From fafff25c202095e7d140fb70ba6c4c7461bb1c05 Mon Sep 17 00:00:00 2001 From: David Prevot Date: Thu, 1 Dec 2022 18:18:25 +0100 Subject: [PATCH] =?UTF-8?q?Add=20=E2=80=9Cwhen:=20not=20ansible=5Fcheck=5F?= =?UTF-8?q?mode=E2=80=9D=20to=20allow=20more=20--check?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apache/handlers/main.yml | 3 +++ apache/tasks/auth.yml | 3 +++ apache/tasks/ip_whitelist.yml | 1 + apache/tasks/log2mail.yml | 1 + apache/tasks/main.yml | 6 ++++++ apache/tasks/munin.yml | 3 +++ apache/tasks/server_status.yml | 7 +++++++ etc-git/tasks/main.yml | 5 ++++- etc-git/tasks/repositories.yml | 2 +- etc-git/tasks/repository.yml | 4 +++- evoacme/handlers/main.yml | 5 +++++ evocheck/tasks/exec.yml | 4 +++- evolinux-base/tasks/default_www.yml | 1 + evolinux-base/tasks/hardware.yml | 8 +++++++- evolinux-base/tasks/log2mail.yml | 2 ++ evolinux-base/tasks/packages.yml | 4 +++- evolinux-base/tasks/postfix.yml | 14 +++++++++++--- evolinux-users/tasks/user.yml | 2 ++ haproxy/handlers/main.yml | 3 +++ haproxy/tasks/main.yml | 2 ++ lxc-php/tasks/php74.yml | 1 + lxc-php/tasks/php80.yml | 1 + lxc-php/tasks/php81.yml | 1 + lxc/tasks/create-container.yml | 6 ++++++ lxc/tasks/main.yml | 2 ++ minifirewall/tasks/config.yml | 22 ++++++++++++++++++---- munin/handlers/main.yml | 4 +++- munin/tasks/main.yml | 4 ++++ mysql/tasks/datadir.yml | 1 + mysql/tasks/logdir.yml | 1 + mysql/tasks/packages_jessie.yml | 1 + mysql/tasks/packages_stretch.yml | 3 ++- mysql/tasks/utils.yml | 3 ++- nagios-nrpe/handlers/main.yml | 2 ++ ntpd/tasks/main.yml | 1 + packweb-apache/tasks/apache.yml | 6 +++++- packweb-apache/tasks/awstats.yml | 4 ++++ packweb-apache/tasks/main.yml | 3 +++ packweb-apache/tasks/multiphp.yml | 1 + packweb-apache/tasks/phpmyadmin.yml | 5 +++++ php/handlers/main.yml | 5 +++++ php/tasks/config_cli.yml | 2 ++ php/tasks/main_bookworm.yml | 4 ++++ php/tasks/main_bullseye.yml | 4 ++++ php/tasks/main_buster.yml | 4 ++++ php/tasks/main_jessie.yml | 4 ++++ php/tasks/main_stretch.yml | 4 ++++ php/tasks/sury_post.yml | 3 +++ proftpd/handlers/main.yml | 1 + proftpd/tasks/main.yml | 2 ++ squid/handlers/main.yml | 7 +++++++ squid/tasks/main.yml | 1 + webapps/evoadmin-web/tasks/ftp.yml | 1 + webapps/evoadmin-web/tasks/main.yml | 5 ++++- webapps/evoadmin-web/tasks/ssl.yml | 1 + webapps/evoadmin-web/tasks/user.yml | 8 ++++++-- 56 files changed, 188 insertions(+), 20 deletions(-) diff --git a/apache/handlers/main.yml b/apache/handlers/main.yml index 96daa368..931e9c94 100644 --- a/apache/handlers/main.yml +++ b/apache/handlers/main.yml @@ -3,13 +3,16 @@ service: name: apache2 state: restarted + when: not ansible_check_mode - name: reload apache service: name: apache2 state: reloaded + when: not ansible_check_mode - name: restart munin-node service: name: munin-node state: restarted + when: not ansible_check_mode diff --git a/apache/tasks/auth.yml b/apache/tasks/auth.yml index fd01517c..bebd39e9 100644 --- a/apache/tasks/auth.yml +++ b/apache/tasks/auth.yml @@ -22,6 +22,7 @@ state: present tags: - apache + when: not ansible_check_mode - name: Copy private_htpasswd copy: @@ -44,6 +45,7 @@ notify: reload apache tags: - apache + when: not ansible_check_mode - name: remove user:pwd from private htpasswd lineinfile: @@ -54,3 +56,4 @@ notify: reload apache tags: - apache + when: not ansible_check_mode diff --git a/apache/tasks/ip_whitelist.yml b/apache/tasks/ip_whitelist.yml index 18f4a681..a40d6075 100644 --- a/apache/tasks/ip_whitelist.yml +++ b/apache/tasks/ip_whitelist.yml @@ -10,6 +10,7 @@ tags: - apache - ips + when: not ansible_check_mode - name: remove IP addresses from private IP whitelist lineinfile: diff --git a/apache/tasks/log2mail.yml b/apache/tasks/log2mail.yml index 3b0650b7..daf59db9 100644 --- a/apache/tasks/log2mail.yml +++ b/apache/tasks/log2mail.yml @@ -6,6 +6,7 @@ state: present tags: - apache + when: not ansible_check_mode - name: Add log2mail config for Apache segfaults template: diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index 1a028205..f6763278 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -53,6 +53,7 @@ notify: reload apache tags: - apache + when: not ansible_check_mode - name: basic modules are enabled apache2_module: @@ -64,6 +65,7 @@ when: apache_mpm == "prefork" or apache_mpm == "itk" tags: - apache + when: not ansible_check_mode - name: Copy Apache defaults config file @@ -133,6 +135,7 @@ when: apache_evolinux_default_enabled | bool tags: - apache + when: not ansible_check_mode - include: server_status.yml tags: @@ -158,6 +161,7 @@ when: envvar_grep_umask.rc != 0 tags: - apache + when: not ansible_check_mode - include_role: name: evolix/remount-usr @@ -190,6 +194,7 @@ replace: "{{ apache_logrotate_frequency }}" tags: - apache + when: not ansible_check_mode - name: "logrotate: rotate {{ apache_logrotate_rotate }}" replace: @@ -198,6 +203,7 @@ replace: '\1 {{ apache_logrotate_rotate }}' tags: - apache + when: not ansible_check_mode - include: log2mail.yml when: apache_log2mail_include diff --git a/apache/tasks/munin.yml b/apache/tasks/munin.yml index fe07a5cf..b9602511 100644 --- a/apache/tasks/munin.yml +++ b/apache/tasks/munin.yml @@ -23,6 +23,7 @@ tags: - apache - munin + when: not ansible_check_mode - name: "Install fcgi packages for Munin graphs" apt: @@ -43,6 +44,7 @@ tags: - apache - munin + when: not ansible_check_mode - name: "Apache has access to /var/log/munin/" file: @@ -51,3 +53,4 @@ tags: - apache - munin + when: not ansible_check_mode diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml index efd2b00e..fa54090f 100644 --- a/apache/tasks/server_status.yml +++ b/apache/tasks/server_status.yml @@ -26,10 +26,12 @@ changed_when: False check_mode: no register: new_apache_serverstatus_suffix + when: not ansible_check_mode - name: overwrite apache_serverstatus_suffix set_fact: apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}" + when: not ansible_check_mode - debug: var: apache_serverstatus_suffix @@ -40,12 +42,14 @@ dest: /var/www/index.html regexp: '__SERVERSTATUS_SUFFIX__' replace: "{{ apache_serverstatus_suffix }}" + when: not ansible_check_mode - name: add server-status suffix in default site index if missing replace: dest: /var/www/index.html regexp: '"/server-status-?"' replace: '"/server-status-{{ apache_serverstatus_suffix }}"' + when: not ansible_check_mode - name: add server-status suffix in default VHost replace: @@ -53,12 +57,14 @@ regexp: '' replace: '' notify: reload apache + when: not ansible_check_mode - name: Munin configuration has a section for apache lineinfile: dest: /etc/munin/plugin-conf.d/munin-node line: "[apache_*]" create: no + when: not ansible_check_mode - name: apache-status URL is configured for Munin lineinfile: @@ -68,3 +74,4 @@ insertafter: "[apache_*]" create: no notify: restart munin-node + when: not ansible_check_mode diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index f71ba552..e29d249f 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -8,6 +8,7 @@ - etc-git when: - ansible_distribution == "Debian" + - not ansible_check_mode - name: Install and configure utilities include: utils.yml @@ -18,4 +19,6 @@ include: repositories.yml tags: - etc-git - when: etc_git_config_repositories | bool \ No newline at end of file + when: + - etc_git_config_repositories | bool + - not ansible_check_mode diff --git a/etc-git/tasks/repositories.yml b/etc-git/tasks/repositories.yml index 71ff0665..27bba9c3 100644 --- a/etc-git/tasks/repositories.yml +++ b/etc-git/tasks/repositories.yml @@ -34,4 +34,4 @@ - _usr_share_scripts.stat.isdir - ansible_distribution_major_version is version('10', '>=') tags: - - etc-git \ No newline at end of file + - etc-git diff --git a/etc-git/tasks/repository.yml b/etc-git/tasks/repository.yml index 80987da2..b1619c03 100644 --- a/etc-git/tasks/repository.yml +++ b/etc-git/tasks/repository.yml @@ -22,6 +22,7 @@ value: "root@{{ ansible_fqdn | default('localhost') }}" tags: - etc-git + when: not ansible_check_mode - name: "{{ repository_path }}/.git is restricted to root" file: @@ -49,6 +50,7 @@ loop: "{{ gitignore_items | default([]) }}" tags: - etc-git + when: not ansible_check_mode - name: "does {{ repository_path }}/ have any commit?" command: "git log" @@ -70,4 +72,4 @@ register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init is changed) tags: - - etc-git \ No newline at end of file + - etc-git diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml index 1ea11783..fb817eb7 100644 --- a/evoacme/handlers/main.yml +++ b/evoacme/handlers/main.yml @@ -1,14 +1,17 @@ - name: newaliases command: newaliases + when: not ansible_check_mode - name: Test Apache conf command: apache2ctl -t notify: "Reload Apache conf" + when: not ansible_check_mode - name: reload apache2 service: name: apache2 state: reloaded + when: not ansible_check_mode - name: apt update apt: @@ -18,8 +21,10 @@ service: name: squid3 state: reloaded + when: not ansible_check_mode - name: reload squid