Merge pull request #82 from lexsys27/ansible-linter

Ansible linter
2018-03-06 16:01:34 +03:00 · 2018-03-06 16:01:34 +03:00 · 6f6ba5df16
parent ab14bcbe7f 13f2407d18
commit 6f6ba5df16
29 changed files with 196 additions and 80 deletions
--- a/bootnode.yml
+++ b/bootnode.yml
@ -2,7 +2,7 @@
 - name: Create bootnode security group
  hosts: localhost
  gather_facts: False
-  tasks: 
+  tasks:
  - name: Create Security group
    ec2_group:
      ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
        ec2_access_key: "{{ access_key }}"
        ec2_secret_key: "{{ secret_key }}"
        key_name: "{{ awskeypair_name }}"
-        instance_tags: 
+        instance_tags:
          Name: "{{ bootnode_instance_name }}"
        group: "{{ bootnode_security_group }}"
        instance_type: "{{ bootnode_instance_type }}"
--- a/explorer.yml
+++ b/explorer.yml
@ -2,7 +2,7 @@
 - name: Create explorer security group
  hosts: localhost
  gather_facts: False
-  tasks: 
+  tasks:
  - name: Create Security group
    ec2_group:
      ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
        ec2_access_key: "{{ access_key }}"
        ec2_secret_key: "{{ secret_key }}"
        key_name: "{{ awskeypair_name }}"
-        instance_tags: 
+        instance_tags:
          Name: "{{ explorer_instance_name }}"
        group: "{{ explorer_security_group }}"
        instance_type: "{{ explorer_instance_type }}"
--- a/hooks/pre-commit.sh
+++ b/hooks/pre-commit.sh
@ -0,0 +1,30 @@
 #!/bin/sh
 # This is the pre-commit hook that runs each time with `git commit`
 # and checks syntax of the playbooks
 # To install run
 #   ln -s ../../hooks/pre-commit.sh .git/hooks/pre-commit
 echo "Running pre-commit hook"
 STASH_NAME="pre-commit-$(date +%s)"
 git stash save -q --keep-index $STASH_NAME
 echo "Checking the playbook syntax"
 ansible-playbook -i none site.yml --syntax-check
 RESULT=$?
 if [[ $RESULT == 0 ]]; then
 	echo "Running Ansible linter"
 	ansible-lint site.yml
 	RESULT=$?
 fi
 STASHES=$(git stash list)
 if [[ $STASHES =~ .*$STASH_NAME ]]; then
  git stash pop -q
 fi
 [ $RESULT -ne 0 ] && exit 1
 exit 0
--- a/netstat.yml
+++ b/netstat.yml
@ -2,7 +2,7 @@
 - name: Create netstat security group
  hosts: localhost
  gather_facts: False
-  tasks: 
+  tasks:
  - name: Create Security group
    ec2_group:
      ec2_access_key: "{{ access_key }}"
@ -39,7 +39,7 @@
        ec2_access_key: "{{ access_key }}"
        ec2_secret_key: "{{ secret_key }}"
        key_name: "{{ awskeypair_name }}"
-        instance_tags: 
+        instance_tags:
          Name: "{{ netstat_instance_name }}"
        group: "{{ netstat_security_group }}"
        instance_type: "{{ netstat_instance_type }}"
--- a/roles/bootnode-access/tasks/ec2.yml
+++ b/roles/bootnode-access/tasks/ec2.yml
@ -40,7 +40,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "22"
  when: allow_bootnode_ssh == true
@ -75,7 +75,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "8545"
  when: allow_bootnode_rpc == true
@ -99,6 +99,6 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "30303"
  when: allow_bootnode_p2p == true
--- a/roles/bootnode-access/tasks/main.yml
+++ b/roles/bootnode-access/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Setup ufw firewall
-  include: ufw.yml
+  import_tasks: ufw.yml
  when: not ansible_bios_version | search("amazon")
 - name: Setup EC2 firewall
-  include: ec2.yml
+  import_tasks: ec2.yml
  when: ansible_bios_version | search("amazon")
--- a/roles/explorer-access/tasks/ec2.yml
+++ b/roles/explorer-access/tasks/ec2.yml
@ -40,7 +40,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "22"
  when: allow_explorer_ssh == true
@ -79,7 +79,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "30303"
  when: allow_explorer_p2p == true
@ -98,6 +98,6 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "3000"
  when: allow_explorer_http == true
