Merge pull request 'Ansible-lint and yamllint' (#32) from linting into dev
continuous-integration/drone/push Build is failing Details

Reviewed-by: Jérémy Dubois <jdubois@noreply.gitea.evolix.org>
Reviewed-by: Tristan Pilat <drustan@noreply.gitea.evolix.org>
This commit is contained in:
Tristan Pilat 2020-06-08 17:14:29 +02:00
commit 0b4e262f13
31 changed files with 279 additions and 195 deletions

30
.drone.yml Normal file
View File

@ -0,0 +1,30 @@
---
kind: pipeline
type: docker
name: default
steps:
- name: lint markdown files
image: pipelinecomponents/remark-lint:latest
commands:
- "remark --no-stdout --color --use preset-lint-recommended ."
- name: lint yaml files
image: pipelinecomponents/yamllint:latest
commands:
- "yamllint ."
- name: lint ansible scripts
image: pipelinecomponents/ansible-lint:latest
commands:
- >
find . -maxdepth 1 -name '*.yml'
| sort
| grep -v '.drone.yml'
| xargs ansible-playbook --syntax-check --list-tasks
- >
find . -maxdepth 1 -name '*.yml'
| sort
| grep -v '.drone.yml'
| xargs ansible-lint

View File

@ -2,17 +2,17 @@
Contributions are welcome, as long as they respect our current workflow:
1. The master branch is only for releases. Once properly tested,
the dev branch can be merged, the release tagged and a tar archive
created.
1. The master branch is only for releases. Once properly tested,
the dev branch can be merged, the release tagged and a tar archive
created.
2. The dev branch should never be commited to directly, unless
you're updating the CHANGELOG file.
2. The dev branch should never be commited to directly, unless
you're updating the CHANGELOG file.
3. Use feature branches for anything else, once they've passed all
CI tests and have been reviewed by other contributors through a
pull request, they may be merged into the dev branch.
3. Use feature branches for anything else, once they've passed all
CI test, lints and have been reviewed by other contributors through a
pull request, they may be merged into the dev branch.
Open issues liberally, but please review closed and opened issues
for duplicates before hand.
for duplicates before hand.

View File

@ -9,13 +9,13 @@ used by Evolix.
Put your public key in the remote root's autorized_keys
(/root/.ssh/authorized_keys)
1 - Install ansible's prerequisites
1. Install ansible's prerequisites
```
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
```
2 - Run it
2. Run it
```
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
@ -26,19 +26,19 @@ ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
Changes can be tested by using [Packer](https://www.packer.io/) and
[vmm(4)](https://man.openbsd.org/vmm.4) :
* This process depends on the [Go](https://golang.org/) programming language.
* This process depends on the [Go](https://golang.org/) programming language.
```
# pkg_add go packer
```
* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4)
* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4)
```
$ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm
```
* Here is an example build file
* Here is an example build file
```
$ vim openbsd.json
@ -101,25 +101,25 @@ $ vim openbsd.json
}
* You need your unprivileged user to be able to run vmctl(8) through doas(1)
* You need your unprivileged user to be able to run vmctl(8) through doas(1)
```
# echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
```
* Build the virtual machine
* Build the virtual machine
```
$ packer build openbsd.json
```
* Start it
* Start it
```
doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2
```
* Enable NAT on your host machine
* Enable NAT on your host machine
```
pass out on em0 inet from tap0:network to any nat-to (em0)

View File

@ -10,13 +10,13 @@
become: true
become_user: root
become_method: sudo
# become_method: su
# become_method: su
vars_files:
- vars/main.yml
# - vars/secrets.yml
# - vars/openbsd-secret.yml
# - vars/secrets.yml
# - vars/openbsd-secret.yml
roles:
- etc-git
@ -27,9 +27,9 @@
- nagios-nrpe
- evocheck
- post-install
#- openvpn
#- ospf
#- bgp
# - openvpn
# - ospf
# - bgp
post_tasks:
- include: "tasks/commit_etc_git.yml"
@ -40,6 +40,5 @@
tasks_from: exec.yml
# environment:
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"
# vim:ft=ansible
# yamllint disable-line rule:line-length
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"

View File

@ -2,15 +2,16 @@
# ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
---
- hosts: all
become: yes
become_method: su
user: root
gather_facts: no
- hosts: all
become: true
become_method: su
user: root
gather_facts: false
tasks:
tasks:
- name: Install ansible's prerequisite
# yamllint disable-line rule:line-length
raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-2
# vim:ft=ansible

View File

@ -30,13 +30,15 @@
check_mode: false
register: grep_allowusers_ssh
- assert:
- name: "Check that AllowUsers and AllowGroup do not override each other"
assert:
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
- set_fact:
# If "AllowGroups is present"
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
- name: "If AllowGroups is present then use it"
set_fact:
ssh_allowgroups:
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
- name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"
lineinfile:

View File

@ -1,30 +1,35 @@
---
ntpd_servers:
- "ntp.evolix.net"
- "ntp.evolix.net"
general_alert_email: "root@localhost"
general_technical_realm: "example.com"
evomaintenance_realm: "example.com"
evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
evomaintenance_pg_host: Null
evomaintenance_pg_passwd: Null
evomaintenance_pg_db: Null
evomaintenance_pg_table: Null
evomaintenance_alert_email:
"evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
evomaintenance_hostname:
"{{ inventory_hostname }}.{{ general_technical_realm }}"
evomaintenance_pg_host: null
evomaintenance_pg_passwd: null
evomaintenance_pg_db: null
evomaintenance_pg_table: null
evomaintenance_from_domain: "{{ evomaintenance_realm }}"
evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
evomaintenance_urgency_from: mama.doe@example.com
evomaintenance_urgency_tel: "06.00.00.00.00"
evomaintenance_install_vendor: False
evomaintenance_force_config: True
evomaintenance_api_endpoint: Null
evomaintenance_api_key: Null
evomaintenance_hook_api: True
evomaintenance_hook_db: False
evomaintenance_hook_commit: True
evomaintenance_hook_mail: True
evomaintenance_install_vendor: false
evomaintenance_force_config: true
evomaintenance_api_endpoint: null
evomaintenance_api_key: null
evomaintenance_hook_api: true
evomaintenance_hook_db: false
evomaintenance_hook_commit: true
evomaintenance_hook_mail: true
evomaintenance_default_hosts: []
evomaintenance_additional_hosts: []
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
evomaintenance_hosts: >
{{ evomaintenance_default_hosts
| union(evomaintenance_additional_hosts)
| unique }}

View File

@ -6,8 +6,6 @@
owner: root
group: wheel
mode: "0640"
backup: no
backup: false
tags:
- doas
- doas

View File

@ -39,10 +39,10 @@
dest: /etc/skel/.profile
insertafter: EOF
line: 'trap "doas /usr/share/scripts/evomaintenance.sh" 0'
create: yes
create: true
tags:
- admin
- dotfiles
- admin
- dotfiles
- name: Add vim configuration to dotfiles for new users
copy:

View File

@ -6,7 +6,7 @@
owner: root
group: wheel
mode: "0755"
force: no
force: false
tags:
- evobackup
@ -16,6 +16,6 @@
line: '#sh /usr/share/scripts/zzz_evobackup'
owner: root
mode: "0644"
create: yes
create: true
tags:
- evobackup

View File

@ -10,10 +10,15 @@
- evomaintenance
- name: Copy evomaintenance script and template
copy: src={{ item.src }} dest={{ item.dest }} owner=root group=wheel mode="0755"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: 'root'
group: 'wheel'
mode: '0755'
with_items:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/' }
- {src: 'evomaintenance.sh', dest: '/usr/share/scripts/'}
- {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/'}
tags:
- evomaintenance
- script-evomaintenance
@ -25,6 +30,6 @@
owner: root
group: wheel
mode: "0600"
backup: no
backup: false
tags:
- evomaintenance

View File

@ -2,8 +2,9 @@
- name: Configure rc.local
lineinfile:
path: /etc/rc.local
line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
create: yes
line:
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
create: true
tags:
- misc
@ -12,7 +13,7 @@
dest: /etc/mail/aliases
regexp: "# root:"
replace: "root: {{ general_alert_email }}"
backup: no
backup: false
notify:
- newaliases
tags:

View File

@ -10,20 +10,20 @@
- name: Install packages (vim rsync mtr etc)
openbsd_pkg:
name:
- wget
- vim--no_x11
- rsync--
- mtr--
- iftop
- sudo--
- postgresql-client
- wget
- vim--no_x11
- rsync--
- mtr--
- iftop
- sudo--
- postgresql-client
tags:
- pkg
- name: Disable sndiod
service:
name: sndiod
enabled: no
enabled: false
state: stopped
tags:
- pkg

View File

@ -4,11 +4,11 @@
lineinfile:
dest: /etc/sudoers
insertafter: '# and set environment variables.'
line: '%wheel ALL=(ALL) SETENV: ALL'
line: '%wheel ALL=(ALL) SETENV: ALL'
validate: 'visudo -cf %s'
backup: no
backup: false
tags:
- sudo
- sudo
- name: Configure sudoers for evomaintenance and monitoring
blockinfile:
@ -19,8 +19,6 @@
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh
%wheel ALL=NOPASSWD: MAINT
validate: 'visudo -cf %s'
backup: no
backup: false
tags:
- sudo
- sudo

View File

@ -1,5 +1,5 @@
# BGP
Deployment of BGP check script with its cron, and a best route log cron.
## Tasks
@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file.
The full list of variables (with default values) can be found in `defaults/main.yml`.
* `bgp_mailto` : email address the output of the script will be sent to when a change is detected
* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked
* `bgp_mailto` : email address the output of the script will be sent to when a change is detected
* `bgp_exclude_grep_command` : facultative grep -v command for some peers not to be checked

View File

@ -5,7 +5,7 @@
dest: /usr/share/scripts/bgpd-check-peers.sh
when: group_names | select('search','bgp') | list | count > 0
tags:
- bgp
- bgp
- name: Cron job for bgp check script is installed
cron:
@ -15,13 +15,13 @@
tags:
- bgp
- name: Create bgp log directory
- name: Create bgp log directory
file:
path: /var/log/bgp
state: directory
when: group_names | select('search','bgp') | list | count > 0
tags:
- bgp
- bgp
- name: weekly best routes cron job is installed
cron:
@ -29,7 +29,9 @@
minute: 0
hour: 4
weekday: 0
job: "/usr/sbin/bgpctl show rib selected > /var/log/bgp/rib-selected-$(date +\\%F)"
job: >
/usr/sbin/bgpctl show rib selected
> /var/log/bgp/rib-selected-$(date +\\%F)
when: group_names | select('search','bgp') | list | count > 0
tags:
- bgp

View File

@ -1,4 +1,4 @@
---
commit_message: Ansible run
etc_git_monitor_status: True
etc_git_monitor_status: true

View File

@ -3,20 +3,20 @@
command: git status --porcelain
args:
chdir: /etc
changed_when: False
changed_when: false
register: git_status
when: not ansible_check_mode
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- debug:
var: git_status
verbosity: 3
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: fetch current Git user.email
git_config:
@ -24,33 +24,49 @@
repo: /etc
scope: local
register: git_config_user_email
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: set commit author
set_fact:
commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}'
commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}'
commit_author: >
{% if ansible_env.SUDO_USER is not defined %}
root
{% else %}
{{ ansible_env.SUDO_USER }}
{% endif %}
commit_email: >
{% if git_config_user_email.config_value is not defined
or git_config_user_email.config_value == "" %}
root@localhost
{% else %}
{{ git_config_user_email.config_value }}
{% endif %}
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- name: /etc modifications are committed
shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\""
shell: >
git add -A .
&& git commit
-m "{{ commit_message | mandatory }}"
--author
"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>"
args:
chdir: /etc
register: etc_commit_end_run
when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes
ignore_errors: true
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc
- debug:
var: etc_commit_end_run
verbosity: 4
tags:
- etc-git
- commit-etc
- etc-git
- commit-etc

View File

@ -12,7 +12,7 @@
args:
chdir: /etc
creates: /etc/.git/
warn: no
warn: false
register: git_init
tags:
- etc-git
@ -48,11 +48,11 @@
command: "git log"
args:
chdir: /etc
warn: no
changed_when: False
failed_when: False
warn: false
changed_when: false
failed_when: false
register: git_log
check_mode: no
check_mode: false
tags:
- etc-git
@ -60,7 +60,7 @@
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
args:
chdir: /etc
warn: no
warn: false
register: git_commit
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
tags:
@ -72,7 +72,7 @@
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
owner: root
mode: "0644"
create: yes
create: true
tags:
- etc-git
@ -82,7 +82,7 @@
line: "{{ item }}"
owner: root
mode: "0644"
create: yes
create: true
when: etc_git_monitor_status
tags:
- etc-git
@ -93,7 +93,8 @@
- name: cron job for /etc/.git status is removed
lineinfile:
path: /etc/daily.local
line: '/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
line:
'/usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short'
owner: root
mode: "0644"
state: absent
@ -105,7 +106,13 @@
cron:
name: git status
minute: 42
