rabbitmq_password }}" register: result + changed_when: result.rc != 0 failed_when: - result.rc is defined - result.rc > 0 @@ -112,29 +123,36 @@ # Required for event deduping - name: Set monitoring tag for itential user ansible.builtin.command: - cmd: "rabbitmqctl set_user_tags {{ rabbitmq_user }} monitoring" + cmd: "rabbitmqctl set_user_tags {{ rabbitmq_user }} monitoring" + register: output + changed_when: output.rc != 0 - name: Set permissions for itential user ansible.builtin.command: cmd: "rabbitmqctl set_permissions -p {{ rabbitmq_vhost }} {{ rabbitmq_user }} \".*\" \".*\" \".*\"" + register: output + changed_when: output.rc != 0 - name: Get installed erlang version ansible.builtin.command: cmd: rabbitmq-diagnostics erlang_version - register: erlangVersion + register: erlang_version + changed_when: erlang_version.rc != 0 - name: Write erlang release information ansible.builtin.lineinfile: - path: "/etc/iap-release" - line: "ERLANG={{ erlangVersion.stdout_lines[1] }}" + path: "{{ itential_release_file }}" + line: "ERLANG={{ erlang_version.stdout_lines[1] }}" create: true + mode: "0644" - name: Get installed rabbitmq version ansible.builtin.command: cmd: rabbitmqctl version - register: rabbitmqVersion + register: rabbitmq_version + changed_when: rabbitmq_version.rc != 0 - name: Write rabbitmq release information ansible.builtin.lineinfile: path: "{{ itential_release_file }}" - line: "RABBITMQ={{ rabbitmqVersion.stdout }}" + line: "RABBITMQ={{ rabbitmq_version.stdout }}" diff --git a/roles/rabbitmq/tasks/rabbitmq-online.yml b/roles/rabbitmq/tasks/rabbitmq-online.yml index 9411bc2..295aab5 100644 --- a/roles/rabbitmq/tasks/rabbitmq-online.yml +++ b/roles/rabbitmq/tasks/rabbitmq-online.yml @@ -24,7 +24,7 @@ description: rabbitmq_erlang owner: "root" group: "root" - mode: 0644 + mode: "0644" baseurl: "{{ rabbitmq_erlang_repo_baseurl }}" gpgcheck: true gpgkey: @@ -41,7 +41,7 @@ description: rabbitmq_server owner: "root" group: "root" - mode: 0644 + mode: "0644" baseurl: "{{ rabbitmq_server_repo_baseurl }}" gpgcheck: true gpgkey: @@ -55,6 +55,6 @@ # Installs the packages enabled by the above repos - name: Install packages - ansible.builtin.yum: - name: "{{ rabbitmq_packages[ ansible_distribution_major_version ] }}" + ansible.builtin.dnf: + name: "{{ rabbitmq_packages[ansible_distribution_major_version] }}" update_cache: true diff --git a/roles/rabbitmq/vars/main.yml b/roles/rabbitmq/vars/main.yml index b595798..4770be7 100644 --- a/roles/rabbitmq/vars/main.yml +++ b/roles/rabbitmq/vars/main.yml @@ -2,4 +2,4 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- rabbitmq_server_repo_baseurl: "https://packagecloud.io/rabbitmq/rabbitmq-server/el/$releasever/$basearch" -rabbitmq_erlang_repo_baseurl: "https://packagecloud.io/rabbitmq/erlang/el/$releasever/$basearch" \ No newline at end of file +rabbitmq_erlang_repo_baseurl: "https://packagecloud.io/rabbitmq/erlang/el/$releasever/$basearch" diff --git a/roles/rabbitmq/vars/release-2022.1.yml b/roles/rabbitmq/vars/release-2022.1.yml index 59806f9..87f069b 100644 --- a/roles/rabbitmq/vars/release-2022.1.yml +++ b/roles/rabbitmq/vars/release-2022.1.yml @@ -16,4 +16,4 @@ rabbitmq_packages: - socat - logrotate - erlang-25.3.2.2 - - rabbitmq-server-3.11.7 \ No newline at end of file + - rabbitmq-server-3.11.7 diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml index d7bb23e..c711c41 100644 --- a/roles/rabbitmq_cluster/tasks/main.yml +++ b/roles/rabbitmq_cluster/tasks/main.yml @@ -11,8 +11,8 @@ - name: Write all RabbitMQ nodes to the hosts file ansible.builtin.lineinfile: path: "/etc/hosts" - line: "{{hostvars[item].ansible_default_ipv4.address}} rabbit{{my_idx + 1}} {{hostvars[item].ansible_hostname}}" - loop: "{{lookup('inventory_hostnames', 'rabbitmq', wantlist=True) }}" + line: "{{ hostvars[item].ansible_default_ipv4.address }} rabbit{{ my_idx + 1 }} {{ hostvars[item].ansible_hostname }}" + loop: "{{ lookup('inventory_hostnames', 'rabbitmq', wantlist=True) }}" loop_control: index_var: my_idx when: inventory_hostname in groups['rabbitmq'] @@ -20,8 +20,8 @@ - name: Write all RabbitMQ nodes to the hosts file for secondary DR ansible.builtin.lineinfile: path: "/etc/hosts" - line: "{{hostvars[item].ansible_default_ipv4.address}} rabbit{{my_idx + 1}} {{hostvars[item].ansible_hostname}}" - loop: "{{lookup('inventory_hostnames', 'rabbitmq_secondary', wantlist=True) }}" + line: "{{ hostvars[item].ansible_default_ipv4.address }} rabbit{{ my_idx + 1 }} {{ hostvars[item].ansible_hostname }}" + loop: "{{ lookup('inventory_hostnames', 'rabbitmq_secondary', wantlist=True) }}" loop_control: index_var: my_idx when: @@ -32,8 +32,8 @@ ansible.builtin.lineinfile: path: "{{ rabbitmq_config }}" insertafter: "cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config" - line: "cluster_formation.classic_config.nodes.{{my_idx + 1}} = rabbit@{{hostvars[item].ansible_hostname }}" - loop: "{{lookup('inventory_hostnames', 'rabbitmq', wantlist=True) }}" + line: "cluster_formation.classic_config.nodes.{{ my_idx + 1 }} = rabbit@{{ hostvars[item].ansible_hostname }}" + loop: "{{ lookup('inventory_hostnames', 'rabbitmq', wantlist=True) }}" loop_control: index_var: my_idx when: inventory_hostname in groups['rabbitmq'] @@ -42,8 +42,8 @@ ansible.builtin.lineinfile: path: "{{ rabbitmq_config }}" insertafter: "cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config" - line: "cluster_formation.classic_config.nodes.{{my_idx + 1}} = rabbit@{{hostvars[item].ansible_hostname }}" - loop: "{{lookup('inventory_hostnames', 'rabbitmq_secondary', wantlist=True) }}" + line: "cluster_formation.classic_config.nodes.{{ my_idx + 1 }} = rabbit@{{ hostvars[item].ansible_hostname }}" + loop: "{{ lookup('inventory_hostnames', 'rabbitmq_secondary', wantlist=True) }}" loop_control: index_var: my_idx when: @@ -53,7 +53,7 @@ - name: Edit config variable ansible.builtin.lineinfile: path: "/root/.bashrc" - line: "export RABBITMQ_CONFIG_FILE={{rabbitmq_config}}" + line: "export RABBITMQ_CONFIG_FILE={{ rabbitmq_config }}" insertafter: "EOF" # RabbitMQ nodes and CLI tools (e.g. rabbitmqctl) use a cookie to determine @@ -82,10 +82,10 @@ - name: Open Ports on FirewallD Public Zone ansible.posix.firewalld: port: "{{ item }}" - permanent: yes + permanent: true state: enabled zone: public - immediate: yes + immediate: true loop: - "{{ rabbitmq_cluster_port }}/tcp" - "{{ rabbitmq_epmd_port }}/tcp" @@ -93,51 +93,68 @@ - ansible_facts.services["firewalld.service"] is defined - (ansible_facts.services["firewalld.service"].state == "running") - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true - name: Restart rabbitmq server ansible.builtin.systemd: name: rabbitmq-server - enabled: yes + enabled: true state: restarted # The first rabbit defined in the rabbitmq group is chosen as our primary that # the others will join a cluster with. Run some additional tasks against the # non-primary members for them to join the cluster. - name: Stop rabbitmq - ansible.builtin.command: "rabbitmqctl stop_app" + ansible.builtin.command: + cmd: "rabbitmqctl stop_app" + register: output + changed_when: output.rc != 0 when: - inventory_hostname in groups['rabbitmq'] - hostvars[groups['rabbitmq'][0]].ansible_hostname != ansible_hostname - name: Stop rabbitmq for secondary - ansible.builtin.command: "rabbitmqctl stop_app" + ansible.builtin.command: + cmd: "rabbitmqctl stop_app" + register: output + changed_when: output.rc != 0 when: - groups['rabbitmq_secondary'] is defined - inventory_hostname in groups['rabbitmq_secondary'] - hostvars[groups['rabbitmq_secondary'][0]].ansible_hostname != ansible_hostname - name: Reset node - ansible.builtin.command: "rabbitmqctl reset" + ansible.builtin.command: + cmd: "rabbitmqctl reset" + register: output + changed_when: output.rc != 0 when: - inventory_hostname in groups['rabbitmq'] - hostvars[groups['rabbitmq'][0]].ansible_hostname != ansible_hostname - name: Reset node for secondary - ansible.builtin.command: "rabbitmqctl reset" + ansible.builtin.command: + cmd: "rabbitmqctl reset" + register: output + changed_when: output.rc != 0 when: - groups['rabbitmq_secondary'] is defined - inventory_hostname in groups['rabbitmq_secondary'] - hostvars[groups['rabbitmq_secondary'][0]].ansible_hostname != ansible_hostname - name: Join cluster - ansible.builtin.command: "rabbitmqctl join_cluster rabbit@{{ hostvars[groups['rabbitmq'][0]].ansible_hostname }}" + ansible.builtin.command: + cmd: "rabbitmqctl join_cluster rabbit@{{ hostvars[groups['rabbitmq'][0]].ansible_hostname }}" + register: output + changed_when: output.rc != 0 when: - inventory_hostname in groups['rabbitmq'] - hostvars[groups['rabbitmq'][0]].ansible_hostname != ansible_hostname - name: Join cluster for secondary DR - ansible.builtin.command: "rabbitmqctl join_cluster rabbit@{{ hostvars[groups['rabbitmq_secondary'][0]].ansible_hostname }}" + ansible.builtin.command: + cmd: "rabbitmqctl join_cluster rabbit@{{ hostvars[groups['rabbitmq_secondary'][0]].ansible_hostname }}" + register: output + changed_when: output.rc != 0 when: - groups['rabbitmq_secondary'] is defined - inventory_hostname in groups['rabbitmq_secondary'] @@ -146,7 +163,7 @@ - name: Restart rabbitmq server ansible.builtin.systemd: name: rabbitmq-server - enabled: yes + enabled: true state: restarted when: - inventory_hostname in groups['rabbitmq'] @@ -155,7 +172,7 @@ - name: Restart rabbitmq server for secondary ansible.builtin.systemd: name: rabbitmq-server - enabled: yes + enabled: true state: restarted when: - groups['rabbitmq_secondary'] is defined @@ -167,3 +184,5 @@ - name: Queue mirroring ansible.builtin.command: cmd: "rabbitmqctl set_policy ha-all -p {{ rabbitmq_vhost }} \".*\" '{\"ha-mode\":\"all\", \"ha-promote-on-shutdown\": \"when-synced\", \"ha-sync-mode\": \"automatic\"}'" + register: output + changed_when: output.rc != 0 diff --git a/roles/rabbitmq_ssl/tasks/main.yml b/roles/rabbitmq_ssl/tasks/main.yml index 3feed0e..2caa7a6 100644 --- a/roles/rabbitmq_ssl/tasks/main.yml +++ b/roles/rabbitmq_ssl/tasks/main.yml @@ -1,76 +1,72 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -- name: Create ssl directory - ansible.builtin.file: - path: "{{ rabbitmq_ssl_dir }}" - state: directory - owner: rabbitmq - group: rabbitmq - mode: "0700" +- name: Update RabbitMQ to support SSL + notify: Restart RabbitMQ + block: + - name: Create ssl directory + ansible.builtin.file: + path: "{{ rabbitmq_ssl_dir }}" + state: directory + owner: rabbitmq + group: rabbitmq + mode: "0700" -- name: Copy Server Certificate - ansible.builtin.copy: - src: "{{ role_path }}/files/server_certificate.pem" - dest: "{{ rabbitmq_ssl_dir }}/serverCert.pem" - owner: rabbitmq - group: rabbitmq - mode: "0600" + - name: Copy Server Certificate + ansible.builtin.copy: + src: "{{ role_path }}/files/server_certificate.pem" + dest: "{{ rabbitmq_ssl_dir }}/serverCert.pem" + owner: rabbitmq + group: rabbitmq + mode: "0600" -- name: Copy Server Key - ansible.builtin.copy: - src: "{{ role_path }}/files/server_key.pem" - dest: "{{ rabbitmq_ssl_dir }}/serverKey.pem" - owner: rabbitmq - group: rabbitmq - mode: "0600" + - name: Copy Server Key + ansible.builtin.copy: + src: "{{ role_path }}/files/server_key.pem" + dest: "{{ rabbitmq_ssl_dir }}/serverKey.pem" + owner: rabbitmq + group: rabbitmq + mode: "0600" -- name: Copy CA Certificate - ansible.builtin.copy: - src: "{{ role_path }}/files/ca_certificate.pem" - dest: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" - owner: rabbitmq - group: rabbitmq - mode: "0600" + - name: Copy CA Certificate + ansible.builtin.copy: + src: "{{ role_path }}/files/ca_certificate.pem" + dest: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" + owner: rabbitmq + group: rabbitmq + mode: "0600" -# Modify many lines on the config file for the SSL settings -- name: Modify rabbitmq config with SSL settings - ansible.builtin.lineinfile: - path: "{{ rabbitmq_config }}" - regexp: ^\s*#\s*{{ item.name }}.*$ - line: "{{ item.name }} = {{ item.value }} " - insertafter: ^\s*#\s*{{ item.name }}.*$ - firstmatch: true - with_items: - - { name: "listeners.ssl.1", value: "{{ rabbitmq_ssl_port }}" } - - { name: "listeners.tcp", value: "none" } - - { name: "ssl_options.cacertfile", value: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" } - - { name: "ssl_options.certfile", value: "{{ rabbitmq_ssl_dir }}/serverCert.pem" } - - { name: "ssl_options.keyfile", value: "{{ rabbitmq_ssl_dir }}/serverKey.pem" } - - { name: "management.ssl.port", value: "15671" } - - { name: "management.ssl.cacertfile", value: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" } - - { name: "management.ssl.certfile", value: "{{ rabbitmq_ssl_dir }}/serverCert.pem" } - - { name: "management.ssl.keyfile", value: "{{ rabbitmq_ssl_dir }}/serverKey.pem" } + # Modify many lines on the config file for the SSL settings + - name: Modify rabbitmq config with SSL settings + ansible.builtin.lineinfile: + path: "{{ rabbitmq_config }}" + regexp: ^\s*#\s*{{ item.name }}.*$ + line: "{{ item.name }} = {{ item.value }} " + insertafter: ^\s*#\s*{{ item.name }}.