diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 00000000..28070644 --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1,484 @@ +# This file contains ignores rule violations for ansible-lint + +roles/assemble_template/defaults/main.yml var-naming[no-role-prefix] +roles/assemble_template/tasks/main.yml risky-file-permissions + +# Scheduled for removal +roles/cloudera_manager/admin_password/check/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/admin_password/check/tasks/main.yml name[missing] +roles/cloudera_manager/agent/meta/main.yml role-name[path] +roles/cloudera_manager/agent/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/agent/tasks/main.yml package-latest +roles/cloudera_manager/agent_config/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/api_client/handlers/main.yml name[casing] +roles/cloudera_manager/api_client/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/api_client/tasks/main.yml name[missing] +roles/cloudera_manager/api_hosts/meta/main.yml role-name[path] +roles/cloudera_manager/api_hosts/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/autotls/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/autotls/defaults/main.yml var-naming[pattern] +roles/cloudera_manager/autotls/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/autotls/tasks/main.yml ignore-errors +roles/cloudera_manager/autotls/tasks/main.yml jinja[spacing] +roles/cloudera_manager/autotls/tasks/main.yml name[missing] +roles/cloudera_manager/autotls/tasks/patch_old_cm.yml command-instead-of-shell +roles/cloudera_manager/autotls/tasks/patch_old_cm.yml fqcn[action-core] +roles/cloudera_manager/autotls/tasks/patch_old_cm.yml jinja[spacing] +roles/cloudera_manager/autotls/tasks/patch_old_cm.yml no-changed-when +roles/cloudera_manager/common/handlers/main.yml fqcn[action-core] +roles/cloudera_manager/common/handlers/main.yml name[casing] +roles/cloudera_manager/config/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/config/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/config/tasks/main.yml jinja[spacing] +roles/cloudera_manager/csds/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/database/defaults/main.yml yaml[line-length] +roles/cloudera_manager/database/handlers/main.yml fqcn[action-core] +roles/cloudera_manager/database/handlers/main.yml name[casing] +roles/cloudera_manager/database/meta/main.yml role-name[path] +roles/cloudera_manager/database/tasks/external.yml fqcn[action-core] +roles/cloudera_manager/database/tasks/external.yml fqcn[action] +roles/cloudera_manager/database/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/external_auth/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/external_auth/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/external_auth/tasks/main.yml key-order[task] +roles/cloudera_manager/external_auth/tasks/main.yml name[missing] +roles/cloudera_manager/external_auth/vars/freeipa.yml var-naming[no-role-prefix] +roles/cloudera_manager/external_auth/vars/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/hosts_config/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/kerberos/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/license/tasks/enterprise.yml command-instead-of-module +roles/cloudera_manager/license/tasks/enterprise.yml jinja[spacing] +roles/cloudera_manager/license/tasks/enterprise.yml no-changed-when +roles/cloudera_manager/license/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/license/tasks/trial.yml ignore-errors +roles/cloudera_manager/preload_parcels/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/preload_parcels/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/preload_parcels/tasks/main.yml risky-file-permissions +roles/cloudera_manager/repo/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/repo/tasks/main-Debian.yml fqcn[action-core] +roles/cloudera_manager/repo/tasks/main-Debian.yml jinja[spacing] +roles/cloudera_manager/repo/tasks/main-Debian.yml yaml[line-length] +roles/cloudera_manager/repo/tasks/main-RedHat.yml jinja[spacing] +roles/cloudera_manager/repo/tasks/main-RedHat.yml name[casing] +roles/cloudera_manager/repo/tasks/main-RedHat.yml no-changed-when +roles/cloudera_manager/repo/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/repo/tasks/main.yml jinja[spacing] +roles/cloudera_manager/repo/tasks/main.yml yaml[line-length] +roles/cloudera_manager/repo/vars/Debian.yml jinja[spacing] +roles/cloudera_manager/repo/vars/Debian.yml yaml[line-length] +roles/cloudera_manager/repo/vars/RedHat.yml jinja[spacing] +roles/cloudera_manager/repo/vars/RedHat.yml yaml[line-length] +roles/cloudera_manager/server/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/server/tasks/main.yml package-latest +roles/cloudera_manager/server_tls/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/server_tls/tasks/main.yml name[missing] +roles/cloudera_manager/server_tls/tasks/main.yml yaml[line-length] +roles/cloudera_manager/services_info/defaults/main.yml var-naming[no-role-prefix] +roles/cloudera_manager/services_info/tasks/main.yml fqcn[action-core] +roles/cloudera_manager/services_info/tasks/main.yml jinja[invalid] +roles/cloudera_manager/services_info/tasks/main.yml name[missing] +roles/cloudera_manager/services_info/tasks/main.yml var-naming[no-reserved] +roles/cloudera_manager/services_info/tasks/main.yml yaml[line-length] +roles/cloudera_manager/wait_for_heartbeat/tasks/main.yml fqcn[action-core] +roles/config/cluster/base/tasks/main.yml fqcn[action-core] +roles/config/cluster/base/tasks/main.yml name[missing] +roles/config/cluster/base/vars/main.yml jinja[spacing] +roles/config/cluster/base/vars/main.yml var-naming[no-role-prefix] +roles/config/cluster/base/vars/main.yml yaml[line-length] +roles/config/cluster/common/defaults/main.yml var-naming[no-role-prefix] +roles/config/cluster/ecs/tasks/main.yml fqcn[action-core] +roles/config/cluster/ecs/tasks/main.yml name[missing] +roles/config/cluster/ecs/vars/main.yml var-naming[no-role-prefix] +roles/config/cluster/kts/tasks/main.yml fqcn[action-core] +roles/config/cluster/kts/vars/main.yml var-naming[no-role-prefix] +roles/config/services/hue_ticket_lifetime/tasks/main.yml fqcn[action-core] +roles/config/services/hue_ticket_lifetime/tasks/main.yml ignore-errors +roles/config/services/hue_ticket_lifetime/tasks/main.yml no-changed-when +roles/config/services/hue_ticket_lifetime/tasks/main.yml yaml[line-length] +roles/config/services/kms/tasks/main.yml fqcn[action-core] +roles/config/services/kms/vars/main.yml var-naming[no-role-prefix] +roles/config/services/kms_tls/tasks/main.yml fqcn[action-core] +roles/config/services/kms_tls/tasks/main.yml ignore-errors +roles/config/services/kms_tls/tasks/main.yml jinja[invalid] +roles/config/services/kms_tls/tasks/main.yml jinja[spacing] +roles/config/services/kms_tls/tasks/main.yml yaml[line-length] +roles/config/services/mgmt/tasks/main.yml fqcn[action-core] +roles/config/services/mgmt/tasks/main.yml name[missing] +roles/config/services/mgmt/vars/main.yml jinja[spacing] +roles/config/services/mgmt/vars/main.yml var-naming[no-role-prefix] +roles/config/services/oozie_ui/tasks/main.yml command-instead-of-module +roles/config/services/oozie_ui/tasks/main.yml command-instead-of-shell +roles/config/services/oozie_ui/tasks/main.yml fqcn[action-core] +roles/config/services/oozie_ui/tasks/main.yml ignore-errors +roles/config/services/oozie_ui/tasks/main.yml no-changed-when +roles/config/services/oozie_ui/tasks/main.yml package-latest +roles/config/services/oozie_ui/tasks/main.yml risky-file-permissions +roles/config/services/ranger_pvc_default_policies/tasks/main.yml fqcn[action-core] +roles/config/services/ranger_pvc_default_policies/tasks/main.yml jinja[spacing] +roles/config/services/ranger_pvc_default_policies/tasks/main.yml schema[moves] +roles/config/services/solr_knox/tasks/add_solr_knox_host.yml fqcn[action-core] +roles/config/services/solr_knox/tasks/add_solr_knox_host.yml jinja[spacing] +roles/config/services/solr_knox/tasks/add_solr_knox_host.yml name[missing] +roles/config/services/solr_knox/tasks/add_solr_knox_host.yml yaml[line-length] +roles/config/services/solr_knox/tasks/main.yml fqcn[action-core] +roles/config/services/solr_knox/tasks/main.yml name[casing] +roles/config/services/solr_ranger_plugin/tasks/main.yml fqcn[action-core] +roles/config/services/solr_ranger_plugin/tasks/main.yml jinja[spacing] +roles/config/services/solr_ranger_plugin/tasks/main.yml no-handler +roles/deployment/cluster/tasks/create_base.yml fqcn[action-core] +roles/deployment/cluster/tasks/create_base.yml jinja[spacing] +roles/deployment/cluster/tasks/create_base.yml role-name[path] +roles/deployment/cluster/tasks/create_base.yml yaml[comments] +roles/deployment/cluster/tasks/create_ecs.yml fqcn[action-core] +roles/deployment/cluster/tasks/create_ecs.yml jinja[invalid] +roles/deployment/cluster/tasks/create_ecs.yml jinja[spacing] +roles/deployment/cluster/tasks/create_ecs.yml name[missing] +roles/deployment/cluster/tasks/create_ecs.yml yaml[line-length] +roles/deployment/cluster/tasks/create_kts.yml fqcn[action-core] +roles/deployment/cluster/tasks/create_kts.yml jinja[invalid] +roles/deployment/cluster/tasks/create_kts.yml jinja[spacing] +roles/deployment/cluster/tasks/create_kts.yml key-order[task] +roles/deployment/cluster/tasks/create_kts.yml name[missing] +roles/deployment/cluster/tasks/create_kts.yml risky-file-permissions +roles/deployment/cluster/tasks/create_kts.yml yaml[comments] +roles/deployment/cluster/tasks/fs2cs.yml fqcn[action-core] +roles/deployment/cluster/tasks/fs2cs.yml jinja[invalid] +roles/deployment/cluster/tasks/fs2cs.yml jinja[spacing] +roles/deployment/cluster/tasks/fs2cs.yml name[missing] +roles/deployment/cluster/tasks/fs2cs.yml yaml[line-length] +roles/deployment/cluster/tasks/main.yml fqcn[action-core] +roles/deployment/cluster/tasks/main.yml jinja[invalid] +roles/deployment/cluster/tasks/main.yml name[missing] +roles/deployment/cluster/tasks/nav2atlas.yml fqcn[action-core] +roles/deployment/cluster/tasks/nav2atlas.yml jinja[invalid] +roles/deployment/cluster/tasks/nav2atlas.yml jinja[spacing] +roles/deployment/cluster/tasks/nav2atlas.yml name[missing] +roles/deployment/cluster/tasks/nav2atlas.yml yaml[line-length] +roles/deployment/cluster/tasks/update_base.yml fqcn[action-core] +roles/deployment/cluster/tasks/update_base.yml jinja[invalid] +roles/deployment/cluster/tasks/update_base.yml jinja[spacing] +roles/deployment/cluster/tasks/update_base.yml name[missing] +roles/deployment/cluster/tasks/update_base.yml role-name[path] +roles/deployment/cluster/tasks/update_base.yml var-naming[no-role-prefix] +roles/deployment/cluster/tasks/update_base.yml yaml[line-length] +roles/deployment/cluster/tasks/upgrade_kts.yml fqcn[action-core] +roles/deployment/cluster/tasks/upgrade_kts.yml jinja[invalid] +roles/deployment/cluster/tasks/upgrade_kts.yml jinja[spacing] +roles/deployment/cluster/tasks/upgrade_kts.yml key-order[task] +roles/deployment/cluster/tasks/upgrade_kts.yml name[missing] +roles/deployment/cluster/tasks/upgrade_kts.yml role-name[path] +roles/deployment/cluster/tasks/upgrade_kts.yml yaml[line-length] +roles/deployment/credential/tasks/main.yml fqcn[action-core] +roles/deployment/credential/tasks/main.yml jinja[spacing] +roles/deployment/credential/tasks/main.yml no-changed-when +roles/deployment/credential/tasks/main.yml risky-shell-pipe +roles/deployment/databases/tasks/main.yml fqcn[action-core] +roles/deployment/databases/tasks/mariadb.yml fqcn[action] +roles/deployment/databases/tasks/mysql.yml fqcn[action] +roles/deployment/databases/tasks/postgresql.yml fqcn[action] +roles/deployment/definition/defaults/main.yml var-naming[no-role-prefix] +roles/deployment/definition/defaults/main.yml yaml[comments] +roles/deployment/definition/tasks/main.yml jinja[invalid] +roles/deployment/groupby/tasks/main.yml fqcn[action-core] +roles/deployment/groupby/tasks/main.yml jinja[invalid] +roles/deployment/groupby/tasks/main.yml key-order[task] +roles/deployment/groupby/tasks/main.yml name[missing] +roles/deployment/groupby/tasks/main.yml var-naming[no-reserved] +roles/deployment/repometa/defaults/main.yml var-naming[no-role-prefix] +roles/deployment/repometa/tasks/main.yml fqcn[action-core] +roles/deployment/repometa/tasks/parcels.yml fqcn[action-core] +roles/deployment/repometa/tasks/parcels.yml jinja[spacing] +roles/deployment/repometa/tasks/parcels.yml name[missing] +roles/deployment/services/kms/tasks/create_kms.yml fqcn[action-core] +roles/deployment/services/kms/tasks/create_kms.yml jinja[invalid] +roles/deployment/services/kms/tasks/create_kms.yml name[missing] +roles/deployment/services/kms/tasks/create_kms.yml var-naming[no-reserved] +roles/deployment/services/kms/tasks/main.yml fqcn[action-core] +roles/deployment/services/kms/tasks/main.yml no-changed-when +roles/deployment/services/kms_ha/defaults/main.yml var-naming[no-role-prefix] +roles/deployment/services/kms_ha/tasks/main.yml fqcn[action-core] +roles/deployment/services/kts_common/defaults/main.yml var-naming[no-role-prefix] +roles/deployment/services/kts_high_availability/tasks/main.yml command-instead-of-shell +roles/deployment/services/kts_high_availability/tasks/main.yml fqcn[action-core] +roles/deployment/services/kts_high_availability/tasks/main.yml jinja[invalid] +roles/deployment/services/kts_high_availability/tasks/main.yml no-changed-when +roles/deployment/services/kts_high_availability/tasks/main.yml risky-shell-pipe +roles/deployment/services/mgmt/tasks/main.yml fqcn[action-core] +roles/deployment/services/wxm/defaults/main.yml var-naming[no-role-prefix] +roles/deployment/services/wxm/tasks/configure_telemetry.yml fqcn[action-core] +roles/deployment/services/wxm/tasks/configure_telemetry.yml ignore-errors +roles/deployment/services/wxm/tasks/configure_telemetry.yml jinja[invalid] +roles/deployment/services/wxm/tasks/configure_telemetry.yml name[missing] +roles/deployment/services/wxm/tasks/configure_telemetry.yml var-naming[no-reserved] +roles/deployment/services/wxm/tasks/main.yml fqcn[action-core] +roles/deployment/services/wxm/tasks/main.yml name[missing] +roles/deployment/services/wxm/tasks/truststore_to_base.yml fqcn[action-core] +roles/deployment/services/wxm/tasks/truststore_to_base.yml ignore-errors +roles/deployment/services/wxm/tasks/truststore_to_base.yml no-changed-when +roles/deployment/services/wxm/tasks/truststore_to_base.yml yaml[line-length] +roles/infrastructure/ca_common/defaults/main.yml var-naming[no-role-prefix] +roles/infrastructure/ca_server/molecule/default/converge.yml fqcn[action-core] +roles/infrastructure/ca_server/molecule/default/verify.yml command-instead-of-shell +roles/infrastructure/ca_server/molecule/default/verify.yml fqcn[action-core] +roles/infrastructure/ca_server/molecule/default/verify.yml no-changed-when +roles/infrastructure/ca_server/tasks/create_ca.yml fqcn[action-core] +roles/infrastructure/ca_server/tasks/create_ca.yml fqcn[action] +roles/infrastructure/ca_server/tasks/create_ca.yml name[missing] +roles/infrastructure/ca_server/tasks/main.yml fqcn[action-core] +roles/infrastructure/ca_server/tasks/main.yml name[missing] +roles/infrastructure/ca_server/vars/Debian.yml var-naming[no-role-prefix] +roles/infrastructure/ca_server/vars/RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/custom_repo/defaults/main.yml var-naming[no-role-prefix] +roles/infrastructure/custom_repo/tasks/install_parcels.yml fqcn[action-core] +roles/infrastructure/custom_repo/tasks/install_parcels.yml jinja[spacing] +roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml fqcn[action-core] +roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml jinja[spacing] +roles/infrastructure/custom_repo/tasks/main.yml fqcn[action-core] +roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml fqcn[action-core] +roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml risky-file-permissions +roles/infrastructure/custom_repo/vars/Debian.yml var-naming[no-role-prefix] +roles/infrastructure/custom_repo/vars/RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/haproxy/tasks/main.yml fqcn[action-core] +roles/infrastructure/haproxy/tasks/main.yml package-latest +roles/infrastructure/krb5_client/defaults/main.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_client/handlers/main.yml fqcn[action-core] +roles/infrastructure/krb5_client/handlers/main.yml name[casing] +roles/infrastructure/krb5_client/tasks/freeipa.yml fqcn[action-core] +roles/infrastructure/krb5_client/tasks/freeipa.yml literal-compare +roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml fqcn[action-core] +roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml ignore-errors +roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml name[missing] +roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml no-changed-when +roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml risky-file-permissions +roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml fqcn[action-core] +roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml ignore-errors +roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml name[casing] +roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml no-handler +roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml risky-file-permissions +roles/infrastructure/krb5_client/tasks/mit.yml fqcn[action-core] +roles/infrastructure/krb5_client/tasks/pvc_configs.yml fqcn[action-core] +roles/infrastructure/krb5_client/tasks/pvc_configs.yml ignore-errors +roles/infrastructure/krb5_client/vars/Debian.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_client/vars/RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_client/vars/Suse.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_common/defaults/main.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_conf/tasks/mit.yml fqcn[action-core] +roles/infrastructure/krb5_conf/tasks/mit.yml risky-file-permissions +roles/infrastructure/krb5_server/defaults/main.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml fqcn[action-core] +roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml ignore-errors +roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml name[casing] +roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml package-latest +roles/infrastructure/krb5_server/tasks/freeipa.yml fqcn[action-core] +roles/infrastructure/krb5_server/tasks/freeipa.yml fqcn[action] +roles/infrastructure/krb5_server/tasks/freeipa.yml ignore-errors +roles/infrastructure/krb5_server/tasks/freeipa.yml name[missing] +roles/infrastructure/krb5_server/tasks/mit.yml fqcn[action-core] +roles/infrastructure/krb5_server/tasks/mit.yml no-changed-when +roles/infrastructure/krb5_server/tasks/mit.yml risky-file-permissions +roles/infrastructure/krb5_server/vars/Debian.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/RedHat-7.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/RedHat-8.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/Suse.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/Ubuntu.yml var-naming[no-role-prefix] +roles/infrastructure/krb5_server/vars/default.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/handlers/main.yml name[casing] +roles/infrastructure/rdbms/handlers/main.yml no-changed-when +roles/infrastructure/rdbms/tasks/main.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/mariadb-Debian.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/mariadb-RedHat.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/mysql-RedHat.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/mysql-RedHat.yml jinja[spacing] +roles/infrastructure/rdbms/tasks/postgresql-Debian.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/postgresql-Debian.yml package-latest +roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml name[casing] +roles/infrastructure/rdbms/tasks/template_fix.yml fqcn[action-core] +roles/infrastructure/rdbms/tasks/template_fix.yml no-changed-when +roles/infrastructure/rdbms/vars/mariadb-Debian.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/mariadb.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/mysql-RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/mysql.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/postgresql-Debian.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/postgresql-RedHat.yml jinja[spacing] +roles/infrastructure/rdbms/vars/postgresql-RedHat.yml var-naming[no-role-prefix] +roles/infrastructure/rdbms/vars/postgresql.yml var-naming[no-role-prefix] +roles/operations/delete_cluster/meta/main.yml role-name[path] +roles/operations/delete_cluster/tasks/main.yml fqcn[action-core] +roles/operations/delete_cluster/tasks/main.yml jinja[invalid] +roles/operations/delete_cluster/tasks/main.yml jinja[spacing] +roles/operations/delete_cluster/tasks/main.yml key-order[task] +roles/operations/delete_cluster/tasks/main.yml name[missing] +roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml fqcn[action-core] +roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml jinja[invalid] +roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml jinja[spacing] +roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml name[missing] +roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml var-naming[no-reserved] +roles/operations/refresh_ranger_kms_repo/tasks/main.yml fqcn[action-core] +roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml fqcn[action-core] +roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml jinja[invalid] +roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml name[missing] +roles/operations/restart_cluster_services/tasks/main.yml fqcn[action-core] +roles/operations/restart_cluster_services/tasks/service_restart.yml fqcn[action-core] +roles/operations/restart_cluster_services/tasks/service_restart.yml jinja[invalid] +roles/operations/restart_cluster_services/tasks/service_restart.yml var-naming[no-reserved] +roles/operations/restart_stale/tasks/main.yml fqcn[action-core] +roles/operations/restart_stale/tasks/restart.yml fqcn[action-core] +roles/operations/restart_stale/tasks/restart.yml jinja[invalid] +roles/operations/restart_stale/tasks/restart.yml name[missing] +roles/operations/stop_cluster/meta/main.yml role-name[path] +roles/prereqs/jdk/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/jdk/tasks/main.yml fqcn[action-core] +roles/prereqs/jdk/tasks/main.yml fqcn[action] +roles/prereqs/jdk/tasks/main.yml jinja[spacing] +roles/prereqs/jdk/tasks/main.yml name[missing] +roles/prereqs/jdk/tasks/main.yml no-changed-when +roles/prereqs/jdk/tasks/main.yml risky-shell-pipe +roles/prereqs/jdk/vars/Debian.yml var-naming[no-role-prefix] +roles/prereqs/jdk/vars/RedHat.yml var-naming[no-role-prefix] +roles/prereqs/jdk/vars/Suse.yml var-naming[no-role-prefix] +roles/prereqs/kerberos/tasks/main.yml fqcn[action-core] +roles/prereqs/kerberos/vars/Debian.yml var-naming[no-role-prefix] +roles/prereqs/kerberos/vars/RedHat.yml var-naming[no-role-prefix] +roles/prereqs/kerberos/vars/Suse.yml var-naming[no-role-prefix] +roles/prereqs/license/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/license/tasks/main.yml fqcn[action-core] +roles/prereqs/local_accounts_common/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/mysql_connector/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/mysql_connector/tasks/main.yml command-instead-of-shell +roles/prereqs/mysql_connector/tasks/main.yml fqcn[action-core] +roles/prereqs/mysql_connector/tasks/main.yml ignore-errors +roles/prereqs/mysql_connector/tasks/main.yml no-changed-when +roles/prereqs/mysql_connector/tasks/main.yml risky-file-permissions +roles/prereqs/oracle_connector/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/oracle_connector/tasks/main.yml fqcn[action-core] +roles/prereqs/oracle_connector/tasks/main.yml fqcn[action] +roles/prereqs/oracle_connector/tasks/main.yml key-order[task] +roles/prereqs/os/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/os/handlers/main.yml fqcn[action-core] +roles/prereqs/os/handlers/main.yml name[casing] +roles/prereqs/os/tasks/main-Debian.yml fqcn[action-core] +roles/prereqs/os/tasks/main-Debian.yml fqcn[action] +roles/prereqs/os/tasks/main-Debian.yml jinja[spacing] +roles/prereqs/os/tasks/main-Debian.yml name[missing] +roles/prereqs/os/tasks/main-Debian.yml package-latest +roles/prereqs/os/tasks/main-RedHat.yml command-instead-of-shell +roles/prereqs/os/tasks/main-RedHat.yml fqcn[action-core] +roles/prereqs/os/tasks/main-RedHat.yml fqcn[action] +roles/prereqs/os/tasks/main-RedHat.yml ignore-errors +roles/prereqs/os/tasks/main-RedHat.yml name[casing] +roles/prereqs/os/tasks/main-RedHat.yml no-changed-when +roles/prereqs/os/tasks/main.yml fqcn[action-core] +roles/prereqs/os/tasks/main.yml fqcn[action] +roles/prereqs/os/tasks/main.yml name[casing] +roles/prereqs/os/tasks/main.yml name[template] +roles/prereqs/os/tasks/rngd.yml fqcn[action-core] +roles/prereqs/os/vars/Debian.yml var-naming[no-role-prefix] +roles/prereqs/os/vars/RedHat.yml var-naming[no-role-prefix] +roles/prereqs/os/vars/Suse.yml var-naming[no-role-prefix] +roles/prereqs/postgresql_connector/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/postgresql_connector/tasks/main.yml command-instead-of-shell +roles/prereqs/postgresql_connector/tasks/main.yml fqcn[action-core] +roles/prereqs/postgresql_connector/tasks/main.yml literal-compare +roles/prereqs/postgresql_connector/tasks/main.yml no-changed-when +roles/prereqs/pvc_ecs/tasks/main.yml no-changed-when +roles/prereqs/pvc_ecs/tasks/main.yml package-latest +roles/prereqs/user_accounts/tasks/main.yml fqcn[action-core] +roles/prereqs/user_accounts/tasks/main.yml key-order[task] +roles/prereqs/user_accounts/tasks/main.yml name[missing] +roles/prereqs/user_accounts_ecs/defaults/main.yml var-naming[no-role-prefix] +roles/prereqs/user_accounts_ecs/tasks/main.yml fqcn[action-core] +roles/prereqs/user_accounts_ecs/tasks/main.yml key-order[task] +roles/prereqs/user_accounts_ecs/tasks/main.yml name[missing] +roles/security/tls_clean/tasks/main.yml fqcn[action-core] +roles/security/tls_generate_csr/defaults/main.yml var-naming[no-role-prefix] +roles/security/tls_generate_csr/molecule/default/converge.yml fqcn[action-core] +roles/security/tls_generate_csr/molecule/default/prepare.yml fqcn[action-core] +roles/security/tls_generate_csr/molecule/default/verify.yml fqcn[action-core] +roles/security/tls_generate_csr/tasks/acls-ecs.yml fqcn[action-core] +roles/security/tls_generate_csr/tasks/acls-ecs.yml fqcn[action] +roles/security/tls_generate_csr/tasks/acls-ecs.yml jinja[invalid] +roles/security/tls_generate_csr/tasks/acls.yml fqcn[action-core] +roles/security/tls_generate_csr/tasks/acls.yml fqcn[action] +roles/security/tls_generate_csr/tasks/acls.yml jinja[invalid] +roles/security/tls_generate_csr/tasks/main.yml fqcn[action-core] +roles/security/tls_generate_csr/tasks/main.yml name[missing] +roles/security/tls_generate_csr/tasks/main.yml risky-file-permissions +roles/security/tls_generate_csr/tasks/main.yml risky-shell-pipe +roles/security/tls_install_certs/defaults/main.yml var-naming[no-role-prefix] +roles/security/tls_install_certs/tasks/main.yml command-instead-of-shell +roles/security/tls_install_certs/tasks/main.yml fqcn[action-core] +roles/security/tls_install_certs/tasks/main.yml fqcn[action] +roles/security/tls_install_certs/tasks/main.yml jinja[invalid] +roles/security/tls_install_certs/tasks/main.yml key-order[task] +roles/security/tls_install_certs/tasks/main.yml name[missing] +roles/security/tls_install_certs/tasks/main.yml no-changed-when +roles/security/tls_nifi/defaults/main.yml var-naming[no-role-prefix] +roles/security/tls_nifi/tasks/main.yml fqcn[action-core] +roles/security/tls_nifi/tasks/main.yml risky-file-permissions +roles/security/tls_signing/defaults/main.yml var-naming[no-role-prefix] +roles/security/tls_signing/tasks/main.yml fqcn[action-core] +roles/security/tls_signing/tasks/signing_freeipa.yml fqcn[action-core] +roles/teardown/tasks/main.yml fqcn[action-core] +roles/teardown/tasks/main.yml jinja[invalid] +roles/teardown/tasks/main.yml jinja[spacing] +roles/teardown/tasks/main.yml name[missing] +roles/teardown/tasks/main.yml risky-file-permissions +roles/teardown/tasks/main.yml var-naming[no-reserved] +roles/teardown/tasks/teardown_cdsw.yml command-instead-of-shell +roles/teardown/tasks/teardown_cdsw.yml fqcn[action-core] +roles/teardown/tasks/teardown_cdsw.yml jinja[invalid] +roles/teardown/tasks/teardown_cdsw.yml no-changed-when +roles/teardown/tasks/teardown_cloudera_agent.yml fqcn[action-core] +roles/teardown/tasks/teardown_cloudera_agent.yml ignore-errors +roles/teardown/tasks/teardown_cloudera_agent.yml no-changed-when +roles/teardown/tasks/teardown_cloudera_server.yml fqcn[action-core] +roles/teardown/tasks/teardown_cloudera_server.yml ignore-errors +roles/teardown/tasks/teardown_cluster.yml fqcn[action-core] +roles/teardown/tasks/teardown_cluster.yml jinja[spacing] +roles/teardown/tasks/teardown_cluster.yml key-order[task] +roles/teardown/tasks/teardown_cluster.yml name[missing] +roles/teardown/tasks/teardown_cms.yml fqcn[action-core] +roles/teardown/tasks/teardown_cms.yml jinja[spacing] +roles/teardown/tasks/teardown_cms_role_directories.yml fqcn[action-core] +roles/teardown/tasks/teardown_cms_role_directory.yml fqcn[action-core] +roles/teardown/tasks/teardown_database.yml fqcn[action-core] +roles/teardown/tasks/teardown_database.yml fqcn[action] +roles/teardown/tasks/teardown_database.yml ignore-errors +roles/teardown/tasks/teardown_database.yml name[missing] +roles/teardown/tasks/teardown_database.yml no-changed-when +roles/teardown/tasks/teardown_database.yml yaml[line-length] +roles/teardown/tasks/teardown_ecs.yml command-instead-of-shell +roles/teardown/tasks/teardown_ecs.yml fqcn[action-core] +roles/teardown/tasks/teardown_ecs.yml ignore-errors +roles/teardown/tasks/teardown_ecs.yml no-changed-when +roles/teardown/tasks/teardown_ecs.yml yaml[comments] +roles/teardown/tasks/teardown_kms.yml fqcn[action-core] +roles/teardown/tasks/teardown_role_directories.yml fqcn[action-core] +roles/teardown/tasks/teardown_role_directory.yml fqcn[action-core] +roles/teardown/tasks/teardown_service_directories.yml fqcn[action-core] +roles/teardown/tasks/teardown_service_directories.yml jinja[spacing] +roles/teardown/vars/main.yml var-naming[no-role-prefix] +roles/verify/definition/tasks/main.yml fqcn[action-core] +roles/verify/definition/tasks/main.yml ignore-errors +roles/verify/definition/tasks/main.yml jinja[invalid] +roles/verify/definition/tasks/main.yml key-order[task] +roles/verify/definition/tasks/main.yml literal-compare +roles/verify/definition/tasks/main.yml name[missing] +roles/verify/inventory/tasks/main.yml fqcn[action-core] +roles/verify/inventory/tasks/main.yml jinja[spacing] +roles/verify/inventory/tasks/main.yml key-order[task] +roles/verify/inventory/tasks/main.yml name[missing] +roles/verify/parcels_and_roles/tasks/check_cluster.yml fqcn[action-core] +roles/verify/parcels_and_roles/tasks/check_cluster.yml jinja[invalid] +roles/verify/parcels_and_roles/tasks/check_cluster.yml key-order[task] +roles/verify/parcels_and_roles/tasks/check_cluster.yml name[missing] +roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml fqcn[action-core] +roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml name[missing] +roles/verify/parcels_and_roles/tasks/check_template.yml fqcn[action-core] +roles/verify/parcels_and_roles/tasks/check_template.yml name[missing] +roles/verify/parcels_and_roles/tasks/check_template_roles.yml fqcn[action-core] +roles/verify/parcels_and_roles/tasks/check_template_roles.yml jinja[spacing] +roles/verify/parcels_and_roles/tasks/check_template_roles.yml name[missing] +roles/verify/parcels_and_roles/tasks/main.yml fqcn[action-core] diff --git a/.github/workflows/label_pr.yml b/.github/workflows/label_pr.yml index dfcd25a9..9ee76a5c 100644 --- a/.github/workflows/label_pr.yml +++ b/.github/workflows/label_pr.yml @@ -55,7 +55,7 @@ jobs: let fs = require('fs'); fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); - - name: 'Unzip artifact' + - name: "Unzip artifact" run: unzip pr_number.zip - name: Read the PR number diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 1b6688dc..80058b53 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -1,3 +1,4 @@ +--- # Copyright 2024 Cloudera, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,11 +19,10 @@ on: pull_request: push: branches: [main, devel] - jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - - uses: pre-commit/action@v3.0.1 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/publish_docs.yml b/.github/workflows/publish_docs.yml index 53e98007..13ff9147 100644 --- a/.github/workflows/publish_docs.yml +++ b/.github/workflows/publish_docs.yml @@ -19,10 +19,9 @@ name: Publish documentation on: push: branches: - - 'main' + - "main" workflow_dispatch: - jobs: build-ansible-docs: name: Build Ansible Docs diff --git a/.github/workflows/publish_galaxy.yml b/.github/workflows/publish_galaxy.yml index b61ebc9c..3f39b8ba 100644 --- a/.github/workflows/publish_galaxy.yml +++ b/.github/workflows/publish_galaxy.yml @@ -19,7 +19,6 @@ name: Publish to Ansible Galaxy on: release: types: [published] - jobs: galaxy_release: runs-on: ubuntu-latest diff --git a/.github/workflows/reset_pr.yml b/.github/workflows/reset_pr.yml index 3c4c4735..897574b0 100644 --- a/.github/workflows/reset_pr.yml +++ b/.github/workflows/reset_pr.yml @@ -22,9 +22,9 @@ on: - synchronize - ready_for_review branches: - - 'release/**' - - 'devel' - - 'devel-pvc-base' + - "release/**" + - "devel" + - "devel-pvc-base" jobs: reset: diff --git a/.github/workflows/validate_pr.yml b/.github/workflows/validate_pr.yml index dab2ddac..3d947414 100644 --- a/.github/workflows/validate_pr.yml +++ b/.github/workflows/validate_pr.yml @@ -19,8 +19,8 @@ name: Validate Pull Request on: pull_request: branches: - - 'release/**' - - 'devel' + - "release/**" + - "devel" jobs: validate: @@ -32,8 +32,8 @@ jobs: - name: Setup Python and caching uses: actions/setup-python@v4 with: - python-version: '3.9' - cache: 'pip' + python-version: "3.9" + cache: "pip" - name: Set up Ansible and Ansible collections and roles run: | diff --git a/.github/workflows/validate_pr_docs.yml b/.github/workflows/validate_pr_docs.yml index e242ea7f..d589ee0e 100644 --- a/.github/workflows/validate_pr_docs.yml +++ b/.github/workflows/validate_pr_docs.yml @@ -19,11 +19,10 @@ name: Validate Pull Request documentation on: pull_request: branches: - - 'release/**' - - 'devel' + - "release/**" + - "devel" workflow_dispatch: - jobs: validate-docs: name: Validate Ansible Docs diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9cda92b6..0916215b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,3 +1,4 @@ +--- # Copyright 2024 Cloudera, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/docs/links.yml b/docs/links.yml index 7a8b2442..bc6fedb7 100644 --- a/docs/links.yml +++ b/docs/links.yml @@ -3,7 +3,7 @@ edit_on_github: repository: cloudera-labs/cloudera.cluster branch: main - path_prefix: '' + path_prefix: "" extra_links: - description: Submit a bug report diff --git a/galaxy.yml b/galaxy.yml index 72af1b5b..1cc27d8c 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -14,43 +14,44 @@ --- -namespace: cloudera -name: cluster -version: 4.5.0-rc1 -readme: README.md +namespace: cloudera +name: cluster +version: 4.5.0-rc1 +readme: README.md authors: -- Webster Mudge @wmudge -- Ronald Suplina @rsuplina -- Jim Enright @jimright + - Webster Mudge @wmudge + - Ronald Suplina @rsuplina + - Jim Enright @jimright description: > A set of roles, modules, and other plugins for interacting with the services - and endpoints provided by Cloudera on Premises and Cloudera Manager (CM). + and endpoints provided by Cloudera Manager (CM). license_file: LICENSE tags: -- cloudera -- cdp -- cdh -- private_cloud -- on_premise -- data_services -- cloudera_manager -- cm + - application + - cloud + - tools + - cloudera + - cdp + - cdh + - private_cloud + - on_premise + - data_services + - cloudera_manager + - cm dependencies: - 'ansible.posix': '1.3.0' - 'community.crypto': '2.2.1' - 'community.general': '4.5.0' + "ansible.posix": "1.3.0" + "community.crypto": "2.2.1" + "community.general": "4.5.0" -repository: https://github.com/cloudera-labs/cloudera.cluster -homepage: https://github.com/cloudera-labs/cloudera.cluster -issues: https://github.com/cloudera-labs/cloudera.cluster/issues -documentation: https://cloudera-labs.github.io/cloudera.cluster +repository: https://github.com/cloudera-labs/cloudera.cluster +homepage: https://github.com/cloudera-labs/cloudera.cluster +issues: https://github.com/cloudera-labs/cloudera.cluster/issues +documentation: https://cloudera-labs.github.io/cloudera.cluster build_ignore: -- '.*' -- docs -- docsrc -- site - -... + - ".*" + - docs + - docsrc + - site diff --git a/meta/runtime.yml b/meta/runtime.yml index 6b7c4978..536567bf 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,3 +1,4 @@ +--- # -*- coding: utf-8 -*- # Copyright 2025 Cloudera, Inc. All Rights Reserved. @@ -14,7 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -requires_ansible: ">=2.10" +requires_ansible: ">=2.15.0" action_groups: cm: diff --git a/plugins/filter/append_database_port.yml b/plugins/filter/append_database_port.yml index bb1b5b19..684b8941 100644 --- a/plugins/filter/append_database_port.yml +++ b/plugins/filter/append_database_port.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: append_database_port short_description: append_database_port description: append_database_port EXAMPLES: - RETURN: diff --git a/plugins/filter/cluster_service_role_hosts.yml b/plugins/filter/cluster_service_role_hosts.yml index 69d91379..e2cb4a50 100644 --- a/plugins/filter/cluster_service_role_hosts.yml +++ b/plugins/filter/cluster_service_role_hosts.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: cluster_service_role_hosts short_description: cluster_service_role_hosts description: cluster_service_role_hosts EXAMPLES: - RETURN: diff --git a/plugins/filter/default_database_port.yml b/plugins/filter/default_database_port.yml index ee07c9ea..a6e4aa00 100644 --- a/plugins/filter/default_database_port.yml +++ b/plugins/filter/default_database_port.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: default_database_port short_description: default_database_port description: default_database_port EXAMPLES: - RETURN: diff --git a/plugins/filter/extract_custom_role_groups.yml b/plugins/filter/extract_custom_role_groups.yml index e5c0f4aa..108fbf15 100644 --- a/plugins/filter/extract_custom_role_groups.yml +++ b/plugins/filter/extract_custom_role_groups.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: extract_custom_role_groups short_description: extract_custom_role_groups description: extract_custom_role_groups EXAMPLES: - RETURN: diff --git a/plugins/filter/extract_custom_roles.yml b/plugins/filter/extract_custom_roles.yml index bb6512a8..695345da 100644 --- a/plugins/filter/extract_custom_roles.yml +++ b/plugins/filter/extract_custom_roles.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: extract_custom_roles short_description: extract_custom_roles description: extract_custom_roles EXAMPLES: - RETURN: diff --git a/plugins/filter/extract_parcel_urls.yml b/plugins/filter/extract_parcel_urls.yml index 5abdc4db..4e617638 100644 --- a/plugins/filter/extract_parcel_urls.yml +++ b/plugins/filter/extract_parcel_urls.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: extract_parcel_urls short_description: extract_parcel_urls description: extract_parcel_urls EXAMPLES: - RETURN: diff --git a/plugins/filter/extract_products_from_manifests.yml b/plugins/filter/extract_products_from_manifests.yml index 1d05f48a..e834ea28 100644 --- a/plugins/filter/extract_products_from_manifests.yml +++ b/plugins/filter/extract_products_from_manifests.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: extract_products_from_manifests short_description: extract_products_from_manifests description: extract_products_from_manifests EXAMPLES: - RETURN: diff --git a/plugins/filter/extract_role_and_group.yml b/plugins/filter/extract_role_and_group.yml index d172969b..181192c7 100644 --- a/plugins/filter/extract_role_and_group.yml +++ b/plugins/filter/extract_role_and_group.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: extract_role_and_group short_description: extract_role_and_group description: extract_role_and_group EXAMPLES: - RETURN: diff --git a/plugins/filter/filter_null_configs.yml b/plugins/filter/filter_null_configs.yml index a8d4be3a..8c807050 100644 --- a/plugins/filter/filter_null_configs.yml +++ b/plugins/filter/filter_null_configs.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: fill_null_configs short_description: fill_null_configs description: fill_null_configs EXAMPLES: - RETURN: diff --git a/plugins/filter/find_clusters.yml b/plugins/filter/find_clusters.yml index 99a0be9a..65d13152 100644 --- a/plugins/filter/find_clusters.yml +++ b/plugins/filter/find_clusters.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: find_clusters short_description: find_clusters description: find_clusters EXAMPLES: - RETURN: diff --git a/plugins/filter/flatten_dict_list.yml b/plugins/filter/flatten_dict_list.yml index 39b6fe33..a9e0f8e0 100644 --- a/plugins/filter/flatten_dict_list.yml +++ b/plugins/filter/flatten_dict_list.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: flatten_dict_list short_description: flatten_dict_list description: flatten_dict_list EXAMPLES: - RETURN: diff --git a/plugins/filter/format_database_type.yml b/plugins/filter/format_database_type.yml index 1cc588a5..54909885 100644 --- a/plugins/filter/format_database_type.yml +++ b/plugins/filter/format_database_type.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: format_database_type short_description: format_database_type description: format_database_type EXAMPLES: - RETURN: diff --git a/plugins/filter/get_database_collation_mysql.yml b/plugins/filter/get_database_collation_mysql.yml index ce199519..6a299eb2 100644 --- a/plugins/filter/get_database_collation_mysql.yml +++ b/plugins/filter/get_database_collation_mysql.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: get_database_collation_mysql short_description: get_database_collation_mysql description: get_database_collation_mysql EXAMPLES: - RETURN: diff --git a/plugins/filter/get_database_encoding_mysql.yml b/plugins/filter/get_database_encoding_mysql.yml index c20f2969..65146220 100644 --- a/plugins/filter/get_database_encoding_mysql.yml +++ b/plugins/filter/get_database_encoding_mysql.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: get_database_encoding_mysql short_description: get_database_encoding_mysql description: get_database_encoding_mysql EXAMPLES: - RETURN: diff --git a/plugins/filter/get_major_version.yml b/plugins/filter/get_major_version.yml index ea2a5cb3..9febf3a0 100644 --- a/plugins/filter/get_major_version.yml +++ b/plugins/filter/get_major_version.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: get_major_version short_description: get_major_version description: get_major_version EXAMPLES: - RETURN: diff --git a/plugins/filter/get_product_version.yml b/plugins/filter/get_product_version.yml index c084b1aa..966765ee 100644 --- a/plugins/filter/get_product_version.yml +++ b/plugins/filter/get_product_version.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: get_product_version short_description: get_product_version description: get_product_version EXAMPLES: - RETURN: diff --git a/plugins/filter/to_ldap_type_enum.yml b/plugins/filter/to_ldap_type_enum.yml index acfc3895..1367f40c 100644 --- a/plugins/filter/to_ldap_type_enum.yml +++ b/plugins/filter/to_ldap_type_enum.yml @@ -1,8 +1,8 @@ +--- DOCUMENTATION: name: to_ldap_type_enum short_description: to_ldap_type_enum description: to_ldap_type_enum EXAMPLES: - RETURN: diff --git a/plugins/lookup/cm_license.py b/plugins/lookup/cm_license.py index 85e77f1f..8b2877eb 100644 --- a/plugins/lookup/cm_license.py +++ b/plugins/lookup/cm_license.py @@ -78,7 +78,7 @@ description: - The contents of the license. type: dict - options: + contains: deactivation_date: description: Date of license deactivation. returned: always @@ -95,7 +95,7 @@ returned: always password: description: Computed password of the license. - return: always + returned: always start_date: description: Date of license activation. returned: always diff --git a/plugins/modules/assemble_cluster_template.py b/plugins/modules/assemble_cluster_template.py index 0c237160..e2c7b13b 100644 --- a/plugins/modules/assemble_cluster_template.py +++ b/plugins/modules/assemble_cluster_template.py @@ -123,7 +123,7 @@ cloudera.cluster.assemble_cluster_template: src: /tmp/examples dest: /opt/cloudera/cluster-template.json - remote_src: yes + remote_src: true """ RETURN = r"""#""" diff --git a/plugins/modules/cluster.py b/plugins/modules/cluster.py index 782edda3..851eb054 100644 --- a/plugins/modules/cluster.py +++ b/plugins/modules/cluster.py @@ -520,12 +520,12 @@ type: ZOOKEEPER display_name: Zookeeper config: - zookeeper_datadir_autocreate: yes + zookeeper_datadir_autocreate: true - name: hdfs-0 type: HDFS config: - zookeeper_service: zookeeper-0 - core_connector: core-settings-0 + zookeeper_service: zookeeper-0 + core_connector: core-settings-0 role_groups: - type: DATANODE config: @@ -595,7 +595,7 @@ port: "7180" name: example-cluster template: "./files/cluster-template.json" - add_repositories: yes + add_repositories: true - name: Create an ECS cluster cloudera.cluster.cluster: @@ -656,8 +656,8 @@ remote_repo_url: "https://test_website/cdp-pvc-ds/1.5.1" control_plane_config: ContainerInfo: - Mode: public - CopyDocker: false + Mode: public + CopyDocker: false Database: Mode: embedded EmbeddedDbStorage: 50 diff --git a/plugins/modules/cluster_info.py b/plugins/modules/cluster_info.py index 17bcb2fc..271d3a13 100644 --- a/plugins/modules/cluster_info.py +++ b/plugins/modules/cluster_info.py @@ -48,7 +48,6 @@ username: "jane_smith" password: "S&peR4Ec*re" port: "7180" - """ RETURN = r""" diff --git a/plugins/modules/cm_autotls.py b/plugins/modules/cm_autotls.py index 19ac868e..a0de1a45 100644 --- a/plugins/modules/cm_autotls.py +++ b/plugins/modules/cm_autotls.py @@ -54,7 +54,7 @@ interpret_as_filenames: description: - Whether specific parameters are interpreted as filenames local to the Cloudera Manager host. - - When V(true), the following parameter are filenames - O(cm_host_cert), O(cm_host_key), O(ca_cert), O(keystore_passwd), O(truststore_passwd), O(trusted_ca_certs), O(host_certs.host_cert) and O(host_certs.host_key). + - When V(true), the following parameter are filenames - O(cm_host_cert), O(cm_host_key), O(ca_cert), O(keystore_passwd), O(truststore_passwd), O(trusted_ca_certs), O(host_certs[].certificate) and O(host_certs[].key). type: bool required: false default: true @@ -80,7 +80,7 @@ connection_password: description: - The password used to authenticate with the hosts. - - Specify either this or a O(connection_password_private_key). + - Specify either this or a O(connection_private_key). type: str connection_private_key: description: @@ -158,7 +158,7 @@ platform: platforms: all notes: - - Using the C(cm_config) with O(purge=yes) will remove the Cloudera Manager configurations set by this module. + - Using the C(cm_config) with O(cloudera.cluster.cm_config#module:purge=yes) will remove the Cloudera Manager configurations set by this module. - Requires C(cm_client). seealso: - module: cloudera.cluster.cm_config diff --git a/plugins/modules/cm_config_info.py b/plugins/modules/cm_config_info.py index 416f7685..c4a29bda 100644 --- a/plugins/modules/cm_config_info.py +++ b/plugins/modules/cm_config_info.py @@ -41,14 +41,14 @@ EXAMPLES = r""" - name: Retrieve the summary (default) settings - cloudera.cluster.cm_config_info + cloudera.cluster.cm_config_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" register: summary - name: Retrieve the full settings - cloudera.cluster.cm_config_info + cloudera.cluster.cm_config_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/cm_kerberos.py b/plugins/modules/cm_kerberos.py index eb437c22..c531d64e 100644 --- a/plugins/modules/cm_kerberos.py +++ b/plugins/modules/cm_kerberos.py @@ -116,7 +116,7 @@ description: - Custom Kerberos Keytab Retrieval Script. - Specify the path to a custom script, or executable, to retrieve a Kerberos keytab. - - The target script should accept two arguments: a destination path for the resulting keytab and the full principal name of the owner of the keytab. + - "The target script should accept two arguments: a destination path for the resulting keytab and the full principal name of the owner of the keytab." type: str required: false kdc_admin_user: @@ -134,7 +134,7 @@ - cloudera.cluster.cm_endpoint - cloudera.cluster.message notes: - - Using the C(cm_config) module with O(purge=yes) will remove the Cloudera Manager configurations set by this module. + - Using O(cloudera.cluster.cm_config#module:purge=yes) will remove the Cloudera Manager configurations set by this module. - Requires C(cm_client). seealso: - module: cloudera.cluster.cm_config diff --git a/plugins/modules/cm_resource.py b/plugins/modules/cm_resource.py index f6f3744a..880a1fcb 100644 --- a/plugins/modules/cm_resource.py +++ b/plugins/modules/cm_resource.py @@ -34,9 +34,9 @@ type: str required: True choices: - - DELETE - - POST - - PUT + - DELETE + - POST + - PUT body: description: - HTTP body for the CM API endpoint call. @@ -72,7 +72,8 @@ - name: "ROLE_LIMITED" - name: Delete a Cloudera Manager user using a custom SSL certificate - host: example.cloudera.com + cloudera.cluster.cm_resource: + host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" path: "/user/existing_user" diff --git a/plugins/modules/cm_service.py b/plugins/modules/cm_service.py index 0e6d4226..cb60598d 100644 --- a/plugins/modules/cm_service.py +++ b/plugins/modules/cm_service.py @@ -35,7 +35,7 @@ role_config_groups: description: - A list of one or more role config groups to manage. - - Each role config group is the I(base) for the O(type). + - Each role config group is the I(base) for the O(role_config_groups[].type). type: list elements: dict suboptions: @@ -66,16 +66,16 @@ cluster_hostname: description: - The hostname of an instance for the role. - - If the hostname is different than that of the existing instance for the O(type), the role will be destroyed and rebuilt on the declared host. - - Mutually exclusive with O(cluster_host_id). + - If the hostname is different than that of the existing instance for the O(roles[].type), the role will be destroyed and rebuilt on the declared host. + - Mutually exclusive with O(roles[].cluster_host_id). type: str aliases: - cluster_host cluster_host_id: description: - The host ID of the instance for the role. - - If the host ID is different than that of the existing instance for the O(type), the role will be destroyed and rebuilt on the declared host. - - Mutually exclusive with O(cluster_hostname). + - If the host ID is different than that of the existing instance for the O(roles[].type), the role will be destroyed and rebuilt on the declared host. + - Mutually exclusive with O(roles[].cluster_hostname). type: str config: description: @@ -110,7 +110,7 @@ state: description: - The operating state of the service. - - The V(restarted) value will always restart the service and set RV(changed=True). + - The V(restarted) value will always restart the service and set RV(ignore:changed=True). type: str default: started choices: @@ -124,6 +124,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -162,7 +163,7 @@ password: "S&peR4Ec*re" config: mgmt_pause_duration_window: 10 - ldap_monitoring_enabled: no + ldap_monitoring_enabled: false - name: Unset a service-wide configuration for Cloudera Manager service cloudera.cluster.cm_service: @@ -217,12 +218,12 @@ process_start_secs: None - name: Update the service state to only the declared configuration - cloudera.cluster.cm_service + cloudera.cluster.cm_service: host: "cm.example.com" username: "jane_smith" password: "S&peR4Ec*re" state: started - purge: yes + purge: true config: mgmt_pause_duration_window: 10 role_config_groups: @@ -243,14 +244,14 @@ cluster_hostname: "services01.example.com" - name: Stop the Cloudera Manager service - cloudera.cluster.cm_service + cloudera.cluster.cm_service: host: "cm.example.com" username: "jane_smith" password: "S&peR4Ec*re" state: "stopped" - name: Remove the Cloudera Manager service and its roles and role config groups - cloudera.cluster.cm_service + cloudera.cluster.cm_service: host: "cm.example.com" username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/cm_service_config.py b/plugins/modules/cm_service_config.py index 436eba18..ea4992bb 100644 --- a/plugins/modules/cm_service_config.py +++ b/plugins/modules/cm_service_config.py @@ -84,7 +84,7 @@ parameters: config_one: ValueOne config_two: 4567 - purge: yes + purge: true - name: Reset all service-wide parameters cloudera.cluster.cm_service_config: @@ -94,7 +94,7 @@ cluster: example-cluster service: example-service parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/cm_service_info.py b/plugins/modules/cm_service_info.py index 10d07d28..226d8d3c 100644 --- a/plugins/modules/cm_service_info.py +++ b/plugins/modules/cm_service_info.py @@ -26,9 +26,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint -attributes: - check_mode: - support: full + - ansible.builtin.action_common_attributes requirements: - cm-client seealso: diff --git a/plugins/modules/cm_service_role.py b/plugins/modules/cm_service_role.py index c2bd914d..6ecbafb7 100644 --- a/plugins/modules/cm_service_role.py +++ b/plugins/modules/cm_service_role.py @@ -81,6 +81,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -110,7 +111,7 @@ username: "jane_smith" password: "S&peR4Ec*re" type: HOSTMONITOR - maintenance: yes + maintenance: true - name: Update (append) role configurations to a Cloudera Manager Service role cloudera.cluster.cm_service_role: @@ -129,7 +130,7 @@ type: HOSTMONITOR config: yet_another_config: value_three - purge: yes + purge: true - name: Remove all role configurations on a Cloudera Manager Service role cloudera.cluster.cm_service_role: @@ -137,7 +138,7 @@ username: "jane_smith" password: "S&peR4Ec*re" type: HOSTMONITOR - purge: yes + purge: true - name: Start a Cloudera Manager Service role cloudera.cluster.cm_service_role: diff --git a/plugins/modules/cm_service_role_config.py b/plugins/modules/cm_service_role_config.py index fc6efbf3..051258a0 100644 --- a/plugins/modules/cm_service_role_config.py +++ b/plugins/modules/cm_service_role_config.py @@ -115,7 +115,7 @@ password: "S&peR4Ec*re" type: HOSTMONITOR parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/cm_service_role_config_group.py b/plugins/modules/cm_service_role_config_group.py index 76fd346e..30557736 100644 --- a/plugins/modules/cm_service_role_config_group.py +++ b/plugins/modules/cm_service_role_config_group.py @@ -50,6 +50,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -73,7 +74,7 @@ password: "S&peR4Ec*re" type: HOSTMONITOR config: - some_parameter: True + some_parameter: true - name: Update the configuration of a Cloudera Manager service role config group, purging undeclared parameters cloudera.cluster.cm_service_role_config_group: @@ -83,7 +84,7 @@ type: HOSTMONITOR config: another_parameter: 3456 - purge: yes + purge: true - name: Reset the configuration of a Cloudera Manager service role config group cloudera.cluster.cm_service_role_config_group: @@ -91,7 +92,7 @@ username: "jane_smith" password: "S&peR4Ec*re" type: HOSTMONITOR - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/cm_service_role_config_group_config.py b/plugins/modules/cm_service_role_config_group_config.py index c6beca9c..0c1f6104 100644 --- a/plugins/modules/cm_service_role_config_group_config.py +++ b/plugins/modules/cm_service_role_config_group_config.py @@ -61,6 +61,7 @@ - cloudera.cluster.cm_endpoint - cloudera.cluster.purge - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -99,7 +100,7 @@ parameters: config_one: ValueOne config_two: 4567 - purge: yes + purge: true - name: Reset all role config group parameters for a Cloudera Manager Service role type cloudera.cluster.service_role_config_group_config: @@ -108,7 +109,7 @@ password: "S&peR4Ec*re" type: HOSTMONITOR parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/cm_service_role_config_group_info.py b/plugins/modules/cm_service_role_config_group_info.py index fb3a35d9..a6dc301a 100644 --- a/plugins/modules/cm_service_role_config_group_info.py +++ b/plugins/modules/cm_service_role_config_group_info.py @@ -32,6 +32,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/cm_service_role_info.py b/plugins/modules/cm_service_role_info.py index f95634dd..48ea9f9d 100644 --- a/plugins/modules/cm_service_role_info.py +++ b/plugins/modules/cm_service_role_info.py @@ -32,6 +32,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/data_context.py b/plugins/modules/data_context.py index 843e1608..7f197ef2 100644 --- a/plugins/modules/data_context.py +++ b/plugins/modules/data_context.py @@ -59,6 +59,10 @@ choices: - present - absent +extends_documentation_fragment: + - cloudera.cluster.cm_options + - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -68,17 +72,17 @@ EXAMPLES = r""" - name: Create a Data Context - cloudera.cluster.data_context + cloudera.cluster.data_context: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" name: "base_services" cluster: "example_cluster" - services: ['hive','atlas','hdfs','ranger'] + services: ['hive', 'atlas', 'hdfs', 'ranger'] state: present - name: Delete a data context - cloudera.cluster.data_context + cloudera.cluster.data_context: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -86,13 +90,13 @@ state: absent - name: Update an existing data context - cloudera.cluster.data_context + cloudera.cluster.data_context: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" name: "base_services" cluster: "example_cluster" - services: ['hive','atlas','hdfs'] + services: ['hive', 'atlas', 'hdfs'] state: present """ diff --git a/plugins/modules/data_context_info.py b/plugins/modules/data_context_info.py index f59d6662..06c93340 100644 --- a/plugins/modules/data_context_info.py +++ b/plugins/modules/data_context_info.py @@ -37,14 +37,14 @@ EXAMPLES = r""" - name: Gather details about specific data context - cloudera.cluster.data_context_info + cloudera.cluster.data_context_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" name: "SDX" - name: Gather details about all data contexts within the cluster - cloudera.cluster.data_context_info + cloudera.cluster.data_context_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/external_account.py b/plugins/modules/external_account.py index 9023f8ae..a980e0fb 100644 --- a/plugins/modules/external_account.py +++ b/plugins/modules/external_account.py @@ -43,8 +43,8 @@ - BASICAUTH state: description: - - If I(state=present), the account will be created or updated. - - If I(state=absent), the account will be deleted. + - If O(state=present), the account will be created or updated. + - If O(state=absent), the account will be deleted. type: str required: no default: present @@ -109,6 +109,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/external_account_info.py b/plugins/modules/external_account_info.py index 167d4adb..ffee00e8 100644 --- a/plugins/modules/external_account_info.py +++ b/plugins/modules/external_account_info.py @@ -22,8 +22,6 @@ - Provides details for a specific account or retrieves all external accounts configured in Cloudera Manager. author: - "Ronald Suplina (@rsuplina)" -requirements: - - cm_client options: name: description: @@ -45,6 +43,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/external_user_mappings.py b/plugins/modules/external_user_mappings.py index 3ba9e8a9..c73c3efd 100644 --- a/plugins/modules/external_user_mappings.py +++ b/plugins/modules/external_user_mappings.py @@ -67,6 +67,10 @@ - If I(purge=False), the provided authorization roles will be added to the existing ones, and any duplicates will be ignored. type: bool default: False +extends_documentation_fragment: + - cloudera.cluster.cm_options + - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -93,7 +97,7 @@ name: "basic_user" state: "present" type: "LDAP" - auth_roles: ["ROLE_DASHBOARD_USER","ROLE_USER","ROLE_CLUSTER_CREATOR"] + auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER", "ROLE_CLUSTER_CREATOR"] - name: Replace current permissions in external user mapping cloudera.cluster.external_user_mappings: @@ -104,7 +108,7 @@ state: "present" purge: "True" type: "LDAP" - auth_roles: ["ROLE_DASHBOARD_USER","ROLE_USER"] + auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER"] - name: Remove specified authorization roles from external user mapping cloudera.cluster.external_user_mappings: @@ -114,7 +118,7 @@ name: "default_user" state: "absent" type: "LDAP" - auth_roles: ["ROLE_DASHBOARD_USER","ROLE_USER"] + auth_roles: ["ROLE_DASHBOARD_USER", "ROLE_USER"] - name: Remove external user mapping cloudera.cluster.external_user_mappings: @@ -131,7 +135,7 @@ username: "jane_smith" password: "S&peR4Ec*re" name: "basic_user" - purge: True + purge: true auth_roles: [] """ diff --git a/plugins/modules/external_user_mappings_info.py b/plugins/modules/external_user_mappings_info.py index afbd0dc4..944a3672 100644 --- a/plugins/modules/external_user_mappings_info.py +++ b/plugins/modules/external_user_mappings_info.py @@ -35,6 +35,9 @@ - The uuid of the external mapping. type: str required: no +extends_documentation_fragment: + - cloudera.cluster.cm_options + - cloudera.cluster.cm_endpoint """ EXAMPLES = r""" diff --git a/plugins/modules/host.py b/plugins/modules/host.py index 8ac17d56..edb07594 100644 --- a/plugins/modules/host.py +++ b/plugins/modules/host.py @@ -74,7 +74,7 @@ - Role configuration overrides for the host. type: list elements: dict - options: + suboptions: service: description: - The service of the role instance on the host. @@ -102,7 +102,7 @@ - Role config groups (and associated role instances) to apply to the host. type: list elements: dict - options: + suboptions: service: description: - The service of the role config group (and associated role instance) on the host. @@ -113,14 +113,14 @@ type: description: - The base role type of the role config group (and associated role instance) on the host. - - One of O(type) or O(name) is required. + - One of O(role_config_groups[].type) or O(role_config_groups[].name) is required. type: str aliases: - role_type name: description: - The name of the role config group (and associated role instance) on the host. - - One of O(type) or O(name) is required. + - One of O(role_config_groups[].type) or O(role_config_groups[].name) is required. type: str tags: description: diff --git a/plugins/modules/host_config.py b/plugins/modules/host_config.py index 20a712e4..229fd841 100644 --- a/plugins/modules/host_config.py +++ b/plugins/modules/host_config.py @@ -50,6 +50,10 @@ choices: - summary - full +extends_documentation_fragment: + - cloudera.cluster.cm_options + - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -59,7 +63,7 @@ EXAMPLES = r""" - name: Update host configuration parameters - cloudera.cluster.host_config + cloudera.cluster.host_config: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -69,16 +73,15 @@ port_configuration: 8777 - name: Reset all host configurations and update specified parameters - cloudera.cluster.host_config + cloudera.cluster.host_config: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" name: example.cloudera.com - purge: yes + purge: true parameters: some_configuration_path: "/usr/bin/java" port_configuration: 8777 - """ RETURN = r""" diff --git a/plugins/modules/host_config_info.py b/plugins/modules/host_config_info.py index cac421b5..ac25c9ab 100644 --- a/plugins/modules/host_config_info.py +++ b/plugins/modules/host_config_info.py @@ -45,7 +45,7 @@ EXAMPLES = r""" - name: Gather the configuration details for a host - cloudera.cluster.host_config_info + cloudera.cluster.host_config_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -53,7 +53,7 @@ view: summary - name: Gather the configuration details in 'full' for a host - cloudera.cluster.host_config_info + cloudera.cluster.host_config_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/host_info.py b/plugins/modules/host_info.py index 771a0b8c..d2bf4dfb 100644 --- a/plugins/modules/host_info.py +++ b/plugins/modules/host_info.py @@ -46,6 +46,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/host_template.py b/plugins/modules/host_template.py index d106c07b..5e32c5ce 100644 --- a/plugins/modules/host_template.py +++ b/plugins/modules/host_template.py @@ -50,7 +50,7 @@ name: description: - The name of the custom role config group for the specified service. - - Mutually exclusive with O(type). + - Mutually exclusive with O(role_config_groups[].type). type: str required: no service: @@ -59,30 +59,30 @@ type: str required: yes aliases: - - service_name + - service_name type: description: - The name of the role type of the base role config group for the specified service. - - Mutually exclusive with O(name). + - Mutually exclusive with O(role_config_groups[].name). type: str required: no aliases: - - role_type - purge: - description: - - Flag for whether the declared role config groups should append or overwrite any existing entries. - - To clear all configuration overrides or tags, set O(role_config_groups={}), i.e. an empty dictionary, and set O(purge=True). - type: bool - default: False - state: - description: - - The state of the host template. - type: str - required: no - choices: - - present - - absent - default: present + - role_type + purge: + description: + - Flag for whether the declared role config groups should append or overwrite any existing entries. + - To clear all configuration overrides or tags, set O(role_config_groups={}), i.e. an empty dictionary, and set O(purge=True). + type: bool + default: False + state: + description: + - The state of the host template. + type: str + required: no + choices: + - present + - absent + default: present extends_documentation_fragment: - ansible.builtin.action_common_attributes - cloudera.cluster.cm_options @@ -102,7 +102,7 @@ EXAMPLES = r""" - name: Provision a host template with a base role config group assignment - cloudera.cluster.host_template + cloudera.cluster.host_template: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -113,7 +113,7 @@ service: hdfs-service-1 - name: Provision a host template with a named (custom) role config group assignment - cloudera.cluster.host_template + cloudera.cluster.host_template: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -124,7 +124,7 @@ service: zookeeper-service-1 - name: Update (append) a role config group to a host template - cloudera.cluster.host_template + cloudera.cluster.host_template: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -135,7 +135,7 @@ service: ozone-service-2 - name: Update (reset) the role config groups of a host template - cloudera.cluster.host_template + cloudera.cluster.host_template: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -146,10 +146,10 @@ service: hdfs-service-1 - type: OZONE_DATANODE service: ozone-service-2 - purge: yes + purge: true - name: Remove a host template - cloudera.cluster.host_template + cloudera.cluster.host_template: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/host_template_info.py b/plugins/modules/host_template_info.py index a8f9259a..3dc82c75 100644 --- a/plugins/modules/host_template_info.py +++ b/plugins/modules/host_template_info.py @@ -55,7 +55,7 @@ EXAMPLES = r""" - name: Retrieve the defailts about a specific host template - cloudera.cluster.host_template_info + cloudera.cluster.host_template_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -63,7 +63,7 @@ name: "example_host_template" - name: Retrieve the details about all host templates within the cluster - cloudera.cluster.host_template_info + cloudera.cluster.host_template_info: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" diff --git a/plugins/modules/service.py b/plugins/modules/service.py index 34d5fb39..389249c0 100644 --- a/plugins/modules/service.py +++ b/plugins/modules/service.py @@ -90,7 +90,7 @@ - If O(purge=True), undeclared roles for the service will be removed from the hosts. type: list elements: dict - options: + suboptions: type: description: - The role instance type to provision on the designated cluster hosts. @@ -135,7 +135,7 @@ config groups cannot be removed.) type: list elements: dict - options: + suboptions: name: description: - The name of a custom role config group. @@ -229,7 +229,7 @@ password: "S&peR4Ec*re" cluster: example_cluster service: example_ecs - maintenance: yes + maintenance: true - name: Update (append) several tags on a cluster service cloudera.cluster.service: @@ -251,7 +251,7 @@ service: example_ecs tags: tag_three: value_three - purge: yes + purge: true - name: Remove all the tags on a cluster service cloudera.cluster.service: @@ -261,7 +261,7 @@ cluster: example_cluster service: example_ecs tags: {} - purge: yes + purge: true - name: Update (append) several service-wide configurations on a cluster service cloudera.cluster.service: @@ -284,7 +284,7 @@ config: param_one: 1 param_three: three - purge: yes + purge: true - name: Remove all the service-wide configurations on a cluster service cloudera.cluster.service: @@ -294,7 +294,7 @@ cluster: example_cluster service: example_ecs config: {} - purge: yes + purge: true - name: Provision role instances on cluster hosts for a cluster service cloudera.cluster.service: diff --git a/plugins/modules/service_config.py b/plugins/modules/service_config.py index ccf9357c..3fd6b699 100644 --- a/plugins/modules/service_config.py +++ b/plugins/modules/service_config.py @@ -103,7 +103,7 @@ parameters: config_one: ValueOne config_two: 4567 - purge: yes + purge: true - name: Reset all service-wide parameters cloudera.cluster.service_config: @@ -113,7 +113,7 @@ cluster: example-cluster service: example-service parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/service_info.py b/plugins/modules/service_info.py index 136e061e..285cd242 100644 --- a/plugins/modules/service_info.py +++ b/plugins/modules/service_info.py @@ -41,6 +41,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/service_role.py b/plugins/modules/service_role.py index 1fcc51a3..e69105a8 100644 --- a/plugins/modules/service_role.py +++ b/plugins/modules/service_role.py @@ -122,6 +122,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -154,7 +155,7 @@ cluster: example-cluster service: example-hdfs name: example-GATEWAY - maintenance: yes + maintenance: true - name: Update (append) tags to a service role cloudera.cluster.service_role: @@ -179,7 +180,7 @@ cluster_hostname: worker-01.cloudera.internal tags: tag_three: value_three - purge: yes + purge: true - name: Remove all tags on a service role cloudera.cluster.service_role: @@ -191,7 +192,7 @@ type: GATEWAY cluster_hostname: worker-01.cloudera.internal tags: {} - purge: yes + purge: true - name: Start a service role cloudera.cluster.service_role: diff --git a/plugins/modules/service_role_config.py b/plugins/modules/service_role_config.py index ad159ecf..e88249b7 100644 --- a/plugins/modules/service_role_config.py +++ b/plugins/modules/service_role_config.py @@ -89,7 +89,7 @@ another_configuration: 234 - name: Reset a role parameter - cloudera.cluster.cluster_service_role_config: + cloudera.cluster.service_role_config: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -99,7 +99,7 @@ more_configuration: None - name: Update (purge) role parameters - cloudera.cluster.cluster_service_role_config: + cloudera.cluster.service_role_config: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" @@ -111,14 +111,14 @@ config_three: 2345 - name: Reset all role parameters - cloudera.cluster.cluster_service_role_config: + cloudera.cluster.service_role_config: host: example.cloudera.com username: "jane_smith" password: "S&peR4Ec*re" cluster: example-cluster service: example-service parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/service_role_config_group.py b/plugins/modules/service_role_config_group.py index 430b0e88..2a7e06da 100644 --- a/plugins/modules/service_role_config_group.py +++ b/plugins/modules/service_role_config_group.py @@ -91,6 +91,7 @@ - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint - cloudera.cluster.message + - ansible.builtin.action_common_attributes attributes: check_mode: support: full @@ -128,7 +129,7 @@ type: SERVER config: another_parameter: 12345 - purge: yes + purge: true - name: Update the base role config group for a role type cloudera.cluster.service_role_config_group: @@ -151,7 +152,7 @@ service: ZooKeeper name: Example-ZK-Server type: SERVER - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/service_role_config_group_config.py b/plugins/modules/service_role_config_group_config.py index f56a7eb3..978179cc 100644 --- a/plugins/modules/service_role_config_group_config.py +++ b/plugins/modules/service_role_config_group_config.py @@ -110,7 +110,7 @@ parameters: config_one: ValueOne config_two: 4567 - purge: yes + purge: true - name: Reset all role config group parameters cloudera.cluster.service_role_config_group_config: @@ -120,7 +120,7 @@ cluster: example-cluster service: example-service parameters: {} - purge: yes + purge: true """ RETURN = r""" diff --git a/plugins/modules/service_role_config_group_info.py b/plugins/modules/service_role_config_group_info.py index 73324c71..cb70af5a 100644 --- a/plugins/modules/service_role_config_group_info.py +++ b/plugins/modules/service_role_config_group_info.py @@ -37,15 +37,6 @@ required: yes aliases: - service_name - type: - description: - - The role type defining the role config group(s). - - If specified, will return all role config groups for the type. - - Mutually exclusive with O(name). - type: str - aliases: - - role_type - name: type: description: - The role type defining the role config group(s). @@ -65,13 +56,7 @@ extends_documentation_fragment: - cloudera.cluster.cm_options - cloudera.cluster.cm_endpoint -attributes: - check_mode: - support: full -requirements: - - cm-client -seealso: - - module: cloudera.cluster.service_role_config_group + - ansible.builtin.action_common_attributes attributes: check_mode: support: full diff --git a/plugins/modules/user.py b/plugins/modules/user.py index 48c5d3fe..dce95c4e 100644 --- a/plugins/modules/user.py +++ b/plugins/modules/user.py @@ -84,7 +84,7 @@ password: "S&peR4Ec*re" account_name: "john" account_password: "Password123" - roles: ["Configurator","Dashboard User","Limited Operator"] + roles: ["Configurator", "Dashboard User", "Limited Operator"] state: "present" - name: Reduce permissions on user to a single role diff --git a/plugins/modules/user_info.py b/plugins/modules/user_info.py index 08cdd2a4..edf13bc7 100644 --- a/plugins/modules/user_info.py +++ b/plugins/modules/user_info.py @@ -48,7 +48,6 @@ username: "jane_smith" password: "S&peR4Ec*re" account_name: "john" - """ RETURN = r""" diff --git a/roles/assemble_template/meta/argument_specs.yml b/roles/assemble_template/meta/argument_specs.yml index f34ebdb3..8e032be9 100644 --- a/roles/assemble_template/meta/argument_specs.yml +++ b/roles/assemble_template/meta/argument_specs.yml @@ -18,7 +18,8 @@ argument_specs: main: short_description: "Discover and render files into a cluster template" description: - - Discovers fragment files in a specified directory, loops through fragment files rendering them through M(ansible.builtin.template), places them in a temporary directory, and then assembles a single, final cluster template. + - Discovers fragment files in a specified directory, loops through fragment files rendering them through M(ansible.builtin.template), places them in a + temporary directory, and then assembles a single, final cluster template. - Fragment files must be located on the Ansible controller since M(ansible.builtin.template) only executes on the controller. - This ensures that the template processing occurs on the Ansible controller machine. author: diff --git a/roles/assemble_template/tasks/main.yml b/roles/assemble_template/tasks/main.yml index c76ed466..286525a5 100644 --- a/roles/assemble_template/tasks/main.yml +++ b/roles/assemble_template/tasks/main.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Discover fragment files ansible.builtin.find: paths: "{{ cluster_template_fragments_directory }}" patterns: "{{ cluster_template_fragments_regex | default(omit) }}" - use_regex: yes - recurse: yes + use_regex: true + recurse: true register: fragments delegate_to: localhost @@ -33,6 +32,7 @@ ansible.builtin.template: src: "{{ __fragment.path }}" dest: "{{ fragments_temp_directory.path }}/{{ __fragment.path | basename }}" + mode: "0644" loop: "{{ fragments.files }}" loop_control: loop_var: __fragment @@ -44,6 +44,7 @@ cloudera.cluster.assemble_cluster_template: src: "{{ fragments_temp_directory.path }}" dest: "{{ cluster_template_file }}" + mode: "0644" - name: Remove temporary directory ansible.builtin.file: diff --git a/roles/cloudera_manager/admin_password/check/tasks/main.yml b/roles/cloudera_manager/admin_password/check/tasks/main.yml index 19a6f325..2d5dc44a 100644 --- a/roles/cloudera_manager/admin_password/check/tasks/main.yml +++ b/roles/cloudera_manager/admin_password/check/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Wait for Cloudera Manager Port to be up delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" ansible.builtin.wait_for: @@ -34,14 +33,14 @@ validate_certs: "{{ cloudera_manager_tls_validate_certs }}" url_username: "admin" url_password: "admin" - force_basic_auth: yes + force_basic_auth: true status_code: [200, 401] register: default_admin_password_check retries: 30 until: - default_admin_password_check.status is defined - default_admin_password_check.status != -1 - run_once: True + run_once: true when: - cloudera_manager_admin_password is defined - cloudera_manager_api_password == 'admin' @@ -50,7 +49,7 @@ delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" set_fact: cloudera_manager_api_password: "{{ cloudera_manager_admin_password }}" - run_once: True + run_once: true when: - cloudera_manager_admin_password is defined - cloudera_manager_api_password == 'admin' @@ -62,4 +61,4 @@ - delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" set_fact: cloudera_manager_api_password: "{{ cloudera_manager_api_password }}" - run_once: True + run_once: true diff --git a/roles/cloudera_manager/admin_password/set/tasks/main.yml b/roles/cloudera_manager/admin_password/set/tasks/main.yml index c4a0a5c8..0b298f3b 100644 --- a/roles/cloudera_manager/admin_password/set/tasks/main.yml +++ b/roles/cloudera_manager/admin_password/set/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Update the Cloudera Manager admin password cloudera.cluster.cm_api: endpoint: /users/admin diff --git a/roles/cloudera_manager/agent/tasks/main.yml b/roles/cloudera_manager/agent/tasks/main.yml index b29da920..d67a2f2e 100644 --- a/roles/cloudera_manager/agent/tasks/main.yml +++ b/roles/cloudera_manager/agent/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Gather the package facts ansible.builtin.package_facts: manager: auto @@ -39,5 +38,5 @@ ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" name: cloudera-manager-agent - update_cache: yes + update_cache: true state: latest diff --git a/roles/cloudera_manager/agent_config/tasks/main.yml b/roles/cloudera_manager/agent_config/tasks/main.yml index ceeff95f..48c02487 100644 --- a/roles/cloudera_manager/agent_config/tasks/main.yml +++ b/roles/cloudera_manager/agent_config/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Set Cloudera Manager agent 'server_host' in config.ini lineinfile: dest: "{{ cloudera_manager_agent_config_file }}" diff --git a/roles/cloudera_manager/api_client/handlers/main.yml b/roles/cloudera_manager/api_client/handlers/main.yml index 6531575d..a6f6d77b 100644 --- a/roles/cloudera_manager/api_client/handlers/main.yml +++ b/roles/cloudera_manager/api_client/handlers/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: restart cloudera management service cm_api: endpoint: /cm/service/commands/restart diff --git a/roles/cloudera_manager/api_client/tasks/main.yml b/roles/cloudera_manager/api_client/tasks/main.yml index 0ec9f28f..e5f9bb9f 100644 --- a/roles/cloudera_manager/api_client/tasks/main.yml +++ b/roles/cloudera_manager/api_client/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - set_fact: cloudera_manager_url: "{{ cloudera_manager_protocol }}://{{ cloudera_manager_host }}:{{ cloudera_manager_port }}" when: cloudera_manager_url is not defined diff --git a/roles/cloudera_manager/api_hosts/tasks/main.yml b/roles/cloudera_manager/api_hosts/tasks/main.yml index 64085f0f..70f7ed7b 100644 --- a/roles/cloudera_manager/api_hosts/tasks/main.yml +++ b/roles/cloudera_manager/api_hosts/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get the host identifiers and names from Cloudera Manager delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" cloudera.cluster.cm_api: diff --git a/roles/cloudera_manager/autotls/tasks/main.yml b/roles/cloudera_manager/autotls/tasks/main.yml index 83e5bf35..3e46fca5 100644 --- a/roles/cloudera_manager/autotls/tasks/main.yml +++ b/roles/cloudera_manager/autotls/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Check Cloudera Manager version cloudera.cluster.cm_api: endpoint: /cm/version @@ -25,7 +24,7 @@ - name: Patch Cloudera Manager older than 7.3 include_tasks: - file: patch_old_cm + file: patch_old_cm.yml when: response.json.version is version('7.3.0', '<') - name: Check if password or key is used to connect to machines diff --git a/roles/cloudera_manager/autotls/tasks/patch_old_cm.yml b/roles/cloudera_manager/autotls/tasks/patch_old_cm.yml index 7db78d00..9973cdc3 100644 --- a/roles/cloudera_manager/autotls/tasks/patch_old_cm.yml +++ b/roles/cloudera_manager/autotls/tasks/patch_old_cm.yml @@ -5,7 +5,7 @@ dest: /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py_patch owner: cloudera-scm group: cloudera-scm - mode: '0644' + mode: "0644" - name: Backup cert.py shell: cp /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py /opt/cloudera/cm-agent/lib/python2.7/site-packages/cmf/tools/cert.py.backup diff --git a/roles/cloudera_manager/common/defaults/main.yml b/roles/cloudera_manager/common/defaults/main.yml index 17764193..41fa81a5 100644 --- a/roles/cloudera_manager/common/defaults/main.yml +++ b/roles/cloudera_manager/common/defaults/main.yml @@ -21,7 +21,7 @@ cloudera_manager_host_remote: "{{ hostvars[groups.cloudera_manager[0]].ansible_h cloudera_manager_host: "{{ cloudera_manager_host_remote if 'localhost' in inventory_hostname else cloudera_manager_host_local }}" # cloudera_manager_port: 7180 -cloudera_manager_database_embedded: False +cloudera_manager_database_embedded: false cloudera_manager_database_host: "{{ database_host }}" cloudera_manager_database_type: "{{ database_type }}" cloudera_manager_database_name: scm diff --git a/roles/cloudera_manager/common/handlers/main.yml b/roles/cloudera_manager/common/handlers/main.yml index 59d213c6..3ef52b0c 100644 --- a/roles/cloudera_manager/common/handlers/main.yml +++ b/roles/cloudera_manager/common/handlers/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: start cloudera-scm-server service: name: cloudera-scm-server diff --git a/roles/cloudera_manager/config/defaults/main.yml b/roles/cloudera_manager/config/defaults/main.yml index dea1125f..06934c02 100644 --- a/roles/cloudera_manager/config/defaults/main.yml +++ b/roles/cloudera_manager/config/defaults/main.yml @@ -14,7 +14,7 @@ --- api_config_endpoint: cm/config -api_config_keys_uppercase: True +api_config_keys_uppercase: true cm_api_defaults: PARCEL_DISTRIBUTE_RATE_LIMIT_KBS_PER_SECOND: 256000 api_configs: "{{ cm_api_defaults | combine(cloudera_manager_options | default({}), recursive=True) }}" diff --git a/roles/cloudera_manager/config/tasks/main.yml b/roles/cloudera_manager/config/tasks/main.yml index bf4b31e8..0f6406d7 100644 --- a/roles/cloudera_manager/config/tasks/main.yml +++ b/roles/cloudera_manager/config/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get existing configs delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" cloudera.cluster.cm_api: diff --git a/roles/cloudera_manager/csds/tasks/main.yml b/roles/cloudera_manager/csds/tasks/main.yml index c5ca205b..07a37ddd 100644 --- a/roles/cloudera_manager/csds/tasks/main.yml +++ b/roles/cloudera_manager/csds/tasks/main.yml @@ -13,14 +13,13 @@ # limitations under the License. --- - - name: Create CSD directory file: path: "{{ cloudera_manager_csd_directory }}" state: directory owner: cloudera-scm group: cloudera-scm - mode: 0755 + mode: "0755" - name: Download CSDs get_url: @@ -28,7 +27,7 @@ dest: "{{ cloudera_manager_csd_directory }}" url_username: "{{ cloudera_manager_repo_username | default(omit) }}" url_password: "{{ cloudera_manager_repo_password | default(omit) }}" - mode: 0644 + mode: "0644" loop: "{{ cloudera_manager_csds }}" loop_control: loop_var: __csd_item diff --git a/roles/cloudera_manager/daemons/tasks/main.yml b/roles/cloudera_manager/daemons/tasks/main.yml index f8d05b7c..50f9e73d 100644 --- a/roles/cloudera_manager/daemons/tasks/main.yml +++ b/roles/cloudera_manager/daemons/tasks/main.yml @@ -13,10 +13,9 @@ # limitations under the License. --- - - name: Install Cloudera Manager daemons package ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(180, omit) }}" name: cloudera-manager-daemons - update_cache: yes + update_cache: true state: present diff --git a/roles/cloudera_manager/database/defaults/main.yml b/roles/cloudera_manager/database/defaults/main.yml index d43e8eaf..878d9ab2 100644 --- a/roles/cloudera_manager/database/defaults/main.yml +++ b/roles/cloudera_manager/database/defaults/main.yml @@ -14,5 +14,6 @@ --- -cloudera_manager_database_prepare_script: "{{ '/opt/cloudera/cm/schema/scm_prepare_database.sh' if cloudera_manager_version is version('6.0.0', '>=') else '/usr/share/cmf/schema/scm_prepare_database.sh' }}" +cloudera_manager_database_prepare_script: "{{ '/opt/cloudera/cm/schema/scm_prepare_database.sh' if cloudera_manager_version is version('6.0.0', '>=') else '/usr/share/cmf/schema/scm_prepare_database.sh' + }}" cloudera_manager_database_ranger_script: /opt/cloudera/cm/bin/gen_embedded_ranger_db.sh diff --git a/roles/cloudera_manager/database/handlers/main.yml b/roles/cloudera_manager/database/handlers/main.yml index 23da945f..df605c8b 100644 --- a/roles/cloudera_manager/database/handlers/main.yml +++ b/roles/cloudera_manager/database/handlers/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: start cloudera-scm-server-db service: name: cloudera-scm-server-db diff --git a/roles/cloudera_manager/database/tasks/embedded.yml b/roles/cloudera_manager/database/tasks/embedded.yml index fca93ba8..f7eb2513 100644 --- a/roles/cloudera_manager/database/tasks/embedded.yml +++ b/roles/cloudera_manager/database/tasks/embedded.