From 656dc47a73558b1c395cabb357ad7ab06664e69a Mon Sep 17 00:00:00 2001 From: hitchhooker Date: Sat, 3 Feb 2024 12:31:02 +0700 Subject: [PATCH] improve to within linting rules --- group_vars/all/secret_vault.yaml.example | 1 - roles/setup_install_arbitrum/tasks/main.yaml | 18 +++--- roles/setup_install_avalanche/tasks/main.yaml | 8 +-- roles/setup_install_foundry/tasks/main.yaml | 6 +- roles/setup_install_optimism/tasks/main.yaml | 24 ++++---- .../tasks/prometheus-tasks.yaml | 60 ++++++++++--------- roles/setup_install_wireguard/meta/main.yaml | 2 +- roles/setup_install_wireguard/tasks/main.yaml | 31 ++++------ .../setup_networking_routeros/tasks/main.yaml | 4 +- 9 files changed, 74 insertions(+), 80 deletions(-) diff --git a/group_vars/all/secret_vault.yaml.example b/group_vars/all/secret_vault.yaml.example index b604c4b..2b00972 100644 --- a/group_vars/all/secret_vault.yaml.example +++ b/group_vars/all/secret_vault.yaml.example @@ -8,4 +8,3 @@ default_passphrase: "kyEoeYaleIbS2LvdahoAJ0XYc4XguIHV" default_password: "4sYnCr0n0uzB4cKing15theway" porkbun_api_key: pk1_xxx porkbun_secret_key: sk1_xxx -... diff --git a/roles/setup_install_arbitrum/tasks/main.yaml b/roles/setup_install_arbitrum/tasks/main.yaml index 3371423..3529837 100644 --- a/roles/setup_install_arbitrum/tasks/main.yaml +++ b/roles/setup_install_arbitrum/tasks/main.yaml @@ -59,8 +59,8 @@ repo: "{{ item.url }}" version: "{{ item.version }}" when: - - arbnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not arbnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != arbitrum_version with_items: - { url: "{{ arbitrum_git_repo }}", version: "v{{ arbitrum_version }}", dest: "arbitrum" } @@ -76,7 +76,7 @@ creates: "/usr/local/lib/librocksdb.so.{{ arbitrum_rocksdb_version }}" chdir: "{{ arbitrum_build_path }}/rocksdb" when: - - rocksdb.stat.exists == False + - not rocksdb.stat.exists - name: Generate ldconfig file for rocksdb installation ansible.builtin.template: @@ -117,8 +117,8 @@ creates: "{{ arbitrum_build_path }}/arbitrum/packages/arb-avm-cpp/build/bin/avm_runner" chdir: "{{ arbitrum_build_path }}/arbitrum" when: - - arbnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not arbnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != arbitrum_version environment: GOROOT: "/usr/local/go" @@ -140,8 +140,8 @@ chdir: "{{ arbitrum_build_path }}/arbitrum/packages/arb-rpc-node" creates: "{{ arbitrum_base }}/go" when: - - arbnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not arbnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != arbitrum_version environment: GOROOT: "/usr/local/go" @@ -163,8 +163,8 @@ GOPATH: "{{ arbitrum_base }}/go" PATH: "$GOPATH/bin:$GOROOT/bin:/usr/local/go/bin:/usr/local/bin:/usr/bin:/bin" when: - - arbnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not arbnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != arbitrum_version with_items: - { path: "packages/arb-rpc-node/cmd", name: "arb-node" } diff --git a/roles/setup_install_avalanche/tasks/main.yaml b/roles/setup_install_avalanche/tasks/main.yaml index 27da849..f398e77 100644 --- a/roles/setup_install_avalanche/tasks/main.yaml +++ b/roles/setup_install_avalanche/tasks/main.yaml @@ -44,7 +44,7 @@ creates: "{{ avalanche_base }}/avalanchego-v{{ avalanche_version }}" register: avalanche_install when: - - ansible_local['noderole']['node']['pinned'] != "True" + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != avalanche_version notify: - Add Service Pinned Status @@ -95,9 +95,9 @@ group: "{{ avalanche_user }}" mode: '0755' when: - - ansible_local['noderole']['node']['pinned'] != "True" + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != avalanche_version - - avalanche_enable_swimmer == True + - avalanche_enable_swimmer - name: Copy Swimmer extra configs if needed ansible.builtin.copy: @@ -107,7 +107,7 @@ group: "{{ avalanche_user }}" mode: u+rw,g-wx,o-wx when: - - avalanche_enable_swimmer == True + - avalanche_enable_swimmer with_items: - { source: "chain_1_config.json", destination: "{{ avalanche_chain_config_path }}/2Sk6j8TYVQc2oR1TtUz64EWHAYjDUoDQ4hpbu6FMN2JBKC77xa/config.json" } - { source: "chain_2_config.json", destination: "{{ avalanche_chain_config_path }}/2K33xS9AyP9oCDiHYKVrHe7F54h2La5D8erpTChaAhdzeSu2RX/config.json" } diff --git a/roles/setup_install_foundry/tasks/main.yaml b/roles/setup_install_foundry/tasks/main.yaml index 06c68ce..250ce10 100644 --- a/roles/setup_install_foundry/tasks/main.yaml +++ b/roles/setup_install_foundry/tasks/main.yaml @@ -12,7 +12,7 @@ mode: "u+rwx" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - when: foundryup.stat.exists == False + when: not foundryup.stat.exists notify: - Run foundry installer script - Execute Foundry Installer @@ -20,13 +20,13 @@ - name: Run foundry installer script ansible.builtin.shell: cmd: "/tmp/foundry_install" - when: foundryup.stat.exists == False + when: not foundryup.stat.exists environment: FOUNDRY_DIR: /usr/local - name: Execute Foundry Installer ansible.builtin.shell: cmd: /usr/local/bin/foundryup - when: foundryup.stat.exists == False + when: not foundryup.stat.exists environment: FOUNDRY_DIR: /usr/local diff --git a/roles/setup_install_optimism/tasks/main.yaml b/roles/setup_install_optimism/tasks/main.yaml index 6ad5af2..9feda6f 100644 --- a/roles/setup_install_optimism/tasks/main.yaml +++ b/roles/setup_install_optimism/tasks/main.yaml @@ -91,8 +91,8 @@ repo: "{{ item.url }}" version: "{{ item.version }}" when: - - optimismnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not optimismnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != optimism_version with_items: - { url: "{{ optimism_git_repo }}", version: "@eth-optimism/sdk@{{ optimism_version }}", dest: "optimism" } @@ -105,8 +105,8 @@ - yarn chdir: "{{ optimism_build_path }}/optimism" when: - - optimismnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not optimismnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != optimism_version - name: Run yarn build @@ -118,8 +118,8 @@ - build chdir: "{{ optimism_build_path }}/optimism" when: - - optimismnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not optimismnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != optimism_version - name: Run make geth @@ -139,8 +139,8 @@ # that does not source /etc/profile where go env settings are stored. # So setting all those here is fast when: - - optimismnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not optimismnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != optimism_version - name: Install optimism @@ -150,8 +150,8 @@ - "{{ optimism_build_path }}/optimism" - "{{ optimism_base }}/optimism-v{{ optimism_version }}" when: - - optimismnode.stat.exists == False - - ansible_local['noderole']['node']['pinned'] != "True" + - not optimismnode.stat.exists + - not ansible_local['noderole']['node']['pinned'] - ansible_local['noderole']['node']['version'] != optimism_version notify: - Remove Optimism Build Directory @@ -186,7 +186,7 @@ mode: "u+rw" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - when: l2gethdata.stat.exists == False + when: not l2gethdata.stat.exists - name: Generate empty password file ansible.builtin.file: @@ -216,7 +216,7 @@ - "init" - "/tmp/genesis.json" chdir: "{{ optimism_base }}/optimism-v{{ optimism_version }}/l2geth/build/bin" - when: l2gethdata.stat.exists == False + when: not l2gethdata.stat.exists - name: Import Optimism geth account become: True diff --git a/roles/setup_install_prometheus/tasks/prometheus-tasks.yaml b/roles/setup_install_prometheus/tasks/prometheus-tasks.yaml index 24971ac..eb4ed6b 100644 --- a/roles/setup_install_prometheus/tasks/prometheus-tasks.yaml +++ b/roles/setup_install_prometheus/tasks/prometheus-tasks.yaml @@ -2,32 +2,31 @@ # Reworked tasks for Prometheus setup - name: Fetch the latest version of Prometheus - ansible.builtin.shell: - cmd: | - set -o pipefail - wget $(curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest | grep "tag_name" | awk '{print "https://github.com/prometheus/prometheus/releases/download/" substr($2, 2, length($2)-3) "/prometheus-" substr($2, 3, length($2)-4) ".linux-amd64.tar.gz"}') - tar xvf prometheus-*.tar.gz + ansible.builtin.get_url: + url: "{{ prometheus_download_url }}" + dest: "/tmp/prometheus.tar.gz" + vars: + prometheus_download_url: "{{ lookup('url', 'https://api.github.com/repos/prometheus/prometheus/releases/latest', wantlist=True) | json_query('[0].assets[?content_type==`application/gzip`].browser_download_url') | first }}" + register: download_result + until: download_result is succeeded + retries: 3 + delay: 5 +- name: Extract Prometheus package + ansible.builtin.unarchive: + src: "/tmp/prometheus.tar.gz" + dest: "/tmp" + remote_src: yes + creates: "/usr/local/bin/prometheus" + - name: Move Prometheus binaries to the desired location - ansible.builtin.shell: - cmd: | - mv ./prometheus-*.linux-amd64/prometheus /usr/local/bin/ - mv ./prometheus-*.linux-amd64/promtool /usr/local/bin/ - cp -r ./prometheus-*.linux-amd64/consoles /etc/prometheus - cp -r ./prometheus-*.linux-amd64/console_libraries /etc/prometheus + ansible.builtin.command: + cmd: "mv /tmp/prometheus-{{ prometheus_version }}/prometheus* /usr/local/bin/" + creates: "/usr/local/bin/prometheus" + vars: + prometheus_version: "{{ lookup('url', 'https://api.github.com/repos/prometheus/prometheus/releases/latest', wantlist=True) | json_query('[0].tag_name') }}" -- name: Ensure Prometheus group exists - ansible.builtin.group: - name: prometheus - state: present - -- name: Ensure Prometheus user exists and is a member of the Prometheus group - ansible.builtin.user: - name: prometheus - state: present - group: prometheus - -- name: Create necessary Prometheus directories +- name: Ensure Prometheus directories exist ansible.builtin.file: path: "{{ item }}" state: directory @@ -37,10 +36,12 @@ loop: - /etc/prometheus/ - /var/lib/prometheus/ + - /usr/local/bin/ -- name: Clean up downloaded Prometheus packages - ansible.builtin.shell: - cmd: rm -rf ./prometheus* +- name: Remove downloaded Prometheus package + ansible.builtin.file: + path: "/tmp/prometheus.tar.gz" + state: absent - name: Deploy Prometheus configuration ansible.builtin.copy: @@ -48,11 +49,12 @@ dest: /etc/prometheus/prometheus.yml owner: prometheus group: prometheus - mode: "0755" + mode: "0644" - name: Validate Prometheus configuration - ansible.builtin.shell: - cmd: promtool check config /etc/prometheus/prometheus.yml + ansible.builtin.command: + cmd: "promtool check config /etc/prometheus/prometheus.yml" + creates: "/etc/prometheus/prometheus.yml.valid" - name: Manage Prometheus service block: diff --git a/roles/setup_install_wireguard/meta/main.yaml b/roles/setup_install_wireguard/meta/main.yaml index 4390a60..358541c 100644 --- a/roles/setup_install_wireguard/meta/main.yaml +++ b/roles/setup_install_wireguard/meta/main.yaml @@ -22,4 +22,4 @@ galaxy_info: - linux - vpn - wireguard - dependencies: [] + dependencies: diff --git a/roles/setup_install_wireguard/tasks/main.yaml b/roles/setup_install_wireguard/tasks/main.yaml index b0d054c..f86528a 100644 --- a/roles/setup_install_wireguard/tasks/main.yaml +++ b/roles/setup_install_wireguard/tasks/main.yaml @@ -1,6 +1,5 @@ --- # tasks/main.yaml for WireGuard - - name: Check if necessary files exist ansible.builtin.stat: path: "{{ item }}" @@ -9,37 +8,31 @@ - /etc/wireguard/private.key register: file_status -- name: Set Umask for session - ansible.builtin.shell: - cmd: "umask 077" - changed_when: False - - name: Generate the VPN private key (admin) - ansible.builtin.shell: - cmd: wg genkey + ansible.builtin.command: + cmd: wg genkey > /etc/wireguard/private.key + creates: /etc/wireguard/private.key + args: creates: /etc/wireguard/private.key - register: WG_PRIVATE_KEY - when: file_status.results[0].stat.exists == False + when: not file_status.results[0].stat.exists -- name: Generate the VPN public keys (admin) +- name: Generate the VPN public key (admin) ansible.builtin.shell: - cmd: wg pubkey - args: - stdin: "{{ WG_PRIVATE_KEY.stdout }}" + cmd: cat /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key creates: /etc/wireguard/public.key - when: file_status.results[0].stat.exists == False + when: not file_status.results[1].stat.exists -- name: Register the VPN public keys (admin) +- name: Register the VPN public key (admin) ansible.builtin.set_fact: WG_PUB_KEY: "{{ lookup('file', '/etc/wireguard/public.key') }}" - when: file_status.results[0].stat.exists == False + when: not file_status.results[1].stat.exists - name: Configure wireguard files ansible.builtin.template: src: wg0.conf.j2 dest: /etc/wireguard/wg0.conf mode: "0755" - when: file_status.results[0].stat.exists == False + when: not file_status.results[0].stat.exists notify: - Restart wireguard @@ -62,6 +55,6 @@ name: wg-quick@wg0 enabled: True masked: False - when: file_status.results[0].stat.exists == False + when: not file_status.results[0].stat.exists notify: - Start wireguard diff --git a/roles/setup_networking_routeros/tasks/main.yaml b/roles/setup_networking_routeros/tasks/main.yaml index cc6a920..47134a8 100644 --- a/roles/setup_networking_routeros/tasks/main.yaml +++ b/roles/setup_networking_routeros/tasks/main.yaml @@ -43,12 +43,12 @@ community.routeros.command: commands: "{{ item.port_forward | generate_rule('nat', ansible_host) }}" loop: "{{ port_forwards_exist_check.results }}" - when: item.ansible_facts.port_forward_exists == False + when: not item.ansible_facts.port_forward_exists delegate_to: "{{ routeros_delegate_host }}" - name: Configure firewall filter rules on RouterOS for each LXC node community.routeros.command: commands: "{{ item.port_forward | generate_rule('filter') }}" loop: "{{ filter_exist_check.results }}" - when: item.ansible_facts.filter_exists == False + when: not item.ansible_facts.filter_exists delegate_to: "{{ routeros_delegate_host }}"