ansible-playbooks/general#85 Linting

defaults/main.yml

-default_proxy: ''
+default_proxy:
 proxy_debug: false
-proxy_default_backend: ''
+proxy_default_backend:
 proxy_certificates: []
-proxy_timeout_connect: '5s'
-proxy_timeout_client: '20s'
-proxy_timeout_server: '45s'
+proxy_timeout_connect: 5s
+proxy_timeout_client: 20s
+proxy_timeout_server: 45s
 proxy_redirect_aliase: false
 proxy_maxconn: 100
 proxy_varnish_maxconn: 1000
@@ -15,85 +15,85 @@ proxy_redirect_maps:
   path: {}
 proxy_blacklist:
   ip:
-    - '146.185.176.158'
-    - '162.243.9.72'
-    - '173.199.114.0/24'
-    - '173.199.115.0/24'
-    - '173.199.115.112/29'
-    - '173.199.116.0/24'
-    - '173.199.117.0/24'
-    - '173.199.118.0/24'
-    - '173.199.119.0/24'
-    - '173.199.120.0/24'
-    - '182.50.130.0/24'
-    - '188.92.74.0/24'
-    - '195.239.0/24'
-    - '198.186.190.0/23'
-    - '198.186.192.0/23'
-    - '198.186.194.0/24'
-    - '208.167.230.0/24'
-    - '209.222.12.0/24'
-    - '210.171.3.0/24'
-    - '212.100.254.105'
-    - '212.113.0.0/24'
-    - '212.113.32.0/21'
-    - '212.113.37.0/24'
-    - '213.186.0.0/24'
-    - '213.186.96.0/19'
-    - '46.137.98.159'
-    - '5.10.83.0/24'
-    - '5.10.83.0/25'
-    - '5.9.0.0/24'
-    - '5.9.104.0/24'
-    - '50.112.126.117'
-    - '54.232.100.158'
-    - '54.235.220.243'
-    - '54.249.240.15'
-    - '54.251.45.250'
-    - '54.252.97.95'
-    - '69.42.83.0/24'
+    - 146.185.176.158
+    - 162.243.9.72
+    - 173.199.114.0/24
+    - 173.199.115.0/24
+    - 173.199.115.112/29
+    - 173.199.116.0/24
+    - 173.199.117.0/24
+    - 173.199.118.0/24
+    - 173.199.119.0/24
+    - 173.199.120.0/24
+    - 182.50.130.0/24
+    - 188.92.74.0/24
+    - 195.239.0/24
+    - 198.186.190.0/23
+    - 198.186.192.0/23
+    - 198.186.194.0/24
+    - 208.167.230.0/24
+    - 209.222.12.0/24
+    - 210.171.3.0/24
+    - 212.100.254.105
+    - 212.113.0.0/24
+    - 212.113.32.0/21
+    - 212.113.37.0/24
+    - 213.186.0.0/24
+    - 213.186.96.0/19
+    - 46.137.98.159
+    - 5.10.83.0/24
+    - 5.10.83.0/25
+    - 5.9.0.0/24
+    - 5.9.104.0/24
+    - 50.112.126.117
+    - 54.232.100.158
+    - 54.235.220.243
+    - 54.249.240.15
+    - 54.251.45.250
+    - 54.252.97.95
+    - 69.42.83.0/24
   referer:
-    - 'best-seo-solution.com'
-    - 'best-seo-offer.com'
-    - 'buttons-for-website.com'
-    - 'buttons-for-your-website.com'
-    - 'semalt.com'
-    - '7makemoneyonline.com'
+    - best-seo-solution.com
+    - best-seo-offer.com
+    - buttons-for-website.com
+    - buttons-for-your-website.com
+    - semalt.com
+    - 7makemoneyonline.com
   agent:
-    - 'AhrefsBot'
-    - 'Ahrefs'
-    - 'rogerbot'
-    - 'MJ12bot'
-    - 'majestic12'
-    - 'MJ12'
-    - 'SiteBot'
-    - 'Semrush'
-    - 'CCBot'
-    - '80legs'
-    - 'Sogou'
-    - 'DigExt'
-    - 'spbot'
-    - 'ia_archiver'
-    - 'Rankivabot'
-    - 'DBLBot'
-    - 'libw'
-    - 'Voil'
-    - 'Twice'
-    - 'Sogou'
-    - 'psbot'
-    - 'Exabot'
-    - 'boitho'
-    - 'ajSitemap'
-    - 'Rankivabot'
-    - 'SeznamBot'
-    - 'DBLBot'
-    - 'Ezooms'
-    - 'Ezooms/1.0'
-    - 'exabot'
-    - 'dotbot'
-    - 'gigabot'
+    - AhrefsBot
+    - Ahrefs
+    - rogerbot
+    - MJ12bot
+    - majestic12
+    - MJ12
+    - SiteBot
+    - Semrush
+    - CCBot
+    - 80legs
+    - Sogou
+    - DigExt
+    - spbot
+    - ia_archiver
+    - Rankivabot
+    - DBLBot
+    - libw
+    - Voil
+    - Twice
+    - Sogou
+    - psbot
+    - Exabot
+    - boitho
+    - ajSitemap
+    - Rankivabot
+    - SeznamBot
+    - DBLBot
+    - Ezooms
+    - Ezooms/1.0
+    - exabot
+    - dotbot
+    - gigabot
   other:
-    - 'path_beg /wp-admin'
-    - 'path_beg /wp-login'
-    - 'path /autodiscover/autodiscover.xml'
-    - 'path /autodiscover.xml'
+    - path_beg /wp-admin
+    - path_beg /wp-login
+    - path /autodiscover/autodiscover.xml
+    - path /autodiscover.xml

