Auto-fix yaml rules
In order to reduce divergance with ansible-lint rules, we apply auto-fixing of violations. In current patch we replace all kind of truthy variables with `true` or `false` values to align with recommendations along with alignment of used quotes. Change-Id: I4a3107ce91b0eed15f3ab9aea4a1e6c4f967d0e0
This commit is contained in:
9 changed files with 39 additions and 40 deletions
1
.gitignore
vendored
1
.gitignore
vendored
@@ -45,6 +45,7 @@ logs/*
# OS generated files #
######################
._*
.ansible
.tox
*.egg-info
.eggs
@@ -15,7 +15,7 @@
# Validate Certificates when downloading hatop. May be set to "no" when proxy server
# is intercepting the certificates.
haproxy_hatop_download_validate_certs:yes
haproxy_hatop_download_validate_certs:true
# Set the package install state for distribution packages
# Options are 'present' and 'latest'
@@ -27,7 +27,7 @@ haproxy_fall: 3
haproxy_interval:12000
## Haproxy Stats
haproxy_stats_enabled:False
haproxy_stats_enabled:false
haproxy_stats_bind_address:127.0.0.1
haproxy_stats_port:1936
haproxy_stats_ssl:"{{ haproxy_ssl }}"
@@ -38,7 +38,7 @@ haproxy_stats_password: secrete
haproxy_stats_refresh_interval:60
# Prometheus stats are supported from HAProxy v2
# Stats must be enabled above before this can be used
haproxy_stats_prometheus_enabled:False
haproxy_stats_prometheus_enabled:false
# Default haproxy backup nodes to empty list so this doesn't have to be
# defined for each service.
@@ -51,8 +51,8 @@ haproxy_frontend_redirect_extra_raw: "{{ haproxy_frontend_extra_raw }}"
# Default values for enabling HTTP/2 support
# Note, that while HTTP/2 will be enabled on frontends that are covered with TLS,
# backends can be configured to use HTTP/2 regardless of TLS.
haproxy_frontend_h2:True
haproxy_backend_h2:False
haproxy_frontend_h2:true
haproxy_backend_h2:false
haproxy_service_configs:[]
# Example:
@@ -134,7 +134,7 @@ haproxy_service_configs: []
# /api/bar 40
galera_monitoring_user:monitoring
haproxy_bind_on_non_local:False
haproxy_bind_on_non_local:false
## haproxy SSL
haproxy_ssl:true
@@ -159,7 +159,7 @@ haproxy_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"
# Create a certificate authority if one does not already exist
haproxy_pki_create_ca:"{{ openstack_pki_authorities is not defined | bool }}"
haproxy_pki_regen_ca:''
haproxy_pki_regen_ca:""
haproxy_pki_authorities:
- name:"HAProxyRoot"
country:"GB"
@@ -200,7 +200,7 @@ haproxy_pki_certs_path: "{{ haproxy_pki_dir ~ '/certs/certs/' }}"
haproxy_pki_intermediate_cert_name:"{{ openstack_pki_service_intermediate_cert_name | default('HAProxyIntermediate') }}"
haproxy_pki_intermediate_cert_path:>-
{{ haproxy_pki_dir ~ '/roots/' ~ haproxy_pki_intermediate_cert_name ~ '/certs/' ~ haproxy_pki_intermediate_cert_name ~ '.crt' }}
haproxy_pki_regen_cert:''
haproxy_pki_regen_cert:""
haproxy_pki_certificates:"{{ _haproxy_pki_certificates }}"
# SSL certificate creation
@@ -211,7 +211,7 @@ haproxy_pki_install_certificates: "{{ _haproxy_pki_install_certificates }}"
# activate letsencrypt option
haproxy_ssl_letsencrypt_enable:false
haproxy_ssl_letsencrypt_certbot_binary:'certbot'
haproxy_ssl_letsencrypt_certbot_binary:"certbot"
haproxy_ssl_letsencrypt_certbot_backend_port:8888
haproxy_ssl_letsencrypt_pre_hook_timeout:5
haproxy_ssl_letsencrypt_certbot_bind_address:"{{ ansible_host }}"
@@ -252,8 +252,7 @@ haproxy_server_timeout: "50s"