--- a/roles/explorer-access/tasks/main.yml
+++ b/roles/explorer-access/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Setup ufw firewall
-  include: ufw.yml
+  import_tasks: ufw.yml
  when: not ansible_bios_version | search("amazon")
 - name: Setup EC2 firewall
-  include: ec2.yml
+  import_tasks: ec2.yml
  when: ansible_bios_version | search("amazon")
--- a/roles/explorer/tasks/main.yml
+++ b/roles/explorer/tasks/main.yml
@ -26,17 +26,23 @@
  with_items:
   - node.toml
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/chain-explorer dest={{ home }}/chain-explorer
+- name: Clone poanetworks/chain-explorer repo from GitHub
  git:
    repo: "https://github.com/{{ MAIN_REPO_FETCH }}/chain-explorer"
    dest: "{{ home }}/chain-explorer"
    version: "{{ explorer_version }}"
 - name: Install chain_explorer app.json
  template: src=app.json.j2 dest={{ home }}/chain-explorer/app.json owner={{ username }} group={{ username }} mode=0644
  notify:
    - restart poa-chain-explorer
- file: path={{ home }}/chain-explorer owner={{ username }} group={{ username }} recurse=yes
+- name: Set group and owner on the chain-explorer directory
  file: path={{ home }}/chain-explorer owner={{ username }} group={{ username }} recurse=yes
 - name: install npm chain_explorer
-  shell: "cd /home/{{ username }}/chain-explorer; /usr/bin/npm install"
+  npm:
    path: "/home/{{ username }}/chain-explorer"
  become: true
  become_user: "{{ username }}"
  notify:
--- a/roles/explorer/vars/main.yml
+++ b/roles/explorer/vars/main.yml
@ -0,0 +1 @@
 explorer_version: "acee07c"
--- a/roles/moc-access/tasks/ec2.yml
+++ b/roles/moc-access/tasks/ec2.yml
@ -40,7 +40,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "22"
  when: allow_moc_ssh == true
@ -63,6 +63,6 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "30303"
  when: allow_moc_p2p == true
--- a/roles/moc-access/tasks/main.yml
+++ b/roles/moc-access/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Setup ufw firewall
-  include: ufw.yml
+  import_tasks: ufw.yml
  when: not ansible_bios_version | search("amazon")
 - name: Setup EC2 firewall
-  include: ec2.yml
+  import_tasks: ec2.yml
  when: ansible_bios_version | search("amazon")
--- a/roles/moc/tasks/main.yml
+++ b/roles/moc/tasks/main.yml
@ -30,23 +30,33 @@
  template: src=node_pwd.j2 dest={{ home }}/{{ NODE_PWD }} owner={{ username }} group={{ username }} mode=0600
 - name: Config MOC_KEYFILE file
-  shell: "echo '{{ MOC_KEYFILE }}' > {{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/{{ username }}.key"
+  copy:
    content: "{{ MOC_KEYFILE }}"
    dest: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/{{ username }}.key"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-moc dest={{ home }}/poa-scripts-moc version={{ SCRIPTS_MOC_BRANCH }}
+- name: Clone poanetworks/poa-scripts-moc repo from GitHub
  git:
    repo: "https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-moc"
    dest: "{{ home }}/poa-scripts-moc"
    version: "{{ SCRIPTS_MOC_BRANCH }}"
- file: path={{ home }}/poa-scripts-moc owner={{ username }} group={{ username }} recurse=yes
+- name: Change owner and group of poa-scripts-moc file
  file: path={{ home }}/poa-scripts-moc owner={{ username }} group={{ username }} recurse=yes
 - name: install npm initial_keys_script
-  shell: "cd {{ home }}/poa-scripts-moc; /usr/bin/npm install"
+  npm:
    path: "{{ home }}/poa-scripts-moc"
  become: true
  become_user: "{{ username }}"
 - name: install npm generateInitialKey
-  shell: "cd {{ home }}/poa-scripts-moc/generateInitialKey; /usr/bin/npm install"
+  npm:
    path: "{{ home }}/poa-scripts-moc/generateInitialKey"
  become: true
  become_user: "{{ username }}"
 - name: install npm distributeTokens
-  shell: "cd {{ home }}/poa-scripts-moc/distributeTokens; /usr/bin/npm install"
+  npm:
