roles: Fix ansible-lint warning on var-naming.

ansible-lint warns if set_fact sets a variable where the name is used or can be as a parameter for the role.

roles: Fix ansible-lint warning on var-naming.
8240d9be · Rafael Guterres Jeffman · 5062ac2b · 8240d9be · 8240d9be · 8240d9be
Commit 8240d9be authored 2 years ago by Rafael Guterres Jeffman
--- a/roles/ipabackup/tasks/copy_backup_from_server.yml
+++ b/roles/ipabackup/tasks/copy_backup_from_server.yml
@@ -9,7 +9,7 @@

 - name: Set controller destination directory
  ansible.builtin.set_fact:
-    ipabackup_controller_dir:
+    __derived_controller_dir:
        "{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}/{{
         ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{
         ipabackup_item }}/"
@@ -35,13 +35,13 @@
  ansible.builtin.fetch:
    flat: yes
    src: "{{ ipabackup_dir }}/{{ ipabackup_item }}/{{ item }}"
-    dest: "{{ ipabackup_controller_dir }}"
+    dest: "{{ __derived_controller_dir }}"
  with_items:
  - "{{ result_find_backup_files.stdout_lines }}"

 - name: Fix file modes for backup on controller
  ansible.builtin.file:
-    dest: "{{ ipabackup_controller_dir }}"
+    dest: "{{ __derived_controller_dir }}"
    mode: u=rwX,go=
    recurse: yes
  delegate_to: localhost

--- a/roles/ipabackup/tasks/copy_backup_to_server.yml
+++ b/roles/ipabackup/tasks/copy_backup_to_server.yml
@@ -9,23 +9,23 @@

 - name: Set controller source directory
  ansible.builtin.set_fact:
-    ipabackup_controller_dir:
+    __derived_controller_dir:
      "{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}"

 - name: Set ipabackup_item
  ansible.builtin.set_fact:
-    ipabackup_item:
+    __derived_item:
      "{{ ipabackup_name | regex_search('.*_(ipa-.+)', '\\1') | first }}"
  when: "'_ipa-' in ipabackup_name"

 - name: Set ipabackup_item
  ansible.builtin.set_fact:
-    ipabackup_item: "{{ ipabackup_name }}"
+    __derived_item: "{{ ipabackup_name }}"
  when: "'_ipa-' not in ipabackup_name"

 - name: Stat backup to copy
  ansible.builtin.stat:
-    path: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}"
+    path: "{{ __derived_controller_dir }}/{{ ipabackup_name }}"
  register: result_backup_stat
  delegate_to: localhost
  become: no
@@ -35,10 +35,10 @@
    msg: "Unable to find backup {{ ipabackup_name }}"
  when: result_backup_stat.stat.isdir is not defined

- name: Copy backup files to server for "{{ ipabackup_item }}"
+- name: Copy backup files to server for "{{ __derived_item }}"
  ansible.builtin.copy:
-    src: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}/"
-    dest: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
+    src: "{{ __derived_controller_dir }}/{{ ipabackup_name }}/"
+    dest: "{{ ipabackup_dir }}/{{ __derived_item }}"
    owner: root
    group: root
    mode: u=rw,go=r

--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -227,7 +227,7 @@
  - name: Install - Set dirman password
    no_log: yes
    ansible.builtin.set_fact:
-      ipareplica_dirman_password:
+      __derived_dirman_password:
        "{{ result_ipareplica_master_password.password }}"

  - name: Install - Setup certmonger
@@ -268,7 +268,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name:
        "{{ result_ipareplica_prepare.config_master_host_name }}"
@@ -312,7 +312,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -356,7 +356,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"

  - name: Install - Setup KRB
@@ -373,7 +373,7 @@
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  # We need to point to the master in ipa default conf when certmonger
  # asks for HTTP certificate in newer ipa versions. In these versions
@@ -414,7 +414,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      master:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -438,7 +438,7 @@
      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"

  - name: Install - Setup http
@@ -459,7 +459,7 @@
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  # Need to point back to ourself after the cert for HTTP is obtained
  - name: Install - Create original IPA conf again
@@ -498,7 +498,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
    when: result_ipareplica_test.change_master_for_certmonger

@@ -517,7 +517,7 @@
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  - name: Install - Setup custodia
    ipareplica_setup_custodia:
@@ -538,7 +538,7 @@
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  - name: Install - Setup CA
    ipareplica_setup_ca:
@@ -561,7 +561,7 @@
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      _random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name:
        "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -586,7 +586,7 @@
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  - name: Install - DS apply updates
    ipareplica_ds_apply_updates:
@@ -606,7 +606,7 @@
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"

  - name: Install - Setup kra
@@ -646,7 +646,7 @@
      _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
      _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
    when: result_ipareplica_test.setup_kra

  - name: Install - Restart KDC
@@ -664,7 +664,7 @@
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"

  - name: Install - Custodia import dm password
    ipareplica_custodia_import_dm_password:
@@ -685,7 +685,7 @@
      _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
      _kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
-      dirman_password: "{{ ipareplica_dirman_password }}"
+      dirman_password: "{{ __derived_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"

  - name: Install - Promote SSSD

--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -148,9 +148,15 @@
    - name: Install - Use new master password
      no_log: yes
      ansible.builtin.set_fact:
-        ipaserver_master_password:
+        __derived_master_password:
          "{{ result_ipaserver_master_password.password }}"

+  - name: Use user defined master password, if provided
+    when: ipaserver_master_password is defined
+    no_log: yes
+    ansible.builtin.set_fact:
+      __derived_master_password: "{{ ipaserver_master_password }}"
+
  - name: Install - Server preparation
    ipaserver_prepare:
      ### basic ###
@@ -208,7 +214,7 @@
    ipaserver_setup_ds:
      dm_password: "{{ ipadm_password }}"
      password: "{{ ipaadmin_password }}"
-      # master_password: "{{ ipaserver_master_password }}"
+      # master_password: "{{ __derived_master_password }}"
      domain: "{{ result_ipaserver_test.domain }}"
      realm: "{{ result_ipaserver_test.realm | default(omit) }}"
      hostname: "{{ result_ipaserver_test.hostname }}"
@@ -237,7 +243,7 @@
    ipaserver_setup_krb:
      dm_password: "{{ ipadm_password }}"
      password: "{{ ipaadmin_password }}"
-      master_password: "{{ ipaserver_master_password }}"
+      master_password: "{{ __derived_master_password }}"
      domain: "{{ result_ipaserver_test.domain }}"
      realm: "{{ result_ipaserver_test.realm }}"
      hostname: "{{ result_ipaserver_test.hostname }}"
@@ -270,7 +276,7 @@
    ipaserver_setup_ca:
      dm_password: "{{ ipadm_password }}"
      password: "{{ ipaadmin_password }}"
-      master_password: "{{ ipaserver_master_password }}"
+      master_password: "{{ __derived_master_password }}"
      # ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
      domain: "{{ result_ipaserver_test.domain }}"
      realm: "{{ result_ipaserver_test.realm }}"
@@ -329,7 +335,7 @@
      ipaserver_setup_http:
        dm_password: "{{ ipadm_password }}"
        password: "{{ ipaadmin_password }}"
-        master_password: "{{ ipaserver_master_password }}"
+        master_password: "{{ __derived_master_password }}"
        domain: "{{ result_ipaserver_test.domain }}"
        realm: "{{ result_ipaserver_test.realm }}"
        hostname: "{{ result_ipaserver_test.hostname }}"