From b0368a06d7b4b78700a7aa0e7bb2840e0079ac61 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 6 Oct 2025 10:20:40 -0400 Subject: [PATCH 1/3] refactor(ansible): bring our ansible up to modern ansible-lint standards --- ansible/tasks/setup-migrations.yml | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/ansible/tasks/setup-migrations.yml b/ansible/tasks/setup-migrations.yml index 6eea6844b..4d89b3110 100644 --- a/ansible/tasks/setup-migrations.yml +++ b/ansible/tasks/setup-migrations.yml @@ -1,13 +1,17 @@ -- name: Run migrate.sh script - shell: ./migrate.sh - register: retval - when: debpkg_mode or stage2_nix - args: - chdir: /tmp/migrations/db - failed_when: retval.rc != 0 +- name: run debpkg_mode or stage2_nix tasks + when: + - (debpkg_mode or stage2_nix) + block: + - name: Run migrate.sh script + ansible.builtin.command: + cmd: './migrate.sh' + args: + chdir: '/tmp/migrations/db' + failed_when: + - retval['rc'] != 0 + register: 'retval' -- name: Create /root/MIGRATION-AMI file - file: - path: "/root/MIGRATION-AMI" - state: touch - when: debpkg_mode or stage2_nix + - name: Create /root/MIGRATION-AMI file + ansible.builtin.file: + path: '/root/MIGRATION-AMI' + state: 'touch' From 09552f44311ce2fc1a6a664f972ff15dd40d7e88 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 7 Oct 2025 09:24:02 -0400 Subject: [PATCH 2/3] refactor(ansible): bring our ansible up to modern ansible-lint standards --- ansible/tasks/setup-nginx.yml | 101 +++++++++++++++++----------------- 1 file changed, 50 insertions(+), 51 deletions(-) diff --git a/ansible/tasks/setup-nginx.yml b/ansible/tasks/setup-nginx.yml index 77fb7707a..1abe938c3 100644 --- a/ansible/tasks/setup-nginx.yml +++ b/ansible/tasks/setup-nginx.yml @@ -1,79 +1,78 @@ - name: nginx - system user - user: name=nginx + ansible.builtin.user: + name: 'nginx' + state: 'present' # Kong installation steps from http://archive.vn/3HRQx - name: nginx - system dependencies - apt: + ansible.builtin.apt: pkg: - - openssl - libpcre3-dev - libssl-dev + - openssl - zlib1g-dev - name: nginx - download source - get_url: - url: "https://nginx.org/download/nginx-{{ nginx_release }}.tar.gz" - dest: /tmp/nginx-{{ nginx_release }}.tar.gz + ansible.builtin.get_url: checksum: "{{ nginx_release_checksum }}" + dest: '/tmp/nginx-{{ nginx_release }}.tar.gz' + url: "https://nginx.org/download/nginx-{{ nginx_release }}.tar.gz" - name: nginx - unpack archive - unarchive: - remote_src: yes - src: /tmp/nginx-{{ nginx_release }}.tar.gz - dest: /tmp + ansible.builtin.unarchive: + dest: '/tmp' + remote_src: true + src: "/tmp/nginx-{{ nginx_release }}.tar.gz" - name: nginx - configure - shell: - chdir: /tmp/nginx-{{ nginx_release }} - cmd: | - set -e + ansible.builtin.command: + argv: + - ./configure \ + - --prefix=/usr/local/nginx \ + - --conf-path=/etc/nginx/nginx.conf \ + - --with-http_ssl_module \ + - --with-http_realip_module \ + - --with-threads + args: + chdir: "/tmp/nginx-{{ nginx_release }}" + become: true - ./configure \ - --prefix=/usr/local/nginx \ - --conf-path=/etc/nginx/nginx.conf \ - --with-http_ssl_module \ - --with-http_realip_module \ - --with-threads - become: yes - -- name: nginx - build +- name: nginx - build and install community.general.make: - target: build - chdir: /tmp/nginx-{{ nginx_release }} + chdir: "/tmp/nginx-{{ nginx_release }}" jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: nginx - install - make: - chdir: /tmp/nginx-{{ nginx_release }} - target: install - become: yes - -- name: nginx - hand over ownership of /usr/local/nginx to user nginx - file: - path: /usr/local/nginx - recurse: yes - owner: nginx + target: "{{ make_target }}" + become: true + loop: + - 'build' + - 'install' + loop_control: + loop_var: 'make_target' -- name: nginx - hand over ownership of /etc/nginx to user nginx - file: - path: /etc/nginx - recurse: yes - owner: nginx +- name: nginx - hand over ownership of /etc/nginx and /usr/local/nginx to user nginx + ansible.builtin.file: + owner: 'nginx' + path: "{{ nginx_dir_item }}" + recurse: true + loop: + - /etc/nginx + - /usr/local/nginx + loop_control: + loop_var: 'nginx_dir_item' # [warn] ulimit is currently set to "1024". For better performance set it to at least # "4096" using "ulimit -n" - name: nginx - bump up ulimit - pam_limits: - limit_item: nofile - limit_type: soft - domain: nginx - value: "4096" + community.general.pam_limits: + domain: 'nginx' + limit_item: 'nofile' + limit_type: 'soft' + value: '4096' - name: nginx - create service file - template: - src: files/nginx.service.j2 - dest: /etc/systemd/system/nginx.service + ansible.builtin.template: + dest: '/etc/systemd/system/nginx.service' + src: 'files/nginx.service.j2' # Keep it dormant for the timebeing From 9d0ae7f19398ba519600079112bc9ff7beffe3eb Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 7 Oct 2025 13:33:47 -0400 Subject: [PATCH 3/3] fix(setup-nginx): when using `argv` we don't need Bash line continuation chars --- ansible/tasks/setup-nginx.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/tasks/setup-nginx.yml b/ansible/tasks/setup-nginx.yml index 1abe938c3..1f10ceec2 100644 --- a/ansible/tasks/setup-nginx.yml +++ b/ansible/tasks/setup-nginx.yml @@ -27,11 +27,11 @@ - name: nginx - configure ansible.builtin.command: argv: - - ./configure \ - - --prefix=/usr/local/nginx \ - - --conf-path=/etc/nginx/nginx.conf \ - - --with-http_ssl_module \ - - --with-http_realip_module \ + - ./configure + - --prefix=/usr/local/nginx + - --conf-path=/etc/nginx/nginx.conf + - --with-http_ssl_module + - --with-http_realip_module - --with-threads args: chdir: "/tmp/nginx-{{ nginx_release }}"