Adds a bunch of checks for ubuntu to evolinux-base and evolinux-users

This feels a bit hacky, but it's the best I could come up with on short order
2019-07-04 20:06:22 -04:00 · 2019-07-04 20:06:22 -04:00 · c45ac84334
parent 9d8d0776d7
commit c45ac84334
6 changed files with 20 additions and 18 deletions
--- a/evolinux-base/tasks/ssh.yml
+++ b/evolinux-base/tasks/ssh.yml
@ -13,7 +13,7 @@
 # We want to allow any user from a list of IP addresses to login with password,
 # but users of the "evolix" group can't login with password from other IP addresses
- name: "Security directives for Evolinux (Debian 10 or later)"
+- name: "Security directives for Evolinux (Debian 10 and Ubuntu 18.04 or later)"
  blockinfile:
    dest: /etc/ssh/sshd_config
    marker: "# {mark} EVOLINUX PASSWORD RESTRICTIONS"
@ -27,7 +27,7 @@
  notify: reload sshd
  when:
    - evolinux_ssh_password_auth_addresses != []
-    - ansible_distribution_major_version | version_compare('10', '>=')
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('10', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
 - name: Security directives for Evolinux (Jessie/Stretch)
  blockinfile:
--- a/evolinux-base/tasks/system.yml
+++ b/evolinux-base/tasks/system.yml
@ -125,7 +125,7 @@
    mode: "0755"
  when:
    - evolinux_system_alert5_init
-    - ansible_lsb.codename == "jessie" or ansible_lsb.codename == "stretch"
+    - ansible_lsb.codename == "jessie" or ansible_lsb.codename == "stretch" or ansible_distribution == "Ubuntu"
 - name: Enable alert5 init script (jessie/stretch)
  service:
@ -134,7 +134,7 @@
  when:
    - evolinux_system_alert5_init
    - evolinux_system_alert5_enable
-    - ansible_lsb.codename == "jessie" or ansible_lsb.codename == "stretch"
+    - ansible_lsb.codename == "jessie" or ansible_lsb.codename == "stretch" or ansible_distribution == "Ubuntu"
--- a/evolinux-users/tasks/main.yml
+++ b/evolinux-users/tasks/main.yml
@ -3,9 +3,9 @@
 - name: "System compatibility checks"
  assert:
    that:
-      - ansible_distribution == "Debian"
+      - (ansible_distribution == "Debian") or (ansible_distribution == "Ubuntu")
-      - ansible_distribution_major_version | version_compare('8', '>=')
+      - (ansible_distribution_major_version | version_compare('8', '>=')) or (ansible_distribution_major_version | version_compare('18', '>='))
-    msg: only compatible with Debian >= 8
+    msg: only compatible with Debian >= 8 AND Ubuntu >= 18.04
 - debug:
    msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!"
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@ -28,9 +28,9 @@
 - set_fact:
    # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
-    ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('10', '>='))) }}"
+    ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and ((ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('10', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | version_compare('18', '>=')))) }}"
    # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
-    ssh_allowusers:  "{{ (grep_allowusers_ssh.rc == 0) or (grep_allowgroups_ssh.rc != 0 and (ansible_distribution_major_version | version_compare('10', '<'))) }}"
+    ssh_allowusers:  "{{ (grep_allowusers_ssh.rc == 0) or (grep_allowgroups_ssh.rc != 0 and (ansible_distribution == 'Debian' and ansible_distribution_major_version | version_compare('10', '<'))) }}"
 - debug:
    var: ssh_allowgroups
--- a/evolinux-users/tasks/sudo.yml
+++ b/evolinux-users/tasks/sudo.yml
@ -4,6 +4,6 @@
  when: ansible_lsb.codename == "jessie"
 - include: sudo_stretch.yml
-  when: ansible_distribution_major_version | version_compare('9', '>=')
+  when: (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('9', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
 - meta: flush_handlers
--- a/evolinux-users/tasks/user.yml
+++ b/evolinux-users/tasks/user.yml
@ -59,31 +59,32 @@
 ## Group for SSH authorizations
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
+- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 and Ubuntu 18 or later)"
  group:
    name: "{{ evolinux_ssh_group }}"
    state: present
-  when: ansible_distribution_major_version | version_compare('10', '>=')
+  when: (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('10', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_ssh_group }}' (Debian 10 or later)"
+- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_ssh_group }}' (Debian 10 and Ubuntu 18 or later)"
  user:
    name: '{{ user.name }}'
    groups: "{{ evolinux_ssh_group }}"
    append: yes
-  when: ansible_distribution_major_version | version_compare('10', '>=')
+  when: (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('10', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
 ## Optional group for all evolinux users
- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
+- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 and Ubuntu 18 or later)"
  group:
    name: "{{ evolinux_internal_group }}"
    state: present
  when:
    - evolinux_internal_group is defined
    - evolinux_internal_group != ""
-    - ansible_distribution_major_version | version_compare('9', '>=')
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('9', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
+
 - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 and Ubuntu 18 or later)"
  user:
    name: '{{ user.name }}'
    groups: "{{ evolinux_internal_group }}"
@ -91,7 +92,8 @@
  when:
    - evolinux_internal_group is defined
    - evolinux_internal_group != ""
-    - ansible_distribution_major_version | version_compare('9', '>=')
+    - (ansible_distribution == "Debian" and ansible_distribution_major_version | version_compare('9', '>=')) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | version_compare('18', '>='))
 ## Optional secondary groups, defined per user