diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e580c53a..13feadca 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,7 @@ --- -- repo: https://github.com/ansible/ansible-lint.git - rev: v6.17.2 - hooks: - - id: ansible-lint +repos: + + - repo: https://github.com/ansible/ansible-lint.git + rev: v6.17.2 + hooks: + - id: ansible-lint diff --git a/conda/conda.yml b/conda/conda.yml index 42e6de02..04a7d45f 100644 --- a/conda/conda.yml +++ b/conda/conda.yml @@ -15,29 +15,29 @@ - name: Download Miniconda get_url: - url: https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh - dest: /tmp/miniconda.sh + url: https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh + dest: /tmp/miniconda.sh - name: Install Miniconda command: bash /tmp/miniconda.sh -b -p {{conda_vars.CONDA_DIR}} args: - creates: "{{conda_vars.CONDA_DIR}}/bin/conda" + creates: "{{conda_vars.CONDA_DIR}}/bin/conda" - name: Add Miniconda to PATH lineinfile: - path: /etc/profile - line: 'export PATH={{conda_vars.CONDA_DIR}}/bin:$PATH' + path: /etc/profile + line: 'export PATH={{conda_vars.CONDA_DIR}}/bin:$PATH' become: true become_user: root - name: Install conda-env role include_role: - name: andrewrothstein.conda-env + name: andrewrothstein.conda-env vars: - conda_env_conda_dir: "{{conda_vars.CONDA_DIR}}" - conda_env_name: "{{ conda_vars.ENV_NAME| quote }}" - conda_env_environment: conda_env.yml - conda_env_activate_for_login_shell: true + conda_env_conda_dir: "{{conda_vars.CONDA_DIR}}" + conda_env_name: "{{ conda_vars.ENV_NAME| quote }}" + conda_env_environment: conda_env.yml + conda_env_activate_for_login_shell: true - name: Adjust miniconda folder rights become: true @@ -47,38 +47,38 @@ become_user: "{{conda_vars.default_user}}" shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels bioconda''' args: - executable: /bin/bash + executable: /bin/bash - name: Add conda-forge channel become_user: "{{conda_vars.default_user}}" shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels conda-forge''' args: - executable: /bin/bash + executable: /bin/bash - name: Add anaconda channel become_user: "{{conda_vars.default_user}}" shell: 'timeout 1m bash -c ''source {{conda_vars.CONDA_DIR}}/bin/activate && conda config --add channels anaconda''' args: - executable: /bin/bash + executable: /bin/bash - name: Init .bashrc for conda become_user: "{{conda_vars.default_user}}" shell: 'timeout 1m bash -c ''source {{ conda_vars.CONDA_DIR}}/bin/activate && conda init''' args: - executable: /bin/bash + executable: /bin/bash - name: Create alias for environment become_user: "{{conda_vars.default_user}}" lineinfile: - path: "/home/{{conda_vars.default_user}}/.bashrc" - line: "alias {{conda_vars.ENV_NAME|quote}}='conda activate {{conda_vars.ENV_NAME|quote}}'" + path: "/home/{{conda_vars.default_user}}/.bashrc" + line: "alias {{conda_vars.ENV_NAME|quote}}='conda activate {{conda_vars.ENV_NAME|quote}}'" - name: Check for installed packages become_user: "{{conda_vars.default_user}}" shell: 'source {{conda_vars.CONDA_DIR}}/bin/activate && conda activate {{conda_vars.ENV_NAME|quote}} && conda list' register: added_packages args: - executable: /bin/bash + executable: /bin/bash - name: Install chosen packages become_user: "{{conda_vars.default_user}}" @@ -87,6 +87,6 @@ conda activate {{conda_vars.ENV_NAME|quote}} && conda install --yes {{item.key}}={{item.value.version}} args: - executable: /bin/bash + executable: /bin/bash loop: "{{ q('dict', conda_vars.packages) }}" when: added_packages.stdout.find(item.key) == -1 diff --git a/generic/generic_post_tasks.yml b/generic/generic_post_tasks.yml new file mode 100644 index 00000000..973affa5 --- /dev/null +++ b/generic/generic_post_tasks.yml @@ -0,0 +1,15 @@ +--- +- name: POST_TASK enable unattended upgrades + ansible.builtin.lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: ^APT::Periodic::Unattended-Upgrade + line: APT::Periodic::Unattended-Upgrade "1"; + create: true +- name: POST_TASK Start apt-daily.* systemd services + ansible.builtin.service: + name: "{{ item }}" + state: started + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer diff --git a/generic/generic_pre_tasks.yml b/generic/generic_pre_tasks.yml new file mode 100644 index 00000000..dd62de7f --- /dev/null +++ b/generic/generic_pre_tasks.yml @@ -0,0 +1,47 @@ +--- +- name: Populate service facts + ansible.builtin.service_facts: +- name: Wait till Apt_Mirror de.NBI Bielefeld Service is done + ansible.builtin.service_facts: + until: services['de.NBI_Bielefeld_environment.service'].state == 'stopped' + retries: 35 + delay: 10 + when: services['de.NBI_Bielefeld_environment.service'] is defined + +- name: PRE_TASK Disable unattended upgrades + ansible.builtin.lineinfile: + path: /etc/apt/apt.conf.d/10periodic + regexp: ^APT::Periodic::Unattended-Upgrade + line: APT::Periodic::Unattended-Upgrade "0"; + create: true +- name: PRE_TASK Stop apt-daily.* systemd services + ansible.builtin.service: + name: "{{ item }}" + state: stopped + with_items: + - unattended-upgrades + - apt-daily + - apt-daily.timer + - apt-daily-upgrade + - apt-daily-upgrade.timer + +- name: PRE_TASK Wait for automatic system updates 1 + ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; + changed_when: false + +- name: PRE_TASK Wait for automatic system updates 2 + ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done; + changed_when: false + +- name: PRE_TASK Update apt cache + become: true + ansible.builtin.apt: + upgrade: true + update_cache: true + autoremove: true + autoclean: true + +- name: Pip + ansible.builtin.apt: + name: python3-pip + state: latest diff --git a/guacamole/guacamole.yml b/guacamole/guacamole.yml index 14f00809..6229155c 100644 --- a/guacamole/guacamole.yml +++ b/guacamole/guacamole.yml @@ -15,7 +15,7 @@ - name: Install guacamole role ansible.builtin.include_role: - name: guacamole + name: guacamole when: not guacamole_vars.create_only_backend - name: Flush guacamole handlers @@ -25,29 +25,29 @@ - name: Setup password for default ubuntu user - standard become: true ansible.builtin.user: - name: "{{ guacamole_vars.default_user }}" - password: "{{ guacamole_vars.default_password | password_hash('sha512') }}" - update_password: always - password_lock: false + name: "{{ guacamole_vars.default_user }}" + password: "{{ guacamole_vars.default_password | password_hash('sha512') }}" + update_password: always + password_lock: false - name: Restart xrdp ansible.builtin.systemd: - name: xrdp - enabled: true - state: restarted + name: xrdp + enabled: true + state: restarted - name: Restart guacd ansible.builtin.systemd: - name: guacd - enabled: true - state: restarted + name: guacd + enabled: true + state: restarted - name: Restart Tomcat ansible.builtin.systemd: - name: tomcat9 - enabled: true - state: restarted + name: tomcat9 + enabled: true + state: restarted - name: Reload systemd ansible.builtin.systemd: - daemon_reload: true + daemon_reload: true diff --git a/guacamole/roles/guacamole/tasks/010-guacamole.yml b/guacamole/roles/guacamole/tasks/010-guacamole.yml index 948ea17a..c53c93bb 100644 --- a/guacamole/roles/guacamole/tasks/010-guacamole.yml +++ b/guacamole/roles/guacamole/tasks/010-guacamole.yml @@ -1,6 +1,6 @@ --- - name: Add Jammy repository for ubuntu 24 - apt_repository: + ansible.builtin.apt_repository: repo: "deb http://archive.ubuntu.com/ubuntu/ jammy main universe" state: present - name: Install needed libraries and tools diff --git a/packer/packer_resenvs.yml b/packer/packer_resenvs.yml index 9a7cfdfa..b49410e0 100644 --- a/packer/packer_resenvs.yml +++ b/packer/packer_resenvs.yml @@ -8,58 +8,8 @@ bielefeld_mirror_service_exist: false resenv: guacamole pre_tasks: - - name: PRE_TASK Wait for cloud-init / user-data to finish - ansible.builtin.command: cloud-init status --wait - changed_when: false - - - name: Populate service facts - ansible.builtin.service_facts: - - name: Wait till Apt_Mirror de.NBI Bielefeld Service is done - ansible.builtin.service_facts: - until: services['de.NBI_Bielefeld_environment.service'].state == 'stopped' - retries: 35 - delay: 10 - when: services['de.NBI_Bielefeld_environment.service'] is defined - - - name: PRE_TASK Disable unattended upgrades - ansible.builtin.lineinfile: - path: /etc/apt/apt.conf.d/10periodic - regexp: ^APT::Periodic::Unattended-Upgrade - line: APT::Periodic::Unattended-Upgrade "0"; - create: true - - name: PRE_TASK Stop apt-daily.* systemd services - ansible.builtin.service: - name: "{{ item }}" - state: stopped - with_items: - - unattended-upgrades - - apt-daily - - apt-daily.timer - - apt-daily-upgrade - - apt-daily-upgrade.timer - - - name: PRE_TASK Wait for automatic system updates 1 - ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 1; done; - changed_when: false - - - name: PRE_TASK Wait for automatic system updates 2 - ansible.builtin.shell: while sudo fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done; - changed_when: false - - - name: PRE_TASK Update apt cache - become: true - ansible.builtin.apt: - upgrade: true - update_cache: true - autoremove: true - autoclean: true - - - - name: Pip - ansible.builtin.apt: - name: python3-pip - state: latest - + - name: Generic PRE Tasks + ansible.builtin.import_tasks: ../generic/generic_pre_tasks.yml tasks: - name: Include {{ resenv }} variables @@ -70,17 +20,5 @@ ansible.builtin.import_tasks: ../{{ resenv }}/{{ resenv }}.yml post_tasks: - - name: POST_TASK enable unattended upgrades - ansible.builtin.lineinfile: - path: /etc/apt/apt.conf.d/10periodic - regexp: ^APT::Periodic::Unattended-Upgrade - line: APT::Periodic::Unattended-Upgrade "1"; - create: true - - name: POST_TASK Start apt-daily.* systemd services - ansible.builtin.service: - name: "{{ item }}" - state: started - with_items: - - unattended-upgrades - - apt-daily - - apt-daily.timer + - name: Generic POST Tasks + ansible.builtin.import_tasks: ../generic/generic_post_tasks.yml diff --git a/rstudio/rstudio.yml b/rstudio/rstudio.yml index 4510ea74..0f08e865 100644 --- a/rstudio/rstudio.yml +++ b/rstudio/rstudio.yml @@ -16,53 +16,53 @@ - name: Setup password for default user become: true ansible.builtin.user: - name: "{{ rstudio_vars.default_user }}" - password: "{{ rstudio_vars.default_password | password_hash('sha512') }}" - update_password: always - password_lock: false + name: "{{ rstudio_vars.default_user }}" + password: "{{ rstudio_vars.default_password | password_hash('sha512') }}" + update_password: always + password_lock: false - name: Install R role include_role: - name: oefenweb.latest_r + name: oefenweb.latest_r when: not rstudio_vars.create_only_backend - name: Install rstudio-server role include_role: - name: oefenweb.rstudio_server + name: oefenweb.rstudio_server vars: - rstudio_install: [ r-base ] - rstudio_server_version: "{{ rstudio_vars.RSTUDIO_VERSION | replace('v', '') | replace('+', '-') }}" + rstudio_install: [r-base] + rstudio_server_version: "{{ rstudio_vars.RSTUDIO_VERSION | replace('v', '') | replace('+', '-') }}" when: not rstudio_vars.create_only_backend - name: Install essential system packages ansible.builtin.apt: - name: - - build-essential - - libcurl4-openssl-dev - - libssl-dev - - zlib1g-dev - - libpng-dev - - libjpeg-dev - - libtiff-dev - - libfreetype6-dev - - libfontconfig1-dev - - libmysqlclient-dev - - libsqlite3-dev - - libpq-dev - - libfribidi-dev - - libharfbuzz-dev - - libxml2-dev - - cmake - state: present - become: yes + name: + - build-essential + - libcurl4-openssl-dev + - libssl-dev + - zlib1g-dev + - libpng-dev + - libjpeg-dev + - libtiff-dev + - libfreetype6-dev + - libfontconfig1-dev + - libmysqlclient-dev + - libsqlite3-dev + - libpq-dev + - libfribidi-dev + - libharfbuzz-dev + - libxml2-dev + - cmake + state: present + become: true - name: Copy session file if also installing rstudio ansible.builtin.copy: - content: session-timeout-minutes=180 - dest: "{{ rstudio_vars.RSESSION_FILE_PATH }}" - mode: "0644" - owner: root - group: root + content: session-timeout-minutes=180 + dest: "{{ rstudio_vars.RSESSION_FILE_PATH }}" + mode: "0644" + owner: root + group: root when: not rstudio_vars.create_only_backend - name: Flush rstudio handlers diff --git a/vscode/docker.yml b/vscode/docker.yml index b3f968c6..43a83136 100644 --- a/vscode/docker.yml +++ b/vscode/docker.yml @@ -1,8 +1,8 @@ --- - name: Update apt package index apt: - update_cache: yes - force_apt_get: yes + update_cache: true + force_apt_get: true - name: Install required packages for apt to use a repository over HTTPS apt: @@ -27,8 +27,8 @@ - name: Update the apt package index again apt: - update_cache: yes - force_apt_get: yes + update_cache: true + force_apt_get: true - name: Install Docker apt: @@ -42,11 +42,11 @@ - name: Ensure Docker service is running systemd: name: docker - enabled: yes + enabled: true state: started - name: Add the user to the docker group (optional) user: name: "{{ ansible_user }}" groups: docker - append: yes \ No newline at end of file + append: true diff --git a/vscode/vscode.yml b/vscode/vscode.yml index 73a43fb1..bf4d9197 100644 --- a/vscode/vscode.yml +++ b/vscode/vscode.yml @@ -3,13 +3,13 @@ become: true lineinfile: path: /etc/pip.conf - create: yes + create: true state: present line: | [global] break-system-packages = true insertafter: EOF - + - name: Download Code Server Install Script ansible.builtin.get_url: url: "{{ vscode_vars.INSTALL_SCRIPT_URL }}"