fix: misc ansible and lint conf fixes (#1674)

- Use the correct Pylint config path
- Add missing physical network interface config for HL01
- Ensure that variables in the bootstrap role are set
- Add an assertion to check if the network_interface is defined
- Don't override the root DNS zone, but use a subdomain instead
- Fix SSH_AUTH_SOCK check when running Ansible
- Move home assistant internal URL var in vars because it doesn't depend on hosts or groups

.devcontainer/devcontainer.json

@@ -17,7 +17,7 @@
           "extends": "${workspaceFolder}/config/lint/.markdown-lint.yaml"
         },
         "prettier.resolveGlobalModules": true,
-        "pylint.args": ["--rcfile=${workspaceFolder}/config/lint/python-lint"],
+        "pylint.args": ["--rcfile=${workspaceFolder}/config/lint/.python-lint"],
         "redhat.telemetry.enabled": false,
         "[css]": {
           "editor.defaultFormatter": "esbenp.prettier-vscode"

config/ansible/inventory/group_vars/all/main.yaml

@@ -8,7 +8,6 @@ cam_3_rtps_username: "{{ vault_cam_3_rtps_username }}"
 frigate_http_endpoint_fqdn: "hl01.{{ edge_environment_root_fqdn }}"
 grafana_http_endpoint_fqdn: "raspberrypi2.{{ edge_environment_root_fqdn }}"
 home_assistant_http_endpoint_fqdn: "raspberrypi2.{{ edge_environment_root_fqdn }}"
-home_assistant_internal_url_home: "http://{{ home_assistant_http_endpoint_fqdn }}:{{ home_assistant_user_interface_host_port }}"
 home_assistant_secrets:
   country: "{{ vault_home_assistant_secrets.country }}"
   currency: "{{ vault_home_assistant_secrets.currency }}"

config/ansible/inventory/host_vars/hl01.edge.lab.ferrari.how/main.yaml

@@ -9,6 +9,10 @@ has_intel_igpu: true
 
 data_directory: "/media/data0"
 
+network_interfaces:
+  - mac_address: "bc:24:11:d4:f6:64"
+    interface_name: eth0
+
 # Backup
 restic_backup_repositories_default_path: "{{ data_directory }}"
 restic_backup_default_backup_job_repository_password: "{{ vault_workloads_backup_repository_password }}"

config/ansible/molecule/default/molecule.yml

@@ -74,7 +74,7 @@ provisioner:
         home_lab_runtime_directory_path: /var/lib/home-lab
         is_proxmox_node: true
         media_directory_path: "/media"
-        media_stack_flaresolverr_http_endpoint_fqdn: "Flaresolverr"
+        media_stack_flaresolverr_http_endpoint_fqdn: "flaresolverr"
         media_stack_jellyfin_http_endpoint_fqdn: "jellyfin"
         media_stack_jellyseerr_http_endpoint_fqdn: "jellyseerr"
         media_stack_prowlarr_http_endpoint_fqdn: "prowlarr"

config/ansible/roles/ferrarimarco_home_lab_bootstrap/tasks/pre-flight-checks.yaml

@@ -7,7 +7,7 @@
       Define the home_lab_configuration_directory_path variable and set it to
       the path of the main configuration directory to set up.
     success_msg: |
-      home_lab_configuration_directory_path is defined and not empty: {{ home_lab_configuration_directory_path }}
+      home_lab_configuration_directory_path is defined and not empty: {{ home_lab_configuration_directory_path | default() }}
 
 - ansible.builtin.assert:
     that:
@@ -17,7 +17,17 @@
       Define the home_lab_runtime_directory_path variable and set it to
       the path of the main runtime directory to set up.
     success_msg: |
-      home_lab_runtime_directory_path is defined and not empty: {{ home_lab_runtime_directory_path }}
+      home_lab_runtime_directory_path is defined and not empty: {{ home_lab_runtime_directory_path | default() }}
+
+- ansible.builtin.assert:
+    that:
+      - network_interfaces is defined
+      - network_interfaces | length > 0
+    fail_msg: |
+      Define the network_interfaces variable and initialize it with the list
+      of the network interfaces.
+    success_msg: |
+      network_interfaces is defined and not empty: {{ network_interfaces | default() }}
 
 - name: Wait for systemd to complete initialization. # noqa 303
   ansible.builtin.command: systemctl is-system-running

config/ansible/roles/ferrarimarco_home_lab_node/defaults/main.yaml

@@ -127,7 +127,7 @@ monitoring_smart_metrics_collection_script_url: "https://raw.githubusercontent.c
 qbittorrent_user_interface_port: 8084
 raspberry_pi_config_file_values: {}
 restic_backup_jobs: []
-root_dns_zone_fqdn: "ferrari.how"
+root_dns_zone_fqdn: "lab.ferrari.how"
 samba_additional_interfaces: "{{ edge_environment_subnet }}"
 samba_default_readers_group_name: "samba-readers"
 samba_default_writers_group_name: "samba-writers"

config/ansible/roles/ferrarimarco_home_lab_node/vars/main.yaml

@@ -112,6 +112,7 @@ home_assistant_docker_compose_up_items:
     pull_container_images: "{{ configure_home_assistant }}"
     start_containerized_services: "{{ start_home_assistant | default(configure_home_assistant) }}"
     stop_containerized_services: "{{ stop_home_assistant | default(false) }}"
+home_assistant_internal_url_home: "http://{{ home_assistant_http_endpoint_fqdn }}:{{ home_assistant_user_interface_host_port }}"
 home_assistant_templates_to_render:
   - src: "home-assistant/{{ default_docker_compose_file_name }}.jinja"
     dest: "{{ home_assistant_configuration_directory_path }}/{{ default_docker_compose_file_name }}"