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Install Cloudera Manager embedded database ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" name: - - cloudera-manager-server-db-2 + - cloudera-manager-server-db-2 state: present - changed_when: True + changed_when: true notify: - start cloudera-scm-server-db diff --git a/roles/cloudera_manager/database/tasks/external.yml b/roles/cloudera_manager/database/tasks/external.yml index 3bbb29af..e82f1204 100644 --- a/roles/cloudera_manager/database/tasks/external.yml +++ b/roles/cloudera_manager/database/tasks/external.yml @@ -13,18 +13,17 @@ # limitations under the License. --- - - name: Create Cloudera Manager database user for Postgres postgresql_user: name: "{{ cloudera_manager_database_user }}" password: "{{ cloudera_manager_database_password }}" delegate_to: "{{ cloudera_manager_database_host }}" connection: ssh - become: yes + become: true become_user: postgres when: - - cloudera_manager_database_type == 'postgresql' - - cloudera_manager_database_host in groups.db_server | default([]) + - cloudera_manager_database_type == 'postgresql' + - cloudera_manager_database_host in groups.db_server | default([]) - name: Create Cloudera Manager database postgresql_db: @@ -33,24 +32,24 @@ encoding: UTF-8 delegate_to: "{{ cloudera_manager_database_host }}" connection: ssh - become: yes + become: true become_user: postgres when: - - cloudera_manager_database_type == 'postgresql' - - cloudera_manager_database_host in groups.db_server | default([]) + - cloudera_manager_database_type == 'postgresql' + - cloudera_manager_database_host in groups.db_server | default([]) - name: Create Cloudera Manager database user for MySQL mysql_user: name: "{{ cloudera_manager_database_user }}" password: "{{ cloudera_manager_database_password }}" update_password: always - host: '%' + host: "%" priv: "{{ cloudera_manager_database_name }}.*:ALL" delegate_to: "{{ cloudera_manager_database_host }}" connection: ssh when: - - cloudera_manager_database_type == 'mysql' or cloudera_manager_database_type == 'mariadb' - - cloudera_manager_database_host in groups.db_server | default([]) + - cloudera_manager_database_type == 'mysql' or cloudera_manager_database_type == 'mariadb' + - cloudera_manager_database_host in groups.db_server | default([]) - name: Create Cloudera Manager database mysql_db: @@ -60,9 +59,8 @@ delegate_to: "{{ cloudera_manager_database_host }}" connection: ssh when: - - cloudera_manager_database_type == 'mysql' or cloudera_manager_database_type == 'mariadb' - - cloudera_manager_database_host in groups.db_server | default([]) - + - cloudera_manager_database_type == 'mysql' or cloudera_manager_database_type == 'mariadb' + - cloudera_manager_database_host in groups.db_server | default([]) - name: Prepare Cloudera Manager Server external database command: | @@ -71,4 +69,4 @@ {{ cloudera_manager_database_name }} {{ cloudera_manager_database_user }} {{ cloudera_manager_database_password }} - changed_when: False + changed_when: false diff --git a/roles/cloudera_manager/database/tasks/main.yml b/roles/cloudera_manager/database/tasks/main.yml index a80fec85..2c6b929f 100644 --- a/roles/cloudera_manager/database/tasks/main.yml +++ b/roles/cloudera_manager/database/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Configure Cloudera Manager database (external) include_tasks: external.yml when: not cloudera_manager_database_embedded diff --git a/roles/cloudera_manager/external_account/tasks/main.yml b/roles/cloudera_manager/external_account/tasks/main.yml index fc539db2..e247efe5 100644 --- a/roles/cloudera_manager/external_account/tasks/main.yml +++ b/roles/cloudera_manager/external_account/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Wait for Cloudera Manager Port to be up delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" ansible.builtin.wait_for: diff --git a/roles/cloudera_manager/external_auth/defaults/main.yml b/roles/cloudera_manager/external_auth/defaults/main.yml index 0947c1f2..dce53e20 100644 --- a/roles/cloudera_manager/external_auth/defaults/main.yml +++ b/roles/cloudera_manager/external_auth/defaults/main.yml @@ -14,4 +14,4 @@ --- -freeipa_activated: False +freeipa_activated: false diff --git a/roles/cloudera_manager/external_auth/tasks/create_mapping.yml b/roles/cloudera_manager/external_auth/tasks/create_mapping.yml index c2cca5be..8d84615c 100644 --- a/roles/cloudera_manager/external_auth/tasks/create_mapping.yml +++ b/roles/cloudera_manager/external_auth/tasks/create_mapping.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/cloudera_manager/external_auth/tasks/main.yml b/roles/cloudera_manager/external_auth/tasks/main.yml index a9fdbaef..d272f685 100644 --- a/roles/cloudera_manager/external_auth/tasks/main.yml +++ b/roles/cloudera_manager/external_auth/tasks/main.yml @@ -13,15 +13,13 @@ # limitations under the License. --- - - name: Conditionally load in variables for initializing IPA ansible.builtin.include_vars: file: freeipa.yml when: - - freeipa_activated - - cloudera_manager_external_auth is undefined - - cloudera_manager_version is version('6.0.0','>=') - + - freeipa_activated + - cloudera_manager_external_auth is undefined + - cloudera_manager_version is version('6.0.0','>=') - name: Select external auth provider details set_fact: @@ -32,20 +30,19 @@ include_role: name: cloudera.cluster.cloudera_manager.config vars: - api_config_keys_uppercase: True + api_config_keys_uppercase: true api_configs: "{{ lookup('template', 'external_auth_configs.j2') | from_yaml }}" when: auth_provider is defined and cloudera_manager_version is version('6.0.0','>=') - block: + - name: Get auth roles from Cloudera Manager + cloudera.cluster.cm_api: + endpoint: /authRoles + register: response - - name: Get auth roles from Cloudera Manager - cloudera.cluster.cm_api: - endpoint: /authRoles - register: response - - - name: Create auth role name to UUID mapping - set_fact: - auth_role_uuids: "{{ response.json['items'] | items2dict(key_name='name', value_name='uuid') }}" + - name: Create auth role name to UUID mapping + set_fact: + auth_role_uuids: "{{ response.json['items'] | items2dict(key_name='name', value_name='uuid') }}" ## BUG: Can't set all mappings in one API call because of OPSAPS-56242 # - name: Set Cloudera Manager external auth user to role mappings @@ -55,18 +52,18 @@ # method: POST # when: cloudera_manager_external_auth.role_mappings is defined - - name: Set Cloudera Manager external auth user to role mappings - include_tasks: create_mapping.yml - loop: "{{ cloudera_manager_external_auth.role_mappings }}" - loop_control: - loop_var: role_mapping + - name: Set Cloudera Manager external auth user to role mappings + include_tasks: create_mapping.yml + loop: "{{ cloudera_manager_external_auth.role_mappings }}" + loop_control: + loop_var: role_mapping - - name: Restart Cloudera Manager server - service: - name: cloudera-scm-server - state: restarted - become: yes - notify: - - wait cloudera-scm-server + - name: Restart Cloudera Manager server + service: + name: cloudera-scm-server + state: restarted + become: true + notify: + - wait cloudera-scm-server when: cloudera_manager_external_auth.role_mappings is defined and cloudera_manager_version is version('6.0.0','>=') diff --git a/roles/cloudera_manager/external_auth/vars/freeipa.yml b/roles/cloudera_manager/external_auth/vars/freeipa.yml index afad671b..1b8b1952 100644 --- a/roles/cloudera_manager/external_auth/vars/freeipa.yml +++ b/roles/cloudera_manager/external_auth/vars/freeipa.yml @@ -16,17 +16,17 @@ default_free_ipa_role_mappings: - group: admins - roles: [ ROLE_ADMIN ] + roles: [ROLE_ADMIN] - group: auditors - roles: [ ROLE_AUDITOR ] + roles: [ROLE_AUDITOR] - group: users - roles: [ ROLE_USER ] + roles: [ROLE_USER] cloudera_manager_external_auth: provider: "FreeIPA" - external_first: no - external_only: no - external_set: yes + external_first: false + external_only: false + external_set: true role_mappings: "{{ default_free_ipa_role_mappings }}" auth_providers: diff --git a/roles/cloudera_manager/external_auth/vars/main.yml b/roles/cloudera_manager/external_auth/vars/main.yml index ba87e6c9..76f3bce6 100644 --- a/roles/cloudera_manager/external_auth/vars/main.yml +++ b/roles/cloudera_manager/external_auth/vars/main.yml @@ -32,11 +32,11 @@ auth_role_display_names: default_free_ipa_role_mappings: - group: admins - roles: [ ROLE_ADMIN ] + roles: [ROLE_ADMIN] - group: auditors - roles: [ ROLE_AUDITOR ] + roles: [ROLE_AUDITOR] - group: users - roles: [ ROLE_USER ] + roles: [ROLE_USER] # when: # - freeipa_activated # - cloudera_manager_external_auth is undefined @@ -44,9 +44,9 @@ default_free_ipa_role_mappings: cloudera_manager_external_auth: provider: "FreeIPA" - external_first: no - external_only: no - external_set: yes + external_first: false + external_only: false + external_set: true role_mappings: "{{ default_free_ipa_role_mappings }}" # when: # - freeipa_activated diff --git a/roles/cloudera_manager/hosts_config/tasks/main.yml b/roles/cloudera_manager/hosts_config/tasks/main.yml index f04baa52..2ff56c41 100644 --- a/roles/cloudera_manager/hosts_config/tasks/main.yml +++ b/roles/cloudera_manager/hosts_config/tasks/main.yml @@ -1,5 +1,4 @@ --- - # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,7 +21,7 @@ include_role: name: cloudera.cluster.cloudera_manager.config vars: - api_config_keys_uppercase: False + api_config_keys_uppercase: false api_config_endpoint: cm/allHosts/config api_configs: "{{ definition.hosts.configs }}" when: definition.hosts.configs is defined diff --git a/roles/cloudera_manager/kerberos/tasks/main.yml b/roles/cloudera_manager/kerberos/tasks/main.yml index ce1a3f05..eafa986c 100644 --- a/roles/cloudera_manager/kerberos/tasks/main.yml +++ b/roles/cloudera_manager/kerberos/tasks/main.yml @@ -13,12 +13,11 @@ # limitations under the License. --- - - name: Set Cloudera Manager Kerberos configs include_role: name: cloudera.cluster.cloudera_manager.config vars: - api_config_keys_uppercase: True + api_config_keys_uppercase: true api_configs: "{{ lookup('template', 'kerberos_configs.j2') | from_yaml }}" - name: Import KDC admin credentials diff --git a/roles/cloudera_manager/license/tasks/enterprise.yml b/roles/cloudera_manager/license/tasks/enterprise.yml index 5db30f85..2cbd28cf 100644 --- a/roles/cloudera_manager/license/tasks/enterprise.yml +++ b/roles/cloudera_manager/license/tasks/enterprise.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get current Cloudera license status cloudera.cluster.cm_api: endpoint: /cm/license @@ -44,7 +43,7 @@ ansible.builtin.assert: that: __cloudera_license_file.stat.exists fail_msg: "Expected to find Cloudera License file at {{ license_local_tmp_path }}" - quiet: yes + quiet: true - name: Post license file to Cloudera Manager API ansible.builtin.shell: > diff --git a/roles/cloudera_manager/license/tasks/main.yml b/roles/cloudera_manager/license/tasks/main.yml index a618cc81..a5f02542 100644 --- a/roles/cloudera_manager/license/tasks/main.yml +++ b/roles/cloudera_manager/license/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Upload enterprise license include_tasks: enterprise.yml when: cloudera_manager_license_type == 'enterprise' diff --git a/roles/cloudera_manager/license/tasks/trial.yml b/roles/cloudera_manager/license/tasks/trial.yml index 9187f32f..d6c2a830 100644 --- a/roles/cloudera_manager/license/tasks/trial.yml +++ b/roles/cloudera_manager/license/tasks/trial.yml @@ -13,10 +13,9 @@ # limitations under the License. --- - - name: Begin Cloudera Manager trial license cloudera.cluster.cm_api: endpoint: /cm/trial/begin method: POST status_code: 200,204 - ignore_errors: True + ignore_errors: true diff --git a/roles/cloudera_manager/preload_parcels/defaults/main.yml b/roles/cloudera_manager/preload_parcels/defaults/main.yml index aca2a1ab..a774fef1 100644 --- a/roles/cloudera_manager/preload_parcels/defaults/main.yml +++ b/roles/cloudera_manager/preload_parcels/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/cloudera_manager/preload_parcels/tasks/main.yml b/roles/cloudera_manager/preload_parcels/tasks/main.yml index 769fa039..ed5b812a 100644 --- a/roles/cloudera_manager/preload_parcels/tasks/main.yml +++ b/roles/cloudera_manager/preload_parcels/tasks/main.yml @@ -32,7 +32,7 @@ dest: "/opt/cloudera/parcel-repo/{{ __parcel_download_item | urlsplit('path') | basename | replace('.sha1', '.sha') }}" - name: Track async downloads to completion [ This may take a while if your files are very large or far away ] - when : preload_parcels + when: preload_parcels loop: "{{ __infra_download_parcels_results.results }}" loop_control: loop_var: __download_async_item diff --git a/roles/cloudera_manager/repo/defaults/main.yml b/roles/cloudera_manager/repo/defaults/main.yml index 42ac1005..95ce1852 100644 --- a/roles/cloudera_manager/repo/defaults/main.yml +++ b/roles/cloudera_manager/repo/defaults/main.yml @@ -18,6 +18,6 @@ cloudera_manager_version: 7.6.1 cloudera_manager_distro_name: "{{ ansible_os_family | lower }}" cloudera_manager_distro_version: "{{ ansible_distribution_major_version }}" -install_repo_on_host: yes +install_repo_on_host: true set_custom_repo_as_archive_base_url: "{{ use_custom_repo_as_archive_base_url | default(True) }}" diff --git a/roles/cloudera_manager/repo/tasks/main-Debian.yml b/roles/cloudera_manager/repo/tasks/main-Debian.yml index 679d5dbe..c67f006c 100644 --- a/roles/cloudera_manager/repo/tasks/main-Debian.yml +++ b/roles/cloudera_manager/repo/tasks/main-Debian.yml @@ -13,22 +13,24 @@ # limitations under the License. --- - - name: Add credentials to repository URLs if required set_fact: - cloudera_manager_repo_url_with_creds: "{{ cloudera_manager_repo_url | regex_replace('^(?Phttp[s]?://)','\\g' + cloudera_manager_repo_username|string + ':' + cloudera_manager_repo_password|string + '@')}}" - cloudera_manager_repo_key_with_creds: "{{ cloudera_manager_repo_key | regex_replace('^(?Phttp[s]?://)','\\g' + cloudera_manager_repo_username|string + ':' + cloudera_manager_repo_password|string + '@')}}" - no_log: yes + cloudera_manager_repo_url_with_creds: "{{ cloudera_manager_repo_url | regex_replace('^(?Phttp[s]?://)','\\g' + cloudera_manager_repo_username|string + + ':' + cloudera_manager_repo_password|string + '@')}}" + cloudera_manager_repo_key_with_creds: "{{ cloudera_manager_repo_key | regex_replace('^(?Phttp[s]?://)','\\g' + cloudera_manager_repo_username|string + + ':' + cloudera_manager_repo_password|string + '@')}}" + no_log: true when: cloudera_manager_repo_username is defined - name: Add Cloudera Manager apt repository key apt_key: url: "{{ cloudera_manager_repo_key_with_creds | default(cloudera_manager_repo_key) }}" state: present - no_log: yes + no_log: true - name: Add Cloudera Manager apt repository apt_repository: - repo: "deb [arch=amd64] {{ cloudera_manager_repo_url_with_creds | default(cloudera_manager_repo_url) }} {{ cloudera_manager_repo_apt_codename }} {{ cloudera_manager_repo_apt_component }}" + repo: "deb [arch=amd64] {{ cloudera_manager_repo_url_with_creds | default(cloudera_manager_repo_url) }} {{ cloudera_manager_repo_apt_codename }} {{ cloudera_manager_repo_apt_component + }}" filename: cloudera-manager - no_log: yes + no_log: true diff --git a/roles/cloudera_manager/repo/tasks/main-RedHat.yml b/roles/cloudera_manager/repo/tasks/main-RedHat.yml index 4a801a80..428be4da 100644 --- a/roles/cloudera_manager/repo/tasks/main-RedHat.yml +++ b/roles/cloudera_manager/repo/tasks/main-RedHat.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Add Cloudera Manager yum repository ansible.builtin.yum_repository: name: cloudera-manager @@ -21,7 +20,7 @@ baseurl: "{{ cloudera_manager_repo_url }}" gpgkey: "{{ cloudera_manager_repo_key }}" gpgcheck: "{{ cloudera_manager_repo_gpgcheck | default((cloudera_manager_version.split('.')[0] == '5' ) | ternary('no', 'yes')) }}" - enabled: yes + enabled: true username: "{{ cloudera_manager_repo_username | default('') }}" password: "{{ cloudera_manager_repo_password | default('') }}" diff --git a/roles/cloudera_manager/repo/tasks/main.yml b/roles/cloudera_manager/repo/tasks/main.yml index b957f147..b1765327 100644 --- a/roles/cloudera_manager/repo/tasks/main.yml +++ b/roles/cloudera_manager/repo/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include variables include_vars: file: "{{ ansible_os_family }}.yml" @@ -27,7 +26,8 @@ - name: Correct repo URL for Redhat with cm5 ansible.builtin.set_fact: - __cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/p/cm{{ __cloudera_manager_major_version }}/redhat/{{ ansible_distribution_major_version }}/x86_64/cm/{{ cloudera_manager_version }}" + __cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/p/cm{{ __cloudera_manager_major_version }}/redhat/{{ ansible_distribution_major_version + }}/x86_64/cm/{{ cloudera_manager_version }}" when: - ansible_os_family != "Debian" - cloudera_manager_version.split('.')[0] == "5" diff --git a/roles/cloudera_manager/repo/vars/Debian.yml b/roles/cloudera_manager/repo/vars/Debian.yml index 7aade359..1a022d52 100644 --- a/roles/cloudera_manager/repo/vars/Debian.yml +++ b/roles/cloudera_manager/repo/vars/Debian.yml @@ -14,8 +14,10 @@ --- __cloudera_manager_major_version: "{{ cloudera_manager_version.split('.')[0] }}" -__cloudera_manager_repo_url_trial: "{{ cloudera_archive_base_url }}/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version }}/{{ ansible_distribution | lower }}{{ ansible_distribution_version | replace('.','') }}/apt" -__cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url }}/p/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version }}/{{ ansible_distribution | lower }}{{ ansible_distribution_version | replace('.','') }}/apt" +__cloudera_manager_repo_url_trial: "{{ cloudera_archive_base_url }}/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version }}/{{ ansible_distribution + | lower }}{{ ansible_distribution_version | replace('.','') }}/apt" +__cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url }}/p/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version }}/{{ ansible_distribution + | lower }}{{ ansible_distribution_version | replace('.','') }}/apt" __cloudera_manager_repo_key_filename: archive.key __cloudera_manager_repo_key_trial: "{{ __cloudera_manager_repo_url_trial }}/{{ __cloudera_manager_repo_key_filename }}" __cloudera_manager_repo_key_paywall: "{{ __cloudera_manager_repo_url_paywall }}/{{ __cloudera_manager_repo_key_filename }}" diff --git a/roles/cloudera_manager/repo/vars/RedHat.yml b/roles/cloudera_manager/repo/vars/RedHat.yml index b0d2e1bf..fdefcf87 100644 --- a/roles/cloudera_manager/repo/vars/RedHat.yml +++ b/roles/cloudera_manager/repo/vars/RedHat.yml @@ -17,8 +17,10 @@ __cloudera_manager_major_version: "{{ cloudera_manager_version.split('.')[0] }}" __cloudera_manager_cm5_path: "{{ ansible_os_family | lower }}/{{ ansible_distribution_major_version }}/x86_64/cm/{{ cloudera_manager_version }}" __cloudera_manager_cm6_path: "{{ cloudera_manager_version }}/{{ cloudera_manager_distro_name }}{{ cloudera_manager_distro_version }}/yum" -__cloudera_manager_repo_url_trial: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version }}/{{ cloudera_manager_distro_name }}{{ cloudera_manager_distro_version }}/yum" -__cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/p/cm{{ __cloudera_manager_major_version }}/{{ (__cloudera_manager_major_version == '5' ) | ternary(__cloudera_manager_cm5_path, __cloudera_manager_cm6_path) }}" +__cloudera_manager_repo_url_trial: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/cm{{ __cloudera_manager_major_version }}/{{ cloudera_manager_version + }}/{{ cloudera_manager_distro_name }}{{ cloudera_manager_distro_version }}/yum" +__cloudera_manager_repo_url_paywall: "{{ cloudera_archive_base_url | regex_replace('/?$','') }}/p/cm{{ __cloudera_manager_major_version }}/{{ (__cloudera_manager_major_version + == '5' ) | ternary(__cloudera_manager_cm5_path, __cloudera_manager_cm6_path) }}" __cloudera_manager_repo_key_filename: "RPM-GPG-KEY-cloudera" __cloudera_manager_repo_key_trial: "{{ __cloudera_manager_repo_url_trial }}/{{ __cloudera_manager_repo_key_filename }}" diff --git a/roles/cloudera_manager/server/tasks/main.yml b/roles/cloudera_manager/server/tasks/main.yml index 81392923..eca6f7aa 100644 --- a/roles/cloudera_manager/server/tasks/main.yml +++ b/roles/cloudera_manager/server/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Gather the package facts ansible.builtin.package_facts: manager: auto @@ -44,7 +43,7 @@ - name: Customize CMF_SERVER_ARGS lineinfile: path: /etc/default/cloudera-scm-server - regexp: '^CMF_SERVER_ARGS=' + regexp: "^CMF_SERVER_ARGS=" line: 'CMF_SERVER_ARGS="{{ cloudera_manager_cmf_server_args }}"' when: cloudera_manager_cmf_server_args is defined @@ -52,7 +51,7 @@ - name: Customize CMF_JAVA_OPTS lineinfile: path: /etc/default/cloudera-scm-server - regexp: '^export CMF_JAVA_OPTS=' + regexp: "^export CMF_JAVA_OPTS=" line: 'export CMF_JAVA_OPTS="{{ cloudera_manager_cmf_java_opts }}"' when: cloudera_manager_cmf_java_opts is defined diff --git a/roles/cloudera_manager/server_tls/tasks/main.yml b/roles/cloudera_manager/server_tls/tasks/main.yml index b9cc77f1..d50b9624 100644 --- a/roles/cloudera_manager/server_tls/tasks/main.yml +++ b/roles/cloudera_manager/server_tls/tasks/main.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Set Cloudera Manager TLS configs include_role: name: cloudera.cluster.cloudera_manager.config when: tls | default(False) vars: - api_config_keys_uppercase: True + api_config_keys_uppercase: true api_configs: "{{ lookup('template', 'tls_configs.j2') | from_yaml }}" - fail: @@ -30,8 +29,9 @@ - name: Customize CMF_JAVA_OPTS lineinfile: path: /etc/default/cloudera-scm-server - regexp: '^export CMF_JAVA_OPTS=' - line: 'export CMF_JAVA_OPTS="{{ opts }} -Djavax.net.ssl.trustStore={{ tls_uber_truststore_path }} -Djavax.net.ssl.trustStorePassword={{ tls_truststore_password }}"' + regexp: "^export CMF_JAVA_OPTS=" + line: 'export CMF_JAVA_OPTS="{{ opts }} -Djavax.net.ssl.trustStore={{ tls_uber_truststore_path }} -Djavax.net.ssl.trustStorePassword={{ tls_truststore_password + }}"' vars: opts: "{{ cloudera_manager_cmf_java_opts | default(cloudera_manager_cmf_java_opts_default) }}" when: diff --git a/roles/cloudera_manager/services_info/defaults/main.yml b/roles/cloudera_manager/services_info/defaults/main.yml index 466cf679..0755cf99 100644 --- a/roles/cloudera_manager/services_info/defaults/main.yml +++ b/roles/cloudera_manager/services_info/defaults/main.yml @@ -1,3 +1,4 @@ +--- cluster_name: Default ranger_user: "{{ ranger_rangeradmin_user | default('admin') }}" ranger_password: "{{ ranger_rangeradmin_user_password | default(cloudera_manager_admin_password) }}" diff --git a/roles/cloudera_manager/services_info/tasks/main.yml b/roles/cloudera_manager/services_info/tasks/main.yml index 47159804..c02fb590 100644 --- a/roles/cloudera_manager/services_info/tasks/main.yml +++ b/roles/cloudera_manager/services_info/tasks/main.yml @@ -1,28 +1,27 @@ --- - - name: Get All services from CM cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services" register: cloudera_manager_all_services - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get All Mgmt Roles from CM cloudera.cluster.cm_api: endpoint: "/cm/service/roles" register: cloudera_manager_mgmt_roles - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get CM Hosts info cloudera.cluster.cm_api: endpoint: "/hosts" register: hosts_details - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get CM deployment of services cloudera.cluster.cm_api: endpoint: "/cm/deployment" register: cm_deployment_services - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get cluster parcel details cloudera.cluster.cm_api: @@ -113,7 +112,7 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ wxm_service_name | lower }}/roles" register: cloudera_manager_wxm_all_roles - no_log: yes # overly verbose + no_log: true # overly verbose - set_fact: wxm_api_server: "{{ cloudera_manager_wxm_all_roles.json | community.general.json_query(query) }}" @@ -124,7 +123,7 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ wxm_service_name | lower }}/roleConfigGroups/{{ wxm_service_name | lower }}-THUNDERHEAD_SIGMA_CONSOLE-BASE/config?view=full" register: cloudera_manager_wxm_all_rcgs - no_log: yes # overly verbose + no_log: true # overly verbose - set_fact: wxm_ssl_enabled: "{{ cloudera_manager_wxm_all_roles.json | community.general.json_query(query) }}" @@ -162,13 +161,13 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ ranger_service_name | lower }}/config?view=full" register: full_ranger_config - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get Ranger Admin full config cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ ranger_service_name | lower }}/roleConfigGroups/{{ ranger_service_name | lower }}-RANGER_ADMIN-BASE/config?view=full" register: full_ranger_admin_config - no_log: yes # overly verbose + no_log: true # overly verbose - set_fact: ranger_ssl: "{{ full_ranger_admin_config.json | community.general.json_query(query) }}" @@ -219,7 +218,7 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ solr_service_name | lower }}/roles" register: solr_roles - no_log: yes # overly verbose + no_log: true # overly verbose - set_fact: solr_all_hosts: "{{ solr_roles.json | community.general.json_query(query) }}" @@ -230,13 +229,13 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ solr_service_name | lower }}/config?view=full" register: solr_full_config - no_log: yes # overly verbose + no_log: true # overly verbose - name: Get SolR full config for SOLR_SERVER-BASE cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ solr_service_name | lower }}/roleConfigGroups/{{ solr_service_name | lower }}-SOLR_SERVER-BASE/config?view=full" register: solr_full_config_base - no_log: yes # overly verbose + no_log: true # overly verbose # Additional solr configs # Set SoLR protocol @@ -298,7 +297,7 @@ cloudera.cluster.cm_api: endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ knox_service_name | lower }}/roleConfigGroups/{{ knox_service_name | lower }}-KNOX_GATEWAY-BASE/config?view=full" register: knox_full_config - no_log: yes # overly verbose + no_log: true # overly verbose - set_fact: gateway_descriptor_cdp_proxy: "{{ knox_full_config.json | community.general.json_query(query) }}" diff --git a/roles/cloudera_manager/session_timeout/tasks/main.yml b/roles/cloudera_manager/session_timeout/tasks/main.yml index 0965cba6..4b5722fa 100644 --- a/roles/cloudera_manager/session_timeout/tasks/main.yml +++ b/roles/cloudera_manager/session_timeout/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Set session timeout to 30 days cloudera.cluster.cm_api: endpoint: /cm/config diff --git a/roles/cloudera_manager/wait_for_heartbeat/tasks/main.yml b/roles/cloudera_manager/wait_for_heartbeat/tasks/main.yml index 1ca80710..62910bc4 100644 --- a/roles/cloudera_manager/wait_for_heartbeat/tasks/main.yml +++ b/roles/cloudera_manager/wait_for_heartbeat/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Read the Cloudera Manager agent UUID slurp: path: "{{ cloudera_manager_agent_lib_directory }}/uuid" diff --git a/roles/config/cluster/base/tasks/main.yml b/roles/config/cluster/base/tasks/main.yml index aeec29b9..690bd12b 100644 --- a/roles/config/cluster/base/tasks/main.yml +++ b/roles/config/cluster/base/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - # This variable is used by other roles # please take care when changing it - set_fact: diff --git a/roles/config/cluster/base/vars/main.yml b/roles/config/cluster/base/vars/main.yml index 02cf6975..e30e2a2c 100644 --- a/roles/config/cluster/base/vars/main.yml +++ b/roles/config/cluster/base/vars/main.yml @@ -15,19 +15,19 @@ --- custom_config_templates: -# Explicit defaults - only run if we're neither updating services nor doing an upgrade + # Explicit defaults - only run if we're neither updating services nor doing an upgrade - template: configs/defaults.j2 condition: "{{ not(update_services|default(false)|bool or cdh_cdp_upgrade|default(false)|bool) }}" -# Custom configurations for databases + # Custom configurations for databases - template: configs/databases.j2 - template: configs/databases-7.1.0.j2 condition: "{{ cloudera_runtime_version is version('7.1.0','>=') and cloudera_runtime_version is version('7.1.9','<') }}" - template: configs/databases-7.1.9.j2 condition: "{{ cloudera_runtime_version is version('7.1.9','>=') }}" -# Custom configurations for Infra Solr + # Custom configurations for Infra Solr - template: configs/infra-solr.j2 condition: "{{ 'INFRA_SOLR' in cluster.services }}" -# Custom configurations for logging + # Custom configurations for logging - template: configs/logdirs.j2 - template: configs/logdirs-6.x.j2 condition: "{{ cloudera_runtime_version is version('6.0.0','>=') and cloudera_runtime_version is version('7.0.0','<') }}" @@ -36,26 +36,30 @@ custom_config_templates: - template: configs/logdirs-7.1.9.j2 condition: "{{ cloudera_runtime_version is version('7.1.9','>=') }}" - template: configs/logdirs-ranger-spooldirs.j2 - condition: "{{ cloudera_runtime_version is version('7.1.0','>=') and (cloudera_runtime_pre_upgrade is undefined or cloudera_runtime_pre_upgrade is version('7.1.0','>=')) and cloudera_runtime_version is version('7.1.9','<') }}" + condition: "{{ cloudera_runtime_version is version('7.1.0','>=') and (cloudera_runtime_pre_upgrade is undefined or cloudera_runtime_pre_upgrade is version('7.1.0','>=')) + and cloudera_runtime_version is version('7.1.9','<') }}" - template: configs/logdirs-ranger-spooldirs-7.1.9.j2 condition: "{{ cloudera_runtime_version is version('7.1.9','>=') }}" -# Custom configurations for out-of-memory behaviour, heap dumps etc + # Custom configurations for out-of-memory behaviour, heap dumps etc - template: configs/oom.j2 condition: "{{ cluster.oom is defined }}" - template: configs/oom-6.3.0.j2 condition: "{{ cluster.oom is defined and cloudera_runtime_version is version('6.0.0','>=') }}" - template: configs/oom-7.1.0.j2 condition: "{{ cluster.oom is defined and cloudera_runtime_version is version('7.1.0','>=') }}" -# Custom configurations for Kerberos + # Custom configurations for Kerberos - template: configs/kerberos-5.x.j2 - condition: "{{ cluster.security.kerberos | default(False) and (cloudera_manager_version is version('6.0.0','<') or cluster.type | default('base') == 'compute') }}" + condition: "{{ cluster.security.kerberos | default(False) and (cloudera_manager_version is version('6.0.0','<') or cluster.type | default('base') == 'compute') + }}" - template: configs/kerberos-6.x-7.x.j2 condition: "{{ cluster.security.kerberos | default(False) and cloudera_manager_version is version('6.0.0','>=') }}" - template: configs/kerberos-7.x.j2 - condition: "{{ cluster.security.kerberos | default(False) and cloudera_runtime_version is version('7.1.0','>=') and (cloudera_runtime_pre_upgrade is undefined or cloudera_runtime_pre_upgrade is version('7.1.0','>=')) }}" + condition: "{{ cluster.security.kerberos | default(False) and cloudera_runtime_version is version('7.1.0','>=') and (cloudera_runtime_pre_upgrade is undefined + or cloudera_runtime_pre_upgrade is version('7.1.0','>=')) }}" - template: configs/trusted-realms.j2 - condition: "{{ cluster.security.kerberos | default(False) and auth_providers | default({}) | dict2items | json_query('[?value.type == `KERBEROS`]') | length > 0 }}" -# Custom configurations for TLS + condition: "{{ cluster.security.kerberos | default(False) and auth_providers | default({}) | dict2items | json_query('[?value.type == `KERBEROS`]') | length > + 0 }}" + # Custom configurations for TLS - template: configs/tls.j2 condition: "{{ cluster.security.tls | default(False) }}" - template: configs/tls-6.x.j2 @@ -63,12 +67,13 @@ custom_config_templates: - template: configs/tls-7.1.0.j2 condition: "{{ cluster.security.tls | default(False) and cloudera_runtime_version is version('7.1.0','>=') }}" - template: configs/tls-7.1.4.j2 - condition: "{{ cluster.security.tls | default(False) and cloudera_runtime_version is version('7.1.4','>=') and (cloudera_runtime_pre_upgrade is undefined or cloudera_runtime_pre_upgrade is version('7.1.4','>=')) }}" + condition: "{{ cluster.security.tls | default(False) and cloudera_runtime_version is version('7.1.4','>=') and (cloudera_runtime_pre_upgrade is undefined or cloudera_runtime_pre_upgrade + is version('7.1.4','>=')) }}" - template: configs/tls-7.3.1.j2 condition: "{{ cluster.security.tls | default(False) and cloudera_manager_version is version('7.3.1', '>=') }}" - template: configs/tls-cm-7.j2 condition: "{{ cluster.security.tls | default(False) and cloudera_manager_version is version('7.1.0','>=') }}" -# Custom configurations for Cloudera Streams Processing components on CDH 6.x + # Custom configurations for Cloudera Streams Processing components on CDH 6.x - template: configs/schemaregistry.j2 condition: >- {{ cloudera_runtime_version is version('7.0.0','<') @@ -77,32 +82,32 @@ custom_config_templates: condition: >- {{ cloudera_runtime_version is version('7.0.0','<') and 'STREAMS_MESSAGING_MANAGER' in cluster.services }} -# Custom configurations for Phoenix + # Custom configurations for Phoenix - template: configs/phoenix.j2 condition: "{{ 'PHOENIX' in cluster.services }}" -# Custom configurations for Ranger + # Custom configurations for Ranger - template: configs/ranger.j2 condition: "{{ 'RANGER' in cluster.services }}" -# Custom configurations for Sentry + # Custom configurations for Sentry - template: configs/sentry.j2 condition: "{{ 'SENTRY' in cluster.services }}" -# Custom configurations for WorkloadXM + # Custom configurations for WorkloadXM - template: configs/wxm.j2 condition: "{{ 'WXM' in cluster.services }}" -# Custom configuration for /var/lib directory + # Custom configuration for /var/lib directory - template: configs/varlib-7.1.0.j2 condition: "{{ cluster.varlib_base is defined and cloudera_runtime_version is version('7.1.3','>=') }}" -# LDAP configuration + # LDAP configuration - template: configs/ldap.j2 condition: >- {{ service_auth_provider is defined and service_auth_provider in auth_providers | default({}) and auth_providers[service_auth_provider].type | default('LDAP') == "LDAP" }} -# Custom configuration for when adding services + # Custom configuration for when adding services - template: configs/inter-service-dependencies.j2 condition: "{{ (update_services | default(false) or (cdh_cdp_upgrade|default(false)|bool)) }}" -# Workarounds for bugs / known issues + # Workarounds for bugs / known issues - template: workarounds/OPSAPS-56076.j2 # TODO update fix version condition: >- diff --git a/roles/config/cluster/common/defaults/main.yml b/roles/config/cluster/common/defaults/main.yml index 6966d5ff..3b5b77e3 100644 --- a/roles/config/cluster/common/defaults/main.yml +++ b/roles/config/cluster/common/defaults/main.yml @@ -14,8 +14,8 @@ --- -cluster_template_dry_run: False -tls: False +cluster_template_dry_run: false +tls: false default_cluster_type: base @@ -23,7 +23,6 @@ pvc_type: "" kms_services: [KEYTRUSTEE, RANGER_KMS, RANGER_KMS_KTS] sdx_services: [ATLAS, HDFS, HIVE, RANGER, SENTRY] - default_cluster_base: name: Cluster data_contexts: @@ -38,13 +37,10 @@ default_cluster_kts: DB_ACTIVE: {} KEYTRUSTEE_PASSIVE_SERVER: {} DB_PASSIVE: {} - default_cluster_ecs: name: ECS services: [DOCKER, ECS] - ecs_databases: [ALERTS, CLASSIC_CLUSTERS, CLUSTER_ACCESS_MANAGER, CLUSTER_PROXY, DEX, DWX, ENV, LIFTIE, MLX, RESOURCEPOOL_MANAGER, UMS] - default_cluster_compute: base_cluster: data_context: SDX diff --git a/roles/config/cluster/ecs/tasks/main.yml b/roles/config/cluster/ecs/tasks/main.yml index aeec29b9..690bd12b 100644 --- a/roles/config/cluster/ecs/tasks/main.yml +++ b/roles/config/cluster/ecs/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - # This variable is used by other roles # please take care when changing it - set_fact: diff --git a/roles/config/cluster/ecs/vars/main.yml b/roles/config/cluster/ecs/vars/main.yml index 8c40b01f..09d498ab 100644 --- a/roles/config/cluster/ecs/vars/main.yml +++ b/roles/config/cluster/ecs/vars/main.yml @@ -15,5 +15,5 @@ --- custom_config_templates: -# Custom configurations for ECS + # Custom configurations for ECS - template: configs/ecs.j2 diff --git a/roles/config/cluster/kts/tasks/main.yml b/roles/config/cluster/kts/tasks/main.yml index 625300d2..22adaafa 100644 --- a/roles/config/cluster/kts/tasks/main.yml +++ b/roles/config/cluster/kts/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Retrieve repository metadata include_role: name: cloudera.cluster.deployment.repometa diff --git a/roles/config/cluster/kts/vars/main.yml b/roles/config/cluster/kts/vars/main.yml index 05853527..d0c5aa5d 100644 --- a/roles/config/cluster/kts/vars/main.yml +++ b/roles/config/cluster/kts/vars/main.yml @@ -15,6 +15,6 @@ --- custom_config_templates: -# Custom configurations for TLS + # Custom configurations for TLS - template: configs/tls.j2 condition: "{{ cluster.security.tls | default(False) }}" diff --git a/roles/config/services/kms/tasks/main.yml b/roles/config/services/kms/tasks/main.yml index 9eb00494..3a7283b8 100644 --- a/roles/config/services/kms/tasks/main.yml +++ b/roles/config/services/kms/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Reset custom configuration dictionary set_fact: merged_configs: {} diff --git a/roles/config/services/kms_tls/tasks/main.yml b/roles/config/services/kms_tls/tasks/main.yml index 689b818c..9d7fbc41 100644 --- a/roles/config/services/kms_tls/tasks/main.yml +++ b/roles/config/services/kms_tls/tasks/main.yml @@ -4,7 +4,7 @@ endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ kms_service_name | lower }}/roleConfigGroups/{{ kms_service_name | lower }}-RANGER_KMS_SERVER_KTS-BASE/config" method: PUT body: "{{ lookup('file', 'kms_tls.json', errors='ignore' ) }}" - ignore_errors: yes + ignore_errors: true when: cloudera_manager_version is version('7.0.0','>=') - name: Push TLS settings for Keytrustee roleConfigGroups @@ -12,7 +12,7 @@ endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ kms_service_name | lower }}/roleConfigGroups/{{ kms_service_name | lower }}-KMS_KEYTRUSTEE-BASE/config" method: PUT body: "{{ lookup('file', 'kms_tls_cdh.json', errors='ignore' ) }}" - ignore_errors: yes + ignore_errors: true when: cloudera_manager_version is version('7.0.0','<') - name: Push TLS settings for Keytrustee config @@ -20,7 +20,7 @@ endpoint: "/clusters/{{ cluster_name | urlencode() }}/services/{{ kms_service_name | lower }}/config" method: PUT body: "{{ lookup('file', 'kms_tls_cdh_kms.json', errors='ignore' ) }}" - ignore_errors: yes + ignore_errors: true when: cloudera_manager_version is version('7.0.0','<') # Restart all clusters to be sure diff --git a/roles/config/services/mgmt/tasks/main.yml b/roles/config/services/mgmt/tasks/main.yml index a07aae3e..370bd50d 100644 --- a/roles/config/services/mgmt/tasks/main.yml +++ b/roles/config/services/mgmt/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - # This variable is used by other roles # please take care when changing it - set_fact: diff --git a/roles/config/services/oozie_ui/tasks/main.yml b/roles/config/services/oozie_ui/tasks/main.yml index e7ef38e4..b5edc575 100644 --- a/roles/config/services/oozie_ui/tasks/main.yml +++ b/roles/config/services/oozie_ui/tasks/main.yml @@ -18,7 +18,7 @@ owner: oozie group: oozie state: directory - mode: '0755' + mode: "0755" ignore_errors: true - name: Install unzip diff --git a/roles/config/services/ranger_pvc_default_policies/tasks/main.yml b/roles/config/services/ranger_pvc_default_policies/tasks/main.yml index 828f1d02..07596116 100644 --- a/roles/config/services/ranger_pvc_default_policies/tasks/main.yml +++ b/roles/config/services/ranger_pvc_default_policies/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Post Ranger policies declared in policies directory register: __ranger_pol_response uri: @@ -7,13 +6,13 @@ method: POST user: "{{ ranger_user }}" password: "{{ ranger_password }}" - return_content: yes + return_content: true body: "{{ lookup('template', '{{ item.src }}' ) }}" body_format: json status_code: 200 - validate_certs: no - force_basic_auth: yes - no_log: True + validate_certs: false + force_basic_auth: true + no_log: true with_filetree: "{{ role_path }}/policies" failed_when: - __ranger_pol_response is failed diff --git a/roles/config/services/solr_ranger_plugin/tasks/main.yml b/roles/config/services/solr_ranger_plugin/tasks/main.yml index aff71252..b778d298 100644 --- a/roles/config/services/solr_ranger_plugin/tasks/main.yml +++ b/roles/config/services/solr_ranger_plugin/tasks/main.yml @@ -6,13 +6,13 @@ method: POST user: "{{ ranger_user }}" password: "{{ ranger_password }}" - return_content: yes + return_content: true body: "{{ lookup('template', 'solr_plugin.json' ) }}" body_format: json status_code: 200 - validate_certs: no - force_basic_auth: yes - no_log: yes + validate_certs: false + force_basic_auth: true + no_log: true failed_when: - __ranger_solr_plugin is failed - "'Duplicate service name' not in __ranger_solr_plugin.json.msgDesc" diff --git a/roles/deployment/cluster/tasks/create_base.yml b/roles/deployment/cluster/tasks/create_base.yml index 4f2f6f21..c88bb85f 100644 --- a/roles/deployment/cluster/tasks/create_base.yml +++ b/roles/deployment/cluster/tasks/create_base.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate complete base cluster configs include_role: name: cloudera.cluster.config.cluster.base @@ -28,7 +27,7 @@ template: src: cluster_template/main.j2 dest: /tmp/cluster_template_{{ cluster.name | replace(' ','_') }}.json - mode: 0600 + mode: "0600" #when: cluster_template_dry_run - name: Import cluster template for {{ cluster.name }} @@ -37,7 +36,7 @@ method: POST body: "{{ lookup('template', 'cluster_template/main.j2', convert_data=False) }}" register: cluster_template_result - ignore_errors: yes + ignore_errors: true when: not cluster_template_dry_run - name: Find cluster template command URL for troubleshooting diff --git a/roles/deployment/cluster/tasks/create_data_context.yml b/roles/deployment/cluster/tasks/create_data_context.yml index ea38378c..fff174a6 100644 --- a/roles/deployment/cluster/tasks/create_data_context.yml +++ b/roles/deployment/cluster/tasks/create_data_context.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Create data contexts cloudera.cluster.cm_api: endpoint: /dataContexts diff --git a/roles/deployment/cluster/tasks/create_ecs.yml b/roles/deployment/cluster/tasks/create_ecs.yml index 55be5dc4..50f3aa06 100644 --- a/roles/deployment/cluster/tasks/create_ecs.yml +++ b/roles/deployment/cluster/tasks/create_ecs.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate complete ecs cluster configs include_role: name: cloudera.cluster.config.cluster.ecs @@ -59,7 +58,8 @@ register: cm_config - set_fact: - parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) }}" + parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) + }}" - name: Update parcelrepos cloudera.cluster.cm_api: @@ -100,7 +100,7 @@ cloudera.cluster.cm_api: endpoint: /clusters/{{cluster.name | urlencode() }}/parcels/products/ECS/versions/{{ new_parcel_version }} register: parcels_response - until: parcels_response.json.stage in ("DISTRIBUTED", "ACTIVATED") + until: parcels_response.json.stage in ("DISTRIBUTED", "ACTIVATED") retries: "{{ parcel_poll_max_retries | default(30) }}" delay: "{{ parcel_poll_duration | default(60) }}" @@ -113,7 +113,7 @@ cloudera.cluster.cm_api: endpoint: /clusters/{{cluster.name | urlencode() }}/parcels/products/ECS/versions/{{ new_parcel_version }} register: parcels_response - until: parcels_response.json.stage in ("ACTIVATED") + until: parcels_response.json.stage in ("ACTIVATED") retries: "{{ parcel_poll_max_retries | default(30) }}" delay: "{{ parcel_poll_duration | default(60) }}" @@ -125,7 +125,8 @@ - name: Generate custom values - Embedded when: cluster.controlplane_config.Database.Mode == 'embedded' set_fact: - custom_values: "{{ lookup('template', 'cluster_template/ecs/controlPlaneValuesEmbedded.j2') | from_yaml | combine(cluster.controlplane_config, recursive=True) }}" + custom_values: "{{ lookup('template', 'cluster_template/ecs/controlPlaneValuesEmbedded.j2') | from_yaml | combine(cluster.controlplane_config, recursive=True) + }}" - name: Show custom values debug: diff --git a/roles/deployment/cluster/tasks/create_kts.yml b/roles/deployment/cluster/tasks/create_kts.yml index 89d293d3..742d2fbb 100644 --- a/roles/deployment/cluster/tasks/create_kts.yml +++ b/roles/deployment/cluster/tasks/create_kts.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate complete kts cluster configs include_role: name: cloudera.cluster.config.cluster.kts @@ -25,26 +24,25 @@ #when: cluster_template_dry_run - block: - - - name: Import cluster template for {{ cluster.name }} - cloudera.cluster.cm_api: - endpoint: /cm/importClusterTemplate?addRepositories=true - method: POST - body: "{{ lookup('template', 'cluster_template/main.j2', convert_data=False) }}" - register: cluster_template_result - failed_when: '"Status code was 400" in cluster_template_result.msg' - - - set_fact: - first_run_failure: > - {{ cluster_template_result.json | - json_query('children.items[?resultMessage==`Failed to perform First Run of services.`]') }} - - # If we have installed a cluster with Key Trustee Server HA, first run will have failed (but this is ok) - # Stop the service now in preparation for remedial action - - name: Stop Key Trustee Server service when first run failed - cloudera.cluster.cm_api: - endpoint: /clusters/{{ cluster.name | urlencode() }}/services/keytrustee_server/commands/stop - method: POST - when: "'kts_passive' in groups and first_run_failure" + - name: Import cluster template for {{ cluster.name }} + cloudera.cluster.cm_api: + endpoint: /cm/importClusterTemplate?addRepositories=true + method: POST + body: "{{ lookup('template', 'cluster_template/main.j2', convert_data=False) }}" + register: cluster_template_result + failed_when: '"Status code was 400" in cluster_template_result.msg' + + - set_fact: + first_run_failure: > + {{ cluster_template_result.json | + json_query('children.items[?resultMessage==`Failed to perform First Run of services.`]') }} + + # If we have installed a cluster with Key Trustee Server HA, first run will have failed (but this is ok) + # Stop the service now in preparation for remedial action + - name: Stop Key Trustee Server service when first run failed + cloudera.cluster.cm_api: + endpoint: /clusters/{{ cluster.name | urlencode() }}/services/keytrustee_server/commands/stop + method: POST + when: "'kts_passive' in groups and first_run_failure" when: not cluster_template_dry_run diff --git a/roles/deployment/cluster/tasks/fs2cs.yml b/roles/deployment/cluster/tasks/fs2cs.yml index 9acf0a9f..f82d3f45 100644 --- a/roles/deployment/cluster/tasks/fs2cs.yml +++ b/roles/deployment/cluster/tasks/fs2cs.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - set_fact: ts_minus_one_week: "{{ '%Y-%m-%dT%H:%M:%S'| strftime(ansible_date_time.epoch|int - 604800) }}" @@ -21,7 +20,7 @@ cloudera.cluster.cm_api: endpoint: "/timeseries?query=SELECT%20fair_share_mb_cumulative,%20fair_share_vcores_cumulative%20WHERE%20queueName%20=%20root&from={{ ts_minus_one_week }}&desiredRollup=DAILY" method: GET - return_content: yes + return_content: true register: yarn_stats - set_fact: @@ -34,7 +33,7 @@ cloudera.cluster.cm_api: endpoint: /clusters/{{ cluster.name | urlencode() }}/services/yarn/config method: GET - return_content: yes + return_content: true register: yarn_conf - set_fact: diff --git a/roles/deployment/cluster/tasks/main.yml b/roles/deployment/cluster/tasks/main.yml index b15c67e8..469e2c83 100644 --- a/roles/deployment/cluster/tasks/main.yml +++ b/roles/deployment/cluster/tasks/main.yml @@ -16,14 +16,14 @@ - name: Include config cluster defaults for deployment ansible.builtin.include_role: name: cloudera.cluster.config.cluster.common - public: yes + public: true ## Nico - name: Apply "all hosts" configs include_role: name: cloudera.cluster.cloudera_manager.config vars: - api_config_keys_uppercase: False + api_config_keys_uppercase: false api_config_endpoint: cm/allHosts/config api_configs: "{{ definition.hosts.configs }}" when: definition.hosts.configs is defined @@ -99,7 +99,6 @@ - '"kts_active" in groups' - (deploy_only is defined and 'encryption' in deploy_only) or deploy_only is not defined - # Add deploy_only="encryption" to select kts from several clusters in clusters.yml - name: Upgrade Key Trustee server cluster include_tasks: upgrade_kts.yml diff --git a/roles/deployment/cluster/tasks/nav2atlas.yml b/roles/deployment/cluster/tasks/nav2atlas.yml index 8dc1f30d..b2933bc4 100644 --- a/roles/deployment/cluster/tasks/nav2atlas.yml +++ b/roles/deployment/cluster/tasks/nav2atlas.yml @@ -13,12 +13,11 @@ # limitations under the License. --- - - name: Get CM Service role description cloudera.cluster.cm_api: endpoint: /cm/service/roles/ method: GET - return_content: yes + return_content: true register: cm_roles - set_fact: @@ -31,7 +30,7 @@ cloudera.cluster.cm_api: endpoint: "/cm/service/roles/{{ nav_service }}/config" method: GET - return_content: yes + return_content: true register: nav_config - set_fact: @@ -49,7 +48,7 @@ ansible.builtin.file: state: directory path: "{{ nav2atlas_dir }}" - mode: 0700 + mode: "0700" owner: atlas group: atlas delegate_to: "{{ groups.atlas_atlas_server | first }}" @@ -68,7 +67,8 @@ delegate_to: "{{ groups.atlas_atlas_server | first }}" - set_fact: - atlas_migration_conf: "atlas.migration.data.filename={{ nav2atlas_dir }}/{{ cluster.name | replace(' ','_') }}-atlas-data.zip\natlas.migration.mode.batch.size=200\natlas.migration.mode.workers=8\natlas.patch.numWorkers=14\natlas.patch.batchSize=3000" + atlas_migration_conf: "atlas.migration.data.filename={{ nav2atlas_dir }}/{{ cluster.name | replace(' ','_') }}-atlas-data.zip\natlas.migration.mode.batch.size=200\n\ + atlas.migration.mode.workers=8\natlas.patch.numWorkers=14\natlas.patch.batchSize=3000" - name: Update Capacity Scheduler Config in CM cloudera.cluster.cm_api: diff --git a/roles/deployment/cluster/tasks/update_base.yml b/roles/deployment/cluster/tasks/update_base.yml index 208a0a0c..105c0498 100644 --- a/roles/deployment/cluster/tasks/update_base.yml +++ b/roles/deployment/cluster/tasks/update_base.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate complete base cluster configs include_role: name: config/cluster/base @@ -41,7 +40,8 @@ register: cm_config - set_fact: - parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) }}" + parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) + }}" - name: Update parcelrepos cloudera.cluster.cm_api: @@ -82,7 +82,7 @@ cloudera.cluster.cm_api: endpoint: /clusters/{{cluster.name | urlencode() }}/parcels/products/CDH/versions/{{ new_parcel_version }} register: parcels_response - until: parcels_response.json.stage in ("DISTRIBUTED", "ACTIVATED") + until: parcels_response.json.stage in ("DISTRIBUTED", "ACTIVATED") retries: "{{ parcel_poll_max_retries | default(30) }}" delay: "{{ parcel_poll_duration | default(60) }}" diff --git a/roles/deployment/cluster/tasks/update_role_config_group.yml b/roles/deployment/cluster/tasks/update_role_config_group.yml index a5979d98..5afba460 100644 --- a/roles/deployment/cluster/tasks/update_role_config_group.yml +++ b/roles/deployment/cluster/tasks/update_role_config_group.yml @@ -13,10 +13,10 @@ # limitations under the License. --- - - name: Update service role configs cloudera.cluster.cm_api: - endpoint: /clusters/{{ cluster.name | urlencode() }}/services/{{ service | lower }}/roleConfigGroups/{{ service | lower }}-{{ role_type }}-BASE/config?message=Automated%20updates%20from%20Ansible + endpoint: /clusters/{{ cluster.name | urlencode() }}/services/{{ service | lower }}/roleConfigGroups/{{ service | lower }}-{{ role_type + }}-BASE/config?message=Automated%20updates%20from%20Ansible method: PUT body: "{{ lookup('template', 'services/roleConfigGroupConfig.j2', convert_data=False) }}" loop: "{{ role_mappings[service] }}" diff --git a/roles/deployment/cluster/tasks/upgrade_kts.yml b/roles/deployment/cluster/tasks/upgrade_kts.yml index 813d6e03..5b061f68 100644 --- a/roles/deployment/cluster/tasks/upgrade_kts.yml +++ b/roles/deployment/cluster/tasks/upgrade_kts.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate complete kts cluster configs include_role: name: config/cluster/kts @@ -35,7 +34,8 @@ register: cm_config - set_fact: - parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) }}" + parcel_repos: "{{ (cm_config.json | json_query('items[?name==`REMOTE_PARCEL_REPO_URLS`].value') | default(['']))[0].split(',') | default([]) | union(cluster.repositories) + }}" - name: Update parcelrepos cloudera.cluster.cm_api: @@ -61,7 +61,8 @@ register: installed_parcels - set_fact: - installed_parcel_version: "{{ installed_parcels.json | json_query('items[?product==`KEYTRUSTEE_SERVER` && stage==`ACTIVATED`]') | cloudera.cluster.get_product_version('KEYTRUSTEE_SERVER') }}" + installed_parcel_version: "{{ installed_parcels.json | json_query('items[?product==`KEYTRUSTEE_SERVER` && stage==`ACTIVATED`]') | cloudera.cluster.get_product_version('KEYTRUSTEE_SERVER') + }}" - name: Download and upgrade KTS Parcel block: diff --git a/roles/deployment/databases/tasks/main.yml b/roles/deployment/databases/tasks/main.yml index 12c6ee27..3d5e0926 100644 --- a/roles/deployment/databases/tasks/main.yml +++ b/roles/deployment/databases/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Create databases and users include_tasks: file: "{{ database_type }}.yml" diff --git a/roles/deployment/databases/tasks/mariadb.yml b/roles/deployment/databases/tasks/mariadb.yml index 792a91ea..11fe437a 100644 --- a/roles/deployment/databases/tasks/mariadb.yml +++ b/roles/deployment/databases/tasks/mariadb.