Merge pull request #46 from Oefenweb/consistency-changes

Consistency changes
Oefenweb · Apr 19, 2023 · d876803 · d876803
2 parents 904e5c0 + 3f5f7d9
commit d876803
Show file tree

Hide file tree

Showing 15 changed files with 51 additions and 34 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,5 +1,6 @@
 ---
 warn_list:
   - role-name
+  - name[play]
   - name[casing]
-  - '503'
+  - no-handler
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -23,7 +23,9 @@ jobs:
           python-version: '3.x'
 
       - name: Install test dependencies
-        run: pip install ansible-lint[community,yamllint]
+        run: |
+          pip install ansible-lint
+          ansible-galaxy install -r requirements.yml
 
       - name: Lint code
         run: |
@@ -43,11 +45,8 @@ jobs:
       matrix:
         include:
           - distro: debian8
-            ansible-version: '<2.10'
           - distro: debian9
           - distro: debian10
-          - distro: ubuntu1604
-            ansible-version: '>=2.9, <2.10'
           - distro: ubuntu1604
             ansible-version: '>=2.10, <2.11'
           - distro: ubuntu1604
@@ -73,7 +72,7 @@ jobs:
           molecule test
         env:
           ANSIBLE_FORCE_COLOR: '1'
-          ANSIBLE_VERBOSITY: '3'
+          ANSIBLE_VERBOSITY: '2'
           MOLECULE_DEBUG: '1'
           MOLECULE_DISTRO: "${{ matrix.distro }}"
           PY_COLORS: '1'
diff --git a/Dockerfile b/Dockerfile
@@ -1,17 +1,20 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
 MAINTAINER Mischa ter Smitten <[email protected]>
 
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+
 # python
 RUN apt-get update && \
-  DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y python3-minimal python3-dev curl && \
   apt-get clean
-RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
+RUN curl -sL https://bootstrap.pypa.io/pip/3.6/get-pip.py | python3 -
 RUN rm -rf $HOME/.cache
 
 # ansible
-RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y python3-apt && \
   apt-get clean
-RUN pip install ansible==2.9.15
+RUN pip3 install ansible==2.10.7
 RUN rm -rf $HOME/.cache
 
 # provision

diff --git a/handlers/main.yml b/handlers/main.yml
@@ -1,5 +1,5 @@
 # handlers file
 ---
 - name: reload ufw
-  ufw:
+  community.general.ufw:
     state: reloaded
diff --git a/meta/main.yml b/meta/main.yml
@@ -7,7 +7,7 @@ galaxy_info:
   company: Oefenweb.nl B.V.
   description: Set up ufw in Debian-like systems
   license: MIT
-  min_ansible_version: 2.9.0
+  min_ansible_version: 2.10.0
   platforms:
     - name: Ubuntu
       versions:

diff --git a/molecule/default/collections.yml b/molecule/default/collections.yml
@@ -0,0 +1,6 @@
+---
+collections:
+  - name: community.docker
+    version: '>=1.2.0,<2'
+  - name: community.general
+    version: '>=2,<3'
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -4,6 +4,6 @@
   become: true
   pre_tasks:
     - name: include vars
-      include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
+      ansible.builtin.include_vars: "{{ playbook_dir }}/../../tests/vars/main.yml"
   roles:
     - ../../../
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -8,11 +8,11 @@ platforms:
     image: "geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu1604}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+      - /var/lib/containerd
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
-    capabilities:
-      - NET_ADMIN
 provisioner:
   name: ansible
   playbooks:

diff --git a/requirements.yml b/requirements.yml
@@ -0,0 +1,5 @@
+# requirements file
+---
+collections:
+  - name: community.general
+  - name: ansible.posix
diff --git a/tasks/configure.yml b/tasks/configure.yml
@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: configure | create (local facts) directory
-  file:
+  ansible.builtin.file:
     path: /etc/ansible/facts.d/
     state: directory
     owner: root
@@ -11,7 +11,7 @@
     - ufw-configure-facts
 
 - name: configure | update configuration file(s)
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: root
@@ -27,14 +27,14 @@
     - ufw-configure-facts
 
 - name: configure | reset
-  ufw:
+  community.general.ufw:
     state: reset
   when: configuration is changed
   tags:
     - ufw-configure-reset
 
 - name: configure | default (incoming) policy
-  ufw:
+  community.general.ufw:
     policy: "{{ ufw_default_incoming_policy }}"
     direction: incoming
   notify: reload ufw
@@ -43,7 +43,7 @@
     - ufw-configure-default-policy-incoming
 
 - name: configure | default (outgoing) policy
-  ufw:
+  community.general.ufw:
     policy: "{{ ufw_default_outgoing_policy }}"
     direction: outgoing
   notify: reload ufw
@@ -52,7 +52,7 @@
     - ufw-configure-default-policy-outgoing
 
 - name: configure | rules
-  ufw:
+  community.general.ufw:
     rule: "{{ item.rule }}"
     interface: "{{ item.interface | default('') }}"
     direction: "{{ item.direction | default('in') }}"
@@ -70,7 +70,7 @@
     - ufw-configure-rules
 
 - name: configure | logging
-  ufw:
+  community.general.ufw:
     logging: "{{ ufw_logging }}"
   notify: reload ufw
   tags:

diff --git a/tasks/fix-dropped-ssh-sessions.yml b/tasks/fix-dropped-ssh-sessions.yml
@@ -1,12 +1,12 @@
 # tasks file
 ---
 - name: check if conntrack exists
-  stat:
+  ansible.builtin.stat:
     path: /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal
   register: _nf_conntrack_tcp_be_liberal
 
 - name: fix dropped ssh sessions | configure kernel
-  sysctl:
+  ansible.posix.sysctl:
     name: net.netfilter.nf_conntrack_tcp_be_liberal
     value: '1'
     state: present

diff --git a/tasks/install.yml b/tasks/install.yml
@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: install | dependencies
-  apt:
+  ansible.builtin.apt:
     name: "{{ ufw_dependencies }}"
     state: "{{ apt_install_state | default('latest') }}"
     update_cache: true

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,15 +1,16 @@
 # tasks file
 ---
 - name: facts | set
-  set_fact:
+  ansible.builtin.set_fact:
     kernel_version: "{{ ansible_kernel | regex_search('^([0-9]+\\.[0-9]+\\.[0-9]+)') }}"
   tags:
     - configuration
     - ufw
     - ufw-facts
 
 # see https://askubuntu.com/a/1064533/261010, https://www.spinics.net/lists/netfilter-devel/msg55682.html
-- include: fix-dropped-ssh-sessions.yml
+- name: fix dropped ssh sessions
+  ansible.builtin.import_tasks: fix-dropped-ssh-sessions.yml
   when:
     - kernel_version is version('4.14', '>=')
     - kernel_version is version('5', '<')
@@ -18,20 +19,22 @@
     - ufw
     - ufw-fix-dropped-ssh-sessions
 
-- include: install.yml
+- name: install
+  ansible.builtin.import_tasks: install.yml
   tags:
     - configuration
     - ufw
     - ufw-install
 
-- include: configure.yml
+- name: configure
+  ansible.builtin.import_tasks: configure.yml
   tags:
     - configuration
     - ufw
     - ufw-configure
 
 - name: start and enable service
-  ufw:
+  community.general.ufw:
     state: enabled
   tags:
     - configuration

diff --git a/templates/etc/default/ufw.j2 b/templates/etc/default/ufw.j2
@@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
 
 # /etc/default/ufw
 #

diff --git a/tests/test.yml b/tests/test.yml
@@ -5,6 +5,6 @@
   become: true
   pre_tasks:
     - name: include vars
-      include_vars: "{{ playbook_dir }}/vars/main.yml"
+      ansible.builtin.include_vars: "{{ playbook_dir }}/vars/main.yml"
   roles:
     - ../../