diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2019-06-01 17:52:28 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2019-06-01 17:52:28 +0200 |
| commit | 22d4ec550391e5e013e46347a908179b0c769ff3 (patch) | |
| tree | fdb33ea899b753295e29f433d35cf77f8eee6464 | |
| parent | fix cloud-install role (diff) | |
| parent | with_dict -> loop (diff) | |
Merge branch 'no-more-with'
32 files changed, 147 insertions, 154 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml index eb9a0db3..e0073c0e 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -62,7 +62,7 @@ register: kubectl_node_list - name: generate list of nodes to be removed - with_items: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(kubernetes_nodes) }}" + loop: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(kubernetes_nodes) }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" @@ -70,7 +70,7 @@ changed_when: False - name: drain superflous nodes - with_items: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" + loop: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" command: "kubectl drain {{ item }} --delete-local-data --force --ignore-daemonsets" - name: try to clean superflous nodes @@ -85,7 +85,7 @@ hosts: _kubernetes_masters_ tasks: - name: remove superflous nodes - with_items: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" + loop: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" command: "kubectl delete node {{ item }}" - name: wait a litte before removing bootstrap-token so new nodes have time to generate certificates for themselves diff --git a/common/usb-install.yml b/common/usb-install.yml index 729b9387..43dbe257 100644 --- a/common/usb-install.yml +++ b/common/usb-install.yml @@ -30,14 +30,14 @@ - when: pathcheck.stat.exists block: - name: Copy generated files to the USB drive - copy: - src: "{{ item }}" - dest: "{{ usbdrive_path }}/" - with_items: + loop: - "{{ artifacts_dir }}/initrd.preseed.gz" - "{{ global_cache_dir }}/debian-installer/{{ install_distro }}-{{ install_codename }}/{{ install.arch | default('amd64') }}/linux" loop_control: label: "{{ item | basename }}" + copy: + src: "{{ item }}" + dest: "{{ usbdrive_path }}/" - name: Generate syslinux configuration for BIOS boot copy: diff --git a/roles/acmetool/base/tasks/selfsigned.yml b/roles/acmetool/base/tasks/selfsigned.yml index f5fb0466..7ba829e6 100644 --- a/roles/acmetool/base/tasks/selfsigned.yml +++ b/roles/acmetool/base/tasks/selfsigned.yml @@ -69,12 +69,12 @@ command: "cp '{{ tmpdir }}/cert' '{{ tmpdir }}/fullchain'" - name: create additional empty files + loop: + - chain + - selfsigned copy: content: "" dest: "{{ tmpdir }}/{{ item }}" - with_items: - - chain - - selfsigned ### TODO: remove this once acmetool respects it's own storage layout ### see: https://github.com/hlandau/acme/blob/master/_doc/SCHEMA.md#temporary-use-of-self-signed-certificates diff --git a/roles/acmetool/cert/tasks/main.yml b/roles/acmetool/cert/tasks/main.yml index ddb29236..c2f778f6 100644 --- a/roles/acmetool/cert/tasks/main.yml +++ b/roles/acmetool/cert/tasks/main.yml @@ -1,10 +1,10 @@ - name: add acmetool desired file + loop: + - satisfy: + names: "{{ acmetool_cert_hostnames | default([acmetool_cert_name]) }}" + loop_control: + label: "{{ item.satisfy.names | join(', ') }}" copy: content: "{{ item | to_nice_yaml }}" dest: "/var/lib/acme/desired/{{ acmetool_cert_name }}" - with_items: - - satisfy: - names: "{{ acmetool_cert_hostnames | default([acmetool_cert_name]) }}" - loop_control: - label: "{{ item.satisfy.names | join(', ') }}" notify: reconcile acmetool diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml index 5933863d..53eea376 100644 --- a/roles/admin-user/tasks/main.yml +++ b/roles/admin-user/tasks/main.yml @@ -5,7 +5,9 @@ state: present - name: add admin users - with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop_control: + label: "{{ item.name }}" user: name: "{{ item.name }}" state: present @@ -15,14 +17,12 @@ - adm append: yes shell: "{{ item.shell | default(omit) }}" - loop_control: - label: "{{ item.name }}" - name: install ssh keys for admin users - with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop_control: + label: "{{ item.name }}" authorized_key: user: "{{ item.name }}" key: "{{ item.ssh_keys | join('\n') }}" exclusive: yes - loop_control: - label: "{{ item.name }}" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 3c480213..e631d0d4 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -40,18 +40,18 @@ - screen - name: install htop config (1/2) - with_items: - - /root - - /etc/skel + loop: + - /root + - /etc/skel file: name: "{{ item }}/.config/htop/" state: directory mode: 0700 - name: install htop config (2/2) - with_items: - - /root - - /etc/skel + loop: + - /root + - /etc/skel copy: src: "{{ global_files_dir }}/common/htoprc" dest: "{{ item }}/.config/htop/" @@ -65,6 +65,7 @@ state: directory - name: disable net/fs/misc kernel modules + loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" lineinfile: dest: /etc/modprobe.d/disablemod.conf line: "install {{ item }} /bin/true" @@ -72,9 +73,11 @@ owner: root group: root mode: 0644 - with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" - name: Change various sysctl-settings, look at the sysctl-vars file for documentation + loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}" + loop_control: + label: "{{ item.key }} = {{ item.value }}" sysctl: name: "{{ item.key }}" value: "{{ item.value }}" @@ -82,9 +85,6 @@ state: present reload: yes ignoreerrors: yes - with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}" - loop_control: - label: "{{ item.key }} = {{ item.value }}" - name: install extra packages apt: diff --git a/roles/cloud-install/tasks/install_hcloud.yml b/roles/cloud-install/tasks/install_hcloud.yml index 455d832e..68e8db60 100644 --- a/roles/cloud-install/tasks/install_hcloud.yml +++ b/roles/cloud-install/tasks/install_hcloud.yml @@ -58,7 +58,7 @@ delay: 30 timeout: 120 -- import_tasks: hetzner_installimage.yml +- include_tasks: hetzner_installimage.yml - name: reboot shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage" diff --git a/roles/cloud-install/tasks/install_hroot.yml b/roles/cloud-install/tasks/install_hroot.yml index 1a8aeeaf..6c57d874 100644 --- a/roles/cloud-install/tasks/install_hroot.yml +++ b/roles/cloud-install/tasks/install_hroot.yml @@ -99,7 +99,7 @@ delay: 30 timeout: 120 -- import_tasks: hetzner_installimage.yml +- include_tasks: hetzner_installimage.yml - name: reboot shell: sleep 2 && shutdown -r now "triggered by ansible after running installimage" diff --git a/roles/cloud-install/tasks/main.yml b/roles/cloud-install/tasks/main.yml index 94265382..6d9eb96e 100644 --- a/roles/cloud-install/tasks/main.yml +++ b/roles/cloud-install/tasks/main.yml @@ -1,14 +1,8 @@ --- -- include_tasks: "{{ item }}" - with_first_found: - - files: - - "install_{{ cloud_provider }}.yml" +- include_tasks: "install_{{ cloud_provider }}.yml" - name: force facts cache to get updated setup: -- include_tasks: "{{ item }}" - with_first_found: - - files: - - "post_{{ cloud_provider }}.yml" - skip: true +- when: lookup('first_found', ['post_' + cloud_provider + '.yml'], errors='ignore') + include_tasks: "post_{{ cloud_provider }}.yml" diff --git a/roles/debian-installer/tasks/main.yml b/roles/debian-installer/tasks/main.yml index eb32f6aa..77228e91 100644 --- a/roles/debian-installer/tasks/main.yml +++ b/roles/debian-installer/tasks/main.yml @@ -1,15 +1,15 @@ - name: prepare directories for installer images - with_subelements: - - "{{ distros }}" - - arch + loop: "{{ distros | subelements('arch') }}" + loop_control: + label: "{{ item.0.distro }}/{{ item.0.codename }} {{ item.1 }}" file: name: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" state: directory - name: download installer kernel images - with_subelements: - - "{{ distros }}" - - arch + loop: "{{ distros | subelements('arch') }}" + loop_control: + label: "{{ item.0.distro }}/{{ item.0.codename }} {{ item.1 }}" get_url: url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" @@ -17,9 +17,9 @@ force: "{{ debian_installer_force_download }}" - name: download installer initrd.gz - with_subelements: - - "{{ distros }}" - - arch + loop: "{{ distros | subelements('arch') }}" + loop_control: + label: "{{ item.0.distro }}/{{ item.0.codename }} {{ item.1 }}" get_url: url: "{{ debian_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" dest: "{{ debian_installer_path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" diff --git a/roles/dyndns/client/tasks/main.yml b/roles/dyndns/client/tasks/main.yml index 80e0e13b..6f2ff021 100644 --- a/roles/dyndns/client/tasks/main.yml +++ b/roles/dyndns/client/tasks/main.yml @@ -45,12 +45,12 @@ - name: install systemd units + loop: + - service + - timer template: src: "dyndns.{{ item }}.j2" dest: "/etc/systemd/system/dyndns.{{ item }}" - with_items: - - service - - timer - name: make sure the systemd timer is enabled and running systemd: diff --git a/roles/elevate/dolmetsch-raspi/tasks/main.yml b/roles/elevate/dolmetsch-raspi/tasks/main.yml index e0e1083c..10d55766 100644 --- a/roles/elevate/dolmetsch-raspi/tasks/main.yml +++ b/roles/elevate/dolmetsch-raspi/tasks/main.yml @@ -44,7 +44,7 @@ state: directory - name: build dolmetschctl (server and client) - with_items: + loop: - dolmetschctl - dolmetschctld command: "/usr/local/go/bin/go get spreadspace.org/dolmetschctl/cmd/{{ item }}" @@ -54,7 +54,7 @@ GOPATH: /opt/dolmetschctl - name: install dolmetschctl systemd units - with_items: + loop: - dolmetschctl - dolmetschctld template: @@ -63,7 +63,7 @@ notify: reload systemd - name: install rtp send/receive scripts - with_items: + loop: - rtp-recv - rtp-send template: @@ -72,7 +72,7 @@ mode: 0750 - name: install rtp send/receive systemd units - with_items: + loop: - rtp-recv - rtp-send template: diff --git a/roles/elevate/media/tasks/network.yml b/roles/elevate/media/tasks/network.yml index da7dd1db..17e82097 100644 --- a/roles/elevate/media/tasks/network.yml +++ b/roles/elevate/media/tasks/network.yml @@ -5,28 +5,28 @@ state: directory - name: install netplan configs - template: - src: "netplan/{{ item }}.yaml.j2" - dest: "/etc/netplan/conf-available/{{ item }}.yaml" - with_items: + loop: - lan-only - r3 - r3-with-lan - elevate-festival - elevate-office + template: + src: "netplan/{{ item }}.yaml.j2" + dest: "/etc/netplan/conf-available/{{ item }}.yaml" notify: netplan apply - name: install firewall scripts - template: - src: "firewall/{{ item }}.sh.j2" - dest: "/etc/saswall/{{ item }}.sh" - mode: 0755 - with_items: + loop: - lan-only - r3 - r3-with-lan - elevate-festival - elevate-office + template: + src: "firewall/{{ item }}.sh.j2" + dest: "/etc/saswall/{{ item }}.sh" + mode: 0755 notify: firewall restart - name: remove default netplan config @@ -36,7 +36,7 @@ notify: netplan apply - name: set active netwok setup - with_items: + loop: - dest: /etc/netplan/01-active.yaml src: "conf-available/{{ network_setup }}.yaml" - dest: /etc/saswall/rules.sh diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml index babec783..04100533 