diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c7a40bd..6f830e7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,10 @@ The **patch** part changes incrementally at each release. ### Security +### Other + +* Generic cleanup of roles + ## [10.3.0] 2020-12-21 ### Added diff --git a/amazon-ec2/tasks/create-instance.yml b/amazon-ec2/tasks/create-instance.yml index 470cac72..c784b0b9 100644 --- a/amazon-ec2/tasks/create-instance.yml +++ b/amazon-ec2/tasks/create-instance.yml @@ -3,34 +3,34 @@ - name: Launch new instance(s) ec2: state: present - aws_access_key: "{{aws_access_key}}" - aws_secret_key: "{{aws_secret_key}}" - region: "{{aws_region}}" - image: "{{ec2_base_ami}}" - instance_type: "{{ec2_instance_type}}" - count: "{{ec2_instance_count}}" - assign_public_ip: "{{ec2_public_ip}}" - group: "{{ec2_security_group.name}}" - key_name: "{{ec2_keyname}}" + aws_access_key: "{{ aws_access_key }}" + aws_secret_key: "{{ aws_secret_key }}" + region: "{{ aws_region }}" + image: "{{ ec2_base_ami }}" + instance_type: "{{ ec2_instance_type }}" + count: "{{ ec2_instance_count }}" + assign_public_ip: "{{ ec2_public_ip }}" + group: "{{ ec2_security_group.name }}" + key_name: "{{ ec2_keyname }}" wait: yes register: ec2 - name: Add newly created instance(s) to inventory add_host: - hostname: "{{item.public_dns_name}}" + hostname: "{{ item.public_dns_name }}" groupname: launched-instances ansible_user: admin ansible_ssh_common_args: "-o StrictHostKeyChecking=no" - with_items: "{{ec2.instances}}" + with_items: "{{ ec2.instances }}" - debug: - msg: "Your newly created instance is reachable at: {{item.public_dns_name}}" - with_items: "{{ec2.instances}}" + msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}" + with_items: "{{ ec2.instances }}" - name: Wait for SSH to come up on all instances (give up after 2m) wait_for: state: started - host: "{{item.public_dns_name}}" + host: "{{ item.public_dns_name }}" port: 22 timeout: 120 - with_items: "{{ec2.instances}}" + with_items: "{{ ec2.instances }}" diff --git a/apache/tasks/auth.yml b/apache/tasks/auth.yml index b785c704..d8488405 100644 --- a/apache/tasks/auth.yml +++ b/apache/tasks/auth.yml @@ -10,7 +10,7 @@ force: no tags: - apache - + - name: Load IP whitelist task include: ip_whitelist.yml diff --git a/apache/tasks/server_status.yml b/apache/tasks/server_status.yml index 1d6cd8df..79703d70 100644 --- a/apache/tasks/server_status.yml +++ b/apache/tasks/server_status.yml @@ -14,7 +14,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ apache_serverstatus_suffix }}\u000A" force: yes - when: apache_serverstatus_suffix != "" + when: apache_serverstatus_suffix - name: generate random string for server-status suffix shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}" diff --git a/apt/tasks/hold_packages.yml b/apt/tasks/hold_packages.yml index f93c34a7..a73904c6 100644 --- a/apt/tasks/hold_packages.yml +++ b/apt/tasks/hold_packages.yml @@ -4,7 +4,7 @@ shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})" register: apt_mark changed_when: "item + ' set on hold.' in apt_mark.stdout" - failed_when: apt_mark.rc != 0 and not apt_mark.stdout == '' + failed_when: apt_mark.rc != 0 and apt_mark.stdout loop: "{{ apt_hold_packages }}" tags: - apt diff --git a/bind/tasks/main.yml b/bind/tasks/main.yml index 3ae02f24..625d3fe2 100644 --- a/bind/tasks/main.yml +++ b/bind/tasks/main.yml @@ -94,7 +94,7 @@ - debug: var: chrootbind_run.stdout_lines - when: bind_chroot_set and chrootbind_run.stdout != "" + when: bind_chroot_set and chrootbind_run.stdout - name: Modify OPTIONS in /etc/default/bind9 for chroot replace: diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml index 66ec48a1..920e7337 100644 --- a/elasticsearch/tasks/datadir.yml +++ b/elasticsearch/tasks/datadir.yml @@ -16,7 +16,7 @@ tags: - elasticsearch when: - - elasticsearch_custom_datadir != '' + - elasticsearch_custom_datadir - elasticsearch_custom_datadir != None - name: Datadir is moved to custom path @@ -44,7 +44,7 @@ tags: - elasticsearch when: - - elasticsearch_custom_datadir != '' + - elasticsearch_custom_datadir - elasticsearch_custom_datadir != None - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout - not elasticsearch_custom_datadir_test.stat.exists diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml index 2f7cae39..6b7176d1 100644 --- a/elasticsearch/tasks/plugin_head.yml +++ b/elasticsearch/tasks/plugin_head.yml @@ -15,6 +15,7 @@ repo: "https://github.com/mobz/elasticsearch-head.git" dest: "{{ elasticsearch_plugin_head_clone_dir }}" clone: yes + version: master tags: - packages diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index 086870fe..e971c396 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -54,4 +54,4 @@ tags: - elasticsearch when: elastic_stack_version is version('6', '>=') - when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 + when: (elasticsearch_custom_tmpdir and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 diff --git a/evoacme/tasks/conf.yml b/evoacme/tasks/conf.yml index 4d9f6704..ba982d01 100644 --- a/evoacme/tasks/conf.yml +++ b/evoacme/tasks/conf.yml @@ -1,5 +1,6 @@ --- -- ini_file: +- name: "Configure openssl key generation" + ini_file: dest: "{{ evoacme_crt_dir }}/openssl.cnf" section: 'req' option: "{{ item.name }}" diff --git a/evoacme/tasks/evoacme_hook.yml b/evoacme/tasks/evoacme_hook.yml index 51dbb21c..74369047 100644 --- a/evoacme/tasks/evoacme_hook.yml +++ b/evoacme/tasks/evoacme_hook.yml @@ -16,4 +16,4 @@ src: "hooks/{{ hook_name }}" dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}" mode: "0750" - when: _find_hook.stdout == "" + when: not _find_hook.stdout diff --git a/evocheck/tasks/exec.yml b/evocheck/tasks/exec.yml index 244d0347..b818025f 100644 --- a/evocheck/tasks/exec.yml +++ b/evocheck/tasks/exec.yml @@ -10,6 +10,6 @@ - debug: var: evocheck_run.stdout_lines - when: evocheck_run.stdout != "" + when: evocheck_run.stdout tags: - evocheck-exec diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index c44c1248..b6e1b3f0 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -29,7 +29,7 @@ # HP gen <10: Hewlett-Packard Company Smart Array # HP gen >=10: Adaptec Smart Storage PQI - name: Detect if RAID is installed - shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller" + shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"' check_mode: no register: raidmodel changed_when: "'FAILED' in raidmodel.stdout" diff --git a/evolinux-base/tasks/postfix.yml b/evolinux-base/tasks/postfix.yml index aa60e737..50ecf0a4 100644 --- a/evolinux-base/tasks/postfix.yml +++ b/evolinux-base/tasks/postfix.yml @@ -32,9 +32,8 @@ - postfix - name: fetch users list - shell: getent passwd | cut -d":" -f 1 | grep -v root + shell: 'getent passwd | cut -d":" -f 1 | grep -v root' check_mode: no - register: non_root_users_list changed_when: False tags: diff --git a/evolinux-todo/tasks/cat.yml b/evolinux-todo/tasks/cat.yml index 9cebeca5..30d13bce 100644 --- a/evolinux-todo/tasks/cat.yml +++ b/evolinux-todo/tasks/cat.yml @@ -10,4 +10,4 @@ - name: "Content of /etc/evolinux/todo.txt" debug: var: evolinux_todo.stdout_lines - when: evolinux_todo.stdout != "" + when: evolinux_todo.stdout diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index e21f0978..132cba6c 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -22,11 +22,13 @@ var: grep_allowusers_ssh verbosity: 1 -- assert: +- name: "Check that only AllowUsers or AllowGroups is present" + assert: that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" msg: "We can't deal with AllowUsers and AllowGroups at the same time" -- set_fact: +- name: "Define which protection method to use" + set_fact: # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+", ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}" # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10" diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml index b8dda1d2..383a25cc 100644 --- a/evolinux-users/tasks/user.yml +++ b/evolinux-users/tasks/user.yml @@ -102,7 +102,7 @@ state: present when: - evolinux_internal_group is defined - - evolinux_internal_group != "" + - evolinux_internal_group - ansible_distribution_major_version is version('9', '>=') - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)" @@ -112,7 +112,7 @@ append: yes when: - evolinux_internal_group is defined - - evolinux_internal_group != "" + - evolinux_internal_group - ansible_distribution_major_version is version('9', '>=') ## Optional secondary groups, defined per user diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml index d56a124a..d58feaaa 100644 --- a/evomaintenance/tasks/main.yml +++ b/evomaintenance/tasks/main.yml @@ -1,9 +1,11 @@ --- -- set_fact: +- name: "Choose if minifirewall will need to be restarted" + set_fact: minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" -- assert: +- name: "Check that API variables are set" + assert: that: - evomaintenance_api_endpoint is not none - evomaintenance_api_key is not none diff --git a/fail2ban/tasks/ip_whitelist.yml b/fail2ban/tasks/ip_whitelist.yml index f899e618..089b70b1 100644 --- a/fail2ban/tasks/ip_whitelist.yml +++ b/fail2ban/tasks/ip_whitelist.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define the whitelist from variables" + set_fact: fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" - name: Update ignoreips lists @@ -12,4 +13,4 @@ notify: restart fail2ban tags: - fail2ban - - ips \ No newline at end of file + - ips diff --git a/fail2ban/tasks/main.yml b/fail2ban/tasks/main.yml index e496c07e..13ae8163 100644 --- a/fail2ban/tasks/main.yml +++ b/fail2ban/tasks/main.yml @@ -15,7 +15,8 @@ tags: - fail2ban -- set_fact: +- name: "Define ip whitelist from variables" + set_fact: fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" tags: - fail2ban diff --git a/java/tasks/openjdk.yml b/java/tasks/openjdk.yml index 8e187d1b..14500442 100644 --- a/java/tasks/openjdk.yml +++ b/java/tasks/openjdk.yml @@ -15,7 +15,7 @@ - name: Install openjdk package apt: - name: "openjdk-{{ java_version}}-jre-headless" + name: "openjdk-{{ java_version }}-jre-headless" default_release: "{{ java_apt_release }}" state: present tags: diff --git a/kvm-host/tasks/images.yml b/kvm-host/tasks/images.yml index 420e83ec..c75279eb 100644 --- a/kvm-host/tasks/images.yml +++ b/kvm-host/tasks/images.yml @@ -13,7 +13,7 @@ changed_when: False check_mode: no register: kvm_libvirt_images_current_real_path_test - when: kvm_custom_libvirt_images_path != '' + when: kvm_custom_libvirt_images_path - name: Images directory is moved to custom path block: @@ -35,6 +35,6 @@ dest: '/var/lib/libvirt/images' state: link when: - - kvm_custom_libvirt_images_path != '' + - kvm_custom_libvirt_images_path - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout - not kvm_custom_libvirt_images_path_test.stat.exists diff --git a/logstash/tasks/logs.yml b/logstash/tasks/logs.yml index 4417bd89..bfeb1a1b 100644 --- a/logstash/tasks/logs.yml +++ b/logstash/tasks/logs.yml @@ -4,7 +4,7 @@ failed_when: False changed_when: False register: is_cron_installed - + - name: "log rotation script" template: src: rotate_logstash_logs.j2 diff --git a/logstash/tasks/tmpdir.yml b/logstash/tasks/tmpdir.yml index 4149f5af..bbf4cc91 100644 --- a/logstash/tasks/tmpdir.yml +++ b/logstash/tasks/tmpdir.yml @@ -28,4 +28,4 @@ - restart logstash tags: - logstash - when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 + when: (logstash_custom_tmpdir and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 diff --git a/lxc-php/tasks/main.yml b/lxc-php/tasks/main.yml index d3fcad4a..4cd9ec4f 100644 --- a/lxc-php/tasks/main.yml +++ b/lxc-php/tasks/main.yml @@ -4,7 +4,7 @@ msg: Please configure var lxc_php_version when: lxc_php_version is none -- name: "Update APT cache in container {{lxc_php_version}}" +- name: "Update APT cache in container {{ lxc_php_version }}" lxc_container: name: "{{ lxc_php_version }}" container_command: "apt-get update" diff --git a/lxc-solr/tasks/main.yml b/lxc-solr/tasks/main.yml index a18c46dc..fe3ea131 100644 --- a/lxc-solr/tasks/main.yml +++ b/lxc-solr/tasks/main.yml @@ -11,6 +11,6 @@ with_items: - "{{ lxc_containers }}" -- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}" +- include: "solr.yml name={{ item.name }} solr_version={{ item.solr_version }} solr_port={{ item.solr_port }}" with_items: - "{{ lxc_containers }}" diff --git a/lxc-solr/tasks/solr.yml b/lxc-solr/tasks/solr.yml index 4cf521ae..798ab1c0 100644 --- a/lxc-solr/tasks/solr.yml +++ b/lxc-solr/tasks/solr.yml @@ -1,6 +1,9 @@ --- - name: Install openjdk-8-jre-headless and lsof packages - command: "lxc-attach -n {{name}} -- apt-get install -y openjdk-8-jre-headless lsof" + lxc_container: + name: "{{ name }}" + container_command: "apt-get install -y openjdk-8-jre-headless lsof" + state: started - name: "Download Solr {{ solr_version }}" get_url: @@ -15,10 +18,16 @@ remote_src: yes - name: "Install Solr {{ solr_version }}" - command: "lxc-attach -n {{name}} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz" + lxc_container: + name: "{{ name }}" + container_command: "/root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz" + state: started - name: "Stop Solr" - command: "lxc-attach -n {{name}} -- /etc/init.d/solr stop" + lxc_container: + name: "{{ name }}" + container_command: "/etc/init.d/solr stop" + state: started ignore_errors: True - name: "Make sure /home/solr exists" @@ -27,11 +36,17 @@ state: directory mode: '0755' -- name: "Move Solr data directory to /home/solr/{{name}}" - command: "lxc-attach -n {{name}} -- mv /var/solr /home/solr/{{name}}" +- name: "Move Solr data directory to /home/solr/{{ name }}" + lxc_container: + name: "{{ name }}" + container_command: "mv /var/solr /home/solr/{{ name }}" + state: started -- name: "Create a symbolic link to /home/solr/{{name}}" - command: "lxc-attach -n {{name}} -- ln -s /home/solr/{{name}} /var/solr" +- name: "Create a symbolic link to /home/solr/{{ name }}" + lxc_container: + name: "{{ name }}" + container_command: "ln -s /home/solr/{{ name }} /var/solr" + state: started - name: "Set Solr port to {{ solr_port }}" lineinfile: @@ -39,4 +54,7 @@ line: "SOLR_PORT={{ solr_port }}" - name: "Start Solr" - command: "lxc-attach -n {{name}} -- /etc/init.d/solr start" + lxc_container: + name: "{{ name }}" + container_command: "/etc/init.d/solr start" + state: started diff --git a/lxc/meta/main.yml b/lxc/meta/main.yml index f6af051d..6208702b 100644 --- a/lxc/meta/main.yml +++ b/lxc/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: Evolix - description: Creation of LXC Containers + description: Creation of LXC Containers issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml index 0bf81713..3e32eae2 100644 --- a/memcached/tasks/main.yml +++ b/memcached/tasks/main.yml @@ -13,7 +13,7 @@ notify: restart memcached tags: - memcached - when: memcached_instance_name == "" + when: memcached_instance_name - name: Memcached is running and enabled on boot. service: @@ -22,7 +22,7 @@ state: started tags: - memcached - when: memcached_instance_name == "" + when: memcached_instance_name - name: Add systemd template copy: @@ -30,7 +30,7 @@ dest: /etc/systemd/system/memcached@.service tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name - name: Delete default memcached systemd configuration file systemd: @@ -39,7 +39,7 @@ state: stopped tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name - name: Make sure memcached.conf is absent file: @@ -47,7 +47,7 @@ state: absent tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name - name: Create a configuration file template: @@ -56,7 +56,7 @@ mode: "0644" tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name - name: Enable and start the memcached instance systemd: @@ -67,7 +67,7 @@ masked: no tags: - memcached - when: memcached_instance_name != "" + when: memcached_instance_name - include: munin.yml diff --git a/memcached/tasks/munin.yml b/memcached/tasks/munin.yml index c7ea3da9..ef9c711d 100644 --- a/memcached/tasks/munin.yml +++ b/memcached/tasks/munin.yml @@ -2,7 +2,7 @@ - name: Choose packages (Oracle) set_fact: multi: "multi_" - when: memcached_instance_name !="" + when: memcached_instance_name - name: is Munin present ? stat: diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml index 16590a59..ebd861f3 100644 --- a/mysql-oracle/tasks/config.yml +++ b/mysql-oracle/tasks/config.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define the mysql config directory" + set_fact: mysql_config_directory: "/etc/mysql/mysql.conf.d" - name: "Copy MySQL defaults config file" diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml index 28beb1ed..ee4e7bcf 100644 --- a/mysql-oracle/tasks/datadir.yml +++ b/mysql-oracle/tasks/datadir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_datadir_test tags: - mysql - when: mysql_custom_datadir != '' + when: mysql_custom_datadir - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_datadir != '' + - mysql_custom_datadir - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml index 2e2f09bf..b0b708fa 100644 --- a/mysql-oracle/tasks/main.yml +++ b/mysql-oracle/tasks/main.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: 'Define which handler will be called to "restart" mysql' + set_fact: mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}" - include: packages.yml diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml index af1a0460..c16967d1 100644 --- a/mysql-oracle/tasks/packages.yml +++ b/mysql-oracle/tasks/packages.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define which configuration package will be installed" + set_fact: mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb - name: Set default MySQL version to 5.7 diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml index 8d518160..2fce8a2f 100644 --- a/mysql-oracle/tasks/tmpdir.yml +++ b/mysql-oracle/tasks/tmpdir.yml @@ -20,4 +20,4 @@ notify: "{{ mysql_restart_handler_name }}" tags: - mysql - when: mysql_custom_tmpdir != '' + when: mysql_custom_tmpdir diff --git a/mysql/meta/main.yml b/mysql/meta/main.yml index 82be1e3c..fef37b27 100644 --- a/mysql/meta/main.yml +++ b/mysql/meta/main.yml @@ -1,6 +1,6 @@ galaxy_info: author: Evolix - description: your description + description: Install and configure mysql issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues diff --git a/mysql/tasks/config_jessie.yml b/mysql/tasks/config_jessie.yml index a5dd4d77..6b82de47 100644 --- a/mysql/tasks/config_jessie.yml +++ b/mysql/tasks/config_jessie.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define the config directory of mysql" + set_fact: mysql_config_directory: /etc/mysql/conf.d - name: "Copy MySQL defaults config file (jessie)" diff --git a/mysql/tasks/config_stretch.yml b/mysql/tasks/config_stretch.yml index d6d59efd..16aef4f9 100644 --- a/mysql/tasks/config_stretch.yml +++ b/mysql/tasks/config_stretch.