From 5f7dd0883822c522d111392f8f7870dd781655f3 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 16:46:19 +0000 Subject: [PATCH 1/6] Removed multiple blank lines Signed-off-by: Mark Bolwell --- .github/workflows/main.tf | 1 - .yamllint | 4 ++-- CONTRIBUTING.rst | 1 - Makefile | 3 --- ansible.cfg | 1 - molecule/localhost/converge.yml | 1 - molecule/localhost/molecule.yml | 1 - molecule/wsl/converge.yml | 1 - molecule/wsl/molecule.yml | 1 - templates/ansible_vars_goss.yml.j2 | 6 ------ templates/etc/dconf/db/00-screensaver.j2 | 1 - templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 | 3 +-- 12 files changed, 3 insertions(+), 21 deletions(-) diff --git a/.github/workflows/main.tf b/.github/workflows/main.tf index 516d5cc..c877665 100644 --- a/.github/workflows/main.tf +++ b/.github/workflows/main.tf @@ -5,7 +5,6 @@ provider "aws" { // Create a security group with access to port 22 and port 80 open to serve HTTP traffic - resource "random_id" "server" { keepers = { # Generate a new id each time we switch to a new AMI id diff --git a/.yamllint b/.yamllint index ec46929..cd5533e 100644 --- a/.yamllint +++ b/.yamllint @@ -3,8 +3,8 @@ extends: default ignore: | tests/ - molecule/ - .github/ + molecule + .github .gitlab-ci.yml *molecule.yml diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 23ce2fb..13e0b49 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -61,7 +61,6 @@ following text in your contribution commit message: :: - This message can be entered manually, or if you have configured git with the correct `user.name` and `user.email`, you can use the `-s` option to `git commit` to automatically include the signoff message. diff --git a/Makefile b/Makefile index 5d7a9b3..c39a283 100755 --- a/Makefile +++ b/Makefile @@ -1,6 +1,5 @@ .PHONY: all help galaxy-install ansible-list yamllint pip-requirements - GALAXY=ansible-galaxy ANSIBLE_LINT='/usr/local/bin/ansible-lint' ANSIBLE_FILE=site.yml @@ -15,7 +14,6 @@ help: @echo " yamllint to lint playbook files" @echo " pip-requirements add pip required file" - galaxy-install: $(GALAXY) install -r ./collections/requirements.yml @@ -29,4 +27,3 @@ pip-requirements: @echo 'Python dependencies:' @cat requirements.txt pip3 install -r requirements.txt - diff --git a/ansible.cfg b/ansible.cfg index 3bc6e07..8b5bba7 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -12,7 +12,6 @@ stdout_callback = yaml # Use the stdout_callback when running ad-hoc commands. bin_ansible_callbacks = True - [privilege_escalation] [paramiko_connection] diff --git a/molecule/localhost/converge.yml b/molecule/localhost/converge.yml index 6dadcfc..99e344b 100644 --- a/molecule/localhost/converge.yml +++ b/molecule/localhost/converge.yml @@ -15,4 +15,3 @@ - name: "Include tasks" ansible.builtin.include_role: name: "{{ role_name }}" - diff --git a/molecule/localhost/molecule.yml b/molecule/localhost/molecule.yml index 9454705..ea458f1 100644 --- a/molecule/localhost/molecule.yml +++ b/molecule/localhost/molecule.yml @@ -27,4 +27,3 @@ lint: | verifier: name: ansible - diff --git a/molecule/wsl/converge.yml b/molecule/wsl/converge.yml index 0f5f3e6..92be822 100644 --- a/molecule/wsl/converge.yml +++ b/molecule/wsl/converge.yml @@ -24,4 +24,3 @@ - name: "Include tasks" ansible.builtin.include_role: name: "{{ role_name }}" - diff --git a/molecule/wsl/molecule.yml b/molecule/wsl/molecule.yml index 9360997..d4245c2 100644 --- a/molecule/wsl/molecule.yml +++ b/molecule/wsl/molecule.yml @@ -26,4 +26,3 @@ lint: | verifier: name: ansible - diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2 index 8749fc1..04a8284 100644 --- a/templates/ansible_vars_goss.yml.j2 +++ b/templates/ansible_vars_goss.yml.j2 @@ -9,7 +9,6 @@ benchmark_version: '1.0.0' # If run via script this is discovered and set host_os_distribution: {{ ansible_distribution | lower }} - # timeout for each command to run