Browse Source

Use 'loop' syntax instead of 'with_items'

pull/129/head
Jérémy Lecour 5 months ago
committed by Jérémy Lecour
parent
commit
5138065059
  1. 2
      CHANGELOG.md
  2. 6
      amazon-ec2/tasks/create-instance.yml
  3. 4
      apache/tasks/auth.yml
  4. 4
      apache/tasks/ip_whitelist.yml
  5. 6
      apache/tasks/main.yml
  6. 2
      apache/tasks/munin.yml
  7. 2
      apt/tasks/basics.yml
  8. 4
      apt/tasks/config.yml
  9. 4
      bind/tasks/munin.yml
  10. 4
      clamav/tasks/main.yml
  11. 2
      docker-host/tasks/main.yml
  12. 2
      dovecot/tasks/main.yml
  13. 2
      etc-git/tasks/repository.yml
  14. 4
      evoacme/tasks/conf.yml
  15. 2
      evoacme/tasks/scripts.yml
  16. 2
      evobackup-client/tasks/open_ssh_ports.yml
  17. 6
      evolinux-base/tasks/kernel.yml
  18. 2
      evolinux-base/tasks/packages.yml
  19. 4
      evolinux-base/tasks/postfix.yml
  20. 2
      evolinux-base/tasks/provider_orange_fce.yml
  21. 4
      evolinux-base/tasks/root.yml
  22. 4
      evolinux-base/tasks/system.yml
  23. 4
      evolinux-users/tasks/user.yml
  24. 2
      evomaintenance/tasks/install_vendor_debian.yml
  25. 2
      evomaintenance/tasks/install_vendor_openbsd.yml
  26. 2
      evomaintenance/tasks/minifirewall.yml
  27. 4
      fail2ban/tasks/main.yml
  28. 2
      filebeat/tasks/main.yml
  29. 2
      java/tasks/oracle.yml
  30. 2
      kibana/tasks/main.yml
  31. 2
      kvm-host/tasks/munin.yml
  32. 4
      kvm-host/tasks/ssh.yml
  33. 4
      ldap/tasks/nagios.yml
  34. 2
      lxc-php/tasks/php56.yml
  35. 2
      lxc-php/tasks/php70.yml
  36. 2
      lxc-php/tasks/php73.yml
  37. 4
      lxc-php/tasks/php74.yml
  38. 4
      lxc-solr/tasks/main.yml
  39. 2
      memcached/tasks/munin.yml
  40. 2
      metricbeat/tasks/main.yml
  41. 2
      minifirewall/tasks/config.yml
  42. 4
      mongodb/tasks/main_buster.yml
  43. 4
      munin/tasks/main.yml
  44. 4
      mysql-oracle/tasks/munin.yml
  45. 2
      mysql-oracle/tasks/nrpe.yml
  46. 2
      mysql-oracle/tasks/users.yml
  47. 4
      mysql/tasks/munin.yml
  48. 2
      mysql/tasks/nrpe.yml
  49. 2
      mysql/tasks/users_jessie.yml
  50. 2
      mysql/tasks/users_stretch.yml
  51. 4
      nameserver/tasks/main.yml
  52. 4
      newrelic/tasks/php.yml
  53. 4
      nginx/tasks/ip_whitelist.yml
  54. 4
      nginx/tasks/main.yml
  55. 2
      nginx/tasks/munin_graphs.yml
  56. 2
      opendkim/tasks/main.yml
  57. 4
      packweb-apache/tasks/apache.yml
  58. 8
      packweb-apache/tasks/fhs_retrictions.yml
  59. 7
      packweb-apache/tasks/main.yml
  60. 4
      php/tasks/config_apache.yml
  61. 4
      php/tasks/config_cli.yml
  62. 6
      php/tasks/config_fpm.yml
  63. 2
      php/tasks/main_buster.yml
  64. 2
      php/tasks/main_stretch.yml
  65. 6
      php/tasks/sury_post.yml
  66. 2
      postfix/tasks/common.yml
  67. 6
      postfix/tasks/packmail.yml
  68. 2
      postfix/tasks/slow_transport.yml
  69. 2
      postgresql/tasks/locales.yml
  70. 2
      postgresql/tasks/munin.yml
  71. 2
      postgresql/tasks/packages_jessie.yml
  72. 2
      postgresql/tests/test.yml
  73. 12
      proftpd/tasks/accounts.yml
  74. 4
      rbenv/tasks/main.yml
  75. 2
      redis/tasks/default-munin.yml
  76. 2
      redis/tasks/instance-munin.yml
  77. 8
      redis/tasks/instance-server.yml
  78. 4
      redmine/tasks/config.yml
  79. 2
      redmine/tasks/mysql.yml
  80. 12
      redmine/tasks/source.yml
  81. 2
      redmine/tasks/user.yml
  82. 4
      squid/tasks/main.yml
  83. 2
      squid/tasks/minifirewall.yml
  84. 2
      tomcat-instance/tasks/bootstrap.yml
  85. 2
      varnish/tasks/main.yml
  86. 2
      varnish/tasks/munin.yml
  87. 2
      vrrpd/tasks/main.yml
  88. 2
      webapps/evoadmin-web/tasks/packages.yml
  89. 2
      webapps/evoadmin-web/tasks/user.yml
  90. 2
      webapps/nextcloud/tasks/mysql.yml
  91. 2
      webapps/nextcloud/tasks/user.yml
  92. 2
      webapps/roundcube/tasks/main.yml
  93. 6
      webapps/wordpress/tasks/main.yml

2
CHANGELOG.md

@ -19,7 +19,7 @@ The **patch** part changes incrementally at each release.
### Changed
* Use 'loop' syntax instead of 'with_first_found'
* Use 'loop' syntax instead of 'with_first_found/with_items'
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
* evolinux-base: copy GPG key instead of using apt-key
* ntpd: Add leapfile configuration setting to ntpd on debian 10+

6
amazon-ec2/tasks/create-instance.yml

@ -21,11 +21,11 @@
groupname: launched-instances
ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"
- name: Wait for SSH to come up on all instances (give up after 2m)
wait_for:
@ -33,4 +33,4 @@
host: "{{item.public_dns_name}}"
port: 22
timeout: 120
with_items: "{{ec2.instances}}"
loop: "{{ec2.instances}}"

4
apache/tasks/auth.yml

@ -40,7 +40,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ apache_private_htpasswd_present }}"
loop: "{{ apache_private_htpasswd_present }}"
notify: reload apache
tags:
- apache
@ -50,7 +50,7 @@
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ apache_private_htpasswd_absent }}"
loop: "{{ apache_private_htpasswd_absent }}"
notify: reload apache
tags:
- apache

4
apache/tasks/ip_whitelist.yml

@ -5,7 +5,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
with_items: "{{ apache_ipaddr_whitelist_present }}"
loop: "{{ apache_ipaddr_whitelist_present }}"
notify: reload apache
tags:
- apache
@ -16,7 +16,7 @@
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent
with_items: "{{ apache_ipaddr_whitelist_absent }}"
loop: "{{ apache_ipaddr_whitelist_absent }}"
notify: reload apache
tags:
- apache

6
apache/tasks/main.yml

@ -42,7 +42,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- rewrite
- expires
- headers
@ -58,7 +58,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
@ -102,7 +102,7 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- z-evolinux-defaults.conf
- zzz-evolinux-custom.conf
notify: reload apache

2
apache/tasks/munin.yml

@ -15,7 +15,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- apache_accesses
- apache_processes
- apache_volume

2
apt/tasks/basics.yml

@ -14,7 +14,7 @@
file:
path: '{{ item }}'
state: absent
with_items:
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list

4
apt/tasks/config.yml

@ -8,7 +8,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
@ -23,7 +23,7 @@
create: yes
state: present
mode: "0640"
with_items:
loop:
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"

4
bind/tasks/munin.yml

@ -14,7 +14,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node
@ -30,7 +30,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- bind9
- bind9_rndc
notify: restart munin-node

4
clamav/tasks/main.yml

@ -5,7 +5,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
@ -57,7 +57,7 @@
question: "{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type }}"
with_items:
loop:
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }

2
docker-host/tasks/main.yml

@ -80,7 +80,7 @@
src: "{{ item }}.j2"
dest: "{{ docker_tls_path }}/{{ item }}"
mode: "0744"
with_items:
loop:
- shellpki.sh
- openssl.cnf
when: docker_tls_enabled

2
dovecot/tasks/main.yml

@ -24,7 +24,7 @@
line: "{{ item.key }} = {{ item.value }}"
regexp: "^#*{{ item.key }}"
state: present
with_items:
loop:
- { key: 'hosts', value: '127.0.0.1' }
- { key: 'auth_bind', value: 'yes' }
- { key: 'ldap_version', value: 3 }

2
etc-git/tasks/repository.yml

@ -46,7 +46,7 @@
lineinfile:
dest: "{{ repository_path }}/.gitignore"
line: "{{ item }}"
with_items: "{{ gitignore_items | default([]) }}"
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git

4
evoacme/tasks/conf.yml

@ -4,7 +4,7 @@
section: 'req'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
- { name: 'encrypt_key', var: 'yes' }
- { name: 'distinguished_name', var: 'req_dn' }
@ -16,7 +16,7 @@
section: 'req_dn'
option: "{{ item.name }}"
value: "{{ item.var }}"
with_items:
loop:
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }

2
evoacme/tasks/scripts.yml

@ -39,6 +39,6 @@
file:
path: "/usr/local/bin/{{ item }}"
state: absent
with_items:
loop:
- 'make-csr'
- 'evoacme'

2
evobackup-client/tasks/open_ssh_ports.yml

@ -14,7 +14,7 @@
marker: "# {mark} {{ item.name }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup_client__hosts }}"
loop: "{{ evobackup_client__hosts }}"
notify: restart minifirewall
when: evobackup_client__minifirewall.stat.exists
tags:

6
evolinux-base/tasks/kernel.yml

@ -7,7 +7,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: kernel.panic_on_oops, value: 1 }
- { name: kernel.panic, value: 60 }
when: evolinux_kernel_reboot_after_panic
@ -18,7 +18,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: absent
reload: yes
with_items:
loop:
- kernel.panic_on_oops
- kernel.panic
when: not evolinux_kernel_reboot_after_panic
@ -57,7 +57,7 @@
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
state: present
reload: yes
with_items:
loop:
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }

2
evolinux-base/tasks/packages.yml

@ -128,7 +128,7 @@
dest: /etc/apt/listchanges.conf
regexp: '^{{ item.option }}\s*='
line: "{{ item.option }}={{ item.value }}"
with_items:
loop:
- { option: "confirm", value: "1" }
- { option: "which", value: "both" }
when:

4
evolinux-base/tasks/postfix.yml

@ -45,7 +45,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items: "{{ non_root_users_list.stdout_lines }}"
loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases
when: evolinux_postfix_users_alias_root
tags:
@ -56,7 +56,7 @@
dest: /etc/aliases
regexp: "^{{ item }}:.*"
line: "{{ item }}: root"
with_items:
loop:
- postmaster
- abuse
- mailer-daemon

2
evolinux-base/tasks/provider_orange_fce.yml

@ -5,7 +5,7 @@
sysctl_file: /etc/sysctl.d/evolinux_fce.conf
state: present
reload: yes
with_items:
loop:
- { name: net.ipv4.tcp_keepalive_time, value: 250 }
- { name: net.ipv4.tcp_keepalive_intvl, value: 60 }
- { name: net.ipv6.conf.all.disable_ipv6, value: 1 }

4
evolinux-base/tasks/root.yml

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth,erasedups"
- "export HISTSIZE=65535"
- "export HISTTIMEFORMAT=\"%c : \""
@ -79,7 +79,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "syntax on"
- "set background=dark"
- "set expandtab"

4
evolinux-base/tasks/system.yml

@ -13,7 +13,7 @@
line: "{{ item }}"
create: yes
state: present
with_items:
loop:
- "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1"
- "fr_FR.UTF-8 UTF-8"
@ -112,7 +112,7 @@
dest: /etc/crontab
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
with_items:
loop:
- { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' }
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }

4
evolinux-users/tasks/user.yml

@ -120,7 +120,7 @@
- name: "Secondary Unix groups are present"
group:
name: "{{ group }}"
with_items: "{{ user.groups }}"
loop: "{{ user.groups }}"
loop_control:
loop_var: group
when:
@ -184,7 +184,7 @@
user: "{{ user.name }}"
key: "{{ ssk_key }}"
state: present
with_items: "{{ user.ssh_keys }}"
loop: "{{ user.ssh_keys }}"
loop_control:
loop_var: ssk_key
when: user.ssh_keys is defined

2
evomaintenance/tasks/install_vendor_debian.yml

@ -42,7 +42,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

2
evomaintenance/tasks/install_vendor_openbsd.yml

@ -28,7 +28,7 @@
mode: "{{ item.mode }}"
force: yes
backup: yes
with_items:
loop:
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
tags:

2
evomaintenance/tasks/minifirewall.yml

@ -12,7 +12,7 @@
dest: /etc/default/minifirewall
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
notify: "{{ minifirewall_restart_handler_name }}"
when: minifirewall_default_file.stat.exists
tags:

4
fail2ban/tasks/main.yml

@ -9,7 +9,7 @@
owner: root
group: root
mode: "0755"
with_items:
loop:
- "/etc/fail2ban"
- "/etc/fail2ban/filter.d"
tags:
@ -52,7 +52,7 @@
src: "{{ item }}"
dest: /etc/fail2ban/filter.d/
mode: "0644"
with_items:
loop:
- dovecot-evolix.conf
- sasl-evolix.conf
- wordpress-soft.conf

2
filebeat/tasks/main.yml

@ -120,7 +120,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ filebeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
notify: restart filebeat

2
java/tasks/oracle.yml

@ -13,7 +13,7 @@
path: "{{ item }}"
state: directory
mode: "0777"
with_items:
loop:
- /srv/java-package
- /srv/java-package/src
- /srv/java-package/tmp

2
kibana/tasks/main.yml

@ -107,7 +107,7 @@
# args:
# creates: "/var/lib/kibana/{{ item }}"
# notify: restart kibana
# with_items:
# loop:
# - optimize
# - data

2
kvm-host/tasks/munin.yml

@ -5,7 +5,7 @@
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/libvirt/{{ item }}"
dest: "/etc/munin/plugins/"
mode: "0755"
with_items:
loop:
- kvm_cpu
- kvm_io
- kvm_mem

4
kvm-host/tasks/ssh.yml

@ -33,7 +33,7 @@
special_time: "hourly"
user: root
job: "rsync -a --delete /etc/libvirt/qemu/ {{ hostvars[item]['ansible_hostname'] }}:/root/libvirt-{{ inventory_hostname }}/"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname
@ -44,6 +44,6 @@
special_time: "daily"
user: root
job: "virsh list | ssh {{ hostvars[item]['ansible_hostname'] }} 'cat >/root/libvirt-{{ inventory_hostname }}/virsh-list.txt'"
with_items:
loop:
- "{{ groups['hypervisors'] }}"
when: item != inventory_hostname

4
ldap/tasks/nagios.yml

@ -47,7 +47,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0640"
with_items:
loop:
- { option: 'hostname', value: '127.0.0.1' }
- { option: 'base', value: "{{ ldap_suffix }}" }
- { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
@ -66,7 +66,7 @@
# and set the variable
- name: overwrite ldap_nagios_password (from file)
set_fact:
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/etc/nagios/monitoring-plugins.ini') }}"
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
- name: hash password for cn=nagios
command: "slappasswd -s {{ ldap_nagios_password }}"

2
lxc-php/tasks/php56.yml

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

2
lxc-php/tasks/php70.yml

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

2
lxc-php/tasks/php73.yml

@ -11,7 +11,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

4
lxc-php/tasks/php74.yml

@ -12,7 +12,7 @@
state: present
create: yes
mode: "0644"
with_items:
loop:
- "deb https://packages.sury.org/php/ buster main"
- "deb http://pub.evolix.net/ buster-php74/"
@ -44,7 +44,7 @@
dest: "{{ line_item }}"
mode: "0644"
notify: "Reload {{ lxc_php_version }}-fpm"
with_items:
loop:
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini"
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini"
loop_control:

4
lxc-solr/tasks/main.yml

@ -8,9 +8,9 @@
path: "/var/lib/lxc/{{ item.name }}/rootfs"
state: directory
mode: '0755'
with_items:
loop:
- "{{ lxc_containers }}"
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
with_items:
loop:
- "{{ lxc_containers }}"

2
memcached/tasks/munin.yml

@ -26,7 +26,7 @@
src: '/usr/share/munin/plugins/memcached_'
dest: /etc/munin/plugins/{{ multi }}{{ item }}
state: link
with_items:
loop:
- memcached_bytes
- memcached_counters
- memcached_rates

2
metricbeat/tasks/main.yml

@ -78,7 +78,7 @@
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
insertafter: "output.elasticsearch:"
with_items:
loop:
- { regexp: '^ #?username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
notify: restart metricbeat

2
minifirewall/tasks/config.yml

@ -184,7 +184,7 @@
dest: "{{ minifirewall_main_file }}"
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
loop: "{{ evomaintenance_hosts }}"
- name: remove minifirewall example rule for the evomaintenance
lineinfile:

4
mongodb/tasks/main_buster.yml

@ -57,7 +57,7 @@
src: "munin/{{ item }}"
dest: '/usr/local/share/munin/plugins/{{ item }}'
force: yes
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn
@ -73,7 +73,7 @@
src: '/usr/local/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mongo_btree
- mongo_collections
- mongo_conn

4
munin/tasks/main.yml

@ -35,7 +35,7 @@
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
with_items:
loop:
- http_loadtime
- exim_mailqueue
- exim_mailstats
@ -52,7 +52,7 @@
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
with_items:
loop:
- meminfo
- netstat_multi
- tcp

4
mysql-oracle/tasks/munin.yml

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

2
mysql-oracle/tasks/nrpe.yml

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

2
mysql-oracle/tasks/users.yml

@ -36,7 +36,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user is changed

4
mysql/tasks/munin.yml

@ -22,7 +22,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: /etc/munin/plugins/{{ item }}
state: link
with_items:
loop:
- mysql_bytes
- mysql_queries
- mysql_slowqueries
@ -34,7 +34,7 @@
src: /usr/share/munin/plugins/mysql_
dest: '/etc/munin/plugins/mysql_{{ item }}'
state: link
with_items:
loop:
- commands
- connections
- files_tables

2
mysql/tasks/nrpe.yml

@ -44,7 +44,7 @@
section: client
option: '{{ item.option }}'
value: '{{ item.value }}'
with_items:
loop:
- { option: 'user', value: 'nrpe' }
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
when: create_nrpe_user.changed

2
mysql/tasks/users_jessie.yml

@ -42,7 +42,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

2
mysql/tasks/users_stretch.yml

@ -37,7 +37,7 @@
option: '{{ item.option }}'
value: '{{ item.value }}'
create: yes
with_items:
loop:
- { option: 'user', value: 'mysqladmin' }
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
when: create_mysqladmin_user.changed

4
nameserver/tasks/main.yml

@ -12,7 +12,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: present
with_items: "{{ nameservers }}"
loop: "{{ nameservers }}"
tags:
- nameserver
@ -21,7 +21,7 @@
dest: /etc/resolv.conf
line: "nameserver {{ item }}"
state: absent
with_items: "{{ grep_nameserver.stdout_lines }}"
loop: "{{ grep_nameserver.stdout_lines }}"
when: item not in nameservers
tags:
- nameserver

4
newrelic/tasks/php.yml

@ -27,14 +27,14 @@
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_aws'
line: 'newrelic.daemon.utilization.detect_aws = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Disable Docker detection
lineinfile:
dest: "{{ item }}"
regexp: '^;?newrelic.daemon.utilization.detect_docker'
line: 'newrelic.daemon.utilization.detect_docker = false'
with_items: "{{ find_newrelic_ini.stdout_lines }}"
loop: "{{ find_newrelic_ini.stdout_lines }}"
- name: Install package for PHP
apt:

4
nginx/tasks/ip_whitelist.yml

@ -5,7 +5,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: present
with_items: "{{ nginx_ipaddr_whitelist_present }}"
loop: "{{ nginx_ipaddr_whitelist_present }}"
notify: reload nginx
tags:
- nginx
@ -16,7 +16,7 @@
dest: /etc/nginx/snippets/ipaddr_whitelist
line: "allow {{ item }};"
state: absent
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
loop: "{{ nginx_ipaddr_whitelist_absent }}"
notify: reload nginx
tags:
- nginx

4
nginx/tasks/main.yml

@ -80,7 +80,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: present
with_items: "{{ nginx_private_htpasswd_present }}"
loop: "{{ nginx_private_htpasswd_present }}"
notify: reload nginx
tags:
- nginx
@ -90,7 +90,7 @@
dest: /etc/nginx/snippets/private_htpasswd
line: "{{ item }}"
state: absent
with_items: "{{ nginx_private_htpasswd_absent }}"
loop: "{{ nginx_private_htpasswd_absent }}"
notify: reload nginx
tags:
- nginx

2
nginx/tasks/munin_graphs.yml

@ -12,7 +12,7 @@
src: '/usr/share/munin/plugins/{{ item }}'
dest: '/etc/munin/plugins/{{ item }}'
state: link
with_items:
loop:
- nginx_request
- nginx_status
notify: restart munin

2
opendkim/tasks/main.yml

@ -38,7 +38,7 @@
owner: opendkim
group: opendkim
mode: "0640"
with_items:
loop:
- 'KeyTable'
- 'SigningTable'
changed_when: False

4
packweb-apache/tasks/apache.yml

@ -28,7 +28,7 @@
apache2_module:
name: '{{ item }}'
state: present
with_items:
loop:
- ssl
- include
- negotiation
@ -56,6 +56,6 @@
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
loop:
- evolinux-evasive
- evolinux-modsec

8
packweb-apache/tasks/fhs_retrictions.yml

@ -5,7 +5,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /
- /etc
- /usr
@ -29,7 +29,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/apt
- /var/lib/dpkg
- /var/log/munin
@ -51,7 +51,7 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /bin/ping
- /bin/ping6
- /usr/bin/fping
@ -63,6 +63,6 @@
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
with_items:
loop:
- /var/log/evolix.log
- /etc/warnquota.conf

7
packweb-apache/tasks/main.yml

@ -41,7 +41,7 @@
path: "/etc/skel/{{ item.path }}"
state: "{{ item.state }}"
mode: "{{ item.mode }}"
with_items:
loop:
- { path: log, mode: "0750", state: directory }
- { path: awstats, mode: "0750", state: directory }
- { path: www, mode: "0750", state: directory }
@ -50,7 +50,7 @@
command: "touch /etc/skel/log/{{ item }}"
args:
creates: "/etc/skel/log/{{ item }}"
with_items:
loop:
- access.log
- error.log
@ -58,7 +58,7 @@
file:
dest: "/etc/skel/log/{{ item }}"
mode: "0644"
with_items:
loop:
- access.log
- error.log
@ -85,7 +85,6 @@
- include: apache.yml
- include: phpmyadmin.yml
when: ansible_distribution_release != "buster"
- include: awstats.yml

4
php/tasks/config_apache.yml

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -42,6 +42,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

4
php/tasks/config_cli.yml

@ -7,7 +7,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "display_errors", value: "On" }
- { option: "allow_url_fopen", value: "On" }
- { option: "disable_functions", value: "" }
@ -33,6 +33,6 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when: php_symfony_requirements

6
php/tasks/config_fpm.yml

@ -8,7 +8,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
@ -43,7 +43,7 @@
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
loop:
- { option: "user", value: "www-data" }
- { option: "group", value: "www-data" }
- { option: "listen", value: "{{ php_fpm_default_pool_socket }}" }
@ -76,7 +76,7 @@
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
with_items:
loop:
- { option: "date.timezone", value: "Europe/Paris" }
notify: "restart {{ php_fpm_service_name }}"
when: php_symfony_requirements

2
php/tasks/main_buster.yml

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.3

2
php/tasks/main_stretch.yml

@ -65,7 +65,7 @@
file:
dest: "{{ item }}"
mode: "0755"
with_items:
loop:
- /etc/php
- /etc/php/7.0

6
php/tasks/sury_post.yml

@ -6,7 +6,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
@ -21,7 +21,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
when: php_apache_enable
@ -38,7 +38,7 @@
dest: "{{ item.dest }}"
force: yes
state: link
with_items:
loop:
- { src: "{{ php_fpm_defaults_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini" }
- { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
- { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }

2
postfix/tasks/common.yml

@ -14,7 +14,7 @@
line: '{{ item }}'
state: present
create: no
with_items:
loop:
- "postfix/sa-blacklist.access"
- "postfix/*.db"
tags:

6
postfix/tasks/packmail.yml

@ -37,7 +37,7 @@
src: filter
dest: "/etc/postfix/{{ item }}"
force: no
with_items:
loop:
- virtual
- client.access
- client.access_local
@ -55,7 +55,7 @@
- name: postmap filter files
command: "postmap /etc/postfix/{{ item }}"
with_items:
loop:
- virtual
- client.access
- client.access_local
@ -76,7 +76,7 @@
src: "{{ item }}.j2"
dest: "/etc/postfix/{{ item }}"
mode: "0644"
with_items:
loop:
- virtual_aliases.cf
- virtual_domains.cf
- virtual_mailboxes.cf

2
postfix/tasks/slow_transport.yml

@ -13,7 +13,7 @@
dest: /etc/postfix/transport
line: "{{ item }}"
create: yes
with_items:
loop:
- "orange.fr slow:"
- "wanadoo.fr slow:"
- "voila.fr slow:"

2
postgresql/tasks/locales.yml

@ -6,7 +6,7 @@
locale_gen:
name: "{{ item }}"
state: present
with_items:
loop:
- "fr_FR.UTF-8"
become: yes
notify: reconfigure locales

2
postgresql/tasks/munin.yml

@ -14,7 +14,7 @@
state: link
src: '/usr/share/munin/plugins/{{item}}'
dest: '/etc/munin/plugins/{{item}}'
with_items:
loop:
- postgres_bgwriter
- postgres_checkpoints
- postgres_connections_db

2
postgresql/tasks/packages_jessie.yml

@ -11,7 +11,7 @@
- name: Install postgresql package
apt:
name: '{{item}}'
with_items:
loop:
- "postgresql-{{postgresql_version}}"
- ptop
- libdbd-pg-perl

2
postgresql/tests/test.yml

@ -15,7 +15,7 @@
create: yes
state: present
changed_when: false
with_items:
loop:
- "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1"
- "fr_FR.UTF-8 UTF-8"

12
proftpd/tasks/accounts.yml

@ -1,14 +1,14 @@
---
- include: accounts_password.yml
when: item.password is undefined
with_items: "{{ proftpd_accounts }}"
loop: "{{ proftpd_accounts }}"
tags:
- proftpd
- set_fact:
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
when: item.password is defined
with_items: "{{ proftpd_accounts }}"
loop: "{{ proftpd_accounts }}"
tags:
- proftpd
@ -20,7 +20,7 @@
mode: "0440"
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
regexp: "^{{ item.name }}:.*"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
tags:
- proftpd
@ -31,7 +31,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_ftp_enable
tags:
@ -43,7 +43,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_ftps_enable
tags:
@ -55,7 +55,7 @@
state: present
line: "\tAllowUser {{ item.name }}"
insertbefore: "DenyAll"
with_items: "{{ proftpd_accounts_final }}"
loop: "{{ proftpd_accounts_final }}"
notify: restart proftpd
when: proftpd_sftp_enable