Merge branch 't38020-debian-12' into 'main'

Debian 12 support, Refs #38020 See merge request sys/ansible-public!50

Merge branch 't38020-debian-12' into 'main'
fcbf0846 · Baptiste DE RENZO · cb676640 · 67145f04 · cb676640 · fcbf0846
Commit fcbf0846 authored 1 year ago by Baptiste DE RENZO
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
-#!/bin/sh
-
-if git rev-parse --verify HEAD >/dev/null 2>&1; then
-        against=HEAD
-else
-        # Initial commit: diff against an empty tree object
-        against=$(git hash-object -t tree /dev/null)
-fi
-
-# Redirect output to stderr.
-exec 1>&2
-
-# Get changed files
-changed_files=$(git diff-index --name-only ${against})
-
-# Verify files content
-for file in ${changed_files}; do
-
-    if grep -qiE 'skyreach_(system|activation|api)_key' "${file}"; then
-    
-        # verify key
-        key=$(grep -iE 'skyreach_(system|activation|api)_key' "${file}" | grep -woiE '[a-z0-9]{32}')
-        if [ -n "${key}" ]; then
-            echo "Error: you are about to commit a secret key in file: ${file}"
-            echo "Please remove it before committing."
-            echo -
-            grep -iE 'skyreach_(system|activation|api)_key' "${file}" | grep -iE '[a-z0-9]{32}'
-            echo -
-            exit 1
-        fi
-    
-    fi
-
-done
-
-# vim:ft=sh
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 ---
+
 checkpf:
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html
  trigger:
@@ -36,3 +37,5 @@ lint:
  rules:
    # Only if push in a branch other than main
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != "main"
+
+...
--- a/.lint/ansible-apt-block-check.sh
+++ b/.lint/ansible-apt-block-check.sh
+#!/usr/bin/env bash

 # config
 exclude_pattern=()

--- a/.lint/ansible-lint-prod.conf
+++ b/.lint/ansible-lint-prod.conf
@@ -3,6 +3,7 @@
 profile: production  # min, basic, moderate, safety, shared, production

 exclude_paths:
+  - inventories/
  - ../playbooks/bench-monitoring.yml
  - .cache/
  - ${HOME}/.cache/

--- a/.lint/ansible-lint.conf
+++ b/.lint/ansible-lint.conf
@@ -3,14 +3,21 @@
 profile: basic  # min, basic, moderate, safety, shared, production

 exclude_paths:
-  - ../playbooks/bench-monitoring.yml
+  - inventories/
+  - playbooks/bench-monitoring.yml
+  - roles/bench-server
+  - roles/bench-worker
+  - roles/elastic
+  - roles/metricbeat
+  - roles/docker
  - .cache/
  - ${HOME}/.cache/

 skip_list:
-  - role-name                 # Skip role name pattern verification ("-" should not be used)
-  - name[play]                # Skip the rule dictating that all play should have a name
-  - name[casing]              # Skip the rule dictating that all task name should begin with uppercase
-  - name[template]            # Skip forcing to use jinja var at the end of a task name
+  - role-name                  # Skip role name pattern verification ("-" should not be used)
+  - name[play]                 # Skip the rule dictating that all play should have a name
+  - name[casing]               # Skip the rule dictating that all task name should begin with uppercase
+  - name[template]             # Skip forcing to use jinja var at the end of a task name
+  - var-naming[no-role-prefix] # Skip necessity to prefix role vars with role name

