diff --git a/prerequisite.yml b/prerequisite.yml index 3fffa0d..0175431 100644 --- a/prerequisite.yml +++ b/prerequisite.yml @@ -12,7 +12,7 @@ - name: Install ansible's prerequisite # yamllint disable-line rule:line-length - raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3 + ansible.builtin.raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3 changed_when: true # vim:ft=ansible diff --git a/roles/accounts/handlers/main.yml b/roles/accounts/handlers/main.yml index 5d24c46..4893584 100644 --- a/roles/accounts/handlers/main.yml +++ b/roles/accounts/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: reload sshd - service: + ansible.builtin.service: name: sshd state: reloaded diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index aba3180..f516165 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group" - group: + ansible.builtin.group: name: "{{ item }}" system: true with_items: @@ -25,7 +25,7 @@ - admin - name: "Verify AllowGroups directive" - command: "grep -E '^AllowGroups' /etc/ssh/sshd_config" + ansible.builtin.command: "grep -E '^AllowGroups' /etc/ssh/sshd_config" changed_when: false failed_when: false check_mode: false @@ -35,7 +35,7 @@ - admin - name: "Verify AllowUsers directive" - command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + ansible.builtin.command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" changed_when: false failed_when: false check_mode: false @@ -45,7 +45,7 @@ - admin - name: "Check that AllowUsers and AllowGroup do not override each other" - assert: + ansible.builtin.assert: that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" msg: "We can't deal with AllowUsers and AllowGroups at the same time" tags: @@ -53,7 +53,7 @@ - admin - name: "If AllowGroups is present then use it" - set_fact: + ansible.builtin.set_fact: ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" tags: @@ -61,7 +61,7 @@ - admin - name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config line: "\nAllowGroups {{ evobsd_ssh_group }}" insertafter: 'Subsystem' @@ -75,7 +75,7 @@ - admin - name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive" - replace: + ansible.builtin.replace: dest: /etc/ssh/sshd_config regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$' replace: '\1 {{ evobsd_ssh_group }}' @@ -89,7 +89,7 @@ - admin - name: "Security directives for EvoBSD" - blockinfile: + ansible.builtin.blockinfile: dest: /etc/ssh/sshd_config marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS" block: | @@ -107,7 +107,7 @@ - admin - name: "Disable root login" - replace: + ansible.builtin.replace: dest: /etc/ssh/sshd_config regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)' replace: "PermitRootLogin {{ evobsd_root_login }}" diff --git a/roles/accounts/tasks/user.yml b/roles/accounts/tasks/user.yml index 4d5c58d..1b0938f 100644 --- a/roles/accounts/tasks/user.yml +++ b/roles/accounts/tasks/user.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "Group '{{ user.name }}' is present" - group: + ansible.builtin.group: state: present name: "{{ user.name }}" gid: "{{ user.uid }}" @@ -10,7 +10,7 @@ - admin - name: "User '{{ user.name }}' is present" - user: + ansible.builtin.user: state: present name: '{{ user.name }}' uid: '{{ user.uid }}' @@ -24,14 +24,14 @@ - admin - name: "Gather available local users" - getent: + ansible.builtin.getent: database: passwd tags: - accounts - admin - name: "Home directory for '{{ user.name }}' is only accesible by owner" - file: + ansible.builtin.file: name: '/home/{{ user.name }}' mode: "0700" owner: "{{ user.name }}" @@ -43,7 +43,7 @@ - admin - name: "SSH public keys for '{{ user.name }}' are present" - authorized_key: + ansible.posix.authorized_key: user: "{{ user.name }}" key: "{{ ssk_key }}" state: present @@ -58,7 +58,7 @@ - admin - name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group" - user: + ansible.builtin.user: name: "{{ user.name }}" groups: "{{ groups_item }}" append: true diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index 5ad9161..141a7a3 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,38 +1,38 @@ --- - name: newaliases - command: smtpctl update table aliases + ansible.builtin.command: smtpctl update table aliases - name: remount / noatime - command: mount -u -o noatime / + ansible.builtin.command: mount -u -o noatime / args: warn: false - name: remount /var noatime - command: mount -u -o noatime /var + ansible.builtin.command: mount -u -o noatime /var args: warn: false - name: remount /usr noatime - command: mount -u -o noatime /usr + ansible.builtin.command: mount -u -o noatime /usr args: warn: false - name: remount /tmp noexec - command: mount -u -o noexec /tmp + ansible.builtin.command: mount -u -o noexec /tmp args: warn: false - name: remount /tmp noatime - command: mount -u -o noatime /tmp + ansible.builtin.command: mount -u -o noatime /tmp args: warn: false - name: remount /home noatime - command: mount -u -o noatime /home + ansible.builtin.command: mount -u -o noatime /home args: warn: false - name: restart ntpd - service: + ansible.builtin.service: name: ntpd state: restarted diff --git a/roles/base/tasks/cron.yml b/roles/base/tasks/cron.yml index 351b937..535f69f 100644 --- a/roles/base/tasks/cron.yml +++ b/roles/base/tasks/cron.yml @@ -1,6 +1,6 @@ --- - name: "Customize PATH variable of root crontab" - cron: + ansible.builtin.cron: name: PATH env: true value: "{{ cron_root_path }}" diff --git a/roles/base/tasks/doas.yml b/roles/base/tasks/doas.yml index 1d4b88b..39e44a0 100644 --- a/roles/base/tasks/doas.yml +++ b/roles/base/tasks/doas.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "Configure doas" - blockinfile: + ansible.builtin.blockinfile: dest: /etc/doas.conf owner: root group: wheel diff --git a/roles/base/tasks/dotfiles.yml b/roles/base/tasks/dotfiles.yml index 09c4292..cf07921 100644 --- a/roles/base/tasks/dotfiles.yml +++ b/roles/base/tasks/dotfiles.yml @@ -1,6 +1,6 @@ --- - name: "Customize root's .profile" - template: + ansible.builtin.template: src: profile.j2 dest: /root/.profile mode: "0644" @@ -9,7 +9,7 @@ - dotfiles - name: "Copy vim default configuration" - copy: + ansible.builtin.copy: src: vimrc dest: /root/.vimrc mode: "0644" @@ -18,7 +18,7 @@ - dotfiles - name: "Customize .kshrc environment file" - template: + ansible.builtin.template: src: kshrc.j2 dest: /root/.kshrc mode: "0644" @@ -27,7 +27,7 @@ - dotfiles - name: "Change default .profile skeleton" - template: + ansible.builtin.template: src: profile.j2 dest: /etc/skel/.profile mode: "0644" @@ -36,7 +36,7 @@ - dotfiles - name: "Add evomaintenance trap .profile skeleton with doas" - lineinfile: + ansible.builtin.lineinfile: state: present dest: /etc/skel/.profile mode: "0644" @@ -48,7 +48,7 @@ - dotfiles - name: "Add vim configuration to dotfiles for new users" - copy: + ansible.builtin.copy: src: vimrc dest: /etc/skel/.vimrc mode: "0644" @@ -57,7 +57,7 @@ - dotfiles - name: "Customize .kshrc environment file for new users" - template: + ansible.builtin.template: src: kshrc.j2 dest: /etc/skel/.kshrc mode: "0644" diff --git a/roles/base/tasks/fstab_entries.yml b/roles/base/tasks/fstab_entries.yml index efddec7..03d2b86 100644 --- a/roles/base/tasks/fstab_entries.yml +++ b/roles/base/tasks/fstab_entries.yml @@ -1,6 +1,6 @@ --- - name: "Fetch fstab content" - command: "grep -v '^#' /etc/fstab" + ansible.builtin.command: "grep -v '^#' /etc/fstab" check_mode: false register: fstab_content failed_when: false diff --git a/roles/base/tasks/fstab_entry.yml b/roles/base/tasks/fstab_entry.yml index 1277b1f..9ce5501 100644 --- a/roles/base/tasks/fstab_entry.yml +++ b/roles/base/tasks/fstab_entry.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "{{ fstab_path }} partition is customized - softdep" - replace: + ansible.builtin.replace: dest: /etc/fstab regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)' replace: '\1,softdep\2' @@ -13,7 +13,7 @@ - fstab - name: "{{ fstab_path }} partition is customized - noatime" - replace: + ansible.builtin.replace: dest: /etc/fstab regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)' replace: '\1\2,noatime\3' @@ -26,7 +26,7 @@ - fstab - name: "{{ fstab_path }} partition is customized - noexec" - replace: + ansible.builtin.replace: dest: /etc/fstab regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)' replace: '\1,noexec\3' diff --git a/roles/base/tasks/mail.yml b/roles/base/tasks/mail.yml index 31c0ae6..918265c 100644 --- a/roles/base/tasks/mail.yml +++ b/roles/base/tasks/mail.yml @@ -1,6 +1,6 @@ --- - name: "Fetch rc.local content" - command: "grep -v '^#' /etc/rc.local" + ansible.builtin.command: "grep -v '^#' /etc/rc.local" check_mode: false register: rclocal_content failed_when: false @@ -9,7 +9,7 @@ - alerting - name: "Configure rc.local" - lineinfile: + ansible.builtin.lineinfile: path: /etc/rc.local line: 'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}' @@ -23,7 +23,7 @@ - alerting - name: "Delete rc.local entry of boot/reboot not precising hostname" - lineinfile: + ansible.builtin.lineinfile: path: /etc/rc.local regexp: "^.* mail -s (?!.*of.*).+$" @@ -32,7 +32,7 @@ - alerting - name: "Set root mail alias" - replace: + ansible.builtin.replace: dest: /etc/mail/aliases regexp: "# root:" replace: "root: {{ general_alert_email }}" diff --git a/roles/base/tasks/newsyslog.yml b/roles/base/tasks/newsyslog.yml index 4258cae..cc6a6da 100644 --- a/roles/base/tasks/newsyslog.yml +++ b/roles/base/tasks/newsyslog.yml @@ -1,6 +1,6 @@ --- - name: "Customize newsyslog" - copy: + ansible.builtin.copy: src: newsyslog.conf dest: /etc/newsyslog.conf mode: "0644" diff --git a/roles/base/tasks/ntp.yml b/roles/base/tasks/ntp.yml index fecb4b1..e460560 100644 --- a/roles/base/tasks/ntp.yml +++ b/roles/base/tasks/ntp.yml @@ -1,6 +1,6 @@ --- - name: "Customize ntpd conf" - template: + ansible.builtin.template: src: ntpd.conf.j2 dest: /etc/ntpd.conf owner: root diff --git a/roles/base/tasks/packages.yml b/roles/base/tasks/packages.yml index 998f940..1c6128e 100644 --- a/roles/base/tasks/packages.yml +++ b/roles/base/tasks/packages.yml @@ -1,7 +1,7 @@ --- - name: "Configure installurl" - copy: + ansible.builtin.copy: content: "{{ evobsd_install_url }}\n" dest: /etc/installurl mode: "0644" @@ -9,7 +9,7 @@ - pkg - name: "Install packages (vim rsync mtr etc)" - openbsd_pkg: + community.general.openbsd_pkg: name: - wget - vim--no_x11 @@ -25,7 +25,7 @@ - pkg - name: "Disable sndiod" - service: + ansible.builtin.service: name: sndiod enabled: false state: stopped diff --git a/roles/base/tasks/resolvconf.yml b/roles/base/tasks/resolvconf.yml index 1472ca2..44b5e4e 100644 --- a/roles/base/tasks/resolvconf.yml +++ b/roles/base/tasks/resolvconf.yml @@ -1,6 +1,6 @@ --- - name: "Configure resolv.conf" - lineinfile: + ansible.builtin.lineinfile: path: /etc/resolv.conf line: "lookup file bind" insertbefore: BOF diff --git a/roles/base/tasks/sudo.yml b/roles/base/tasks/sudo.yml index a793cfb..f262c02 100644 --- a/roles/base/tasks/sudo.yml +++ b/roles/base/tasks/sudo.yml @@ -1,6 +1,6 @@ --- - name: "Configure sudoers umask" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/sudoers insertafter: '# Defaults specification' line: 'Defaults umask=0077' @@ -9,7 +9,7 @@ - sudo - name: "Deactivate sudo insults" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/sudoers insertafter: 'Defaults umask=0077' line: 'Defaults !insults' @@ -18,7 +18,7 @@ - sudo - name: "Configure sudoers" - blockinfile: + ansible.builtin.blockinfile: state: present dest: /etc/sudoers insertafter: EOF diff --git a/roles/base/tasks/utils.yml b/roles/base/tasks/utils.yml index e989d38..1cacca8 100644 --- a/roles/base/tasks/utils.yml +++ b/roles/base/tasks/utils.yml @@ -1,6 +1,6 @@ --- - name: "dump-server-state script is present" - copy: + ansible.builtin.copy: src: "dump-server-state.sh" dest: /usr/local/sbin/dump-server-state force: true @@ -13,7 +13,7 @@ - utils - name: "update-evobackup-canary script is present" - copy: + ansible.builtin.copy: src: "update-evobackup-canary" dest: /usr/local/bin/update-evobackup-canary force: true diff --git a/roles/bgp/tasks/main.yml b/roles/bgp/tasks/main.yml index 7edae90..4ae5d2e 100644 --- a/roles/bgp/tasks/main.yml +++ b/roles/bgp/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Deploy bgp check script" - template: + ansible.builtin.template: src: bgpd-check-peers.sh.j2 dest: /usr/share/scripts/bgpd-check-peers.sh when: group_names | select('search','bgp') | list | count > 0 @@ -8,7 +8,7 @@ - bgp - name: "Cron job for bgp check script is installed" - cron: + ansible.builtin.cron: name: bgp check job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh" when: group_names | select('search','bgp') | list | count > 0 @@ -16,7 +16,7 @@ - bgp - name: "Create bgp log directory" - file: + ansible.builtin.file: path: /var/log/bgp state: directory when: group_names | select('search','bgp') | list | count > 0 @@ -24,7 +24,7 @@ - bgp - name: "Daily best routes cron job is installed" - cron: + ansible.builtin.cron: name: bgp best routes minute: 0 hour: 4 @@ -36,7 +36,7 @@ - bgp - name: "Weekly best routes clean up cron job is installed" - cron: + ansible.builtin.cron: name: bgp best routes clean up minute: 0 hour: 4 diff --git a/roles/collectd/handlers/main.yml b/roles/collectd/handlers/main.yml index 6bb81b5..e0f5827 100644 --- a/roles/collectd/handlers/main.yml +++ b/roles/collectd/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart collectd - service: + ansible.builtin.service: name: collectd state: restarted diff --git a/roles/collectd/tasks/main.yml b/roles/collectd/tasks/main.yml index 44233ff..9799628 100644 --- a/roles/collectd/tasks/main.yml +++ b/roles/collectd/tasks/main.yml @@ -1,13 +1,13 @@ # yamllint disable rule:line-length --- - name: "Install Collectd package" - openbsd_pkg: + community.general.openbsd_pkg: name: "collectd" tags: - collectd - name: "Deploy Collectd configuration" - template: + ansible.builtin.template: src: "collectd.conf.j2" dest: "/etc/collectd.conf" notify: restart collectd @@ -15,7 +15,7 @@ - collectd - name: "Enabling Collectd" - service: + ansible.builtin.service: name: collectd enabled: true when: not ansible_check_mode @@ -23,7 +23,7 @@ - collectd - name: "Fix rights for collectd directory" - file: + ansible.builtin.file: path: /usr/local/share/collectd state: directory owner: "root" @@ -34,7 +34,7 @@ - collectd - name: "Create scripts directory for exec plugins" - file: + ansible.builtin.file: path: /usr/local/share/collectd/scripts state: directory owner: "root" @@ -45,7 +45,7 @@ - collectd - name: "Copy ifq_drops.sh" - copy: + ansible.builtin.copy: src: ifq_drops.sh dest: /usr/local/share/collectd/scripts/ifq_drops.sh owner: "root" @@ -57,7 +57,7 @@ - collectd - name: "Remove ifq_drops.sh" - file: + ansible.builtin.file: path: /usr/local/share/collectd/scripts/ifq_drops.sh state: absent when: not collectd_plugin_exec_ifq_drops @@ -65,7 +65,7 @@ - collectd - name: "Copy dns_stats.sh" - copy: + ansible.builtin.copy: src: dns_stats.sh dest: /usr/local/share/collectd/scripts/dns_stats.sh owner: "root" @@ -77,7 +77,7 @@ - collectd - name: "Remove dns_stats.sh" - file: + ansible.builtin.file: path: /usr/local/share/collectd/scripts/dns_stats.sh state: absent when: not collectd_plugin_exec_dns_stats @@ -85,7 +85,7 @@ - collectd - name: "Add doas configuration for dns_stats.sh execution" - lineinfile: + ansible.builtin.lineinfile: path: /etc/doas.conf line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats' when: collectd_plugin_exec_dns_stats @@ -93,7 +93,7 @@ - collectd - name: "Copy dhcp_pool.pl" - copy: + ansible.builtin.copy: src: dhcp_pool.pl dest: /usr/local/share/collectd/scripts/dhcp_pool.pl owner: "root" @@ -105,7 +105,7 @@ - collectd - name: "Remove dhcp_pool.pl" - file: + ansible.builtin.file: path: /usr/local/share/collectd/scripts/dhcp_pool.pl state: absent when: not collectd_plugin_exec_dhcp_pool diff --git a/roles/etc-git/tasks/commit.yml b/roles/etc-git/tasks/commit.yml index cacb66f..3f96903 100644 --- a/roles/etc-git/tasks/commit.yml +++ b/roles/etc-git/tasks/commit.yml @@ -2,7 +2,7 @@ --- - name: "Execute ansible-commit" - command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\"" + ansible.builtin.command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\"" changed_when: - _ansible_commit.stdout - "'CHANGED:' in _ansible_commit.stdout" diff --git a/roles/etc-git/tasks/main.yml b/roles/etc-git/tasks/main.yml index 37016a9..0c5dd12 100644 --- a/roles/etc-git/tasks/main.yml +++ b/roles/etc-git/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: "Git is installed" - openbsd_pkg: + community.general.openbsd_pkg: name: git state: present tags: diff --git a/roles/etc-git/tasks/repositories.yml b/roles/etc-git/tasks/repositories.yml index ea33145..9918ecf 100644 --- a/roles/etc-git/tasks/repositories.yml +++ b/roles/etc-git/tasks/repositories.yml @@ -12,7 +12,7 @@ - etc-git - name: "Verify /usr/share/scripts