Use 'loop' syntax instead of 'with_items'
This commit is contained in:
parent
debc4a82ca
commit
5138065059
93 changed files with 154 additions and 155 deletions
|
@ -19,7 +19,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Changed
|
||||
|
||||
* Use 'loop' syntax instead of 'with_first_found'
|
||||
* Use 'loop' syntax instead of 'with_first_found/with_items'
|
||||
* apt: store keys in /etc/apt/trusted.gpg.d in ascii format
|
||||
* evolinux-base: copy GPG key instead of using apt-key
|
||||
* ntpd: Add leapfile configuration setting to ntpd on debian 10+
|
||||
|
|
|
@ -21,11 +21,11 @@
|
|||
groupname: launched-instances
|
||||
ansible_user: admin
|
||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- debug:
|
||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||
wait_for:
|
||||
|
@ -33,4 +33,4 @@
|
|||
host: "{{item.public_dns_name}}"
|
||||
port: 22
|
||||
timeout: 120
|
||||
with_items: "{{ec2.instances}}"
|
||||
loop: "{{ec2.instances}}"
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
loop: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
@ -50,7 +50,7 @@
|
|||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
loop: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
@ -16,7 +16,7 @@
|
|||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
loop: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- rewrite
|
||||
- expires
|
||||
- headers
|
||||
|
@ -58,7 +58,7 @@
|
|||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- cgi
|
||||
notify: reload apache
|
||||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||
|
@ -102,7 +102,7 @@
|
|||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
loop:
|
||||
- z-evolinux-defaults.conf
|
||||
- zzz-evolinux-custom.conf
|
||||
notify: reload apache
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- apache_accesses
|
||||
- apache_processes
|
||||
- apache_volume
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
loop:
|
||||
- /etc/apt/sources.list.d/debian-security.list
|
||||
- /etc/apt/sources.list.d/debian-jessie.list
|
||||
- /etc/apt/sources.list.d/debian-stretch.list
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
||||
|
@ -23,7 +23,7 @@
|
|||
create: yes
|
||||
state: present
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- "DPkg::Pre-Invoke { \"df /tmp | grep -q /tmp && mount -oremount,exec /tmp || true\"; };"
|
||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
|
@ -30,7 +30,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- bind9
|
||||
- bind9_rndc
|
||||
notify: restart munin-node
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { key: 'clamav-daemon/debconf', type: 'boolean', value: 'true' }
|
||||
- { key: 'clamav-daemon/MaxHTMLNormalize', type: 'string', value: '10M' }
|
||||
- { key: 'clamav-daemon/StatsPEDisabled', type: 'boolean', value: 'true' }
|
||||
|
@ -57,7 +57,7 @@
|
|||
question: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
vtype: "{{ item.type }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { key: 'clamav-freshclam/autoupdate_freshclam', type: 'select', value: 'daemon' }
|
||||
- { key: 'clamav-freshclam/proxy_user', type: 'string', value: '' }
|
||||
- { key: 'clamav-freshclam/NotifyClamd', type: 'boolean', value: 'true' }
|
||||
|
|
|
@ -80,7 +80,7 @@
|
|||
src: "{{ item }}.j2"
|
||||
dest: "{{ docker_tls_path }}/{{ item }}"
|
||||
mode: "0744"
|
||||
with_items:
|
||||
loop:
|
||||
- shellpki.sh
|
||||
- openssl.cnf
|
||||
when: docker_tls_enabled
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
line: "{{ item.key }} = {{ item.value }}"
|
||||
regexp: "^#*{{ item.key }}"
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- { key: 'hosts', value: '127.0.0.1' }
|
||||
- { key: 'auth_bind', value: 'yes' }
|
||||
- { key: 'ldap_version', value: 3 }
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
lineinfile:
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
