Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor ♻️: Refactor legacy and minified proxmoxlib.js patching logic to use handlers #2

Merged
Jose merged 7 commits from dev into main 2026-02-08 08:06:27 +01:00
Conversation 3 Commits 7 Files Changed 4 +85 -59
Jose commented 2026-02-08 07:13:07 +01:00
Owner
Copy Link

This commit refactors the task names to improve readability and adds a namespace to avoid conflicts with other modules. It also fixes typos in task names and updates module references accordingly.

This commit refactors the task names to improve readability and adds a namespace to avoid conflicts with other modules. It also fixes typos in task names and updates module references accordingly.
Jose added 5 commits 2026-02-08 07:13:08 +01:00
fix 🐛: updates the checksum storage mechanism to ensure idempotency.
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 11s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 6s
Details
f16d6a62b7 
This commit addresses the issue by adding necessary checks to `proxmoxlib.js` and `proxmoxlib.min.js` after applying patches. Additionally, it updates the checksum storage mechanism to ensure integrity and consistency.
test 🧪: Add todo molecule tests 1ee2eced45 
Updates several TODO items in the TODO to reflect completed tasks and areas that still need attention.
refactor ♻️: Rename 'task' to 'Read checksum after patch'
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 15s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
afc80dc57d 
Refactored the task name to more accurately reflect its purpose, updating the description for clarity.
refactor ♻️: Refactor legacy and minified proxmoxlib.js patching logic to use handlers
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
12b1b87af1 
no-handler::Tasks that run when changed should likely be handlers

This commit refactors the existing logic for patching legacy and minified proxmoxlib.js files, improving readability and maintainability. It also adds new handlers to store checksums and restart pveproxy.
refactor ♻️: Refactor task names and add namespace for clarity
All checks were successful
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 24s
Details
ansible-lint / Ansible Lint (pull_request) Successful in 12s
Details
Gitleaks Scan / gitleaks (pull_request) Successful in 5s
Details
Markdown Lint / markdown-lint (pull_request) Successful in 5s
Details
1f2ff1d9ba 
This commit refactors the task names to improve readability and adds a namespace to avoid conflicts with other modules. It also fixes typos in task names and updates module references accordingly.
gitea-actions bot reviewed 2026-02-08 07:13:32 +01:00
gitea-actions bot left a comment
Copy Link

Review Summary

  • README.md: Addition of new tasks for patch management
  • handlers/main.yml: This change introduces a new patching process for two Proxmox JavaScript files (proxmoxlib.js and proxmoxlib.min.js) used by the Proxmox Virtual Environment (PVE) on the systemd-managed pveproxy service. The changes aim to fix a specific condition in both files related to checking the status of PVE nodes. The following comments are provided regarding maintainability and optimization suggestions: LGTM (Logic looks good, but with suggested improvements for maintainability and readability.)
  • tasks/subscription.yml: This review will focus on the changes relating to subscription management in Proxmox VE's Ansible tasks. The code has been modified to remove legacy tasks and replace them with new ones that handle both the original and minified versions of the proxmoxlib.js file. The new approach improves maintainability by avoiding repetition and allows for easier updates in the future. However, there are a few minor suggestions for optimization: Overall, the code looks good with these minor suggestions for optimization.
# Review Summary * **README.md**: **Addition of new tasks for patch management** * **handlers/main.yml**: This change introduces a new patching process for two Proxmox JavaScript files (`proxmoxlib.js` and `proxmoxlib.min.js`) used by the Proxmox Virtual Environment (PVE) on the systemd-managed `pveproxy` service. The changes aim to fix a specific condition in both files related to checking the status of PVE nodes. The following comments are provided regarding maintainability and optimization suggestions: **LGTM** (Logic looks good, but with suggested improvements for maintainability and readability.) * **tasks/subscription.yml**: This review will focus on the changes relating to subscription management in Proxmox VE's Ansible tasks. The code has been modified to remove legacy tasks and replace them with new ones that handle both the original and minified versions of the `proxmoxlib.js` file. The new approach improves maintainability by avoiding repetition and allows for easier updates in the future. However, there are a few minor suggestions for optimization: Overall, the code looks good with these minor suggestions for optimization.
README.md
@@ -115,6 +115,8 @@ See the [LICENSE](LICENSE) file for details.
## TODO
⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Score: 2] The addition of a new task suggests further development, which is fine as long as it's well-documented and integrated thoughtfully. It would be beneficial to ensure these tests are designed to thoroughly verify the idempotency of the patches.

