diff options
| -rw-r--r-- | common/kubernetes.yml | 6 | ||||
| -rw-r--r-- | common/usb-install.yml | 8 | ||||
| -rw-r--r-- | roles/acmetool/base/tasks/selfsigned.yml | 6 | ||||
| -rw-r--r-- | roles/acmetool/cert/tasks/main.yml | 10 | ||||
| -rw-r--r-- | roles/admin-user/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/base/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/dyndns/client/tasks/main.yml | 6 | ||||
| -rw-r--r-- | roles/elevate/dolmetsch-raspi/tasks/main.yml | 8 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/network.yml | 20 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/nextcloud.yml | 6 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/nginx.yml | 10 | ||||
| -rw-r--r-- | roles/kubernetes/base/tasks/main.yml | 4 | ||||
| -rw-r--r-- | roles/kubernetes/net/tasks/add.yml | 8 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/fetch.yml | 8 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/prepare.yml | 14 | ||||
| -rw-r--r-- | roles/ubuntu-ws/tasks/main.yml | 5 | ||||
| -rw-r--r-- | roles/vm/host/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/vm/network/tasks/main.yml | 4 | ||||
| -rw-r--r-- | spreadspace/k8s-emc.yml | 4 |
20 files changed, 75 insertions, 76 deletions
diff --git a/common/kubernetes.yml b/common/kubernetes.yml index eb9a0db3..e0073c0e 100644 --- a/common/kubernetes.yml +++ b/common/kubernetes.yml @@ -62,7 +62,7 @@ register: kubectl_node_list - name: generate list of nodes to be removed - with_items: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(kubernetes_nodes) }}" + loop: "{{ kubectl_node_list.stdout_lines | map('replace', 'node/', '') | list | difference(kubernetes_nodes) }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" @@ -70,7 +70,7 @@ changed_when: False - name: drain superflous nodes - with_items: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" + loop: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" command: "kubectl drain {{ item }} --delete-local-data --force --ignore-daemonsets" - name: try to clean superflous nodes @@ -85,7 +85,7 @@ hosts: _kubernetes_masters_ tasks: - name: remove superflous nodes - with_items: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" + loop: "{{ groups['_kubernetes_nodes_remove_'] | default([]) }}" command: "kubectl delete node {{ item }}" - name: wait a litte before removing bootstrap-token so new nodes have time to generate certificates for themselves diff --git a/common/usb-install.yml b/common/usb-install.yml index 729b9387..43dbe257 100644 --- a/common/usb-install.yml +++ b/common/usb-install.yml @@ -30,14 +30,14 @@ - when: pathcheck.stat.exists block: - name: Copy generated files to the USB drive - copy: - src: "{{ item }}" - dest: "{{ usbdrive_path }}/" - with_items: + loop: - "{{ artifacts_dir }}/initrd.preseed.gz" - "{{ global_cache_dir }}/debian-installer/{{ install_distro }}-{{ install_codename }}/{{ install.arch | default('amd64') }}/linux" loop_control: label: "{{ item | basename }}" + copy: + src: "{{ item }}" + dest: "{{ usbdrive_path }}/" - name: Generate syslinux configuration for BIOS boot copy: diff --git a/roles/acmetool/base/tasks/selfsigned.yml b/roles/acmetool/base/tasks/selfsigned.yml index f5fb0466..7ba829e6 100644 --- a/roles/acmetool/base/tasks/selfsigned.yml +++ b/roles/acmetool/base/tasks/selfsigned.yml @@ -69,12 +69,12 @@ command: "cp '{{ tmpdir }}/cert' '{{ tmpdir }}/fullchain'" - name: create additional empty files + loop: + - chain + - selfsigned copy: content: "" dest: "{{ tmpdir }}/{{ item }}" - with_items: - - chain - - selfsigned ### TODO: remove this once acmetool respects it's own storage layout ### see: https://github.com/hlandau/acme/blob/master/_doc/SCHEMA.md#temporary-use-of-self-signed-certificates diff --git a/roles/acmetool/cert/tasks/main.yml b/roles/acmetool/cert/tasks/main.yml index ddb29236..c2f778f6 100644 --- a/roles/acmetool/cert/tasks/main.yml +++ b/roles/acmetool/cert/tasks/main.yml @@ -1,10 +1,10 @@ - name: add acmetool desired file + loop: + - satisfy: + names: "{{ acmetool_cert_hostnames | default([acmetool_cert_name]) }}" + loop_control: + label: "{{ item.satisfy.names | join(', ') }}" copy: content: "{{ item | to_nice_yaml }}" dest: "/var/lib/acme/desired/{{ acmetool_cert_name }}" - with_items: - - satisfy: - names: "{{ acmetool_cert_hostnames | default([acmetool_cert_name]) }}" - loop_control: - label: "{{ item.satisfy.names | join(', ') }}" notify: reconcile acmetool diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml index 5933863d..53eea376 100644 --- a/roles/admin-user/tasks/main.yml +++ b/roles/admin-user/tasks/main.yml @@ -5,7 +5,9 @@ state: present - name: add admin users - with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop_control: + label: "{{ item.name }}" user: name: "{{ item.name }}" state: present @@ -15,14 +17,12 @@ - adm append: yes shell: "{{ item.shell | default(omit) }}" - loop_control: - label: "{{ item.name }}" - name: install ssh keys for admin users - with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + loop_control: + label: "{{ item.name }}" authorized_key: user: "{{ item.name }}" key: "{{ item.ssh_keys | join('\n') }}" exclusive: yes - loop_control: - label: "{{ item.name }}" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index de180a15..e631d0d4 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -41,8 +41,8 @@ - name: install htop config (1/2) loop: - - /root - - /etc/skel + - /root + - /etc/skel file: name: "{{ item }}/.config/htop/" state: directory @@ -50,8 +50,8 @@ - name: install htop config (2/2) loop: - - /root - - /etc/skel + - /root + - /etc/skel copy: src: "{{ global_files_dir }}/common/htoprc" dest: "{{ item }}/.config/htop/" diff --git a/roles/dyndns/client/tasks/main.yml b/roles/dyndns/client/tasks/main.yml index 80e0e13b..6f2ff021 100644 --- a/roles/dyndns/client/tasks/main.yml +++ b/roles/dyndns/client/tasks/main.yml @@ -45,12 +45,12 @@ - name: install systemd units + loop: + - service + - timer template: src: "dyndns.{{ item }}.j2" dest: "/etc/systemd/system/dyndns.{{ item }}" - with_items: - - service - - timer - name: make sure the systemd timer is enabled and running systemd: diff --git a/roles/elevate/dolmetsch-raspi/tasks/main.yml b/roles/elevate/dolmetsch-raspi/tasks/main.yml index e0e1083c..10d55766 100644 --- a/roles/elevate/dolmetsch-raspi/tasks/main.yml +++ b/roles/elevate/dolmetsch-raspi/tasks/main.yml @@ -44,7 +44,7 @@ state: directory - name: build dolmetschctl (server and client) - with_items: + loop: - dolmetschctl - dolmetschctld command: "/usr/local/go/bin/go get spreadspace.org/dolmetschctl/cmd/{{ item }}" @@ -54,7 +54,7 @@ GOPATH: /opt/dolmetschctl - name: install dolmetschctl systemd units - with_items: + loop: - dolmetschctl - dolmetschctld template: @@ -63,7 +63,7 @@ notify: reload systemd - name: install rtp send/receive scripts - with_items: + loop: - rtp-recv - rtp-send template: @@ -72,7 +72,7 @@ mode: 0750 - name: install rtp send/receive systemd units - with_items: + loop: - rtp-recv - rtp-send template: diff --git a/roles/elevate/media/tasks/network.yml b/roles/elevate/media/tasks/network.yml index da7dd1db..17e82097 100644 --- a/roles/elevate/media/tasks/network.yml +++ b/roles/elevate/media/tasks/network.yml @@ -5,28 +5,28 @@ state: directory - name: install netplan configs - template: - src: "netplan/{{ item }}.yaml.j2" - dest: "/etc/netplan/conf-available/{{ item }}.yaml" - with_items: + loop: - lan-only - r3 - r3-with-lan - elevate-festival - elevate-office + template: + src: "netplan/{{ item }}.yaml.j2" + dest: "/etc/netplan/conf-available/{{ item }}.yaml" notify: netplan apply - name: install firewall scripts - template: - src: "firewall/{{ item }}.sh.j2" - dest: "/etc/saswall/{{ item }}.sh" - mode: 0755 - with_items: + loop: - lan-only - r3 - r3-with-lan - elevate-festival - elevate-office + template: + src: "firewall/{{ item }}.sh.j2" + dest: "/etc/saswall/{{ item }}.sh" + mode: 0755 notify: firewall restart - name: remove default netplan config @@ -36,7 +36,7 @@ notify: netplan apply - name: set active netwok setup - with_items: + loop: - dest: /etc/netplan/01-active.yaml src: "conf-available/{{ network_setup }}.yaml" - dest: /etc/saswall/rules.sh diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index cfa0acf9..65094261 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -98,7 +98,7 @@ NEXTCLOUD_ADMIN_PASSWORD: "will-be-changed-later" - name: configure nextcloud upload file size limit - with_items: + loop: - upload_max_filesize - post_max_size lineinfile: @@ -129,7 +129,7 @@ import_tasks: nextcloud-config.yml - name: install nextcloud systemd units - with_items: + loop: - cron.service - cron.timer - rescan.service @@ -139,7 +139,7 @@ dest: "/etc/systemd/system/nextcloud-{{ item }}" - name: make sure nextcloud systemd timer are started and enabled - with_items: + loop: - cron - rescan systemd: diff --git a/roles/elevate/media/tasks/nginx.yml b/roles/elevate/media/tasks/nginx.yml index 2441872a..435cc751 100644 --- a/roles/elevate/media/tasks/nginx.yml +++ b/roles/elevate/media/tasks/nginx.yml @@ -8,12 +8,12 @@ notify: restart nginx - name: install nginx config snippets + loop: + - ssl + - hsts copy: src: "{{ global_files_dir }}/common/nginx-snippets/{{ item }}.conf" dest: /etc/nginx/snippets/ - with_items: - - ssl - - hsts notify: restart nginx - name: generate Diffie-Hellman parameters @@ -29,9 +29,9 @@ notify: restart nginx - name: check if acme certs already exist + loop: "{{ nextcloud_hostnames }}" stat: path: "/var/lib/acme/live/{{ item }}" - with_items: "{{ nextcloud_hostnames }}" register: acme_cert_stat - name: set acmecert_missing_hostnames variable @@ -52,11 +52,11 @@ selfsigned_interim_cert_id: "{{ selfsigned_interim_cert_id.stdout }}" - name: link to snakeoil cert for nonexistent hostnames + loop: "{{ acmecert_missing_hostnames }}" file: src: "../certs/{{ selfsigned_interim_cert_id }}" dest: "/var/lib/acme/live/{{ item }}" state: link - with_items: "{{ acmecert_missing_hostnames }}" - name: enable vhost config using acme cert file: diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml index 0230fd11..c873fc52 100644 --- a/roles/kubernetes/base/tasks/main.yml +++ b/roles/kubernetes/base/tasks/main.yml @@ -48,7 +48,7 @@ - name: disable automatic upgrades for kubernetes components when: kubernetes.pkg_version is defined - with_items: + loop: - kubelet - kubeadm - kubectl @@ -75,7 +75,7 @@ password: "!" - name: add kubectl/kubeadm completion for shells - with_items: + loop: - zsh - bash blockinfile: diff --git a/roles/kubernetes/net/tasks/add.yml b/roles/kubernetes/net/tasks/add.yml index da7ac424..4fe7c5e2 100644 --- a/roles/kubernetes/net/tasks/add.yml +++ b/roles/kubernetes/net/tasks/add.yml @@ -55,20 +55,20 @@ kubenet_peers_to_remove: "{{ kubenet_peers_installed.files | map(attribute='path') | map('replace', '/etc/systemd/system/kubenet-peer-', '') | map('replace', '.service', '') | difference(kubenet_peers_to_add) }}" - name: stop/disable systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" + loop: "{{ kubenet_peers_to_remove }}" systemd: name: "kubenet-peer-{{ item }}.service" state: stopped enabled: no - name: remove systemd units for stale kubenet peers - with_items: "{{ kubenet_peers_to_remove }}" + loop: "{{ kubenet_peers_to_remove }}" file: name: "/etc/systemd/system/kubenet-peer-{{ item }}.service" state: absent - name: install systemd units for every kubenet peer - with_items: "{{ kubenet_peers_to_add }}" + loop: "{{ kubenet_peers_to_add }}" loop_control: loop_var: peer template: @@ -77,7 +77,7 @@ # TODO: notify restart for peers that change... - name: make sure kubenet peer services are started and enabled - with_items: "{{ kubenet_peers_to_add }}" + loop: "{{ kubenet_peers_to_add }}" systemd: daemon_reload: yes name: "kubenet-peer-{{ item }}.service" diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml index 66a56572..21bc0c40 100644 --- a/roles/openwrt/image/tasks/fetch.yml +++ b/roles/openwrt/image/tasks/fetch.yml @@ -41,13 +41,13 @@ rescue: - name: Delete downloaded artifacts - file: - path: "{{ item }}" - state: absent - with_items: + loop: - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + file: + path: "{{ item }}" + state: absent - name: the download has failed... fail: diff --git a/roles/openwrt/image/tasks/main.yml b/roles/openwrt/image/tasks/main.yml index 47a8793e..df3592f9 100644 --- a/roles/openwrt/image/tasks/main.yml +++ b/roles/openwrt/image/tasks/main.yml @@ -27,7 +27,7 @@ {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} - name: Copy newly built OpenWrt image - with_items: "{{ openwrt_output_image_suffixes }}" + loop: "{{ openwrt_output_image_suffixes }}" copy: src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" dest: "{{ openwrt_output_dir }}" diff --git a/roles/openwrt/image/tasks/prepare.yml b/roles/openwrt/image/tasks/prepare.yml index a3ab7112..ffac3c3f 100644 --- a/roles/openwrt/image/tasks/prepare.yml +++ b/roles/openwrt/image/tasks/prepare.yml @@ -10,14 +10,14 @@ openwrt_imgbuilder_files: "{{ tmpdir.path }}/files" - name: Create the directories for mixins + loop: + - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" + - "{{ openwrt_imgbuilder_files }}/etc/config" + - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" file: path: "{{ item }}" state: directory mode: '0755' - with_items: - - "{{ openwrt_download_dir }}/dl/{{ openwrt_arch }}" - - "{{ openwrt_imgbuilder_files }}/etc/config" - - "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}" - name: Copy mixins in place [1/3] @@ -53,6 +53,9 @@ label: "{{ item.key }}" - name: Generate /etc/fstab + loop: "{{ openwrt_mounts }}" + loop_control: + label: "{{ item.path }}" mount: fstab: "{{ openwrt_imgbuilder_files }}/etc/fstab" state: present @@ -64,9 +67,6 @@ dump: "{{ item.dump | default(omit) }}" passno: "{{ item.passno | default(omit) }}" when: openwrt_mounts is defined - with_items: "{{ openwrt_mounts }}" - loop_control: - label: "{{ item.path }}" - name: Create UCI configuration files diff --git a/roles/ubuntu-ws/tasks/main.yml b/roles/ubuntu-ws/tasks/main.yml index 57b17462..30b77816 100644 --- a/roles/ubuntu-ws/tasks/main.yml +++ b/roles/ubuntu-ws/tasks/main.yml @@ -2,11 +2,11 @@ - import_tasks: fs.yml - name: prohibited packages + loop: + - flashplugin-installer template: src: prohibited-package.j2 dest: "/etc/apt/preferences.d/{{ item }}.disabled" - with_items: - - flashplugin-installer - name: base packages apt: @@ -33,7 +33,6 @@ - firefox - chromium-browser state: present - with_items: - name: install multimedia stuff apt: diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index 010fdce4..562e502e 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -17,7 +17,7 @@ notify: restart haveged - name: make sure installer directories exists - with_items: + loop: - "{{ debian_installer_path }}" - "{{ preseed_path }}" file: diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml index 9bef36ed..cb73ef6e 100644 --- a/roles/vm/network/tasks/main.yml +++ b/roles/vm/network/tasks/main.yml @@ -1,7 +1,7 @@ --- - block: - name: remove legacy systemd.link units - with_items: + loop: - 50-virtio-kernel-names.link - 99-default.link file: @@ -9,7 +9,7 @@ state: absent - name: install systemd network link units - with_items: "{{ network.systemd_link.interfaces }}" + loop: "{{ network.systemd_link.interfaces }}" loop_control: index_var: interface_index template: diff --git a/spreadspace/k8s-emc.yml b/spreadspace/k8s-emc.yml index 0eada061..a1b25631 100644 --- a/spreadspace/k8s-emc.yml +++ b/spreadspace/k8s-emc.yml @@ -5,7 +5,7 @@ run_once: yes tasks: - name: create group for all kubernetes nodes - with_items: "{{ groups['k8s_emc'] }}" + loop: "{{ groups['k8s_emc'] }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" @@ -13,7 +13,7 @@ changed_when: False - name: create group for kubernetes master nodes - with_items: "{{ groups['k8s_emc_master'] }}" + loop: "{{ groups['k8s_emc_master'] }}" add_host: name: "{{ item }}" inventory_dir: "{{ inventory_dir }}" |