service: name: squid state: reloaded + when: not ansible_check_mode diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml index 306cf019..1338a97b 100644 --- a/evocheck/tasks/exec.yml +++ b/evocheck/tasks/exec.yml @@ -10,6 +10,8 @@ - debug: var: evocheck_run.stdout_lines - when: evocheck_run.stdout | length > 0 + when: + - not ansible_check_mode + - evocheck_run.stdout | length > 0 tags: - evocheck-exec diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 84580b54..4d8905b5 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -38,6 +38,7 @@ owner: root group: ssl-cert mode: "0640" + when: not ansible_check_mode - name: Create certificate for default site command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index 7ebecc82..d8a966d8 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -43,7 +43,9 @@ state: present tags: - packages - when: ansible_virtualization_role == "host" + when: + - ansible_virtualization_role == "host" + - not ansible_check_mode ## RAID # Dell and others: MegaRAID SAS @@ -108,6 +110,7 @@ name: ssacli tags: - packages + when: not ansible_check_mode when: - "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" - "'Adaptec Smart Storage PQI' in raidmodel.stdout" @@ -134,6 +137,7 @@ state: present tags: - packages + when: not ansible_check_mode - name: cciss-vol-statusd init script is present (HP gen <10) template: @@ -246,6 +250,7 @@ allow_unauthenticated: yes tags: - packages + when: not ansible_check_mode - name: Configure packages for DELL/LSI hardware template: @@ -263,6 +268,7 @@ tags: - packages - config + when: not ansible_check_mode when: - "'MegaRAID' in raidmodel.stdout" - evolinux_packages_hardware_raid | bool diff --git a/evolinux-base/tasks/log2mail.yml b/evolinux-base/tasks/log2mail.yml index 35ce19cf..25937b3e 100644 --- a/evolinux-base/tasks/log2mail.yml +++ b/evolinux-base/tasks/log2mail.yml @@ -16,6 +16,7 @@ daemon-reload: yes state: started enabled: yes + when: not ansible_check_mode - name: log2mail config is present blockinfile: @@ -32,4 +33,5 @@ notify: restart log2mail tags: - log2mail + when: not ansible_check_mode diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index b4a1d666..ad72ed55 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -89,7 +89,9 @@ apt: name: serveur-base allow_unauthenticated: yes - when: evolinux_packages_serveur_base | bool + when: + - evolinux_packages_serveur_base | bool + - not ansible_check_mode - name: Install/Update packages for Stretch and later apt: diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml index 6a46548b..53017d1f 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/postfix.yml @@ -20,6 +20,7 @@ notify: reload postfix tags: - postfix + when: not ansible_check_mode - name: configure postfix mynetworks lineinfile: @@ -30,6 +31,7 @@ notify: reload postfix tags: - postfix + when: not ansible_check_mode - name: fetch users list shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root" @@ -48,7 +50,9 @@ line: "{{ item }}: root" loop: "{{ non_root_users_list.stdout_lines }}" notify: newaliases - when: evolinux_postfix_users_alias_root | bool + when: + - evolinux_postfix_users_alias_root | bool + - not ansible_check_mode tags: - postfix @@ -65,7 +69,9 @@ - error - bounce notify: newaliases - when: evolinux_postfix_mailer_alias_root | bool + when: + - evolinux_postfix_mailer_alias_root | bool + - not ansible_check_mode tags: - postfix @@ -75,7 +81,9 @@ regexp: "^root:" line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}" notify: newaliases - when: evolinux_postfix_root_alias | bool + when: + - evolinux_postfix_root_alias | bool + - not ansible_check_mode tags: - postfix diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index 0f8bd480..50af1812 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -161,6 +161,7 @@ insertafter: EOF line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0' when: grep_profile_evomaintenance.rc != 0 + when: not ansible_check_mode # SSH keys @@ -192,5 +193,6 @@ when: - user.ssh_keys is defined - user.ssh_keys | length > 0 + - not ansible_check_mode - meta: flush_handlers diff --git a/haproxy/handlers/main.yml b/haproxy/handlers/main.yml index 9cf3b9cb..24378067 100644 --- a/haproxy/handlers/main.yml +++ b/haproxy/handlers/main.yml @@ -3,13 +3,16 @@ service: name: haproxy state: reloaded + when: not ansible_check_mode - name: restart haproxy service: name: haproxy state: restarted + when: not ansible_check_mode - name: restart munin-node