Default framework with packages, firewall, selinux, and services

2021-10-24 22:54:14 -05:00 · 2021-10-24 22:54:14 -05:00 · cd054ce5a0
commit cd054ce5a0
parent 66da6f9302
5 changed files with 184 additions and 6 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,2 +1,27 @@
 ---
-# handlers file for ensure_apache
+# handlers file for ensure_apache
 - name: 'ensure_apache.package_facts'
  ansible.builtin.package_facts:
 - name: 'ensure_apache.service_facts'
  ansible.builtin.service_facts:
 - name: 'ensure_apache.service_reload'
  when:
    - ansible_system == 'Linux'
    - ansible_service_mgr == 'systemd'
    - ensure_apache is defined
  ansible.builtin.systemd:
    daemon_reload: 'yes'
 - name: 'ensure_apache.services'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.service_list is defined
    - ensure_apache.service_list is iterable
    - item.state == 'started'
  ansible.builtin.service:
    enabled: '{{ item.enabled }}'
    name: '{{ item.name }}'
    state: 'restarted'
  loop: '{{ ensure_apache.service_list }}'
  loop_control:
    label: '{{ item.name }} will be restarted'
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,6 +1,6 @@
 galaxy_info:
-  author: your name
+  author: Jason Rothstein
-  description: your role description
+  description: Ensure Apache is installed, running, and functional
  company: your company (optional)
  # If the issue tracker for your role is not on github, uncomment the
@ -14,7 +14,7 @@ galaxy_info:
  # - GPL-3.0-only
  # - Apache-2.0
  # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: LGPL-3.0-or-later
  min_ansible_version: 2.9
@ -50,4 +50,4 @@ galaxy_info:
 dependencies: []
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
-  
+  
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,2 +1,133 @@
 ---
-# tasks file for ensure_apache
+# tasks file for ensure_apache
 - name: 'include variables'
  when:
    - ansible_system == 'Linux'
  include_vars:
    file: '{{ lookup("first_found", findme ) }}'
    name: 'ensure_apache'
  vars:
    findme:
      files:
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_distribution }}-default.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_os_family }}-default.yml'
        - 'default.yml'
      paths:
        - '../vars/'
      errors: 'ignore'
 - name: 'package discovery'
  when:
    - ansible_system == 'Linux'
    - packages is not defined
  ansible.builtin.package_facts:
 - name: 'service discovery'
  when:
    - ansible_system == 'Linux'
    - services is not defined
  ansible.builtin.service_facts:
 - name: 'ensure sysctl'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.sysctl_list is defined
    - ensure_apache.sysctl_list is iterable
  ansible.posix.sysctl:
    name: '{{ item.name }}'
    reload: '{{ item.reload | default(omit) }}'
    state: '{{ item.state }}'
    sysctl_file: '{{ item.sysctl_file | default(omit) }}'
    sysctl_set: '{{ item.sysctl_set | default(omit) }}'
    value: '{{ item.value | default(omit) }}'
  loop: '{{ ensure_apache.sysctl_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.value }}'
 - name: 'ensure packages'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.package_list is defined
    - ensure_apache.package_list is iterable
    - packages[item.name] is not defined
  ansible.builtin.package:
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.package_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
 - name: 'ensure seboolean'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.seboolean_list is defined
    - ensure_apache.seboolean_list is iterable
  ansible.posix.seboolean:
    name: '{{ item.name }}'
    persistent: '{{ item.persistent }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.seboolean_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
 - name: 'ensure configurations'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.template_list is defined
    - ensure_apache.template_list is iterable
  ansible.builtin.template:
    backup: 'no'
    dest: '{{ item.dest }}'
    group: '{{ item.group | default(omit) }}'
    mode: '{{ item.mode | default(omit) }}'
    owner: '{{ item.owner | default(omit) }}'
    selevel: '{{ iteml.selevel | default(omit) }}'
    serole: '{{ item.serole | default(omit) }}'
    setype: '{{ item.setype | default(omit) }}'
    seuser: '{{ item.seuser | default(omit) }}'
    src: '{{ item.src }}'
  loop: '{{ ensure_apache.template_list }}'
  loop_control:
    label: '{{ item.dest }} will be ensured'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
    - 'ensure_apache.service_reload'
    - 'ensure_apache.services'
 - name: 'ensure firewall'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.firewall_list is defined
    - ensure_apache.firewall_list is iterable
  ansible.posix.firewalld:
    permanent: '{{ item.permanent }}'
    service: '{{ item.service }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.firewall_list }}'
  loop_control:
    label: '{{ item.service }} will be {{ item.state }}'
 - name: 'ensure services'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.service_list is defined
    - ensure_apache.service_list is iterable
  ansible.builtin.service:
    enabled: '{{ item.enabled }}'
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.service_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
 - name: 'flush handlers'
  meta: 'flush_handlers'
--- a/vars/Fedora-34-default.yml
+++ b/vars/Fedora-34-default.yml
@ -0,0 +1,20 @@
 ---
 # vars file for ensure_apache
 package_list:
  - name: 'httpd'
    state: 'present'
 firewall_list:
  - permanent: 'yes'
    service: 'http'
    state: 'enabled'
  - permanent: 'yes'
    service: 'https'
    state: 'enabled'
 seboolean_list:
  - name: 'httpd_can_network_connect'
    presistent: 'yes'
    state: 'yes'
 service_list:
  - name: 'httpd.service'
    state: 'started'
    enabled: 'yes'
--- a/vars/default.yml
+++ b/vars/default.yml
@ -0,0 +1,2 @@
 ---
 # vars file for ensure_apache