summaryrefslogtreecommitdiffstats
path: root/roles/common
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-02-12 15:25:31 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-02-12 20:06:22 +0100
commitfa8d2b668550259e6f78d16fc209c4da1a20b842 (patch)
treecfa56bc2941f14626cbecf7e785d6c3a9c000e0d /roles/common
parentce731cb119b501b2de58473c6fb0d205d772c004 (diff)
Upgrade playbooks to Ansible 2.0.
Diffstat (limited to 'roles/common')
-rw-r--r--roles/common/tasks/bacula.yml2
-rw-r--r--roles/common/tasks/mail.yml6
-rw-r--r--roles/common/tasks/main.yml57
-rw-r--r--roles/common/tasks/munin-node.yml2
-rw-r--r--roles/common/tasks/sysctl.yml2
5 files changed, 48 insertions, 21 deletions
diff --git a/roles/common/tasks/bacula.yml b/roles/common/tasks/bacula.yml
index 248d47d..91b37c8 100644
--- a/roles/common/tasks/bacula.yml
+++ b/roles/common/tasks/bacula.yml
@@ -30,7 +30,7 @@
- name: Fetch Bacula FD X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/{{ inventory_hostname_short }}-fd.pem
dest=certs/bacula/
fail_on_missing=yes
diff --git a/roles/common/tasks/mail.yml b/roles/common/tasks/mail.yml
index c8e2495..273dc5c 100644
--- a/roles/common/tasks/mail.yml
+++ b/roles/common/tasks/mail.yml
@@ -68,7 +68,7 @@
- name: Fetch Postfix's X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/postfix/ssl/{{ ansible_fqdn }}.pem
dest=certs/postfix/
fail_on_missing=yes
@@ -78,8 +78,8 @@
- name: Add a 'root' alias
lineinfile: dest=/etc/aliases create=yes
- regexp="^root:"" "
- line="root:"" root@fripost.org"
+ regexp="^root{{':'}} "
+ line="root{{':'}} root@fripost.org"
- name: Compile the static local Postfix database
postmap: cmd=postalias src=/etc/aliases db=cdb
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 3b95c92..3e6a4a8 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,20 +1,36 @@
---
-- include: sysctl.yml tags=sysctl
+- include: sysctl.yml
+ tags: sysctl
- include: hosts.yml
-- include: apt.yml tags=apt
+- include: apt.yml
+ tags: apt
- name: Install intel-microcode
apt: pkg=intel-microcode
when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
tags: intel
-- include: firewall.yml tags=firewall,iptables
-- include: samhain.yml tags=samhain
-- include: auditd.yml tags=auditd
-- include: rkhunter.yml tags=rkhunter
-- include: clamav.yml tags=clamav
-- include: fail2ban.yml tags=fail2ban
-- include: smart.yml tags=smartmontools,smart
+- include: firewall.yml
+ tags:
+ - firewall
+ - iptables
+- include: samhain.yml
+ tags: samhain
+- include: auditd.yml
+ tags: auditd
+- include: rkhunter.yml
+ tags: rkhunter
+- include: clamav.yml
+ tags: clamav
+- include: fail2ban.yml
+ tags: fail2ban
+- include: smart.yml
+ tags:
+ - smartmontools
+ - smart
when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
-- include: haveged.yml tags=haveged,entropy
+- include: haveged.yml
+ tags:
+ - haveged
+ - entropy
- name: Copy genkeypair.sh and gendhparam.sh
copy: src=usr/local/bin/{{ item }}
dest=/usr/local/bin/{{ item }}
@@ -27,11 +43,22 @@
- name: Generate DH parameters
command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
tags: genkey
-- include: logging.yml tags=logging
-- include: ntp.yml tags=ntp
-- include: mail.yml tags=mail,postfix
-- include: bacula.yml tags=bacula-fd,bacula
-- include: munin-node.yml tags=munin-node,munin
+- include: logging.yml
+ tags: logging
+- include: ntp.yml
+ tags: ntp
+- include: mail.yml
+ tags:
+ - mail
+ - postfix
+- include: bacula.yml
+ tags:
+ - bacula-fd
+ - bacula
+- include: munin-node.yml
+ tags:
+ - munin-node
+ - munin
- name: Install common packages
apt: pkg={{ item }}
diff --git a/roles/common/tasks/munin-node.yml b/roles/common/tasks/munin-node.yml
index 9e5d8f4..c585d60 100644
--- a/roles/common/tasks/munin-node.yml
+++ b/roles/common/tasks/munin-node.yml
@@ -172,7 +172,7 @@
- name: Fetch Munin X.509 certificate
# Ensure we don't fetch private data
- sudo: False
+ become: False
fetch: src=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
dest=certs/munin/{{ inventory_hostname }}.pem
fail_on_missing=yes
diff --git a/roles/common/tasks/sysctl.yml b/roles/common/tasks/sysctl.yml
index 6ac7feb..d3ae86f 100644
--- a/roles/common/tasks/sysctl.yml
+++ b/roles/common/tasks/sysctl.yml
@@ -1,4 +1,4 @@
-- sysctl: name={{ item.name }} "value={{ item.value }}" sysctl_set=yes
+- sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
with_items:
- { name: 'kernel.domainname', value: '{{ ansible_domain }}' }