20 changed files with 121 additions and 217 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -1,6 +1,6 @@
 ---
 exclude_paths:
-  # - ./molecule
+  - ./molecule
  - ./.travis.yml
  - ./.github
 parseable: true
--- a/.gitignore
+++ b/.gitignore
@ -6,12 +6,10 @@ __pycache__
 .molecule
 .cache
 .venv
 .scannerwork
 *.iml
 .idea
 .project
 sonar-project.properties
 *.pyc
 **/.vscode
--- a/.yamllint
+++ b/.yamllint
@ -31,9 +31,3 @@ rules:
  new-lines:
    type: unix
  truthy: disable
  quoted-strings:
    quote-type: any
    required: only-when-needed
  key-ordering: disable
  document-end:
    present: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,30 +2,6 @@
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 ### [1.1.4](https://git.laurivan.com/Dev/ansible-role-sonarqube/compare/v1.1.3...v1.1.4) (2023-04-29)
 ### [1.1.3](https://git.laurivan.com/Dev/ansible-role-sonarqube/compare/v1.1.2...v1.1.3) (2023-04-28)
 ### Bug Fixes
 * Fix the DB healthcheck to use custom user. ([d509b4e](https://git.laurivan.com/Dev/ansible-role-sonarqube/commit/d509b4e788b40fd15708c721d6af55e68a922966))
 ### [1.1.2](https://git.laurivan.com/Dev/ansible-role-sonarqube/compare/v1.1.1...v1.1.2) (2023-04-28)
 ### Bug Fixes
 * Sudo for limit changes ([f9a9801](https://git.laurivan.com/Dev/ansible-role-sonarqube/commit/f9a98017a3f1d58bf72aa818eb5a0447bcd0b80f))
 ### [1.1.1](https://git.laurivan.com/Dev/ansible-role-sonarqube/compare/v1.1.0...v1.1.1) (2023-04-28)
 ### Bug Fixes
 * Better healthcheck for sonarqube service. ([1323a7b](https://git.laurivan.com/Dev/ansible-role-sonarqube/commit/1323a7bdf42088952d318100e03b9690e4808b36))
 * Set elastic search parameters. ([d6cdbb6](https://git.laurivan.com/Dev/ansible-role-sonarqube/commit/d6cdbb675932ba812dc95543090bd86d9701424e))
 ## 1.1.0 (2023-04-27)
--- a/README.md
+++ b/README.md
@ -10,21 +10,9 @@ None
 All variables are listed below (see also `defaults/main.yml`).
-| Name | Description | Default |
+```yml
-| ---: | --- | ---: |
+---
-| `sonarqube_image` | The sonarqube docker image | sonarqube |
+```
 | `sonarqube_db_image` |  The database docker image | postgres |
 | `sonarqube_http_port` | The published HTTP port | 9000 |
 | `sonarqube_api_port` | The API port | 9001 |
 | `sonarqube_vm_max_map_count` | Elastic search VM max map count | 524288 |
 | `sonarqube_fs_file_max` | Elastic search max files opened | 131072 |
 | `sonarqube_nofile` | Number of files opened | 131072 |
 | `sonarqube_nproc` | Number of processes operened | 8192 |
 | `sonarqube_config_path` | Location of the docker compose configuration | /var/local/conf/sonarqube |
 | `sonarqube_db_user` | The database user name | changeme |
 | `sonarqube_db_password` | The database password | changeme |
 Other variables declared in `defaults/main.yml` are defined for internal purposes and you should not touch/change them.
 ## Dependencies
@ -35,7 +23,7 @@ You need a machine with docker and docker-compose installed.
 ```yml
 - hosts: servers
  roles:
-      - 'laurivan.sonarqube'
+      - 'laurivan.Sonarqube'
 ```
 ## License
@ -52,6 +40,7 @@ This role was created in 2023 by [Laur Ivan](https://www.laurivan.com).
