From 4a81d12d03a13f609ba13dfb7f406751796bfdd4 Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Tue, 29 Aug 2017 03:09:57 +0200 Subject: [PATCH] Delete OpenBSD stuff (mv to another repo), ansible-roles is now Linux-specific (even Debian-specific) --- etc-git/tasks/main.yml | 7 --- evocheck/README.md | 1 - munin/tasks/debian.yml | 87 -------------------------- munin/tasks/main.yml | 89 ++++++++++++++++++++++++-- munin/tasks/openbsd.yml | 100 ------------------------------ nagios-nrpe/tasks/debian.yml | 51 --------------- nagios-nrpe/tasks/main.yml | 55 +++++++++++++--- nagios-nrpe/tasks/openbsd.yml | 42 ------------- newsyslog/README.md | 5 -- newsyslog/files/newsyslog.conf | 15 ----- newsyslog/meta/main.yml | 15 ----- newsyslog/tasks/main.yml | 7 --- newsyslog/tasks/openbsd.yml | 12 ---- unbound/templates/unbound.conf.j2 | 4 -- 14 files changed, 133 insertions(+), 357 deletions(-) delete mode 100644 munin/tasks/debian.yml delete mode 100644 munin/tasks/openbsd.yml delete mode 100644 nagios-nrpe/tasks/debian.yml delete mode 100644 nagios-nrpe/tasks/openbsd.yml delete mode 100644 newsyslog/README.md delete mode 100644 newsyslog/files/newsyslog.conf delete mode 100644 newsyslog/meta/main.yml delete mode 100644 newsyslog/tasks/main.yml delete mode 100644 newsyslog/tasks/openbsd.yml diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index a958bacc..58bf52f2 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -4,13 +4,6 @@ apt: name: git state: present - when: ansible_os_family == "Debian" - -- name: Git is installed (OpenBSD) - openbsd_pkg: - name: git - state: present - when: ansible_os_family == "OpenBSD" - name: /etc is versioned with git command: "git init ." diff --git a/evocheck/README.md b/evocheck/README.md index 4a0e80de..b669fe54 100644 --- a/evocheck/README.md +++ b/evocheck/README.md @@ -5,7 +5,6 @@ Install and run evocheck ; a script for checking various settings automatically. ## Tasks The roles does not install evocheck by default as it should be installed through dependencies. -For OpenBSD, it should be packaged, but the work is not done yet. A separate `exec.yml` file can be imported manually in playbooks or roles to execute the script. Example : diff --git a/munin/tasks/debian.yml b/munin/tasks/debian.yml deleted file mode 100644 index cec24e62..00000000 --- a/munin/tasks/debian.yml +++ /dev/null @@ -1,87 +0,0 @@ ---- - -- name: Ensure that Munin is installed - apt: - name: '{{ item }}' - state: present - with_items: - - munin - - munin-node - - munin-plugins-core - - munin-plugins-extra - tags: - - munin - - packages - -- block: - - name: Replace localdomain in Munin config - replace: - dest: /etc/munin/munin.conf - regexp: 'localhost.localdomain' - replace: '{{ ansible_fqdn }}' - notify: restart munin-node - - - name: Rename the localdomain data dir - command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} - args: - creates: /var/lib/munin/{{ ansible_domain }} - removes: /var/lib/munin/localdomain - notify: restart munin-node - - when: not ansible_hostname == "localdomain" - tags: - - munin - -- name: Ensure some Munin plugins are disabled - file: - path: '/etc/munin/plugins/{{ item }}' - state: absent - with_items: - - http_loadtime - - exim_mailqueue - - exim_mailstats - - nfsd - - nfsd4 - - nfs_client - - nfs4_client - notify: restart munin-node - tags: - - munin - -- name: Ensure some Munin plugins are enabled - file: - src: "/usr/share/munin/plugins/{{ item }}" - dest: "/etc/munin/plugins/{{ item }}" - state: link - with_items: - - meminfo - - netstat_multi - - tcp - notify: restart munin-node - tags: - - munin - -- name: Enable sensors plugin unless VM detected - file: - src: /usr/share/munin/plugins/sensors_ - dest: /etc/munin/plugins/sensors_temp - state: link - when: ansible_virtualization_role != "guest" - notify: restart munin-node - tags: - - munin - -- name: adjustments for grsec kernel - blockinfile: - dest: /etc/munin/plugin-conf.d/munin-node - block: | - - [processes] - user root - - [vmstat] - user root - - [swap] - user root - when: ansible_kernel | search("-grs-") diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index bb765176..cec24e62 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -1,6 +1,87 @@ --- -- include: debian.yml - when: ansible_os_family == "Debian" -- include: openbsd.yml - when: ansible_os_family == "OpenBSD" +- name: Ensure that Munin is installed + apt: + name: '{{ item }}' + state: present + with_items: + - munin + - munin-node + - munin-plugins-core + - munin-plugins-extra + tags: + - munin + - packages + +- block: + - name: Replace localdomain in Munin config + replace: + dest: /etc/munin/munin.conf + regexp: 'localhost.localdomain' + replace: '{{ ansible_fqdn }}' + notify: restart munin-node + + - name: Rename the localdomain data dir + command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} + args: + creates: /var/lib/munin/{{ ansible_domain }} + removes: /var/lib/munin/localdomain + notify: restart munin-node + + when: not ansible_hostname == "localdomain" + tags: + - munin + +- name: Ensure some Munin plugins are disabled + file: + path: '/etc/munin/plugins/{{ item }}' + state: absent + with_items: + - http_loadtime + - exim_mailqueue + - exim_mailstats + - nfsd + - nfsd4 + - nfs_client + - nfs4_client + notify: restart munin-node + tags: + - munin + +- name: Ensure some Munin plugins are enabled + file: + src: "/usr/share/munin/plugins/{{ item }}" + dest: "/etc/munin/plugins/{{ item }}" + state: link + with_items: + - meminfo + - netstat_multi + - tcp + notify: restart munin-node + tags: + - munin + +- name: Enable sensors plugin unless VM detected + file: + src: /usr/share/munin/plugins/sensors_ + dest: /etc/munin/plugins/sensors_temp + state: link + when: ansible_virtualization_role != "guest" + notify: restart munin-node + tags: + - munin + +- name: adjustments for grsec kernel + blockinfile: + dest: /etc/munin/plugin-conf.d/munin-node + block: | + + [processes] + user root + + [vmstat] + user root + + [swap] + user root + when: ansible_kernel | search("-grs-") diff --git a/munin/tasks/openbsd.yml b/munin/tasks/openbsd.yml deleted file mode 100644 index fc9a1027..00000000 --- a/munin/tasks/openbsd.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- - -- name: Ensure that Munin is installed - openbsd_pkg: - name: '{{ item }}' - state: present - with_items: - - munin-server - - munin-node - tags: - - munin - - packages - -- name: Set munin.conf file - template: - src: munin.conf.j2 - dest: /etc/munin/munin.conf - mode: "0644" - tags: - - munin - -- name: Create munin www directory - file: - path: '{{ munin_dir }}' - state: directory - owner: _munin - group: www - mode: "0755" - tags: - - munin - -- name: Set munin-node config - template: - src: munin-node.conf.j2 - dest: /etc/munin/munin-node.conf - mode: "0644" - notify: restart munin_node - tags: - - munin - -- name: Install munin cron - copy: - src: "crontab" - dest: "/var/cron/tabs/_munin" - owner: "_munin" - group: "crontab" - tags: - - munin - -- name: Enable munin plugins - file: - src: "/usr/local/libexec/munin/plugins/{{ item }}" - dest: "/etc/munin/plugins/{{ item }}" - state: link - with_items: - - cpu - - df - - df_inode - - load - - memory - - munin_stats - - netstat - - open_files - - pf_changes - - pf_searches - - pf_states - - processes - - systat - - uptime - - users - - vmstat - notify: restart munin_node - tags: - - munin - -- name: Enable network graphs - file: - src: "/usr/local/libexec/munin/plugins/if_" - dest: "/etc/munin/plugins/if_{{ item }}" - state: link - notify: restart munin_node - with_items: "{{ ansible_interfaces }}" - -- name: Enable sensors plugin unless VM detected - file: - src: /usr/local/libexec/munin/plugins/sensors_ - dest: /etc/munin/plugins/sensors_temp - state: link - when: ansible_vio0 is undefined - notify: restart munin_node - tags: - - munin - -- name: Activating munin_node - service: - name: munin_node - enabled: yes - state: started - tags: - - munin diff --git a/nagios-nrpe/tasks/debian.yml b/nagios-nrpe/tasks/debian.yml deleted file mode 100644 index dbb73903..00000000 --- a/nagios-nrpe/tasks/debian.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: packages are installed - apt: - name: "{{ item }}" - state: present - with_items: - - nagios-nrpe-server - - nagios-plugins - - nagios-plugins-basic - - nagios-plugins-common - - nagios-plugins-contrib - - nagios-plugins-standard - -- name: custom configuration is present - template: - src: evolix.cfg.j2 - dest: /etc/nagios/nrpe.d/evolix.cfg - group: nagios - mode: "0640" - notify: restart nagios-nrpe-server - -- name: Nagios config is secured - file: - dest: /etc/nagios/ - mode: "0750" - group: nagios - state: directory - notify: restart nagios-nrpe-server - -- include: remount_usr_rw.yml - when: nagios_plugins_directory | search ("/usr") - tags: - - nagios-plugins - -- name: Nagios plugins are installed - copy: - src: plugins/ - dest: "{{ nagios_plugins_directory }}/" - mode: "0755" - notify: restart nagios-nrpe-server - tags: - - nagios-plugins - -- name: Nagios lib is secured - file: - dest: /usr/local/lib/nagios/ - mode: "0755" - group: nagios - recurse: yes - state: directory - notify: restart nagios-nrpe-server diff --git a/nagios-nrpe/tasks/main.yml b/nagios-nrpe/tasks/main.yml index e723d322..dbb73903 100644 --- a/nagios-nrpe/tasks/main.yml +++ b/nagios-nrpe/tasks/main.yml @@ -1,10 +1,51 @@ --- -- include: debian.yml - when: ansible_os_family == "Debian" - tags: - - nagios +- name: packages are installed + apt: + name: "{{ item }}" + state: present + with_items: + - nagios-nrpe-server + - nagios-plugins + - nagios-plugins-basic + - nagios-plugins-common + - nagios-plugins-contrib + - nagios-plugins-standard -- include: openbsd.yml - when: ansible_os_family == "OpenBSD" +- name: custom configuration is present + template: + src: evolix.cfg.j2 + dest: /etc/nagios/nrpe.d/evolix.cfg + group: nagios + mode: "0640" + notify: restart nagios-nrpe-server + +- name: Nagios config is secured + file: + dest: /etc/nagios/ + mode: "0750" + group: nagios + state: directory + notify: restart nagios-nrpe-server + +- include: remount_usr_rw.yml + when: nagios_plugins_directory | search ("/usr") tags: - - nagios + - nagios-plugins + +- name: Nagios plugins are installed + copy: + src: plugins/ + dest: "{{ nagios_plugins_directory }}/" + mode: "0755" + notify: restart nagios-nrpe-server + tags: + - nagios-plugins + +- name: Nagios lib is secured + file: + dest: /usr/local/lib/nagios/ + mode: "0755" + group: nagios + recurse: yes + state: directory + notify: restart nagios-nrpe-server diff --git a/nagios-nrpe/tasks/openbsd.yml b/nagios-nrpe/tasks/openbsd.yml deleted file mode 100644 index 5229778e..00000000 --- a/nagios-nrpe/tasks/openbsd.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: packages are installed - openbsd_pkg: - name: "{{ item }}" - state: present - with_items: - - nrpe-- - - monitoring-plugins - -- name: Create nrpe.d dir - file: - path: /etc/nrpe.d - state: directory - owner: root - group: wheel - mode: "0755" - -- name: Include nrpe.d dir in nrpe.cfg - lineinfile: - dest: /etc/nrpe.cfg - line: 'include_dir=/etc/nrpe.d' - -- name: custom configuration is present - template: - src: evolix_bsd.cfg.j2 - dest: /etc/nrpe.d/evolix.cfg - notify: restart nrpe - -- name: Nagios plugins are installed - copy: - src: plugins_bsd/ - dest: /usr/local/libexec/nagios/plugins/ - owner: root - group: wheel - mode: "0755" - notify: restart nrpe - -- name: Starting and enabling nrpe - service: - name: nrpe - enabled: yes - state: started diff --git a/newsyslog/README.md b/newsyslog/README.md deleted file mode 100644 index 2b974979..00000000 --- a/newsyslog/README.md +++ /dev/null @@ -1,5 +0,0 @@ -Role Name -========= - -Configure newsyslog by Evolix standard - diff --git a/newsyslog/files/newsyslog.conf b/newsyslog/files/newsyslog.conf deleted file mode 100644 index 5b51ebc8..00000000 --- a/newsyslog/files/newsyslog.conf +++ /dev/null @@ -1,15 +0,0 @@ -# Syslog for Pack Evolix -# MANAGED BY ANSIBLE, MODIFICATIONS WILL BE LOST -# logfile_name owner:group mode count size when flags -/var/cron/log root:wheel 600 52 * 168 Z -/var/log/authlog root:wheel 640 52 * 168 Z -/var/log/daemon 640 52 * 168 Z -/var/log/lpd-errs 640 7 * 24 Z -/var/log/maillog 640 52 * 168 Z -/var/log/messages 644 52 * 168 Z -/var/log/secure 600 52 * 168 Z -/var/log/wtmp 644 7 * $W6D4 ZB -/var/log/xferlog 640 7 250 * Z -/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" -/var/www/logs/access.log 644 4 * $W0 Z "pkill -USR1 -u root -U root -x httpd" -/var/www/logs/error.log 644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" diff --git a/newsyslog/meta/main.yml b/newsyslog/meta/main.yml deleted file mode 100644 index a6ad9ab5..00000000 --- a/newsyslog/meta/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -galaxy_info: - author: Evolix - description: Basic configuration of newsyslog - - issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues - - license: GPLv2 - - min_ansible_version: 2.2 - - platforms: - - name: OpenBSD - versions: - - 6.1 - diff --git a/newsyslog/tasks/main.yml b/newsyslog/tasks/main.yml deleted file mode 100644 index a7ecf987..00000000 --- a/newsyslog/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- - -#- include: debian.yml -# when: ansible_os_family == "Debian" - -- include: openbsd.yml - when: ansible_os_family == "OpenBSD" diff --git a/newsyslog/tasks/openbsd.yml b/newsyslog/tasks/openbsd.yml deleted file mode 100644 index 28be4862..00000000 --- a/newsyslog/tasks/openbsd.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# no need to enable any daemon, it's run (by default) with cron(8) -- name: Configuring newsyslog - copy: - src: newsyslog.conf - dest: /etc/newsyslog.conf - owner: root - group: wheel - mode: "0644" - tags: - - log - - newsyslog diff --git a/unbound/templates/unbound.conf.j2 b/unbound/templates/unbound.conf.j2 index 2447ea41..73c03141 100644 --- a/unbound/templates/unbound.conf.j2 +++ b/unbound/templates/unbound.conf.j2 @@ -15,11 +15,7 @@ server: # root-hints: "/var/unbound/etc/named.cache" # Uncomment to enable DNSSEC validation. -{% if ansible_os_family == "OpenBSD" %} - auto-trust-anchor-file: "/var/unbound/db/root.key" -{% else %} #auto-trust-anchor-file: "/etc/unbound/root.key" -{% endif %} # Serve zones authoritatively from Unbound to resolver clients. # Not for external service.