*$ + firstmatch: true + with_items: + - { name: "listeners.ssl.1", value: "{{ rabbitmq_ssl_port }}" } + - { name: "listeners.tcp", value: "none" } + - { name: "ssl_options.cacertfile", value: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" } + - { name: "ssl_options.certfile", value: "{{ rabbitmq_ssl_dir }}/serverCert.pem" } + - { name: "ssl_options.keyfile", value: "{{ rabbitmq_ssl_dir }}/serverKey.pem" } + - { name: "management.ssl.port", value: "15671" } + - { name: "management.ssl.cacertfile", value: "{{ rabbitmq_ssl_dir }}/ca_certificate.pem" } + - { name: "management.ssl.certfile", value: "{{ rabbitmq_ssl_dir }}/serverCert.pem" } + - { name: "management.ssl.keyfile", value: "{{ rabbitmq_ssl_dir }}/serverKey.pem" } -# Check if firewalld is running, if it is then open the appropriate ports -- name: Gather service facts - ansible.builtin.service_facts: + # Check if firewalld is running, if it is then open the appropriate ports + - name: Gather service facts + ansible.builtin.service_facts: -- name: Open Port on FirewallD Public Zone - ansible.posix.firewalld: - port: "{{ rabbitmq_ssl_port }}/tcp" - permanent: yes - state: enabled - zone: public - immediate: yes - when: - - ansible_facts.services["firewalld.service"] is defined - - (ansible_facts.services["firewalld.service"].state == "running") - - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true - -- name: Restart rabbitmq - ansible.builtin.systemd: - name: rabbitmq-server - enabled: yes - state: restarted + - name: Open Port on FirewallD Public Zone + ansible.posix.firewalld: + port: "{{ rabbitmq_ssl_port }}/tcp" + permanent: true + state: enabled + zone: public + immediate: true + when: + - ansible_facts.services["firewalld.service"] is defined + - ansible_facts.services["firewalld.service"].state == "running" + - ansible_facts.services["firewalld.service"].status == "enabled" diff --git a/roles/redis/handlers/main.yml b/roles/redis/handlers/main.yml index b0ebef0..0101def 100644 --- a/roles/redis/handlers/main.yml +++ b/roles/redis/handlers/main.yml @@ -4,11 +4,11 @@ - name: Restart Redis ansible.builtin.systemd: name: redis - enabled: yes + enabled: true state: restarted - name: Restart Sentinel ansible.builtin.systemd: name: redis-sentinel - enabled: yes + enabled: true state: restarted diff --git a/roles/redis/tasks/download-packages.yml b/roles/redis/tasks/download-packages.yml index 9cd08bc..1872feb 100644 --- a/roles/redis/tasks/download-packages.yml +++ b/roles/redis/tasks/download-packages.yml @@ -29,14 +29,14 @@ when: redis_install_method == "remi_repo" block: - name: Install EPEL repo - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ epel_repo_url }}" state: present update_cache: true disable_gpg_check: true - name: Install Remi repo - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ redis_repo_url[ansible_distribution_major_version] }}" state: present disable_gpg_check: true diff --git a/roles/redis/tasks/main.yml b/roles/redis/tasks/main.yml index 4e2ad65..013eeca 100644 --- a/roles/redis/tasks/main.yml +++ b/roles/redis/tasks/main.yml @@ -26,6 +26,7 @@ name: selinux - name: Install Redis + tags: install_redis block: - name: Include tasks to install Redis (online) when: not offline_install @@ -45,7 +46,6 @@ ansible.builtin.include_tasks: file: redis-offline.yml when: offline_install - tags: install_redis - name: Ensure the directories for the config exists ansible.builtin.file: @@ -79,7 +79,6 @@ - ansible_facts.services["firewalld.service"] is defined - (ansible_facts.services["firewalld.service"].state == "running") - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true - name: Enable redis throttle: 1 @@ -91,7 +90,7 @@ - name: Determine redis version ansible.builtin.shell: - cmd: redis-server --version | cut -d" " -f3 | cut -d"=" -f2 + cmd: set -o pipefail && redis-server --version | cut -d" " -f3 | cut -d"=" -f2 register: result check_mode: false changed_when: false @@ -106,3 +105,4 @@ path: "{{ itential_release_file }}" line: "REDIS={{ redis_server_version }}" create: true + mode: "0644" diff --git a/roles/redis/tasks/redis-offline.yml b/roles/redis/tasks/redis-offline.yml index bac1e5a..46ba18a 100644 --- a/roles/redis/tasks/redis-offline.yml +++ b/roles/redis/tasks/redis-offline.yml @@ -2,12 +2,12 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install Redis rpms + tags: offline_install_rpms block: - name: Install Redis rpms ansible.builtin.import_role: name: offline tasks_from: install-rpms - tags: offline_install_rpms - name: Include tasks to install Redis from source ansible.builtin.include_tasks: diff --git a/roles/redis/tasks/redis-using-remi-repo.yml b/roles/redis/tasks/redis-using-remi-repo.yml index 76d152d..e78620d 100644 --- a/roles/redis/tasks/redis-using-remi-repo.yml +++ b/roles/redis/tasks/redis-using-remi-repo.