From 4bce4e54c4e97d0fa4128dee67f57ba33ef6a2b0 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 7 Dec 2017 17:59:15 +0100 Subject: harmonized yaml syntax --- roles/base/defaults/main.yaml | 22 ++++++++-- roles/base/tasks/main.yaml | 48 +++++++++++----------- roles/sshserver/handlers/main.yaml | 4 +- roles/sshserver/tasks/main.yaml | 22 +++++----- roles/upgrade/tasks/main.yaml | 12 ++++-- roles/vm-grub/tasks/main.yaml | 14 ++++--- roles/vm-install/tasks/main.yaml | 9 +++- .../templates/preseed_debian-stretch.cfg.j2 | 3 -- roles/vm-network/tasks/public.yaml | 14 +++---- roles/vm-network/tasks/systemd-link.yaml | 4 +- roles/zsh/tasks/main.yaml | 16 +++++--- 11 files changed, 103 insertions(+), 65 deletions(-) (limited to 'roles') diff --git a/roles/base/defaults/main.yaml b/roles/base/defaults/main.yaml index 282c4fd7..22599b1c 100644 --- a/roles/base/defaults/main.yaml +++ b/roles/base/defaults/main.yaml @@ -2,6 +2,22 @@ sysctl_config_user: {} modules_blacklist: - net: [dccp, sctp, rds, tipc] - fs: [cramfs, freevxfs, hfs, hfsplus, jffs2] - misc: [bluetooth, firewire-core, n_hdlc, net-pf-31, soundcore, thunderbolt, usb-midi] + net: + - dccp + - sctp + - rds + - tipc + fs: + - cramfs + - freevxfs + - hfs + - hfsplus + - jffs2 + misc: + - bluetooth + - firewire-core + - n_hdlc + - net-pf-31 + - soundcore + - thunderbolt + - usb-midi diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index 91349e50..2828a2e0 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -1,25 +1,27 @@ --- - name: apt - Install base system tools - apt: name={{ item }} state=present + apt: + name: "{{ item }}" + state: present with_items: - - htop - - dstat - - lsof - - gawk - - psmisc - - less - - debian-goodies - - screen - - mtr-tiny - - tcpdump - - unp - - sudo - - haveged - - dbus - - libpam-systemd - - aptitude - - ca-certificates - - file + - htop + - dstat + - lsof + - gawk + - psmisc + - less + - debian-goodies + - screen + - mtr-tiny + - tcpdump + - unp + - sudo + - haveged + - dbus + - libpam-systemd + - aptitude + - ca-certificates + - file - name: Remove startup message from screen lineinfile: @@ -28,7 +30,7 @@ dest: /etc/screenrc mode: 0644 tags: - - screen + - screen - name: Ensure /root is not world accessible file: @@ -50,10 +52,10 @@ - name: Change various sysctl-settings, look at the sysctl-vars file for documentation sysctl: - name: '{{ item.key }}' - value: '{{ item.value }}' + name: "{{ item.key }}" + value: "{{ item.value }}" sysctl_set: yes state: present reload: yes ignoreerrors: yes - with_dict: '{{ sysctl_config | combine(sysctl_config_user) }}' + with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}" diff --git a/roles/sshserver/handlers/main.yaml b/roles/sshserver/handlers/main.yaml index 9b95e27d..822887e3 100644 --- a/roles/sshserver/handlers/main.yaml +++ b/roles/sshserver/handlers/main.yaml @@ -1,3 +1,5 @@ --- - name: restart ssh - service: name=ssh state=restarted + service: + name: ssh + state: restarted diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml index 52a36343..d2c5c9f0 100644 --- a/roles/sshserver/tasks/main.yaml +++ b/roles/sshserver/tasks/main.yaml @@ -1,6 +1,8 @@ --- - name: install ssh-server - apt: name=openssh-server state=present + apt: + name: openssh-server + state: present - name: hardening ssh-server config lineinfile: @@ -9,17 +11,17 @@ dest: /etc/ssh/sshd_config mode: 0644 with_items: - - { "regexp": "^#?\\s*IgnoreRhosts", "line": "IgnoreRhosts yes" } - - { "regexp": "^#?\\s*PermitRootLogin", "line": "PermitRootLogin without-password" } - - { "regexp": "^#?\\s*PubkeyAuthentication", "line": "PubkeyAuthentication yes" } - - { "regexp": "^#?\\s*HostbasedAuthentication", "line": "HostbasedAuthentication no" } - - { "regexp": "^#?\\s*PermitEmptyPasswords", "line": "PermitEmptyPasswords no" } - - { "regexp": "^#?\\s*UseDNS", "line": "UseDNS no" } + - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } + - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } + - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } + - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } + - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } notify: restart ssh - name: limit allowed users lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" + dest: /etc/ssh/sshd_config + regexp: "^AllowUsers" + line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" notify: restart ssh diff --git a/roles/upgrade/tasks/main.yaml b/roles/upgrade/tasks/main.yaml index f145bb04..f6aa211a 100644 --- a/roles/upgrade/tasks/main.yaml +++ b/roles/upgrade/tasks/main.yaml @@ -1,6 +1,7 @@ --- - name: Update packages list - apt: update_cache=yes + apt: + update_cache: yes - name: List packages to upgrade (1/2) command: aptitude -q -F%p --disable-columns search "~U" @@ -9,11 +10,13 @@ failed_when: updates.rc != 0 and updates.rc != 1 - name: List packages to upgrade (2/2) - debug: msg="{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" + debug: + msg: "{{ updates.stdout_lines | count }} packages to upgrade ({{ updates.stdout_lines | join(', ') }})" when: updates.stdout_lines - name: Upgrade packages - apt: upgrade=safe + apt: + upgrade: safe - name: List services to restart (1/2) shell: checkrestart | grep ^service | awk '{print $2}' @@ -21,7 +24,8 @@ changed_when: False - name: List services to restart (2/2) - debug: msg="{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})" + debug: + msg: "{{ services.stdout_lines | count }} services to restart ({{ services.stdout_lines | join (', ') }})" when: services.stdout_lines - name: clean apt-cache diff --git a/roles/vm-grub/tasks/main.yaml b/roles/vm-grub/tasks/main.yaml index 970cd9b4..bd48a470 100644 --- a/roles/vm-grub/tasks/main.yaml +++ b/roles/vm-grub/tasks/main.yaml @@ -1,10 +1,12 @@ --- - name: enable serial console in grub and for kernel - lineinfile: dest=/etc/default/grub regexp={{ item.regexp }} line={{ item.line }} + lineinfile: + dest: /etc/default/grub + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" with_items: - - { 'regexp': '^GRUB_TIMEOUT=', 'line': 'GRUB_TIMEOUT=2' } - - { 'regexp': '^GRUB_CMDLINE_LINUX=', 'line': 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' } - - { 'regexp': '^GRUB_TERMINAL=', 'line': 'GRUB_TERMINAL=serial' } - - { 'regexp': '^GRUB_SERIAL_COMMAND=', 'line': 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' } + - { regexp: '^GRUB_TIMEOUT=', line: 'GRUB_TIMEOUT=2' } + - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' } + - { regexp: '^GRUB_TERMINAL=', line: 'GRUB_TERMINAL=serial' } + - { regexp: '^GRUB_SERIAL_COMMAND=', line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' } notify: update grub - diff --git a/roles/vm-install/tasks/main.yaml b/roles/vm-install/tasks/main.yaml index 2e914ebc..0c95e599 100644 --- a/roles/vm-install/tasks/main.yaml +++ b/roles/vm-install/tasks/main.yaml @@ -99,9 +99,16 @@ virt: name: "{{ inventory_hostname }}" state: running - autostart: "{{ vm_install.autostart | default(omit) }}" delegate_to: "{{ vm_install.host }}" +- name: mark vm as autostarted + virt: + name: "{{ inventory_hostname }}" + autostart: "{{ vm_install.autostart }}" + command: info ## virt module needs either command or state + delegate_to: "{{ vm_install.host }}" + when: vm_install.autostart is defined + - name: wait for vm to start up wait_for_connection: delay: 5 diff --git a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 index c8f4b45f..267da58b 100644 --- a/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/vm-install/templates/preseed_debian-stretch.cfg.j2 @@ -53,21 +53,18 @@ d-i partman-auto/expert_recipe string \ . \ 1536 10000 2048 ext4 \ $lvmok{ } in_vg{ {{ inventory_hostname }} } \ - lv_name { root } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 1024 11000 1280 ext4 \ $lvmok{ } in_vg{ {{ inventory_hostname }} } \ - lv_name { var } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var } \ . \ 768 10000 768 ext4 \ $lvmok{ } in_vg{ {{ inventory_hostname }} } \ - lv_name { varlog } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ diff --git a/roles/vm-network/tasks/public.yaml b/roles/vm-network/tasks/public.yaml index 85a057d8..8b0e317a 100644 --- a/roles/vm-network/tasks/public.yaml +++ b/roles/vm-network/tasks/public.yaml @@ -1,8 +1,8 @@ --- - name: set routing table names with_items: - - { 'regexp': '^89\s', 'line': '89 mur-default' } - - { 'regexp': '^212\s', 'line': '212 upc-default' } + - { regexp: '^89\s', line: '89 mur-default' } + - { regexp: '^212\s', line: '212 upc-default' } lineinfile: regexp: "{{ item.regexp }}" line: "{{ item.line }}" @@ -11,15 +11,15 @@ - name: calculate address lists set_fact: srv_network_public_firewall_ipv4: - - "{{ srv_network.public.ip_mur }}" - - "{{ srv_network.public.ip_upc }}" + - "{{ srv_network.public.ip_mur }}" + - "{{ srv_network.public.ip_upc }}" srv_network_public_firewall_ipv6: - - "{{ srv_network.public.ip_mur6 }}" + - "{{ srv_network.public.ip_mur6 }}" - name: install firewall scripts with_items: - - 4 - - 6 + - 4 + - 6 template: src: firewall.sh_public.j2 dest: "/etc/network/firewall{{ item }}.sh" diff --git a/roles/vm-network/tasks/systemd-link.yaml b/roles/vm-network/tasks/systemd-link.yaml index eb52474a..ad12cd37 100644 --- a/roles/vm-network/tasks/systemd-link.yaml +++ b/roles/vm-network/tasks/systemd-link.yaml @@ -4,8 +4,8 @@ name: "/etc/systemd/network/{{ item }}" state: absent with_items: - - 50-virtio-kernel-names.link - - 99-default.link + - 50-virtio-kernel-names.link + - 99-default.link - name: install systemd network link units template: diff --git a/roles/zsh/tasks/main.yaml b/roles/zsh/tasks/main.yaml index 61aa7c83..93bb1abf 100644 --- a/roles/zsh/tasks/main.yaml +++ b/roles/zsh/tasks/main.yaml @@ -1,15 +1,21 @@ --- - name: install zsh packages - apt: name={{ item }} state=present + apt: + name: "{{ item }}" + state: present with_items: - zsh - name: install zsh-config - copy: src={{ item.src }} dest={{ item.dest }} + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" with_items: - - { "src": "zshrc", "dest": "/etc/zsh/zshrc" } - - { "src": "zshrc.skel", "dest": "/etc/skel/.zshrc" } + - { src: "zshrc", dest: "/etc/zsh/zshrc" } + - { src: "zshrc.skel", dest: "/etc/skel/.zshrc" } - name: set zsh as default shell - user: name="{{ item }}" shell=/bin/zsh + user: + name: "{{ item }}" + shell: /bin/zsh with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" -- cgit v1.2.3