From 1728eaee68118ac67477ae01c5c09486aa36b2f2 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 14 Dec 2022 07:38:04 +0100 Subject: [PATCH] =?UTF-8?q?Revert=20"Add=20=E2=80=9Cwhen:=20not=20ansible?= =?UTF-8?q?=5Fcheck=5Fmode=E2=80=9D=20to=20allow=20more=20--check"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit fafff25c202095e7d140fb70ba6c4c7461bb1c05. This reverts commit e64471c5a8084f95a8e6f955d3fa918c55b8e846. --- apache/handlers/main.yml | 3 --- apache/tasks/auth.yml | 3 --- apache/tasks/ip_whitelist.yml | 1 - apache/tasks/log2mail.yml | 1 - apache/tasks/main.yml | 18 ++++++------------ apache/tasks/munin.yml | 3 --- apache/tasks/server_status.yml | 7 ------- etc-git/tasks/main.yml | 5 +---- etc-git/tasks/repositories.yml | 2 +- etc-git/tasks/repository.yml | 4 +--- evoacme/handlers/main.yml | 5 ----- evocheck/tasks/exec.yml | 4 +--- evolinux-base/tasks/default_www.yml | 1 - evolinux-base/tasks/hardware.yml | 8 +------- evolinux-base/tasks/log2mail.yml | 2 -- evolinux-base/tasks/packages.yml | 4 +--- evolinux-base/tasks/postfix.yml | 14 +++----------- evolinux-users/tasks/user.yml | 5 +---- haproxy/handlers/main.yml | 3 --- haproxy/tasks/main.yml | 2 -- lxc-php/tasks/php74.yml | 1 - lxc-php/tasks/php80.yml | 1 - lxc-php/tasks/php81.yml | 1 - lxc/tasks/create-container.yml | 18 ++++-------------- lxc/tasks/main.yml | 2 -- minifirewall/tasks/config.yml | 22 ++++------------------ munin/handlers/main.yml | 4 +--- munin/tasks/main.yml | 7 +------ mysql/tasks/datadir.yml | 1 - mysql/tasks/logdir.yml | 1 - mysql/tasks/packages_jessie.yml | 1 - mysql/tasks/packages_stretch.yml | 3 +-- mysql/tasks/utils.yml | 6 ++---- nagios-nrpe/handlers/main.yml | 2 -- ntpd/tasks/main.yml | 1 - packweb-apache/tasks/apache.yml | 6 +----- packweb-apache/tasks/awstats.yml | 4 ---- packweb-apache/tasks/main.yml | 3 --- packweb-apache/tasks/multiphp.yml | 1 - packweb-apache/tasks/phpmyadmin.yml | 5 ----- php/handlers/main.yml | 5 ----- php/tasks/config_cli.yml | 5 +---- php/tasks/main_bookworm.yml | 10 ++-------- php/tasks/main_bullseye.yml | 10 ++-------- php/tasks/main_buster.yml | 10 ++-------- php/tasks/main_jessie.yml | 10 ++-------- php/tasks/main_stretch.yml | 10 ++-------- php/tasks/sury_post.yml | 9 ++------- proftpd/handlers/main.yml | 1 - proftpd/tasks/main.yml | 2 -- squid/handlers/main.yml | 7 ------- squid/tasks/main.yml | 1 - webapps/evoadmin-web/tasks/ftp.yml | 1 - webapps/evoadmin-web/tasks/main.yml | 5 +---- webapps/evoadmin-web/tasks/ssl.yml | 1 - webapps/evoadmin-web/tasks/user.yml | 8 ++------ 56 files changed, 46 insertions(+), 234 deletions(-) diff --git a/apache/handlers/main.yml b/apache/handlers/main.yml index 931e9c94..96daa368 100644 --- a/apache/handlers/main.yml +++ b/apache/handlers/main.yml @@ -3,16 +3,13 @@ service: name: apache2 state: restarted - when: not ansible_check_mode - name: reload apache service: name: apache2 state: reloaded - when: not ansible_check_mode - name: restart munin-node service: name: munin-node state: restarted - when: not ansible_check_mode diff --git a/apache/tasks/auth.yml b/apache/tasks/auth.yml index bebd39e9..fd01517c 100644 --- a/apache/tasks/auth.yml +++ b/apache/tasks/auth.yml @@ -22,7 +22,6 @@ state: present tags: - apache - when: not ansible_check_mode - name: Copy private_htpasswd copy: @@ -45,7 +44,6 @@ notify: reload apache tags: - apache - when: not ansible_check_mode - name: remove user:pwd from private htpasswd lineinfile: @@ -56,4 +54,3 @@ notify: reload apache tags: - apache - when: not ansible_check_mode diff --git a/apache/tasks/ip_whitelist.yml b/apache/tasks/ip_whitelist.yml index a40d6075..18f4a681 100644 --- a/apache/tasks/ip_whitelist.yml +++ b/apache/tasks/ip_whitelist.yml @@ -10,7 +10,6 @@ tags: - apache - ips - when: not ansible_check_mode - name: remove IP addresses from private IP whitelist lineinfile: diff --git a/apache/tasks/log2mail.yml b/apache/tasks/log2mail.yml index daf59db9..3b0650b7 100644 --- a/apache/tasks/log2mail.yml +++ b/apache/tasks/log2mail.yml @@ -6,7 +6,6 @@ state: present tags: - apache - when: not ansible_check_mode - name: Add log2mail config for Apache segfaults template: diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index acbde71c..39c8db24 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -53,7 +53,6 @@ notify: reload apache tags: - apache - when: not ansible_check_mode - name: basic modules are enabled apache2_module: @@ -62,11 +61,10 @@ loop: - cgi notify: reload apache - when: - - apache_mpm == "prefork" or apache_mpm == "itk" - - not ansible_check_mode + when: apache_mpm == "prefork" or apache_mpm == "itk" tags: - apache + when: not ansible_check_mode - name: Copy Apache defaults config file @@ -133,11 +131,10 @@ state: link force: yes notify: reload apache - when: - - apache_evolinux_default_enabled | bool - - not ansible_check_mode + when: apache_evolinux_default_enabled | bool tags: - apache + when: not ansible_check_mode - include: server_status.yml tags: @@ -160,11 +157,10 @@ ## Set umask for writing by Apache user. ## Set rights on files and directories written by Apache umask 007 - when: - - envvar_grep_umask.rc != 0 - - not ansible_check_mode + when: envvar_grep_umask.rc != 0 tags: - apache + when: not ansible_check_mode - include_role: name: evolix/remount-usr @@ -197,7 +193,6 @@ replace: "{{ apache_logrotate_frequency }}" tags: - apache - when: not ansible_check_mode - name: "logrotate: rotate {{ apache_logrotate_rotate }}" replace: @@ -206,7 +201,6 @@ replace: '\1 {{ apache_logrotate_rotate }}' tags: - apache - when: not ansible_check_mode - include: log2mail.yml when: apache_log2mail_include diff --git a/apache/tasks/munin.yml b/apache/tasks/munin.yml index b9602511..fe07a5cf 100644 --- a/apache/tasks/munin.yml +++ b/apache/tasks/munin.yml @@ -23,7 +23,6 @@ tags: - apache - munin - when: not ansible_check_mode - name: "Install fcgi packages for Munin graphs" apt: @@ -44,7 +43,6 @@ tags: - apache - munin - when: not ansible_check_mode - name: "Apache has access to /var/log/munin/" file: @@ -53,4 +51,3 @@ tags: - apache - munin - when: not ansible_check_mode diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml index fa54090f..efd2b00e 100644 --- a/apache/tasks/server_status.yml +++ b/apache/tasks/server_status.yml @@ -26,12 +26,10 @@ changed_when: False check_mode: no register: new_apache_serverstatus_suffix - when: not ansible_check_mode - name: overwrite apache_serverstatus_suffix set_fact: apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}" - when: not ansible_check_mode - debug: var: apache_serverstatus_suffix @@ -42,14 +40,12 @@ dest: /var/www/index.html regexp: '__SERVERSTATUS_SUFFIX__' replace: "{{ apache_serverstatus_suffix }}" - when: not ansible_check_mode - name: add server-status suffix in default site index if missing replace: dest: /var/www/index.html regexp: '"/server-status-?"' replace: '"/server-status-{{ apache_serverstatus_suffix }}"' - when: not ansible_check_mode - name: add server-status suffix in default VHost replace: @@ -57,14 +53,12 @@ regexp: '' replace: '' notify: reload apache - when: not ansible_check_mode - name: Munin configuration has a section for apache lineinfile: dest: /etc/munin/plugin-conf.d/munin-node line: "[apache_*]" create: no - when: not ansible_check_mode - name: apache-status URL is configured for Munin lineinfile: @@ -74,4 +68,3 @@ insertafter: "[apache_*]" create: no notify: restart munin-node - when: not ansible_check_mode diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index e29d249f..f71ba552 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -8,7 +8,6 @@ - etc-git when: - ansible_distribution == "Debian" - - not ansible_check_mode - name: Install and configure utilities include: utils.yml @@ -19,6 +18,4 @@ include: repositories.yml tags: - etc-git - when: - - etc_git_config_repositories | bool - - not ansible_check_mode + when: etc_git_config_repositories | bool \ No newline at end of file diff --git a/etc-git/tasks/repositories.yml b/etc-git/tasks/repositories.yml index 27bba9c3..71ff0665 100644 --- a/etc-git/tasks/repositories.yml +++ b/etc-git/tasks/repositories.yml @@ -34,4 +34,4 @@ - _usr_share_scripts.stat.isdir - ansible_distribution_major_version is version('10', '>=') tags: - - etc-git + - etc-git \ No newline at end of file diff --git a/etc-git/tasks/repository.yml b/etc-git/tasks/repository.yml index b1619c03..80987da2 100644 --- a/etc-git/tasks/repository.yml +++ b/etc-git/tasks/repository.yml @@ -22,7 +22,6 @@ value: "root@{{ ansible_fqdn | default('localhost') }}" tags: - etc-git - when: not ansible_check_mode - name: "{{ repository_path }}/.git is restricted to root" file: @@ -50,7 +49,6 @@ loop: "{{ gitignore_items | default([]) }}" tags: - etc-git - when: not ansible_check_mode - name: "does {{ repository_path }}/ have any commit?" command: "git log" @@ -72,4 +70,4 @@ register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init is changed) tags: - - etc-git + - etc-git \ No newline at end of file diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml index fb817eb7..1ea11783 100644 --- a/evoacme/handlers/main.yml +++ b/evoacme/handlers/main.yml @@ -1,17 +1,14 @@ - name: newaliases command: newaliases - when: not ansible_check_mode - name: Test Apache conf command: apache2ctl -t notify: "Reload Apache conf" - when: not ansible_check_mode - name: reload apache2 service: name: apache2 state: reloaded - when: not ansible_check_mode - name: apt update apt: @@ -21,10 +18,8 @@ service: name: squid3 state: reloaded - when: not ansible_check_mode - name: reload squid service: name: squid state: reloaded - when: not ansible_check_mode diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml index 1338a97b..306cf019 100644 --- a/evocheck/tasks/exec.yml +++ b/evocheck/tasks/exec.yml @@ -10,8 +10,6 @@ - debug: var: evocheck_run.stdout_lines - when: - - not ansible_check_mode - - evocheck_run.stdout | length > 0 + when: evocheck_run.stdout | length > 0 tags: - evocheck-exec diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 4d8905b5..84580b54 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -38,7 +38,6 @@ owner: root group: ssl-cert mode: "0640" - when: not ansible_check_mode - name: Create certificate for default site command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index d8a966d8..7ebecc82 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -43,9 +43,7 @@ state: present tags: - packages - when: - - ansible_virtualization_role == "host" - - not ansible_check_mode + when: ansible_virtualization_role == "host" ## RAID # Dell and others: MegaRAID SAS @@ -110,7 +108,6 @@ name: ssacli tags: - packages - when: not ansible_check_mode when: - "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" - "'Adaptec Smart Storage PQI' in raidmodel.stdout" @@ -137,7 +134,6 @@ state: present tags: - packages - when: not ansible_check_mode - name: cciss-vol-statusd init script is present (HP gen <10) template: @@ -250,7 +246,6 @@ allow_unauthenticated: yes tags: - packages - when: not ansible_check_mode - name: Configure packages for DELL/LSI hardware template: @@ -268,7 +263,6 @@ tags: - packages - config - when: not ansible_check_mode when: - "'MegaRAID' in raidmodel.stdout" - evolinux_packages_hardware_raid | bool diff --git a/evolinux-base/tasks/log2mail.yml b/evolinux-base/tasks/log2mail.yml index 25937b3e..35ce19cf 100644 --- a/evolinux-base/tasks/log2mail.yml +++ b/evolinux-base/tasks/log2mail.yml @@ -16,7 +16,6 @@ daemon-reload: yes state: started enabled: yes - when: not ansible_check_mode - name: log2mail config is present blockinfile: @@ -33,5 +32,4 @@ notify: restart log2mail tags: - log2mail - when: not ansible_check_mode diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index ad72ed55..b4a1d666 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -89,9 +89,7 @@ apt: name: serveur-base allow_unauthenticated: yes - when: - - evolinux_packages_serveur_base | bool - - not ansible_check_mode + when: evolinux_packages_serveur_base | bool - name: Install/Update packages for Stretch and later apt: diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml index 53017d1f..6a46548b 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/postfix.yml @@ -20,7 +20,6 @@ notify: reload postfix tags: - postfix - when: not ansible_check_mode - name: configure postfix mynetworks lineinfile: @@ -31,7 +30,6 @@ notify: reload postfix tags: - postfix - when: not ansible_check_mode - name: fetch users list shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root" @@ -50,9 +48,7 @@ line: "{{ item }}: root" loop: "{{ non_root_users_list.stdout_lines }}" notify: newaliases - when: - - evolinux_postfix_users_alias_root | bool - - not ansible_check_mode + when: evolinux_postfix_users_alias_root | bool tags: - postfix @@ -69,9 +65,7 @@ - error - bounce notify: newaliases - when: - - evolinux_postfix_mailer_alias_root | bool - - not ansible_check_mode + when: evolinux_postfix_mailer_alias_root | bool tags: - postfix @@ -81,9 +75,7 @@ regexp: "^root:" line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}" notify: newaliases - when: - - evolinux_postfix_root_alias | bool - - not ansible_check_mode + when: evolinux_postfix_root_alias | bool tags: - postfix diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index d6bcde9b..0f8bd480 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -160,9 +160,7 @@ dest: '/home/{{ user.name }}/.profile' insertafter: EOF line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0' - when: - - grep_profile_evomaintenance.rc != 0 - - not ansible_check_mode + when: grep_profile_evomaintenance.rc != 0 # SSH keys @@ -194,6 +192,5 @@ when: - user.ssh_keys is defined - user.ssh_keys | length > 0 - - not ansible_check_mode - meta: flush_handlers diff --git a/haproxy/handlers/main.yml b/haproxy/handlers/main.yml index 24378067..9cf3b9cb 100644 --- a/haproxy/handlers/main.yml +++ b/haproxy/handlers/main.yml @@ -3,16 +3,13 @@ service: name: haproxy state: reloaded - when: not ansible_check_mode - name: restart haproxy service: name: haproxy state: restarted - when: not ansible_check_mode - name: restart munin-node service: name: munin-node state: restarted - when: not ansible_check_mode diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index 62664415..d38e83af 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -123,7 +123,6 @@ tags: - haproxy - logrotate - when: not ansible_check_mode - name: Rotate logs with nodelaycompress lineinfile: @@ -134,7 +133,6 @@ tags: - haproxy - logrotate - when: not ansible_check_mode - name: Set net.ipv4.ip_nonlocal_bind sysctl: diff --git a/lxc-php/tasks/php74.yml b/lxc-php/tasks/php74.yml index 85211747..64677009 100644 --- a/lxc-php/tasks/php74.yml +++ b/lxc-php/tasks/php74.yml @@ -10,7 +10,6 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' - when: not ansible_check_mode - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" template: diff --git a/lxc-php/tasks/php80.yml b/lxc-php/tasks/php80.yml index 98b2c4d8..b0ff90fe 100644 --- a/lxc-php/tasks/php80.yml +++ b/lxc-php/tasks/php80.yml @@ -10,7 +10,6 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' - when: not ansible_check_mode - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: diff --git a/lxc-php/tasks/php81.yml b/lxc-php/tasks/php81.yml index 6ca43148..91dc38e1 100644 --- a/lxc-php/tasks/php81.yml +++ b/lxc-php/tasks/php81.yml @@ -10,7 +10,6 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' - when: not ansible_check_mode - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml index 24e009f9..ad4f35d6 100644 --- a/lxc/tasks/create-container.yml +++ b/lxc/tasks/create-container.yml @@ -4,7 +4,6 @@ changed_when: false check_mode: no register: container_exists - when: not ansible_check_mode - name: "Create container {{ name }}" lxc_container: @@ -13,26 +12,20 @@ template: debian state: stopped template_options: "--arch amd64 --release {{ release }}" - when: - - container_exists.stdout_lines | length == 0 - - not ansible_check_mode + when: container_exists.stdout_lines | length == 0 - name: "Disable network configuration inside container {{ name }}" replace: name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking" regexp: "^#CONFIGURE_INTERFACES=yes" replace: CONFIGURE_INTERFACES=no - when: - - lxc_network_type == "none" - - not ansible_check_mode + when: lxc_network_type == "none" - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)" lineinfile: name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt" line: "NETDOWN=no" - when: - - lxc_network_type == "none" and release == "jessie" - - not ansible_check_mode + when: lxc_network_type == "none" and release == "jessie" - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)" file: @@ -51,16 +44,13 @@ lineinfile: name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts" line: "127.0.0.1 {{ name }}" - when: not ansible_check_mode - name: "Fix permission on /dev for container {{ name }}" lineinfile: name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local" line: "chmod 755 /dev" insertbefore: "^exit 0$" - when: - - release == 'jessie' - - not ansible_check_mode + when: release == 'jessie' - name: "Ensure that {{ name }} container is running" lxc_container: diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml index 6f9f0875..3ec586bd 100644 --- a/lxc/tasks/main.yml +++ b/lxc/tasks/main.yml @@ -48,7 +48,6 @@ changed_when: false check_mode: no register: check_fs_options - when: not ansible_check_mode - name: Check if options are correct assert: @@ -57,7 +56,6 @@ - "'noexec' not in check_fs_options.stdout" - "'nosuid' not in check_fs_options.stdout" msg: "LXC directory is in a filesystem with incompatible options" - when: not ansible_check_mode - name: Create containers include: create-container.yml diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index ae38ff4d..b0a1d7a6 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -30,7 +30,6 @@ line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS" insertbefore: '^# Main interface' create: no - when: not ansible_check_mode - name: End marker for IP addresses lineinfile: @@ -38,7 +37,6 @@ create: no line: "# END ANSIBLE MANAGED BLOCK FOR IPS" insertafter: '^PRIVILEGIEDIPS=' - when: not ansible_check_mode - name: Verify that at least 1 trusted IP is provided assert: @@ -86,7 +84,6 @@ PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}' create: no register: minifirewall_config_ips - when: not ansible_check_mode - name: Begin marker for ports lineinfile: @@ -94,7 +91,6 @@ line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS" insertbefore: '^# Protected services' create: no - when: not ansible_check_mode - name: End marker for ports lineinfile: @@ -102,7 +98,6 @@ line: "# END ANSIBLE MANAGED BLOCK FOR PORTS" insertafter: '^SERVICESUDP3=' create: no - when: not ansible_check_mode - name: Configure ports blockinfile: @@ -127,7 +122,6 @@ SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}' create: no register: minifirewall_config_ports - when: not ansible_check_mode - name: Configure DNSSERVEURS lineinfile: @@ -199,9 +193,7 @@ line: "PROXY='{{ minifirewall_proxy }}'" regexp: "PROXY=('|\").