From 634d970b7db49367f22f650c986bf81dad19421d Mon Sep 17 00:00:00 2001 From: Kyle Lexmond Date: Sun, 22 Dec 2024 02:47:23 +0000 Subject: [PATCH] Handle ansible-lint errors that required manual touches --- handlers/main.yml | 5 ++++- meta/main.yml | 15 ++++++--------- tasks/compile_ldap_plugin.yml | 3 ++- tasks/firewalld.yml | 2 +- tasks/iptables.yml | 3 ++- tasks/server_keys.yml | 5 ++++- tests/ansible-role-openvpn | 1 + tests/test.yml | 3 ++- 8 files changed, 22 insertions(+), 15 deletions(-) create mode 120000 tests/ansible-role-openvpn diff --git a/handlers/main.yml b/handlers/main.yml index f2b2be1..fb773d1 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -22,9 +22,10 @@ state: restarted - name: Save iptables rules (Debian/Ubuntu and CentOS/RHEL/Fedora) - ansible.builtin.shell: "{{ iptables_save_command }}" + ansible.builtin.shell: "{{ iptables_save_command }}" # noqa command-instead-of-shell could have shell redirection when: ansible_os_family == 'Debian' or ansible_os_family == 'RedHat' listen: "save iptables" + changed_when: true # always save iptables rules - name: Build and install policy ansible.builtin.command: "{{ item }}" @@ -34,3 +35,5 @@ - "checkmodule -M -m -o {{ openvpn_selinux_module }}.mod {{ openvpn_selinux_module }}.te" - "semodule_package -o {{ openvpn_selinux_module }}.pp -m {{ openvpn_selinux_module }}.mod" - "semodule -i {{ openvpn_selinux_module }}.pp" + changed_when: true + when: ansible_selinux.status == 'enabled' diff --git a/meta/main.yml b/meta/main.yml index 7620306..e19b894 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,21 +6,18 @@ galaxy_info: description: OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian license: MIT - min_ansible_version: 2.9 + min_ansible_version: "2.9" platforms: - name: EL versions: - - 7 - - 8 + - "8" + - "9" - name: Fedora versions: - - 32 - - 33 - - 34 - - name: Ubuntu - versions: - - trusty + - "38" + - "39" + - "40" galaxy_tags: - networking diff --git a/tasks/compile_ldap_plugin.yml b/tasks/compile_ldap_plugin.yml index f931570..0d7c4a0 100644 --- a/tasks/compile_ldap_plugin.yml +++ b/tasks/compile_ldap_plugin.yml @@ -13,7 +13,8 @@ path: "{{ openvpn_auth_ldap_bin_path }}" register: openvpn_auth_ldap_bin -- when: +- name: Compile openvpn-auth-ldap plugin + when: - not openvpn_auth_ldap_bin.stat.exists or not re2c_bin.stat.exists block: - name: Install gcc objc repo diff --git a/tasks/firewalld.yml b/tasks/firewalld.yml index 01221ec..f4a370f 100644 --- a/tasks/firewalld.yml +++ b/tasks/firewalld.yml @@ -51,7 +51,7 @@ # workaround for --permanent not working on non-NetworkManager managed ifaces # https://bugzilla.redhat.com/show_bug.cgi?id=1112742 -- name: Check if ifcfg-{{ ansible_default_ipv4.interface }} exists +- name: Check if ifcfg file exists for {{ ansible_default_ipv4.interface }} ansible.builtin.stat: path: "/etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4.interface }}" register: ifcfg diff --git a/tasks/iptables.yml b/tasks/iptables.yml index cd8e749..4494d57 100644 --- a/tasks/iptables.yml +++ b/tasks/iptables.yml @@ -84,8 +84,9 @@ notify: "save iptables" - name: Save existing iptables rule before start iptables service - ansible.builtin.shell: "{{ iptables_save_command }}" + ansible.builtin.shell: "{{ iptables_save_command }}" # noqa command-instead-of-shell when: __iptables_installed.changed | bool # noqa no-handler + changed_when: true - name: Enable iptables ansible.builtin.service: diff --git a/tasks/server_keys.yml b/tasks/server_keys.yml index a466f0f..767a88b 100644 --- a/tasks/server_keys.yml +++ b/tasks/server_keys.yml @@ -66,7 +66,10 @@ mode: "0400" - name: Sign server key - ansible.builtin.command: openssl x509 -req -in server.csr -out server.crt -CA ca.crt -CAkey ca-key.pem -sha256 -days 3650 -CAcreateserial -extfile openssl-server.ext + ansible.builtin.command: > + openssl x509 -req -in server.csr -out server.crt + -CA ca.crt -CAkey ca-key.pem -sha256 -days 3650 + -CAcreateserial -extfile openssl-server.ext args: chdir: "{{ openvpn_key_dir }}" creates: server.crt diff --git a/tests/ansible-role-openvpn b/tests/ansible-role-openvpn new file mode 120000 index 0000000..a96aa0e --- /dev/null +++ b/tests/ansible-role-openvpn @@ -0,0 +1 @@ +.. \ No newline at end of file diff --git a/tests/test.yml b/tests/test.yml index a13f350..de436ad 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,6 @@ --- -- hosts: 127.0.0.1 +- name: Run CI tests + hosts: 127.0.0.1 connection: local vars: ci_build: true