Skip to content

Commit

Permalink
Handle ansible-lint errors that required manual touches
Browse files Browse the repository at this point in the history
  • Loading branch information
kyl191 committed Dec 22, 2024
1 parent 5256083 commit 634d970
Show file tree
Hide file tree
Showing 8 changed files with 22 additions and 15 deletions.
5 changes: 4 additions & 1 deletion handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@
state: restarted

- name: Save iptables rules (Debian/Ubuntu and CentOS/RHEL/Fedora)
ansible.builtin.shell: "{{ iptables_save_command }}"
ansible.builtin.shell: "{{ iptables_save_command }}" # noqa command-instead-of-shell could have shell redirection
when: ansible_os_family == 'Debian' or ansible_os_family == 'RedHat'
listen: "save iptables"
changed_when: true # always save iptables rules

- name: Build and install policy
ansible.builtin.command: "{{ item }}"
Expand All @@ -34,3 +35,5 @@
- "checkmodule -M -m -o {{ openvpn_selinux_module }}.mod {{ openvpn_selinux_module }}.te"
- "semodule_package -o {{ openvpn_selinux_module }}.pp -m {{ openvpn_selinux_module }}.mod"
- "semodule -i {{ openvpn_selinux_module }}.pp"
changed_when: true
when: ansible_selinux.status == 'enabled'
15 changes: 6 additions & 9 deletions meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,18 @@ galaxy_info:
description: OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

license: MIT
min_ansible_version: 2.9
min_ansible_version: "2.9"

platforms:
- name: EL
versions:
- 7
- 8
- "8"
- "9"
- name: Fedora
versions:
- 32
- 33
- 34
- name: Ubuntu
versions:
- trusty
- "38"
- "39"
- "40"
galaxy_tags:
- networking

Expand Down
3 changes: 2 additions & 1 deletion tasks/compile_ldap_plugin.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
path: "{{ openvpn_auth_ldap_bin_path }}"
register: openvpn_auth_ldap_bin

- when:
- name: Compile openvpn-auth-ldap plugin
when:
- not openvpn_auth_ldap_bin.stat.exists or not re2c_bin.stat.exists
block:
- name: Install gcc objc repo
Expand Down
2 changes: 1 addition & 1 deletion tasks/firewalld.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@

# workaround for --permanent not working on non-NetworkManager managed ifaces
# https://bugzilla.redhat.com/show_bug.cgi?id=1112742
- name: Check if ifcfg-{{ ansible_default_ipv4.interface }} exists
- name: Check if ifcfg file exists for {{ ansible_default_ipv4.interface }}
ansible.builtin.stat:
path: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4.interface }}"
register: ifcfg
Expand Down
3 changes: 2 additions & 1 deletion tasks/iptables.yml
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,9 @@
notify: "save iptables"

- name: Save existing iptables rule before start iptables service
ansible.builtin.shell: "{{ iptables_save_command }}"
ansible.builtin.shell: "{{ iptables_save_command }}" # noqa command-instead-of-shell
when: __iptables_installed.changed | bool # noqa no-handler
changed_when: true

- name: Enable iptables
ansible.builtin.service:
Expand Down
5 changes: 4 additions & 1 deletion tasks/server_keys.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,10 @@
mode: "0400"

- name: Sign server key
ansible.builtin.command: openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca-key.pem -sha256 -days 3650 -CAcreateserial -extfile openssl-server.ext
ansible.builtin.command: >
openssl x509 -req -in server.csr -out server.crt
-CA ca.crt -CAkey ca-key.pem -sha256 -days 3650
-CAcreateserial -extfile openssl-server.ext
args:
chdir: "{{ openvpn_key_dir }}"
creates: server.crt
Expand Down
1 change: 1 addition & 0 deletions tests/ansible-role-openvpn
3 changes: 2 additions & 1 deletion tests/test.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
- hosts: 127.0.0.1
- name: Run CI tests
hosts: 127.0.0.1
connection: local
vars:
ci_build: true
Expand Down

0 comments on commit 634d970

Please sign in to comment.