presence" - stat: + ansible.builtin.stat: path: /usr/share/scripts register: _usr_share_scripts tags: diff --git a/roles/etc-git/tasks/repository.yml b/roles/etc-git/tasks/repository.yml index 0e143cc..17aba3e 100644 --- a/roles/etc-git/tasks/repository.yml +++ b/roles/etc-git/tasks/repository.yml @@ -1,7 +1,7 @@ --- - name: "{{ repository_path }} is versioned with git" - command: "git init ." + ansible.builtin.command: "git init ." args: chdir: "{{ repository_path }}" creates: "{{ repository_path }}/.git/" @@ -11,7 +11,7 @@ - etc-git - name: "Git user.email is configured" - git_config: + community.general.git_config: name: user.email repo: "{{ repository_path }}" scope: local @@ -20,7 +20,7 @@ - etc-git - name: "{{ repository_path }}/.git is restricted to root" - file: + ansible.builtin.file: path: "{{ repository_path }}/.git" owner: root mode: "0700" @@ -29,7 +29,7 @@ - etc-git - name: "{{ repository_path }}/.gitignore is present" - copy: + ansible.builtin.copy: src: gitignore dest: "{{ repository_path }}/.gitignore" owner: root @@ -39,7 +39,7 @@ - etc-git - name: "Some entries MUST be in the {{ repository_path }}/.gitignore file" - lineinfile: + ansible.builtin.lineinfile: dest: "{{ repository_path }}/.gitignore" line: "{{ item }}" loop: "{{ gitignore_items | default([]) }}" @@ -47,7 +47,7 @@ - etc-git - name: "Set vim as default editor" - git_config: + community.general.git_config: name: core.editor scope: global value: vim @@ -55,7 +55,7 @@ - etc-git - name: "Does {{ repository_path }}/ have any commit?" - command: "git log" + ansible.builtin.command: "git log" args: chdir: "{{ repository_path }}" warn: false @@ -67,7 +67,7 @@ - etc-git - name: "Initial commit is present?" - shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" + ansible.builtin.shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" args: chdir: "{{ repository_path }}" warn: false diff --git a/roles/etc-git/tasks/utils.yml b/roles/etc-git/tasks/utils.yml index 66100ec..99f7ab0 100644 --- a/roles/etc-git/tasks/utils.yml +++ b/roles/etc-git/tasks/utils.yml @@ -2,7 +2,7 @@ --- - name: "evocommit script is installed" - copy: + ansible.builtin.copy: src: evocommit dest: /usr/local/bin/evocommit mode: "0755" @@ -12,7 +12,7 @@ - etc-git-utils - name: "ansible-commit script is installed" - copy: + ansible.builtin.copy: src: ansible-commit dest: /usr/local/bin/ansible-commit mode: "0755" @@ -22,7 +22,7 @@ - etc-git-utils - name: "etc-git-optimize script is installed" - copy: + ansible.builtin.copy: src: etc-git-optimize dest: /usr/share/scripts/etc-git-optimize mode: "0755" @@ -32,7 +32,7 @@ - etc-git-utils - name: "etc-git-status script is installed" - copy: + ansible.builtin.copy: src: etc-git-status dest: /usr/share/scripts/etc-git-status mode: "0755" @@ -42,7 +42,7 @@ - etc-git-utils - name: "Legacy monthly cron job for /etc/.git optimization is absent" - lineinfile: + ansible.builtin.lineinfile: path: /etc/monthly.local line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet' state: absent @@ -50,7 +50,7 @@ - etc-git - name: "Legacy hourly cron job for /etc/.git status is absent" - cron: + ansible.builtin.cron: name: git status minute: "42" job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short @@ -59,7 +59,7 @@ - etc-git - name: "Legacy daily cron jobs for /etc/.git status are absent" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: "{{ item }}" owner: root @@ -72,7 +72,7 @@ - etc-git - name: "Cron job for monthly git optimization" - lineinfile: + ansible.builtin.lineinfile: path: /etc/monthly.local line: "/usr/share/scripts/etc-git-optimize" owner: root @@ -82,7 +82,7 @@ - etc-git - name: "Cron job for monthly git optimization - next_part" - lineinfile: + ansible.builtin.lineinfile: path: /etc/monthly.local line: 'next_part "Monthly optimization:"' insertbefore: "/usr/share/scripts/etc-git-optimize" @@ -93,7 +93,7 @@ - etc-git - name: "Cron job for hourly git status" - lineinfile: + ansible.builtin.lineinfile: path: /etc/hourly.local line: "who > /dev/null || /usr/share/scripts/etc-git-status" owner: root @@ -104,7 +104,7 @@ - etc-git - name: "Cron job for hourly git status - next_part" - lineinfile: + ansible.builtin.lineinfile: path: /etc/hourly.local