    path: "{{ home }}/poa-scripts-moc/distributeTokens"
  become: true
  become_user: "{{ username }}"
--- a/roles/netstat-access/tasks/ec2.yml
+++ b/roles/netstat-access/tasks/ec2.yml
@ -40,7 +40,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "22"
  when: allow_netstat_ssh == true
@ -75,6 +75,6 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "3000"
  when: allow_netstat_http == true
--- a/roles/netstat-access/tasks/main.yml
+++ b/roles/netstat-access/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Setup ufw firewall
-  include: ufw.yml
+  import_tasks: ufw.yml
  when: not ansible_bios_version | search("amazon")
 - name: Setup EC2 firewall
-  include: ec2.yml
+  import_tasks: ec2.yml
  when: ansible_bios_version | search("amazon")
--- a/roles/netstat/tasks/main.yml
+++ b/roles/netstat/tasks/main.yml
@ -7,27 +7,39 @@
    owner: "{{ username }}"
    group: "{{ username }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/eth-netstats dest={{ home }}/eth-netstats
+- name: Clone poanetworks/eth-netstats repo from GitHub
  git:
    repo: "https://github.com/{{ MAIN_REPO_FETCH }}/eth-netstats"
    dest: "{{ home }}/eth-netstats"
    version: "{{ netstat_version }}"
- file: path={{ home }}/eth-netstats owner={{ username }} group={{ username }} recurse=yes
+- name: Set owner and group on eth-netstats files
  file: path={{ home }}/eth-netstats owner={{ username }} group={{ username }} recurse=yes
 - name: install npm netstats
-  shell: "cd /home/{{ username }}/eth-netstats; /usr/bin/npm install"
+  npm:
    path: "/home/{{ username }}/eth-netstats"
  become: true
  become_user: "{{ username }}"
  notify:
    - restart poa-dashboard
 - name: install npm grunt-cli
-  shell: "cd /home/{{ username }}/eth-netstats; /usr/bin/npm install -g grunt-cli"
+  npm:
    name: grunt-cli
    global: yes
 - name: run grunt process
  shell: "cd /home/{{ username }}/eth-netstats; grunt"
  become: true
  become_user: "{{ username }}"
  args:
    creates: "/home/{{ username }}/dist"
 - name: Config ws_secret.json file
-  shell: "echo '[\"{{ NETSTATS_SECRET }}\"]' > /home/{{ username }}/eth-netstats/ws_secret.json"
+  copy:
    content: '["{{ NETSTATS_SECRET }}"]'
    dest: "/home/{{ username }}/eth-netstats/ws_secret.json"
  notify:
    - restart poa-dashboard
--- a/roles/netstat/vars/main.yml
+++ b/roles/netstat/vars/main.yml
@ -0,0 +1 @@
 netstat_version: "cb431d6"
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -1,9 +1,20 @@
 ---
 - name: Install nginx
-  apt: name=nginx state=latest
+  apt: name=nginx state=present
  tags: nginx
- file: path=/etc/nginx/ssl state=directory mode=0755
+- name: Install Pip
  apt:
    name: "python3-pip"
    state: present
 - name: Ensure python OpenSSL dependencies are installed.
  pip:
    name: pyOpenSSL
    state: present
 - name: Create directory for nginx SSL certificates
  file: path=/etc/nginx/ssl state=directory mode=0755
  tags: nginx
 - name: Check certificate file
@ -11,11 +22,27 @@
    path: /etc/nginx/ssl/server.crt
  register: cert_file_check
 - name: Generate SSL private key
  openssl_privatekey:
    path: /etc/nginx/ssl/server.key
    size: 4096
  when: not cert_file_check.stat.exists
 - name: Generate SSL certificate request
  openssl_csr:
    path: /etc/nginx/ssl/server.csr
    privatekey_path: /etc/nginx/ssl/server.key
    common_name: "{{ ansible_host }}"
  when: not cert_file_check.stat.exists
 - name: Generate self-signed SSL certificate
-  shell: openssl req -new -x509 -nodes -subj "/CN={{ ansible_host }}" -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
+  openssl_certificate:
    path: /etc/nginx/ssl/server.crt
    provider: selfsigned
    privatekey_path: /etc/nginx/ssl/server.key
    csr_path: /etc/nginx/ssl/server.csr
  notify:
   - reload nginx
  tags: nginx
  when: not cert_file_check.stat.exists
 - name: Install nginx.conf