 ![Ansible](https://img.shields.io/badge/ansible-5.2.0-green.svg)
 ![Molecule](https://img.shields.io/badge/molecule-3.4.0-green.svg)
 ![Goss](https://img.shields.io/badge/goss-0.3.16-green.svg)
 ## Contributing
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,20 +1,14 @@
 ---
 ## General
-sonarqube_image: "sonarqube"
+sonarqube_image: sonarqube
-sonarqube_db_image: "postgres"
+sonarqube_db_image: postgres
 sonarqube_http_port: 9000
 sonarqube_api_port: 9001
 # Limits
 sonarqube_vm_max_map_count: 524288
 sonarqube_fs_file_max: 131072
 sonarqube_nofile: 131072
 sonarqube_nproc: 8192
 # Sonarqube paths
-sonarqube_root_path: "/var/local"
+sonarqube_root_path: /var/local
 sonarqube_config_path: "{{ sonarqube_root_path }}/conf/sonarqube"
 sonarqube_db_user: "changeme"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,25 +1,25 @@
 ---
 galaxy_info:
-  author: "Laur Ivan (laur.ivan@gmail.com)"
+  author: Laur Ivan (laur.ivan@gmail.com)
-  namespace: "laurivan"
+  namespace: laurivan
-  role_name: "sonarqube"
+  role_name: sonarqube
-  description: "Sonarqube Role"
+  description: Sonarqube Role
  min_ansible_version: "2.4"
  min_ansible_container_version: "2.4"
-  license: "MIT"
+  license: MIT
  galaxy_tags:
-    - "sonarqube"
+    - sonarqube
-    - "testing"
+    - testing
-    - "security"
+    - security
  platforms:
-    - name: "Debian"
+    - name: Debian
      versions:
-        - "bullseye"
+        - bullseye
-        - "buster"
+        - buster
-    - name: "Ubuntu"
+    - name: Ubuntu
      versions:
-        - "bionic"
+        - bionic
-        - "focal"
+        - focal
-        - "jammy"
+        - jammy
--- a/molecule/default/cleanup.yml
+++ b/molecule/default/cleanup.yml
@ -1,27 +1,27 @@
 ---
- name: "Clean up"
+- name: Clean up
-  hosts: "all"
+  hosts: all
  gather_facts: true
  tasks:
-    - name: "Load the defaults"
+    - name: Load the defaults
      ansible.builtin.include_vars:
        dir: "../../defaults"
-    - name: "Check if the docker-compose file exists."
+    - name: Check if the docker-compose file exists.
      ansible.builtin.stat:
        path: "{{ sonarqube_config_path  | expanduser | realpath }}/docker-compose.yml"
-      register: "docker_compose_file"
+      register: docker_compose_file
-    - name: "Remove docker-compose."
+    - name: Remove docker-compose.
      community.docker.docker_compose:
        project_src: "{{ sonarqube_config_path  | expanduser | realpath }}/"
        build: false
-        state: "absent"
+        state: absent
-      when: "docker_compose_file.stat.exists"
+      when: docker_compose_file.stat.exists
      become: false
-    - name: "Remove the docker-compose file"
+    - name: Remove the docker-compose file
      ansible.builtin.file:
        path: "{{ sonarqube_config_path  | expanduser | realpath }}/docker-compose.yml"
-        state: "absent"
+        state: absent
-      when: "docker_compose_file.stat.exists"
+      when: docker_compose_file.stat.exists
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -1,5 +1,5 @@
 ---
- name: "Converge"
+- name: Converge
-  hosts: "sonarqube_group"
+  hosts: sonarqube_group
  roles:
    - role: "laurivan.sonarqube"
--- a/molecule/default/destroy.yml
+++ b/molecule/default/destroy.yml
@ -1,27 +1,27 @@
 ---
- name: "Destroy"
+- name: Destroy
-  hosts: "localhost"
+  hosts: localhost
-  connection: "local"
+  connection: local
  gather_facts: false
  no_log: "{{ molecule_no_log }}"
  tasks:
    # Developer must implement.
-    - name: "Remove the docker image"
+    - name: Remove the docker image
      community.docker.docker_container:
-        name: "sonarqube"
+        name: sonarqube
-        state: "absent"
+        state: absent
    # Mandatory configuration for Molecule to function.
-    - name: "Populate instance config"
+    - name: Populate instance config
      ansible.builtin.set_fact:
        instance_conf: {}
-    - name: "Dump instance config"
+    - name: Dump instance config
      ansible.builtin.copy:
        content: |
          # Molecule managed
          {{ instance_conf | to_json | from_json | to_yaml }}
        dest: "{{ molecule_instance_config }}"
        mode: 0600
-      when: "server.changed | default(false) | bool"
+      when: server.changed | default(false) | bool
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@ -1,37 +1,37 @@
 ---
 dependency:
-  name: "galaxy"
+  name: galaxy
  options:
    ignore-certs: true
    ignore-errors: true
-    role-file: "molecule/requirements.yml"
+    role-file: molecule/requirements.yml
-    requirements-file: "molecule/requirements.yml"
+    requirements-file: molecule/requirements.yml
 driver:
-  name: "docker"
+  name: docker
 lint: |
  yamllint .
  ansible-lint .
 platforms:
-  - name: "sonarqube"
+  - name: sonarqube
    groups:
-      - "sonarqube_group"
+      - sonarqube_group
    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
    privileged: true
    pre_build_image: true
    capabilities:
-      - "SYS_ADMIN"
+      - SYS_ADMIN
    tmpfs:
-      - "/tmp"
+      - /tmp
-      - "/run"
+      - /run
-      - "/run/lock"
+      - /run/lock
    volumes:
      - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
      - '/var/run/docker.sock:/tmp/docker_mounted.sock'
    command: '/lib/systemd/systemd'
    stop_signal: 'RTMIN+3'
 provisioner:
-  name: "ansible"
+  name: ansible
  playbooks:
-    converge: "${MOLECULE_PLAYBOOK:-converge.yml}"
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
 verifier:
-  name: "ansible"
+  name: ansible
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@ -1,38 +1,38 @@
 ---
- name: "Setup the test machine"
+- name: Setup the test machine
-  hosts: "sonarqube"
+  hosts: sonarqube
  tasks:
-    - name: "Check if /var/run/docker.sock already exists"
+    - name: Check if /var/run/docker.sock already exists
      ansible.builtin.stat:
        path: "/var/run/docker.sock"
-      register: "docker_sock_stat"
+      register: docker_sock_stat
-    - name: "Create docker.sock"
+    - name: Create docker.sock
-      ansible.builtin.raw: "touch /var/run/docker.sock"
+      ansible.builtin.raw: touch /var/run/docker.sock
      become: true
      changed_when: false
-      when: "not docker_sock_stat.stat.exists"
+      when: not docker_sock_stat.stat.exists
-    - name: "Move docker.sock from tmp"
+    - name: Move docker.sock from tmp
      ansible.builtin.raw: >
        mount --move /tmp/docker_mounted.sock /var/run/docker.sock
      become: true
      changed_when: false
-      when: "not docker_sock_stat.stat.exists"
+      when: not docker_sock_stat.stat.exists
-    - name: "Update apt cache."
+    - name: Update apt cache.
-      ansible.builtin.apt: "update_cache=yes cache_valid_time=600"
+      ansible.builtin.apt: update_cache=yes cache_valid_time=600
-      when: "ansible_os_family == 'Debian'"
+      when: ansible_os_family == 'Debian'
-    - name: "Install python requests"
+    - name: Install python requests
      ansible.builtin.pip:
        name:
-          - "requests"
+          - requests
-          - "docker"
+          - docker
-          - "docker-compose"
+          - docker-compose
-    - name: "Install docker"
+    - name: Install docker
      vars:
        docker_service_manage: false
      ansible.builtin.include_role:
-        name: "geerlingguy.docker"
+        name: geerlingguy.docker
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
@ -1,4 +1,4 @@
 ---
 roles:
-  - "geerlingguy.docker"
+  - geerlingguy.docker
 collections: []
--- a/molecule/default/tests/test_app.yml
+++ b/molecule/default/tests/test_app.yml
@ -1,5 +1,12 @@
 ---
 ## TODO: Remember to adapt goss tests to your convenience
-http:
+
-  "http://localhost:{{ sonarqube_http_port }}/":
+## Check if ports are really exposed
-    status: 200
+# port:
 # # Check port at IPv6
 # # https://github.com/aelsabbahy/goss/issues/177
 #   tcp6:<port>:
 #     listening: true
 #     ip:
 #     - '::'
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -3,57 +3,57 @@
 # Tests need distributed to the appropriate ansible host/groups
 # prior to execution by `goss validate`.
- name: "Verify sonarqube"
+- name: Verify sonarqube
  hosts:
-    - "sonarqube"
+    - sonarqube
  become: true
  vars:
-    goss_version: "v0.3.16"
+    goss_version: v0.3.16
-    goss_arch: "amd64"
+    goss_arch: amd64
-    goss_dst: "/usr/local/bin/goss"
+    goss_dst: /usr/local/bin/goss
-    goss_sha256sum: "827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb"
+    goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb
    goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
-    goss_test_directory: "/tmp"
+    goss_test_directory: /tmp
-    goss_format: "documentation"
+    goss_format: documentation
  vars_files:
-    - "../../defaults/main.yml"
+    - ../../defaults/main.yml
  tasks:
-    - name: "Download and install Goss"
+    - name: Download and install Goss
      get_url:
        url: "{{ goss_url }}"
        dest: "{{ goss_dst }}"
        checksum: "sha256:{{ goss_sha256sum }}"
        mode: 0755
-      register: "download_goss"
+      register: download_goss
-      until: "download_goss is succeeded"
+      until: download_goss is succeeded
      retries: 3
-    - name: "Copy Goss tests to remote"
+    - name: Copy Goss tests to remote
      template:
        src: "{{ item }}"
        dest: "{{ goss_test_directory }}/{{ item | basename }}"
      with_fileglob:
        - "tests/test_*.yml"
-    - name: "Register test files"
+    - name: Register test files
      shell: "ls {{ goss_test_directory }}/test_*.yml"
-      register: "test_files"
+      register: test_files
-    - name: "Execute Goss tests"
+    - name: Execute Goss tests
      command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}"
-      register: "test_results"
+      register: test_results
      with_items: "{{ test_files.stdout_lines }}"
      ignore_errors: true
-    - name: "Display details about the Goss results"
+    - name: Display details about the Goss results
      debug:
        msg: "{{ item.stdout_lines }}"
      with_items: "{{ test_results.results }}"
-    - name: "Fail when tests fail"
+    - name: Fail when tests fail
      fail:
        msg: "Goss failed to validate"
-      when: "item.rc != 0"
+      when: item.rc != 0
      with_items: "{{ test_results.results }}"
--- a/sonar-project.properties
+++ b/sonar-project.properties
@ -1,10 +0,0 @@
 sonar.projectKey=ansible-role-sonarqube
 sonar.projectVersion=v1.1.4
 sonar.projectName=ansible-role-sonarqube
 sonar.ansible-lint=.ansible-lint
 sonar.language=ansible,yaml
 sonar.sources=.
