diff --git a/roles/_init/tasks/main.yml b/roles/_init/tasks/main.yml index 93cf3e4ad..c401fefb3 100644 --- a/roles/_init/tasks/main.yml +++ b/roles/_init/tasks/main.yml @@ -37,7 +37,7 @@ when: _init.lock_file | length > 0 # Load Linux services into ansible_facts.services. -- name: Populate service facts +- name: Populate service facts. ansible.builtin.service_facts: - name: Set "tracking" file for the playbook. @@ -97,7 +97,7 @@ loop_control: loop_var: _init_vars_dir_md5 -- name: Lookup current playbook md5 +- name: Lookup current playbook md5. ansible.builtin.set_fact: previous_play_dir_md5: "{{ lookup('file', '{{ _ce_provision_data_dir }}/{{ current_play_md5_file }}') }}" diff --git a/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml b/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml index a37559047..1febcba63 100644 --- a/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml +++ b/roles/aws/aws_acl/tasks/amazon_ip_reputation.yml @@ -1,5 +1,5 @@ --- -- name: Create amazon ip reputation rule +- name: Create amazon ip reputation rule. ansible.builtin.set_fact: amazon_ip_reputation: name: "AWS-AWSManagedRulesAmazonIpReputationList" @@ -27,6 +27,6 @@ ansible.builtin.set_fact: amazon_ip_reputation: "{{ amazon_ip_reputation | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [amazon_ip_reputation] }}" diff --git a/roles/aws/aws_acl/tasks/anonymous_ip_list.yml b/roles/aws/aws_acl/tasks/anonymous_ip_list.yml index 7bd073202..d676f0f6a 100644 --- a/roles/aws/aws_acl/tasks/anonymous_ip_list.yml +++ b/roles/aws/aws_acl/tasks/anonymous_ip_list.yml @@ -1,5 +1,5 @@ --- -- name: Create anonymous ip list rule +- name: Create anonymous ip list rule. ansible.builtin.set_fact: anonymous_ip_list: name: "AWS-AWSManagedRulesAnonymousIpList" @@ -30,6 +30,6 @@ ansible.builtin.set_fact: anonymous_ip_list: "{{ anonymous_ip_list | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [anonymous_ip_list] }}" diff --git a/roles/aws/aws_acl/tasks/bot_control.yml b/roles/aws/aws_acl/tasks/bot_control.yml index d81296151..f0660020b 100644 --- a/roles/aws/aws_acl/tasks/bot_control.yml +++ b/roles/aws/aws_acl/tasks/bot_control.yml @@ -1,5 +1,5 @@ --- -- name: Define empty action rule list +- name: Define empty action rule list. ansible.builtin.set_fact: _action_rules: [] @@ -60,17 +60,17 @@ action_to_use: block: {} - - name: Attach common action rules to list + - name: Attach common action rules to list. ansible.builtin.set_fact: _action_rules: "{{ _action_rules | default([]) + _action_rules_common }}" - - name: Define common config + - name: Define common config. ansible.builtin.set_fact: _rule_config: - a_w_s_managed_rules_bot_control_rule_set: inspection_level: "COMMON" -- name: Define targeted actions rules +- name: Define targeted actions rules. when: _acl.rules.bot_control.target == "TARGETED" block: - name: Define targeted actions @@ -98,11 +98,11 @@ action_to_use: block: {} - - name: Attach targeted action rules to list + - name: Attach targeted action rules to list. ansible.builtin.set_fact: _action_rules: "{{ _action_rules | default([]) + _action_rules_tgt }}" - - name: Define targeted config + - name: Define targeted config. ansible.builtin.set_fact: _rule_config: - a_w_s_managed_rules_bot_control_rule_set: diff --git a/roles/aws/aws_acl/tasks/cc_rules.yml b/roles/aws/aws_acl/tasks/cc_rules.yml index b90d8af1c..51bd6d2ab 100644 --- a/roles/aws/aws_acl/tasks/cc_rules.yml +++ b/roles/aws/aws_acl/tasks/cc_rules.yml @@ -1,9 +1,9 @@ --- -- name: Set action string +- name: Set action string. ansible.builtin.set_fact: _action: "{ {{ _cc_set.action }}: {} }" -- name: Create country block rule +- name: Create country block rule. ansible.builtin.set_fact: cc_rule: name: "{{ _cc_set.name }}" @@ -25,6 +25,6 @@ ansible.builtin.set_fact: cc_rule: "{{ cc_rule | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [cc_rule] }}" diff --git a/roles/aws/aws_acl/tasks/common_rule_set.yml b/roles/aws/aws_acl/tasks/common_rule_set.yml index 463c27de6..3bed37312 100644 --- a/roles/aws/aws_acl/tasks/common_rule_set.yml +++ b/roles/aws/aws_acl/tasks/common_rule_set.yml @@ -1,5 +1,5 @@ --- -- name: Create common rule set rule +- name: Create common rule set rule. ansible.builtin.set_fact: common_rule_set: name: "AWS-AWSManagedRulesCommonRuleSet" @@ -23,6 +23,6 @@ ansible.builtin.set_fact: common_rule_set: "{{ common_rule_set | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [common_rule_set] }}" diff --git a/roles/aws/aws_acl/tasks/create_acl.yml b/roles/aws/aws_acl/tasks/create_acl.yml index 26cc6c6f1..7a4425b2f 100644 --- a/roles/aws/aws_acl/tasks/create_acl.yml +++ b/roles/aws/aws_acl/tasks/create_acl.yml @@ -3,7 +3,7 @@ ansible.builtin.set_fact: _rules: [] -- name: Set priority dict +- name: Set priority dict. set_fact: _priority_dict: {} @@ -82,10 +82,6 @@ - _acl.rules.anonymous_ip_list is defined - _acl.rules.anonymous_ip_list.enabled -- name: Print the rules - ansible.builtin.debug: - msg: "{{ _rules }}" - - name: Create web acl. community.aws.wafv2_web_acl: name: "{{ _acl.name }}" # Member must satisfy regular expression pattern: ^[\\w\\-]+$ diff --git a/roles/aws/aws_acl/tasks/cyber_sec.yml b/roles/aws/aws_acl/tasks/cyber_sec.yml index 7850ed2b5..5a7cb44a5 100644 --- a/roles/aws/aws_acl/tasks/cyber_sec.yml +++ b/roles/aws/aws_acl/tasks/cyber_sec.yml @@ -1,5 +1,5 @@ --- -- name: Create cyber security rule +- name: Create cyber security rule. ansible.builtin.set_fact: cyber_sec_rule: name: "CyberSecurityCloud-HighSecurityOWASPSet" @@ -55,6 +55,6 @@ ansible.builtin.set_fact: cyber_sec_rule: "{{ cyber_sec_rule | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [cyber_sec_rule] }}" diff --git a/roles/aws/aws_acl/tasks/increase_priority.yml b/roles/aws/aws_acl/tasks/increase_priority.yml index 8085e0d07..c0dc2ad32 100644 --- a/roles/aws/aws_acl/tasks/increase_priority.yml +++ b/roles/aws/aws_acl/tasks/increase_priority.yml @@ -1,12 +1,12 @@ --- -- name: Increase counter +- name: Increase counter. ansible.builtin.set_fact: _priority: "{{ _priority | default(0) | int + 1 }}" -- name: Set dict string +- name: Set dict string. ansible.builtin.set_fact: _priority_dict_string: "{ priority: {{ _priority }} }" -- name: Set dict +- name: Set dict. ansible.builtin.set_fact: _priority_dict: "{{ _priority_dict_string | from_yaml }}" diff --git a/roles/aws/aws_acl/tasks/ip_sets.yml b/roles/aws/aws_acl/tasks/ip_sets.yml index fd9870179..09dad8a77 100644 --- a/roles/aws/aws_acl/tasks/ip_sets.yml +++ b/roles/aws/aws_acl/tasks/ip_sets.yml @@ -17,7 +17,7 @@ region: "{{ _acl.region }}" register: _ip_set_info -- name: Set action string +- name: Set action string. ansible.builtin.set_fact: _action: "{ {{ _ip_set.action }}: {} }" diff --git a/roles/aws/aws_acl/tasks/known_bad_inputs.yml b/roles/aws/aws_acl/tasks/known_bad_inputs.yml index 88746b893..526a979a9 100644 --- a/roles/aws/aws_acl/tasks/known_bad_inputs.yml +++ b/roles/aws/aws_acl/tasks/known_bad_inputs.yml @@ -1,5 +1,5 @@ --- -- name: Create known bad inputs rule +- name: Create known bad inputs rule. ansible.builtin.set_fact: known_bad_inputs: name: "AWS-AWSManagedRulesKnownBadInputsRuleSet" @@ -23,6 +23,6 @@ ansible.builtin.set_fact: known_bad_inputs: "{{ known_bad_inputs | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [known_bad_inputs] }}" diff --git a/roles/aws/aws_acl/tasks/php_rule_set.yml b/roles/aws/aws_acl/tasks/php_rule_set.yml index 64a27e820..94b55fa49 100644 --- a/roles/aws/aws_acl/tasks/php_rule_set.yml +++ b/roles/aws/aws_acl/tasks/php_rule_set.yml @@ -1,5 +1,5 @@ --- -- name: Create php rule set rule +- name: Create php rule set rule. ansible.builtin.set_fact: php_rule_set: name: "AWS-AWSManagedRulesPHPRuleSet" @@ -23,6 +23,6 @@ ansible.builtin.set_fact: php_rule_set: "{{ php_rule_set | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [php_rule_set] }}" diff --git a/roles/aws/aws_acl/tasks/rate_limit.yml b/roles/aws/aws_acl/tasks/rate_limit.yml index a029db535..a3dcd99e7 100644 --- a/roles/aws/aws_acl/tasks/rate_limit.yml +++ b/roles/aws/aws_acl/tasks/rate_limit.yml @@ -1,9 +1,9 @@ --- -- name: Set rate based statement from template +- name: Set rate based