[Score: 2] The addition of a new task suggests further development, which is fine as long as it's well-documented and integrated thoughtfully. It would be beneficial to ensure these tests are designed to thoroughly verify the idempotency of the patches.
README.md
@@ -116,2 +116,4 @@
⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
⏳ make the patch handler trigger on pve-manager upgrades
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Score: 2] It's good to see an initiative to handle patches during pve-manager upgrades, but it's important to consider how this will be implemented without causing any potential conflicts or instability.

[Score: 2] It's good to see an initiative to handle patches during pve-manager upgrades, but it's important to consider how this will be implemented without causing any potential conflicts or instability.
handlers/main.ymal Outdated
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Lines 24-74] [Score: 3] Instead of hardcoding the condition as if (false), it would be better to use a variable to store the desired status check and make the change more readable. For example:

set_status_check: false
...
if {{ set_status_check }}
...

This will help maintainability when needing to switch between different status checks in the future.

[Lines 24-74] [Score: 3] Instead of hardcoding the condition as `if (false)`, it would be better to use a variable to store the desired status check and make the change more readable. For example: ``` set_status_check: false ... if {{ set_status_check }} ... ``` This will help maintainability when needing to switch between different status checks in the future.
handlers/main.yml Outdated
@@ -17,0 +17,4 @@
- name: Ppatch legacy proxmoxlib.js
block:
- name: Ppatch legacy proxmoxlib.js
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Lines 18-20] [Score: 3] Consider adding variable names for clarify and easier maintenance. For example: patch_legacy_proxmoxlib, patch_minified_proxmoxlib_min.

[Lines 18-20] [Score: 3] Consider adding variable names for clarify and easier maintenance. For example: `patch_legacy_proxmoxlib`, `patch_minified_proxmoxlib_min`.
tasks/subscription.yml
@@ -52,1 +32,4 @@
or proxmoxlib_js.stat.checksum
!= (proxmoxlib_js_checksum_stored.content | b64decode | trim)
notify: Ppatch legacy proxmoxlib.js
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Lines 28-35] [Score: 2] This task could be simplified by combining the ansible.builtin.meta: flush_handlers and the subsequent notify call into a single line for better readability.

[Lines 28-35] [Score: 2] This task could be simplified by combining the `ansible.builtin.meta: flush_handlers` and the subsequent `notify` call into a single line for better readability.
tasks/subscription.yml
@@ -95,1 +58,3 @@
- patch_minified is changed
or proxmoxlib_min_js.stat.checksum
!= (proxmoxlib_min_checksum_stored.content | b64decode | trim)
notify: Patch minified proxmoxlib.js
gitea-actions bot commented 2026-02-08 07:13:32 +01:00
Copy Link

[Lines 54-60] [Score: 2] Similar to the previous suggestion, this task could also be simplified by combining the ansible.builtin.meta: flush_handlers and the subsequent notify call into a single line for better readability.

[Lines 54-60] [Score: 2] Similar to the previous suggestion, this task could also be simplified by combining the `ansible.builtin.meta: flush_handlers` and the subsequent `notify` call into a single line for better readability.
Jose added 1 commit 2026-02-08 07:59:33 +01:00
fix 🐛: Fix typo in task name
All checks were successful
ansible-lint / Ansible Lint (push) Successful in 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
ai-reviews / Review PR (pull_request) Successful in 27s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ansible-lint / Ansible Lint (pull_request) Successful in 11s
Details
Gitleaks Scan / gitleaks (pull_request) Successful in 4s
Details
Markdown Lint / markdown-lint (pull_request) Successful in 5s
Details
f51de33275 
Corrected a typographical error in the task name to ensure accurate documentation and clarity.
gitea-actions bot reviewed 2026-02-08 08:00:17 +01:00
gitea-actions bot left a comment
Copy Link

Review Summary

  • README.md: Addition of Molecule tests and PVE Manager upgrade trigger
  • handlers/main.yml: This change introduces a patch to modify the proxmoxlib.js and proxmoxlib.min.js files in order to bypass certain conditions that check if the status of a VM is 'Active'. This modification may lead to unexpected behavior, as it disables the checking mechanism for active VMs, potentially affecting the management of those VMs through the Proxmox UI. I would suggest reconsidering this change due to potential maintainability and logic issues. It's crucial to ensure that all VM status checks are working correctly to avoid unintended consequences.
  • tasks/subscription.yml: Summary: This review shows a refactoring of the subscription task in the YAML script, primarily moving around and renaming some blocks related to the checksum reading and storage for both the legacy and minified proxm oxlib files. The changes do not seem to introduce critical logic errors or security issues, but there are a few points that could be improved for better maintainability.
# Review Summary * **README.md**: **Addition of Molecule tests and PVE Manager upgrade trigger** * **handlers/main.yml**: This change introduces a patch to modify the `proxmoxlib.js` and `proxmoxlib.min.js` files in order to bypass certain conditions that check if the status of a VM is 'Active'. This modification may lead to unexpected behavior, as it disables the checking mechanism for active VMs, potentially affecting the management of those VMs through the Proxmox UI. I would suggest reconsidering this change due to potential maintainability and logic issues. It's crucial to ensure that all VM status checks are working correctly to avoid unintended consequences. * **tasks/subscription.yml**: **Summary:** This review shows a refactoring of the subscription task in the YAML script, primarily moving around and renaming some blocks related to the checksum reading and storage for both the legacy and minified proxm oxlib files. The changes do not seem to introduce critical logic errors or security issues, but there are a few points that could be improved for better maintainability.
README.md
@@ -115,6 +115,8 @@ See the [LICENSE](LICENSE) file for details.
## TODO
⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
gitea-actions bot commented 2026-02-08 08:00:17 +01:00
Copy Link

[Score: 3] It's good practice to include automated testing for your code changes, but you might want to consider adding more context about what these Molecule tests are and why they are necessary.

[Score: 3] It's good practice to include automated testing for your code changes, but you might want to consider adding more context about what these Molecule tests are and why they are necessary.
README.md
@@ -116,2 +116,4 @@
⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
⏳ make the patch handler trigger on pve-manager upgrades
gitea-actions bot commented 2026-02-08 08:00:17 +01:00
Copy Link

[Score: 3] This change seems reasonable, but you might want to consider any potential implications or edge cases that may arise when running the patch handler after PVE Manager upgrades. Ensure proper testing is done to cover these scenarios.

[Score: 3] This change seems reasonable, but you might want to consider any potential implications or edge cases that may arise when running the patch handler after PVE Manager upgrades. Ensure proper testing is done to cover these scenarios.
handlers/main.yml
@@ -17,0 +72,4 @@
- name: Restart pveproxy
ansible.builtin.systemd:
name: pveproxy
state: restarted
gitea-actions bot commented 2026-02-08 08:00:17 +01:00
Copy Link

[Score: 4] Logic error in patching the proxmoxlib files that may affect VM management through Proxmox UI.

