evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Delete OpenBSD stuff (mv to another repo), ansible-roles is now Linux-specific (even Debian-specific)

This commit is contained in:
Gregory Colpart 2017-08-29 03:09:57 +02:00
parent 8cfa0a6ef2
commit 4a81d12d03
14 changed files with 133 additions and 357 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc-git/tasks/main.yml
View File

@ -4,13 +4,6 @@
apt: apt:
name: git name: git
state: present state: present
when: ansible_os_family == "Debian"
- name: Git is installed (OpenBSD)
openbsd_pkg:
name: git
state: present
when: ansible_os_family == "OpenBSD"
- name: /etc is versioned with git - name: /etc is versioned with git
command: "git init ." command: "git init ."

1
evocheck/README.md
View File

@ -5,7 +5,6 @@ Install and run evocheck ; a script for checking various settings automatically.
## Tasks ## Tasks
The roles does not install evocheck by default as it should be installed through dependencies. The roles does not install evocheck by default as it should be installed through dependencies.
For OpenBSD, it should be packaged, but the work is not done yet.
A separate `exec.yml` file can be imported manually in playbooks or roles to execute the script. Example : A separate `exec.yml` file can be imported manually in playbooks or roles to execute the script. Example :

87
munin/tasks/debian.yml
View File

@ -1,87 +0,0 @@
---
- name: Ensure that Munin is installed
apt:
name: '{{ item }}'
state: present
with_items:
- munin
- munin-node
- munin-plugins-core
- munin-plugins-extra
tags:
- munin
- packages
- block:
- name: Replace localdomain in Munin config
replace:
dest: /etc/munin/munin.conf
regexp: 'localhost.localdomain'
replace: '{{ ansible_fqdn }}'
notify: restart munin-node
- name: Rename the localdomain data dir
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
args:
creates: /var/lib/munin/{{ ansible_domain }}
removes: /var/lib/munin/localdomain
notify: restart munin-node
when: not ansible_hostname == "localdomain"
tags:
- munin
- name: Ensure some Munin plugins are disabled
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
with_items:
- http_loadtime
- exim_mailqueue
- exim_mailstats
- nfsd
- nfsd4
- nfs_client
- nfs4_client
notify: restart munin-node
tags:
- munin
- name: Ensure some Munin plugins are enabled
file:
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
- meminfo
- netstat_multi
- tcp
notify: restart munin-node
tags:
- munin
- name: Enable sensors plugin unless VM detected
file:
src: /usr/share/munin/plugins/sensors_
dest: /etc/munin/plugins/sensors_temp
state: link
when: ansible_virtualization_role != "guest"
notify: restart munin-node
tags:
- munin
- name: adjustments for grsec kernel
blockinfile:
dest: /etc/munin/plugin-conf.d/munin-node
block: |
[processes]
user root
[vmstat]
user root
[swap]
user root
when: ansible_kernel | search("-grs-")

89
munin/tasks/main.yml
View File

@ -1,6 +1,87 @@
--- ---
- include: debian.yml
when: ansible_os_family == "Debian"
- include: openbsd.yml - name: Ensure that Munin is installed
when: ansible_os_family == "OpenBSD" apt:
name: '{{ item }}'
state: present
with_items:
- munin
- munin-node
- munin-plugins-core
- munin-plugins-extra
tags:
- munin
- packages
- block:
- name: Replace localdomain in Munin config
replace:
dest: /etc/munin/munin.conf
regexp: 'localhost.localdomain'
replace: '{{ ansible_fqdn }}'
notify: restart munin-node
- name: Rename the localdomain data dir
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
args:
creates: /var/lib/munin/{{ ansible_domain }}
removes: /var/lib/munin/localdomain
notify: restart munin-node
when: not ansible_hostname == "localdomain"
tags:
- munin
- name: Ensure some Munin plugins are disabled
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
with_items:
- http_loadtime
- exim_mailqueue
- exim_mailstats
- nfsd
- nfsd4
- nfs_client
- nfs4_client
notify: restart munin-node
tags:
- munin
- name: Ensure some Munin plugins are enabled
file:
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
- meminfo
- netstat_multi
- tcp
notify: restart munin-node
tags:
- munin
- name: Enable sensors plugin unless VM detected
file:
src: /usr/share/munin/plugins/sensors_
dest: /etc/munin/plugins/sensors_temp
state: link
when: ansible_virtualization_role != "guest"
notify: restart munin-node
tags:
- munin
- name: adjustments for grsec kernel
blockinfile:
dest: /etc/munin/plugin-conf.d/munin-node
block: |
[processes]
user root
[vmstat]
user root
[swap]
user root
when: ansible_kernel | search("-grs-")

100
munin/tasks/openbsd.yml
View File

@ -1,100 +0,0 @@
---
- name: Ensure that Munin is installed
openbsd_pkg:
name: '{{ item }}'
state: present
with_items:
- munin-server
- munin-node
tags:
- munin
- packages
- name: Set munin.conf file
template:
src: munin.conf.j2
dest: /etc/munin/munin.conf
mode: "0644"
tags:
- munin
- name: Create munin www directory
file:
path: '{{ munin_dir }}'
state: directory
owner: _munin
group: www
mode: "0755"
tags:
- munin
- name: Set munin-node config
template:
src: munin-node.conf.j2
dest: /etc/munin/munin-node.conf
mode: "0644"
notify: restart munin_node
tags:
- munin
- name: Install munin cron
copy:
src: "crontab"
dest: "/var/cron/tabs/_munin"
owner: "_munin"
group: "crontab"
tags:
- munin
- name: Enable munin plugins
file:
src: "/usr/local/libexec/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
- cpu
- df
- df_inode
- load
- memory
- munin_stats
- netstat
- open_files
- pf_changes
- pf_searches
- pf_states
- processes
- systat
- uptime
- users
- vmstat
notify: restart munin_node
tags:
- munin
- name: Enable network graphs
file:
src: "/usr/local/libexec/munin/plugins/if_"
dest: "/etc/munin/plugins/if_{{ item }}"
state: link
notify: restart munin_node
with_items: "{{ ansible_interfaces }}"
- name: Enable sensors plugin unless VM detected
file:
src: /usr/local/libexec/munin/plugins/sensors_
dest: /etc/munin/plugins/sensors_temp
state: link
when: ansible_vio0 is undefined
notify: restart munin_node
tags:
- munin
- name: Activating munin_node
service:
name: munin_node
enabled: yes
state: started
tags:
- munin

51
nagios-nrpe/tasks/debian.yml
View File

@ -1,51 +0,0 @@
---
- name: packages are installed
apt:
name: "{{ item }}"
state: present
with_items:
- nagios-nrpe-server
- nagios-plugins
- nagios-plugins-basic
- nagios-plugins-common
- nagios-plugins-contrib
- nagios-plugins-standard
- name: custom configuration is present
template:
src: evolix.cfg.j2
dest: /etc/nagios/nrpe.d/evolix.cfg
group: nagios
mode: "0640"
notify: restart nagios-nrpe-server
- name: Nagios config is secured
file:
dest: /etc/nagios/
mode: "0750"
group: nagios
state: directory
notify: restart nagios-nrpe-server
- include: remount_usr_rw.yml
when: nagios_plugins_directory | search ("/usr")
tags:
- nagios-plugins
- name: Nagios plugins are installed
copy:
src: plugins/
dest: "{{ nagios_plugins_directory }}/"
mode: "0755"
notify: restart nagios-nrpe-server
tags:
- nagios-plugins
- name: Nagios lib is secured
file:
dest: /usr/local/lib/nagios/
mode: "0755"
group: nagios
recurse: yes
state: directory
notify: restart nagios-nrpe-server

55
nagios-nrpe/tasks/main.yml
View File

@ -1,10 +1,51 @@
--- ---
- include: debian.yml - name: packages are installed
when: ansible_os_family == "Debian" apt:
tags: name: "{{ item }}"
- nagios state: present
with_items:
- nagios-nrpe-server
- nagios-plugins
- nagios-plugins-basic
- nagios-plugins-common
- nagios-plugins-contrib
- nagios-plugins-standard
- include: openbsd.yml - name: custom configuration is present
when: ansible_os_family == "OpenBSD" template:
src: evolix.cfg.j2
dest: /etc/nagios/nrpe.d/evolix.cfg
group: nagios
mode: "0640"
notify: restart nagios-nrpe-server
- name: Nagios config is secured
file:
dest: /etc/nagios/
mode: "0750"
group: nagios
state: directory
notify: restart nagios-nrpe-server
- include: remount_usr_rw.yml
when: nagios_plugins_directory | search ("/usr")
tags: tags:
- nagios - nagios-plugins
- name: Nagios plugins are installed
copy:
src: plugins/
dest: "{{ nagios_plugins_directory }}/"
mode: "0755"
notify: restart nagios-nrpe-server
tags:
- nagios-plugins
- name: Nagios lib is secured
file:
dest: /usr/local/lib/nagios/
mode: "0755"
group: nagios
recurse: yes
state: directory
notify: restart nagios-nrpe-server

42
nagios-nrpe/tasks/openbsd.yml
View File

@ -1,42 +0,0 @@
---
- name: packages are installed
openbsd_pkg:
name: "{{ item }}"
state: present
with_items:
- nrpe--
- monitoring-plugins
- name: Create nrpe.d dir
file:
path: /etc/nrpe.d
state: directory
owner: root
group: wheel
mode: "0755"
- name: Include nrpe.d dir in nrpe.cfg
lineinfile:
dest: /etc/nrpe.cfg
line: 'include_dir=/etc/nrpe.d'
- name: custom configuration is present
template:
src: evolix_bsd.cfg.j2
dest: /etc/nrpe.d/evolix.cfg
notify: restart nrpe
- name: Nagios plugins are installed
copy:
src: plugins_bsd/
dest: /usr/local/libexec/nagios/plugins/
owner: root
group: wheel
mode: "0755"
notify: restart nrpe
- name: Starting and enabling nrpe
service:
name: nrpe
enabled: yes
state: started

5
newsyslog/README.md
View File

@ -1,5 +0,0 @@
Role Name
=========
Configure newsyslog by Evolix standard

15
newsyslog/files/newsyslog.conf
View File

@ -1,15 +0,0 @@
# Syslog for Pack Evolix
# MANAGED BY ANSIBLE, MODIFICATIONS WILL BE LOST
# logfile_name owner:group mode count size when flags
/var/cron/log root:wheel 600 52 * 168 Z
/var/log/authlog root:wheel 640 52 * 168 Z
/var/log/daemon 640 52 * 168 Z
/var/log/lpd-errs 640 7 * 24 Z
/var/log/maillog 640 52 * 168 Z
/var/log/messages 644 52 * 168 Z
/var/log/secure 600 52 * 168 Z
/var/log/wtmp 644 7 * $W6D4 ZB
/var/log/xferlog 640 7 250 * Z
/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd"
/var/www/logs/access.log 644 4 * $W0 Z "pkill -USR1 -u root -U root -x httpd"
/var/www/logs/error.log 644 7 250 * Z "pkill -USR1 -u root -U root -x httpd"

15
newsyslog/meta/main.yml
View File

@ -1,15 +0,0 @@
galaxy_info:
author: Evolix
description: Basic configuration of newsyslog
issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
license: GPLv2
min_ansible_version: 2.2
platforms:
- name: OpenBSD
versions:
- 6.1

7
newsyslog/tasks/main.yml
View File

@ -1,7 +0,0 @@
---
#- include: debian.yml
# when: ansible_os_family == "Debian"
- include: openbsd.yml
when: ansible_os_family == "OpenBSD"

12
newsyslog/tasks/openbsd.yml
View File

@ -1,12 +0,0 @@
---
# no need to enable any daemon, it's run (by default) with cron(8)
- name: Configuring newsyslog
copy:
src: newsyslog.conf
dest: /etc/newsyslog.conf
owner: root
group: wheel
mode: "0644"
tags:
- log
- newsyslog

4
unbound/templates/unbound.conf.j2
View File

@ -15,11 +15,7 @@ server:
# root-hints: "/var/unbound/etc/named.cache" # root-hints: "/var/unbound/etc/named.cache"
# Uncomment to enable DNSSEC validation. # Uncomment to enable DNSSEC validation.
{% if ansible_os_family == "OpenBSD" %}
auto-trust-anchor-file: "/var/unbound/db/root.key"
{% else %}
#auto-trust-anchor-file: "/etc/unbound/root.key" #auto-trust-anchor-file: "/etc/unbound/root.key"
{% endif %}
# Serve zones authoritatively from Unbound to resolver clients. # Serve zones authoritatively from Unbound to resolver clients.
# Not for external service. # Not for external service.