From df8bae6df7a02df7a7c55aae16b1a434f0b31c0a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:01:42 +0100 Subject: [PATCH 01/44] Add utils --- utils/README.md | 4 +++ logrotate.yml => utils/logrotate.yml | 0 .../nuke_radius_dbs.yml | 0 utils/re2o_mail_server.yml | 13 ++++++++ utils/reboot_needed_check.yml | 31 +++++++++++++++++++ upgrade.yml => utils/upgrade.yml | 0 utils/version_check.yml | 19 ++++++++++++ 7 files changed, 67 insertions(+) create mode 100644 utils/README.md rename logrotate.yml => utils/logrotate.yml (100%) rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%) create mode 100755 utils/re2o_mail_server.yml create mode 100755 utils/reboot_needed_check.yml rename upgrade.yml => utils/upgrade.yml (100%) create mode 100755 utils/version_check.yml diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 0000000..651404b --- /dev/null +++ b/utils/README.md @@ -0,0 +1,4 @@ +# Utils + +A repository of Ansible Playbooks that are useful, as little script or various +utilities, but not used in production. diff --git a/logrotate.yml b/utils/logrotate.yml similarity index 100% rename from logrotate.yml rename to utils/logrotate.yml diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml similarity index 100% rename from nuke_radius_dbs.yml rename to utils/nuke_radius_dbs.yml diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml new file mode 100755 index 0000000..79fd7ff --- /dev/null +++ b/utils/re2o_mail_server.yml @@ -0,0 +1,13 @@ +--- +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml new file mode 100755 index 0000000..5759c53 --- /dev/null +++ b/utils/reboot_needed_check.yml @@ -0,0 +1,31 @@ +#!/usr/bin/env ansible-playbook +--- +# Check if a reboot is required by the installation of some packages (ie kernel) +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + +- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re + tasks: + # Register the output of the file /var/run/reboot-required.pkgs + - name: Register if boot is required + shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi + register: result + + - name: DEBUG + debug: + msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_reboot_needed.txt + line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + diff --git a/upgrade.yml b/utils/upgrade.yml similarity index 100% rename from upgrade.yml rename to utils/upgrade.yml diff --git a/utils/version_check.yml b/utils/version_check.yml new file mode 100755 index 0000000..e608e43 --- /dev/null +++ b/utils/version_check.yml @@ -0,0 +1,19 @@ +#!/usr/bin/env ansible-playbook +--- +# Check for the distribution +- hosts: localhost + tasks: + - name: Delete local tmp file + file: + path: /tmp/ansible_dump_dist_version.txt + state: absent + +- hosts: all,!unifi + tasks: + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_dist_version.txt + line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + ansible_distribution }} {{ ansible_distribution_version }}" From 08891be5a30c67c1332a97496655bc15f0d6ebff Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:04:06 +0100 Subject: [PATCH 02/44] fix if file is not already present --- utils/version_check.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e608e43..b543053 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -3,10 +3,11 @@ # Check for the distribution - hosts: localhost tasks: - - name: Delete local tmp file - file: - path: /tmp/ansible_dump_dist_version.txt - state: absent + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true - hosts: all,!unifi tasks: From 63f0ebec7dbe91913a8741a746767dc51fc2ebac Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:07:36 +0100 Subject: [PATCH 03/44] Fix yaml lint --- utils/reboot_needed_check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 5759c53..4f48a3d 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -28,4 +28,3 @@ path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" when: result.stdout != "" - From 6963d9fc16ffe699d9562c4633d1808d7a9fc458 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:01:42 +0100 Subject: [PATCH 04/44] Add utils --- utils/README.md | 4 +++ logrotate.yml => utils/logrotate.yml | 0 .../nuke_radius_dbs.yml | 0 utils/re2o_mail_server.yml | 13 ++++++++ utils/reboot_needed_check.yml | 31 +++++++++++++++++++ upgrade.yml => utils/upgrade.yml | 0 utils/version_check.yml | 19 ++++++++++++ 7 files changed, 67 insertions(+) create mode 100644 utils/README.md rename logrotate.yml => utils/logrotate.yml (100%) rename nuke_radius_dbs.yml => utils/nuke_radius_dbs.yml (100%) create mode 100755 utils/re2o_mail_server.yml create mode 100755 utils/reboot_needed_check.yml rename upgrade.yml => utils/upgrade.yml (100%) create mode 100755 utils/version_check.yml diff --git a/utils/README.md b/utils/README.md new file mode 100644 index 0000000..651404b --- /dev/null +++ b/utils/README.md @@ -0,0 +1,4 @@ +# Utils + +A repository of Ansible Playbooks that are useful, as little script or various +utilities, but not used in production. diff --git a/logrotate.yml b/utils/logrotate.yml similarity index 100% rename from logrotate.yml rename to utils/logrotate.yml diff --git a/nuke_radius_dbs.yml b/utils/nuke_radius_dbs.yml similarity index 100% rename from nuke_radius_dbs.yml rename to utils/nuke_radius_dbs.yml diff --git a/utils/re2o_mail_server.yml b/utils/re2o_mail_server.yml new file mode 100755 index 0000000..79fd7ff --- /dev/null +++ b/utils/re2o_mail_server.yml @@ -0,0 +1,13 @@ +--- +# Deploy Re2o mail service +- hosts: mail.auro.re + vars: + service_repo: https://gitea.auro.re/aurore/re2o-mail-server.git + service_name: mail-server + service_version: aurore + service_config: + hostname: re2o-test.adm.auro.re # use test instance for now, should be changed for prod! + username: service-user + password: "{{ vault_serviceuser_passwd }}" + roles: + - re2o-service diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml new file mode 100755 index 0000000..5759c53 --- /dev/null +++ b/utils/reboot_needed_check.yml @@ -0,0 +1,31 @@ +#!/usr/bin/env ansible-playbook +--- +# Check if a reboot is required by the installation of some packages (ie kernel) +- hosts: localhost + tasks: + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true + +- hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re + tasks: + # Register the output of the file /var/run/reboot-required.pkgs + - name: Register if boot is required + shell: if [ -e /var/run/reboot-required.pkgs ]; then cat /var/run/reboot-required.pkgs; fi + register: result + + - name: DEBUG + debug: + msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_reboot_needed.txt + line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" + when: result.stdout != "" + diff --git a/upgrade.yml b/utils/upgrade.yml similarity index 100% rename from upgrade.yml rename to utils/upgrade.yml diff --git a/utils/version_check.yml b/utils/version_check.yml new file mode 100755 index 0000000..e608e43 --- /dev/null +++ b/utils/version_check.yml @@ -0,0 +1,19 @@ +#!/usr/bin/env ansible-playbook +--- +# Check for the distribution +- hosts: localhost + tasks: + - name: Delete local tmp file + file: + path: /tmp/ansible_dump_dist_version.txt + state: absent + +- hosts: all,!unifi + tasks: + # Add info line by line + - name: Dump all info into the local file + delegate_to: localhost + lineinfile: + path: /tmp/ansible_dump_dist_version.txt + line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + ansible_distribution }} {{ ansible_distribution_version }}" From 2f0d6be4e9ca9f69b79e1e8a6e0c6d61173fe401 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:04:06 +0100 Subject: [PATCH 05/44] fix if file is not already present --- utils/version_check.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e608e43..b543053 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -3,10 +3,11 @@ # Check for the distribution - hosts: localhost tasks: - - name: Delete local tmp file - file: - path: /tmp/ansible_dump_dist_version.txt - state: absent + - name: Make sure local file exist but is empty # weird hack, I know + copy: + dest: /tmp/ansible_dump_reboot_needed.txt + content: "" + force: true - hosts: all,!unifi tasks: From 02b28f45a2c93f54d037f534925a6ed388bd4749 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Wed, 10 Feb 2021 11:07:36 +0100 Subject: [PATCH 06/44] Fix yaml lint --- utils/reboot_needed_check.