 sonar.host.url=http://10.0.0.27:39000
 sonar.token=sqp_530b3183b1efb76a4a146ed9dbfb74cfb5f5459a
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -1,7 +1,7 @@
 ---
 - name: "SONARQUBE | Set up directories"
  ansible.builtin.file:
-    state: "directory"
+    state: directory
    path: "{{ item }}"
    owner: "{{ ansible_effective_user_id }}"
    group: "{{ ansible_effective_group_id }}"
@ -9,7 +9,7 @@
  with_items:
    - "{{ sonarqube_skeleton_paths }}"
  tags:
-    - "sonarqube_configure"
+    - sonarqube_configure
  become: true
 - name: "SONARQUBE | Write configuration files"
@ -20,39 +20,4 @@
  with_items:
    - "{{ sonarqube_configuration_files }}"
  tags:
-    - "sonarqube_configure"
+    - sonarqube_configure
 - name: "SONARQUBE | Set up nofiles and nproc for ansible user"
  community.general.pam_limits:
    domain: "*"
    limit_type: "{{ item.limit_type }}"
    limit_item: "{{ item.limit_item }}"
    value: "{{ item.value }}"
  loop:
    # Add nofile and nproc, both soft and hard, limit for the user db_user with a comment.
    # Type "-" for enforcing both soft and hard resource limits together for more details read `man limits.conf`.
    - { limit_type: '-', limit_item: 'nofile', value: "{{ sonarqube_nofile }}" }
    - { limit_type: '-', limit_item: 'nproc', value: "{{ sonarqube_nproc }}" }
  tags:
    - "sonarqube_configure"
  become: true
 - name: "SONARQUBE | Set up the max files"
  ansible.posix.sysctl:
    name: "fs.file-max"
    value: "{{ sonarqube_fs_file_max }}"
    state: "present"
    reload: true
  tags:
    - "sonarqube_configure"
  become: true
 - name: "SONARQUBE | Set up the VM max_map_count"
  ansible.posix.sysctl:
    name: "vm.max_map_count"
    value: "{{ sonarqube_vm_max_map_count }}"
    state: "present"
    reload: true
  tags:
    - "sonarqube_configure"
  become: true
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -4,4 +4,4 @@
    project_src: "{{ sonarqube_config_path | expanduser | realpath }}"
    build: false
  tags:
-    - "sonarqube_install"
+    - sonarqube_install
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,11 +1,11 @@
 ---
 - name: "SONARQUBE | Configure"
-  ansible.builtin.import_tasks: "config.yml"
+  ansible.builtin.import_tasks: config.yml
  tags:
-    - "sonarqube_configure"
+    - sonarqube_configure
 - name: "SONARQUBE | Install"
-  ansible.builtin.import_tasks: "install.yml"
+  ansible.builtin.import_tasks: install.yml
  tags:
-    - "sonarqube_install"
+    - sonarqube_install
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -4,19 +4,15 @@ services:
  sonarqube:
    image: "{{ sonarqube_image }}"
    restart: always
    healthcheck:
      test: wget -qO- http://localhost:9000/api/system/health
      interval: 10s
      retries: 5
      start_period: 5s
      timeout: 10s
    env_file:
      - "{{ sonarqube_config_path | expanduser }}/env.sonarqube.conf"
    ports:
      - "{{ sonarqube_http_port }}:9000"
      - "{{ sonarqube_api_port }}:9001"
      # Add more ports if necessary
    networks:
      - sonarqube-net
    # optional
    volumes:
      - sonarqube_conf:/opt/sonarqube/conf
      - sonarqube_data:/opt/sonarqube/data
@ -28,11 +24,6 @@ services:
  db:
    image: "{{ sonarqube_db_image }}"
    restart: always
    healthcheck:
      test: /usr/bin/pg_isready -U "{{ sonarqube_db_user }}""
      interval: 5s
      timeout: 10s
      retries: 120
    env_file:
      - "{{ sonarqube_config_path | expanduser }}/env.db.conf"
    volumes: