Merge pull request #3222 from edx/arbab/certs-rewrite

proper YAML syntax for rewriting ansible tasks

playbooks/roles/certs/tasks/deploy.yml

 ---
-
-- name: create certificate application config
-  template: >
-    src=certs.env.json.j2
-    dest={{ certs_app_dir }}/env.json
-  become_user: "{{ certs_user }}"
-
-- name: create certificate auth file
-  template: >
-    src=certs.auth.json.j2
-    dest={{ certs_app_dir }}/auth.json
+- name: Create certificate application config and auth file
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ certs_app_dir }}/{{ item.dest }}"
+  with_items:
+    - { src: 'certs.env.json.j2', dest: 'env.json' }
+    - { src: 'certs.auth.json.j2', dest: 'auth.json' }
   become_user: "{{ certs_user }}"
 
-- name: writing supervisor script for certificates
-  template: >
-    src=certs.conf.j2 dest={{ supervisor_available_dir }}/certs.conf
-    owner={{ supervisor_user }} mode=0644
+- name: Writing supervisor script for certificates
+  template:
+    src: certs.conf.j2
+    dest: "{{ supervisor_available_dir }}/certs.conf"
+    owner: "{{ supervisor_user }}"
+    mode: "0644"
 
-- name: enable supervisor script for certificates
-  file: >
-    src={{ supervisor_available_dir }}/certs.conf
-    dest={{ supervisor_cfg_dir }}/certs.conf
-    owner={{ supervisor_user }}
-    state=link
-    force=yes
-    mode=0644
+- name: Enable supervisor script for certificates
+  file:
+    src: "{{ supervisor_available_dir }}/certs.conf"
+    dest: "{{ supervisor_cfg_dir }}/certs.conf"
+    owner: "{{ supervisor_user }}"
+    state: link
+    force: yes
+    mode: "0644"
   when: not disable_edx_services
 
-- name: create ssh script for git
-  template: >
-    src={{ certs_git_ssh|basename }}.j2 dest={{ certs_git_ssh }}
-    owner={{ certs_user }} mode=750
+- name: Create ssh script for git
+  template:
+    src: "{{ certs_git_ssh | basename }}.j2"
+    dest: "{{ certs_git_ssh }}"
+    owner: "{{ certs_user }}"
+    mode: "0750"
 
 # This key is only needed if you are pulling down a private
 # certificates repo
-- name: install read-only ssh key for the certs repo
-  copy: >
-    content="{{ CERTS_GIT_IDENTITY }}" dest={{ certs_git_identity }}
-    force=yes owner={{ certs_user }} mode=0600
+- name: Install read-only ssh key for the certs repo
+  copy:
+    content: "{{ CERTS_GIT_IDENTITY }}"
+    dest: "{{ certs_git_identity }}"
+    force: yes
+    owner: "{{ certs_user }}"
+    mode: "0600"
   when: CERTS_GIT_IDENTITY != "none"
 
-- name: checkout certificates repo into {{ certs_code_dir }}
-  git_2_0_1: >
-    dest={{ certs_code_dir }} repo={{ CERTS_REPO }} version={{ certs_version }}
-    accept_hostkey=yes
+- name: "Checkout certificates repo into {{ certs_code_dir }}"
+  git_2_0_1:
+    dest: "{{ certs_code_dir }}"
+    repo: "{{ CERTS_REPO }}"
+    version: "{{ certs_version }}"
+    accept_hostkey: yes
   become_user: "{{ certs_user }}"
   environment:
     GIT_SSH: "{{ certs_git_ssh }}"
   register: certs_checkout
   when: CERTS_GIT_IDENTITY != "none"
 
-- name: checkout certificates repo into {{ certs_code_dir }}
-  git_2_0_1: >
-    dest={{ certs_code_dir }} repo={{ CERTS_REPO }} version={{ certs_version }}
-    accept_hostkey=yes
+- name: Checkout certificates repo into {{ certs_code_dir }}
+  git_2_0_1:
+    dest: "{{ certs_code_dir }}"
+    repo: "{{ CERTS_REPO }}"
+    version: "{{ certs_version }}"
+    accept_hostkey: yes
   become_user: "{{ certs_user }}"
   register: certs_checkout
   when: CERTS_GIT_IDENTITY == "none"
 
-- name: remove read-only ssh key for the certs repo
-  file: path={{ certs_git_identity }} state=absent
+- name: Remove read-only ssh key for the certs repo
+  file:
+    path: "{{ certs_git_identity }}"
+    state: absent
   when: CERTS_GIT_IDENTITY != "none"
 
-- name : install python requirements
-  pip: >
-    requirements="{{ certs_requirements_file }}" virtualenv="{{ certs_venv_dir }}" state=present
-    extra_args="-i {{ COMMON_PYPI_MIRROR_URL }}"
+- name: Install python requirements
+  pip:
+    requirements: "{{ certs_requirements_file }}"
+    virtualenv: "{{ certs_venv_dir }}"
+    state: present
+    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
   become_user: "{{ certs_user }}"
 
   # call supervisorctl update. this reloads
@@ -73,38 +84,40 @@
   # the services if any of the configurations
   # have changed.
   #
-- name: update supervisor configuration
+- name: Update supervisor configuration
   shell:  "{{ supervisor_ctl }} -c {{ supervisor_cfg }} update"
   register: supervisor_update
   become_user: "{{ supervisor_service_user }}"
   changed_when: supervisor_update.stdout is defined and supervisor_update.stdout != ""
   when: not disable_edx_services
 
-- name: ensure certs has started
-  supervisorctl: >
-    name=certs
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=started
+- name: Ensure certs has started
+  supervisorctl:
+    name: certs
+    supervisorctl_path: "{{ supervisor_ctl }}"
+    config: "{{ supervisor_cfg }}"
+    state: started
   become_user: "{{ supervisor_service_user }}"
   when: not disable_edx_services
 
-- name: create a symlink for venv python
-  file: >
-    src="{{ certs_venv_bin }}/{{ item }}"
-    dest={{ COMMON_BIN_DIR }}/{{ item }}.certs
-    state=link
+- name: Create a symlink for venv python
+  file:
+    src: "{{ certs_venv_bin }}/{{ item }}"
+    dest: "{{ COMMON_BIN_DIR }}/{{ item }}.certs"
+    state: link
   with_items:
-  - python
-  - pip
+    - python
+    - pip
 
-- include: tag_ec2.yml tags=deploy
+- include: tag_ec2.yml
   when: COMMON_TAG_EC2_INSTANCE
+  tags:
+    - deploy
 
-- name: restart certs
-  supervisorctl: >
-    name=certs
-    supervisorctl_path={{ supervisor_ctl }}
-    config={{ supervisor_cfg }}
-    state=restarted
+- name: Restart certs
+  supervisorctl:
+    name: certs
+    supervisorctl_path: "{{ supervisor_ctl }}"
+    config: "{{ supervisor_cfg }}"
+    state: restarted
   when: not disable_edx_services

playbooks/roles/certs/tasks/main.yml

@@ -31,19 +31,19 @@
 #     - supervisor
 #     - certs
 #
-- name: create application user
-  user: >
-    name="{{ certs_user }}"
-    home="{{ certs_app_dir }}"
-    createhome=no
-    shell=/bin/false
+- name: Create application user
+  user:
+    name: "{{ certs_user }}"
+    home: "{{ certs_app_dir }}"
+    createhome: no
+    shell: /bin/false
 
-- name: create certs app dirs
-  file: >
-    path="{{ item }}"
-    state=directory
-    owner="{{ certs_user }}"
-    group="{{ common_web_group }}"
+- name: Create certs app dirs
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ certs_user }}"
+    group: "{{ common_web_group }}"
   with_items:
     - "{{ certs_app_dir }}"
     # needed for the ansible 1.5 git module
@@ -54,42 +54,46 @@
 # The certs web root must be owned
 # by the web user so the certs service
 # can write files there.
-- name: create certs web root
-  file: >
-    path="{{ CERTS_WEB_ROOT }}"
-    state=directory
-    owner="{{ common_web_group }}"
-    group="{{ certs_user }}"
+- name: Create certs web root
+  file:
+    path: "{{ CERTS_WEB_ROOT }}"
+    state: directory
+    owner: "{{ common_web_group }}"
+    group: "{{ certs_user }}"
 
-- name: create certs gpg dir
-  file: >
-    path="{{ certs_gpg_dir }}" state=directory
-    owner="{{ common_web_user }}"
-    mode=0700
+- name: Create certs gpg dir
+  file:
+    path: "{{ certs_gpg_dir }}"
+    state: directory
+    owner: "{{ common_web_user }}"
+    mode: "0700"
 
-- name: copy the private gpg signing key
-  copy: >
-    src={{ CERTS_LOCAL_PRIVATE_KEY }}
-    dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
-    owner={{ common_web_user }} mode=0600
+- name: Copy the private gpg signing key
+  copy:
+    src: "{{ CERTS_LOCAL_PRIVATE_KEY }}"
+    dest: "{{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY | basename }}"
+    owner: "{{ common_web_user }}"
+    mode: "0600"
   register: certs_gpg_key
+  no_log: True
 
-- name: copy the pgp trust export
-  copy: >
-    content="{{ CERTS_OWNER_TRUST }}"
-    dest={{ certs_app_dir }}/trust.export
-    owner={{ common_web_user }} mode=0600
+- name: Copy the pgp trust export
+  copy:
+    content: "{{ CERTS_OWNER_TRUST }}"
+    dest: "{{ certs_app_dir }}/trust.export"
+    owner: "{{ common_web_user }}"
+    mode: "0600"
 
-- name: load the gpg key
-  shell: >
-    /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
-  sudo_user: "{{ common_web_user }}"
+- name: Load the gpg key
+  shell: "/usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY | basename }}"
+  become_user: "{{ common_web_user }}"
   when: certs_gpg_key.changed
 
-- name: import the trust export
-  shell: >
-    /usr/bin/gpg --homedir {{ certs_gpg_dir }} --import-ownertrust {{ certs_app_dir }}/trust.export
-  sudo_user: "{{ common_web_user }}"
+- name: Import the trust export
+  shell: "/usr/bin/gpg --homedir {{ certs_gpg_dir }} --import-ownertrust {{ certs_app_dir }}/trust.export"
+  become_user: "{{ common_web_user }}"
   when: certs_gpg_key.changed
 
-- include: deploy.yml tags=deploy
+- include: deploy.yml
+  tags:
+    - deploy

playbooks/roles/certs/tasks/tag_ec2.yml

 ---
 
-- name: get instance information
+- name: Get instance information
   action: ec2_facts
 
-- name: tag instance
-  ec2_tag: resource={{ ansible_ec2_instance_id }} region={{ ansible_ec2_placement_region }}
-  args:
+- name: Tag instance
+  ec2_tag:
+    resource: "{{ ansible_ec2_instance_id }}"
+    region: "{{ ansible_ec2_placement_region }}"
     tags:
       "version:certs" : "{{ CERT_REPO }} {{ certs_checkout.after|truncate(7,True,'') }}"
   when: certs_checkout.after is defined