118 lines
3.7 KiB
YAML
118 lines
3.7 KiB
YAML
---
|
|
# tasks file for ensure_sudo
|
|
- name: 'include vendor / version specific variables'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
include_vars:
|
|
file: '{{ lookup("first_found", findme ) }}'
|
|
name: 'ensure_sudo'
|
|
vars:
|
|
findme:
|
|
files:
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml'
|
|
- '{{ ansible_distribution }}-default.yml'
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml'
|
|
- '{{ ansible_os_family }}-default.yml'
|
|
- 'default.yml'
|
|
paths:
|
|
- '../vars/'
|
|
errors: 'ignore'
|
|
- name: 'package discovery'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- packages is not defined
|
|
ansible.builtin.package_facts:
|
|
- name: 'service discovery'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- services is not defined
|
|
ansible.builtin.service_facts:
|
|
- name: 'ensure packages'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_sudo is defined
|
|
- ensure_sudo.package_list is defined
|
|
- ensure_sudo.package_list is iterable
|
|
ansible.builtin.package:
|
|
name: '{{ item.name }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_sudo.package_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_sudo.package_facts'
|
|
- 'ensure_sudo.service_facts'
|
|
- name: 'ensure services'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_sudo is defined
|
|
- ensure_sudo.service_list is defined
|
|
- ensure_sudo.service_list is iterable
|
|
ansible.builtin.service:
|
|
enabled: '{{ item.enabled }}'
|
|
name: '{{ item.name }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_sudo.service_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_sudo.package_facts'
|
|
- 'ensure_sudo.service_facts'
|
|
- name: 'ensure configurations'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_sudo is defined
|
|
- ensure_sudo.template_list is defined
|
|
- ensure_sudo.template_list is iterable
|
|
ansible.builtin.template:
|
|
backup: 'no'
|
|
dest: '{{ item.dest }}'
|
|
group: '{{ item.group | default(omit) }}'
|
|
mode: '{{ item.mode | default(omit) }}'
|
|
owner: '{{ item.owner | default(omit) }}'
|
|
selevel: '{{ iteml.selevel | default(omit) }}'
|
|
serole: '{{ item.serole | default(omit) }}'
|
|
setype: '{{ item.setype | default(omit) }}'
|
|
seuser: '{{ item.seuser | default(omit) }}'
|
|
src: '{{ item.src }}'
|
|
loop: '{{ ensure_sudo.template_list }}'
|
|
loop_control:
|
|
label: '{{ item.dest }} will be ensured'
|
|
notify:
|
|
- 'ensure_sudo.package_facts'
|
|
- 'ensure_sudo.service_facts'
|
|
- name: 'flush handlers'
|
|
meta: 'flush_handlers'
|
|
- name: 'find directories over {{ sudo_log_retention }} old under /var/log/sudo-io'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_sudo is defined
|
|
- sudo_log_retention is defined
|
|
- sudo_log_retention is regex('^[0-9]*[smhdw]$')
|
|
ansible.builtin.find:
|
|
age: '{{ sudo_log_retention }}'
|
|
file_type: 'directory'
|
|
follow: 'no'
|
|
paths:
|
|
- '/var/log/sudo-io/'
|
|
recurse: 'yes'
|
|
register: 'results'
|
|
- name: 'And drop them'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_sudo is defined
|
|
- sudo_log_retention is defined
|
|
- sudo_log_retention is regex('^[0-9]*[smhdw]$')
|
|
- item.path is regex('^/var/log/sudo-io/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])/([0-9]|[A-Z])([0-9]|[A-Z])$')
|
|
ansible.builtin.file:
|
|
path: '{{ item.path }}'
|
|
state: 'absent'
|
|
loop: '{{ results.files }}'
|
|
loop_control:
|
|
label: '{{ item.path }} to be removed'
|
|
- name: 'flush handlers'
|
|
meta: 'flush_handlers'
|
|
|