Главная Обзор Помощь
Вход
kolter
/
ansible-playbooks
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

Fix various deprecated syntax issues to be Ansible 2.0 friendly

Emmanuel Bouthenot 8 лет назад
Родитель
5683fe1581
Сommit
351f45de6c
7 измененных файлов с 112 добавлено и 80 удалено
Разделённый вид Показать статистику Diff
  1. 6 6
      roles/common/tasks/base.yml
  2. 1 1
      roles/common/tasks/dkim.yml
  3. 93 61
      roles/common/tasks/security.yml
  4. 8 8
      roles/common/tasks/ssl.yml
  5. 2 2
      roles/ftpserver/tasks/pure-ftpd.yml
  6. 1 1
      roles/webserver/tasks/apache2.yml
  7. 1 1
      roles/webserver/tasks/nginx.yml

+ 6 - 6
roles/common/tasks/base.yml
Просмотреть файл 

@@ -19,14 +19,14 @@
 
     id: '{{ item.id }}'
 
     url: '{{ item.url }}'
 
     state: 'present'
 
-  with_items: apt_keys
 
+  with_items: '{{ apt_keys }}'
 
   when: apt_keys
 
 
 - name: Add apt sources for custom Debian repositories
 
   apt_repository:
 
     repo: 'deb {{ item.uri }} {{ item.suite }} {{ item.sections }}'
 
     state: 'present'
 
-  with_items: apt_repositories
 
+  with_items: '{{ apt_repositories }}'
 
   when: apt_repositories
 
 
 - name: Remove deprecated apt options files
 
@@ -65,7 +65,7 @@
 
 
 - name: Install additional packages
 
   apt: pkg={{ item }} install_recommends=no state=installed update_cache=yes
 
-  with_items: apt_additional_packages
 
+  with_items: '{{ apt_additional_packages }}'
 
   when: apt_additional_packages
 
 
 - name: Install ntp daemon
 
@@ -114,16 +114,16 @@
 
 
 - name: Install unprivileged user
 
   user: name="{{item.user}}" comment="{{item.fullname}}" groups=adm,operator,sudo append=yes shell=/bin/zsh state=present
 
-  with_items: admins
 
+  with_items: '{{ admins }}'
 
   when: admins
 
 
 - name: Install SSH key for unprivileged user
 
   authorized_key: user="{{item.user}}" key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
 
-  with_items: admins
 
+  with_items: '{{ admins }}'
 
   when: admins
 
 
 - name: Install SSH key for root
 
   authorized_key: user=root key="{{lookup('file', 'data/users/' + item.user + '/id_rsa.pub')}}" state=present
 
-  with_items: admins
 
+  with_items: '{{ admins }}'
 
   when: admins

+ 1 - 1
roles/common/tasks/dkim.yml
Просмотреть файл 

@@ -68,5 +68,5 @@
 
     owner: 'root'
 
     group: 'opendkim'
 
     mode: '0640'
 
-  with_items: dkim_domains
 
+  with_items: '{{ dkim_domains }}'
 
   when: dkim_domains

+ 93 - 61
roles/common/tasks/security.yml
Просмотреть файл 

@@ -1,86 +1,118 @@
 
-- name: Install auto upgrades package
 
-  apt: pkg=unattended-upgrades state=installed update_cache=yes
 
+- name: 'Install auto upgrades package'
 
+  apt:
 
+    pkg: 'unattended-upgrades'
 
+    state: 'installed'
 
+    update_cache: 'yes'
 
   when: with_auto_upgrade
 
 
-- name: Reconfigure unattended-upgrades package
 
-  debconf: name="unattended-upgrades" question="unattended-upgrades/enable_auto_updates" value="true" vtype="boolean"
 
+- name: 'Reconfigure unattended-upgrades package'
 
+  debconf:
 
+    name: 'unattended-upgrades'
 
+    question: 'unattended-upgrades/enable_auto_updates'
 
+    value: 'true'
 
+    vtype: 'boolean'
 
   notify:
 
-    - Reconfigure unattended-upgrades
 
+    - 'Reconfigure unattended-upgrades'
 
   when: with_auto_upgrade
 
 
-- name: Update unattended-upgrades configuration
 
-  template: src={{ item }} dest=/etc/apt/apt.conf.d/90unattended-upgrades-local owner=root group=root mode=0644
 
-  first_available_file:
 
-    - apt/auto-upgrades.{{ ansible_lsb.codename }}.j2
 
-    - apt/auto-upgrades.j2
 
+- name: 'Update unattended-upgrades configuration'
 
+  template:
 
+    src: '{{ item }}'
 
+    dest: '/etc/apt/apt.conf.d/90unattended-upgrades-local'
 
+    owner: 'root'
 
+    group: 'root'
 
+    mode: '0644'
 
+  with_first_found:
 
+    - 'apt/auto-upgrades.{{ ansible_lsb.codename }}.j2'
 
+    - 'apt/auto-upgrades.j2'
 
   when: with_auto_upgrade
 
 
-- name: Install logcheck packages
 
-  apt: pkg={{ item }} state=installed update_cache=yes
 
+- name: 'Install logcheck packages'
 
+  apt:
 
+    pkg: '{{ item }}'
 
+    state: 'installed'
 
+    update_cache: 'yes'
 
   with_items:
 
-    - logcheck
 
-    - logcheck-database
 
+    - 'logcheck'
 
+    - 'logcheck-database'
 
   when: with_logcheck
 
 
-- name: Install local configuration files for logcheck
 
-  copy: src=logcheck/{{ item }}_local dest=/etc/logcheck/ignore.d.server/{{ item }}_local owner=root group=root mode=0644
 
+- name: 'Install local configuration files for logcheck'
 
+  copy:
 
+    src: 'logcheck/{{ item }}_local'
 
+    dest: '/etc/logcheck/ignore.d.server/{{ item }}_local'
 
+    owner: 'root'
 
+    group: 'root'
 
+    mode: '0644'
 
   with_items:
 
-    - amavisd-new
 
-    - ansible
 
-    - apache2
 
-    - bind
 
-    - dhclient
 
-    - dnsmasq
 
-    - dovecot
 
-    - dropbear
 
-    - ferm
 
-    - git-daemon
 
-    - gogs
 
-    - ipmi
 
-    - irqbalance
 
-    - kernel
 
-    - libpam-modules
 
-    - mon
 
-    - noip2
 
-    - ntp
 
-    - openvpn
 
-    - php
 
-    - postfix
 
-    - pure-ftpd
 
-    - pve-cluster
 
-    - redir
 
-    - rpc-mountd
 
-    - rrdcached
 
-    - rsyslog
 
-    - smartd
 
-    - spamd
 
-    - sshd
 
-    - svn
 
-    - sympa
 
-    - systemd
 
-    - zabbix-agentd
 
+    - 'amavisd-new'
 
+    - 'ansible'
 
+    - 'apache2'
 
+    - 'bind'
 
+    - 'dhclient'
 
+    - 'dnsmasq'
 
+    - 'dovecot'
 
+    - 'dropbear'
 
+    - 'ferm'
 
+    - 'git-daemon'
 
+    - 'gogs'
 
+    - 'ipmi'
 
+    - 'irqbalance'
 
+    - 'kernel'
 
+    - 'libpam-modules'
 
+    - 'mon'
 
+    - 'noip2'
 
+    - 'ntp'
 
+    - 'openvpn'
 
+    - 'php'
 
+    - 'postfix'
 
+    - 'pure-ftpd'
 
+    - 'pve-cluster'
 
+    - 'redir'
 
+    - 'rpc-mountd'
 
+    - 'rrdcached'
 
+    - 'rsyslog'
 
+    - 'smartd'
 
+    - 'spamd'
 
+    - 'sshd'
 
+    - 'svn'
 
+    - 'sympa'
 
+    - 'systemd'
 
+    - 'zabbix-agentd'
 
   when: with_logcheck
 
 
-- name: Update logcheck cron job
 
-  template: src=cron/logcheck.j2 dest=/etc/cron.d/logcheck owner=root group=root mode=0644
 
+- name: 'Update logcheck cron job'
 
+  template:
 
+    src: 'cron/logcheck.j2'
 
+    dest: '/etc/cron.d/logcheck'
 
+    owner: 'root'
 
+    group: 'root'
 
+    mode: '0644'
 
   when: with_logcheck
 
 
-- name: Install rkhunter related packages
 
-  apt: pkg={{ item }} state=installed update_cache=yes
 
+- name: 'Install rkhunter related packages'
 
+  apt:
 
+    pkg: '{{ item }}'
 
+    state: 'installed'
 
+    update_cache: 'yes'
 
   with_items:
 
-    - lsof
 
-    - unhide
 
-    - rkhunter
 
+    - 'lsof'
 
+    - 'unhide'
 
+    - 'rkhunter'
 
   when: with_rkhunter
 
 
-- name: Reconfigure rkhunter package
 
-  debconf: name="{{item.name}}" question="{{item.question}}" value="{{item.value}}" vtype="{{item.vtype}}"
 
+- name: 'Reconfigure rkhunter package'
 