*('|\")" create: no - when: - - minifirewall_proxy is not none - - not ansible_check_mode + when: minifirewall_proxy is not none - name: Configure PROXYPORT lineinfile: @@ -209,9 +201,7 @@ line: "PROXYPORT='{{ minifirewall_proxyport }}'" regexp: "PROXYPORT=('|\").*('|\")" create: no - when: - - minifirewall_proxyport is not none - - not ansible_check_mode + when: minifirewall_proxyport is not none # Warning: keep double quotes for the value, # since we often reference a shell variable that needs to be interpolated @@ -221,9 +211,7 @@ line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\"" regexp: "PROXYBYPASS=('|\").*('|\")" create: no - when: - - minifirewall_proxyport is not none - - not ansible_check_mode + when: minifirewall_proxybypass is not none - name: Configure BACKUPSERVERS lineinfile: @@ -231,9 +219,7 @@ line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'" regexp: "BACKUPSERVERS=('|\").*('|\")" create: no - when: - - minifirewall_backupservers is not none - - not ansible_check_mode + when: minifirewall_backupservers is not none - name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS lineinfile: diff --git a/munin/handlers/main.yml b/munin/handlers/main.yml index 6dcd127d..8654181d 100644 --- a/munin/handlers/main.yml +++ b/munin/handlers/main.yml @@ -4,14 +4,12 @@ service: name: munin-node state: restarted - when: not ansible_check_mode - name: restart munin_node service: name: munin_node state: restarted - when: not ansible_check_mode - name: systemd daemon-reload systemd: - daemon_reload: yes + daemon_reload: yes \ No newline at end of file diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index 93f50e07..a4ea9a49 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -32,9 +32,7 @@ removes: /var/lib/munin/localdomain notify: restart munin-node - when: - - not ansible_hostname == "localdomain" - - not ansible_check_mode + when: not ansible_hostname == "localdomain" tags: - munin @@ -81,7 +79,6 @@ notify: restart munin-node tags: - munin - when: not ansible_check_mode - name: Enable sensors_ plugin on dedicated hardware file: @@ -95,7 +92,6 @@ notify: restart munin-node tags: - munin - when: not ansible_check_mode - name: Enable ipmi_ plugin on dedicated hardware file: @@ -109,7 +105,6 @@ - temp - power - volts - when: not ansible_check_mode - name: adjustments for grsec kernel blockinfile: diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml index da4af342..c375f5d5 100644 --- a/mysql/tasks/datadir.yml +++ b/mysql/tasks/datadir.yml @@ -43,4 +43,3 @@ - mysql_custom_datadir | length > 0 - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists - - not ansible_check_mode diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml index 1779667a..bd6ecab2 100644 --- a/mysql/tasks/logdir.yml +++ b/mysql/tasks/logdir.yml @@ -43,4 +43,3 @@ - mysql_custom_logdir | length > 0 - mysql_custom_logdir != mysql_current_real_logdir_test.stdout - not mysql_custom_logdir_test.stat.exists - - not ansible_check_mode diff --git a/mysql/tasks/packages_jessie.yml b/mysql/tasks/packages_jessie.yml index 99c89d8a..652eace7 100644 --- a/mysql/tasks/packages_jessie.yml +++ b/mysql/tasks/packages_jessie.yml @@ -42,7 +42,6 @@ tags: - mysql - services - when: not ansible_check_mode - name: apg package is installed apt: diff --git a/mysql/tasks/packages_stretch.yml b/mysql/tasks/packages_stretch.yml index 34e4d2b6..880f5050 100644 --- a/mysql/tasks/packages_stretch.yml +++ b/mysql/tasks/packages_stretch.yml @@ -28,7 +28,6 @@ tags: - mysql - services - when: not ansible_check_mode - name: apg package is installed apt: @@ -58,4 +57,4 @@ tags: - mysql - packages - when: ansible_python_version is version('3', '>=') + when: ansible_python_version is version('3', '>=') \ No newline at end of file diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index e3fe76da..1ac8f2df 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -155,9 +155,7 @@ src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh state: link - when: - - mysql_cron_optimize | bool - - not ansible_check_mode + when: mysql_cron_optimize | bool tags: - mysql @@ -250,4 +248,4 @@ mode: "0755" force: no tags: - - mysql + - mysql \ No newline at end of file diff --git a/nagios-nrpe/handlers/main.yml b/nagios-nrpe/handlers/main.yml index de27314f..25ab29ad 100644 --- a/nagios-nrpe/handlers/main.yml +++ b/nagios-nrpe/handlers/main.yml @@ -4,10 +4,8 @@ service: name: nagios-nrpe-server state: restarted - when: not ansible_check_mode - name: restart nrpe service: name: nrpe state: restarted - when: not ansible_check_mode diff --git a/ntpd/tasks/main.yml b/ntpd/tasks/main.yml index ae4a97c5..2d66d765 100644 --- a/ntpd/tasks/main.yml +++ b/ntpd/tasks/main.yml @@ -21,4 +21,3 @@ notify: restart ntp tags: - ntp - when: not ansible_check_mode diff --git a/packweb-apache/tasks/apache.yml b/packweb-apache/tasks/apache.yml index c2efd93f..96c11e3a 100644 --- a/packweb-apache/tasks/apache.yml +++ b/packweb-apache/tasks/apache.yml @@ -14,9 +14,7 @@ block: | # Used for Evoadmin-web export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - when: - - envvar_grep_path.rc != 0 - - not ansible_check_mode + when: envvar_grep_path.rc != 0 - name: Additional packages are installed apt: @@ -36,7 +34,6 @@ - negotiation - alias - log_forensic - when: not ansible_check_mode - name: Copy Apache settings for modules copy: @@ -63,4 +60,3 @@ loop: - evolinux-evasive - evolinux-modsec - when: not ansible_check_mode diff --git a/packweb-apache/tasks/awstats.yml b/packweb-apache/tasks/awstats.yml index a423aaf8..5ea0fa57 100644 --- a/packweb-apache/tasks/awstats.yml +++ b/packweb-apache/tasks/awstats.yml @@ -22,7 +22,6 @@ AllowFullYearView=3 ErrorMessages="An error occured. Contact your Administrator" mode: "0644" - when: not ansible_check_mode - name: Create conf-available/awstats-icon.conf file copy: @@ -40,7 +39,6 @@ register: command_result changed_when: "'Enabling' in command_result.stderr" notify: reload apache - when: not ansible_check_mode - name: Create awstats cron lineinfile: @@ -48,7 +46,6 @@ create: yes regexp: '-config=awstats' line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null" - when: not ansible_check_mode - name: Comment default awstat cron's tasks lineinfile: @@ -57,4 +54,3 @@ line: '#\1' backrefs: yes state: present - when: not ansible_check_mode diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml index 58b2047c..ff3cd9a7 100644 --- a/packweb-apache/tasks/main.yml +++ b/packweb-apache/tasks/main.yml @@ -26,7 +26,6 @@ dest: /var/www/index.html line: '
  • Infos PHP
    • ' regexp: "Infos PHP" - when: not ansible_check_mode - name: install opcache.php copy: @@ -39,7 +38,6 @@ dest: /var/www/index.html line: '
  • Infos OpCache PHP
    • ' regexp: "Infos OpCache PHP" - when: not ansible_check_mode - name: Add elements to user account template file: @@ -66,7 +64,6 @@ loop: - access.log - error.log - when: not ansible_check_mode - name: "Install userlogrotate (jessie)" copy: diff --git a/packweb-apache/tasks/multiphp.yml b/packweb-apache/tasks/multiphp.yml index 80a6f34a..8a7c9613 100644 --- a/packweb-apache/tasks/multiphp.yml +++ b/packweb-apache/tasks/multiphp.yml @@ -5,7 +5,6 @@ state: present name: proxy_fcgi notify: restart apache2 - when: not ansible_check_mode - include_role: name: remount-usr diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml index 9e894786..f83b0a5d 100644 --- a/packweb-apache/tasks/phpmyadmin.yml +++ b/packweb-apache/tasks/phpmyadmin.yml @@ -65,12 +65,10 @@ changed_when: False check_mode: no register: new_packweb_phpmyadmin_suffix - when: not ansible_check_mode - name: overwrite packweb_phpmyadmin_suffix set_fact: packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}" - when: not ansible_check_mode - debug: var: packweb_phpmyadmin_suffix @@ -88,18 +86,15 @@ Require all denied Include /etc/apache2/ipaddr_whitelist.conf - when: not ansible_check_mode - name: enable phpmyadmin link in default site index replace: dest: /var/www/index.html regexp: '' replace: '
  • Accès PhpMyAdmin
    • ' - when: not ansible_check_mode - name: replace phpmyadmin suffix in default site index replace: dest: /var/www/index.html regexp: '__PHPMYADMIN_SUFFIX__' replace: "{{ packweb_phpmyadmin_suffix }}" - when: not ansible_check_mode diff --git a/php/handlers/main.yml b/php/handlers/main.yml index 75fe86ba..079a14d5 100644 --- a/php/handlers/main.yml +++ b/php/handlers/main.yml @@ -4,28 +4,23 @@ service: name: php5-fpm state: restarted - when: not ansible_check_mode - name: restart php7.0-fpm service: name: php7.0-fpm state: restarted - when: not ansible_check_mode - name: restart php7.3-fpm service: name: php7.3-fpm state: restarted - when: not ansible_check_mode - name: restart php7.4-fpm service: name: php7.4-fpm state: restarted - when: not ansible_check_mode - name: restart php8.1-fpm service: name: php8.1-fpm state: restarted - when: not ansible_check_mode diff --git a/php/tasks/config_cli.yml b/php/tasks/config_cli.yml index e4fac4a7..d327690a 100644 --- a/php/tasks/config_cli.yml +++ b/php/tasks/config_cli.yml @@ -25,7 +25,6 @@ file: dest: "{{ php_cli_custom_ini_file }}" mode: "0644" - when: not ansible_check_mode - name: "Set custom values for PHP to enable Symfony" ini_file: @@ -36,6 +35,4 @@ mode: "0644" loop: - { option: "date.timezone", value: "Europe/Paris" } - when: - - php_symfony_requirements | bool - - not ansible_check_mode + when: php_symfony_requirements | bool diff --git a/php/tasks/main_bookworm.yml b/php/tasks/main_bookworm.yml index 49c91719..4dcde767 100644 --- a/php/tasks/main_bookworm.yml +++ b/php/tasks/main_bookworm.yml @@ -79,14 +79,12 @@ with_items: - /etc/php - /etc/php/{{ php_version }} - when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 12)" file: dest: /etc/php/{{ php_version }}/cli mode: "0755" - when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable @@ -95,9 +93,7 @@ file: dest: /etc/php/{{ php_version }}/fpm mode: "0755" - when: - - php_fpm_enable - - not ansible_check_mode + when: php_fpm_enable - include: config_apache.yml when: php_apache_enable @@ -106,9 +102,7 @@ file: dest: /etc/php/{{ php_version }}/apache2 mode: "0755" - when: - - php_apache_enable - - not ansible_check_mode + when: php_apache_enable - include: sury_post.yml when: php_sury_enable diff --git a/php/tasks/main_bullseye.yml b/php/tasks/main_bullseye.yml index 9b1fdf33..403a7b76 100644 --- a/php/tasks/main_bullseye.yml +++ b/php/tasks/main_bullseye.yml @@ -68,14 +68,12 @@ with_items: - /etc/php - /etc/php/7.4 - when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 11)" file: dest: /etc/php/7.4/cli mode: "0755" - when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable @@ -84,9 +82,7 @@ file: dest: /etc/php/7.4/fpm mode: "0755" - when: - - php_fpm_enable - - not ansible_check_mode + when: php_fpm_enable - include: config_apache.yml when: php_apache_enable @@ -95,9 +91,7 @@ file: dest: /etc/php/7.4/apache2 mode: "0755" - when: - - php_apache_enable - - not ansible_check_mode + when: php_apache_enable - include: sury_post.yml when: php_sury_enable diff --git a/php/tasks/main_buster.yml b/php/tasks/main_buster.yml index eff2dc8f..2fc4293e 100644 --- a/php/tasks/main_buster.yml +++ b/php/tasks/main_buster.yml @@ -68,14 +68,12 @@ loop: - /etc/php - /etc/php/7.3 - when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 10)" file: dest: /etc/php/7.3/cli mode: "0755" - when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -84,9 +82,7 @@ file: dest: /etc/php/7.3/fpm mode: "0755" - when: - - php_fpm_enable | bool - - not ansible_check_mode + when: php_fpm_enable | bool - include: config_apache.yml when: php_apache_enable | bool @@ -95,9 +91,7 @@ file: dest: /etc/php/7.3/apache2 mode: "0755" - when: - - php_apache_enable | bool - - not ansible_check_mode + when: php_apache_enable | bool - include: sury_post.yml when: php_sury_enable | bool diff --git a/php/tasks/main_jessie.yml b/php/tasks/main_jessie.yml index a5aecdb7..75105166 100644 --- a/php/tasks/main_jessie.yml +++ b/php/tasks/main_jessie.yml @@ -56,7 +56,6 @@ file: dest: /etc/php5 mode: "0755" - when: not ansible_check_mode - include: config_cli.yml @@ -64,7 +63,6 @@ file: dest: /etc/php5/cli mode: "0755" - when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -73,9 +71,7 @@ file: dest: /etc/php5/fpm mode: "0755" - when: - - php_fpm_enable | bool - - not ansible_check_mode + when: php_fpm_enable | bool - include: config_apache.yml when: php_apache_enable | bool @@ -84,6 +80,4 @@ file: dest: /etc/php5/apache2 mode: "0755" - when: - - php_apache_enable | bool - - not ansible_check_mode + when: php_apache_enable | bool diff --git a/php/tasks/main_stretch.yml b/php/tasks/main_stretch.yml index 6934fa6a..698621ac 100644 --- a/php/tasks/main_stretch.yml +++ b/php/tasks/main_stretch.yml @@ -68,7 +68,6 @@ loop: - /etc/php - /etc/php/7.0 - when: not ansible_check_mode - include: config_cli.yml @@ -76,7 +75,6 @@ file: dest: /etc/php/7.0/cli mode: "0755" - when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -85,9 +83,7 @@ file: dest: /etc/php/7.0/fpm mode: "0755" - when: - - php_fpm_enable | bool - - not ansible_check_mode + when: php_fpm_enable | bool - include: config_apache.yml when: php_apache_enable | bool @@ -96,9 +92,7 @@ file: dest: /etc/php/7.0/apache2 mode: "0755" - when: - - php_apache_enable | bool - - not ansible_check_mode + when: php_apache_enable | bool - include: sury_post.yml when: php_sury_enable | bool diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml index 6855214b..4e706889 100644 --- a/php/tasks/sury_post.yml +++ b/php/tasks/sury_post.yml @@ -14,7 +14,6 @@ file: dest: /etc/php/7.4/cli mode: "0755" - when: not ansible_check_mode - name: Symlink Evolix Apache config files from 7.4 to 7.0 file: @@ -31,9 +30,7 @@ file: dest: /etc/php/7.4/apache2 mode: "0755" - when: - - php_apache_enable | bool - - not ansible_check_mode + when: php_apache_enable | bool - name: Symlink Evolix FPM config files from 7.4 to 7.0 file: @@ -52,6 +49,4 @@ file: dest: /etc/php/7.4/fpm mode: "0755" - when: - - php_fpm_enable | bool - - not ansible_check_mode + when: php_fpm_enable | bool diff --git a/proftpd/handlers/main.yml b/proftpd/handlers/main.yml index bffa7ede..0914d289 100644 --- a/proftpd/handlers/main.yml +++ b/proftpd/handlers/main.yml @@ -3,4 +3,3 @@ service: name: proftpd state: restarted - when: not ansible_check_mode diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index f29fbd81..f45958a9 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -70,7 +70,6 @@ notify: restart proftpd tags: - proftpd - when: not ansible_check_mode - name: Put empty vpasswd file if missing copy: @@ -93,7 +92,6 @@ notify: restart proftpd tags: - proftpd - when: not ansible_check_mode - include: accounts.yml when: proftpd_accounts | length > 0 diff --git a/squid/handlers/main.yml b/squid/handlers/main.yml index 675a9dbd..4f5329b9 100644 --- a/squid/handlers/main.yml +++ b/squid/handlers/main.yml @@ -3,38 +3,31 @@ service: name: munin-node state: restarted - when: not ansible_check_mode - name: restart squid service: name: squid state: restarted - when: not ansible_check_mode - name: reload squid service: name: squid state: reloaded - when: not ansible_check_mode - name: restart squid3 service: name: squid3 state: restarted - when: not ansible_check_mode - name: reload squid3 service: name: squid3 state: reloaded - when: not ansible_check_mode - name: restart log2mail service: name: log2mail state: restarted - when: not ansible_check_mode - name: restart minifirewall command: /etc/init.d/minifirewall restart - when: not ansible_check_mode diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml index 540e56d9..4a3cab4d 100644 --- a/squid/tasks/main.yml +++ b/squid/tasks/main.yml @@ -121,7 +121,6 @@ when: - squid_localproxy_enable | bool - ansible_distribution_major_version is version('9', '>=') - - not ansible_check_mode - name: "evolinux custom overrides (Debian 9 or later)" copy: diff --git a/webapps/evoadmin-web/tasks/ftp.yml b/webapps/evoadmin-web/tasks/ftp.yml index 074b38fb..98f275ff 100644 --- a/webapps/evoadmin-web/tasks/ftp.yml +++ b/webapps/evoadmin-web/tasks/ftp.yml @@ -10,4 +10,3 @@ remote_src: False src: ftp/evolinux.conf.diff dest: /etc/proftpd/conf.d/z-evolinux.conf - when: not ansible_check_mode diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index d9589548..1acb2aa5 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -3,9 +3,7 @@ - name: "Ensure that evoadmin_contact_email is defined" fail: msg: Please configure var evoadmin_contact_email - when: - - evoadmin_contact_email is none or evoadmin_contact_email | length == 0 - - not ansible_check_mode + when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0 - include: packages.yml @@ -25,4 +23,3 @@ marker: "" block: |
  • Interface admin web (EvoAdmin-web)
    • - when: not ansible_check_mode diff --git a/webapps/evoadmin-web/tasks/ssl.yml b/webapps/evoadmin-web/tasks/ssl.yml index eb7a31cd..6bdf1421 100644 --- a/webapps/evoadmin-web/tasks/ssl.yml +++ b/webapps/evoadmin-web/tasks/ssl.yml @@ -17,7 +17,6 @@ owner: root group: ssl-cert mode: "0640" - when: not ansible_check_mode - name: Create certificate for default site command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt diff --git a/webapps/evoadmin-web/tasks/user.yml b/webapps/evoadmin-web/tasks/user.yml index fa61b830..bbad1b8f 100644 --- a/webapps/evoadmin-web/tasks/user.yml +++ b/webapps/evoadmin-web/tasks/user.yml @@ -54,9 +54,7 @@ dest: "{{ evoadmin_document_root }}" version: jessie update: False - when: - - ansible_distribution_release == "jessie" - - not ansible_check_mode + when: ansible_distribution_release == "jessie" - name: "Clone evoadmin repository (Debian 9 or later)" git: @@ -64,9 +62,7 @@ dest: "{{ evoadmin_document_root }}" version: master update: False - when: - - ansible_distribution_major_version is version('9', '>=') - - not ansible_check_mode + when: ansible_distribution_major_version is version('9', '>=') - name: Change ownership on git repository file: