From a6792aa563e5238985d2e6ae8dc801283a5de5a7 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 31 May 2016 07:35:21 +0300
Subject: [PATCH] - Added name and date to license. - Removed init detection,
already present in Ansible, removed reference in tasks. - Removed
root_group var, use gid 0. - State file mode as octal number instead of
string.
---
LICENSE.txt | 2 +-
README.rst | 2 --
tasks/add_tls_cert.yml | 4 ++--
tasks/backports.yml | 2 +-
tasks/collectd_agent.yml | 12 ++++++------
tasks/init.yml | 14 --------------
tasks/main.yml | 3 ---
tasks/ntp.yml | 4 ++--
tasks/ntpd.yml | 4 ++--
tasks/syslog_forward.yml | 2 +-
tasks/tls_cert_Debian.yml | 6 +++---
tasks/tls_cert_OpenBSD.yml | 10 +++++-----
tasks/unattended_upgrades.yml | 4 ++--
vars/main.yml | 8 --------
14 files changed, 25 insertions(+), 52 deletions(-)
delete mode 100644 tasks/init.yml
diff --git a/LICENSE.txt b/LICENSE.txt
index 38c6bf2..ee4c95e 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,6 +1,6 @@
The MIT License (MIT)
-Copyright (c) [year] [fullname]
+Copyright (c) 2016 Adar Nimrod
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/README.rst b/README.rst
index 8890449..d8bfe7d 100644
--- a/README.rst
+++ b/README.rst
@@ -87,7 +87,6 @@ TODO
- Implement:
- collectd_agent.
- - init (via module).
- ldap_login (with pam_mkhomedir).
- ssh_ca.
- syslog_forwarding.
@@ -96,4 +95,3 @@ TODO
- Document.
- Create a module to add a TLS certificate to store for both Debian-based and
OpenBSD.
-- Create a module to detect the init system.
diff --git a/tasks/add_tls_cert.yml b/tasks/add_tls_cert.yml
index edc2c40..a559cab 100644
--- a/tasks/add_tls_cert.yml
+++ b/tasks/add_tls_cert.yml
@@ -21,7 +21,7 @@
src: '{{ item }}'
dest: '{{ cert_dir[ansible_os_family] }}/{{ item|basename }}.crt'
owner: root
- group: '{{ root_group[ansible_os_family] }}'
- mode: '0644'
+ group: 0
+ mode: 0o0644
notify:
- Update CA store
diff --git a/tasks/backports.yml b/tasks/backports.yml
index 9320af2..4f9687c 100644
--- a/tasks/backports.yml
+++ b/tasks/backports.yml
@@ -21,4 +21,4 @@
dest: /etc/apt/preferences.d/backports
owner: root
group: root
- mode: '0644'
+ mode: 0o0644
diff --git a/tasks/collectd_agent.yml b/tasks/collectd_agent.yml
index 31eb7fa..34ace24 100644
--- a/tasks/collectd_agent.yml
+++ b/tasks/collectd_agent.yml
@@ -23,8 +23,8 @@
file:
path: /etc/collectd/collectd.conf.d/
owner: root
- group: '{{ root_group[ansible_os_family] }}'
- mode: '0755'
+ group: 0
+ mode: 0o0755
state: directory
- name: Gather Collectd facts
@@ -35,8 +35,8 @@
src: collectd.conf
dest: /etc/collectd/collectd.conf
owner: root
- group: '{{ root_group[ansible_os_family] }}'
- mode: '0644'
+ group: 0
+ mode: 0o0644
notify:
- Restart Collectd
@@ -47,8 +47,8 @@
src: '{{ item }}'
dest: /etc/collectd/collectd.conf.d/
owner: root
- group: '{{ root_group[ansible_os_family] }}'
- mode: '0644'
+ group: 0
+ mode: 0o0644
notify:
- Restart Collectd
diff --git a/tasks/init.yml b/tasks/init.yml
deleted file mode 100644
index d451d5a..0000000
--- a/tasks/init.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-
-- name: Assert
- assert:
- that: ansible_os_family == 'Debian'
-
-- name: Find which package provided init
- command: /usr/bin/dpkg -S /sbin/init
- register: common_which_init
- changed_when: false
-
-- name: Register which init is used
- set_fact:
- ansible_init: '{{ debian_init[common_which_init["stdout"].split(":")[0]] }}'
diff --git a/tasks/main.yml b/tasks/main.yml
index 85e298a..ab40a32 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,9 +11,6 @@
assert:
that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
-- include: init.yml
- when: ansible_os_family == 'Debian' and not common_role_finished is defined
-
- include: backports.yml
when: backports|default(False) and ansible_os_family == 'Debian' and not common_role_finished is defined
diff --git a/tasks/ntp.yml b/tasks/ntp.yml
index ec0b9a6..f46d1ac 100644
--- a/tasks/ntp.yml
+++ b/tasks/ntp.yml
@@ -5,7 +5,7 @@
that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
- include: ntpd.yml
- when: ansible_os_family == 'OpenBSD' or not ansible_init == 'systemd'
+ when: ansible_service_mgr in [ ]
- include: systemd-timesyncd.yml
- when: ansible_os_family == 'Debian' and ansible_init == 'systemd'
+ when: ansible_service_mgr == 'systemd'
diff --git a/tasks/ntpd.yml b/tasks/ntpd.yml
index 511575d..b98385e 100644
--- a/tasks/ntpd.yml
+++ b/tasks/ntpd.yml
@@ -16,8 +16,8 @@
src: ntpd.conf.j2
dest: '{{ ntpd_conf[ansible_os_family] }}'
owner: root
- group: '{{ root_group[ansible_os_family] }}'
- mode: '0644'
+ group: 0
+ mode: 0o0644
notify:
- Restart ntpd
diff --git a/tasks/syslog_forward.yml b/tasks/syslog_forward.yml
index a4c8245..b7f88d9 100644
--- a/tasks/syslog_forward.yml
+++ b/tasks/syslog_forward.yml
@@ -19,7 +19,7 @@
dest: /etc/rsyslog.d/forwarding.conf.j2
owner: root
group: root
- mode: '0644'
+ mode: 0o0644
notify:
- Restart rsyslog
diff --git a/tasks/tls_cert_Debian.yml b/tasks/tls_cert_Debian.yml
index 0f69208..b236e53 100644
--- a/tasks/tls_cert_Debian.yml
+++ b/tasks/tls_cert_Debian.yml
@@ -32,15 +32,15 @@
with_items:
- src: '{{ tls_key }}'
dest: '{{ tls_key_path }}'
- mode: '0640'
+ mode: 0o0640
group: ssl-cert
- src: '{{ tls_cert }}'
dest: '/usr/local/share/ca-certificates/{{ tls_cert|basename }}.crt'
- mode: '0644'
+ mode: 0o0644
group: root
- src: '{{ tls_ca_cert }}'
dest: '/usr/local/share/ca-certificates/{{ tls_ca_cert|basename }}.crt'
- mode: '0644'
+ mode: 0o0644
group: root
- name: Update certificate authority store
diff --git a/tasks/tls_cert_OpenBSD.yml b/tasks/tls_cert_OpenBSD.yml
index 99310b6..109f73c 100644
--- a/tasks/tls_cert_OpenBSD.yml
+++ b/tasks/tls_cert_OpenBSD.yml
@@ -12,10 +12,10 @@
- name: Create TLS keys and certs directories
with_items:
- name: certs
- mode: '0755'
+ mode: 0o0755
group: wheel
- name: private
- mode: '0750'
+ mode: 0o0750
group: ssl-cert
file:
path: '/etc/ssl/{{ item.name }}'
@@ -30,7 +30,7 @@
dest: /etc/ssl/certs/ca-certificates.pem
owner: root
group: wheel
- mode: '0644'
+ mode: 0o0644
- name: Copy update-ca-certifcates script
copy:
@@ -38,7 +38,7 @@
dest: /usr/local/sbin/update-ca-certificates
owner: root
group: wheel
- mode: '0755'
+ mode: 0o0755
- stat:
path: /etc/ssl/private/ssl-cert-snakeoil.key
@@ -84,7 +84,7 @@
dest: '{{ item.dest }}'
owner: root
group: wheel
- mode: '0644'
+ mode: 0o0644
register: tls_copy
- name: Update certificate authority store
diff --git a/tasks/unattended_upgrades.yml b/tasks/unattended_upgrades.yml
index e4ff777..64bf623 100644
--- a/tasks/unattended_upgrades.yml
+++ b/tasks/unattended_upgrades.yml
@@ -25,14 +25,14 @@
create: yes
owner: root
group: root
- mode: '0644'
+ mode: 0o0644
- dest: /etc/apt/apt.conf.d/20auto-upgrades
line: 'APT::Periodic::Unattended-Upgrade "1";'
regexp: '^APT::Periodic::Unattended-Upgrade'
create: yes
owner: root
group: root
- mode: '0644'
+ mode: 0o0644
lineinfile:
dest: '{{ item.dest }}'
line: '{{ item.line }}'
diff --git a/vars/main.yml b/vars/main.yml
index f8fc46b..5926400 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -15,11 +15,6 @@ backports_repo:
precise: http://archive.ubuntu.com/ubuntu precise-backports main universe multiverse
trusty: http://archive.ubuntu.com/ubuntu trusty-backports main universe multiverse
-debian_init:
- 'systemd-sysv': systemd
- upstart: upstart
- sysvinit: sysv
-
sudoers_location:
FreeBSD: '/usr/local/etc/sudoers'
Debian: '/etc/sudoers'
@@ -47,9 +42,6 @@ update_ca_certificates:
ssh_daemon:
OpenBSD: sshd
Debian: ssh
-root_group:
- OpenBSD: wheel
- Debian: root
cert_dir:
OpenBSD: /etc/ssl/certs
Debian: /usr/local/share/ca-certificates
--
GitLab