refactor: ansible roles

Refactors with:

- fully qualified module names
- properly formed blocks
- named blocks
- corrected indenttion
- moved the when directive to top of blocks
- idempotent commands
- prefixed task_names var with role name
- added some changed when's to silence linter where needed
- suse hard coded values moved to var/main.yml

Signed-off-by: Ryan Johnson <[email protected]>

.ansible-lint.yml

@@ -0,0 +1,5 @@
+---
+kinds:
+ - playbook
+skip_list:
+ - line-length

.vscode/settings.json

@@ -1,4 +1,7 @@
 {
+ // Ansible settings
+ "ansible.python.interpreterPath": "/usr/local/bin/python3",
+
  // Editor settings
  "editor.bracketPairColorization.enabled": true,
  "editor.bracketPairColorization.independentColorPoolPerBracketType": true,

ansible/linux-playbook.yml

@@ -1,9 +1,12 @@
 ---
-- become: true
- become_method: sudo
+- name: Playbook for Linux
+ become: true
+ become_method: ansible.builtin.sudo
  debugger: never
  gather_facts: true
  hosts: all
+ vars:
+ enable_cloudinit: false
  roles:
  - base
  - users

ansible/roles/base/tasks/debian.yml

@@ -2,25 +2,25 @@
 # Debian or derivative specific tasks.
 
 # Tasks for updating the operating system and installing additional packages.
-- block:
- - name: "Getting guest operating system information."
- debug:
- msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
+- name: "Updating the operating system and installing additional packages."
+ when: enable_cloudinit == 'true' and ansible_distribution_version | int >= 12
+ block:
+ - name: "Getting guest operating system information."
+ ansible.builtin.debug:
+ msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
 
- - name: "Updating the operating system."
- apt:
- name: "*"
- state: latest  # noqa package-latest
- update_cache: true
+  - name: "Updating the operating system."
+  ansible.builtin.apt:
+  name: "*"
+  state: latest # noqa package-latest
+  update_cache: true
 
- - name: "Installing additional packages."
- apt:
- name: "{{ additional_packages[ansible_os_family] }}"
- state: latest # noqa package-latest
-
- - name: "Installing cloud-init."
- apt:
- name: cloud-init
- state: latest
- when: enable_cloudinit == 'true' and ansible_distribution_version | int >= 12
+ - name: "Installing additional packages."
+ ansible.builtin.apt:
+ name: "{{ base_base_base_additional_packages[ansible_os_family] }}"
+ state: latest # noqa package-latest
 
+ - name: "Installing cloud-init."
+ ansible.builtin.apt:
+ name: cloud-init
+ state: latest # noqa package-latest

ansible/roles/base/tasks/main.yml

@@ -1,12 +1,12 @@
 ---
-- name: "{{ task_name }}"
- include_tasks: "{{ ansible_os_family | lower }}.yml"
+- name: "{{ base_task_name }}"
+ ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml"
  when: ansible_os_family in ['Debian', 'RedHat', 'Suse']
 
-- name: "{{ task_name }}"
- include_tasks: "{{ ansible_lsb.codename | lower }}.yml"
+- name: "{{ base_task_name }}"
+ ansible.builtin.include_tasks: "{{ ansible_lsb.codename | lower }}.yml"
  when: ansible_distribution == 'VMware Photon OS'
 
-- name: "{{ task_name }}"
- include_tasks: windows.yml
+- name: "{{ base_task_name }}"
+ ansible.builtin.include_tasks: windows.yml
  when: ansible_os_family == "Windows"

ansible/roles/base/tasks/photon.yml

@@ -2,37 +2,48 @@
 # VMware Photon OS specific tasks.
 
 # Tasks to update the operating system and install additional packages.
-- block:
- - name: "Getting guest operating system information."
- debug:
- msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
+- name: "Update the operating system and install additional packages."
+ block:
+ - name: "Getting guest operating system information."
+ ansible.builtin.debug:
+ msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
 
- - name: "Updating the operating system."
- command: "tdnf -y update"
- when: ansible_distribution_version | int >= 5
+ - name: "Updating the operating system."
+ ansible.builtin.command: "tdnf -y update"
+ when: ansible_distribution_version | int >= 5
+ changed_when: false
 
- - block:
+- name: "Update Photon OS Repositories and System"
+ when: ansible_distribution_version | int <= 4
+ block:
  - name: "Updating the repository URL."
- shell: |
- cd /etc/yum.repos.d/
- sed -i 's/dl.bintray.com\/vmware/packages.vmware.com\/photon\/$releasever/g' photon.repo photon-updates.repo photon-extras.repo photon-debuginfo.repo
+ ansible.builtin.shell: |
+ cd /etc/yum.repos.d/ && \
+ sed -i 's/dl.bintray.com\/vmware/packages.vmware.com\/photon\/$releasever/g' \
+ photon.repo photon-updates.repo photon-extras.repo photon-debuginfo.repo
+ changed_when: false
 
  - name: "Updating the photon-repos."
- command: tdnf -y update photon-repos
+ ansible.builtin.command: tdnf -y update photon-repos
+ changed_when: false
 
  - name: "Cleaning the cache."
- command: tdnf clean all
+ ansible.builtin.command: tdnf clean all
+ changed_when: false
 
  - name: "Making cache."
- command: tdnf makecache
+ ansible.builtin.command: tdnf makecache
+ changed_when: false
 
  - name: "Updating the operating system."
- command: tdnf -y update
- when: ansible_distribution_version | int <= 4
+ ansible.builtin.command: tdnf -y update
+  changed_when: false
 
- - name: "Installing additional packages."
- command: "tdnf -y install {{ additional_packages[ansible_os_family] | join(' ') }}"
+- name: "Installing additional packages."
+ ansible.builtin.command: "tdnf -y install {{ base_additional_packages[ansible_os_family] | join(' ') }}"
+ changed_when: false
 
- - name: "Installing cloud-init."
- command: tdnf -y install cloud-init
- when: enable_cloudinit == 'true'
+- name: "Installing cloud-init."
+ ansible.builtin.command: tdnf -y install cloud-init
+ when: enable_cloudinit == 'true'
+ changed_when: false

ansible/roles/base/tasks/redhat.yml

@@ -3,57 +3,60 @@
 
 # Tasks for disconnecting from Red Hat Subscription Manager.
 - name: "Getting guest operating system information."
- debug:
+ ansible.builtin.debug:
  msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
 
 - name: "Checking the Red Hat Subscription Manager status."
- command:
+ when: ansible_distribution == 'RedHat'
+ ansible.builtin.command:
  cmd: subscription-manager status
  register: result
  failed_when: "'ERROR' in result.stderr"
- when: ansible_distribution == 'RedHat'
+ changed_when: false
 
 # Tasks for upgrading the almalinux-release package.
 - name: "Upgrade almalinux-release package."
- dnf:
+ when: ansible_distribution == 'AlmaLinux'
+ ansible.builtin.dnf:
  name: almalinux-release
- state: latest
+ state: latest # noqa package-latest
  become: true
- when: ansible_distribution == 'AlmaLinux'
 
 # Tasks for updating the operating system and installing additional packages.
-- block:
- - name: "Updating the operating system."
- dnf:
- name: "*"
- state: latest # noqa package-latest
- update_cache: true
-
- - name: "Installing additional packages."
- dnf:
- name: "{{ additional_packages[ansible_os_family] }}"
- state: latest # noqa package-latest
-
- - name: "Installing cloud-init."
- become: true
- dnf:
- name: cloud-init
- state: latest
- when: enable_cloudinit == 'true' and ansible_distribution_version | int >= 8
+- name: "Updating the operating system and installing additional packages."
  when:
  - ansible_distribution == 'Fedora'
  - ansible_os_family == 'RedHat' and ansible_distribution_major_version | int >= 8
+ block:
+ - name: "Updating the operating system."
+ ansible.builtin.dnf:
+ name: "*"
+ state: latest # noqa package-latest
+ update_cache: true
+
+ - name: "Installing additional packages."
+ ansible.builtin.dnf:
+ name: "{{ base_base_additional_packages[ansible_os_family] }}"
+ state: latest # noqa package-latest
+
+ - name: "Installing cloud-init."
+ when: enable_cloudinit == 'true' and ansible_distribution_version | int >= 8
+ become: true
+ ansible.builtin.dnf:
+ name: cloud-init
+ state: latest # noqa package-latest
 
 # Tasks for updating the operating system and installing additional packages.
-- block:
- - name: "Updating the operating system."
- yum:
- name: "*"
- state: latest # noqa package-latest
- update_cache: true
-
- - name: "Installing additional packages."
- yum:
- name: "{{ additional_packages[ansible_os_family] }}"
- state: latest # noqa package-latest
+- name: "Updating the operating system and installing additional packages."
  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int < 8
+ block:
+ - name: "Updating the operating system."
+ ansible.builtin.yum: # noqa fqcn[action-core]
+ name: "*"
+ state: latest # noqa package-latest
+ update_cache: true
+
+ - name: "Installing additional packages."
+ ansible.builtin.yum: # noqa fqcn[action-core]
+ name: "{{ base_base_additional_packages[ansible_os_family] }}"
+ state: latest # noqa package-latest

ansible/roles/base/tasks/suse.yml

@@ -2,33 +2,46 @@
 # SUSE Linux Enterprise Server specific tasks.
 
 # Tasks for updating the operating system and installing additional packages.
-- block:
- - name: "Getting guest operating system information."
- debug:
- msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
-
- - name: "Updating the operating system."
- zypper:
- name: "*"
- state: latest
- update_cache: true
-
- - name: "Installing additional packages."
- zypper:
- name: "{{ additional_packages[ansible_os_family] }}"
- state: latest
-
- - name: "Adding location of python3-jsonpatch."
- command: SUSEConnect -p sle-module-public-cloud/15.5/x86_64
-
- - name: "Installing python3-jsonpatch"
- zypper:
- name: python3-jsonpatch
- state: present
-
- - name: "Installing cloud-init."
- zypper:
- name: cloud-init
- state: present
- when: enable_cloudinit == 'true'
+- name: "Updating operating system and installing additional packages."
  become: true
+ block:
+ - name: "Getting guest operating system information."
+ ansible.builtin.debug:
+ msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}"
+
+ - name: "Updating the operating system."
+ community.general.zypper:
+ name: "*"
+ state: latest
+ update_cache: true
+
+ - name: "Installing additional packages."
+ community.general.zypper:
+ name: "{{ base_base_additional_packages[ansible_os_family] }}"
+ state: latest
+
+ - name: "Set full module path."
+ ansible.builtin.set_fact:
+ full_module_path: "{{ base_sle_module_name }}/{{ base_sle_module_version }}/{{ base_sle_architecture }}"
+
+ - name: "Check if already registered for: {{ full_module_path }}."
+ ansible.builtin.command: SUSEConnect --status-text
+ register: suseconnect_status
+ changed_when: false
+
+ - name: "Adding location of python3-jsonpatch for {{ full_module_path }}."
+ when: full_module_path not in suseconnect_status.stdout
+ ansible.builtin.command: SUSEConnect -p {{ full_module_path }}
+ register: suseconnect_register
+ changed_when: "'Registering' in suseconnect_register.stdout"
+
+ - name: "Installing python3-jsonpatch."
+ community.general.zypper:
+ name: python3-jsonpatch
+ state: present
+
+ - name: "Installing cloud-init."
+ when: enable_cloudinit == 'true'
+ community.general.zypper:
+ name: cloud-init
+ state: present