Merge pull request #274 from ansible-middleware/ssh_as_jenkins

Make playbook `become` unnecessary

README.md

@@ -92,7 +92,7 @@ To enable the collection to install JBoss Web Server from local archive files:
 
 > **Note:** By default, the collection installs the main application server archive only. If you also want to install the native archive, ensure that you copy the native archive file to your control node and set the `jws_native` variable to `True`.
 
-> **Note:** If you did not change the archive file names, you do not need to set the `zipfile_name` and `native_zipfile` variables. The collection uses the JBoss Web Server version to determine the default file names automatically. 
+> **Note:** If you did not change the archive file names, you do not need to set the `zipfile_name` and `native_zipfile` variables. The collection uses the JBoss Web Server version to determine the default file names automatically.
 
 4. If you also want to install the latest cumulative patches for the appropriate JBoss Web Server version, copy the archive files for the latest patch updates to your Ansible control node. Then set the `jws_apply_patches` variable to `True`:
 
@@ -114,7 +114,7 @@ If you want the collection to install JBoss Web Server from RPM packages, you mu
 
 - You have a working internet connection that the collection can use to obtain the RPM packages from Red Hat.
 
-> **Note:** When you enable the RPM installation method, the collection always installs the latest available RPM packages for the latest JBoss Web Server version, including any patch updates. 
+> **Note:** When you enable the RPM installation method, the collection always installs the latest available RPM packages for the latest JBoss Web Server version, including any patch updates.
 
 To enable the collection to install JBoss Web Server from RPM packages, set the `jws_install_method` variable to `rpm` on your Ansible control node:
 
@@ -286,7 +286,7 @@ For example:
         - ansible.builtin.copy:
            src: files/jolokia-war-1.7.1.war
            dest: "{{ jws_home }}/tomcat/webapps/"
-           remote_src: yes
+           remote_src: True
 
 - To deploy an application by using a symbolic link or hard link to the `.war` file, which avoids duplicating the file, use the [file:](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html) module:
 

molecule/ajp_or_https/prepare.yml

@@ -10,7 +10,10 @@
           - "{{ assets_server }}/webserver/5.6.0/jws-5.6.0-application-server.zip"
 
     - name: "Deploy https certificate"
-      become: yes
+      become: True
       ansible.builtin.copy:
         src: ./resources/keystore.jks
         dest: /etc/ssl/
+        mode: 0644
+        owner: root
+        group: root

molecule/force_install/converge.yml

@@ -8,6 +8,9 @@
       when:
         - "(lookup('env', 'PWD') | default('/opt') + '/jws-5.7.0-application-server.zip') is exists"
         - jws_version is defined
+  vars:
+    jws_apply_patches: False
+    jws_selinux_enabled: False
   roles:
     - role: middleware_automation.jws.jws
       jws_setup: true
@@ -16,3 +19,4 @@
       jws_service_systemd_type: forking
       jws_force_install: true
       jws_java_version: 11
+      jws_native: False

molecule/force_install/prepare.yml

@@ -2,7 +2,6 @@
 - name: Prepare
   hosts: all
   tasks:
-
     - name: "Run preparation common to all scenario"
       ansible.builtin.include_tasks: ../common_prepare.yml
       vars:
@@ -12,10 +11,11 @@
 
 - name: "Older version installation"
   hosts: all
+  vars:
+    jws_apply_patches: False
+    tomcat_version: 9.0.80
   vars_files:
     - ../../playbooks/vars.yml
-  collections:
-    - middleware_automation.jws
   pre_tasks:
     - name: "Set JWS version if resource available"
       ansible.builtin.set_fact:
@@ -24,5 +24,5 @@
         - "(lookup('env', 'PWD') | default('/opt') + '/jws-5.5.0-application-server.zip') is exists"
         - jws_version is defined
   roles:
-    - role: jws
-      tomcat_version: 9.0.80
+    - role: middleware_automation.jws.jws
+      jws_native: False

molecule/force_install/verify.yml

@@ -1,8 +1,11 @@
 ---
 - name: Verify
   hosts: instance
-  collections:
-    - middleware_automation.jws
+  vars:
+    jws_apply_patches: False
+    jws_java_version: 11
+    jws_native: False
+    jws_selinux_enabled: False
   pre_tasks:
     - name: "Set JWS version if resource available"
       ansible.builtin.set_fact:
@@ -11,5 +14,4 @@
         - "(lookup('env', 'PWD') | default('/opt') + '/jws-5.7.0-application-server.zip') is exists"
         - jws_version is defined
   roles:
-    - role: jws_validation
-      jws_java_version: 11
+    - role: middleware_automation.jws.jws_validation

molecule/override_server_xml/converge.yml

@@ -4,6 +4,8 @@
   vars:
     # following value set the jvmRoute attribute (specific to override template)
     jvm_route: jvm_route_1
+    jws_apply_patches: False
+    jws_selinux_enabled: False
   roles:
     - role: middleware_automation.jws.jws
       jws_home: /opt/custom
@@ -12,3 +14,4 @@
       jws_systemd_enabled: True
       jws_service_systemd_type: forking
       jws_java_version: 17
+      jws_native: False

molecule/override_server_xml/verify.yml

@@ -6,23 +6,23 @@
     jws_listen_https_port: 8443
     jws_listen_https_bind_address: localhost
     jvm_route: jvm_route_1
-  collections:
-    - middleware_automation.jws
+    jws_selinux_enabled: False
   roles:
-    - jws_validation
+    - middleware_automation.jws.jws_validation
   post_tasks:
-    - ansible.builtin.set_fact:
+    - name: "Set server.xml path relative to jws home"
+      ansible.builtin.set_fact:
         path_to_server_xml: "{{ jws_home }}/conf/server.xml"
 
     - name: "Read content of {{ path_to_server_xml }}"
-      become: yes
+      become: True
       ansible.builtin.slurp:
         src: "{{ path_to_server_xml }}"
       register: slurped_server_xml
 
     - name: "Extract content for slurped file and search for {{ jvm_route }}."
       ansible.builtin.set_fact:
-        matches: "{{ slurped_server_xml['content'] | b64decode | regex_findall(jvm_route)}}"
+        matches: "{{ slurped_server_xml['content'] | b64decode | regex_findall(jvm_route) }}"
 
     - name: "Checks that occurence of {{ jvm_route }} was found."
       ansible.builtin.assert:

molecule/preinstalledjdk/prepare.yml

@@ -12,13 +12,13 @@
 
   tasks:
     - name: "Prepare JDK for scenario"
-      become: yes
+      become: True
       block:
         - name: "Download JDK from {{ jdk_url }}"
           ansible.builtin.unarchive:
             src: "{{ jdk_url }}"
             dest: "{{ jdk_install_dir }}"
-            remote_src: yes
+            remote_src: True
 
         - name: "Ensure new JDK is registered as an alternatives for the java command."
           ansible.builtin.command: "update-alternatives --install /usr/bin/java java {{ jdk_home }}/bin/java 1"
@@ -30,6 +30,6 @@
           changed_when: False
           register: verify_jdk_install
 
-        - name: "test"
+        - name: "Test"
           ansible.builtin.debug:
             msg: "{{ verify_jdk_install }}"

molecule/preinstalledjdk/verify.yml

@@ -2,7 +2,5 @@
 - name: Verify
   hosts: all
   vars:
-  collections:
-    - middleware_automation.jws
   roles:
-    - jws_validation
+    - middleware_automation.jws.jws_validation

molecule/uninstall/converge.yml

@@ -8,9 +8,8 @@
 
 - name: "Red Hat JBoss Web Server uninstallation"
   hosts: all
-  collections:
-    - middleware_automation.jws
   post_tasks:
-    - include_role:
-        name: jws
+    - name: "Perform uninstall"
+      ansible.builtin.include_role:
+        name: middleware_automation.jws.jws
         tasks_from: uninstall.yml

molecule/uninstall/verify.yml

@@ -3,6 +3,7 @@
   hosts: all
   tasks:
     - name: Read info on /opt subdirs
+      become: True
       ansible.builtin.find:
         paths: /opt
         file_type: directory

playbooks/playbook.yml

@@ -5,4 +5,3 @@
     - vars.yml
   roles:
     - name: middleware_automation.jws.jws
-    - name: middleware_automation.jws.jws_validation

roles/jws/README.md

@@ -76,7 +76,7 @@ Role Defaults
 | `jws_shutdown_port`                      | Tomcat shutdown port                     | `8005`                                        |
 | `jws_listen_http_port`                   | Tomcat http listen port                  | `8080`                                        |
 | `jws_listen_http_bind_address`           | Service bind address                     | `localhost`                                   |
-| `jws_listen_http_enabled`                | Enable listening on http port            | `yes`                                         |
+| `jws_listen_http_enabled`                | Enable listening on http port            | `True`                                         |
 | `jws_listen_https_port`                  | Enable listening on https port           | `8443`                                        |
 | `jws_listen_https_bind_address`          | Bind address for https                   | `::1`                                         |
 | `jws_listen_https_enabled`               | Enable listening on https port           | `false`                                       |
@@ -162,4 +162,3 @@ Example Playbook
   roles:
     - middleware_automation.jws.jws
 ```
-

roles/jws/defaults/main.yml

@@ -30,8 +30,9 @@ jws_offline_install: False
 jws_archive_repository: "{{ lookup('env', 'PWD') | default('/opt') }}"
 # following var is only used by the URL mode of installation
 jws_apache_archive_download_url_prefix: 'https://archive.apache.org/dist/tomcat/tomcat-'
-jws_install_download_archive_require_privilege_escalation: yes
-jws_install_unarchive_require_privilege_escalation: yes
+jws_install_download_archive_require_privilege_escalation: True
+jws_install_unarchive_require_privilege_escalation: True
+
 # Default version of Apache Tomcat to use if no version is provided
 tomcat_version: 10.1.13
 # Switch to True if you want to also download native bits
@@ -116,7 +117,7 @@ jws_service_name: "{{ (jws_install_method == 'rpm') | ternary(jws_rpm_service_na
 jws_service_systemd: "/usr/lib/systemd/system/{{ jws_service_name }}.service"
 jws_service_systemd_type: "simple"
 jws_selinux_enabled: False
-jws_selinux_policy_require_priv_escalation: yes
+jws_selinux_policy_require_priv_escalation: True
 
 jws_firewalld_package_name:
   - firewalld

roles/jws/handlers/main.yml

@@ -17,9 +17,9 @@
   changed_when: restorecon.stdout_lines | length > 0
 
 - name: Reload Systemd
-  become: yes
+  become: True
   ansible.builtin.systemd:
-    daemon_reload: yes
+    daemon_reload: True
   when:
     - jws.service is defined
     - jws.service.enabled is defined
@@ -43,7 +43,7 @@
   listen: "Stop Tomcat service"
 
 - name: "Restart {{ jws.service.hr_name }} service"
-  become: yes
+  become: True
   ansible.builtin.service:
     name: "{{ jws.service.name }}"
     state: restarted

roles/jws/meta/argument_specs.yml

@@ -25,11 +25,11 @@ argument_specs:
                 description: "Whether to perform an offline installation"
                 type: "bool"
             jws_install_download_archive_require_privilege_escalation:
-                default: yes
+                default: True
                 description: "Whether or not to become root to donwload the archive"
                 type: "bool"
             jws_install_unarchive_require_privilege_escalation:
-                default: yes
+                default: True
                 description: "Whether or not to become root to decompress the archive"
                 type: "bool"
             jws_rpm:
@@ -58,7 +58,7 @@ argument_specs:
                 description: "Enable selinux policy enforcement for JWS"
                 type: "bool"