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install EPEL repo - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ epel_repo_url }}" state: present update_cache: true @@ -22,4 +22,4 @@ name: '{{ redis_packages[ansible_distribution_major_version] }}' state: present update_cache: true - enablerepo: remi \ No newline at end of file + enablerepo: remi diff --git a/roles/redis/tasks/redis-using-source.yml b/roles/redis/tasks/redis-using-source.yml index eaea549..00c2067 100644 --- a/roles/redis/tasks/redis-using-source.yml +++ b/roles/redis/tasks/redis-using-source.yml @@ -40,7 +40,6 @@ - name: Set the Redis build directory ansible.builtin.set_fact: redis_build_dir: "{{ unarchive_result.src.split('.tar.gz')[0] }}" - when: unarchive_result.changed - name: Offline install when: offline_install @@ -68,14 +67,13 @@ - name: Set the Redis build directory ansible.builtin.set_fact: redis_build_dir: "{{ unarchive_result.src.split('.tar.gz')[0] }}" - when: unarchive_result.changed - name: Make Redis - ansible.builtin.make: + community.general.make: chdir: "{{ redis_build_dir }}" target: install params: - USE_SYSTEMD: yes + USE_SYSTEMD: true tags: make_redis - name: Remove temporary working directory diff --git a/roles/redis/tasks/redis-using-yum.yml b/roles/redis/tasks/redis-using-yum.yml index e13f910..3e14f92 100644 --- a/roles/redis/tasks/redis-using-yum.yml +++ b/roles/redis/tasks/redis-using-yum.yml @@ -3,7 +3,7 @@ --- # This task will install a remi RPM as the repo - name: Install remi RPM - ansible.builtin.yum: + ansible.builtin.dnf: update_cache: true name: "{{ redis_repo_url[ansible_distribution_major_version] }}" state: present @@ -13,7 +13,7 @@ # enabling control of the redis version to the release files where there is a # mapping of "versions" to RPM locations. - name: Install Redis RPM - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ redis_packages[ansible_distribution_major_version] }}" state: present enablerepo: remi-modular diff --git a/roles/redis/vars/release-2021.1.yml b/roles/redis/vars/release-2021.1.yml index b277d5a..741e877 100644 --- a/roles/redis/vars/release-2021.1.yml +++ b/roles/redis/vars/release-2021.1.yml @@ -3,7 +3,7 @@ --- # The keys here are intended to represent the Redhat/Rocky/Centos major version -# The redis_packages and redis_repo_url are used when the +# The redis_packages and redis_repo_url are used when the # redis_install_method is set to 'remi_repo' redis_packages: "7": diff --git a/roles/redis/vars/release-2021.2.yml b/roles/redis/vars/release-2021.2.yml index cbc4253..e7d2701 100644 --- a/roles/redis/vars/release-2021.2.yml +++ b/roles/redis/vars/release-2021.2.yml @@ -3,7 +3,7 @@ --- # The keys here are intended to represent the Redhat/Rocky/Centos major version -# The redis_packages and redis_repo_url are used when the +# The redis_packages and redis_repo_url are used when the # redis_install_method is set to 'remi_repo' redis_packages: "7": diff --git a/roles/redis/vars/release-2022.1.yml b/roles/redis/vars/release-2022.1.yml index c744b9a..84392e3 100644 --- a/roles/redis/vars/release-2022.1.yml +++ b/roles/redis/vars/release-2022.1.yml @@ -3,7 +3,7 @@ --- # The keys here are intended to represent the Redhat/Rocky/Centos major version -# The redis_packages and redis_repo_url are used when the +# The redis_packages and redis_repo_url are used when the # redis_install_method is set to 'remi_repo' redis_packages: "7": diff --git a/roles/redis/vars/release-2023.1.yml b/roles/redis/vars/release-2023.1.yml index 85c0ed6..551a28f 100644 --- a/roles/redis/vars/release-2023.1.yml +++ b/roles/redis/vars/release-2023.1.yml @@ -3,12 +3,12 @@ --- # The keys here are intended to represent the Redhat/Rocky/Centos major version -# The redis_packages and redis_repo_url are used when the +# The redis_packages and