Use proper python Boolean

This commit is contained in:
Jérémy Lecour 2023-03-16 14:35:12 +01:00 committed by Jérémy Lecour
parent 70d34ac18d
commit 6f96f6b458
24 changed files with 94 additions and 51 deletions

View File

@ -79,8 +79,8 @@
- name: Check if Cron is installed - name: Check if Cron is installed
shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'" shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
register: is_cron register: is_cron
changed_when: false changed_when: False
failed_when: false failed_when: False
check_mode: no check_mode: no
tags: tags:
- apt - apt

View File

@ -10,7 +10,7 @@
- name: "read the real datadir" - name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch command: readlink -f /var/lib/elasticsearch
changed_when: false changed_when: False
register: elasticsearch_current_real_datadir_test register: elasticsearch_current_real_datadir_test
check_mode: no check_mode: no
tags: tags:

View File

@ -8,7 +8,7 @@
- name: Register bantime from default config from package - name: Register bantime from default config from package
shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1" shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1"
register: dbpurgeage register: dbpurgeage
changed_when: false changed_when: False
check_mode: false check_mode: false
- name: - name:

View File

@ -84,8 +84,8 @@
command: grep logstash-input-beats /usr/share/logstash/Gemfile command: grep logstash-input-beats /usr/share/logstash/Gemfile
check_mode: no check_mode: no
register: logstash_plugin_installed register: logstash_plugin_installed
failed_when: false failed_when: False
changed_when: false changed_when: False
when: when:
- filebeat_logstash_plugin | bool - filebeat_logstash_plugin | bool
- logstash_plugin.stat.exists - logstash_plugin.stat.exists

View File

@ -9,7 +9,7 @@
command: cat /root/.ssh/id_rsa.pub command: cat /root/.ssh/id_rsa.pub
register: ssh_keys register: ssh_keys
check_mode: no check_mode: no
changed_when: false changed_when: False
- name: Print ssh public keys - name: Print ssh public keys
debug: debug:

View File

@ -1,7 +1,7 @@
--- ---
- name: "Check if container {{ name }} exists" - name: "Check if container {{ name }} exists"
command: "lxc-ls {{ name }}" command: "lxc-ls {{ name }}"
changed_when: false changed_when: False
check_mode: no check_mode: no
register: container_exists register: container_exists

View File

@ -32,8 +32,8 @@
- name: Check if root has subuids - name: Check if root has subuids
command: grep '^root:100000:10000$' /etc/subuid command: grep '^root:100000:10000$' /etc/subuid
failed_when: false failed_when: False
changed_when: false changed_when: False
register: root_subuids register: root_subuids
when: lxc_unprivilegied_containers | bool when: lxc_unprivilegied_containers | bool
@ -45,7 +45,7 @@
- name: Get filesystem options - name: Get filesystem options
command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
changed_when: false changed_when: False
check_mode: no check_mode: no
register: check_fs_options register: check_fs_options

View File

@ -6,6 +6,8 @@
stat: stat:
path: /etc/init.d/minifirewall path: /etc/init.d/minifirewall
register: _minifirewall_check register: _minifirewall_check
tags:
- always
# Legacy versions of minifirewall don't define the VERSION variable # Legacy versions of minifirewall don't define the VERSION variable
- name: Look for minifirewall version - name: Look for minifirewall version
@ -14,6 +16,8 @@
changed_when: False changed_when: False
check_mode: False check_mode: False
register: _minifirewall_version_check register: _minifirewall_version_check
tags:
- always
- name: Set install mode to legacy if needed - name: Set install mode to legacy if needed
set_fact: set_fact:
@ -24,21 +28,30 @@
- minifirewall_install_mode != 'modern' - minifirewall_install_mode != 'modern'
- not (minifirewall_force_upgrade_script | bool) - not (minifirewall_force_upgrade_script | bool)
- _minifirewall_version_check.rc == 1 # grep didn't find but the file exists - _minifirewall_version_check.rc == 1 # grep didn't find but the file exists
tags:
- always
- name: Set install mode to modern if not legacy - name: Set install mode to modern if not legacy
set_fact: set_fact:
minifirewall_install_mode: modern minifirewall_install_mode: modern
when: minifirewall_install_mode != 'legacy' when: minifirewall_install_mode != 'legacy'
tags:
- always
- name: Debug install mode - name: Debug install mode
debug: debug:
var: minifirewall_install_mode var: minifirewall_install_mode
verbosity: 1 verbosity: 1
tags:
- always
- name: 'Set minifirewall_restart_handler_name to "noop"' - name: 'Set minifirewall_restart_handler_name to "noop"'
set_fact: set_fact:
minifirewall_restart_handler_name: "restart minifirewall (noop)" minifirewall_restart_handler_name: "restart minifirewall (noop)"
when: not (minifirewall_restart_if_needed | bool) when:
- not (minifirewall_restart_if_needed | bool)
tags:
- always
- name: 'Set minifirewall_restart_handler_name to "legacy"' - name: 'Set minifirewall_restart_handler_name to "legacy"'
set_fact: set_fact:
@ -46,6 +59,8 @@
when: when:
- minifirewall_restart_if_needed | bool - minifirewall_restart_if_needed | bool
- minifirewall_install_mode == 'legacy' - minifirewall_install_mode == 'legacy'
tags:
- always
- name: 'Set minifirewall_restart_handler_name to "modern"' - name: 'Set minifirewall_restart_handler_name to "modern"'
set_fact: set_fact:
@ -53,6 +68,8 @@
when: when:
- minifirewall_restart_if_needed | bool - minifirewall_restart_if_needed | bool
- minifirewall_install_mode != 'legacy' - minifirewall_install_mode != 'legacy'
tags:
- always
####################################################################### #######################################################################
@ -62,54 +79,74 @@
when: when:
- minifirewall_install_mode != 'legacy' - minifirewall_install_mode != 'legacy'
- minifirewall_main_file is defined - minifirewall_main_file is defined
tags:
- always
- name: Install tasks (modern mode) - name: Install tasks (modern mode)
include: install.yml import_tasks: install.yml
when: minifirewall_install_mode != 'legacy' when: minifirewall_install_mode != 'legacy'
- name: Install tasks (legacy mode) - name: Install tasks (legacy mode)
include: install.legacy.yml import_tasks: install.legacy.yml
when: minifirewall_install_mode == 'legacy' when: minifirewall_install_mode == 'legacy'
- name: Debug minifirewall_update_config - name: Debug minifirewall_update_config
debug: debug:
var: minifirewall_update_config | bool var: minifirewall_update_config | bool
verbosity: 1 verbosity: 1
tags:
- always
- name: Config tasks (modern mode) - name: Config tasks (modern mode)
include: config.yml include_tasks: config.yml
when: when:
- minifirewall_install_mode != 'legacy' - minifirewall_install_mode != 'legacy'
- minifirewall_update_config | bool - minifirewall_update_config | bool
tags:
- manage
- name: Config tasks (legacy mode) - name: Config tasks (legacy mode)
include: config.legacy.yml include_tasks: config.legacy.yml
args:
apply:
tags:
- manage
when: when:
- minifirewall_install_mode == 'legacy' - minifirewall_install_mode == 'legacy'
- minifirewall_update_config | bool - minifirewall_update_config | bool
- name: Utils tasks - name: Utils tasks
include: utils.yml include_tasks: utils.yml
- name: NRPE tasks - name: NRPE tasks
include: nrpe.yml include_tasks: nrpe.yml
- name: Activation tasks - name: Activation tasks
include: activate.yml include_tasks: activate.yml
- name: Debug minifirewall_tail_included - name: Debug minifirewall_tail_included
debug: debug:
var: minifirewall_tail_included | bool var: minifirewall_tail_included | bool
verbosity: 1 verbosity: 1
tags:
- always
- name: Tail tasks (modern mode) - name: Tail tasks (modern mode)
include: tail.yml include_tasks: tail.yml
args:
apply:
tags:
- manage
when: when:
- minifirewall_install_mode != 'legacy' - minifirewall_install_mode != 'legacy'
- minifirewall_tail_included | bool - minifirewall_tail_included | bool
- name: Tail tasks (legacy mode) - name: Tail tasks (legacy mode)
include: tail.legacy.yml include_tasks: tail.legacy.yml
args:
apply:
tags:
- manage
when: when:
- minifirewall_install_mode == 'legacy' - minifirewall_install_mode == 'legacy'
- minifirewall_tail_included | bool - minifirewall_tail_included | bool
@ -120,10 +157,14 @@
debug: debug:
var: minifirewall_restart_force | bool var: minifirewall_restart_force | bool
verbosity: 1 verbosity: 1
tags:
- always
- name: Force restart minifirewall (legacy) - name: Force restart minifirewall (legacy)
command: /bin/true command: /bin/true
notify: "restart minifirewall (legacy)" notify: "restart minifirewall (legacy)"
tags:
- always
when: when:
- minifirewall_install_mode == 'legacy' - minifirewall_install_mode == 'legacy'
- minifirewall_restart_force | bool - minifirewall_restart_force | bool
@ -131,6 +172,8 @@
- name: Force restart minifirewall (modern) - name: Force restart minifirewall (modern)
command: /bin/true command: /bin/true
notify: "restart minifirewall (modern)" notify: "restart minifirewall (modern)"
tags:
- always
when: when:
- minifirewall_install_mode != 'legacy' - minifirewall_install_mode != 'legacy'
- minifirewall_restart_force | bool - minifirewall_restart_force | bool

View File

@ -50,10 +50,10 @@ mysql_restart_if_needed: True
mysql_performance_schema: True mysql_performance_schema: True
mysql_skip_enabled: false mysql_skip_enabled: False
# replication variables: # replication variables:
mysql_replication: false mysql_replication: False
mysql_log_bin: null mysql_log_bin: null
mysql_binlog_format: mixed mysql_binlog_format: mixed
mysql_server_id: null mysql_server_id: null

View File

@ -3,7 +3,7 @@
shell: grep nameserver /etc/resolv.conf | awk '{ print $2 }' shell: grep nameserver /etc/resolv.conf | awk '{ print $2 }'
register: grep_nameserver register: grep_nameserver
check_mode: no check_mode: no
changed_when: false changed_when: False
tags: tags:
- nameserver - nameserver

View File

@ -18,7 +18,7 @@
- name: list newrelic config files - name: list newrelic config files
shell: "find /etc/php* -type f -name newrelic.ini" shell: "find /etc/php* -type f -name newrelic.ini"
changed_when: false changed_when: False
check_mode: no check_mode: no
register: find_newrelic_ini register: find_newrelic_ini

View File

@ -89,13 +89,13 @@
stat: stat:
path: "/etc/default/minifirewall" path: "/etc/default/minifirewall"
check_mode: no check_mode: no
changed_when: false changed_when: False
register: minifirewall_config register: minifirewall_config
- name: Retrieve the default interface - name: Retrieve the default interface
shell: "grep '^INT=' /etc/default/minifirewall | cut -d\\' -f 2" shell: "grep '^INT=' /etc/default/minifirewall | cut -d\\' -f 2"
check_mode: no check_mode: no
changed_when: false changed_when: False
register: minifirewall_int register: minifirewall_int
when: minifirewall_config.stat.exists when: minifirewall_config.stat.exists
@ -176,7 +176,7 @@
stat: stat:
path: "/etc/nagios/nrpe.d/evolix.cfg" path: "/etc/nagios/nrpe.d/evolix.cfg"
check_mode: no check_mode: no
changed_when: false changed_when: False
register: nrpe_evolix_config register: nrpe_evolix_config
- name: Install NRPE check dependencies - name: Install NRPE check dependencies

View File

@ -133,6 +133,6 @@
- name: update antispam list - name: update antispam list
command: /usr/share/scripts/spam.sh command: /usr/share/scripts/spam.sh
changed_when: false changed_when: False
tags: tags:
- postfix - postfix

View File

@ -6,7 +6,7 @@
apt: apt:
name: locales name: locales
state: present state: present
changed_when: false changed_when: False
- name: Setting default locales - name: Setting default locales
lineinfile: lineinfile:
@ -14,7 +14,7 @@
line: "{{ item }}" line: "{{ item }}"
create: yes create: yes
state: present state: present
changed_when: false changed_when: False
loop: loop:
- "en_US.UTF-8 UTF-8" - "en_US.UTF-8 UTF-8"
- "fr_FR ISO-8859-1" - "fr_FR ISO-8859-1"
@ -23,7 +23,7 @@
- name: Reconfigure locales - name: Reconfigure locales
command: /usr/sbin/locale-gen command: /usr/sbin/locale-gen
changed_when: false changed_when: False
when: test_locales is changed when: test_locales is changed
roles: roles:

View File

@ -1,7 +1,7 @@
--- ---
- name: Check if FTP account exist - name: Check if FTP account exist
command: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd command: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd
failed_when: false failed_when: False
check_mode: no check_mode: no
changed_when: check_ftp_account.rc != 0 changed_when: check_ftp_account.rc != 0
register: check_ftp_account register: check_ftp_account
@ -36,7 +36,7 @@
register: hashed_ftp_password register: hashed_ftp_password
check_mode: no check_mode: no
when: check_ftp_account.rc == 0 when: check_ftp_account.rc == 0
changed_when: false changed_when: False
tags: tags:
- proftpd - proftpd
@ -45,7 +45,7 @@
proftpd_password: "{{ hashed_ftp_password.stdout }}" proftpd_password: "{{ hashed_ftp_password.stdout }}"
check_mode: no check_mode: no
when: check_ftp_account.rc == 0 when: check_ftp_account.rc == 0
changed_when: false changed_when: False
tags: tags:
- proftpd - proftpd

View File

@ -1,7 +1,7 @@
--- ---
- name: Check if FTP account exist - name: Check if FTP account exist
command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
failed_when: false failed_when: False
check_mode: no check_mode: no
changed_when: check_ftp_account.rc != 0 changed_when: check_ftp_account.rc != 0
register: check_ftp_account register: check_ftp_account
@ -12,7 +12,7 @@
shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2 shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
register: protftpd_cur_password register: protftpd_cur_password
check_mode: no check_mode: no
changed_when: false changed_when: False
- name: Set password for this account - name: Set password for this account
set_fact: set_fact:

View File

@ -36,7 +36,7 @@
- name: Get Redis version - name: Get Redis version
shell: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'" shell: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'"
changed_when: false changed_when: False
check_mode: no check_mode: no
register: _redis_installed_version register: _redis_installed_version
tags: tags:

View File

@ -4,7 +4,7 @@
register: redmine_get_mysql_password register: redmine_get_mysql_password
check_mode: no check_mode: no
changed_when: False changed_when: False
failed_when: false failed_when: False
tags: tags:
- redmine - redmine

View File

@ -41,4 +41,4 @@
- name: Enable systemd user mode - name: Enable systemd user mode
command: "loginctl enable-linger {{ redmine_user }}" command: "loginctl enable-linger {{ redmine_user }}"
changed_when: false changed_when: False

View File

@ -1,4 +1,4 @@
--- ---
- name: remount usr - name: remount usr
command: "mount -o remount /usr" command: "mount -o remount /usr"
failed_when: false failed_when: False

View File

@ -87,7 +87,7 @@
- name: update SpamAssasin's rules - name: update SpamAssasin's rules
command: "/usr/share/scripts/sa-update.sh" command: "/usr/share/scripts/sa-update.sh"
changed_when: false changed_when: False
tags: tags:
- spamassassin - spamassassin

View File

@ -6,7 +6,7 @@
- name: Check use of gid - name: Check use of gid
command: id -ng "{{ tomcat_instance_port }}" command: id -ng "{{ tomcat_instance_port }}"
register: check_port_gid register: check_port_gid
changed_when: false changed_when: False
failed_when: failed_when:
- check_port_gid | success - check_port_gid | success
- check_port_gid.stdout != "{{ tomcat_instance_name }}" - check_port_gid.stdout != "{{ tomcat_instance_name }}"
@ -14,7 +14,7 @@
- name: Check use of uid - name: Check use of uid
command: id -nu "{{ tomcat_instance_port }}" command: id -nu "{{ tomcat_instance_port }}"
register: check_port_uid register: check_port_uid
changed_when: false changed_when: False
failed_when: failed_when:
- check_port_uid | success - check_port_uid | success
- check_port_uid.stdout != "{{ tomcat_instance_name }}" - check_port_uid.stdout != "{{ tomcat_instance_name }}"

View File

@ -1,7 +1,7 @@
--- ---
- name: Enable systemd user mode - name: Enable systemd user mode
command: "loginctl enable-linger {{ tomcat_instance_name }}" command: "loginctl enable-linger {{ tomcat_instance_name }}"
changed_when: false changed_when: False
- name: Set systemd conf var - name: Set systemd conf var
lineinfile: lineinfile:

View File

@ -25,7 +25,7 @@
- name: Generate random password - name: Generate random password
command: apg -n1 -m 12 -M LCN command: apg -n1 -m 12 -M LCN
register: shell_password register: shell_password
changed_when: false changed_when: False
- name: Read mysql config from .my.cnf - name: Read mysql config from .my.cnf
set_fact: set_fact:
@ -48,13 +48,13 @@
- name: Configure site - name: Configure site
shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
changed_when: false changed_when: False
- name: Check if Wordpress is up to date - name: Check if Wordpress is up to date
shell: '{{ wordpress_wpcli }} core check-update | grep -q Success' shell: '{{ wordpress_wpcli }} core check-update | grep -q Success'
register: check_version register: check_version
check_mode: no check_mode: no
failed_when: false failed_when: False
changed_when: check_version.rc == 1 changed_when: check_version.rc == 1
- name: Update Wordpress - name: Update Wordpress
@ -65,17 +65,17 @@
- name: Install default plugin - name: Install default plugin
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}' shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}'
changed_when: false changed_when: False
loop: "{{ wordpress_plugins }}" loop: "{{ wordpress_plugins }}"
- name: Update default plugins - name: Update default plugins
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}' shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}'
changed_when: false changed_when: False
loop: "{{ wordpress_plugins }}" loop: "{{ wordpress_plugins }}"
- name: Activate default plugins - name: Activate default plugins
shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}' shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}'
changed_when: false changed_when: False
loop: "{{ wordpress_plugins }}" loop: "{{ wordpress_plugins }}"
- name: Send a summary mail - name: Send a summary mail