From 82a938edf8ef84d0a2b4e1182d8efe85e1c02bb8 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Mon, 10 Jun 2019 12:51:23 +0200
Subject: [PATCH] ansible-playbooks/general#85 Linting
---
defaults/main.yml | 168 +++++++++++++++++++++----------------------
handlers/main.yml | 8 +--
tasks/blacklists.yml | 16 ++---
tasks/buildcerts.yml | 2 +-
tasks/configure.yml | 32 ++++-----
tasks/install.yml | 15 ++--
tasks/main.yml | 40 ++++++-----
tasks/proxypool.yml | 17 ++---
tasks/pullcerts.yml | 25 +++----
9 files changed, 165 insertions(+), 158 deletions(-)
diff --git a/defaults/main.yml b/defaults/main.yml
index 1e24e87..8e064c3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,10 +1,10 @@
-default_proxy: ''
+default_proxy:
proxy_debug: false
-proxy_default_backend: ''
+proxy_default_backend:
proxy_certificates: []
-proxy_timeout_connect: '5s'
-proxy_timeout_client: '20s'
-proxy_timeout_server: '45s'
+proxy_timeout_connect: 5s
+proxy_timeout_client: 20s
+proxy_timeout_server: 45s
proxy_redirect_aliase: false
proxy_maxconn: 100
proxy_varnish_maxconn: 1000
@@ -15,85 +15,85 @@ proxy_redirect_maps:
path: {}
proxy_blacklist:
ip:
- - '146.185.176.158'
- - '162.243.9.72'
- - '173.199.114.0/24'
- - '173.199.115.0/24'
- - '173.199.115.112/29'
- - '173.199.116.0/24'
- - '173.199.117.0/24'
- - '173.199.118.0/24'
- - '173.199.119.0/24'
- - '173.199.120.0/24'
- - '182.50.130.0/24'
- - '188.92.74.0/24'
- - '195.239.0/24'
- - '198.186.190.0/23'
- - '198.186.192.0/23'
- - '198.186.194.0/24'
- - '208.167.230.0/24'
- - '209.222.12.0/24'
- - '210.171.3.0/24'
- - '212.100.254.105'
- - '212.113.0.0/24'
- - '212.113.32.0/21'
- - '212.113.37.0/24'
- - '213.186.0.0/24'
- - '213.186.96.0/19'
- - '46.137.98.159'
- - '5.10.83.0/24'
- - '5.10.83.0/25'
- - '5.9.0.0/24'
- - '5.9.104.0/24'
- - '50.112.126.117'
- - '54.232.100.158'
- - '54.235.220.243'
- - '54.249.240.15'
- - '54.251.45.250'
- - '54.252.97.95'
- - '69.42.83.0/24'
+ - 146.185.176.158
+ - 162.243.9.72
+ - 173.199.114.0/24
+ - 173.199.115.0/24
+ - 173.199.115.112/29
+ - 173.199.116.0/24
+ - 173.199.117.0/24
+ - 173.199.118.0/24
+ - 173.199.119.0/24
+ - 173.199.120.0/24
+ - 182.50.130.0/24
+ - 188.92.74.0/24
+ - 195.239.0/24
+ - 198.186.190.0/23
+ - 198.186.192.0/23
+ - 198.186.194.0/24
+ - 208.167.230.0/24
+ - 209.222.12.0/24
+ - 210.171.3.0/24
+ - 212.100.254.105
+ - 212.113.0.0/24
+ - 212.113.32.0/21
+ - 212.113.37.0/24
+ - 213.186.0.0/24
+ - 213.186.96.0/19
+ - 46.137.98.159
+ - 5.10.83.0/24
+ - 5.10.83.0/25
+ - 5.9.0.0/24
+ - 5.9.104.0/24
+ - 50.112.126.117
+ - 54.232.100.158
+ - 54.235.220.243
+ - 54.249.240.15
+ - 54.251.45.250
+ - 54.252.97.95
+ - 69.42.83.0/24
referer:
- - 'best-seo-solution.com'
- - 'best-seo-offer.com'
- - 'buttons-for-website.com'
- - 'buttons-for-your-website.com'
- - 'semalt.com'
- - '7makemoneyonline.com'
+ - best-seo-solution.com
+ - best-seo-offer.com
+ - buttons-for-website.com
+ - buttons-for-your-website.com
+ - semalt.com
+ - 7makemoneyonline.com
agent:
- - 'AhrefsBot'
- - 'Ahrefs'
- - 'rogerbot'
- - 'MJ12bot'
- - 'majestic12'
- - 'MJ12'
- - 'SiteBot'
- - 'Semrush'
- - 'CCBot'
- - '80legs'
- - 'Sogou'
- - 'DigExt'
- - 'spbot'
- - 'ia_archiver'
- - 'Rankivabot'
- - 'DBLBot'
- - 'libw'
- - 'Voil'
- - 'Twice'
- - 'Sogou'
- - 'psbot'
- - 'Exabot'
- - 'boitho'
- - 'ajSitemap'
- - 'Rankivabot'
- - 'SeznamBot'
- - 'DBLBot'
- - 'Ezooms'
- - 'Ezooms/1.0'
- - 'exabot'
- - 'dotbot'
- - 'gigabot'
+ - AhrefsBot
+ - Ahrefs
+ - rogerbot
+ - MJ12bot
+ - majestic12
+ - MJ12
+ - SiteBot
+ - Semrush
+ - CCBot
+ - 80legs
+ - Sogou
+ - DigExt
+ - spbot
+ - ia_archiver
+ - Rankivabot
+ - DBLBot
+ - libw
+ - Voil
+ - Twice
+ - Sogou
+ - psbot
+ - Exabot
+ - boitho
+ - ajSitemap
+ - Rankivabot
+ - SeznamBot
+ - DBLBot
+ - Ezooms
+ - Ezooms/1.0
+ - exabot
+ - dotbot
+ - gigabot
other:
- - 'path_beg /wp-admin'
- - 'path_beg /wp-login'
- - 'path /autodiscover/autodiscover.xml'
- - 'path /autodiscover.xml'
+ - path_beg /wp-admin
+ - path_beg /wp-login
+ - path /autodiscover/autodiscover.xml
+ - path /autodiscover.xml
diff --git a/handlers/main.yml b/handlers/main.yml
index b707009..41e9727 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,14 +1,14 @@
---
# file: roles/haproxy/handler/main.yml
-- name: "Check HAProxy Config"
+- name: Check HAProxy Config
command: haproxy -c -f /etc/haproxy/haproxy.cfg
register: haproxy_config_check
- changed_when: '"Configuration file is valid" in haproxy_config_check.stdout_lines'
- failed_when: '"Configuration file is valid" not in haproxy_config_check.stdout_lines'
+ changed_when: "Configuration file is valid" in haproxy_config_check.stdout_lines
+ failed_when: "Configuration file is valid" not in haproxy_config_check.stdout_lines
notify: "Restart HAProxy"
-- name: "Restart HAProxy"
+- name: Restart HAProxy
service: name={{item.name}} state={{item.state}}
with_items:
- name: haproxy
diff --git a/tasks/blacklists.yml b/tasks/blacklists.yml
index 9cc0294..fb0a9bd 100644
--- a/tasks/blacklists.yml
+++ b/tasks/blacklists.yml
@@ -1,15 +1,15 @@
---
# file: roles/haproxy/tasks/blacklists.yml
-- name: "Update blacklists"
+- name: Update blacklists
template:
src: '{{ item }}'
- dest: '/etc/haproxy/{{ item }}'
- owner: 'root'
- group: 'root'
- mode: '644'
+ dest: /etc/haproxy/{{ item }}
+ owner: root
+ group: root
+ mode: 644
with_items:
- - 'blacklist.ip'
- - 'blacklist.referer'
- - 'blacklist.agent'
+ - blacklist.ip
+ - blacklist.referer
+ - blacklist.agent
notify: "Check HAProxy Config"
diff --git a/tasks/buildcerts.yml b/tasks/buildcerts.yml
index 9f81682..67c9fe2 100644
--- a/tasks/buildcerts.yml
+++ b/tasks/buildcerts.yml
@@ -1,7 +1,7 @@
---
# file: roles/haproxy/tasks/buildcerts.yml
-- name: "Create PEM file for HaProxy"
+- name: Create PEM file for HaProxy
assemble:
src='/etc/letsencrypt/live/{{ item.domain }}'
dest='/etc/haproxy/certs/{{ item.file }}'
diff --git a/tasks/configure.yml b/tasks/configure.yml
index daa142e..8975dda 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,12 +1,12 @@
---
# file: roles/haproxy/tasks/configure.yml
-- name: "Backup current settings"
+- name: Backup current settings
archive:
path=/etc/haproxy
dest=/var/backups/haproxy-{{ lookup('pipe','date +%Y%m%d-%H%M%S') }}.tgz
-- name: "Install SSL certificates"
+- name: Install SSL certificates
copy:
src='{{inventory_dir}}/files/ssl/{{item.file}}'
dest='/etc/haproxy/certs'
@@ -14,7 +14,7 @@
when: not item.letsencrypt|default(false)
notify: "Check HAProxy Config"
-- name: "Create host lists"
+- name: Create host lists
template:
src='host_list'
dest='/etc/haproxy/{{item}}.list'
@@ -24,7 +24,7 @@
with_items: '{{ groups.webserver|default([]) }}'
notify: "Check HAProxy Config"
-- name: "Create host ssl lists"
+- name: Create host ssl lists
template:
src='host_ssl_list'
dest='/etc/haproxy/{{item}}.ssl.list'
@@ -34,7 +34,7 @@
with_items: '{{ groups.webserver|default([]) }}'
notify: "Check HAProxy Config"
-- name: "Create host path lists"
