Add “when: not ansible_check_mode” to allow more --check
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
a1bad43b25
commit
fafff25c20
56 changed files with 188 additions and 20 deletions
|
@ -3,13 +3,16 @@
|
|||
service:
|
||||
name: apache2
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin-node
|
||||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
state: present
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
|
@ -44,6 +45,7 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
|
@ -54,3 +56,4 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
tags:
|
||||
- apache
|
||||
- ips
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
state: present
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Add log2mail config for Apache segfaults
|
||||
template:
|
||||
|
|
|
@ -53,6 +53,7 @@
|
|||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: basic modules are enabled
|
||||
apache2_module:
|
||||
|
@ -64,6 +65,7 @@
|
|||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
|
||||
- name: Copy Apache defaults config file
|
||||
|
@ -133,6 +135,7 @@
|
|||
when: apache_evolinux_default_enabled | bool
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: server_status.yml
|
||||
tags:
|
||||
|
@ -158,6 +161,7 @@
|
|||
when: envvar_grep_umask.rc != 0
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
@ -190,6 +194,7 @@
|
|||
replace: "{{ apache_logrotate_frequency }}"
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
||||
replace:
|
||||
|
@ -198,6 +203,7 @@
|
|||
replace: '\1 {{ apache_logrotate_rotate }}'
|
||||
tags:
|
||||
- apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: log2mail.yml
|
||||
when: apache_log2mail_include
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Install fcgi packages for Munin graphs"
|
||||
apt:
|
||||
|
@ -43,6 +44,7 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Apache has access to /var/log/munin/"
|
||||
file:
|
||||
|
@ -51,3 +53,4 @@
|
|||
tags:
|
||||
- apache
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -26,10 +26,12 @@
|
|||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_apache_serverstatus_suffix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: overwrite apache_serverstatus_suffix
|
||||
set_fact:
|
||||
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- debug:
|
||||
var: apache_serverstatus_suffix
|
||||
|
@ -40,12 +42,14 @@
|
|||
dest: /var/www/index.html
|
||||
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
replace: "{{ apache_serverstatus_suffix }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: add server-status suffix in default site index if missing
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '"/server-status-?"'
|
||||
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: add server-status suffix in default VHost
|
||||
replace:
|
||||
|
@ -53,12 +57,14 @@
|
|||
regexp: '<Location /server-status-?>'
|
||||
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
|
||||
notify: reload apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Munin configuration has a section for apache
|
||||
lineinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
line: "[apache_*]"
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apache-status URL is configured for Munin
|
||||
lineinfile:
|
||||
|
@ -68,3 +74,4 @@
|
|||
insertafter: "[apache_*]"
|
||||
create: no
|
||||
notify: restart munin-node
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
- etc-git
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Install and configure utilities
|
||||
include: utils.yml
|
||||
|
@ -18,4 +19,6 @@
|
|||
include: repositories.yml
|
||||
tags:
|
||||
- etc-git
|
||||
when: etc_git_config_repositories | bool
|
||||
when:
|
||||
- etc_git_config_repositories | bool
|
||||
- not ansible_check_mode
|
||||
|
|
|
@ -34,4 +34,4 @@
|
|||
- _usr_share_scripts.stat.isdir
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
value: "root@{{ ansible_fqdn | default('localhost') }}"
|
||||
tags:
|
||||
- etc-git
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ repository_path }}/.git is restricted to root"
|
||||
file:
|
||||
|
@ -49,6 +50,7 @@
|
|||
loop: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "does {{ repository_path }}/ have any commit?"
|
||||
command: "git log"
|
||||
|
@ -70,4 +72,4 @@
|
|||
register: git_commit
|
||||
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
|
||||
tags:
|
||||
- etc-git
|
||||
- etc-git
|
||||
|
|
|
@ -1,14 +1,17 @@
|
|||
- name: newaliases
|
||||
command: newaliases
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Test Apache conf
|
||||
command: apache2ctl -t
|
||||
notify: "Reload Apache conf"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload apache2
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apt update
|
||||
apt:
|
||||
|
@ -18,8 +21,10 @@
|
|||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
|
||||
- debug:
|
||||
var: evocheck_run.stdout_lines
|
||||
when: evocheck_run.stdout | length > 0
|
||||
when:
|
||||
- not ansible_check_mode
|
||||
- evocheck_run.stdout | length > 0
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
|
|
@ -38,6 +38,7 @@
|
|||
owner: root
|
||||
group: ssl-cert
|
||||
mode: "0640"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create certificate for default site
|
||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||
|
|
|
@ -43,7 +43,9 @@
|
|||
state: present
|
||||
tags:
|
||||
- packages
|
||||
when: ansible_virtualization_role == "host"
|
||||
when:
|
||||
- ansible_virtualization_role == "host"
|
||||
- not ansible_check_mode
|
||||
|
||||
## RAID
|
||||
# Dell and others: MegaRAID SAS
|
||||
|
@ -108,6 +110,7 @@
|
|||
name: ssacli
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
when:
|
||||
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
|
||||
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
|
||||
|
@ -134,6 +137,7 @@
|
|||
state: present
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: cciss-vol-statusd init script is present (HP gen <10)
|
||||
template:
|
||||
|
@ -246,6 +250,7 @@
|
|||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- packages
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure packages for DELL/LSI hardware
|
||||
template:
|
||||
|
@ -263,6 +268,7 @@
|
|||
tags:
|
||||
- packages
|
||||
- config
|
||||
when: not ansible_check_mode
|
||||
when:
|
||||
- "'MegaRAID' in raidmodel.stdout"
|
||||
- evolinux_packages_hardware_raid | bool
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
daemon-reload: yes
|
||||
state: started
|
||||
enabled: yes
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: log2mail config is present
|
||||
blockinfile:
|
||||
|
@ -32,4 +33,5 @@
|
|||
notify: restart log2mail
|
||||
tags:
|
||||
- log2mail
|
||||
when: not ansible_check_mode
|
||||
|
||||
|
|
|
@ -89,7 +89,9 @@
|
|||
apt:
|
||||
name: serveur-base
|
||||
allow_unauthenticated: yes
|
||||
when: evolinux_packages_serveur_base | bool
|
||||
when:
|
||||
- evolinux_packages_serveur_base | bool
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Install/Update packages for Stretch and later
|
||||
apt:
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
notify: reload postfix
|
||||
tags:
|
||||
- postfix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: configure postfix mynetworks
|
||||
lineinfile:
|
||||
|
@ -30,6 +31,7 @@
|
|||
notify: reload postfix
|
||||
tags:
|
||||
- postfix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: fetch users list
|
||||
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
|
||||
|
@ -48,7 +50,9 @@
|
|||
line: "{{ item }}: root"
|
||||
loop: "{{ non_root_users_list.stdout_lines }}"
|
||||
notify: newaliases
|
||||
when: evolinux_postfix_users_alias_root | bool
|
||||
when:
|
||||
- evolinux_postfix_users_alias_root | bool
|
||||
- not ansible_check_mode
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
@ -65,7 +69,9 @@
|
|||
- error
|
||||
- bounce
|
||||
notify: newaliases
|
||||
when: evolinux_postfix_mailer_alias_root | bool
|
||||
when:
|
||||
- evolinux_postfix_mailer_alias_root | bool
|
||||
- not ansible_check_mode
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
@ -75,7 +81,9 @@
|
|||
regexp: "^root:"
|
||||
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
||||
notify: newaliases
|
||||
when: evolinux_postfix_root_alias | bool
|
||||
when:
|
||||
- evolinux_postfix_root_alias | bool
|
||||
- not ansible_check_mode
|
||||
tags:
|
||||
- postfix
|
||||
|
||||
|
|
|
@ -161,6 +161,7 @@
|
|||
insertafter: EOF
|
||||
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
|
||||
when: grep_profile_evomaintenance.rc != 0
|
||||
when: not ansible_check_mode
|
||||
|
||||
# SSH keys
|
||||
|
||||
|
@ -192,5 +193,6 @@
|
|||
when:
|
||||
- user.ssh_keys is defined
|
||||
- user.ssh_keys | length > 0
|
||||
- not ansible_check_mode
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -3,13 +3,16 @@
|
|||
service:
|
||||
name: haproxy
|
||||
state: reloaded
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart haproxy
|
||||
service:
|
||||
name: haproxy
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin-node
|
||||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -123,6 +123,7 @@
|
|||
tags:
|
||||
- haproxy
|
||||
- logrotate
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Rotate logs with nodelaycompress
|
||||
lineinfile:
|
||||
|
@ -133,6 +134,7 @@
|
|||
tags:
|
||||
- haproxy
|
||||
- logrotate
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Set net.ipv4.ip_nonlocal_bind
|
||||
sysctl:
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
template:
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
lineinfile:
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
lineinfile:
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
register: container_exists
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Create container {{ name }}"
|
||||
lxc_container:
|
||||
|
@ -13,6 +14,7 @@
|
|||
state: stopped
|
||||
template_options: "--arch amd64 --release {{ release }}"
|
||||
when: container_exists.stdout_lines | length == 0
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Disable network configuration inside container {{ name }}"
|
||||
replace:
|
||||
|
@ -20,12 +22,14 @@
|
|||
regexp: "^#CONFIGURE_INTERFACES=yes"
|
||||
replace: CONFIGURE_INTERFACES=no
|
||||
when: lxc_network_type == "none"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
|
||||
lineinfile:
|
||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
|
||||
line: "NETDOWN=no"
|
||||
when: lxc_network_type == "none" and release == "jessie"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
|
||||
file:
|
||||
|
@ -44,6 +48,7 @@
|
|||
lineinfile:
|
||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
|
||||
line: "127.0.0.1 {{ name }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Fix permission on /dev for container {{ name }}"
|
||||
lineinfile:
|
||||
|
@ -51,6 +56,7 @@
|
|||
line: "chmod 755 /dev"
|
||||
insertbefore: "^exit 0$"
|
||||
when: release == 'jessie'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Ensure that {{ name }} container is running"
|
||||
lxc_container:
|
||||
|
|
|
@ -48,6 +48,7 @@
|
|||
changed_when: false
|
||||
check_mode: no
|
||||
register: check_fs_options
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Check if options are correct
|
||||
assert:
|
||||
|
@ -56,6 +57,7 @@
|
|||
- "'noexec' not in check_fs_options.stdout"
|
||||
- "'nosuid' not in check_fs_options.stdout"
|
||||
msg: "LXC directory is in a filesystem with incompatible options"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create containers
|
||||
include: create-container.yml
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
insertbefore: '^# Main interface'
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: End marker for IP addresses
|
||||
lineinfile:
|
||||
|
@ -37,6 +38,7 @@
|
|||
create: no
|
||||
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
|
||||
insertafter: '^PRIVILEGIEDIPS='
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Verify that at least 1 trusted IP is provided
|
||||
assert:
|
||||
|
@ -84,6 +86,7 @@
|
|||
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ips
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Begin marker for ports
|
||||
lineinfile:
|
||||
|
@ -91,6 +94,7 @@
|
|||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertbefore: '^# Protected services'
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: End marker for ports
|
||||
lineinfile:
|
||||
|
@ -98,6 +102,7 @@
|
|||
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||
insertafter: '^SERVICESUDP3='
|
||||
create: no
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure ports
|
||||
blockinfile:
|
||||
|
@ -122,6 +127,7 @@
|
|||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||
create: no
|
||||
register: minifirewall_config_ports
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Configure DNSSERVEURS
|
||||
lineinfile:
|
||||
|
@ -193,7 +199,9 @@
|
|||
line: "PROXY='{{ minifirewall_proxy }}'"
|
||||
regexp: "PROXY=('|\").*('|\")"
|
||||
create: no
|
||||
when: minifirewall_proxy is not none
|
||||
when:
|
||||
- minifirewall_proxy is not none
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Configure PROXYPORT
|
||||
lineinfile:
|
||||
|
@ -201,7 +209,9 @@
|
|||
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
||||
regexp: "PROXYPORT=('|\").*('|\")"
|
||||
create: no
|
||||
when: minifirewall_proxyport is not none
|
||||
when:
|
||||
- minifirewall_proxyport is not none
|
||||
- not ansible_check_mode
|
||||
|
||||
# Warning: keep double quotes for the value,
|
||||
# since we often reference a shell variable that needs to be interpolated
|
||||
|
@ -211,7 +221,9 @@
|
|||
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
||||
regexp: "PROXYBYPASS=('|\").*('|\")"
|
||||
create: no
|
||||
when: minifirewall_proxybypass is not none
|
||||
when:
|
||||
- minifirewall_proxyport is not none
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Configure BACKUPSERVERS
|
||||
lineinfile:
|
||||
|
@ -219,7 +231,9 @@
|
|||
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
||||
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
||||
create: no
|
||||
when: minifirewall_backupservers is not none
|
||||
when:
|
||||
- minifirewall_backupservers is not none
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
||||
lineinfile:
|
||||
|
|
|
@ -4,12 +4,14 @@
|
|||
service:
|
||||
name: munin-node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart munin_node
|
||||
service:
|
||||
name: munin_node
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: systemd daemon-reload
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
daemon_reload: yes
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- munin
|
||||
|
||||
|
@ -79,6 +80,7 @@
|
|||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Enable sensors_ plugin on dedicated hardware
|
||||
file:
|
||||
|
@ -92,6 +94,7 @@
|
|||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Enable ipmi_ plugin on dedicated hardware
|
||||
file:
|
||||
|
@ -105,6 +108,7 @@
|
|||
- temp
|
||||
- power
|
||||
- volts
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
|
|
|
@ -43,3 +43,4 @@
|
|||
- mysql_custom_datadir | length > 0
|
||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||
- not mysql_custom_datadir_test.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
|
|
@ -43,3 +43,4 @@
|
|||
- mysql_custom_logdir | length > 0
|
||||
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
||||
- not mysql_custom_logdir_test.stat.exists
|
||||
- not ansible_check_mode
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
tags:
|
||||
- mysql
|
||||
- services
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apg package is installed
|
||||
apt:
|
||||
|
|
|
@ -28,6 +28,7 @@
|
|||
tags:
|
||||
- mysql
|
||||
- services
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: apg package is installed
|
||||
apt:
|
||||
|
@ -57,4 +58,4 @@
|
|||
tags:
|
||||
- mysql
|
||||
- packages
|
||||
when: ansible_python_version is version('3', '>=')
|
||||
when: ansible_python_version is version('3', '>=')
|
||||
|
|
|
@ -156,6 +156,7 @@
|
|||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||
state: link
|
||||
when: mysql_cron_optimize | bool
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
|
@ -248,4 +249,4 @@
|
|||
mode: "0755"
|
||||
force: no
|
||||
tags:
|
||||
- mysql
|
||||
- mysql
|
||||
|
|
|
@ -4,8 +4,10 @@
|
|||
service:
|
||||
name: nagios-nrpe-server
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -21,3 +21,4 @@
|
|||
notify: restart ntp
|
||||
tags:
|
||||
- ntp
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -14,7 +14,9 @@
|
|||
block: |
|
||||
# Used for Evoadmin-web
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
when: envvar_grep_path.rc != 0
|
||||
when:
|
||||
- envvar_grep_path.rc != 0
|
||||
- not ansible_check_mode
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
|
@ -34,6 +36,7 @@
|
|||
- negotiation
|
||||
- alias
|
||||
- log_forensic
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Copy Apache settings for modules
|
||||
copy:
|
||||
|
@ -60,3 +63,4 @@
|
|||
loop:
|
||||
- evolinux-evasive
|
||||
- evolinux-modsec
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
AllowFullYearView=3
|
||||
ErrorMessages="An error occured. Contact your Administrator"
|
||||
mode: "0644"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create conf-available/awstats-icon.conf file
|
||||
copy:
|
||||
|
@ -39,6 +40,7 @@
|
|||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
notify: reload apache
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Create awstats cron
|
||||
lineinfile:
|
||||
|
@ -46,6 +48,7 @@
|
|||
create: yes
|
||||
regexp: '-config=awstats'
|
||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Comment default awstat cron's tasks
|
||||
lineinfile:
|
||||
|
@ -54,3 +57,4 @@
|
|||
line: '#\1'
|
||||
backrefs: yes
|
||||
state: present
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -26,6 +26,7 @@
|
|||
dest: /var/www/index.html
|
||||
line: ' <li><a href="/info.php">Infos PHP</a></li>'
|
||||
regexp: "Infos PHP"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: install opcache.php
|
||||
copy:
|
||||
|
@ -38,6 +39,7 @@
|
|||
dest: /var/www/index.html
|
||||
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
|
||||
regexp: "Infos OpCache PHP"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Add elements to user account template
|
||||
file:
|
||||
|
@ -64,6 +66,7 @@
|
|||
loop:
|
||||
- access.log
|
||||
- error.log
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Install userlogrotate (jessie)"
|
||||
copy:
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
state: present
|
||||
name: proxy_fcgi
|
||||
notify: restart apache2
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
|
|
|
@ -65,10 +65,12 @@
|
|||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_packweb_phpmyadmin_suffix
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: overwrite packweb_phpmyadmin_suffix
|
||||
set_fact:
|
||||
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- debug:
|
||||
var: packweb_phpmyadmin_suffix
|
||||
|
@ -86,15 +88,18 @@
|
|||
Require all denied
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: enable phpmyadmin link in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
|
||||
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ packweb_phpmyadmin_suffix }}"
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -4,23 +4,28 @@
|
|||
service:
|
||||
name: php5-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.0-fpm
|
||||
service:
|
||||
name: php7.0-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.3-fpm
|
||||
service:
|
||||
name: php7.3-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php7.4-fpm
|
||||
service:
|
||||
name: php7.4-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: restart php8.1-fpm
|
||||
service:
|
||||
name: php8.1-fpm
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
file:
|
||||
dest: "{{ php_cli_custom_ini_file }}"
|
||||
mode: "0644"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony"
|
||||
ini_file:
|
||||
|
@ -36,3 +37,4 @@
|
|||
loop:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -79,12 +79,14 @@
|
|||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/{{ php_version }}
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 12)"
|
||||
file:
|
||||
dest: /etc/php/{{ php_version }}/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
@ -94,6 +96,7 @@
|
|||
dest: /etc/php/{{ php_version }}/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
@ -103,6 +106,7 @@
|
|||
dest: /etc/php/{{ php_version }}/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
||||
|
|
|
@ -68,12 +68,14 @@
|
|||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/7.4
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 11)"
|
||||
file:
|
||||
dest: /etc/php/7.4/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
@ -83,6 +85,7 @@
|
|||
dest: /etc/php/7.4/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
@ -92,6 +95,7 @@
|
|||
dest: /etc/php/7.4/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
||||
|
|
|
@ -68,12 +68,14 @@
|
|||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.3
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 10)"
|
||||
file:
|
||||
dest: /etc/php/7.3/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -83,6 +85,7 @@
|
|||
dest: /etc/php/7.3/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -92,6 +95,7 @@
|
|||
dest: /etc/php/7.3/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable | bool
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
file:
|
||||
dest: /etc/php5
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
|
||||
|
@ -63,6 +64,7 @@
|
|||
file:
|
||||
dest: /etc/php5/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -72,6 +74,7 @@
|
|||
dest: /etc/php5/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -81,3 +84,4 @@
|
|||
dest: /etc/php5/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -68,6 +68,7 @@
|
|||
loop:
|
||||
- /etc/php
|
||||
- /etc/php/7.0
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_cli.yml
|
||||
|
||||
|
@ -75,6 +76,7 @@
|
|||
file:
|
||||
dest: /etc/php/7.0/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable | bool
|
||||
|
@ -84,6 +86,7 @@
|
|||
dest: /etc/php/7.0/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable | bool
|
||||
|
@ -93,6 +96,7 @@
|
|||
dest: /etc/php/7.0/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable | bool
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
file:
|
||||
dest: /etc/php/7.4/cli
|
||||
mode: "0755"
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Symlink Evolix Apache config files from 7.4 to 7.0
|
||||
file:
|
||||
|
@ -31,6 +32,7 @@
|
|||
dest: /etc/php/7.4/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
||||
file:
|
||||
|
@ -50,3 +52,4 @@
|
|||
dest: /etc/php/7.4/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable | bool
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -3,3 +3,4 @@
|
|||
service:
|
||||
name: proftpd
|
||||
state: restarted
|
||||
when: not ansible_check_mode
|
||||
|
|
|
@ -70,6 +70,7 @@
|
|||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
when: not ansible_check_mode
|
||||
|
||||
- name: Put empty vpasswd file if missing
|
||||
copy:
|
||||
|
@ -92,6 +93,7 @@
|
|||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
when: not ansible_check_mode
|
||||
|
||||
- include: accounts.yml
|
||||
when: proftpd_accounts | length > 0
|
||||
|
|
|
@ -3,31 +3,38 @@
|
|||
service:
|
||||
name: munin-node
|
||||