From 821cc704535e7fb9a2aaafc5692ad68e38308786 Mon Sep 17 00:00:00 2001 From: Oleg Broytman Date: Mon, 2 Sep 2019 19:44:50 +0300 Subject: [PATCH] Feat: Combine Debian/RedHat playbooks and roles --- playbooks/debian/init-system.sh | 2 +- playbooks/debian/roles/init-system/README.txt | 1 - .../debian/roles/init-system/tasks/main.yml | 5 -- .../debian/roles/init-system2/README.txt | 1 - playbooks/debian/roles/packages/README.txt | 1 - playbooks/debian/roles/phd/defaults/main.yml | 1 - playbooks/init-system.yml | 2 +- playbooks/{debian => }/init-system2.yml | 3 +- playbooks/redhat/init-system.sh | 4 +- playbooks/redhat/init-system.yml | 6 --- playbooks/redhat/init-system2.yml | 9 ---- .../redhat/roles/dev-packages/README.txt | 1 - .../redhat/roles/dev-packages/tasks/main.yml | 10 ---- playbooks/redhat/roles/init-system/README.txt | 1 - .../redhat/roles/init-system/tasks/main.yml | 2 - .../redhat/roles/init-system2/README.txt | 1 - .../redhat/roles/init-system2/tasks/main.yml | 25 ---------- playbooks/redhat/roles/logcheck/README.txt | 1 - .../redhat/roles/logcheck/files/.gitignore | 1 - .../logcheck/files/ignore.d/local-bluetooth | 1 - .../files/ignore.d/local-console-kit-daemon | 2 - .../roles/logcheck/files/ignore.d/local-dbus | 3 -- .../logcheck/files/ignore.d/local-firefox | 1 - .../logcheck/files/ignore.d/local-kernel | 6 --- .../logcheck/files/ignore.d/local-minidsspd | 1 - .../roles/logcheck/files/ignore.d/local-named | 6 --- .../roles/logcheck/files/ignore.d/local-pa | 3 -- .../logcheck/files/ignore.d/local-postgres | 1 - .../logcheck/files/ignore.d/local-rsyslog | 2 - .../logcheck/files/ignore.d/local-runuser | 1 - .../roles/logcheck/files/ignore.d/local-samba | 2 - .../files/ignore.d/local-spamassassin | 4 -- .../roles/logcheck/files/ignore.d/local-ssh | 18 ------- .../files/ignore.d/local-transmission | 1 - .../redhat/roles/logcheck/tasks/main.yml | 25 ---------- playbooks/redhat/roles/packages/README.txt | 1 - .../redhat/roles/packages/tasks/main.yml | 8 --- playbooks/redhat/roles/phd/README.txt | 2 - playbooks/redhat/roles/phd/defaults/main.yml | 1 - playbooks/redhat/roles/phd/meta/main.yml | 1 - playbooks/redhat/roles/phd/tasks/main.yml | 50 ------------------- .../roles/python-dev-packages/README.txt | 1 - .../roles/python-dev-packages/meta/main.yml | 1 - .../roles/python-dev-packages/tasks/main.yml | 11 ---- .../redhat/roles/python-packages/README.txt | 1 - .../roles/python-packages/tasks/main.yml | 18 ------- .../redhat/roles/remove-systemd/README.txt | 1 + playbooks/redhat/roles/sudo/README.txt | 1 - playbooks/redhat/roles/sudo/meta/main.yml | 1 - playbooks/redhat/roles/sudo/tasks/main.yml | 8 --- playbooks/redhat/update-root.yml | 42 ---------------- .../roles/dev-packages/README.txt | 0 .../roles/dev-packages/tasks/main.yml | 13 +++++ playbooks/roles/init-system/README.txt | 2 + .../roles/init-system/tasks/apt.yml | 0 .../roles/init-system/tasks/dnf.yml | 0 .../roles/init-system/tasks/locales.yml | 0 playbooks/roles/init-system/tasks/main.yml | 11 ++++ .../roles/init-system/templates/sources.list | 0 playbooks/roles/init-system2/README.txt | 1 + .../roles/init-system2/tasks/main.yml | 9 ++-- .../{debian => }/roles/logcheck/README.txt | 0 .../roles/logcheck/files/.gitignore | 0 .../logcheck/files/ignore.d/local-bluetooth | 0 .../files/ignore.d/local-console-kit-daemon | 0 .../roles/logcheck/files/ignore.d/local-dbus | 0 .../logcheck/files/ignore.d/local-firefox | 0 .../logcheck/files/ignore.d/local-kernel | 0 .../logcheck/files/ignore.d/local-minidsspd | 0 .../roles/logcheck/files/ignore.d/local-named | 0 .../roles/logcheck/files/ignore.d/local-pa | 0 .../logcheck/files/ignore.d/local-postgres | 0 .../logcheck/files/ignore.d/local-rsyslog | 0 .../logcheck/files/ignore.d/local-runuser | 0 .../roles/logcheck/files/ignore.d/local-samba | 0 .../files/ignore.d/local-spamassassin | 0 .../roles/logcheck/files/ignore.d/local-ssh | 0 .../files/ignore.d/local-transmission | 0 .../roles/logcheck/tasks/main.yml | 9 ++++ playbooks/roles/packages/README.txt | 1 + .../roles/packages/tasks/main.yml | 11 ++++ playbooks/{debian => }/roles/phd/README.txt | 0 playbooks/roles/phd/defaults/main.yml | 1 + .../{debian => }/roles/phd/meta/main.yml | 0 .../{debian => }/roles/phd/tasks/main.yml | 9 ++++ .../roles/python-dev-packages/README.txt | 0 .../roles/python-dev-packages/meta/main.yml | 0 .../roles/python-dev-packages/tasks/main.yml | 15 ++++++ .../roles/python-packages/README.txt | 0 .../roles/python-packages/tasks/main.yml | 13 +++++ playbooks/{debian => }/roles/sudo/README.txt | 0 .../{debian => }/roles/sudo/meta/main.yml | 0 .../{debian => }/roles/sudo/tasks/main.yml | 4 +- 93 files changed, 102 insertions(+), 299 deletions(-) delete mode 100644 playbooks/debian/roles/init-system/README.txt delete mode 100644 playbooks/debian/roles/init-system/tasks/main.yml delete mode 100644 playbooks/debian/roles/init-system2/README.txt delete mode 100644 playbooks/debian/roles/packages/README.txt delete mode 100644 playbooks/debian/roles/phd/defaults/main.yml rename playbooks/{debian => }/init-system2.yml (70%) delete mode 100644 playbooks/redhat/init-system.yml delete mode 100644 playbooks/redhat/init-system2.yml delete mode 100644 playbooks/redhat/roles/dev-packages/README.txt delete mode 100644 playbooks/redhat/roles/dev-packages/tasks/main.yml delete mode 100644 playbooks/redhat/roles/init-system/README.txt delete mode 100644 playbooks/redhat/roles/init-system/tasks/main.yml delete mode 100644 playbooks/redhat/roles/init-system2/README.txt delete mode 100644 playbooks/redhat/roles/init-system2/tasks/main.yml delete mode 100644 playbooks/redhat/roles/logcheck/README.txt delete mode 100644 playbooks/redhat/roles/logcheck/files/.gitignore delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-bluetooth delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-console-kit-daemon delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-dbus delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-firefox delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-kernel delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-minidsspd delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-named delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-pa delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-postgres delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-rsyslog delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-runuser delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-samba delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-spamassassin delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-ssh delete mode 100644 playbooks/redhat/roles/logcheck/files/ignore.d/local-transmission delete mode 100644 playbooks/redhat/roles/logcheck/tasks/main.yml delete mode 100644 playbooks/redhat/roles/packages/README.txt delete mode 100644 playbooks/redhat/roles/packages/tasks/main.yml delete mode 100644 playbooks/redhat/roles/phd/README.txt delete mode 100644 playbooks/redhat/roles/phd/defaults/main.yml delete mode 100644 playbooks/redhat/roles/phd/meta/main.yml delete mode 100644 playbooks/redhat/roles/phd/tasks/main.yml delete mode 100644 playbooks/redhat/roles/python-dev-packages/README.txt delete mode 100644 playbooks/redhat/roles/python-dev-packages/meta/main.yml delete mode 100644 playbooks/redhat/roles/python-dev-packages/tasks/main.yml delete mode 100644 playbooks/redhat/roles/python-packages/README.txt delete mode 100644 playbooks/redhat/roles/python-packages/tasks/main.yml create mode 100644 playbooks/redhat/roles/remove-systemd/README.txt delete mode 100644 playbooks/redhat/roles/sudo/README.txt delete mode 100644 playbooks/redhat/roles/sudo/meta/main.yml delete mode 100644 playbooks/redhat/roles/sudo/tasks/main.yml delete mode 100644 playbooks/redhat/update-root.yml rename playbooks/{debian => }/roles/dev-packages/README.txt (100%) rename playbooks/{debian => }/roles/dev-packages/tasks/main.yml (58%) create mode 100644 playbooks/roles/init-system/README.txt rename playbooks/{debian => }/roles/init-system/tasks/apt.yml (100%) rename playbooks/{redhat => }/roles/init-system/tasks/dnf.yml (100%) rename playbooks/{debian => }/roles/init-system/tasks/locales.yml (100%) create mode 100644 playbooks/roles/init-system/tasks/main.yml rename playbooks/{debian => }/roles/init-system/templates/sources.list (100%) create mode 100644 playbooks/roles/init-system2/README.txt rename playbooks/{debian => }/roles/init-system2/tasks/main.yml (57%) rename playbooks/{debian => }/roles/logcheck/README.txt (100%) rename playbooks/{debian => }/roles/logcheck/files/.gitignore (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-bluetooth (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-console-kit-daemon (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-dbus (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-firefox (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-kernel (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-minidsspd (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-named (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-pa (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-postgres (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-rsyslog (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-runuser (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-samba (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-spamassassin (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-ssh (100%) rename playbooks/{debian => }/roles/logcheck/files/ignore.d/local-transmission (100%) rename playbooks/{debian => }/roles/logcheck/tasks/main.yml (75%) create mode 100644 playbooks/roles/packages/README.txt rename playbooks/{debian => }/roles/packages/tasks/main.yml (51%) rename playbooks/{debian => }/roles/phd/README.txt (100%) create mode 100644 playbooks/roles/phd/defaults/main.yml rename playbooks/{debian => }/roles/phd/meta/main.yml (100%) rename playbooks/{debian => }/roles/phd/tasks/main.yml (85%) rename playbooks/{debian => }/roles/python-dev-packages/README.txt (100%) rename playbooks/{debian => }/roles/python-dev-packages/meta/main.yml (100%) rename playbooks/{debian => }/roles/python-dev-packages/tasks/main.yml (61%) rename playbooks/{debian => }/roles/python-packages/README.txt (100%) rename playbooks/{debian => }/roles/python-packages/tasks/main.yml (63%) rename playbooks/{debian => }/roles/sudo/README.txt (100%) rename playbooks/{debian => }/roles/sudo/meta/main.yml (100%) rename playbooks/{debian => }/roles/sudo/tasks/main.yml (67%) diff --git a/playbooks/debian/init-system.sh b/playbooks/debian/init-system.sh index c44eb83..512ce02 100755 --- a/playbooks/debian/init-system.sh +++ b/playbooks/debian/init-system.sh @@ -16,4 +16,4 @@ export ANSIBLE_ROLES_PATH && # `sudo` isn't configured yet too; use `su` and ask for root password. ansible-playbook ../init-system.yml "$@" -e hosts="$host" \ --become-method=su -K && -exec ansible-playbook init-system2.yml "$@" -e hosts="$host" +exec ansible-playbook ../init-system2.yml "$@" -e hosts="$host" diff --git a/playbooks/debian/roles/init-system/README.txt b/playbooks/debian/roles/init-system/README.txt deleted file mode 100644 index 1f7eced..0000000 --- a/playbooks/debian/roles/init-system/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init new Debian system: configure apt, install minimal list of packages. diff --git a/playbooks/debian/roles/init-system/tasks/main.yml b/playbooks/debian/roles/init-system/tasks/main.yml deleted file mode 100644 index 83104c7..0000000 --- a/playbooks/debian/roles/init-system/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: apt - import_tasks: apt.yml - -- name: locales - import_tasks: locales.yml diff --git a/playbooks/debian/roles/init-system2/README.txt b/playbooks/debian/roles/init-system2/README.txt deleted file mode 100644 index cf6c45b..0000000 --- a/playbooks/debian/roles/init-system2/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init Debian system: phase2 - setup /usr/local. diff --git a/playbooks/debian/roles/packages/README.txt b/playbooks/debian/roles/packages/README.txt deleted file mode 100644 index ef692c4..0000000 --- a/playbooks/debian/roles/packages/README.txt +++ /dev/null @@ -1 +0,0 @@ -Install Debian packages. diff --git a/playbooks/debian/roles/phd/defaults/main.yml b/playbooks/debian/roles/phd/defaults/main.yml deleted file mode 100644 index b9fc971..0000000 --- a/playbooks/debian/roles/phd/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input diff --git a/playbooks/init-system.yml b/playbooks/init-system.yml index e5722c8..1cd6189 100644 --- a/playbooks/init-system.yml +++ b/playbooks/init-system.yml @@ -1,6 +1,6 @@ - name: Setup Linux system hosts: "{{ hosts | default('all') }}" - gather_facts: false + gather_facts: true roles: - sudo - phd diff --git a/playbooks/debian/init-system2.yml b/playbooks/init-system2.yml similarity index 70% rename from playbooks/debian/init-system2.yml rename to playbooks/init-system2.yml index 0a02e31..a574db1 100644 --- a/playbooks/debian/init-system2.yml +++ b/playbooks/init-system2.yml @@ -3,7 +3,8 @@ gather_facts: true roles: - init-system2 - - remove-systemd + - role: remove-systemd + when: ansible_facts.os_family == 'Debian' - root - firewall - logcheck diff --git a/playbooks/redhat/init-system.sh b/playbooks/redhat/init-system.sh index 085eb3a..9236165 100755 --- a/playbooks/redhat/init-system.sh +++ b/playbooks/redhat/init-system.sh @@ -14,5 +14,5 @@ export ANSIBLE_ROLES_PATH && # Passwordless access isn't configured yet; use `ssh` connection sharing. # `sudo` isn't configured yet too; ask for phd password. -ansible-playbook init-system.yml "$@" -e hosts="$host" -K && -exec ansible-playbook init-system2.yml "$@" -e hosts="$host" +ansible-playbook ../init-system.yml "$@" -e hosts="$host" -K && +exec ansible-playbook ../init-system2.yml "$@" -e hosts="$host" diff --git a/playbooks/redhat/init-system.yml b/playbooks/redhat/init-system.yml deleted file mode 100644 index b1dbd68..0000000 --- a/playbooks/redhat/init-system.yml +++ /dev/null @@ -1,6 +0,0 @@ -- name: Setup Debain system - hosts: "{{ hosts | default('all') }}" - gather_facts: false - roles: - - sudo - - phd diff --git a/playbooks/redhat/init-system2.yml b/playbooks/redhat/init-system2.yml deleted file mode 100644 index 75dd28a..0000000 --- a/playbooks/redhat/init-system2.yml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Setup Debain system - part 2 - hosts: "{{ hosts | default('all') }}" - gather_facts: true - roles: - - init-system2 - - root - - firewall - - logcheck - - sshd diff --git a/playbooks/redhat/roles/dev-packages/README.txt b/playbooks/redhat/roles/dev-packages/README.txt deleted file mode 100644 index 13d6c5f..0000000 --- a/playbooks/redhat/roles/dev-packages/README.txt +++ /dev/null @@ -1 +0,0 @@ -Install development packages. diff --git a/playbooks/redhat/roles/dev-packages/tasks/main.yml b/playbooks/redhat/roles/dev-packages/tasks/main.yml deleted file mode 100644 index 22fd224..0000000 --- a/playbooks/redhat/roles/dev-packages/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install development packages - become: true - dnf: - name: ['expat', 'gcc', 'gcc-c++', - 'gdbm', 'gdbm-libs', 'git', 'gmp', - 'libffi', 'lzma-sdk', 'make', 'mpdecimal', - 'openssl', 'patch', 'readline', 'sqlite', 'zlib', - ] - state: latest - update_cache: yes diff --git a/playbooks/redhat/roles/init-system/README.txt b/playbooks/redhat/roles/init-system/README.txt deleted file mode 100644 index 60e0fd1..0000000 --- a/playbooks/redhat/roles/init-system/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init new RPM system: configure yum/dnf, install minimal list of packages. diff --git a/playbooks/redhat/roles/init-system/tasks/main.yml b/playbooks/redhat/roles/init-system/tasks/main.yml deleted file mode 100644 index edfcd82..0000000 --- a/playbooks/redhat/roles/init-system/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: packages - import_tasks: dnf.yml diff --git a/playbooks/redhat/roles/init-system2/README.txt b/playbooks/redhat/roles/init-system2/README.txt deleted file mode 100644 index 2b60b3c..0000000 --- a/playbooks/redhat/roles/init-system2/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init RPM system: phase2 - setup /usr/local. diff --git a/playbooks/redhat/roles/init-system2/tasks/main.yml b/playbooks/redhat/roles/init-system2/tasks/main.yml deleted file mode 100644 index 991cf55..0000000 --- a/playbooks/redhat/roles/init-system2/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Setup /usr/local - become: true - file: - path: /usr/local - state: directory - owner: root - group: wheel - recurse: yes - -- name: Setup directories under /usr/local - become: true - command: find /usr/local -type d -exec chown root.wheel {} + -exec chmod ug+rwx,o+rx,g+s {} + - -- name: Setup files under /usr/local - become: true - command: find /usr/local -type f -exec chmod ug+rwX,o+rX {} + - -- name: Setup /usr/local/src - become: true - file: - path: /usr/local/src - state: directory - owner: phd - group: wheel - recurse: yes diff --git a/playbooks/redhat/roles/logcheck/README.txt b/playbooks/redhat/roles/logcheck/README.txt deleted file mode 100644 index 670499d..0000000 --- a/playbooks/redhat/roles/logcheck/README.txt +++ /dev/null @@ -1 +0,0 @@ -Update logcheck ignore patterns. diff --git a/playbooks/redhat/roles/logcheck/files/.gitignore b/playbooks/redhat/roles/logcheck/files/.gitignore deleted file mode 100644 index f8a9fd0..0000000 --- a/playbooks/redhat/roles/logcheck/files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ignore.d/local-dhcpd diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-bluetooth b/playbooks/redhat/roles/logcheck/files/ignore.d/local-bluetooth deleted file mode 100644 index 119a65e..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-bluetooth +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ bluetoothd\[[0-9]+\]: Endpoint (un)?registered: sender=:[0-9.]+ path=/MediaEndpoint/ diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-console-kit-daemon b/playbooks/redhat/roles/logcheck/files/ignore.d/local-console-kit-daemon deleted file mode 100644 index 1169ef9..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-console-kit-daemon +++ /dev/null @@ -1,2 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ console-kit-daemon\[[0-9]+\]: GLib-CRITICAL: Source ID [0-9]+ was not found when attempting to remove it$ - diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-dbus b/playbooks/redhat/roles/logcheck/files/ignore.d/local-dbus deleted file mode 100644 index 7661db8..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-dbus +++ /dev/null @@ -1,3 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus\[[0-9]+\]: \[system\] Activating service name='org\.freedesktop\.UDisks' \(using servicehelper\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dbus\[[0-9]+\]: \[system\] Successfully activated service 'org\.freedesktop\.UDisks'$ - diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-firefox b/playbooks/redhat/roles/logcheck/files/ignore.d/local-firefox deleted file mode 100644 index 620f89a..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-firefox +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ firefox: getaddrinfo\*\.gaih_getanswer: got type "DNAME"$ diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-kernel b/playbooks/redhat/roles/logcheck/files/ignore.d/local-kernel deleted file mode 100644 index d200924..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-kernel +++ /dev/null @@ -1,6 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] CIFS VFS: Server [0-9.]+ has not responded in 120 seconds\. Reconnecting\.\.\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] Peer [0-9.:/]+ unexpectedly shrunk window [0-9]+:[0-9]+ \(repaired\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] TCP: request_sock_TCP: Possible SYN flooding on port [0-9]+\. Sending cookies\. Check SNMP counters\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] ncpfs: ncp_evict_inode: could not close -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] net_ratelimit: [0-9]+ callbacks suppressed$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ 0-9.]+\] perf: interrupt took too long diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-minidsspd b/playbooks/redhat/roles/logcheck/files/ignore.d/local-minidsspd deleted file mode 100644 index 7d22d5d..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-minidsspd +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ minissdpd\[[0-9]+\]: method , don't know what to do diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-named b/playbooks/redhat/roles/logcheck/files/ignore.d/local-named deleted file mode 100644 index 634a8cb..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-named +++ /dev/null @@ -1,6 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: DNS format error from ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} resolving -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5}: message parsing failed -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client ([0-9]{1,3}\.){3}[0-9]{1,3}#[0-9]{1,5} \([._[:alnum:]-]+\): query (\(cache\) )?'.+' denied -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client 192\.168\.3\.20#[0-9]+ \([._[:alnum:]-]+\): error sending response: host unreachable$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: clients-per-query (de|in)creased to -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: skipping nameserver '[A-Za-z0-9._-]+' because it is a CNAME, while resolving diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-pa b/playbooks/redhat/roles/logcheck/files/ignore.d/local-pa deleted file mode 100644 index 679db46..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-pa +++ /dev/null @@ -1,3 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: ALSA woke us up to (read|write) new data (from|to) the device, but there was actually nothing to (read|write)!$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: Most likely this is a bug in the ALSA driver 'snd_hda_intel'\. Please report this issue to the ALSA developers\.$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pulseaudio\[[[:digit:]]+\]: \[alsa-(sink|source)-ALC269VC Analog\] alsa-(sink|source)\.c: We were woken up with POLL(IN|OUT) set -- however a subsequent snd_pcm_avail\(\) returned 0 or another value < min_avail.$ diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-postgres b/playbooks/redhat/roles/logcheck/files/ignore.d/local-postgres deleted file mode 100644 index 2fbc57d..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-postgres +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: \[[ .0-9]{11,13}\] postgres \([0-9]+\): /proc/[0-9]+/oom_adj is deprecated, please use /proc/[0-9]+/oom_score_adj instead\. diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-rsyslog b/playbooks/redhat/roles/logcheck/files/ignore.d/local-rsyslog deleted file mode 100644 index f7be8aa..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-rsyslog +++ /dev/null @@ -1,2 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (liblogging-stdlog|rsyslogd): {1,2}\[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd[0-9-]+: action 'action 17' (suspended|resumed) diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-runuser b/playbooks/redhat/roles/logcheck/files/ignore.d/local-runuser deleted file mode 100644 index b0bb7ad..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-runuser +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ runuser: pam_unix\(runuser:session\): session (opened|closed) for user nobody diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-samba b/playbooks/redhat/roles/logcheck/files/ignore.d/local-samba deleted file mode 100644 index 8c6c053..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-samba +++ /dev/null @@ -1,2 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session opened for user -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd: pam_unix\(samba:session\): session closed for user diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-spamassassin b/playbooks/redhat/roles/logcheck/files/ignore.d/local-spamassassin deleted file mode 100644 index 7101aa0..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-spamassassin +++ /dev/null @@ -1,4 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: dns: new_dns_packet: domain is utf8 flagged: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: adjust: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: handled cleanup of child -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: spamd: result: diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-ssh b/playbooks/redhat/roles/logcheck/files/ignore.d/local-ssh deleted file mode 100644 index ae96ad6..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-ssh +++ /dev/null @@ -1,18 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (error: )?Received disconnect from -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: (packet_write_wait|ssh_dispatch_run_fatal): Connection from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: Broken pipe \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Bad protocol version identification -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection (closed|reset) by ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Did not receive identification string from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnected from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Change of username or service not allowed: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Disconnecting: Too many authentication failures -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for invalid user.+from ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Invalid user.+from ([0-9]{1,3}\.){3}[0-9]{1,3} -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: PAM service\(sshd\) ignoring max retries -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Unable to negotiate with ([0-9]{1,3}\.){3}[0-9]{1,3} port [0-9]+: no matching (host key type|key exchange method) found\. -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: (Read from socket|Write) failed: Connection reset by peer -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: Unable to negotiate a key exchange method \[preauth\]$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: fatal: no hostkey alg \[preauth\] -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: input_userauth_request: invalid user.+\[preauth\]$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_unix(sshd:auth): bad username - diff --git a/playbooks/redhat/roles/logcheck/files/ignore.d/local-transmission b/playbooks/redhat/roles/logcheck/files/ignore.d/local-transmission deleted file mode 100644 index c75af02..0000000 --- a/playbooks/redhat/roles/logcheck/files/ignore.d/local-transmission +++ /dev/null @@ -1 +0,0 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ transmission-daemon\[[0-9]+\]: UDP Failed to set (send|receive) buffer: diff --git a/playbooks/redhat/roles/logcheck/tasks/main.yml b/playbooks/redhat/roles/logcheck/tasks/main.yml deleted file mode 100644 index 727d4ff..0000000 --- a/playbooks/redhat/roles/logcheck/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ -- name: Install logcheck - become: true - dnf: - name: logcheck - state: latest - update_cache: yes - -- name: Configure logcheck - become: true - lineinfile: - path: /etc/logcheck/logcheck.conf - regexp: "^INTRO=0$" - line: "INTRO=0" - insertafter: "^#INTRO=1$" - -- name: Update logcheck ignore patterns - become: true - copy: - src: ignore.d/ - dest: "/etc/logcheck/ignore.d.{{ item }}" - owner: root - group: logcheck - directory_mode: '0750' - mode: 0640 - loop: ['server', 'workstation'] diff --git a/playbooks/redhat/roles/packages/README.txt b/playbooks/redhat/roles/packages/README.txt deleted file mode 100644 index f68b96d..0000000 --- a/playbooks/redhat/roles/packages/README.txt +++ /dev/null @@ -1 +0,0 @@ -Install RPM packages. diff --git a/playbooks/redhat/roles/packages/tasks/main.yml b/playbooks/redhat/roles/packages/tasks/main.yml deleted file mode 100644 index af8cc80..0000000 --- a/playbooks/redhat/roles/packages/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Install software packages - become: true - dnf: - name: ['adjtimex', 'arj', 'mailx', 'elinks', 'fetchmail', 'links', - 'lzip', 'lzma', 'lzop', 'p7zip', 'xz', - ] - state: latest - update_cache: yes diff --git a/playbooks/redhat/roles/phd/README.txt b/playbooks/redhat/roles/phd/README.txt deleted file mode 100644 index 84c7fa3..0000000 --- a/playbooks/redhat/roles/phd/README.txt +++ /dev/null @@ -1,2 +0,0 @@ -Init remote user phd: create system and user groups, create the user, -upload SSH public key. diff --git a/playbooks/redhat/roles/phd/defaults/main.yml b/playbooks/redhat/roles/phd/defaults/main.yml deleted file mode 100644 index 1e4d321..0000000 --- a/playbooks/redhat/roles/phd/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ -system_groups: root,wheel,adm,disk,cdrom,floppy,audio,video,users,mail,input diff --git a/playbooks/redhat/roles/phd/meta/main.yml b/playbooks/redhat/roles/phd/meta/main.yml deleted file mode 100644 index 8f82bb2..0000000 --- a/playbooks/redhat/roles/phd/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: ['init-system'] diff --git a/playbooks/redhat/roles/phd/tasks/main.yml b/playbooks/redhat/roles/phd/tasks/main.yml deleted file mode 100644 index 8ed988b..0000000 --- a/playbooks/redhat/roles/phd/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ -- name: Test if user phd already exists - stat: - path: "{{ item }}" - register: phd_exists - changed_when: not phd_exists.stat.exists - loop: ['~/.profile', '~/.shellrc'] - -- debug: - msg: "User phd has already been created" - when: phd_exists.results|selectattr('stat.exists')|list|length == 2 - -- name: Create and setup user phd - block: - - name: Create system groups - become: true - group: - name: "{{ item }}" - system: true - loop: "{{ system_groups.split(',') }}" - - - name: Create group phd - become: true - group: - name: phd - - - name: Add user phd - become: true - user: - name: phd - group: phd - groups: "{{ system_groups }}" - - - name: Remove mc directories - file: - path: "{{ item }}" - state: absent - loop: ['~/.cache/mc', '~/.config/mc', '~/.local/share/mc'] - - - name: Upload and extract home archive - unarchive: - src: ~/archive/STORE/phd/Home/phd.tar.bz2 - dest: /home - when: phd_exists.results|selectattr('stat.exists')|list|length != 2 - -- name: Add alias - become: true - lineinfile: - path: /etc/aliases - regexp: "^root: phd$" - line: "root: phd" diff --git a/playbooks/redhat/roles/python-dev-packages/README.txt b/playbooks/redhat/roles/python-dev-packages/README.txt deleted file mode 100644 index 13d6c5f..0000000 --- a/playbooks/redhat/roles/python-dev-packages/README.txt +++ /dev/null @@ -1 +0,0 @@ -Install development packages. diff --git a/playbooks/redhat/roles/python-dev-packages/meta/main.yml b/playbooks/redhat/roles/python-dev-packages/meta/main.yml deleted file mode 100644 index 4f10846..0000000 --- a/playbooks/redhat/roles/python-dev-packages/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: ['dev-packages', 'python-packages'] diff --git a/playbooks/redhat/roles/python-dev-packages/tasks/main.yml b/playbooks/redhat/roles/python-dev-packages/tasks/main.yml deleted file mode 100644 index f5e04e9..0000000 --- a/playbooks/redhat/roles/python-dev-packages/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -- name: Install development packages - become: true - dnf: - name: ['bzip2-devel', 'expat-devel', 'gdbm-devel', 'gmp-devel', - 'libffi-devel', 'lzma-sdk-devel', 'mpdecimal-devel', - 'ncurses-devel', 'ncurses-libs', 'openssl-devel', 'openssl-libs', - 'python2-devel', 'python3-devel', 'readline-devel', 'sqlite-devel', - 'xz-devel', 'xz-libs', 'zlib-devel', - ] - state: latest - update_cache: yes diff --git a/playbooks/redhat/roles/python-packages/README.txt b/playbooks/redhat/roles/python-packages/README.txt deleted file mode 100644 index f766e45..0000000 --- a/playbooks/redhat/roles/python-packages/README.txt +++ /dev/null @@ -1 +0,0 @@ -Install Python packages. diff --git a/playbooks/redhat/roles/python-packages/tasks/main.yml b/playbooks/redhat/roles/python-packages/tasks/main.yml deleted file mode 100644 index ef81490..0000000 --- a/playbooks/redhat/roles/python-packages/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -- name: Install Python and packages - become: true - dnf: - name: ['python2', 'python3', 'python2-pip', 'python3-pip', - 'python2-setuptools', 'python3-setuptools', - 'python2-pyOpenSSL', 'python3-pyOpenSSL', - ] - state: latest - update_cache: yes - register: python - -- name: Upgrade Python packages - become: true - shell: 'umask 022; {{ item }} -m pip install --upgrade - "pip < 19.1" setuptools tox virtualenv virtualenvwrapper "wheel < 0.31.1" - flake8 sphinx twine' - when: python.changed - loop: ['python3', 'python2'] diff --git a/playbooks/redhat/roles/remove-systemd/README.txt b/playbooks/redhat/roles/remove-systemd/README.txt new file mode 100644 index 0000000..601fea6 --- /dev/null +++ b/playbooks/redhat/roles/remove-systemd/README.txt @@ -0,0 +1 @@ +Empty "role" to satisfy `init-system2`. diff --git a/playbooks/redhat/roles/sudo/README.txt b/playbooks/redhat/roles/sudo/README.txt deleted file mode 100644 index 9d2929b..0000000 --- a/playbooks/redhat/roles/sudo/README.txt +++ /dev/null @@ -1 +0,0 @@ -Init sudo: install sudo, add user phd, allow passwordless operations. diff --git a/playbooks/redhat/roles/sudo/meta/main.yml b/playbooks/redhat/roles/sudo/meta/main.yml deleted file mode 100644 index 8f82bb2..0000000 --- a/playbooks/redhat/roles/sudo/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -dependencies: ['init-system'] diff --git a/playbooks/redhat/roles/sudo/tasks/main.yml b/playbooks/redhat/roles/sudo/tasks/main.yml deleted file mode 100644 index 469b9ae..0000000 --- a/playbooks/redhat/roles/sudo/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -- name: Allow passwordless operations for phd - become: true - copy: - content: 'phd ALL=(ALL:ALL) NOPASSWD: ALL' - dest: /etc/sudoers.d/phd - owner: root - group: root - mode: 0640 diff --git a/playbooks/redhat/update-root.yml b/playbooks/redhat/update-root.yml deleted file mode 100644 index 1deda04..0000000 --- a/playbooks/redhat/update-root.yml +++ /dev/null @@ -1,42 +0,0 @@ -- name: "Update ~root from ~phd" - hosts: "{{ hosts | default('all') }}" - become: yes - gather_facts: false - tasks: - - name: "Update ~root - sync directories from ~phd" - synchronize: - src: "~phd/{{ item }}" - dest: ~root - archive: no # avoid setting owner/group - recursive: yes - links: yes - times: yes - delegate_to: "{{ inventory_hostname }}" - loop: ['.vim', 'bin', 'lib'] - - - name: "Update ~root - sync files from ~phd" - copy: - src: "~phd/{{ item }}" - remote_src: yes - dest: ~root - owner: root - group: root - mode: "0600" - force: no - loop: ['.bashrc', 'admin/home/root/.profile', - '.bash_logout', '.inputrc', '.less', '.lesskey', - '.screenrc', '.shellrc', '.tmux.conf', '.vimrc', - ] - - - name: "Update root mc - overwrite files from ~phd/admin" - become: true - copy: - src: "~phd/admin/home/root/.mc/{{ item }}" - remote_src: yes - dest: ~root/.mc - owner: root - group: root - mode: "0600" - force: no - loop: ['hotlist', 'ini', 'panels.ini'] - diff --git a/playbooks/debian/roles/dev-packages/README.txt b/playbooks/roles/dev-packages/README.txt similarity index 100% rename from playbooks/debian/roles/dev-packages/README.txt rename to playbooks/roles/dev-packages/README.txt diff --git a/playbooks/debian/roles/dev-packages/tasks/main.yml b/playbooks/roles/dev-packages/tasks/main.yml similarity index 58% rename from playbooks/debian/roles/dev-packages/tasks/main.yml rename to playbooks/roles/dev-packages/tasks/main.yml index 5d733bc..076a1c4 100644 --- a/playbooks/debian/roles/dev-packages/tasks/main.yml +++ b/playbooks/roles/dev-packages/tasks/main.yml @@ -14,3 +14,16 @@ ] state: latest update_cache: yes + when: ansible_facts.os_family == 'Debian' + +- name: Install development packages + become: true + dnf: + name: ['expat', 'gcc', 'gcc-c++', + 'gdbm', 'gdbm-libs', 'git', 'gmp', + 'libffi', 'lzma-sdk', 'make', 'mpdecimal', + 'openssl', 'patch', 'readline', 'sqlite', 'zlib', + ] + state: latest + update_cache: yes + when: ansible_facts.os_family == 'RedHat' diff --git a/playbooks/roles/init-system/README.txt b/playbooks/roles/init-system/README.txt new file mode 100644 index 0000000..6f90ed9 --- /dev/null +++ b/playbooks/roles/init-system/README.txt @@ -0,0 +1,2 @@ +Init new Linux system: configure package manager, +install minimal list of packages. diff --git a/playbooks/debian/roles/init-system/tasks/apt.yml b/playbooks/roles/init-system/tasks/apt.yml similarity index 100% rename from playbooks/debian/roles/init-system/tasks/apt.yml rename to playbooks/roles/init-system/tasks/apt.yml diff --git a/playbooks/redhat/roles/init-system/tasks/dnf.yml b/playbooks/roles/init-system/tasks/dnf.yml similarity index 100% rename from playbooks/redhat/roles/init-system/tasks/dnf.yml rename to playbooks/roles/init-system/tasks/dnf.yml diff --git a/playbooks/debian/roles/init-system/tasks/locales.yml b/playbooks/roles/init-system/tasks/locales.yml similarity index 100% rename from playbooks/debian/roles/init-system/tasks/locales.yml rename to playbooks/roles/init-system/tasks/locales.yml diff --git a/playbooks/roles/init-system/tasks/main.yml b/playbooks/roles/init-system/tasks/main.yml new file mode 100644 index 0000000..dccb754 --- /dev/null +++ b/playbooks/roles/init-system/tasks/main.yml @@ -0,0 +1,11 @@ +- name: apt + import_tasks: apt.yml + when: ansible_facts.os_family == 'Debian' + +- name: locales + import_tasks: locales.yml + when: ansible_facts.os_family == 'Debian' + +- name: packages + import_tasks: dnf.yml + when: ansible_facts.os_family == 'RedHat' diff --git a/playbooks/debian/roles/init-system/templates/sources.list b/playbooks/roles/init-system/templates/sources.list similarity index 100% rename from playbooks/debian/roles/init-system/templates/sources.list rename to playbooks/roles/init-system/templates/sources.list diff --git a/playbooks/roles/init-system2/README.txt b/playbooks/roles/init-system2/README.txt new file mode 100644 index 0000000..fc8e94e --- /dev/null +++ b/playbooks/roles/init-system2/README.txt @@ -0,0 +1 @@ +Init Linux system: phase2 - setup /usr/local. diff --git a/playbooks/debian/roles/init-system2/tasks/main.yml b/playbooks/roles/init-system2/tasks/main.yml similarity index 57% rename from playbooks/debian/roles/init-system2/tasks/main.yml rename to playbooks/roles/init-system2/tasks/main.yml index 48897d9..c2e4a87 100644 --- a/playbooks/debian/roles/init-system2/tasks/main.yml +++ b/playbooks/roles/init-system2/tasks/main.yml @@ -1,15 +1,18 @@ +- set_fact: + system_group: "{% if ansible_facts.os_family == 'Debian' %}staff{% elif ansible_facts.os_family == 'RedHat' %}wheel{% endif %}" + - name: Setup /usr/local become: true file: path: /usr/local state: directory owner: root - group: staff + group: "{{ system_group }}" recurse: yes - name: Setup directories under /usr/local become: true - command: find /usr/local -type d -exec chown root.staff {} + -exec chmod ug+rwx,o+rx,g+s {} + + command: "find /usr/local -type d -exec chown root.{{ system_group }} {} + -exec chmod ug+rwx,o+rx,g+s {} +" - name: Setup files under /usr/local become: true @@ -21,5 +24,5 @@ path: /usr/local/src state: directory owner: phd - group: staff + group: "{{ system_group }}" recurse: yes diff --git a/playbooks/debian/roles/logcheck/README.txt b/playbooks/roles/logcheck/README.txt similarity index 100% rename from playbooks/debian/roles/logcheck/README.txt rename to playbooks/roles/logcheck/README.txt diff --git a/playbooks/debian/roles/logcheck/files/.gitignore b/playbooks/roles/logcheck/files/.gitignore similarity index 100% rename from playbooks/debian/roles/logcheck/files/.gitignore rename to playbooks/roles/logcheck/files/.gitignore diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-bluetooth b/playbooks/roles/logcheck/files/ignore.d/local-bluetooth similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-bluetooth rename to playbooks/roles/logcheck/files/ignore.d/local-bluetooth diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-console-kit-daemon b/playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-console-kit-daemon rename to playbooks/roles/logcheck/files/ignore.d/local-console-kit-daemon diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-dbus b/playbooks/roles/logcheck/files/ignore.d/local-dbus similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-dbus rename to playbooks/roles/logcheck/files/ignore.d/local-dbus diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-firefox b/playbooks/roles/logcheck/files/ignore.d/local-firefox similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-firefox rename to playbooks/roles/logcheck/files/ignore.d/local-firefox diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-kernel b/playbooks/roles/logcheck/files/ignore.d/local-kernel similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-kernel rename to playbooks/roles/logcheck/files/ignore.d/local-kernel diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-minidsspd b/playbooks/roles/logcheck/files/ignore.d/local-minidsspd similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-minidsspd rename to playbooks/roles/logcheck/files/ignore.d/local-minidsspd diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-named b/playbooks/roles/logcheck/files/ignore.d/local-named similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-named rename to playbooks/roles/logcheck/files/ignore.d/local-named diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-pa b/playbooks/roles/logcheck/files/ignore.d/local-pa similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-pa rename to playbooks/roles/logcheck/files/ignore.d/local-pa diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-postgres b/playbooks/roles/logcheck/files/ignore.d/local-postgres similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-postgres rename to playbooks/roles/logcheck/files/ignore.d/local-postgres diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-rsyslog b/playbooks/roles/logcheck/files/ignore.d/local-rsyslog similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-rsyslog rename to playbooks/roles/logcheck/files/ignore.d/local-rsyslog diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-runuser b/playbooks/roles/logcheck/files/ignore.d/local-runuser similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-runuser rename to playbooks/roles/logcheck/files/ignore.d/local-runuser diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-samba b/playbooks/roles/logcheck/files/ignore.d/local-samba similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-samba rename to playbooks/roles/logcheck/files/ignore.d/local-samba diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-spamassassin b/playbooks/roles/logcheck/files/ignore.d/local-spamassassin similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-spamassassin rename to playbooks/roles/logcheck/files/ignore.d/local-spamassassin diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-ssh b/playbooks/roles/logcheck/files/ignore.d/local-ssh similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-ssh rename to playbooks/roles/logcheck/files/ignore.d/local-ssh diff --git a/playbooks/debian/roles/logcheck/files/ignore.d/local-transmission b/playbooks/roles/logcheck/files/ignore.d/local-transmission similarity index 100% rename from playbooks/debian/roles/logcheck/files/ignore.d/local-transmission rename to playbooks/roles/logcheck/files/ignore.d/local-transmission diff --git a/playbooks/debian/roles/logcheck/tasks/main.yml b/playbooks/roles/logcheck/tasks/main.yml similarity index 75% rename from playbooks/debian/roles/logcheck/tasks/main.yml rename to playbooks/roles/logcheck/tasks/main.yml index fa8c6d4..a303e5a 100644 --- a/playbooks/debian/roles/logcheck/tasks/main.yml +++ b/playbooks/roles/logcheck/tasks/main.yml @@ -8,6 +8,15 @@ name: logcheck state: latest update_cache: yes + when: ansible_facts.os_family == 'Debian' + +- name: Install logcheck + become: true + dnf: + name: logcheck + state: latest + update_cache: yes + when: ansible_facts.os_family == 'RedHat' - name: Configure logcheck become: true diff --git a/playbooks/roles/packages/README.txt b/playbooks/roles/packages/README.txt new file mode 100644 index 0000000..428d6ad --- /dev/null +++ b/playbooks/roles/packages/README.txt @@ -0,0 +1 @@ +Install more packages. diff --git a/playbooks/debian/roles/packages/tasks/main.yml b/playbooks/roles/packages/tasks/main.yml similarity index 51% rename from playbooks/debian/roles/packages/tasks/main.yml rename to playbooks/roles/packages/tasks/main.yml index 5d3aeb1..bcc6668 100644 --- a/playbooks/debian/roles/packages/tasks/main.yml +++ b/playbooks/roles/packages/tasks/main.yml @@ -10,3 +10,14 @@ ] state: latest update_cache: yes + when: ansible_facts.os_family == 'Debian' + +- name: Install software packages + become: true + dnf: + name: ['adjtimex', 'arj', 'mailx', 'elinks', 'fetchmail', 'links', + 'lzip', 'lzma', 'lzop', 'p7zip', 'xz', + ] + state: latest + update_cache: yes + when: ansible_facts.os_family == 'RedHat' diff --git a/playbooks/debian/roles/phd/README.txt b/playbooks/roles/phd/README.txt similarity index 100% rename from playbooks/debian/roles/phd/README.txt rename to playbooks/roles/phd/README.txt diff --git a/playbooks/roles/phd/defaults/main.yml b/playbooks/roles/phd/defaults/main.yml new file mode 100644 index 0000000..a22565c --- /dev/null +++ b/playbooks/roles/phd/defaults/main.yml @@ -0,0 +1 @@ +system_groups: "{% if ansible_facts.os_family == 'Debian' %}root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input{% elif ansible_facts.os_family == 'RedHat' %}root,wheel,adm,disk,cdrom,floppy,audio,video,users,mail,input{% endif %}" diff --git a/playbooks/debian/roles/phd/meta/main.yml b/playbooks/roles/phd/meta/main.yml similarity index 100% rename from playbooks/debian/roles/phd/meta/main.yml rename to playbooks/roles/phd/meta/main.yml diff --git a/playbooks/debian/roles/phd/tasks/main.yml b/playbooks/roles/phd/tasks/main.yml similarity index 85% rename from playbooks/debian/roles/phd/tasks/main.yml rename to playbooks/roles/phd/tasks/main.yml index a26a738..cb36caa 100644 --- a/playbooks/debian/roles/phd/tasks/main.yml +++ b/playbooks/roles/phd/tasks/main.yml @@ -47,4 +47,13 @@ path: /etc/aliases regexp: "^root: phd$" line: "root: phd" + when: ansible_facts.os_family == 'Debian' when: phd_exists.results|selectattr('stat.exists')|list|length != 2 + +- name: Add alias + become: true + lineinfile: + path: /etc/aliases + regexp: "^root: phd$" + line: "root: phd" + when: ansible_facts.os_family == 'RedHat' diff --git a/playbooks/debian/roles/python-dev-packages/README.txt b/playbooks/roles/python-dev-packages/README.txt similarity index 100% rename from playbooks/debian/roles/python-dev-packages/README.txt rename to playbooks/roles/python-dev-packages/README.txt diff --git a/playbooks/debian/roles/python-dev-packages/meta/main.yml b/playbooks/roles/python-dev-packages/meta/main.yml similarity index 100% rename from playbooks/debian/roles/python-dev-packages/meta/main.yml rename to playbooks/roles/python-dev-packages/meta/main.yml diff --git a/playbooks/debian/roles/python-dev-packages/tasks/main.yml b/playbooks/roles/python-dev-packages/tasks/main.yml similarity index 61% rename from playbooks/debian/roles/python-dev-packages/tasks/main.yml rename to playbooks/roles/python-dev-packages/tasks/main.yml index 1c9277f..2c3bae9 100644 --- a/playbooks/debian/roles/python-dev-packages/tasks/main.yml +++ b/playbooks/roles/python-dev-packages/tasks/main.yml @@ -10,6 +10,7 @@ state: latest update_cache: yes when: ansible_facts.distribution_major_version == '9' + when: ansible_facts.os_family == 'Debian' - name: Install development packages become: true @@ -27,3 +28,17 @@ ] state: latest update_cache: yes + when: ansible_facts.os_family == 'Debian' + +- name: Install development packages + become: true + dnf: + name: ['bzip2-devel', 'expat-devel', 'gdbm-devel', 'gmp-devel', + 'libffi-devel', 'lzma-sdk-devel', 'mpdecimal-devel', + 'ncurses-devel', 'ncurses-libs', 'openssl-devel', 'openssl-libs', + 'python2-devel', 'python3-devel', 'readline-devel', 'sqlite-devel', + 'xz-devel', 'xz-libs', 'zlib-devel', + ] + state: latest + update_cache: yes + when: ansible_facts.os_family == 'RedHat' diff --git a/playbooks/debian/roles/python-packages/README.txt b/playbooks/roles/python-packages/README.txt similarity index 100% rename from playbooks/debian/roles/python-packages/README.txt rename to playbooks/roles/python-packages/README.txt diff --git a/playbooks/debian/roles/python-packages/tasks/main.yml b/playbooks/roles/python-packages/tasks/main.yml similarity index 63% rename from playbooks/debian/roles/python-packages/tasks/main.yml rename to playbooks/roles/python-packages/tasks/main.yml index 2509ea1..0abb3a1 100644 --- a/playbooks/debian/roles/python-packages/tasks/main.yml +++ b/playbooks/roles/python-packages/tasks/main.yml @@ -12,6 +12,19 @@ state: latest update_cache: yes register: python + when: ansible_facts.os_family == 'Debian' + +- name: Install Python and packages + become: true + dnf: + name: ['python2', 'python3', 'python2-pip', 'python3-pip', + 'python2-setuptools', 'python3-setuptools', + 'python2-pyOpenSSL', 'python3-pyOpenSSL', + ] + state: latest + update_cache: yes + register: python + when: ansible_facts.os_family == 'RedHat' - name: Upgrade Python packages become: true diff --git a/playbooks/debian/roles/sudo/README.txt b/playbooks/roles/sudo/README.txt similarity index 100% rename from playbooks/debian/roles/sudo/README.txt rename to playbooks/roles/sudo/README.txt diff --git a/playbooks/debian/roles/sudo/meta/main.yml b/playbooks/roles/sudo/meta/main.yml similarity index 100% rename from playbooks/debian/roles/sudo/meta/main.yml rename to playbooks/roles/sudo/meta/main.yml diff --git a/playbooks/debian/roles/sudo/tasks/main.yml b/playbooks/roles/sudo/tasks/main.yml similarity index 67% rename from playbooks/debian/roles/sudo/tasks/main.yml rename to playbooks/roles/sudo/tasks/main.yml index 97b9b2a..0c87707 100644 --- a/playbooks/debian/roles/sudo/tasks/main.yml +++ b/playbooks/roles/sudo/tasks/main.yml @@ -6,6 +6,7 @@ name: sudo state: latest update_cache: yes + when: ansible_facts.os_family == 'Debian' - name: Add user phd to group sudo become: true @@ -13,6 +14,7 @@ name: phd append: yes groups: sudo + when: ansible_facts.os_family == 'Debian' - name: Allow passwordless operations for phd become: true @@ -20,5 +22,5 @@ content: 'phd ALL=(ALL:ALL) NOPASSWD: ALL' dest: /etc/sudoers.d/phd owner: root - group: sudo + group: "{% if ansible_facts.os_family == 'Debian' %}sudo{% elif ansible_facts.os_family == 'RedHat' %}root{% endif %}" mode: 0640 -- 2.39.2