statement from template. ansible.builtin.set_fact: _rbs: "{{ lookup('ansible.builtin.template', './rate_limit.j2') | from_yaml }}" -- name: Set action statement +- name: Set action statement. ansible.builtin.set_fact: _action: "{ {{ _acl.rules.rate_limit.action | default('block') }}: {} }" diff --git a/roles/aws/aws_acl/tasks/regular_rule.yml b/roles/aws/aws_acl/tasks/regular_rule.yml index 649a269a8..d16982cbc 100644 --- a/roles/aws/aws_acl/tasks/regular_rule.yml +++ b/roles/aws/aws_acl/tasks/regular_rule.yml @@ -1,9 +1,9 @@ --- -- name: Set action string +- name: Set action string. ansible.builtin.set_fact: _action: "{ {{ _reg_rule.action }}: {} }" -- name: Set statement string +- name: Set statement string. ansible.builtin.set_fact: _statements: "" @@ -16,12 +16,12 @@ loop_control: loop_var: _stat -- name: Encapsulate statement with type +- name: Encapsulate statement with type. ansible.builtin.set_fact: _statements: "{ {{ _reg_rule.statements_type }}_statement: { statements: [{{ _statements }}] } }" when: _reg_rule.statements_type != "single" -- name: Create regular rule +- name: Create regular rule. ansible.builtin.set_fact: regular_rule: name: "{{ _reg_rule.name }}" @@ -41,6 +41,6 @@ ansible.builtin.set_fact: regular_rule: "{{ regular_rule | combine(_priority_dict) }}" -- name: Add rule to list +- name: Add rule to list. ansible.builtin.set_fact: _rules: "{{ _rules + [regular_rule] }}" diff --git a/roles/aws/aws_acl/tasks/regular_rule_statements.yml b/roles/aws/aws_acl/tasks/regular_rule_statements.yml index ed75e92a5..ed4b116ce 100644 --- a/roles/aws/aws_acl/tasks/regular_rule_statements.yml +++ b/roles/aws/aws_acl/tasks/regular_rule_statements.yml @@ -1,19 +1,19 @@ --- -- name: Add comma if _statement already has element +- name: Add comma if _statement already has element. ansible.builtin.set_fact: _statements: "{{ _statements }}, " when: _statements != '' -- name: Set field match string for SingleHeader +- name: Set field match string for SingleHeader. ansible.builtin.set_fact: _ftm: "{ single_header: { name: \"user-agent\"} }" when: _stat.inspect == "SingleHeader" -- name: Set field match string for SingleHeader +- name: Set field match string for SingleHeader. ansible.builtin.set_fact: _ftm: "{ uri_path: {} }" when: _stat.inspect == "UriPath" -- name: Set statements string +- name: Set statements string. ansible.builtin.set_fact: _statements: "{{ _statements }}{ byte_match_statement: { search_string: {{ _stat.string }}, field_to_match: {{ _ftm }}, text_transformations: [{ priority: 0, type: {{ _stat.text_trans }} }], positional_constraint: {{ _stat.position }} } }" diff --git a/roles/aws/aws_acl/tasks/set_priority_dict.yml b/roles/aws/aws_acl/tasks/set_priority_dict.yml index a6029fd85..ee2b2270a 100644 --- a/roles/aws/aws_acl/tasks/set_priority_dict.yml +++ b/roles/aws/aws_acl/tasks/set_priority_dict.yml @@ -1,12 +1,12 @@ --- -- name: Set dict string +- name: Set dict string. ansible.builtin.set_fact: _priority_multiplied: "{{ ((_priority | float) * 10) | int }}" -- name: Set dict string +- name: Set dict string. ansible.builtin.set_fact: _priority_dict_string: "{ priority: {{ _priority_multiplied }} }" -- name: Set dict +- name: Set dict. ansible.builtin.set_fact: _priority_dict: "{{ _priority_dict_string | from_yaml }}" diff --git a/roles/aws/aws_admin_tools/tasks/create_methods.yml b/roles/aws/aws_admin_tools/tasks/create_methods.yml index c10a1c391..0db30c164 100644 --- a/roles/aws/aws_admin_tools/tasks/create_methods.yml +++ b/roles/aws/aws_admin_tools/tasks/create_methods.yml @@ -35,7 +35,7 @@ ansible.builtin.set_fact: _api_resource: "{{ _api_resource.stdout | from_json }}" -- name: Put method on API gateway +- name: Put method on API gateway. ansible.builtin.command: >- aws apigateway put-method --rest-api-id "{{ _api_gate.id }}" diff --git a/roles/aws/aws_admin_tools/tasks/lambda_functions.yml b/roles/aws/aws_admin_tools/tasks/lambda_functions.yml index 0297d3279..d107b82f5 100644 --- a/roles/aws/aws_admin_tools/tasks/lambda_functions.yml +++ b/roles/aws/aws_admin_tools/tasks/lambda_functions.yml @@ -1,3 +1,4 @@ +# TODO use aws_lambda role here - name: Create S3 bucket for lambda functions. amazon.aws.s3_bucket: name: "{{ _aws_profile }}-lambda-api-functions" diff --git a/roles/aws/aws_admin_tools/tasks/main.yml b/roles/aws/aws_admin_tools/tasks/main.yml index 21c1f0799..e3ca6a57c 100644 --- a/roles/aws/aws_admin_tools/tasks/main.yml +++ b/roles/aws/aws_admin_tools/tasks/main.yml @@ -49,7 +49,7 @@ ansible.builtin.set_fact: _api_res_list: "{{ _api_res_list.stdout | from_json | json_query('items') }}" -- name: Get index of / resource from API gateway. +- name: Get index of main "/" resource from API gateway. ansible.builtin.set_fact: _api_res_index_list: "{{ lookup('ansible.utils.index_of', _api_res_list, 'eq', '/', 'path', wantlist=True) }}" diff --git a/roles/aws/aws_ami_asg_cleanup/tasks/main.yml b/roles/aws/aws_ami_asg_cleanup/tasks/main.yml index aa6b42fae..bcfaa9a20 100644 --- a/roles/aws/aws_ami_asg_cleanup/tasks/main.yml +++ b/roles/aws/aws_ami_asg_cleanup/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Create a role and attach policies +- name: Create a role and attach policies. amazon.aws.iam_role: name: LambdaAsgAmiCleanupRole assume_role_policy_document: "{{ lookup('template', 'assume_lambda_iam_policy.j2') }}" @@ -8,17 +8,18 @@ - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess register: _created_iam_lambda_cleanup_role -- name: Ensure python script is removed +# TODO: Use aws_lambda role to create function +- name: Ensure python script is removed. ansible.builtin.file: path: "{{ _ce_provision_build_dir }}/clean_up_ami.py" state: absent -- name: Ensure zip file is removed +- name: Ensure zip file is removed. ansible.builtin.file: path: "{{ _ce_provision_build_dir }}/clean_up_ami.zip" state: absent -- name: Write Lambda function +- name: Write Lambda function. ansible.builtin.template: src: cleanup_ami.py.j2 dest: "{{ _ce_provision_build_dir }}/clean_up_ami.py" @@ -35,11 +36,11 @@ # log_group_name: ami_asg_cleanup # register: _ami_asg_log -- name: Sleep for 20 seconds for IAM before Lambda creation +- name: Sleep for 5 seconds for IAM before Lambda creation. ansible.builtin.wait_for: - timeout: 20 + timeout: 5 -- name: Create Lambda function +- name: Create Lambda function. amazon.aws.lambda: name: "clean_up_ami" region: "{{ _aws_region }}" @@ -53,7 +54,7 @@ Test: 'This is test tag' register: _created_iam_lambda_cleanup_function -- name: Create scheduler to invoke Lambda function +- name: Create scheduler to invoke Lambda function. amazon.aws.cloudwatchevent_rule: name: "cleanup_asg_ami_{{ _aws_resource_name }}" schedule_expression: "{{ aws_ami_asg_cleanup.scheduler_cron }}" diff --git a/roles/aws/aws_backup_validation/tasks/main.yml b/roles/aws/aws_backup_validation/tasks/main.yml index 57b7c2cf9..2424b7cff 100644 --- a/roles/aws/aws_backup_validation/tasks/main.yml +++ b/roles/aws/aws_backup_validation/tasks/main.yml @@ -99,7 +99,7 @@ loop: "{{ aws_backup_validation.resources }}" register: _event_bridges -- name: Create schedule for validation reports +- name: Create schedule for validation reports. amazon.aws.cloudwatchevent_rule: name: validation_report schedule_expression: "cron(0 0 ? * MON *)" @@ -110,11 +110,11 @@ arn: "{{ (aws_lambda._result['validation_report'].configuration.function_arn.split(':') | map('trim'))[:-1] | join(':') }}" # Remove the version number from ARN register: _validation_event -- name: Generate unique string +- name: Generate unique string. ansible.builtin.set_fact: _rand_str: "{{ lookup('community.general.random_string', length=8, special=false, min_lower=2, min_numeric=2, min_upper=2) }}" -- name: Update Lambda policy +- name: Update Lambda policy. amazon.aws.lambda_policy: state: present function_name: "{{ item.rule.name }}" @@ -125,7 +125,7 @@ region: "{{ _aws_region }}" loop: "{{ _event_bridges.results }}" -- name: Update lambda validation report policy +- name: Update lambda validation report policy. amazon.aws.lambda_policy: state: present function_name: "validation_report" diff --git a/roles/aws/aws_backup_validation/tasks/testing_resources.yml b/roles/aws/aws_backup_validation/tasks/testing_resources.yml index 085f6ba75..009a370a2 100644 --- a/roles/aws/aws_backup_validation/tasks/testing_resources.yml +++ b/roles/aws/aws_backup_validation/tasks/testing_resources.yml @@ -10,19 +10,19 @@ register: _testing_selection_exists when: _testing_plan_info.stdout != "null" -- name: Get default backup role arn +- name: Get default backup role arn. amazon.aws.iam_role_info: name: AWSBackupDefaultServiceRole register: _default_backup_role_arn -- name: Get VPC info +- name: Get VPC info. amazon.aws.ec2_vpc_net_info: region: "{{ _aws_region }}" filters: "tag:Name": "{{ aws_vpc.name }}" register: _main_vpc_info -- name: Get subnets info +- name: Get subnets info. amazon.aws.ec2_vpc_subnet_info: region: "{{ _aws_region }}" filters: @@ -74,7 +74,7 @@ register: _restore_testing_query when: _instance_type_restore is defined -- name: Check if protected reource exist +- name: Check if protected reource exist. ansible.builtin.command: > aws backup list-protected-resources --query "Results[?ResourceArn=='{{ _resource_arn }}']" --region {{ _aws_region }} register: _protected_res diff --git a/roles/aws/aws_credentials/tasks/main.yml b/roles/aws/aws_credentials/tasks/main.yml index 9c0003572..65eeacb57 100644 --- a/roles/aws/aws_credentials/tasks/main.yml +++ b/roles/aws/aws_credentials/tasks/main.yml @@ -11,7 +11,7 @@ loop_var: user_creds no_log: true -- name: Generate AWS credentials +- name: Generate AWS credentials. ansible.builtin.template: src: credentials.j2 dest: "/home/{{ user_creds.user }}/.aws/credentials" diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml index 90152b78f..5952588fc 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml @@ -305,7 +305,7 @@ - aws_ec2_autoscale_cluster.type == "ec2" - aws_ec2_autoscale_cluster.deploy_cluster -- name: Create ami cleanup function +- name: Create ami cleanup function. ansible.builtin.include_role: name: aws/aws_ami_asg_cleanup diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/peering.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/peering.yml index 58d3f4b12..ed5a6a083 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/peering.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/peering.yml @@ -8,14 +8,14 @@ region: "{{ peering.region }}" register: _aws_ec2_autoscale_cluster_peer_instance -- name: Gather peer VPC information +- name: Gather peer VPC information. amazon.aws.ec2_vpc_net_info: profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}" region: "{{ peering.region }}" vpc_ids: "{{ _aws_ec2_autoscale_cluster_peer_instance.instances[0].vpc_id }}" register: _aws_ec2_autoscale_cluster_peer_vpc -- name: Create local VPC peering Connection +- name: Create local VPC peering Connection. amazon.aws.ec2_vpc_peering: profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}" region: "{{ aws_ec2_autoscale_cluster.region }}" diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/subnet.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/subnet.yml index 2dde4f8a2..641be6191 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/subnet.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/subnet.yml @@ -28,7 +28,7 @@ subnets: - "{{ _aws_ec2_autoscale_cluster_subnet_definition }}" -- name: Gather private subnet information +- name: Gather private subnet information. amazon.aws.ec2_vpc_subnet_info: profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}" region: "{{ aws_ec2_autoscale_cluster.region }}" @@ -37,7 +37,7 @@ tag:Name: "{{ _aws_ec2_autoscale_cluster_private_subnet_name }}" register: _aws_ec2_autoscale_cluster_subnet -- name: Gather public subnet information +- name: Gather public subnet information. amazon.aws.ec2_vpc_subnet_info: profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}" region: "{{ aws_ec2_autoscale_cluster.region }}" diff --git a/roles/aws/aws_ec2_with_eip/tasks/main.yml b/roles/aws/aws_ec2_with_eip/tasks/main.yml index dee50043d..edf70f437 100644 --- a/roles/aws/aws_ec2_with_eip/tasks/main.yml +++ b/roles/aws/aws_ec2_with_eip/tasks/main.yml @@ -190,7 +190,7 @@ tag_name: Name tag_value: "{{ aws_ec2_with_eip.instance_name }}" -- name: Add a DNS record in route 53 +- name: Add a DNS record in route 53. amazon.aws.route53: state: "{{ aws_ec2_with_eip.route_53.state }}" profile: "{{ aws_ec2_with_eip.route_53.aws_profile }}" @@ -203,7 +203,7 @@ - aws_ec2_with_eip.route_53.zone is defined - aws_ec2_with_eip.route_53.zone | length > 0 -- name: Add a matching wildcard DNS record +- name: Add a matching wildcard DNS record. amazon.aws.route53: state: "{{ aws_ec2_with_eip.route_53.state }}" profile: "{{ aws_ec2_with_eip.route_53.aws_profile }}" diff --git a/roles/aws/aws_efs/tasks/main.yml b/roles/aws/aws_efs/tasks/main.yml index b7351ebd8..d1b41f108 100644 --- a/roles/aws/aws_efs/tasks/main.yml +++ b/roles/aws/aws_efs/tasks/main.yml @@ -10,11 +10,11 @@ return_type: ids when: aws_efs.security_groups | length > 0 -- name: Reset subnet ids info +- name: Reset subnet ids info. ansible.builtin.set_fact: _aws_efs_subnets_ids: [] -- name: Reset targets info +- name: Reset targets info. ansible.builtin.set_fact: _aws_efs_targets: {} @@ -30,7 +30,7 @@ loop_control: loop_var: target -- name: Create EFS volume +- name: Create EFS volume. community.aws.efs: profile: "{{ aws_efs.aws_profile }}" name: "{{ aws_efs.name }}" @@ -54,4 +54,4 @@ resource_type: "file-system" when: - aws_efs.backup is defined - - aws_efs.backup | length > 0 \ No newline at end of file + - aws_efs.backup | length > 0 diff --git a/roles/aws/aws_efs/tasks/subnet.yml b/roles/aws/aws_efs/tasks/subnet.yml index ca7eae818..a59426027 100644 --- a/roles/aws/aws_efs/tasks/subnet.yml +++ b/roles/aws/aws_efs/tasks/subnet.yml @@ -1,5 +1,5 @@ --- -- name: Gather subnet information +- name: Gather subnet information. amazon.aws.ec2_vpc_subnet_info: profile: "{{ aws_efs.aws_profile }}" region: "{{ aws_efs.region }}" diff --git a/roles/aws/aws_elb/tasks/main.yml b/roles/aws/aws_elb/tasks/main.yml index 969944ce7..e9173e5ea 100644 --- a/roles/aws/aws_elb/tasks/main.yml +++ b/roles/aws/aws_elb/tasks/main.yml @@ -135,7 +135,7 @@ register: _aws_ec2_elb when: aws_elb.elb_type == "alb" -- name: Create web acl if defined +- name: Create web acl if defined. ansible.builtin.include_role: name: aws/aws_acl when: diff --git a/roles/aws/aws_elb/tasks/subnet.yml b/roles/aws/aws_elb/tasks/subnet.yml index bc2f0b63b..db7e51d77 100644 --- a/roles/aws/aws_elb/tasks/subnet.yml +++ b/roles/aws/aws_elb/tasks/subnet.yml @@ -1,4 +1,4 @@ -- name: Gather public subnet information +- name: Gather public subnet information. amazon.aws.ec2_vpc_subnet_info: profile: "{{ aws_elb.aws_profile }}" region: "{{ aws_elb.region }}" diff --git a/roles/aws/aws_iam_saml/tasks/main.yml b/roles/aws/aws_iam_saml/tasks/main.yml index fefb04709..ddedbc779 100644 --- a/roles/aws/aws_iam_saml/tasks/main.yml +++ b/roles/aws/aws_iam_saml/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Create IAM account alias for grouping +- name: Create IAM account alias for grouping. iam_alias: aws_account_alias: "{{ aws_iam_saml.aws_account_alias }}" delegate_to: localhost @@ -6,7 +6,7 @@ - aws_iam_saml.aws_account_alias is defined - aws_iam_saml.aws_account_alias | length > 0 -- name: Create SAML provider +- name: Create SAML provider. community.aws.iam_saml_federation: name: "{{ aws_iam_saml.provider_name }}" profile: "{{ aws_iam_saml.aws_profile }}" @@ -16,13 +16,13 @@ - aws_iam_saml.saml_metadata_document is defined - aws_iam_saml.saml_metadata_document | length > 40 -- name: Get the current AWS account caller identity information +- name: Get the current AWS account caller identity information. amazon.aws.aws_caller_info: profile: "{{ aws_iam_saml.aws_profile }}" delegate_to: localhost register: _aws_account_info -- name: Create a role for administrative access +- name: Create a role for administrative access. amazon.aws.iam_role: name: "{{ aws_iam_saml.admin_role }}" profile: "{{ aws_iam_saml.aws_profile }}" @@ -36,7 +36,7 @@ - aws_iam_saml.admin_groups is defined - aws_iam_saml.admin_groups[0] is defined -- name: Create a role for