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 5759c53..4f48a3d 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -28,4 +28,3 @@ path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" when: result.stdout != "" - From e151c1c3fdcca2dd316caa4878ec7049dd644496 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 01:52:28 +0100 Subject: [PATCH 07/44] add postfix non mailhost playbook --- deploy_postfix_non_mailhost.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 deploy_postfix_non_mailhost.yml diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml new file mode 100644 index 0000000..207e37d --- /dev/null +++ b/deploy_postfix_non_mailhost.yml @@ -0,0 +1,9 @@ +--- +# Deploy a correclty configured postfix on non mailhost servers +- hosts: all,!unifi + vars: + local_network: 10.128.0.0/16 + relay_host: proxy.adm.auro.re + myorigin: auro.re + roles: + - postfix-non-mailhost From a9b03aed82f5e9623d2708fa45b79c5c1f1df505 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:02:15 +0100 Subject: [PATCH 08/44] Add postfix non mailhost handlers --- roles/postfix-non-mailhost/handlers/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 roles/postfix-non-mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml new file mode 100644 index 0000000..9538e6d --- /dev/null +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart postfix + service: + name: postfix + state: restarted + +- name: Reload postfix + service: + name: postfix + state: reloaded From f08b11445dafde6f8a22bd099c5f7a417baf6668 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:15:52 +0100 Subject: [PATCH 09/44] Add postfix non mailhost task --- roles/postfix-non-mailhost/tasks/main.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 roles/postfix-non-mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix-non-mailhost/tasks/main.yml new file mode 100644 index 0000000..12a3805 --- /dev/null +++ b/roles/postfix-non-mailhost/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Install postfix + apt: + name: postfix + update_cache: true + register: result + retries: 3 + until: result is succeeded + +- name: Configure postfix + template: + src: main.cf.j2 + dest: /etc/postfix/main.cf + notify: restart postfix From 1ca75ccfb0c53fa91038852b01acb0cb4cc4efa0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:22:41 +0100 Subject: [PATCH 10/44] Add postfix non mailhost conf --- .../postfix-non-mailhost/templates/main.cf.j2 | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 roles/postfix-non-mailhost/templates/main.cf.j2 diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 new file mode 100644 index 0000000..57d106e --- /dev/null +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -0,0 +1,30 @@ +# {{ ansible_managed }} +# See /usr/share/postfix/main.cf.dist for a commented, more complete version +# Template based on /usr/share/postfix/main.cf.debian + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# Send mail as user@{{ ansible_fqdn }} +myorigin = {{ ansible_fqdn }} + +# Specify the trusted networks +mynetworks = 127.0.0.0/8 {{ local_network }} + +# This host does not relay mail from untrusted networks +relay_domains = + +# This is needed if no direct Internet access is available +relayhost = {{ relay_host }} From ab3659adc231deab0c3bd83b14080ec109a924bd Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:32:46 +0100 Subject: [PATCH 11/44] Also config hostname just in case --- roles/postfix-non-mailhost/templates/main.cf.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix-non-mailhost/templates/main.cf.j2 index 57d106e..b99d905 100644 --- a/roles/postfix-non-mailhost/templates/main.cf.j2 +++ b/roles/postfix-non-mailhost/templates/main.cf.j2 @@ -18,7 +18,8 @@ readme_directory = no compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} -myorigin = {{ ansible_fqdn }} +myhostname = {{ ansible_fqdn }} +myorigin = $myhostname # default configuration # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From 69d732e612d95b1dcf710925c119174e92f0c489 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:08 +0100 Subject: [PATCH 12/44] Fix case --- roles/postfix-non-mailhost/handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix-non-mailhost/handlers/main.yml index 9538e6d..bc28f6e 100644 --- a/roles/postfix-non-mailhost/handlers/main.yml +++ b/roles/postfix-non-mailhost/handlers/main.yml @@ -1,10 +1,10 @@ --- -- name: Restart postfix +- name: restart postfix service: name: postfix state: restarted -- name: Reload postfix +- name: reload postfix service: name: postfix state: reloaded From 456e025ca4dda57c48e43c09cedab9f57df99e55 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:42:31 +0100 Subject: [PATCH 13/44] use ansible facts instead of hardcoded vars --- deploy_postfix_non_mailhost.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 207e37d..0407d0f 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -4,6 +4,5 @@ vars: local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re - myorigin: auro.re roles: - postfix-non-mailhost From 3925e321880800b2132859a3efcc5b9aa1eba1c9 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:45:13 +0100 Subject: [PATCH 14/44] Repect ansible-lint [106] for role names --- deploy_postfix_non_mailhost.yml | 2 +- .../handlers/main.yml | 0 .../tasks/main.yml | 0 .../templates/main.cf.j2 | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/handlers/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/tasks/main.yml (100%) rename roles/{postfix-non-mailhost => postfix_non_mailhost}/templates/main.cf.j2 (100%) diff --git a/deploy_postfix_non_mailhost.yml b/deploy_postfix_non_mailhost.yml index 0407d0f..e335928 100644 --- a/deploy_postfix_non_mailhost.yml +++ b/deploy_postfix_non_mailhost.yml @@ -5,4 +5,4 @@ local_network: 10.128.0.0/16 relay_host: proxy.adm.auro.re roles: - - postfix-non-mailhost + - postfix_non_mailhost diff --git a/roles/postfix-non-mailhost/handlers/main.yml b/roles/postfix_non_mailhost/handlers/main.yml similarity index 100% rename from roles/postfix-non-mailhost/handlers/main.yml rename to roles/postfix_non_mailhost/handlers/main.yml diff --git a/roles/postfix-non-mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml similarity index 100% rename from roles/postfix-non-mailhost/tasks/main.yml rename to roles/postfix_non_mailhost/tasks/main.yml diff --git a/roles/postfix-non-mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 similarity index 100% rename from roles/postfix-non-mailhost/templates/main.cf.j2 rename to roles/postfix_non_mailhost/templates/main.cf.j2 From 3fceeff74fbb49a05dd45ab3a5b6c9d6ed6267d7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 02:47:04 +0100 Subject: [PATCH 15/44] Fix ansible lint for rule [208] always specify mode and owner for template --- roles/postfix_non_mailhost/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/postfix_non_mailhost/tasks/main.yml b/roles/postfix_non_mailhost/tasks/main.yml index 12a3805..42f3482 100644 --- a/roles/postfix_non_mailhost/tasks/main.yml +++ b/roles/postfix_non_mailhost/tasks/main.yml @@ -11,4 +11,7 @@ template: src: main.cf.j2 dest: /etc/postfix/main.cf + mode: 0644 + owner: root + group: root notify: restart postfix From 37124b20cb5b9d94a70510b73db7188b2f94d191 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:27:27 +0100 Subject: [PATCH 16/44] Gitlab CI is not needed anymore --- .gitlab-ci.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index c62f35b..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -image: python:3.9-alpine - -stages: - - lint - -yamllint: - stage: lint - script: - - pip install yamllint==1.25.0 - - yamllint -c .yamllint.yml . - -ansible-lint: - stage: lint - script: - - apk add gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 - - ansible-lint *.yml -... From abcdf59824e34b746c3c8edf75d9625a41a0d47a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:31:26 +0100 Subject: [PATCH 17/44] :construction_worker: yaml-lint 1.25.0 -> 1.26.0 --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 58679a2..3f34393 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,7 +7,7 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint==1.25.0 + - pip install yamllint==1.26.0 - yamllint -c .yamllint.yml . - name: ansible-lint From 5503a54be432fae928e7ba4383d21b37c167ed86 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:32:33 +0100 Subject: [PATCH 18/44] :construction_worker: ansible-lint 4.7.3 -> 5.0.0 and fix dependencies --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3f34393..24cbaa7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,7 +13,7 @@ steps: - name: ansible-lint image: python:3.9-alpine commands: - - apk add --no-cache gcc libc-dev libffi-dev openssl-dev - - pip install ansible-lint==4.3.7 + - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo + - pip install ansible-lint==5.0.0 ansible - ansible-lint ... From f4fc3567ee3042ccda6aac8effd7654b2cd49a45 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:43:38 +0100 Subject: [PATCH 19/44] :construction_worker: fix ansible and yaml version according to ansible-lint 5.0 upgrade guidelines. Use ansible-base for slim version. See #1150 on ansible-lint for more info. --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 24cbaa7..dbc0b53 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,13 +7,13 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint==1.26.0 + - pip install yamllint>=1.26.0,<2.0 - yamllint -c .yamllint.yml . - name: ansible-lint image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install ansible-lint==5.0.0 ansible + - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11 - ansible-lint ... From bd541691d9354b353e0b0e16038166c9283d98fc Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:47:39 +0100 Subject: [PATCH 20/44] :construction_worker: fix syntax --- .drone.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index dbc0b53..e9d60bb 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,13 +7,14 @@ steps: - name: yamllint image: python:3.9-alpine commands: - - pip install yamllint>=1.26.0,<2.0 + - pip install "yamllint>=1.26.0,<2.0" - yamllint -c .yamllint.yml . - name: ansible-lint image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install ansible-lint==5.0.0 ansible-base>=2.10,<2.11 + - pip install "ansible-lint==5.0.0" + - pip install "ansible-base>=2.10,<2.11" - ansible-lint ... From 6f80cf0fd937cf25124fcf47e1a42ebd603ebff1 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:50:14 +0100 Subject: [PATCH 21/44] :green_heart: fix yamllint CI on CI itself, CIception --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index e9d60bb..8c23c77 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,7 +14,7 @@ steps: image: python:3.9-alpine commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install "ansible-lint==5.0.0" + - pip install "ansible-lint==5.0.0" - pip install "ansible-base>=2.10,<2.11" - ansible-lint ... From e9f0b884ec43e0565226c2866568256c83631de3 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:57:30 +0100 Subject: [PATCH 22/44] :construction_worker: update ansible-lint notation that were depreciated --- .ansible-lint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 3f851df..3ec97ed 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,5 @@ skip_list: - - '301' + - 'no-changed-when' warn_list: - experimental # all rules tagged as experimental From ab69d1540450ef24f03dddd867c568fd49e0ef78 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 03:59:03 +0100 Subject: [PATCH 23/44] :construction_worker: we need full ansible, slim version wont work for our use case --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 8c23c77..ab5b271 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,6 +15,6 @@ steps: commands: - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - pip install "ansible-lint==5.0.0" - - pip install "ansible-base>=2.10,<2.11" + - pip install "ansible>=2.10,<2.11" - ansible-lint ... From f607a76ec8d8798e902cd0a5306f26ee2492b5f6 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 13:13:26 +0100 Subject: [PATCH 24/44] :bug: Fix a small bug. Postfix does not accept trailing comments --- roles/postfix_non_mailhost/templates/main.cf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 index b99d905..5b90030 100644 --- a/roles/postfix_non_mailhost/templates/main.cf.j2 +++ b/roles/postfix_non_mailhost/templates/main.cf.j2 @@ -19,7 +19,7 @@ compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} myhostname = {{ ansible_fqdn }} -myorigin = $myhostname # default configuration +myorigin = $myhostname # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From f1ce3290c9e26b08a8252f9ec7784f51bf424fad Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 14:45:45 +0100 Subject: [PATCH 25/44] :construction_worker: do not ansible-lint the vault and fix useless rules --- .ansible-lint | 7 ++++++- .yamllint.yml | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 3ec97ed..d98efd4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,10 @@ skip_list: - - 'no-changed-when' + - no-changed-when + - load-failure + - document-start warn_list: - experimental # all rules tagged as experimental + +exclude_paths: +- group_vars/all/vault.yml diff --git a/.yamllint.yml b/.yamllint.yml index c8666c8..af15be3 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -6,6 +6,5 @@ rules: max: 120 level: warning document-start: - ignore: | - /groups_var/all/vault.yml + ignore: group_vars/all/vault.yml ... From a02afd20b7367132a07b53f2d7cd8786e2272bc0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:40:58 +0100 Subject: [PATCH 26/44] :rotating_light: fix risky-file-permission --- utils/reboot_needed_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 4f48a3d..cf7868f 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re tasks: From da1fa70e55168336b0368b8a6d21e0b7d9f5977c Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:10 +0100 Subject: [PATCH 27/44] :rotating_light: fix empty-string-compare --- utils/reboot_needed_check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index cf7868f..631d496 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -20,7 +20,7 @@ - name: DEBUG debug: msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined # Add info line by line - name: Dump all info into the local file @@ -28,4 +28,4 @@ lineinfile: path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined From 3840fdd44e6b72bcba9dee74237f744524e77af1 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:54 +0100 Subject: [PATCH 28/44] :rotating_light: fix risky-file-permission --- utils/version_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/version_check.yml b/utils/version_check.yml index b543053..e0c9ad7 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi tasks: From 15ae83566c796012651f29219addfd8491f8f343 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:43:52 +0100 Subject: [PATCH 29/44] :rotating_light: fix var-spacing --- utils/version_check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e0c9ad7..1a8a7c5 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -17,5 +17,5 @@ delegate_to: localhost lineinfile: path: /tmp/ansible_dump_dist_version.txt - line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{ ansible_distribution }} {{ ansible_distribution_version }}" From 58068e9cd80b5b1874bf14cd0e69eaee370a0b29 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:39:27 +0100 Subject: [PATCH 30/44] Docker image to be built for the CI --- docker-ansible-lint/Dockefile | 6 ++++++ docker-ansible-lint/README.md | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 docker-ansible-lint/Dockefile create mode 100644 docker-ansible-lint/README.md diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile new file mode 100644 index 0000000..c34f38a --- /dev/null +++ b/docker-ansible-lint/Dockefile @@ -0,0 +1,6 @@ +FROM python:3.9-alpine + +RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo +RUN pip install "yamllint>=1.26.0,<2.0" +RUN pip install "ansible-lint==5.0.0" +RUN pip install "ansible>=2.10,<2.11" diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md new file mode 100644 index 0000000..c2fb0f7 --- /dev/null +++ b/docker-ansible-lint/README.md @@ -0,0 +1,18 @@ +# Ansible-lint image + +In order to build this image when a new version comes out, you need to +1. ssh into the drone.adm.auro.re server +2. git pull this repo to the lastest version +3. optionnally make the changes if it has not been done yet +4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/` +5. ??? +6. enjoy + +You can verify that the image was correclty built by running +``` +# list the images present +sudo docker image + +# run your image with an interactive shell +sudo docker run -it --rm aurore-ansible-lint-image +``` From 42074b31c50842dc66a87578be37d7905a7d2590 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:40:27 +0100 Subject: [PATCH 31/44] simplify the drone config wiht the newly built image --- .drone.yml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/.drone.yml b/.drone.yml index ab5b271..680b5c6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,16 +5,7 @@ name: check steps: - name: yamllint - image: python:3.9-alpine + image: aurore-ansible-lint-image commands: - - pip install "yamllint>=1.26.0,<2.0" - - yamllint -c .yamllint.yml . - - - name: ansible-lint - image: python:3.9-alpine - commands: - - apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo - - pip install "ansible-lint==5.0.0" - - pip install "ansible>=2.10,<2.11" - ansible-lint ... From 414e80a7c4bdc5e621753cea06122de22552a9f5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:42:10 +0100 Subject: [PATCH 32/44] never try to pull this image --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 680b5c6..96588b3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -5,6 +5,7 @@ name: check steps: - name: yamllint + pull: never image: aurore-ansible-lint-image commands: - ansible-lint From d650e77b23f854e1d871b41b939e33942e0a9ae5 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 16:43:11 +0100 Subject: [PATCH 33/44] rename ci task --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 96588b3..eb6ce40 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,7 +4,7 @@ type: docker name: check steps: - - name: yamllint + - name: ansible and yaml linting pull: never image: aurore-ansible-lint-image commands: From 5b2580056dd60e920364985c46ba8effd10d34d0 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:10:39 +0100 Subject: [PATCH 34/44] :bug: Final fix, should stop sending ill-formed mail from now on --- roles/postfix_non_mailhost/templates/main.cf.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/postfix_non_mailhost/templates/main.cf.j2 b/roles/postfix_non_mailhost/templates/main.cf.j2 index 5b90030..d5f5166 100644 --- a/roles/postfix_non_mailhost/templates/main.cf.j2 +++ b/roles/postfix_non_mailhost/templates/main.cf.j2 @@ -20,6 +20,7 @@ compatibility_level = 2 # Send mail as user@{{ ansible_fqdn }} myhostname = {{ ansible_fqdn }} myorigin = $myhostname +mydomain = $myhostname # Specify the trusted networks mynetworks = 127.0.0.0/8 {{ local_network }} From def64380e67a6a29d8fae3b38fff2a226ce3eefe Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 14:45:45 +0100 Subject: [PATCH 35/44] :construction_worker: do not ansible-lint the vault and fix useless rules --- .ansible-lint | 7 ++++++- .yamllint.yml | 3 +-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 3ec97ed..d98efd4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,10 @@ skip_list: - - 'no-changed-when' + - no-changed-when + - load-failure + - document-start warn_list: - experimental # all rules tagged as experimental + +exclude_paths: +- group_vars/all/vault.yml diff --git a/.yamllint.yml b/.yamllint.yml index c8666c8..af15be3 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -6,6 +6,5 @@ rules: max: 120 level: warning document-start: - ignore: | - /groups_var/all/vault.yml + ignore: group_vars/all/vault.yml ... From 008fb803d975ca93bdd838566a4bacc85174f4d7 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:40:58 +0100 Subject: [PATCH 36/44] :rotating_light: fix risky-file-permission --- utils/reboot_needed_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index 4f48a3d..cf7868f 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi,!escalope.adm.auro.re,!loki.adm.auro.re,!viviane.adm.auro.re,!vpn-ovh.adm.auro.re tasks: From 1fe440aabe2735cb2318ccc5f2f9e8d764944d5b Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:10 +0100 Subject: [PATCH 37/44] :rotating_light: fix empty-string-compare --- utils/reboot_needed_check.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/reboot_needed_check.yml b/utils/reboot_needed_check.yml index cf7868f..631d496 100755 --- a/utils/reboot_needed_check.yml +++ b/utils/reboot_needed_check.yml @@ -20,7 +20,7 @@ - name: DEBUG debug: msg: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined # Add info line by line - name: Dump all info into the local file @@ -28,4 +28,4 @@ lineinfile: path: /tmp/ansible_dump_reboot_needed.txt line: "{{ ansible_facts['nodename'] }} : {{ result.stdout }}" - when: result.stdout != "" + when: result.stdout is defined From 902d219de3e8fbaf1a8a22c7e2bae4da7d8e8248 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:42:54 +0100 Subject: [PATCH 38/44] :rotating_light: fix risky-file-permission --- utils/version_check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/version_check.yml b/utils/version_check.yml index b543053..e0c9ad7 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -8,6 +8,7 @@ dest: /tmp/ansible_dump_reboot_needed.txt content: "" force: true + mode: 0644 - hosts: all,!unifi tasks: From 54aec3638f795a902fb25ec0a12f5ebbe591878e Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 15:43:52 +0100 Subject: [PATCH 39/44] :rotating_light: fix var-spacing --- utils/version_check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/version_check.yml b/utils/version_check.yml index e0c9ad7..1a8a7c5 100755 --- a/utils/version_check.yml +++ b/utils/version_check.yml @@ -17,5 +17,5 @@ delegate_to: localhost lineinfile: path: /tmp/ansible_dump_dist_version.txt - line: "[{{ ansible_facts['nodename'] }}] {{ansible_fqdn}} : {{ + line: "[{{ ansible_facts['nodename'] }}] {{ ansible_fqdn }} : {{ ansible_distribution }} {{ ansible_distribution_version }}" From f39ade227a2597b09be5a58d173f6d4c4bc0815a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:22:19 +0100 Subject: [PATCH 40/44] :memo: add CI badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 00897a4..cb8683f 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![Linter Status](https://drone.auro.re/api/badges/Aurore/ansible/status.svg)](https://drone.auro.re/Aurore/ansible) + # Recettes Ansible d'Aurore Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore. From 06d0bd56ae0e31526e39288ce78fa98db4d52b94 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:34:57 +0100 Subject: [PATCH 41/44] :memo: Update the docker image doc for ansible-lint --- docker-ansible-lint/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md index c2fb0f7..6e1723c 100644 --- a/docker-ansible-lint/README.md +++ b/docker-ansible-lint/README.md @@ -1,9 +1,9 @@ # Ansible-lint image In order to build this image when a new version comes out, you need to -1. ssh into the drone.adm.auro.re server +1. ssh into the `drone.adm.auro.re` server 2. git pull this repo to the lastest version -3. optionnally make the changes if it has not been done yet +3. optionally make the changes if it has not been done yet 4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/` 5. ??? 6. enjoy @@ -14,5 +14,5 @@ You can verify that the image was correclty built by running sudo docker image # run your image with an interactive shell -sudo docker run -it --rm aurore-ansible-lint-image +sudo docker run -it --rm aurore-ansible-lint-image /bin/sh ``` From 4dd75d1180cfa32685d2e8b7a570d49635dd6a39 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:40:48 +0100 Subject: [PATCH 42/44] :memo: Update the docker image doc for ansible-lint --- docker-ansible-lint/Dockefile | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockefile index c34f38a..5d60549 100644 --- a/docker-ansible-lint/Dockefile +++ b/docker-ansible-lint/Dockefile @@ -1,4 +1,5 @@ FROM python:3.9-alpine +LABEL description="Aurore's docker image for ansible-lint" RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo RUN pip install "yamllint>=1.26.0,<2.0" From 83fd1b03e7e9d2f02b149aa57c098510cf913e08 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 18:44:18 +0100 Subject: [PATCH 43/44] :truck: correctly name Dockerfile --- docker-ansible-lint/{Dockefile => Dockerfile} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docker-ansible-lint/{Dockefile => Dockerfile} (100%) diff --git a/docker-ansible-lint/Dockefile b/docker-ansible-lint/Dockerfile similarity index 100% rename from docker-ansible-lint/Dockefile rename to docker-ansible-lint/Dockerfile From c45d12cd6a1cb7a0dc306e64ed70aeb55735ce9a Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Tue, 16 Feb 2021 19:00:25 +0100 Subject: [PATCH 44/44] :memo: use the full command --- docker-ansible-lint/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-ansible-lint/README.md b/docker-ansible-lint/README.md index 6e1723c..adabac3 100644 --- a/docker-ansible-lint/README.md +++ b/docker-ansible-lint/README.md @@ -11,7 +11,7 @@ In order to build this image when a new version comes out, you need to You can verify that the image was correclty built by running ``` # list the images present -sudo docker image +sudo docker image ls # run your image with an interactive shell sudo docker run -it --rm aurore-ansible-lint-image /bin/sh