handlers/main.yml

 ---
 # file: roles/haproxy/handler/main.yml
 
-- name: "Check HAProxy Config"
+- name: Check HAProxy Config
   command: haproxy -c -f /etc/haproxy/haproxy.cfg
   register: haproxy_config_check
-  changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
-  failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
+  changed_when: "Configuration file is valid" in haproxy_config_check.stdout_lines
+  failed_when: "Configuration file is valid" not in haproxy_config_check.stdout_lines
   notify: "Restart HAProxy"
 
-- name: "Restart HAProxy"
+- name: Restart HAProxy
   service: name={{item.name}} state={{item.state}}
   with_items:
     - name: haproxy

tasks/blacklists.yml

 ---
 # file: roles/haproxy/tasks/blacklists.yml
 
-- name: "Update blacklists"
+- name: Update blacklists
   template:
     src: '{{ item }}'
-    dest: '/etc/haproxy/{{ item }}'
-    owner: 'root'
-    group: 'root'
-    mode: '644'
+    dest: /etc/haproxy/{{ item }}
+    owner: root
+    group: root
+    mode: 644
   with_items:
-    - 'blacklist.ip'
-    - 'blacklist.referer'
-    - 'blacklist.agent'
+    - blacklist.ip
+    - blacklist.referer
+    - blacklist.agent
   notify: "Check HAProxy Config"

tasks/buildcerts.yml

 ---
 # file: roles/haproxy/tasks/buildcerts.yml
 
-- name: "Create PEM file for HaProxy"
+- name: Create PEM file for HaProxy
   assemble:
     src='/etc/letsencrypt/live/{{ item.domain }}'
     dest='/etc/haproxy/certs/{{ item.file }}'

tasks/configure.yml

 ---
 # file: roles/haproxy/tasks/configure.yml
 
-- name: "Backup current settings"
+- name: Backup current settings
   archive:
     path=/etc/haproxy
     dest=/var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
 
-- name: "Install SSL certificates"
+- name: Install SSL certificates
   copy:
     src='{{inventory_dir}}/files/ssl/{{item.file}}'
     dest='/etc/haproxy/certs'
@@ -14,7 +14,7 @@
   when: not item.letsencrypt|default(false)
   notify: "Check HAProxy Config"
 
-- name: "Create host lists"
+- name: Create host lists
   template:
     src='host_list'
     dest='/etc/haproxy/{{item}}.list'
@@ -24,7 +24,7 @@
   with_items: '{{ groups.webserver|default([]) }}'
   notify: "Check HAProxy Config"
 
-- name: "Create host ssl lists"
+- name: Create host ssl lists
   template:
     src='host_ssl_list'
     dest='/etc/haproxy/{{item}}.ssl.list'
@@ -34,7 +34,7 @@
   with_items: '{{ groups.webserver|default([]) }}'
   notify: "Check HAProxy Config"
 
