diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2018-04-04 16:05:58 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2018-04-04 16:06:10 +0200 |
| commit | 8d6dd2e082547d6f814a904181700d7fb54d7127 (patch) | |
| tree | c41599c7fd3db7441be21acdb5873cbf82aed8bf | |
| parent | e1fc6a114e23eafc709163d8e6e625c0db211fe5 (diff) | |
Upgrade syntax to Ansible 2.5.
| -rw-r--r-- | ansible.cfg | 1 | ||||
| -rw-r--r-- | lib/action_plugins/openldap.py | 1 | ||||
| -rw-r--r-- | roles/common/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/apt/preferences.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/apt/sources.list.j2 | 4 |
5 files changed, 4 insertions, 6 deletions
diff --git a/ansible.cfg b/ansible.cfg index 2de77ef..3b99662 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,32 +1,31 @@ # config file for ansible -- http://ansible.github.com # nearly all parameters can be overridden in ansible-playbook or with command line flags # ansible will read ~/.ansible.cfg or /etc/ansible/ansible.cfg, whichever it finds first [defaults] library = ./lib/modules:/usr/share/ansible remote_tmp = $HOME/.ansible/tmp forks = 5 poll_interval = 15 transport = ssh remote_port = 22 -module_lang = C timeout = 10 # format of string {{ ansible_managed }} available within Jinja2 # templates indicates to users editing templates files will be replaced. # replacing {file}, {host} and {uid} and strftime codes with proper values. ansible_managed = Ansible Managed: modified on %Y-%m-%d %H:%M:%S by {uid}@{host} # additional plugin paths for non-core plugins action_plugins = ./lib/action_plugins callback_plugins = ./lib/callback_plugins connection_plugins = ./lib/connection_plugins lookup_plugins = ./lib/lookup_plugins vars_plugins = ./lib/vars_plugins # retry files # When a playbook fails by default a .retry file will be created in ~/ # You can disable this feature by setting retry_files_enabled to False # and you can change the location of the files by setting retry_files_save_path retry_files_enabled = False #retry_files_save_path = ~/.ansible-retry diff --git a/lib/action_plugins/openldap.py b/lib/action_plugins/openldap.py index 86ca41f..ae4992a 100644 --- a/lib/action_plugins/openldap.py +++ b/lib/action_plugins/openldap.py @@ -1,38 +1,37 @@ # Manage OpenLDAP databases # Copyright (c) 2014 Guilhem Moulin <guilhem@fripost.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. from ansible.plugins.action import ActionBase -from ansible.utils.unicode import to_bytes from ansible.module_utils._text import to_text class ActionModule(ActionBase): TRANSFERS_FILES = True def run(self, tmp=None, task_vars=None): if task_vars is None: task_vars = dict() if self._play_context.check_mode: return dict(skipped=True, msg='check mode not supported for this module') result = super(ActionModule, self).run(tmp, task_vars) target = self._task.args.get('target', None) local = self._task.args.get('local', 'no') if local not in [ 'no', 'file', 'template' ]: return dict(failed=True, msg="local must be in ['no','file','template']") diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index aca16b6..b3ed8a0 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,29 +1,29 @@ --- - import_tasks: sysctl.yml tags: sysctl - import_tasks: hosts.yml - import_tasks: apt.yml tags: apt - name: Install intel-microcode apt: pkg=intel-microcode - when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest'" + when: "ansible_processor[1] is search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest'" tags: intel - import_tasks: firewall.yml tags: - firewall - iptables - import_tasks: stunnel.yml tags: stunnel when: "'webmail' in group_names and 'LDAP-provider' not in group_names" - import_tasks: samhain.yml tags: samhain - import_tasks: auditd.yml tags: auditd - import_tasks: rkhunter.yml tags: rkhunter - import_tasks: clamav.yml tags: clamav - import_tasks: fail2ban.yml tags: fail2ban - import_tasks: smart.yml diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2 index ecbb4ec..4e18a6e 100644 --- a/roles/common/templates/etc/apt/preferences.j2 +++ b/roles/common/templates/etc/apt/preferences.j2 @@ -3,36 +3,36 @@ # Install updates as soon as they're available Package: * Pin: release a={{ ansible_lsb.codename }}-updates Pin-Priority: 990 {% if 'backports' in group_names -%} # Automatically packages from backports (those manually installed) Package: * Pin: release a={{ ansible_lsb.codename }}-backports Pin-Priority: 200 {% endif %} {% if inventory_hostname_short in non_free_packages.keys() -%} # Automatically upgrade non-free firmwares (when manually installed) Package: {{ non_free_packages[inventory_hostname_short] | join (' ') }} Pin: version * Pin-Priority: 200 {% endif %} -{% if ansible_processor[0] | search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest' -%} +{% if ansible_processor[1] is search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest' -%} # Automatically upgrade the microcode (when manually installed) Package: intel-microcode iucode-tool Pin: version * Pin-Priority: 200 {% endif %} # Never, ever install things from contrib or non-free unless they have been # whitelisted above Package: * Pin: release c=contrib Pin-Priority: -1 Package: * Pin: release c=non-free Pin-Priority: -1 diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2 index 1f51621..40e4925 100644 --- a/roles/common/templates/etc/apt/sources.list.j2 +++ b/roles/common/templates/etc/apt/sources.list.j2 @@ -1,13 +1,13 @@ # {{ ansible_managed }} # Do NOT edit this file directly! # vim: set filetype=debsources : -deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and ansible_virtualization_role == 'guest') %} contrib non-free{% endif %} +deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }} main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] is search("^(Genuine)?Intel.*") and ansible_virtualization_role == 'guest') %} contrib non-free{% endif %} -deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] | search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %} +deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if inventory_hostname_short in non_free_packages.keys() or (ansible_processor[0] is search("^(Genuine)?Intel.*") and not ansible_virtualization_role == 'guest') %} contrib non-free{% endif %} deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }}-updates main {% if 'backports' in group_names -%} deb http://ftp.{%if geoip is defined %}{{ geoip }}.{% endif %}debian.org/debian/ {{ ansible_lsb.codename }}-backports main {% endif %} |