service: name: munin-node state: restarted + when: not ansible_check_mode diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index d38e83af..62664415 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -123,6 +123,7 @@ tags: - haproxy - logrotate + when: not ansible_check_mode - name: Rotate logs with nodelaycompress lineinfile: @@ -133,6 +134,7 @@ tags: - haproxy - logrotate + when: not ansible_check_mode - name: Set net.ipv4.ip_nonlocal_bind sysctl: diff --git a/lxc-php/tasks/php74.yml b/lxc-php/tasks/php74.yml index 64677009..85211747 100644 --- a/lxc-php/tasks/php74.yml +++ b/lxc-php/tasks/php74.yml @@ -10,6 +10,7 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' + when: not ansible_check_mode - name: "{{ lxc_php_version }} - Copy evolinux PHP configuration" template: diff --git a/lxc-php/tasks/php80.yml b/lxc-php/tasks/php80.yml index b0ff90fe..98b2c4d8 100644 --- a/lxc-php/tasks/php80.yml +++ b/lxc-php/tasks/php80.yml @@ -10,6 +10,7 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' + when: not ansible_check_mode - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: diff --git a/lxc-php/tasks/php81.yml b/lxc-php/tasks/php81.yml index 91dc38e1..6ca43148 100644 --- a/lxc-php/tasks/php81.yml +++ b/lxc-php/tasks/php81.yml @@ -10,6 +10,7 @@ dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list" regexp: 'bullseye/updates' replace: 'bullseye-security' + when: not ansible_check_mode - name: "{{ lxc_php_version }} - Add sury repo" lineinfile: diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml index ad4f35d6..b841bb67 100644 --- a/lxc/tasks/create-container.yml +++ b/lxc/tasks/create-container.yml @@ -4,6 +4,7 @@ changed_when: false check_mode: no register: container_exists + when: not ansible_check_mode - name: "Create container {{ name }}" lxc_container: @@ -13,6 +14,7 @@ state: stopped template_options: "--arch amd64 --release {{ release }}" when: container_exists.stdout_lines | length == 0 + when: not ansible_check_mode - name: "Disable network configuration inside container {{ name }}" replace: @@ -20,12 +22,14 @@ regexp: "^#CONFIGURE_INTERFACES=yes" replace: CONFIGURE_INTERFACES=no when: lxc_network_type == "none" + when: not ansible_check_mode - name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)" lineinfile: name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt" line: "NETDOWN=no" when: lxc_network_type == "none" and release == "jessie" + when: not ansible_check_mode - name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)" file: @@ -44,6 +48,7 @@ lineinfile: name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts" line: "127.0.0.1 {{ name }}" + when: not ansible_check_mode - name: "Fix permission on /dev for container {{ name }}" lineinfile: @@ -51,6 +56,7 @@ line: "chmod 755 /dev" insertbefore: "^exit 0$" when: release == 'jessie' + when: not ansible_check_mode - name: "Ensure that {{ name }} container is running" lxc_container: diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml index 3ec586bd..6f9f0875 100644 --- a/lxc/tasks/main.yml +++ b/lxc/tasks/main.yml @@ -48,6 +48,7 @@ changed_when: false check_mode: no register: check_fs_options + when: not ansible_check_mode - name: Check if options are correct assert: @@ -56,6 +57,7 @@ - "'noexec' not in check_fs_options.stdout" - "'nosuid' not in check_fs_options.stdout" msg: "LXC directory is in a filesystem with incompatible options" + when: not ansible_check_mode - name: Create containers include: create-container.yml diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index b0a1d7a6..ae38ff4d 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -30,6 +30,7 @@ line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS" insertbefore: '^# Main interface' create: no + when: not ansible_check_mode - name: End marker for IP addresses lineinfile: @@ -37,6 +38,7 @@ create: no line: "# END ANSIBLE MANAGED BLOCK FOR IPS" insertafter: '^PRIVILEGIEDIPS=' + when: not ansible_check_mode - name: Verify that at least 1 trusted IP is provided assert: @@ -84,6 +86,7 @@ PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}' create: no register: minifirewall_config_ips + when: not ansible_check_mode - name: Begin marker for ports lineinfile: @@ -91,6 +94,7 @@ line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS" insertbefore: '^# Protected services' create: no + when: not ansible_check_mode - name: End marker for ports lineinfile: @@ -98,6 +102,7 @@ line: "# END ANSIBLE MANAGED BLOCK FOR PORTS" insertafter: '^SERVICESUDP3=' create: no + when: not ansible_check_mode - name: Configure ports blockinfile: @@ -122,6 +127,7 @@ SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}' create: no register: minifirewall_config_ports + when: not ansible_check_mode - name: Configure DNSSERVEURS lineinfile: @@ -193,7 +199,9 @@ line: "PROXY='{{ minifirewall_proxy }}'" regexp: "PROXY=('|\").