ansible-lint fix

demo-idp/playbook.yml

@@ -60,6 +60,7 @@
   become: true
   vars:
     provision_postgres: "true"
+    ansible_ssh_pipelining: true
   hosts: postgres-hosts
   roles:
     - role: postgres

demo-idp/roles/postgres/defaults/main.yml

@@ -1,3 +1,3 @@
-keycloak_postgres_db: keycloak
-keycloak_postgres_user: keycloak
-install_postgres: "true"
+postgres_keycloak_db: keycloak
+postgres_keycloak_user: keycloak
+postgres_install: "true"

demo-idp/roles/postgres/tasks/cleanup.yml

@@ -2,12 +2,14 @@
 ---
 - name: Remove keycloak database
   become_user: postgres
+  become: true
   community.postgresql.postgresql_db:
-    name: "{{ keycloak_postgres_db }}"
+    name: "{{ postgres_keycloak_db }}"
     state: absent
 
 - name: Remove keycloak database user
   become_user: postgres
+  become: true
   community.postgresql.postgresql_user:
-    name: "{{ keycloak_postgres_user }}"
+    name: "{{ postgres_keycloak_user }}"
     state: absent

demo-idp/roles/postgres/tasks/main.yml

@@ -1,7 +1,7 @@
 # code: language=ansible
 ---
 - name: Install postgresql
-  when: install_postgres == 'true'
+  when: postgres_install == 'true'
   community.general.zypper:
     name:
       - postgresql15
@@ -25,6 +25,7 @@
 
 - name: "Configure postgres to listen on *"
   become_user: postgres
+  become: true
   community.postgresql.postgresql_set:
     name: listen_addresses
     value: "*"
@@ -36,34 +37,38 @@
 # of the host entries to apply properly the precedence of rules
 - name: Configure pg_hba to accept connection from keycloak
   become_user: postgres
+  become: true
   notify: Restart postgres
   ansible.builtin.lineinfile:
     path: /var/lib/pgsql/data/pg_hba.conf
-    regexp: "^host.*{{ keycloak_postgres_db }}"
+    regexp: "^host.*{{ postgres_keycloak_db }}"
     insertafter: "^local.*all.*all.*peer"
-    line: "host\t{{ keycloak_postgres_db }}\t{{ keycloak_postgres_user }}\t0.0.0.0/0\tmd5"
+    line: "host\t{{ postgres_keycloak_db }}\t{{ postgres_keycloak_user }}\t0.0.0.0/0\tmd5"
 
 - name: Create postgres keycloak database
   become_user: postgres
+  become: true
   community.postgresql.postgresql_db:
-    name: "{{ keycloak_postgres_db }}"
+    name: "{{ postgres_keycloak_db }}"
     state: present
 
 - name: Create keycloak database user
   become_user: postgres
+  become: true
   community.postgresql.postgresql_user:
-    db: "{{ keycloak_postgres_db }}"
-    name: "{{ keycloak_postgres_user }}"
+    db: "{{ postgres_keycloak_db }}"
+    name: "{{ postgres_keycloak_user }}"
     password: "{{ keycloak_postgres_password }}"
     comment: "Keycloak user provisioned by playbook"
     state: present
 
 - name: Grant privilegies to the keycloak user for the keycloak database
   become_user: postgres
+  become: true
   community.postgresql.postgresql_privs:
-    db: "{{ keycloak_postgres_db }}"
+    db: "{{ postgres_keycloak_db }}"
     objs: public
-    roles: "{{ keycloak_postgres_user }}"
+    roles: "{{ postgres_keycloak_user }}"
     privs: ALL
     type: schema
     state: present

demo-idp/roles/proxy/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
-install_nginx: "true"
-override_nginx_default_conf: "true"
-nginx_vhost_filename: "keycloak"
-nginx_vhost_http_listen_port: "80"
-nginx_vhost_https_listen_port: "443"
-keycloak_upstream_name: "keycloak"
-nginx_ssl_cert_as_base64: "false"
-nginx_ssl_key_as_base64: "false"
-ssl_certificate_key_path: "/etc/letsencrypt/live/{{ keycloak_server_name }}/privkey.pem"
-ssl_certificate_path: "/etc/letsencrypt/live/{{ keycloak_server_name }}/cert.pem"
+proxy_install_nginx: "true"
+proxy_override_nginx_default_conf: "true"
+proxy_nginx_vhost_filename: "keycloak"
+proxy_nginx_vhost_http_listen_port: "80"
+proxy_nginx_vhost_https_listen_port: "443"
+proxy_keycloak_upstream_name: "keycloak"
+proxy_nginx_ssl_cert_as_base64: "false"
+proxy_nginx_ssl_key_as_base64: "false"
+proxy_ssl_certificate_key_path: "/etc/letsencrypt/live/{{ keycloak_server_name }}/privkey.pem"
+proxy_ssl_certificate_path: "/etc/letsencrypt/live/{{ keycloak_server_name }}/cert.pem"

demo-idp/roles/proxy/tasks/cleanup.yml

@@ -2,7 +2,7 @@
 ---
 - name: Remove nginx vhost file
   ansible.builtin.file:
-    path: "{{ nginx_conf_base_dir }}/{{ nginx_vhost_dir }}/{{ nginx_vhost_filename }}.conf"
+    path: "{{ proxy_nginx_conf_base_dir }}/{{ proxy_nginx_vhost_dir }}/{{ proxy_nginx_vhost_filename }}.conf"
     state: absent
   notify:
     - Restart nginx
@@ -19,8 +19,8 @@
     state: disabled
     offline: true
   loop:
-    - "{{ nginx_vhost_http_listen_port }}/tcp"
-    - "{{ nginx_vhost_https_listen_port }}/tcp"
+    - "{{ proxy_nginx_vhost_http_listen_port }}/tcp"
+    - "{{ proxy_nginx_vhost_https_listen_port }}/tcp"
   when: firewalld_installed
   notify:
     - Restart firewalld if running

demo-idp/roles/proxy/tasks/main.yml

@@ -1,48 +1,48 @@
 # code: language=ansible
 ---
 - name: Install nginx
-  when: install_nginx == 'true'
+  when: proxy_install_nginx == 'true'
   community.general.zypper:
     name:
       - nginx
     state: present
     update_cache: true
 
 - name: Override default nginx config
-  when: override_nginx_default_conf == 'true'
+  when: proxy_override_nginx_default_conf == 'true'
   ansible.builtin.template:
     src: "nginx-default.conf.j2"
-    dest: "{{ nginx_conf_base_dir }}/nginx.conf"
-    owner: "{{ nginx_user }}"
-    group: "{{ nginx_group }}"
+    dest: "{{ proxy_nginx_conf_base_dir }}/nginx.conf"
+    owner: "{{ proxy_nginx_user }}"
+    group: "{{ proxy_nginx_group }}"
     mode: "0644"
   vars:
-    conf_folder: "{{ nginx_conf_dir }}"
-    vhost_folder: "{{ nginx_vhost_dir }}"
+    conf_folder: "{{ proxy_nginx_conf_dir }}"
+    vhost_folder: "{{ proxy_nginx_vhost_dir }}"
   notify:
     - Restart nginx
 
 - name: Configure keycloak vhost
   ansible.builtin.template:
     src: "keycloak.conf.j2"
-    dest: "{{ nginx_conf_base_dir }}/{{ nginx_vhost_dir }}/{{ nginx_vhost_filename }}.conf"
-    owner: "{{ nginx_user }}"
-    group: "{{ nginx_group }}"
+    dest: "{{ proxy_nginx_conf_base_dir }}/{{ proxy_nginx_vhost_dir }}/{{ proxy_nginx_vhost_filename }}.conf"
+    owner: "{{ proxy_nginx_user }}"
+    group: "{{ proxy_nginx_group }}"
     mode: "0644"
   vars:
     server_name: "{{ keycloak_server_name }}"
     keycloak_port: "{{ keycloak_listen_port }}"
-    http_listen_port: "{{ nginx_vhost_http_listen_port }}"
-    https_listen_port: "{{ nginx_vhost_https_listen_port }}"
-    keycloak_upstream: "{{ keycloak_upstream_name }}"
-    ssl_certificate: "{{ ssl_certificate_path }}"
-    ssl_certificate_key: "{{ ssl_certificate_key_path }}"
+    http_listen_port: "{{ proxy_nginx_vhost_http_listen_port }}"
+    https_listen_port: "{{ proxy_nginx_vhost_https_listen_port }}"
+    keycloak_upstream: "{{ proxy_keycloak_upstream_name }}"
+    ssl_certificate: "{{ proxy_ssl_certificate_path }}"
+    ssl_certificate_key: "{{ proxy_ssl_certificate_key_path }}"
   notify:
     - Restart nginx
 
 - name: Start nginx service
   ansible.builtin.service:
-    name: "{{ nginx_service }}"
+    name: "{{ proxy_nginx_service }}"
     state: started
     enabled: true
 
@@ -53,8 +53,8 @@
     state: enabled
     offline: true
   loop:
-    - "{{ nginx_vhost_http_listen_port }}/tcp"
-    - "{{ nginx_vhost_https_listen_port }}/tcp"
+    - "{{ proxy_nginx_vhost_http_listen_port }}/tcp"
+    - "{{ proxy_nginx_vhost_https_listen_port }}/tcp"
   when: firewalld_installed
   notify:
     - Restart firewalld if running

demo-idp/roles/proxy/vars/main.yml

@@ -1,7 +1,7 @@
 ---
-nginx_conf_base_dir: "/etc/nginx"
-nginx_vhost_dir: "vhosts.d"
-nginx_conf_dir: "conf.d"
-nginx_user: nginx
-nginx_group: nginx
-nginx_service: nginx
+proxy_nginx_conf_base_dir: "/etc/nginx"
+proxy_nginx_vhost_dir: "vhosts.d"
+proxy_nginx_conf_dir: "conf.d"
+proxy_nginx_user: nginx
+proxy_nginx_group: nginx
+proxy_nginx_service: nginx