From 674a4aa836a1110836151d0393a861cd5c386362 Mon Sep 17 00:00:00 2001 From: Jeremy Dubois Date: Thu, 23 Jun 2022 18:35:39 +0200 Subject: [PATCH] update of tags for each tasks and ease the update of scripts --- CHANGELOG | 1 + README.md | 11 +++++++++++ roles/accounts/tasks/main.yml | 10 ++++++++++ roles/accounts/tasks/user.yml | 5 +++++ roles/base/tasks/dotfiles.yml | 2 -- roles/base/tasks/evomaintenance.yml | 2 +- roles/base/tasks/mail.yml | 6 +++--- roles/etc-git/tasks/main.yml | 2 +- roles/etc-git/tasks/utils.yml | 4 ++++ roles/evocheck/tasks/exec.yml | 4 ---- roles/evocheck/tasks/main.yml | 1 + roles/forwarding/tasks/main.yml | 4 ++-- roles/logsentry/tasks/main.yml | 4 ++-- roles/nagios-nrpe/tasks/main.yml | 20 ++++++++++++++++++++ roles/post-install/tasks/ldif.yml | 7 +++++++ roles/post-install/tasks/motd.yml | 11 +++++++++++ roles/post-install/tasks/update.yml | 3 +++ 17 files changed, 82 insertions(+), 15 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8743609..a5a3093 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state - evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file - pf : reorder some rules, more details on some comments +- update of tags for each tasks and ease the update of scripts ### Fixed diff --git a/README.md b/README.md index a35dc00..935e3d5 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,17 @@ Subsequent use (become_method: sudo) : ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME ``` +## How to update scripts + +Several tags in the format `*utils` are configured to update the different scripts : + +* utils : update scripts from base role, utils.yml task +* motd-utils : update script from post-install role, motd.yml task +* evomaintenance-utils : update scripts from base role, evomaintenance.yml task +* evocheck-utils : update scripts from evocheck role, main.yml task +* nagios-nrpe-utils : update scripts and checks from nagios-nrpe role, main.yml task +* etc-git-utils : update scripts from etc-git role, utils.yml task + ## Contributions See the [contribution guidelines](CONTRIBUTING.md) diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 250c849..9d29a34 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -9,6 +9,7 @@ - "{{ evobsd_ssh_group }}" - "{{ evobsd_sudo_group }}" tags: + - accounts - admin - name: "Create user accounts" @@ -18,6 +19,7 @@ with_dict: "{{ evolix_users }}" when: evolix_users != {} tags: + - accounts - admin - name: "Verify AllowGroups directive" @@ -27,6 +29,7 @@ check_mode: false register: grep_allowgroups_ssh tags: + - accounts - admin - name: "Verify AllowUsers directive" @@ -36,6 +39,7 @@ check_mode: false register: grep_allowusers_ssh tags: + - accounts - admin - name: "Check that AllowUsers and AllowGroup do not override each other" @@ -43,6 +47,7 @@ that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" msg: "We can't deal with AllowUsers and AllowGroups at the same time" tags: + - accounts - admin - name: "If AllowGroups is present then use it" @@ -50,6 +55,7 @@ ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" tags: + - accounts - admin - name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'" @@ -63,6 +69,7 @@ - ssh_allowgroups - grep_allowgroups_ssh.rc == 1 tags: + - accounts - admin - name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive" @@ -76,6 +83,7 @@ - ssh_allowgroups - grep_allowgroups_ssh.rc == 0 tags: + - accounts - admin - name: "Security directives for EvoBSD" @@ -93,6 +101,7 @@ when: - evolix_trusted_ips != [] tags: + - accounts - admin - name: "Disable root login" @@ -102,4 +111,5 @@ replace: "PermitRootLogin no" notify: reload sshd tags: + - accounts - admin diff --git a/roles/accounts/tasks/user.yml b/roles/accounts/tasks/user.yml index 3e905f0..1b8b3c3 100644 --- a/roles/accounts/tasks/user.yml +++ b/roles/accounts/tasks/user.yml @@ -6,6 +6,7 @@ name: "{{ user.name }}" gid: "{{ user.uid }}" tags: + - accounts - admin - name: "User '{{ user.name }}' is present" @@ -19,6 +20,7 @@ shell: /bin/ksh append: true tags: + - accounts - admin - name: "Home directory for '{{ user.name }}' is only accesible by owner" @@ -29,6 +31,7 @@ group: "{{ user.name }}" state: directory tags: + - accounts - admin - name: "SSH public keys for '{{ user.name }}' are present" @@ -41,6 +44,7 @@ loop_var: ssk_key when: user.ssh_keys is defined tags: + - accounts - admin - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group" @@ -55,4 +59,5 @@ loop_control: loop_var: groups_item tags: + - accounts - admin diff --git a/roles/base/tasks/dotfiles.yml b/roles/base/tasks/dotfiles.yml index 191f954..0b59786 100644 --- a/roles/base/tasks/dotfiles.yml +++ b/roles/base/tasks/dotfiles.yml @@ -16,7 +16,6 @@ tags: - admin - dotfiles - - vim - name: "Customize .kshrc environment file" copy: @@ -56,7 +55,6 @@ tags: - admin - dotfiles - - vim - name: "Customize .kshrc environment file for new users" copy: diff --git a/roles/base/tasks/evomaintenance.yml b/roles/base/tasks/evomaintenance.yml index 4f8c182..1c4c377 100644 --- a/roles/base/tasks/evomaintenance.yml +++ b/roles/base/tasks/evomaintenance.yml @@ -21,7 +21,7 @@ - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600'} tags: - evomaintenance - - script-evomaintenance + - evomaintenance-utils - name: "Configure evomaintenance" template: diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index a9ca06d..31c0ae6 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -6,7 +6,7 @@ failed_when: false changed_when: false tags: - - misc + - alerting - name: "Configure rc.local" lineinfile: @@ -20,7 +20,7 @@ - not (rclocal_content.stdout | regex_search('date \| mail -s (\"|\')boot/reboot of \$\(hostname -s\)')) tags: - - misc + - alerting - name: "Delete rc.local entry of boot/reboot not precising hostname" lineinfile: @@ -29,7 +29,7 @@ "^.* mail -s (?!.*of.*).+$" state: absent tags: - - misc + - alerting - name: "Set root mail alias" replace: diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index acc8728..37016a9 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -14,6 +14,6 @@ - name: "Configure repositories" include: repositories.yml + when: etc_git_config_repositories | bool tags: - etc-git - when: etc_git_config_repositories | bool diff --git a/roles/etc-git/tasks/utils.yml b/roles/etc-git/tasks/utils.yml index d16315e..1efb028 100644 --- a/roles/etc-git/tasks/utils.yml +++ b/roles/etc-git/tasks/utils.yml @@ -9,6 +9,7 @@ force: true tags: - etc-git + - etc-git-utils - name: "ansible-commit script is installed" copy: @@ -18,6 +19,7 @@ force: true tags: - etc-git + - etc-git-utils - name: "etc-git-optimize script is installed" copy: @@ -27,6 +29,7 @@ force: true tags: - etc-git + - etc-git-utils - name: "etc-git-status script is installed" copy: @@ -36,6 +39,7 @@ force: true tags: - etc-git + - etc-git-utils - name: "Legacy monthly cron job for /etc/.git optimization is absent" lineinfile: diff --git a/roles/evocheck/tasks/exec.yml b/roles/evocheck/tasks/exec.yml index 3e6f772..05eb750 100644 --- a/roles/evocheck/tasks/exec.yml +++ b/roles/evocheck/tasks/exec.yml @@ -5,11 +5,7 @@ changed_when: false failed_when: false check_mode: false - tags: - - evocheck-exec - debug: var: evocheck_run.stdout_lines when: evocheck_run.stdout | length != 0 - tags: - - evocheck-exec diff --git a/roles/evocheck/tasks/main.yml b/roles/evocheck/tasks/main.yml index ded85c8..5f6d511 100644 --- a/roles/evocheck/tasks/main.yml +++ b/roles/evocheck/tasks/main.yml @@ -18,6 +18,7 @@ force: true tags: - evocheck + - evocheck-utils - name: "Copy evocheck.cf" copy: diff --git a/roles/forwarding/tasks/main.yml b/roles/forwarding/tasks/main.yml index 15679c7..586074a 100644 --- a/roles/forwarding/tasks/main.yml +++ b/roles/forwarding/tasks/main.yml @@ -6,7 +6,7 @@ state: present reload: true tags: - - net + - forwarding - name: "Enable IPv6 forwarding" sysctl: @@ -15,4 +15,4 @@ state: present reload: true tags: - - net + - forwarding diff --git a/roles/logsentry/tasks/main.yml b/roles/logsentry/tasks/main.yml index ac5639b..be1cc58 100644 --- a/roles/logsentry/tasks/main.yml +++ b/roles/logsentry/tasks/main.yml @@ -26,7 +26,7 @@ - "logsentry.ignore" tags: - logsentry - - config + - logsentry-config - name: "Copy logsentry.violations.ignore configuration" copy: @@ -37,7 +37,7 @@ - "logsentry.violations.ignore" tags: - logsentry - - config + - logsentry-config - name: "Hourly cron job for logsentry.sh is installed" cron: diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index 1bfd1c6..f75cf82 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -4,6 +4,8 @@ name: - nrpe-- state: present + tags: + - nagios-nrpe - name: "Install monitoring packages" openbsd_pkg: @@ -11,6 +13,8 @@ - monitoring-plugins - check_bioctl state: present + tags: + - nagios-nrpe - name: "Create nrpe.d dir" file: @@ -19,11 +23,15 @@ owner: root group: wheel mode: "0755" + tags: + - nagios-nrpe - name: "Include nrpe.d dir in nrpe.cfg" lineinfile: dest: /etc/nrpe.cfg line: 'include_dir=/etc/nrpe.d' + tags: + - nagios-nrpe - name: "Custom configuration is present" template: @@ -31,6 +39,8 @@ dest: /etc/nrpe.d/evolix.cfg mode: "0644" notify: restart nrpe + tags: + - nagios-nrpe - name: "Create nrpe plugins dir" file: @@ -39,6 +49,8 @@ owner: root group: wheel mode: "0755" + tags: + - nagios-nrpe - name: "Nagios plugins are installed" copy: @@ -63,6 +75,9 @@ - {name: 'check_dhcp_pool', force: false} - {name: 'check_dhcpd.sh', force: false} notify: restart nrpe + tags: + - nagios-nrpe + - nagios-nrpe-utils - name: "Nagios plugins are installed - template" template: @@ -75,9 +90,14 @@ with_items: - {name: 'check_free_mem.sh', force: true} notify: restart nrpe + tags: + - nagios-nrpe + - nagios-nrpe-utils - name: "Starting and enabling nrpe" service: name: nrpe enabled: true state: started + tags: + - nagios-nrpe diff --git a/roles/post-install/tasks/ldif.yml b/roles/post-install/tasks/ldif.yml index 6fe292d..0ca109a 100644 --- a/roles/post-install/tasks/ldif.yml +++ b/roles/post-install/tasks/ldif.yml @@ -6,6 +6,9 @@ owner: root group: wheel mode: "0750" + tags: + - post-install + - generateldif - name: "Run generateldif" command: '{{ general_scripts_dir }}/generateldif.sh' @@ -14,10 +17,14 @@ failed_when: false check_mode: false tags: + - post-install + - generateldif - generateldif-exec - debug: var: generateldif_run.stdout_lines verbosity: 1 tags: + - post-install + - generateldif - generateldif-exec diff --git a/roles/post-install/tasks/motd.yml b/roles/post-install/tasks/motd.yml index 648ace5..f04a3b0 100644 --- a/roles/post-install/tasks/motd.yml +++ b/roles/post-install/tasks/motd.yml @@ -3,9 +3,14 @@ copy: src: motd-carp-state.sh dest: /usr/share/scripts/motd-carp-state.sh + force: true owner: root group: wheel mode: '0755' + tags: + - post-install + - motd + - motd-utils - name: "Fetch root crontab content" command: > @@ -14,6 +19,9 @@ register: root_crontab_content failed_when: false changed_when: false + tags: + - post-install + - motd - name: "Cron job for dynamic motd script is installed" cron: @@ -23,3 +31,6 @@ when: - not (root_crontab_content.stdout | regex_search('/bin/sh /usr/share/scripts/motd-carp-state.sh')) + tags: + - post-install + - motd diff --git a/roles/post-install/tasks/update.yml b/roles/post-install/tasks/update.yml index 2c1708c..b7b9b75 100644 --- a/roles/post-install/tasks/update.yml +++ b/roles/post-install/tasks/update.yml @@ -3,3 +3,6 @@ command: /usr/sbin/syspatch ignore_errors: true when: ansible_distribution_version is version_compare("6.1",'>=') + tags: + - post-install + - updates