line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"' insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status" @@ -116,7 +116,7 @@ - etc-git - name: "Cron job for daily git status" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: "/usr/share/scripts/etc-git-status" owner: root @@ -127,7 +127,7 @@ - etc-git - name: "Cron job for daily git status - next_part" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: 'next_part "Daily warning for unclean Git repository:"' insertbefore: "/usr/share/scripts/etc-git-status" diff --git a/roles/evobackup/tasks/main.yml b/roles/evobackup/tasks/main.yml index ce02337..91bf117 100644 --- a/roles/evobackup/tasks/main.yml +++ b/roles/evobackup/tasks/main.yml @@ -3,7 +3,7 @@ # Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands - name: "Copy zzz_evobackup script" - copy: + ansible.builtin.copy: src: zzz_evobackup dest: /usr/share/scripts/zzz_evobackup owner: root @@ -14,7 +14,7 @@ - evobackup - name: "Copy update-evobackup-canary script" - copy: + ansible.builtin.copy: src: 000-update-evobackup-canary dest: /usr/share/scripts/000-update-evobackup-canary owner: root @@ -25,7 +25,7 @@ - evobackup - name: "Fetch daily.local content" - command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local' + ansible.builtin.command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local' check_mode: false register: daily_local_content failed_when: false @@ -34,7 +34,7 @@ - evobackup - name: "Add evobackup cron (disabled)" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: '#bash /usr/share/scripts/zzz_evobackup' owner: root @@ -46,7 +46,7 @@ - evobackup - name: "Add evobackup cron - next_part" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: 'next_part "EvoBackup output:"' insertbefore: 'sh /usr/share/scripts/zzz_evobackup' @@ -57,7 +57,7 @@ - evobackup - name: "Add canary cron" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local line: 'sh /usr/share/scripts/000-update-evobackup-canary' insertafter: 'next_part "EvoBackup output:"' @@ -68,7 +68,7 @@ - evobackup - name: "Delete legacy evobackup root crontab" - lineinfile: + ansible.builtin.lineinfile: path: /var/cron/tabs/root regexp: '/usr/share/scripts/zzz_evobackup' validate: /usr/bin/crontab %s diff --git a/roles/evocheck/tasks/exec.yml b/roles/evocheck/tasks/exec.yml index 82eb942..22ba28b 100644 --- a/roles/evocheck/tasks/exec.yml +++ b/roles/evocheck/tasks/exec.yml @@ -1,6 +1,6 @@ --- - name: "Run evocheck" - command: "{{ evocheck_bin_dir }}/evocheck.sh" + ansible.builtin.command: "{{ evocheck_bin_dir }}/evocheck.sh" register: evocheck_run changed_when: false failed_when: false @@ -8,7 +8,7 @@ tags: - evocheck-exec -- debug: +- ansible.builtin.debug: var: evocheck_run.stdout_lines when: evocheck_run.stdout | length != 0 tags: diff --git a/roles/evocheck/tasks/main.yml b/roles/evocheck/tasks/main.yml index fe081e1..470b430 100644 --- a/roles/evocheck/tasks/main.yml +++ b/roles/evocheck/tasks/main.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "Scripts dir is present" - file: + ansible.builtin.file: path: "{{ evocheck_bin_dir }}" state: directory owner: root @@ -11,7 +11,7 @@ - evocheck - name: "Copy evocheck.sh" - copy: + ansible.builtin.copy: src: evocheck.sh dest: "{{ evocheck_bin_dir }}/evocheck.sh" mode: "0700" @@ -22,7 +22,7 @@ - evocheck-utils - name: "Copy evocheck.cf" - copy: + ansible.builtin.copy: src: evocheck.cf dest: /etc/evocheck.cf mode: "0644" @@ -31,7 +31,7 @@ - evocheck - name: "Delete legacy evocheck cron" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron' state: absent @@ -39,7 +39,7 @@ - evocheck - name: "Add evocheck cron" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local insertbefore: BOF line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg' @@ -50,7 +50,7 @@ - evocheck - name: "Add evocheck cron - test for date" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local insertbefore: BOF line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi' @@ -61,7 +61,7 @@ - evocheck - name: "Add evocheck cron - next_part" - lineinfile: + ansible.builtin.lineinfile: path: /etc/daily.local insertbefore: BOF line: 'next_part "Evocheck output:"' diff --git a/roles/evomaintenance/tasks/main.yml b/roles/evomaintenance/tasks/main.yml index 1c4c377..99d83a7 100644 --- a/roles/evomaintenance/tasks/main.yml +++ b/roles/evomaintenance/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Create scripts directory" - file: + ansible.builtin.file: path: /usr/share/scripts/ state: directory owner: root @@ -10,7 +10,7 @@ - evomaintenance - name: "Copy evomaintenance script and template" - copy: + ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: 'root' @@ -24,7 +24,7 @@ - evomaintenance-utils - name: "Configure evomaintenance" - template: + ansible.builtin.template: src: evomaintenance.j2 dest: /etc/evomaintenance.cf owner: root diff --git a/roles/forwarding/tasks/main.yml b/roles/forwarding/tasks/main.yml index 586074a..17dbe4f 100644 --- a/roles/forwarding/tasks/main.yml +++ b/roles/forwarding/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Enable IPv4 forwarding" - sysctl: + ansible.posix.sysctl: name: net.inet.ip.forwarding value: "1" state: present @@ -9,7 +9,7 @@ - forwarding - name: "Enable IPv6 forwarding" - sysctl: + ansible.posix.sysctl: name: net.inet6.ip6.forwarding value: "1" state: present diff --git a/roles/logsentry/tasks/main.yml b/roles/logsentry/tasks/main.yml index db9a021..25e9e45 100644 --- a/roles/logsentry/tasks/main.yml +++ b/roles/logsentry/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Install logsentry" - openbsd_pkg: + community.general.openbsd_pkg: name: - logsentry-- state: present @@ -8,7 +8,7 @@ - logsentry - name: "Copy logsentry script to /usr/share/scripts" - copy: + ansible.builtin.copy: src: logsentry.sh dest: /usr/share/scripts/logsentry.sh owner: root @@ -18,7 +18,7 @@ - logsentry - name: "Copy custom logsentry configuration files" - copy: + ansible.builtin.copy: src: "{{ item }}" dest: "/etc/logsentry/{{ item }}" owner: root @@ -32,14 +32,14 @@ - logsentry-config - name: "Delete unused default script" - file: + ansible.builtin.file: state: absent path: /etc/logsentry/logsentry.sh tags: - logsentry - name: "Hourly cron job for logsentry.sh is installed" - cron: + ansible.builtin.cron: name: logsentry minute: "11" job: > diff --git a/roles/nagios-nrpe/handlers/main.yml b/roles/nagios-nrpe/handlers/main.yml index 2762b9c..663a93a 100644 --- a/roles/nagios-nrpe/handlers/main.yml +++ b/roles/nagios-nrpe/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart nrpe - service: + ansible.builtin.service: name: nrpe state: restarted diff --git a/roles/nagios-nrpe/tasks/main.yml b/roles/nagios-nrpe/tasks/main.yml index dbf9e14..bec42a4 100644 --- a/roles/nagios-nrpe/tasks/main.yml +++ b/roles/nagios-nrpe/tasks/main.yml @@ -1,7 +1,7 @@ # yamllint disable rule:line-length --- - name: "Install nrpe" - openbsd_pkg: + community.general.openbsd_pkg: name: - nrpe-- state: present @@ -9,7 +9,7 @@ - nagios-nrpe - name: "Install monitoring packages" - openbsd_pkg: + community.general.openbsd_pkg: name: - monitoring-plugins - check_bioctl @@ -18,7 +18,7 @@ - nagios-nrpe - name: "Create nrpe.d dir" - file: + ansible.builtin.file: path: /etc/nrpe.d state: directory owner: root @@ -28,14 +28,14 @@ - nagios-nrpe - name: "Include nrpe.d dir in nrpe.cfg" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nrpe.cfg line: 'include_dir=/etc/nrpe.d' tags: - nagios-nrpe - name: "Custom configuration is present" - blockinfile: + ansible.builtin.blockinfile: block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}" path: /etc/nrpe.d/evolix.cfg marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD" @@ -47,7 +47,7 @@ - nagios-nrpe - name: "Fetch nrpe config content" - command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg' + ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg' check_mode: false register: nrpe_config_content failed_when: false @@ -56,7 +56,7 @@ - nagios-nrpe - name: "Allow NRPE hosts - if no allowed_hosts configured" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nrpe.d/evolix.cfg insertbefore: BOF regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}" @@ -66,7 +66,7 @@ - nagios-nrpe - name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nrpe.d/evolix.cfg backrefs: true insertbefore: BOF @@ -77,7 +77,7 @@ - nagios-nrpe - name: "Allow NRPE hosts - add comment" - lineinfile: + ansible.builtin.lineinfile: dest: /etc/nrpe.d/evolix.cfg insertbefore: BOF line: "# Allowed IPs" @@ -85,7 +85,7 @@ - nagios-nrpe - name: "Create nrpe plugins dir" - file: + ansible.builtin.file: path: /usr/local/libexec/nagios/plugins/ state: directory owner: root @@ -95,7 +95,7 @@ - nagios-nrpe - name: "Nagios plugins are installed" - copy: + ansible.builtin.copy: src: plugins_bsd/{{ item.name }} dest: /usr/local/libexec/nagios/plugins/{{ item.name }} owner: root @@ -123,7 +123,7 @@ - nagios-nrpe-utils - name: "Nagios plugins are installed - template" - template: + ansible.builtin.template: src: plugins_bsd/{{ item.name }}.j2 dest: /usr/local/libexec/nagios/plugins/{{ item.name }} owner: root @@ -138,7 +138,7 @@ - nagios-nrpe-utils - name: "Starting and enabling nrpe" - service: + ansible.builtin.service: name: nrpe enabled: true state: started diff --git a/roles/ospf/tasks/main.yml b/roles/ospf/tasks/main.yml index 43178c3..f00f6bd 100644 --- a/roles/ospf/tasks/main.yml +++ b/roles/ospf/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Deploy ospf check scripts" - template: + ansible.builtin.template: src: "{{ item }}.j2" dest: /usr/share/scripts/{{ item }} with_items: @@ -11,7 +11,7 @@ - ospf - name: "Cron job for ospf check scripts is installed" - cron: + ansible.builtin.cron: name: "{{ item }} check" job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh" with_items: diff --git a/roles/pf/tasks/main.yml b/roles/pf/tasks/main.yml index e873933..eaa6e7e 100644 --- a/roles/pf/tasks/main.yml +++ b/roles/pf/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Setup pf.conf" - template: + ansible.builtin.template: src: pf.conf.j2 dest: /etc/pf.conf mode: "0600" diff --git a/roles/post-install/tasks/ldif.yml b/roles/post-install/tasks/ldif.yml index 0ca109a..d4432ed 100644 --- a/roles/post-install/tasks/ldif.yml +++ b/roles/post-install/tasks/ldif.yml @@ -1,6 +1,6 @@ --- - name: "Copy generateldif.sh" - template: + ansible.builtin.template: src: generateldif.sh.j2 dest: '{{ general_scripts_dir }}/generateldif.sh' owner: root @@ -11,7 +11,7 @@ - generateldif - name: "Run generateldif" - command: '{{ general_scripts_dir }}/generateldif.sh' + ansible.builtin.command: '{{ general_scripts_dir }}/generateldif.sh' register: generateldif_run changed_when: false failed_when: false @@ -21,7 +21,7 @@ - generateldif - generateldif-exec -- debug: +- ansible.builtin.debug: var: generateldif_run.stdout_lines verbosity: 1 tags: diff --git a/roles/post-install/tasks/motd.yml b/roles/post-install/tasks/motd.yml index ff42a90..3c878e1 100644 --- a/roles/post-install/tasks/motd.yml +++ b/roles/post-install/tasks/motd.yml @@ -1,6 +1,6 @@ --- - name: "Deploy dynamic motd script for CARP master or backup" - copy: + ansible.builtin.copy: src: motd-carp-state.sh dest: /usr/share/scripts/motd-carp-state.sh force: true @@ -13,7 +13,7 @@ - motd-utils - name: "Fetch root crontab content" - command: > + ansible.builtin.command: > grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root check_mode: false register: root_crontab_content @@ -24,7 +24,7 @@ - motd - name: "Cron job for dynamic motd script is installed" - cron: + ansible.builtin.cron: name: dynamic motd for CARP job: "/bin/sh /usr/share/scripts/motd-carp-state.sh" minute: "0" diff --git a/roles/post-install/tasks/update.yml b/roles/post-install/tasks/update.yml index b7b9b75..4783ce9 100644 --- a/roles/post-install/tasks/update.yml +++ b/roles/post-install/tasks/update.yml @@ -1,6 +1,6 @@ --- - name: "Check and install updates (erratas) if available" - command: /usr/sbin/syspatch + ansible.builtin.command: /usr/sbin/syspatch ignore_errors: true when: ansible_distribution_version is version_compare("6.1",'>=') tags: diff --git a/update-utils.yml b/update-utils.yml index 4018680..cd9c7ac 100644 --- a/update-utils.yml +++ b/update-utils.yml @@ -14,7 +14,7 @@ - vars/evolix-main.yml pre_tasks: - - include_role: + - ansible.builtin.include_role: name: etc-git tasks_from: commit.yml vars: @@ -31,7 +31,7 @@ - post-install post_tasks: - - include_role: + - ansible.builtin.include_role: name: etc-git tasks_from: commit.yml vars: @@ -39,6 +39,6 @@ when: not ansible_check_mode tags: always - - include_role: + - ansible.builtin.include_role: name: evocheck tasks_from: exec.yml