[Score: 4] Logic error in patching the proxmoxlib files that may affect VM management through Proxmox UI.
Jose added 1 commit 2026-02-08 08:04:40 +01:00
chore 📦: Comment out enterprise repo lines and enable Proxmox no-subscription repo
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 12s
Details
Gitleaks Scan / gitleaks (push) Successful in 4s
Details
ai-reviews / Review PR (pull_request) Successful in 27s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details
ansible-lint / Ansible Lint (pull_request) Failing after 11s
Details
Gitleaks Scan / gitleaks (pull_request) Successful in 4s
Details
Markdown Lint / markdown-lint (pull_request) Successful in 5s
Details
410f87bb2c 
This commit updates the repository configuration by commenting out enterprise-specific lines and enabling the Proxmox no-subscription repository to simplify setup for users without a subscription.
gitea-actions bot reviewed 2026-02-08 08:05:25 +01:00
gitea-actions bot left a comment
Copy Link

Review Summary

  • README.md: Summary: This diff introduces new tasks for the TODO list in the README.md file, including adding molecule tests to prove idempotency, making the patch handler trigger on pve-manager upgrades, and potentially adding kernel power-saving tunables. No critical or major issues are found.
  • handlers/main.yml: Summary: This change introduces a new patch to the Ansible playbook for Proxmox, aiming to modify the behavior of proxmoxlib.js and proxmoxlib.min.js by replacing certain conditions related to the status check. This change could potentially improve the functionality or stability of the pveproxy service. However, there are a few issues that need attention: Overall, the changes look promising but require some tweaks to ensure proper functionality and security. I recommend addressing the points mentioned above before merging this change. LGTM (With suggested improvements)
  • tasks/repos.yml: Changes in the provided script focus on commenting out and modifying the enterprise repository lines, and enabling the Proxmox no-subscription repository. The logic and security appear to be good with this change, but it's always a good practice to provide clear, descriptive task names for better maintainability. The rest of the changes look fine, and there are no critical or major issues found.
  • tasks/subscription.yml: This change removes the logic for handling the legacy proxmoxlib.js and adds a new trigger to handle it if necessary. This is a good improvement, as it simplifies the code and reduces potential errors associated with the old logic. However, there's a minor issue that could cause unnecessary notifications.
# Review Summary * **README.md**: **Summary:** This diff introduces new tasks for the TODO list in the README.md file, including adding molecule tests to prove idempotency, making the patch handler trigger on pve-manager upgrades, and potentially adding kernel power-saving tunables. No critical or major issues are found. * **handlers/main.yml**: **Summary:** This change introduces a new patch to the Ansible playbook for Proxmox, aiming to modify the behavior of `proxmoxlib.js` and `proxmoxlib.min.js` by replacing certain conditions related to the status check. This change could potentially improve the functionality or stability of the pveproxy service. However, there are a few issues that need attention: Overall, the changes look promising but require some tweaks to ensure proper functionality and security. I recommend addressing the points mentioned above before merging this change. **LGTM (With suggested improvements)** * **tasks/repos.yml**: Changes in the provided script focus on commenting out and modifying the enterprise repository lines, and enabling the Proxmox no-subscription repository. The logic and security appear to be good with this change, but it's always a good practice to provide clear, descriptive task names for better maintainability. The rest of the changes look fine, and there are no critical or major issues found. * **tasks/subscription.yml**: This change removes the logic for handling the legacy proxmoxlib.js and adds a new trigger to handle it if necessary. This is a good improvement, as it simplifies the code and reduces potential errors associated with the old logic. However, there's a minor issue that could cause unnecessary notifications.
README.md
@@ -117,2 +117,4 @@
⏳ Make the nag patch checksum-based (auto-repatch after upgrades)
⏳ add molecule tests to prove idempotency
⏳ make the patch handler trigger on pve-manager upgrades
❌ Add kernel power-saving tunables ?
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Score: 3] This line suggests adding kernel power-saving tunables, but no further details are provided. It would be beneficial to explain which specific tunables to add and why they might improve the system's performance or energy efficiency.

[Score: 3] This line suggests adding kernel power-saving tunables, but no further details are provided. It would be beneficial to explain which specific tunables to add and why they might improve the system's performance or energy efficiency.
handlers/main.yml
@@ -17,0 +21,4 @@
ansible.builtin.replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
regexp: "if \\(data.status !== 'Active'\\)"
replace: "if (false)"
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Score: 3] Replacing the condition with a constant value could lead to unexpected behavior or confusion when debugging. It's better to keep the original check if possible, or at least document the purpose of this change.

[Score: 3] Replacing the condition with a constant value could lead to unexpected behavior or confusion when debugging. It's better to keep the original check if possible, or at least document the purpose of this change.
handlers/main.yml
@@ -17,0 +39,4 @@
group: root
mode: "0644"
content: "{{ proxmoxlib_js_after.stat.checksum }}\n"
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Score: 3] Using a variable for the checksum directly in the file content could potentially expose sensitive information, especially if this playbook is run on an unsecured machine or shared environment. Consider hashing the checksum value before using it to avoid such risks.

[Score: 3] Using a variable for the checksum directly in the file content could potentially expose sensitive information, especially if this playbook is run on an unsecured machine or shared environment. Consider hashing the checksum value before using it to avoid such risks.
handlers/main.yml
@@ -17,0 +57,4 @@
- name: Re-stat proxmoxlib.min.js
ansible.builtin.stat:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Score: 3] It's good practice to document the purpose and usage of variables used throughout a playbook, especially when they contain sensitive information like file paths or checksums. Adding comments explaining what proxmoxlib_min_after is for would improve maintainability.

[Score: 3] It's good practice to document the purpose and usage of variables used throughout a playbook, especially when they contain sensitive information like file paths or checksums. Adding comments explaining what `proxmoxlib_min_after` is for would improve maintainability.
tasks/repos.yml
@@ -9,3 +8,4 @@
notify: apt update
- name: repos | Enable Proxmox no-subscription repo
ansible.builtin.copy:
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Lines 1-11] [Score: 2] The task name for enabling the Proxmox no-subscription repository should be more descriptive, e.g., "Enable Proxmox no-subscription repo".

[Lines 1-11] [Score: 2] The task name for enabling the Proxmox no-subscription repository should be more descriptive, e.g., "Enable Proxmox no-subscription repo".
tasks/subscription.yml
@@ -50,2 +32,2 @@
- proxmoxlib_js.stat.exists
- patch_legacy is changed
or proxmoxlib_js.stat.checksum
!= (proxmoxlib_js_checksum_stored.content | b64decode | trim)
gitea-actions bot commented 2026-02-08 08:05:25 +01:00
Copy Link

[Lines 31-33] [Score: 2] The condition checks if proxmoxlib_js_checksum_stored.content is not defined, but it's actually registered in the previous task. This means this check may never be true, and the "Patch legacy proxmoxlib.js" notification will always be triggered when the playbook runs. To fix this issue, you can change the condition to only check if proxmoxlib_js.stat.checksum is different from the stored checksum.

[Lines 31-33] [Score: 2] The condition checks if `proxmoxlib_js_checksum_stored.content` is not defined, but it's actually registered in the previous task. This means this check may never be true, and the "Patch legacy proxmoxlib.js" notification will always be triggered when the playbook runs. To fix this issue, you can change the condition to only check if `proxmoxlib_js.stat.checksum` is different from the stored checksum.
Jose changed title from refactor ♻️: Refactor task names and add namespace for clarity to refactor ♻️: Refactor legacy and minified proxmoxlib.js patching logic to use handlers 2026-02-08 08:06:02 +01:00
Jose merged commit c5cbedf314 into main 2026-02-08 08:06:27 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Documentation
bug
Something is not working
 ci-failed
action test workflow failed
 ci-pass
action test workflow pass
 duplicate
This issue or pull request already exists
 enhancement
New feature
 help wanted
Need some help
 invalid
Something is wrong
 question
More information is needed
 source
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jose
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Jose/ansible_role_proxmox_provision#2
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?