# Set the HTTP keepalive mode to use
# Disable persistent connections by default because they can cause issues when the server side closes the connection
# at the same time a request is sent.
haproxy_keepalive_mode:'httpclose'
haproxy_keepalive_mode:"httpclose"
## haproxy tuning params
haproxy_maxconn:4096
@@ -318,7 +317,7 @@ haproxy_security_txt_headers: |
Connection: close
Content-Type: text/plain; charset=utf-8
haproxy_security_txt_content:''
haproxy_security_txt_content:""
# haproxy_security_txt_content: |
# # Please see https://securitytxt.org/ for details of the specification of this file
@@ -18,4 +18,4 @@
- "httpchk"
- "httplog"
haproxy_backend_arguments:
- 'http-check expect string OK'
- "http-check expect string OK"
@@ -56,8 +56,8 @@
service:
name:"rsyslog"
state:"restarted"
enabled:yes
daemon_reload:yes
enabled:true
daemon_reload:true
when:
- "'rsyslog' in ansible_facts.packages"
@@ -65,8 +65,8 @@
service:
name:"haproxy"
state:"reloaded"
enabled:yes
daemon_reload:yes
enabled:true
daemon_reload:true
listen:
- Regen pem
- Regenerate maps
@@ -48,7 +48,7 @@
unarchive:
src:"{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename }}"
dest:"{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}"
remote_src:yes
remote_src:true
extra_opts:
- --strip-components=1
@@ -57,5 +57,5 @@
src:"{{ haproxy_hatop_download_path }}/{{ haproxy_hatop_download_url | basename | replace('.tar.gz', '') }}/bin/hatop"
dest:/usr/local/bin/hatop
mode:"0755"
remote_src:yes
remote_src:true
when:haproxy_hatop_install | bool
@@ -17,7 +17,7 @@
sysctl:
name:"{{ item }}"
value:1
sysctl_set:yes
sysctl_set:true
state:present
when:haproxy_bind_on_non_local | bool
with_items:
@@ -65,9 +65,9 @@
file:
path:"{{ haproxy_log_mount_point | dirname }}"
state:directory
mode:'0755'
owner:'haproxy'
group:'haproxy'
mode:"0755"
owner:"haproxy"
group:"haproxy"
# NOTE(jrosser) The next task fails on Centos without this,
# an empty directory rather than a file is made and the bind mount fails
@@ -90,8 +90,8 @@
- name:Prevent SELinux from preventing haproxy from binding to arbitrary ports
seboolean:
name:haproxy_connect_any
state:yes
persistent:yes
state:true
persistent:true
tags:
- haproxy-service-config
notify:
@@ -64,4 +64,4 @@
when:
- (item.condition | default(True))
loop:"{{ haproxy_static_files }}"
no_log:True
no_log:true
@@ -35,8 +35,8 @@
owner:root
group:haproxy
mode:"0640"
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
loop:"{{ _haproxy_service_configs_simplified }}"
loop_control:
loop_var:service
@@ -55,14 +55,13 @@
path:"/etc/haproxy/conf.d/{{ service.haproxy_service_name }}"
state:absent
notify:Regenerate haproxy configuration
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
loop:"{{ _haproxy_service_configs_simplified }}"
loop_control:
loop_var:service
when:
- ((service.haproxy_service_enabled | default('True')) | bool) is falsy or
(service.state is defined and service.state == 'absent')
- ((service.haproxy_service_enabled | default('True')) | bool) is falsy or (service.state is defined and service.state == 'absent')
###########################################################################
# Map files assembled from fragments from each service into <map-name>.map
@@ -75,8 +74,8 @@
owner:root
group:haproxy
mode:"0750"
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
loop:>-
{{
_haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') | map(attribute='haproxy_map_entries') | flatten |
@@ -93,8 +92,8 @@
owner:root
group:haproxy
mode:"0640"
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
with_subelements:
- "{{ _haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') }}"
- haproxy_map_entries
@@ -113,8 +112,8 @@
- (item.0.haproxy_service_enabled | default('True')) | bool is falsy or
(item.0.state is defined and item.0.state == 'absent') or
(item.1.state | default('present') == 'absent')
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
# NOTE(damiandabrowski): _haproxy_service_configs_simplified should be replaced
# with haproxy_service_configs in 2024.1.
with_subelements:
- "{{ _haproxy_service_configs_simplified | selectattr('haproxy_map_entries', 'defined') }}"
- haproxy_map_entries
@@ -66,11 +66,11 @@
haproxy_ssl_cert_path ~ '/haproxy_' ~ ansible_facts['hostname'] ~ '-' ~ (item.get('interface')) | ternary(
item.get('address') ~ '-' ~ item['interface'], item['address']) ~ '.pem'
}}
regexp:'(privkey|fullchain).pem$'
regexp:"(privkey|fullchain).pem$"
owner:haproxy
group:haproxy
mode:"0640"
with_items:
- "{{ haproxy_vip_binds | selectattr('type', 'defined') | selectattr('type', 'eq', 'external') }}"
- "{{ haproxy_vip_binds | selectattr('type', 'defined') | selectattr('type', 'eq', 'external') }}"
notify:
- Reload haproxy
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.