config/ansible/roles/ferrarimarco_home_lab_node/vars/network-stack.yaml

@@ -49,17 +49,10 @@ dns_records_to_configure: []
 
 root_dns_zone:
   default_record_ttl: 3600
-  dns_administrator_email_address: "dns-admin.{{ root_dns_zone_fqdn }}"
   fqdn: "{{ root_dns_zone_fqdn }}"
-  expire_time: 4000000
-  minimum_ttl_time: 11200
-  refresh_time: 86400
-  retry_time: 7200
-  serial_number: 2017042745
 
-# Lab DNS zone configuration
-lab_dns_zone_fqdn: "lab.{{ root_dns_zone.fqdn }}"
-edge_environment_root_fqdn: "edge.{{ lab_dns_zone_fqdn }}"
+# Edge environment DNS zone configuration
+edge_environment_root_fqdn: "edge.{{ root_dns_zone.fqdn }}"
 
 # IP subnets and address ranges
 edge_environment_subnet: "10.0.0.0/8"
@@ -76,15 +69,29 @@ network_stack_dns_records_to_configure:
     query_type: SOA
     # See https://en.wikipedia.org/wiki/SOA_record
     # DNS admin email contact
-    # Serial: serial number for this zone. If a secondary name server slaved to this one observes an increase in this number, the slave will assume that the zone has been updated and initiate a zone transfer.
-    # Refresh: Number of seconds after which secondary name servers should query the master for the SOA record, to detect zone changes.
-    # Retry: Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond.
-    # Expire: Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond.
-    # Minimum: Used in calculating the time to live for purposes of negative caching.
-    #   Authoritative name servers take the smaller of the SOA TTL and the SOA MINIMUM to send as the SOA TTL in negative responses.
-    #   Resolvers use the resulting SOA TTL to understand for how long they are allowed to cache a negative response.
-    additional_record_data: |
-      {{ root_dns_zone.dns_administrator_email_address }}. {{ root_dns_zone.serial_number }} {{ root_dns_zone.refresh_time }} {{ root_dns_zone.retry_time }} {{ root_dns_zone.expire_time }} {{ root_dns_zone.minimum_ttl_time }}
+    # Serial: serial number for this zone. If a secondary name server to this
+    # one observes an increase in this number, the secondary name server will
+    # assume that the zone has been updated and initiate a zone transfer.
+    # Refresh: Number of seconds after which secondary name servers should query
+    # the master for the SOA record, to detect zone changes.
+    # Retry: Number of seconds after which secondary name servers should retry
+    # to request the serial number from the master if the master does not
+    # respond.
+    # Expire: Number of seconds after which secondary name servers should stop
+    #   answering request for this zone if the master does not respond.
+    # Minimum: Used in calculating the time to live for purposes of negative
+    #   caching.
+    #   Authoritative name servers take the smaller of the SOA TTL and the SOA
+    #   MINIMUM to send as the SOA TTL in negative responses.
+    #   Resolvers use the resulting SOA TTL to understand for how long they are
+    #   allowed to cache a negative response.
+    additional_record_data: >
+      dns-admin.{{ root_dns_zone_fqdn }}.
+      2017042745
+      86400
+      7200
+      4000000
+      11200
 
 # Container network configuration
 network_stack_network_subnet: "{{ edge_environment_subnet }}"

scripts/run-ansible.sh

@@ -76,7 +76,7 @@ else
   SSH_AUTH_SOCKET_DESTINATION_PATH="/ssh-agent"
   COMMAND_TO_RUN="${COMMAND_TO_RUN} --env SSH_AUTH_SOCK=${SSH_AUTH_SOCKET_DESTINATION_PATH}"
 
-  if [ -z "${SSH_AUTH_SOCK-:}" ]; then
+  if [ -z "${SSH_AUTH_SOCK:-}" ]; then
     echo "SSH_AUTH_SOCK is not set. Ensure that the SSH agent is running, and that you added the private keys to connect to nodes to the agent."
     exit 1
   fi
@@ -118,8 +118,11 @@ else
   DEFAULT_ANSIBLE_COMMAND_TO_RUN="${DEFAULT_ANSIBLE_COMMAND_TO_RUN} --inventory ${ANSIBLE_INVENTORY_PATH}"
   DEFAULT_ANSIBLE_COMMAND_TO_RUN="${DEFAULT_ANSIBLE_COMMAND_TO_RUN} --vault-id ${ANSIBLE_VAULT_FULL_ID}"
 
+  # --ask-pass: ask for password to connect to hosts
+  # --connection paramiko: use paramiko to connect to the host (useful to connect to hosts using SSH and authenticating with a password)
   # --check: enable check mode (dry-run)
   # --diff: enable diff mode
+  # --limit "host1": only run against host1. host1 must be in the inventory
   # --list-tags: list the defined Ansible tags
   # --tags: run tagged tasks. Example: --tags='tag1,tag2'. To run untagged tasks: --tags untagged
   #   When running tasks related to specific stacks, you need to also run untagged tasks.