profile
viewpoint
Daniel Pendolino dpendolino Counter Hack Challenges, LLC New Jersey http://pendolino.info

ansible-community/ansible-lint 2327

Best practices checker for Ansible

dpendolino/ansible-role-wordpress 1

Ansible Role WordPress - Role for Ansible in Ansible Galaxy to install WordPress with a webserver (Nginx or Apache2)

dpendolino/android 0

The ownCloud Android App

dpendolino/ansible 0

Ansible Playbooks

dpendolino/ansible-lint 0

Best practices checker for Ansible

dpendolino/ansible-node-exporter 0

Provision basic metrics exporter for prometheus monitoring tool

dpendolino/ansible-role-certbot-auto 0

Install cerbot-auto wrapper script

dpendolino/bash-boilerplate 0

A simple starting point for bash scripts

dpendolino/basic-node 0

Continuous integration for a basic Node.js project with Shippable https://www.shippable.com

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha 4f4db4cdf20d856d5846a9cca1df9b118ee4ff36

Auto-detect roles from collection layouts (#1229) Assures that if roles folder exists it is added to Ansible role paths but only if user did not already define this variable. This enables us to easily lint collections and avoid the less convenient workarounds. Follow-Up: #1226

view details

Sorin Sbarnea

commit sha 84d5668cc847c78ab3b844fe3e204bc008d60de8

E911: Included details about empty playbooks (#1230) Ansible fails syntax check on empty playbooks and this includes the error from Ansible when this happens instead of the generic syntax error match error.

view details

Sorin Sbarnea

commit sha d7cc67d67d9c3a7187ad80d7d475bace968327e2

Auto install requirements into temp directory (#1231) If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

Sorin Sbarnea

commit sha a9265b2a8473617e44783b15692dee414c2ec6c3

Refactor logging - Makes use of enrich log formatter in order to add coloring to log messages - Use a single logger instance across the entire application

view details

push time in an hour

delete branch ansible-community/ansible-lint

delete branch : fix/annotations

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : bugfixes/allow-devel-fail

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : refactoring/sphinx-ext-directive

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : feature/platforms

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : renovate/configure

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : testing/enable-pytest-xdist

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : maintenance/gh-native-contributing

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v3.4.16-rc1

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v3.4.0

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v3.0

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v2.7

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v2.6.2

delete time in 2 hours

delete branch ansible-community/ansible-lint

delete branch : v2.6

delete time in 2 hours

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha d7cc67d67d9c3a7187ad80d7d475bace968327e2

Auto install requirements into temp directory (#1231) If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

push time in 2 hours

issue closedansible-community/ansible-lint

detect and auto-install requirements.yml before linting

In order to avoid errors caused by missing collections the linter should attempt to install requirements.yml files when detected.

This would prove especially handy when it called from pre-commit.

One aspect that is not sure is related to the lack of isolation context, as galaxy would install the role to default user location. Is this and acceptable behavior?

closed time in 2 hours

ssbarnea

delete branch ansible-community/ansible-lint

delete branch : 0/auto-add-roles

delete time in 2 hours

PR merged ansible-community/ansible-lint

Reviewers
Auto install requirements into temp directory enhancement

If requirements.yml is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules.

+56 -5

0 comment

4 changed files

ssbarnea

pr closed time in 2 hours

Pull request review commentansible-community/ansible-lint

Auto install requirements into temp directory

 def prepare_environment() -> None:         os.environ['ANSIBLE_ROLES_PATH'] = "roles"         print("Added ANSIBLE_ROLES_PATH=roles", file=sys.stderr) +    if os.path.exists("requirements.yml"):++        cmd = [+            "ansible-galaxy",+            "install",+            "--roles-path",+            ".cache/roles",+            "-vr",+            "requirements.yml"+            ]++        print("Running %s" % " ".join(cmd))+        run = subprocess.run(+            cmd,+            universal_newlines=True,+            check=False,+            stdout=subprocess.PIPE,+            stderr=subprocess.PIPE,+        )+        if run.returncode != 0:+            sys.exit(run.returncode)++        cmd = [+            "ansible-galaxy",+            "collection",+            "install",+            "-p",+            ".cache/collections",+            "-vr",+            "requirements.yml"+            ]++        print("Running %s" % " ".join(cmd))+        run = subprocess.run(+            cmd,+            universal_newlines=True,+            check=False,+            stdout=subprocess.PIPE,+            stderr=subprocess.PIPE,+        )+        if run.returncode != 0:+            sys.exit(run.returncode)++        os.environ['ANSIBLE_ROLES_PATH'] = f".cache/roles:{os.environ['ANSIBLE_ROLES_PATH']}"+        if 'ANSIBLE_COLLECTIONS_PATHS' in os.environ:

Fixed.

ssbarnea

comment created time in 3 hours

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha 833c505bf70877ca43a49867881d313ce4a2fb4e

Auto install requirements into temp directory If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

push time in 3 hours

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha 4727b95cb996b1c7c44df801108fce29a872edc9

Auto install requirements into temp directory If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

push time in 3 hours

issue openedansible-community/ansible-lint

Rule 602 (Don’t compare to empty string) find an error in shell script

<!--- Verify first that your issue is not already reported on GitHub --> <!--- Also test if the latest release and master branch are affected too -->

Summary

<!--- Explain the problem briefly below --> Linter finds an error of the rule 602 in shell code

Issue Type
  • Bug Report
Ansible and Ansible Lint details

<!--- Paste verbatim output between tripple backticks -->

ansible 2.10.4

ansible-lint 5.0.0a1.dev8

  • ansible installation method: pip
  • ansible-lint installation method: pip
OS / ENVIRONMENT

<!--- Provide all relevant information below, e.g. target OS versions, network device firmware, etc. --> Run in docker. Dockerfile:

FROM python:3.6

WORKDIR /usr/src/app

RUN pip install git+https://github.com/ansible-community/ansible-lint "ansible"

RUN ansible  --version

RUN ansible-lint --version

RUN echo "---\n- hosts: localhost\n  gather_facts: no\n  tasks:\n\
  - name: Reproduce the bug in the rule 602\n    shell: |\n\
      var=\$(pwd)\n      if [[ \"\$var\" == \"\" ]]; then echo test; fi\n    changed_when

RUN cat test.yml

RUN ansible-lint --force-color --show-relpath test.yml
STEPS TO REPRODUCE

<!--- Describe exactly how to reproduce the problem, using a minimal test-case -->

<!--- Paste example playbooks or commands between tripple backticks below -->

docker build --rm -f Dockerfile .

<!--- HINT: You can paste gist.github.com links for larger files -->

Desired Behaviour

<!--- Describe what you expected to happen when running the steps above --> No error message

Actual Behaviour

<!--- Describe what actually happened. If possible run with extra verbosity (-vvvv) -->

Please give some details of what is actually happening. Include a minimum complete verifiable example with:

  • playbook
  • output of running ansible-lint
  • if you're getting a stack trace, output of ansible-playbook --syntax-check playbook

<!--- Paste verbatim command output between tripple backticks -->

Step 1/9 : FROM python:3.6
 ---> bd4a91d81d7e
Step 2/9 : WORKDIR /usr/src/app
 ---> Using cache
 ---> 6b223c53a8f1
Step 3/9 : RUN pip install git+https://github.com/ansible-community/ansible-lint "ansible"
 ---> Using cache
 ---> 6af3b1194721
Step 4/9 : RUN ansible  --version
 ---> Running in c2b07e26d819
ansible 2.10.4
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.6.12 (default, Dec 18 2020, 06:04:50) [GCC 8.3.0]
Removing intermediate container c2b07e26d819
 ---> e319230a42c3
Step 5/9 : RUN ansible-lint --version
 ---> Running in 6130591acb07
ansible-lint 5.0.0a1.dev8
Removing intermediate container 6130591acb07
 ---> 5b4fde26df0d
Step 6/9 : RUN echo "---\n- hosts: localhost\n  gather_facts: no\n  tasks:\n  - name: Reproduce the bug in the rule 602\n    shell: |\n      var=\$(pwd)\n      if [[ \"\$var\" == \"\" ]]; then echo test; fi\n    changed_when: False" > test.yml
 ---> Running in 3d5ba620c413
Removing intermediate container 3d5ba620c413
 ---> 59509ff20919
Step 7/9 : RUN cat test.yml
 ---> Running in 736962797dc1
---
- hosts: localhost
  gather_facts: no
  tasks:
  - name: Reproduce the bug in the rule 602
    shell: |
      var=$(pwd)
      if [[ "$var" == "" ]]; then echo test; fi
    changed_when: False
Removing intermediate container 736962797dc1
 ---> af9ed683e9e1
Step 8/9 : RUN ansible-lint --force-color --show-relpath test.yml
 ---> Running in 62d37ee100d5
WARNING  Listing 1 violation(s) that are fatal
602: Don't compare to empty string
test.yml:8       if [[ "$var" == "" ]]; then echo test; fi
You can skip specific rules or tags by adding them to your configuration file:
# .ansible-lint
warn_list:  # or 'skip_list' to silence them completely
  - '602'  # Don't compare to empty string
Finished with 1 failure(s), 0 warning(s) on 1 files.
The command '/bin/sh -c ansible-lint --force-color --show-relpath test.yml' returned a non-zero code: 2

created time in a day

Pull request review commentansible-community/ansible-lint

Auto install requirements into temp directory

 def prepare_environment() -> None:         os.environ['ANSIBLE_ROLES_PATH'] = "roles"         print("Added ANSIBLE_ROLES_PATH=roles", file=sys.stderr) +    if os.path.exists("requirements.yml"):++        cmd = [+            "ansible-galaxy",+            "install",+            "--roles-path",+            ".cache/roles",+            "-vr",+            "requirements.yml"+            ]++        print("Running %s" % " ".join(cmd))+        run = subprocess.run(+            cmd,+            universal_newlines=True,+            check=False,+            stdout=subprocess.PIPE,+            stderr=subprocess.PIPE,+        )+        if run.returncode != 0:+            sys.exit(run.returncode)++        cmd = [+            "ansible-galaxy",+            "collection",+            "install",+            "-p",+            ".cache/collections",+            "-vr",+            "requirements.yml"+            ]++        print("Running %s" % " ".join(cmd))+        run = subprocess.run(+            cmd,+            universal_newlines=True,+            check=False,+            stdout=subprocess.PIPE,+            stderr=subprocess.PIPE,+        )+        if run.returncode != 0:+            sys.exit(run.returncode)++        os.environ['ANSIBLE_ROLES_PATH'] = f".cache/roles:{os.environ['ANSIBLE_ROLES_PATH']}"+        if 'ANSIBLE_COLLECTIONS_PATHS' in os.environ:

Why is line 87 guarded, but line 86 is not? Is there a guarantee somewhere that ANSIBLE_ROLES_PATH exists?

ssbarnea

comment created time in 2 days

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha ed06270979e5a644220cb18ee096dd97353b4c26

Auto install requirements into temp directory If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

push time in 2 days

push eventansible-community/ansible-lint

Sorin Sbarnea

commit sha 5117a4fc20c8ddd3587a9e42739f9b4fef221688

Auto install requirements into temp directory If `requirements.yml` is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules. Fixes: #930

view details

push time in 2 days

PR opened ansible-community/ansible-lint

Auto install requirements into temp directory

If requirements.yml is found, install roles and collections from it into a temporary folder in order to avoid runtime errors when ansible would not be able to find roles or modules.

+51 -0

0 comment

1 changed file

pr created time in 2 days

create barnchansible-community/ansible-lint

branch : 0/auto-add-roles

created branch time in 2 days

issue closedansible-community/ansible-lint

[503] "Tasks that run when changed should likely be handlers" is too opinionated and annoying

Issue Type

  • Bug report

Ansible and Ansible Lint details

$ ansible --version
ansible 2.7.4
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/Users/jeff.geerling/.ansible/plugins/modules',u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.15 (default, Jul 23 2018, 21:27:06) [GCC 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2)]

$ ansible-lint --version
ansible-lint 3.5.1
  • ansible installation method: pip
  • ansible-lint installation method: pip

Desired Behaviour

Reacting to a change (e.g. when: something.changed) is useful for many scenarios where using a handler is way too heavyweight.

Actual Behaviour (Bug report only)

If I do something like "clone a repo, if it was changed, do xyz before doing other things", then I get the following report:

[503] Tasks that run when changed should likely be handlers
/Users/jeff.geerling/Dropbox/VMs/roles/geerlingguy.drush/tasks/install-source.yml:17
Task/Handler: Ensure Drush can be installed on Debian Wheezy.

[503] Tasks that run when changed should likely be handlers
/Users/jeff.geerling/Dropbox/VMs/roles/geerlingguy.drush/tasks/install-source.yml:26
Task/Handler: Install Drush dependencies with Composer.

Here's that example code:

- name: Clone Drush from GitHub.
  git:
    repo: https://github.com/drush-ops/drush.git
    dest: "{{ drush_source_install_path }}"
    version: "{{ drush_source_install_version }}"
    update: "{{ drush_keep_updated }}"
    force: "{{ drush_force_update }}"
    depth: "{{ drush_clone_depth }}"
  register: drush_clone

- name: Check for composer.json
  stat: path={{ drush_source_install_path }}/composer.json
  register: drush_composer

# See: https://github.com/geerlingguy/ansible-role-drush/issues/6
- name: Ensure Drush can be installed on Debian Wheezy.
  command: >
    {{ composer_path }} update {{ drush_composer_cli_options }}
    chdir={{ drush_source_install_path }}
  when:
    - drush_clone.changed and ansible_distribution == "Debian"
    - ansible_distribution_release == "wheezy"
    - drush_composer.stat.exists

- name: Install Drush dependencies with Composer.
  command: >
    {{ composer_path }} install {{ drush_composer_cli_options }}
    chdir={{ drush_source_install_path }}
  when: (drush_clone.changed and drush_composer.stat.exists) or drush_force_composer_install

Actual code: https://github.com/geerlingguy/ansible-role-drush/blob/master/tasks/install-source.yml#L2-L25

I have rewritten these tasks to use handlers, and it ends up being an extra 5-10 lines of code overall, and it makes the flow of the tasks way more complex... plus I have to do a meta: flush_handlers inline, since I need the follow-up tasks to execute now before other parts of my role (which could be affected by the new code) have a chance to run.

I think having to call meta: flush_handlers can also be slightly dangerous (and IMO is a code smell) because you might be calling a bunch of other handlers if nothing else has flushed them by the time this particular role runs.

While I think this is a warning and not an 'error', it still dings my module's 'quality score' on Ansible Galaxy, and also fails my builds in Travis CI (exit code is 2 and not 0), so I would vote for dropping it entirely, or finding a way to report it as more a general info thing (instead of exiting with a non-0 failure).

closed time in 2 days

geerlingguy

issue commentansible-community/ansible-lint

[503] "Tasks that run when changed should likely be handlers" is too opinionated and annoying

I am closing it as no PR was made and because disabling it would upset a considerable number of users that want to know about possible problems with their code.

Unless someone comes with another brilliant idea, I think that those affect can either disable the entire rule, make it a warning or use localized noqa.

geerlingguy

comment created time in 2 days

pull request commentBSidesSF/ctf-2019-release

Bump json from 2.1.0 to 2.3.1 in /challenges/decrypto/challenge

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

dependabot[bot]

comment created time in 2 days

more