style(ssp): ensure authservers playbook passes Ansible lint

WIP rciam#270

Signed-off-by: Bruce Becker <[email protected]>

authservers.yml

@@ -1,6 +1,8 @@
 ---
-
-- hosts: authservers
+# File: authservers.yml
+# Deployes authentication servers
+- name: Deploy authentication servers
+  hosts: authservers
   roles:
     - common
     - ssp

roles/ssp/tasks/install-Debian.yml

@@ -1,25 +1,29 @@
 ---
-
 - name: Update package cache (Debian)
-  apt: update_cache=yes cache_valid_time=86400
-  become: yes
+  ansible.builtin.apt:
+    update_cache: "yes"
+    cache_valid_time: "86400"
+  become: true
 
 - name: Ensure latest CA certificates are installed (Debian)
-  apt: pkg=ca-certificates state=latest install_recommends=no
+  ansible.builtin.apt:
+    pkg: ca-certificates
+    state: present
+    install_recommends: "no"
   become: true
 
 - name: Ensure SSP cron module dependencies are installed (Debian)
-  apt:
+  ansible.builtin.apt:
     pkg: "{{ ssp_mod_cron_deps }}"
     state: present
-    install_recommends: no
+    install_recommends: false
   when: "'cron' in ssp_mods_enabled"
   become: true
 
-#- name: Ensure memcached dependencies are installed (Debian)
-#  apt: pkg={{ item }} state=present install_recommends=no
-#  with_items: "{{ ssp_memcache_deps }}"
-#  when: "ssp_store_type is defined and ssp_store_type == 'memcache'"
-#  become: true
-#  notify:
-#    - restart webserver
+# - name: Ensure memcached dependencies are installed (Debian)
+#   apt: pkg={{ item }} state=present install_recommends=no
+#   with_items: "{{ ssp_memcache_deps }}"
+#   when: "ssp_store_type is defined and ssp_store_type == 'memcache'"
+#   become: true
+#   notify:
+#     - restart webserver

roles/ssp/tasks/install-RedHat.yml

@@ -1,24 +1,23 @@
 ---
-
 - name: Ensure latest CA certificates are installed (RedHat)
-  yum:
+  ansible.builtin.yum:
     name: ca-certificates
-    state: latest
+    state: present
   become: true
 
 - name: Ensure SSP cron module dependencies are installed (RedHat)
-  yum:
+  ansible.builtin.yum:
     name: "{{ ssp_mod_cron_deps }}"
     state: present
   when: "'cron' in ssp_mods_enabled"
   become: true
 
-#- name: Ensure memcached dependencies are installed (RedHat)
-#  yum:
-#    name: "{{ item }}"
-#    state: present
-#  with_items: "{{ ssp_memcache_deps }}"
-#  when: "ssp_store_type is defined and ssp_store_type == 'memcache'"
-#  become: true
-#  notify:
-#    - restart webserver
+# - name: Ensure memcached dependencies are installed (RedHat)
+#   yum:
+#     name: "{{ item }}"
+#     state: present
+#   with_items: "{{ ssp_memcache_deps }}"
+#   when: "ssp_store_type is defined and ssp_store_type == 'memcache'"
+#   become: true
+#   notify:
+#     - restart webserver

roles/ssp/tasks/install-common.yml

@@ -1,59 +1,72 @@
 ---
-
-- include_tasks: install-release.yml
+- name: Include Release Tasks
+  ansible.builtin.include_tasks: install-release.yml
   when: ssp_release_url is defined
   tags:
     - ssp:install
 
-- include_tasks: install-source.yml
+- name: Include source install tasks
+  ansible.builtin.include_tasks: install-source.yml
   when: ssp_release_url is not defined
   tags:
     - ssp:install
 
 - name: Update symbolic link to SSP
-  file:
+  ansible.builtin.file:
     src: "{{ ssp_path }}/{{ 'public' if ssp_major_version == '2' else 'www' }}/"
     dest: "{{ ssp_www_path }}"
     state: link
-  become: yes
+  become: true
   tags:
     - ssp:install
 
-- include_tasks: twig.yml
-  when: (ssp_twig_install is defined) and (ssp_twig_install|bool == True)
+- name: Include Twig tasks
+  ansible.builtin.include_tasks: twig.yml
+  when: (ssp_twig_install is defined) and (ssp_twig_install | bool)
 
 - name: Ensure SSP config dir exists
-  file: path={{ ssp_configdir }} state=directory
-  become: yes
+  ansible.builtin.file:
+    path: "{{ ssp_configdir }}"
+    state: directory
+    mode: "0750"
+  become: true
   tags:
     - ssp:install
 
 - name: Ensure SSP logging dir exists
-  file:
+  ansible.builtin.file:
     state: directory
     path: "{{ ssp_loggingdir }}"
     owner: "{{ ssp_webuser }}"
     group: "{{ ssp_webgroup }}"
     mode: "0750"
-  become: yes
+  become: true
   tags:
     - ssp:install
 
 - name: Ensure SSP data dir exists
-  file: path={{ ssp_datadir }} state=directory
-  become: yes
+  ansible.builtin.file:
+    path: "{{ ssp_datadir }}"
+    state: directory
+    mode: "0750"
+  become: true
   tags:
     - ssp:install
 
 - name: Ensure SSP metadata dir exists
-  file: path={{ ssp_metadatadir }} state=directory
-  become: yes
+  ansible.builtin.file:
+    path: "{{ ssp_metadatadir }}"
+    state: directory
+    mode: "0750"
+  become: true
   tags:
     - ssp:install
 
 - name: Ensure SSP cert dir exists
-  file: path={{ ssp_certdir }} state=directory
-  become: yes
+  ansible.builtin.file:
+    path: "{{ ssp_certdir }}"
+    state: directory
+    mode: "0750"
+  become: true
   tags:
     - ssp:install
-

roles/ssp/tasks/install-release.yml

@@ -1,47 +1,47 @@
 ---
-
 - name: Check if SSP path exists
-  stat:
+  ansible.builtin.stat:
     path: "{{ ssp_path }}"
   register: release_downloaded
   tags:
     - ssp:install:release
 
-- block:
-
+- name: SSP Install
+  when: not release_downloaded.stat.exists
+  become: true
+  tags:
+    - ssp:install:release
+  block:
     - name: Create temp SSP installation directory
-      tempfile:
+      ansible.builtin.tempfile:
         state: directory
       register: ssp_basepath
 
     - name: Download and unarchive SSP release into temp installation directory
-      unarchive:
+      ansible.builtin.unarchive:
         src: "{{ ssp_release_url }}"
         dest: "{{ ssp_basepath.path }}/"
-        owner: "root"
-        group: "root"
+        owner: root
+        group: root
         list_files: true
         remote_src: true
 
     - name: Ensure SSP path exists
-      file:
+      ansible.builtin.file:
         path: "{{ ssp_path }}"
         state: directory
-        owner: "root"
-        group: "root"
+        owner: root
+        group: root
+        mode: "0750"
 
     - name: Copy release to SSP path
-      copy:
+      ansible.builtin.copy:
         src: "{{ ssp_basepath.path }}/{{ ssp_repo_version }}/"
         dest: "{{ ssp_path }}"
         remote_src: true
+        mode: "0600"
 
     - name: Remove temp SSP installation directory
-      file:
+      ansible.builtin.file:
         path: "{{ ssp_basepath.path }}"
         state: absent
-
-  when: release_downloaded.stat.exists == False
-  become: yes
-  tags:
-    - ssp:install:release

roles/ssp/tasks/install-source.yml

@@ -1,28 +1,28 @@
 ---
-
 - name: Checkout SSP source
-  git:
+  ansible.builtin.git:
     repo: "{{ ssp_repo_url }}"
     dest: "{{ ssp_path }}"
     version: "{{ ssp_repo_version }}"
-    accept_hostkey: yes
-    force: no
-    update: no
-  become: yes
+    accept_hostkey: true
+    force: false
+    update: false
+  become: true
   when: ssp_release_file is not defined
   tags:
     - ssp:install:source
 
-- include_tasks: composer.yml
-  when: (ssp_composer_install is defined) and (ssp_composer_install|bool == True)
+- name: Include composer tasks
+  ansible.builtin.include_tasks: composer.yml
+  when: (ssp_composer_install is defined) and (ssp_composer_install | bool)
 
 - name: Install/Update SimplesamlPHP
-  composer:
+  community.general.composer:
     command: update
     working_dir: "{{ ssp_path }}"
     composer_executable: "{{ ssp_composer_executable }}"
     ignore_platform_reqs: true
     no_scripts: true
   become: true
   tags:
-    - ssp:install:source
+    - ssp:install:source