evolix
/
EvoBSD
21
0
Fork 0
Code Issues 2 Pull Requests Releases 3 Wiki Activity

Ansible-lint and yamllint 

Does not fix all warnings, but gets rid of the purely cosmetic ones.
(roles/accounts/tasks/main.yml)
This commit is contained in:
Patrick Marchand 2020-05-22 11:49:18 -04:00
parent 38e5c1bf70
commit af7b3b36fe
5 changed files with 36 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
evolixisation.yml
View File

@ -10,13 +10,13 @@
become: true become: true
become_user: root become_user: root
become_method: sudo become_method: sudo
# become_method: su # become_method: su
vars_files: vars_files:
- vars/main.yml - vars/main.yml
# - vars/secrets.yml # - vars/secrets.yml
# - vars/openbsd-secret.yml # - vars/openbsd-secret.yml
roles: roles:
- etc-git - etc-git
@ -27,9 +27,9 @@
- nagios-nrpe - nagios-nrpe
- evocheck - evocheck
- post-install - post-install
#- openvpn # - openvpn
#- ospf # - ospf
#- bgp # - bgp
post_tasks: post_tasks:
- include: "tasks/commit_etc_git.yml" - include: "tasks/commit_etc_git.yml"
@ -40,6 +40,4 @@
tasks_from: exec.yml tasks_from: exec.yml
# environment: # environment:
# PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/" # PKG_PATH: "http://ftp.openbsd.org/pub/OpenBSD/{{ ansible_distribution_version }}/packages/{{ ansible_architecture }}/"
# vim:ft=ansible

12
prerequisite.yml
View File

@ -2,13 +2,13 @@
# ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME # ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
--- ---
- hosts: all - hosts: all
become: yes become: yes
become_method: su become_method: su
user: root user: root
gather_facts: no gather_facts: no
tasks: tasks:
- name: Install ansible's prerequisite - name: Install ansible's prerequisite
raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-2 raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-2

7
roles/accounts/tasks/main.yml
View File

@ -30,12 +30,13 @@
check_mode: false check_mode: false
register: grep_allowusers_ssh register: grep_allowusers_ssh
- assert: - name: "Check that AllowUsers and AllowGroup do not override each other"
assert:
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
msg: "We can't deal with AllowUsers and AllowGroups at the same time" msg: "We can't deal with AllowUsers and AllowGroups at the same time"
- set_fact: - name: "If AllowGroups is present then use it"
# If "AllowGroups is present" set_fact:
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}" ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
- name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'" - name: "Add AllowGroups sshd directive with '{{ evolinux_ssh_group }}'"

4
tasks/commit_etc_git.yml
View File

@ -8,7 +8,7 @@
when: not ansible_check_mode when: not ansible_check_mode
ignore_errors: yes ignore_errors: yes
tags: tags:
- commit-etc - commit-etc
- name: /etc modifications are committed - name: /etc modifications are committed
shell: "git add -A . && git commit -m \"{{ commit_message | default('Ansible run') }}\" --author=\"{{ ansible_env.SUDO_USER | default('Root') }} <{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>\"" shell: "git add -A . && git commit -m \"{{ commit_message | default('Ansible run') }}\" --author=\"{{ ansible_env.SUDO_USER | default('Root') }} <{{ ansible_env.SUDO_USER | default('Root') }}@{{ general_technical_realm }}>\""
@ -18,4 +18,4 @@
when: not ansible_check_mode and git_status.stdout != "" when: not ansible_check_mode and git_status.stdout != ""
ignore_errors: yes ignore_errors: yes
tags: tags:
- commit-etc - commit-etc

34
vars/main.yml
View File

@ -3,29 +3,29 @@
## Edit and uncomment to overwrite the default values ## ## Edit and uncomment to overwrite the default values ##
######################################################## ########################################################
#ntpd_servers: # ntpd_servers:
#- "ntp.evolix.net" # - "ntp.evolix.net"
# #
#general_alert_email: "root@localhost" # general_alert_email: "root@localhost"
#general_technical_realm: "example.com" # general_technical_realm: "example.com"
evolinux_ssh_group: "evolinux-ssh" evolinux_ssh_group: "evolinux-ssh"
evolinux_sudo_group: "evolinux-sudo" evolinux_sudo_group: "evolinux-sudo"
evolinux_root_disable_ssh: true evolinux_root_disable_ssh: true
# #
#evomaintenance_realm: "example.com" # evomaintenance_realm: "example.com"
#evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}" # evomaintenance_alert_email: "evomaintenance-{{ inventory_hostname }}@{{ evomaintenance_realm }}"
#evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}" # evomaintenance_hostname: "{{ inventory_hostname }}.{{ general_technical_realm }}"
#evomaintenance_pg_host: Null # evomaintenance_pg_host: Null
#evomaintenance_pg_passwd: Null # evomaintenance_pg_passwd: Null
#evomaintenance_pg_db: Null # evomaintenance_pg_db: Null
#evomaintenance_pg_table: Null # evomaintenance_pg_table: Null
#evomaintenance_from_domain: "{{ evomaintenance_realm }}" # evomaintenance_from_domain: "{{ evomaintenance_realm }}"
#evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}" # evomaintenance_from: "evomaintenance@{{ evomaintenance_from_domain }}"
#evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>" # evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
#evomaintenance_urgency_from: mama.doe@example.com # evomaintenance_urgency_from: mama.doe@example.com
#evomaintenance_urgency_tel: "06.00.00.00.00" # evomaintenance_urgency_tel: "06.00.00.00.00"
# #
#evolix_users: # evolix_users:
# foo: # foo:
# name: foo # name: foo
# uid: 1042 # uid: 1042