ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Random Bug fixes (#103)

Browse Source 
Co-authored-by: youtous <contact@youtous.me>
This commit is contained in:
willtome
2023-12-11 15:27:14 -05:00
committed by GitHub
parent d5093fa544
commit c0cd993c69
81 changed files with 1288 additions and 1263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/ansible-lint.yml vendored
View File

@@ -1,17 +0,0 @@
---
name: Ansible Lint
on:
- push
- pull_request_target
env:
ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }}
jobs:
build:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
# this action implicitly calls actions/checkout
- name: Run ansible-lint
uses: ansible/ansible-lint@v6.18.0

50
.github/workflows/linter.yml.old vendored
View File

@@ -1,50 +0,0 @@
---
###########################
###########################
## Linter GitHub Actions ##
###########################
###########################
name: Lint Code Base
#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#
#############################
# Start the job on all push #
#############################
on: [push, pull_request]
###############
# Set the Job #
###############
jobs:
build:
# Name the Job
name: Lint Code Base
# Set the agent to run on
runs-on: ubuntu-latest
##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@v2
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0
################################
# Run Linter against code base #
################################
- name: Lint Code Base
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: false
DEFAULT_BRANCH: main
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

17
.github/workflows/pre-commit.yml vendored Normal file
View File

@@ -0,0 +1,17 @@
---
name: pre-commit
on:
- push
- pull_request_target
env:
ANSIBLE_GALAXY_SERVER_AH_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_AH_TOKEN }}
jobs:
pre-commit:
name: pre-commit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
- uses: pre-commit/action@v3.0.0

2
.pre-commit-config.yaml
View File

@@ -7,7 +7,7 @@ repos:
- id: trailing-whitespace - id: trailing-whitespace
- repo: https://github.com/ansible/ansible-lint.git - repo: https://github.com/ansible/ansible-lint.git
# get latest release tag from https://github.com/ansible/ansible-lint/releases/ # get latest release tag from https://github.com/ansible/ansible-lint/releases/
rev: v6.18.0 rev: v6.20.3
hooks: hooks:
- id: ansible-lint - id: ansible-lint
additional_dependencies: additional_dependencies:

19
CONTRIBUTING.md
View File

@@ -54,6 +54,21 @@ This document aims to outline the requirements for the various forms of contribu
3) Include a README.md in the subdirectory 3) Include a README.md in the subdirectory
## Testing ## Testing
To run `ansible-lint` you will need to set an environment variable for the token to connect to Automation Hub. You can get a token from [here](https://console.redhat.com/ansible/automation-hub/token).
Copy the value of the token and run `export ANSIBLE_GALAXY_SERVER_AH_TOKEN=<token>` We utilize pre-commit to handle Git hooks, initiating a pre-commit check with each commit, both locally and on CI.
To install pre-commit, use the following commands:
```bash
pip install pre-commit
pre-commit install
```
For further details, refer to the [pre-commit installation documentation](https://pre-commit.com/#installation).
To execute ansible-lint (whether within pre-commit or independently), you must configure an environment variable for the token required to connect to Automation Hub. Obtain the token [here](https://console.redhat.com/ansible/automation-hub/token).
Copy the token value and execute the following command:
```bash
export ANSIBLE_GALAXY_SERVER_AH_TOKEN=<token>
```

4
ansible.cfg
View File

@@ -6,7 +6,9 @@ roles_path=./roles
server_list = ah,galaxy server_list = ah,galaxy
[galaxy_server.ah] [galaxy_server.ah]
#url=https://cloud.redhat.com/api/automation-hub/ # Grab a token at https://console.redhat.com/ansible/automation-hub/token
# Then define it using ANSIBLE_GALAXY_SERVER_AH_TOKEN=""
url=https://console.redhat.com/api/automation-hub/content/published/ url=https://console.redhat.com/api/automation-hub/content/published/
auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token

46
collections/ansible_collections/demo/patching/plugins/modules/scan_packages.py
View File

