Merge pull request #19 from thorian93/devel

Release 1.1.0

.github/PULL_REQUEST_TEMPLATE.md

@@ -27,9 +27,7 @@ Issue Number: `e.g. #1`
 ## What is the new behavior?
 <!-- Please describe the behavior or changes that are being added by this PR. -->
 
--
--
--
+See [CHANGELOG.rst](https://github.com/thorian93/main/blob/main/CHANGELOG.rst) for details.
 
 ## Other information
 <!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->

.github/workflows/release.yaml

@@ -108,5 +108,7 @@ jobs:
 
             For a detailed changelog, refer to the [CHANGELOG](https://github.com/thorian93/main/blob/main/CHANGELOG.rst).
 
+            This collection can be found in the [Galaxy](https://galaxy.ansible.com/ui/repo/published/thorian93/main/) as well!
+
       - name: Publish Ansible Collection to the Galaxy
         run: ansible-galaxy collection publish ${{env.NAMESPACE}}-${{env.COLLECTION_NAME}}-${{ steps.current_version.outputs.version }}.tar.gz --api-key ${{ secrets.GALAXY_API_KEY }}

changelogs/fragments/1.1.0.yml

@@ -0,0 +1,8 @@
+release_summary: "Trying to keep it clean."
+
+minor_changes:
+  - Common role - Skip `/etc/hosts` configuration in containers.
+  - SSH role - Enable configuration of the`Include` directive.
+
+bugfixes:
+  - All roles - Fix another batch of linting issues.

galaxy.yml

@@ -9,7 +9,7 @@ namespace: thorian93
 name: main
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.0
+version: 1.1.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

playbooks/main.yml

@@ -1,47 +1,47 @@
 ---
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - certmanage
 
-- hosts: my_test_host
+- hosts: all
   name: "Common."
   become: true
   roles:
     - common
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - journald
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - logrotate
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - ntp
 
-- hosts: my_test_host
+- hosts: all
   name: "Proxy."
   become: true
   roles:
     - proxy
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - ssh
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - sudo
 
-- hosts: my_test_host
+- hosts: all
   become: true
   roles:
     - upgrade

roles/certmanage/README.md

@@ -2,10 +2,6 @@
 
 This role installs custom CA certificates on Debian/Ubuntu, RHEL/CentOS and Fedora servers.
 
-[![Ansible Role: Certmanage](https://img.shields.io/ansible/role/55130?style=flat-square)](https://galaxy.ansible.com/thorian93/certmanage)
-[![Ansible Role: Certmanage](https://img.shields.io/ansible/quality/55130?style=flat-square)](https://galaxy.ansible.com/thorian93/certmanage)
-[![Ansible Role: Certmanage](https://img.shields.io/ansible/role/d/55130?style=flat-square)](https://galaxy.ansible.com/thorian93/certmanage)
-
 ## Here be Dragons!
 
 This role only installs certificates, it does not handle removal of certificates currently.
@@ -46,7 +42,7 @@ This role ensures that it is not used against unsupported or untested operating
       - CentOS 7
       - Fedora 30
 
-If the combination of distribution and major version number do not match the target system, the role will fail. To allow the role to work add the distribution name and major version name to that variable and you are good to go. But please test the new combination first!
+If the combination of distribution and major version number do not match the target system, the role will fail. To allow the role to work add the distribution name and major version name to that variable, and you are good to go. But please test the new combination first!
 
 Kudos to [HarryHarcourt](https://github.com/HarryHarcourt) for this idea!
 

roles/certmanage/defaults/main.yml

@@ -5,15 +5,14 @@ certmanage_stable_os:
   - Debian 9
   - Debian 10
   - Debian 11
+  - Debian 12
   - Fedora 30
   - Fedora 31
   - Fedora 32
   - Fedora 33
   - Fedora 34
   - Fedora 35
   - Fedora 36
-  # - openSUSE Leap 15
-  # - openSUSE Leap 42
   - Ubuntu 16
   - Ubuntu 18
   - Ubuntu 20

roles/certmanage/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: "Update CA Trust on RedHat Derivates."  # noqa no-changed-when
+  listen: update trust
+  ansible.builtin.command: update-ca-trust
+  when: ansible_os_family == "RedHat"
+
+- name: "Update CA Trust Debian Derivates."  # noqa no-changed-when
+  listen: update trust
+  ansible.builtin.command: update-ca-certificates
+  when: ansible_os_family == "Debian"

roles/certmanage/meta/main.yml

@@ -1,10 +1,11 @@
 ---
 galaxy_info:
-  role_name: certmanage
   author: thorian93
   description: Local Certificate Store Management
   license: "license (MIT)"
 
+  issue_tracker_url: https://github.com/thorian93/main/issues
+
   min_ansible_version: "2.9"
 
   galaxy_tags:
@@ -20,8 +21,7 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 7
-        - 8
+        - all
     - name: Debian
       versions:
         - Stretch

roles/certmanage/molecule/default/converge.yml

@@ -2,30 +2,6 @@
 - name: Converge
   hosts: all
 
-  pre_tasks:
-
-    - name: "Update APT cache."
-      ansible.builtin.apt:
-        update_cache: true
-        cache_valid_time: 600
-      when: ansible_os_family == 'Debian'
-    - name: "Install prerequisites."
-      ansible.builtin.apt:
-        name: "{{ item }}"
-        state: present
-      loop:
-        - apt-utils
-        - man
-      when: ansible_os_family == 'Debian'
-    - name: "Create '/usr/share/man/man8/' on Ubuntu."
-      ansible.builtin.file:
-        path: /usr/share/man/man8/
-        state: directory
-        mode: "0755"
-        owner: root
-        group: root
-      when: ansible_distribution == 'Ubuntu'
-
   tasks:
 
     - name: "Run role."

roles/certmanage/molecule/default/group_vars/all.yml

@@ -1,2 +1 @@
 ---
-upgrade_unattended_reboot: false

roles/certmanage/tasks/Debian.yml

@@ -15,8 +15,4 @@
     group: root
     mode: 0644
   with_items: "{{ certmanage_certificates }}"
-  register: upload_cert_result
-
-- name: Update CA Trust.
-  ansible.builtin.command: update-ca-certificates
-  when: upload_cert_result.changed
+  notify: update trust

roles/certmanage/tasks/RedHat.yml

@@ -15,14 +15,4 @@
     group: root
     mode: 0644
   with_items: "{{ certmanage_certificates }}"
-  register: upload_cert_result
-
-- name: Update CA Trust.
-  ansible.builtin.command: update-ca-trust
-  when: upload_cert_result.changed
-
-- name: Update CA Trust for older Distributions.
-  ansible.builtin.command: update-ca-trust enable
-  when:
-    - upload_cert_result.changed
-    - ansible_distribution_version|int < 7
+  notify: update trust

roles/common/README.md

@@ -2,13 +2,9 @@
 
 This role manages several parts of a Linux system which are not worth their own role.
 
-[![Ansible Role: Common](https://img.shields.io/ansible/role/55131?style=flat-square)](https://galaxy.ansible.com/thorian93/common)
-[![Ansible Role: Common](https://img.shields.io/ansible/quality/55131?style=flat-square)](https://galaxy.ansible.com/thorian93/common)
-[![Ansible Role: Common](https://img.shields.io/ansible/role/d/55131?style=flat-square)](https://galaxy.ansible.com/thorian93/common)
-
 ## Here be Dragons!
 
-When managing DNS resolution with this role be aware of the following: On Ubuntu this role will remove the symlink on /etc/resolv.conf if it exists and replace it with a static file. The symlink originates in the `systemd-resolved` daemon. Managing that daemon is at least currently out of scope for this role. I know this not a beautiful solution but it works for me. If you know how to handle this better feel free to contact me or create a PR.
+When managing DNS resolution with this role be aware of the following: On Ubuntu this role will remove the symlink on /etc/resolv.conf if it exists and replace it with a static file. The symlink originates in the `systemd-resolved` daemon. Managing that daemon is at least currently out of scope for this role. I know this not a beautiful solution, but it works for me. If you know how to handle this better feel free to contact me or create a PR.
 
 ## Known issues
 
@@ -43,7 +39,7 @@ Enable and disable managed sections of this role.
 
     common_host_name: "{{ inventory_hostname }}"
 
-Configure the managed systems hostname. This defaults to the `inventory_hostname`.
+Configure the managed systems' hostname. This defaults to the `inventory_hostname`.
 
     common_global_users_present: []
       # - name: johndoe
@@ -74,7 +70,7 @@ Enable EPEL repository on RedHat derivates.
 
     common_dns_search: []
 
-Configure DNS search path e.g for your local network.
+Configure DNS search path e.g. for your local network.
 
     common_dns_servers:
       - 1.1.1.1

roles/common/meta/main.yml

@@ -5,6 +5,8 @@ galaxy_info:
   description: Common System Management
   license: "license (MIT)"
 
+  issue_tracker_url: https://github.com/thorian93/main/issues
+
   min_ansible_version: "2.9"
 
   galaxy_tags:
@@ -15,8 +17,7 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 7
-        - 8
+        - all
     - name: Debian
       versions:
         - Stretch

roles/common/molecule/default/converge.yml

@@ -4,7 +4,7 @@
 
   pre_tasks:
 
-    - name: "Update APT cache."
+    - name: "Update APT Cache."
       ansible.builtin.apt:
         update_cache: true
         cache_valid_time: 600

roles/common/tasks/Suse.yml

@@ -26,6 +26,6 @@
         fi
      fi
 
-- name: "Workaround - Install python-xml."
+- name: "Workaround - Install python-xml."  # noqa no-changed-when
   ansible.builtin.command: zypper in -y python-xml
   when: ansible_distribution == "opensuse Leap" and ansible_distribution_major_version == "15"

roles/common/tasks/disks.yml

@@ -8,7 +8,7 @@
   failed_when: common_disks_list.rc > 1
   when: ('container' not in ansible_facts.virtualization_tech_guest)
 
-- name: "Disable disk checks on all ext4 disk devices."
+- name: "Disable disk checks on all ext4 disk devices."  # noqa no-changed-when
   ansible.builtin.command: "tune2fs -c 0 -i 0 {{ item }}"
   with_items: "{{ common_disks_list.stdout_lines }}"
   when: ('container' not in ansible_facts.virtualization_tech_guest)

roles/common/tasks/dns.yml

@@ -10,7 +10,7 @@
     state: absent
   when: common_resolv_symlink_status.stat.islnk is defined and common_resolv_symlink_status.stat.islnk
 
-- name: "Make sure /etc/resolv.conf is modifiable for this play."
+- name: "Make sure /etc/resolv.conf is modifiable for this play."  # noqa no-changed-when
   ansible.builtin.command: chattr -i /etc/resolv.conf
   when: |
     (common_resolv_symlink_status.stat.islnk is defined and not common_resolv_symlink_status.stat.islnk)
@@ -26,6 +26,6 @@
     group: root
     setype: net_conf_t
 
-- name: "Make sure /etc/resolv.conf is not modifiable by anyone."
+- name: "Make sure /etc/resolv.conf is not modifiable by anyone."  # noqa no-changed-when
   ansible.builtin.command: chattr +i /etc/resolv.conf
   when: ('container' not in ansible_facts.virtualization_tech_guest)

roles/common/tasks/groups.yml

@@ -2,19 +2,19 @@
 - name: "Concatenate Groups Presence Variables."
   ansible.builtin.set_fact:
     common_groups_present: >-
-      {{ common_global_groups_present | default('') | list  +
-      common_os_groups_present | default('') | list  +
-      common_system_groups_present | default('') | list  +
-      common_stage_groups_present | default('') | list  +
+      {{ common_global_groups_present | default('') | list +
+      common_os_groups_present | default('') | list +
+      common_system_groups_present | default('') | list +
+      common_stage_groups_present | default('') | list +
       common_role_groups_present | default('') | list }}
 
 - name: "Concatenate Groups Absence Variables."
   ansible.builtin.set_fact:
     common_groups_absent: >-
-      {{ common_global_groups_absent | default('') | list  +
-      common_os_groups_absent | default('') | list  +
-      common_system_groups_absent | default('') | list  +
-      common_stage_groups_absent | default('') | list  +
+      {{ common_global_groups_absent | default('') | list +
+      common_os_groups_absent | default('') | list +
+      common_system_groups_absent | default('') | list +
+      common_stage_groups_absent | default('') | list +
       common_role_groups_absent | default('') | list }}
 
 - name: "Ensure Admin Group exists."

roles/common/tasks/main.yml

@@ -16,6 +16,7 @@
     line: "127.0.0.1 {{ common_host_name | default('{{ inventory_hostname }}') }} localhost"
     regexp: "^127.0.0.1"
     state: present
+  when: ('container' not in ansible_facts.virtualization_tech_guest)
 
 - name: "Include Derivate specific Variables."
   ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"

roles/common/tasks/oh-my-zsh.yml

@@ -16,12 +16,15 @@
     src: zshrc.j2
     dest: "/{% if 'root' in item %}{{ item }}{% else %}home/{{ item }}{% endif %}/.zshrc"
     backup: true
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: 0640
   with_items: "{{ common_zsh_users }}"
 
-- name: "Determine ZSH binary location."
+- name: "Determine ZSH binary location."  # noqa no-changed-when
   ansible.builtin.command: which zsh
   register: common_zsh_binary_location
 
-- name: "Enable ZSH as default shell."
+- name: "Enable ZSH as default shell."  # noqa no-changed-when
   ansible.builtin.command: "chsh -s {{ common_zsh_binary_location.stdout }} {{ item }}"
   with_items: "{{ common_zsh_users }}"

roles/common/tasks/scripting.yml

@@ -30,6 +30,9 @@
   ansible.builtin.file:
     path: "{{ item.dest }}"
     state: "{{ item.state }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
   with_items: "{{ common_scripting_scripts }}"
   when: common_scripting_scripts is defined and item.state == "absent"
 

roles/common/tasks/timezone.yml

@@ -10,7 +10,8 @@
   register: common_zoneinfo
 
 - name: "Alert if zoneinfo is not there."
-  ansible.builtin.fail: msg="{{ common_timezone }} is not valid (/usr/share/zoneinfo/{{ common_timezone }} does not exist)"
+  ansible.builtin.fail:
+    msg: "{{ common_timezone }} is not valid (/usr/share/zoneinfo/{{ common_timezone }} does not exist)"
   when: not (common_zoneinfo.stat.exists is defined and common_zoneinfo.stat.exists)
 
 - name: "Symlink the correct localtime (/etc/localtime)."