use Fully Qualified Collection Name everywhere
This commit is contained in:
parent
28021670f0
commit
aed20187de
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
- name: Install ansible's prerequisite
|
- name: Install ansible's prerequisite
|
||||||
# yamllint disable-line rule:line-length
|
# yamllint disable-line rule:line-length
|
||||||
raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
ansible.builtin.raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
||||||
changed_when: true
|
changed_when: true
|
||||||
|
|
||||||
# vim:ft=ansible
|
# vim:ft=ansible
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: reload sshd
|
- name: reload sshd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
- name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||||
group:
|
ansible.builtin.group:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
system: true
|
system: true
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Verify AllowGroups directive"
|
- name: "Verify AllowGroups directive"
|
||||||
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
ansible.builtin.command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Verify AllowUsers directive"
|
- name: "Verify AllowUsers directive"
|
||||||
command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
ansible.builtin.command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
check_mode: false
|
check_mode: false
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
||||||
assert:
|
ansible.builtin.assert:
|
||||||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||||
tags:
|
tags:
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "If AllowGroups is present then use it"
|
- name: "If AllowGroups is present then use it"
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
ssh_allowgroups:
|
ssh_allowgroups:
|
||||||
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
||||||
tags:
|
tags:
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nAllowGroups {{ evobsd_ssh_group }}"
|
line: "\nAllowGroups {{ evobsd_ssh_group }}"
|
||||||
insertafter: 'Subsystem'
|
insertafter: 'Subsystem'
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
|
regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
|
||||||
replace: '\1 {{ evobsd_ssh_group }}'
|
replace: '\1 {{ evobsd_ssh_group }}'
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Security directives for EvoBSD"
|
- name: "Security directives for EvoBSD"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
|
marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
|
||||||
block: |
|
block: |
|
||||||
|
@ -107,7 +107,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Disable root login"
|
- name: "Disable root login"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
|
regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
|
||||||
replace: "PermitRootLogin {{ evobsd_root_login }}"
|
replace: "PermitRootLogin {{ evobsd_root_login }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Group '{{ user.name }}' is present"
|
- name: "Group '{{ user.name }}' is present"
|
||||||
group:
|
ansible.builtin.group:
|
||||||
state: present
|
state: present
|
||||||
name: "{{ user.name }}"
|
name: "{{ user.name }}"
|
||||||
gid: "{{ user.uid }}"
|
gid: "{{ user.uid }}"
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "User '{{ user.name }}' is present"
|
- name: "User '{{ user.name }}' is present"
|
||||||
user:
|
ansible.builtin.user:
|
||||||
state: present
|
state: present
|
||||||
name: '{{ user.name }}'
|
name: '{{ user.name }}'
|
||||||
uid: '{{ user.uid }}'
|
uid: '{{ user.uid }}'
|
||||||
|
@ -24,14 +24,14 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Gather available local users"
|
- name: "Gather available local users"
|
||||||
getent:
|
ansible.builtin.getent:
|
||||||
database: passwd
|
database: passwd
|
||||||
tags:
|
tags:
|
||||||
- accounts
|
- accounts
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
name: '/home/{{ user.name }}'
|
name: '/home/{{ user.name }}'
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
owner: "{{ user.name }}"
|
owner: "{{ user.name }}"
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "SSH public keys for '{{ user.name }}' are present"
|
- name: "SSH public keys for '{{ user.name }}' are present"
|
||||||
authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ user.name }}"
|
user: "{{ user.name }}"
|
||||||
key: "{{ ssk_key }}"
|
key: "{{ ssk_key }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
- admin
|
- admin
|
||||||
|
|
||||||
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||||
user:
|
ansible.builtin.user:
|
||||||
name: "{{ user.name }}"
|
name: "{{ user.name }}"
|
||||||
groups: "{{ groups_item }}"
|
groups: "{{ groups_item }}"
|
||||||
append: true
|
append: true
|
||||||
|
|
|
@ -1,38 +1,38 @@
|
||||||
---
|
---
|
||||||
- name: newaliases
|
- name: newaliases
|
||||||
command: smtpctl update table aliases
|
ansible.builtin.command: smtpctl update table aliases
|
||||||
|
|
||||||
- name: remount / noatime
|
- name: remount / noatime
|
||||||
command: mount -u -o noatime /
|
ansible.builtin.command: mount -u -o noatime /
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /var noatime
|
- name: remount /var noatime
|
||||||
command: mount -u -o noatime /var
|
ansible.builtin.command: mount -u -o noatime /var
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /usr noatime
|
- name: remount /usr noatime
|
||||||
command: mount -u -o noatime /usr
|
ansible.builtin.command: mount -u -o noatime /usr
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /tmp noexec
|
- name: remount /tmp noexec
|
||||||
command: mount -u -o noexec /tmp
|
ansible.builtin.command: mount -u -o noexec /tmp
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /tmp noatime
|
- name: remount /tmp noatime
|
||||||
command: mount -u -o noatime /tmp
|
ansible.builtin.command: mount -u -o noatime /tmp
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: remount /home noatime
|
- name: remount /home noatime
|
||||||
command: mount -u -o noatime /home
|
ansible.builtin.command: mount -u -o noatime /home
|
||||||
args:
|
args:
|
||||||
warn: false
|
warn: false
|
||||||
|
|
||||||
- name: restart ntpd
|
- name: restart ntpd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: ntpd
|
name: ntpd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize PATH variable of root crontab"
|
- name: "Customize PATH variable of root crontab"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: PATH
|
name: PATH
|
||||||
env: true
|
env: true
|
||||||
value: "{{ cron_root_path }}"
|
value: "{{ cron_root_path }}"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Configure doas"
|
- name: "Configure doas"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
dest: /etc/doas.conf
|
dest: /etc/doas.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: wheel
|
group: wheel
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize root's .profile"
|
- name: "Customize root's .profile"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: profile.j2
|
src: profile.j2
|
||||||
dest: /root/.profile
|
dest: /root/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Copy vim default configuration"
|
- name: "Copy vim default configuration"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: vimrc
|
src: vimrc
|
||||||
dest: /root/.vimrc
|
dest: /root/.vimrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Customize .kshrc environment file"
|
- name: "Customize .kshrc environment file"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: kshrc.j2
|
src: kshrc.j2
|
||||||
dest: /root/.kshrc
|
dest: /root/.kshrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Change default .profile skeleton"
|
- name: "Change default .profile skeleton"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: profile.j2
|
src: profile.j2
|
||||||
dest: /etc/skel/.profile
|
dest: /etc/skel/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Add evomaintenance trap .profile skeleton with doas"
|
- name: "Add evomaintenance trap .profile skeleton with doas"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: /etc/skel/.profile
|
dest: /etc/skel/.profile
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Add vim configuration to dotfiles for new users"
|
- name: "Add vim configuration to dotfiles for new users"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: vimrc
|
src: vimrc
|
||||||
dest: /etc/skel/.vimrc
|
dest: /etc/skel/.vimrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- dotfiles
|
- dotfiles
|
||||||
|
|
||||||
- name: "Customize .kshrc environment file for new users"
|
- name: "Customize .kshrc environment file for new users"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: kshrc.j2
|
src: kshrc.j2
|
||||||
dest: /etc/skel/.kshrc
|
dest: /etc/skel/.kshrc
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Fetch fstab content"
|
- name: "Fetch fstab content"
|
||||||
command: "grep -v '^#' /etc/fstab"
|
ansible.builtin.command: "grep -v '^#' /etc/fstab"
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: fstab_content
|
register: fstab_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "{{ fstab_path }} partition is customized - softdep"
|
- name: "{{ fstab_path }} partition is customized - softdep"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
|
||||||
replace: '\1,softdep\2'
|
replace: '\1,softdep\2'
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- fstab
|
- fstab
|
||||||
|
|
||||||
- name: "{{ fstab_path }} partition is customized - noatime"
|
- name: "{{ fstab_path }} partition is customized - noatime"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
|
||||||
replace: '\1\2,noatime\3'
|
replace: '\1\2,noatime\3'
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
- fstab
|
- fstab
|
||||||
|
|
||||||
- name: "{{ fstab_path }} partition is customized - noexec"
|
- name: "{{ fstab_path }} partition is customized - noexec"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
|
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
|
||||||
replace: '\1,noexec\3'
|
replace: '\1,noexec\3'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Fetch rc.local content"
|
- name: "Fetch rc.local content"
|
||||||
command: "grep -v '^#' /etc/rc.local"
|
ansible.builtin.command: "grep -v '^#' /etc/rc.local"
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: rclocal_content
|
register: rclocal_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Configure rc.local"
|
- name: "Configure rc.local"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/rc.local
|
path: /etc/rc.local
|
||||||
line:
|
line:
|
||||||
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
|
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/rc.local
|
path: /etc/rc.local
|
||||||
regexp:
|
regexp:
|
||||||
"^.* mail -s (?!.*of.*).+$"
|
"^.* mail -s (?!.*of.*).+$"
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
- alerting
|
- alerting
|
||||||
|
|
||||||
- name: "Set root mail alias"
|
- name: "Set root mail alias"
|
||||||
replace:
|
ansible.builtin.replace:
|
||||||
dest: /etc/mail/aliases
|
dest: /etc/mail/aliases
|
||||||
regexp: "# root:"
|
regexp: "# root:"
|
||||||
replace: "root: {{ general_alert_email }}"
|
replace: "root: {{ general_alert_email }}"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize newsyslog"
|
- name: "Customize newsyslog"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: newsyslog.conf