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Create databases mysql_db: name: "{{ databases[service].name }}" encoding: "{{ service | cloudera.cluster.get_database_encoding_mysql }}" collation: "{{ service | cloudera.cluster.get_database_collation_mysql }}" - become: yes + become: true loop: "{{ databases }}" loop_control: loop_var: service @@ -32,10 +31,10 @@ name: "{{ databases[service].user }}" password: "{{ databases[service].password }}" update_password: always - host: '%' + host: "%" priv: "{{ databases[service].name }}.*:ALL" - no_log: yes - become: yes + no_log: true + become: true loop: "{{ databases }}" loop_control: loop_var: service diff --git a/roles/deployment/databases/tasks/mysql.yml b/roles/deployment/databases/tasks/mysql.yml index 8e789cf8..f31c2e2c 100644 --- a/roles/deployment/databases/tasks/mysql.yml +++ b/roles/deployment/databases/tasks/mysql.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Create databases mysql_db: name: "{{ databases[service].name }}" encoding: "{{ service | cloudera.cluster.get_database_encoding_mysql }}" collation: "{{ service | cloudera.cluster.get_database_collation_mysql }}" - become: yes + become: true loop: "{{ databases }}" loop_control: loop_var: service @@ -32,10 +31,10 @@ name: "{{ databases[service].user }}" password: "{{ databases[service].password }}" update_password: always - host: '%' + host: "%" priv: "{{ databases[service].name }}.*:ALL" - no_log: yes - become: yes + no_log: true + become: true loop: "{{ databases }}" loop_control: loop_var: service diff --git a/roles/deployment/databases/tasks/postgresql.yml b/roles/deployment/databases/tasks/postgresql.yml index f6b29756..48ce90f8 100644 --- a/roles/deployment/databases/tasks/postgresql.yml +++ b/roles/deployment/databases/tasks/postgresql.yml @@ -13,12 +13,11 @@ # limitations under the License. --- - - name: Create database roles postgresql_user: name: "{{ databases[item].user }}" password: "{{ databases[item].password }}" - become: yes + become: true become_user: postgres with_items: "{{ databases }}" delegate_to: "{{ databases[item].host }}" @@ -30,7 +29,7 @@ name: "{{ databases[item].name }}" owner: "{{ databases[item].user }}" encoding: UTF-8 - become: yes + become: true become_user: postgres with_items: "{{ databases }}" delegate_to: "{{ databases[item].host }}" diff --git a/roles/deployment/definition/defaults/main.yml b/roles/deployment/definition/defaults/main.yml index c2441025..3ee772cc 100644 --- a/roles/deployment/definition/defaults/main.yml +++ b/roles/deployment/definition/defaults/main.yml @@ -15,21 +15,20 @@ --- database_host: "{{ groups['db_server'][0] | default('cloudera_manager[0]') }}" - database_default_password: changeme database_tls: false database_type: postgresql database_version: "{{ default_database_versions[database_type][ansible_distribution_major_version] }}" default_database_versions: postgresql: - '7': 10 - '8': 12 + "7": 10 + "8": 12 mariadb: - '7': 10.2 - '8': 10.2 + "7": 10.2 + "8": 10.2 mysql: - '7': 5.7 - '8': 8.0 + "7": 5.7 + "8": 8.0 # Located in cloudera.cluster.infrastructure.krb5_common #krb5_realm: CLOUDERA.LOCAL @@ -39,7 +38,7 @@ default_database_versions: #krb5_enc_types: "aes256-cts aes128-cts" manual_tls_cert_distribution: false -local_temp_dir: '/tmp' +local_temp_dir: "/tmp" database_defaults: DAS: @@ -121,7 +120,7 @@ database_defaults: user: queryprocessor password: "{{ database_default_password }}" -#New in 7.1.9, postgresql only until CHF2 + #New in 7.1.9, postgresql only until CHF2 QUEUEMANAGER: host: "{{ database_host }}" port: "{{ database_type | cloudera.cluster.default_database_port }}" @@ -130,7 +129,6 @@ database_defaults: user: queuemanager password: "{{ database_default_password }}" - databases_cm_svcs: ACTIVITYMONITOR: host: "{{ database_host }}" diff --git a/roles/deployment/definition/tasks/main.yml b/roles/deployment/definition/tasks/main.yml index 84004f6f..c716f951 100644 --- a/roles/deployment/definition/tasks/main.yml +++ b/roles/deployment/definition/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate host_template cluster map ansible.builtin.set_fact: _host_template_cluster_map: "{{ lookup('template', './template_cluster_map.j2') | from_yaml }}" diff --git a/roles/deployment/groupby/tasks/main.yml b/roles/deployment/groupby/tasks/main.yml index 3f4c9892..055a80c6 100644 --- a/roles/deployment/groupby/tasks/main.yml +++ b/roles/deployment/groupby/tasks/main.yml @@ -13,18 +13,17 @@ # limitations under the License. --- - - name: Group by host template group_by: key: "{{ 'host_template_' ~ host_template if host_template is defined else 'no_template' }}" - name: Find the correct host template block: - - fail: - msg: "Unable to host template {{ host_template }} in the cluster definition" - when: content | length == 0 - - set_fact: - host_template_content: "{{ content | first }}" + - fail: + msg: "Unable to host template {{ host_template }} in the cluster definition" + when: content | length == 0 + - set_fact: + host_template_content: "{{ content | first }}" vars: query: "clusters[].host_templates[].\"{{ host_template }}\"" content: "{{ _pre_template_cluster | json_query(query) }}" diff --git a/roles/deployment/repometa/tasks/parcels.yml b/roles/deployment/repometa/tasks/parcels.yml index 1279b33d..a4f37231 100644 --- a/roles/deployment/repometa/tasks/parcels.yml +++ b/roles/deployment/repometa/tasks/parcels.yml @@ -13,13 +13,12 @@ # limitations under the License. --- - - name: Download parcel manifest information delegate_to: "{{ groups.cloudera_manager[0] if 'cloudera_manager' in groups else 'localhost' }}" uri: url: "{{ repository | regex_replace('/?$','') + '/manifest.json' }}" status_code: 200 - return_content: yes + return_content: true url_username: "{{ parcel_repo_username | default(omit) }}" url_password: "{{ parcel_repo_password | default(omit) }}" run_once: true @@ -27,7 +26,7 @@ loop: "{{ cluster.repositories }}" loop_control: loop_var: repository - check_mode: no + check_mode: false - debug: msg: "This Play Host OS Distro is {{ cluster_os_distribution }}" diff --git a/roles/deployment/repometa/tasks/prepare-Debian.yml b/roles/deployment/repometa/tasks/prepare-Debian.yml index 99ecc703..956fdb88 100644 --- a/roles/deployment/repometa/tasks/prepare-Debian.yml +++ b/roles/deployment/repometa/tasks/prepare-Debian.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Set OS Distribution for parcel filtering when: cluster_os_distribution is undefined ansible.builtin.set_fact: diff --git a/roles/deployment/repometa/tasks/prepare-RedHat.yml b/roles/deployment/repometa/tasks/prepare-RedHat.yml index 01e3d4fa..224a062c 100644 --- a/roles/deployment/repometa/tasks/prepare-RedHat.yml +++ b/roles/deployment/repometa/tasks/prepare-RedHat.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Set OS Distribution for parcel filtering when: cluster_os_distribution is undefined ansible.builtin.set_fact: diff --git a/roles/deployment/services/kms/tasks/create_kms.yml b/roles/deployment/services/kms/tasks/create_kms.yml index e167f63b..10cd6710 100644 --- a/roles/deployment/services/kms/tasks/create_kms.yml +++ b/roles/deployment/services/kms/tasks/create_kms.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get cluster parcel details cloudera.cluster.cm_api: endpoint: /clusters/{{ __kms_cluster.name | urlencode() }}/parcels diff --git a/roles/deployment/services/kms/tasks/main.yml b/roles/deployment/services/kms/tasks/main.yml index a597360f..bb70e401 100644 --- a/roles/deployment/services/kms/tasks/main.yml +++ b/roles/deployment/services/kms/tasks/main.yml @@ -13,11 +13,10 @@ # limitations under the License. --- - - name: Get Key Trustee organisation auth secret shell: > keytrustee-orgtool --confdir {{ keytrustee_server_conf_dir }} list - become: yes + become: true delegate_to: "{{ groups.kts_active | first }}" connection: ssh register: orgtool_output diff --git a/roles/deployment/services/kms_ha/tasks/main.yml b/roles/deployment/services/kms_ha/tasks/main.yml index e2e8eb51..8f338888 100644 --- a/roles/deployment/services/kms_ha/tasks/main.yml +++ b/roles/deployment/services/kms_ha/tasks/main.yml @@ -19,7 +19,7 @@ owner: root group: root state: directory - mode: 0777 + mode: "0777" - name: Fetch keys from first KMS server delegate_to: "{{ groups.kms_servers | first }}" @@ -37,7 +37,7 @@ dest: "{{ kms_conf_dir }}" owner: "{{ kms_user }}" group: "{{ kms_group }}" - mode: 0600 + mode: "0600" loop: "{{ groups.kms_servers[1:] }}" loop_control: loop_var: __kms_host diff --git a/roles/deployment/services/kts_high_availability/tasks/main.yml b/roles/deployment/services/kts_high_availability/tasks/main.yml index 3a5d81fb..100d05fb 100644 --- a/roles/deployment/services/kts_high_availability/tasks/main.yml +++ b/roles/deployment/services/kts_high_availability/tasks/main.yml @@ -31,7 +31,7 @@ owner: root group: root state: directory - mode: 0777 + mode: "0777" # GnuPG 2.1+ uses .kbx for keyring, and retired secring / random_seed - name: Determine gnupg version @@ -53,7 +53,7 @@ dest: "{{ keytrustee_server_conf_dir }}" owner: keytrustee group: keytrustee - mode: 0600 + mode: "0600" - name: Delete temp directory file: diff --git a/roles/deployment/services/mgmt/tasks/main.yml b/roles/deployment/services/mgmt/tasks/main.yml index d88933fc..23e8b3f9 100644 --- a/roles/deployment/services/mgmt/tasks/main.yml +++ b/roles/deployment/services/mgmt/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate mgmt configs include_role: name: cloudera.cluster.config.services.mgmt diff --git a/roles/deployment/services/wxm/defaults/main.yml b/roles/deployment/services/wxm/defaults/main.yml index 1eec45c5..f668b346 100644 --- a/roles/deployment/services/wxm/defaults/main.yml +++ b/roles/deployment/services/wxm/defaults/main.yml @@ -1,2 +1,3 @@ -altus_key_id: '' -altus_private_key: '' +--- +altus_key_id: "" +altus_private_key: "" diff --git a/roles/deployment/services/wxm/tasks/configure_telemetry.yml b/roles/deployment/services/wxm/tasks/configure_telemetry.yml index 5fee561f..036e591b 100644 --- a/roles/deployment/services/wxm/tasks/configure_telemetry.yml +++ b/roles/deployment/services/wxm/tasks/configure_telemetry.yml @@ -1,5 +1,4 @@ --- - # Add access key for Altus to base CM - name: Set Altus private Key into one line @@ -23,7 +22,6 @@ method: POST body: "{{ lookup('template', 'add_altus_key.json') }}" - # Get host Id of this host as it is required to add it as the TP host - set_fact: tp_host_id: "{{ hosts_details.json | community.general.json_query(query) }}" diff --git a/roles/deployment/services/wxm/tasks/main.yml b/roles/deployment/services/wxm/tasks/main.yml index 4b141105..6a832665 100644 --- a/roles/deployment/services/wxm/tasks/main.yml +++ b/roles/deployment/services/wxm/tasks/main.yml @@ -1,10 +1,9 @@ --- - - assert: that: - altus_private_key | length > 0 - altus_key_id | length > 0 - quiet: True + quiet: true fail_msg: >- Altus key id and private key must be provided to configure Telemetry service for WXM diff --git a/roles/deployment/services/wxm/tasks/truststore_to_base.yml b/roles/deployment/services/wxm/tasks/truststore_to_base.yml index cdd1bcf0..9d7b59e2 100644 --- a/roles/deployment/services/wxm/tasks/truststore_to_base.yml +++ b/roles/deployment/services/wxm/tasks/truststore_to_base.yml @@ -9,13 +9,15 @@ cloudera.cluster.cm_api: endpoint: "/certs/truststorePassword" register: cloudera_manager_truststore_password_api - no_log: True + no_log: true # Import CA from WXM cluster and import it into base truststore - name: Import truststore into Base truststore - shell: "echo 'yes' | keytool -import -alias wxm_truststore -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -file /tmp/wxm_truststore.pem -storepass {{ cloudera_manager_truststore_password_api.content }}" + shell: "echo 'yes' | keytool -import -alias wxm_truststore -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-global_truststore.jks -file /tmp/wxm_truststore.pem + -storepass {{ cloudera_manager_truststore_password_api.content }}" ignore_errors: true - name: Import truststore into Base truststore - shell: "echo 'yes' | keytool -import -alias wxm_truststore -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-in_cluster_truststore.jks -file /tmp/wxm_truststore.pem -storepass {{ cloudera_manager_truststore_password_api.content }}" + shell: "echo 'yes' | keytool -import -alias wxm_truststore -keystore /var/lib/cloudera-scm-agent/agent-cert/cm-auto-in_cluster_truststore.jks -file /tmp/wxm_truststore.pem + -storepass {{ cloudera_manager_truststore_password_api.content }}" ignore_errors: true diff --git a/roles/infrastructure/ca_server/molecule/default/verify.yml b/roles/infrastructure/ca_server/molecule/default/verify.yml index e5ac8599..bf767768 100644 --- a/roles/infrastructure/ca_server/molecule/default/verify.yml +++ b/roles/infrastructure/ca_server/molecule/default/verify.yml @@ -13,32 +13,30 @@ # limitations under the License. --- - - name: Verify hosts: all - gather_facts: no + gather_facts: false tasks: + - name: Output Root CA cert details + shell: openssl x509 -in /ca/certs/ca.cert.pem -noout -text + register: root_ca_output - - name: Output Root CA cert details - shell: openssl x509 -in /ca/certs/ca.cert.pem -noout -text - register: root_ca_output - - - name: Check Root CA issuer - assert: - that: "'Issuer: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in root_ca_output.stdout" + - name: Check Root CA issuer + assert: + that: "'Issuer: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in root_ca_output.stdout" - - name: Check Root CA subject - assert: - that: "'Subject: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in root_ca_output.stdout" + - name: Check Root CA subject + assert: + that: "'Subject: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in root_ca_output.stdout" - - name: Output Intermediate CA cert details - shell: openssl x509 -in /ca/intermediate/certs/intermediate.cert.pem -noout -text - register: intermediate_ca_output + - name: Output Intermediate CA cert details + shell: openssl x509 -in /ca/intermediate/certs/intermediate.cert.pem -noout -text + register: intermediate_ca_output - - name: Check Intermediate CA issuer - assert: - that: "'Issuer: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in intermediate_ca_output.stdout" + - name: Check Intermediate CA issuer + assert: + that: "'Issuer: C=US, O=Cloudera, Inc., OU=PS, CN=Root CA' in intermediate_ca_output.stdout" - - name: Check Intermediate CA subject - assert: - that: "'Subject: C=US, O=Cloudera, Inc., OU=PS, CN=Intermediate CA' in intermediate_ca_output.stdout" + - name: Check Intermediate CA subject + assert: + that: "'Subject: C=US, O=Cloudera, Inc., OU=PS, CN=Intermediate CA' in intermediate_ca_output.stdout" diff --git a/roles/infrastructure/ca_server/tasks/create_ca.yml b/roles/infrastructure/ca_server/tasks/create_ca.yml index 431312ec..e9d24cd0 100644 --- a/roles/infrastructure/ca_server/tasks/create_ca.yml +++ b/roles/infrastructure/ca_server/tasks/create_ca.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,7 +17,7 @@ file: state: directory path: "{{ dir }}" - mode: 0700 + mode: "0700" owner: root loop: - "{{ ca_server_root_path }}" @@ -31,8 +32,8 @@ file: state: touch path: "{{ ca_server_root_path }}/index.txt" - mode: 0700 - changed_when: False + mode: "0700" + changed_when: false - name: Write serial shell: @@ -44,7 +45,7 @@ src: root.openssl.cnf.j2 dest: "{{ ca_server_root_path }}/openssl.cnf" owner: root - mode: 0644 + mode: "0644" - name: Generate root private key openssl_privatekey: @@ -52,7 +53,7 @@ size: "{{ ca_server_root_key_size }}" cipher: "{{ ca_server_root_key_cipher }}" passphrase: "{{ ca_server_root_key_password }}" - mode: 0400 + mode: "0400" - set_fact: subject_root: "/{{ lookup('template', 'root_dn.j2') | from_yaml | map('regex_replace', '/', '\\/') | join('/') }}" @@ -78,7 +79,7 @@ file: state: directory path: "{{ dir }}" - mode: 0700 + mode: "0700" owner: root loop: - "{{ ca_server_intermediate_path }}" @@ -94,8 +95,8 @@ file: state: touch path: "{{ ca_server_intermediate_path }}/index.txt" - mode: 0700 - changed_when: False + mode: "0700" + changed_when: false - name: Write serial shell: @@ -107,7 +108,7 @@ src: intermediate.openssl.cnf.j2 dest: "{{ ca_server_intermediate_path }}/openssl.cnf" owner: root - mode: 0644 + mode: "0644" - name: Generate intermediate private key openssl_privatekey: @@ -115,7 +116,7 @@ size: 4096 cipher: "{{ ca_server_root_key_cipher }}" passphrase: "{{ ca_server_intermediate_key_password }}" - mode: 0400 + mode: "0400" - name: Generate intermediate CSR shell: diff --git a/roles/infrastructure/ca_server/tasks/main.yml b/roles/infrastructure/ca_server/tasks/main.yml index c251ca64..08dad235 100644 --- a/roles/infrastructure/ca_server/tasks/main.yml +++ b/roles/infrastructure/ca_server/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include OS-specific variables include_vars: file: "{{ ansible_os_family }}.yml" @@ -82,9 +81,9 @@ - name: Ensure the intermediate CA config has the correct section ([ cloudera_req ]) lineinfile: path: "{{ ca_server_intermediate_path }}/openssl.cnf" - regexp: '\[\s*cloudera_req\s*\]' + regexp: "\\[\\s*cloudera_req\\s*\\]" state: absent - check_mode: yes + check_mode: true changed_when: false register: intermediate_conf_check when: intermediate_ca_conf_exists diff --git a/roles/infrastructure/custom_repo/defaults/main.yml b/roles/infrastructure/custom_repo/defaults/main.yml index a7cc8315..c5207c7e 100644 --- a/roles/infrastructure/custom_repo/defaults/main.yml +++ b/roles/infrastructure/custom_repo/defaults/main.yml @@ -17,6 +17,6 @@ local_temp_dir: /tmp repo_tar_local_dir: repo repo_tar_files: "{{ definition.repo_tar_files | default([]) }}" -keep_newer: yes +keep_newer: true custom_repo_rehost_files: "{{ definition.custom_repo_rehost_files | default([]) }}" diff --git a/roles/infrastructure/custom_repo/tasks/install_parcels.yml b/roles/infrastructure/custom_repo/tasks/install_parcels.yml index 4443cc51..03616589 100644 --- a/roles/infrastructure/custom_repo/tasks/install_parcels.yml +++ b/roles/infrastructure/custom_repo/tasks/install_parcels.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Work out temp and repo paths set_fact: temp_dir: "{{ local_temp_dir }}/{{ repo_tar_file | regex_replace('.tar.gz','') }}" @@ -27,22 +26,22 @@ - name: Find parcel files find: path: "{{ temp_dir }}" - patterns: '*.parcel,*.parcel.sha,*.parcel.sha1,.*.parcel.sha256,manifest.json' - recurse: yes + patterns: "*.parcel,*.parcel.sha,*.parcel.sha1,.*.parcel.sha256,manifest.json" + recurse: true register: files - name: Create parcel repo directory file: path: "{{ repo_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Copy parcel files into correct location copy: src: "{{ item.path }}" dest: "{{ repo_dir }}" - remote_src: yes - mode: 0644 + remote_src: true + mode: "0644" with_items: "{{ files.files }}" - name: Remove temp directory diff --git a/roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml b/roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml index 9dec3e00..39bdebfb 100644 --- a/roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml +++ b/roles/infrastructure/custom_repo/tasks/install_parcels_from_tars_on_controller.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Work out temp and repo paths set_fact: temp_dir: "{{ local_temp_dir }}/{{ repo_tar_file | regex_replace('.tar.gz','') }}" @@ -28,22 +27,22 @@ - name: Find parcel files find: path: "{{ temp_dir }}" - patterns: '*.parcel,*.parcel.sha,*.parcel.sha1,.*.parcel.sha256,manifest.json' - recurse: yes + patterns: "*.parcel,*.parcel.sha,*.parcel.sha1,.*.parcel.sha256,manifest.json" + recurse: true register: files - name: Create parcel repo directory file: path: "{{ repo_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Copy parcel files into correct location copy: src: "{{ item.path }}" dest: "{{ repo_dir }}" - remote_src: yes - mode: 0644 + remote_src: true + mode: "0644" with_items: "{{ files.files }}" - name: Remove temp directory diff --git a/roles/infrastructure/custom_repo/tasks/main.yml b/roles/infrastructure/custom_repo/tasks/main.yml index 8aa6ad38..b5fb1f0c 100644 --- a/roles/infrastructure/custom_repo/tasks/main.yml +++ b/roles/infrastructure/custom_repo/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include variables include_vars: file: "{{ ansible_os_family }}.yml" @@ -21,7 +20,7 @@ - name: Install {{ httpd_package }} ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" - update_cache: yes + update_cache: true name: "{{ httpd_package }}" state: present @@ -40,5 +39,5 @@ - name: Start and enable httpd service: name: "{{ httpd_service }}" - enabled: yes + enabled: true state: restarted diff --git a/roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml b/roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml index 3520e8b8..c976ae0e 100644 --- a/roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml +++ b/roles/infrastructure/custom_repo/tasks/rehost_files_from_download.yml @@ -61,7 +61,7 @@ loop_var: __tmp_unpack_item ansible.builtin.unarchive: extra_opts: [--strip-components=1] - remote_src: yes + remote_src: true src: "/var/www/html{{ __tmp_unpack_item | urlsplit('path') }}" dest: "/var/www/html{{ __tmp_unpack_item | urlsplit('path') | regex_replace('^(.+)repo.+-(.+)\\.tar\\.gz$', '\\1\\2' + '/yum/') }}" keep_newer: "{{ keep_newer }}" diff --git a/roles/infrastructure/haproxy/tasks/main.yml b/roles/infrastructure/haproxy/tasks/main.yml index 4a94427b..d74fa39f 100644 --- a/roles/infrastructure/haproxy/tasks/main.yml +++ b/roles/infrastructure/haproxy/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install HAProxy ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" @@ -23,5 +22,5 @@ - name: Enable HAProxy service: name: haproxy - enabled: yes + enabled: true state: restarted diff --git a/roles/infrastructure/krb5_client/handlers/main.yml b/roles/infrastructure/krb5_client/handlers/main.yml index e2ea5991..c41dffe7 100644 --- a/roles/infrastructure/krb5_client/handlers/main.yml +++ b/roles/infrastructure/krb5_client/handlers/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/infrastructure/krb5_client/tasks/freeipa.yml b/roles/infrastructure/krb5_client/tasks/freeipa.yml index f90ad950..a2135e15 100644 --- a/roles/infrastructure/krb5_client/tasks/freeipa.yml +++ b/roles/infrastructure/krb5_client/tasks/freeipa.yml @@ -1,5 +1,4 @@ --- - # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml b/roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml index 2dcef68e..ffcb5e4c 100644 --- a/roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml +++ b/roles/infrastructure/krb5_client/tasks/freeipa_autodns.yml @@ -21,7 +21,7 @@ - name: Gather facts from KRB5 Server ansible.builtin.setup: gather_subset: - - 'default_ipv4' + - "default_ipv4" delegate_to: "{{ krb5_ip_collect_item }}" delegate_facts: true loop: "{{ groups['krb5_server'] }}" @@ -41,7 +41,7 @@ file: path: /etc/NetworkManager/conf.d/ state: directory - recurse: yes + recurse: true - name: Ensure dns configuration persists through reboot ansible.builtin.copy: @@ -49,7 +49,7 @@ [main] dns=none dest: /etc/NetworkManager/conf.d/disable-resolve.conf-managing.conf - backup: yes + backup: true - name: Disable nm-cloud-setup if present when: @@ -57,7 +57,7 @@ - ansible_os_family == 'RedHat' block: - name: Disable nm-cloud-setup if present - ignore_errors: yes + ignore_errors: true loop_control: loop_var: __nm_cloud_setup_disable_item loop: diff --git a/roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml b/roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml index e5602af8..a7705c97 100644 --- a/roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml +++ b/roles/infrastructure/krb5_client/tasks/freeipa_dbus_patch.yml @@ -12,8 +12,8 @@ - name: Ensure dbus is enabled and unmasked systemd: name: dbus - enabled: yes - masked: no + enabled: true + masked: false ignore_errors: true - name: Restart DBUS diff --git a/roles/infrastructure/krb5_client/tasks/pvc_configs.yml b/roles/infrastructure/krb5_client/tasks/pvc_configs.yml index 4bcb9746..ffbbfc04 100644 --- a/roles/infrastructure/krb5_client/tasks/pvc_configs.yml +++ b/roles/infrastructure/krb5_client/tasks/pvc_configs.yml @@ -16,7 +16,7 @@ - name: Add Renewable ticket lifetime blockinfile: dest: "/etc/krb5.conf" - insertafter: 'ticket_lifetime = 24h' + insertafter: "ticket_lifetime = 24h" block: | renew_lifetime = 7d max_life = 365d @@ -26,14 +26,14 @@ - name: Comment default_ccache_name in krb5.conf replace: dest: /etc/krb5.conf - regexp: 'default_ccache_name = KEYRING:persistent:%{uid}' - replace: '#default_ccache_name = KEYRING:persistent:%{uid}' + regexp: "default_ccache_name = KEYRING:persistent:%{uid}" + replace: "#default_ccache_name = KEYRING:persistent:%{uid}" ignore_errors: true - name: Adding enctypes for Hue blockinfile: dest: "/etc/krb5.conf" - insertafter: 'ticket_lifetime = 24h' + insertafter: "ticket_lifetime = 24h" block: | default_tgs_enctypes= des3-cbc-sha1 aes256-cts-hmac-sha1-96 arcfour-hmac aes128-cts-hmac-sha1-96 des-cbc-md5 default_tkt_enctypes = des3-cbc-sha1 aes256-cts-hmac-sha1-96 arcfour-hmac aes128-cts-hmac-sha1-96 des-cbc-md5 diff --git a/roles/infrastructure/krb5_common/defaults/main.yml b/roles/infrastructure/krb5_common/defaults/main.yml index e9ed4aed..99e8ae36 100644 --- a/roles/infrastructure/krb5_common/defaults/main.yml +++ b/roles/infrastructure/krb5_common/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/infrastructure/krb5_conf/tasks/mit.yml b/roles/infrastructure/krb5_conf/tasks/mit.yml index 4f379062..5827213d 100644 --- a/roles/infrastructure/krb5_conf/tasks/mit.yml +++ b/roles/infrastructure/krb5_conf/tasks/mit.yml @@ -13,10 +13,9 @@ # limitations under the License. --- - - name: Create krb5.conf template: src: "{{ krb5_conf_template | default('krb5.conf.j2') }}" dest: /etc/krb5.conf - backup: yes + backup: true when: not (skip_krb5_conf_distribution | default(False)) diff --git a/roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml b/roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml index 4eb895df..a577afb0 100644 --- a/roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml +++ b/roles/infrastructure/krb5_server/tasks/fix_freeipa_collection.yml @@ -23,29 +23,29 @@ - name: Add a sleep before calling certmonger for Py27 lineinfile: path: /usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py - insertbefore: '.*find_ca_by_nickname.*' - line: ' time.sleep(20)' + insertbefore: ".*find_ca_by_nickname.*" + line: " time.sleep(20)" state: present ignore_errors: true - name: Raise timeout for CA wait for Py27 lineinfile: path: /usr/lib/python2.7/site-packages/ipalib/constants.py - regexp: '^CA_DBUS_TIMEOUT' + regexp: "^CA_DBUS_TIMEOUT" line: CA_DBUS_TIMEOUT = 360 ignore_errors: true - name: Add a sleep before calling certmonger for Py36 lineinfile: path: /usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py - insertbefore: '.*find_ca_by_nickname.*' - line: ' time.sleep(20)' + insertbefore: ".*find_ca_by_nickname.*" + line: " time.sleep(20)" state: present ignore_errors: true - name: Raise timeout for CA wait for Py36 lineinfile: path: /usr/lib/python3.6/site-packages/ipalib/constants.py - regexp: '^CA_DBUS_TIMEOUT' + regexp: "^CA_DBUS_TIMEOUT" line: CA_DBUS_TIMEOUT = 360 ignore_errors: true diff --git a/roles/infrastructure/krb5_server/tasks/freeipa.yml b/roles/infrastructure/krb5_server/tasks/freeipa.yml index f54603a1..9644b124 100644 --- a/roles/infrastructure/krb5_server/tasks/freeipa.yml +++ b/roles/infrastructure/krb5_server/tasks/freeipa.yml @@ -23,7 +23,7 @@ selinux: policy: targeted state: permissive - ignore_errors: yes + ignore_errors: true - name: Setup FreeIPA Server ansible.builtin.include_role: @@ -71,7 +71,7 @@ - name: Gather facts from ECS Server ansible.builtin.setup: gather_subset: - - 'default_ipv4' + - "default_ipv4" delegate_to: "{{ ecs_ip_collect_item }}" delegate_facts: true loop: "{{ groups['ecs_ecs_server'] }}" diff --git a/roles/infrastructure/krb5_server/tasks/mit.yml b/roles/infrastructure/krb5_server/tasks/mit.yml index 89abb44e..55c0cf00 100644 --- a/roles/infrastructure/krb5_server/tasks/mit.yml +++ b/roles/infrastructure/krb5_server/tasks/mit.yml @@ -27,7 +27,7 @@ template: src: "{{ ansible_os_family }}/kdc.conf.j2" dest: "{{ krb5_kdc_state_directory }}/kdc.conf" - backup: yes + backup: true - name: Create KDC database command: "/usr/sbin/kdb5_util create -s -P {{ krb5_kdc_master_password }}" @@ -38,7 +38,7 @@ template: src: kadm5.acl.j2 dest: "{{ krb5_kdc_state_directory }}/kadm5.acl" - backup: yes + backup: true - name: Create Cloudera Manager admin principal command: /usr/sbin/kadmin.local -q "addprinc -pw {{ krb5_kdc_admin_password }} {{ krb5_kdc_admin_user }}" @@ -47,6 +47,6 @@ service: name: "{{ item }}" state: restarted - enabled: yes + enabled: true with_items: - "{{ krb5_services }}" diff --git a/roles/infrastructure/krb5_server/vars/RedHat-7.yml b/roles/infrastructure/krb5_server/vars/RedHat-7.yml index bfeea14e..7711469c 100644 --- a/roles/infrastructure/krb5_server/vars/RedHat-7.yml +++ b/roles/infrastructure/krb5_server/vars/RedHat-7.yml @@ -1,2 +1,2 @@ --- -ipaserver_packages: [ "ipa-server", "libselinux-python" ] +ipaserver_packages: ["ipa-server", "libselinux-python"] diff --git a/roles/infrastructure/krb5_server/vars/RedHat-8.yml b/roles/infrastructure/krb5_server/vars/RedHat-8.yml index c791a5bb..b1a97f36 100644 --- a/roles/infrastructure/krb5_server/vars/RedHat-8.yml +++ b/roles/infrastructure/krb5_server/vars/RedHat-8.yml @@ -1,2 +1,2 @@ --- -ipaserver_packages: [ "@idm:DL1/server" ] +ipaserver_packages: ["@idm:DL1/server"] diff --git a/roles/infrastructure/krb5_server/vars/Ubuntu.yml b/roles/infrastructure/krb5_server/vars/Ubuntu.yml index 91668774..8ba2ed73 100644 --- a/roles/infrastructure/krb5_server/vars/Ubuntu.yml +++ b/roles/infrastructure/krb5_server/vars/Ubuntu.yml @@ -1,2 +1,2 @@ --- -ipaserver_packages: [ "freeipa-server" ] +ipaserver_packages: ["freeipa-server"] diff --git a/roles/infrastructure/krb5_server/vars/default.yml b/roles/infrastructure/krb5_server/vars/default.yml index 6324f7ec..52defc12 100644 --- a/roles/infrastructure/krb5_server/vars/default.yml +++ b/roles/infrastructure/krb5_server/vars/default.yml @@ -1,2 +1,2 @@ --- -ipaserver_packages: [ "ipa-server", "python3-libselinux" ] +ipaserver_packages: ["ipa-server", "python3-libselinux"] diff --git a/roles/infrastructure/rdbms/handlers/main.yml b/roles/infrastructure/rdbms/handlers/main.yml index 034c8b04..0af337e1 100644 --- a/roles/infrastructure/rdbms/handlers/main.yml +++ b/roles/infrastructure/rdbms/handlers/main.yml @@ -13,6 +13,5 @@ # limitations under the License. --- - - name: yum clean metadata ansible.builtin.command: yum clean metadata diff --git a/roles/infrastructure/rdbms/tasks/mariadb-Debian.yml b/roles/infrastructure/rdbms/tasks/mariadb-Debian.yml index 66724199..c37394bc 100644 --- a/roles/infrastructure/rdbms/tasks/mariadb-Debian.yml +++ b/roles/infrastructure/rdbms/tasks/mariadb-Debian.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install MariaDB apt key apt_key: url: https://mariadb.org/mariadb_release_signing_key.asc diff --git a/roles/infrastructure/rdbms/tasks/mariadb-RedHat.yml b/roles/infrastructure/rdbms/tasks/mariadb-RedHat.yml index da4ae4de..9f49fa26 100644 --- a/roles/infrastructure/rdbms/tasks/mariadb-RedHat.yml +++ b/roles/infrastructure/rdbms/tasks/mariadb-RedHat.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install MariaDB repository yum_repository: name: MariaDB diff --git a/roles/infrastructure/rdbms/tasks/mysql-RedHat.yml b/roles/infrastructure/rdbms/tasks/mysql-RedHat.yml index 4ad11e57..4af53d1a 100644 --- a/roles/infrastructure/rdbms/tasks/mysql-RedHat.yml +++ b/roles/infrastructure/rdbms/tasks/mysql-RedHat.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Import GPG Key rpm_key: key: https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 @@ -30,7 +29,6 @@ when: - not (skip_rdbms_repo_setup | default(False)) - - name: Install MySQL include_role: name: ansible-role-mysql diff --git a/roles/infrastructure/rdbms/tasks/postgresql-Debian.yml b/roles/infrastructure/rdbms/tasks/postgresql-Debian.yml index 21cb7b98..c14be714 100644 --- a/roles/infrastructure/rdbms/tasks/postgresql-Debian.yml +++ b/roles/infrastructure/rdbms/tasks/postgresql-Debian.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install PostgreSQL apt key apt_key: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc diff --git a/roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml b/roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml index d5a06625..a7ff40f6 100644 --- a/roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml +++ b/roles/infrastructure/rdbms/tasks/postgresql-RedHat.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install PostgreSQL common repository yum_repository: name: pgdg-common diff --git a/roles/infrastructure/rdbms/tasks/template_fix.yml b/roles/infrastructure/rdbms/tasks/template_fix.yml index 1a04815e..0899e217 100644 --- a/roles/infrastructure/rdbms/tasks/template_fix.yml +++ b/roles/infrastructure/rdbms/tasks/template_fix.yml @@ -13,23 +13,22 @@ # limitations under the License. --- - - name: Copy SQL to change template to UTF-8 copy: src: files/utf8-template.sql dest: "{{ local_temp_dir }}" owner: postgres group: postgres - mode: 0660 + mode: "0660" - name: Run SQL to change template to UTF-8 command: "psql -f {{ local_temp_dir }}/utf8-template.sql" - become: yes + become: true become_user: postgres - name: Remove SQL file file: path: "{{ local_temp_dir }}/utf8-template.sql" state: absent - become: yes + become: true become_user: postgres diff --git a/roles/infrastructure/rdbms/vars/postgresql.yml b/roles/infrastructure/rdbms/vars/postgresql.yml index a676b7c8..89ce9acd 100644 --- a/roles/infrastructure/rdbms/vars/postgresql.yml +++ b/roles/infrastructure/rdbms/vars/postgresql.yml @@ -15,9 +15,9 @@ --- postgresql_global_config_options: - option: log_directory - value: 'log' + value: "log" - option: listen_addresses - value: '*' + value: "*" - option: max_connections value: 300 - option: ssl @@ -30,8 +30,8 @@ postgresql_global_config_options: value: "{{ tls_chain_path if database_tls else None }}" postgresql_hba_entries: - - {type: local, database: all, user: postgres, auth_method: peer} - - {type: local, database: all, user: all, auth_method: peer} - - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5} - - {type: host, database: all, user: all, address: '::1/128', auth_method: md5} - - {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: md5} + - { type: local, database: all, user: postgres, auth_method: peer } + - { type: local, database: all, user: all, auth_method: peer } + - { type: host, database: all, user: all, address: "127.0.0.1/32", auth_method: md5 } + - { type: host, database: all, user: all, address: "::1/128", auth_method: md5 } + - { type: host, database: all, user: all, address: "0.0.0.0/0", auth_method: md5 } diff --git a/roles/operations/delete_cluster/tasks/main.yml b/roles/operations/delete_cluster/tasks/main.yml index 9ed8bc0d..67abce9a 100644 --- a/roles/operations/delete_cluster/tasks/main.yml +++ b/roles/operations/delete_cluster/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Check the cluster exists cloudera.cluster.cm_api: endpoint: /clusters/{{ cluster.name | urlencode() }} @@ -47,8 +46,8 @@ and services.json | json_query(stopped_query) | length == services.json | json_query(all_query) | length vars: - stopped_query: 'items[?(serviceState==`STOPPED` || serviceState==`NA`)]' - all_query: 'items[*]' + stopped_query: "items[?(serviceState==`STOPPED` || serviceState==`NA`)]" + all_query: "items[*]" retries: "{{ teardown_stop_cluster_poll_max_retries | default(30) }}" delay: "{{ teardown_stop_cluster_poll_duration | default(20) }}" diff --git a/roles/operations/delete_cms/tasks/main.yml b/roles/operations/delete_cms/tasks/main.yml index 4aa7ab92..357b5d1f 100644 --- a/roles/operations/delete_cms/tasks/main.yml +++ b/roles/operations/delete_cms/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Check cms exists cloudera.cluster.cm_api: endpoint: /cm/service diff --git a/roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml b/roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml index 4f93f754..dcc75ecd 100644 --- a/roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml +++ b/roles/operations/refresh_ranger_kms_repo/tasks/cluster_find_ranger.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Check a cluster has been specified fail: msg: This task list expects a cluster var. diff --git a/roles/operations/refresh_ranger_kms_repo/tasks/main.yml b/roles/operations/refresh_ranger_kms_repo/tasks/main.yml index 3cb47078..f52e334e 100644 --- a/roles/operations/refresh_ranger_kms_repo/tasks/main.yml +++ b/roles/operations/refresh_ranger_kms_repo/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Refresh the KMS repository include_tasks: setup_cluster.yml loop: "{{ definition.clusters }}" diff --git a/roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml b/roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml index 5ac9216f..ac943810 100644 --- a/roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml +++ b/roles/operations/refresh_ranger_kms_repo/tasks/setup_cluster.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - fail: msg: You must pass a cluster variable to this role when: __cluster_item is not defined @@ -26,7 +25,7 @@ url: "{{ ranger_api_url }}/service" user: "{{ ranger_keyadmin_username }}" password: "{{ ranger_keyadmin_password }}" - force_basic_auth: yes + force_basic_auth: true headers: Accept: "application/json" register: services @@ -43,7 +42,7 @@ url: "{{ ranger_api_url }}/service/{{ kms_service.id }}" user: "{{ ranger_keyadmin_username }}" password: "{{ ranger_keyadmin_password }}" - force_basic_auth: yes + force_basic_auth: true method: DELETE headers: Accept: "application/json" diff --git a/roles/operations/restart_cluster/tasks/main.yml b/roles/operations/restart_cluster/tasks/main.yml index c6077a57..97fd5948 100644 --- a/roles/operations/restart_cluster/tasks/main.yml +++ b/roles/operations/restart_cluster/tasks/main.yml @@ -1,5 +1,4 @@ --- - - name: Restart cluster cm_api: endpoint: /clusters/{{ cluster_to_restart }}/commands/restart diff --git a/roles/operations/restart_stale/tasks/main.yml b/roles/operations/restart_stale/tasks/main.yml index dc517bb5..44b691f4 100644 --- a/roles/operations/restart_stale/tasks/main.yml +++ b/roles/operations/restart_stale/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get clusters cloudera.cluster.cm_api: endpoint: /clusters diff --git a/roles/operations/restart_stale/tasks/restart.yml b/roles/operations/restart_stale/tasks/restart.yml index 655cfa6f..945003d9 100644 --- a/roles/operations/restart_stale/tasks/restart.yml +++ b/roles/operations/restart_stale/tasks/restart.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Get cluster services cloudera.cluster.cm_api: endpoint: /clusters/{{ cluster.name | urlencode() }}/services diff --git a/roles/operations/stop_cluster/tasks/main.yml b/roles/operations/stop_cluster/tasks/main.yml index 9f591529..4695174f 100644 --- a/roles/operations/stop_cluster/tasks/main.yml +++ b/roles/operations/stop_cluster/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Check the cluster exists cloudera.cluster.cm_api: endpoint: /clusters/{{ cluster.name | urlencode() }} @@ -45,7 +44,7 @@ and services.json | json_query(stopped_query) | length == services.json | json_query(all_query) | length vars: - stopped_query: 'items[?(serviceState==`STOPPED` || serviceState==`NA`)]' - all_query: 'items[*]' + stopped_query: "items[?(serviceState==`STOPPED` || serviceState==`NA`)]" + all_query: "items[*]" retries: "{{ teardown_stop_cluster_poll_max_retries | default(30) }}" delay: "{{ teardown_stop_cluster_poll_duration | default(20) }}" diff --git a/roles/prereqs/jdk/defaults/main.yml b/roles/prereqs/jdk/defaults/main.yml index d443f3f5..2994dfcd 100644 --- a/roles/prereqs/jdk/defaults/main.yml +++ b/roles/prereqs/jdk/defaults/main.yml @@ -22,4 +22,4 @@ jdk_java_security_paths: - /etc/java-8-openjdk/security - /etc/java-11-openjdk/security - /usr/lib64/jvm/java-1.8.0-openjdk-1.8.0/jre/lib/security -jdk_java_security_safe_replace: True +jdk_java_security_safe_replace: true diff --git a/roles/prereqs/jdk/tasks/main.yml b/roles/prereqs/jdk/tasks/main.yml index a5bfe69f..dc32ead5 100644 --- a/roles/prereqs/jdk/tasks/main.yml +++ b/roles/prereqs/jdk/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include variables include_vars: file: "{{ ansible_os_family }}.yml" @@ -27,18 +26,18 @@ ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" name: - - "{{ jdk_package }}" + - "{{ jdk_package }}" state: present - update_cache: yes + update_cache: true - name: Add missing symlinks (if installed from Cloudera repo) block: - name: Find Java home directory find: paths: /usr/java - patterns: 'jdk*-cloudera' + patterns: "jdk*-cloudera" file_type: directory - recurse: no + recurse: false register: jdk_home - name: Create alternatives symlink for java alternatives: @@ -76,7 +75,7 @@ find: paths: "{{ jdk_java_security_paths }}" pattern: "java.security" - follow: yes + follow: true register: java_security - fail: @@ -88,7 +87,7 @@ - name: Enable Unlimited Strength Policy lineinfile: path: "{{ item.path }}" - regexp: '#?crypto.policy=' + regexp: "#?crypto.policy=" line: crypto.policy=unlimited with_items: "{{ java_security.files }}" when: installed_jdk_version is not match("11.*") @@ -96,7 +95,7 @@ - name: Apply workaround for Kerberos issues introduced in OpenJDK 1.8u242 and 11.0.6 (JDK-8215032) lineinfile: path: "{{ item.path }}" - regexp: '^sun.security.krb5.disableReferrals=' + regexp: "^sun.security.krb5.disableReferrals=" line: sun.security.krb5.disableReferrals=true with_items: "{{ java_security.files }}" when: > diff --git a/roles/prereqs/kerberos/tasks/main.yml b/roles/prereqs/kerberos/tasks/main.yml index 75ebc26d..e90e1d0d 100644 --- a/roles/prereqs/kerberos/tasks/main.yml +++ b/roles/prereqs/kerberos/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include variables include_vars: file: "{{ ansible_os_family }}.yml" diff --git a/roles/prereqs/license/defaults/main.yml b/roles/prereqs/license/defaults/main.yml index 7f2e2fe0..0b21ad94 100644 --- a/roles/prereqs/license/defaults/main.yml +++ b/roles/prereqs/license/defaults/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,5 +14,5 @@ # limitations under the License. # Path to the license file on the Ansible controller -cloudera_manager_license_file: '' +cloudera_manager_license_file: "" license_local_tmp_path: /tmp/license.txt diff --git a/roles/prereqs/license/tasks/main.yml b/roles/prereqs/license/tasks/main.yml index 1f63999a..3963ae86 100644 --- a/roles/prereqs/license/tasks/main.yml +++ b/roles/prereqs/license/tasks/main.yml @@ -17,7 +17,7 @@ copy: src: "{{ cloudera_manager_license_file }}" dest: "{{ license_local_tmp_path }}" - mode: 0600 + mode: "0600" when: - cloudera_manager_license_file - "'cloudera_manager' in groups" diff --git a/roles/prereqs/local_accounts_common/defaults/main.yml b/roles/prereqs/local_accounts_common/defaults/main.yml index 8b4bb4cb..54c4abf4 100644 --- a/roles/prereqs/local_accounts_common/defaults/main.yml +++ b/roles/prereqs/local_accounts_common/defaults/main.yml @@ -15,7 +15,6 @@ --- skip_user_group_init: false local_accounts: - - user: accumulo home: /var/lib/accumulo comment: Accumulo @@ -28,15 +27,15 @@ local_accounts: - user: cloudera-scm home: /var/lib/cloudera-scm-server comment: Cloudera Manager - mode: '770' - keystore_acl: True - key_acl: True - key_password_acl: True + mode: "770" + keystore_acl: true + key_acl: true + key_password_acl: true - user: cruisecontrol home: /var/lib/cruise_control comment: Cruise Control - keystore_acl: True + keystore_acl: true - user: druid home: /var/lib/druid @@ -46,24 +45,24 @@ local_accounts: - user: flink home: /var/lib/flink comment: Flink - keystore_acl: True + keystore_acl: true - user: ssb home: /var/lib/ssb comment: SQL Stream Builder - keystore_acl: True - key_acl: True - key_password_acl: True + keystore_acl: true + key_acl: true + key_password_acl: true - user: flume home: /var/lib/flume-ng comment: Flume - keystore_acl: True + keystore_acl: true - user: hbase home: /var/lib/hbase comment: HBase - keystore_acl: True + keystore_acl: true - user: hdfs home: /var/lib/hadoop-hdfs @@ -73,59 +72,59 @@ local_accounts: - user: hive home: /var/lib/hive comment: Hive - keystore_acl: True + keystore_acl: true - user: httpfs home: /var/lib/hadoop-httpfs comment: Hadoop HTTPFS - keystore_acl: True + keystore_acl: true - user: hue home: /usr/lib/hue comment: Hue - key_acl: True - key_password_acl: True + key_acl: true + key_password_acl: true - user: impala home: /var/lib/impala comment: Impala extra_groups: [hive] - key_acl: True - key_password_acl: True + key_acl: true + key_password_acl: true - user: kafka home: /var/lib/kafka comment: Kafka - keystore_acl: True + keystore_acl: true - user: keytrustee home: /var/lib/keytrustee comment: KeyTrustee KMS - keystore_acl: True - key_acl: True - key_password_acl: True + keystore_acl: true + key_acl: true + key_password_acl: true - user: kms home: /var/lib/hadoop-kms comment: Hadoop KMS - keystore_acl: True + keystore_acl: true - user: knox home: /var/lib/knox comment: Knox extra_groups: [hadoop] - keystore_acl: True + keystore_acl: true - user: kudu home: /var/lib/kudu comment: Kudu - key_acl: True - key_password_acl: True + key_acl: true + key_password_acl: true - user: livy home: /var/lib/livy comment: Livy - keystore_acl: True + keystore_acl: true - user: mapred home: /var/lib/hadoop-mapreduce @@ -135,12 +134,12 @@ local_accounts: - user: nifi home: /var/lib/nifi command: NiFi - keystore_acl: True + keystore_acl: true - user: nifiregistry home: /var/lib/nifiregistry command: NiFi Registry - keystore_acl: True + keystore_acl: true - user: nifi home: /var/lib/nifi @@ -153,7 +152,7 @@ local_accounts: - user: oozie home: /var/lib/oozie comment: Oozie User - keystore_acl: True + keystore_acl: true - user: phoenix home: /var/lib/phoenix @@ -177,7 +176,7 @@ local_accounts: - user: schemaregistry home: /var/lib/schemaregistry comment: Schema Registry - keystore_acl: True + keystore_acl: true - user: sentry home: /var/lib/sentry @@ -186,12 +185,12 @@ local_accounts: - user: solr home: /var/lib/solr comment: Solr - keystore_acl: True + keystore_acl: true - user: spark home: /var/lib/spark comment: Spark - keystore_acl: True + keystore_acl: true - user: spark2 home: /var/lib/spark2 @@ -209,13 +208,13 @@ local_accounts: - user: streamsmsgmgr home: /var/lib/streams_messaging_manager comment: Streams Messaging Manager - keystore_acl: True - key_acl: True + keystore_acl: true + key_acl: true - user: streamsrepmgr home: /var/lib/streams_replication_manager comment: Streams Replication Manager - keystore_acl: True + keystore_acl: true - user: superset home: /var/lib/superset @@ -229,19 +228,19 @@ local_accounts: - user: zeppelin home: /var/lib/zeppelin comment: Zeppelin - keystore_acl: True + keystore_acl: true - user: zookeeper home: /var/lib/zookeeper comment: ZooKeeper - keystore_acl: True + keystore_acl: true postgres_accounts: - user: postgres home: /var/lib/pgsql uid: 26 comment: PostgreSQL Server - mode: '770' + mode: "770" shell: /bin/bash unencrypted_key_acl: "{{ database_tls }}" @@ -250,7 +249,7 @@ mariadb_accounts: home: /var/lib/mysql uid: 27 comment: MariaDB Server - mode: '770' + mode: "770" shell: /bin/bash unencrypted_key_acl: "{{ database_tls }}" @@ -258,7 +257,7 @@ ecs_accounts: - user: cloudera-scm home: /var/lib/cloudera-scm-server comment: Cloudera Manager - mode: '770' - keystore_acl: True - key_acl: True - key_password_acl: True + mode: "770" + keystore_acl: true + key_acl: true + key_password_acl: true diff --git a/roles/prereqs/mysql_connector/tasks/main.yml b/roles/prereqs/mysql_connector/tasks/main.yml index 5df02527..3388e424 100644 --- a/roles/prereqs/mysql_connector/tasks/main.yml +++ b/roles/prereqs/mysql_connector/tasks/main.yml @@ -13,14 +13,13 @@ # limitations under the License. --- - - name: Download MySQL Connector/J get_url: url: "{{ mysql_connector_url }}" dest: "{{ mysql_connector_download_dir }}/mysql-connector-java.zip" checksum: "{{ mysql_connector_checksum }}" - mode: 0644 - become: no + mode: "0644" + become: false run_once: true delegate_to: localhost @@ -28,7 +27,7 @@ file: path: /usr/share/java state: directory - mode: 0755 + mode: "0755" - name: Install unzip package ansible.builtin.package: @@ -49,8 +48,8 @@ copy: src: "{{ mysql_connector_local_path }}" dest: /usr/share/java/mysql-connector-java.jar - remote_src: yes - mode: 0644 + remote_src: true + mode: "0644" ignore_errors: "{{ ansible_check_mode }}" # MySql on rhel8 fix @@ -75,7 +74,7 @@ dest: /usr/include/mysql/my_config.h ignore_errors: "{{ ansible_check_mode }}" -## TODO Fix for RHEL8 + ## TODO Fix for RHEL8 - name: Install Mysql packages for python - PyMySQL shell: /usr/local/bin/pip install PyMySQL --force-reinstall --ignore-installed ignore_errors: true diff --git a/roles/prereqs/oracle_connector/tasks/main.yml b/roles/prereqs/oracle_connector/tasks/main.yml index e455a107..7dc79586 100644 --- a/roles/prereqs/oracle_connector/tasks/main.yml +++ b/roles/prereqs/oracle_connector/tasks/main.yml @@ -13,10 +13,8 @@ # limitations under the License. --- - - name: Setup the Oracle JDBC Driver block: - - name: Download Oracle Connector maven_artifact: group_id: "{{ oracle_connector_group_id }}" @@ -24,7 +22,7 @@ version: "{{ oracle_connector_version }}" dest: "{{ local_temp_dir }}/{{ oracle_connector_artifact_id }}-connector-java-{{ oracle_connector_version }}.jar" repository_url: "{{ oracle_connector_maven_url }}" - become: no + become: false run_once: true connection: local delegate_to: localhost @@ -33,13 +31,13 @@ file: path: /usr/share/java state: directory - mode: 0755 + mode: "0755" - name: Copy Oracle Connector jar file to correct location copy: src: "{{ local_temp_dir }}/{{ oracle_connector_artifact_id }}-connector-java-{{ oracle_connector_version }}.jar" dest: /usr/share/java/oracle-connector-java.jar - mode: 0644 + mode: "0644" when: - not (skip_oracle_jdbc_driver_distribution | default(False)) @@ -50,7 +48,7 @@ file: path: /usr/share/oracle/instantclient/lib state: directory - mode: 0755 + mode: "0755" when: - oracle_instantclient_basic_zip is defined - oracle_instantclient_sdk_zip is defined @@ -68,14 +66,14 @@ unarchive: src: "{{ oracle_instantclient_basic_zip }}" dest: /usr/share/oracle/instantclient/lib - extra_opts: [ "-j" ] + extra_opts: ["-j"] when: oracle_instantclient_basic_zip is defined - name: Unarchive sdk instantclient unarchive: src: "{{ oracle_instantclient_sdk_zip }}" dest: /usr/share/oracle/instantclient/lib - extra_opts: [ "-j" ] + extra_opts: ["-j"] when: oracle_instantclient_sdk_zip is defined - name: Install the libaio package diff --git a/roles/prereqs/os/defaults/main.yml b/roles/prereqs/os/defaults/main.yml index c511c6ed..e1820128 100644 --- a/roles/prereqs/os/defaults/main.yml +++ b/roles/prereqs/os/defaults/main.yml @@ -15,11 +15,11 @@ --- kernel_flags: - - { key: vm.swappiness, value: '1' } - - { key: vm.overcommit_memory, value: '1' } - - { key: net.ipv6.conf.all.disable_ipv6, value: '1'} - - { key: net.ipv6.conf.default.disable_ipv6, value: '1' } - - { key: net.ipv6.conf.lo.disable_ipv6, value: '1' } + - { key: vm.swappiness, value: "1" } + - { key: vm.overcommit_memory, value: "1" } + - { key: net.ipv6.conf.all.disable_ipv6, value: "1" } + - { key: net.ipv6.conf.default.disable_ipv6, value: "1" } + - { key: net.ipv6.conf.lo.disable_ipv6, value: "1" } unnecessary_services: - bluetooth @@ -28,6 +28,6 @@ unnecessary_services: - ip6tables - postfix - tuned - - firewalld # Added for ECS deployments on RedHat + - firewalld # Added for ECS deployments on RedHat selinux_state: permissive diff --git a/roles/prereqs/os/handlers/main.yml b/roles/prereqs/os/handlers/main.yml index cf746d74..dcdc8ba4 100644 --- a/roles/prereqs/os/handlers/main.yml +++ b/roles/prereqs/os/handlers/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: restart rngd service: name: "{{ rngd_service }}" diff --git a/roles/prereqs/os/tasks/main-Debian.yml b/roles/prereqs/os/tasks/main-Debian.yml index a68c669f..9e6c6d65 100644 --- a/roles/prereqs/os/tasks/main-Debian.yml +++ b/roles/prereqs/os/tasks/main-Debian.yml @@ -15,7 +15,7 @@ --- - name: Refresh Package cache ansible.builtin.apt: - update_cache: yes + update_cache: true - name: Ensure pip is upgraded ansible.builtin.package: @@ -43,4 +43,4 @@ name: fs.protected_regular value: 0 state: present - reload: yes + reload: true diff --git a/roles/prereqs/os/tasks/main-RedHat.yml b/roles/prereqs/os/tasks/main-RedHat.yml index 1f570e26..81126420 100644 --- a/roles/prereqs/os/tasks/main-RedHat.yml +++ b/roles/prereqs/os/tasks/main-RedHat.yml @@ -27,7 +27,7 @@ ansible.builtin.package: lock_timeout: 180 name: python3 - update_cache: yes + update_cache: true state: present - name: Ensure pip3 is upgraded @@ -49,7 +49,7 @@ ansible.builtin.package: lock_timeout: 180 name: python2 - update_cache: yes + update_cache: true state: present - name: Ensure Python symlink available for Cloudera Manager and Ranger @@ -62,7 +62,7 @@ selinux: policy: targeted state: "{{ selinux_state }}" - ignore_errors: yes + ignore_errors: true - name: Disable Transparent Huge Pages until reboot shell: echo never > /sys/kernel/mm/transparent_hugepage/{{ item }} @@ -72,24 +72,24 @@ - name: Disable Transparent Huge Pages permanently lineinfile: - backup: yes + backup: true path: /etc/rc.d/rc.local line: echo never > /sys/kernel/mm/transparent_hugepage/{{ item }} - mode: 0755 + mode: "0755" with_items: - enabled - defrag - name: Disable Transparent Huge Pages in GRUB config lineinfile: - backup: yes + backup: true state: present path: /etc/default/grub - backrefs: yes + backrefs: true regexp: '^(GRUB_CMDLINE_LINUX=(?!.*hugepage)\"[^\"]+)(\".*)' - line: '\1 transparent_hugepage=never\2' - ignore_errors: yes + line: "\\1 transparent_hugepage=never\\2" + ignore_errors: true - name: Rebuild GRUB shell: grub2-mkconfig -o /boot/grub2/grub.cfg - ignore_errors: yes + ignore_errors: true diff --git a/roles/prereqs/os/tasks/main.yml b/roles/prereqs/os/tasks/main.yml index 378b2cf9..e83563b1 100644 --- a/roles/prereqs/os/tasks/main.yml +++ b/roles/prereqs/os/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Include variables include_vars: file: "{{ ansible_os_family }}.yml" @@ -28,8 +27,8 @@ name: "{{ flag.key }}" value: "{{ flag.value }}" state: present - sysctl_set: yes - reload: yes + sysctl_set: true + reload: true loop: "{{ kernel_flags }}" loop_control: loop_var: flag @@ -43,8 +42,8 @@ ansible.builtin.service: name: "{{ item }}" state: stopped - enabled: no - ignore_errors: yes # fails sometimes with systemd on centos7 where ip6tables are not present + enabled: false + ignore_errors: true # fails sometimes with systemd on centos7 where ip6tables are not present when: "item + '.service' in ansible_facts.services" with_items: "{{ unnecessary_services }}" @@ -74,7 +73,7 @@ service: name: "{{ ntp_service }}" state: started - enabled: yes + enabled: true - name: Install nscd service ansible.builtin.package: @@ -86,13 +85,13 @@ service: name: "{{ nscd_service }}" state: started - enabled: yes + enabled: true - name: Disable nscd caches for services 'passwd', 'group', 'netgroup' replace: path: /etc/nscd.conf - regexp: '^(.*enable-cache.*(passwd|group|netgroup).*)yes$' - replace: '\1no' + regexp: "^(.*enable-cache.*(passwd|group|netgroup).*)yes$" + replace: "\\1no" notify: - restart nscd diff --git a/roles/prereqs/os/tasks/rngd.yml b/roles/prereqs/os/tasks/rngd.yml index 8888312d..633bcd4e 100644 --- a/roles/prereqs/os/tasks/rngd.yml +++ b/roles/prereqs/os/tasks/rngd.yml @@ -13,17 +13,16 @@ # limitations under the License. --- - - name: Install rngd package: name: "{{ rngd_package }}" state: present - update_cache: yes + update_cache: true - name: Enable rngd service: name: "{{ rngd_service }}" - enabled: yes + enabled: true - name: Configure rngd to use /dev/urandom (RHEL/CentOS 7) template: @@ -31,7 +30,7 @@ dest: /etc/systemd/system/rngd.service owner: root group: root - mode: 0644 + mode: "0644" notify: - restart rngd when: ansible_os_family == 'RedHat' and ansible_distribution_major_version|int >= 7 diff --git a/roles/prereqs/postgresql_connector/tasks/main.yml b/roles/prereqs/postgresql_connector/tasks/main.yml index 3fbf6a18..009a628b 100644 --- a/roles/prereqs/postgresql_connector/tasks/main.yml +++ b/roles/prereqs/postgresql_connector/tasks/main.yml @@ -13,14 +13,13 @@ # limitations under the License. --- - - name: Download PostgreSQL Connector get_url: url: "{{ postgresql_connector_url }}" dest: "{{ local_temp_dir }}/postgresql-connector-java.jar" checksum: "{{ postgresql_connector_checksum }}" - mode: 0644 - become: no + mode: "0644" + become: false run_once: true delegate_to: localhost @@ -28,22 +27,22 @@ file: path: /usr/share/java state: directory - mode: 0755 + mode: "0755" - name: Copy PostgreSQL Connector jar file to correct location copy: src: "{{ local_temp_dir }}/postgresql-connector-java.jar" dest: /usr/share/java/postgresql-connector-java.jar - mode: 0644 + mode: "0644" ignore_errors: "{{ ansible_check_mode }}" # SSB will need the python3-psycopg2 connector - name: Create python3-psycopg2 directory file: - path: "/usr/share/python3" - state: directory - mode: '777' + path: "/usr/share/python3" + state: directory + mode: "777" when: install_py3_psycopg2 == true - name: Install python3-psycopg2 diff --git a/roles/prereqs/pvc_ecs/tasks/main.yml b/roles/prereqs/pvc_ecs/tasks/main.yml index a9e9e13e..527a8eed 100644 --- a/roles/prereqs/pvc_ecs/tasks/main.yml +++ b/roles/prereqs/pvc_ecs/tasks/main.yml @@ -1,5 +1,4 @@ --- - # Copyright 2023 Cloudera, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,7 +38,7 @@ ansible.builtin.package: lock_timeout: 180 name: "{{ __iptables_item }}" - update_cache: yes + update_cache: true state: present loop: - iptables @@ -54,7 +53,7 @@ - name: Flush iptables ansible.builtin.iptables: - flush: yes + flush: true table: "{{ __iptables_flush_item }}" loop: - filter @@ -65,14 +64,14 @@ loop_control: loop_var: __iptables_flush_item - ## see https://docs.rke2.io/known_issues +## see https://docs.rke2.io/known_issues - name: Set NetworkManager to ignore any ECS calico & flannel interfaces ansible.builtin.copy: src: networkmanager.conf dest: /etc/NetworkManager/conf.d/rke2-canal.config owner: root group: root - mode: 0644 + mode: "0644" when: - ansible_distribution_major_version|int >= 7 - ansible_facts.services["NetworkManager.service"]['status'] != "not-found" diff --git a/roles/prereqs/user_accounts/tasks/main.yml b/roles/prereqs/user_accounts/tasks/main.yml index 97724c8b..d629ff57 100644 --- a/roles/prereqs/user_accounts/tasks/main.yml +++ b/roles/prereqs/user_accounts/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - block: - name: Create hadoop group group: @@ -45,7 +44,7 @@ groups: "{{ account.extra_groups | default([]) }}" uid: "{{ account.uid | default(omit) }}" shell: "{{ account.shell | default('/sbin/nologin') }}" - append: yes + append: true loop: "{{ local_accounts }}" loop_control: loop_var: account diff --git a/roles/prereqs/user_accounts_ecs/defaults/main.yml b/roles/prereqs/user_accounts_ecs/defaults/main.yml index 9a629bbe..59d83eed 100644 --- a/roles/prereqs/user_accounts_ecs/defaults/main.yml +++ b/roles/prereqs/user_accounts_ecs/defaults/main.yml @@ -15,11 +15,10 @@ --- skip_user_group_init: false local_accounts: - - user: cloudera-scm home: /var/lib/cloudera-scm-server comment: Cloudera Manager - mode: '770' - keystore_acl: True - key_acl: True - key_password_acl: True + mode: "770" + keystore_acl: true + key_acl: true + key_password_acl: true diff --git a/roles/prereqs/user_accounts_ecs/tasks/main.yml b/roles/prereqs/user_accounts_ecs/tasks/main.yml index ffda52a8..6486274a 100644 --- a/roles/prereqs/user_accounts_ecs/tasks/main.yml +++ b/roles/prereqs/user_accounts_ecs/tasks/main.yml @@ -13,9 +13,7 @@ # limitations under the License. --- - - block: - - name: Create hadoop group group: name: hadoop @@ -38,7 +36,7 @@ groups: "{{ account.extra_groups | default([]) }}" uid: "{{ account.uid | default(omit) }}" shell: "{{ account.shell | default('/sbin/nologin') }}" - append: yes + append: true loop: "{{ local_accounts }}" loop_control: loop_var: account diff --git a/roles/security/tls_generate_csr/molecule/default/molecule.yml b/roles/security/tls_generate_csr/molecule/default/molecule.yml index 6ae1073a..bb330ab9 100644 --- a/roles/security/tls_generate_csr/molecule/default/molecule.yml +++ b/roles/security/tls_generate_csr/molecule/default/molecule.yml @@ -25,7 +25,7 @@ platforms: provisioner: name: ansible options: - vvv: False + vvv: false scenario: converge_sequence: - converge diff --git a/roles/security/tls_generate_csr/molecule/default/verify.yml b/roles/security/tls_generate_csr/molecule/default/verify.yml index 8fa77931..d98d9da8 100644 --- a/roles/security/tls_generate_csr/molecule/default/verify.yml +++ b/roles/security/tls_generate_csr/molecule/default/verify.yml @@ -18,6 +18,6 @@ - name: Verify hosts: all tasks: - - name: Example assertion - assert: - that: true + - name: Example assertion + assert: + that: true diff --git a/roles/security/tls_generate_csr/tasks/acls-ecs.yml b/roles/security/tls_generate_csr/tasks/acls-ecs.yml index 72d7b47f..c16c68eb 100644 --- a/roles/security/tls_generate_csr/tasks/acls-ecs.yml +++ b/roles/security/tls_generate_csr/tasks/acls-ecs.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install acls package ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" @@ -24,7 +23,7 @@ file: state: file path: "{{ tls_keystore_path }}" - mode: 0640 + mode: "0640" owner: root group: hadoop @@ -45,7 +44,7 @@ file: state: file path: "{{ tls_keystore_path_generic }}" - mode: 0640 + mode: "0640" owner: root group: hadoop @@ -66,7 +65,7 @@ file: state: file path: "{{ item }}" - mode: 0440 + mode: "0440" owner: root group: root loop: @@ -103,7 +102,7 @@ file: state: file path: "{{ tls_key_password_file }}" - mode: 0440 + mode: "0440" owner: root group: root @@ -124,7 +123,7 @@ file: state: file path: "{{ item }}" - mode: 0440 + mode: "0440" owner: root group: root loop: diff --git a/roles/security/tls_generate_csr/tasks/acls.yml b/roles/security/tls_generate_csr/tasks/acls.yml index d853471c..9d7247f9 100644 --- a/roles/security/tls_generate_csr/tasks/acls.yml +++ b/roles/security/tls_generate_csr/tasks/acls.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Install acls package ansible.builtin.package: lock_timeout: "{{ (ansible_os_family == 'RedHat') | ternary(60, omit) }}" @@ -24,7 +23,7 @@ file: state: file path: "{{ tls_keystore_path }}" - mode: 0640 + mode: "0640" owner: root group: hadoop @@ -45,7 +44,7 @@ file: state: file path: "{{ tls_keystore_path_generic }}" - mode: 0640 + mode: "0640" owner: root group: hadoop @@ -66,7 +65,7 @@ file: state: file path: "{{ item }}" - mode: 0440 + mode: "0440" owner: root group: root loop: @@ -103,7 +102,7 @@ file: state: file path: "{{ tls_key_password_file }}" - mode: 0440 + mode: "0440" owner: root group: root @@ -124,7 +123,7 @@ file: state: file path: "{{ item }}" - mode: 0440 + mode: "0440" owner: root group: root loop: diff --git a/roles/security/tls_generate_csr/tasks/main.yml b/roles/security/tls_generate_csr/tasks/main.yml index ab20f4b5..6e5785ae 100644 --- a/roles/security/tls_generate_csr/tasks/main.yml +++ b/roles/security/tls_generate_csr/tasks/main.yml @@ -13,12 +13,11 @@ # limitations under the License. --- - - name: Prepare directories for TLS file: state: directory path: "{{ dir }}" - mode: 0755 + mode: "0755" owner: root loop: - "{{ base_dir_security }}" @@ -57,7 +56,7 @@ -keystore {{ tls_keystore_path }} -alias {{ keystore_alias | default(inventory_hostname) }} -storepass {{ tls_keystore_password }} | grep PrivateKeyEntry - changed_when: False + changed_when: false - name: Export temporary PKCS12 keystore shell: @@ -128,7 +127,7 @@ src: csr.cnf.j2 dest: "{{ tls_csr_config_path }}" owner: root - mode: 0644 + mode: "0644" - name: Generate CSR shell: @@ -146,4 +145,4 @@ fetch: src: "{{ tls_csr_path }}" dest: "{{ local_csrs_dir }}/" - flat: yes + flat: true diff --git a/roles/security/tls_install_certs/tasks/main.yml b/roles/security/tls_install_certs/tasks/main.yml index 920086eb..680bf1c9 100644 --- a/roles/security/tls_install_certs/tasks/main.yml +++ b/roles/security/tls_install_certs/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Set fact for signed TLS certificates directory ansible.builtin.set_fact: tls_signed_certs_dir: "{{ local_certs_dir }}" @@ -53,8 +52,8 @@ fetch: src: "{{ cert.path }}" dest: "{{ tls_signed_certs_dir }}/{{ cert.alias }}.pem" - flat: yes - run_once: yes + flat: true + run_once: true delegate_to: "{{ cert.remote_host }}" loop: "{{ tls_ca_certs }}" loop_control: @@ -62,7 +61,7 @@ when: cert.remote_host is defined - name: Check if signed cert is available - become: no + become: false delegate_to: localhost stat: path: "{{ tls_signed_certs_dir }}/{{ inventory_hostname }}.pem" @@ -85,7 +84,7 @@ copy: src: "{{ tls_signed_certs_dir }}/{{ inventory_hostname }}.pem" dest: "{{ base_dir_security_pki }}/" - mode: 0644 + mode: "0644" when: not signed_cert_remote.stat.exists - name: Copy CA certs to hosts @@ -97,7 +96,7 @@ else cacert.path }} dest: "{{ base_dir_security_pki }}/{{ cacert.alias }}.pem" - mode: 0644 + mode: "0644" loop: "{{ tls_ca_certs }}" loop_control: loop_var: cacert @@ -118,7 +117,7 @@ src: "{{ tls_cert_path }}" dest: "{{ tls_cert_path_generic }}" state: hard - mode: 0644 + mode: "0644" owner: root group: root @@ -183,23 +182,23 @@ - name: Update OS trust stores block: - - copy: - src: "{{ base_dir_security_pki }}/{{ cacert.alias }}.pem" - dest: /etc/pki/ca-trust/source/anchors/ - mode: 0644 - remote_src: yes - loop: "{{ tls_ca_certs }}" - loop_control: - loop_var: cacert - - shell: - cmd: update-ca-trust extract + - copy: + src: "{{ base_dir_security_pki }}/{{ cacert.alias }}.pem" + dest: /etc/pki/ca-trust/source/anchors/ + mode: "0644" + remote_src: true + loop: "{{ tls_ca_certs }}" + loop_control: + loop_var: cacert + - shell: + cmd: update-ca-trust extract when: ansible_os_family == "RedHat" - name: Find system cacerts file find: paths: "{{ jdk_java_cacerts_paths }}" pattern: "cacerts" - follow: yes + follow: true file_type: any register: java_cacerts when: diff --git a/roles/security/tls_nifi/tasks/main.yml b/roles/security/tls_nifi/tasks/main.yml index 4f701dd7..ddfc4fe8 100644 --- a/roles/security/tls_nifi/tasks/main.yml +++ b/roles/security/tls_nifi/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Ensure the NiFi home directory exists file: path: "{{ nifi_dir_path }}" diff --git a/roles/security/tls_signing/tasks/csr_signing_local.yml b/roles/security/tls_signing/tasks/csr_signing_local.yml index d66f4799..02acb4bb 100644 --- a/roles/security/tls_signing/tasks/csr_signing_local.yml +++ b/roles/security/tls_signing/tasks/csr_signing_local.yml @@ -13,12 +13,11 @@ # limitations under the License. --- - - name: Copy CSRs to CA server ansible.builtin.copy: src: "{{ local_csrs_dir }}/{{ inventory_hostname }}.csr" dest: "{{ ca_server_intermediate_path_csr }}/" - mode: 0644 + mode: "0644" delegate_to: "{{ groups.ca_server | first }}" connection: ssh @@ -46,6 +45,6 @@ ansible.builtin.fetch: src: "{{ ca_server_intermediate_path_certs }}/{{ inventory_hostname }}.pem" dest: "{{ local_certs_dir }}/" - flat: yes + flat: true delegate_to: "{{ groups.ca_server | first }}" connection: ssh diff --git a/roles/security/tls_signing/tasks/main.yml b/roles/security/tls_signing/tasks/main.yml index dba63eac..4cb2e9f2 100644 --- a/roles/security/tls_signing/tasks/main.yml +++ b/roles/security/tls_signing/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Sign CSRs with locally installed CA include_tasks: csr_signing_local.yml when: "'ca_server' in groups" diff --git a/roles/security/tls_signing/tasks/signing_freeipa.yml b/roles/security/tls_signing/tasks/signing_freeipa.yml index 30322805..bca23231 100644 --- a/roles/security/tls_signing/tasks/signing_freeipa.yml +++ b/roles/security/tls_signing/tasks/signing_freeipa.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - # ZOOKEEPER-3832 # - name: Sign the private key # shell: @@ -33,14 +32,14 @@ - name: Sign the private key shell: cmd: | - kinit -kt /etc/krb5.keytab "host/{{ inventory_hostname }}" - trap kdestroy EXIT - ipa cert-request \ - "{{ base_dir_security_pki }}/{{ inventory_hostname }}.csr" \ - --principal "host/{{ inventory_hostname }}" \ - --certificate-out "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" || ( - rm "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" - exit 1 - ) - chmod 644 "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" + kinit -kt /etc/krb5.keytab "host/{{ inventory_hostname }}" + trap kdestroy EXIT + ipa cert-request \ + "{{ base_dir_security_pki }}/{{ inventory_hostname }}.csr" \ + --principal "host/{{ inventory_hostname }}" \ + --certificate-out "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" || ( + rm "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" + exit 1 + ) + chmod 644 "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" creates: "{{ base_dir_security_pki }}/{{ inventory_hostname }}.pem" diff --git a/roles/teardown/meta/main.yml b/roles/teardown/meta/main.yml index 51a44df1..0b9e5a4d 100644 --- a/roles/teardown/meta/main.yml +++ b/roles/teardown/meta/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - - dependencies: - role: cloudera.cluster.cloudera_manager.common - role: cloudera.cluster.deployment.definition diff --git a/roles/teardown/tasks/main.yml b/roles/teardown/tasks/main.yml index 60437a43..997c50b1 100644 --- a/roles/teardown/tasks/main.yml +++ b/roles/teardown/tasks/main.yml @@ -13,11 +13,10 @@ # limitations under the License. --- - - name: Include config cluster defaults for deployment ansible.builtin.include_role: name: cloudera.cluster.config.cluster.common - public: yes + public: true - name: Ensure properly configured assert: @@ -83,7 +82,7 @@ stop_cluster_before_delete: true cluster: "{{ default_cluster_compute | combine(_cluster) }}" run_once: true - ignore_errors: '{{ ansible_check_mode }}' + ignore_errors: "{{ ansible_check_mode }}" loop: "{{ definition.clusters }}" loop_control: label: "{{ cluster.name }}" @@ -101,7 +100,7 @@ stop_cluster_before_delete: true cluster: "{{ default_cluster_base | combine(_cluster) }}" run_once: true - ignore_errors: '{{ ansible_check_mode }}' + ignore_errors: "{{ ansible_check_mode }}" loop: "{{ definition.clusters }}" loop_control: label: "{{ cluster.name }}" @@ -119,7 +118,7 @@ stop_cluster_before_delete: true cluster: "{{ default_cluster_kts | combine(_cluster) }}" run_once: true - ignore_errors: '{{ ansible_check_mode }}' + ignore_errors: "{{ ansible_check_mode }}" loop: "{{ definition.clusters }}" loop_control: label: "{{ cluster.name }}" @@ -140,7 +139,7 @@ when: - teardown_everything | default(false) or teardown_cms | default(false) - not (teardown_skip_cluster_deletion | default(false)) - ignore_errors: '{{ ansible_check_mode }}' + ignore_errors: "{{ ansible_check_mode }}" - name: Teardown Cloudera agent include_tasks: teardown_cloudera_agent.yml @@ -243,7 +242,7 @@ service: name: haproxy state: stopped - enabled: no + enabled: false when: - "'haproxy' in group_names" - teardown_everything | default(false) diff --git a/roles/teardown/tasks/teardown_cdsw.yml b/roles/teardown/tasks/teardown_cdsw.yml index 9ccec7e0..e0b939a8 100644 --- a/roles/teardown/tasks/teardown_cdsw.yml +++ b/roles/teardown/tasks/teardown_cdsw.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate merged configs (base) include_role: name: cloudera.cluster.config.cluster.base diff --git a/roles/teardown/tasks/teardown_cloudera_agent.yml b/roles/teardown/tasks/teardown_cloudera_agent.yml index 10cfda01..e54e5f66 100644 --- a/roles/teardown/tasks/teardown_cloudera_agent.yml +++ b/roles/teardown/tasks/teardown_cloudera_agent.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/roles/teardown/tasks/teardown_cloudera_server.yml b/roles/teardown/tasks/teardown_cloudera_server.yml index 53bc9ad8..7d1b2b42 100644 --- a/roles/teardown/tasks/teardown_cloudera_server.yml +++ b/roles/teardown/tasks/teardown_cloudera_server.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,7 +17,7 @@ service: name: cloudera-scm-server state: stopped - enabled: no + enabled: false ignore_errors: true - name: Remove Cloudera manager package diff --git a/roles/teardown/tasks/teardown_cluster.yml b/roles/teardown/tasks/teardown_cluster.yml index 3566261b..2085a469 100644 --- a/roles/teardown/tasks/teardown_cluster.yml +++ b/roles/teardown/tasks/teardown_cluster.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate merged configs (base, compute) include_role: name: cloudera.cluster.config.cluster.base @@ -66,5 +65,5 @@ loop_var: database run_once: true when: - - cluster.services is defined - - database.key in cluster.services + - cluster.services is defined + - database.key in cluster.services diff --git a/roles/teardown/tasks/teardown_cms.yml b/roles/teardown/tasks/teardown_cms.yml index b2b83e9a..92bb1c63 100644 --- a/roles/teardown/tasks/teardown_cms.yml +++ b/roles/teardown/tasks/teardown_cms.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Generate merged configs include_role: name: cloudera.cluster.config.services.mgmt diff --git a/roles/teardown/tasks/teardown_cms_role_directories.yml b/roles/teardown/tasks/teardown_cms_role_directories.yml index 857cd39b..2906a0e0 100644 --- a/roles/teardown/tasks/teardown_cms_role_directories.yml +++ b/roles/teardown/tasks/teardown_cms_role_directories.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove service role directories include_tasks: teardown_cms_role_directory.yml loop: "{{ service.directories_confs }}" diff --git a/roles/teardown/tasks/teardown_cms_role_directory.yml b/roles/teardown/tasks/teardown_cms_role_directory.yml index 8a7caf7f..3ac34252 100644 --- a/roles/teardown/tasks/teardown_cms_role_directory.yml +++ b/roles/teardown/tasks/teardown_cms_role_directory.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove service role directory file: path: "{{ directory }}" diff --git a/roles/teardown/tasks/teardown_database.yml b/roles/teardown/tasks/teardown_database.yml index 319ce563..b4d725a2 100644 --- a/roles/teardown/tasks/teardown_database.yml +++ b/roles/teardown/tasks/teardown_database.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - set_fact: has_oracle_client: >- {{ @@ -42,7 +41,7 @@ name: "{{ database.value.name }}" state: absent delegate_to: "{{ database.value.host }}" - become: yes + become: true when: - database.value.type in ['mariadb', 'mysql'] - database.value.host in groups.db_server @@ -52,7 +51,7 @@ name: "{{ database.value.name }}" state: absent delegate_to: "{{ database.value.host }}" - become: yes + become: true become_user: postgres when: - database.value.type == 'postgresql' @@ -63,7 +62,7 @@ name: "{{ database.value.user }}" state: absent delegate_to: "{{ database.value.host }}" - become: yes + become: true when: - database.value.type in ['mariadb', 'mysql'] - database.value.host in groups.db_server @@ -73,7 +72,7 @@ name: "{{ database.value.user }}" state: absent delegate_to: "{{ database.value.host }}" - become: yes + become: true become_user: postgres when: - database.value.type == 'postgresql' @@ -89,7 +88,7 @@ {{ lookup('file', 'oracle_drop.sql') }} EOF sqlplus "{{ database.value.user }}/{{ database.value.password }}@{{ database.value.host }}:{{ database.value.port | default(1521) }}/{{ database.value.name }}" @$ORACLE_TMP - delegate_to: "{{ teardown_oracle_client_host }}" - become: yes + delegate_to: "{{ teardown_oracle_client_host }}" + become: true become_user: "{{ teardown_oracle_user }}" when: has_oracle_client diff --git a/roles/teardown/tasks/teardown_ecs.yml b/roles/teardown/tasks/teardown_ecs.yml index 4d9b22b0..df296c53 100644 --- a/roles/teardown/tasks/teardown_ecs.yml +++ b/roles/teardown/tasks/teardown_ecs.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - #- name: Include config cluster defaults for deployment # ansible.builtin.include_role: # name: cloudera.cluster.config.cluster.base @@ -86,10 +85,9 @@ rm -rf /var/log/pods/* ignore_errors: true - - name: Flush and Delete IPTables ansible.builtin.iptables: - flush: yes + flush: true table: "{{ __iptables_flush_item }}" loop: - filter diff --git a/roles/teardown/tasks/teardown_kms.yml b/roles/teardown/tasks/teardown_kms.yml index 4ea4d729..09f72fd1 100644 --- a/roles/teardown/tasks/teardown_kms.yml +++ b/roles/teardown/tasks/teardown_kms.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove the KMS directory file: path: /var/lib/kms-keytrustee diff --git a/roles/teardown/tasks/teardown_role_directories.yml b/roles/teardown/tasks/teardown_role_directories.yml index 0312aefe..808afdb0 100644 --- a/roles/teardown/tasks/teardown_role_directories.yml +++ b/roles/teardown/tasks/teardown_role_directories.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove cluster role directories include_tasks: teardown_role_directory.yml loop: "{{ role.directories_confs }}" diff --git a/roles/teardown/tasks/teardown_role_directory.yml b/roles/teardown/tasks/teardown_role_directory.yml index fe3f88ef..47bb5c52 100644 --- a/roles/teardown/tasks/teardown_role_directory.yml +++ b/roles/teardown/tasks/teardown_role_directory.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove cluster role directory file: path: "{{ directory }}" diff --git a/roles/teardown/tasks/teardown_service_directories.yml b/roles/teardown/tasks/teardown_service_directories.yml index bd1624ea..9c020c15 100644 --- a/roles/teardown/tasks/teardown_service_directories.yml +++ b/roles/teardown/tasks/teardown_service_directories.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Remove all cluster role directories include_tasks: teardown_role_directories.yml loop: "{{ service.roles|dict2items(key_name='name', value_name='directories_confs') }}" diff --git a/roles/teardown/vars/main.yml b/roles/teardown/vars/main.yml index 53071c9b..81d0b43b 100644 --- a/roles/teardown/vars/main.yml +++ b/roles/teardown/vars/main.yml @@ -1,3 +1,4 @@ +--- # Copyright 2023 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -100,7 +101,6 @@ base_cluster_directories: - zk_server_log_dir kts_cluster_directories: {} - cms_directories: ACTIVITYMONITOR: - mgmt_log_dir diff --git a/roles/verify/definition/tasks/main.yml b/roles/verify/definition/tasks/main.yml index d774b8dc..ee53aa8d 100644 --- a/roles/verify/definition/tasks/main.yml +++ b/roles/verify/definition/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - # Inventory specific - block: - set_fact: @@ -104,7 +103,7 @@ that: "{{ krb5_kdc_host is not defined and 'krb5_server' not in groups }}" success_msg: "Kerberos is not configured on any cluster and the KDC host is not set" fail_msg: "The KDC host is configured but no cluster is configured to use Kerberos" - ignore_errors: yes + ignore_errors: true when: not expect_kerberos - name: Ensure that Kerberos is specified when used @@ -201,20 +200,20 @@ - block: - set_fact: kerberos_clusters: >- - {{ - definition - | json_query("clusters[?security.kerberos].name") - }} + {{ + definition + | json_query("clusters[?security.kerberos].name") + }} ranger_clusters: >- - {{ - definition - | json_query('clusters[?services] | [?contains(services, `RANGER`)].name') - }} + {{ + definition + | json_query('clusters[?services] | [?contains(services, `RANGER`)].name') + }} sentry_clusters: >- - {{ - definition - | json_query('clusters[?services] | [?contains(services, `SENTRY`)].name') - }} + {{ + definition + | json_query('clusters[?services] | [?contains(services, `SENTRY`)].name') + }} - name: Ensure that Kerberos is enabled alongside Ranger and Sentry assert: that: "{{ ranger_clusters | union(sentry_clusters) | difference(kerberos_clusters) | length == 0 }}" @@ -226,7 +225,7 @@ that: "{{ kerberos_clusters | difference(ranger_clusters | union(sentry_clusters)) | length == 0 }}" success_msg: "Ranger or Sentry is present on each cluster with Kerberos" fail_msg: "Ranger or Sentry should be present on each cluster with Kerberos" - ignore_errors: yes + ignore_errors: true when: kerberos_clusters | length > 0 ## ZooKeeper diff --git a/roles/verify/inventory/tasks/main.yml b/roles/verify/inventory/tasks/main.yml index d17ad5a3..62d2b468 100644 --- a/roles/verify/inventory/tasks/main.yml +++ b/roles/verify/inventory/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Fail if inventory groups are empty fail: msg: Ensure that all inventory groups are non-empty @@ -36,15 +35,15 @@ - block: - set_fact: cluster_hosts: >- - {{ groups.cluster | default([]) - | union( - (groups.cloudera_manager | default([]) - | union( - groups.ecs_nodes | default([]) - ) + {{ groups.cluster | default([]) + | union( + (groups.cloudera_manager | default([]) + | union( + groups.ecs_nodes | default([]) ) - ) - }} + ) + ) + }} - name: Ensure that all hosts requiring TLS certificates have a FreeIPA client assert: diff --git a/roles/verify/parcels_and_roles/tasks/check_cluster.yml b/roles/verify/parcels_and_roles/tasks/check_cluster.yml index 4a35381b..924bd289 100644 --- a/roles/verify/parcels_and_roles/tasks/check_cluster.yml +++ b/roles/verify/parcels_and_roles/tasks/check_cluster.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Retrieve repository metadata include_role: name: cloudera.cluster.deployment.repometa diff --git a/roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml b/roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml index 0cb77783..d2200e1a 100644 --- a/roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml +++ b/roles/verify/parcels_and_roles/tasks/check_cluster_config_roles.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - block: - set_fact: invalid_roles: >- diff --git a/roles/verify/parcels_and_roles/tasks/check_template.yml b/roles/verify/parcels_and_roles/tasks/check_template.yml index 5847d191..5b328a06 100644 --- a/roles/verify/parcels_and_roles/tasks/check_template.yml +++ b/roles/verify/parcels_and_roles/tasks/check_template.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Host template being checked debug: msg: "{{ host_template.name }}" diff --git a/roles/verify/parcels_and_roles/tasks/check_template_roles.yml b/roles/verify/parcels_and_roles/tasks/check_template_roles.yml index 71b3b2b7..26602f87 100644 --- a/roles/verify/parcels_and_roles/tasks/check_template_roles.yml +++ b/roles/verify/parcels_and_roles/tasks/check_template_roles.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - block: - set_fact: invalid_roles: >- diff --git a/roles/verify/parcels_and_roles/tasks/main.yml b/roles/verify/parcels_and_roles/tasks/main.yml index d9490b66..08d2cf9c 100644 --- a/roles/verify/parcels_and_roles/tasks/main.yml +++ b/roles/verify/parcels_and_roles/tasks/main.yml @@ -13,7 +13,6 @@ # limitations under the License. --- - - name: Ensure cluster services and roles are valid include_tasks: check_cluster.yml loop: "{{ definition.clusters }}" diff --git a/tests/config.yml b/tests/config.yml index 2969e7a8..95865ea2 100644 --- a/tests/config.yml +++ b/tests/config.yml @@ -1,3 +1,4 @@ +--- # Copyright 2024 Cloudera, Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,4 +19,4 @@ # - https://github.com/ansible/ansible/blob/devel/test/lib/ansible_test/config/config.yml modules: - python_requires: '>=3.6' + python_requires: ">=3.6" diff --git a/tests/unit/plugins/modules/cluster/example.yml b/tests/unit/plugins/modules/cluster/example.yml index 2f128db5..d213e77c 100644 --- a/tests/unit/plugins/modules/cluster/example.yml +++ b/tests/unit/plugins/modules/cluster/example.yml @@ -1,3 +1,4 @@ +--- # Copyright 2024 Cloudera, Inc. # # Licensed under the Apache License, Version 2.0 (the "License");