Merge branch 't36656-certbot-hook' into 'main'

Remove useless nginx test in post-hook | refs #36656

See merge request sys/ansible-public!27

playbooks/postgres-maintenance/rephacheck_status.yml

@@ -4,13 +4,11 @@
   hosts: postgres_primary:postgres_standby:postgres_fenced
   tasks:
     - name: get cluster state
-      ansible.builtin.command: "rephacheck"
+      ansible.builtin.command: rephacheck
       register: rephacheck
       changed_when: false
 
     - name: show status for each node
       ansible.builtin.debug:
-        msg: "Current node {{ ansible_hostname }} status {{ rephacheck['stdout'] }}"
+        msg: Current node {{ ansible_hostname }} status {{ rephacheck['stdout'] }}
       when: rephacheck['stdout'] | length > 0
-
-...

playbooks/postgres-maintenance/restart_repmgrd.yml

@@ -4,7 +4,7 @@
   hosts: postgres
   tasks:
     - name: kill repmgrd
-      ansible.builtin.command: "pkill repmgrd"
+      ansible.builtin.command: pkill repmgrd
       # TOFIX: implement a proper verification
       changed_when: false
       failed_when: false
@@ -13,5 +13,3 @@
       ansible.builtin.systemd:
         name: repmgrd
         state: restarted
-
-...

playbooks/postgres-maintenance/standby_to_primary.yml

@@ -5,20 +5,18 @@
   tasks:
     - name: fail if node status if not standby
       ansible.builtin.fail:
-        msg: "Current status {{ rephacheck['stdout'] }} must be standby."
+        msg: Current status {{ rephacheck['stdout'] }} must be standby.
       when: rephacheck['stdout'] != "standby"
     - name: check if node is currently in standby
-      ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow --dry-run"
+      ansible.builtin.command: repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow --dry-run
       become: true
       become_user: postgres
       when: rephacheck['stdout'] == "standby"
       register: standby_dry_run
     - name: switch standby node to primary
-      ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow"
+      ansible.builtin.command: repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow
       become: true
       become_user: postgres
       when:
         - standby_dry_run is succeeded
         - rephacheck['stdout'] == "standby"
-
-...

playbooks/postgres.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: POSTGRESQL
   hosts: postgres
   tags: postgres
@@ -15,5 +14,3 @@
       when: proxy_apply | d(false)
       ansible.builtin.include_role:
         name: proxy
-
-...

playbooks/site.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: PYTHON
   hosts: all
   gather_facts: false
@@ -50,5 +49,3 @@
 
 - import_playbook: tester.yml
   tags: tester
-
-...

playbooks/tester.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: Install UbiCast tester
   hosts: mediaserver:mediaworker:mirismanager:postgres:msmonitor:live:celerity:mediaimport:mediacache:mediavault
   tags: all
   roles:
     - tester
-
-...

playbooks/tests/data-partition.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: TEST DATA PARTITION
   hosts: mediaserver
   gather_facts: false
   tasks:
-
     - name: verify /data partition existence
       ansible.builtin.shell: findmnt /data
       register: data_exist
@@ -14,7 +12,6 @@
 
     # /data exist
     - block:
-
         - name: get /data size
           ansible.builtin.shell: df -BG /data --output=size | tail -n1 | grep -o '[0-9]*'
           register: data_size
@@ -23,13 +20,13 @@
 
         - name: print size
           ansible.builtin.debug:
-            msg: "/data size is {{ data_size.stdout }}G"
+            msg: /data size is {{ data_size.stdout }}G
 
         - name: create a test directory in /data
           ansible.builtin.file:
             path: /data/test
             state: directory
-            mode: '0755'
+            mode: "0755"
             owner: nobody
             group: nogroup
           ignore_errors: true
@@ -39,7 +36,7 @@
           ansible.builtin.file:
             state: touch
             path: /data/test/file
-            mode: '0644'
+            mode: "0644"
             owner: nobody
             group: nogroup
           ignore_errors: true
@@ -52,7 +49,6 @@
 
     # /data missing
     - block:
-
         - name: get /home size
           ansible.builtin.shell: df -BG /home --output=size | tail -n1 | grep -o '[0-9]*'
           register: home_size
@@ -61,11 +57,9 @@
 
         - name: verify size
           ansible.builtin.debug:
-            msg: "/home size is too short ({{ home_size.stdout }}G < 200G)"
+            msg: /home size is too short ({{ home_size.stdout }}G < 200G)
           when: home_size.stdout | int < 200
           ignore_errors: true
           failed_when: true
 
       when: data_exist.rc != 0
-
-...