where set - default = 10seconds/10000ms timeout_ms: 60000 @@ -127,7 +126,6 @@ rhel9cis_rule_1_9: {{ rhel9cis_rule_1_9 }} # Ensure system-wide crypto policy is not legacy rhel9cis_rule_1_10: {{ rhel9cis_rule_1_10 }} - # section 2 # Services # 2.1 Time Synchronization @@ -191,7 +189,6 @@ rhel9cis_rule_3_4_2_5: {{ rhel9cis_rule_3_4_2_5 }} rhel9cis_rule_3_4_2_6: {{ rhel9cis_rule_3_4_2_6 }} rhel9cis_rule_3_4_2_7: {{ rhel9cis_rule_3_4_2_7 }} - # Section 4 rules # 4.1 Configure System Accounting rhel9cis_rule_4_1_1_1: {{ rhel9cis_rule_4_1_1_1 }} @@ -265,7 +262,6 @@ rhel9cis_rule_4_2_3: {{ rhel9cis_rule_4_2_3 }} # 4.3 Logrotate rhel9cis_rule_4_3: {{ rhel9cis_rule_4_3 }} - # Section 5 # Authentication and Authorization # 5.1 Configure time-based job schedulers @@ -450,7 +446,6 @@ rhel9cis_nft_tables_autonewtable: {{ rhel9cis_nft_tables_autonewtable }} rhel9cis_nft_tables_tablename: {{ rhel9cis_nft_tables_tablename }} rhel9cis_nft_tables_autochaincreate: {{ rhel9cis_nft_tables_autochaincreate }} - # Section 4 ## Set if host is a logserver @@ -486,7 +481,6 @@ rhel9cis_authselect: custom_profile_name: {{ rhel9cis_authselect['custom_profile_name'] }} default_file_to_copy: {{ rhel9cis_authselect['default_file_to_copy'] }} - ## 5.4.1 Enable automation to create custom profile settings, using the setings above rhel9cis_authselect_custom_profile_create: {{ rhel9cis_authselect_custom_profile_create }} diff --git a/templates/etc/dconf/db/00-screensaver.j2 b/templates/etc/dconf/db/00-screensaver.j2 index 0b9f686..822b33d 100644 --- a/templates/etc/dconf/db/00-screensaver.j2 +++ b/templates/etc/dconf/db/00-screensaver.j2 @@ -2,7 +2,6 @@ # Added as part of ansible-lockdown CIS baseline # provided by MindPointGroup LLC - # Specify the dconf path [org/gnome/desktop/session] diff --git a/templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 b/templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 index 8bd0157..11b3e2a 100644 --- a/templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 +++ b/templates/etc/sysctl.d/60-kernel_sysctl.conf.j2 @@ -1,8 +1,7 @@ ## This file is managed by Ansible, YOUR CHANGES WILL BE LOST! - {% if rhel9cis_rule_1_5_3 %} # Kernel sysctl # CIS 1.5.3 kernel.randomize_va_space = 2 -{% endif %} \ No newline at end of file +{% endif %} From be5c3659ce72deb7817bb247cde330f9e0facc97 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 17:07:06 +0000 Subject: [PATCH 2/6] updated inline with galaxy Signed-off-by: Mark Bolwell --- .yamllint | 46 +++++++++++++++++----------------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/.yamllint b/.yamllint index cd5533e..1708d26 100644 --- a/.yamllint +++ b/.yamllint @@ -1,33 +1,21 @@ --- +# Based on ansible-lint config extends: default -ignore: | - tests/ - molecule - .github - .gitlab-ci.yml - *molecule.yml - rules: - indentation: - # Requiring 4 space indentation - spaces: 4 - # Requiring consistent indentation within a file, either indented or not - indent-sequences: consistent - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - empty-lines: - max: 1 - line-length: disable - key-duplicates: enable - new-line-at-end-of-file: enable - new-lines: - type: unix - trailing-spaces: enable - truthy: - allowed-values: ['true', 'false'] - check-keys: false + braces: {max-spaces-inside: 1, level: error} + brackets: {max-spaces-inside: 1, level: error} + colons: {max-spaces-after: -1, level: error} + commas: {max-spaces-after: -1, level: error} + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: {max: 3, level: error} + hyphens: {level: error} + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: {type: unix} + trailing-spaces: disable + truthy: disable From 5f84600b4e73140fc8a684d7c12e0c6c687d414c Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 17:07:15 +0000 Subject: [PATCH 3/6] removed empty lines Signed-off-by: Mark Bolwell --- molecule/default/molecule.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 55a6274..424d08d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -31,4 +31,3 @@ lint: | verifier: name: ansible - From 7492f5a5783f4520d2dc94668a6ddd739d6de800 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 17:08:21 +0000 Subject: [PATCH 4/6] updated Signed-off-by: Mark Bolwell --- Changelog.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Changelog.md b/Changelog.md index 6fb56c4..0560901 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,10 @@ # Changes to rhel9CIS +## 1.0.6 + +updated ymlalint as galaxy doenst honouyr local settings +removed empty lines in files + ## 1.0.5 updated yamllint From 49d71ffc8044d8c79f6fc57ef98040fb19f76b81 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 17:28:21 +0000 Subject: [PATCH 5/6] updated for identation Signed-off-by: Mark Bolwell --- .yamllint | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.yamllint b/.yamllint index 1708d26..5dc8a98 100644 --- a/.yamllint +++ b/.yamllint @@ -12,7 +12,11 @@ rules: document-start: disable empty-lines: {max: 3, level: error} hyphens: {level: error} - indentation: disable + indentation: + # Requiring 4 space indentation + spaces: 4 + # Requiring consistent indentation within a file, either indented or not + indent-sequences: consistent key-duplicates: enable line-length: disable new-line-at-end-of-file: disable From 6fdb18aece126e315e2d49be47df0ed93d8d7fde Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 21 Mar 2023 17:28:40 +0000 Subject: [PATCH 6/6] Lint for galaxy Signed-off-by: Mark Bolwell --- .github/workflows/linux_benchmark_testing.yml | 170 +++++++++--------- .github/workflows/update_galaxy.yml | 20 +-- molecule/default/converge.yml | 34 ++-- molecule/default/molecule.yml | 40 ++--- molecule/default/verify.yml | 10 +- molecule/localhost/converge.yml | 12 +- molecule/localhost/molecule.yml | 34 ++-- molecule/localhost/verify.yml | 10 +- molecule/wsl/converge.yml | 30 ++-- molecule/wsl/molecule.yml | 32 ++-- molecule/wsl/verify.yml | 10 +- 11 files changed, 201 insertions(+), 201 deletions(-) diff --git a/.github/workflows/linux_benchmark_testing.yml b/.github/workflows/linux_benchmark_testing.yml index 8d26a35..ca8c237 100644 --- a/.github/workflows/linux_benchmark_testing.yml +++ b/.github/workflows/linux_benchmark_testing.yml @@ -6,106 +6,106 @@ name: linux_benchmark_pipeline # Triggers the workflow on push or pull request # events but only for the devel branch on: - pull_request_target: - types: [opened, reopened, synchronize] - branches: - - devel - - main - paths: - - '**.yml' - - '**.sh' - - '**.j2' - - '**.ps1' - - '**.cfg' + pull_request_target: + types: [opened, reopened, synchronize] + branches: + - devel + - main + paths: + - '**.yml' + - '**.sh' + - '**.j2' + - '**.ps1' + - '**.cfg' # A workflow run is made up of one or more jobs # that can run sequentially or in parallel jobs: # This will create messages for first time contributers and direct them to the Discord server - welcome: - runs-on: ubuntu-latest + welcome: + runs-on: ubuntu-latest - steps: - - uses: actions/first-interaction@main - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - pr-message: |- - Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown! - Please join in the conversation happening on the [Discord Server](https://discord.io/ansible-lockdown) as well. - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest + steps: + - uses: actions/first-interaction@main + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + pr-message: |- + Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown! + Please join in the conversation happening on the [Discord Server](https://discord.io/ansible-lockdown) as well. + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest - env: - ENABLE_DEBUG: false - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, - # so your job can access it - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Add_ssh_key - working-directory: .github/workflows env: - SSH_AUTH_SOCK: /tmp/ssh_agent.sock - PRIVATE_KEY: "${{ secrets.SSH_PRV_KEY }}" - run: | - mkdir .ssh - chmod 700 .ssh - echo $PRIVATE_KEY > .ssh/github_actions.pem - chmod 600 .ssh/github_actions.pem + ENABLE_DEBUG: false + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, + # so your job can access it + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Add_ssh_key + working-directory: .github/workflows + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + PRIVATE_KEY: "${{ secrets.SSH_PRV_KEY }}" + run: | + mkdir .ssh + chmod 700 .ssh + echo $PRIVATE_KEY > .ssh/github_actions.pem + chmod 600 .ssh/github_actions.pem ### Build out the server - - name: Terraform_Init - working-directory: .github/workflows - run: terraform init + - name: Terraform_Init + working-directory: .github/workflows + run: terraform init - - name: Terraform_Validate - working-directory: .github/workflows - run: terraform validate + - name: Terraform_Validate + working-directory: .github/workflows + run: terraform validate - - name: Terraform_Apply - working-directory: .github/workflows - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - run: terraform apply -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false + - name: Terraform_Apply + working-directory: .github/workflows + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: terraform apply -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false -## Debug Section - - name: DEBUG - Show Ansible hostfile - if: env.ENABLE_DEBUG == 'true' - working-directory: .github/workflows - run: cat hosts.yml + ## Debug Section + - name: DEBUG - Show Ansible hostfile + if: env.ENABLE_DEBUG == 'true' + working-directory: .github/workflows + run: cat hosts.yml -# Aws deployments taking a while to come up insert sleep or playbook fails + # Aws deployments taking a while to come up insert sleep or playbook fails - - name: Sleep for 60 seconds - run: sleep 60s - shell: bash + - name: Sleep for 60 seconds + run: sleep 60s + shell: bash -# Run the ansible playbook - - name: Run_Ansible_Playbook - uses: arillso/action.playbook@master - with: - playbook: site.yml - inventory: .github/workflows/hosts.yml - galaxy_file: collections/requirements.yml - private_key: ${{ secrets.SSH_PRV_KEY }} -# verbose: 3 - env: - ANSIBLE_HOST_KEY_CHECKING: "false" - ANSIBLE_DEPRECATION_WARNINGS: "false" + # Run the ansible playbook + - name: Run_Ansible_Playbook + uses: arillso/action.playbook@master + with: + playbook: site.yml + inventory: .github/workflows/hosts.yml + galaxy_file: collections/requirements.yml + private_key: ${{ secrets.SSH_PRV_KEY }} + # verbose: 3 + env: + ANSIBLE_HOST_KEY_CHECKING: "false" + ANSIBLE_DEPRECATION_WARNINGS: "false" -# Remove test system - User secrets to keep if necessary + # Remove test system - User secrets to keep if necessary - - name: Terraform_Destroy - working-directory: .github/workflows - if: always() && env.ENABLE_DEBUG == 'false' - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - run: terraform destroy -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false + - name: Terraform_Destroy + working-directory: .github/workflows + if: always() && env.ENABLE_DEBUG == 'false' + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + run: terraform destroy -var-file "github_vars.tfvars" -var-file "OS.tfvars" --auto-approve -input=false diff --git a/.github/workflows/update_galaxy.yml b/.github/workflows/update_galaxy.yml index 5b30b64..951a53c 100644 --- a/.github/workflows/update_galaxy.yml +++ b/.github/workflows/update_galaxy.yml @@ -7,15 +7,15 @@ name: update galaxy # Controls when the action will run. # Triggers the workflow on merge request events to the main branch on: - push: - branches: - - main + push: + branches: + - main jobs: update_role: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: robertdebock/galaxy-action@master - with: - galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} - git_branch: main + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: robertdebock/galaxy-action@master + with: + galaxy_api_key: ${{ secrets.GALAXY_API_KEY }} + git_branch: main diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index d558e80..a4685bc 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -5,23 +5,23 @@ gather_facts: true vars: - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" - ansible_user: root - system_is_container: true - rhel9cis_selinux_disable: true - rhel9cis_rule_5_3_4: false - rhel9cis_rule_1_1_10: false - rhel9cis_firewall: "none" - rhel9cis_rule_4_1_1_1: false - rhel9cis_rule_4_1_1_2: false - rhel9cis_rule_4_1_1_3: false - rhel9cis_rule_4_1_1_4: false - rhel9cis_rule_4_2_1_2: false - rhel9cis_rule_4_2_1_4: false - rhel9cis_rule_5_1_1: false + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + ansible_user: root + system_is_container: true + rhel9cis_selinux_disable: true + rhel9cis_rule_5_3_4: false + rhel9cis_rule_1_1_10: false + rhel9cis_firewall: "none" + rhel9cis_rule_4_1_1_1: false + rhel9cis_rule_4_1_1_2: false + rhel9cis_rule_4_1_1_3: false + rhel9cis_rule_4_1_1_4: false + rhel9cis_rule_4_2_1_2: false + rhel9cis_rule_4_2_1_4: false + rhel9cis_rule_5_1_1: false pre_tasks: tasks: - - name: "Include tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" + - name: "Include tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 424d08d..add4f44 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -3,31 +3,31 @@ # https://molecule.readthedocs.io/en/latest/ driver: - name: docker + name: docker platforms: - - name: ubi9 - image: registry.access.redhat.com/ubi9/ubi-init - pre_build_image: true - volumes: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - privileged: true - command: "/usr/sbin/init" - capabilities: - - SYS_ADMIN + - name: ubi9 + image: registry.access.redhat.com/ubi9/ubi-init + pre_build_image: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + command: "/usr/sbin/init" + capabilities: + - SYS_ADMIN provisioner: - name: ansible - config_options: - defaults: - interpreter_python: auto_silent - callbacks_enabled: profile_tasks, timer + name: ansible + config_options: + defaults: + interpreter_python: auto_silent + callbacks_enabled: profile_tasks, timer lint: | - set -e - yamllint . - ansible-lint - flake8 + set -e + yamllint . + ansible-lint + flake8 verifier: - name: ansible + name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 5c57ab4..936d5a8 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -4,10 +4,10 @@ gather_facts: false vars: - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" tasks: - - name: "Include verify tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" - tasks_from: verify + - name: "Include verify tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" + tasks_from: verify diff --git a/molecule/localhost/converge.yml b/molecule/localhost/converge.yml index 99e344b..aebb717 100644 --- a/molecule/localhost/converge.yml +++ b/molecule/localhost/converge.yml @@ -6,12 +6,12 @@ gather_facts: true vars: - ansible_user: "{{ lookup('env', 'USER') }}" - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" - rhel9cis_rule_5_3_4: false + ansible_user: "{{ lookup('env', 'USER') }}" + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + rhel9cis_rule_5_3_4: false pre_tasks: tasks: - - name: "Include tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" + - name: "Include tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" diff --git a/molecule/localhost/molecule.yml b/molecule/localhost/molecule.yml index ea458f1..6b49944 100644 --- a/molecule/localhost/molecule.yml +++ b/molecule/localhost/molecule.yml @@ -3,27 +3,27 @@ # https://molecule.readthedocs.io/en/latest/ driver: - name: delegated - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: delegated + options: + managed: false + ansible_connection_options: + ansible_connection: local platforms: - - name: localhost + - name: localhost provisioner: - name: ansible - config_options: - defaults: - interpreter_python: auto_silent - stdout_callback: yaml - callbacks_enabled: profile_tasks, timer + name: ansible + config_options: + defaults: + interpreter_python: auto_silent + stdout_callback: yaml + callbacks_enabled: profile_tasks, timer lint: | - set -e - yamllint . - ansible-lint - flake8 + set -e + yamllint . + ansible-lint + flake8 verifier: - name: ansible + name: ansible diff --git a/molecule/localhost/verify.yml b/molecule/localhost/verify.yml index 58afa46..31cc859 100644 --- a/molecule/localhost/verify.yml +++ b/molecule/localhost/verify.yml @@ -5,10 +5,10 @@ become: true vars: - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" tasks: - - name: "Include verify tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" - tasks_from: verify + - name: "Include verify tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" + tasks_from: verify diff --git a/molecule/wsl/converge.yml b/molecule/wsl/converge.yml index 92be822..5128600 100644 --- a/molecule/wsl/converge.yml +++ b/molecule/wsl/converge.yml @@ -6,21 +6,21 @@ gather_facts: true vars: - ansible_user: "{{ lookup('env', 'USER') }}" - system_is_container: true - rhel8cis_selinux_disable: true - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" - rhel8cis_rule_5_3_4: false - rhel8cis_rule_1_1_10: false - rhel8cis_rsyslog_ansiblemanaged: false - rhel8cis_rule_3_4_1_3: false - rhel8cis_rule_3_4_1_4: false - rhel8cis_rule_4_2_1_2: false - rhel8cis_rule_4_2_1_4: false - rhel8cis_rule_5_1_1: false + ansible_user: "{{ lookup('env', 'USER') }}" + system_is_container: true + rhel8cis_selinux_disable: true + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + rhel8cis_rule_5_3_4: false + rhel8cis_rule_1_1_10: false + rhel8cis_rsyslog_ansiblemanaged: false + rhel8cis_rule_3_4_1_3: false + rhel8cis_rule_3_4_1_4: false + rhel8cis_rule_4_2_1_2: false + rhel8cis_rule_4_2_1_4: false + rhel8cis_rule_5_1_1: false pre_tasks: tasks: - - name: "Include tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" + - name: "Include tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" diff --git a/molecule/wsl/molecule.yml b/molecule/wsl/molecule.yml index d4245c2..20cb713 100644 --- a/molecule/wsl/molecule.yml +++ b/molecule/wsl/molecule.yml @@ -3,26 +3,26 @@ # https://molecule.readthedocs.io/en/latest/ driver: - name: delegated - options: - managed: false - ansible_connection_options: - ansible_connection: local + name: delegated + options: + managed: false + ansible_connection_options: + ansible_connection: local platforms: - - name: localhost + - name: localhost provisioner: - name: ansible - config_options: - defaults: - interpreter_python: auto_silent - callbacks_enabled: profile_tasks, timer + name: ansible + config_options: + defaults: + interpreter_python: auto_silent + callbacks_enabled: profile_tasks, timer lint: | - set -e - yamllint . - ansible-lint - flake8 + set -e + yamllint . + ansible-lint + flake8 verifier: - name: ansible + name: ansible diff --git a/molecule/wsl/verify.yml b/molecule/wsl/verify.yml index 5c57ab4..936d5a8 100644 --- a/molecule/wsl/verify.yml +++ b/molecule/wsl/verify.yml @@ -4,10 +4,10 @@ gather_facts: false vars: - role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" + role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" tasks: - - name: "Include verify tasks" - ansible.builtin.include_role: - name: "{{ role_name }}" - tasks_from: verify + - name: "Include verify tasks" + ansible.builtin.include_role: + name: "{{ role_name }}" + tasks_from: verify