@@ -2,15 +2,15 @@
from ansible.module_utils.basic import * # noqa from ansible.module_utils.basic import * # noqa
DOCUMENTATION = ''' DOCUMENTATION = """
--- ---
module: scan_packages module: scan_packages
short_description: Return installed packages information as fact data short_description: Return installed packages information as fact data
description: description:
- Return information about installed packages as fact data - Return information about installed packages as fact data
''' """
EXAMPLES = ''' EXAMPLES = """
# Example fact output: # Example fact output:
# host | success >> { # host | success >> {
# "ansible_facts": { # "ansible_facts": {
@@ -34,21 +34,23 @@ EXAMPLES = '''
# "name": "gcc-4.8-base" # "name": "gcc-4.8-base"
# } # }
# ] # ]
''' """
def rpm_package_list(): def rpm_package_list():
import rpm import rpm
trans_set = rpm.TransactionSet() trans_set = rpm.TransactionSet()
installed_packages = [] installed_packages = []
for package in trans_set.dbMatch(): for package in trans_set.dbMatch():
package_details = { package_details = {
'name':package[rpm.RPMTAG_NAME], "name": package[rpm.RPMTAG_NAME],
'version':package[rpm.RPMTAG_VERSION], "version": package[rpm.RPMTAG_VERSION],
'release':package[rpm.RPMTAG_RELEASE], "release": package[rpm.RPMTAG_RELEASE],
'epoch':package[rpm.RPMTAG_EPOCH], "epoch": package[rpm.RPMTAG_EPOCH],
'arch':package[rpm.RPMTAG_ARCH], "arch": package[rpm.RPMTAG_ARCH],
'source':'rpm' } "source": "rpm",
}
if installed_packages == []: if installed_packages == []:
installed_packages = [package_details] installed_packages = [package_details]
else: else:
@@ -58,16 +60,20 @@ def rpm_package_list():
def deb_package_list(): def deb_package_list():
import apt import apt
apt_cache = apt.Cache() apt_cache = apt.Cache()
installed_packages = [] installed_packages = []
apt_installed_packages = [pk for pk in apt_cache.keys() if apt_cache[pk].is_installed] apt_installed_packages = [
pk for pk in apt_cache.keys() if apt_cache[pk].is_installed
]
for package in apt_installed_packages: for package in apt_installed_packages:
ac_pkg = apt_cache[package].installed ac_pkg = apt_cache[package].installed
package_details = { package_details = {
'name':package, "name": package,
'version':ac_pkg.version, "version": ac_pkg.version,
'arch':ac_pkg.architecture, "arch": ac_pkg.architecture,
'source':'apt'} "source": "apt",
}
if installed_packages == []: if installed_packages == []:
installed_packages = [package_details] installed_packages = [package_details]
else: else:
@@ -76,13 +82,11 @@ def deb_package_list():
def main(): def main():
module = AnsibleModule( module = AnsibleModule(argument_spec=dict(os_family=dict(required=True)))
argument_spec = dict(os_family=dict(required=True)) ans_os = module.params["os_family"]
) if ans_os in ("RedHat", "Suse", "openSUSE Leap"):
ans_os = module.params['os_family']
if ans_os in ('RedHat', 'Suse', 'openSUSE Leap'):
packages = rpm_package_list() packages = rpm_package_list()
elif ans_os == 'Debian': elif ans_os == "Debian":
packages = deb_package_list() packages = deb_package_list()
else: else:
packages = None packages = None

137
collections/ansible_collections/demo/patching/plugins/modules/scan_services.py
View File

@@ -3,16 +3,18 @@
import re import re
from ansible.module_utils.basic import * # noqa from ansible.module_utils.basic import * # noqa
DOCUMENTATION = ''' DOCUMENTATION = """
--- ---
module: scan_services module: scan_services
short_description: Return service state information as fact data short_description: Return service state information as fact data
description: description:
- Return service state information as fact data for various service management utilities - Return service state information as fact data for various service management utilities
''' """
EXAMPLES = ''' EXAMPLES = """
---
- monit: scan_services - monit: scan_services
# Example fact output: # Example fact output:
# host | success >> { # host | success >> {
# "ansible_facts": { # "ansible_facts": {
@@ -29,18 +31,17 @@ EXAMPLES = '''
# } # }
# } # }
# } # }
''' # }
"""
class BaseService(object): class BaseService(object):
def __init__(self, module): def __init__(self, module):
self.module = module self.module = module
self.incomplete_warning = False self.incomplete_warning = False
class ServiceScanService(BaseService): class ServiceScanService(BaseService):
def gather_services(self): def gather_services(self):
services = {} services = {}
service_path = self.module.get_bin_path("service") service_path = self.module.get_bin_path("service")
@@ -51,7 +52,10 @@ class ServiceScanService(BaseService):
# sysvinit # sysvinit
if service_path is not None and chkconfig_path is None: if service_path is not None and chkconfig_path is None:
rc, stdout, stderr = self.module.run_command("%s --status-all 2>&1 | grep -E \"\\[ (\\+|\\-) \\]\"" % service_path, use_unsafe_shell=True) rc, stdout, stderr = self.module.run_command(
'%s --status-all 2>&1 | grep -E "\\[ (\\+|\\-) \\]"' % service_path,
use_unsafe_shell=True,
)
for line in stdout.split("\n"): for line in stdout.split("\n"):
line_data = line.split() line_data = line.split()
if len(line_data) < 4: if len(line_data) < 4:
@@ -61,84 +65,112 @@ class ServiceScanService(BaseService):
service_state = "running" service_state = "running"
else: else:
service_state = "stopped" service_state = "stopped"
services[service_name] = {"name": service_name, "state": service_state, "source": "sysv"} services[service_name] = {
"name": service_name,
"state": service_state,
"source": "sysv",
}
# Upstart # Upstart
if initctl_path is not None and chkconfig_path is None: if initctl_path is not None and chkconfig_path is None:
p = re.compile('^\s?(?P<name>.*)\s(?P<goal>\w+)\/(?P<state>\w+)(\,\sprocess\s(?P<pid>[0-9]+))?\s*$') p = re.compile(
"^\s?(?P<name>.*)\s(?P<goal>\w+)\/(?P<state>\w+)(\,\sprocess\s(?P<pid>[0-9]+))?\s*$"
)
rc, stdout, stderr = self.module.run_command("%s list" % initctl_path) rc, stdout, stderr = self.module.run_command("%s list" % initctl_path)
real_stdout = stdout.replace("\r","") real_stdout = stdout.replace("\r", "")
for line in real_stdout.split("\n"): for line in real_stdout.split("\n"):
m = p.match(line) m = p.match(line)
if not m: if not m:
continue continue
service_name = m.group('name') service_name = m.group("name")
service_goal = m.group('goal') service_goal = m.group("goal")
service_state = m.group('state') service_state = m.group("state")
if m.group('pid'): if m.group("pid"):
pid = m.group('pid') pid = m.group("pid")
else: else:
pid = None # NOQA pid = None # NOQA
payload = {"name": service_name, "state": service_state, "goal": service_goal, "source": "upstart"} payload = {
"name": service_name,
"state": service_state,
"goal": service_goal,
"source": "upstart",
}
services[service_name] = payload services[service_name] = payload
# RH sysvinit # RH sysvinit
elif chkconfig_path is not None: elif chkconfig_path is not None:
#print '%s --status-all | grep -E "is (running|stopped)"' % service_path # print '%s --status-all | grep -E "is (running|stopped)"' % service_path
p = re.compile( p = re.compile(
'(?P<service>.*?)\s+[0-9]:(?P<rl0>on|off)\s+[0-9]:(?P<rl1>on|off)\s+[0-9]:(?P<rl2>on|off)\s+' "(?P<service>.*?)\s+[0-9]:(?P<rl0>on|off)\s+[0-9]:(?P<rl1>on|off)\s+[0-9]:(?P<rl2>on|off)\s+"
'[0-9]:(?P<rl3>on|off)\s+[0-9]:(?P<rl4>on|off)\s+[0-9]:(?P<rl5>on|off)\s+[0-9]:(?P<rl6>on|off)') "[0-9]:(?P<rl3>on|off)\s+[0-9]:(?P<rl4>on|off)\s+[0-9]:(?P<rl5>on|off)\s+[0-9]:(?P<rl6>on|off)"
rc, stdout, stderr = self.module.run_command('%s' % chkconfig_path, use_unsafe_shell=True) )
rc, stdout, stderr = self.module.run_command(
"%s" % chkconfig_path, use_unsafe_shell=True
)
# Check for special cases where stdout does not fit pattern # Check for special cases where stdout does not fit pattern
match_any = False match_any = False
for line in stdout.split('\n'): for line in stdout.split("\n"):
if p.match(line): if p.match(line):
match_any = True match_any = True
if not match_any: if not match_any:
p_simple = re.compile('(?P<service>.*?)\s+(?P<rl0>on|off)') p_simple = re.compile("(?P<service>.*?)\s+(?P<rl0>on|off)")
match_any = False match_any = False
for line in stdout.split('\n'): for line in stdout.split("\n"):
if p_simple.match(line): if p_simple.match(line):
match_any = True match_any = True
if match_any: if match_any:
# Try extra flags " -l --allservices" needed for SLES11 # Try extra flags " -l --allservices" needed for SLES11
rc, stdout, stderr = self.module.run_command('%s -l --allservices' % chkconfig_path, use_unsafe_shell=True) rc, stdout, stderr = self.module.run_command(
elif '--list' in stderr: "%s -l --allservices" % chkconfig_path, use_unsafe_shell=True
)
elif "--list" in stderr:
# Extra flag needed for RHEL5 # Extra flag needed for RHEL5
rc, stdout, stderr = self.module.run_command('%s --list' % chkconfig_path, use_unsafe_shell=True) rc, stdout, stderr = self.module.run_command(
for line in stdout.split('\n'): "%s --list" % chkconfig_path, use_unsafe_shell=True
)
for line in stdout.split("\n"):
m = p.match(line) m = p.match(line)
if m: if m:
service_name = m.group('service') service_name = m.group("service")
service_state = 'stopped' service_state = "stopped"
if m.group('rl3') == 'on': if m.group("rl3") == "on":
rc, stdout, stderr = self.module.run_command('%s %s status' % (service_path, service_name), use_unsafe_shell=True) rc, stdout, stderr = self.module.run_command(
"%s %s status" % (service_path, service_name),
use_unsafe_shell=True,
)
service_state = rc service_state = rc
if rc in (0,): if rc in (0,):
service_state = 'running' service_state = "running"
#elif rc in (1,3): # elif rc in (1,3):
else: else:
if 'root' in stderr or 'permission' in stderr.lower() or 'not in sudoers' in stderr.lower(): if (
"root" in stderr
or "permission" in stderr.lower()
or "not in sudoers" in stderr.lower()
):
self.incomplete_warning = True self.incomplete_warning = True
continue continue
else: else:
service_state = 'stopped' service_state = "stopped"
service_data = {"name": service_name, "state": service_state, "source": "sysv"} service_data = {
"name": service_name,
"state": service_state,
"source": "sysv",
}
services[service_name] = service_data services[service_name] = service_data
return services return services
class SystemctlScanService(BaseService): class SystemctlScanService(BaseService):
def systemd_enabled(self): def systemd_enabled(self):
# Check if init is the systemd command, using comm as cmdline could be symlink # Check if init is the systemd command, using comm as cmdline could be symlink
try: try:
f = open('/proc/1/comm', 'r') f = open("/proc/1/comm", "r")
except IOError: except IOError:
# If comm doesn't exist, old kernel, no systemd # If comm doesn't exist, old kernel, no systemd
return False return False
for line in f: for line in f:
if 'systemd' in line: if "systemd" in line:
return True return True
return False return False
@@ -146,10 +178,16 @@ class SystemctlScanService(BaseService):
services = {} services = {}
if not self.systemd_enabled(): if not self.systemd_enabled():
return None return None
systemctl_path = self.module.get_bin_path("systemctl", opt_dirs=["/usr/bin", "/usr/local/bin"]) systemctl_path = self.module.get_bin_path(
"systemctl", opt_dirs=["/usr/bin", "/usr/local/bin"]
)
if systemctl_path is None: if systemctl_path is None:
return None return None
rc, stdout, stderr = self.module.run_command("%s list-unit-files --type=service | tail -n +2 | head -n -2" % systemctl_path, use_unsafe_shell=True) rc, stdout, stderr = self.module.run_command(
"%s list-unit-files --type=service | tail -n +2 | head -n -2"
% systemctl_path,
use_unsafe_shell=True,
)
for line in stdout.split("\n"): for line in stdout.split("\n"):
line_data = line.split() line_data = line.split()
if len(line_data) != 2: if len(line_data) != 2:
@@ -158,12 +196,16 @@ class SystemctlScanService(BaseService):
state_val = "running" state_val = "running"
else: else:
state_val = "stopped" state_val = "stopped"
services[line_data[0]] = {"name": line_data[0], "state": state_val, "source": "systemd"} services[line_data[0]] = {
"name": line_data[0],
"state": state_val,
"source": "systemd",
}
return services return services
def main(): def main():
module = AnsibleModule(argument_spec = dict()) module = AnsibleModule(argument_spec=dict())
service_modules = (ServiceScanService, SystemctlScanService) service_modules = (ServiceScanService, SystemctlScanService)
all_services = {} all_services = {}
incomplete_warning = False incomplete_warning = False
@@ -175,11 +217,16 @@ def main():
if svcmod.incomplete_warning: if svcmod.incomplete_warning:
incomplete_warning = True incomplete_warning = True
if len(all_services) == 0: if len(all_services) == 0:
results = dict(skipped=True, msg="Failed to find any services. Sometimes this is due to insufficient privileges.") results = dict(
skipped=True,
msg="Failed to find any services. Sometimes this is due to insufficient privileges.",
)
else: else:
results = dict(ansible_facts=dict(services=all_services)) results = dict(ansible_facts=dict(services=all_services))
if incomplete_warning: if incomplete_warning:
results['msg'] = "WARNING: Could not find status for all services. Sometimes this is due to insufficient privileges." results[
"msg"
] = "WARNING: Could not find status for all services. Sometimes this is due to insufficient privileges."
module.exit_json(**results) module.exit_json(**results)

39
collections/ansible_collections/demo/patching/plugins/modules/win_scan_packages.py
View File

@@ -1,31 +1,34 @@
#!/usr/bin/env python !/usr/bin/env python
# -*- coding: utf-8 -*- -*- coding: utf-8 -*-
DOCUMENTATION = ''' DOCUMENTATION = """
--- ---
module: win_scan_packages module: win_scan_packages
short_description: Return Package state information as fact data short_description: Return Package state information as fact data
description: description:
- Return Package state information as fact data for various Packages - Return Package state information as fact data for various Packages
''' """
EXAMPLES = ''' EXAMPLES = """
- monit: win_scan_packages - monit: win_scan_packages
# Example fact output: # Example fact output:
# host | success >> { # host | success >> {
# "ansible_facts": { # "ansible_facts": {
# "packages": [ # "packages": [
{ # {
"name": "Mozilla Firefox 76.0.1 (x64 en-US)", # "name": "Mozilla Firefox 76.0.1 (x64 en-US)",
"version": "76.0.1", # "version": "76.0.1",
"publisher": "Mozilla", # "publisher": "Mozilla",
"arch": "Win64" # "arch": "Win64"
}, # },
{ # {
"name": "Mozilla Maintenance Service", # "name": "Mozilla Maintenance Service",
"version": "76.0.1", # "version": "76.0.1",
"publisher": "Mozilla", # "publisher": "Mozilla",
"arch": "Win64" # "arch": "Win64"
},
# } # }
''' # ]
# }
# }
"""

41
collections/ansible_collections/demo/patching/plugins/modules/win_scan_services.py
View File

@@ -1,34 +1,37 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
DOCUMENTATION = ''' DOCUMENTATION = """
--- ---
module: win_scan_services module: win_scan_services
short_description: Return service state information as fact data short_description: Return service state information as fact data
description: description:
- Return service state information as fact data for various service management utilities - Return service state information as fact data for various service management utilities
''' """
EXAMPLES = ''' EXAMPLES = """
- monit: win_scan_services - monit: win_scan_services
# Example fact output: # Example fact output:
# host | success >> { # host | success >> {
# "ansible_facts": { # "ansible_facts": {
# "services": [ # "services": [
{ # {
"name": "AllJoyn Router Service", # "name": "AllJoyn Router Service",
"win_svc_name": "AJRouter", # "win_svc_name": "AJRouter",
"state": "stopped" # "state": "stopped"
}, # },
{ # {
"name": "Application Layer Gateway Service", # "name": "Application Layer Gateway Service",
"win_svc_name": "ALG", # "win_svc_name": "ALG",
"state": "stopped" # "state": "stopped"
}, # },
{ # {
"name": "Application Host Helper Service", # "name": "Application Host Helper Service",
"win_svc_name": "AppHostSvc", # "win_svc_name": "AppHostSvc",
"state": "running" # "state": "running"
},
# } # }
''' # ]
# }
# }
"""

6
collections/ansible_collections/demo/patching/roles/build_report_network/vars/main.yml
View File

@@ -1,12 +1,12 @@
--- ---
file_path: "{{ web_path | default('/var/www/html/reports') }}" file_path: "{{ web_path | default('/var/www/html/reports') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
vendor: vendor: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
ios: &my_value 'Cisco' ios: &my_value 'Cisco'
nxos: *my_value nxos: *my_value
iosxr: *my_value iosxr: *my_value
junos: "Juniper" junos: "Juniper"
eos: "Arista" eos: "Arista"
transport: transport: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
cliconf: "Network_CLI" cliconf: "Network_CLI"
netconf: "NETCONF" netconf: "NETCONF"
nxapi: "NX-API" nxapi: "NX-API"

2
collections/ansible_collections/demo/patching/roles/build_report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
detailedreport: true detailedreport: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/build_report_windows/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: /var/www/html file_path: /var/www/html # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

6
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/defaults/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
email_from: tower@shadowman.dev email_from: tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails_list: "{{ to_emails.split(',') }}" to_emails_list: "{{ to_emails.split(',') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/build_report_windows_patch/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: /var/www/html file_path: /var/www/html # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

4
collections/ansible_collections/demo/patching/roles/patch_linux/defaults/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
exclude_packages: exclude_packages: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
- authselect - authselect
- authselect-compat - authselect-compat
- authselect-libs - authselect-libs
- fprintd-pam - fprintd-pam
allow_reboot: true allow_reboot: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

4
collections/ansible_collections/demo/patching/roles/patch_windows/defaults/main.yml
View File

@@ -1,5 +1,5 @@
--- ---
win_update_categories: win_update_categories: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
- Application - Application
- Connectors - Connectors
- CriticalUpdates - CriticalUpdates
@@ -11,4 +11,4 @@ win_update_categories:
- Tools - Tools
- UpdateRollups - UpdateRollups
- Updates - Updates
allow_reboot: true allow_reboot: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_linux/defaults/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
detailedreport: true detailedreport: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_linux/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: /var/www/html/reports file_path: /var/www/html/reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

6
collections/ansible_collections/demo/patching/roles/report_linux_patching/defaults/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
email_from: tower@shadowman.dev email_from: tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails_list: "{{ to_emails.split(',') }}" to_emails_list: "{{ to_emails.split(',') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_linux_patching/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: /var/www/html/reports file_path: /var/www/html/reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

4
collections/ansible_collections/demo/patching/roles/report_server/vars/Linux.yml
View File

@@ -1,3 +1,3 @@
--- ---
doc_root: /var/www/html doc_root: /var/www/html # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
reports_dir: reports reports_dir: reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

4
collections/ansible_collections/demo/patching/roles/report_server/vars/Win32NT.yml
View File

@@ -1,3 +1,3 @@
--- ---
doc_root: C:\Inetpub\wwwroot doc_root: C:\Inetpub\wwwroot # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
reports_dir: reports reports_dir: reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_windows/defaults/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
detailedreport: true detailedreport: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_windows/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: C:\Inetpub\wwwroot\reports file_path: C:\Inetpub\wwwroot\reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

6
collections/ansible_collections/demo/patching/roles/report_windows_patching/defaults/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
email_from: tower@shadowman.dev email_from: tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails: alex@shadowman.dev,tower@shadowman.dev to_emails: alex@shadowman.dev,tower@shadowman.dev # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
to_emails_list: "{{ to_emails.split(',') }}" to_emails_list: "{{ to_emails.split(',') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/patching/roles/report_windows_patching/vars/main.yml
View File

@@ -1,2 +1,2 @@
--- ---
file_path: C:\Inetpub\wwwroot\reports file_path: C:\Inetpub\wwwroot\reports # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

8
collections/ansible_collections/demo/satellite/roles/register_host/defaults/main.yml
View File

@@ -1,5 +1,5 @@
--- ---
instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}" instance_name: "{{ inventory_hostname | regex_replace('_', '-') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}" activation_key: "{{ 'RHEL' + ansible_distribution_major_version + '_' + env }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
rex_user: root # "{{ ansible_user }}" rex_user: root # "{{ ansible_user }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
force_register: true force_register: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

2
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat7.yml
View File

@@ -1,4 +1,4 @@
--- ---
rhsm_enabled_repos: rhsm_enabled_repos: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
- rhel-7-server-rpms - rhel-7-server-rpms
# - rhel-7-server-satellite-maintenance-6.11-rpms # - rhel-7-server-satellite-maintenance-6.11-rpms

2
collections/ansible_collections/demo/satellite/roles/register_host/vars/RedHat8.yml
View File

@@ -1,5 +1,5 @@
--- ---
rhsm_enabled_repos: rhsm_enabled_repos: # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
- rhel-8-for-x86_64-baseos-rpms - rhel-8-for-x86_64-baseos-rpms
- rhel-8-for-x86_64-appstream-rpms - rhel-8-for-x86_64-appstream-rpms
- satellite-client-6-for-rhel-8-x86_64-rpms - satellite-client-6-for-rhel-8-x86_64-rpms

24
collections/ansible_collections/demo/satellite/roles/scap_client/defaults/main.yaml
View File

@@ -1,13 +1,13 @@
--- ---
foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}" foreman_server_url: "{{ lookup('env', 'SATELLITE_SERVER') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}" foreman_username: "{{ lookup('env', 'SATELLITE_USERNAME') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}" foreman_password: "{{ lookup('env', 'SATELLITE_PASSWORD') }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
foreman_validate_certs: "{{ lookup('env', 'FOREMAN_VALIDATE_CERTS') | default(true) }}" foreman_validate_certs: "{{ lookup('env', 'FOREMAN_VALIDATE_CERTS') | default(true) }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
capsule_server: "{{ foreman_server_url }}" capsule_server: "{{ foreman_server_url }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
capsule_port: '9090' capsule_port: '9090' # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
policy_name: 'all' policy_name: 'all' # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
policy_scan: "{{ policy_name }}" policy_scan: "{{ policy_name }}" # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
crontab_hour: 2 crontab_hour: 2 # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
crontab_minute: 0 crontab_minute: 0 # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
crontab_weekdays: 0 crontab_weekdays: 0 # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way
foreman_operations_scap_client_secure_logging: true foreman_operations_scap_client_secure_logging: true # noqa var-naming[no-role-prefix] - TODO : we should rework roles to use variable prefix, until scope is defined, silence is the way

1
linux/compliance_profiles.md
View File

@@ -12,4 +12,3 @@ The following compliance profiles are supported by the [**Linux / Enforce Compli
| DISA STIG | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-stig | | DISA STIG | https://galaxy.ansible.com/RedHatOfficial/ansible-role-rhel8-stig |
These roles are derived from the [Compliance as Code](https://github.com/ComplianceAsCode/content) project, which provides SCAP content used by the [OpenSCAP](https://www.open-scap.org/) `oscap` tool. These roles are derived from the [Compliance as Code](https://github.com/ComplianceAsCode/content) project, which provides SCAP content used by the [OpenSCAP](https://www.open-scap.org/) `oscap` tool.

18
openshift/gitlab.yml
View File

@@ -4,14 +4,14 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: create cert-manager-operator namespace - name: Create cert-manager-operator namespace
redhat.openshift.k8s: redhat.openshift.k8s:
name: cert-manager-operator name: cert-manager-operator
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
- name: create OperatorGroup object for cert-manager-operator - name: Create OperatorGroup object for cert-manager-operator
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:
@@ -24,7 +24,7 @@
targetNamespaces: targetNamespaces:
- cert-manager-operator - cert-manager-operator
- name: create cert-manager-operator subscription - name: Create cert-manager-operator subscription
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:
@@ -42,14 +42,14 @@
source: redhat-operators source: redhat-operators
sourceNamespace: openshift-marketplace sourceNamespace: openshift-marketplace
- name: create gitlab-system namespace - name: Create gitlab-system namespace
redhat.openshift.k8s: redhat.openshift.k8s:
name: gitlab-system name: gitlab-system
api_version: v1 api_version: v1
kind: Namespace kind: Namespace
state: present state: present
- name: create OperatorGroup object for gitlab-operator-kubernetes - name: Create OperatorGroup object for gitlab-operator-kubernetes
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:
@@ -62,7 +62,7 @@
targetNamespaces: targetNamespaces:
- gitlab-system - gitlab-system
- name: create gitlab subscription - name: Create gitlab subscription
redhat.openshift.k8s: redhat.openshift.k8s:
state: present state: present
definition: definition:
@@ -80,8 +80,8 @@
source: community-operators source: community-operators
sourceNamespace: openshift-marketplace sourceNamespace: openshift-marketplace
- name: wait for gitlab operator to install - name: Wait for gitlab operator to install
k8s_info: kubernetes.core.k8s_info:
api_version: apiextensions.k8s.io/v1 api_version: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
name: gitlabs.apps.gitlab.com name: gitlabs.apps.gitlab.com
@@ -91,7 +91,7 @@
delay: 30 delay: 30
- name: Wait until gitlab-operator is up - name: Wait until gitlab-operator is up
k8s_info: kubernetes.core.k8s_info:
api_version: v1 api_version: v1
kind: Deployment kind: Deployment
name: gitlab-controller-manager name: gitlab-controller-manager

1
openshift/setup.yml
View File

@@ -34,4 +34,3 @@ controller_templates:
notification_templates_error: Telemetry notification_templates_error: Telemetry
credentials: credentials:
- "OpenShift Credential" - "OpenShift Credential"

4
windows/backup.yml
View File

@@ -1,6 +1,6 @@
--- ---
- hosts: windows - name: Rollback playbook
name: Rollback playbook hosts: windows
tasks: tasks:
- name: "Rollback this step" - name: "Rollback this step"
ansible.builtin.debug: ansible.builtin.debug:

17
windows/create_ad_domain.yml
View File

@@ -20,16 +20,16 @@
- Wait for AD services again - Wait for AD services again
- name: Flush handlers - name: Flush handlers
meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: Create some groups - name: Create some groups
community.windows.win_domain_group: community.windows.win_domain_group:
name: "{{ item.name }}" name: "{{ item.name }}"
scope: global scope: global
loop: loop:
- { name: "GroupA" } - name: "GroupA"
- { name: "GroupB" } - name: "GroupB"
- { name: "GroupC" } - name: "GroupC"
retries: 5 retries: 5
delay: 10 delay: 10
@@ -40,9 +40,12 @@
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
update_password: on_create update_password: on_create
loop: loop:
- { name: "UserA", groups: "GroupA" } - name: "UserA"
- { name: "UserB", groups: "GroupB" } groups: "GroupA"
- { name: "UserC", groups: "GroupC" } - name: "UserB"
groups: "GroupB"
- name: "UserC"
groups: "GroupC"
retries: 5 retries: 5
delay: 10 delay: 10