100644 --- a/roles/elevate/media/tasks/nextcloud-config.yml +++ b/roles/elevate/media/tasks/nextcloud-config.yml @@ -59,10 +59,8 @@ ## TODO: this is idempotent but flagging change would be nice - name: set nextcloud app config - with_subelements: - - "{{ nextcloud_app_config }}" - - "opts" - command: 'docker exec -u www-data nextcloud.service /var/www/html/occ config:app:set -n "--value={{ item.1.value }}" {{ item.0.app }} {{ item.1.name }}' - changed_when: false + loop: "{{ nextcloud_app_config | subelements('opts') }}" loop_control: label: "{{ item.0.app }}/{{ item.1.name }} = '{{ item.1.value }}'" + command: 'docker exec -u www-data nextcloud.service /var/www/html/occ config:app:set -n "--value={{ item.1.value }}" {{ item.0.app }} {{ item.1.name }}' + changed_when: false diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index cfa0acf9..65094261 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -98,7 +98,7 @@ NEXTCLOUD_ADMIN_PASSWORD: "will-be-changed-later" - name: configure nextcloud upload file size limit - with_items: + loop: - upload_max_filesize - post_max_size lineinfile: @@ -129,7 +129,7 @@ import_tasks: nextcloud-config.yml - name: install nextcloud systemd units - with_items: + loop: - cron.service - cron.timer - rescan.service @@ -139,7 +139,7 @@ dest: "/etc/systemd/system/nextcloud-{{ item }}" - name: make sure nextcloud systemd timer are started and enabled - with_items: + loop: - cron - rescan systemd: diff --git a/roles/elevate/media/tasks/nginx.yml b/roles/elevate/media/tasks/nginx.yml index 2441872a..435cc751 100644 --- a/roles/elevate/media/tasks/nginx.yml +++ b/roles/elevate/media/tasks/nginx.yml @@ -8,12 +8,12 @@ notify: restart nginx - name: install nginx config snippets + loop: + - ssl + - hsts copy: src: "{{ global_files_dir }}/common/nginx-snippets/{{ item }}.conf" dest: /etc/nginx/snippets/ - with_items: - - ssl - - hsts notify: restart nginx - name: generate Diffie-Hellman parameters @@ -29,9 +29,9 @@ notify: restart nginx - name: check if acme certs already exist + loop: "{{ nextcloud_hostnames }}" stat: path: "/var/lib/acme/live/{{ item }}" - with_items: "{{ nextcloud_hostnames }}" register: acme_cert_stat - name: set acmecert_missing_hostnames variable @@ -52,11 +52,11 @@ selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" - name: link to snakeoil cert for nonexistent hostnames + loop: "{{ acmecert_missing_hostnames }}" file: src: "../certs/{{ selfsigned_interim_cert_id }}" dest: "/var/lib/acme/live/{{ item }}" state: link - with_items: "{{ acmecert_missing_hostnames }}" - name: enable vhost config using acme cert file: diff --git a/roles/info-beamer/config/tasks/main.yml b/roles/info-beamer/config/tasks/main.yml index b4627fb7..cabc9a6b 100644 --- a/roles/info-beamer/config/tasks/main.yml +++ b/roles/info-beamer/config/tasks/main.yml @@ -51,13 +51,13 @@ when: info_beamer_wireless is defined - name: enable info-beamer feature flags + loop: "{{ info_beamer_feature_flags | dict2items }}" + loop_control: + label: "{{ item.key }}({{ item.value }}" copy: content: "" dest: "{{ info_beamer_base_path }}/config/{{ item.key }}" - with_dict: "{{ info_beamer_feature_flags }}" when: item.value - loop_control: - label: "{{ item.key }}({{ item.value }}" - name: install branding logo copy: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index 0230fd11..c873fc52 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -48,7 +48,7 @@ - name: disable automatic upgrades for kubernetes components when: kubernetes.pkg_version is defined - with_items: + loop: - kubelet - kubeadm - kubectl @@ -75,7 +75,7 @@ password: "!" - name: add kubectl/kubeadm completion for shells - with_items: + loop: - zsh - bash blockinfile: diff --git a/roles/kubernetes/net/tasks/add.yml b/roles/kubernetes/net/tasks/add.yml index da7ac424..4fe7c5e2 100644 --- a/roles/kubernetes/net/tasks/add.yml +++ b/roles/kubernetes/net/tasks/add.yml @@ -55,20 +55,20 @@ kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" - name: stop/disable systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" + loop: "{{ kubenet_peers_to_remove }}" systemd: name: "kubenet-peer-{{ item }}.service" state: stopped enabled: no - name: remove systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" + loop: "{{ kubenet_peers_to_remove }}" file: name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" state: absent - name: install systemd units for every kubenet peer - with_items: "{{ kubenet_peers_to_add }}" + loop: "{{ kubenet_peers_to_add }}" loop_control: loop_var: peer template: @@ -77,7 +77,7 @@ # TODO: notify restart for peers that change... - name: make sure kubenet peer services are started and enabled - with_items: "{{ kubenet_peers_to_add }}" + loop: "{{ kubenet_peers_to_add }}" systemd: daemon_reload: yes name: "kubenet-peer-{{ item }}.service" diff --git a/roles/kubernetes/net/tasks/remove.yml b/roles/kubernetes/net/tasks/remove.yml index 6695bd5d..e74f42c1 100644 --- a/roles/kubernetes/net/tasks/remove.yml +++ b/roles/kubernetes/net/tasks/remove.yml @@ -19,9 +19,7 @@ register: kubenet_units_installed - name: remove all kubenet related files and directories - with_flattened: - - "{{ kubenet_units_installed.files | map(attribute='path') | list }}" - - /var/lib/kubenet + loop: "{{ kubenet_units_installed.files | map(attribute='path') | list | flatten | union(['/var/lib/kubenet']) }}" file: path: "{{ item }}" state: absent diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml index 66a56572..21bc0c40 100644 --- a/roles/openwrt/image/tasks/fetch.yml +++ b/roles/openwrt/image/tasks/fetch.yml @@ -41,13 +41,13 @@ rescue: - name: Delete downloaded artifacts - file: - path: "{{ item }}" - state: absent - with_items: + loop: - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + file: + path: "{{ item }}" + state: absent - name: the download has failed... fail: diff --git a/roles/openwrt/image/tasks/main.yml b/roles/openwrt/image/tasks/main.yml index 47a8793e..df3592f9 100644 --- a/roles/openwrt/image/tasks/main.yml +++ b/roles/openwrt/image/tasks/main.yml @@ -27,7 +27,7 @@ {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} - name: Copy newly built OpenWrt image - with_items: "{{ openwrt_output_image_suffixes }}" + loop: "{{ openwrt_output_image_suffixes }}" copy: src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" dest: "{{ openwrt_output_dir }}" diff --git a/roles/openwrt/image/tasks/prepare.yml b/roles/openwrt/image/tasks/prepare.yml index a3ab7112..e03fe351 100644 --- a/roles/openwrt/image/tasks/prepare.yml +++ b/roles/openwrt/image/tasks/prepare.yml @@ -10,49 +10,52 @@ openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" - name: Create the directories for mixins + loop: + - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + - "{{ openwrt_imgbuilder_files }}/etc/config" + - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" file: path: "{{ item }}" state: directory mode: '0755' - with_items: - - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" - - "{{ openwrt_imgbuilder_files }}/etc/config" - - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" - name: Copy mixins in place [1/3] + loop: "{{ openwrt_mixin | dict2items }}" + loop_control: + label: "{{ item.key }}" file: dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" src: "{{ item.value.link }}" force: yes follow: no state: link - with_dict: "{{ openwrt_mixin }}" when: '"link" in item.value' - loop_control: - label: "{{ item.key }}" - name: Copy mixins in place [2/3] + loop: "{{ openwrt_mixin | dict2items }}" + loop_control: + label: "{{ item.key }}" copy: src: "{{ item.value.file }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" mode: "{{ item.value.mode | default('0644') }}" - with_dict: "{{ openwrt_mixin }}" when: '"file" in item.value' - loop_control: - label: "{{ item.key }}" - name: Copy mixins in place [3/3] + loop: "{{ openwrt_mixin | dict2items }}" + loop_control: + label: "{{ item.key }}" copy: content: "{{ item.value.content }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" mode: "{{ item.value.mode | default('0644') }}" - with_dict: "{{ openwrt_mixin }}" when: '"content" in item.value' - loop_control: - label: "{{ item.key }}" - name: Generate /etc/fstab + loop: "{{ openwrt_mounts }}" + loop_control: + label: "{{ item.path }}" mount: fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab" state: present @@ -64,21 +67,18 @@ dump: "{{ item.dump | default(omit) }}" passno: "{{ item.passno | default(omit) }}" when: openwrt_mounts is defined - with_items: "{{ openwrt_mounts }}" - loop_control: - label: "{{ item.path }}" - name: Create UCI configuration files + loop: "{{ openwrt_uci | dict2items }}" + loop_control: + label: "{{ item.key }}" template: src: uci.j2 dest: "{{ openwrt_imgbuilder_files }}/etc/config/{{ item.key }}" mode: 0644 trim_blocks: yes # force: no ## TODO: fail when overwriting a file - with_dict: "{{ openwrt_uci }}" - loop_control: - label: "{{ item.key }}" - name: Create /etc/passwd template: diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index e638905b..9d35e750 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -5,20 +5,22 @@ state: present - name: hardening ssh-server config + vars: + sshd_options: + IgnoreRhosts: "yes" + PermitRootLogin: "without-password" + PubkeyAuthentication: "yes" + HostbasedAuthentication: "no" + PermitEmptyPasswords: "no" + UseDNS: "no" + loop: "{{ sshd_options | dict2items }}" + loop_control: + label: "{{ item.key }} = {{ item.value }}" lineinfile: regexp: "^#?\\s*{{ item.key }}" line: "{{ item.key }} {{ item.value }}" dest: /etc/ssh/sshd_config mode: 0644 - with_dict: - IgnoreRhosts: "yes" - PermitRootLogin: "without-password" - PubkeyAuthentication: "yes" - HostbasedAuthentication: "no" - PermitEmptyPasswords: "no" - UseDNS: "no" - loop_control: - label: "{{ item.key }}" notify: restart ssh - name: limit allowed users diff --git a/roles/ubuntu-ws/tasks/main.yml b/roles/ubuntu-ws/tasks/main.yml index 57b17462..30b77816 100644 --- a/roles/ubuntu-ws/tasks/main.yml +++ b/roles/ubuntu-ws/tasks/main.yml @@ -2,11 +2,11 @@ - import_tasks: fs.yml - name: prohibited packages + loop: + - flashplugin-installer template: src: prohibited-package.j2 dest: "/etc/apt/preferences.d/{{ item }}.disabled" - with_items: - - flashplugin-installer - name: base packages apt: @@ -33,7 +33,6 @@ - firefox - chromium-browser state: present - with_items: - name: install multimedia stuff apt: diff --git a/roles/vm/grub/tasks/main.yml b/roles/vm/grub/tasks/main.yml index eb868d38..e663e808 100644 --- a/roles/vm/grub/tasks/main.yml +++ b/roles/vm/grub/tasks/main.yml @@ -1,15 +1,17 @@ --- - name: enable serial console in grub and for kernel - with_dict: - GRUB_TIMEOUT: 2 - GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' - GRUB_TERMINAL: serial - GRUB_SERIAL_COMMAND: >- - "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" + vars: + grub_options: + GRUB_TIMEOUT: 2 + GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' + GRUB_TERMINAL: serial + GRUB_SERIAL_COMMAND: >- + "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" + loop: "{{ grub_options | dict2items }}" + loop_control: + label: "{{ item.key }}" lineinfile: dest: /etc/default/grub regexp: "^{{ item.key }}=" line: "{{ item.key }}={{ item.value }}" notify: update grub - loop_control: - label: "{{ item.key }}" diff --git a/roles/vm/guest/tasks/main.yml b/roles/vm/guest/tasks/main.yml index 4830d051..68c36be3 100644 --- a/roles/vm/guest/tasks/main.yml +++ b/roles/vm/guest/tasks/main.yml @@ -4,23 +4,23 @@ state: present - name: Configure rngd [1/2] + loop: '{{ rngd_config | dict2items }}' + loop_control: + label: "{{ item.key }}" lineinfile: path: /etc/default/rng-tools line: '{{ item.key }}={{ item.value }}' regexp: '^#?{{ item.key }}=' - with_dict: '{{ rngd_config }}' - loop_control: - label: "{{ item.key }}" notify: restart rngd - name: Configure rngd [2/2] + loop: '{{ rngd_config | dict2items }}' + loop_control: + label: "{{ item.key }}" lineinfile: path: /etc/default/rng-tools regexp: '^{{ item.key }}=(?!{{ item.value }})' state: absent - with_dict: '{{ rngd_config }}' - loop_control: - label: "{{ item.key }}" notify: restart rngd - name: Provide a root shell on the VM console [1/2] diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index 010fdce4..562e502e 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -17,7 +17,7 @@ notify: restart haveged - name: make sure installer directories exists - with_items: + loop: - "{{ debian_installer_path }}" - "{{ preseed_path }}" file: diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index a971a7be..dc272b67 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: create disks for vm - with_dict: "{{ hostvars[hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[hostname].install_cooked.disks.scsi | default({})) }}" + loop: "{{ hostvars[hostname].install_cooked.disks.virtio | default({}) | combine(hostvars[hostname].install_cooked.disks.scsi | default({})) | dict2items }}" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml index 9bef36ed..cb73ef6e 100644 --- a/roles/vm/network/tasks/main.yml +++ b/roles/vm/network/tasks/main.yml @@ -1,7 +1,7 @@ --- - block: - name: remove legacy systemd.link units - with_items: + loop: - 50-virtio-kernel-names.link - 99-default.link file: @@ -9,7 +9,7 @@ state: absent - name: install systemd network link units - with_items: "{{ network.systemd_link.interfaces }}" + loop: "{{ network.systemd_link.interfaces }}" loop_control: index_var: interface_index template: diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml index e19f5366..80880f83 100644 --- a/roles/zsh/tasks/main.yml +++ b/roles/zsh/tasks/main.yml @@ -5,22 +5,22 @@ state: present - name: install zsh-config - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: + loop: - src: "zshrc" dest: "/etc/zsh/zshrc" - src: "zshrc.skel" dest: "/etc/skel/.zshrc" loop_control: label: "{{ item.dest }}" + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" - name: set zsh as default shell + loop: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" user: name: "{{ item }}" shell: /bin/zsh - with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" - name: make zsh the default shell for useradd lineinfile: diff --git a/spreadspace/k8s-emc.yml b/spreadspace/k8s-emc.yml index 0eada061..a1b25631 100644 --- a/spreadspace/k8s-emc.yml +++ b/spreadspace/k8s-emc.yml @@ -5,7 +5,7 @@ run_once: yes tasks: - name: create group for all kubernetes nodes - with_items: "{{ groups['k8s_emc'] }}" + loop: "{{ groups['k8s_emc'] }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" @@ -13,7 +13,7 @@ changed_when: False - name: create group for kubernetes master nodes - with_items: "{{ groups['k8s_emc_master'] }}" + loop: "{{ groups['k8s_emc_master'] }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" |