|
src: newsyslog.conf
|
||||||
dest: /etc/newsyslog.conf
|
dest: /etc/newsyslog.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Customize ntpd conf"
|
- name: "Customize ntpd conf"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: ntpd.conf.j2
|
src: ntpd.conf.j2
|
||||||
dest: /etc/ntpd.conf
|
dest: /etc/ntpd.conf
|
||||||
owner: root
|
owner: root
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Configure installurl"
|
- name: "Configure installurl"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ evobsd_install_url }}\n"
|
content: "{{ evobsd_install_url }}\n"
|
||||||
dest: /etc/installurl
|
dest: /etc/installurl
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- pkg
|
- pkg
|
||||||
|
|
||||||
- name: "Install packages (vim rsync mtr etc)"
|
- name: "Install packages (vim rsync mtr etc)"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- wget
|
- wget
|
||||||
- vim--no_x11
|
- vim--no_x11
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
- pkg
|
- pkg
|
||||||
|
|
||||||
- name: "Disable sndiod"
|
- name: "Disable sndiod"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: sndiod
|
name: sndiod
|
||||||
enabled: false
|
enabled: false
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Configure resolv.conf"
|
- name: "Configure resolv.conf"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/resolv.conf
|
path: /etc/resolv.conf
|
||||||
line: "lookup file bind"
|
line: "lookup file bind"
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Configure sudoers umask"
|
- name: "Configure sudoers umask"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: '# Defaults specification'
|
insertafter: '# Defaults specification'
|
||||||
line: 'Defaults umask=0077'
|
line: 'Defaults umask=0077'
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- sudo
|
- sudo
|
||||||
|
|
||||||
- name: "Deactivate sudo insults"
|
- name: "Deactivate sudo insults"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: 'Defaults umask=0077'
|
insertafter: 'Defaults umask=0077'
|
||||||
line: 'Defaults !insults'
|
line: 'Defaults !insults'
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- sudo
|
- sudo
|
||||||
|
|
||||||
- name: "Configure sudoers"
|
- name: "Configure sudoers"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "dump-server-state script is present"
|
- name: "dump-server-state script is present"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "dump-server-state.sh"
|
src: "dump-server-state.sh"
|
||||||
dest: /usr/local/sbin/dump-server-state
|
dest: /usr/local/sbin/dump-server-state
|
||||||
force: true
|
force: true
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- utils
|
- utils
|
||||||
|
|
||||||
- name: "update-evobackup-canary script is present"
|
- name: "update-evobackup-canary script is present"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "update-evobackup-canary"
|
src: "update-evobackup-canary"
|
||||||
dest: /usr/local/bin/update-evobackup-canary
|
dest: /usr/local/bin/update-evobackup-canary
|
||||||
force: true
|
force: true
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy bgp check script"
|
- name: "Deploy bgp check script"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: bgpd-check-peers.sh.j2
|
src: bgpd-check-peers.sh.j2
|
||||||
dest: /usr/share/scripts/bgpd-check-peers.sh
|
dest: /usr/share/scripts/bgpd-check-peers.sh
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Cron job for bgp check script is installed"
|
- name: "Cron job for bgp check script is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp check
|
name: bgp check
|
||||||
job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
|
job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Create bgp log directory"
|
- name: "Create bgp log directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /var/log/bgp
|
path: /var/log/bgp
|
||||||
state: directory
|
state: directory
|
||||||
when: group_names | select('search','bgp') | list | count > 0
|
when: group_names | select('search','bgp') | list | count > 0
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Daily best routes cron job is installed"
|
- name: "Daily best routes cron job is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp best routes
|
name: bgp best routes
|
||||||
minute: 0
|
minute: 0
|
||||||
hour: 4
|
hour: 4
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
- bgp
|
- bgp
|
||||||
|
|
||||||
- name: "Weekly best routes clean up cron job is installed"
|
- name: "Weekly best routes clean up cron job is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: bgp best routes clean up
|
name: bgp best routes clean up
|
||||||
minute: 0
|
minute: 0
|
||||||
hour: 4
|
hour: 4
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: restart collectd
|
- name: restart collectd
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: collectd
|
name: collectd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Install Collectd package"
|
- name: "Install Collectd package"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name: "collectd"
|
name: "collectd"
|
||||||
tags:
|
tags:
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Deploy Collectd configuration"
|
- name: "Deploy Collectd configuration"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "collectd.conf.j2"
|
src: "collectd.conf.j2"
|
||||||
dest: "/etc/collectd.conf"
|
dest: "/etc/collectd.conf"
|
||||||
notify: restart collectd
|
notify: restart collectd
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Enabling Collectd"
|
- name: "Enabling Collectd"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: collectd
|
name: collectd
|
||||||
enabled: true
|
enabled: true
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Fix rights for collectd directory"
|
- name: "Fix rights for collectd directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd
|
path: /usr/local/share/collectd
|
||||||
state: directory
|
state: directory
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Create scripts directory for exec plugins"
|
- name: "Create scripts directory for exec plugins"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts
|
path: /usr/local/share/collectd/scripts
|
||||||
state: directory
|
state: directory
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy ifq_drops.sh"
|
- name: "Copy ifq_drops.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: ifq_drops.sh
|
src: ifq_drops.sh
|
||||||
dest: /usr/local/share/collectd/scripts/ifq_drops.sh
|
dest: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove ifq_drops.sh"
|
- name: "Remove ifq_drops.sh"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/ifq_drops.sh
|
path: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_ifq_drops
|
when: not collectd_plugin_exec_ifq_drops
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy dns_stats.sh"
|
- name: "Copy dns_stats.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: dns_stats.sh
|
src: dns_stats.sh
|
||||||
dest: /usr/local/share/collectd/scripts/dns_stats.sh
|
dest: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -77,7 +77,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove dns_stats.sh"
|
- name: "Remove dns_stats.sh"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/dns_stats.sh
|
path: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_dns_stats
|
when: not collectd_plugin_exec_dns_stats
|
||||||
|
@ -85,7 +85,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Add doas configuration for dns_stats.sh execution"
|
- name: "Add doas configuration for dns_stats.sh execution"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/doas.conf
|
path: /etc/doas.conf
|
||||||
line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
|
line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
|
||||||
when: collectd_plugin_exec_dns_stats
|
when: collectd_plugin_exec_dns_stats
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Copy dhcp_pool.pl"
|
- name: "Copy dhcp_pool.pl"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: dhcp_pool.pl
|
src: dhcp_pool.pl
|
||||||
dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||||
owner: "root"
|
owner: "root"
|
||||||
|
@ -105,7 +105,7 @@
|
||||||
- collectd
|
- collectd
|
||||||
|
|
||||||
- name: "Remove dhcp_pool.pl"
|
- name: "Remove dhcp_pool.pl"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
path: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||||
state: absent
|
state: absent
|
||||||
when: not collectd_plugin_exec_dhcp_pool
|
when: not collectd_plugin_exec_dhcp_pool
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Execute ansible-commit"
|
- name: "Execute ansible-commit"
|
||||||
command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
ansible.builtin.command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
||||||
changed_when:
|
changed_when:
|
||||||
- _ansible_commit.stdout
|
- _ansible_commit.stdout
|
||||||
- "'CHANGED:' in _ansible_commit.stdout"
|
- "'CHANGED:' in _ansible_commit.stdout"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "Git is installed"
|
- name: "Git is installed"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name: git
|
name: git
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Verify /usr/share/scripts presence"
|
- name: "Verify /usr/share/scripts presence"
|
||||||
stat:
|
ansible.builtin.stat:
|
||||||
path: /usr/share/scripts
|
path: /usr/share/scripts
|
||||||
register: _usr_share_scripts
|
register: _usr_share_scripts
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "{{ repository_path }} is versioned with git"
|
- name: "{{ repository_path }} is versioned with git"
|
||||||
command: "git init ."
|
ansible.builtin.command: "git init ."
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
creates: "{{ repository_path }}/.git/"
|
creates: "{{ repository_path }}/.git/"
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Git user.email is configured"
|
- name: "Git user.email is configured"
|
||||||
git_config:
|
community.general.git_config:
|
||||||
name: user.email
|
name: user.email
|
||||||
repo: "{{ repository_path }}"
|
repo: "{{ repository_path }}"
|
||||||
scope: local
|
scope: local
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "{{ repository_path }}/.git is restricted to root"
|
- name: "{{ repository_path }}/.git is restricted to root"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ repository_path }}/.git"
|
path: "{{ repository_path }}/.git"
|
||||||
owner: root
|
owner: root
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "{{ repository_path }}/.gitignore is present"
|
- name: "{{ repository_path }}/.gitignore is present"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: gitignore
|
src: gitignore
|
||||||
dest: "{{ repository_path }}/.gitignore"
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: "{{ repository_path }}/.gitignore"
|
dest: "{{ repository_path }}/.gitignore"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
loop: "{{ gitignore_items | default([]) }}"
|
loop: "{{ gitignore_items | default([]) }}"
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Set vim as default editor"
|
- name: "Set vim as default editor"
|
||||||
git_config:
|
community.general.git_config:
|
||||||
name: core.editor
|
name: core.editor
|
||||||
scope: global
|
scope: global
|
||||||
value: vim
|
value: vim
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Does {{ repository_path }}/ have any commit?"
