a7eb04a152
Import OS-specific vars from task in common role
...
We stopped being able to do dynamic includes from the playbooks around
Ansible 2.4.0.0 if I recall correctly. Instead we can create a task to
include the variables and make it always run by using the special tag.
For now the Debian and Ubuntu vars files are the same, but I will keep
them separate so that it is more flexible in the future.
2018-04-25 18:04:29 +03:00
f3403cc79a
roles/common: Remove Ubuntu partner repo from apt sources
...
I haven't used this in years, and it looks to only be proprietary things
like Adobe, Skype, etc.
2018-04-25 17:49:38 +03:00
632aa1cf14
Fix a few more Jinja2 filters used as tests
...
I had created these earlier in this branch before rebasing it on top
of the Ansible 2.5.0 readiness branch.
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-05 12:17:26 +03:00
d1ba60e15d
Use version_compare to test for Ubuntu 18.04 "bionic"
...
It just feels more correct, plus I usually forget the release code
name from time to time.
2018-04-05 12:17:26 +03:00
28ba62a8a6
roles/common: Remove sysv-rc-conf from Ubuntu packages
...
I haven't used this in years and it apparently doesn't exist in Ubuntu
18.04 anyways.
2018-04-05 12:17:25 +03:00
c5bebf0336
roles/common: Use Ubuntu 17.10's tarsnap packages on Ubuntu 18.04
...
There are no tarsnap packages for Ubuntu 18.04 "bionic" yet so we
should use Ubuntu 17.10 "artful".
2018-04-05 12:17:25 +03:00
10668ed706
roles/common: Update comment in ntp task
2018-04-05 12:17:25 +03:00
19414041e7
roles/common: Add sshd config for Ubuntu 18.04
...
From the default sshd_config with some cipher settings from the Debian
9 template.
2018-04-05 12:17:25 +03:00
ab2961be61
roles/common: Update Tarsnap GPG key
...
See: https://www.tarsnap.com/pkg-deb.html
2018-04-05 12:17:25 +03:00
57120308dc
Update with_items loops to use new-ish "loop" keyword
...
Ansible 2.4 and 2.5 are moving away from specialized loop functions
and the old syntax will eventually be deprecated and removed. I did
not change the with_fileglob loops because I'm not sure about their
syntax yet.
See: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
2018-04-02 15:52:51 +03:00
d155898bb1
Use new syntax for Jinj2 filters that are used as tests
...
Ansible 2.5.0 uses a new syntax for Jinja2 filters that are used as
tests.
See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-03-21 21:17:21 +02:00
52b4efd3b0
roles/common: Use HTTPS for tarsnap package mirror
2018-03-17 11:51:45 +02:00
948058151a
roles/common: Fix issues raised by ansible-lint
...
[ANSIBLE0010] Package installs should not use latest
2017-12-29 20:11:55 +02:00
92fe57a4da
Revert "Revert "roles/common: Use static imports for tasks""
...
This reverts commit 63c5477f85
.
I'm actually still seeing this problem on Ansible 2.4.0.0 with Python
2.7.14.
2017-11-05 01:51:49 +02:00
36d6360eeb
roles/common: Fix error in conditional
2017-11-05 01:41:38 +02:00
fec081d40a
roles/common: Use deb.debian.org instead of httpredir
...
Seems to be the evolution of httpredir.
2017-11-05 01:31:16 +02:00
55b464e8f7
roles/common: Add apt-transport-https to base packages
...
Allows fetching debian repositories over HTTPS.
2017-11-05 01:29:00 +02:00
547d808aea
roles/common: Remove ansible_os_family checks
...
We're only supporting Debian family now so there's no point to check
this variable now.
2017-11-05 01:19:28 +02:00
5f8820bf9f
roles/common: Remove Ubuntu 14.04 logic
...
We're only supporting Ubuntu 16.04 now.
2017-11-05 01:11:37 +02:00
7fd6127d29
roles/common: Remove check for CentOS in sshd task
...
I'm not supporting CentOS here so we don't need to check this.
2017-11-05 01:01:37 +02:00
f76fc64afa
roles/common: Remove unused sshd_config templates
...
We're not supporting Ubuntu 14.04 or 15.04 anymore so we don't need
these templates.
2017-11-05 00:59:19 +02:00
77a3b1cff7
roles/common: Remove Debian 8 sshd_config template
2017-11-05 00:58:03 +02:00
b0524d2a2e
Remove references to Debian 8
...
I don't need or want to support Debian 8 anymore so I can remove all
references to it in comments and code.
2017-11-05 00:54:53 +02:00
b87f2e2fb0
roles/common: Use command module instead of shell
...
You should only use the "shell" module when you need shell functions
like flow control and redirects. Also, the "command" module is safer
because it is not affected by the user's environment.
2017-11-05 00:49:03 +02:00
b6a54ca4d1
roles/common: Reload firewalld instead of restart
...
There is no need to bounce the service, just reload it.
2017-11-05 00:27:44 +02:00
0a92f3ae8f
roles/common: Use systemd module instead of "service"
...
This was new in Ansible 2.2 but I didn't notice until now. All of our
servers are running distributions with systemd so let's just use this.
2017-11-05 00:27:44 +02:00
7b60e6d24f
Revert "Import OS-specific vars in tasks instead of play"
...
This reverts commit e30e4d4b1e
.
I suspect this was a side effect of using Python 3 rather than an
issue in Ansible 2.4.0.0.
2017-11-04 23:53:38 +02:00
63c5477f85
Revert "roles/common: Use static imports for tasks"
...
This reverts commit 5147f4029b
.
I think this was a side effect of using Python 3, not a regression in
Ansible 2.4.0.0.
2017-11-04 23:53:25 +02:00
620e8258ac
roles/common: Remove duplicate option in sshd_config
2017-11-01 13:22:18 +02:00
5147f4029b
roles/common: Use static imports for tasks
...
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.
In practice this achieves the same function, but without the "magic"
ability to use one task for different operating systems.
2017-11-01 01:25:46 +02:00
e30e4d4b1e
Import OS-specific vars in tasks instead of play
...
Something seems to have happened as of Ansible 2.4.0.0 where this no
longer works. I suspect it is related to the major changes to static
and dynamic imports that landed around this same time.
We make sure that this tasks always runs by using the special tag of
the same name.
2017-11-01 01:21:48 +02:00
15bf4727c1
roles/common: Add names to include tasks
...
I'm not sure why these weren't caught by ansible-lint.
2017-10-03 17:46:55 +03:00
5281d41445
Add names to include tasks
...
Raised by ansible-lint in the following rule:
[ANSIBLE0011] All tasks should be named
2017-10-03 15:03:09 +03:00
ff6253213a
roles/common: Rename "iptables" task to "firewall"
2017-09-26 14:32:21 +03:00
818cbfd533
roles/common: Enable firewalld in Debian 9
2017-09-26 14:30:18 +03:00
58245e3480
roles/common/tasks/main.yml: Remove comment
2017-09-22 15:53:01 +03:00
16a9ebf97f
Adjust playbooks for Ansible 2.4 import changes
...
Ansible 2.4 changes the way includes work. Now you have to use "import"
for playbooks and tasks that are static, and "include" for those that
are dynamic (ie, those that use variables, loops, etc).
See: http://docs.ansible.com/ansible/devel/playbooks_reuse_includes.html
2017-09-21 21:30:47 +03:00
b945240756
roles/common: Harden sshd_config template for Debian 9 and Ubuntu 16.04
...
From: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
2017-06-19 10:13:24 +03:00
4f22052afe
roles/common: Remove duplicate timezone task
...
We set it in the separate ntp.yml playbook now, as there are a few
different systems we cater to (systemd, old ntp, etc).
2017-06-18 09:30:05 +03:00
ffac0b8afd
roles/common: Update apt cache in tarsnap step
...
This fails on clean installs otherwise.
2017-06-18 09:27:53 +03:00
d766c3dbbe
roles/common: Add tasks to install tarsnap
...
Now that Tarsnap has official packages this is one less thing that
needs to be manually installed from source after bringing a machine
up.
See: http://mail.tarsnap.com/tarsnap-announce/msg00037.html
2017-02-07 07:28:35 -08:00
1fef5c9b5a
roles/common: Add sshd_config for Debian 9 (stretch)
...
Taken from base install and diffed against the current Ubuntu 16.04
and Debian 8 config templates.
2017-01-30 14:56:27 +02:00
9ca685a6af
roles/common: Adjust allowed user logic for Ubuntu 16.04 sshd_config
2017-01-30 12:54:35 +02:00
50536af990
Use Ansible's version_compare instead of doing math on strings
...
I'm surprised this worked all these years actually. Since Ansible
version 1.6 it has been possible to use the version_compare filter
instead of doing math logic on strings.
See: https://docs.ansible.com/ansible/playbooks_tests.html
2016-12-20 15:04:47 +02:00
75ef77e3cc
roles/common: Don't set up apt sources on arm
...
The package archives appear to be different for some reason.
2016-09-29 16:47:44 +03:00
5f656285c0
roles/common: Add a dedicated playbook for ntp tasks
...
Hosts with systemd should use its NTP client and explicitly remove
the `ntp` packages. Hosts with older init systems should use `ntp`.
2016-08-25 14:19:51 +03:00
8851f8f631
Revert "Only update packages indexes if the cache is 1 hour old"
...
This reverts commit 201165cff6
.
Turns out this actually breaks initial deployments, because the
cache gets updated in the first task, then you add sources for
nginx and mariadb, but it doesn't update the indexes because the
cache is < 3600 seconds old, so you end up getting the distro's
versions of nginx and mariadb.
2016-08-25 12:58:15 +03:00
da6d1e05b9
roles/common: Don't use ansible facts when we don't need to
...
No use testing the distro version only to use an ansible fact to
find the correct template.
2016-08-24 10:11:13 +03:00
861b5c5413
roles/common: Remove old comment from main playbook
2016-08-22 16:35:02 +03:00
6c6ff1b112
roles/common: Use ansible facts to reduce includes
2016-08-22 16:34:05 +03:00