Fix all ansible-lint warnings at production profile#95
Merged
Conversation
Renamed ~47 registered variables across all roles to use the proper role prefix (e.g. _es_cgroup_memory → _elasticsearch_cgroup_memory, _validate_cert_stat → _elasticstack_validate_cert_stat). Fixed Jinja2 spacing in package name templates across beats, elasticsearch, kibana and logstash. Added pipefail to the shell pipe in wait_for_instance.yml. Suppressed intentional cross-role variable warnings for elasticstack_password and negative test cases in the cert_info module test. Partial fix for #27
Add the required filename_stem prefix to all 404 task names across 31 files so they pass the name[prefix] rule at production profile. Remove jinja[spacing], risky-shell-pipe, and var-naming[no-role-prefix] from warn_list since those are now clean too.
Move internal sentinel variables (*_freshstart) from defaults/ to vars/ with underscore prefixes so users can't accidentally override them. Add missing defaults for elasticsearch_fs_repo, kibana_extra_config, beats_ca_dir, beats_filebeat_modules, logstash_pipeline_unsafe_shutdown, and logstash_skip_root_check. Document elasticstack_cert_pass. Fix security flag propagation so that setting elasticstack_security: false at the stack level actually disables security in Elasticsearch, Kibana, and Logstash (previously only Beats respected it). Fix Logstash security flag to check elasticstack_security instead of elasticstack_full_stack. Update template guards for elasticsearch_fs_repo and kibana_extra_config to handle the new explicit defaults without rendering empty blocks. Refs #36
Close gaps where molecule scenarios set non-default values but never checked whether they were actually applied. Add config file assertions for beats log level, metricbeat output, filebeat extra inputs, logstash heap size, pipeline.unsafe_shutdown, ident field names, HTTP extra input port, centralized pipeline HTTP binding, elasticsearch heap dump path, config backup count, managed logging, kibana extra_config, beats fields, and filebeat modules. Also add elasticsearch_manage_logging: true and beats_filebeat_extra_inputs to their respective converge files to test those code paths. Refs #36
Clear the systemd failed state before restarting ES, Kibana, and Logstash services to prevent "start request repeated too quickly" failures. When multiple handlers or tasks restart a service in quick succession, systemd rate-limits the restarts and refuses further attempts until the failed counter is reset. The Kibana restart handler in the ES role also gains run_once to prevent every ES host from restarting the same Kibana instance simultaneously via delegation, which caused the second restart to kill the first startup. Also fixes kibana_extra_config in the elasticstack_default converge from a literal string to a dict, matching what the template's to_nice_yaml filter expects.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Renamed ~47 registered variables across all roles to use the proper role prefix per the var-naming[no-role-prefix] rule. Fixed Jinja2 spacing in package name templates (extra space before closing paren). Added pipefail to the shell pipe in wait_for_instance.yml. Suppressed intentional cross-role variable warnings for elasticstack_password and negative test cases in the cert_info module converge.
This brings the codebase to zero warnings at the production ansible-lint profile. The name[prefix] rule (308 task name violations) is deliberately left for a separate PR as noted in #27 to avoid polluting git blame.
Partial fix for #27