Skip to content
Snippets Groups Projects
Select Git revision
  • 3e0634aa8123a93ed735cea77b65afacd2473b9a
  • master default
2 results

common

  • Clone with SSH
  • Clone with HTTPS
    • Adar Nimrod's avatar
    - Expire date requires floating point number.
    nimrod authored 
    - Better handling of changed state.
    3e0634aa
    History
    Adar Nimrod's avatar 3e0634aa
    History
    Name Last commit Last update
    defaults
    files
    handlers
    meta
    tasks
    templates
    vars
    .gitignore
    .pre-commit-config.yaml
    LICENSE.txt
    README.rst
    README.rst

    Ansible-common

    An Ansible role with common tasks that ran on all (or most) hosts. The tls_key_path and tls_cert_path facts are added to point to the path of the host's key and cert.

    Requirements

    Debian Jessie or later or OpenBSD 5.5 or later (best effort, Ubuntu Precise or later should also work, but aren't tested).

    Role Variables

    extra_tls_certs: [] # List of filenames of TLS certs to be added.
ufw: True # To enable UFW.
ufw_policy: deny # Default UFW policy.
extra_repos: [] # List of Debian repos to add.
backports: False # To enable Debian backports repos.
ssh_ca: # TBD.
syslog_server: # The address of syslog server to forward.
collectd_graphite_server:
collectd_riemann_server:
collectd_collectd_server:
collectd_statsd_server:
mail_root_alias:
ldap_login_server:
sudo:
ntp:
unattended_upgrades:
tls_cert: # Filename of the TLS cert for that host.
tls_key: # Filename of the TLS key for that host.
tls_ca_cert: #Filename of the TLS CA cert for that host.
# If tls_key or tls_cert aren't defined, self-signed key and cert are
# generated and used.

    Dependencies

    Part of the point is to run first, before any other role, so that other roles can make certain assumptions (for example, a TLS cert is available).

    Example Playbook

    - hosts:
  - all
  roles:
  - role: common
    extra_tls_certs: ['vagrant.crt', 'example.com.crt']
    ufw_policy: deny
    tls_key: 'servers.key'
    tls_cert: 'server.crt'

    License

    MIT

    Author Information

    Nimrod Adar, contact me or visit my website. Patches are welcome via git send-email. The repository is located at: https://www.shore.co.il/cgit/.

    TODO

    • Implement: - add_tls_cert (Debian works, OpenBSD has no mechannism). - debian_backports (add Ubuntu, priority support). - collectd_agent. - init. - ldap_login (with pam_mkhomedir). - ntp. - mail_forward (OpenBSD support?). - ssh_ca. - syslog_forwarding.
    • Update tasks/main.yml to reflect recent assert changes.
    • Test.
    • Document.
    • Create a module to add a TLS certificate to store for both Debian-based and OpenBSD.
    • Create a module to detect the init system.