 ...
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+* Remove unused `server_live_host` variable
+* Remove unnecessary `manager_default_email_sender` variable
+* Replace `skyreach_activation_key` and `skyreach_system_key` with `ubicast_api_key`
+* Remove `conf_debug` variable and task
+* Remove unnecessary `letsencrypt_testing` variable
+* Set `netcapture_mm_url` to a default value
+* Set `init_locale` to a default value
+* Set `init_timezone` to a default value
+* Move `postfix_packages` from default to vars directory
+* Remove unused `cockpit` firewall rule
+* Move roles firewall rules from default to vars directory
+* Move munin nodes firewall rules from sysconfig to munin-node
+* Define package variable in vars directory where missing (mediaworker, msmonitor, munin-node, munin-server)
+* Remove unnecessary `postfix_default_email_sender` variable
+* Change default `celerity_server` value
+* Change default `letsencrypt_email` value
+* Rework celerity server and worker defaults variables to use nudgis frontend one
+* Rename `repos_skyreach_*` variables to `repos_ubicast_*`
+* Set `proxy_*` to a default value
+* Set `ntp_servers` to a default value
+* Remove unused `manager_testing` variable
+* Rename `manager_hostname` variable to `manager_domain`
+* Rename `server_*` variables to `nudgis_front_*`
+* Remove unnecessary `server_instances` variable
+* Rename `tmpfs_size` to `live_tmpfs_size`
+* Rename `f2b_` varibales to `fail2ban_`
+
+# TODO : add cache  
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -18,10 +18,6 @@ remote_user = root

 # cutom path for roles
 roles_path = roles
-# custom path for modules
-library = library
-# custom path for action plugins
-action_plugins = plugins/action

 # improve output format (with line return)
 stdout_callback = debug

--- a/inventories/example-ha/group_vars/all.yml
+++ b/inventories/example-ha/group_vars/all.yml
---
-# customer name
-customer_short_name: customer
-
-# enable letsencrypt certificate
-letsencrypt_enabled: false
-
-# update conf.sh
-conf_update: false
-
-# repmgr configuration
-repmgr_password: my top secret repmgr default password
-repmgr_primary_node: "{{ hostvars['pg1']['ansible_default_ipv4']['address'] }}"
-
-# ha proxy configuration
-hap_config_listen:
-  - name: pgsql-primary
-    content: |
-      bind localhost:54321
-      default-server inter 2s fall 3 rise 2 on-marked-down shutdown-sessions
-      option tcp-check
-      tcp-check expect string primary
-      maxconn 500
-      server pg1 192.168.122.1:5432 maxconn 500 check port 8543
-      server pg2 192.168.122.2:5432 maxconn 500 check port 8543 backup
--- a/inventories/example-ha/group_vars/mediavault.yml
+++ b/inventories/example-ha/group_vars/mediavault.yml
---
-
-# mediavault backup deployement
-# used by mediavault/add_backup.yml
-
-# mvt_base_dir: /backup
-# mvt_backups:
-#   - name: self-etc
-#     source: "/etc"
-#     dest: "{{ mvt_base_dir }}/self-etc"
-#   - name: data
-#     source: /data
-#     dest: "{{ mvt_base_dir }}/data"
-
-...
--- a/inventories/example-ha/host_vars/cs1.yml
+++ b/inventories/example-ha/host_vars/cs1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mi1.yml
+++ b/inventories/example-ha/host_vars/mi1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mm1.yml
+++ b/inventories/example-ha/host_vars/mm1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mo1.yml
+++ b/inventories/example-ha/host_vars/mo1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/ms1.yml
+++ b/inventories/example-ha/host_vars/ms1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/ms2.yml
+++ b/inventories/example-ha/host_vars/ms2.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mv1.yml
+++ b/inventories/example-ha/host_vars/mv1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mw1.yml
+++ b/inventories/example-ha/host_vars/mw1.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/mw2.yml
+++ b/inventories/example-ha/host_vars/mw2.yml
---
-skyreach_system_key: changeme
--- a/inventories/example-ha/host_vars/pg1.yml
+++ b/inventories/example-ha/host_vars/pg1.yml
---
-skyreach_system_key: changeme
-
-db_role: primary
-repmgr_node_id: 1
--- a/inventories/example-ha/host_vars/pg2.yml
+++ b/inventories/example-ha/host_vars/pg2.yml
---
-skyreach_system_key: changeme
-
-db_role: standby
-repmgr_node_id: 2