read-only access +- name: Create a role for read-only access. amazon.aws.iam_role: name: "{{ aws_iam_saml.readonly_role }}" profile: "{{ aws_iam_saml.aws_profile }}" @@ -50,7 +50,7 @@ - aws_iam_saml.readonly_groups is defined - aws_iam_saml.readonly_groups[0] is defined -- name: Create a customer managed policy for billing access +- name: Create a customer managed policy for billing access. amazon.aws.iam_managed_policy: policy_name: "{{ aws_iam_saml.billing_policy }}" policy_description: "Custom policy for billing access" @@ -63,7 +63,7 @@ - aws_iam_saml.billing_groups is defined - aws_iam_saml.billing_groups[0] is defined -- name: Create a role for billing access +- name: Create a role for billing access. amazon.aws.iam_role: name: "{{ aws_iam_saml.billing_role }}" profile: "{{ aws_iam_saml.aws_profile }}" @@ -78,7 +78,7 @@ - aws_iam_saml.billing_groups[0] is defined - _billing_policy.policy is succeeded -- name: Clone SimpleSAMLphp repo +- name: Clone SimpleSAMLphp repo. ansible.builtin.git: repo: "{{ aws_iam_saml.saml_repository }}" dest: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -88,7 +88,7 @@ - aws_iam_saml.saml_repository is defined - aws_iam_saml.saml_repository | length > 20 -- name: Create AWS account include for centralised admin +- name: Create AWS account include for centralised admin. ansible.builtin.template: src: "simplesamlphp_admin_include.j2" dest: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}/{{ aws_iam_saml.saml_include_path }}/admin_{{ _aws_account_info.account }}.php" @@ -98,7 +98,7 @@ - aws_iam_saml.saml_include_path is defined - aws_iam_saml.saml_include_path | length > 0 -- name: Stage the AWS account include +- name: Stage the AWS account include. ansible.builtin.command: git add . args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -106,7 +106,7 @@ when: - _saml_include_template is not skipped -- name: Try a git commit of the AWS account include +- name: Try a git commit of the AWS account include. ansible.builtin.command: git commit -m "Automated commit - admin access for AWS account {{ _aws_account_info.account }}." args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -116,7 +116,7 @@ when: - _saml_include_template is not skipped -- name: Push the AWS account include +- name: Push the AWS account include. ansible.builtin.command: git push origin {{ aws_iam_saml.saml_repository_branch }} args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -125,7 +125,7 @@ - _include_commit is succeeded - _saml_include_template is not skipped -- name: Create a SAML service provider for the AWS account +- name: Create a SAML service provider for the AWS account. ansible.builtin.template: src: "simplesamlphp_sp.j2" dest: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}/{{ aws_iam_saml.saml_sp_path }}/aws_{{ _aws_account_info.account }}.php" @@ -135,7 +135,7 @@ - aws_iam_saml.saml_sp_path is defined - aws_iam_saml.saml_sp_path | length > 0 -- name: Stage the AWS account service provider +- name: Stage the AWS account service provider. ansible.builtin.command: git add . args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -143,7 +143,7 @@ when: - _saml_sp_template is succeeded -- name: Try a git commit of the AWS account service provider +- name: Try a git commit of the AWS account service provider. ansible.builtin.command: git commit -m "Automated commit - dedicated SP for AWS account {{ _aws_account_info.account }}." args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" @@ -153,7 +153,7 @@ when: - _saml_sp_template is succeeded -- name: Push the AWS account service provider +- name: Push the AWS account service provider. ansible.builtin.command: git push origin {{ aws_iam_saml.saml_repository_branch }} args: chdir: "{{ _ce_provision_build_dir }}/{{ aws_iam_saml.saml_repository_directory }}" diff --git a/roles/aws/aws_opensearch/tasks/main.yml b/roles/aws/aws_opensearch/tasks/main.yml index 9ef0edb89..934f5dc8f 100644 --- a/roles/aws/aws_opensearch/tasks/main.yml +++ b/roles/aws/aws_opensearch/tasks/main.yml @@ -11,7 +11,7 @@ return_type: ids when: aws_opensearch.security_groups | length > 0 -- name: Get the current AWS account caller identity information +- name: Get the current AWS account caller identity information. amazon.aws.aws_caller_info: profile: "{{ aws_opensearch.aws_profile }}" delegate_to: localhost diff --git a/roles/aws/aws_rds/tasks/main.yml b/roles/aws/aws_rds/tasks/main.yml index 3a200bd6e..977e9959c 100644 --- a/roles/aws/aws_rds/tasks/main.yml +++ b/roles/aws/aws_rds/tasks/main.yml @@ -9,7 +9,7 @@ description: "{{ aws_rds.description }}" register: _aws_rds_rds_subnet_group -- name: Create RDS parameter group +- name: Create RDS parameter group. amazon.aws.rds_instance_param_group: state: present name: "{{ aws_rds.db_parameter_group_name }}" @@ -75,7 +75,7 @@ return_type: ids when: aws_rds.security_groups | length > 0 -- name: Create RDS instance +- name: Create RDS instance. amazon.aws.rds_instance: profile: "{{ aws_rds.aws_profile }}" region: "{{ aws_rds.region }}" diff --git a/roles/aws/aws_resource_group/tasks/env_resource_group.yml b/roles/aws/aws_resource_group/tasks/env_resource_group.yml index 76650d3d6..0e72b947f 100644 --- a/roles/aws/aws_resource_group/tasks/env_resource_group.yml +++ b/roles/aws/aws_resource_group/tasks/env_resource_group.yml @@ -1,23 +1,23 @@ --- -- name: Get resource group +- name: Get resource group. ansible.builtin.command: "aws resource-groups get-group --group-name {{ _env_type }}_resource_group --region {{ _aws_region }}" # --profile dummy register: _res_group failed_when: "('Cannot find group' not in _res_group.stderr) and (_res_group.stderr != '')" -- name: Create resource group if not existant +- name: Create resource group if not existant. when: _res_group.stderr != '' block: - - name: Remove resource query file + - name: Remove resource query file. ansible.builtin.file: path: /home/controller/env_res_query.json state: absent - - name: Create resource query file + - name: Create resource query file. ansible.builtin.template: src: templates/env_res_query.j2 dest: /home/controller/env_res_query.json - - name: Create resource group + - name: Create resource group. ansible.builtin.command: > aws resource-groups create-group --name {{ _env_type }}_resource_group @@ -25,10 +25,10 @@ --region {{ _aws_region }} --description "Resource group for {{ _env_type }} environment." -- name: Update resource group if it exist +- name: Update resource group if it exist. when: _res_group.stderr == '' block: - - name: Create resource group + - name: Create resource group. ansible.builtin.command: > aws resource-groups update-group --group-name {{ _env_type }}_resource_group diff --git a/roles/aws/aws_resource_group/tasks/main.yml b/roles/aws/aws_resource_group/tasks/main.yml index b94403bc6..3ab50eeae 100644 --- a/roles/aws/aws_resource_group/tasks/main.yml +++ b/roles/aws/aws_resource_group/tasks/main.yml @@ -1,7 +1,7 @@ --- -- name: Run tasks for environment build +- name: Run tasks for environment build. ansible.builtin.include_tasks: env_resource_group.yml -- name: Run tasks for resource build +- name: Run tasks for resource build. ansible.builtin.include_tasks: resource_group.yml when: _aws_resource_name is defined diff --git a/roles/aws/aws_resource_group/tasks/resource_group.yml b/roles/aws/aws_resource_group/tasks/resource_group.yml index 02b0c0676..b2e6c4c87 100644 --- a/roles/aws/aws_resource_group/tasks/resource_group.yml +++ b/roles/aws/aws_resource_group/tasks/resource_group.yml @@ -1,10 +1,10 @@ --- -- name: Get resource group +- name: Get resource group. ansible.builtin.command: "aws resource-groups get-group --group-name {{ _aws_resource_name }}_resource_group --region {{ _aws_region }}" # --profile dummy register: _res_group failed_when: "('Cannot find group' not in _res_group.stderr) and (_res_group.stderr != '')" -- name: Create resource group if not existant +- name: Create resource group if not existant. when: _res_group.stderr != '' block: - name: Remove resource query file @@ -12,12 +12,12 @@ path: /home/controller/res_query.json state: absent - - name: Create resource query file + - name: Create resource query file. ansible.builtin.template: src: templates/res_query.j2 dest: /home/controller/res_query.json - - name: Create resource group + - name: Create resource group. ansible.builtin.command: > aws resource-groups create-group --name {{ _aws_resource_name }}_resource_group @@ -25,10 +25,10 @@ --region {{ _aws_region }} --description "Resource group for {{ _aws_resource_name }}" -- name: Update resource group if it exist +- name: Update resource group if it exist. when: _res_group.stderr == '' block: - - name: Create resource group + - name: Create resource group. ansible.builtin.command: > aws resource-groups update-group --group-name {{ _aws_resource_name }}_resource_group diff --git a/roles/aws/aws_ses/tasks/main.yml b/roles/aws/aws_ses/tasks/main.yml index 346c3c476..62479a701 100644 --- a/roles/aws/aws_ses/tasks/main.yml +++ b/roles/aws/aws_ses/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "Ensure {{ _ses_domain }} domain identity exists" +- name: "Ensure {{ _ses_domain }} domain identity exists." community.aws.ses_identity: profile: "{{ _aws_profile }}" identity: "{{ _ses_domain }}" @@ -13,7 +13,7 @@ delegate_to: localhost register: aws_account_id -- name: Add sending authorization policy to domain identity +- name: Add sending authorization policy to domain identity. community.aws.ses_identity_policy: identity: "{{ _ses_domain }}" policy_name: AWSses @@ -21,7 +21,7 @@ state: present region: "{{ _aws_region }}" -- name: Fetch SES domain CNAME +- name: Fetch SES domain CNAME. ansible.builtin.command: "aws ses verify-domain-dkim --domain {{ _ses_domain }} --region {{ _aws_region }}" register: ses_dkim_attributes diff --git a/roles/aws/aws_sg_iptables/tasks/icmp_string.yml b/roles/aws/aws_sg_iptables/tasks/icmp_string.yml index 87944dd3d..3a5c32578 100644 --- a/roles/aws/aws_sg_iptables/tasks/icmp_string.yml +++ b/roles/aws/aws_sg_iptables/tasks/icmp_string.yml @@ -1,9 +1,9 @@ --- -- name: Set first part of iptables command +- name: Set first part of iptables command. ansible.builtin.set_fact: - _iptables_string: "iptables -A {{ _iptabes_type }} -p {{ item.proto }}" + _iptables_string: "iptables -I {{ _iptabes_type }} -p {{ item.proto }}" -- name: Set outgoing IP on iptables command +- name: Set outgoing IP on iptables command. ansible.builtin.set_fact: _iptables_string: "{{ _iptables_string }} -d {{ item.cidr_ipv6 | default(item.cidr_ip) }}" when: > @@ -11,7 +11,7 @@ (item.cidr_ipv6 is defined or item.cidr_ip is defined) -- name: Set incoming IP on iptables command +- name: Set incoming IP on iptables command. ansible.builtin.set_fact: _iptables_string: "{{ _iptables_string }} -s {{ item.cidr_ipv6 | default(item.cidr_ip) }}" when: > @@ -19,20 +19,20 @@ (item.cidr_ipv6 is defined or item.cidr_ip is defined) -- name: Add ICMP part of command for outgoing +- name: Add ICMP part of command for outgoing. ansible.builtin.set_fact: _iptables_string: "{{ _iptables_string }} --icmp-type {{ item.from_port }} -m state --state ESTABLISHED,RELATED" when: _iptabes_type == "OUTPUT" -- name: Sdd ICMP part of command for incoming +- name: Add ICMP part of command for incoming. ansible.builtin.set_fact: _iptables_string: "{{ _iptables_string }} --icmp-type {{ item.from_port }} -m state --state NEW,ESTABLISHED,RELATED" when: _iptabes_type == "INPUT" -- name: Add last part of command +- name: Add last part of command. ansible.builtin.set_fact: _iptables_string: "{{ _iptables_string }} -j ACCEPT # {{ item.rule_desc }}" -- name: Add string to list +- name: Add string to list. ansible.builtin.set_fact: _iptables_list: "{{ _iptables_list + [_iptables_string] }}" diff --git a/roles/aws/aws_sg_iptables/tasks/main.yml b/roles/aws/aws_sg_iptables/tasks/main.yml index 826a29494..c89634072 100644 --- a/roles/aws/aws_sg_iptables/tasks/main.yml +++ b/roles/aws/aws_sg_iptables/tasks/main.yml @@ -1,11 +1,11 @@ -- name: Define iptables variables for incoming +- name: Define iptables variables for incoming. ansible.builtin.set_fact: _glob: "{{ aws_sg_iptables | selectattr('rules', 'defined') | map(attribute='rules') | flatten | sort(attribute='priority') }}" _iptables_list: [] _iptables_string: "" _iptabes_type: "INPUT" -- name: Set list of commands for tcp/udp in +- name: Set list of commands for tcp/udp in. include_tasks: tcp_udp_string.yml loop: "{{ q('ansible.builtin.subelements', _glob, 'ports', {'skip_missing': True}) }}" @@ -13,12 +13,12 @@ ansible.builtin.set_fact: _glob: "{{ _glob | ansible.utils.remove_keys(target=['priority']) }}" -- name: Set list of commands for icmp in +- name: Set list of commands for icmp in. include_tasks: icmp_string.yml loop: "{{ _glob }}" when: item.proto == "icmp" -- name: Define iptables variables for outgoing +- name: Define iptables variables for outgoing. ansible.builtin.set_fact: _glob: "{{ aws_sg_iptables | selectattr('rules_egress', 'defined') | map(attribute='rules_egress') | flatten }}" _iptabes_type: "OUTPUT" @@ -27,16 +27,16 @@ ansible.builtin.set_fact: _glob: "{{ _glob | ansible.utils.remove_keys(target=['priority']) }}" -- name: Set list of commands four tcp/udp out +- name: Set list of commands four tcp/udp out. include_tasks: tcp_udp_string.yml loop: "{{ q('ansible.builtin.subelements', _glob, 'ports', {'skip_missing': True}) }}" -- name: Set list of commands for icmp in +- name: Set list of commands for icmp in. include_tasks: icmp_string.yml loop: "{{ _glob }}" when: item.proto == "icmp" -- name: Define bits of iptables command +- name: Define bits of iptables command. ansible.builtin.set_fact: _iptables_end: - "iptables -I OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT" @@ -44,7 +44,7 @@ - "iptables -A OUTPUT -p tcp --dport 1025:65535 -j DROP" - "iptables -A OUTPUT -p udp --dport 1025:65535 -j DROP" -- name: Override firewall_config var +- name: Override firewall_config var. ansible.builtin.set_fact: firewall_config: rulesets: @@ -75,21 +75,21 @@ assign_instances_ipv6: false security_groups: "{{ aws_sg_iptables }}" -- name: Gather and override _security_groups var +- name: Gather and override _security_groups var. ansible.builtin.set_fact: _security_groups: "{{ aws_sg_iptables | selectattr('name') | map(attribute='name') | flatten }}" -- name: Add SGs to EC2 Instance # Need to make the same change for AMI +- name: Add SGs to EC2 Instance. # Need to make the same change for AMI ansible.builtin.include_role: name: aws/aws_ec2_with_eip apply: delegate_to: localhost become: false -- name: Override firewall_config var +- name: Override firewall_config var. ansible.builtin.set_fact: firewall_additional_rules: "{{ firewall_additional_rules | sort(reverse=true) }}" -- name: Include firewall role +- name: Include firewall role. ansible.builtin.include_role: name: debian/firewall_config diff --git a/roles/aws/aws_vpc/tasks/main.yml b/roles/aws/aws_vpc/tasks/main.yml index b800f039e..9901abd85 100644 --- a/roles/aws/aws_vpc/tasks/main.yml +++ b/roles/aws/aws_vpc/tasks/main.yml @@ -27,7 +27,7 @@ loop_var: security_group label: "{{ security_group.name }}" -- name: Create IGW +- name: Create IGW. amazon.aws.ec2_vpc_igw: profile: "{{ aws_vpc.aws_profile }}" region: "{{ aws_vpc.region }}" diff --git a/roles/aws/aws_vpc_subnet/tasks/main.yml b/roles/aws/aws_vpc_subnet/tasks/main.yml index 9fca77da4..bbe90d23c 100644 --- a/roles/aws/aws_vpc_subnet/tasks/main.yml +++ b/roles/aws/aws_vpc_subnet/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Gather VPC information +- name: Gather VPC information. amazon.aws.ec2_vpc_net_info: profile: "{{ aws_vpc_subnet.aws_profile }}" region: "{{ aws_vpc_subnet.region }}" diff --git a/roles/debian/apt_extra_packages/tasks/main.yml b/roles/debian/apt_extra_packages/tasks/main.yml index d072bba06..18699c2d8 100644 --- a/roles/debian/apt_extra_packages/tasks/main.yml +++ b/roles/debian/apt_extra_packages/tasks/main.yml @@ -1,19 +1,19 @@ --- -- name: Define empty wget list +- name: Define empty wget list. ansible.builtin.set_fact: wget_list: [] -- name: Define empty apt list +- name: Define empty apt list. ansible.builtin.set_fact: apt_list: [] -- name: Add items with URL to wget list +- name: Add items with URL to wget