From 9660328ec74afa42766487e4b3c2a49104965152 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Sun, 3 Dec 2023 18:23:33 +0100 Subject: [PATCH] feat: remove become from role --- handlers/main.yml | 3 --- molecule/default/converge.yml | 1 + molecule/default/prepare.yml | 3 +-- molecule/default/verify.yml | 6 ++---- molecule/default_vagrant/converge.yml | 1 + molecule/default_vagrant/prepare.yml | 3 +-- molecule/default_vagrant/verify.yml | 6 ++---- molecule/with_custom_config/converge.yml | 1 + molecule/with_custom_config/prepare.yml | 3 +-- molecule/with_custom_config/verify.yml | 6 ++---- molecule/with_custom_config_vagrant/converge.yml | 1 + molecule/with_custom_config_vagrant/prepare.yml | 4 ++-- molecule/with_custom_config_vagrant/verify.yml | 6 ++---- tasks/configure.yml | 2 -- tasks/prerequisites.yml | 3 --- 15 files changed, 17 insertions(+), 32 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 7f6f742..1791821 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,20 +3,17 @@ - name: "Reload service file" ansible.builtin.systemd: daemon_reload: true - become: true listen: "systemctl-daemon-reload" - name: "Enable vault-certs service" ansible.builtin.service: name: vault-certs enabled: true - become: true listen: "systemctl-enable-vault-certs" - name: "Start vault-certs service" ansible.builtin.service: name: vault-certs state: restarted - become: true listen: "systemctl-restart-vault-certs" when: renew_vault_certificates_start_service diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 897496d..a222447 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.renew_vault_certificates" ansible.builtin.include_role: diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index ae7ccb3..f66ad28 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,12 +1,12 @@ --- - name: Prepare hosts: all + become: true tasks: - name: "Create group vault" ansible.builtin.group: name: "vault" state: present - become: true - name: "Create user vault" ansible.builtin.user: @@ -14,4 +14,3 @@ group: "vault" shell: /bin/false state: present - become: true diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 81bfab4..a90d32f 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -2,6 +2,7 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - name: "Test: directory /etc/consul-template.d/vault" block: @@ -19,7 +20,6 @@ ansible.builtin.slurp: src: "/etc/consul-template.d/vault/vault_config.hcl" register: slurp_etc_consul_template_d_vault_vault_config_hcl - become: true - name: "Verify directory /etc/consul-template.d/vault" ansible.builtin.assert: @@ -60,7 +60,6 @@ src: "{{ item.path }}" loop: "{{ find_etc_consul_template_d_vault_templates.files }}" register: slurp_etc_consul_template_d_vault_templates - become: true - name: "Verify file /etc/consul-template.d/vault/templates/vault_cert.pem.tpl" vars: @@ -109,9 +108,8 @@ ansible.builtin.slurp: src: "/etc/systemd/system/vault-certs.service" register: slurp_etc_systemd_system_vault_certs_service - become: true - - name: "Verify service vault" + - name: "Verify service vault-certs" ansible.builtin.assert: that: - stat_etc_systemd_system_vault_certs_service.stat.exists diff --git a/molecule/default_vagrant/converge.yml b/molecule/default_vagrant/converge.yml index 897496d..a222447 100644 --- a/molecule/default_vagrant/converge.yml +++ b/molecule/default_vagrant/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.renew_vault_certificates" ansible.builtin.include_role: diff --git a/molecule/default_vagrant/prepare.yml b/molecule/default_vagrant/prepare.yml index ae7ccb3..f66ad28 100644 --- a/molecule/default_vagrant/prepare.yml +++ b/molecule/default_vagrant/prepare.yml @@ -1,12 +1,12 @@ --- - name: Prepare hosts: all + become: true tasks: - name: "Create group vault" ansible.builtin.group: name: "vault" state: present - become: true - name: "Create user vault" ansible.builtin.user: @@ -14,4 +14,3 @@ group: "vault" shell: /bin/false state: present - become: true diff --git a/molecule/default_vagrant/verify.yml b/molecule/default_vagrant/verify.yml index 81bfab4..a90d32f 100644 --- a/molecule/default_vagrant/verify.yml +++ b/molecule/default_vagrant/verify.yml @@ -2,6 +2,7 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - name: "Test: directory /etc/consul-template.d/vault" block: @@ -19,7 +20,6 @@ ansible.builtin.slurp: src: "/etc/consul-template.d/vault/vault_config.hcl" register: slurp_etc_consul_template_d_vault_vault_config_hcl - become: true - name: "Verify directory /etc/consul-template.d/vault" ansible.builtin.assert: @@ -60,7 +60,6 @@ src: "{{ item.path }}" loop: "{{ find_etc_consul_template_d_vault_templates.files }}" register: slurp_etc_consul_template_d_vault_templates - become: true - name: "Verify file /etc/consul-template.d/vault/templates/vault_cert.pem.tpl" vars: @@ -109,9 +108,8 @@ ansible.builtin.slurp: src: "/etc/systemd/system/vault-certs.service" register: slurp_etc_systemd_system_vault_certs_service - become: true - - name: "Verify service vault" + - name: "Verify service vault-certs" ansible.builtin.assert: that: - stat_etc_systemd_system_vault_certs_service.stat.exists diff --git a/molecule/with_custom_config/converge.yml b/molecule/with_custom_config/converge.yml index 897496d..a222447 100644 --- a/molecule/with_custom_config/converge.yml +++ b/molecule/with_custom_config/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.renew_vault_certificates" ansible.builtin.include_role: diff --git a/molecule/with_custom_config/prepare.yml b/molecule/with_custom_config/prepare.yml index ae7ccb3..f66ad28 100644 --- a/molecule/with_custom_config/prepare.yml +++ b/molecule/with_custom_config/prepare.yml @@ -1,12 +1,12 @@ --- - name: Prepare hosts: all + become: true tasks: - name: "Create group vault" ansible.builtin.group: name: "vault" state: present - become: true - name: "Create user vault" ansible.builtin.user: @@ -14,4 +14,3 @@ group: "vault" shell: /bin/false state: present - become: true diff --git a/molecule/with_custom_config/verify.yml b/molecule/with_custom_config/verify.yml index 74e12c2..e0d0aaa 100644 --- a/molecule/with_custom_config/verify.yml +++ b/molecule/with_custom_config/verify.yml @@ -2,6 +2,7 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - name: "Test: directory /etc/consul-template.d/vault" block: @@ -19,7 +20,6 @@ ansible.builtin.slurp: src: "/etc/consul-template.d/vault/vault_config.hcl" register: slurp_etc_consul_template_d_vault_vault_config_hcl - become: true - name: "Verify directory /etc/consul-template.d/vault" ansible.builtin.assert: @@ -60,7 +60,6 @@ src: "{{ item.path }}" loop: "{{ find_etc_consul_template_d_vault_templates.files }}" register: slurp_etc_consul_template_d_vault_templates - become: true - name: "Verify file /etc/consul-template.d/vault/templates/vault_cert.pem.tpl" vars: @@ -109,9 +108,8 @@ ansible.builtin.slurp: src: "/etc/systemd/system/vault-certs.service" register: slurp_etc_systemd_system_vault_certs_service - become: true - - name: "Verify service vault" + - name: "Verify service vault-certs" ansible.builtin.assert: that: - stat_etc_systemd_system_vault_certs_service.stat.exists diff --git a/molecule/with_custom_config_vagrant/converge.yml b/molecule/with_custom_config_vagrant/converge.yml index 897496d..a222447 100644 --- a/molecule/with_custom_config_vagrant/converge.yml +++ b/molecule/with_custom_config_vagrant/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.renew_vault_certificates" ansible.builtin.include_role: diff --git a/molecule/with_custom_config_vagrant/prepare.yml b/molecule/with_custom_config_vagrant/prepare.yml index ae7ccb3..9bbf4d6 100644 --- a/molecule/with_custom_config_vagrant/prepare.yml +++ b/molecule/with_custom_config_vagrant/prepare.yml @@ -1,12 +1,12 @@ --- - name: Prepare hosts: all + become: true tasks: - name: "Create group vault" ansible.builtin.group: name: "vault" state: present - become: true - name: "Create user vault" ansible.builtin.user: @@ -14,4 +14,4 @@ group: "vault" shell: /bin/false state: present - become: true + diff --git a/molecule/with_custom_config_vagrant/verify.yml b/molecule/with_custom_config_vagrant/verify.yml index 74e12c2..e0d0aaa 100644 --- a/molecule/with_custom_config_vagrant/verify.yml +++ b/molecule/with_custom_config_vagrant/verify.yml @@ -2,6 +2,7 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - name: "Test: directory /etc/consul-template.d/vault" block: @@ -19,7 +20,6 @@ ansible.builtin.slurp: src: "/etc/consul-template.d/vault/vault_config.hcl" register: slurp_etc_consul_template_d_vault_vault_config_hcl - become: true - name: "Verify directory /etc/consul-template.d/vault" ansible.builtin.assert: @@ -60,7 +60,6 @@ src: "{{ item.path }}" loop: "{{ find_etc_consul_template_d_vault_templates.files }}" register: slurp_etc_consul_template_d_vault_templates - become: true - name: "Verify file /etc/consul-template.d/vault/templates/vault_cert.pem.tpl" vars: @@ -109,9 +108,8 @@ ansible.builtin.slurp: src: "/etc/systemd/system/vault-certs.service" register: slurp_etc_systemd_system_vault_certs_service - become: true - - name: "Verify service vault" + - name: "Verify service vault-certs" ansible.builtin.assert: that: - stat_etc_systemd_system_vault_certs_service.stat.exists diff --git a/tasks/configure.yml b/tasks/configure.yml index 6108dfe..69d61ea 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -1,7 +1,6 @@ --- # task/configure file for renew_vault_certificates - name: "Configure files for vault certificate renewal" - become: true notify: - "systemctl-enable-vault-certs" - "systemctl-restart-vault-certs" @@ -37,6 +36,5 @@ owner: root group: root mode: '0644' - become: true notify: - "systemctl-daemon-reload" diff --git a/tasks/prerequisites.yml b/tasks/prerequisites.yml index b944564..d372865 100644 --- a/tasks/prerequisites.yml +++ b/tasks/prerequisites.yml @@ -7,7 +7,6 @@ owner: "{{ renew_vault_certificates_vault_user }}" group: "{{ renew_vault_certificates_vault_group }}" mode: '0755' - become: true - name: "Create directory templates directory in {{ renew_vault_certificates_config_dir }}" ansible.builtin.file: @@ -16,7 +15,6 @@ owner: "{{ renew_vault_certificates_vault_user }}" group: "{{ renew_vault_certificates_vault_group }}" mode: '0755' - become: true - name: "Ensure certificate/key directory(ies) exist(s)" ansible.builtin.file: @@ -25,7 +23,6 @@ owner: "{{ renew_vault_certificates_vault_user }}" group: "{{ renew_vault_certificates_vault_group }}" mode: '0755' - become: true loop: - "{{ renew_vault_certificates_cert_dest }}" - "{{ renew_vault_certificates_key_dest }}"