From 22c48ea86be52de318cabef937901a54df2d9e20 Mon Sep 17 00:00:00 2001
From: Sebastien Perreault <sperreault@alesium.net>
Date: Fri, 1 Feb 2019 09:14:16 -0500
Subject: [PATCH] re-work + yamlint

---
 .travis.yml       |   4 +-
 defaults/main.yml |   3 +-
 meta/main.yml     | 161 ++++++----------------------------------------
 tasks/main.yml    |  43 ++++++++++---
 4 files changed, 59 insertions(+), 152 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 36bbf62..121cc49 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,7 +9,7 @@ sudo: false
 addons:
   apt:
     packages:
-    - python-pip
+      - python-pip
 
 install:
   # Install ansible
@@ -26,4 +26,4 @@ script:
   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
 
 notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/defaults/main.yml b/defaults/main.yml
index 9db786c..833ccd1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,9 +1,10 @@
 ---
 # defaults file for bvansomeren.cockpit
-cockpit_disable_tls: no
+cockpit_disable_tls: false
 cockpit_packages:
   - cockpit
   - cockpit-bridge
   - cockpit-machines
 cockpit_use_firewalld: false
+cockpit_use_selinux: false
 cockpit_listen_port: 9090
diff --git a/meta/main.yml b/meta/main.yml
index 4b526bf..d3e89b5 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,12 +1,13 @@
+---
 galaxy_info:
   author: Barry van Someren
-  description: 
+  description:
   company: CoffeeSprout ICT Services
-  
+
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
   # issue_tracker_url: http://example.com/issue/tracker
-  
+
   # Some suggested licenses:
   # - BSD (default)
   # - MIT
@@ -15,7 +16,7 @@ galaxy_info:
   # - Apache
   # - CC-BY
   license: BSD
-  
+
   min_ansible_version: 2.0
 
   # Optionally specify the branch Galaxy will use when accessing the GitHub
@@ -24,150 +25,28 @@ galaxy_info:
   # this branch. If travis integration is cofigured, only notification for this
   # branch will be accepted. Otherwise, in all cases, the repo's default branch
   # (usually master) will be used.
-  #github_branch:
-  
+  # github_branch:
+
   #
   # Below are all platforms currently available. Just uncomment
   # the ones that apply to your role. If you don't see your
   # platform on this list, let us know and we'll get it added!
   #
   platforms:
-  - name: EL
-    versions:
-  #  - all
-  #  - 5
-  #  - 6
-    - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Solaris
-  #  versions:
-  #  - all
-  #  - 10
-  #  - 11.0
-  #  - 11.1
-  #  - 11.2
-  #  - 11.3
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #  - 21
-  #  - 22
-  #  - 23
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: IOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: SmartOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: eos
-  #  versions:
-  #  - all
-  #  - Any
-  #- name: Windows
-  #  versions:
-  #  - all
-  #  - 2012R2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Junos
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 10.0
-  #  - 10.1
-  #  - 10.2
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #  - 9.3
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
-  #  - utopic
-  #  - vivid
-  #  - wily
-  #  - xenial
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
-  #- name: NXOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Debian
-  #  versions:
-  #  - all
-  #  - etch
-  #  - jessie
-  #  - lenny
-  #  - sid
-  #  - squeeze
-  #  - stretch
-  #  - wheezy
-  
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is
-    # a keyword that describes and categorizes the role.
-    # Users find roles by searching for tags. Be sure to
-    # remove the '[]' above if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of
-    # alphanumeric characters. Maximum 20 tags per role.
+    - name: EL
+      versions:
+        - 7
 
-dependencies: []
+  galaxy_tags: []
+  # List tags for your role here, one per line. A tag is
+  # a keyword that describes and categorizes the role.
+  # Users find roles by searching for tags. Be sure to
+  # remove the '[]' above if you add tags to this list.
+  #
+  # NOTE: A tag is limited to a single word comprised of
+  # alphanumeric characters. Maximum 20 tags per role.
+
+  dependencies: []
   # List your role dependencies here, one per line.
   # Be sure to remove the '[]' above if you add dependencies
   # to this list.
diff --git a/tasks/main.yml b/tasks/main.yml
index 0374704..4449831 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,16 +2,43 @@
 # tasks file for bvansomeren.cockpit
 
 - name: ensure cockpit is installed
-  package: 
-    name: "{{ item }}" 
+  package:
+    name: "{{ item }}"
     state: present
   loop: "{{ cockpit_packages }}"
 
 - name: disable cockpit internal TLS
-  ini_file: dest=/usr/lib/systemd/system/cockpit.service section=Service option=ExecStart value="/usr/libexec/cockpit-ws --no-tls"
+  ini_file:
+    dest: "/usr/lib/systemd/system/cockpit.service"
+    section: "Service"
+    option: "ExecStart"
+    value: "/usr/libexec/cockpit-ws --no-tls"
   register: systemd
   when: cockpit_disable_tls
 
+- name: change default listen port
+  block:
+    - ini_file:
+        dest: "/etc/systemd/system/cockpit.socket.d/listen.conf"
+        create: true
+        section: "Socket"
+        value: |
+          ListenStream=
+          ListenStream={{ cockpit_listen_port }}
+  when: cockpit_listen_port is not "9090"
+
+- name: do selinux change if required
+  block:
+    - package:
+        name: policycoreutils-python
+        state: present
+    - seport:
+        ports: "{{ cockpit_listen_port }}"
+        proto: tcp
+        setype: websm_port_t
+        state: present
+  when: cockpit_listen_port is not "9090" and cockpit_use_selinux
+
 - name: enable firewall
   firewalld:
     port: "{{ cockpit_listen_port }}/tcp"
@@ -20,9 +47,9 @@
     state: enabled
   when: cockpit_use_firewalld
 
-- name: reload systemd if unit file changed
-  command: systemctl daemon-reload
-  when: systemd.changed
-
 - name: ensure Cockpit is started
-  service: name=cockpit state=started enabled=yes
+  systemd:
+    name: "cockpit.socket"
+    state: "started"
+    enabled: true
+    daemon_reload: true