line: "{{ item }}"
|
||||
with_items: "{{ gitignore_items | default([]) }}"
|
||||
loop: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
section: 'req'
|
||||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { name: 'default_bits', var: "{{ evoacme_ssl_key_size }}" }
|
||||
- { name: 'encrypt_key', var: 'yes' }
|
||||
- { name: 'distinguished_name', var: 'req_dn' }
|
||||
|
@ -16,7 +16,7 @@
|
|||
section: 'req_dn'
|
||||
option: "{{ item.name }}"
|
||||
value: "{{ item.var }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { name: 'C', var: "{{ evoacme_ssl_ct }}" }
|
||||
- { name: 'ST', var: "{{ evoacme_ssl_state }}" }
|
||||
- { name: 'L', var: "{{ evoacme_ssl_loc }}" }
|
||||
|
|
|
@ -39,6 +39,6 @@
|
|||
file:
|
||||
path: "/usr/local/bin/{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
loop:
|
||||
- 'make-csr'
|
||||
- 'evoacme'
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
marker: "# {mark} {{ item.name }}"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
with_items: "{{ evobackup_client__hosts }}"
|
||||
loop: "{{ evobackup_client__hosts }}"
|
||||
notify: restart minifirewall
|
||||
when: evobackup_client__minifirewall.stat.exists
|
||||
tags:
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { name: kernel.panic_on_oops, value: 1 }
|
||||
- { name: kernel.panic, value: 60 }
|
||||
when: evolinux_kernel_reboot_after_panic
|
||||
|
@ -18,7 +18,7 @@
|
|||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: absent
|
||||
reload: yes
|
||||
with_items:
|
||||
loop:
|
||||
- kernel.panic_on_oops
|
||||
- kernel.panic
|
||||
when: not evolinux_kernel_reboot_after_panic
|
||||
|
@ -57,7 +57,7 @@
|
|||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||
state: present
|
||||
reload: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { name: "net.ipv4.ipfrag_low_thresh", value: 196608 }
|
||||
- { name: "net.ipv6.ip6frag_low_thresh", value: 196608 }
|
||||
- { name: "net.ipv4.ipfrag_high_thresh", value: 262144 }
|
||||
|
|
|
@ -128,7 +128,7 @@
|
|||
dest: /etc/apt/listchanges.conf
|
||||
regexp: '^{{ item.option }}\s*='
|
||||
line: "{{ item.option }}={{ item.value }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "confirm", value: "1" }
|
||||
- { option: "which", value: "both" }
|
||||
when:
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
dest: /etc/aliases
|
||||
regexp: "^{{ item }}:.*"
|
||||
line: "{{ item }}: root"
|
||||
with_items: "{{ non_root_users_list.stdout_lines }}"
|
||||
loop: "{{ non_root_users_list.stdout_lines }}"
|
||||
notify: newaliases
|
||||
when: evolinux_postfix_users_alias_root
|
||||
tags:
|
||||
|
@ -56,7 +56,7 @@
|
|||
dest: /etc/aliases
|
||||
regexp: "^{{ item }}:.*"
|
||||
line: "{{ item }}: root"
|
||||
with_items:
|
||||
loop:
|
||||
- postmaster
|
||||
- abuse
|
||||
- mailer-daemon
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
sysctl_file: /etc/sysctl.d/evolinux_fce.conf
|
||||
state: present
|
||||
reload: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { name: net.ipv4.tcp_keepalive_time, value: 250 }
|
||||
- { name: net.ipv4.tcp_keepalive_intvl, value: 60 }
|
||||
- { name: net.ipv6.conf.all.disable_ipv6, value: 1 }
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
line: "{{ item }}"
|
||||
create: yes
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- "export HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoreboth,erasedups"
|
||||
- "export HISTSIZE=65535"
|
||||
- "export HISTTIMEFORMAT=\"%c : \""
|
||||
|
@ -79,7 +79,7 @@
|
|||
line: "{{ item }}"
|
||||
create: yes
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- "syntax on"
|
||||
- "set background=dark"
|
||||
- "set expandtab"
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
line: "{{ item }}"
|
||||
create: yes
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- "en_US.UTF-8 UTF-8"
|
||||
- "fr_FR ISO-8859-1"
|
||||