job: "who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short"
job: >
who
> /dev/null
|| /usr/local/bin/git
--git-dir=/etc/.git
--work-tree=/etc
status --short
when: etc_git_monitor_status
tags:
- etc-git
@ -114,7 +121,13 @@
cron:
name: git status
minute: 42
job: "who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short"
job: >
who
> /dev/null
|| /usr/local/bin/git
--git-dir=/etc/.git
--work-tree=/etc
status --short
state: absent
when: not etc_git_monitor_status
tags:

View File

@ -2,9 +2,9 @@
- name: run evocheck
command: "{{ evocheck_bin_dir }}/evocheck.sh"
register: evocheck_run
changed_when: False
failed_when: False
check_mode: no
changed_when: false
failed_when: false
check_mode: false
tags:
- evocheck-exec
@ -12,4 +12,4 @@
var: evocheck_run.stdout_lines
when: evocheck_run.stdout != ""
tags:
- evocheck-exec
- evocheck-exec

View File

@ -15,7 +15,7 @@
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
mode: "0700"
owner: root
force: yes
force: true
tags:
- evocheck
@ -23,7 +23,7 @@
copy:
src: evocheck.cf
dest: /etc/evocheck.cf
force: no
force: false
tags:
- evocheck
@ -33,6 +33,6 @@
line: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
owner: root
mode: "0644"
create: yes
create: true
tags:
- evocheck

View File

@ -4,7 +4,7 @@
name: net.inet.ip.forwarding
value: 1
state: present
reload: yes
reload: true
tags:
- net
@ -13,6 +13,6 @@
name: net.inet6.ip6.forwarding
value: 1
state: present
reload: yes
reload: true
tags:
- net

View File

@ -8,6 +8,6 @@ Everything is in the `tasks/main.yml` file.
## Available variables
* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none).
* `nagios_nrpe_allowed_hosts` : list of IP/hosts authorized (default: none).
The full list of variables (with default values) can be found in `defaults/main.yml`.

View File

@ -2,7 +2,8 @@
evolix_trusted_ips: []
additional_trusted_ips: []
# Let's merge evolix_trusted_ips with additional_trusted_ips
nagios_nrpe_allowed_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
nagios_nrpe_allowed_hosts:
"{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}"
nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT"
nagios_nrpe_ldap_passwd: LDAP_PASSWD
nagios_nrpe_pgsql_passwd: PGSQL_PASSWD

View File

@ -54,5 +54,5 @@
- name: Starting and enabling nrpe
service:
name: nrpe
enabled: yes
enabled: true
state: started

View File

@ -3,7 +3,7 @@
openbsd_pkg:
name: "openvpn--"
tags:
- openvpn
- openvpn
- name: Create /etc/openvpn directory
file:
@ -13,59 +13,62 @@
group: "wheel"
mode: "0755"
tags:
- openvpn
- openvpn
- name: Deploy OpenVPN configuration
template:
src: "server.conf.j2"
template:
src: "server.conf.j2"
dest: "/etc/openvpn/server.conf"
mode: "0600"
mode: "0600"
notify: restart openvpn
tags:
- openvpn
- openvpn
- name: Enabling OpenVPN
service:
name: openvpn
enabled: yes
enabled: true
tags:
- openvpn
- openvpn
- name: Set OpenVPN flag
shell: 'rcctl set openvpn flags "--config /etc/openvpn/server.conf"'
tags:
- openvpn
- openvpn
- name: Create shellpki user
user:
name: "_shellpki"
system: yes
state: present
system: yes
system: true
state: present
home: "/etc/shellpki/"
shell: "/sbin/nologin"
tags:
- openvpn
- openvpn
- name: Copy some shellpki files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: yes
force: true
with_items:
- { src: 'files/shellpki/openssl.cnf', dest: '/etc/shellpki/openssl.cnf', mode: '0640' }
- { src: 'files/shellpki/shellpki', dest: '/usr/local/sbin/shellpki', mode: '0755' }
- src: 'files/shellpki/openssl.cnf'
dest: '/etc/shellpki/openssl.cnf'
mode: '0640'
- src: 'files/shellpki/shellpki'
dest: '/usr/local/sbin/shellpki'
mode: '0755'
tags:
- openvpn
- name: Deploy DH PARAMETERS
template:
src: "dh2048.pem.j2"
template:
src: "dh2048.pem.j2"
dest: "/etc/shellpki/dh2048.pem"
mode: "0600"
mode: "0600"
tags:
- openvpn
@ -77,7 +80,7 @@
group: "wheel"
mode: "0755"
tags:
- openvpn
- openvpn
- name: Include /etc/sudoers.d in sudoers configuration file
lineinfile:
@ -91,20 +94,22 @@
src: "sudo_shellpki"
dest: "/etc/sudoers.d/shellpki"
force: true
mode: "0440"
mode: "0440"
validate: '/usr/local/sbin/visudo -cf %s'
tags:
- openvpn
- openvpn
- name: Copy check_openvpn
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: wheel
mode: "{{ item.mode }}"
force: yes
force: true
with_items:
- { src: 'files/check_openvpn.pl', dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl', mode: '0755' }
- src: 'files/check_openvpn.pl'
dest: '/usr/local/libexec/nagios/plugins/check_openvpn.pl'
mode: '0755'
tags:
- openvpn

View File

@ -1,5 +1,5 @@
# OSPF
Deployment of OSPF check scripts with their cron.
## Tasks
@ -10,5 +10,5 @@ Everything is in the `tasks/main.yml` file.
The full list of variables (with default values) can be found in `defaults/main.yml`.
* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected
* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs
* `ospf_mailto` : email address the output of the scripts will be sent to when a change is detected
* `ospf_sed_command` : facultative sed command to modify the ospfctl output and add a name to IPs

View File

@ -8,7 +8,7 @@
- "ospf6d-check-peers.sh"
when: group_names | select('search','ospf') | list | count > 0
tags:
- ospf
- ospf
- name: Cron job for ospf check scripts is installed
cron:

View File

@ -4,4 +4,4 @@
src: pf.conf.j2
dest: /etc/pf.conf
mode: "0600"
backup: yes
backup: true

View File

@ -3,19 +3,25 @@
command: git status --porcelain
args:
chdir: /etc
changed_when: False
changed_when: false
register: git_status
when: not ansible_check_mode
ignore_errors: yes
ignore_errors: true
tags:
- commit-etc
- commit-etc
# yamllint disable rule:line-length
- name: /etc modifications are committed
shell: "git add -A . && git commit -m \"{{ commit_message | default('Ansible run') }}\" --author=\"{{ ansible_env.SUDO_USER | default('Root') }} <{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>\""
shell: >
git add -A .
&& git commit
-m "{{ commit_message | default('Ansible run') }}"
--author="{{ ansible_env.SUDO_USER | default('Root') }}"
< "{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>"
args:
chdir: /etc
register: etc_commit_end_evolinux
when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes
ignore_errors: true
tags:
- commit-etc
- commit-etc
# yamllint enable rule:line-length

View File

@ -3,29 +3,31 @@
## Edit and uncomment to overwrite the default values ##
########################################################
#ntpd_servers:
#- "ntp.evolix.net"
# ntpd_servers:
# - "ntp.evolix.net"
#
#general_alert_email: "root@localhost"
#general_technical_realm: "example.com"
# general_alert_email: "root@localhost"
# general_technical_realm: "example.com"
evolinux_ssh_group: "evolinux-ssh"
evolinux_sudo_group: "evolinux-sudo"
evolinux_root_disable_ssh: true
#
#evomaintenance_realm: "example.com"
#evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
#evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
#evomaintenance_pg_host: Null
#evomaintenance_pg_passwd: Null
#evomaintenance_pg_db: Null
#evomaintenance_pg_table: Null
#evomaintenance_from_domain: "{{ evomaintenance_realm }}"
#evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
#evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
#evomaintenance_urgency_from: mama.doe@example.com
#evomaintenance_urgency_tel: "06.00.00.00.00"
# evomaintenance_realm: "example.com"
# evomaintenance_alert_email:
# "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
# evomaintenance_hostname:
# "{{ inventory_hostname }}.{{ general_technical_realm }}"
# evomaintenance_pg_host: Null
# evomaintenance_pg_passwd: Null
# evomaintenance_pg_db: Null
# evomaintenance_pg_table: Null
# evomaintenance_from_domain: "{{ evomaintenance_realm }}"
# evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
# evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
# evomaintenance_urgency_from: mama.doe@example.com
# evomaintenance_urgency_tel: "06.00.00.00.00"
#
#evolix_users:
# evolix_users:
# foo:
# name: foo
# uid: 1042