+- name: Create host path lists
file:
dest='/etc/haproxy/{{item}}.path.list'
owner='root'
@@ -44,7 +44,7 @@
with_items: '{{ groups.webserver|default([]) }}'
changed_when: false
-- name: "Create use bigpipe host lists"
+- name: Create use bigpipe host lists
template:
src='use_bigpipe_list'
dest='/etc/haproxy/use_bigpipe.list'
@@ -53,7 +53,7 @@
mode='644'
notify: "Check HAProxy Config"
-- name: "Create ignore varnish host lists"
+- name: Create ignore varnish host lists
template:
src='ignore_varnish_list'
dest='/etc/haproxy/ignore_varnish.list'
@@ -62,7 +62,7 @@
mode='644'
notify: "Check HAProxy Config"
-- name: "Create empty crm lists files"
+- name: Create empty crm lists files
file:
dest='/etc/haproxy/{{item}}.crm.list'
owner='root'
@@ -72,7 +72,7 @@
with_items: '{{ groups.webserver|default([]) }}'
changed_when: false
-- name: "Update private ips"
+- name: Update private ips
template:
src='privatelist.ip.jinja2'
dest='/etc/haproxy/privatelist.ip'
@@ -82,7 +82,7 @@
when: haproxy_private is defined
notify: "Check HAProxy Config"
-- name: "Update private domains"
+- name: Update private domains
template:
src='privatelist.domain.jinja2'
dest='/etc/haproxy/privatelist.domain'
@@ -92,7 +92,7 @@
when: haproxy_private is defined and haproxy_private.domain is defined
notify: "Check HAProxy Config"
-- name: "Update redirect map files"
+- name: Update redirect map files
template:
src='redirect.map.jinja2'
dest='/etc/haproxy/redirect.{{ item }}.map'
@@ -100,13 +100,13 @@
group='root'
mode='644'
with_items:
- - 'domain'
- - 'domain-and-path'
- - 'domain-append-path'
- - 'path'
+ - domain
+ - domain-and-path
+ - domain-append-path
+ - path
notify: "Check HAProxy Config"
-- name: "Create config file"
+- name: Create config file
template:
src='haproxy_cfg.jinja2'
dest='/etc/haproxy/haproxy.cfg'
diff --git a/tasks/install.yml b/tasks/install.yml
index a17b0df..96a7cb1 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,7 +1,7 @@
---
# file: roles/haproxy/tasks/install.yml
-- name: "Add Apt Repositories"
+- name: Add Apt Repositories
apt_repository:
repo='{{ item }}'
state=present
@@ -9,7 +9,7 @@
with_items:
- "ppa:vbernat/haproxy-1.8"
-- name: "Install some packages"
+- name: Install some packages
apt:
pkg='{{ packages }}'
state=latest
@@ -19,7 +19,7 @@
- hatop
- socat
-- name: "create directories"
+- name: create directories
file:
dest='{{ item }}'
state=directory
@@ -28,7 +28,7 @@
- /etc/haproxy/certs
- /etc/haproxy/update
-- name: "Install hatop shortcut"
+- name: Install hatop shortcut
copy:
src='usr_local_bin_hatop'
dest='/usr/local/bin/hatop'
@@ -36,16 +36,17 @@
group='root'
mode='755'
-- name: "Install log rotator"
+- name: Install log rotator
copy:
src='etc_logrotate_d_haproxy'
dest='/etc/logrotate.d/haproxy'
owner='root'
group='root'
mode='644'
- tags: 'logrotate'
+ tags:
+ - logrotate
-- name: "Install script to read socket"
+- name: Install script to read socket
template:
src='hasocket'
dest='/usr/local/bin/hasocket'
diff --git a/tasks/main.yml b/tasks/main.yml
index 8e91062..338fd7a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,41 +1,45 @@
---
# file: roles/haproxy/tasks/main.yml
-- name: "HaProxy Role"
- set_fact: role_haproxy_started=true
- tags: 'always'
+- name: HaProxy Role
+ set_fact:
+ role_haproxy_started: yes
+ tags:
+ - always
- block:
- import_tasks: install.yml
- import_tasks: configure.yml
tags:
- - 'Config'
+ - Config
- import_tasks: blacklists.yml
tags:
- - 'Config'
- - 'Blacklists'
+ - Config
+ - Blacklists
- when: '"haproxy" not in excluded_roles'
+ when: not excluded_roles or "haproxy" not in excluded_roles
- block:
- - name: "Install Certs"
- include_tasks: '../../letsencrypt/tasks/cert.yml'
+ - name: Install Certs
+ include_tasks: ../../letsencrypt/tasks/cert.yml
with_items: '{{ proxy_certificates|default([]) }}'
loop_control:
loop_var: domain
when: domain.letsencrypt|default(false) and domain.active|default(true)
- - name: "Renew Existing Cert"
- import_tasks: '../../letsencrypt/tasks/renew.yml'
+ - name: Renew Existing Cert
+ import_tasks: ../../letsencrypt/tasks/renew.yml
- - name: "Build HaProxy Certs"
- import_tasks: 'buildcerts.yml'
+ - name: Build HaProxy Certs
+ import_tasks: buildcerts.yml
- tags: 'Certs'
- when: 'proxy_active|default(true) and "letsencrypt" not in excluded_roles'
+ tags:
+ - Certs
+ when: proxy_active|default(true) and (not excluded_roles or "letsencrypt" not in excluded_roles)
-- import_tasks: 'proxypool.yml'
- when: '"letsencrypt" not in excluded_roles'
- tags: 'Certs'
+- import_tasks: proxypool.yml
+ when: not excluded_roles or "letsencrypt" not in excluded_roles
+ tags:
+ - Certs
diff --git a/tasks/proxypool.yml b/tasks/proxypool.yml
index ac7a227..b419287 100644
--- a/tasks/proxypool.yml
+++ b/tasks/proxypool.yml
@@ -3,24 +3,25 @@
- block:
- - name: "Set directory permissions to current user"
+ - name: Set directory permissions to current user
file:
- path: '/etc/letsencrypt'
+ path: /etc/letsencrypt
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
when: proxy_active|default(true)
- - name: "Pull Certs from active Proxy"
- import_tasks: 'pullcerts.yml'
+ - name: Pull Certs from active Proxy
+ import_tasks: pullcerts.yml
when: not proxy_active|default(true)
- - name: "Set directory permissions to root"
+ - name: Set directory permissions to root
file:
- path: '/etc/letsencrypt'
- owner: 'root'
+ path: /etc/letsencrypt
+ owner: root
recurse: yes
follow: no
when: proxy_active|default(true)
- tags: 'Certs'
+ tags:
+ - Certs
diff --git a/tasks/pullcerts.yml b/tasks/pullcerts.yml
index 37679da..8f8b61b 100644
--- a/tasks/pullcerts.yml
+++ b/tasks/pullcerts.yml
@@ -1,37 +1,38 @@
---
# file: roles/haproxy/tasks/pullcerts.yml
-- name: "Find out active proxy"
- set_fact: proxy_active_host={{ item }}
+- name: Find out active proxy
+ set_fact:
+ proxy_active_host: '{{ item }}'
with_items: '{{ groups.proxyserver|default([]) }}'
when: hostvars[item].proxy_active|default(true)
-- name: "Set directory permissions to current user"
+- name: Set directory permissions to current user
file:
path: '{{ item }}'
owner: '{{ ansible_env.SUDO_USER|default("root") }}'
recurse: yes
follow: no
with_items:
- - '/etc/letsencrypt'
- - '/etc/haproxy/certs'
+ - /etc/letsencrypt
+ - /etc/haproxy/certs
-- name: "Sync files"
+- name: Sync files
shell: rsync -rulp '{{ proxy_active_host }}:{{ item }}/' '{{ item }}'
delegate_to: '{{ inventory_hostname }}'
become: no
with_items:
- - '/etc/letsencrypt'
- - '/etc/haproxy/certs'
+ - /etc/letsencrypt
+ - /etc/haproxy/certs
ignore_errors: yes
# We ignore errors as they may happen if we run the script without the other proxy
-- name: "Set directory permissions to root"
+- name: Set directory permissions to root
file:
path: '{{ item }}'
- owner: 'root'
+ owner: root
recurse: yes
follow: no
with_items:
- - '/etc/letsencrypt'
- - '/etc/haproxy/certs'
+ - /etc/letsencrypt
+ - /etc/haproxy/certs
--
GitLab