             jws_selinux_policy_require_priv_escalation:
-                default: yes
+                default: True
                 description: "Specifies whether or not SE Linux manipulation requires privilege escalation (sudo)."
                 type: "bool"
             jws_dependencies_list:

roles/jws/tasks/apply_cp/checksum.yml

@@ -7,6 +7,7 @@
     - name: "Load data on downloaded file: {{ jws_install_dir }}/{{ patch_bundle }}."
       ansible.builtin.stat:
         path: "{{ jws_install_dir }}/{{ patch_bundle }}"
+      become: True
       register: downloaded_file_metadata
 
     - name: "Verify that file checksum {{ downloaded_file_metadata.stat.checksum }} with provided one: {{ patch_checksum }}."

roles/jws/tasks/apply_cp/copy_cp_on_target_and_checksum.yml

@@ -21,6 +21,7 @@
 - name: "Check deployed patch state"
   ansible.builtin.stat:
     path: "{{ jws_install_dir }}/{{ patch_bundle }}"
+  become: True
   register: patch_info
 
 - name: "Set patch checksum"
@@ -34,6 +35,7 @@
 - name: "Check {{ patch_checksum_file }} state"
   ansible.builtin.stat:
     path: "{{ patch_checksum_file }}"
+  become: True
   register: last_patch_status
 
 - name: "Print information message if patch has already been applied"

roles/jws/tasks/apply_cp/download_from_rhn.yml

@@ -1,7 +1,7 @@
 ---
 - name: Perform patch download from RHN via JBossNetwork API
   delegate_to: localhost
-  run_once: yes
+  run_once: True
   when:
     - jws_apply_patches
     - not jws_offline_install
@@ -22,15 +22,15 @@
       when:
         - rhn_products.results is defined and rhn_products.results | length > 0
       delegate_to: localhost
-      run_once: yes
+      run_once: True
 
     - name: Determine latest version
       ansible.builtin.set_fact:
         jws_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
       when:
         - rhn_products.results is defined and rhn_products.results | length > 0
       delegate_to: localhost
-      run_once: yes
+      run_once: True
 
     - name: Determine install zipfile from search results
       ansible.builtin.set_fact:
@@ -42,7 +42,7 @@
         - jws_patch_version is not defined or jws_patch_version | length == 0
         - rhn_products.results is defined and rhn_products.results | length > 0
       delegate_to: localhost
-      run_once: yes
+      run_once: True
 
     - name: "Compute patch to apply (if any)."
       when:
@@ -56,7 +56,7 @@
             patch_version: "{{ jws_patch_version }}"
           when: jws_patch_version is defined and jws_patch_version | length > 0
           delegate_to: localhost
-          run_once: yes
+          run_once: True
 
         - name: Check latest version against requested version
           ansible.builtin.set_fact:

roles/jws/tasks/apply_cp/perform_update.yml

@@ -8,7 +8,7 @@
       ansible.builtin.unarchive:
         src: "{{ jws_install_dir }}/{{ patch_bundle }}"
         dest: "{{ jws.install_dir }}"
-        remote_src: yes
+        remote_src: True
         owner: "{{ jws.user | default(omit) }}"
         group: "{{ jws.group | default(omit) }}"
         mode: 0750

roles/jws/tasks/firewalld.yml

@@ -20,10 +20,11 @@
     enabled: true
 
 - name: "Ensure firewalld allows communication over {{ jws_listen_http_port }}."
+  become: True
   ansible.posix.firewalld:
     port: "{{ jws_listen_http_port }}/tcp"
     permanent: true
     state: enabled
-    immediate: yes
+    immediate: True
   when:
     - jws_listen_http_port is defined

roles/jws/tasks/install/download_from_rhn.yml

@@ -1,7 +1,7 @@
 ---
 - name: Perform download from RHN using JBoss Network API
   delegate_to: localhost
-  run_once: yes
+  run_once: True
   become: "{{ rhn_download_become | default(False) }}"
   when:
     - not jws_offline_install
@@ -20,7 +20,7 @@
       ansible.builtin.set_fact:
         rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + path_to_zipfile_local | basename + '$') }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: True
 
     - name: Download Red Hat JWS
       ansible.builtin.include_tasks: rhn/download.yml