- "fr_FR.UTF-8 UTF-8"
|
||||
|
@ -112,7 +112,7 @@
|
|||
dest: /etc/crontab
|
||||
regexp: "{{ item.regexp }}"
|
||||
replace: "{{ item.replace }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { regexp: '^17((\s*\*){4})', replace: '{{ 59|random(start=1) }}\1' }
|
||||
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||
|
|
|
@ -120,7 +120,7 @@
|
|||
- name: "Secondary Unix groups are present"
|
||||
group:
|
||||
name: "{{ group }}"
|
||||
with_items: "{{ user.groups }}"
|
||||
loop: "{{ user.groups }}"
|
||||
loop_control:
|
||||
loop_var: group
|
||||
when:
|
||||
|
@ -184,7 +184,7 @@
|
|||
user: "{{ user.name }}"
|
||||
key: "{{ ssk_key }}"
|
||||
state: present
|
||||
with_items: "{{ user.ssh_keys }}"
|
||||
loop: "{{ user.ssh_keys }}"
|
||||
loop_control:
|
||||
loop_var: ssk_key
|
||||
when: user.ssh_keys is defined
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
mode: "{{ item.mode }}"
|
||||
force: yes
|
||||
backup: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
|
||||
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
|
||||
tags:
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
mode: "{{ item.mode }}"
|
||||
force: yes
|
||||
backup: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
|
||||
- { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
|
||||
tags:
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
dest: /etc/default/minifirewall
|
||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
loop: "{{ evomaintenance_hosts }}"
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
with_items:
|
||||
loop:
|
||||
- "/etc/fail2ban"
|
||||
- "/etc/fail2ban/filter.d"
|
||||
tags:
|
||||
|
@ -52,7 +52,7 @@
|
|||
src: "{{ item }}"
|
||||
dest: /etc/fail2ban/filter.d/
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- dovecot-evolix.conf
|
||||
- sasl-evolix.conf
|
||||
- wordpress-soft.conf
|
||||
|
|
|
@ -120,7 +120,7 @@
|
|||
regexp: '{{ item.regexp }}'
|
||||
line: '{{ item.line }}'
|
||||
insertafter: "output.elasticsearch:"
|
||||
with_items:
|
||||
loop:
|
||||
- { regexp: '^ #?username: .*', line: ' username: "{{ filebeat_elasticsearch_auth_username }}"' }
|
||||
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
|
||||
notify: restart filebeat
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
path: "{{ item }}"
|
||||
state: directory
|
||||
mode: "0777"
|
||||
with_items:
|
||||
loop:
|
||||
- /srv/java-package
|
||||
- /srv/java-package/src
|
||||
- /srv/java-package/tmp
|
||||
|
|
|
@ -107,7 +107,7 @@
|
|||
# args:
|
||||
# creates: "/var/lib/kibana/{{ item }}"
|
||||
# notify: restart kibana
|
||||
# with_items:
|
||||
# loop:
|
||||
# - optimize
|
||||
# - data
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/libvirt/{{ item }}"
|
||||
dest: "/etc/munin/plugins/"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
loop:
|
||||
- kvm_cpu
|
||||
- kvm_io
|
||||
- kvm_mem
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
special_time: "hourly"
|
||||
user: root
|
||||
job: "rsync -a --delete /etc/libvirt/qemu/ {{ hostvars[item]['ansible_hostname'] }}:/root/libvirt-{{ inventory_hostname }}/"
|
||||
with_items:
|
||||
loop:
|
||||
- "{{ groups['hypervisors'] }}"
|
||||
when: item != inventory_hostname
|
||||
|
||||
|
@ -44,6 +44,6 @@
|
|||
special_time: "daily"
|
||||
user: root
|
||||
job: "virsh list | ssh {{ hostvars[item]['ansible_hostname'] }} 'cat >/root/libvirt-{{ inventory_hostname }}/virsh-list.txt'"
|
||||
with_items:
|
||||
loop:
|
||||
- "{{ groups['hypervisors'] }}"
|
||||
when: item != inventory_hostname
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'hostname', value: '127.0.0.1' }
|
||||
- { option: 'base', value: "{{ ldap_suffix }}" }
|
||||
- { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
|
||||
|
@ -66,7 +66,7 @@
|
|||
# and set the variable
|
||||
- name: overwrite ldap_nagios_password (from file)
|
||||
set_fact:
|
||||
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/etc/nagios/monitoring-plugins.ini') }}"
|
||||
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
|
||||
|
||||
- name: hash password for cn=nagios
|
||||
command: "slappasswd -s {{ ldap_nagios_password }}"
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
dest: "{{ line_item }}"
|
||||
mode: "0644"
|
||||
notify: "Reload {{ lxc_php_version }}-fpm"
|
||||
with_items:
|
||||
loop:
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/fpm/conf.d/z-evolinux-defaults.ini"
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php5/cli/conf.d/z-evolinux-defaults.ini"
|
||||
loop_control:
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
dest: "{{ line_item }}"
|
||||
mode: "0644"
|
||||
notify: "Reload {{ lxc_php_version }}-fpm"
|
||||
with_items:
|
||||
loop:
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/fpm/conf.d/z-evolinux-defaults.ini"
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini"
|
||||
loop_control:
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
dest: "{{ line_item }}"
|
||||
mode: "0644"
|
||||
notify: "Reload {{ lxc_php_version }}-fpm"
|
||||
with_items:
|
||||
loop:
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/fpm/conf.d/z-evolinux-defaults.ini"
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.3/cli/conf.d/z-evolinux-defaults.ini"
|
||||
loop_control:
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
state: present
|
||||
create: yes
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- "deb https://packages.sury.org/php/ buster main"
|
||||
- "deb http://pub.evolix.net/ buster-php74/"
|
||||
|
||||
|
@ -44,7 +44,7 @@
|
|||
dest: "{{ line_item }}"
|
||||
mode: "0644"
|
||||
notify: "Reload {{ lxc_php_version }}-fpm"
|
||||
with_items:
|
||||
loop:
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini"
|
||||
- "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini"
|
||||
loop_control:
|
||||
|
|
|
@ -8,9 +8,9 @@
|
|||
path: "/var/lib/lxc/{{ item.name }}/rootfs"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
with_items:
|
||||
loop:
|
||||
- "{{ lxc_containers }}"
|
||||
|
||||
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
|
||||
with_items:
|
||||
loop:
|
||||
- "{{ lxc_containers }}"
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
src: '/usr/share/munin/plugins/memcached_'
|
||||
dest: /etc/munin/plugins/{{ multi }}{{ item }}
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- memcached_bytes
|
||||
- memcached_counters
|
||||
- memcached_rates
|
||||
|
|
|
@ -78,7 +78,7 @@
|
|||
regexp: '{{ item.regexp }}'
|
||||
line: '{{ item.line }}'
|
||||
insertafter: "output.elasticsearch:"
|
||||
with_items:
|
||||
loop:
|
||||
- { regexp: '^ #?username: .*', line: ' username: "{{ metricbeat_elasticsearch_auth_username }}"' }
|
||||
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
|
||||
notify: restart metricbeat
|
||||
|
|
|
@ -184,7 +184,7 @@
|
|||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
loop: "{{ evomaintenance_hosts }}"
|
||||
|
||||
- name: remove minifirewall example rule for the evomaintenance
|
||||
lineinfile:
|
||||
|
|
|
@ -57,7 +57,7 @@
|
|||
src: "munin/{{ item }}"
|
||||
dest: '/usr/local/share/munin/plugins/{{ item }}'
|
||||
force: yes
|
||||
with_items:
|
||||
loop:
|
||||
- mongo_btree
|
||||
- mongo_collections
|
||||
- mongo_conn
|
||||
|
@ -73,7 +73,7 @@
|
|||
src: '/usr/local/share/munin/plugins/{{ item }}'
|
||||
dest: /etc/munin/plugins/{{ item }}
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- mongo_btree
|
||||
- mongo_collections
|
||||
- mongo_conn
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
file:
|
||||
path: '/etc/munin/plugins/{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
loop:
|
||||
- http_loadtime
|
||||
- exim_mailqueue
|
||||
- exim_mailstats
|
||||
|
@ -52,7 +52,7 @@
|
|||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- meminfo
|
||||
- netstat_multi
|
||||
- tcp
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
src: '/usr/share/munin/plugins/{{ item }}'
|
||||
dest: /etc/munin/plugins/{{ item }}
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- mysql_bytes
|
||||
- mysql_queries
|
||||
- mysql_slowqueries
|
||||
|
@ -34,7 +34,7 @@
|
|||
src: /usr/share/munin/plugins/mysql_
|
||||
dest: '/etc/munin/plugins/mysql_{{ item }}'
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- commands
|
||||
- connections
|
||||
- files_tables
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'user', value: 'nrpe' }
|
||||
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
||||
when: create_nrpe_user.changed
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'user', value: 'mysqladmin' }
|
||||
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
||||
when: create_mysqladmin_user is changed
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
src: '/usr/share/munin/plugins/{{ item }}'
|
||||
dest: /etc/munin/plugins/{{ item }}
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- mysql_bytes
|
||||
- mysql_queries
|
||||
- mysql_slowqueries
|
||||
|
@ -34,7 +34,7 @@
|
|||
src: /usr/share/munin/plugins/mysql_
|
||||
dest: '/etc/munin/plugins/mysql_{{ item }}'
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- commands
|
||||
- connections
|
||||
- files_tables
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'user', value: 'nrpe' }
|
||||
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
||||
when: create_nrpe_user.changed
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'user', value: 'mysqladmin' }
|
||||
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
||||
when: create_mysqladmin_user.changed
|
||||
|
|
|
@ -37,7 +37,7 @@
|
|||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: 'user', value: 'mysqladmin' }
|
||||
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
||||
when: create_mysqladmin_user.changed
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
dest: /etc/resolv.conf
|
||||
line: "nameserver {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ nameservers }}"
|
||||
loop: "{{ nameservers }}"
|
||||
tags:
|
||||
- nameserver
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
|||
dest: /etc/resolv.conf
|
||||
line: "nameserver {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ grep_nameserver.stdout_lines }}"
|
||||
loop: "{{ grep_nameserver.stdout_lines }}"
|
||||
when: item not in nameservers
|
||||
tags:
|
||||
- nameserver
|
||||
|
|
|
@ -27,14 +27,14 @@
|
|||
dest: "{{ item }}"
|
||||
regexp: '^;?newrelic.daemon.utilization.detect_aws'
|
||||
line: 'newrelic.daemon.utilization.detect_aws = false'
|
||||
with_items: "{{ find_newrelic_ini.stdout_lines }}"
|
||||
loop: "{{ find_newrelic_ini.stdout_lines }}"
|
||||
|
||||
- name: Disable Docker detection
|
||||
lineinfile:
|
||||
dest: "{{ item }}"
|
||||
regexp: '^;?newrelic.daemon.utilization.detect_docker'
|
||||
line: 'newrelic.daemon.utilization.detect_docker = false'
|
||||
with_items: "{{ find_newrelic_ini.stdout_lines }}"
|
||||
loop: "{{ find_newrelic_ini.stdout_lines }}"
|
||||
|
||||
- name: Install package for PHP
|
||||
apt:
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
loop: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
@ -16,7 +16,7 @@
|
|||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: absent
|
||||
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
|
||||
loop: "{{ nginx_ipaddr_whitelist_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
|
|
@ -80,7 +80,7 @@
|
|||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ nginx_private_htpasswd_present }}"
|
||||
loop: "{{ nginx_private_htpasswd_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
@ -90,7 +90,7 @@
|
|||
dest: /etc/nginx/snippets/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ nginx_private_htpasswd_absent }}"
|
||||
loop: "{{ nginx_private_htpasswd_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
src: '/usr/share/munin/plugins/{{ item }}'
|
||||
dest: '/etc/munin/plugins/{{ item }}'
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- nginx_request
|
||||
- nginx_status
|
||||
notify: restart munin
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
owner: opendkim
|
||||
group: opendkim
|
||||
mode: "0640"
|
||||
with_items:
|
||||
loop:
|
||||
- 'KeyTable'
|
||||
- 'SigningTable'
|
||||
changed_when: False
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
loop:
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
|
@ -56,6 +56,6 @@
|
|||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
loop:
|
||||
- evolinux-evasive
|
||||
- evolinux-modsec
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
loop:
|
||||
- /
|
||||
- /etc
|
||||
- /usr
|
||||
|
@ -29,7 +29,7 @@
|
|||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
loop:
|
||||
- /var/log/apt
|
||||
- /var/lib/dpkg
|
||||
- /var/log/munin
|
||||
|
@ -51,7 +51,7 @@
|
|||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
loop:
|
||||
- /bin/ping
|
||||
- /bin/ping6
|
||||
- /usr/bin/fping
|
||||
|
@ -63,6 +63,6 @@
|
|||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
with_items:
|
||||
loop:
|
||||
- /var/log/evolix.log
|
||||
- /etc/warnquota.conf
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
path: "/etc/skel/{{ item.path }}"
|
||||
state: "{{ item.state }}"
|
||||
mode: "{{ item.mode }}"
|
||||
with_items:
|
||||
loop:
|
||||
- { path: log, mode: "0750", state: directory }
|
||||
- { path: awstats, mode: "0750", state: directory }
|
||||
- { path: www, mode: "0750", state: directory }
|
||||
|
@ -50,7 +50,7 @@
|
|||
command: "touch /etc/skel/log/{{ item }}"
|
||||
args:
|
||||
creates: "/etc/skel/log/{{ item }}"
|
||||
with_items:
|
||||
loop:
|
||||
- access.log
|
||||
- error.log
|
||||
|
||||
|
@ -58,7 +58,7 @@
|
|||
file:
|
||||
dest: "/etc/skel/log/{{ item }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- access.log
|
||||
- error.log
|
||||
|
||||
|
@ -85,7 +85,6 @@
|
|||
- include: apache.yml
|
||||
|
||||
- include: phpmyadmin.yml
|
||||
when: ansible_distribution_release != "buster"
|
||||
|
||||
- include: awstats.yml
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "short_open_tag", value: "Off" }
|
||||
- { option: "expose_php", value: "Off" }
|
||||
- { option: "display_errors", value: "Off" }
|
||||
|
@ -42,6 +42,6 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "display_errors", value: "On" }
|
||||
- { option: "allow_url_fopen", value: "On" }
|
||||
- { option: "disable_functions", value: "" }
|
||||
|
@ -33,6 +33,6 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "short_open_tag", value: "Off" }
|
||||
- { option: "expose_php", value: "Off" }
|
||||
- { option: "display_errors", value: "Off" }
|
||||
|
@ -43,7 +43,7 @@
|
|||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "user", value: "www-data" }
|
||||
- { option: "group", value: "www-data" }
|
||||
- { option: "listen", value: "{{ php_fpm_default_pool_socket }}" }
|
||||
|
@ -76,7 +76,7 @@
|
|||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
loop:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
notify: "restart {{ php_fpm_service_name }}"
|
||||
when: php_symfony_requirements
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.3
|
||||
|
||||
|
|
|
@ -65,7 +65,7 @@
|
|||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.0
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
dest: "{{ item.dest }}"
|
||||
force: yes
|
||||
state: link
|
||||
with_items:
|
||||
loop:
|
||||
- { src: "{{ php_cli_defaults_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini" }
|
||||
- { src: "{{ php_cli_custom_ini_file }}", dest: "/etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini" }
|
||||
|
||||
|