|
- name: "Does {{ repository_path }}/ have any commit?"
|
||||||
command: "git log"
|
ansible.builtin.command: "git log"
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: false
|
warn: false
|
||||||
|
@ -67,7 +67,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Initial commit is present?"
|
- name: "Initial commit is present?"
|
||||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
ansible.builtin.shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||||
args:
|
args:
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: false
|
warn: false
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "evocommit script is installed"
|
- name: "evocommit script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocommit
|
src: evocommit
|
||||||
dest: /usr/local/bin/evocommit
|
dest: /usr/local/bin/evocommit
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "ansible-commit script is installed"
|
- name: "ansible-commit script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: ansible-commit
|
src: ansible-commit
|
||||||
dest: /usr/local/bin/ansible-commit
|
dest: /usr/local/bin/ansible-commit
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "etc-git-optimize script is installed"
|
- name: "etc-git-optimize script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: etc-git-optimize
|
src: etc-git-optimize
|
||||||
dest: /usr/share/scripts/etc-git-optimize
|
dest: /usr/share/scripts/etc-git-optimize
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "etc-git-status script is installed"
|
- name: "etc-git-status script is installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: etc-git-status
|
src: etc-git-status
|
||||||
dest: /usr/share/scripts/etc-git-status
|
dest: /usr/share/scripts/etc-git-status
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
- etc-git-utils
|
- etc-git-utils
|
||||||
|
|
||||||
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
|
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
|
||||||
state: absent
|
state: absent
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Legacy hourly cron job for /etc/.git status is absent"
|
- name: "Legacy hourly cron job for /etc/.git status is absent"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: git status
|
name: git status
|
||||||
minute: "42"
|
minute: "42"
|
||||||
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
|
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
|
||||||
|
@ -59,7 +59,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Legacy daily cron jobs for /etc/.git status are absent"
|
- name: "Legacy daily cron jobs for /etc/.git status are absent"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -72,7 +72,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for monthly git optimization"
|
- name: "Cron job for monthly git optimization"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: "/usr/share/scripts/etc-git-optimize"
|
line: "/usr/share/scripts/etc-git-optimize"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for monthly git optimization - next_part"
|
- name: "Cron job for monthly git optimization - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/monthly.local
|
path: /etc/monthly.local
|
||||||
line: 'next_part "Monthly optimization:"'
|
line: 'next_part "Monthly optimization:"'
|
||||||
insertbefore: "/usr/share/scripts/etc-git-optimize"
|
insertbefore: "/usr/share/scripts/etc-git-optimize"
|
||||||
|
@ -93,7 +93,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for hourly git status"
|
- name: "Cron job for hourly git status"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/hourly.local
|
path: /etc/hourly.local
|
||||||
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -104,7 +104,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for hourly git status - next_part"
|
- name: "Cron job for hourly git status - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/hourly.local
|
path: /etc/hourly.local
|
||||||
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
|
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
|
||||||
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||||
|
@ -116,7 +116,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for daily git status"
|
- name: "Cron job for daily git status"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: "/usr/share/scripts/etc-git-status"
|
line: "/usr/share/scripts/etc-git-status"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -127,7 +127,7 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
- name: "Cron job for daily git status - next_part"
|
- name: "Cron job for daily git status - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'next_part "Daily warning for unclean Git repository:"'
|
line: 'next_part "Daily warning for unclean Git repository:"'
|
||||||
insertbefore: "/usr/share/scripts/etc-git-status"
|
insertbefore: "/usr/share/scripts/etc-git-status"
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
|
# Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
|
||||||
|
|
||||||
- name: "Copy zzz_evobackup script"
|
- name: "Copy zzz_evobackup script"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: zzz_evobackup
|
src: zzz_evobackup
|
||||||
dest: /usr/share/scripts/zzz_evobackup
|
dest: /usr/share/scripts/zzz_evobackup
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Copy update-evobackup-canary script"
|
- name: "Copy update-evobackup-canary script"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: 000-update-evobackup-canary
|
src: 000-update-evobackup-canary
|
||||||
dest: /usr/share/scripts/000-update-evobackup-canary
|
dest: /usr/share/scripts/000-update-evobackup-canary
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Fetch daily.local content"
|
- name: "Fetch daily.local content"
|
||||||
command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
ansible.builtin.command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: daily_local_content
|
register: daily_local_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add evobackup cron (disabled)"
|
- name: "Add evobackup cron (disabled)"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: '#bash /usr/share/scripts/zzz_evobackup'
|
line: '#bash /usr/share/scripts/zzz_evobackup'
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -46,7 +46,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add evobackup cron - next_part"
|
- name: "Add evobackup cron - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'next_part "EvoBackup output:"'
|
line: 'next_part "EvoBackup output:"'
|
||||||
insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
|
insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Add canary cron"
|
- name: "Add canary cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
line: 'sh /usr/share/scripts/000-update-evobackup-canary'
|
line: 'sh /usr/share/scripts/000-update-evobackup-canary'
|
||||||
insertafter: 'next_part "EvoBackup output:"'
|
insertafter: 'next_part "EvoBackup output:"'
|
||||||
|
@ -68,7 +68,7 @@
|
||||||
- evobackup
|
- evobackup
|
||||||
|
|
||||||
- name: "Delete legacy evobackup root crontab"
|
- name: "Delete legacy evobackup root crontab"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /var/cron/tabs/root
|
path: /var/cron/tabs/root
|
||||||
regexp: '/usr/share/scripts/zzz_evobackup'
|
regexp: '/usr/share/scripts/zzz_evobackup'
|
||||||
validate: /usr/bin/crontab %s
|
validate: /usr/bin/crontab %s
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Run evocheck"
|
- name: "Run evocheck"
|
||||||
command: "{{ evocheck_bin_dir }}/evocheck.sh"
|
ansible.builtin.command: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||||
register: evocheck_run
|
register: evocheck_run
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
tags:
|
tags:
|
||||||
- evocheck-exec
|
- evocheck-exec
|
||||||
|
|
||||||
- debug:
|
- ansible.builtin.debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout | length != 0
|
when: evocheck_run.stdout | length != 0
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Scripts dir is present"
|
- name: "Scripts dir is present"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: "{{ evocheck_bin_dir }}"
|
path: "{{ evocheck_bin_dir }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Copy evocheck.sh"
|
- name: "Copy evocheck.sh"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocheck.sh
|
src: evocheck.sh
|
||||||
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
|
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
- evocheck-utils
|
- evocheck-utils
|
||||||
|
|
||||||
- name: "Copy evocheck.cf"
|
- name: "Copy evocheck.cf"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: evocheck.cf
|
src: evocheck.cf
|
||||||
dest: /etc/evocheck.cf
|
dest: /etc/evocheck.cf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Delete legacy evocheck cron"
|
- name: "Delete legacy evocheck cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
|
regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
|
||||||
state: absent
|
state: absent
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron"
|
- name: "Add evocheck cron"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
|
line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
|
||||||
|
@ -50,7 +50,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron - test for date"
|
- name: "Add evocheck cron - test for date"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
|
line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
- evocheck
|
- evocheck
|
||||||
|
|
||||||
- name: "Add evocheck cron - next_part"
|
- name: "Add evocheck cron - next_part"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/daily.local
|
path: /etc/daily.local
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: 'next_part "Evocheck output:"'
|
line: 'next_part "Evocheck output:"'
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Create scripts directory"
|
- name: "Create scripts directory"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/share/scripts/
|
path: /usr/share/scripts/
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
- name: "Copy evomaintenance script and template"
|
- name: "Copy evomaintenance script and template"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- evomaintenance-utils
|
- evomaintenance-utils
|
||||||
|
|
||||||
- name: "Configure evomaintenance"
|
- name: "Configure evomaintenance"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: evomaintenance.j2
|
src: evomaintenance.j2
|
||||||
dest: /etc/evomaintenance.cf
|
dest: /etc/evomaintenance.cf
|
||||||
owner: root
|
owner: root
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Enable IPv4 forwarding"
|
- name: "Enable IPv4 forwarding"
|
||||||
sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.inet.ip.forwarding
|
name: net.inet.ip.forwarding
|
||||||
value: "1"
|
value: "1"
|
||||||
state: present
|
state: present
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- forwarding
|
- forwarding
|
||||||
|
|
||||||
- name: "Enable IPv6 forwarding"
|
- name: "Enable IPv6 forwarding"
|
||||||
sysctl:
|
ansible.posix.sysctl:
|
||||||
name: net.inet6.ip6.forwarding
|
name: net.inet6.ip6.forwarding
|
||||||
value: "1"
|
value: "1"
|
||||||
state: present
|
state: present
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Install logsentry"
|
- name: "Install logsentry"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- logsentry--
|
- logsentry--
|
||||||
state: present
|
state: present
|
||||||
|
@ -8,7 +8,7 @@
|
||||||
- logsentry
|
- logsentry
|
||||||
|
|
||||||
- name: "Copy logsentry script to /usr/share/scripts"
|
- name: "Copy logsentry script to /usr/share/scripts"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: logsentry.sh
|
src: logsentry.sh
|
||||||
dest: /usr/share/scripts/logsentry.sh
|
dest: /usr/share/scripts/logsentry.sh
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- logsentry
|
- logsentry
|
||||||
|
|
||||||
- name: "Copy custom logsentry configuration files"
|
- name: "Copy custom logsentry configuration files"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "/etc/logsentry/{{ item }}"
|
dest: "/etc/logsentry/{{ item }}"
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -32,14 +32,14 @@
|
||||||
- logsentry-config
|
- logsentry-config
|
||||||
|
|
||||||
- name: "Delete unused default script"
|
- name: "Delete unused default script"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
state: absent
|
state: absent
|
||||||
path: /etc/logsentry/logsentry.sh
|
path: /etc/logsentry/logsentry.sh
|
||||||
tags:
|
tags:
|
||||||
- logsentry
|
- logsentry
|
||||||
|
|
||||||
- name: "Hourly cron job for logsentry.sh is installed"
|
- name: "Hourly cron job for logsentry.sh is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: logsentry
|
name: logsentry
|
||||||
minute: "11"
|
minute: "11"
|
||||||
job: >
|
job: >
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: restart nrpe
|
- name: restart nrpe
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# yamllint disable rule:line-length
|
# yamllint disable rule:line-length
|
||||||
---
|
---
|
||||||
- name: "Install nrpe"
|
- name: "Install nrpe"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- nrpe--
|
- nrpe--
|
||||||
state: present
|
state: present
|
||||||
|
@ -9,7 +9,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Install monitoring packages"
|
- name: "Install monitoring packages"
|
||||||
openbsd_pkg:
|
community.general.openbsd_pkg:
|
||||||
name:
|
name:
|
||||||
- monitoring-plugins
|
- monitoring-plugins
|
||||||
- check_bioctl
|
- check_bioctl
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Create nrpe.d dir"
|
- name: "Create nrpe.d dir"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /etc/nrpe.d
|
path: /etc/nrpe.d
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -28,14 +28,14 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Include nrpe.d dir in nrpe.cfg"
|
- name: "Include nrpe.d dir in nrpe.cfg"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/nrpe.cfg
|
dest: /etc/nrpe.cfg
|
||||||
line: 'include_dir=/etc/nrpe.d'
|
line: 'include_dir=/etc/nrpe.d'
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Custom configuration is present"
|
- name: "Custom configuration is present"
|
||||||
blockinfile:
|
ansible.builtin.blockinfile:
|
||||||
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
|
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
|
||||||
path: /etc/nrpe.d/evolix.cfg
|
path: /etc/nrpe.d/evolix.cfg
|
||||||
marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
|
marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Fetch nrpe config content"
|
- name: "Fetch nrpe config content"
|
||||||
command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
|
ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: nrpe_config_content
|
register: nrpe_config_content
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - if no allowed_hosts configured"
|
- name: "Allow NRPE hosts - if no allowed_hosts configured"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
dest: /etc/nrpe.d/evolix.cfg
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
|
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
|
||||||
|
@ -66,7 +66,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
|
- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
dest: /etc/nrpe.d/evolix.cfg
|
||||||
backrefs: true
|
backrefs: true
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
|
@ -77,7 +77,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Allow NRPE hosts - add comment"
|
- name: "Allow NRPE hosts - add comment"
|
||||||
lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/nrpe.d/evolix.cfg
|
dest: /etc/nrpe.d/evolix.cfg
|
||||||
insertbefore: BOF
|
insertbefore: BOF
|
||||||
line: "# Allowed IPs"
|
line: "# Allowed IPs"
|
||||||
|
@ -85,7 +85,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Create nrpe plugins dir"
|
- name: "Create nrpe plugins dir"
|
||||||
file:
|
ansible.builtin.file:
|
||||||
path: /usr/local/libexec/nagios/plugins/
|
path: /usr/local/libexec/nagios/plugins/
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -95,7 +95,7 @@
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- name: "Nagios plugins are installed"
|
- name: "Nagios plugins are installed"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: plugins_bsd/{{ item.name }}
|
src: plugins_bsd/{{ item.name }}
|
||||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -123,7 +123,7 @@
|
||||||
- nagios-nrpe-utils
|
- nagios-nrpe-utils
|
||||||
|
|
||||||
- name: "Nagios plugins are installed - template"
|
- name: "Nagios plugins are installed - template"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: plugins_bsd/{{ item.name }}.j2
|
src: plugins_bsd/{{ item.name }}.j2
|
||||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -138,7 +138,7 @@
|
||||||
- nagios-nrpe-utils
|
- nagios-nrpe-utils
|
||||||
|
|
||||||
- name: "Starting and enabling nrpe"
|
- name: "Starting and enabling nrpe"
|
||||||
service:
|
ansible.builtin.service:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy ospf check scripts"
|
- name: "Deploy ospf check scripts"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: "{{ item }}.j2"
|
src: "{{ item }}.j2"
|
||||||
dest: /usr/share/scripts/{{ item }}
|
dest: /usr/share/scripts/{{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- ospf
|
- ospf
|
||||||
|
|
||||||
- name: "Cron job for ospf check scripts is installed"
|
- name: "Cron job for ospf check scripts is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: "{{ item }} check"
|
name: "{{ item }} check"
|
||||||
job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
|
job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
|
||||||
with_items:
|
with_items:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Setup pf.conf"
|
- name: "Setup pf.conf"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: pf.conf.j2
|
src: pf.conf.j2
|
||||||
dest: /etc/pf.conf
|
dest: /etc/pf.conf
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Copy generateldif.sh"
|
- name: "Copy generateldif.sh"
|
||||||
template:
|
ansible.builtin.template:
|
||||||
src: generateldif.sh.j2
|
src: generateldif.sh.j2
|
||||||
dest: '{{ general_scripts_dir }}/generateldif.sh'
|
dest: '{{ general_scripts_dir }}/generateldif.sh'
|
||||||
owner: root
|
owner: root
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
- generateldif
|
- generateldif
|
||||||
|
|
||||||
- name: "Run generateldif"
|
- name: "Run generateldif"
|
||||||
command: '{{ general_scripts_dir }}/generateldif.sh'
|
ansible.builtin.command: '{{ general_scripts_dir }}/generateldif.sh'
|
||||||
register: generateldif_run
|
register: generateldif_run
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
- generateldif
|
- generateldif
|
||||||
- generateldif-exec
|
- generateldif-exec
|
||||||
|
|
||||||
- debug:
|
- ansible.builtin.debug:
|
||||||
var: generateldif_run.stdout_lines
|
var: generateldif_run.stdout_lines
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Deploy dynamic motd script for CARP master or backup"
|
- name: "Deploy dynamic motd script for CARP master or backup"
|
||||||
copy:
|
ansible.builtin.copy:
|
||||||
src: motd-carp-state.sh
|
src: motd-carp-state.sh
|
||||||
dest: /usr/share/scripts/motd-carp-state.sh
|
dest: /usr/share/scripts/motd-carp-state.sh
|
||||||
force: true
|
force: true
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
- motd-utils
|
- motd-utils
|
||||||
|
|
||||||
- name: "Fetch root crontab content"
|
- name: "Fetch root crontab content"
|
||||||
command: >
|
ansible.builtin.command: >
|
||||||
grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
|
grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
|
||||||
check_mode: false
|
check_mode: false
|
||||||
register: root_crontab_content
|
register: root_crontab_content
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- motd
|
- motd
|
||||||
|
|
||||||
- name: "Cron job for dynamic motd script is installed"
|
- name: "Cron job for dynamic motd script is installed"
|
||||||
cron:
|
ansible.builtin.cron:
|
||||||
name: dynamic motd for CARP
|
name: dynamic motd for CARP
|
||||||
job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
|
job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
|
||||||
minute: "0"
|
minute: "0"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
- name: "Check and install updates (erratas) if available"
|
- name: "Check and install updates (erratas) if available"
|
||||||
command: /usr/sbin/syspatch
|
ansible.builtin.command: /usr/sbin/syspatch
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: ansible_distribution_version is version_compare("6.1",'>=')
|
when: ansible_distribution_version is version_compare("6.1",'>=')
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
- vars/evolix-main.yml
|
- vars/evolix-main.yml
|
||||||
|
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: etc-git
|
name: etc-git
|
||||||
tasks_from: commit.yml
|
tasks_from: commit.yml
|
||||||
vars:
|
vars:
|
||||||
|
@ -31,7 +31,7 @@
|
||||||
- post-install
|
- post-install
|
||||||
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: etc-git
|
name: etc-git
|
||||||
tasks_from: commit.yml
|
tasks_from: commit.yml
|
||||||
vars:
|
vars:
|
||||||
|
@ -39,6 +39,6 @@
|
||||||
when: not ansible_check_mode
|
when: not ansible_check_mode
|
||||||
tags: always
|
tags: always
|
||||||
|
|
||||||
- include_role:
|
- ansible.builtin.include_role:
|
||||||
name: evocheck
|
name: evocheck
|
||||||
tasks_from: exec.yml
|
tasks_from: exec.yml
|
||||||
|
|
Loading…
Reference in a new issue