playbooks/tests/exec-tester.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: RUN TESTER
   hosts: all
   tags: tester
@@ -20,5 +19,3 @@
           python3 /root/envsetup/tests/tester.py 2>&1 | tee /root/envsetup/tests/logs/tester_pb.log
         creates: /root/envsetup/tests/logs/tester_pb.log
         executable: /bin/bash
-
-...

playbooks/tests/firewall-rules.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: GATHER ALL FACTS
   hosts: all
   tasks:
@@ -14,7 +13,6 @@
   hosts: all
   gather_facts: false
   tasks:
-
     - include_vars:
         file: ressources/firewall/rules.yml
 
@@ -30,7 +28,6 @@
   hosts: all
   gather_facts: false
   tasks:
-
     - include_vars:
         file: ressources/firewall/rules.yml
 
@@ -42,5 +39,3 @@
         loop_var: outer_item
       # execute loop only when group exists and host is in listen.groupname_src
       when: (outer_item.groupname_src in groups) and (inventory_hostname in groups[outer_item.groupname_src])
-
-...

playbooks/tests/ressources/firewall/listen.yml

 ---
-
 - debug:
-    msg: "On {{ outer_item.groupname }} server(s) put {{ outer_item.ports }} port(s) in listen mode"
+    msg: On {{ outer_item.groupname }} server(s) put {{ outer_item.ports }} port(s) in listen mode
 
-- ansible.builtin.shell: "nohup timeout 300 nc -lp {{ item }} >/dev/null 2>&1 &"
+- ansible.builtin.shell: nohup timeout 300 nc -lp {{ item }} >/dev/null 2>&1 &
   ignore_errors: true
   loop: "{{ outer_item.ports }}"
   changed_when: false
-
-...

playbooks/tests/ressources/firewall/rules.yml

 ---
-
 listen:
-
   - groupname: mediaserver
     ports: ["80", "443"]
-
   - groupname: celerity
     ports: ["6200"]
-
   - groupname: wowza
     ports: ["1935"]
-
   - groupname: mirismanager
     ports: ["22", "443"]
-
   - groupname: mediaimport
     ports: ["20", "22"]
-
   - groupname: all
     ports: ["4949"]
-
   - groupname: postgres
     ports: ["5432", "22"]
 
 
 test:
-
   - groupname_src: mediaworker
     groupname_dst: mediaserver
     ports: ["80", "443"]
-
   - groupname_src: mediaworker
     groupname_dst: celerity
     ports: ["6200"]
-
   - groupname_src: mediaserver
     groupname_dst: celerity
     ports: ["6200"]
-
   - groupname_src: mediaserver
     groupname_dst: mediacache
     ports: ["22", "443"]
-
   - groupname_src: mediacache
     groupname_dst: mediaserver
     ports: ["80", "443"]
-
   - groupname_src: mediaserver
-    hosts_dst: ["mirismanager.ubicast.eu"]
+    hosts_dst: [mirismanager.ubicast.eu]
     ports: ["80", "443"]
-
   - groupname_src: mediaserver
     groupname_dst: netcapture
     ports: ["22"]
-
   - groupname_src: netcapture
     groupname_dst: mediaserver
     ports: ["443", "1935"]
-
   - groupname_src: mediaserver
-    hosts_dst: ["git.ubicast.net"]
+    hosts_dst: [git.ubicast.net]
     ports: ["22"]
-
   - groupname_src: localhost
     groupname_dst: mediaserver
     ports: ["80", "443"]
-
-...

playbooks/tests/ressources/firewall/test-rule.yml

 ---
-
 # test rules with direct hosts destination
 - block:
     - debug:
-        msg: "Test rule from {{ outer_item.groupname_src }} to {{ outer_item.hosts_dst }} on {{ outer_item.ports }} port(s)"
+        msg: Test rule from {{ outer_item.groupname_src }} to {{ outer_item.hosts_dst }} on {{ outer_item.ports }} port(s)
 
-    - shell: "nc -zv {{ item.0 }} {{ item.1 }}"
+    - shell: nc -zv {{ item.0 }} {{ item.1 }}
       ignore_errors: true
       loop: "{{ outer_item.hosts_dst | product(outer_item.ports) | list }}"
       when: proxy is not defined
       changed_when: false
 
-    - shell: "nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}"
+    - shell: nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}
       ignore_errors: true
       loop: "{{ outer_item.hosts_dst | product(outer_item.ports) | list }}"
       when: proxy is defined
@@ -21,21 +20,17 @@
 # test rules with ansible group destination
 - block:
     - debug:
-        msg: "Test rule from {{ outer_item.groupname_src }} to {{ outer_item.groupname_dst }} on {{ outer_item.ports }} port(s)"
+        msg: Test rule from {{ outer_item.groupname_src }} to {{ outer_item.groupname_dst }} on {{ outer_item.ports }} port(s)
 
-    - shell: "nc -zv {{ item.0 }} {{ item.1 }}"
+    - shell: nc -zv {{ item.0 }} {{ item.1 }}
       ignore_errors: true
-      loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list
-                | product(outer_item.ports) | list }}"
+      loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | product(outer_item.ports) | list }}"
       when: proxy is not defined
       changed_when: false
 
-    - shell: "nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}"
+    - shell: nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}
       ignore_errors: true
-      loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list
-                | product(outer_item.ports) | list }}"
+      loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | product(outer_item.ports) | list }}"
       when: proxy is defined
       changed_when: false
   when: outer_item.groupname_dst is defined
-
-...

playbooks/upgrade.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: UPGRADE SERVERS
   hosts: all
   tasks:
-
     - name: apt-get dist-upgrade
       when: ansible_os_family == "Debian"
       ansible.builtin.apt:
@@ -21,5 +19,3 @@
       ansible.builtin.yum:
         name: "*"
         state: latest
-
-...

playbooks/users.yml

 #!/usr/bin/env ansible-playbook
 ---
-
 - name: USERS
   hosts: all
   tags: all
   roles:
     - conf
     - users
-
-...

requirements.yml

 ---
 - src: elastic.elasticsearch
   version: 7.9.0
-
-...

roles/base/meta/main.yml

 ---
-
 dependencies:
   - role: conf
   - role: init
@@ -9,5 +8,3 @@ dependencies:
   - role: ferm-install
   - role: ferm-configure
   - role: fail2ban
-
-...

roles/bench-server/defaults/main.yml

 ---
-
 bench_server_packages:
   - ubicast-benchmark
 
@@ -14,5 +13,3 @@ bench_dl_streams: false
 
 bench_stream_repo: https://git.ubicast.net/mediaserver/ms-testing-suite.git
 bench_host_api_key: "{{ envsetup_ms_api_key | d() }}"
-
-...

roles/bench-server/meta/main.yml

 ---
-
 dependencies:
   - role: conf
   - role: init
   - role: sysconfig
-
-...

roles/bench-server/tasks/main.yml

 ---
-
 - name: install bench-server packages
   ansible.builtin.apt:
     force_apt_get: true
@@ -15,7 +14,7 @@
   ansible.builtin.file:
     path: /etc/mediaserver
     state: directory
-    mode: '755'
+    mode: "755"
 
 - name: benchmark configuration settings
   ansible.builtin.copy:
@@ -30,7 +29,7 @@
       "DL_STREAMS":{{ bench_dl_streams }},
       "TIME_STATS":{{ bench_time_stat }}
       }
-    mode: '644'
+    mode: "644"
 
 - name: reload systemd daemon
   ansible.builtin.systemd:
@@ -45,7 +44,7 @@
   ansible.builtin.template:
     src: bench-streaming.conf.j2
     dest: /etc/mediaserver/bench-streaming.conf
-    mode: '644'
+    mode: "644"
 
 - name: clone ms-testing-suite repository
   ansible.builtin.git:
@@ -60,7 +59,7 @@
     src: /etc/mediaserver/bench-streaming.conf
     dest: /usr/share/ms-testing-suite/config.json
     remote_src: true
-    mode: '644'
+    mode: "644"
 
 - name: add docker key
   when:
@@ -75,7 +74,7 @@
     - not offline_mode | d(false)
     - not in_docker | d(false)
   ansible.builtin.apt_repository:
-    repo: "deb https://download.docker.com/linux/debian buster stable"
+    repo: deb https://download.docker.com/linux/debian buster stable
     state: present
     update_cache: true
 
@@ -101,5 +100,3 @@
     cmd: make build_docker_img
     chdir: /usr/share/ms-testing-suite
   run_once: true
-
-...

roles/bench-worker/defaults/main.yml

 ---
-
 bench_worker_packages:
   - ubicast-benchmark
 
@@ -11,5 +10,3 @@ bench_user: admin
 bench_password: "{{ envsetup_ms_admin_pwd | d() }}"
 bench_oid:
 bench_dl_streams: false
-
-...