ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added pre-commit configuration for ansible-lint (#93)

Browse Source 
Co-authored-by: willtome <wtome@redhat.com>
This commit is contained in:
Chris Edillon
2023-09-25 15:56:11 -04:00
committed by GitHub
parent d7e9ad637b
commit 2ee334f6b3
42 changed files with 187 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.ansible-lint
View File

@@ -1,4 +1,12 @@
--- ---
profile: production
offline: false
skip_list:
- "galaxy[no-changelog]"
exclude_paths: exclude_paths:
# would be better to move the roles here to the top-level roles directory
- collections/ansible_collections/demo/compliance/roles/ - collections/ansible_collections/demo/compliance/roles/
- roles/redhatofficial.*
- .github/ - .github/

3
.devfile.yaml
View File

@@ -1,10 +1,11 @@
---
schemaVersion: 2.2.0 schemaVersion: 2.2.0
metadata: metadata:
name: product-demos name: product-demos
components: components:
- name: product-demos-ee - name: product-demos-ee
container: container:
image: quay.io/mloriedo/ansible-creator-ee:latest # workaround for https://github.com/eclipse/che/issues/21778 image: quay.io/mloriedo/ansible-creator-ee:latest # workaround for https://github.com/eclipse/che/issues/21778
memoryRequest: 256M memoryRequest: 256M
memoryLimit: 5Gi memoryLimit: 5Gi
cpuRequest: 250m cpuRequest: 250m

14
.github/workflows/ansible-lint.yml vendored
View File

@@ -5,21 +5,13 @@ on:
- pull_request_target - pull_request_target
env: env:
ANSIBLE_GALAXY_SERVER_LIST: ah,galaxy
ANSIBLE_GALAXY_SERVER_AH_URL: https://console.redhat.com/api/automation-hub/
ANSIBLE_GALAXY_SERVER_AH_AUTH_URL: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }} ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }}
ANSIBLE_GALAXY_SERVER_GALAXY_URL: https://galaxy.ansible.com/
jobs: jobs:
build: build:
name: Ansible Lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
# Important: This sets up your GITHUB_WORKSPACE environment variable # this action implicitly calls actions/checkout
- uses: actions/checkout@v3
with:
fetch-depth: 0 # needed for progressive mode to work
- name: Run ansible-lint - name: Run ansible-lint
uses: ansible/ansible-lint-action@v6.11.0 uses: ansible/ansible-lint@v6.18.0

16
.pre-commit-config.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/ansible/ansible-lint.git
# get latest release tag from https://github.com/ansible/ansible-lint/releases/
rev: v6.18.0
hooks:
- id: ansible-lint
additional_dependencies:
- jmespath
...

19
.yamllint Normal file
View File

@@ -0,0 +1,19 @@
---
extends: default
rules:
line-length: disable
trailing-spaces: enable
colons:
max-spaces-before: 0
max-spaces-after: -1
indentation:
level: error
indent-sequences: true # consistent with ansible-lint
truthy:
level: error
allowed-values:
- 'true'
- 'false'
...

3
ansible.cfg
View File

@@ -6,7 +6,8 @@ roles_path=./roles
server_list = ah,galaxy server_list = ah,galaxy
[galaxy_server.ah] [galaxy_server.ah]
url=https://console.redhat.com/api/automation-hub/ #url=https://cloud.redhat.com/api/automation-hub/
url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token
[galaxy_server.galaxy] [galaxy_server.galaxy]

58
cloud/create_vpc.yml
View File

@@ -46,12 +46,12 @@
rules: rules:
- proto: tcp - proto: tcp
ports: ports:
- 80 # HTTP - 80 # HTTP
- 443 # HTTPS - 443 # HTTPS
- 22 # SSH - 22 # SSH
- 5986 # WinRM - 5986 # WinRM
- 3389 # RDP - 3389 # RDP
- 9090 # Cockpit - 9090 # Cockpit
cidr_ip: 0.0.0.0/0 cidr_ip: 0.0.0.0/0
- proto: icmp - proto: icmp
to_port: -1 to_port: -1
@@ -59,32 +59,32 @@
cidr_ip: 0.0.0.0/0 cidr_ip: 0.0.0.0/0
- proto: tcp - proto: tcp
ports: ports:
- 80 # HTTP - 80 # HTTP
- 5986 # WinRM - 5986 # WinRM
- 3389 # RDP - 3389 # RDP
- 53 # DNS - 53 # DNS
- 88 # Kerberos Authentication - 88 # Kerberos Authentication
- 135 # RPC - 135 # RPC
- 139 # Netlogon - 139 # Netlogon
- 389 # LDAP - 389 # LDAP
- 445 # SMB - 445 # SMB
- 464 # Kerberos Authentication - 464 # Kerberos Authentication
- 5432 # PostgreSQL - 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS) - 636 # LDAPS (LDAP over TLS)
- 873 # Rsync - 873 # Rsync
- 3268-3269 # Global Catalog - 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports - 1024-65535 # Ephemeral RPC ports
cidr_ip: "{{ aws_vpc_cidr_block }}" cidr_ip: "{{ aws_vpc_cidr_block }}"
- proto: udp - proto: udp
ports: ports:
- 53 # DNS - 53 # DNS
- 88 # Kerberos Authentication - 88 # Kerberos Authentication
- 123 # NTP - 123 # NTP
- 137-138 # Netlogon - 137-138 # Netlogon
- 389 # LDAP - 389 # LDAP
- 445 # SMB - 445 # SMB
- 464 # Kerberos Authentication - 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports - 1024-65535 # Ephemeral RPC ports
cidr_ip: "{{ aws_vpc_cidr_block }}" cidr_ip: "{{ aws_vpc_cidr_block }}"
rules_egress: rules_egress:
- proto: -1 - proto: -1

44
cloud/setup.yml
View File

@@ -31,12 +31,12 @@ controller_credentials:
username: REPLACEME username: REPLACEME
password: REPLACEME password: REPLACEME
# - name: Azure # - name: Azure
# credential_type: Microsoft Azure Resource Manager # credential_type: Microsoft Azure Resource Manager
# organization: Default # organization: Default
# update_secrets: false # update_secrets: false
# inputs: # inputs:
# subscription: REPLACEME # subscription: REPLACEME
controller_inventory_sources: controller_inventory_sources:
- name: AWS Inventory - name: AWS Inventory
@@ -62,22 +62,22 @@ controller_inventory_sources:
- key: tags.owner - key: tags.owner
prefix: owner prefix: owner
# - name: Azure Inventory # - name: Azure Inventory
# organization: Default # organization: Default
# source: azure_rm # source: azure_rm
# inventory: Demo Inventory # inventory: Demo Inventory
# credential: Azure # credential: Azure
# execution_environment: Ansible Engine 2.9 execution environment # execution_environment: Ansible Engine 2.9 execution environment
# overwrite: true # overwrite: true
# source_vars: # source_vars:
# hostnames: # hostnames:
# - tags.Name # - tags.Name
# - default # - default
# keyed_groups: # keyed_groups:
# - key: os_profile.system # - key: os_profile.system
# prefix: os # prefix: os
# conditional_groups: # conditional_groups:
# cloud_azure: true # cloud_azure: true
controller_groups: controller_groups:
- name: cloud_aws - name: cloud_aws

56
collections/ansible_collections/demo/cloud/roles/aws/tasks/create_infra.yml
View File

@@ -31,11 +31,11 @@
rules: rules:
- proto: tcp - proto: tcp
ports: ports:
- 80 # HTTP - 80 # HTTP
- 443 # HTTPS - 443 # HTTPS
- 22 # SSH - 22 # SSH
- 5986 # WinRM - 5986 # WinRM
- 3389 # RDP - 3389 # RDP
cidr_ip: 0.0.0.0/0 cidr_ip: 0.0.0.0/0
- proto: icmp - proto: icmp
to_port: -1 to_port: -1
@@ -43,32 +43,32 @@
cidr_ip: 0.0.0.0/0 cidr_ip: 0.0.0.0/0
- proto: tcp - proto: tcp
ports: ports:
- 80 # HTTP - 80 # HTTP
- 5986 # WinRM - 5986 # WinRM
- 3389 # RDP - 3389 # RDP
- 53 # DNS - 53 # DNS
- 88 # Kerberos Authentication - 88 # Kerberos Authentication
- 135 # RPC - 135 # RPC
- 139 # Netlogon - 139 # Netlogon
- 389 # LDAP - 389 # LDAP
- 445 # SMB - 445 # SMB
- 464 # Kerberos Authentication - 464 # Kerberos Authentication
- 5432 # PostgreSQL - 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS) - 636 # LDAPS (LDAP over TLS)
- 873 # Rsync - 873 # Rsync
- 3268-3269 # Global Catalog - 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports - 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16 cidr_ip: 10.0.0.0/16
- proto: udp - proto: udp
ports: ports:
- 53 # DNS - 53 # DNS
- 88 # Kerberos Authentication - 88 # Kerberos Authentication
- 123 # NTP - 123 # NTP
- 137-138 # Netlogon - 137-138 # Netlogon
- 389 # LDAP - 389 # LDAP
- 445 # SMB - 445 # SMB
- 464 # Kerberos Authentication - 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports - 1024-65535 # Ephemeral RPC ports
cidr_ip: 10.0.0.0/16 cidr_ip: 10.0.0.0/16
rules_egress: rules_egress:
- proto: -1 - proto: -1

1
collections/ansible_collections/demo/cloud/roles/aws/vars/snapshot_vm.yml
View File

@@ -1,3 +1,4 @@
---
# Set stat_snapshots with model: # Set stat_snapshots with model:
# [ # [
# { # {

1
collections/ansible_collections/demo/patching/roles/build_report_network/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create web directory if it does not exist - name: Create web directory if it does not exist
ansible.builtin.file: ansible.builtin.file:
path: "{{ file_path }}" path: "{{ file_path }}"

1
collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml
View File

@@ -1,3 +1,4 @@
---
file_path: "{{ web_path | default('/var/www/html/reports') }}" file_path: "{{ web_path | default('/var/www/html/reports') }}"
vendor: vendor:
ios: &my_value 'Cisco' ios: &my_value 'Cisco'

1
collections/ansible_collections/demo/patching/roles/build_report_windows/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create HTML report - name: Create HTML report
ansible.builtin.template: ansible.builtin.template:
src: report.j2 src: report.j2

1
collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml
View File

@@ -1 +1,2 @@
---
file_path: /var/www/html file_path: /var/www/html

1
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml
View File

@@ -1,3 +1,4 @@
---
email_from: tower@shadowman.dev email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev
to_emails_list: "{{ to_emails.split(',') }}" to_emails_list: "{{ to_emails.split(',') }}"

1
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create HTML report - name: Create HTML report
ansible.builtin.template: ansible.builtin.template:
src: report.j2 src: report.j2

1
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml
View File

@@ -1 +1,2 @@
---
file_path: /var/www/html file_path: /var/www/html

4
collections/ansible_collections/demo/patching/roles/patch_linux/tasks/main.yml
View File

@@ -10,7 +10,7 @@
- name: Upgrade packages (yum) - name: Upgrade packages (yum)
ansible.builtin.yum: ansible.builtin.yum:
name: '*' name: '*'
state: latest # noqa: package-latest - Intended to update packages to latest state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}" exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "yum" when: ansible_pkg_mgr == "yum"
register: patchingresult_yum register: patchingresult_yum
@@ -18,7 +18,7 @@
- name: Upgrade packages (dnf) - name: Upgrade packages (dnf)
ansible.builtin.dnf: ansible.builtin.dnf:
name: '*' name: '*'
state: latest # noqa: package-latest - Intended to update packages to latest state: latest # noqa: package-latest - Intended to update packages to latest
exclude: "{{ exclude_packages }}" exclude: "{{ exclude_packages }}"
when: ansible_pkg_mgr == "dnf" when: ansible_pkg_mgr == "dnf"
register: patchingresult_dnf register: patchingresult_dnf

1
collections/ansible_collections/demo/patching/roles/report_linux/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create HTML report - name: Create HTML report
ansible.builtin.template: ansible.builtin.template:
src: report.j2 src: report.j2

1
collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml
View File

@@ -1 +1,2 @@
---
file_path: /var/www/html/reports file_path: /var/www/html/reports

1
collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml
View File

@@ -1,3 +1,4 @@
---
email_from: tower@shadowman.dev email_from: tower@shadowman.dev
to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev
to_emails_list: "{{ to_emails.split(',') }}" to_emails_list: "{{ to_emails.split(',') }}"

1
collections/ansible_collections/demo/patching/roles/report_linux_patching/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create HTML report - name: Create HTML report
ansible.builtin.template: ansible.builtin.template:
src: report.j2 src: report.j2

1
collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml
View File

@@ -1 +1,2 @@
---
file_path: /var/www/html/reports file_path: /var/www/html/reports

1
collections/ansible_collections/demo/patching/roles/report_windows_patching/tasks/main.yml
View File

@@ -1,3 +1,4 @@
---
- name: Create HTML report - name: Create HTML report
ansible.windows.win_template: ansible.windows.win_template:
src: report.j2 src: report.j2

2
collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml
View File

@@ -1,5 +1,5 @@
--- ---
instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}" instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}"
activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}" activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}"
rex_user: root # "{{ ansible_user }}" rex_user: root # "{{ ansible_user }}"
force_register: true force_register: true

1
collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml
View File

@@ -1,3 +1,4 @@
---
foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}" foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}"
foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}" foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}"
foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}" foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}"

2
collections/requirements.yml
View File

@@ -5,6 +5,8 @@ collections:
- name: redhat_cop.controller_configuration - name: redhat_cop.controller_configuration
version: 2.3.1 version: 2.3.1
# linux # linux
- name: ansible.posix
version: 1.5.4
- name: redhat.insights - name: redhat.insights
version: 1.0.7 version: 1.0.7
- name: redhat.rhel_system_roles - name: redhat.rhel_system_roles

3
linux/deploy_application.yml
View File

@@ -21,7 +21,7 @@
register: result register: result
notify: Printing to terminal application information notify: Printing to terminal application information
- name: Printing to terminal application information # noqa: no-handler - name: Printing to terminal application information # noqa: no-handler
ansible.builtin.debug: ansible.builtin.debug:
msg: "The application: {{ application }} was already installed" msg: "The application: {{ application }} was already installed"
when: not result.changed | bool when: not result.changed | bool
@@ -30,4 +30,3 @@
- name: Printing to terminal application information - name: Printing to terminal application information
ansible.builtin.debug: ansible.builtin.debug:
msg: "The application: {{ application }} has been installed" msg: "The application: {{ application }} has been installed"
when: result.changed | bool

4
linux/ec2_register.yml
View File

@@ -18,7 +18,7 @@
ansible.builtin.hostname: ansible.builtin.hostname:
name: "{{ inventory_hostname | regex_replace('_', '-') }}" name: "{{ inventory_hostname | regex_replace('_', '-') }}"
# Install subscription-manager if it's not there # Install subscription-manager if it's not there
- name: Install subscription-manager - name: Install subscription-manager
ansible.builtin.yum: ansible.builtin.yum:
name: subscription-manager name: subscription-manager
@@ -65,7 +65,7 @@
- name: Configure Red Hat insights - name: Configure Red Hat insights
ansible.builtin.import_role: ansible.builtin.import_role:
name: redhat.insights.insights_client name: redhat.insights.insights_client
vars: vars: # noqa var-naming[no-role-prefix]
insights_display_name: "{{ inventory_hostname }}" insights_display_name: "{{ inventory_hostname }}"
insights_tags: insights_tags:
env: "{{ env }}" env: "{{ env }}"

4
linux/patching.yml
View File

@@ -22,7 +22,7 @@
when: when:
- ansible_local.insights.system_id is not defined - ansible_local.insights.system_id is not defined
- name: Run the Insights Client Scan # noqa: no-changed-when - name: Run the Insights Client Scan # noqa: no-changed-when
ansible.builtin.command: insights-client ansible.builtin.command: insights-client
when: when:
- not ansible_check_mode - not ansible_check_mode
@@ -31,7 +31,7 @@
- name: Deploy report server - name: Deploy report server
when: not ansible_check_mode when: not ansible_check_mode
delegate_to: "{{ report_server }}" delegate_to: "{{ report_server }}"
run_once: true # noqa: run-once[task] run_once: true # noqa: run-once[task]
block: block:
- name: Install firewall dependencies - name: Install firewall dependencies
ansible.builtin.dnf: ansible.builtin.dnf:

2
linux/run_script.yml
View File

@@ -11,7 +11,7 @@
ansible.builtin.shell: "{{ shell_script }}" ansible.builtin.shell: "{{ shell_script }}"
register: shell_output register: shell_output
tags: tags:
- skip_ansible_lint # provided variable could require shell modele - skip_ansible_lint # provided variable could require shell modele
- name: Print script output - name: Print script output
ansible.builtin.debug: ansible.builtin.debug:

6
linux/tshoot.yml
View File

@@ -4,15 +4,15 @@
become: true become: true
tasks: tasks:
- name: Gather recent vmstat info # noqa: no-changed-when - name: Gather recent vmstat info # noqa: no-changed-when
ansible.builtin.command: /bin/vmstat 1 5 ansible.builtin.command: /bin/vmstat 1 5
register: vmstat register: vmstat
- name: Gather top CPU hogs # noqa: no-changed-when - name: Gather top CPU hogs # noqa: no-changed-when
ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-pcpu
register: pscpu register: pscpu
- name: Gather top memory hogs # noqa: no-changed-when - name: Gather top memory hogs # noqa: no-changed-when
ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-size ansible.builtin.command: ps -eo user,pid,size,pcpu,cmd --sort=-size
register: pssize register: pssize

8
network/report.yml
View File

@@ -26,10 +26,10 @@
gather_network_resources: all gather_network_resources: all
when: ansible_network_os == 'cisco.iosxr.iosxr' when: ansible_network_os == 'cisco.iosxr.iosxr'
# The dig lookup requires the python 'dnspython' library # # The dig lookup requires the python 'dnspython' library
# - name: Resolve IP address # - name: Resolve IP address
# ansible.builtin.set_fact: # ansible.builtin.set_fact:
# ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}" # ansible_host: "{{ lookup('community.general.dig', inventory_hostname)}}"
- name: Create network reports - name: Create network reports
hosts: "{{ report_server }}" hosts: "{{ report_server }}"

14
openshift/devspaces.yml
View File

@@ -4,14 +4,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: create namespace - name: Create namespace
redhat.openshift.k8s: redhat.openshift.k8s:
name: eclipse-che name: eclipse-che
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
- name: create dev spaces subscription - name: Create dev spaces subscription
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:
@@ -29,8 +29,8 @@
source: redhat-operators source: redhat-operators
sourceNamespace: openshift-marketplace sourceNamespace: openshift-marketplace
- name: wait for dev spaces operator to install - name: Wait for dev spaces operator to install
k8s_info: kubernetes.core.k8s_info:
api_version: apiextensions.k8s.io/v1 api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
name: checlusters.org.eclipse.che name: checlusters.org.eclipse.che
@@ -40,17 +40,17 @@
delay: 30 delay: 30
- name: Wait until devspaces-operator is up - name: Wait until devspaces-operator is up
k8s_info: kubernetes.core.k8s_info:
api_version: v1 api_version: v1
kind: Deployment kind: Deployment
name: devspaces-operator name: devspaces-operator
namespace: openshift-operators namespace: openshift-operators
register: pod_list register: pod_list
until: pod_list|json_query('resources[*].status.readyReplicas')|unique == [1] until: pod_list | json_query('resources[*].status.readyReplicas') | unique == [1]
retries: 10 retries: 10
delay: 30 delay: 30
- name: deploy dev spaces - name: Deploy dev spaces
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:

2
satellite/satellite_promote.yml
View File

@@ -10,7 +10,7 @@
content_view: undef content_view: undef
tasks: tasks:
- name: Promote Content View # noqa: args[module] - required parameters provided with environment vars - name: Promote Content View # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version: redhat.satellite.content_view_version:
content_view: "{{ content_view }}" content_view: "{{ content_view }}"
organization: "{{ organization }}" organization: "{{ organization }}"

2
satellite/satellite_publish.yml
View File

@@ -12,7 +12,7 @@
publish_retry_interval: 15 publish_retry_interval: 15
tasks: tasks:
- name: Publish content view # noqa: args[module] - required parameters provided with environment vars - name: Publish content view # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version: redhat.satellite.content_view_version:
content_view: "{{ content_view }}" content_view: "{{ content_view }}"
organization: "{{ organization }}" organization: "{{ organization }}"

2
satellite/server_openscap.yml
View File

@@ -12,7 +12,7 @@
ansible.builtin.pause: ansible.builtin.pause:
seconds: "{{ 5 | random }}" seconds: "{{ 5 | random }}"
- name: Run SCAP Scan # noqa: no-changed-when - purpose is to run everytime - name: Run SCAP Scan # noqa: no-changed-when - purpose is to run everytime
ansible.builtin.command: "/usr/bin/foreman_scap_client {{ item.id }}" ansible.builtin.command: "/usr/bin/foreman_scap_client {{ item.id }}"
loop: "{{ policy }}" loop: "{{ policy }}"
when: policy_scan == 'all' or item.name in policy_scan when: policy_scan == 'all' or item.name in policy_scan

1
satellite/setup.yml
View File

@@ -1,3 +1,4 @@
---
user_message: user_message:
controller_components: controller_components:

8
satellite/setup_satellite.yml
View File

@@ -7,7 +7,7 @@
refresh_satellite_manifest: true refresh_satellite_manifest: true
tasks: tasks:
- name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars - name: Refresh manifest # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.subscription_manifest: redhat.satellite.subscription_manifest:
organization: "Default Organization" organization: "Default Organization"
state: refreshed state: refreshed
@@ -20,7 +20,7 @@
- name: Publish CV - name: Publish CV
ansible.builtin.include_role: ansible.builtin.include_role:
name: redhat.satellite.content_view_publish name: redhat.satellite.content_view_publish
vars: vars: # noqa var-naming[no-role-prefix]
satellite_content_views: satellite_content_views:
- RHEL7 - RHEL7
- RHEL8 - RHEL8
@@ -29,7 +29,7 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: redhat.satellite.lifecycle_environments name: redhat.satellite.lifecycle_environments
- name: Content view publish # noqa: args[module] - required parameters provided with environment vars - name: Content view publish # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.content_view_version: redhat.satellite.content_view_version:
organization: "{{ satellite_organization }}" organization: "{{ satellite_organization }}"
content_view: "{{ item }}" content_view: "{{ item }}"
@@ -45,7 +45,7 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: redhat.satellite.activation_keys name: redhat.satellite.activation_keys
- name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars - name: Add SCAP Tailoring File # noqa: args[module] - required parameters provided with environment vars
redhat.satellite.scap_tailoring_file: redhat.satellite.scap_tailoring_file:
name: RHEL7_STIG name: RHEL7_STIG
organizations: "{{ satellite_organization }}" organizations: "{{ satellite_organization }}"

4
setup_demo.yml
View File

@@ -8,7 +8,7 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: "redhat_cop.controller_configuration.{{ item }}" name: "redhat_cop.controller_configuration.{{ item }}"
loop: "{{ controller_components }}" loop: "{{ controller_components }}"
vars: vars: # noqa var-naming[no-role-prefix]
controller_components: controller_components:
- notification_templates - notification_templates
- job_templates - job_templates
@@ -69,7 +69,7 @@
url: https://docs.google.com/forms/d/e/1FAIpQLSdIZ77YpETjEfGOoYlXtMnQiU-6M7QFlb2hJA4ujo25QYb2jw/formResponse url: https://docs.google.com/forms/d/e/1FAIpQLSdIZ77YpETjEfGOoYlXtMnQiU-6M7QFlb2hJA4ujo25QYb2jw/formResponse
method: POST method: POST
body: "ifq&entry.1569353616={{ demo }} &entry.498055740={{ lookup('ansible.builtin.env', 'AWX_HOST') }}&sumbit=Submit" body: "ifq&entry.1569353616={{ demo }} &entry.498055740={{ lookup('ansible.builtin.env', 'AWX_HOST') }}&sumbit=Submit"
ignore_errors: true # noqa: ignore-errors - connectivity should not fail play ignore_errors: true # noqa: ignore-errors - connectivity should not fail play
- name: Print Message - name: Print Message
ansible.builtin.debug: ansible.builtin.debug:

4
windows/compliance.yml
View File

@@ -2,8 +2,8 @@
- name: STIG a Windows 2022 Server - name: STIG a Windows 2022 Server
hosts: "{{ HOSTS | default('os_windows') }}" hosts: "{{ HOSTS | default('os_windows') }}"
vars: vars:
win2022STIG_stigrule_254269_Manage: false # noqa var-naming win2022STIG_stigrule_254269_Manage: false # noqa var-naming
win2022STIG_stigrule_254276_Manage: false # noqa var-naming win2022STIG_stigrule_254276_Manage: false # noqa var-naming
tasks: tasks:
- name: Include win2022STIG role - name: Include win2022STIG role

12
windows/create_ad_domain.yml
View File

@@ -34,9 +34,9 @@
name: "{{ item.name }}" name: "{{ item.name }}"
scope: global scope: global
loop: loop:
- { name: "GroupA" } - {name: "GroupA"}
- { name: "GroupB" } - {name: "GroupB"}
- { name: "GroupC" } - {name: "GroupC"}
retries: 5 retries: 5
delay: 10 delay: 10
@@ -47,8 +47,8 @@
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
update_password: on_create update_password: on_create
loop: loop:
- { name: "UserA", groups: "GroupA" } - {name: "UserA", groups: "GroupA"}
- { name: "UserB", groups: "GroupB" } - {name: "UserB", groups: "GroupB"}
- { name: "UserC", groups: "GroupC" } - {name: "UserC", groups: "GroupC"}
retries: 5 retries: 5
delay: 10 delay: 10