Merge branch 't36656-certbot-hook' into 'main'

Remove useless nginx test in post-hook | refs #36656 See merge request sys/ansible-public!27

Merge branch 't36656-certbot-hook' into 'main'
8b20f9d3 · Antoine SCHILDKNECHT · 110c87ff · fbe17dcb · 8b20f9d3 · 8b20f9d3
Commit 8b20f9d3 authored 2 years ago by Antoine SCHILDKNECHT
--- a/inventories/example/host_vars/mynetcapture.yml
+++ b/inventories/example/host_vars/mynetcapture.yml
 ---
 skyreach_system_key: changeme
-...
--- a/inventories/local-full/host_vars/localhost.dist.yml
+++ b/inventories/local-full/host_vars/localhost.dist.yml
 ---
 # customer name
 customer_short_name: customer
@@ -12,5 +11,3 @@ conf_update: false
 # activation keys
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/inventories/local-mediaimport/host_vars/localhost.dist.yml
+++ b/inventories/local-mediaimport/host_vars/localhost.dist.yml
 ---
 # activation keys
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/inventories/local-mediaserver/host_vars/localhost.dist.yml
+++ b/inventories/local-mediaserver/host_vars/localhost.dist.yml
 ---
 # customer name
 customer_short_name: customer
@@ -12,5 +11,3 @@ conf_update: false
 # activation keys
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/inventories/local-mediavault/host_vars/localhost.dist.yml
+++ b/inventories/local-mediavault/host_vars/localhost.dist.yml
 ---
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/inventories/local-mediaworker/host_vars/localhost.dist.yml
+++ b/inventories/local-mediaworker/host_vars/localhost.dist.yml
 ---
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/inventories/offline-mediaserver/host_vars/localhost.dist.yml
+++ b/inventories/offline-mediaserver/host_vars/localhost.dist.yml
 ---
 # customer name
 customer_short_name: customer
 # install in offline environment
 offline_mode: true
-...
--- a/inventories/offline-mediaworker/host_vars/localhost.dist.yml
+++ b/inventories/offline-mediaworker/host_vars/localhost.dist.yml
 ---
 # install in offline environment
 offline_mode: true
-...
--- a/inventories/test-container/host_vars/ansibletest.yml
+++ b/inventories/test-container/host_vars/ansibletest.yml
@@ -2,4 +2,3 @@
 # activation keys
 skyreach_system_key:
 skyreach_activation_key:
-...
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: BASE
  hosts: all
  tags: all
  roles:
    - base
-...
--- a/playbooks/bench-monitoring.yml
+++ b/playbooks/bench-monitoring.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: DEPLOY ELASTIC KIBANA SERVER
  hosts: elastic
-  tags: ['never', 'monbench']
+  tags: [never, monbench]
  vars:
    - es_heap_size: 2g
    - es_config:
@@ -20,12 +19,10 @@
 - name: DEPLOY METRICBEAT WORKERS
  hosts: mediaserver,postgres
-  tags: ['never', 'monbench']
+  tags: [never, monbench]
  vars:
    - kibana_server_host: "{{ hostvars[groups['elastic'][0]]['ansible_default_ipv4']['address'] }}"
    - elastic_host: "{{ es_config['network.host'] }}"
    - es_api_host: "{{ es_config['network.host'] }}"
  roles:
    - metricbeat
-...
--- a/playbooks/bench.yml
+++ b/playbooks/bench.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: DEPLOY BENCHMARK SERVER
  hosts: bench_server
  pre_tasks:
-    - name: "Fail is benchmark server is not unique"
+    - name: Fail is benchmark server is not unique
      ansible.builtin.fail:
-        msg: "Benchmark server must be unique"
+        msg: Benchmark server must be unique
      when: groups['bench_server'] | length > 1
  tags: bench_server
  roles:
@@ -33,5 +32,3 @@
      ansible.builtin.service:
        name: bench-worker
        state: restarted
-...
--- a/playbooks/celerity.yml
+++ b/playbooks/celerity.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: CELERITY SERVER
  hosts: celerity
  tags: celerity
@@ -15,5 +14,3 @@
      when: proxy_apply | d(false)
      ansible.builtin.include_role:
        name: proxy
-...
--- a/playbooks/letsencrypt.yml
+++ b/playbooks/letsencrypt.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: Let's encrypt
  hosts: all
  tags: all
  roles:
    - letsencrypt
-...
--- a/playbooks/live/deploy-minimal.yml
+++ b/playbooks/live/deploy-minimal.yml
 ---
 - name: LIVE
  hosts: live
  gather_facts: false
@@ -8,17 +7,7 @@
    - live
 - import_playbook: subplays/standard-case.yml
-  when: groups['live'] | d('') | length >= 1
+  when: groups['live'] | d('') | length >= 1 and ( hostvars[groups['live'][0]].ip_live is undefined or hostvars[groups['live'][0]].ip_live == "127.0.0.1" )
-        and (
-          hostvars[groups['live'][0]].ip_live is undefined
-          or hostvars[groups['live'][0]].ip_live == "127.0.0.1"
-        )
 - import_playbook: subplays/ha-case.yml
-  when: groups['live'] | d('') | length >= 1
+  when: groups['live'] | d('') | length >= 1 and ( hostvars[groups['live'][0]].ip_live is defined and hostvars[groups['live'][0]].ip_live != "127.0.0.1" )
-        and (
-          hostvars[groups['live'][0]].ip_live is defined
-          and hostvars[groups['live'][0]].ip_live != "127.0.0.1"
-        )
-...
--- a/playbooks/live/deploy-standalone.yml
+++ b/playbooks/live/deploy-standalone.yml
 ---
 - name: LIVE
  hosts: live
  tags: live
@@ -35,5 +34,3 @@
 - import_playbook: deploy-minimal.yml
  tags: live
-...
--- a/playbooks/live/functions/create-live-app.yml
+++ b/playbooks/live/functions/create-live-app.yml
 ---
 - name: Checking the live(s) server(s) live configuration state
  hosts: live
  gather_facts: false
@@ -66,8 +65,7 @@
    - name: Comparing the app secrets from MS an live servers with the reference
      ansible.builtin.set_fact:
        app_secret_diff: true
-      when: base_live_secret is defined
+      when: base_live_secret is defined and hostvars[item].live_secret != base_live_secret
-            and hostvars[item].live_secret != base_live_secret
      with_items:
        - "{{ groups['live'] }}"
        - "{{ groups['mediaserver'] }}"
@@ -79,9 +77,8 @@
      register: secret
      args:
        executable: /bin/bash
-      failed_when: false  # Ansible-lint requires pipefail, but the return is then non-null so we have to force this
+      failed_when: false # Ansible-lint requires pipefail, but the return is then non-null so we have to force this
-      when: base_live_secret is not defined
+      when: base_live_secret is not defined or app_secret_diff
-            or app_secret_diff
    - name: Deciding the application secret to use
      ansible.builtin.set_fact:
@@ -110,7 +107,7 @@
        owner: nginx
        group: root
        state: directory
-        mode: '0700'
+        mode: "0700"
    - name: Create the nginx RTMP web directory symlink
      notify: Reload nginx
@@ -167,7 +164,7 @@
    - name: Set the RTMP_PLAYBACK_URL in lives configuration
      vars:
        rtmp_playback_line:
-          RTMP_PLAYBACK_URL: null
+          RTMP_PLAYBACK_URL:
      ansible.builtin.set_fact:
        lives_config: "{{ lives_config | combine(rtmp_playback_line) }}"
@@ -182,15 +179,13 @@
      notify: Restart mediaserver
      ansible.builtin.copy:
        content: "{{ lives_config | to_nice_json }}"
-        dest: "/home/{{ live_app_name }}/msinstance/conf/lives.json"
+        dest: /home/{{ live_app_name }}/msinstance/conf/lives.json
        owner: "{{ live_app_name }}"
        group: "{{ live_app_name }}"
-        mode: '0600'
+        mode: "0600"
  handlers:
    - name: Restart mediaserver
      ansible.builtin.systemd:
        name: mediaserver
        state: restarted
-...
--- a/playbooks/live/subplays/ha-case.yml
+++ b/playbooks/live/subplays/ha-case.yml
 ---
 - name: Live vhost setup
  hosts: live
  tags: live
@@ -8,15 +7,15 @@
    - name: resolve domain name to localhost
      ansible.builtin.lineinfile:
        path: /etc/hosts
-        line: '127.0.1.1 {{ live_domain }}'
+        line: 127.0.1.1 {{ live_domain }}
        backup: true
    - name: fill the vhost file
      notify: Restart nginx
      ansible.builtin.replace:
        path: /etc/nginx/sites-available/live-rtmp.conf
-        regexp: '^(\s+server_name)\s+.*(;)$'
+        regexp: ^(\s+server_name)\s+.*(;)$
-        replace: '\1 {{ live_domain }}\2'
+        replace: \1 {{ live_domain }}\2
    - name: Activating the live vhost configuration
      notify: Restart nginx
@@ -34,8 +33,8 @@
 - import_playbook: ../functions/create-live-app.yml
  vars:
    live_app_name: msuser
-    rtmp_hls_url: "https://{{ hostvars[groups['live'][0]].live_domain }}/streaming-rtmp/%(rtmp_name)s/%(stream_id)s.m3u8"
+    rtmp_hls_url: https://{{ hostvars[groups['live'][0]].live_domain }}/streaming-rtmp/%(rtmp_name)s/%(stream_id)s.m3u8
-    rtmp_pub_url: "rtmp://{{ hostvars[groups['live'][0]].live_domain }}/%(rtmp_app)s/%(stream_id)s"
+    rtmp_pub_url: rtmp://{{ hostvars[groups['live'][0]].live_domain }}/%(rtmp_app)s/%(stream_id)s
    deploy_case: ha
 - hosts: mediaserver
@@ -52,5 +51,3 @@
      args:
        warn: false
      when: rtmp_conf_dir.stat.exists
-...
--- a/playbooks/live/subplays/standard-case.yml
+++ b/playbooks/live/subplays/standard-case.yml
 ---
 - import_playbook: ../functions/create-live-app.yml
  vars:
    live_app_name: msuser
-    rtmp_hls_url: "https://%(ms_host)s/streaming-rtmp/%(stream_id)s.m3u8"
+    rtmp_hls_url: https://%(ms_host)s/streaming-rtmp/%(stream_id)s.m3u8
-    rtmp_pub_url: "rtmp://%(ms_host)s/%(rtmp_app)s/%(stream_id)s"
+    rtmp_pub_url: rtmp://%(ms_host)s/%(rtmp_app)s/%(stream_id)s
    deploy_case: standard
-...
--- a/playbooks/mediacache.yml
+++ b/playbooks/mediacache.yml
 #!/usr/bin/env ansible-playbook
 ---
 - name: MEDIACACHE
  hosts: mediacache
  tags: mediacache
@@ -19,5 +18,3 @@
      when: proxy_apply | d(false)
      ansible.builtin.include_role:
        name: proxy
-...