--- a/roles/poa-netstats/tasks/main.yml
+++ b/roles/poa-netstats/tasks/main.yml
@ -15,17 +15,23 @@
    owner: "{{ username }}"
    group: "{{ username }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/eth-net-intelligence-api dest={{ home }}/eth-net-intelligence-api
+- name: Clone poanetworks/eth-net-intelligence-api repo from GitHub
  git:
    repo: "https://github.com/{{ MAIN_REPO_FETCH }}/eth-net-intelligence-api"
    dest: "{{ home }}/eth-net-intelligence-api"
    version: "{{ api_version }}"
 - name: Install netstats config
  template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner={{ username }} group={{ username }} mode=0644
  notify:
    - restart poa-netstats
- file: path={{ home }}/eth-net-intelligence-api owner={{ username }} group={{ username }} recurse=yes
+- name: Change owner and group of eth-net-intelligence-api files
  file: path={{ home }}/eth-net-intelligence-api owner={{ username }} group={{ username }} recurse=yes
 - name: install npm netstats
-  shell: "cd /home/{{ username }}/eth-net-intelligence-api; /usr/bin/npm install"
+  npm:
    path: "/home/{{ username }}/eth-net-intelligence-api"
  become: true
  become_user: "{{ username }}"
  notify:
--- a/roles/poa-netstats/vars/main.yml
+++ b/roles/poa-netstats/vars/main.yml
@ -0,0 +1 @@
 api_version: "9773b5b"
--- a/roles/preconf/tasks/main.yml
+++ b/roles/preconf/tasks/main.yml
@ -3,18 +3,9 @@
  authorized_key: user=root key={{ item }} state=present exclusive=yes
  with_items: "{{ ssh_root }}"
- include: ssh.yml
+- import_tasks: ssh.yml
- include: packages.yml
+- import_tasks: packages.yml
- include: vars.yml
+- import_tasks: vars.yml
-#- include: ntp.yml
+- import_tasks: chrony.yml
- include: chrony.yml
+- import_tasks: logrotate.yml
- include: logrotate.yml
+- import_tasks: swap.yml
 - include: swap.yml
 #- selinux:
 #    state: disabled
 #- lineinfile: dest=/etc/ssh/sshd_config regexp="^#Port" line="Port 27091" state=present backrefs=yes
 #- name: Set timezone to UTC
 #  command:  timedatectl set-timezone UTC
--- a/roles/preconf/tasks/packages.yml
+++ b/roles/preconf/tasks/packages.yml
@ -1,9 +1,6 @@
 ---
 - name: Update system
  apt: upgrade=dist state=latest update_cache=yes
 - name: Install packages
-  apt: name={{ item }} state=latest
+  apt: name={{ item }} state=present update_cache=yes
  with_items:
    - bc
    - haveged
--- a/roles/preconf/tasks/swap.yml
+++ b/roles/preconf/tasks/swap.yml
@ -6,10 +6,14 @@
 - name: create file for swap
  shell: /usr/bin/fallocate -l 1G /swapfile
  when: not swap_file_check.stat.exists
  tags:
    - skip_ansible_lint
 - name: format swap file
  shell: /sbin/mkswap /swapfile
  when: not swap_file_check.stat.exists
  tags:
    - skip_ansible_lint
 - name: set permission to swap file
  file: path=/swapfile owner=root group=root mode=0600
@ -17,6 +21,8 @@
 - name: add swap file to system
  shell: /sbin/swapon /swapfile
  when: not swap_file_check.stat.exists
  tags:
    - skip_ansible_lint
 - name: write changes to fstab
  mount: name=none src=/swapfile fstype=swap opts=sw passno=0 dump=0 state=present
--- a/roles/preconf/tasks/vars.yml
+++ b/roles/preconf/tasks/vars.yml
@ -1,7 +1,15 @@
 ---
- sysctl: name=vm.swappiness value=10 state=present
+- name: Set vm.swappiness system parameter
- sysctl: name=vm.vfs_cache_pressure value=50 state=present
+  sysctl: name=vm.swappiness value=10 state=present
 - sysctl: name=net.core.somaxconn value=1000 state=present
- lineinfile: dest=/etc/security/limits.conf line="* soft nofile 100000" state=present
+- name: Set vm.vfs_cache_pressure system parameter
- lineinfile: dest=/etc/security/limits.conf line="* hard nofile 100000" state=present
+  sysctl: name=vm.vfs_cache_pressure value=50 state=present
 - name: Set net.core.somaxconn system parameter
  sysctl: name=net.core.somaxconn value=1000 state=present
 - name: Set nofile soft limit
