update of tags for each tasks and ease the update of scripts

CHANGELOG

@@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
 - evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
 - pf : reorder some rules, more details on some comments
+- update of tags for each tasks and ease the update of scripts
 
 ### Fixed
 

README.md

@@ -28,6 +28,17 @@ Subsequent use (become_method: sudo) :
 ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME
 ```
 
+## How to update scripts
+
+Several tags in the format `*utils` are configured to update the different scripts :
+
+* utils : update scripts from base role, utils.yml task
+* motd-utils : update script from post-install role, motd.yml task
+* evomaintenance-utils : update scripts from base role, evomaintenance.yml task
+* evocheck-utils : update scripts from evocheck role, main.yml task
+* nagios-nrpe-utils : update scripts and checks from nagios-nrpe role, main.yml task
+* etc-git-utils : update scripts from etc-git role, utils.yml task
+
 ## Contributions
 
 See the [contribution guidelines](CONTRIBUTING.md)

roles/accounts/tasks/main.yml

@@ -9,6 +9,7 @@
     - "{{ evobsd_ssh_group }}"
     - "{{ evobsd_sudo_group }}"
   tags:
+    - accounts
     - admin
 
 - name: "Create user accounts"
@@ -18,6 +19,7 @@
   with_dict: "{{ evolix_users }}"
   when: evolix_users != {}
   tags:
+    - accounts
     - admin
 
 - name: "Verify AllowGroups directive"
@@ -27,6 +29,7 @@
   check_mode: false
   register: grep_allowgroups_ssh
   tags:
+    - accounts
     - admin
 
 - name: "Verify AllowUsers directive"
@@ -36,6 +39,7 @@
   check_mode: false
   register: grep_allowusers_ssh
   tags:
+    - accounts
     - admin
 
 - name: "Check that AllowUsers and AllowGroup do not override each other"
@@ -43,6 +47,7 @@
     that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
     msg: "We can't deal with AllowUsers and AllowGroups at the same time"
   tags:
+    - accounts
     - admin
 
 - name: "If AllowGroups is present then use it"
@@ -50,6 +55,7 @@
     ssh_allowgroups:
       "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
   tags:
+    - accounts
     - admin
 
 - name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
@@ -63,6 +69,7 @@
     - ssh_allowgroups
     - grep_allowgroups_ssh.rc == 1
   tags:
+    - accounts
     - admin
 
 - name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
@@ -76,6 +83,7 @@
     - ssh_allowgroups
     - grep_allowgroups_ssh.rc == 0
   tags:
+    - accounts
     - admin
 
 - name: "Security directives for EvoBSD"
@@ -93,6 +101,7 @@
   when:
     - evolix_trusted_ips != []
   tags:
+    - accounts
     - admin
 
 - name: "Disable root login"
@@ -102,4 +111,5 @@
     replace: "PermitRootLogin no"
   notify: reload sshd
   tags:
+    - accounts
     - admin

roles/accounts/tasks/user.yml

@@ -6,6 +6,7 @@
     name: "{{ user.name }}"
     gid: "{{ user.uid }}"
   tags:
+    - accounts
     - admin
 
 - name: "User '{{ user.name }}' is present"
@@ -19,6 +20,7 @@
     shell: /bin/ksh
     append: true
   tags:
+    - accounts
     - admin
 
 - name: "Home directory for '{{ user.name }}' is only accesible by owner"
@@ -29,6 +31,7 @@
     group: "{{ user.name }}"
     state: directory
   tags:
+    - accounts
     - admin
 
 - name: "SSH public keys for '{{ user.name }}' are present"
@@ -41,6 +44,7 @@
     loop_var: ssk_key
   when: user.ssh_keys is defined
   tags:
+    - accounts
     - admin
 
 - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
@@ -55,4 +59,5 @@
   loop_control:
     loop_var: groups_item
   tags:
+    - accounts
     - admin

roles/base/tasks/dotfiles.yml

@@ -16,7 +16,6 @@
   tags:
     - admin
     - dotfiles
-    - vim
 
 - name: "Customize .kshrc environment file"
   copy:
@@ -56,7 +55,6 @@
   tags:
     - admin
     - dotfiles
-    - vim
 
 - name: "Customize .kshrc environment file for new users"
   copy:

roles/base/tasks/evomaintenance.yml

@@ -21,7 +21,7 @@
     - {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600'}
   tags:
     - evomaintenance
-    - script-evomaintenance
+    - evomaintenance-utils
 
 - name: "Configure evomaintenance"
   template:

roles/base/tasks/mail.yml

@@ -6,7 +6,7 @@
   failed_when: false
   changed_when: false
   tags:
-    - misc
+    - alerting
 
 - name: "Configure rc.local"
   lineinfile:
@@ -20,7 +20,7 @@
     - not (rclocal_content.stdout
       | regex_search('date \| mail -s (\"|\')boot/reboot of \$\(hostname -s\)'))
   tags:
-    - misc
+    - alerting
 
 - name: "Delete rc.local entry of boot/reboot not precising hostname"
   lineinfile:
@@ -29,7 +29,7 @@
       "^.* mail -s (?!.*of.*).+$"
     state: absent
   tags:
-    - misc
+    - alerting
 
 - name: "Set root mail alias"
   replace:

roles/etc-git/tasks/main.yml

@@ -14,6 +14,6 @@
 
 - name: "Configure repositories"
   include: repositories.yml
+  when: etc_git_config_repositories | bool
   tags:
     - etc-git
-  when: etc_git_config_repositories | bool

roles/etc-git/tasks/utils.yml

@@ -9,6 +9,7 @@
     force: true
   tags:
     - etc-git
+    - etc-git-utils
 
 - name: "ansible-commit script is installed"
   copy:
@@ -18,6 +19,7 @@
     force: true
   tags:
     - etc-git
+    - etc-git-utils
 
 - name: "etc-git-optimize script is installed"
   copy:
@@ -27,6 +29,7 @@
     force: true
   tags:
     - etc-git
+    - etc-git-utils
 
 - name: "etc-git-status script is installed"
   copy:
@@ -36,6 +39,7 @@
     force: true
   tags:
     - etc-git
+    - etc-git-utils
 
 - name: "Legacy monthly cron job for /etc/.git optimization is absent"
   lineinfile:

roles/evocheck/tasks/exec.yml

@@ -5,11 +5,7 @@
   changed_when: false
   failed_when: false
   check_mode: false
-  tags:
-  - evocheck-exec
 
 - debug:
     var: evocheck_run.stdout_lines
   when: evocheck_run.stdout | length != 0
-  tags:
-    - evocheck-exec

roles/evocheck/tasks/main.yml

@@ -18,6 +18,7 @@
     force: true
   tags:
     - evocheck
+    - evocheck-utils
 
 - name: "Copy evocheck.cf"
   copy:

roles/forwarding/tasks/main.yml

@@ -6,7 +6,7 @@
     state: present
     reload: true
   tags:
-    - net
+    - forwarding
 
 - name: "Enable IPv6 forwarding"
   sysctl:
@@ -15,4 +15,4 @@
     state: present
     reload: true
   tags:
-    - net
+    - forwarding

roles/logsentry/tasks/main.yml

@@ -26,7 +26,7 @@
     - "logsentry.ignore"
   tags:
     - logsentry
-    - config
+    - logsentry-config
 
 - name: "Copy logsentry.violations.ignore configuration"
   copy:
@@ -37,7 +37,7 @@
     - "logsentry.violations.ignore"
   tags:
     - logsentry
-    - config
+    - logsentry-config
 
 - name: "Hourly cron job for logsentry.sh is installed"
   cron:

roles/nagios-nrpe/tasks/main.yml

@@ -4,6 +4,8 @@
     name:
       - nrpe--
     state: present
+  tags:
+    - nagios-nrpe
 
 - name: "Install monitoring packages"
   openbsd_pkg:
@@ -11,6 +13,8 @@
       - monitoring-plugins
       - check_bioctl
     state: present
+  tags:
+    - nagios-nrpe
 
 - name: "Create nrpe.d dir"
   file:
@@ -19,11 +23,15 @@
     owner: root
     group: wheel
     mode: "0755"
+  tags:
+    - nagios-nrpe
 
 - name: "Include nrpe.d dir in nrpe.cfg"
   lineinfile:
     dest: /etc/nrpe.cfg
     line: 'include_dir=/etc/nrpe.d'
+  tags:
+    - nagios-nrpe
 
 - name: "Custom configuration is present"
   template:
@@ -31,6 +39,8 @@
     dest: /etc/nrpe.d/evolix.cfg
     mode: "0644"
   notify: restart nrpe
+  tags:
+    - nagios-nrpe
 
 - name: "Create nrpe plugins dir"
   file:
@@ -39,6 +49,8 @@
     owner: root
     group: wheel
     mode: "0755"
+  tags:
+    - nagios-nrpe
 
 - name: "Nagios plugins are installed"
   copy:
@@ -63,6 +75,9 @@
     - {name: 'check_dhcp_pool', force: false}
     - {name: 'check_dhcpd.sh', force: false}
   notify: restart nrpe
+  tags:
+    - nagios-nrpe
+    - nagios-nrpe-utils
 
 - name: "Nagios plugins are installed - template"
   template:
@@ -75,9 +90,14 @@
   with_items:
     - {name: 'check_free_mem.sh', force: true}
   notify: restart nrpe
+  tags:
+    - nagios-nrpe
+    - nagios-nrpe-utils
 
 - name: "Starting and enabling nrpe"
   service:
     name: nrpe
     enabled: true
     state: started
+  tags:
+    - nagios-nrpe

roles/post-install/tasks/ldif.yml

@@ -6,6 +6,9 @@
     owner: root
     group: wheel
     mode: "0750"
+  tags:
+    - post-install
+    - generateldif
 
 - name: "Run generateldif"
   command: '{{ general_scripts_dir }}/generateldif.sh'
@@ -14,10 +17,14 @@
   failed_when: false
   check_mode: false
   tags:
+    - post-install
+    - generateldif
     - generateldif-exec
 
 - debug:
     var: generateldif_run.stdout_lines
     verbosity: 1
   tags:
+    - post-install
+    - generateldif
     - generateldif-exec

roles/post-install/tasks/motd.yml

@@ -3,9 +3,14 @@
   copy:
     src: motd-carp-state.sh
     dest: /usr/share/scripts/motd-carp-state.sh
+    force: true
     owner: root
     group: wheel
     mode: '0755'
+  tags:
+    - post-install
+    - motd
+    - motd-utils
 
 - name: "Fetch root crontab content"
   command: >
@@ -14,6 +19,9 @@
   register: root_crontab_content
   failed_when: false
   changed_when: false
+  tags:
+    - post-install
+    - motd
 
 - name: "Cron job for dynamic motd script is installed"
   cron:
@@ -23,3 +31,6 @@
   when:
     - not (root_crontab_content.stdout
       | regex_search('/bin/sh /usr/share/scripts/motd-carp-state.sh'))
+  tags:
+    - post-install
+    - motd

roles/post-install/tasks/update.yml

@@ -3,3 +3,6 @@
   command: /usr/sbin/syspatch
   ignore_errors: true
   when: ansible_distribution_version is version_compare("6.1",'>=')
+  tags:
+    - post-install
+    - updates