This warning:
name[template]: Jinja templates should only be at the end of 'name'
setup-ssh.yml:6 Task/Handler: Ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
Reason for that warning is thin. Using the actual home dir here adds
not much value, so keep it symbolic.
Link: https://ansible.readthedocs.io/projects/lint/rules/name/
ansible-lint reads like this:
name[casing]: All names should start with an uppercase letter.
While at it: Some task/handler names were slightly adapted to better
match what should be done.
Roles names should be lowercase with underscores only.
ansible-lint complained:
% ansible-lint -t role-name
WARNING Listing 1 violation(s) that are fatal
role-name: Role name setup-http-site-forward does not match ``^[a-z][a-z0-9_]*$`` pattern.
roles/setup-http-site-forward:1
Read documentation for instructions on how to ignore specific rule violations.
Rule Violation Summary
count tag profile rule associated tags
1 role-name basic deprecations, metadata
Failed after min profile: 1 failure(s), 0 warning(s) on 135 files.
Fixes: 85c09ea2ae ("Add role for apache forward site")
Roles names are expected to be lower case with underscores only,
see ansible-lint warning:
% ansible-lint -t role-name
WARNING Listing 1 violation(s) that are fatal
role-name: Role name nfs-host does not match ``^[a-z][a-z0-9_]*$`` pattern.
roles/nfs-host:1
Read documentation for instructions on how to ignore specific rule violations.
Rule Violation Summary
count tag profile rule associated tags
1 role-name basic deprecations, metadata
Failed after min profile: 1 failure(s), 0 warning(s) on 135 files.
Fixes: 2138870520 ("nfs server wird nicht im k3s laufen, labeling entfernt")
curl only logs its own errors to stderr with the given options (--silent
--show-error). Requests answered by the remote webserver, regardless of
HTTP status code, go to stdout. So in case of an unsuccesful update
with some error condition we could not see that before. Redirect those
to debug log, because it's still quite noisy otherwise.
This adds 288 log messages per day and service to the debug log,
accounting to max. 30k per day and service, and thus should not hurt.
desec log output is only the word "good" in case of success.
dd24 full output would be this, and is thus reduced to the relevant
lines merged in one line:
[RESPONSE]
code = 200
description = Command completed successfully
runtime = 0.067
queuetime = 0
EOF
Sample journald entry:
Feb 27 12:48:15 pottwal dd24[519651]: code = 200,description = Command completed successfully
The cron jobs were executed, but dash (/bin/sh) complained, and so the
actual command was never run. This is why our dyndns update did not
work through cron, but when executed manually in bash by an admin.
Example for such a fail when done manually in sh:
# echo test3 > >(/usr/bin/logger -p user.debug -t dd24)
/bin/sh: 7: Syntax error: redirection unexpected
Process substitution with `>(command)` is a feature supported by bash
and other shells, but not by POSIX shell which was supposed to used here
(set by `SHELL=…`). Instead of building complicated redirect magic for
sh just switch to bash, which should be available on the hosts affected.
Link: https://www.shellcheck.net/wiki/SC3001
Fixes: 03dbd132eb ("🔊 Send DD24 cron errors to syslog")
Fixes: 38fbff30b5 ("feat: add role to manage dyndns entry on desec.io")
The feature was part of the old role but unconditionally. When porting
to external role we made it optional with variable
`docker_cron_image_prune` but default to false. Restore the previous
behaviour in this playbook.
The role matched by this was removed, and is handled through
requirements.yml now. That should already be covered by renovate
without additional configuration.
We used a similar local role here, in the Freifunk Magdeburg project,
and in personal playbooks. That was moved to an external project,
unified, and reworked, so the external role can act as replacement for
the distributed, redundant copies.
Link: https://github.com/netz39/ansible-role-host-docker