redis_repo_url are used when the # redis_install_method is set to 'remi_repo' redis_packages: - "8": + "8": - "@redis:remi-7.0" - "9": + "9": - "@redis:remi-7.0" redis_repo_url: diff --git a/roles/redis/vars/release-2023.2.yml b/roles/redis/vars/release-2023.2.yml index 42a1014..b4829b0 100644 --- a/roles/redis/vars/release-2023.2.yml +++ b/roles/redis/vars/release-2023.2.yml @@ -3,7 +3,7 @@ --- # The keys here are intended to represent the Redhat/Rocky/Centos major version -# The redis_packages and redis_repo_url are used when the +# The redis_packages and redis_repo_url are used when the # redis_install_method is set to 'remi_repo' redis_packages: "8": diff --git a/roles/redis_auth/defaults/main.yml b/roles/redis_auth/defaults/main.yml deleted file mode 100644 index 6181765..0000000 --- a/roles/redis_auth/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -# Copyright (c) 2024, Itential, Inc -# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) ---- \ No newline at end of file diff --git a/roles/redis_auth/tasks/main.yml b/roles/redis_auth/tasks/main.yml index b6a48d3..faadd8d 100644 --- a/roles/redis_auth/tasks/main.yml +++ b/roles/redis_auth/tasks/main.yml @@ -1,80 +1,77 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -# The authorization users are already included in the redis.conf file from the -# role that installed redis. This task is simply uncommenting those lines to -# enable/disable the necessary users. -- name: Disable "default" user, enable other users - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: ^#\s({{ item }}.*)$ - line: \1 - backrefs: true - with_items: - - user default - - user admin - - user itential - - user repluser - - user sentineluser - -# When auth is turned on its required to use a specially designed user who -# has the required permissions to perform the replication. -- name: Modify redis.conf to add replication user (if required) - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: "# masteruser " - line: "masteruser repluser" - when: redis_replication | bool - -- name: Modify redis.conf to add replication user's password (if required) - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: "# masterauth " - line: "masterauth {{ redis_user_repluser_password }}" - when: redis_replication | bool - -- name: Restart Redis - command: /bin/true +- name: Update Redis configuration notify: Restart Redis + block: + # The authorization users are already included in the redis.conf file from the + # role that installed redis. This task is simply uncommenting those lines to + # enable/disable the necessary users. + - name: Disable "default" user, enable other users + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: ^#\s({{ item }}.*)$ + line: \1 + backrefs: true + with_items: + - user default + - user admin + - user itential + - user repluser + - user sentineluser -# Starting in Redis 7.0 the default user was being automatically inserted -# into the redis.conf when missing. This will remove that extra line -# when auth is enabled to avoid a configuration error that will prevent -# Redis from starting. -- name: Modify redis.conf and remove any extra default user lines - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: "user default on nopass.+$" - state: absent - when: redis_replication | bool + # When auth is turned on its required to use a specially designed user who + # has the required permissions to perform the replication. + - name: Modify redis.conf to add replication user (if required) + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: "# masteruser " + line: "masteruser repluser" + when: redis_replication | bool -# Starting in Redis 7.0 the default user was being automatically inserted -# into the sentinel.conf when missing. This will remove that extra line -# when auth is enabled to avoid a configuration error that will prevent -# Redis from starting. -- name: Modify sentinel.conf and remove any extra default user lines - ansible.builtin.lineinfile: - path: "{{ redis_sentinel_conf_file }}" - regexp: "user default on nopass.+$" - state: absent - when: redis_replication | bool + - name: Modify redis.conf to add replication user's password (if required) + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: "# masterauth " + line: "masterauth {{ redis_user_repluser_password }}" + when: redis_replication | bool -# The authorization users are already included in the sentinel.conf file from -# the role that installed redis. This task is simply uncommenting those lines -# to enable/disable the necessary sentinel users. -- name: Disable "default" user, enable other sentinel users - ansible.builtin.lineinfile: - path: "{{ redis_sentinel_conf_file }}" - regexp: ^#\s({{ item }}.*)$ - line: '\1' - backrefs: true - with_items: - - user default - - user admin - - user sentineluser - when: redis_replication | bool + # Starting in Redis 7.0 the default user was being automatically inserted + # into the redis.conf when missing. This will remove that extra line + # when auth is enabled to avoid a configuration error that will prevent + # Redis from starting. + - name: Modify redis.conf and remove any extra default user lines + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: "user default on nopass.+$" + state: absent + when: redis_replication | bool -- name: Restart Sentinel - command: /bin/true +- name: Update Redis Sentinel configuration notify: Restart Sentinel - when: redis_replication | bool + block: + # Starting in Redis 7.0 the default user was being automatically inserted + # into the sentinel.conf when missing. This will remove that extra line + # when auth is enabled to avoid a configuration error that will prevent + # Redis from starting. + - name: Modify sentinel.conf and remove any extra default user lines + ansible.builtin.lineinfile: + path: "{{ redis_sentinel_conf_file }}" + regexp: "user default on nopass.+$" + state: absent + when: redis_replication | bool + + # The authorization users are already included in the sentinel.conf file from + # the role that installed redis. This task is simply uncommenting those lines + # to enable/disable the necessary sentinel users. + - name: Disable "default" user, enable other sentinel users + ansible.builtin.lineinfile: + path: "{{ redis_sentinel_conf_file }}" + regexp: ^#\s({{ item }}.*)$ + line: '\1' + backrefs: true + with_items: + - user default + - user admin + - user sentineluser + when: redis_replication | bool diff --git a/roles/redis_replication/tasks/main.yml b/roles/redis_replication/tasks/main.yml index 906c185..dddf5a5 100644 --- a/roles/redis_replication/tasks/main.yml +++ b/roles/redis_replication/tasks/main.yml @@ -1,78 +1,74 @@ # Copyright (c) 2024, Itential, Inc # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- -- name: Use template to generate sentinel.conf - ansible.builtin.template: - src: sentinel.conf.j2 - dest: "{{ redis_sentinel_conf_file }}" - owner: "{{ redis_owner }}" - group: "{{ redis_group }}" - mode: 0640 - backup: true - when: - - groups['redis'] is defined - - inventory_hostname in groups['redis'] - vars: - master_name: "{{ hostvars[ groups['redis'][0] ].inventory_hostname }}" +- name: Configure Redis clustering + notify: + - Restart Redis + - Restart Sentinel + block: + - name: Use template to generate sentinel.conf + ansible.builtin.template: + src: sentinel.conf.j2 + dest: "{{ redis_sentinel_conf_file }}" + owner: "{{ redis_owner }}" + group: "{{ redis_group }}" + mode: "0640" + backup: true + when: + - groups['redis'] is defined + - inventory_hostname in groups['redis'] + vars: + master_name: "{{ hostvars[groups['redis'][0]].inventory_hostname }}" -- name: Use template to generate sentinel.conf for secondary DR - ansible.builtin.template: - src: sentinel.conf.j2 - dest: "{{ redis_sentinel_conf_file }}" - owner: "{{ redis_owner }}" - group: "{{ redis_group }}" - mode: 0640 - backup: true - when: - - groups['redis_secondary'] is defined - - inventory_hostname in groups['redis_secondary'] - vars: - master_name: "{{ hostvars[ groups['redis_secondary'][0] ].inventory_hostname }}" + - name: Use template to generate sentinel.conf for secondary DR + ansible.builtin.template: + src: sentinel.conf.j2 + dest: "{{ redis_sentinel_conf_file }}" + owner: "{{ redis_owner }}" + group: "{{ redis_group }}" + mode: "0640" + backup: true + when: + - groups['redis_secondary'] is defined + - inventory_hostname in groups['redis_secondary'] + vars: + master_name: "{{ hostvars[groups['redis_secondary'][0]].inventory_hostname }}" -# Only the replicas should have this "replicaof" config line. The first host -# defined in the hosts file is chosen as the Redis primary, so, this should -# only happen on the others, not the first. -- name: Update replicaof line for all replicas redis.conf files - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: "# replicaof " - line: "replicaof {{ hostvars[ groups['redis'][0] ].inventory_hostname }} 6379" - when: - - groups['redis'] is defined - - inventory_hostname in groups['redis'] - - inventory_hostname not in groups['redis'][0] + # Only the replicas should have this "replicaof" config line. The first host + # defined in the hosts file is chosen as the Redis primary, so, this should + # only happen on the others, not the first. + - name: Update replicaof line for all replicas redis.conf files + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: "# replicaof " + line: "replicaof {{ hostvars[groups['redis'][0]].inventory_hostname }} 6379" + when: + - groups['redis'] is defined + - inventory_hostname in groups['redis'] + - inventory_hostname not in groups['redis'][0] -- name: Update replicaof line for all replicas redis.conf files for secondary DR - ansible.builtin.lineinfile: - path: "{{ redis_conf_file }}" - regexp: "# replicaof " - line: "replicaof {{ hostvars[ groups['redis_secondary'][0] ].inventory_hostname }} 6379" - when: - - groups['redis_secondary'] is defined - - inventory_hostname in groups['redis_secondary'] - - inventory_hostname not in groups['redis_secondary'][0] + - name: Update replicaof line for all replicas redis.conf files for secondary DR + ansible.builtin.lineinfile: + path: "{{ redis_conf_file }}" + regexp: "# replicaof " + line: "replicaof {{ hostvars[groups['redis_secondary'][0]].inventory_hostname }} 6379" + when: + - groups['redis_secondary'] is defined + - inventory_hostname in groups['redis_secondary'] + - inventory_hostname not in groups['redis_secondary'][0] -# Check if firewalld is running, if it is then open the appropriate ports -- name: Gather service facts - ansible.builtin.service_facts: + # Check if firewalld is running, if it is then open the appropriate ports + - name: Gather service facts + ansible.builtin.service_facts: -- name: Open Port on FirewallD Public Zone - ansible.posix.firewalld: - port: "{{ redis_sentinel_port }}/tcp" - permanent: yes - state: enabled - zone: public - immediate: yes - when: - - ansible_facts.services["firewalld.service"] is defined - - (ansible_facts.services["firewalld.service"].state == "running") - - (ansible_facts.services["firewalld.service"].status == "enabled") - ignore_errors: true - -- name: Restart Redis - command: /bin/true - notify: Restart Redis - -- name: Restart Sentinel - command: /bin/true - notify: Restart Sentinel \ No newline at end of file + - name: Open Port on FirewallD Public Zone + ansible.posix.firewalld: + port: "{{ redis_sentinel_port }}/tcp" + permanent: true + state: enabled + zone: public + immediate: true + when: + - ansible_facts.services["firewalld.service"] is defined + - (ansible_facts.services["firewalld.service"].state == "running") + - (ansible_facts.services["firewalld.service"].status == "enabled") diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index bccf23b..ab3f7e9 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -79,9 +79,10 @@ daemon_reload: true - name: Capture vault version - ansible.builtin.shell: + ansible.builtin.command: cmd: vault --version register: vault_installed_version + changed_when: vault_installed_version.rc != 0 - name: Update release file with vault version ansible.builtin.lineinfile: diff --git a/roles/vault/tasks/vault-online.yml b/roles/vault/tasks/vault-online.yml index ef48a40..f6f3ed3 100644 --- a/roles/vault/tasks/vault-online.yml +++ b/roles/vault/tasks/vault-online.yml @@ -2,7 +2,7 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: Install yum-config-manager - ansible.builtin.yum: + ansible.builtin.dnf: name: yum-utils state: present update_cache: true @@ -17,7 +17,7 @@ when: install_yum_repos | bool - name: Install vault - ansible.builtin.yum: + ansible.builtin.dnf: name: "{{ vault_version }}" update_cache: true state: present diff --git a/roles/vault/vars/main.yml b/roles/vault/vars/main.yml index 52238a3..dff5756 100644 --- a/roles/vault/vars/main.yml +++ b/roles/vault/vars/main.yml @@ -2,4 +2,4 @@ # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) --- # Vault version to install -vault_version: vault-1.11.4 \ No newline at end of file +vault_version: vault-1.11.4