  lineinfile: dest=/etc/security/limits.conf line="* soft nofile 100000" state=present
 - name: Set nofile hard limit
  lineinfile: dest=/etc/security/limits.conf line="* hard nofile 100000" state=present
--- a/roles/usermanager/tasks/main.yml
+++ b/roles/usermanager/tasks/main.yml
@ -1,8 +1,9 @@
 ---
- user: name={{ item.name }} groups={{ item.addgroups | default('') }} shell=/bin/bash append=yes
+- name: Create users
  user: name={{ item.name }} groups={{ item.addgroups | default('') }} shell=/bin/bash append=yes
  with_items: "{{ users }}"
- include: nested_authorized_key.yml
+- include_tasks: nested_authorized_key.yml
  with_items: "{{ users }}"
  loop_control:
    loop_var: outer_item
--- a/roles/validator-access/tasks/ec2.yml
+++ b/roles/validator-access/tasks/ec2.yml
@ -40,7 +40,7 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "22"
  when: allow_validator_ssh == true
@ -63,6 +63,6 @@
          from_port: "{{ item }}"
          to_port: "{{ item }}"
          cidr_ip: 0.0.0.0/0
-  with_items: 
+  with_items:
    - "30303"
  when: allow_validator_p2p == true
--- a/roles/validator-access/tasks/main.yml
+++ b/roles/validator-access/tasks/main.yml
@ -1,8 +1,8 @@
 ---
 - name: Setup ufw firewall
-  include: ufw.yml
+  import_tasks: ufw.yml
  when: not ansible_bios_version | search("amazon")
 - name: Setup EC2 firewall
-  include: ec2.yml
+  import_tasks: ec2.yml
  when: ansible_bios_version | search("amazon")
--- a/roles/validator/tasks/main.yml
+++ b/roles/validator/tasks/main.yml
@ -30,16 +30,30 @@
  template: src=node_pwd.j2 dest={{ home }}/{{ NODE_PWD }} owner={{ username }} group={{ username }} mode=0600
 - name: Config MINING_KEYFILE file
-  shell: "echo '{{ MINING_KEYFILE }}' > {{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/validator.key.{{ MINING_ADDRESS }}"
+  copy:
    content: "{{ MINING_KEYFILE }}"
    dest: "{{ home }}/parity_data/keys/{{ GENESIS_NETWORK_NAME }}/validator.key.{{ MINING_ADDRESS }}"
- git: repo=https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-validator dest={{ home }}/poa-scripts-validator version={{ SCRIPTS_VALIDATOR_BRANCH }}
+- name: Clone poanetworks/poa-scripts-validator repo from GitHub
  git:
    repo: "https://github.com/{{ MAIN_REPO_FETCH }}/poa-scripts-validator"
    dest: "{{ home }}/poa-scripts-validator"
    version: "{{ SCRIPTS_VALIDATOR_BRANCH }}"
- file: src="{{ home }}/node.toml" dest="{{ home }}/poa-scripts-validator/node.toml" owner="{{ username }}" group="{{ username }}" state=link
+- name: Link node.toml file
  file:
    src: "{{ home }}/node.toml"
    dest: "{{ home }}/poa-scripts-validator/node.toml"
    owner: "{{ username }}"
    group: "{{ username }}"
    state: link
- file: path={{ home }}/poa-scripts-validator owner={{ username }} group={{ username }} recurse=yes
+- name: Set up owner and group on poa-scripts-validator files
  file: path={{ home }}/poa-scripts-validator owner={{ username }} group={{ username }} recurse=yes
 - name: install npm transferRewardToPayoutKey
-  shell: "cd {{ home }}/poa-scripts-validator/transferRewardToPayoutKey; /usr/bin/npm install"
+  npm:
    path: "{{ home }}/poa-scripts-validator/transferRewardToPayoutKey"
  become: true
  become_user: "{{ username }}"
  notify:
--- a/site.yml
+++ b/site.yml
@ -8,6 +8,7 @@
  tags: preconf
 - hosts: bootnode
  become: True
  vars:
    nginx_headers: "on"
    PROXY_PORT: "8545"
@ -33,6 +34,7 @@
    - bootnode
 - hosts: validator
  become: True
  vars:
    username: "validator"
    users:
@ -51,6 +53,7 @@
    - validator
 - hosts: netstat
  become: True
  vars:
    nginx_headers: "off"
    PROXY_PORT: "3000"
@ -70,6 +73,7 @@
    - netstat
 - hosts: explorer
  become: True
  vars:
    nginx_headers: "off"
    PROXY_PORT: "3000"
@ -91,6 +95,7 @@
    - explorer
 - hosts: moc
  become: True
  vars:
    username: "moc"
    users: