From d68771ea7ace5782b999f585dd2215cc48e484fe Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Wed, 23 Sep 2020 22:22:34 +0200
Subject: [PATCH] Fix for ansible 2.10 (fixes #149)
---
playbooks/luna.yml | 4 ++--
playbooks/tasks/fetch-borg-keys.yml | 2 +-
roles/aurweb/tasks/main.yml | 7 ++++++-
roles/certbot/tasks/main.yml | 2 +-
roles/dbscripts/tasks/main.yml | 4 ++--
roles/dovecot/tasks/main.yml | 2 +-
roles/firewalld/tasks/main.yml | 2 +-
roles/gitlab/tasks/main.yml | 4 ++--
roles/gitlab_runner/tasks/main.yml | 2 +-
roles/keycloak/tasks/main.yml | 2 +-
roles/matrix/tasks/main.yml | 2 +-
roles/nginx/tasks/main.yml | 2 +-
roles/postfix/tasks/main.yml | 2 +-
roles/postgres/tasks/main.yml | 4 ++--
roles/prometheus_exporters/tasks/main.yml | 8 ++++----
roles/quassel/tasks/main.yml | 2 +-
roles/sshd/tasks/main.yml | 2 +-
roles/syncrepo/tasks/main.yml | 2 +-
roles/zabbix_agent/tasks/main.yml | 2 +-
roles/zabbix_server/tasks/main.yml | 2 +-
20 files changed, 32 insertions(+), 27 deletions(-)
diff --git a/playbooks/luna.yml b/playbooks/luna.yml
index 3617b546d..0441ad96a 100644
--- a/playbooks/luna.yml
+++ b/playbooks/luna.yml
@@ -5,7 +5,7 @@
remote_user: root
tasks:
- name: open firewall holes for services
- firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
@@ -17,7 +17,7 @@
- firewall
- name: open firewall holes for ports
- firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 6969/tcp
- 4949/tcp
diff --git a/playbooks/tasks/fetch-borg-keys.yml b/playbooks/tasks/fetch-borg-keys.yml
index 9ef97ce4a..778dd698e 100644
--- a/playbooks/tasks/fetch-borg-keys.yml
+++ b/playbooks/tasks/fetch-borg-keys.yml
@@ -4,7 +4,7 @@
hosts: 127.0.0.1
tasks:
- name: create borg-keys directory
- file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve
+ file: path="{{ playbook_dir }}/../../borg-keys/" state=directory mode=preserve # noqa 208
- name: fetch borg keys
hosts: borg_clients
diff --git a/roles/aurweb/tasks/main.yml b/roles/aurweb/tasks/main.yml
index e4d34ee94..6b8d04960 100644
--- a/roles/aurweb/tasks/main.yml
+++ b/roles/aurweb/tasks/main.yml
@@ -172,7 +172,12 @@
- name: deploy new smartgit release
become: true
become_user: "{{ aurweb_user }}"
- file: path=/etc/uwsgi/vassals/smartgit.ini state=touch mode=preserve
+ file:
+ path: /etc/uwsgi/vassals/smartgit.ini
+ state: touch
+ owner: "{{ aurweb_user }}"
+ group: http
+ mode: 0644
when: git.changed
- name: create git repo dir
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index 8481c81c4..1e74e0046 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -23,7 +23,7 @@
daemon_reload: yes
- name: open firewall holes for certbot standalone authenticator
- firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
when: configure_firewall
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index b92b1d26e..198b7b817 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -295,7 +295,7 @@
service: name=rsyncd.socket enabled=yes state=started
- name: open firewall holes for rsync
- firewalld: service=rsyncd permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
@@ -307,7 +307,7 @@
service: name=svnserve enabled=yes state=started
- name: open firewall holes for svnserve
- firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
diff --git a/roles/dovecot/tasks/main.yml b/roles/dovecot/tasks/main.yml
index 57b9662ee..b6a3e34d2 100644
--- a/roles/dovecot/tasks/main.yml
+++ b/roles/dovecot/tasks/main.yml
@@ -21,7 +21,7 @@
service: name=dovecot enabled=yes state=started
- name: open firewall holes
- firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml
index 39de6c741..c18233bd4 100644
--- a/roles/firewalld/tasks/main.yml
+++ b/roles/firewalld/tasks/main.yml
@@ -17,7 +17,7 @@
state: "{{ configure_firewall | ternary('started', 'stopped') }}"
- name: disable default dhcpv6-client rule
- firewalld:
+ ansible.posix.firewalld:
service: dhcpv6-client
state: disabled
immediate: yes
diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
index f6048f316..39860b0a1 100644
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -86,7 +86,7 @@
- "/srv/gitlab/data:/var/opt/gitlab"
- name: open firewall holes
- firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- "80/tcp"
@@ -97,7 +97,7 @@
- firewall
- name: make docker0 interface trusted
- firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
diff --git a/roles/gitlab_runner/tasks/main.yml b/roles/gitlab_runner/tasks/main.yml
index f1a70b46c..cebed672c 100644
--- a/roles/gitlab_runner/tasks/main.yml
+++ b/roles/gitlab_runner/tasks/main.yml
@@ -8,7 +8,7 @@
systemd: name=docker enabled=yes state=started daemon_reload=yes
- name: make docker0 interface trusted
- firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: interface=docker0 zone=trusted permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index a3d3a781e..5e6fc1e80 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -27,7 +27,7 @@
service: name=keycloak enabled=yes state=started
- name: open firewall hole
- firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
when: configure_firewall
with_items:
- 80/tcp
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index 3242ab0f9..125f56376 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -195,7 +195,7 @@
- restart matrix-appservice-irc
- name: open firewall holes
- firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 113/tcp
when: configure_firewall
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 1a882844e..443028701 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -56,7 +56,7 @@
service: name=nginx enabled=yes
- name: open firewall holes
- firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- http
- https
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index b2dbd6a63..256b398fd 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -104,7 +104,7 @@
create_home: no
- name: open firewall holes
- firewalld: service={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index c6a801e58..043cf87da 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -67,7 +67,7 @@
when: postgres_ssl == 'on'
- name: open firewall holes to known postgresql ipv4 clients
- firewalld: permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts4 }}"
when: configure_firewall
@@ -75,7 +75,7 @@
- firewall
- name: open firewall holes to known postgresql ipv6 clients
- firewalld: permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
with_items: "{{ postgres_ssl_hosts6 }}"
when: configure_firewall
diff --git a/roles/prometheus_exporters/tasks/main.yml b/roles/prometheus_exporters/tasks/main.yml
index cfb743e6b..93af5f68b 100644
--- a/roles/prometheus_exporters/tasks/main.yml
+++ b/roles/prometheus_exporters/tasks/main.yml
@@ -110,21 +110,21 @@
when: "'memcached' in group_names"
- name: open prometheus-node-exporter ipv4 port for monitoring.archlinux.org
- firewalld: state=enabled permanent=true immediate=yes
+ ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_exporter_port }} accept"
when: "'prometheus' not in group_names"
- name: open gitlab exporter ipv4 port for monitoring.archlinux.org
- firewalld: state=enabled permanent=true immediate=yes
+ ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ gitlab_runner_exporter_port }} accept"
when: "'gitlab_runners' in group_names"
- name: open prometheus mysqld exporter ipv4 port for monitoring.archlinux.org
- firewalld: state=enabled permanent=true immediate=yes
+ ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_mysqld_exporter_port }} accept"
when: "'mysql_servers' in group_names"
- name: open prometheus memcached exporter ipv4 port for monitoring.archlinux.org
- firewalld: state=enabled permanent=true immediate=yes
+ ansible.posix.firewalld: state=enabled permanent=true immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['ipv4_address'] }} port protocol=tcp port={{ prometheus_memcached_exporter_port }} accept"
when: "'memcached' in group_names"
diff --git a/roles/quassel/tasks/main.yml b/roles/quassel/tasks/main.yml
index d825bbfb1..0b92884bd 100644
--- a/roles/quassel/tasks/main.yml
+++ b/roles/quassel/tasks/main.yml
@@ -57,7 +57,7 @@
- clean-quassel.timer
- name: open firewall holes
- firewalld: port={{ item }} permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
with_items:
- 4242/tcp
- 113/tcp
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 1c889b302..821a1f29e 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -22,7 +22,7 @@
service: name=sshd enabled=yes state=started
- name: open firewall holes
- firewalld: service=ssh permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service=ssh permanent=true state=enabled immediate=yes
when: configure_firewall is defined and configure_firewall
tags:
- firewall
diff --git a/roles/syncrepo/tasks/main.yml b/roles/syncrepo/tasks/main.yml
index 5e42a837c..9f7f8b902 100644
--- a/roles/syncrepo/tasks/main.yml
+++ b/roles/syncrepo/tasks/main.yml
@@ -51,7 +51,7 @@
tags: ['nginx']
- name: open firewall holes
- firewalld: service=rsyncd permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
diff --git a/roles/zabbix_agent/tasks/main.yml b/roles/zabbix_agent/tasks/main.yml
index a888bef04..7476329a3 100644
--- a/roles/zabbix_agent/tasks/main.yml
+++ b/roles/zabbix_agent/tasks/main.yml
@@ -122,7 +122,7 @@
service: name=zabbix-agent enabled=yes state=started
- name: open firewall holes
- firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
diff --git a/roles/zabbix_server/tasks/main.yml b/roles/zabbix_server/tasks/main.yml
index f3c7fe6ee..35aeb15bc 100644
--- a/roles/zabbix_server/tasks/main.yml
+++ b/roles/zabbix_server/tasks/main.yml
@@ -75,7 +75,7 @@
service: name=php-fpm@zabbix-web.socket state=started enabled=true
- name: open firewall holes
- firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
+ ansible.posix.firewalld: service=zabbix-server permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
--
GitLab