chore: ansible-lint cleanup (#61)

.ansible-lint-ignore

@@ -0,0 +1,20 @@
+# This file contains ignores rule violations for ansible-lint
+
+# These are very low level, so we keep their wrong names for now
+roles/base/defaults/main.yml var-naming[no-role-prefix]
+roles/core/defaults/main.yml var-naming[no-role-prefix]
+roles/files/defaults/main.yml var-naming[no-role-prefix]
+
+# This can probably be renamed without as much effort
+roles/git_clone/defaults/main.yml var-naming[no-role-prefix]
+
+# We should make this configurable and default to 644
+roles/git_clone/tasks/main.yml risky-file-permissions
+
+# These should be fixed at some point
+roles/local_user/tasks/main.yml ignore-errors
+roles/local_user/tasks/main.yml no-changed-when
+
+# We should start writing changelogs at some point
+galaxy.yml galaxy[no-changelog]
+

.ansible-lint.yml

@@ -0,0 +1,8 @@
+---
+exclude_paths:
+  - .github/
+  - venv/
+write_list:
+  - all
+warn_list:
+  - meta-runtime[unsupported-version]

.github/workflows/release.yaml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   call-workflow:
-    uses: radiorabe/actions/.github/workflows/release-ansible-collection.yaml@v0.22.0
+    uses: radiorabe/actions/.github/workflows/release-ansible-collection.yaml@v0.26.0
     secrets:
       GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}

.github/workflows/semantic-release.yaml

@@ -7,6 +7,6 @@ on:
 
 jobs:
   call-workflow:
-    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@v0.22.0
+    uses: radiorabe/actions/.github/workflows/semantic-release.yaml@v0.26.0
     secrets:
       RABE_ITREAKTION_GITHUB_TOKEN: ${{ secrets.RABE_ITREAKTION_GITHUB_TOKEN }}

.github/workflows/test.yaml

@@ -7,4 +7,4 @@ on:
 
 jobs:
   call-workflow:
-    uses: radiorabe/actions/.github/workflows/test-ansible-collection.yaml@v0.22.0
+    uses: radiorabe/actions/.github/workflows/test-ansible-collection.yaml@v0.26.0

galaxy.yml

@@ -1,3 +1,4 @@
+---
 namespace: radiorabe
 name: common
 version: 0.0.0
@@ -10,6 +11,8 @@ tags:
   - radiorabe
   - foreman
   - common
+  - infrastructure
+  - tools
 dependencies: {}
 repository: https://github.com/radiorabe/ansible-collection-common
 documentation: https://github.com/radiorabe/ansible-collection-common/blob/main/README.md

meta/runtime.yml

@@ -1 +1,2 @@
-requires_ansible: ">=2.11,<2.17"
+---
+requires_ansible: ">=2.14,<2.17"

roles/base/defaults/main.yml

@@ -1,7 +1,8 @@
+---
 # defaults for radiorabe.common.base
 
-radiorabe_base_mail_noreply: 'noreply@{{ radiorabe_core_hostname }}'
+radiorabe_base_mail_noreply: "noreply@{{ radiorabe_core_hostname }}"
 
-radiorabe_base_foreman_host: 'foreman.service.{{ radiorabe_core_int_hostname }}'
+radiorabe_base_foreman_host: "foreman.service.{{ radiorabe_core_int_hostname }}"
 
-radiorabe_base_foreman_url: 'https://{{ radiorabe_base_foreman_host }}'
+radiorabe_base_foreman_url: "https://{{ radiorabe_base_foreman_host }}"

roles/base/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Defines minimal facts that are not OS specific for use in other roles.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/base/tasks/main.yml

@@ -3,6 +3,6 @@
 
 - name: RaBe Base | set base facts
   ansible.builtin.set_fact:
-    radiorabe_base_mail_noreply: '{{ radiorabe_base_mail_noreply }}'
-    radiorabe_base_foreman_host: '{{ radiorabe_base_foreman_host }}'
-    radiorabe_base_foreman_url: '{{ radiorabe_base_foreman_url }}'
+    radiorabe_base_mail_noreply: "{{ radiorabe_base_mail_noreply }}"
+    radiorabe_base_foreman_host: "{{ radiorabe_base_foreman_host }}"
+    radiorabe_base_foreman_url: "{{ radiorabe_base_foreman_url }}"

roles/core/defaults/main.yml

@@ -1,11 +1,12 @@
+---
 # defaults for radiorabe.common.core
 
-radiorabe_core_hostname: 'rabe.ch'
+radiorabe_core_hostname: "rabe.ch"
 
-radiorabe_core_int_hostname: 'int.{{ radiorabe_core_hostname }}'
+radiorabe_core_int_hostname: "int.{{ radiorabe_core_hostname }}"
 
-radiorabe_core_realm: '{{ radiorabe_core_int_hostname | upper }}'
+radiorabe_core_realm: "{{ radiorabe_core_int_hostname | upper }}"
 
-radiorabe_core_admin_name: 'RaBe IT-Reaktion'
+radiorabe_core_admin_name: "RaBe IT-Reaktion"
 
-radiorabe_core_admin_mail: 'it@{{ radiorabe_core_hostname }}'
+radiorabe_core_admin_mail: "it@{{ radiorabe_core_hostname }}"

roles/core/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Defines a baseline set of variables for use in other roles.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/download_file/defaults/main.yml

@@ -2,4 +2,5 @@
 # defaults file for download_file
 download_file_url: https://rabe.ch/wp-content/uploads/2016/07/favicon.ico
 download_file_destination: /tmp/
+download_file_mode: "0644"
 download_file_locally: false

roles/download_file/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Download file
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/download_file/tasks/main.yml

@@ -4,4 +4,5 @@
   ansible.builtin.get_url:
     url: "{{ download_file_url }}"
     dest: "{{ download_file_destination }}"
+    mode: "{{ download_file_mode }}"
   delegate_to: "{{ '127.0.0.1' if download_file_locally else omit }}"

roles/download_file/tests/test.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test download_file role
+  hosts: localhost
   remote_user: root
   roles:
     - download_file

roles/files/defaults/main.yml

@@ -1,3 +1,4 @@
+---
 # defaults for radiorabe.common.file
 
 radiorabe_files: []

roles/files/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Allow managing a bunch of static files.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/files/tasks/main.yml

@@ -1,10 +1,10 @@
 ---
 # tasks file for radiorabe.common.files
 
-- name: 'RaBe Base : File : Manage files'
-  ansible.builtin.file: '{{ item }}'
-  with_items: '{{ radiorabe_files }}'
+- name: "RaBe Base : File : Manage files"
+  ansible.builtin.file: "{{ item }}" # noqa: args
+  with_items: "{{ radiorabe_files }}"
 
-- name: 'RaBe Base : File : Copy files'
-  ansible.builtin.copy: '{{ item }}'
-  with_items: '{{ radiorabe_copies }}'
+- name: "RaBe Base : File : Copy files"
+  ansible.builtin.copy: "{{ item }}" # noqa: risky-file-permissions
+  with_items: "{{ radiorabe_copies }}"

roles/git_clone/defaults/main.yml

@@ -1,5 +1,6 @@
+---
 # defaults for radiorabe.common.git
 
 radiorabe_git_clone: []
 radiorabe_git_local_clone: false
-radiorabe_git_clone_remote_dest: ''
+radiorabe_git_clone_remote_dest: ""

roles/git_clone/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Clone git repository.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/git_clone/tasks/main.yml

@@ -1,14 +1,14 @@
 ---
 # tasks file for radiorabe.common.git
 
-- name: "RaBe Common : git_clone : Clone git repository {{ 'locally' if radiorabe_git_local_clone else 'on remote host'}}"
-  ansible.builtin.git: '{{ item }}'
-  with_items: '{{ radiorabe_git_clone }}'
+- name: "RaBe Common : git_clone : Clone git repository {{ 'locally' if radiorabe_git_local_clone else 'on remote host' }}"
+  ansible.builtin.git: "{{ item }}" # noqa: latest args
+  with_items: "{{ radiorabe_git_clone }}"
   delegate_to: "{{ '127.0.0.1' if radiorabe_git_local_clone else omit }}"
 
-- name: 'RaBe Common : git_clone : Copy files to remote'
-  ansible.builtin.copy: 
-    src: '{{ item.dest }}/'
-    dest: '{{ radiorabe_git_clone_remote_dest }}/'
-  with_items: '{{ radiorabe_git_clone }}'
-  when: radiorabe_git_local_clone == true  
+- name: "RaBe Common : git_clone : Copy files to remote"
+  ansible.builtin.copy:
+    src: "{{ item.dest }}/"
+    dest: "{{ radiorabe_git_clone_remote_dest }}/"
+  with_items: "{{ radiorabe_git_clone }}"
+  when: radiorabe_git_local_clone

roles/local_user/defaults/main.yml

@@ -1,8 +1,9 @@
+---
 # defaults for radiorabe.common.local_user
 
-local_user_additional_groups: ''
+local_user_additional_groups: ""
 local_user_create_home: false
-local_user_groupname: ''
-local_user_home_directory: ''
-local_user_shell: ''
+local_user_groupname: ""
+local_user_home_directory: ""
+local_user_shell: ""
 local_user_system: false

roles/local_user/meta/main.yml

@@ -1,9 +1,10 @@
+---
 galaxy_info:
   author: RaBe IT-Reaktion
   description: Allow managing of local users.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
-  min_ansible_version: '2.9'
+  min_ansible_version: "2.14"
   platforms:
     - name: EL
       versions:

roles/local_user/tasks/main.yml

@@ -1,51 +1,46 @@
 ---
 # tasks file for radiorabe.common.local_user
 
-- name: 'Get {{ local_user_username }} user info'
+- name: "Get user info for {{ local_user_username }}"
   ansible.builtin.getent:
     database: passwd
-    key: '{{ local_user_username }}'
+    key: "{{ local_user_username }}"
   ignore_errors: true
 
-- name: 'Get {{ local_user_groupname }} group'
+- name: "Get group info for {{ local_user_groupname }}"
   ansible.builtin.getent:
     database: group
-    key: '{{ local_user_groupname }}'
+    key: "{{ local_user_groupname }}"
   ignore_errors: true
 
-- name: 'Add group when does not exist'
+- name: "Add group when does not exist"
   become: true
-  command: groupadd {{ local_user_groupname }}
-  when: 
-    ansible_facts.getent_group is undefined and
-    local_user_groupname != ''
+  ansible.builtin.command: groupadd {{ local_user_groupname }}
+  when: ansible_facts.getent_group is undefined and local_user_groupname != ''
 
-- name: 'Add user and group when does not exist'
+- name: "Add user and group when does not exist"
   become: true
   ansible.builtin.command:
-    argv: "{{ cmd_argv |
-      zip(cmd_argv_switch) | 
-      selectattr('1') | 
-      map(attribute='0') | list  }}"
+    argv: "{{ cmd_argv | zip(cmd_argv_switch) | selectattr('1') | map(attribute='0') | list }}"
   vars:
     cmd_argv:
-      - 'useradd'
-      - '--create-home'
+      - "useradd"
+      - "--create-home"
       - '--groups="{{ local_user_additional_groups }}"'
       - '--gid="{{ local_user_groupname }}"'
       - '--home-dir="{{ local_user_home_directory }}"'
       - '--shell="{{ local_user_shell }}"'
-      - '--system'
-      - '--add-subids-for-system'
-      - '{{ local_user_username }}'
+      - "--system"
+      - "--add-subids-for-system"
+      - "{{ local_user_username }}"
     cmd_argv_switch:
       - true
-      - '{{ local_user_create_home }}'
+      - "{{ local_user_create_home }}"
       - '{{ local_user_additional_groups != "" }}'
       - '{{ local_user_groupname != "" }}'
       - '{{ local_user_home_directory != "" }}'
       - '{{ local_user_shell != "" }}'
-      - '{{ local_user_system }}'
-      - '{{ local_user_system }}'
+      - "{{ local_user_system }}"
+      - "{{ local_user_system }}"
       - true
   when: ansible_facts.getent_passwd is undefined