Alan Orth
a7eb04a152
Import OS-specific vars from task in common role
...
We stopped being able to do dynamic includes from the playbooks around
Ansible 2.4.0.0 if I recall correctly. Instead we can create a task to
include the variables and make it always run by using the special tag.
For now the Debian and Ubuntu vars files are the same, but I will keep
them separate so that it is more flexible in the future.
2018-04-25 18:04:29 +03:00
Alan Orth
f3403cc79a
roles/common: Remove Ubuntu partner repo from apt sources
...
I haven't used this in years, and it looks to only be proprietary things
like Adobe, Skype, etc.
2018-04-25 17:49:38 +03:00
Alan Orth
632aa1cf14
Fix a few more Jinja2 filters used as tests
...
I had created these earlier in this branch before rebasing it on top
of the Ansible 2.5.0 readiness branch.
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-05 12:17:26 +03:00
Alan Orth
d1ba60e15d
Use version_compare to test for Ubuntu 18.04 "bionic"
...
It just feels more correct, plus I usually forget the release code
name from time to time.
2018-04-05 12:17:26 +03:00
Alan Orth
28ba62a8a6
roles/common: Remove sysv-rc-conf from Ubuntu packages
...
I haven't used this in years and it apparently doesn't exist in Ubuntu
18.04 anyways.
2018-04-05 12:17:25 +03:00
Alan Orth
c5bebf0336
roles/common: Use Ubuntu 17.10's tarsnap packages on Ubuntu 18.04
...
There are no tarsnap packages for Ubuntu 18.04 "bionic" yet so we
should use Ubuntu 17.10 "artful".
2018-04-05 12:17:25 +03:00
Alan Orth
10668ed706
roles/common: Update comment in ntp task
2018-04-05 12:17:25 +03:00
Alan Orth
19414041e7
roles/common: Add sshd config for Ubuntu 18.04
...
From the default sshd_config with some cipher settings from the Debian
9 template.
2018-04-05 12:17:25 +03:00
Alan Orth
ab2961be61
roles/common: Update Tarsnap GPG key
...
See: https://www.tarsnap.com/pkg-deb.html
2018-04-05 12:17:25 +03:00
Alan Orth
57120308dc
Update with_items loops to use new-ish "loop" keyword
...
Ansible 2.4 and 2.5 are moving away from specialized loop functions
and the old syntax will eventually be deprecated and removed. I did
not change the with_fileglob loops because I'm not sure about their
syntax yet.
See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
2018-04-02 15:52:51 +03:00
Alan Orth
d155898bb1
Use new syntax for Jinj2 filters that are used as tests
...
Ansible 2.5.0 uses a new syntax for Jinja2 filters that are used as
tests.
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-03-21 21:17:21 +02:00
Alan Orth
52b4efd3b0
roles/common: Use HTTPS for tarsnap package mirror
2018-03-17 11:51:45 +02:00
Alan Orth
948058151a
roles/common: Fix issues raised by ansible-lint
...
[ANSIBLE0010] Package installs should not use latest
2017-12-29 20:11:55 +02:00
Alan Orth
92fe57a4da
Revert "Revert "roles/common: Use static imports for tasks""
...
This reverts commit 63c5477f85
2017-11-05 01:51:49 +02:00
Alan Orth
36d6360eeb
roles/common: Fix error in conditional
2017-11-05 01:41:38 +02:00
Alan Orth
fec081d40a
roles/common: Use deb.debian.org instead of httpredir
...
Seems to be the evolution of httpredir.
2017-11-05 01:31:16 +02:00
Alan Orth
55b464e8f7
roles/common: Add apt-transport-https to base packages
...
Allows fetching debian repositories over HTTPS.
2017-11-05 01:29:00 +02:00
Alan Orth
547d808aea
roles/common: Remove ansible_os_family checks
...
We're only supporting Debian family now so there's no point to check
this variable now.
2017-11-05 01:19:28 +02:00
Alan Orth
5f8820bf9f
roles/common: Remove Ubuntu 14.04 logic
...
We're only supporting Ubuntu 16.04 now.
2017-11-05 01:11:37 +02:00
Alan Orth
7fd6127d29
roles/common: Remove check for CentOS in sshd task
...
I'm not supporting CentOS here so we don't need to check this.
2017-11-05 01:01:37 +02:00
Alan Orth
f76fc64afa
roles/common: Remove unused sshd_config templates
...
We're not supporting Ubuntu 14.04 or 15.04 anymore so we don't need
these templates.
2017-11-05 00:59:19 +02:00
Alan Orth
77a3b1cff7
roles/common: Remove Debian 8 sshd_config template
2017-11-05 00:58:03 +02:00
Alan Orth
b0524d2a2e
Remove references to Debian 8
...
I don't need or want to support Debian 8 anymore so I can remove all
references to it in comments and code.
2017-11-05 00:54:53 +02:00
Alan Orth
b87f2e2fb0
roles/common: Use command module instead of shell
...
You should only use the "shell" module when you need shell functions
like flow control and redirects. Also, the "command" module is safer
because it is not affected by the user's environment.
2017-11-05 00:49:03 +02:00
Alan Orth
b6a54ca4d1
roles/common: Reload firewalld instead of restart
...
There is no need to bounce the service, just reload it.
2017-11-05 00:27:44 +02:00
Alan Orth
0a92f3ae8f
roles/common: Use systemd module instead of "service"
...
This was new in Ansible 2.2 but I didn't notice until now. All of our
servers are running distributions with systemd so let's just use this.
2017-11-05 00:27:44 +02:00
Alan Orth
7b60e6d24f
Revert "Import OS-specific vars in tasks instead of play"
...
This reverts commit e30e4d4b1e
2017-11-04 23:53:38 +02:00
Alan Orth
63c5477f85
Revert "roles/common: Use static imports for tasks"
...
This reverts commit 5147f4029b
2017-11-04 23:53:25 +02:00
Alan Orth
620e8258ac
roles/common: Remove duplicate option in sshd_config
2017-11-01 13:22:18 +02:00
Alan Orth
5147f4029b
roles/common: Use static imports for tasks
...
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.
In practice this achieves the same function, but without the "magic"
ability to use one task for different operating systems.
2017-11-01 01:25:46 +02:00
Alan Orth
e30e4d4b1e
Import OS-specific vars in tasks instead of play
...
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.
We make sure that this tasks always runs by using the special tag of
the same name.
2017-11-01 01:21:48 +02:00
Alan Orth
15bf4727c1
roles/common: Add names to include tasks
...
I'm not sure why these weren't caught by ansible-lint.
2017-10-03 17:46:55 +03:00
Alan Orth
5281d41445
Add names to include tasks
...
Raised by ansible-lint in the following rule:
[ANSIBLE0011] All tasks should be named
2017-10-03 15:03:09 +03:00
Alan Orth
ff6253213a
roles/common: Rename "iptables" task to "firewall"
2017-09-26 14:32:21 +03:00
Alan Orth
818cbfd533
roles/common: Enable firewalld in Debian 9
2017-09-26 14:30:18 +03:00
Alan Orth
58245e3480
roles/common/tasks/main.yml: Remove comment
2017-09-22 15:53:01 +03:00
Alan Orth
16a9ebf97f
Adjust playbooks for Ansible 2.4 import changes
...
Ansible 2.4 changes the way includes work. Now you have to use "import"
for playbooks and tasks that are static, and "include" for those that
are dynamic (ie, those that use variables, loops, etc).
See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
2017-09-21 21:30:47 +03:00
Alan Orth
b945240756
roles/common: Harden sshd_config template for Debian 9 and Ubuntu 16.04
...
From: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
2017-06-19 10:13:24 +03:00
Alan Orth
4f22052afe
roles/common: Remove duplicate timezone task
...
We set it in the separate ntp.yml playbook now, as there are a few
different systems we cater to (systemd, old ntp, etc).
2017-06-18 09:30:05 +03:00
Alan Orth
ffac0b8afd
roles/common: Update apt cache in tarsnap step
...
This fails on clean installs otherwise.
2017-06-18 09:27:53 +03:00
Alan Orth
d766c3dbbe
roles/common: Add tasks to install tarsnap
...
Now that Tarsnap has official packages this is one less thing that
needs to be manually installed from source after bringing a machine
up.
See: http://mail.tarsnap.com/tarsnap-announce/msg00037.html
2017-02-07 07:28:35 -08:00
Alan Orth
1fef5c9b5a
roles/common: Add sshd_config for Debian 9 (stretch)
...
Taken from base install and diffed against the current Ubuntu 16.04
and Debian 8 config templates.
2017-01-30 14:56:27 +02:00
Alan Orth
9ca685a6af
roles/common: Adjust allowed user logic for Ubuntu 16.04 sshd_config
2017-01-30 12:54:35 +02:00
Alan Orth
50536af990
Use Ansible's version_compare instead of doing math on strings
...
I'm surprised this worked all these years actually. Since Ansible
version 1.6 it has been possible to use the version_compare filter
instead of doing math logic on strings.
See: https://docs.ansible.com/ansible/playbooks_tests.html
2016-12-20 15:04:47 +02:00
Alan Orth
75ef77e3cc
roles/common: Don't set up apt sources on arm
...
The package archives appear to be different for some reason.
2016-09-29 16:47:44 +03:00
Alan Orth
5f656285c0
roles/common: Add a dedicated playbook for ntp tasks
...
Hosts with systemd should use its NTP client and explicitly remove
the `ntp` packages. Hosts with older init systems should use `ntp`.
2016-08-25 14:19:51 +03:00
Alan Orth
8851f8f631
Revert "Only update packages indexes if the cache is 1 hour old"
...
This reverts commit 201165cff6
2016-08-25 12:58:15 +03:00
Alan Orth
da6d1e05b9
roles/common: Don't use ansible facts when we don't need to
...
No use testing the distro version only to use an ansible fact to
find the correct template.
2016-08-24 10:11:13 +03:00
Alan Orth
861b5c5413
roles/common: Remove old comment from main playbook
2016-08-22 16:35:02 +03:00
Alan Orth
6c6ff1b112
roles/common: Use ansible facts to reduce includes
2016-08-22 16:34:05 +03:00
Alan Orth