list. ansible.builtin.set_fact: wget_list: "{{ wget_list + [item] }}" loop: "{{ apt_extra_packages }}" when: "item is regex('^https?://')" -- name: Add non URL items to apt list +- name: Add non URL items to apt list. ansible.builtin.set_fact: apt_list: "{{ apt_list + [item] }}" when: "item is not regex('^https?://')" @@ -42,7 +42,7 @@ loop_control: loop_var: wget_item -- name: Remove gawk.csh from /etc/profile.d +- name: Remove gawk.csh from /etc/profile.d. ansible.builtin.file: path: /etc/profile.d/gawk.csh state: absent diff --git a/roles/debian/apt_extra_packages/tasks/wget_install.yml b/roles/debian/apt_extra_packages/tasks/wget_install.yml index 0c1d31c64..83d5fbb17 100644 --- a/roles/debian/apt_extra_packages/tasks/wget_install.yml +++ b/roles/debian/apt_extra_packages/tasks/wget_install.yml @@ -1,5 +1,5 @@ --- -- name: Check if download folder exists +- name: Check if download folder exists. ansible.builtin.file: path: /home/{{ user_deploy.username }}/apt_exta state: directory @@ -7,17 +7,17 @@ owner: "{{ user_deploy.username }}" group: "{{ user_deploy.username }}" -- name: Get package name +- name: Get package name. ansible.builtin.set_fact: package_name: "{{ wget_item.split('/')[-1] }}" -- name: Download package +- name: Download package. ansible.builtin.get_url: url: "{{ wget_item }}" dest: "/home/{{ user_deploy.username }}/apt_exta/{{ package_name }}" owner: "{{ user_deploy.username }}" group: "{{ user_deploy.username }}" -- name: Instal package +- name: Instal package. ansible.builtin.apt: - deb: /home/{{ user_deploy.username }}/apt_exta/{{ package_name }} \ No newline at end of file + deb: /home/{{ user_deploy.username }}/apt_exta/{{ package_name }} diff --git a/roles/debian/aws_cloudwatch_agent/tasks/main.yml b/roles/debian/aws_cloudwatch_agent/tasks/main.yml index 6057f3118..515a5750f 100644 --- a/roles/debian/aws_cloudwatch_agent/tasks/main.yml +++ b/roles/debian/aws_cloudwatch_agent/tasks/main.yml @@ -26,10 +26,10 @@ when: - aws_cloudwatch_agent.use_credentials -- name: Start the agent +- name: Start the agent. ansible.builtin.command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a start -- name: Generate AWS credentials +- name: Generate AWS credentials. ansible.builtin.template: src: credentials.j2 dest: /home/cwagent/.aws/credentials @@ -38,20 +38,20 @@ when: - aws_cloudwatch_agent.use_credentials -- name: Remove default config +- name: Remove default config. ansible.builtin.file: path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default state: absent -- name: Install main config +- name: Install main config. ansible.builtin.template: src: config.json.j2 dest: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/config.json owner: cwagent group: cwagent -- name: Stop the agent +- name: Stop the agent. ansible.builtin.command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop -- name: Start the agent +- name: Start the agent. ansible.builtin.command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a start diff --git a/roles/debian/aws_ssm_agent/tasks/main.yml b/roles/debian/aws_ssm_agent/tasks/main.yml index 07f6ce8a7..b2b2e7b24 100644 --- a/roles/debian/aws_ssm_agent/tasks/main.yml +++ b/roles/debian/aws_ssm_agent/tasks/main.yml @@ -8,5 +8,5 @@ until: result is succeeded register: result -- name: Start the agent +- name: Start the agent. ansible.builtin.command: systemctl enable amazon-ssm-agent diff --git a/roles/debian/duplicity/tasks/main.yml b/roles/debian/duplicity/tasks/main.yml index 7f7182e90..2fdcab807 100644 --- a/roles/debian/duplicity/tasks/main.yml +++ b/roles/debian/duplicity/tasks/main.yml @@ -131,7 +131,7 @@ timer_OnCalendar: "{{ duplicity.on_calendar }}" when: duplicity.create_timer -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/frontail/tasks/main.yml b/roles/debian/frontail/tasks/main.yml index f03f2a6fa..1adb143dd 100644 --- a/roles/debian/frontail/tasks/main.yml +++ b/roles/debian/frontail/tasks/main.yml @@ -5,7 +5,7 @@ production: true global: true -- name: Copy systemd service file to server +- name: Copy systemd service file to server. ansible.builtin.template: src: frontail.service.j2 dest: "/etc/systemd/system/frontail.service" @@ -13,7 +13,7 @@ group: root mode: 0755 -- name: Start frontail +- name: Start frontail. ansible.builtin.systemd: name: frontail state: started diff --git a/roles/debian/gitlab/tasks/main.yml b/roles/debian/gitlab/tasks/main.yml index eaa07bab5..ce93c19b6 100644 --- a/roles/debian/gitlab/tasks/main.yml +++ b/roles/debian/gitlab/tasks/main.yml @@ -111,7 +111,7 @@ force: true when: is_local -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/haproxy/tasks/main.yml b/roles/debian/haproxy/tasks/main.yml index c363e3ed8..f7f68a5c0 100644 --- a/roles/debian/haproxy/tasks/main.yml +++ b/roles/debian/haproxy/tasks/main.yml @@ -23,7 +23,7 @@ mode: 0644 force: true -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/hosts/tasks/main.yml b/roles/debian/hosts/tasks/main.yml index 6d902fbfc..004ad1d67 100644 --- a/roles/debian/hosts/tasks/main.yml +++ b/roles/debian/hosts/tasks/main.yml @@ -3,7 +3,7 @@ ansible.builtin.set_fact: _hosts_entries: "{{ hosts_entries + _default_hosts_entries }}" -- name: Install custom hosts file +- name: Install custom hosts file. ansible.builtin.template: src: etc_hosts.j2 dest: "{{ hosts_file }}" diff --git a/roles/debian/jenkins/tasks/main.yml b/roles/debian/jenkins/tasks/main.yml index e1d47742d..3c8413203 100644 --- a/roles/debian/jenkins/tasks/main.yml +++ b/roles/debian/jenkins/tasks/main.yml @@ -73,7 +73,7 @@ src: "jenkins.j2" dest: /etc/default/jenkins -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: @@ -82,17 +82,17 @@ - jenkins.overrides is defined - jenkins.overrides | length > 0 -- name: Create init.groovy.d directory +- name: Create init.groovy.d directory. ansible.builtin.file: path: "/var/lib/jenkins/init.groovy.d" state: directory mode: "0755" -- name: Check if groovy security file exists +- name: Check if groovy security file exists. ansible.builtin.stat: path: "/var/lib/jenkins/init.groovy.d/basic-security.groovy" -- name: Copy groovy security file +- name: Copy groovy security file. ansible.builtin.template: src: "basic-security.groovy.j2" dest: "/var/lib/jenkins/init.groovy.d/basic-security.groovy" @@ -106,7 +106,8 @@ state: restarted when: aptoutput.changed -- ansible.builtin.pause: +- name: Paise for 2 minutes. + ansible.builtin.pause: minutes: 2 when: aptoutput.changed diff --git a/roles/debian/mattermost/defaults/main.yml b/roles/debian/mattermost/defaults/main.yml index 747520daf..70708e7c3 100644 --- a/roles/debian/mattermost/defaults/main.yml +++ b/roles/debian/mattermost/defaults/main.yml @@ -1,3 +1,3 @@ --- mattermost: - version: 9.8.0 # 9.8.0 is current version (tarball) of team edition + version: 10.4.2 # 10.4.2 is current version (tarball) of team edition diff --git a/roles/debian/mattermost/tasks/main.yml b/roles/debian/mattermost/tasks/main.yml index f4692c60d..0a1bd95c8 100644 --- a/roles/debian/mattermost/tasks/main.yml +++ b/roles/debian/mattermost/tasks/main.yml @@ -25,7 +25,7 @@ become: true notify: Reload PostgreSQL. -- name: GRANT ALL PRIVILEGES ON DATABASE mattermost TO mattermost +- name: GRANT ALL PRIVILEGES ON DATABASE mattermost TO mattermost. community.postgresql.postgresql_privs: db: postgres privs: ALL diff --git a/roles/debian/memcached/tasks/main.yml b/roles/debian/memcached/tasks/main.yml index 21ffde24c..a2aa6aae0 100644 --- a/roles/debian/memcached/tasks/main.yml +++ b/roles/debian/memcached/tasks/main.yml @@ -12,7 +12,7 @@ group: root mode: 0644 -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: @@ -21,7 +21,7 @@ - memcached.overrides is defined - memcached.overrides | length > 0 -- name: Ensure memcached is restarted +- name: Ensure memcached is restarted. ansible.builtin.service: name: memcached state: restarted diff --git a/roles/debian/mysql_client/tasks/main.yml b/roles/debian/mysql_client/tasks/main.yml index b51330d3a..d43db3a38 100644 --- a/roles/debian/mysql_client/tasks/main.yml +++ b/roles/debian/mysql_client/tasks/main.yml @@ -29,11 +29,11 @@ group: "{{ mysql_client.creds_file_group }}" mode: 0600 -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: _overrides: "{{ mysql_client.overrides }}" when: - mysql_client.overrides is defined - - mysql_client.overrides | length > 0 \ No newline at end of file + - mysql_client.overrides | length > 0 diff --git a/roles/debian/nginx/tasks/main.yml b/roles/debian/nginx/tasks/main.yml index abfe213ec..a471ee75a 100644 --- a/roles/debian/nginx/tasks/main.yml +++ b/roles/debian/nginx/tasks/main.yml @@ -66,11 +66,11 @@ state: directory mode: "0755" -- name: Set nginx location behavior, fallback to default if no custom behavior is provided +- name: Set nginx location behavior, fallback to default if no custom behavior is provided. set_fact: nginx_location_behavior: "{{ nginx.custom_nginx_location_behavior | default(['try_files @rewrite /index.php?$query_string;']) }}" -- name: Set drupal fallback location if defined +- name: Set drupal fallback location if defined. set_fact: drupal_fallback_behavior: "{{ nginx.drupal_fallback }}" when: nginx.drupal_fallback is defined and nginx.drupal_fallback @@ -132,7 +132,7 @@ when: - _nginx_cloudwatch_dir.stat.isdir is defined and _nginx_cloudwatch_dir.stat.isdir -- name: Update nginx mime.types +- name: Update nginx mime.types. ansible.builtin.template: src: mime.types.j2 dest: /etc/nginx/mime.types @@ -150,7 +150,7 @@ - nginx.domains | length > 0 - nginx.recreate_vhosts -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/nodejs/tasks/main.yml b/roles/debian/nodejs/tasks/main.yml index 03eb7af75..80e2cd741 100644 --- a/roles/debian/nodejs/tasks/main.yml +++ b/roles/debian/nodejs/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Add NodeJS repository and key +- name: Add NodeJS repository and key. ansible.builtin.include_role: name: debian/apt_repository vars: @@ -35,17 +35,17 @@ key_refresh_timer_OnCalendar: "Mon *-*-* 00:15:00" apt_repository: "{{ nodejs_old_config if (nodejs.version | regex_replace('\\.x$', '') | int) < 16 else nodejs_default_config }}" -- name: Get current Nodejs version +- name: Get current Nodejs version. ansible.builtin.command: node -v register: current_nodejs_version failed_when: false changed_when: false -- name: Extract the major version of the current Nodejs version so we can compare & condition properly +- name: Extract the major version of the current Nodejs version so we can compare & condition properly. ansible.builtin.set_fact: current_major_version: "{{ current_nodejs_version.stdout | regex_replace('v([0-9]+).*', '\\1') }}" -- name: Remove Nodejs if it differs from current nodejs.version +- name: Remove Nodejs if it differs from current nodejs.version. ansible.builtin.apt: name: nodejs state: absent @@ -53,7 +53,7 @@ - nodejs.version is defined - (nodejs.version | regex_replace('\\.x$', '')) != current_major_version -- name: Install the specified Nodejs version if nodejs.version is defined and different from current version +- name: Install the specified Nodejs version if nodejs.version is defined and different from current version. ansible.builtin.apt: name: "nodejs" state: present diff --git a/roles/debian/php-cli/tasks/main.yml b/roles/debian/php-cli/tasks/main.yml index 65f5c712a..a1da5e1a1 100644 --- a/roles/debian/php-cli/tasks/main.yml +++ b/roles/debian/php-cli/tasks/main.yml @@ -8,25 +8,25 @@ loop_control: loop_var: version -- name: Set php version (phar) +- name: Set php version (phar). ansible.builtin.command: "update-alternatives --set phar /usr/bin/phar{{ version }}" with_items: "{{ php.version }}" loop_control: loop_var: version -- name: Set php version (phar.phar) +- name: Set php version (phar.phar). ansible.builtin.command: "update-alternatives --set phar.phar /usr/bin/phar.phar{{ version }}" with_items: "{{ php.version }}" loop_control: loop_var: version -- name: Set php version (php) +- name: Set php version (php). ansible.builtin.command: "update-alternatives --set php /usr/bin/php{{ version }}" with_items: "{{ php.version }}" loop_control: loop_var: version -- name: Set php version (php-config) +- name: Set php version (php-config). ansible.builtin.command: "update-alternatives --set php-config /usr/bin/php-config{{ version }}" with_items: "{{ php.version }}" loop_control: @@ -41,7 +41,7 @@ loop_control: loop_var: version -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/php-fpm/tasks/main.yml b/roles/debian/php-fpm/tasks/main.yml index b66334d6e..b23ae2baf 100644 --- a/roles/debian/php-fpm/tasks/main.yml +++ b/roles/debian/php-fpm/tasks/main.yml @@ -37,7 +37,7 @@ ansible.builtin.include_role: name: debian/php_xdebug -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/php_blackfire/tasks/main.yml b/roles/debian/php_blackfire/tasks/main.yml index e093d607c..d185b1c9f 100644 --- a/roles/debian/php_blackfire/tasks/main.yml +++ b/roles/debian/php_blackfire/tasks/main.yml @@ -75,7 +75,7 @@ - blackfire.enable - is_local -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/php_xdebug/tasks/main.yml b/roles/debian/php_xdebug/tasks/main.yml index 5c8f83d3e..570ea1951 100644 --- a/roles/debian/php_xdebug/tasks/main.yml +++ b/roles/debian/php_xdebug/tasks/main.yml @@ -30,27 +30,27 @@ state: directory when: xdebug.cli or xdebug.fpm -- name: Set remote host (default) +- name: Set remote host (default). ansible.builtin.set_fact: _xdebug_remote_host: "{{ xdebug.remote_host }}" -- name: Enable xdebug connect back (default) +- name: Enable xdebug connect back (default). ansible.builtin.set_fact: _xdebug_remote_connect_back: "{{ xdebug.remote_connect_back }}" -- name: Set remote host (auto) +- name: Set remote host (auto). ansible.builtin.set_fact: _xdebug_remote_host: "127.0.0.1" when: - xdebug.remote_host == 'auto' -- name: Enable xdebug connect back (auto) +- name: Enable xdebug connect back (auto). ansible.builtin.set_fact: _xdebug_remote_connect_back: "1" when: - xdebug.remote_connect_back == 'auto' -- name: Set remote host (Docker for Mac) +- name: Set remote host (Docker for Mac). ansible.builtin.set_fact: _xdebug_remote_host: "docker.for.mac.localhost" when: @@ -58,7 +58,7 @@ - ce_dev_host_platform is defined - ce_dev_host_platform == "darwin" -- name: Disable xdebug connect back (Docker for Mac) +- name: Disable xdebug connect back (Docker for Mac). ansible.builtin.set_fact: _xdebug_remote_connect_back: "0" when: @@ -66,7 +66,7 @@ - ce_dev_host_platform is defined - ce_dev_host_platform == "darwin" -- name: Ensure cli/conf.d exists +- name: Ensure cli/conf.d exists. ansible.builtin.stat: path: "/etc/php/{{ php.version[0] }}/cli/conf.d" register: cli_confd_dir @@ -83,7 +83,7 @@ - xdebug.cli - cli_confd_dir.stat.exists -- name: Ensure fpm/conf.d exists +- name: Ensure fpm/conf.d exists. ansible.builtin.stat: path: "/etc/php/{{ php.version[0] }}/fpm/conf.d" register: fpm_confd_dir diff --git a/roles/debian/postfix/tasks/main.yml b/roles/debian/postfix/tasks/main.yml index 75b82eeca..dee5b6fe1 100644 --- a/roles/debian/postfix/tasks/main.yml +++ b/roles/debian/postfix/tasks/main.yml @@ -1,15 +1,15 @@ --- -- name: Install Postfix +- name: Install Postfix. ansible.builtin.apt: pkg: postfix state: present -- name: Install procmail +- name: Install procmail. ansible.builtin.apt: pkg: procmail state: present -- name: Copy master config +- name: Copy master config. ansible.builtin.copy: src: "files/{{ item }}" dest: "/etc/postfix/" @@ -19,7 +19,7 @@ with_items: - master.cf -- name: Configure mailname +- name: Configure mailname. ansible.builtin.template: src: "mailname.j2" dest: "/etc/mailname" @@ -27,7 +27,7 @@ group: root mode: "0644" -- name: Configure main.cf +- name: Configure main.cf. ansible.builtin.template: src: "main.cf.j2" dest: "/etc/postfix/main.cf" @@ -36,7 +36,7 @@ mode: "0644" notify: Reload Postfix configuration. -- name: Configure transport +- name: Configure transport. ansible.builtin.template: src: "transport.j2" dest: "/etc/postfix/transport" @@ -46,17 +46,17 @@ notify: - Reload Postfix configuration. -- name: Initialise transport db +- name: Initialise transport db. ansible.builtin.command: cmd: /usr/sbin/postmap /etc/postfix/transport -- name: Install SASL +- name: Install SASL. ansible.builtin.package: name: libsasl2-modules state: present when: postfix.use_ses -- name: Configure SASL +- name: Configure SASL. ansible.builtin.template: src: "sasl_passwd.j2" dest: "/etc/postfix/sasl_passwd" @@ -143,34 +143,34 @@ - postfix.disable_syslog is defined - postfix.disable_syslog -- name: Restart rsyslog based on environment to apply postfix changes +- name: Restart rsyslog based on environment to apply postfix changes. block: - - name: Restart rsyslog in a container to apply postfix changes (if is_local is true) + - name: Restart rsyslog in a container to apply postfix changes (if is_local is true). ansible.builtin.shell: | pkill -HUP rsyslogd || true when: is_local - - name: Restart rsyslog using systemd to apply postfix changes (if is_local is false) + - name: Restart rsyslog using systemd to apply postfix changes (if is_local is false). ansible.builtin.systemd: name: rsyslog.service state: restarted when: is_local is not defined or not is_local # Needed for Docker. -- name: Manage Postfix Service +- name: Manage Postfix Service. block: - - name: Stop Postfix in a container (if is_local is true) + - name: Stop Postfix in a container (if is_local is true). ansible.builtin.command: cmd: /usr/sbin/service postfix stop when: is_local - - name: Stop Postfix using systemd (if is_local is false) + - name: Stop Postfix using systemd (if is_local is false). ansible.builtin.systemd: name: postfix state: stopped when: is_local is not defined or not is_local - - name: Remove trailing lock files + - name: Remove trailing lock files. ansible.builtin.file: path: "{{ lock_file }}" state: absent @@ -180,16 +180,16 @@ loop_control: loop_var: lock_file - - name: Create Postfix Aliases database + - name: Create Postfix Aliases database. ansible.builtin.command: cmd: /usr/bin/newaliases - - name: Start Postfix in a container (if is_local is true) + - name: Start Postfix in a container (if is_local is true). ansible.builtin.command: cmd: /usr/sbin/service postfix start when: is_local - - name: Start Postfix using systemd (if is_local is false) + - name: Start Postfix using systemd (if is_local is false). ansible.builtin.systemd: name: postfix state: started diff --git a/roles/debian/process_manager/tasks/main.yml b/roles/debian/process_manager/tasks/main.yml index 767a7bb15..bccbcf153 100644 --- a/roles/debian/process_manager/tasks/main.yml +++ b/roles/debian/process_manager/tasks/main.yml @@ -1,5 +1,6 @@ --- -- ansible.builtin.set_fact: +- name: "Set _process_manager_service variable." + ansible.builtin.set_fact: _process_manager_service: "{{ process_manager.process_name }}.service" - name: "Load all available services." diff --git a/roles/debian/redis/tasks/main.yml b/roles/debian/redis/tasks/main.yml index 2a5c5a2e4..9d4eebdc4 100644 --- a/roles/debian/redis/tasks/main.yml +++ b/roles/debian/redis/tasks/main.yml @@ -27,7 +27,7 @@ state: absent when: not redis.vm_overcommit_memory -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/rkhunter/tasks/main.yml b/roles/debian/rkhunter/tasks/main.yml index ec936bf6d..4935937f7 100644 --- a/roles/debian/rkhunter/tasks/main.yml +++ b/roles/debian/rkhunter/tasks/main.yml @@ -7,14 +7,14 @@ cache_valid_time: 240 notify: Update rkhunter -- name: Check paths for script existence +- name: Check paths for script existence. ansible.builtin.stat: path: "{{ item }}" register: _rkhunter_existing_scripts_to_whitelist loop: "{{ rkhunter.scriptwhitelist }}" when: rkhunter.scriptwhitelist | length > 0 -- name: Filter existing scripts +- name: Filter existing scripts. set_fact: existing_scripts: "{{ existing_scripts | default([]) + [item.item] }}" when: @@ -22,14 +22,14 @@ - _rkhunter_existing_scripts_to_whitelist is defined loop: "{{ _rkhunter_existing_scripts_to_whitelist.results }}" -- name: Check paths for portpath existence +- name: Check paths for portpath existence. ansible.builtin.stat: path: "{{ item.split(':')[0] }}" register: _rkhunter_existing_portpaths_to_whitelist loop: "{{ rkhunter.portpathwhitelist }}" when: rkhunter.portpathwhitelist | length > 0 -- name: Filter existing portpath +- name: Filter existing portpath. set_fact: existing_portpaths: "{{ existing_portpaths | default([]) + [item.item] }}" when: @@ -53,7 +53,7 @@ group: root mode: 0644 -- name: Trigger overrides +- name: Trigger overrides. ansible.builtin.include_role: name: _overrides vars: diff --git a/roles/debian/rsyslog/tasks/main.yml b/roles/debian/rsyslog/tasks/main.yml index c8dd41d0c..642a8637f 100644 --- a/roles/debian/rsyslog/tasks/main.yml +++ b/roles/debian/rsyslog/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Install rsyslog with apt +- name: Install rsyslog with apt. ansible.builtin.apt: name: rsyslog state: present @@ -14,14 +14,14 @@ mode: "0644" force: true -- name: Restart rsyslog based on environment +- name: Restart rsyslog based on environment. block: - - name: Restart rsyslog in a container (if is_local is true) + - name: Restart rsyslog in a container (if is_local is true). ansible.builtin.shell: | pkill -HUP rsyslogd || true when: is_local - - name: Restart rsyslog using systemd (if is_local is false) + - name: Restart rsyslog using systemd (if is_local is false). ansible.builtin.systemd: name: rsyslog.service state: restarted diff --git a/roles/debian/selenium/tasks/main.yml b/roles/debian/selenium/tasks/main.yml index 41355eec6..b0cea2ead 100644 --- a/roles/debian/selenium/tasks/main.yml +++ b/roles/debian/selenium/tasks/main.yml @@ -16,7 +16,7 @@ state: present when: selenium.display_manager == 'VNC' -- name: Set Selenium major version +- name: Set Selenium major version. ansible.builtin.set_fact: _selenium_major_version: "{{ selenium.version | regex_replace('\\.[0-9]+$', '') }}" diff --git a/roles/debian/ssl/tasks/copy.yml b/roles/debian/ssl/tasks/copy.yml index da9e2d599..818eda11b 100644 --- a/roles/debian/ssl/tasks/copy.yml +++ b/roles/debian/ssl/tasks/copy.yml @@ -1,5 +1,5 @@ --- -- name: Copy public cert file to destination +- name: Copy public cert file to destination. ansible.builtin.copy: content: "{{ ssl.cert }}" dest: "{{ ssl_facts[certificate_domain].certificate }}" @@ -8,7 +8,7 @@ mode: 0644 force: "{{ ssl.replace_existing }}" -- name: Copy CA cert file to destination +- name: Copy CA cert file to destination. ansible.builtin.copy: content: "{{ ssl.ca_cert }}" dest: "{{ ssl_facts[certificate_domain].ca_certificate }}" @@ -19,7 +19,7 @@ when: - ssl.ca_cert is defined -- name: Copy private key file to destination +- name: Copy private key file to destination. ansible.builtin.copy: content: "{{ ssl.key }}" dest: "{{ ssl_facts[certificate_domain].key }}" diff --git a/roles/debian/ssl/tasks/letsencrypt.yml b/roles/debian/ssl/tasks/letsencrypt.yml index ae997cb33..74350945a 100644 --- a/roles/debian/ssl/tasks/letsencrypt.yml +++ b/roles/debian/ssl/tasks/letsencrypt.yml @@ -88,7 +88,7 @@ - not _letsencrypt_cert.stat.exists - _ssl_services | length > 0 -- name: Clean up _letsencrypt_domain_string variable . +- name: Clean up _letsencrypt_domain_string variable. ansible.builtin.set_fact: _letsencrypt_domain_string: "" diff --git a/roles/debian/wazuh/tasks/main.yml b/roles/debian/wazuh/tasks/main.yml index a4cc2b9eb..726d38335 100644 --- a/roles/debian/wazuh/tasks/main.yml +++ b/roles/debian/wazuh/tasks/main.yml @@ -117,17 +117,17 @@ ansible_shell_allow_world_readable_temp: true when: wazuh.agent.install and not wazuh_agent_sources_installation.enabled -- name: Check if Filebeat service exists +- name: Check if Filebeat service exists. ansible.builtin.command: cmd: systemctl list-units --type=service --state=running register: _service_list changed_when: false -- name: Set fact if Filebeat is found & present +- name: Set fact if Filebeat is found & present. ansible.builtin.set_fact: filebeat_exists: "{{ _service_list.stdout is search('filebeat.service') }}" -- name: Restart filebeat at the end # If we do not, filebeat keeps using old certs and breaks connection with elasticsearch & dashboard stops showing data. +- name: Restart filebeat at the end. # If we do not, filebeat keeps using old certs and breaks connection with elasticsearch & dashboard stops showing data. ansible.builtin.systemd: name: filebeat state: restarted