ansible-lint

2023-04-11 23:39:42 +03:00
parent ced8c2314c
commit 53ad104c20
10 changed files with 202 additions and 208 deletions
--- a/roles/synapse/defaults/main.yml
+++ b/roles/synapse/defaults/main.yml
@@ -1,15 +1,13 @@
 ---

-depends:
-
 synapse_psql_host: localhost
 synapse_psql_user: "{{ psql_dbs['matrix-synapse']['user'] }}"
 synapse_psql_pw: "{{ psql_dbs['matrix-synapse']['password'] }}"
 synapse_psql_db: "{{ synapse_psql_user }}"

 matrix_max_upload_size_mb: 100
-synapse_metrics: no
-synapse_presence: yes
+synapse_metrics: false
+synapse_presence: true

 synchrotron_workers:
  balancer: generic_sync
--- a/roles/synapse/handlers/main.yml
+++ b/roles/synapse/handlers/main.yml
@@ -1,23 +1,23 @@
 ---

- name: config synapse service
-  systemd:
-    daemon_reload: yes
+- name: Config synapse service
+  ansible.builtin.systemd:
+    daemon_reload: true
    name: matrix-synapse.service
-    enabled: yes
-  notify: config matrix target
+    enabled: true
+  notify: Config matrix target

- name: config matrix target
-  systemd:
-    daemon_reload: yes
+- name: Config matrix target
+  ansible.builtin.systemd:
+    daemon_reload: true
    name: matrix.target
-    enabled: yes
+    enabled: true
    state: restarted

- name: config worker services
-  systemd:
-    daemon_reload: yes
+- name: Config worker services
+  ansible.builtin.systemd:
+    daemon_reload: true
    name: "matrix-synapse-worker@{{ item }}.service"
-    enabled: yes
+    enabled: true
  loop: "{{ synapse_worker_services }}"
-  notify: config matrix target
+  notify: Config matrix target
--- a/roles/synapse/tasks/config.yml
+++ b/roles/synapse/tasks/config.yml
@@ -1,55 +1,53 @@
 ---
-
-
- name: Put synapse configs in place
-  template:
-    src: "conf.d/{{ item }}.yaml.j2"
-    dest: "/etc/matrix-synapse/conf.d/{{ item }}.yaml"
-    mode: '644'
+- name: Ensure synapse configs are in place
+  ansible.builtin.template:
+    src: conf.d/{{ item }}.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/{{ item }}.yaml
+    mode: "644"
  loop:
    - database
    - general
    - listeners
    - server_name
    - url_preview
-  notify: config matrix target
+  notify: Config matrix target

- name: autojoin config
-  template:
-    src: 'conf.d/autojoin.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/autojoin.yaml'
-    mode: '644'
+- name: Ensure autojoin config is in place
+  ansible.builtin.template:
+    src: conf.d/autojoin.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/autojoin.yaml
+    mode: "644"
  when: matrix_auto_join_rooms is defined
-  notify: config matrix target
+  notify: Config matrix target

- name: password provider config
-  template:
-    src: 'conf.d/password_providers.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/password_providers.yaml'
-    mode: '644'
+- name: Ensure password provider config is in place
+  ansible.builtin.template:
+    src: conf.d/password_providers.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/password_providers.yaml
+    mode: "644"
  when: synapse_ldap_servers is defined
-  notify: config matrix target
+  notify: Config matrix target

- name: modules config
-  template:
-    src: 'conf.d/modules.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/modules.yaml'
-    mode: '644'
+- name: Ensure modules config is in place
+  ansible.builtin.template:
+    src: conf.d/modules.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/modules.yaml
+    mode: "644"
  when: synapse_shared_secret_auth is defined
-  notify: config matrix target
+  notify: Config matrix target

- name: sso config
-  template:
-    src: 'conf.d/sso.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/sso.yaml'
-    mode: '644'
+- name: Ensure sso config is in place
+  ansible.builtin.template:
+    src: conf.d/sso.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/sso.yaml
+    mode: "644"
  when: matrix_openidc_providers is defined
-  notify: config matrix target
+  notify: Config matrix target

- name: turn config
-  template:
-    src: 'conf.d/turn.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/turn.yaml'
-    mode: '644'
+- name: Ensure turn config is in place
+  ansible.builtin.template:
+    src: conf.d/turn.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/turn.yaml
+    mode: "644"
  when: turn_domain is defined
-  notify: config matrix target
+  notify: Config matrix target
--- a/roles/synapse/tasks/install_debian.yml
+++ b/roles/synapse/tasks/install_debian.yml
@@ -1,7 +1,6 @@
 ---
-
- name: Install dependencies
-  apt:
+- name: Ensure synapse dependencies are installed
+  ansible.builtin.apt:
    name:
      - lsb-release
      - wget
@@ -9,22 +8,26 @@
      - python3-pysaml2
      - python3-psycopg2
      - acl
+    state: present

- name: Add matrix.org repo signing key
-  apt_key:
-    url: 'https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg'
-    id: 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058'
+- name: Ensure matrix.org repo signing key is trusted
+  ansible.builtin.apt_key:
+    url: https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg
+    id: AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058
+    state: present

- name: Add matrix.org repo
-  apt_repository:
-    repo: "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"
+- name: Ensure matrix.org repo is enabled
+  ansible.builtin.apt_repository:
+    repo: deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main
+    state: present

- name: Install synapse
-  apt:
+- name: Ensure synapse is installed
+  ansible.builtin.apt:
    name: matrix-synapse-py3
    state: latest

- name: Install redis
-  apt:
+- name: Ensure redis in installed for workers
+  ansible.builtin.apt:
    name: redis-server
+    state: present
  when: synapse_workers is defined
--- a/roles/synapse/tasks/main.yml
+++ b/roles/synapse/tasks/main.yml
@@ -1,38 +1,39 @@
 ---

 - name: Fail if not debian
-  fail:
+  ansible.builtin.fail:
  when: ansible_os_family != "Debian"

- name: Install synapse on debian
-  include_tasks: install_debian.yml
-  when: ansible_os_family=="Debian"
+- name: Include debian synapse installation tasks
+  ansible.builtin.include_tasks: install_debian.yml
+  when: ansible_os_family == "Debian"

- name: Synapse configuration
-  import_tasks: config.yml
+- name: Include synapse configuration tasks
+  ansible.builtin.import_tasks: config.yml

- name: Install matrix-synapse-shared-secret-auth
-  pip:
-    name: 'git+https://github.com/devture/matrix-synapse-shared-secret-auth'
+- name: Ensure matrix-synapse-shared-secret-auth is the latest version
+  ansible.builtin.pip:
+    name: git+https://github.com/devture/matrix-synapse-shared-secret-auth
    state: latest
    virtualenv: /opt/venvs/matrix-synapse
-  notify: config synapse service
+  notify: Config synapse service
  when: synapse_shared_secret_auth is defined

- name: Put systemd units in place
-  template:
-    src: "systemd/{{ item }}.j2"
-    dest: "/etc/systemd/system/{{ item }}"
-    mode: '644'
+- name: Ensure synapse systemd units in place
+  ansible.builtin.template:
+    src: systemd/{{ item }}.j2
+    dest: /etc/systemd/system/{{ item }}
+    mode: 0644
  loop:
    - matrix-synapse.service
    - matrix.target
  notify:
-    - config synapse service
-    - config matrix target
+    - Config synapse service
+    - Config matrix target

- name: Synapse workers
-  include_tasks: workers.yml
+- name: Include synapse worker tasks
+  ansible.builtin.include_tasks: workers.yml
  when: synapse_workers is defined

- meta: flush_handlers
+- name: Run handlers for synapse now
+  ansible.builtin.meta: flush_handlers
--- a/roles/synapse/tasks/matrix-synchrotron.yml
+++ b/roles/synapse/tasks/matrix-synchrotron.yml
@@ -1,19 +1,23 @@
 ---

- name: Create matrix-synchrotron-{{ item }} workdir
-  file: 
+- name: Ensure workdir exists for matrix-synchrotron-{{ item }}
+  ansible.builtin.file:
    path: /opt/matrix-synchrotron/{{ item }}
    state: directory
    mode: 0755
- name: Put matrix-synchrotron-{{ item }} config in place
-  template:
-    src: "matrix-synchrotron-config.yaml.j2"
-    dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled"
-  notify: config synapse service
+
+- name: Ensure config in place for matrix-synchrotron-{{ item }}
+  ansible.builtin.template:
+    src: matrix-synchrotron-config.yaml.j2
+    dest: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled
+    mode: 0644
+  notify: Config synapse service
  register: config
- name: Put matrix-synchrotron-{{ item }} config in final destination
-  copy:
-    src: "/opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled"
-    dest: "/opt/matrix-synchrotron/{{ item }}/config.yaml"
-    remote_src: yes
+
+- name: Copy config to final destination for matrix-synchrotron-{{ item }}
+  ansible.builtin.copy:
+    src: /opt/matrix-synchrotron/{{ item }}/config.yaml.ansibled
+    dest: /opt/matrix-synchrotron/{{ item }}/config.yaml
+    remote_src: true
+    mode: 0644
  when: config.changed
--- a/roles/synapse/tasks/matrix-synchrotrons.yml
+++ b/roles/synapse/tasks/matrix-synchrotrons.yml
@@ -1,65 +1,53 @@
 ---

- block:
-  - name: Add backports
-    apt_repository:
-      repo: "deb http://deb.debian.org/debian/ buster-backports main"
-      filename: backports
-      mode: '644'
-  - name: Install go from backports
-    apt:
-      name: golang
-      default_release: buster-backports
-  when: ansible_distribution_release == 'buster'
-
 - name: Install git and golang
-  apt:
+  ansible.builtin.apt:
    name:
      - git
      - golang

 - name: Create matrix-synchrotron user
-  user:
+  ansible.builtin.user:
    name: matrix-synchrotron
-    system: yes
+    system: true
    home: /opt/matrix-synchrotron
    shell: /bin/false

- block:
+- name: Install matrix-synchrotron
+  become_user: matrix-synchrotron
+  block:
    - name: Clone matrix-synchrotron git repo
-    git:
-      repo: 'https://github.com/Sorunome/matrix-synchrotron-balancer.git'
+      ansible.builtin.git:
+        repo: https://github.com/Sorunome/matrix-synchrotron-balancer.git
        dest: /opt/matrix-synchrotron/src
-      force: yes
+        force: true
      register: install

    - name: Build matrix-synchrotron
-    command: go build
+      ansible.builtin.command: go build
      args:
        chdir: /opt/matrix-synchrotron/src
      when: install.changed
-    notify: config synapse service
+      notify: Config synapse service

    - name: Configure matrix-synchrotron(s)
-    include_tasks: matrix-synchrotron.yml
+      ansible.builtin.include_tasks: matrix-synchrotron.yml
      loop: "{{ synapse_synchrotrons }}"
      loop_control:
-      extended: yes
-
-  become_user: matrix-synchrotron
+        extended: true

 - name: Put systemd matrix-synchrotron unit in place
-  template:
-    src: 'systemd/matrix-synchrotron@.service.j2'
-    dest: "/etc/systemd/system/matrix-synchrotron@.service"
-    mode: '644'
+  ansible.builtin.template:
+    src: systemd/matrix-synchrotron@.service.j2
+    dest: /etc/systemd/system/matrix-synchrotron@.service
+    mode: "644"
  register: systemd_unit

- name: Enable systemd matrix-synchrotron-{{ item }} unit
-  systemd:
-    daemon_reload: yes
-    name: "matrix-synchrotron@{{ item }}.service"
-    enabled: yes
+- name: Enable systemd unit matrix-synchrotron-{{ item }}
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: matrix-synchrotron@{{ item }}.service
+    enabled: true
    state: restarted
  when: systemd_unit.changed
  loop: "{{ synapse_synchrotrons }}"
--- a/roles/synapse/tasks/worker_instance.yml
+++ b/roles/synapse/tasks/worker_instance.yml
@@ -1,23 +1,23 @@
 ---

- name: Set worker var
-  set_fact:
-    worker: "{{ worker_type }}-{{ worker_index|default('0') }}"
+- name: Set worker variable
+  ansible.builtin.set_fact:
+    worker: "{{ worker_type }}-{{ worker_index | default('0') }}"

- name: Put {{ worker }} config in place
-  template:
-    src: "worker.yaml.j2"
-    dest: "/etc/matrix-synapse/workers/{{ worker }}.yaml"
-    mode: '644'
-  notify: config worker services
+- name: Ensure config in place for {{ worker }}
+  ansible.builtin.template:
+    src: worker.yaml.j2
+    dest: /etc/matrix-synapse/workers/{{ worker }}.yaml
+    mode: 0644
+  notify: Config worker services

- name: Put {{ worker }} logging config in place
-  template:
-    src: "log.yaml.j2"
-    dest: "/etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml"
-    mode: '644'
-  notify: config worker services
+- name: Ensure logging config in place for {{ worker }}
+  ansible.builtin.template:
+    src: log.yaml.j2
+    dest: /etc/matrix-synapse/worker-logs/{{ worker }}-log.yaml
+    mode: 0644
+  notify: Config worker services

- name: Add {{ worker }} to synapse_worker_services
-  set_fact:
-    synapse_worker_services: "{{ synapse_worker_services + [ worker ] }}"
+- name: Add worker to synapse_worker_services variable
+  ansible.builtin.set_fact:
+    synapse_worker_services: "{{ synapse_worker_services + [worker] }}"
--- a/roles/synapse/tasks/worker_type.yml
+++ b/roles/synapse/tasks/worker_type.yml
@@ -1,41 +1,40 @@
 ---

- name: Set worker type to {{ synapse_worker.key }}
-  set_fact:
+- name: Set worker type variable
+  ansible.builtin.set_fact:
    worker_type: "{{ synapse_worker.key }}"

 - name: Include default variables
-  include_vars: defaults.yml
+  ansible.builtin.include_vars: defaults.yml

- name: Include {{ worker_type }} variables
-  include_vars: "{{ item }}"
+- name: Include variables for {{ worker_type }}
+  ansible.builtin.include_vars: "{{ item }}"
  with_first_found:
    - files:
        - "{{ worker_type }}.yml"
-      skip: yes
+      skip: true

- name: Reset worker_ports
-  set_fact:
+- name: Reset worker_ports variable
+  ansible.builtin.set_fact:
    worker_ports: []
-
- name: Set worker_ports
-  set_fact:
+- name: Set worker_ports variable
+  ansible.builtin.set_fact:
    worker_ports: "{{ synapse_worker.value }}"
  when: synapse_worker.value is iterable

- name: "Setup {{ worker_type }}(s) if they have listeners"
-  include_tasks: worker_instance.yml
+- name: Include worker instance tasks for {{ worker_type }}
+  ansible.builtin.include_tasks: worker_instance.yml
  loop: "{{ worker_ports }}"
  loop_control:
    loop_var: worker_port
    index_var: worker_index
  when: worker_ports|length != 0

- name: "Setup {{ worker_type }}(s) if they don't have listeners"
-  include_tasks: worker_instance.yml
+- name: Include worker instance tasks for {{ worker_type }}
+  ansible.builtin.include_tasks: worker_instance.yml
  when: worker_ports|length == 0

- name: Append synchrotron var
-  set_fact:
-    synapse_synchrotrons: "{{ synapse_synchrotrons + [ synchrotron_type ] }}"
+- name: Append synchrotron variable
+  ansible.builtin.set_fact:
+    synapse_synchrotrons: "{{ synapse_synchrotrons + [synchrotron_type] }}"
  when: synchrotron_type is defined and synchrotron_type not in synapse_synchrotrons
--- a/roles/synapse/tasks/workers.yml
+++ b/roles/synapse/tasks/workers.yml
@@ -1,49 +1,52 @@
 ---

- name: synapse-wide worker config
-  template:
-    src: 'conf.d/workers.yaml.j2'
-    dest: '/etc/matrix-synapse/conf.d/workers.yaml'
+- name: Ensure synapse-wide worker config in place
+  ansible.builtin.template:
+    src: conf.d/workers.yaml.j2
+    dest: /etc/matrix-synapse/conf.d/workers.yaml
+    mode: 0644

- name: Put worker systemd unit in place
-  template:
-    src: "systemd/matrix-synapse-worker@.service.j2"
-    dest: '/etc/systemd/system/matrix-synapse-worker@.service'
-    mode: '644'
-  notify: config worker services
+- name: Ensure worker systemd unit in place
+  ansible.builtin.template:
+    src: systemd/matrix-synapse-worker@.service.j2
+    dest: /etc/systemd/system/matrix-synapse-worker@.service
+    mode: 0644
+  notify: Config worker services

- name: Create workers config directories
-  file:
+- name: Ensure worker config directories exist
+  ansible.builtin.file:
    path: /etc/matrix-synapse/{{ item }}
    state: directory
+    mode: 0755
  loop:
    - workers
    - worker-logs

 - name: Initialize synapse worker vars
-  set_fact:
+  ansible.builtin.set_fact:
    synapse_worker_services: []
    synapse_synchrotrons: []

- name: 'Create worker pidfile dir in /run'
-  file:
+- name: Ensure worker pidfile dir in /run exists
+  ansible.builtin.file:
    path: /run/matrix-synapse/
    state: directory
    owner: matrix-synapse
    group: nogroup
+    mode: 0755

- name: Create tmpfiles config for pidfile dir in run
-  template:
-    src: 'tmpfiles-matrix-synapse.conf.j2'
-    dest: '/etc/tmpfiles.d/matrix-synapse.conf'
-    mode: '644'
+- name: Ensure tmpfiles config for pidfile dir in place
+  ansible.builtin.template:
+    src: tmpfiles-matrix-synapse.conf.j2
+    dest: /etc/tmpfiles.d/matrix-synapse.conf
+    mode: 0644

 - name: Configure workers
-  include_tasks: worker_type.yml
+  ansible.builtin.include_tasks: worker_type.yml
  loop: "{{ synapse_workers | dict2items }}"
  loop_control:
    loop_var: synapse_worker

 - name: Configure synchrotron balancer
-  include_tasks: matrix-synchrotrons.yml
+  ansible.builtin.include_tasks: matrix-synchrotrons.yml
  when: synapse_synchrotrons | length != 0