Upgrade to Ansible 2.17

* ensure it works on noble
hicknhack-software · Aug 21, 2024 · 772381e · 772381e
1 parent 580cf9d
commit 772381e
Show file tree

Hide file tree

Showing 50 changed files with 609 additions and 289 deletions.
diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml
@@ -0,0 +1,16 @@
+---
+exclude_paths:
+  - ".github"
+  - "/docker-compose.yml"
+  - "/docker-compose.*.yml"
+
+kinds:
+  - playbook: "tests/redmine_mysql.yml"
+  - playbook: "tests/redmine_postgresql.yml"
+
+skip_list:
+  - package-latest # we don't change this role with all the versions
+  - latest[git] # same
+  - role-name[path] # we nest roles here to avoid 1000 dependencies
+  - var-naming[pattern] # we use uppercase variables for stored facts
+  - var-naming[no-role-prefix] # our role variables don't follow this pattern
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,30 @@
+{
+  "name": "redmine-ansible-dev",
+  "dockerComposeFile": [
+    "../docker-compose.yml",
+    "docker-compose.override.yml"
+  ],
+  "service": "ansible",
+  "overrideCommand": true,
+  "containerUser": "root",
+  "workspaceFolder": "/etc/ansible/roles/hicknhack-software.redmine",
+  // "capAdd": ["SYS_ADMIN", "SYS_RESOURCE"],
+  // "securityOpt": ["seccomp=unconfined", "label=disable", "apparmor=unconfined"],
+  "updateRemoteUserUID": true,
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "redhat.ansible"
+      ],
+      "settings": {
+        "files.associations": {
+          "**/defaults/*.yml": "ansible",
+          "**/handlers/*.yml": "ansible",
+          "**/tasks/*.yml": "ansible",
+          "**/vars/*.yml": "ansible",
+          "**/templates/*.j2": "ansible-jinja"
+        }
+      }
+    }
+  }
+}
diff --git a/.devcontainer/docker-compose.override.yml b/.devcontainer/docker-compose.override.yml
@@ -0,0 +1,4 @@
+---
+services:
+  ansible:
+    image: "ghcr.io/ansible/community-ansible-dev-tools:latest"
diff --git a/.github/workflows/ansible_lint.yml b/.github/workflows/ansible_lint.yml
@@ -0,0 +1,21 @@
+name: Ansible Lint
+
+on: push
+
+jobs:
+  ansible-lint:
+    name: "Run Ansible Lint"
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Make Symlink
+        run: >-
+          mkdir -p /home/runner/.ansible/roles
+          && ln -s $(pwd) /home/runner/.ansible/roles/hicknhack-software.redmine
+
+      - name: Run Ansible Lint
+        uses: ansible/ansible-lint@main
+        with:
+          requirements_file: "requirements.yml"
diff --git a/.github/workflows/docker_test.yml b/.github/workflows/docker_test.yml
@@ -0,0 +1,33 @@
+name: Test with Docker
+
+on: push
+
+jobs:
+  test-redmine:
+    name: "Redmine on Docker"
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - distro_name: noble
+          - distro_name: jammy
+          - distro_name: focal
+
+    runs-on: ubuntu-latest
+    env:
+      COMPOSE_FILE: "-f docker-compose.yml -f tests/docker-compose.${{ matrix.distro_name }}.yml"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate SSH key
+        run: sudo tests/make_sshkey.sh
+
+      - name: Run Ansible
+        run: sudo docker compose ${{ env.COMPOSE_FILE }} run --quiet-pull --rm --env ANSIBLE_FORCE_COLOR=True ansible
+
+      - name: Check Idempotence
+        shell: bash
+        run: >-
+          sudo docker compose ${{ env.COMPOSE_FILE }} run --rm --env ANSIBLE_FORCE_COLOR=True ansible | tee >(sed "s/\\x1B\\[\\([0-9]\\{1,2\}\\(;[0-9]\\{1,2\\}\\)\\?\\)\\?[mGK]//g" | cat >/tmp/output);
+          cat /tmp/output | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1)
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+*.retry
+tests/docker-sshkey*
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,10 @@
+{
+  "ansible.python.interpreterPath": "/bin/python3",
+  "files.associations": {
+    "**/defaults/*.yml": "ansible",
+    "**/handlers/*.yml": "ansible",
+    "**/tasks/*.yml": "ansible",
+    "**/vars/*.yml": "ansible",
+    "**/templates/*.j2": "ansible-jinja"
+  }
+}
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
-hickhack-software.Redmine
+hickhack-software.redmine
 ====================
 
 A set of roles that help to deploy the Redmine web application.
 
 Requirements
 ------------
 
-* Ubuntu 14.04 (Trusty)
+* Ubuntu 24.04 (Noble)
 
 Content Roles
 -------------
@@ -21,7 +21,7 @@ Content Roles
 Dependencies
 ------------
 
-* [dresden-weekly.Rails](https://github.com/dresden-weekly/ansible-rails) roles
+* [dresden-weekly.rails](https://github.com/dresden-weekly/ansible-rails) roles
 
 You may want to use our [vagrant-ansible-remote](https://github.com/dresden-weekly/vagrant-ansible-remote) for testing and deploying
 

diff --git a/apache/auth/README.md b/apache/auth/README.md
@@ -11,7 +11,7 @@ Requirements
 Dependencies
 ------------
 
-* **dresden-weekly.Rails/apache/server** - apache server and facts about pathes
+* **dresden-weekly.rails/apache/server** - apache server and facts about pathes
 * fact: **DATABASE_URL** - How to connect to the Redmine database
 
 Facts

diff --git a/apache/auth/defaults/main.yml b/apache/auth/defaults/main.yml
@@ -3,10 +3,16 @@
 database_url: "{{ DATABASE_URL }}"
 
 # package that allows to access the redmine database by perl
-redmine_apache_auth_perl_database_package: "{{ redmine_apache_perl_database_packages[redmine_apache_auth_database_type] if redmine_apache_auth_database_type in redmine_apache_perl_database_packages else 'unknown-database-perl-adapter' }}"
+redmine_apache_auth_perl_database_package: >-
+  {{ redmine_apache_perl_database_packages[redmine_apache_auth_database_type]
+    if redmine_apache_auth_database_type in redmine_apache_perl_database_packages
+    else 'unknown-database-perl-adapter' }}
 
 # namespace of the perl dbi for the database
-redmine_apache_auth_database_dbi: "{{ redmine_apache_perl_database_module[redmine_apache_auth_database_type] if redmine_apache_auth_database_type in redmine_apache_perl_database_module else 'unknown-database-perl-adapter' }}"
+redmine_apache_auth_database_dbi: >-
+  {{ redmine_apache_perl_database_module[redmine_apache_auth_database_type]
+    if redmine_apache_auth_database_type in redmine_apache_perl_database_module
+    else 'unknown-database-perl-adapter' }}
 
 # dissect the database_url as Perl DBI uses DSN strings
 # TODO: harden this

diff --git a/apache/auth/handlers/main.yml b/apache/auth/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: restart
-  service:
+- name: Restart
+  ansible.builtin.service:
     name: "{{ APACHE_SERVER_SERVICE }}"
     state: "restarted"
diff --git a/apache/auth/tasks/main.yml b/apache/auth/tasks/main.yml
@@ -1,55 +1,53 @@
 ---
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: "{{ redmine_apache_auth_packages }}"
-    update_cache: yes
+    update_cache: true
     state: latest
     cache_valid_time: 86400
-  notify: restart
+  notify: Restart
 
 - name: Authn Folder
-  file:
+  ansible.builtin.file:
     dest: "{{ redmine_apache_auth_file | dirname }}"
     state: directory
+    mode: "755"
 
-- name: Redmine.pm
-  get_url:
+- name: Create Redmine.pm
+  ansible.builtin.get_url:
     url: "{{ redmine_apache_auth_url }}"
     dest: "{{ redmine_apache_auth_file }}"
-  notify: restart
+    mode: "644"
+  notify: Restart
 
 - name: Auth conf
-  template:
+  ansible.builtin.template:
     dest: "{{ APACHE_SERVER_CONF_AVAILABLE_PATH }}/{{ redmine_apache_config_name }}.conf"
     src: "redmine_auth.j2"
-  notify: restart
+    mode: "644"
+  notify: Restart
 
 - name: Enable auth
-  command: "a2enconf {{ redmine_apache_config_name }}"
+  ansible.builtin.command: "a2enconf {{ redmine_apache_config_name }}"
   register: redmine_apache_auth_conf_enable_result
   changed_when: "'Enabling conf' in redmine_apache_auth_conf_enable_result.stdout"
-  notify: restart
+  notify: Restart
 
 # Redmine.pm only works with the prefork model
 - name: Enable Prefork
-  apache2_module:
-    state: present
-    name: "{{ item }}"
-  with_items:
-    - mpm_prefork
-  notify: restart
+  community.general.apache2_module:
+    state: "{{ item.state }}"
+    name: "{{ item.name }}"
+    ignore_configcheck: true
+    warn_mpm_absent: false
+  loop:
+    - {name: mpm_worker, state: absent}
+    - {name: mpm_event, state: absent}
+    - {name: mpm_prefork, state: present}
+  notify: Restart
 
-- name: Disable Worker & Event
-  apache2_module:
-    state: absent
-    name: "{{ item }}"
-  with_items:
-    - mpm_worker
-    - mpm_event
-  notify: restart
-
-- name: facts
-  set_fact:
+- name: Store Facts
+  ansible.builtin.set_fact:
     REDMINE_APACHE_AUTH_PERL_PACKAGE: "{{ redmine_apache_auth_perl_package }}"
     REDMINE_APACHE_AUTH_DSN: >-
       {{

diff --git a/apache/auth/vars/main.yml b/apache/auth/vars/main.yml
@@ -10,6 +10,6 @@ redmine_apache_perl_database_module:
   postgresql: Pg
 
 redmine_apache_auth_packages:
-- libapache2-mod-perl2
-- libapache-dbi-perl
-- "{{ redmine_apache_auth_perl_database_package }}"
+  - libapache2-mod-perl2
+  - libapache-dbi-perl
+  - "{{ redmine_apache_auth_perl_database_package }}"
diff --git a/apache/git/handlers/main.yml b/apache/git/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: restart
-  service:
+- name: Restart
+  ansible.builtin.service:
     name: "{{ APACHE_SERVER_SERVICE }}"
     state: "restarted"
diff --git a/apache/git/tasks/main.yml b/apache/git/tasks/main.yml
@@ -1,46 +1,45 @@
 ---
 - name: Add repo
-  apt_repository:
+  ansible.builtin.apt_repository:
     repo: "{{ reminde_apache_git_repository }}"
 
 - name: Install packages
-  apt:
+  ansible.builtin.apt:
     name: "{{ redmine_apache_git_packages }}"
-    update_cache: yes
+    update_cache: true
     state: latest
     cache_valid_time: 86400
-  notify: restart
+  notify: Restart
 
 - name: Apache modules
-  apache2_module:
+  community.general.apache2_module:
     name: "{{ item }}"
-  with_flattened:
-  - "{{ redmine_apache_git_modules }}"
-  - "{{ redmine_apache_git_https_fix_modules if redmine_apache_git_https_fix else [] }}"
-  notify: restart
+  loop: "{{ [redmine_apache_git_modules, (redmine_apache_git_https_fix_modules if redmine_apache_git_https_fix else [])] | flatten }}"
+  notify: Restart
 
-- name: folder
-  file:
+- name: Git Folder
+  ansible.builtin.file:
     dest: "{{ redmine_apache_git_folder }}"
     state: directory
     owner: "{{ redmine_apache_git_folder_user }}"
     group: "{{ redmine_apache_git_folder_group }}"
     mode: "2775" # include the change group bit
 
 - name: Create script
-  copy:
+  ansible.builtin.copy:
     src: "git_createrep.sh"
     dest: "{{ redmine_apache_git_folder }}/{{ redmine_apache_git_create_script_name }}"
     mode: "700"
 
 - name: Fix permission script
-  copy:
+  ansible.builtin.copy:
     src: "git_fixpermissions.sh"
     dest: "{{ redmine_apache_git_folder }}/{{ redmine_apache_git_fix_script_name }}"
     mode: "700"
 
 - name: Apache conf
-  template:
+  ansible.builtin.template:
     dest: "{{ redmine_apache_git_vhost_path }}/{{ redmine_apache_git_config_name }}.conf"
     src: "redmine_git.conf.j2"
-  notify: restart
+    mode: "644"
+  notify: Restart
diff --git a/apache/git/vars/main.yml b/apache/git/vars/main.yml
@@ -2,14 +2,13 @@
 reminde_apache_git_repository: "ppa:git-core/ppa"
 
 redmine_apache_git_packages:
-- git
-- git-core
+  - git
 
 redmine_apache_git_modules:
-- cgid
+  - cgid
 
 redmine_apache_git_https_fix_modules:
-- headers
+  - headers
 
 redmine_apache_git_backend: "/usr/lib/git-core/git-http-backend"
 

diff --git a/apache/subversion/handlers/main.yml b/apache/subversion/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: restart apache
-  service:
+- name: Restart apache
+  ansible.builtin.service:
     name: "{{ APACHE_SERVER_SERVICE }}"
     state: "restarted"