*('|\")" create: no - when: minifirewall_proxy is not none + when: + - minifirewall_proxy is not none + - not ansible_check_mode - name: Configure PROXYPORT lineinfile: @@ -201,7 +209,9 @@ line: "PROXYPORT='{{ minifirewall_proxyport }}'" regexp: "PROXYPORT=('|\").*('|\")" create: no - when: minifirewall_proxyport is not none + when: + - minifirewall_proxyport is not none + - not ansible_check_mode # Warning: keep double quotes for the value, # since we often reference a shell variable that needs to be interpolated @@ -211,7 +221,9 @@ line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\"" regexp: "PROXYBYPASS=('|\").*('|\")" create: no - when: minifirewall_proxybypass is not none + when: + - minifirewall_proxyport is not none + - not ansible_check_mode - name: Configure BACKUPSERVERS lineinfile: @@ -219,7 +231,9 @@ line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'" regexp: "BACKUPSERVERS=('|\").*('|\")" create: no - when: minifirewall_backupservers is not none + when: + - minifirewall_backupservers is not none + - not ansible_check_mode - name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS lineinfile: diff --git a/munin/handlers/main.yml b/munin/handlers/main.yml index 8654181d..6dcd127d 100644 --- a/munin/handlers/main.yml +++ b/munin/handlers/main.yml @@ -4,12 +4,14 @@ service: name: munin-node state: restarted + when: not ansible_check_mode - name: restart munin_node service: name: munin_node state: restarted + when: not ansible_check_mode - name: systemd daemon-reload systemd: - daemon_reload: yes \ No newline at end of file + daemon_reload: yes diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index a4ea9a49..f4aab7c6 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -33,6 +33,7 @@ notify: restart munin-node when: not ansible_hostname == "localdomain" + when: not ansible_check_mode tags: - munin @@ -79,6 +80,7 @@ notify: restart munin-node tags: - munin + when: not ansible_check_mode - name: Enable sensors_ plugin on dedicated hardware file: @@ -92,6 +94,7 @@ notify: restart munin-node tags: - munin + when: not ansible_check_mode - name: Enable ipmi_ plugin on dedicated hardware file: @@ -105,6 +108,7 @@ - temp - power - volts + when: not ansible_check_mode - name: adjustments for grsec kernel blockinfile: diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml index c375f5d5..da4af342 100644 --- a/mysql/tasks/datadir.yml +++ b/mysql/tasks/datadir.yml @@ -43,3 +43,4 @@ - mysql_custom_datadir | length > 0 - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists + - not ansible_check_mode diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml index bd6ecab2..1779667a 100644 --- a/mysql/tasks/logdir.yml +++ b/mysql/tasks/logdir.yml @@ -43,3 +43,4 @@ - mysql_custom_logdir | length > 0 - mysql_custom_logdir != mysql_current_real_logdir_test.stdout - not mysql_custom_logdir_test.stat.exists + - not ansible_check_mode diff --git a/mysql/tasks/packages_jessie.yml b/mysql/tasks/packages_jessie.yml index 652eace7..99c89d8a 100644 --- a/mysql/tasks/packages_jessie.yml +++ b/mysql/tasks/packages_jessie.yml @@ -42,6 +42,7 @@ tags: - mysql - services + when: not ansible_check_mode - name: apg package is installed apt: diff --git a/mysql/tasks/packages_stretch.yml b/mysql/tasks/packages_stretch.yml index 880f5050..34e4d2b6 100644 --- a/mysql/tasks/packages_stretch.yml +++ b/mysql/tasks/packages_stretch.yml @@ -28,6 +28,7 @@ tags: - mysql - services + when: not ansible_check_mode - name: apg package is installed apt: @@ -57,4 +58,4 @@ tags: - mysql - packages - when: ansible_python_version is version('3', '>=') \ No newline at end of file + when: ansible_python_version is version('3', '>=') diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index 1ac8f2df..9ae7fd15 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -156,6 +156,7 @@ dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh state: link when: mysql_cron_optimize | bool + when: not ansible_check_mode tags: - mysql @@ -248,4 +249,4 @@ mode: "0755" force: no tags: - - mysql \ No newline at end of file + - mysql diff --git a/nagios-nrpe/handlers/main.yml b/nagios-nrpe/handlers/main.yml index 25ab29ad..de27314f 100644 --- a/nagios-nrpe/handlers/main.yml +++ b/nagios-nrpe/handlers/main.yml @@ -4,8 +4,10 @@ service: name: nagios-nrpe-server state: restarted + when: not ansible_check_mode - name: restart nrpe service: name: nrpe state: restarted + when: not ansible_check_mode diff --git a/ntpd/tasks/main.yml b/ntpd/tasks/main.yml index 2d66d765..ae4a97c5 100644 --- a/ntpd/tasks/main.yml +++ b/ntpd/tasks/main.yml @@ -21,3 +21,4 @@ notify: restart ntp tags: - ntp + when: not ansible_check_mode diff --git a/packweb-apache/tasks/apache.yml b/packweb-apache/tasks/apache.yml index 96c11e3a..c2efd93f 100644 --- a/packweb-apache/tasks/apache.yml +++ b/packweb-apache/tasks/apache.yml @@ -14,7 +14,9 @@ block: | # Used for Evoadmin-web export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - when: envvar_grep_path.rc != 0 + when: + - envvar_grep_path.rc != 0 + - not ansible_check_mode - name: Additional packages are installed apt: @@ -34,6 +36,7 @@ - negotiation - alias - log_forensic + when: not ansible_check_mode - name: Copy Apache settings for modules copy: @@ -60,3 +63,4 @@ loop: - evolinux-evasive - evolinux-modsec + when: not ansible_check_mode diff --git a/packweb-apache/tasks/awstats.yml b/packweb-apache/tasks/awstats.yml index 5ea0fa57..a423aaf8 100644 --- a/packweb-apache/tasks/awstats.yml +++ b/packweb-apache/tasks/awstats.yml @@ -22,6 +22,7 @@ AllowFullYearView=3 ErrorMessages="An error occured. Contact your Administrator" mode: "0644" + when: not ansible_check_mode - name: Create conf-available/awstats-icon.conf file copy: @@ -39,6 +40,7 @@ register: command_result changed_when: "'Enabling' in command_result.stderr" notify: reload apache + when: not ansible_check_mode - name: Create awstats cron lineinfile: @@ -46,6 +48,7 @@ create: yes regexp: '-config=awstats' line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null" + when: not ansible_check_mode - name: Comment default awstat cron's tasks lineinfile: @@ -54,3 +57,4 @@ line: '#\1' backrefs: yes state: present + when: not ansible_check_mode diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml index ff3cd9a7..58b2047c 100644 --- a/packweb-apache/tasks/main.yml +++ b/packweb-apache/tasks/main.yml @@ -26,6 +26,7 @@ dest: /var/www/index.html line: '
  • Infos PHP
    • ' regexp: "Infos PHP" + when: not ansible_check_mode - name: install opcache.php copy: @@ -38,6 +39,7 @@ dest: /var/www/index.html line: '
  • Infos OpCache PHP
    • ' regexp: "Infos OpCache PHP" + when: not ansible_check_mode - name: Add elements to user account template file: @@ -64,6 +66,7 @@ loop: - access.log - error.log + when: not ansible_check_mode - name: "Install userlogrotate (jessie)" copy: diff --git a/packweb-apache/tasks/multiphp.yml b/packweb-apache/tasks/multiphp.yml index 8a7c9613..80a6f34a 100644 --- a/packweb-apache/tasks/multiphp.yml +++ b/packweb-apache/tasks/multiphp.yml @@ -5,6 +5,7 @@ state: present name: proxy_fcgi notify: restart apache2 + when: not ansible_check_mode - include_role: name: remount-usr diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml index f83b0a5d..9e894786 100644 --- a/packweb-apache/tasks/phpmyadmin.yml +++ b/packweb-apache/tasks/phpmyadmin.yml @@ -65,10 +65,12 @@ changed_when: False check_mode: no register: new_packweb_phpmyadmin_suffix + when: not ansible_check_mode - name: overwrite packweb_phpmyadmin_suffix set_fact: packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}" + when: not ansible_check_mode - debug: var: packweb_phpmyadmin_suffix @@ -86,15 +88,18 @@ Require all denied Include /etc/apache2/ipaddr_whitelist.conf + when: not ansible_check_mode - name: enable phpmyadmin link in default site index replace: dest: /var/www/index.html regexp: '' replace: '
  • Accès PhpMyAdmin
    • ' + when: not ansible_check_mode - name: replace phpmyadmin suffix in default site index replace: dest: /var/www/index.html regexp: '__PHPMYADMIN_SUFFIX__' replace: "{{ packweb_phpmyadmin_suffix }}" + when: not ansible_check_mode diff --git a/php/handlers/main.yml b/php/handlers/main.yml index 079a14d5..75fe86ba 100644 --- a/php/handlers/main.yml +++ b/php/handlers/main.yml @@ -4,23 +4,28 @@ service: name: php5-fpm state: restarted + when: not ansible_check_mode - name: restart php7.0-fpm service: name: php7.0-fpm state: restarted + when: not ansible_check_mode - name: restart php7.3-fpm service: name: php7.3-fpm state: restarted + when: not ansible_check_mode - name: restart php7.4-fpm service: name: php7.4-fpm state: restarted + when: not ansible_check_mode - name: restart php8.1-fpm service: name: php8.1-fpm state: restarted + when: not ansible_check_mode diff --git a/php/tasks/config_cli.yml b/php/tasks/config_cli.yml index d327690a..19030c0c 100644 --- a/php/tasks/config_cli.yml +++ b/php/tasks/config_cli.yml @@ -25,6 +25,7 @@ file: dest: "{{ php_cli_custom_ini_file }}" mode: "0644" + when: not ansible_check_mode - name: "Set custom values for PHP to enable Symfony" ini_file: @@ -36,3 +37,4 @@ loop: - { option: "date.timezone", value: "Europe/Paris" } when: php_symfony_requirements | bool + when: not ansible_check_mode diff --git a/php/tasks/main_bookworm.yml b/php/tasks/main_bookworm.yml index 4dcde767..b9dd9ac2 100644 --- a/php/tasks/main_bookworm.yml +++ b/php/tasks/main_bookworm.yml @@ -79,12 +79,14 @@ with_items: - /etc/php - /etc/php/{{ php_version }} + when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 12)" file: dest: /etc/php/{{ php_version }}/cli mode: "0755" + when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable @@ -94,6 +96,7 @@ dest: /etc/php/{{ php_version }}/fpm mode: "0755" when: php_fpm_enable + when: not ansible_check_mode - include: config_apache.yml when: php_apache_enable @@ -103,6 +106,7 @@ dest: /etc/php/{{ php_version }}/apache2 mode: "0755" when: php_apache_enable + when: not ansible_check_mode - include: sury_post.yml when: php_sury_enable diff --git a/php/tasks/main_bullseye.yml b/php/tasks/main_bullseye.yml index 403a7b76..7d2d7e11 100644 --- a/php/tasks/main_bullseye.yml +++ b/php/tasks/main_bullseye.yml @@ -68,12 +68,14 @@ with_items: - /etc/php - /etc/php/7.4 + when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 11)" file: dest: /etc/php/7.4/cli mode: "0755" + when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable @@ -83,6 +85,7 @@ dest: /etc/php/7.4/fpm mode: "0755" when: php_fpm_enable + when: not ansible_check_mode - include: config_apache.yml when: php_apache_enable @@ -92,6 +95,7 @@ dest: /etc/php/7.4/apache2 mode: "0755" when: php_apache_enable + when: not ansible_check_mode - include: sury_post.yml when: php_sury_enable diff --git a/php/tasks/main_buster.yml b/php/tasks/main_buster.yml index 2fc4293e..ff27e410 100644 --- a/php/tasks/main_buster.yml +++ b/php/tasks/main_buster.yml @@ -68,12 +68,14 @@ loop: - /etc/php - /etc/php/7.3 + when: not ansible_check_mode - include: config_cli.yml - name: "Enforce permissions on PHP cli directory (Debian 10)" file: dest: /etc/php/7.3/cli mode: "0755" + when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -83,6 +85,7 @@ dest: /etc/php/7.3/fpm mode: "0755" when: php_fpm_enable | bool + when: not ansible_check_mode - include: config_apache.yml when: php_apache_enable | bool @@ -92,6 +95,7 @@ dest: /etc/php/7.3/apache2 mode: "0755" when: php_apache_enable | bool + when: not ansible_check_mode - include: sury_post.yml when: php_sury_enable | bool diff --git a/php/tasks/main_jessie.yml b/php/tasks/main_jessie.yml index 75105166..1082dcf5 100644 --- a/php/tasks/main_jessie.yml +++ b/php/tasks/main_jessie.yml @@ -56,6 +56,7 @@ file: dest: /etc/php5 mode: "0755" + when: not ansible_check_mode - include: config_cli.yml @@ -63,6 +64,7 @@ file: dest: /etc/php5/cli mode: "0755" + when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -72,6 +74,7 @@ dest: /etc/php5/fpm mode: "0755" when: php_fpm_enable | bool + when: not ansible_check_mode - include: config_apache.yml when: php_apache_enable | bool @@ -81,3 +84,4 @@ dest: /etc/php5/apache2 mode: "0755" when: php_apache_enable | bool + when: not ansible_check_mode diff --git a/php/tasks/main_stretch.yml b/php/tasks/main_stretch.yml index 698621ac..6188877c 100644 --- a/php/tasks/main_stretch.yml +++ b/php/tasks/main_stretch.yml @@ -68,6 +68,7 @@ loop: - /etc/php - /etc/php/7.0 + when: not ansible_check_mode - include: config_cli.yml @@ -75,6 +76,7 @@ file: dest: /etc/php/7.0/cli mode: "0755" + when: not ansible_check_mode - include: config_fpm.yml when: php_fpm_enable | bool @@ -84,6 +86,7 @@ dest: /etc/php/7.0/fpm mode: "0755" when: php_fpm_enable | bool + when: not ansible_check_mode - include: config_apache.yml when: php_apache_enable | bool @@ -93,6 +96,7 @@ dest: /etc/php/7.0/apache2 mode: "0755" when: php_apache_enable | bool + when: not ansible_check_mode - include: sury_post.yml when: php_sury_enable | bool diff --git a/php/tasks/sury_post.yml b/php/tasks/sury_post.yml index 4e706889..14ffabab 100644 --- a/php/tasks/sury_post.yml +++ b/php/tasks/sury_post.yml @@ -14,6 +14,7 @@ file: dest: /etc/php/7.4/cli mode: "0755" + when: not ansible_check_mode - name: Symlink Evolix Apache config files from 7.4 to 7.0 file: @@ -31,6 +32,7 @@ dest: /etc/php/7.4/apache2 mode: "0755" when: php_apache_enable | bool + when: not ansible_check_mode - name: Symlink Evolix FPM config files from 7.4 to 7.0 file: @@ -50,3 +52,4 @@ dest: /etc/php/7.4/fpm mode: "0755" when: php_fpm_enable | bool + when: not ansible_check_mode diff --git a/proftpd/handlers/main.yml b/proftpd/handlers/main.yml index 0914d289..bffa7ede 100644 --- a/proftpd/handlers/main.yml +++ b/proftpd/handlers/main.yml @@ -3,3 +3,4 @@ service: name: proftpd state: restarted + when: not ansible_check_mode diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index 9ddb6273..d4fe03f4 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -70,6 +70,7 @@ notify: restart proftpd tags: - proftpd + when: not ansible_check_mode - name: Put empty vpasswd file if missing copy: @@ -92,6 +93,7 @@ notify: restart proftpd tags: - proftpd + when: not ansible_check_mode - include: accounts.yml when: proftpd_accounts | length > 0 diff --git a/squid/handlers/main.yml b/squid/handlers/main.yml index 4f5329b9..675a9dbd 100644 --- a/squid/handlers/main.yml +++ b/squid/handlers/main.yml @@ -3,31 +3,38 @@ service: name: munin-node state: restarted + when: not ansible_check_mode - name: restart squid service: name: squid state: restarted + when: not ansible_check_mode - name: reload squid service: name: squid state: reloaded + when: not ansible_check_mode - name: restart squid3 service: name: squid3 state: restarted + when: not ansible_check_mode - name: reload squid3 service: name: squid3 state: reloaded + when: not ansible_check_mode - name: restart log2mail service: name: log2mail state: restarted + when: not ansible_check_mode - name: restart minifirewall command: /etc/init.d/minifirewall restart + when: not ansible_check_mode diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml index 4a3cab4d..540e56d9 100644 --- a/squid/tasks/main.yml +++ b/squid/tasks/main.yml @@ -121,6 +121,7 @@ when: - squid_localproxy_enable | bool - ansible_distribution_major_version is version('9', '>=') + - not ansible_check_mode - name: "evolinux custom overrides (Debian 9 or later)" copy: diff --git a/webapps/evoadmin-web/tasks/ftp.yml b/webapps/evoadmin-web/tasks/ftp.yml index 98f275ff..074b38fb 100644 --- a/webapps/evoadmin-web/tasks/ftp.yml +++ b/webapps/evoadmin-web/tasks/ftp.yml @@ -10,3 +10,4 @@ remote_src: False src: ftp/evolinux.conf.diff dest: /etc/proftpd/conf.d/z-evolinux.conf + when: not ansible_check_mode diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index 1acb2aa5..d9589548 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -3,7 +3,9 @@ - name: "Ensure that evoadmin_contact_email is defined" fail: msg: Please configure var evoadmin_contact_email - when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0 + when: + - evoadmin_contact_email is none or evoadmin_contact_email | length == 0 + - not ansible_check_mode - include: packages.yml @@ -23,3 +25,4 @@ marker: "" block: |
  • Interface admin web (EvoAdmin-web)
    • + when: not ansible_check_mode diff --git a/webapps/evoadmin-web/tasks/ssl.yml b/webapps/evoadmin-web/tasks/ssl.yml index 6bdf1421..eb7a31cd 100644 --- a/webapps/evoadmin-web/tasks/ssl.yml +++ b/webapps/evoadmin-web/tasks/ssl.yml @@ -17,6 +17,7 @@ owner: root group: ssl-cert mode: "0640" + when: not ansible_check_mode - name: Create certificate for default site command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt diff --git a/webapps/evoadmin-web/tasks/user.yml b/webapps/evoadmin-web/tasks/user.yml index bbad1b8f..fa61b830 100644 --- a/webapps/evoadmin-web/tasks/user.yml +++ b/webapps/evoadmin-web/tasks/user.yml @@ -54,7 +54,9 @@ dest: "{{ evoadmin_document_root }}" version: jessie update: False - when: ansible_distribution_release == "jessie" + when: + - ansible_distribution_release == "jessie" + - not ansible_check_mode - name: "Clone evoadmin repository (Debian 9 or later)" git: @@ -62,7 +64,9 @@ dest: "{{ evoadmin_document_root }}" version: master update: False - when: ansible_distribution_major_version is version('9', '>=') + when: + - ansible_distribution_major_version is version('9', '>=') + - not ansible_check_mode - name: Change ownership on git repository file: