update of tags for each tasks and ease the update of scripts
This commit is contained in:
parent
7a47d95776
commit
674a4aa836
|
@ -28,6 +28,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
- nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state
|
||||
- evocheck: renamed install.yml to main.yml and add evocheck cron at the beginning of the daily.local file
|
||||
- pf : reorder some rules, more details on some comments
|
||||
- update of tags for each tasks and ease the update of scripts
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
11
README.md
11
README.md
|
@ -28,6 +28,17 @@ Subsequent use (become_method: sudo) :
|
|||
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts --skip-tags pf -l HOSTNAME
|
||||
```
|
||||
|
||||
## How to update scripts
|
||||
|
||||
Several tags in the format `*utils` are configured to update the different scripts :
|
||||
|
||||
* utils : update scripts from base role, utils.yml task
|
||||
* motd-utils : update script from post-install role, motd.yml task
|
||||
* evomaintenance-utils : update scripts from base role, evomaintenance.yml task
|
||||
* evocheck-utils : update scripts from evocheck role, main.yml task
|
||||
* nagios-nrpe-utils : update scripts and checks from nagios-nrpe role, main.yml task
|
||||
* etc-git-utils : update scripts from etc-git role, utils.yml task
|
||||
|
||||
## Contributions
|
||||
|
||||
See the [contribution guidelines](CONTRIBUTING.md)
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
- "{{ evobsd_ssh_group }}"
|
||||
- "{{ evobsd_sudo_group }}"
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Create user accounts"
|
||||
|
@ -18,6 +19,7 @@
|
|||
with_dict: "{{ evolix_users }}"
|
||||
when: evolix_users != {}
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Verify AllowGroups directive"
|
||||
|
@ -27,6 +29,7 @@
|
|||
check_mode: false
|
||||
register: grep_allowgroups_ssh
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Verify AllowUsers directive"
|
||||
|
@ -36,6 +39,7 @@
|
|||
check_mode: false
|
||||
register: grep_allowusers_ssh
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
||||
|
@ -43,6 +47,7 @@
|
|||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "If AllowGroups is present then use it"
|
||||
|
@ -50,6 +55,7 @@
|
|||
ssh_allowgroups:
|
||||
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
||||
|
@ -63,6 +69,7 @@
|
|||
- ssh_allowgroups
|
||||
- grep_allowgroups_ssh.rc == 1
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
||||
|
@ -76,6 +83,7 @@
|
|||
- ssh_allowgroups
|
||||
- grep_allowgroups_ssh.rc == 0
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Security directives for EvoBSD"
|
||||
|
@ -93,6 +101,7 @@
|
|||
when:
|
||||
- evolix_trusted_ips != []
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Disable root login"
|
||||
|
@ -102,4 +111,5 @@
|
|||
replace: "PermitRootLogin no"
|
||||
notify: reload sshd
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
name: "{{ user.name }}"
|
||||
gid: "{{ user.uid }}"
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "User '{{ user.name }}' is present"
|
||||
|
@ -19,6 +20,7 @@
|
|||
shell: /bin/ksh
|
||||
append: true
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
||||
|
@ -29,6 +31,7 @@
|
|||
group: "{{ user.name }}"
|
||||
state: directory
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "SSH public keys for '{{ user.name }}' are present"
|
||||
|
@ -41,6 +44,7 @@
|
|||
loop_var: ssk_key
|
||||
when: user.ssh_keys is defined
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||
|
@ -55,4 +59,5 @@
|
|||
loop_control:
|
||||
loop_var: groups_item
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
tags:
|
||||
- admin
|
||||
- dotfiles
|
||||
- vim
|
||||
|
||||
- name: "Customize .kshrc environment file"
|
||||
copy:
|
||||
|
@ -56,7 +55,6 @@
|
|||
tags:
|
||||
- admin
|
||||
- dotfiles
|
||||
- vim
|
||||
|
||||
- name: "Customize .kshrc environment file for new users"
|
||||
copy:
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
- {src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600'}
|
||||
tags:
|
||||
- evomaintenance
|
||||
- script-evomaintenance
|
||||
- evomaintenance-utils
|
||||
|
||||
- name: "Configure evomaintenance"
|
||||
template:
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
failed_when: false
|
||||
changed_when: false
|
||||
tags:
|
||||
- misc
|
||||
- alerting
|
||||
|
||||
- name: "Configure rc.local"
|
||||
lineinfile:
|
||||
|
@ -20,7 +20,7 @@
|
|||
- not (rclocal_content.stdout
|
||||
| regex_search('date \| mail -s (\"|\')boot/reboot of \$\(hostname -s\)'))
|
||||
tags:
|
||||
- misc
|
||||
- alerting
|
||||
|
||||
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
||||
lineinfile:
|
||||
|
@ -29,7 +29,7 @@
|
|||
"^.* mail -s (?!.*of.*).+$"
|
||||
state: absent
|
||||
tags:
|
||||
- misc
|
||||
- alerting
|
||||
|
||||
- name: "Set root mail alias"
|
||||
replace:
|
||||
|
|
|
@ -14,6 +14,6 @@
|
|||
|
||||
- name: "Configure repositories"
|
||||
include: repositories.yml
|
||||
when: etc_git_config_repositories | bool
|
||||
tags:
|
||||
- etc-git
|
||||
when: etc_git_config_repositories | bool
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
force: true
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git-utils
|
||||
|
||||
- name: "ansible-commit script is installed"
|
||||
copy:
|
||||
|
@ -18,6 +19,7 @@
|
|||
force: true
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git-utils
|
||||
|
||||
- name: "etc-git-optimize script is installed"
|
||||
copy:
|
||||
|
@ -27,6 +29,7 @@
|
|||
force: true
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git-utils
|
||||
|
||||
- name: "etc-git-status script is installed"
|
||||
copy:
|
||||
|
@ -36,6 +39,7 @@
|
|||
force: true
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git-utils
|
||||
|
||||
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
||||
lineinfile:
|
||||
|
|
|
@ -5,11 +5,7 @@
|
|||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: false
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
||||
- debug:
|
||||
var: evocheck_run.stdout_lines
|
||||
when: evocheck_run.stdout | length != 0
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
force: true
|
||||
tags:
|
||||
- evocheck
|
||||
- evocheck-utils
|
||||
|
||||
- name: "Copy evocheck.cf"
|
||||
copy:
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
state: present
|
||||
reload: true
|
||||
tags:
|
||||
- net
|
||||
- forwarding
|
||||
|
||||
- name: "Enable IPv6 forwarding"
|
||||
sysctl:
|
||||
|
@ -15,4 +15,4 @@
|
|||
state: present
|
||||
reload: true
|
||||
tags:
|
||||
- net
|
||||
- forwarding
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
- "logsentry.ignore"
|
||||
tags:
|
||||
- logsentry
|
||||
- config
|
||||
- logsentry-config
|
||||
|
||||
- name: "Copy logsentry.violations.ignore configuration"
|
||||
copy:
|
||||
|
@ -37,7 +37,7 @@
|
|||
- "logsentry.violations.ignore"
|
||||
tags:
|
||||
- logsentry
|
||||
- config
|
||||
- logsentry-config
|
||||
|
||||
- name: "Hourly cron job for logsentry.sh is installed"
|
||||
cron:
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
name:
|
||||
- nrpe--
|
||||
state: present
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Install monitoring packages"
|
||||
openbsd_pkg:
|
||||
|
@ -11,6 +13,8 @@
|
|||
- monitoring-plugins
|
||||
- check_bioctl
|
||||
state: present
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Create nrpe.d dir"
|
||||
file:
|
||||
|
@ -19,11 +23,15 @@
|
|||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Include nrpe.d dir in nrpe.cfg"
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.cfg
|
||||
line: 'include_dir=/etc/nrpe.d'
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Custom configuration is present"
|
||||
template:
|
||||
|
@ -31,6 +39,8 @@
|
|||
dest: /etc/nrpe.d/evolix.cfg
|
||||
mode: "0644"
|
||||
notify: restart nrpe
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Create nrpe plugins dir"
|
||||
file:
|
||||
|
@ -39,6 +49,8 @@
|
|||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Nagios plugins are installed"
|
||||
copy:
|
||||
|
@ -63,6 +75,9 @@
|
|||
- {name: 'check_dhcp_pool', force: false}
|
||||
- {name: 'check_dhcpd.sh', force: false}
|
||||
notify: restart nrpe
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
- nagios-nrpe-utils
|
||||
|
||||
- name: "Nagios plugins are installed - template"
|
||||
template:
|
||||
|
@ -75,9 +90,14 @@
|
|||
with_items:
|
||||
- {name: 'check_free_mem.sh', force: true}
|
||||
notify: restart nrpe
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
- nagios-nrpe-utils
|
||||
|
||||
- name: "Starting and enabling nrpe"
|
||||
service:
|
||||
name: nrpe
|
||||
enabled: true
|
||||
state: started
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
|
|
@ -6,6 +6,9 @@
|
|||
owner: root
|
||||
group: wheel
|
||||
mode: "0750"
|
||||
tags:
|
||||
- post-install
|
||||
- generateldif
|
||||
|
||||
- name: "Run generateldif"
|
||||
command: '{{ general_scripts_dir }}/generateldif.sh'
|
||||
|
@ -14,10 +17,14 @@
|
|||
failed_when: false
|
||||
check_mode: false
|
||||
tags:
|
||||
- post-install
|
||||
- generateldif
|
||||
- generateldif-exec
|
||||
|
||||
- debug:
|
||||
var: generateldif_run.stdout_lines
|
||||
verbosity: 1
|
||||
tags:
|
||||
- post-install
|
||||
- generateldif
|
||||
- generateldif-exec
|
||||
|
|
|
@ -3,9 +3,14 @@
|
|||
copy:
|
||||
src: motd-carp-state.sh
|
||||
dest: /usr/share/scripts/motd-carp-state.sh
|
||||
force: true
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: '0755'
|
||||
tags:
|
||||
- post-install
|
||||
- motd
|
||||
- motd-utils
|
||||
|
||||
- name: "Fetch root crontab content"
|
||||
command: >
|
||||
|
@ -14,6 +19,9 @@
|
|||
register: root_crontab_content
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
tags:
|
||||
- post-install
|
||||
- motd
|
||||
|
||||
- name: "Cron job for dynamic motd script is installed"
|
||||
cron:
|
||||
|
@ -23,3 +31,6 @@
|
|||
when:
|
||||
- not (root_crontab_content.stdout
|
||||
| regex_search('/bin/sh /usr/share/scripts/motd-carp-state.sh'))
|
||||
tags:
|
||||
- post-install
|
||||
- motd
|
||||
|
|
|
@ -3,3 +3,6 @@
|
|||
command: /usr/sbin/syspatch
|
||||
ignore_errors: true
|
||||
when: ansible_distribution_version is version_compare("6.1",'>=')
|
||||
tags:
|
||||
- post-install
|
||||
- updates
|
||||
|
|
Loading…
Reference in a new issue