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define the config directory of mysql" + set_fact: mysql_config_directory: /etc/mysql/mariadb.conf.d - name: "Copy MySQL defaults config file (Debian 9 or later)" diff --git a/mysql/tasks/datadir.yml b/mysql/tasks/datadir.yml index 28beb1ed..ee4e7bcf 100644 --- a/mysql/tasks/datadir.yml +++ b/mysql/tasks/datadir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_datadir_test tags: - mysql - when: mysql_custom_datadir != '' + when: mysql_custom_datadir - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_datadir != '' + - mysql_custom_datadir - mysql_custom_datadir != mysql_current_real_datadir_test.stdout - not mysql_custom_datadir_test.stat.exists diff --git a/mysql/tasks/logdir.yml b/mysql/tasks/logdir.yml index a1b3a8d8..959d8796 100644 --- a/mysql/tasks/logdir.yml +++ b/mysql/tasks/logdir.yml @@ -14,7 +14,7 @@ register: mysql_current_real_logdir_test tags: - mysql - when: mysql_custom_logdir != '' + when: mysql_custom_logdir - block: - name: MySQL is stopped @@ -40,6 +40,6 @@ tags: - mysql when: - - mysql_custom_logdir != '' + - mysql_custom_logdir - mysql_custom_logdir != mysql_current_real_logdir_test.stdout - not mysql_custom_logdir_test.stat.exists diff --git a/mysql/tasks/tmpdir.yml b/mysql/tasks/tmpdir.yml index e2c13dc5..69b4a4f4 100644 --- a/mysql/tasks/tmpdir.yml +++ b/mysql/tasks/tmpdir.yml @@ -20,4 +20,4 @@ notify: "{{ mysql_restart_handler_name }}" tags: - mysql - when: mysql_custom_tmpdir != '' + when: mysql_custom_tmpdir diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index 164507aa..48bc4d93 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -41,7 +41,7 @@ when: ansible_distribution_major_version is version('10', '>=') - name: Read debian-sys-maint password - shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3' + shell: 'grep -m1 "password = .*" /etc/mysql/debian.cnf | cut -d" " -f3' register: mysql_debian_password changed_when: False check_mode: no diff --git a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml index d21012fd..59b5c76d 100644 --- a/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml +++ b/networkd-to-ifconfig/tasks/set_facts_from_systemd.yml @@ -2,11 +2,13 @@ - name: "Parse addresses" shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2" + changed_when: false register: network_address_grep check_mode: no - name: "Parse gateways" shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2" + changed_when: false register: network_gateway_grep check_mode: no diff --git a/newrelic/tasks/php.yml b/newrelic/tasks/php.yml index 7d1177dc..c5c55ea0 100644 --- a/newrelic/tasks/php.yml +++ b/newrelic/tasks/php.yml @@ -6,7 +6,7 @@ question: "newrelic-php5/application-name" value: "{{ newrelic_appname }}" vtype: string - when: newrelic_appname != "" + when: newrelic_appname - name: Pre-seed package configuration with license debconf: @@ -14,7 +14,7 @@ question: "newrelic-php5/license-key" value: "{{ newrelic_license }}" vtype: "string" - when: newrelic_license != "" + when: newrelic_license - name: list newrelic config files shell: "find /etc/php* -type f -name newrelic.ini" diff --git a/newrelic/tasks/sysmond.yml b/newrelic/tasks/sysmond.yml index 5d72a470..50060387 100644 --- a/newrelic/tasks/sysmond.yml +++ b/newrelic/tasks/sysmond.yml @@ -9,5 +9,5 @@ dest: /etc/newrelic/nrsysmond.cfg regexp: "license_key=REPLACE_WITH_REAL_KEY" replace: "license_key={{ newrelic_license }}" - when: newrelic_license != "" + when: newrelic_license notify: restart newrelic-sysmond diff --git a/nginx/tasks/packages.yml b/nginx/tasks/packages.yml index 76350424..de6cb27c 100644 --- a/nginx/tasks/packages.yml +++ b/nginx/tasks/packages.yml @@ -10,7 +10,7 @@ tags: - nginx - packages - + - name: Ensure nginx service is running as configured. service: name: nginx diff --git a/nginx/tasks/server_status_read.yml b/nginx/tasks/server_status_read.yml index 570febf9..4d6e8a37 100644 --- a/nginx/tasks/server_status_read.yml +++ b/nginx/tasks/server_status_read.yml @@ -14,7 +14,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ nginx_serverstatus_suffix }}\u000A" force: yes - when: nginx_serverstatus_suffix != "" + when: nginx_serverstatus_suffix - name: generate random string for server-status suffix shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}" diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml index 922dcea8..4e1fa251 100644 --- a/packweb-apache/tasks/main.yml +++ b/packweb-apache/tasks/main.yml @@ -1,6 +1,7 @@ --- -- fail: +- name: Check for compatibility + fail: msg: only compatible with Debian >= 8 when: - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml index fc3e6d32..42e2d8a8 100644 --- a/packweb-apache/tasks/phpmyadmin.yml +++ b/packweb-apache/tasks/phpmyadmin.yml @@ -48,7 +48,7 @@ # The last character "\u000A" is a line feed (LF), it's better to keep it content: "{{ packweb_phpmyadmin_suffix }}\u000A" force: yes - when: packweb_phpmyadmin_suffix != "" + when: packweb_phpmyadmin_suffix - name: generate random string for phpmyadmin suffix shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}" diff --git a/php/tasks/main.yml b/php/tasks/main.yml index 2fd1a250..514c0202 100644 --- a/php/tasks/main.yml +++ b/php/tasks/main.yml @@ -1,6 +1,7 @@ --- -- fail: +- name: Check for compatibility + fail: msg: only compatible with Debian >= 8 when: - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') diff --git a/postfix/meta/main.yml b/postfix/meta/main.yml index fe59228a..91cd3862 100644 --- a/postfix/meta/main.yml +++ b/postfix/meta/main.yml @@ -14,8 +14,8 @@ galaxy_info: - jessie dependencies: - - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail == True } - - { role: evolix/spamassasin, when: postfix_packmail == True } - - { role: evolix/clamav, when: postfix_packmail == True } - - { role: evolix/opendkim, when: postfix_packmail == True } - - { role: evolix/dovecot, when: postfix_packmail == True } + - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail } + - { role: evolix/spamassasin, when: postfix_packmail } + - { role: evolix/clamav, when: postfix_packmail } + - { role: evolix/opendkim, when: postfix_packmail } + - { role: evolix/dovecot, when: postfix_packmail } diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml index 0e0fff2d..5d7d4958 100644 --- a/postfix/tasks/main.yml +++ b/postfix/tasks/main.yml @@ -3,10 +3,10 @@ - include: common.yml - include: minimal.yml - when: postfix_packmail == False + when: not postfix_packmail - include: packmail.yml - when: postfix_packmail == True + when: postfix_packmail - include: slow_transport.yml when: postfix_slow_transport_include diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml index dc3fc1b1..796e6bca 100644 --- a/postgresql/tasks/config.yml +++ b/postgresql/tasks/config.yml @@ -10,13 +10,13 @@ - name: Allow conf.d/*.conf files to be included in PostgreSQL configuration lineinfile: - name: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf" + name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf" line: include_dir = 'conf.d' notify: restart postgresql - name: Create conf.d directory file: - name: "/etc/postgresql/{{postgresql_version}}/main/conf.d/" + name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/" state: directory owner: postgres group: postgres @@ -25,7 +25,7 @@ - name: Copy PostgreSQL config file template: src: postgresql.conf.j2 - dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/zz-evolinux.conf" + dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf" owner: postgres group: postgres mode: "0644" diff --git a/postgresql/tasks/munin.yml b/postgresql/tasks/munin.yml index e576b4cd..0b1ef152 100644 --- a/postgresql/tasks/munin.yml +++ b/postgresql/tasks/munin.yml @@ -12,8 +12,8 @@ - name: Add Munin plugins for PostgreSQL file: state: link - src: '/usr/share/munin/plugins/{{item}}' - dest: '/etc/munin/plugins/{{item}}' + src: '/usr/share/munin/plugins/{{ item }}' + dest: '/etc/munin/plugins/{{ item }}' with_items: - postgres_bgwriter - postgres_checkpoints @@ -26,10 +26,10 @@ - name: Add Munin plugins for PostgreSQL (for specific databases) file: state: link - src: '/usr/share/munin/plugins/{{item[0]}}' - dest: '/etc/munin/plugins/{{item[0]}}{{item[1]}}' + src: '/usr/share/munin/plugins/{{ item[0] }}' + dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}' with_nested: - ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_'] - - '{{postgresql_databases}}' + - '{{ postgresql_databases }}' notify: restart munin-node when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists diff --git a/postgresql/tasks/nrpe.yml b/postgresql/tasks/nrpe.yml index 8ce178e9..b9472b66 100644 --- a/postgresql/tasks/nrpe.yml +++ b/postgresql/tasks/nrpe.yml @@ -35,7 +35,7 @@ lineinfile: name: /etc/nagios/nrpe.d/evolix.cfg regexp: '^command\[check_pgsql\]=' - line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"' + line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"' notify: restart nagios-nrpe-server when: postgresql_create_nrpe_user.changed when: nrpe_evolix_config.stat.exists diff --git a/postgresql/tasks/packages_jessie.yml b/postgresql/tasks/packages_jessie.yml index 3e21bc0e..a3142306 100644 --- a/postgresql/tasks/packages_jessie.yml +++ b/postgresql/tasks/packages_jessie.yml @@ -10,8 +10,8 @@ - name: Install postgresql package apt: - name: '{{item}}' + name: '{{ item }}' with_items: - - "postgresql-{{postgresql_version}}" + - "postgresql-{{ postgresql_version }}" - ptop - libdbd-pg-perl diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml index 8d937b82..bdabfed8 100644 --- a/postgresql/tasks/pgdg-repo.yml +++ b/postgresql/tasks/pgdg-repo.yml @@ -10,7 +10,7 @@ - name: Add PGDG repository apt_repository: - repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main" + repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main" update_cache: yes - name: Add GPG key for PGDG repository diff --git a/postgresql/tasks/postgis.yml b/postgresql/tasks/postgis.yml index 0c18cb51..f2300943 100644 --- a/postgresql/tasks/postgis.yml +++ b/postgresql/tasks/postgis.yml @@ -1,5 +1,5 @@ --- -- name: Install PostGIS extention +- name: Install PostGIS extention apt: name: - postgis diff --git a/redis/tasks/default-munin.yml b/redis/tasks/default-munin.yml index b7edce3a..6dd01670 100644 --- a/redis/tasks/default-munin.yml +++ b/redis/tasks/default-munin.yml @@ -39,7 +39,7 @@ - name: Enable redis munin plugin file: src: /usr/local/share/munin/plugins/redis_ - dest: "/etc/munin/plugins/redis_{{item}}" + dest: "/etc/munin/plugins/redis_{{ item }}" state: link with_items: - connected_clients @@ -67,7 +67,7 @@ value: '{{ redis_password }}' notify: restart munin-node when: - - redis_password != '' + - redis_password - redis_password != None - (munin_redis_blocs_in_config.stdout | int) <= 1 tags: redis @@ -77,6 +77,6 @@ debug: msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed" when: - - redis_password != '' + - redis_password - redis_password != None - (munin_redis_blocs_in_config.stdout | int) > 1 diff --git a/redis/tasks/instance-munin.yml b/redis/tasks/instance-munin.yml index 8d0e207c..b2896153 100644 --- a/redis/tasks/instance-munin.yml +++ b/redis/tasks/instance-munin.yml @@ -39,7 +39,7 @@ - name: Enable redis munin plugin file: src: /usr/local/share/munin/plugins/redis_ - dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}" + dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ item }}" state: link with_items: - connected_clients diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index 28fda65a..39abc78b 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -1,6 +1,7 @@ --- -- set_fact: +- name: "Define if redis needs to restart or not" + set_fact: redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}" - name: Redis is installed. @@ -30,7 +31,8 @@ tags: - redis -- set_fact: +- name: "Define which version of redis is installed" + set_fact: redis_installed_version: "{{ _redis_installed_version.stdout }}" check_mode: no tags: diff --git a/redmine/meta/main.yml b/redmine/meta/main.yml index ffa48751..578388a4 100644 --- a/redmine/meta/main.yml +++ b/redmine/meta/main.yml @@ -1,3 +1,19 @@ --- +galaxy_info: + author: Evolix + description: Install redmine on a Debian install + + issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues + + license: GPLv2 + + min_ansible_version: 2.2 + + platforms: + - name: Debian + version: + - jessie + - stretch + dependencies: - { role: evolix/nginx } diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml index 414da319..075aee96 100644 --- a/redmine/tasks/mysql.yml +++ b/redmine/tasks/mysql.yml @@ -13,7 +13,7 @@ register: redmine_generate_mysql_password check_mode: no changed_when: False - when: redmine_get_mysql_password.stdout == "" + when: not redmine_get_mysql_password.stdout tags: - redmine diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml index 730b0877..1155d31b 100644 --- a/redmine/tasks/release.yml +++ b/redmine/tasks/release.yml @@ -22,6 +22,7 @@ state: stopped user: yes become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" tags: - redmine @@ -79,6 +80,7 @@ chdir: "/home/{{ redmine_user }}/www" creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" tags: - redmine @@ -88,6 +90,7 @@ args: chdir: "/home/{{ redmine_user }}/www/" become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" tags: - redmine @@ -97,6 +100,7 @@ args: chdir: "/home/{{ redmine_user }}/www/" become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" when: redmine_mysql_create.changed tags: @@ -107,6 +111,7 @@ args: chdir: "/home/{{ redmine_user }}/www/" become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" tags: - redmine @@ -118,6 +123,7 @@ state: started user: yes become_user: "{{ redmine_user }}" + become: yes environment: "{{ user_env }}" tags: - redmine diff --git a/redmine/tasks/source.yml b/redmine/tasks/source.yml index 51427acf..94a1f552 100644 --- a/redmine/tasks/source.yml +++ b/redmine/tasks/source.yml @@ -57,6 +57,7 @@ version: "{{ item.tree | default('master') }}" umask: "027" become_user: "{{ redmine_user }}" + become: yes when: item.git is defined with_items: "{{ redmine_plugins }}" tags: @@ -82,6 +83,7 @@ version: "{{ item.tree | default('master') }}" umask: "027" become_user: "{{ redmine_user }}" + become: yes when: item.git is defined with_items: "{{ redmine_themes }}" tags: diff --git a/spamassasin/tasks/main.yml b/spamassasin/tasks/main.yml index 53c6725b..f0678111 100644 --- a/spamassasin/tasks/main.yml +++ b/spamassasin/tasks/main.yml @@ -60,7 +60,7 @@ failed_when: False changed_when: False register: is_cron_installed - + - name: enable sa-update.sh cron lineinfile: dest: /etc/cron.d/sa-update diff --git a/squid/tasks/main.yml b/squid/tasks/main.yml index 68f721f8..22c23bc1 100644 --- a/squid/tasks/main.yml +++ b/squid/tasks/main.yml @@ -1,6 +1,7 @@ --- -- fail: +- name: Check for role compatibility + fail: msg: only compatible with Debian >= 8 when: - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') @@ -79,7 +80,7 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') - name: "evolinux http_access for local proxy (Debian 9 or later)" copy: @@ -95,7 +96,7 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') - name: "evolinux overrides for local proxy (Debian 9 or later)" template: @@ -111,7 +112,7 @@ content: | # Put customized values here. force: no - when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') + when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=') - name: add some URL in whitelist (Debian 8) lineinfile: diff --git a/squid/tasks/systemd.yml b/squid/tasks/systemd.yml index 4d06fa5d..39f72bc9 100644 --- a/squid/tasks/systemd.yml +++ b/squid/tasks/systemd.yml @@ -6,7 +6,7 @@ failed_when: False check_mode: no register: _squid_systemd_active - + - name: Squid systemd overrides directory exists file: dest: /etc/systemd/system/squid.service.d/ diff --git a/varnish/tasks/main.yml b/varnish/tasks/main.yml index 7274cba8..3899cb0c 100644 --- a/varnish/tasks/main.yml +++ b/varnish/tasks/main.yml @@ -64,8 +64,8 @@ - name: Patch logrotate conf replace: name: /etc/logrotate.d/varnish - regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{item}}.*)' - replace: '\1systemctl -q is-active {{item}} && \2' + regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)' + replace: '\1systemctl -q is-active {{ item }} && \2' with_items: - varnishlog - varnishncsa diff --git a/varnish/tasks/munin.yml b/varnish/tasks/munin.yml index 6e307c49..4964886c 100644 --- a/varnish/tasks/munin.yml +++ b/varnish/tasks/munin.yml @@ -33,7 +33,7 @@ - name: Enable varnish4 munin plugin file: src: /usr/local/share/munin/plugins/varnish4_ - dest: "/etc/munin/plugins/varnish4_{{item}}" + dest: "/etc/munin/plugins/varnish4_{{ item }}" state: link with_items: - backend_traffic diff --git a/webapps/evoadmin-mail/tasks/nginx.yml b/webapps/evoadmin-mail/tasks/nginx.yml index 5ede64e7..ff335893 100644 --- a/webapps/evoadmin-mail/tasks/nginx.yml +++ b/webapps/evoadmin-mail/tasks/nginx.yml @@ -15,7 +15,7 @@ tags: - evoadmin-mail -- name: Active evoadminmail VHost +- name: Active evoadminmail VHost file: src: "/etc/nginx/sites-available/evoadminmail.conf" dest: "/etc/nginx/sites-enabled/evoadminmail.conf" diff --git a/webapps/roundcube/tasks/main.yml b/webapps/roundcube/tasks/main.yml index 2efd1823..cabbc242 100644 --- a/webapps/roundcube/tasks/main.yml +++ b/webapps/roundcube/tasks/main.yml @@ -116,7 +116,7 @@ src: "/etc/nginx/sites-available/roundcube.conf" dest: "/etc/nginx/sites-enabled/roundcube.conf" state: link - when: roundcube_webserver == "nginx" + when: roundcube_webserver == "nginx" notify: reload nginx - name: enable roundcube link in default site index diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml index 6b6a67e2..c8bdb3f8 100644 --- a/webapps/wordpress/tasks/main.yml +++ b/webapps/wordpress/tasks/main.yml @@ -12,7 +12,7 @@ mode: "0750" - name: Download Wordpress - shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}' + command: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}' args: creates: "{{ ansible_env.HOME }}/www/index.php" @@ -42,12 +42,12 @@ delegate_to: localhost - name: Configure Wordpress (wp-config.php) - shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}' + command: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}' args: creates: "{{ ansible_env.HOME }}/www/wp-config.php" - name: Configure site - shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' + command: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' changed_when: false - name: Check if Wordpress is up to date @@ -58,7 +58,7 @@ changed_when: check_version.rc - name: Update Wordpress - shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}' + command: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}' args: removes: "{{ ansible_env.HOME }}/www/index.php" when: check_version.rc