Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix ansible check warnings
Browse files Browse the repository at this point in the history
palash-gandhi committed Jan 14, 2025
1 parent 85bb349 commit 54386a3
Showing 7 changed files with 50 additions and 25 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -11,7 +11,7 @@ jobs:
args: ""
setup_python: "true"
working_directory: ""
requirements_file: ""
requirements_file: ".github/workflows/requirements.yml"
check-shellcheck:
runs-on: ubuntu-20.04
steps:
7 changes: 7 additions & 0 deletions .github/workflows/requirements.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#
# Copyright 2025 Delphix
#
---
collections:
# Install a collection from Ansible Galaxy.
- name: community.general
3 changes: 2 additions & 1 deletion bootstrap/playbook.yml
Original file line number Diff line number Diff line change
@@ -15,7 +15,8 @@
#

---
- hosts: localhost
- name: Run the appliance-build.bootstrap role
hosts: localhost
connection: local
become_user: root
become: true
29 changes: 18 additions & 11 deletions bootstrap/roles/appliance-build.bootstrap/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -16,14 +16,13 @@

---
# The VSDK plugin requires python3.8. The deadsnakes PPA provides python3.8 on 24.04.
- apt_repository:
- name: Add deadsnakes PPA to apt sources so that python3.8 can be installed
ansible.builtin.apt_repository:
repo: ppa:deadsnakes/ppa
state: present

- apt:
update_cache: yes

- apt:
- name: Update apt cache and install apt packages
ansible.builtin.apt:
name:
- ansible
- aptly
@@ -51,28 +50,36 @@
- vim
- zfsutils-linux
state: present
update_cache: true

- systemd:
- name: Stop unattended-upgrades systemd service in preparation for package removal
ansible.builtin.systemd:
name: unattended-upgrades
state: stopped
register: result_systemd_stop
failed_when: "result_systemd_stop is failed and 'Could not find the requested service' not in result_systemd_stop.msg"

- apt:
- name: Remove unattended-upgrades package
ansible.builtin.apt:
name:
- unattended-upgrades
state: absent
purge: true

- snap:
# aws-cli is distributed via snap on 24.04. While the package is not required by the product,
# it is required by appliance-build itself.
- name: Install aws-cli snap package
community.general.snap:
name: aws-cli
classic: yes
classic: true

- modprobe:
- name: Load ZFS kernel module.
community.general.modprobe:
name: zfs
state: present

- user:
- name: Add delphix user to docker group required by the virtualization package
ansible.builtin.user:
name: delphix
groups: docker
append: true
Original file line number Diff line number Diff line change
@@ -15,7 +15,8 @@
#

---
- apt:
- name: Install apt packages
ansible.builtin.apt:
name:
- openjdk-8-jdk
- curl
@@ -24,7 +25,8 @@
- gnupg
state: present

- user:
- name: Add delphix user to docker group required by the virtualization package
ansible.builtin.user:
name: delphix
groups: docker
append: true
Original file line number Diff line number Diff line change
@@ -15,15 +15,17 @@
#

---
- git:
- name: Clone the dcenter-gate repo
ansible.builtin.git:
repo: "https://{{ lookup('env', 'GITHUB_TOKEN') }}@github.com/delphix/dcenter-gate.git"
version: main
dest: /opt/dcenter/lib/dcenter-gate
accept_hostkey: yes
update: no
accept_hostkey: true
update: false
when: lookup('env', 'GITHUB_TOKEN') != ''

- alternatives:
- name: Set java to java-8-openjdk-amd64
community.general.alternatives:
name: java
path: /usr/lib/jvm/java-8-openjdk-amd64/bin/java

@@ -32,7 +34,8 @@
# can operate. For dcenter, we maintain the dhcp configuration
# in /tmp so we need to add those paths into the apparmor configuration.
#
- copy:
- name: Create the apparmor configuration for dhcpd

Check warning on line 37 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

risky-file-permissions

File permissions unset or incorrect.

Check warning on line 37 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

risky-file-permissions

File permissions unset or incorrect.
ansible.builtin.copy:
dest: "/etc/apparmor.d/local/usr.sbin.dhcpd"
content: |
/tmp/dcenter_dhcp_config/ r,
@@ -42,7 +45,8 @@
/tmp/dcenter_dhcp_config/dhcpd{,6}.leases* lrw,
/tmp/dcenter_dhcp_config/dhcpd{,6}.pid rw,
- copy:
- name: Create the apparmor configuration for named

Check warning on line 48 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

risky-file-permissions

File permissions unset or incorrect.

Check warning on line 48 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

risky-file-permissions

File permissions unset or incorrect.
ansible.builtin.copy:
dest: "/etc/apparmor.d/local/usr.sbin.named"
content: |
/tmp/dcenter_dhcp_config/named.conf r,
@@ -54,15 +58,17 @@
# improve performance we reset the value to 64 which mimics what
# we use on the delphix engine.
#
- lineinfile:
- name: Update the number of nfs threads
ansible.builtin.lineinfile:
path: /etc/default/nfs-kernel-server
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: '^RPCNFSDCOUNT=', line: 'RPCNFSDCOUNT=64' }
- { regexp: '^RPCMOUNTDOPTS=', line: 'RPCMOUNTDOPTS="--num-threads=5 --manage-gids"' }

- command: systemctl mask named.service isc-dhcp-server.service isc-dhcp-server6.service
- name: Mask named and dhcp services

Check warning on line 70 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

command-instead-of-module

systemctl used in place of systemd module

Check warning on line 70 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

no-changed-when

Commands should not change things if nothing needs doing.

Check warning on line 70 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

command-instead-of-module

systemctl used in place of systemd module

Check warning on line 70 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

no-changed-when

Commands should not change things if nothing needs doing.
ansible.builtin.command: systemctl mask named.service isc-dhcp-server.service isc-dhcp-server6.service

#
# delphix-platform installs ntp in a disabled state by default.
@@ -76,4 +82,5 @@
# We also have cleanup jobs that run on DCenter hosts that rely on filesystem
# timestamps being accurate.
#
- command: systemctl enable ntp.service
- name: Enable NTP systemd service

Check warning on line 85 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

command-instead-of-module

systemctl used in place of systemd module

Check warning on line 85 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

no-changed-when

Commands should not change things if nothing needs doing.

Check warning on line 85 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

command-instead-of-module

systemctl used in place of systemd module

Check warning on line 85 in live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

GitHub Actions / check-ansible

no-changed-when

Commands should not change things if nothing needs doing.
ansible.builtin.command: systemctl enable ntp.service
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@
#

---
- apt:
- name: Install delphix-dct package
ansible.builtin.apt:
name: delphix-dct
state: present

0 comments on commit 54386a3

Please sign in to comment.