diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index a52bd886..c55fc900 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -21,9 +21,9 @@ tags: - apache - packages - when: + when: - ansible_distribution_major_version is version('9', '>=') - - apache_mpm == "itk" + - apache_mpm == "itk" - name: packages are installed (jessie) apt: diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml index 1d6cd8df..2ca77951 100644 --- a/apache/tasks/server_status.yml +++ b/apache/tasks/server_status.yml @@ -14,7 +14,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ apache_serverstatus_suffix }}\u000A" force: yes - when: apache_serverstatus_suffix != "" + when: apache_serverstatus_suffix | length > 0 - name: generate random string for server-status suffix shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}" diff --git a/apt/tasks/basics.yml b/apt/tasks/basics.yml index 83d3e7dc..fee1430a 100644 --- a/apt/tasks/basics.yml +++ b/apt/tasks/basics.yml @@ -20,7 +20,7 @@ - /etc/apt/sources.list.d/debian-stretch.list - /etc/apt/sources.list.d/debian-buster.list - /etc/apt/sources.list.d/debian-update.list - when: apt_clean_gandi_sourceslist + when: apt_clean_gandi_sourceslist | bool tags: - apt diff --git a/apt/tasks/config.yml b/apt/tasks/config.yml index e854d4c6..4d7372fc 100644 --- a/apt/tasks/config.yml +++ b/apt/tasks/config.yml @@ -12,7 +12,7 @@ - { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' } - { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' } - { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' } - when: apt_evolinux_config + when: apt_evolinux_config | bool tags: - apt @@ -28,7 +28,7 @@ - "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };" - "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };" - "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };" - when: apt_hooks + when: apt_hooks | bool tags: - apt @@ -36,7 +36,7 @@ apt: name: aptitude state: absent - when: apt_remove_aptitude + when: apt_remove_aptitude | bool tags: - apt @@ -50,6 +50,6 @@ - name: Upgrading system apt: upgrade: dist - when: apt_upgrade + when: apt_upgrade | bool tags: - apt diff --git a/apt/tasks/hold_packages.yml b/apt/tasks/hold_packages.yml index f93c34a7..63643409 100644 --- a/apt/tasks/hold_packages.yml +++ b/apt/tasks/hold_packages.yml @@ -4,7 +4,9 @@ shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})" register: apt_mark changed_when: "item + ' set on hold.' in apt_mark.stdout" - failed_when: apt_mark.rc != 0 and not apt_mark.stdout == '' + failed_when: + - apt_mark.rc != 0 + - apt_mark.stdout | length > 0 loop: "{{ apt_hold_packages }}" tags: - apt diff --git a/apt/tasks/main.yml b/apt/tasks/main.yml index 92f06856..118f8ef9 100644 --- a/apt/tasks/main.yml +++ b/apt/tasks/main.yml @@ -10,30 +10,30 @@ - name: Custom configuration include: config.yml - when: apt_config + when: apt_config | bool tags: - apt - name: Install basics repositories include: basics.yml - when: apt_install_basics + when: apt_install_basics | bool tags: - apt - name: Install APT Backports repository include: backports.yml - when: apt_install_backports + when: apt_install_backports | bool tags: - apt - name: Install Evolix Public APT repository include: evolix_public.yml - when: apt_install_evolix_public + when: apt_install_evolix_public | bool tags: - apt - name: Install check for packages marked hold include: hold_packages.yml - when: apt_install_hold_packages + when: apt_install_hold_packages | bool tags: - apt diff --git a/bind/tasks/main.yml b/bind/tasks/main.yml index c5b9110c..67f8662f 100644 --- a/bind/tasks/main.yml +++ b/bind/tasks/main.yml @@ -6,7 +6,7 @@ bind_cache_dir: /var/cache/bind bind_statistics_file: /var/run/named.stats bind_chroot_path: /var/chroot-bind - when: bind_chroot_set + when: bind_chroot_set | bool - name: configure apparmor template: @@ -34,7 +34,7 @@ mode: "0644" force: yes notify: restart bind - when: bind_recursive_server + when: bind_recursive_server | bool - name: enable zones.rfc1918 for recursive server lineinfile: @@ -42,7 +42,7 @@ line: 'include "/etc/bind/zones.rfc1918";' regexp: "zones.rfc1918" notify: restart bind - when: bind_recursive_server + when: bind_recursive_server | bool - name: Set bind configuration for authoritative server template: @@ -53,7 +53,7 @@ mode: "0644" force: yes notify: restart bind - when: bind_authoritative_server + when: bind_authoritative_server | bool - name: Create systemd service template: @@ -75,7 +75,7 @@ group: adm mode: "0640" state: touch - when: not bind_chroot_set + when: not (bind_chroot_set | bool) - name: "touch {{ bind_query_file }} if non chroot" file: @@ -84,7 +84,7 @@ group: adm mode: "0640" state: touch - when: not bind_chroot_set + when: not (bind_chroot_set | bool) - name: send chroot-bind.sh in /root copy: @@ -94,17 +94,19 @@ owner: root force: yes backup: yes - when: bind_chroot_set + when: bind_chroot_set | bool - name: exec chroot-bind.sh command: "/root/chroot-bind.sh" register: chrootbind_run changed_when: False - when: bind_chroot_set + when: bind_chroot_set | bool - debug: var: chrootbind_run.stdout_lines - when: bind_chroot_set and chrootbind_run.stdout != "" + when: + - bind_chroot_set | bool + - chrootbind_run.stdout | length > 0 - name: Modify OPTIONS in /etc/default/bind9 for chroot replace: @@ -112,7 +114,7 @@ regexp: '^OPTIONS=.*' replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"' notify: restart bind - when: bind_chroot_set + when: bind_chroot_set | bool - name: logrotate for bind template: diff --git a/certbot/tasks/install-legacy.yml b/certbot/tasks/install-legacy.yml index fe0cb8e2..e186c80d 100644 --- a/certbot/tasks/install-legacy.yml +++ b/certbot/tasks/install-legacy.yml @@ -48,7 +48,7 @@ src: cron_jessie dest: /etc/cron.d/certbot force: yes - when: certbot_custom_crontab + when: certbot_custom_crontab | bool - name: disable self-upgrade ini_file: diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml index c32701bb..c31405b8 100644 --- a/docker-host/tasks/main.yml +++ b/docker-host/tasks/main.yml @@ -73,7 +73,7 @@ state: directory mode: "0644" owner: root - when: docker_tls_enabled + when: docker_tls_enabled | bool - name: Copy shellpki utility to Docker TLS directory template: @@ -83,7 +83,7 @@ loop: - shellpki.sh - openssl.cnf - when: docker_tls_enabled + when: docker_tls_enabled | bool - name: Check if certs are already created stat: @@ -92,4 +92,6 @@ - name: Creating a CA, server key command: "{{ docker_tls_path }}/shellpki.sh init" - when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined + when: + - docker_tls_enabled | bool + - not tls_certs_stat.stat.isdir diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml index e8362fa3..72d36bb3 100644 --- a/elasticsearch/tasks/configuration.yml +++ b/elasticsearch/tasks/configuration.yml @@ -6,7 +6,7 @@ line: "cluster.name: {{ elasticsearch_cluster_name }}" regexp: "^cluster.name:" insertafter: "^# *cluster.name:" - when: elasticsearch_cluster_name|default("", True) + when: elasticsearch_cluster_name | default("", True) | length > 0 tags: - config @@ -25,7 +25,7 @@ line: "network.host: {{ elasticsearch_network_host }}" regexp: "^network.host:" insertafter: "^# *network.host:" - when: elasticsearch_network_host|default("", True) + when: elasticsearch_network_host | default("", True) | length > 0 tags: - config @@ -35,7 +35,7 @@ line: "network.publish_host: {{ elasticsearch_network_publish_host }}" regexp: "^network.publish_host:" insertafter: "^network.host:" - when: elasticsearch_network_publish_host|default("", True) + when: elasticsearch_network_publish_host | default("", True) | length > 0 tags: - config @@ -45,7 +45,7 @@ line: "http.publish_host: {{ elasticsearch_http_publish_host }}" regexp: "^http.publish_host:" insertafter: "^http.port:" - when: elasticsearch_http_publish_host|default("", True) + when: elasticsearch_http_publish_host | default("", True) | length > 0 tags: - config @@ -54,7 +54,7 @@ dest: /etc/elasticsearch/elasticsearch.yml line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}" regexp: "^discovery.seed_hosts:" - when: elasticsearch_discovery_seed_hosts + when: elasticsearch_discovery_seed_hosts | length > 0 tags: - config @@ -63,7 +63,7 @@ dest: /etc/elasticsearch/elasticsearch.yml line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}" regexp: "^cluster.initial_master_nodes:" - when: elasticsearch_cluster_initial_master_nodes + when: elasticsearch_cluster_initial_master_nodes | length > 0 tags: - config @@ -98,7 +98,7 @@ line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}" regexp: "^discovery.zen.ping.unicast.hosts:" insertafter: "^#discovery.zen.ping.unicast.hosts" - when: elasticsearch_cluster_members|default("", True) + when: elasticsearch_cluster_members | default("", True) | length > 0 tags: - config @@ -108,6 +108,6 @@ line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}" regexp: "^discovery.zen.minimum_master_nodes:" insertafter: "^#discovery.zen.minimum_master_nodes" - when: elasticsearch_minimum_master_nodes|default("", True) + when: elasticsearch_minimum_master_nodes | default("", True) | length > 0 tags: - config diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml index 66ec48a1..c0c20f05 100644 --- a/elasticsearch/tasks/datadir.yml +++ b/elasticsearch/tasks/datadir.yml @@ -16,8 +16,8 @@ tags: - elasticsearch when: - - elasticsearch_custom_datadir != '' - - elasticsearch_custom_datadir != None + - elasticsearch_custom_datadir is not none + - elasticsearch_custom_datadir | length > 0 - name: Datadir is moved to custom path block: @@ -44,7 +44,7 @@ tags: - elasticsearch when: - - elasticsearch_custom_datadir != '' - - elasticsearch_custom_datadir != None + - elasticsearch_custom_datadir is not none + - elasticsearch_custom_datadir | length > 0 - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout - not elasticsearch_custom_datadir_test.stat.exists diff --git a/elasticsearch/tasks/main.yml b/elasticsearch/tasks/main.yml index 126170a1..6f5ccc8c 100644 --- a/elasticsearch/tasks/main.yml +++ b/elasticsearch/tasks/main.yml @@ -15,7 +15,7 @@ - include: additional_scripts.yml - include: plugin_head.yml - when: elasticsearch_plugin_head + when: elasticsearch_plugin_head | bool - include: curator.yml - when: elasticsearch_curator + when: elasticsearch_curator | bool diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index 086870fe..920300d7 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -9,9 +9,14 @@ - name: Tmpdir is moved to custom path block: - - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + - set_fact: + _elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}" + tags: + - elasticsearch + + - name: "Create {{ _elasticsearch_custom_tmpdir }}" file: - path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + path: "{{ _elasticsearch_custom_tmpdir }}" owner: elasticsearch group: elasticsearch mode: "0755" @@ -22,7 +27,7 @@ - name: change JVM tmpdir (< 6.x) lineinfile: dest: /etc/elasticsearch/jvm.options - line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}" regexp: "^-Djava.io.tmpdir=" insertafter: "## JVM configuration" notify: @@ -34,7 +39,7 @@ - name: check if ES_TMPDIR is available (>= 6.x) lineinfile: dest: /etc/default/elasticsearch - line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}" regexp: "^ES_TMPDIR=" insertafter: "JAVA_HOME" notify: @@ -54,4 +59,4 @@ tags: - elasticsearch when: elastic_stack_version is version('6', '>=') - when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 + when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0 diff --git a/etc-git/tasks/do_commit.yml b/etc-git/tasks/do_commit.yml index f13c7e50..806aefd2 100644 --- a/etc-git/tasks/do_commit.yml +++ b/etc-git/tasks/do_commit.yml @@ -50,7 +50,7 @@ register: commit_end_run when: - not ansible_check_mode - - git_status.stdout + - git_status.stdout | length > 0 ignore_errors: yes tags: - etc-git diff --git a/etc-git/tasks/repository.yml b/etc-git/tasks/repository.yml index 9be0a436..e8599c1e 100644 --- a/etc-git/tasks/repository.yml +++ b/etc-git/tasks/repository.yml @@ -68,6 +68,6 @@ chdir: "{{ repository_path }}" warn: no register: git_commit - when: git_log.rc != 0 or (git_init is defined and git_init.changed) + when: git_log.rc != 0 or (git_init is defined and git_init is changed) tags: - etc-git diff --git a/evoacme/tasks/evoacme_hook.yml b/evoacme/tasks/evoacme_hook.yml index 51dbb21c..2951fa00 100644 --- a/evoacme/tasks/evoacme_hook.yml +++ b/evoacme/tasks/evoacme_hook.yml @@ -16,4 +16,4 @@ src: "hooks/{{ hook_name }}" dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}" mode: "0750" - when: _find_hook.stdout == "" + when: _find_hook.stdout | length == 0 diff --git a/evoacme/tasks/main.yml b/evoacme/tasks/main.yml index 4c71d90e..1cc84c5d 100644 --- a/evoacme/tasks/main.yml +++ b/evoacme/tasks/main.yml @@ -6,7 +6,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version is version('9', '>=') msg: only compatible with Debian >= 9 - when: not evoacme_disable_debian_check + when: not (evoacme_disable_debian_check | bool) - include: certbot.yml diff --git a/evobackup-client/handlers/main.yml b/evobackup-client/handlers/main.yml index 17df304a..fc1b7739 100644 --- a/evobackup-client/handlers/main.yml +++ b/evobackup-client/handlers/main.yml @@ -13,4 +13,4 @@ command: "bkctld restart {{ evolinux_hostname }}" # - "bkctld sync {{ evolinux_hostname }}" delegate_to: "{{ evobackup_client__hosts[0].ip }}" - when: evobackup_client__hosts|length > 1 + when: evobackup_client__hosts | length > 1 diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml index 244d0347..306cf019 100644 --- a/evocheck/tasks/exec.yml +++ b/evocheck/tasks/exec.yml @@ -10,6 +10,6 @@ - debug: var: evocheck_run.stdout_lines - when: evocheck_run.stdout != "" + when: evocheck_run.stdout | length > 0 tags: - evocheck-exec diff --git a/evocheck/tasks/main.yml b/evocheck/tasks/main.yml index 0e374b92..87e2d636 100644 --- a/evocheck/tasks/main.yml +++ b/evocheck/tasks/main.yml @@ -7,4 +7,4 @@ when: evocheck_force_install == "package" - include: cron.yml - when: evocheck_update_crontab + when: evocheck_update_crontab | bool diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 8956d824..84580b54 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -4,7 +4,7 @@ path: /var/www state: directory mode: "0755" - when: evolinux_default_www_files + when: evolinux_default_www_files | bool - name: images are copied copy: @@ -13,7 +13,7 @@ mode: "0644" directory_mode: "0755" follow: yes - when: evolinux_default_www_files + when: evolinux_default_www_files | bool - name: index is copied template: @@ -21,7 +21,7 @@ dest: /var/www/index.html mode: "0644" force: no - when: evolinux_default_www_files + when: evolinux_default_www_files | bool # SSL cert @@ -43,6 +43,6 @@ command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt args: creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" - when: evolinux_default_www_ssl_cert + when: evolinux_default_www_ssl_cert | bool - meta: flush_handlers diff --git a/evolinux-base/tasks/fstab.yml b/evolinux-base/tasks/fstab.yml index bb70fde8..e10f483e 100644 --- a/evolinux-base/tasks/fstab.yml +++ b/evolinux-base/tasks/fstab.yml @@ -17,7 +17,7 @@ notify: remount /home when: - fstab_content.stdout | regex_search('\s/home\s') - - evolinux_fstab_home + - evolinux_fstab_home | bool - name: /tmp partition is customized replace: @@ -26,7 +26,7 @@ replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3' when: - fstab_content.stdout | regex_search('\s/tmp\s') - - evolinux_fstab_tmp + - evolinux_fstab_tmp | bool - name: /usr partition is customized replace: @@ -35,7 +35,7 @@ replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3' when: - fstab_content.stdout | regex_search('\s/usr\s') - - evolinux_fstab_usr + - evolinux_fstab_usr | bool - name: /var partition is customized replace: @@ -45,7 +45,7 @@ notify: remount /var when: - fstab_content.stdout | regex_search('\s/var\s') - - evolinux_fstab_var + - evolinux_fstab_var | bool - name: /var/tmp is created mount: @@ -55,7 +55,7 @@ opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}" state: mounted when: - - evolinux_fstab_var_tmp + - evolinux_fstab_var_tmp | bool - name: /dev/shm is created (Debian 10 and later) mount: @@ -65,7 +65,7 @@ opts: "{{ evolinux_fstab_dev_shm_options | mandatory }}" state: mounted when: - - evolinux_fstab_dev_shm + - evolinux_fstab_dev_shm | bool - ansible_distribution_major_version is version('10', '>=') - meta: flush_handlers diff --git a/evolinux-base/tasks/hostname.yml b/evolinux-base/tasks/hostname.yml index b73c11c7..2b9cfa93 100644 --- a/evolinux-base/tasks/hostname.yml +++ b/evolinux-base/tasks/hostname.yml @@ -7,14 +7,14 @@ - name: Set hostname "{{ evolinux_hostname }}" hostname: name: "{{ evolinux_hostname }}" - when: evolinux_hostname_hosts + when: evolinux_hostname_hosts | bool - name: Set right localhost line in /etc/hosts replace: dest: /etc/hosts regexp: '^127.0.0.1(\s+)localhost.*$' replace: '127.0.0.1\1localhost.localdomain localhost' - when: evolinux_hostname_hosts + when: evolinux_hostname_hosts | bool - name: Set ip+fqdn+hostname in /etc/hosts lineinfile: @@ -22,21 +22,21 @@ regexp: '^{{ ansible_default_ipv4.address }}\s+' line: "{{ ansible_default_ipv4.address }} {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} {{ [evolinux_hostname, evolinux_internal_hostname] | unique | join(' ') }}" insertafter: '127.0.0.1\s+localhost.localdomain' - when: evolinux_hostname_hosts + when: evolinux_hostname_hosts | bool - name: 127.0.1.1 is removed lineinfile: dest: /etc/hosts regexp: '^127.0.1.1\s+' state: absent - when: evolinux_hostname_hosts + when: evolinux_hostname_hosts | bool - name: /etc/mailname is up-to-date copy: dest: /etc/mailname content: "{{ evolinux_fqdn }}\n" force: yes - when: evolinux_hostname_mailname + when: evolinux_hostname_mailname | bool # Override facts diff --git a/evolinux-base/tasks/kernel.yml b/evolinux-base/tasks/kernel.yml index e19ab0e6..282e10eb 100644 --- a/evolinux-base/tasks/kernel.yml +++ b/evolinux-base/tasks/kernel.yml @@ -10,7 +10,7 @@ loop: - { name: kernel.panic_on_oops, value: 1 } - { name: kernel.panic, value: 60 } - when: evolinux_kernel_reboot_after_panic + when: evolinux_kernel_reboot_after_panic | bool - name: Don't reboot after panic sysctl: @@ -21,7 +21,7 @@ loop: - kernel.panic_on_oops - kernel.panic - when: not evolinux_kernel_reboot_after_panic + when: not evolinux_kernel_reboot_after_panic | bool - name: Disable net.ipv4.tcp_timestamps sysctl: @@ -30,7 +30,7 @@ sysctl_file: "{{ evolinux_kernel_sysctl_path }}" state: present reload: yes - when: evolinux_kernel_disable_tcp_timestamps + when: evolinux_kernel_disable_tcp_timestamps | bool - name: Customize the swappiness sysctl: @@ -39,7 +39,7 @@ sysctl_file: "{{ evolinux_kernel_sysctl_path }}" state: present reload: yes - when: evolinux_kernel_customize_swappiness + when: evolinux_kernel_customize_swappiness | bool - name: Patch for TCP stack vulnerability CVE-2016-5696 sysctl: @@ -48,7 +48,7 @@ sysctl_file: "{{ evolinux_kernel_sysctl_path }}" state: present reload: yes - when: evolinux_kernel_cve20165696 + when: evolinux_kernel_cve20165696 | bool - name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack) sysctl: diff --git a/evolinux-base/tasks/logs.yml b/evolinux-base/tasks/logs.yml index 9c1f45e4..2bf28b98 100644 --- a/evolinux-base/tasks/logs.yml +++ b/evolinux-base/tasks/logs.yml @@ -8,7 +8,7 @@ dest: /etc/rsyslog.conf mode: "0644" notify: restart rsyslog - when: evolinux_logs_rsyslog_conf + when: evolinux_logs_rsyslog_conf | bool - name: Disable logrotate default conf command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled @@ -16,25 +16,25 @@ removes: /etc/logrotate.d/rsyslog creates: /etc/logrotate.d/rsyslog.disabled notify: restart rsyslog - when: evolinux_logs_disable_logrotate_rsyslog + when: evolinux_logs_disable_logrotate_rsyslog | bool - name: Copy many logrotate files copy: src: logs/logrotate.d/ dest: /etc/logrotate.d/ - when: evolinux_logs_logrotate_confs + when: evolinux_logs_logrotate_confs | bool - name: Copy rsyslog logrotate file template: src: logs/zsyslog.j2 dest: /etc/logrotate.d/zsyslog - when: evolinux_logs_logrotate_confs + when: evolinux_logs_logrotate_confs | bool - name: Configure logrotate.conf replace: dest: /etc/logrotate.conf regexp: "rotate [0-9]+" replace: "rotate 12" - when: evolinux_logs_default_rotate + when: evolinux_logs_default_rotate | bool - meta: flush_handlers diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml index 0b2fdf89..68a6d424 100644 --- a/evolinux-base/tasks/main.yml +++ b/evolinux-base/tasks/main.yml @@ -13,51 +13,51 @@ vars: apt_install_basics: "{{ evolinux_apt_replace_default_sources }}" apt_install_evolix_public: "{{ evolinux_apt_public_sources }}" - when: evolinux_apt_include + when: evolinux_apt_include | bool - name: /etc versioning with Git include_role: name: evolix/etc-git - when: evolinux_etcgit_include + when: evolinux_etcgit_include | bool - name: /etc/evolinux base include: etc-evolinux.yml - when: evolinux_etcevolinux_include + when: evolinux_etcevolinux_include | bool - name: Hostname include: hostname.yml - when: evolinux_hostname_include + when: evolinux_hostname_include | bool - name: Kernel tuning include: kernel.yml - when: evolinux_kernel_include + when: evolinux_kernel_include | bool - name: Fstab configuration include: fstab.yml - when: evolinux_fstab_include + when: evolinux_fstab_include | bool - name: Packages include: packages.yml - when: evolinux_packages_include + when: evolinux_packages_include | bool - name: System settings include: system.yml - when: evolinux_system_include + when: evolinux_system_include | bool - name: Minifirewall include_role: name: evolix/minifirewall - when: evolinux_minifirewall_include + when: evolinux_minifirewall_include | bool - name: Evomaintenance include_role: name: evolix/evomaintenance - when: evolinux_evomaintenance_include + when: evolinux_evomaintenance_include | bool - name: SSH configuration include: ssh.yml when: evolinux_ssh_include - + ### disabled because of a memory leak # - name: Create evolinux users # include_role: @@ -66,66 +66,66 @@ - name: Root user configuration include: root.yml - when: evolinux_root_include + when: evolinux_root_include | bool - name: Postfix include: postfix.yml - when: evolinux_postfix_include + when: evolinux_postfix_include | bool - name: Logs management include: logs.yml - when: evolinux_logs_include + when: evolinux_logs_include | bool - name: Default index page include: default_www.yml - when: evolinux_default_www_include + when: evolinux_default_www_include | bool - name: Hardware drivers and tools include: hardware.yml - when: evolinux_hardware_include + when: evolinux_hardware_include | bool - name: Customize for Online.net include: provider_online.yml - when: evolinux_provider_online_include + when: evolinux_provider_online_include | bool - name: Customize for Orange FCE include: provider_orange_fce.yml - when: evolinux_provider_orange_fce_include + when: evolinux_provider_orange_fce_include | bool - name: Override Log2mail service include: log2mail.yml - when: evolinux_log2mail_include + when: evolinux_log2mail_include | bool - include: motd.yml - name: Munin include_role: name: evolix/munin - when: evolinux_munin_include + when: evolinux_munin_include | bool - name: Nagios/NRPE include_role: name: evolix/nagios-nrpe - when: evolinux_nagios_nrpe_include + when: evolinux_nagios_nrpe_include | bool - name: fail2ban include_role: name: evolix/fail2ban - when: evolinux_fail2ban_include + when: evolinux_fail2ban_include | bool - name: Evocheck include_role: name: evolix/evocheck vars: evocheck_force_install: "{{ evolinux_evocheck_force_install }}" - when: evolinux_evocheck_include + when: evolinux_evocheck_include | bool - name: Listupgrade include_role: name: evolix/listupgrade - when: evolinux_listupgrade_include + when: evolinux_listupgrade_include | bool - name: Generate ldif script include_role: name: evolix/generate-ldif - when: evolinux_generateldif_include + when: evolinux_generateldif_include | bool diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index afedf1a4..8df64abd 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -16,7 +16,7 @@ - ssl-cert - ca-certificates - rename - when: evolinux_packages_system + when: evolinux_packages_system | bool - name: Install/Update diagnostic tools apt: @@ -34,7 +34,7 @@ - telnet - traceroute - man - when: evolinux_packages_diagnostic + when: evolinux_packages_diagnostic | bool - name: Install/Update hardware tools apt: @@ -42,7 +42,7 @@ - hdparm - smartmontools - lm-sensors - when: evolinux_packages_hardware + when: evolinux_packages_hardware | bool - name: Install/Update common tools apt: @@ -58,21 +58,21 @@ - bc - pinentry-curses - ncurses-term - when: evolinux_packages_common + when: evolinux_packages_common | bool - name: Be sure that openntpd package is absent/purged apt: name: openntpd state: absent purge: True - when: evolinux_packages_purge_openntpd + when: evolinux_packages_purge_openntpd | bool - name: the chrony package is absent apt: name: chrony purge: True state: absent - when: evolinux_packages_purge_chrony + when: evolinux_packages_purge_chrony | bool - name: Be sure locate/mlocate is absent/purged apt: @@ -81,19 +81,19 @@ - mlocate state: absent purge: yes - when: evolinux_packages_purge_locate + when: evolinux_packages_purge_locate | bool - name: Install/Update serveur-base meta-package apt: name: serveur-base allow_unauthenticated: yes - when: evolinux_packages_serveur_base + when: evolinux_packages_serveur_base | bool - name: Install/Update packages for Stretch and later apt: name: net-tools when: - - evolinux_packages_stretch + - evolinux_packages_stretch | bool - ansible_distribution_major_version is version('9', '>=') - name: Install/Update packages for Buster and later @@ -102,7 +102,7 @@ - spectre-meltdown-checker - binutils when: - - evolinux_packages_buster + - evolinux_packages_buster | bool - ansible_distribution_major_version is version('10', '>=') - name: Customize logcheck recipient @@ -110,7 +110,7 @@ dest: /etc/logcheck/logcheck.conf regexp: '^SENDMAILTO=".*"$' line: 'SENDMAILTO="{{ logcheck_alert_email or general_alert_email | mandatory }}"' - when: evolinux_packages_logcheck_recipient + when: evolinux_packages_logcheck_recipient | bool - name: Deleting rpcbind and nfs-common apt: @@ -118,7 +118,7 @@ - rpcbind - nfs-common state: absent - when: evolinux_packages_delete_nfs + when: evolinux_packages_delete_nfs | bool # TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes) @@ -132,7 +132,7 @@ - { option: "confirm", value: "1" } - { option: "which", value: "both" } when: - - evolinux_packages_listchanges + - evolinux_packages_listchanges | bool - ansible_distribution == "Debian" - ansible_distribution_release == "jessie" diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml index e83a190b..5ae33aa7 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/postfix.yml @@ -6,7 +6,7 @@ - postfix - mailgraph state: present - when: evolinux_postfix_packages + when: evolinux_postfix_packages | bool tags: - packages - postfix @@ -47,7 +47,7 @@ line: "{{ item }}: root" loop: "{{ non_root_users_list.stdout_lines }}" notify: newaliases - when: evolinux_postfix_users_alias_root + when: evolinux_postfix_users_alias_root | bool tags: - postfix @@ -64,7 +64,7 @@ - error - bounce notify: newaliases - when: evolinux_postfix_mailer_alias_root + when: evolinux_postfix_mailer_alias_root | bool tags: - postfix @@ -74,7 +74,7 @@ regexp: "^root:" line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}" notify: newaliases - when: evolinux_postfix_root_alias + when: evolinux_postfix_root_alias | bool tags: - postfix @@ -89,7 +89,7 @@ - exim4-daemon-light purge: yes state: absent - when: evolinux_postfix_purge_exim + when: evolinux_postfix_purge_exim | bool tags: - packages - postfix diff --git a/evolinux-base/tasks/root.yml b/evolinux-base/tasks/root.yml index ce57d4fd..df50d977 100644 --- a/evolinux-base/tasks/root.yml +++ b/evolinux-base/tasks/root.yml @@ -5,7 +5,7 @@ path: /root state: directory mode: "0700" - when: evolinux_root_chmod + when: evolinux_root_chmod | bool - name: "Customize root's bashrc..." lineinfile: @@ -19,7 +19,7 @@ - "export HISTTIMEFORMAT=\"%c : \"" - "shopt -s histappend" - "PROMPT_COMMAND=\"history -a;${PROMPT_COMMAND}\"" - when: evolinux_root_bashrc + when: evolinux_root_bashrc | bool ## .bash_history should be append-only @@ -28,14 +28,14 @@ content: "" dest: "/root/.bash_history" force: no - when: evolinux_root_bash_history + when: evolinux_root_bash_history | bool - name: Set umask in /root/.profile lineinfile: dest: "/root/.profile" line: "umask 0077" regexp: "umask [0-9]+" - when: evolinux_root_umask + when: evolinux_root_umask | bool - name: "/usr/share/scripts is present in root's PATH" lineinfile: @@ -48,7 +48,7 @@ src: root/gitconfig dest: "/root/.gitconfig" force: no - when: evolinux_root_gitconfig + when: evolinux_root_gitconfig | bool - name: Is .bash_history append-only shell: lsattr /root/.bash_history | grep -E "^.*a.* " @@ -61,7 +61,7 @@ - name: Set .bash_history append-only command: chattr +a /root/.bash_history when: - - evolinux_root_bash_history_appendonly + - evolinux_root_bash_history_appendonly | bool - bash_history_append_only.rc != 0 - "'Inappropriate ioctl' not in bash_history_append_only.stderr" @@ -71,7 +71,7 @@ regexp: '^SELECTED_EDITOR=' line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\"" create: yes - when: evolinux_root_vim_default + when: evolinux_root_vim_default | bool - name: Setting vim root configuration lineinfile: @@ -86,7 +86,7 @@ - "set tabstop=4" - "set softtabstop=4" - "set shiftwidth=4" - when: evolinux_root_vim_conf + when: evolinux_root_vim_conf | bool - name: disable SSH access for root replace: @@ -95,7 +95,7 @@ replace: "PermitRootLogin no" validate: '/usr/sbin/sshd -t -f %s' notify: reload sshd - when: evolinux_root_disable_ssh + when: evolinux_root_disable_ssh | bool ### Disabled : it seems useless and too dangerous for now # - name: remove root from AllowUsers directive diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml index 06661ada..6504655b 100644 --- a/evolinux-base/tasks/system.yml +++ b/evolinux-base/tasks/system.yml @@ -5,7 +5,7 @@ path: /tmp state: directory mode: "u=rwx,g=rwx,o=rwxt" - when: evolinux_system_chmod_tmp + when: evolinux_system_chmod_tmp | bool - name: Setting default locales lineinfile: @@ -18,7 +18,7 @@ - "fr_FR ISO-8859-1" - "fr_FR.UTF-8 UTF-8" register: default_locales - when: evolinux_system_locales + when: evolinux_system_locales | bool - name: Reconfigure locales command: /usr/sbin/locale-gen @@ -28,7 +28,7 @@ timezone: name: "{{ evolinux_system_timezone | mandatory }}" notify: restart cron - when: evolinux_system_set_timezone + when: evolinux_system_set_timezone | bool # TODO : find a way to force the console-data configuration # non-interactively (like tzdata ↑) @@ -41,13 +41,13 @@ dest: /etc/vim/vimrc regexp: 'let g:skip_defaults_vim =' line: 'let g:skip_defaults_vim = 1' - when: evolinux_system_vim_skip_defaults + when: evolinux_system_vim_skip_defaults | bool - name: Setting vim as default editor alternatives: name: editor path: /usr/bin/vim.basic - when: evolinux_system_vim_default_editor + when: evolinux_system_vim_default_editor | bool - name: Add "umask 027" to /etc/profile.d/evolinux.sh lineinfile: @@ -55,14 +55,14 @@ line: "umask 027" create: yes state: present - when: evolinux_system_profile + when: evolinux_system_profile | bool - name: Set /etc/adduser.conf DIR_MODE to 0700 replace: dest: /etc/adduser.conf regexp: "^DIR_MODE=0755$" replace: "DIR_MODE=0700" - when: evolinux_system_dirmode_adduser + when: evolinux_system_dirmode_adduser | bool # TODO: trouver comment ne pas faire ça sur Xen Dom-U @@ -72,7 +72,7 @@ line: "tty2" create: yes state: present - when: evolinux_system_restrict_securetty + when: evolinux_system_restrict_securetty | bool - name: Setting TMOUT to disconnect inactive users lineinfile: @@ -80,7 +80,7 @@ line: "export TMOUT=36000" create: yes state: present - when: evolinux_system_set_timeout + when: evolinux_system_set_timeout | bool #- name: Customizing /etc/fstab @@ -97,7 +97,9 @@ line: "EXTRA_OPTS='-L 15'" create: yes state: present - when: is_cron_installed.rc == 0 and evolinux_system_cron_verboselog + when: + - is_cron_installed.rc == 0 + - evolinux_system_cron_verboselog | bool - name: Modify default umask for cron deamon lineinfile: @@ -105,7 +107,9 @@ line: "umask 022" create: yes state: present - when: is_cron_installed.rc == 0 and evolinux_system_cron_umask + when: + - is_cron_installed.rc == 0 + - evolinux_system_cron_umask | bool - name: Randomize periodic crontabs replace: @@ -117,7 +121,9 @@ - { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } - { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } - { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' } - when: is_cron_installed.rc == 0 and evolinux_system_cron_random + when: + - is_cron_installed.rc == 0 + - evolinux_system_cron_random | bool - include_role: name: evolix/ntpd @@ -131,7 +137,7 @@ force: no mode: "0755" when: - - evolinux_system_alert5_init + - evolinux_system_alert5_init | bool - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch" - name: Enable alert5 init script (jessie/stretch) @@ -139,8 +145,8 @@ name: alert5 enabled: yes when: - - evolinux_system_alert5_init - - evolinux_system_alert5_enable + - evolinux_system_alert5_init | bool + - evolinux_system_alert5_enable | bool - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch" @@ -152,7 +158,7 @@ force: no mode: "0755" when: - - evolinux_system_alert5_init + - evolinux_system_alert5_init | bool - ansible_distribution_major_version is version('10', '>=') - name: Install alert5 service (buster) @@ -162,7 +168,7 @@ force: yes mode: "0644" when: - - evolinux_system_alert5_init + - evolinux_system_alert5_init | bool - ansible_distribution_major_version is version('10', '>=') - name: Enable alert5 init script (buster) @@ -171,8 +177,8 @@ daemon_reload: yes enabled: yes when: - - evolinux_system_alert5_init - - evolinux_system_alert5_enable + - evolinux_system_alert5_init | bool + - evolinux_system_alert5_enable | bool - ansible_distribution_major_version is version('10', '>=') ## network interfaces @@ -189,7 +195,9 @@ dest: /etc/network/interfaces regexp: "allow-hotplug" replace: "auto" - when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0 + when: + - evolinux_system_eni_auto | bool + - grep_hotplug_eni.rc == 0 ## /sbin/deny diff --git a/evolinux-todo/tasks/cat.yml b/evolinux-todo/tasks/cat.yml index 9cebeca5..58e3ba4c 100644 --- a/evolinux-todo/tasks/cat.yml +++ b/evolinux-todo/tasks/cat.yml @@ -10,4 +10,4 @@ - name: "Content of /etc/evolinux/todo.txt" debug: var: evolinux_todo.stdout_lines - when: evolinux_todo.stdout != "" + when: evolinux_todo.stdout | length > 0 diff --git a/evolinux-users/tasks/main.yml b/evolinux-users/tasks/main.yml index 20cdf040..8f12ba1b 100644 --- a/evolinux-users/tasks/main.yml +++ b/evolinux-users/tasks/main.yml @@ -9,22 +9,22 @@ - debug: msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!" - when: evolinux_users == {} + when: evolinux_users | length == 0 - name: Create user accounts include: user.yml vars: user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" - when: evolinux_users != {} + when: evolinux_users | length > 0 - name: Configure sudo include: sudo.yml vars: user: "{{ item.value }}" loop: "{{ evolinux_users | dict2items }}" - when: evolinux_users != {} + when: evolinux_users | length > 0 - name: Configure SSH include: ssh.yml - when: evolinux_users != {} + when: evolinux_users | length > 0 diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index 06a05b89..ac2fdf12 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -59,6 +59,6 @@ regexp: '^PermitRootLogin (yes|without-password|prohibit-password)' replace: "PermitRootLogin no" notify: reload sshd - when: evolinux_root_disable_ssh + when: evolinux_root_disable_ssh | bool - meta: flush_handlers diff --git a/evolinux-users/tasks/sudo.yml b/evolinux-users/tasks/sudo.yml index 6f127da8..c27f5a29 100644 --- a/evolinux-users/tasks/sudo.yml +++ b/evolinux-users/tasks/sudo.yml @@ -4,6 +4,8 @@ when: ansible_distribution_release == "jessie" - include: sudo_stretch.yml - when: ansible_distribution_major_version is defined and ansible_distribution_major_version is version('9', '>=') + when: + - ansible_distribution_major_version is defined + - ansible_distribution_major_version is version('9', '>=') - meta: flush_handlers diff --git a/evolinux-users/tasks/sudo_jessie.yml b/evolinux-users/tasks/sudo_jessie.yml index f675954e..d3f70198 100644 --- a/evolinux-users/tasks/sudo_jessie.yml +++ b/evolinux-users/tasks/sudo_jessie.yml @@ -15,4 +15,4 @@ regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$' replace: '\1,{{ user.name }}' validate: '/usr/sbin/visudo -cf %s' - when: not copy_sudoers_evolinux.changed + when: copy_sudoers_evolinux is not changed diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index 0d2105bd..4939f533 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -4,11 +4,11 @@ - fail: msg: "You must provide a value for the 'user.name ' variable." - when: user.name is not defined or user.name == '' + when: user.name is not defined or user.name | length == 0 - fail: msg: "You must provide a value for the 'user.uid ' variable." - when: user.uid is not defined or user.uid == '' + when: user.uid is not defined or user.uid | length == 0 - name: "Test if '{{ user.name }}' exists" command: 'id -u "{{ user.name }}"' @@ -102,7 +102,7 @@ state: present when: - evolinux_internal_group is defined - - evolinux_internal_group != "" + - evolinux_internal_group | length > 0 - ansible_distribution_major_version is version('9', '>=') - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)" @@ -112,7 +112,7 @@ append: yes when: - evolinux_internal_group is defined - - evolinux_internal_group != "" + - evolinux_internal_group | length > 0 - ansible_distribution_major_version is version('9', '>=') ## Optional secondary groups, defined per user @@ -125,7 +125,7 @@ loop_var: group when: - user.groups is defined - - user.groups != [] + - user.groups | length > 0 - name: "Unix user '{{ user.name }}' belongs to secondary groups" user: @@ -134,7 +134,7 @@ append: yes when: - user.groups is defined - - user.groups != [] + - user.groups | length > 0 # Permissions on home directory @@ -177,7 +177,9 @@ user: "{{ user.name }}" key: "{{ user.ssh_key }}" state: present - when: user.ssh_key is defined + when: + - user.ssh_key is defined + - user.ssh_key | length > 0 - name: "SSH public keys for '{{ user.name }}' are present" authorized_key: @@ -187,6 +189,8 @@ loop: "{{ user.ssh_keys }}" loop_control: loop_var: ssk_key - when: user.ssh_keys is defined + when: + - user.ssh_keys is defined + - user.ssh_keys | length > 0 - meta: flush_handlers diff --git a/evomaintenance/tasks/install_vendor_debian.yml b/evomaintenance/tasks/install_vendor_debian.yml index 96bbee86..2faaac79 100644 --- a/evomaintenance/tasks/install_vendor_debian.yml +++ b/evomaintenance/tasks/install_vendor_debian.yml @@ -14,7 +14,7 @@ name: - postgresql-client state: present - when: evomaintenance_hook_db + when: evomaintenance_hook_db | bool tags: - evomaintenance diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml index d56a124a..642b2954 100644 --- a/evomaintenance/tasks/main.yml +++ b/evomaintenance/tasks/main.yml @@ -1,7 +1,7 @@ --- - set_fact: - minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" + minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" - assert: that: @@ -11,12 +11,12 @@ - include: install_package_debian.yml when: - - not evomaintenance_install_vendor + - not (evomaintenance_install_vendor | bool) - ansible_distribution == "Debian" - include: install_vendor_debian.yml when: - - evomaintenance_install_vendor + - evomaintenance_install_vendor | bool - ansible_distribution == "Debian" - include: install_vendor_openbsd.yml @@ -25,5 +25,5 @@ - include: minifirewall.yml when: - - evomaintenance_hook_db + - evomaintenance_hook_db | bool - ansible_distribution == "Debian" diff --git a/evomaintenance/tasks/minifirewall.yml b/evomaintenance/tasks/minifirewall.yml index c99bd34f..ad48e856 100644 --- a/evomaintenance/tasks/minifirewall.yml +++ b/evomaintenance/tasks/minifirewall.yml @@ -31,6 +31,6 @@ - name: Force restart minifirewall command: /bin/true notify: restart minifirewall - when: minifirewall_restart_force + when: minifirewall_restart_force | bool tags: - evomaintenance diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml index 5e4909d6..30c795c9 100644 --- a/fail2ban/tasks/main.yml +++ b/fail2ban/tasks/main.yml @@ -32,7 +32,7 @@ - name: Include ignoredips update task include: ip_whitelist.yml - when: fail2ban_force_update_ignore_ips + when: fail2ban_force_update_ignore_ips | bool tags: - fail2ban @@ -43,7 +43,7 @@ option: enabled value: false notify: restart fail2ban - when: fail2ban_disable_ssh + when: fail2ban_disable_ssh | bool tags: - fail2ban diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 0f5511eb..06f7d564 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -64,7 +64,9 @@ register: logstash_plugin_installed failed_when: false changed_when: false - when: filebeat_logstash_plugin and logstash_plugin.stat.exists + when: + - filebeat_logstash_plugin | bool + - logstash_plugin.stat.exists - name: Logstash plugin is installed block: @@ -74,9 +76,9 @@ - name: logstash-plugin install logstash-input-beats command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats when: - - filebeat_logstash_plugin + - filebeat_logstash_plugin | bool - logstash_plugin.stat.exists - - not logstash_plugin_installed | success + - not (logstash_plugin_installed | success) # When we don't use a config template (default) - block: @@ -86,7 +88,7 @@ regexp: '^(\s+)(- add_cloud_metadata:)' replace: '\1# \2' notify: restart filebeat - when: not filebeat_processors_cloud_metadata + when: not (filebeat_processors_cloud_metadata | bool) - name: cloud_metadata processor is disabled lineinfile: @@ -94,7 +96,7 @@ line: " - add_cloud_metadata: ~" insert_after: '^processors:' notify: restart filebeat - when: filebeat_processors_cloud_metadata + when: filebeat_processors_cloud_metadata | bool - name: Filebeat knows where to find Elasticsearch lineinfile: @@ -103,8 +105,7 @@ line: " hosts: [\"{{ filebeat_elasticsearch_hosts | join('\", \"') }}\"]" insertafter: "output.elasticsearch:" notify: restart filebeat - when: - - filebeat_elasticsearch_hosts + when: filebeat_elasticsearch_hosts | length > 0 - name: Filebeat protocol for Elasticsearch lineinfile: @@ -126,9 +127,9 @@ - { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' } notify: restart filebeat when: - - filebeat_elasticsearch_auth_username - - filebeat_elasticsearch_auth_password - when: not filebeat_use_config_template + - filebeat_elasticsearch_auth_username | length > 0 + - filebeat_elasticsearch_auth_password | length > 0 + when: not (filebeat_use_config_template | bool) - name: Filebeat api_key for Elasticsearch are configured lineinfile: @@ -137,7 +138,7 @@ line: ' api_key: "{{ filebeat_elasticsearch_auth_api_key }}"' insertafter: "output.elasticsearch:" notify: restart filebeat - when: filebeat_elasticsearch_auth_api_key + when: filebeat_elasticsearch_auth_api_key | length > 0 # When we use a config template - block: @@ -154,5 +155,5 @@ - "templates/filebeat/filebeat.default.yml.j2" - "templates/filebeat.default.yml.j2" notify: restart filebeat - when: filebeat_update_config - when: filebeat_use_config_template + when: filebeat_update_config | bool + when: filebeat_use_config_template | bool diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index 8b47127b..d29e3cbc 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -84,7 +84,7 @@ - update-config - include: packages_backports.yml - when: haproxy_backports + when: haproxy_backports | bool - name: Install HAProxy package apt: @@ -108,7 +108,7 @@ - "templates/haproxy/haproxy.default.cfg.j2" - "templates/haproxy.default.cfg.j2" notify: reload haproxy - when: haproxy_update_config + when: haproxy_update_config | bool tags: - haproxy - config diff --git a/java/tasks/main.yml b/java/tasks/main.yml index f6de0b43..f899bf1c 100644 --- a/java/tasks/main.yml +++ b/java/tasks/main.yml @@ -4,7 +4,7 @@ # when: java_version != 8 - include: openjdk.yml - when: "{{ java_alternative == 'openjdk' }}" + when: java_alternative == 'openjdk' - include: oracle.yml - when: "{{ java_alternative == 'oracle' }}" + when: java_alternative == 'oracle' diff --git a/java/tasks/openjdk.yml b/java/tasks/openjdk.yml index 8e187d1b..b41db0a7 100644 --- a/java/tasks/openjdk.yml +++ b/java/tasks/openjdk.yml @@ -26,6 +26,6 @@ alternatives: name: java path: "{{ java_bin_path[java_version] }}" - when: java_default_alternative + when: java_default_alternative | bool tags: - java diff --git a/java/tasks/oracle.yml b/java/tasks/oracle.yml index bbdd86f4..c2ab5ebf 100644 --- a/java/tasks/oracle.yml +++ b/java/tasks/oracle.yml @@ -52,6 +52,6 @@ alternatives: name: java path: "/usr/lib/jvm/oracle-java{{ java_version }}-server-jre-amd64/bin/java" - when: java_default_alternative + when: java_default_alternative | bool tags: - java diff --git a/keepalived/tasks/main.yml b/keepalived/tasks/main.yml index dee97bca..807713a8 100644 --- a/keepalived/tasks/main.yml +++ b/keepalived/tasks/main.yml @@ -1,3 +1,5 @@ +--- + - name: install Keepalived service apt: pkg: keepalived diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index f4334879..44bed1a6 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -126,4 +126,4 @@ # - data - include: proxy_nginx.yml - when: kibana_proxy_nginx + when: kibana_proxy_nginx | bool diff --git a/kvm-host/tasks/images.yml b/kvm-host/tasks/images.yml index 420e83ec..b9ec57a8 100644 --- a/kvm-host/tasks/images.yml +++ b/kvm-host/tasks/images.yml @@ -13,7 +13,7 @@ changed_when: False check_mode: no register: kvm_libvirt_images_current_real_path_test - when: kvm_custom_libvirt_images_path != '' + when: kvm_custom_libvirt_images_path | length > 0 - name: Images directory is moved to custom path block: @@ -35,6 +35,6 @@ dest: '/var/lib/libvirt/images' state: link when: - - kvm_custom_libvirt_images_path != '' + - kvm_custom_libvirt_images_path | length > 0 - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout - not kvm_custom_libvirt_images_path_test.stat.exists diff --git a/ldap/tasks/ldapvirc.yml b/ldap/tasks/ldapvirc.yml index 06f9199d..9b015249 100644 --- a/ldap/tasks/ldapvirc.yml +++ b/ldap/tasks/ldapvirc.yml @@ -10,7 +10,7 @@ debug: msg: "WARNING: an LDAP admin password is given, but an ldapvirc file already exists. It will not be updated." when: - - ldap_admin_password != "" + - ldap_admin_password | length > 0 - root_ldapvirc_path.stat.exists # Generate ldap password if none is given and ldapvirc is absent @@ -25,7 +25,7 @@ register: new_ldap_admin_password changed_when: False when: - - ldap_admin_password == "" + - ldap_admin_password | length == 0 - not root_ldapvirc_path.stat.exists # Use the generated password or the one found in the file @@ -33,7 +33,7 @@ set_fact: ldap_admin_password: "{{ new_ldap_admin_password.stdout }}" when: - - ldap_admin_password == "" + - ldap_admin_password | length == 0 - not root_ldapvirc_path.stat.exists - name: hash password for cn=admin diff --git a/ldap/tasks/nagios.yml b/ldap/tasks/nagios.yml index 97db7dba..90921bf2 100644 --- a/ldap/tasks/nagios.yml +++ b/ldap/tasks/nagios.yml @@ -10,7 +10,7 @@ debug: msg: "WARNING: an LDAP nagios password is given, but a nagios config already exists. It will not be updated." when: - - ldap_nagios_password != "" + - ldap_nagios_password | length > 0 - nagios_monitoring_plugins_path.stat.exists # Generate ldap password if none is given and nagios config is absent @@ -19,7 +19,7 @@ name: apg state: present when: - - ldap_nagios_password == "" + - ldap_nagios_password | length == 0 - not nagios_monitoring_plugins_path.stat.exists - name: create a password for cn=admin @@ -27,7 +27,7 @@ register: new_ldap_nagios_password changed_when: False when: - - ldap_nagios_password == "" + - ldap_nagios_password | length == 0 - not nagios_monitoring_plugins_path.stat.exists # Use the generated password or the one found in the file @@ -35,7 +35,7 @@ set_fact: ldap_nagios_password: "{{ new_ldap_nagios_password.stdout }}" when: - - ldap_nagios_password == "" + - ldap_nagios_password | length == 0 - not nagios_monitoring_plugins_path.stat.exists - name: set params for NRPE check diff --git a/logstash/tasks/tmpdir.yml b/logstash/tasks/tmpdir.yml index 4149f5af..e41b1205 100644 --- a/logstash/tasks/tmpdir.yml +++ b/logstash/tasks/tmpdir.yml @@ -8,9 +8,12 @@ check_mode: no - block: - - name: "Create {{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + - set_fact: + _logstash_custom_tmpdir: "{{ logstash_custom_tmpdir | default(logstash_default_tmpdir, True) | mandatory }}" + + - name: "Create {{ _logstash_custom_tmpdir }}" file: - path: "{{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + path: "{{ _logstash_custom_tmpdir }}" owner: logstash group: logstash mode: "0755" @@ -21,11 +24,11 @@ - name: change JVM tmpdir lineinfile: dest: /etc/logstash/jvm.options - line: "-Djava.io.tmpdir={{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}" + line: "-Djava.io.tmpdir={{ _logstash_custom_tmpdir }}" regexp: "^-Djava.io.tmpdir=" insertafter: "## JVM configuration" notify: - restart logstash tags: - logstash - when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 + when: (logstash_custom_tmpdir is not none and logstash_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0 diff --git a/lxc-php/tasks/misc.yml b/lxc-php/tasks/misc.yml index 297ee469..c5aa5245 100644 --- a/lxc-php/tasks/misc.yml +++ b/lxc-php/tasks/misc.yml @@ -28,6 +28,9 @@ name: "{{ lxc_php_version }}" container_config: - "lxc.mount.entry = /run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0" - when: lxc_php_create_mysql_link and php_conf_mysql_socket_dir is string + when: + - lxc_php_create_mysql_link | bool + - php_conf_mysql_socket_dir is not none + - php_conf_mysql_socket_dir | length > 0 notify: "Restart container" diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml index 8b8a68e3..ad4f35d6 100644 --- a/lxc/tasks/create-container.yml +++ b/lxc/tasks/create-container.yml @@ -12,7 +12,7 @@ template: debian state: stopped template_options: "--arch amd64 --release {{ release }}" - when: container_exists.stdout_lines == [] + when: container_exists.stdout_lines | length == 0 - name: "Disable network configuration inside container {{ name }}" replace: diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml index df8dc86f..a3a31cf5 100644 --- a/lxc/tasks/main.yml +++ b/lxc/tasks/main.yml @@ -24,13 +24,13 @@ failed_when: false changed_when: false register: root_subuids - when: lxc_unprivilegied_containers + when: lxc_unprivilegied_containers | bool - name: Add subuid and subgid ranges to root command: usermod -v 100000-199999 -w 100000-109999 root when: - - lxc_unprivilegied_containers - - root_subuids.rc + - lxc_unprivilegied_containers | bool + - root_subuids.rc != 0 - name: Create containers include: create-container.yml diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml index 0bf81713..0159f8d6 100644 --- a/memcached/tasks/main.yml +++ b/memcached/tasks/main.yml @@ -13,7 +13,7 @@ notify: restart memcached tags: - memcached - when: memcached_instance_name == "" + when: memcached_instance_name | length == 0 - name: Memcached is running and enabled on boot. service: @@ -22,7 +22,7 @@ state: started tags: - memcached - when: memcached_instance_name == "" + when: memcached_instance_name | length == 0 - name: Add systemd template copy: @@ -30,7 +30,7 @@ dest: /etc/systemd/system/memcached@.service tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name | length > 0 - name: Delete default memcached systemd configuration file systemd: @@ -39,7 +39,7 @@ state: stopped tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name | length > 0 - name: Make sure memcached.conf is absent file: @@ -47,7 +47,7 @@ state: absent tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name | length > 0 - name: Create a configuration file template: @@ -56,7 +56,7 @@ mode: "0644" tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name | length > 0 - name: Enable and start the memcached instance systemd: @@ -67,7 +67,7 @@ masked: no tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name | length > 0 - include: munin.yml diff --git a/memcached/tasks/munin.yml b/memcached/tasks/munin.yml index cd75fa64..6e2f6d6f 100644 --- a/memcached/tasks/munin.yml +++ b/memcached/tasks/munin.yml @@ -2,7 +2,7 @@ - name: Choose packages (Oracle) set_fact: multi: "multi_" - when: memcached_instance_name !="" + when: memcached_instance_name | length > 0 - name: is Munin present ? stat: diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml index 29b88fb6..2290626e 100644 --- a/metricbeat/tasks/main.yml +++ b/metricbeat/tasks/main.yml @@ -61,8 +61,7 @@ line: " hosts: [\"{{ metricbeat_elasticsearch_hosts | join('\", \"') }}\"]" insertafter: "output.elasticsearch:" notify: restart metricbeat - when: - - metricbeat_elasticsearch_hosts + when: metricbeat_elasticsearch_hosts | length > 0 - name: Metricbeat protocol for Elasticsearch lineinfile: @@ -84,8 +83,8 @@ - { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' } notify: restart metricbeat when: - - metricbeat_elasticsearch_auth_username - - metricbeat_elasticsearch_auth_password + - metricbeat_elasticsearch_auth_username | length > 0 + - metricbeat_elasticsearch_auth_password | length > 0 - name: Metricbeat api_key for Elasticsearch are configured lineinfile: @@ -94,7 +93,7 @@ line: ' api_key: "{{ metricbeat_elasticsearch_auth_api_key }}"' insertafter: "output.elasticsearch:" notify: restart metricbeat - when: metricbeat_elasticsearch_auth_api_key + when: metricbeat_elasticsearch_auth_api_key | length > 0 - name: disable cloud_metadata replace: @@ -102,7 +101,7 @@ regexp: '^(\s+)(- add_cloud_metadata:)' replace: '\1# \2' notify: restart metricbeat - when: not metricbeat_processors_cloud_metadata + when: not (metricbeat_processors_cloud_metadata | bool) - name: cloud_metadata processor is disabled lineinfile: @@ -110,8 +109,8 @@ line: " - add_cloud_metadata: ~" insert_after: '^processors:' notify: restart metricbeat - when: metricbeat_processors_cloud_metadata - when: not metricbeat_use_config_template + when: metricbeat_processors_cloud_metadata | bool + when: not (metricbeat_use_config_template | bool) # When we use a config template - block: @@ -128,5 +127,5 @@ - "templates/metricbeat/metricbeat.default.yml.j2" - "templates/metricbeat.default.yml.j2" notify: restart metricbeat - when: metricbeat_update_config - when: metricbeat_use_config_template + when: metricbeat_update_config | bool + when: metricbeat_use_config_template | bool diff --git a/minifirewall/tasks/activate.yml b/minifirewall/tasks/activate.yml index 21fb8cfd..e971407b 100644 --- a/minifirewall/tasks/activate.yml +++ b/minifirewall/tasks/activate.yml @@ -12,7 +12,7 @@ replace: '/etc/init.d/minifirewall start' when: - initd_alert5.stat.exists - - minifirewall_autostart + - minifirewall_autostart | bool - name: check if /usr/share/scripts/alert5 exists stat: @@ -26,4 +26,4 @@ replace: '/etc/init.d/minifirewall start' when: - usr_share_scripts_alert5.stat.exists - - minifirewall_autostart + - minifirewall_autostart | bool diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 1b556674..04ed3a9c 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -39,8 +39,7 @@ - name: Verify that at least 1 trusted IP is provided assert: - that: - - minifirewall_trusted_ips != [] + that: minifirewall_trusted_ips | length > 0 msg: You must provide at least 1 trusted IP - debug: @@ -191,7 +190,7 @@ dest: "{{ minifirewall_main_file }}" regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)' state: absent - when: evomaintenance_hosts != [] + when: evomaintenance_hosts | length > 0 - name: Stat minifirewall config file (after) stat: @@ -207,7 +206,7 @@ failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout" changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" when: - - minifirewall_restart_if_needed + - minifirewall_restart_if_needed | bool - minifirewall_is_running.rc == 0 - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum @@ -216,7 +215,7 @@ register: minifirewall_init_restart failed_when: False changed_when: False - when: not minifirewall_restart_if_needed + when: not (minifirewall_restart_if_needed | bool) - debug: var: minifirewall_init_restart diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml index 99a478e0..2a053d4f 100644 --- a/minifirewall/tasks/main.yml +++ b/minifirewall/tasks/main.yml @@ -2,7 +2,7 @@ - name: Compose minifirewall_restart_handler_name variable set_fact: - minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" + minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" - include: install.yml @@ -13,10 +13,10 @@ - include: activate.yml - include: tail.yml - when: minifirewall_tail_included + when: minifirewall_tail_included | bool - name: Force restart minifirewall command: /bin/true notify: restart minifirewall changed_when: False - when: minifirewall_restart_force + when: minifirewall_restart_force | bool diff --git a/minifirewall/tasks/tail.yml b/minifirewall/tasks/tail.yml index 629c2e59..a086ead9 100644 --- a/minifirewall/tasks/tail.yml +++ b/minifirewall/tasks/tail.yml @@ -39,14 +39,14 @@ changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" when: - minifirewall_tail_template is changed - - minifirewall_restart_if_needed + - minifirewall_restart_if_needed | bool - name: restart minifirewall (noop) meta: noop register: minifirewall_init_restart failed_when: False changed_when: False - when: not minifirewall_restart_if_needed + when: not (minifirewall_restart_if_needed | bool) - debug: var: minifirewall_init_restart diff --git a/mongodb/tasks/main_buster.yml b/mongodb/tasks/main_buster.yml index 8bad2bee..387a9c0a 100644 --- a/mongodb/tasks/main_buster.yml +++ b/mongodb/tasks/main_buster.yml @@ -32,7 +32,7 @@ name: mongod enabled: yes state: started - when: _mongodb_install_package.changed + when: _mongodb_install_package is changed - name: install dependency for monitoring apt: diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml index 28beb1ed..c375f5d5 100644 --- a/mysql-oracle/tasks/datadir.yml +++ b/mysql-oracle/tasks/datadir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_datadir_test tags: - mysql - when: mysql_custom_datadir != '' + when: mysql_custom_datadir | length > 0 - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_datadir != '' + - mysql_custom_datadir | length > 0 - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists diff --git a/mysql-oracle/tasks/nrpe.yml b/mysql-oracle/tasks/nrpe.yml index 58820786..c3457699 100644 --- a/mysql-oracle/tasks/nrpe.yml +++ b/mysql-oracle/tasks/nrpe.yml @@ -47,9 +47,11 @@ loop: - { option: 'user', value: 'nrpe' } - { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' } - when: create_nrpe_user.changed + when: create_nrpe_user is changed - when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password) + when: + - nrpe_evolix_config.stat.exists + - (not nrpe_my_cnf.stat.exists or (mysql_force_new_nrpe_password | bool)) tags: - mysql - nrpe diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml index af1a0460..5bf8848e 100644 --- a/mysql-oracle/tasks/packages.yml +++ b/mysql-oracle/tasks/packages.yml @@ -87,7 +87,7 @@ tags: - mysql - packages - when: mysql_install_libclient + when: mysql_install_libclient | bool - name: MySQL is started systemd: diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml index 8d518160..790a9f2e 100644 --- a/mysql-oracle/tasks/tmpdir.yml +++ b/mysql-oracle/tasks/tmpdir.yml @@ -20,4 +20,4 @@ notify: "{{ mysql_restart_handler_name }}" tags: - mysql - when: mysql_custom_tmpdir != '' + when: mysql_custom_tmpdir | length > 0 diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml index bf0013df..e7573afe 100644 --- a/mysql-oracle/tasks/utils.yml +++ b/mysql-oracle/tasks/utils.yml @@ -1,12 +1,15 @@ --- +- set_fact: + _mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}" + - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Scripts directory exists file: - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" + dest: "{{ _mysql_scripts_dir }}" mode: "0700" state: directory tags: @@ -95,12 +98,12 @@ name: evolix/remount-usr tags: - mysql - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: mysqltuner is installed # copy: # src: mysqltuner.pl - # dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl" + # dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl" # mode: "0700" apt: name: mysqltuner @@ -121,12 +124,12 @@ name: evolix/remount-usr tags: - mysql - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: mysql-optimize.sh is installed copy: src: mysql-optimize.sh - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" mode: "0700" tags: - mysql @@ -143,7 +146,7 @@ - name: "Enable cron to optimize MySQL" file: - src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh state: link when: mysql_cron_optimize | bool @@ -192,12 +195,12 @@ - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Install my-add.sh copy: src: my-add.sh - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh" + dest: "{{ _mysql_scripts_dir }}/my-add.sh" mode: "0700" tags: - mysql diff --git a/mysql/tasks/config_stretch.yml b/mysql/tasks/config_stretch.yml index d6d59efd..cfbeedfe 100644 --- a/mysql/tasks/config_stretch.yml +++ b/mysql/tasks/config_stretch.yml @@ -42,4 +42,4 @@ name: mysql daemon_reload: yes notify: "{{ mysql_restart_handler_name }}" - when: mariadb_systemd_override.changed + when: mariadb_systemd_override is changed diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml index 28beb1ed..c375f5d5 100644 --- a/mysql/tasks/datadir.yml +++ b/mysql/tasks/datadir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_datadir_test tags: - mysql - when: mysql_custom_datadir != '' + when: mysql_custom_datadir | length > 0 - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_datadir != '' + - mysql_custom_datadir | length > 0 - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml index a1b3a8d8..bd6ecab2 100644 --- a/mysql/tasks/logdir.yml +++ b/mysql/tasks/logdir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_logdir_test tags: - mysql - when: mysql_custom_logdir != '' + when: mysql_custom_logdir | length > 0 - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_logdir != '' + - mysql_custom_logdir | length > 0 - mysql_custom_logdir != mysql_current_real_logdir_test.stdout - not mysql_custom_logdir_test.stat.exists diff --git a/mysql/tasks/main.yml b/mysql/tasks/main.yml index 11435c73..ace6299e 100644 --- a/mysql/tasks/main.yml +++ b/mysql/tasks/main.yml @@ -23,7 +23,7 @@ when: ansible_distribution_release == "jessie" - include: replication.yml - when: mysql_replication + when: mysql_replication | bool - include: datadir.yml diff --git a/mysql/tasks/nrpe.yml b/mysql/tasks/nrpe.yml index 58820786..c3457699 100644 --- a/mysql/tasks/nrpe.yml +++ b/mysql/tasks/nrpe.yml @@ -47,9 +47,11 @@ loop: - { option: 'user', value: 'nrpe' } - { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' } - when: create_nrpe_user.changed + when: create_nrpe_user is changed - when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password) + when: + - nrpe_evolix_config.stat.exists + - (not nrpe_my_cnf.stat.exists or (mysql_force_new_nrpe_password | bool)) tags: - mysql - nrpe diff --git a/mysql/tasks/packages_jessie.yml b/mysql/tasks/packages_jessie.yml index 8d27de52..48408433 100644 --- a/mysql/tasks/packages_jessie.yml +++ b/mysql/tasks/packages_jessie.yml @@ -33,7 +33,7 @@ tags: - mysql - packages - when: mysql_install_libclient + when: mysql_install_libclient | bool - name: MySQL is started service: diff --git a/mysql/tasks/packages_stretch.yml b/mysql/tasks/packages_stretch.yml index 901543af..98a8f69d 100644 --- a/mysql/tasks/packages_stretch.yml +++ b/mysql/tasks/packages_stretch.yml @@ -19,7 +19,7 @@ tags: - mysql - packages - when: mysql_install_libclient + when: mysql_install_libclient | bool - name: MySQL is started service: diff --git a/mysql/tasks/tmpdir.yml b/mysql/tasks/tmpdir.yml index e2c13dc5..79a3ac5e 100644 --- a/mysql/tasks/tmpdir.yml +++ b/mysql/tasks/tmpdir.yml @@ -20,4 +20,4 @@ notify: "{{ mysql_restart_handler_name }}" tags: - mysql - when: mysql_custom_tmpdir != '' + when: mysql_custom_tmpdir | length > 0 diff --git a/mysql/tasks/users_jessie.yml b/mysql/tasks/users_jessie.yml index 027d0bd8..99dd2d04 100644 --- a/mysql/tasks/users_jessie.yml +++ b/mysql/tasks/users_jessie.yml @@ -45,7 +45,7 @@ loop: - { option: 'user', value: 'mysqladmin' } - { option: 'password', value: '{{ mysql_admin_password.stdout }}' } - when: create_mysqladmin_user.changed + when: create_mysqladmin_user is changed tags: - mysql diff --git a/mysql/tasks/users_stretch.yml b/mysql/tasks/users_stretch.yml index bca16bc6..574399af 100644 --- a/mysql/tasks/users_stretch.yml +++ b/mysql/tasks/users_stretch.yml @@ -40,7 +40,7 @@ loop: - { option: 'user', value: 'mysqladmin' } - { option: 'password', value: '{{ mysql_admin_password.stdout }}' } - when: create_mysqladmin_user.changed + when: create_mysqladmin_user is changed tags: - mysql @@ -79,7 +79,7 @@ _credentials: - { option: 'user', value: 'debian-sys-maint' } - { option: 'password', value: '{{ mysql_debian_password.stdout }}' } - when: create_debian_user.changed + when: create_debian_user is changed tags: - mysql diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index fedda1ff..b4abf059 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -1,12 +1,15 @@ --- +- set_fact: + _mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}" + - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Ensure scripts directory exists file: - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" + dest: "{{ _mysql_scripts_dir }}" mode: "0700" state: directory tags: @@ -62,12 +65,12 @@ - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Install mysqltuner # copy: # src: mysqltuner.pl - # dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl" + # dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl" # mode: "0700" apt: name: mysqltuner @@ -98,12 +101,12 @@ - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Optimize script for MySQL copy: src: mysql-optimize.sh - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" mode: "0700" tags: - mysql @@ -118,10 +121,10 @@ - name: "Enable cron to optimize MySQL" file: - src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh" dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh state: link - when: mysql_cron_optimize + when: mysql_cron_optimize | bool tags: - mysql @@ -129,7 +132,7 @@ file: dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh state: absent - when: not mysql_cron_optimize + when: not (mysql_cron_optimize | bool) tags: - mysql @@ -146,7 +149,7 @@ src: mysqltuner.cron.sh dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh mode: "0755" - when: mysql_cron_mysqltuner + when: mysql_cron_mysqltuner | bool tags: - mysql @@ -154,7 +157,7 @@ file: dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh state: absent - when: not mysql_cron_mysqltuner + when: not (mysql_cron_mysqltuner | bool) tags: - mysql @@ -162,12 +165,12 @@ - include_role: name: evolix/remount-usr - when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr") + when: _mysql_scripts_dir is search ("/usr") - name: Install my-add.sh copy: src: my-add.sh - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh" + dest: "{{ _mysql_scripts_dir }}/my-add.sh" mode: "0700" force: "{{ mysql_force_myadd_script }}" tags: @@ -183,7 +186,7 @@ - name: "Install save_mysql_processlist.sh" copy: src: save_mysql_processlist.sh - dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/save_mysql_processlist.sh" + dest: "{{ _mysql_scripts_dir }}/save_mysql_processlist.sh" mode: "0755" force: no tags: diff --git a/nagios-nrpe/tasks/main.yml b/nagios-nrpe/tasks/main.yml index 065ffacc..77770020 100644 --- a/nagios-nrpe/tasks/main.yml +++ b/nagios-nrpe/tasks/main.yml @@ -42,7 +42,7 @@ regexp: '^allowed_hosts=' insertafter: '# Allowed IPs' notify: restart nagios-nrpe-server - when: nagios_nrpe_force_update_allowed_hosts + when: nagios_nrpe_force_update_allowed_hosts | bool tags: - nagios-nrpe diff --git a/networkd-to-ifconfig/tasks/main.yml b/networkd-to-ifconfig/tasks/main.yml index 29ca3b4f..d1ac0ac4 100644 --- a/networkd-to-ifconfig/tasks/main.yml +++ b/networkd-to-ifconfig/tasks/main.yml @@ -7,7 +7,9 @@ - debug: msg: A /etc/network/interfaces file already exists, nothing is done. - when: interfaces_file.stat.exists and not force_update_eni_file + when: + - interfaces_file.stat.exists + - not (force_update_eni_file | bool) - block: - name: "Look for systemd network config" @@ -38,7 +40,7 @@ - eni_ipv6_address | ipv6 - eni_ipv6_gateway | ipv6 msg: "IPv6 configuration is invalid" - when: eni_ipv6_address or eni_ipv6_gateway + when: (eni_ipv6_address | length > 0) or (eni_ipv6_gateway | length > 0) - name: "A new /etc/network/interfaces is generated" template: @@ -63,4 +65,4 @@ - debug: msg: You should verify your configuration, then reboot the server. - when: force_update_eni_file or not interfaces_file.stat.exists + when: (force_update_eni_file | bool) or (not interfaces_file.stat.exists) diff --git a/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml b/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml index 21de7357..5f6f4011 100644 --- a/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml +++ b/networkd-to-ifconfig/tasks/set_facts_from_ansible.yml @@ -4,10 +4,10 @@ set_fact: eni_ipv4_address: "{{ ansible_default_ipv4.address | ipv4 }}" eni_ipv4_gateway: "{{ ansible_default_ipv4.gateway | ipv4 }}" - when: ansible_default_ipv4 + when: ansible_default_ipv4 | length > 0 - name: Prepare variables (IPv6) set_fact: eni_ipv6_address: "{{ ansible_default_ipv6.address | ipv6 | first }}" eni_ipv6_gateway: "{{ ansible_default_ipv6.gateway | ipv6 | first }}" - when: ansible_default_ipv6 + when: ansible_default_ipv6 | length > 0 diff --git a/newrelic/tasks/main.yml b/newrelic/tasks/main.yml index 7537214d..a4e8f2b3 100644 --- a/newrelic/tasks/main.yml +++ b/newrelic/tasks/main.yml @@ -3,7 +3,7 @@ - include: sources.yml - include: php.yml - when: newrelic_php + when: newrelic_php | bool - include: sysmond.yml - when: newrelic_sysmond + when: newrelic_sysmond | bool diff --git a/newrelic/tasks/php.yml b/newrelic/tasks/php.yml index 5d44e8e5..c41dbac9 100644 --- a/newrelic/tasks/php.yml +++ b/newrelic/tasks/php.yml @@ -6,7 +6,7 @@ question: "newrelic-php5/application-name" value: "{{ newrelic_appname }}" vtype: string - when: newrelic_appname != "" + when: newrelic_appname | length > 0 - name: Pre-seed package configuration with license debconf: @@ -14,7 +14,7 @@ question: "newrelic-php5/license-key" value: "{{ newrelic_license }}" vtype: "string" - when: newrelic_license != "" + when: newrelic_license | length > 0 - name: list newrelic config files shell: "find /etc/php* -type f -name newrelic.ini" diff --git a/newrelic/tasks/sysmond.yml b/newrelic/tasks/sysmond.yml index 5d72a470..e5c5bab9 100644 --- a/newrelic/tasks/sysmond.yml +++ b/newrelic/tasks/sysmond.yml @@ -9,5 +9,5 @@ dest: /etc/newrelic/nrsysmond.cfg regexp: "license_key=REPLACE_WITH_REAL_KEY" replace: "license_key={{ newrelic_license }}" - when: newrelic_license != "" + when: newrelic_license | length > 0 notify: restart newrelic-sysmond diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml index 58b9f95b..8a8fc264 100644 --- a/nginx/tasks/main.yml +++ b/nginx/tasks/main.yml @@ -2,7 +2,7 @@ - debug: msg: "Nginx minimal mode has been removed, falling back to normal mode." - when: nginx_minimal + when: nginx_minimal | bool - include: packages.yml @@ -112,7 +112,7 @@ state: link force: yes notify: reload nginx - when: nginx_evolinux_default_enabled + when: nginx_evolinux_default_enabled | bool tags: - nginx diff --git a/nginx/tasks/packages.yml b/nginx/tasks/packages.yml index 05c033b4..7d9eead5 100644 --- a/nginx/tasks/packages.yml +++ b/nginx/tasks/packages.yml @@ -2,10 +2,10 @@ - set_fact: nginx_package_name_default: nginx-light - when: nginx_minimal + when: nginx_minimal | bool - include: packages_backports.yml - when: nginx_backports + when: nginx_backports | bool # TODO: install "nginx" + only necessary modules, instead of "nginx-full" diff --git a/nginx/tasks/server_status_read.yml b/nginx/tasks/server_status_read.yml index 570febf9..652bc154 100644 --- a/nginx/tasks/server_status_read.yml +++ b/nginx/tasks/server_status_read.yml @@ -14,7 +14,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ nginx_serverstatus_suffix }}\u000A" force: yes - when: nginx_serverstatus_suffix != "" + when: nginx_serverstatus_suffix | length > 0 - name: generate random string for server-status suffix shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}" diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index af15112b..d0aa18b8 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -48,4 +48,4 @@ - nodejs - include: yarn.yml - when: nodejs_install_yarn + when: nodejs_install_yarn | bool diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml index 6122c4a2..5e2f9e92 100644 --- a/packweb-apache/tasks/main.yml +++ b/packweb-apache/tasks/main.yml @@ -89,7 +89,7 @@ - include: awstats.yml - include: fhs_retrictions.yml - when: packweb_fhs_retrictions + when: packweb_fhs_retrictions | bool - name: Periodically cache ftp directory sizes for ftpadmin.sh cron: diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml index 39fd1163..f83b0a5d 100644 --- a/packweb-apache/tasks/phpmyadmin.yml +++ b/packweb-apache/tasks/phpmyadmin.yml @@ -53,7 +53,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ packweb_phpmyadmin_suffix }}\u000A" force: yes - when: packweb_phpmyadmin_suffix != "" + when: packweb_phpmyadmin_suffix | length > 0 - name: generate random string for phpmyadmin suffix shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}" diff --git a/percona/tasks/main.yml b/percona/tasks/main.yml index ede6f394..4db87058 100644 --- a/percona/tasks/main.yml +++ b/percona/tasks/main.yml @@ -26,7 +26,7 @@ copy: src: "{{ percona__apt_config_package_file }}" dest: "/root/{{ percona__apt_config_package_file }}" - when: not percona__apt_config_package_installed + when: not (percona__apt_config_package_installed | bool) # - include_role: # name: evolix/remount-usr @@ -36,7 +36,7 @@ deb: "/root/{{ percona__apt_config_package_file }}" state: present register: percona__apt_config_deb - when: not percona__apt_config_package_installed + when: not (percona__apt_config_package_installed | bool) - name: Percona APT config package is installed from repository apt: @@ -51,4 +51,4 @@ when: percona__apt_config_deb is changed - include: xtrabackup.yml - when: percona__install_xtrabackup + when: percona__install_xtrabackup | bool diff --git a/php/tasks/config_apache.yml b/php/tasks/config_apache.yml index 3ae9738c..795678fd 100644 --- a/php/tasks/config_apache.yml +++ b/php/tasks/config_apache.yml @@ -44,4 +44,4 @@ mode: "0644" loop: - { option: "date.timezone", value: "Europe/Paris" } - when: php_symfony_requirements + when: php_symfony_requirements | bool diff --git a/php/tasks/config_cli.yml b/php/tasks/config_cli.yml index c4678cd5..d327690a 100644 --- a/php/tasks/config_cli.yml +++ b/php/tasks/config_cli.yml @@ -35,4 +35,4 @@ mode: "0644" loop: - { option: "date.timezone", value: "Europe/Paris" } - when: php_symfony_requirements + when: php_symfony_requirements | bool diff --git a/php/tasks/config_fpm.yml b/php/tasks/config_fpm.yml index 57680ea9..ad543f19 100644 --- a/php/tasks/config_fpm.yml +++ b/php/tasks/config_fpm.yml @@ -79,11 +79,11 @@ loop: - { option: "date.timezone", value: "Europe/Paris" } notify: "restart {{ php_fpm_service_name }}" - when: php_symfony_requirements + when: php_symfony_requirements | bool - name: Delete debian default pool file: - path: "{{ php_fpm_debian_default_pool_file }}" + path: "{{ php_fpm_debian_default_pool_file | mandatory }}" state: absent notify: "restart {{ php_fpm_service_name }}" - when: php_fpm_remove_default_pool + when: php_fpm_remove_default_pool | bool diff --git a/php/tasks/main.yml b/php/tasks/main.yml index 2fd1a250..e9687e67 100644 --- a/php/tasks/main.yml +++ b/php/tasks/main.yml @@ -2,8 +2,7 @@ - fail: msg: only compatible with Debian >= 8 - when: - - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') + when: ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') - include: main_jessie.yml when: ansible_distribution_release == "jessie" diff --git a/php/tasks/main_buster.yml b/php/tasks/main_buster.yml index c757d539..fba952ab 100644 --- a/php/tasks/main_buster.yml +++ b/php/tasks/main_buster.yml @@ -36,7 +36,7 @@ - libphp-phpmailer - include: sury_pre.yml - when: php_sury_enable + when: php_sury_enable | bool - name: "Install PHP packages (Debian 9 or later)" apt: @@ -49,7 +49,7 @@ - libapache2-mod-php - php state: present - when: php_apache_enable + when: php_apache_enable | bool - name: "Install PHP FPM packages (Debian 9 or later)" apt: @@ -57,7 +57,7 @@ - php-fpm - php state: present - when: php_fpm_enable + when: php_fpm_enable | bool # Configuration @@ -76,22 +76,22 @@ mode: "0755" - include: config_fpm.yml - when: php_fpm_enable + when: php_fpm_enable | bool - name: Enforce permissions on PHP fpm directory file: dest: /etc/php/7.3/fpm mode: "0755" - when: php_fpm_enable + when: php_fpm_enable | bool - include: config_apache.yml - when: php_apache_enable + when: php_apache_enable | bool - name: Enforce permissions on PHP apache2 directory file: dest: /etc/php/7.3/apache2 mode: "0755" - when: php_apache_enable + when: php_apache_enable | bool - include: sury_post.yml - when: php_sury_enable + when: php_sury_enable | bool diff --git a/php/tasks/main_jessie.yml b/php/tasks/main_jessie.yml index 8e99280c..5ec3123d 100644 --- a/php/tasks/main_jessie.yml +++ b/php/tasks/main_jessie.yml @@ -40,7 +40,7 @@ - libapache2-mod-php5 - php5 state: present - when: php_apache_enable + when: php_apache_enable | bool - name: "Install PHP FPM packages (jessie)" apt: @@ -48,7 +48,7 @@ - php5-fpm - php5 state: present - when: php_fpm_enable + when: php_fpm_enable | bool # Configuration @@ -65,19 +65,19 @@ mode: "0755" - include: config_fpm.yml - when: php_fpm_enable + when: php_fpm_enable | bool - name: Enforce permissions on PHP fpm directory file: dest: /etc/php5/fpm mode: "0755" - when: php_fpm_enable + when: php_fpm_enable | bool - include: config_apache.yml - when: php_apache_enable + when: php_apache_enable | bool - name: Enforce permissions on PHP apache2 directory file: dest: /etc/php5/apache2 mode: "0755" - when: php_apache_enable + when: php_apache_enable | bool diff --git a/php/tasks/main_stretch.yml b/php/tasks/main_stretch.yml index 004aec02..dc16c6e4 100644 --- a/php/tasks/main_stretch.yml +++ b/php/tasks/main_stretch.yml @@ -36,7 +36,7 @@ - libphp-phpmailer - include: sury_pre.yml - when: php_sury_enable + when: php_sury_enable | bool - name: "Install PHP packages (Debian 9 or later)" apt: @@ -49,7 +49,7 @@ - libapache2-mod-php - php state: present - when: php_apache_enable + when: php_apache_enable | bool - name: "Install PHP FPM packages (Debian 9 or later)" apt: @@ -57,7 +57,7 @@ - php-fpm - php state: present - when: php_fpm_enable + when: php_fpm_enable | bool # Configuration @@ -77,22 +77,22 @@ mode: "0755" - include: config_fpm.yml - when: php_fpm_enable + when: php_fpm_enable | bool - name: Enforce permissions on PHP fpm directory file: dest: /etc/php/7.0/fpm mode: "0755" - when: php_fpm_enable + when: php_fpm_enable | bool - include: config_apache.yml - when: php_apache_enable + when: php_apache_enable | bool - name: Enforce permissions on PHP apache2 directory file: dest: /etc/php/7.0/apache2 mode: "0755" - when: php_apache_enable + when: php_apache_enable | bool - include: sury_post.yml - when: php_sury_enable + when: php_sury_enable | bool diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml index 3f82d23d..4e706889 100644 --- a/php/tasks/sury_post.yml +++ b/php/tasks/sury_post.yml @@ -24,13 +24,13 @@ loop: - { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" } - { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" } - when: php_apache_enable + when: php_apache_enable | bool - name: Enforce permissions on PHP 7.4/cli directory file: dest: /etc/php/7.4/apache2 mode: "0755" - when: php_apache_enable + when: php_apache_enable | bool - name: Symlink Evolix FPM config files from 7.4 to 7.0 file: @@ -43,10 +43,10 @@ - { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" } - { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" } - { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/zzz-evolinux-custom.conf" } - when: php_fpm_enable + when: php_fpm_enable | bool - name: Enforce permissions on PHP 7.4/cli directory file: dest: /etc/php/7.4/fpm mode: "0755" - when: php_fpm_enable + when: php_fpm_enable | bool diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml index 0e0fff2d..d8caf2b2 100644 --- a/postfix/tasks/main.yml +++ b/postfix/tasks/main.yml @@ -3,10 +3,10 @@ - include: common.yml - include: minimal.yml - when: postfix_packmail == False + when: not (postfix_packmail | bool) - include: packmail.yml - when: postfix_packmail == True + when: postfix_packmail | bool - include: slow_transport.yml - when: postfix_slow_transport_include + when: postfix_slow_transport_include | bool diff --git a/postfix/tasks/minimal.yml b/postfix/tasks/minimal.yml index ad666532..970b9dcb 100644 --- a/postfix/tasks/minimal.yml +++ b/postfix/tasks/minimal.yml @@ -15,6 +15,6 @@ mode: "0644" force: yes notify: restart postfix - when: postfix_force_main_cf or postfix_maincf_md5_jessie in default_main_cf.stdout or postfix_maincf_md5_stretch in default_main_cf.stdout + when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout) tags: - postfix diff --git a/postfix/tasks/packmail.yml b/postfix/tasks/packmail.yml index cf4482ed..2ba8eba9 100644 --- a/postfix/tasks/packmail.yml +++ b/postfix/tasks/packmail.yml @@ -19,7 +19,7 @@ mode: "0644" force: yes notify: restart postfix - when: postfix_force_main_cf or postfix_maincf_md5_jessie in default_main_cf.stdout or postfix_maincf_md5_stretch in default_main_cf.stdout + when: (postfix_force_main_cf | bool) or (postfix_maincf_md5_jessie in default_main_cf.stdout) or (postfix_maincf_md5_stretch in default_main_cf.stdout) tags: - postfix @@ -67,7 +67,7 @@ - sender.access - sender.access_local - spamd.cidr - when: postfix_copy_filter.changed + when: postfix_copy_filter is changed tags: - postfix diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml index 292849a0..aecdf80d 100644 --- a/postgresql/tasks/main.yml +++ b/postgresql/tasks/main.yml @@ -19,4 +19,4 @@ - include: logrotate.yml - include: postgis.yml - when: postgresql_install_postgis + when: postgresql_install_postgis | bool diff --git a/postgresql/tasks/nrpe.yml b/postgresql/tasks/nrpe.yml index 8ce178e9..740c7b08 100644 --- a/postgresql/tasks/nrpe.yml +++ b/postgresql/tasks/nrpe.yml @@ -37,5 +37,5 @@ regexp: '^command\[check_pgsql\]=' line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"' notify: restart nagios-nrpe-server - when: postgresql_create_nrpe_user.changed + when: postgresql_create_nrpe_user is changed when: nrpe_evolix_config.stat.exists diff --git a/postgresql/tasks/packages_buster.yml b/postgresql/tasks/packages_buster.yml index 3a1a440e..76017545 100644 --- a/postgresql/tasks/packages_buster.yml +++ b/postgresql/tasks/packages_buster.yml @@ -3,7 +3,7 @@ - name: "Set variables (Debian 10)" set_fact: postgresql_version: '11' - when: postgresql_version == "" + when: postgresql_version is none or postgresql_version | length == 0 - include: pgdg-repo.yml when: postgresql_version != '11' diff --git a/postgresql/tasks/packages_jessie.yml b/postgresql/tasks/packages_jessie.yml index ba21632e..cf8f0879 100644 --- a/postgresql/tasks/packages_jessie.yml +++ b/postgresql/tasks/packages_jessie.yml @@ -3,7 +3,7 @@ - name: "Set variables (Debian 8)" set_fact: postgresql_version: '9.4' - when: postgresql_version == "" + when: postgresql_version is none or postgresql_version | length == 0 - include: pgdg-repo.yml when: postgresql_version != '9.4' diff --git a/postgresql/tasks/packages_stretch.yml b/postgresql/tasks/packages_stretch.yml index eff513f9..d8ebb9e4 100644 --- a/postgresql/tasks/packages_stretch.yml +++ b/postgresql/tasks/packages_stretch.yml @@ -3,7 +3,7 @@ - name: "Set variables (Debian 9)" set_fact: postgresql_version: '9.6' - when: postgresql_version == "" + when: postgresql_version is none or postgresql_version | length == 0 - include: pgdg-repo.yml when: postgresql_version != '9.6' diff --git a/postgresql/tests/test.yml b/postgresql/tests/test.yml index 06bd32ac..438eddee 100644 --- a/postgresql/tests/test.yml +++ b/postgresql/tests/test.yml @@ -24,7 +24,7 @@ - name: Reconfigure locales command: /usr/sbin/locale-gen changed_when: false - when: test_locales.changed + when: test_locales is changed roles: - role: postgresql diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml index 20b1d3d2..756e0ff0 100644 --- a/proftpd/tasks/accounts.yml +++ b/proftpd/tasks/accounts.yml @@ -33,7 +33,7 @@ insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd - when: proftpd_ftp_enable + when: proftpd_ftp_enable | bool tags: - proftpd @@ -45,7 +45,7 @@ insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd - when: proftpd_ftps_enable + when: proftpd_ftps_enable | bool tags: - proftpd @@ -57,6 +57,6 @@ insertbefore: "DenyAll" loop: "{{ proftpd_accounts_final }}" notify: restart proftpd - when: proftpd_sftp_enable + when: proftpd_sftp_enable | bool tags: - proftpd diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index 71b95e9b..457887a1 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -22,7 +22,7 @@ mode: "0644" force: no notify: restart proftpd - when: proftpd_ftp_enable + when: proftpd_ftp_enable | bool tags: - proftpd @@ -33,7 +33,7 @@ mode: "0644" force: no notify: restart proftpd - when: proftpd_ftps_enable + when: proftpd_ftps_enable | bool tags: - proftpd @@ -44,7 +44,7 @@ mode: "0644" force: no notify: restart proftpd - when: proftpd_sftp_enable + when: proftpd_sftp_enable | bool tags: - proftpd @@ -80,4 +80,4 @@ - proftpd - include: accounts.yml - when: proftpd_accounts != "[]" + when: proftpd_accounts | length > 0 diff --git a/redis/tasks/default-munin.yml b/redis/tasks/default-munin.yml index c94f171a..3f0fe6f4 100644 --- a/redis/tasks/default-munin.yml +++ b/redis/tasks/default-munin.yml @@ -67,8 +67,8 @@ value: '{{ redis_password }}' notify: restart munin-node when: - - redis_password != '' - - redis_password != None + - redis_password is not none + - redis_password | length > 0 - (munin_redis_blocs_in_config.stdout | int) <= 1 tags: redis @@ -77,6 +77,6 @@ debug: msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed" when: - - redis_password != '' - - redis_password != None + - redis_password is not none + - redis_password | length > 0 - (munin_redis_blocs_in_config.stdout | int) > 1 diff --git a/redis/tasks/instance-server.yml b/redis/tasks/instance-server.yml index d5f7e8e8..08430eb8 100644 --- a/redis/tasks/instance-server.yml +++ b/redis/tasks/instance-server.yml @@ -3,9 +3,9 @@ - name: Verify Redis port assert: that: - - redis_port != 6379 + - redis_port | int != 6379 msg: "If you want to use port 6379, use the default instance, not a named instance." - when: not redis_force_instance_port + when: not (redis_force_instance_port | bool) - name: "Instance '{{ redis_instance_name }}' group is present" group: @@ -162,6 +162,6 @@ name: "redis-server" enabled: no state: stopped - when: redis_default_server_disabled + when: redis_default_server_disabled | bool tags: - redis diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index 28fda65a..90f0aa12 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -1,7 +1,7 @@ --- - set_fact: - redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}" + redis_restart_handler_name: "{{ redis_restart_if_needed | bool | ternary('restart redis', 'restart redis (noop)') }}" - name: Redis is installed. apt: @@ -20,7 +20,7 @@ tags: - redis - packages - when: redis_sentinel_install + when: redis_sentinel_install | bool - name: Get Redis version shell: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'" @@ -137,4 +137,4 @@ - name: Force restart redis command: /bin/true notify: restart redis - when: redis_restart_force + when: redis_restart_force | bool diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml index 64e42683..6c40a338 100644 --- a/redmine/tasks/mysql.yml +++ b/redmine/tasks/mysql.yml @@ -13,7 +13,7 @@ register: redmine_generate_mysql_password check_mode: no changed_when: False - when: redmine_get_mysql_password.stdout == "" + when: redmine_get_mysql_password.stdout | length == 0 tags: - redmine diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml index 730b0877..548132fc 100644 --- a/redmine/tasks/release.yml +++ b/redmine/tasks/release.yml @@ -98,7 +98,7 @@ chdir: "/home/{{ redmine_user }}/www/" become_user: "{{ redmine_user }}" environment: "{{ user_env }}" - when: redmine_mysql_create.changed + when: redmine_mysql_create is changed tags: - redmine diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml index bca2db5a..9e00dcb0 100644 --- a/squid/tasks/main.yml +++ b/squid/tasks/main.yml @@ -71,7 +71,9 @@ dest: /etc/squid/evolinux-acl.conf force: no notify: "reload squid" - when: squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') + when: + - squid_localproxy_enable | bool + - ansible_distribution_major_version is version('9', '>=') - name: "evolinux custom acl (Debian 9 or later)" copy: @@ -79,7 +81,9 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: + - not (squid_localproxy_enable | bool) + - ansible_distribution_major_version is version('9', '>=') - name: "evolinux http_access for local proxy (Debian 9 or later)" copy: @@ -87,7 +91,9 @@ dest: /etc/squid/evolinux-httpaccess.conf force: no notify: "reload squid" - when: squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') + when: + - squid_localproxy_enable | bool + - ansible_distribution_major_version is version('9', '>=') - name: "evolinux custom http_access (Debian 9 or later)" copy: @@ -95,7 +101,9 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: + - not (squid_localproxy_enable | bool) + - ansible_distribution_major_version is version('9', '>=') - name: "evolinux overrides for local proxy (Debian 9 or later)" template: @@ -103,7 +111,9 @@ dest: /etc/squid/evolinux-custom.conf force: no notify: "reload squid" - when: squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') + when: + - squid_localproxy_enable | bool + - ansible_distribution_major_version is version('9', '>=') - name: "evolinux custom overrides (Debian 9 or later)" copy: @@ -111,7 +121,9 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: + - not (squid_localproxy_enable | bool) + - ansible_distribution_major_version is version('9', '>=') - name: add some URL in whitelist (Debian 8) lineinfile: diff --git a/squid/tasks/systemd.yml b/squid/tasks/systemd.yml index 4d06fa5d..b3782d99 100644 --- a/squid/tasks/systemd.yml +++ b/squid/tasks/systemd.yml @@ -29,4 +29,4 @@ daemon_reload: yes when: - _squid_systemd_active.rc == 0 - - _squid_systemd_override.changed + - _squid_systemd_override is changed diff --git a/supervisord/tasks/main.yml b/supervisord/tasks/main.yml index 17d7737a..b35bd03f 100644 --- a/supervisord/tasks/main.yml +++ b/supervisord/tasks/main.yml @@ -12,6 +12,6 @@ mode: "0644" force: no notify: restart supervisor - when: supervisord_enable_http + when: supervisord_enable_http | bool tags: - supervisord diff --git a/tomcat-instance/tasks/check.yml b/tomcat-instance/tasks/check.yml index 3c2319d0..eff9d236 100644 --- a/tomcat-instance/tasks/check.yml +++ b/tomcat-instance/tasks/check.yml @@ -8,7 +8,7 @@ register: check_port_gid changed_when: false failed_when: - - check_port_gid|success + - check_port_gid | success - check_port_gid.stdout != "{{ tomcat_instance_name }}" - name: Check use of uid @@ -16,7 +16,7 @@ register: check_port_uid changed_when: false failed_when: - - check_port_uid|success + - check_port_uid | success - check_port_uid.stdout != "{{ tomcat_instance_name }}" #- name: Check use of http port diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml index 64244799..d4fc8521 100644 --- a/tomcat-instance/tasks/user.yml +++ b/tomcat-instance/tasks/user.yml @@ -2,7 +2,7 @@ - fail: msg: "You must provide a value for the 'tomcat_instance_port' variable." - when: tomcat_instance_port is not defined or tomcat_instance_port == '' + when: tomcat_instance_port is not defined or tomcat_instance_port | length == 0 - name: "Test if uid '{{ tomcat_instance_port }}' exists" diff --git a/webapps/evoadmin-mail/tasks/apache.yml b/webapps/evoadmin-mail/tasks/apache.yml index e83fc09d..f975c5f9 100644 --- a/webapps/evoadmin-mail/tasks/apache.yml +++ b/webapps/evoadmin-mail/tasks/apache.yml @@ -13,7 +13,7 @@ dest: "/etc/apache2/sites-enabled/evoadminmail.conf" state: link notify: reload apache2 - when: evoadminmail_enable_vhost + when: evoadminmail_enable_vhost | bool tags: - evoadmin-mail @@ -22,6 +22,6 @@ dest: "/etc/apache2/sites-enabled/evoadminmail.conf" state: absent notify: reload apache2 - when: not evoadminmail_enable_vhost + when: not (evoadminmail_enable_vhost | bool) tags: - evoadmin-mail diff --git a/webapps/evoadmin-mail/tasks/nginx.yml b/webapps/evoadmin-mail/tasks/nginx.yml index 5ede64e7..6804984d 100644 --- a/webapps/evoadmin-mail/tasks/nginx.yml +++ b/webapps/evoadmin-mail/tasks/nginx.yml @@ -21,7 +21,7 @@ dest: "/etc/nginx/sites-enabled/evoadminmail.conf" state: link notify: reload nginx - when: evoadminmail_enable_vhost + when: evoadminmail_enable_vhost | bool tags: - evoadmin-mail @@ -30,6 +30,6 @@ dest: "/etc/nginx/sites-enabled/evoadminmail.conf" state: absent notify: reload nginx - when: not evoadminmail_enable_vhost + when: not (evoadminmail_enable_vhost | bool) tags: - evoadmin-mail diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index c03ef979..1acb2aa5 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -3,7 +3,7 @@ - name: "Ensure that evoadmin_contact_email is defined" fail: msg: Please configure var evoadmin_contact_email - when: evoadmin_contact_email is none + when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0 - include: packages.yml diff --git a/webapps/evoadmin-web/tasks/web.yml b/webapps/evoadmin-web/tasks/web.yml index 251af4ea..dc5eb8a3 100644 --- a/webapps/evoadmin-web/tasks/web.yml +++ b/webapps/evoadmin-web/tasks/web.yml @@ -47,14 +47,14 @@ register: cmd_a2ensite changed_when: "'Enabling site' in cmd_a2ensite.stdout" notify: reload apache2 - when: evoadmin_enable_vhost + when: evoadmin_enable_vhost | bool - name: Disable evoadmin vhost command: "a2dissite evoadmin.conf" register: cmd_a2dissite changed_when: "'Disabling site' in cmd_a2dissite.stdout" notify: reload apache2 - when: not evoadmin_enable_vhost + when: not (evoadmin_enable_vhost | bool) - name: Copy htpasswd for evoadmin template: @@ -72,7 +72,7 @@ - "templates/evoadmin-web/htpasswd.j2" - "templates/htpasswd.j2" register: evoadmin_htpasswd_template - when: evoadmin_htpasswd + when: evoadmin_htpasswd | bool - name: Copy config file for evoadmin template: diff --git a/webapps/nextcloud/tasks/config.yml b/webapps/nextcloud/tasks/config.yml index a4e3a3e7..85142726 100644 --- a/webapps/nextcloud/tasks/config.yml +++ b/webapps/nextcloud/tasks/config.yml @@ -15,7 +15,7 @@ tags: - nextcloud - when: nextcloud_admin_password == "" + when: nextcloud_admin_password | length == 0 - name: Get Nextcloud Status shell: "php ./occ status --output json | grep -v 'Nextcloud is not installed'" diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml index db94b9f4..e1f442c0 100644 --- a/webapps/wordpress/tasks/main.yml +++ b/webapps/wordpress/tasks/main.yml @@ -55,13 +55,13 @@ register: check_version check_mode: no failed_when: false - changed_when: check_version.rc + changed_when: check_version.rc == 1 - name: Update Wordpress shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}' args: removes: "{{ ansible_env.HOME }}/www/index.php" - when: check_version.rc + when: check_version.rc == 1 - name: Install default plugin shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}'