From f20e3bf3557451047a3ab035de503cd2ce35a550 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Sun, 21 May 2023 19:01:59 +0200 Subject: fix some ansible-lint warnings --- roles/apt/tasks/main.yml | 8 ++++---- roles/common/handlers/main.yml | 4 ++-- roles/common/tasks/main.yml | 5 +++-- roles/common/tasks/tool.yml | 4 ++-- roles/docker/tasks/main.yml | 11 +---------- roles/dotfiles/tasks/main.yml | 8 ++++---- roles/etckeeper/tasks/main.yml | 3 ++- roles/flatpak/tasks/main.yml | 2 +- roles/my_server/tasks/main.yml | 8 ++++---- roles/pacman/tasks/main.yml | 28 +++++++++++++++++----------- roles/rate_mirrors/tasks/main.yml | 22 +++++++++++++--------- roles/snap/tasks/main.yml | 10 ++++++---- roles/vagrant/tasks/main.yml | 6 +++--- roles/yay/tasks/main.yml | 5 +++-- 14 files changed, 65 insertions(+), 59 deletions(-) diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index d658651..297307b 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -1,19 +1,19 @@ - name: Upgrade packages become: true - apt: + ansible.builtin.apt: update_cache: true upgrade: full notify: reboot - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers - name: Clean up dependencies become: true - apt: + ansible.builtin.apt: autoremove: true purge: true notify: reboot - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index f569bd6..4942957 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,5 +1,5 @@ - name: Reboot - reboot: + ansible.builtin.reboot: args: # On my trusty old Raspberry Pi 1 Model B+, /proc/sys/kernel/random/boot_id # can sometimes stay the same between reboots. Apparently, not enough @@ -17,7 +17,7 @@ - name: Wait for connectivity # One of the nodes is the VPN server connecting all the other nodes, wait # until all of them are back up: - wait_for_connection: + ansible.builtin.wait_for_connection: args: # 5 minutes is plenty. timeout: 300 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 558f268..fb0eaed 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,4 +1,5 @@ -- include_tasks: tool.yml +- name: Check available tools + ansible.builtin.include_tasks: tool.yml loop: - apt - docker @@ -11,6 +12,6 @@ - name: Check if /etc is versioned become: true - stat: + ansible.builtin.stat: path: /etc/.git/config register: etc_versioned diff --git a/roles/common/tasks/tool.yml b/roles/common/tasks/tool.yml index f8fda64..48d0acc 100644 --- a/roles/common/tasks/tool.yml +++ b/roles/common/tasks/tool.yml @@ -1,8 +1,8 @@ - name: "Check for {{ item }}" - command: "{{ item }} --version" + ansible.builtin.command: "{{ item }} --version" register: cmd_result changed_when: false failed_when: false - name: "Set fact about {{ item }}" - set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" + ansible.builtin.set_fact: "has_{{ item | replace('-', '_') }}={{ cmd_result.rc == 0 }}" diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e39d66f..601dca2 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,12 +1,3 @@ - name: Clean up Docker data become: true - command: docker system prune -a -f --volumes - # Broken after a Docker upgrade: - #community.docker.docker_prune: - # containers: true - # images: true - # images_filters: - # dangling: false - # networks: true - # volumes: true - # builder_cache: true + ansible.builtin.command: docker system prune -a -f --volumes diff --git a/roles/dotfiles/tasks/main.yml b/roles/dotfiles/tasks/main.yml index 3f4d885..6aebcc3 100644 --- a/roles/dotfiles/tasks/main.yml +++ b/roles/dotfiles/tasks/main.yml @@ -1,5 +1,5 @@ - name: ssh-agent hack - acl: + ansible.posix.acl: name: "{{ item }}" etype: user entity: "{{ dotfiles_user }}" @@ -14,7 +14,7 @@ become_user: "{{ dotfiles_user }}" block: - name: Pull repositories - git: + ansible.builtin.git: accept_hostkey: true dest: "~/workspace/personal/{{ item }}" repo: "git@github.com:egor-tensin/{{ item }}.git" @@ -23,11 +23,11 @@ - config-links - name: Run update.sh - command: ./update.sh + ansible.builtin.command: ./update.sh args: chdir: ~/workspace/personal/linux-home - name: Update Vim plugins - command: ./vim_plugins.sh + ansible.builtin.command: ./vim_plugins.sh args: chdir: ~/workspace/personal/linux-home diff --git a/roles/etckeeper/tasks/main.yml b/roles/etckeeper/tasks/main.yml index 0339c61..19f9b86 100644 --- a/roles/etckeeper/tasks/main.yml +++ b/roles/etckeeper/tasks/main.yml @@ -1,4 +1,5 @@ -- become: true +- name: Make sure git is configured + become: true block: - name: Set user.name community.general.git_config: diff --git a/roles/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml index fc3f7ba..4aa39a2 100644 --- a/roles/flatpak/tasks/main.yml +++ b/roles/flatpak/tasks/main.yml @@ -1,3 +1,3 @@ - name: Upgrade packages - command: flatpak update --noninteractive + ansible.builtin.command: flatpak update --noninteractive become: true diff --git a/roles/my_server/tasks/main.yml b/roles/my_server/tasks/main.yml index 36cb4cc..eaf6aa5 100644 --- a/roles/my_server/tasks/main.yml +++ b/roles/my_server/tasks/main.yml @@ -1,14 +1,14 @@ - name: 'Check if {{ server_dir }}/docker-compose.yml exists' become: true - stat: + ansible.builtin.stat: path: '{{ server_dir }}/docker-compose.yml' register: server_exists -- when: server_exists.stat.exists - name: Update containers +- name: Update containers + when: server_exists.stat.exists become: true # community.docker.docker_compose is too confusing for me to use, sorry. - shell: | + ansible.builtin.shell: | docker-compose pull -q && \ docker-compose build --force-rm --pull -q && \ docker-compose up --remove-orphans -d diff --git a/roles/pacman/tasks/main.yml b/roles/pacman/tasks/main.yml index e628873..ed9250d 100644 --- a/roles/pacman/tasks/main.yml +++ b/roles/pacman/tasks/main.yml @@ -1,4 +1,5 @@ -- become: true +- name: Upgrade packages or fail gracefully + become: true block: - name: Upgrade packages community.general.pacman: @@ -7,31 +8,35 @@ register: pacman_result notify: reboot - - debug: + - name: Show upgraded packages + ansible.builtin.debug: var: pacman_result.packages when: pacman_result.changed - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers rescue: - - fail: + - name: Fail if /etc is not versioned + ansible.builtin.fail: msg: Upgrading packages failed for an unknown reason! when: not etc_versioned - name: Check for changes in /etc - command: git status --porcelain=v1 + ansible.builtin.command: git status --porcelain=v1 args: chdir: /etc register: git_status changed_when: false failed_when: false - - fail: + - name: Fail if there're no unstaged changes in /etc + ansible.builtin.fail: msg: Upgrading packages failed for an unknown reason! when: not git_status.stdout - name: All changes in /etc are in pacman.d/gnupg? - shell: | + ansible.builtin.shell: | + set -o pipefail && \ git status --porcelain=v1 \ | cut -c 4- \ | grep -G -v '^pacman.d/gnupg/' @@ -42,20 +47,21 @@ failed_when: false - name: Commit changes in /etc - command: | + ansible.builtin.command: | etckeeper commit 'pacman: GPG keys' when: git_status.stdout and only_gnupg.rc != 0 - - name: Upgrade packages after GPG keys + - name: Retry upgrading packages community.general.pacman: update_cache: true upgrade: true register: pacman_result notify: reboot - - debug: + - name: Show upgraded packages + ansible.builtin.debug: var: pacman_result.packages when: pacman_result.changed - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers diff --git a/roles/rate_mirrors/tasks/main.yml b/roles/rate_mirrors/tasks/main.yml index 8777fbd..4d76ff3 100644 --- a/roles/rate_mirrors/tasks/main.yml +++ b/roles/rate_mirrors/tasks/main.yml @@ -1,41 +1,45 @@ -- become: true +- name: As root user + become: true block: - - when: etc_versioned + - name: Fail if there're uncommitted changes in /etc + when: etc_versioned block: - name: Check for changes in /etc - command: git status --porcelain=v1 + ansible.builtin.command: git status --porcelain=v1 args: chdir: /etc register: git_status changed_when: false failed_when: false - - fail: + - ansible.builtin.fail: msg: There are uncommitted changes in /etc when: git_status.stdout - name: Rate pacman mirrors - shell: | + ansible.builtin.shell: | . /etc/os-release && rate-mirrors \ --allow-root \ --disable-comments \ --save=/etc/pacman.d/mirrorlist \ "$ID" - - when: etc_versioned + - name: Commit pacman.d/mirrorlist + when: etc_versioned block: - name: Check for changes in /etc - command: git status --porcelain=v1 + ansible.builtin.command: git status --porcelain=v1 args: chdir: /etc register: git_status changed_when: false failed_when: false - - fail: + - name: Fail if there're other uncommitted changes + ansible.builtin.fail: msg: How did this happen? when: git_status.stdout != ' M pacman.d/mirrorlist' - name: Commit changes in /etc/pacman.d/mirrorlist - command: | + ansible.builtin.command: | etckeeper commit 'rate-mirrors' diff --git a/roles/snap/tasks/main.yml b/roles/snap/tasks/main.yml index f3be9ba..cce49b0 100644 --- a/roles/snap/tasks/main.yml +++ b/roles/snap/tasks/main.yml @@ -1,7 +1,8 @@ -- become: true +- name: As root user + become: true block: - name: Check for changes in /etc - command: git status --porcelain=v1 + ansible.builtin.command: git status --porcelain=v1 args: chdir: /etc register: git_status @@ -9,7 +10,8 @@ failed_when: false - name: All changes in /etc are snap changes? - shell: | + ansible.builtin.shell: | + set -o pipefail && \ git status --porcelain=v1 \ | cut -c 4- \ | grep -G -v '^systemd/system/' \ @@ -21,5 +23,5 @@ failed_when: false - name: Commit changes in /etc - command: etckeeper commit 'after snap run' + ansible.builtin.command: etckeeper commit 'after snap run' when: git_status.stdout and only_snap.rc != 0 diff --git a/roles/vagrant/tasks/main.yml b/roles/vagrant/tasks/main.yml index 53a64c2..32e9722 100644 --- a/roles/vagrant/tasks/main.yml +++ b/roles/vagrant/tasks/main.yml @@ -1,9 +1,9 @@ - name: Update plugins - command: vagrant plugin update + ansible.builtin.command: vagrant plugin update - name: Prune invalid entries - command: vagrant global-status --prune + ansible.builtin.command: vagrant global-status --prune become: true - name: Clean up boxes - command: vagrant box prune --force --keep-active-boxes + ansible.builtin.command: vagrant box prune --force --keep-active-boxes diff --git a/roles/yay/tasks/main.yml b/roles/yay/tasks/main.yml index bd8effb..42150bf 100644 --- a/roles/yay/tasks/main.yml +++ b/roles/yay/tasks/main.yml @@ -7,9 +7,10 @@ register: yay_result notify: reboot -- debug: +- name: Show yay result + ansible.builtin.debug: var: yay_result when: yay_result - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers -- cgit v1.2.3