-- name: "Create host path lists"
+- name: Create host path lists
   file:
     dest='/etc/haproxy/{{item}}.path.list'
     owner='root'
@@ -44,7 +44,7 @@
   with_items: '{{ groups.webserver|default([]) }}'
   changed_when: false
 
-- name: "Create use bigpipe host lists"
+- name: Create use bigpipe host lists
   template:
     src='use_bigpipe_list'
     dest='/etc/haproxy/use_bigpipe.list'
@@ -53,7 +53,7 @@
     mode='644'
   notify: "Check HAProxy Config"
 
-- name: "Create ignore varnish host lists"
+- name: Create ignore varnish host lists
   template:
     src='ignore_varnish_list'
     dest='/etc/haproxy/ignore_varnish.list'
@@ -62,7 +62,7 @@
     mode='644'
   notify: "Check HAProxy Config"
 
-- name: "Create empty crm lists files"
+- name: Create empty crm lists files
   file:
     dest='/etc/haproxy/{{item}}.crm.list'
     owner='root'
@@ -72,7 +72,7 @@
   with_items: '{{ groups.webserver|default([]) }}'
   changed_when: false
 
-- name: "Update private ips"
+- name: Update private ips
   template:
     src='privatelist.ip.jinja2'
     dest='/etc/haproxy/privatelist.ip'
@@ -82,7 +82,7 @@
   when: haproxy_private is defined
   notify: "Check HAProxy Config"
 
-- name: "Update private domains"
+- name: Update private domains
   template:
     src='privatelist.domain.jinja2'
     dest='/etc/haproxy/privatelist.domain'
@@ -92,7 +92,7 @@
   when: haproxy_private is defined and haproxy_private.domain is defined
   notify: "Check HAProxy Config"
 
-- name: "Update redirect map files"
+- name: Update redirect map files
   template:
     src='redirect.map.jinja2'
     dest='/etc/haproxy/redirect.{{ item }}.map'
@@ -100,13 +100,13 @@
     group='root'
     mode='644'
   with_items:
-    - 'domain'
-    - 'domain-and-path'
-    - 'domain-append-path'
-    - 'path'
+    - domain
+    - domain-and-path
+    - domain-append-path
+    - path
   notify: "Check HAProxy Config"
 
-- name: "Create config file"
+- name: Create config file
   template:
     src='haproxy_cfg.jinja2'
     dest='/etc/haproxy/haproxy.cfg'

tasks/install.yml

 ---
 # file: roles/haproxy/tasks/install.yml
 
-- name: "Add Apt Repositories"
+- name: Add Apt Repositories
   apt_repository:
     repo='{{ item }}'
     state=present
@@ -9,7 +9,7 @@
   with_items:
     - "ppa:vbernat/haproxy-1.8"
 
-- name: "Install some packages"
+- name: Install some packages
   apt:
     pkg='{{ packages }}'
     state=latest
@@ -19,7 +19,7 @@
       - hatop
       - socat
 
-- name: "create directories"
+- name: create directories
   file:
     dest='{{ item }}'
     state=directory
@@ -28,7 +28,7 @@
     - /etc/haproxy/certs
     - /etc/haproxy/update
 
-- name: "Install hatop shortcut"
+- name: Install hatop shortcut
   copy:
     src='usr_local_bin_hatop'
     dest='/usr/local/bin/hatop'
@@ -36,16 +36,17 @@
     group='root'
     mode='755'
 
-- name: "Install log rotator"
+- name: Install log rotator
   copy:
     src='etc_logrotate_d_haproxy'
     dest='/etc/logrotate.d/haproxy'
     owner='root'
     group='root'
     mode='644'
-  tags: 'logrotate'
+  tags:
+    - logrotate
 
-- name: "Install script to read socket"
+- name: Install script to read socket
   template:
     src='hasocket'
     dest='/usr/local/bin/hasocket'

tasks/main.yml

 ---
 # file: roles/haproxy/tasks/main.yml
 
-- name: "HaProxy Role"
-  set_fact: role_haproxy_started=true
-  tags: 'always'
+- name: HaProxy Role
+  set_fact:
+    role_haproxy_started: yes
+  tags:
+    - always
 
 - block:
 
   - import_tasks: install.yml
   - import_tasks: configure.yml
     tags:
-      - 'Config'
+      - Config
   - import_tasks: blacklists.yml
     tags:
-      - 'Config'
-      - 'Blacklists'
+      - Config
+      - Blacklists
 
-  when: '"haproxy" not in excluded_roles'
+  when: not excluded_roles or "haproxy" not in excluded_roles
 
 - block:
 
-  - name: "Install Certs"
-    include_tasks: '../../letsencrypt/tasks/cert.yml'
+  - name: Install Certs
+    include_tasks: ../../letsencrypt/tasks/cert.yml
     with_items: '{{ proxy_certificates|default([]) }}'
     loop_control:
       loop_var: domain
     when: domain.letsencrypt|default(false) and domain.active|default(true)
 
-  - name: "Renew Existing Cert"
-    import_tasks: '../../letsencrypt/tasks/renew.yml'
+  - name: Renew Existing Cert
+    import_tasks: ../../letsencrypt/tasks/renew.yml
 
-  - name: "Build HaProxy Certs"
-    import_tasks: 'buildcerts.yml'
+  - name: Build HaProxy Certs
+    import_tasks: buildcerts.yml
 
-  tags: 'Certs'
-  when: 'proxy_active|default(true) and "letsencrypt" not in excluded_roles'
+  tags:
+    - Certs
+  when: proxy_active|default(true) and (not excluded_roles or "letsencrypt" not in excluded_roles)
 
-- import_tasks: 'proxypool.yml'
-  when: '"letsencrypt" not in excluded_roles'
-  tags: 'Certs'
+- import_tasks: proxypool.yml
+  when: not excluded_roles or "letsencrypt" not in excluded_roles
+  tags:
+    - Certs

tasks/proxypool.yml

@@ -3,24 +3,25 @@
 
 - block:
 
-  - name: "Set directory permissions to current user"
+  - name: Set directory permissions to current user
     file:
-      path: '/etc/letsencrypt'
+      path: /etc/letsencrypt
       owner: '{{ ansible_env.SUDO_USER|default("root") }}'
       recurse: yes
       follow: no
     when: proxy_active|default(true)
 
-  - name: "Pull Certs from active Proxy"
-    import_tasks: 'pullcerts.yml'
+  - name: Pull Certs from active Proxy
+    import_tasks: pullcerts.yml
     when: not proxy_active|default(true)
 
-  - name: "Set directory permissions to root"
+  - name: Set directory permissions to root
     file:
-      path: '/etc/letsencrypt'
-      owner: 'root'
+      path: /etc/letsencrypt
+      owner: root
       recurse: yes
       follow: no
     when: proxy_active|default(true)
 
-  tags: 'Certs'
+  tags:
+    - Certs

tasks/pullcerts.yml

 ---
 # file: roles/haproxy/tasks/pullcerts.yml
 
-- name: "Find out active proxy"
-  set_fact: proxy_active_host={{ item }}
+- name: Find out active proxy
+  set_fact:
+    proxy_active_host: '{{ item }}'
   with_items: '{{ groups.proxyserver|default([]) }}'
   when: hostvars[item].proxy_active|default(true)
 
-- name: "Set directory permissions to current user"
+- name: Set directory permissions to current user
   file:
     path: '{{ item }}'
     owner: '{{ ansible_env.SUDO_USER|default("root") }}'
     recurse: yes
     follow: no
   with_items:
-    - '/etc/letsencrypt'
-    - '/etc/haproxy/certs'
+    - /etc/letsencrypt
+    - /etc/haproxy/certs
 
-- name: "Sync files"
+- name: Sync files
   shell: rsync -rulp '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
   delegate_to: '{{ inventory_hostname }}'
   become: no
   with_items:
-    - '/etc/letsencrypt'
-    - '/etc/haproxy/certs'
+    - /etc/letsencrypt
+    - /etc/haproxy/certs
   ignore_errors: yes
   # We ignore errors as they may happen if we run the script without the other proxy
 
-- name: "Set directory permissions to root"
+- name: Set directory permissions to root
   file:
     path: '{{ item }}'
-    owner: 'root'
+    owner: root
     recurse: yes
     follow: no
   with_items:
-    - '/etc/letsencrypt'
-    - '/etc/haproxy/certs'
+    - /etc/letsencrypt
+    - /etc/haproxy/certs