+  debconf:
 
+    name: '{{item.name}}'
 
+    question: '{{item.question}}'
 
+    value: '{{item.value}}'
 
+    vtype: '{{item.vtype}}'
 
   with_items:
 
     - { name: 'rkhunter', question: 'rkhunter/apt_autogen', value: 'true', vtype: 'boolean' }
 
     - { name: 'rkhunter', question: 'rkhunter/cron_daily_run', value: 'true', vtype: 'boolean' }
 
     - { name: 'rkhunter', question: 'rkhunter/cron_db_update', value: 'true', vtype: 'boolean' }
 
   notify:
 
-    - Reconfigure rkhunter
 
+    - 'Reconfigure rkhunter'
 
   when: with_rkhunter
 
 
 - name: Update rkhunter configuration
 
@@ -108,4 +140,4 @@
 
   args:
 
     creates: '/etc/ssl/private/dh{{ item }}.pem'
 
   with_items:
 
-    - 2048
 
+    - '2048'

+ 8 - 8
roles/common/tasks/ssl.yml
Просмотреть файл 

@@ -5,7 +5,7 @@
 
     owner: 'root'
 
     group: 'root'
 
     mode: '0755'
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   when: ssl_certs
 
 
 - name: 'Install ssl certificates (certificate)'
 
@@ -16,7 +16,7 @@
 
     group: 'root'
 
     mode: '0640'
 
   register: ssl_cert_result
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   when: ssl_certs
 
 
 - name: 'Install ssl certificates (private key)'
 
@@ -27,7 +27,7 @@
 
     group: 'root'
 
     mode: '0640'
 
   register: ssl_key_result
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   when: ssl_certs
 
 
 - name: 'Install ssl certificates (chain)'
 
@@ -38,29 +38,29 @@
 
     group: 'root'
 
     mode: '0644'
 
   register: ssl_chain_result
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   when: ssl_certs
 
 
 - name: 'Gathering info about ssl full chain (certificate + chain)'
 
   stat:
 
     path: '/etc/ssl/local/certs/{{ item }}/fullchain.pem'
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   register: ssl_fullchain_stats
 
   when: ssl_certs
 
 
 - name: 'Gathering info about ssl bundle (key + fullchain)'
 
   stat:
 
     path: '/etc/ssl/local/certs/{{ item }}/bundle.pem'
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   register: ssl_bundle_stats
 
   when: ssl_certs
 
 
 - name: 'Create ssl certificates full chain (certificate + chain)'
 
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/fullchain.pem'
 
-  with_items: ssl_fullchain_stats.results
 
+  with_items: '{{ ssl_fullchain_stats.results }}'
 
   when: ssl_certs and (not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed)
 
 
 - name: 'Create ssl certificates bundle (key + certificate + bundle)'
 
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/privkey.pem' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/bundle.pem'
 
-  with_items: ssl_bundle_stats.results
 
+  with_items: '{{ ssl_bundle_stats.results }}'
 
   when: ssl_certs and (not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed)

+ 2 - 2
roles/ftpserver/tasks/pure-ftpd.yml
Просмотреть файл 

@@ -78,12 +78,12 @@
 
     group: '{{item.gid}}'
 
     mode: 0755
 
     state: 'directory'
 
-  with_items: ftp_accounts
 
+  with_items: '{{ ftp_accounts }}'
 
   when: ftp_accounts and with_ftp
 
 
 - name: 'Add FTP accounts in pure-ftpd'
 
   raw: printf "{{item.password}}\n{{item.password}}\n" | pure-pw useradd "{{item.user}}" -d "{{item.home}}" -u "{{item.uid}}" -g "{{item.gid}}"
 
-  with_items: ftp_accounts
 
+  with_items: '{{ ftp_accounts }}'
 
   when: ftp_accounts and with_ftp
 
 
 - name: 'Rebuild pure-ftpd internal DB'

+ 1 - 1
roles/webserver/tasks/apache2.yml
Просмотреть файл 

@@ -21,7 +21,7 @@
 
     owner: 'root'
 
     group: 'root'
 
     mode: '0644'
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   notify:
 
     - 'Reload apache2'
 
   when: with_apache2 and ssl_certs

+ 1 - 1
roles/webserver/tasks/nginx.yml
Просмотреть файл 

@@ -84,7 +84,7 @@
 
     owner: 'root'
 
     group: 'root'
 
     mode: '0644'
 
-  with_items: ssl_certs
 
+  with_items: '{{ ssl_certs }}'
 
   notify:
 
     - 'Reload nginx'
 
   when: with_nginx and ssl_certs