refactor(ansible): bring our ansible up to modern ansible-lint standards (#1833)

Author: hunleyd

ansible/tasks/setup-pgbouncer.yml

@@ -1,135 +1,138 @@
 # PgBouncer
 - name: PgBouncer - download & install dependencies
-  apt:
+  ansible.builtin.apt:
     pkg:
       - build-essential
-      - libssl-dev
-      - pkg-config
       - libevent-dev
+      - libssl-dev
       - libsystemd-dev
-    update_cache: yes
+      - pkg-config
+    update_cache: true
     cache_valid_time: 3600
 
 - name: PgBouncer - download latest release
-  get_url:
-    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
-    dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
+  ansible.builtin.get_url:
     checksum: "{{ pgbouncer_release_checksum }}"
+    dest: "/tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz"
     timeout: 60
+    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
 
 - name: PgBouncer - unpack archive
-  unarchive:
-    remote_src: yes
-    src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    dest: /tmp
-  become: yes
+  ansible.builtin.unarchive:
+    dest: '/tmp'
+    remote_src: true
+    src: "/tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz"
+  become: true
 
 - name: PgBouncer - configure
-  shell:
-    cmd: "./configure --prefix=/usr/local --with-systemd"
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - build
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - install
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-    target: install
-  become: yes
+  ansible.builtin.command:
+    cmd: './configure --prefix=/usr/local --with-systemd'
+  args:
+    chdir: "/tmp/pgbouncer-{{ pgbouncer_release }}"
+  become: true
+
+- name: PgBouncer - build and install
+  community.general.make:
+    chdir: "/tmp/pgbouncer-{{ pgbouncer_release }}"
+    target: "{{ pgbouncer_make_item }}"
+  become: true
+  loop:
+    - 'all'
+    - 'install'
+  loop_control:
+    loop_var: 'pgbouncer_make_item'
 
 - name: Create pgbouncer user
-  user:
-    name: pgbouncer
-    shell: /bin/false
-    comment: PgBouncer user
-    groups: postgres,ssl-cert
-
-- name: PgBouncer - create a directory if it does not exist
-  file:
-    path: /etc/pgbouncer
-    state: directory
-    owner: pgbouncer
-    group: pgbouncer
-    mode: '0700'
-
-- name: PgBouncer - create a directory if it does not exist
-  file:
-    state: directory
-    owner: pgbouncer
-    group: pgbouncer
-    path: '{{ item }}'
-    mode: '0775'
+  ansible.builtin.user:
+    comment: 'PgBouncer user'
+    groups: 'postgres,ssl-cert'
+    name: 'pgbouncer'
+    shell: '/usr/sbin/nolign'
+    state: 'present'
+
+- name: Create PgBouncer directories if they do not exist
+  ansible.builtin.file:
+    group: 'pgbouncer'
+    mode: "{{ pgbouncer_dir_item['mode'] }}"
+    owner: 'pgbouncer'
+    path: "{{ pgbouncer_dir_item['dir'] }}"
+    state: 'directory'
+  loop_control:
+    loop_var: 'pgbouncer_dir_item'
   with_items:
-    - '/etc/pgbouncer-custom'
-
-- name: create placeholder config files
-  file:
-    path: '/etc/pgbouncer-custom/{{ item }}'
-    state: touch
-    owner: pgbouncer
-    group: pgbouncer
-    mode: 0664
+    - { mode: '0700', dir: '/etc/pgbouncer' }
+    - { mode: '0775', dir: '/etc/pgbouncer-custom' }
+
+- name: create PgBouncer placeholder config files
+  ansible.builtin.file:
+    group: 'pgbouncer'
+    mode: '0664'
+    owner: 'pgbouncer'
+    path: "/etc/pgbouncer-custom/{{ pgbouncer_config_item }}"
+    state: 'touch'
+  loop_control:
+    loop_var: 'pgbouncer_config_item'
   with_items:
-    - 'generated-optimizations.ini'
     - 'custom-overrides.ini'
+    - 'generated-optimizations.ini'
     - 'ssl-config.ini'
 
 - name: PgBouncer - adjust pgbouncer.ini
-  copy:
-    src: files/pgbouncer_config/pgbouncer.ini.j2
-    dest: /etc/pgbouncer/pgbouncer.ini
-    owner: pgbouncer
+  ansible.builtin.copy:
+    dest: '/etc/pgbouncer/pgbouncer.ini'
     mode: '0700'
+    owner: 'pgbouncer'
+    src: 'files/pgbouncer_config/pgbouncer.ini.j2'
 
-- name: PgBouncer - create a directory if it does not exist
-  file:
-    path: /etc/pgbouncer/userlist.txt
-    state: touch
-    owner: pgbouncer
+- name: PgBouncer - create a userlist file if it does not exist
+  ansible.builtin.file:
     mode: '0700'
+    owner: 'pgbouncer'
+    path: '/etc/pgbouncer/userlist.txt'
+    state: 'touch'
 
 - name: import /etc/tmpfiles.d/pgbouncer.conf
-  template:
-    src: files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2
-    dest: /etc/tmpfiles.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/tmpfiles.d/pgbouncer.conf'
+    src: 'files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2'
+  become: true
 
 - name: PgBouncer - By default allow ssl connections.
-  become: yes
-  copy:
-    dest: /etc/pgbouncer-custom/ssl-config.ini
-    content: |
-      client_tls_sslmode = allow
+  ansible.builtin.lineinfile:
+    line: 'client_tls_sslmode = allow'
+    path: '/etc/pgbouncer-custom/ssl-config.ini'
+  become: true
 
 - name: Grant pg_hba and pgbouncer grp perm for adminapi updates
-  shell: |
-     chmod g+w /etc/postgresql/pg_hba.conf
-     chmod g+w /etc/pgbouncer-custom/ssl-config.ini
+  ansible.builtin.file:
+    mode: '0664'
+    path: "{{ pgbouncer_group_item }}"
+  loop:
+    - /etc/pgbouncer-custom/ssl-config.ini
+    - /etc/postgresql/pg_hba.conf
+  loop_control:
+    loop_var: 'pgbouncer_group_item'
 
 # Add fail2ban filter
 - name: import jail.d/pgbouncer.conf
-  template:
-    src: files/fail2ban_config/jail-pgbouncer.conf.j2
-    dest: /etc/fail2ban/jail.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/fail2ban/jail.d/pgbouncer.conf'
+    src: 'files/fail2ban_config/jail-pgbouncer.conf.j2'
+  become: true
 
 - name: import filter.d/pgbouncer.conf
-  template:
-    src: files/fail2ban_config/filter-pgbouncer.conf.j2
-    dest: /etc/fail2ban/filter.d/pgbouncer.conf
-  become: yes
+  ansible.builtin.template:
+    dest: '/etc/fail2ban/filter.d/pgbouncer.conf'
+    src: 'files/fail2ban_config/filter-pgbouncer.conf.j2'
+  become: true
 
 # Add systemd file for PgBouncer
-- name: PgBouncer - import postgresql.service
-  template:
-    src: files/pgbouncer_config/pgbouncer.service.j2
-    dest: /etc/systemd/system/pgbouncer.service
-  become: yes
+- name: PgBouncer - import pgbouncer.service
+  ansible.builtin.template:
+    dest: '/etc/systemd/system/pgbouncer.service'
+    src: 'files/pgbouncer_config/pgbouncer.service.j2'
+  become: true
 
 - name: PgBouncer - reload systemd
-  systemd:
-    daemon_reload: yes
+  ansible.builtin.systemd_service:
+    daemon_reload: true