ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

get rid of deprecated code.

Browse Source
This commit is contained in:
Christoph
2026-02-01 12:30:58 +01:00
parent 1feef826b7
commit 4e06ed01aa
15 changed files with 162 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/common/tasks/apt.yml
View File

@@ -167,7 +167,7 @@
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}-backports"
default_release: "{{ ansible_facts['distribution_release'] }}-backports"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "9"
@@ -181,7 +181,7 @@
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
default_release: "{{ ansible_facts['distribution_release'] }}"
when:
- ansible_facts['distribution'] == "Debian"
- ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11" or ansible_facts['distribution_major_version'] == "12" or ansible_facts['distribution_major_version'] == "13"
@@ -195,7 +195,7 @@
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
default_release: "{{ ansible_facts['distribution_release'] }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "bionic"
@@ -209,7 +209,7 @@
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
default_release: "{{ ansible_facts['distribution_release'] }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "xenial"
@@ -223,7 +223,7 @@
apt:
name: "{{ microcode_package }}"
state: present
default_release: "{{ ansible_distribution_release }}"
default_release: "{{ ansible_facts['distribution_release'] }}"
when:
- ansible_facts['distribution'] == "Ubuntu"
- ansible_facts['distribution_release'] == "jammy"

8
roles/common/tasks/main.yml
View File

@@ -51,8 +51,8 @@
# yum-initial-install
- import_tasks: yum.yml
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS" or ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS" or ansible_facts.distribution == "Fedora"
tags: yum
@@ -293,14 +293,14 @@
- import_tasks: systemd-services_debian_based_OS.yml
when:
- ansible_os_family == "Debian"
- ansible_facts.os_family == "Debian"
tags:
- services
- import_tasks: systemd-services_redhat_based_OS.yml
when:
- ansible_os_family == "RedHat"
- ansible_facts.os_family == "RedHat"
tags:
- services

4
roles/common/tasks/nfs.yml
View File

@@ -11,7 +11,7 @@
- nfs-kernel-server
state: present
when:
- ansible_os_family == "Debian"
- ansible_facts['os_family'] == "Debian"
- "groups['nfs_server']|string is search(inventory_hostname)"
tags:
- nfs-server
@@ -132,7 +132,7 @@
pkg: nfs-common
state: present
when:
- ansible_os_family == "Debian"
- ansible_facts['os_family'] == "Debian"
- "groups['nfs_client']|string is search(inventory_hostname)"
tags:
- nfs-client

6
roles/common/tasks/ntp.yml
View File

@@ -10,7 +10,7 @@
- ntpsec
state: present
when:
- ansible_os_family == "Debian"
- ansible_facts.os_family == "Debian"
tags:
- ntp-server
@@ -19,7 +19,7 @@
path: /etc/ntpsec/ntp.conf.ORIG
register: etc_ntpsec_conf_ORIG
when:
- ansible_distribution == "Debian"
- ansible_facts.distribution == "Debian"
tags:
- ntp-server
@@ -32,7 +32,7 @@
group: ntpsec
mode: '0755'
when:
- ansible_distribution == "Debian"
- ansible_facts.distribution == "Debian"
- name: (ntp.yml) Backup installation version of file '/etc/ntpsec/ntp.conf'

8
roles/common/tasks/redis-server.yml
View File

@@ -80,8 +80,8 @@
- "'www-data' in my_users"
- "'redis' in my_groups"
vars:
my_users: "{{ getent_passwd.keys()|list }}"
my_groups: "{{ getent_group.keys()|list }}"
my_users: "{{ ansible_facts.getent_passwd.keys()|list }}"
my_groups: "{{ ansible_facts.getent_group.keys()|list }}"
tags:
- redis-server
@@ -94,8 +94,8 @@
- "'webadmin' in my_users"
- "'redis' in my_groups"
vars:
my_users: "{{ getent_passwd.keys()|list }}"
my_groups: "{{ getent_group.keys()|list }}"
my_users: "{{ ansible_facts.getent_passwd.keys()|list }}"
my_groups: "{{ ansible_facts.getent_group.keys()|list }}"
tags:
- redis-server

3
roles/common/tasks/samba-user.yml
View File

@@ -42,7 +42,8 @@
loop_control:
label: '{{ item.name }}'
when:
- item.name not in getent_passwd
- ansible_facts.getent_passwd is defined
- item.name not in ansible_facts.getent_passwd
tags:
- samba-server
- samba-user

4
roles/common/tasks/show.yml
View File

@@ -2,6 +2,6 @@
- name: Show hostname
debug:
msg: "Host: {{ ansible_fqdn | split('.') | first }} FQDN: {{ ansible_fqdn.split('.')[0] }}.{{ ansible_fqdn.split('.')[1] | default('NONE') }}.{{ ansible_fqdn.split('.')[2] | default('NONE') }}"
# msg: "Host: {{ ansible_fqdn | split('.') | first }} FQDN: {{ ansible_fqdn.split('.')[0] | join( '.') }} | {{ join ( ansible_fqdn.split('.')[1] ) }}"
msg: "Host: {{ ansible_facts.fqdn | split('.') | first }} FQDN: {{ ansible_facts.fqdn.split('.')[0] }}.{{ ansible_facts.fqdn.split('.')[1] | default('NONE') }}.{{ ansible_facts.fqdn.split('.')[2] | default('NONE') }}"
# msg: "Host: {{ ansible_facts.fqdn | split('.') | first }} FQDN: {{ ansible_facts.fqdn.split('.')[0] | join( '.') }} | {{ join ( ansible_facts.fqdn.split('.')[1] ) }}"

4
roles/common/tasks/systemd-services_redhat_based_OS.yml
View File

@@ -8,7 +8,7 @@
with_items:
- "{{ redhat_services_active_and_started }}"
when:
- ansible_os_family == "RedHat"
- ansible_facts.os_family == "RedHat"
#- debug: msg="{{ service_exists.results }}"
@@ -23,7 +23,7 @@
label: '{{ item.item }}'
when:
- item.rc == 0
- ansible_os_family == "RedHat"
- ansible_facts.os_family == "RedHat"
#- debug: msg="{{ service_is_enabled.results }}"

2
roles/common/tasks/tor.yml
View File

@@ -6,7 +6,7 @@
- tor
state: present
when:
- ansible_os_family == "Debian"
- ansible_facts.os_family == "Debian"
tags:
- tor-service

64
roles/common/tasks/yum.yml
View File

@@ -7,8 +7,8 @@
update_cache: yes
#cache_valid_time: 3600
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS" or ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS" or ansible_facts.distribution == "Fedora"
tags:
- yum-update
@@ -18,8 +18,8 @@
name: epel-release
state: latest
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
# Its more eficient to in
@@ -28,9 +28,9 @@
name: "{{ yum_base_install_centos_7 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- ansible_facts.distribution_major_version == "7"
tags:
- yum-base-install
@@ -39,9 +39,9 @@
name: "{{ yum_initial_install_centos_7 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- ansible_facts.distribution_major_version == "7"
tags:
- yum-initial-install
@@ -52,9 +52,9 @@
name: "{{ yum_base_install_fedora_38 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_distribution_major_version == "38"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- ansible_facts.distribution_major_version == "38"
tags:
- yum-base-install
@@ -63,9 +63,9 @@
name: "{{ yum_initial_install_fedora_38 }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_distribution_major_version == "38"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- ansible_facts.distribution_major_version == "38"
tags:
- yum-initial-install
@@ -75,8 +75,8 @@
name: "{{ yum_lxc_host_pkgs_centos }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- groups['lxc_host']|string is search(inventory_hostname)
tags:
- yum-lxc-hosts-pkgs
@@ -86,8 +86,8 @@
name: "{{ yum_lxc_host_pkgs_fedora }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- groups['lxc_host']|string is search(inventory_hostname)
tags:
- yum-lxc-hosts-pkgs
@@ -98,8 +98,8 @@
name: "{{ yum_postgresql_pkgs_centos }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
@@ -109,8 +109,8 @@
name: "{{ yum_postgresql_pkgs_fedora }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- install_postgresql_pkgs|bool
tags:
- apt-postgresql-server-pkgs
@@ -121,8 +121,8 @@
name: "{{ yum_compiler_pkgs_centos }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- install_compiler_pkgs|bool
tags:
- yum-compiler-pkgs
@@ -132,8 +132,8 @@
name: "{{ yum_compiler_pkgs_fedora }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- install_compiler_pkgs|bool
tags:
- yum-compiler-pkgs
@@ -143,8 +143,8 @@
name: "{{ yum_webserver_pkgs_centos }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "CentOS"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "CentOS"
- install_webserver_pkgs|bool
tags:
- yum-webserver-pkgs
@@ -154,8 +154,8 @@
name: "{{ yum_webserver_pkgs_fedora }}"
state: "{{ yum_install_state }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution == "Fedora"
- ansible_facts.os_family == "RedHat"
- ansible_facts.distribution == "Fedora"
- install_webserver_pkgs|bool
tags:
- yum-webserver-pkgs

10
roles/common/templates/etc/sudoers.d/50-user.j2
View File

@@ -41,7 +41,7 @@ back {{ item }}
{% endfor -%}
{%- if ansible_virtualization_role == 'host' %}
{%- if ansible_facts['virtualization_role'] == 'host' %}
{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
back {{ item }}
@@ -49,7 +49,7 @@ back {{ item }}
{% endif -%}
{%- if groups['webadmin']|string is search(inventory_hostname) %}
{%- if inventory_hostname in (groups["webadmin"] | default([])) %}
{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
webadmin {{ item }}
@@ -57,7 +57,7 @@ webadmin {{ item }}
{% endif -%}
{%- if groups['postgresql_server']|string is search(inventory_hostname) %}
{%- if inventory_hostname in (groups["postgresql_server"] | default([])) %}
{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
back {{ item }}
@@ -66,7 +66,7 @@ back {{ item }}
{# dns server #}
{%- if groups['dns_server']|string is search(inventory_hostname) %}
{%- if inventory_hostname in (groups["dns_server"] | default([])) %}
{% for item in sudoers_file_dns_server_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
@@ -75,7 +75,7 @@ back {{ item }}
{# postfixadmin rules #}
{%- if groups['mail_server']|string is search(inventory_hostname) %}
{%- if inventory_hostname in (groups["mail_server"] | default([])) %}
{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
{{ item.name }} {{ item.entry }}

98
roles/modify-ipt-server/tasks/ipt-server.yml
View File

@@ -172,8 +172,8 @@
when:
- main_ipv4_exists.stat.exists
- drop_mndp_ipv4_present is changed
notify:
- Restart IPv4 Firewall
# notify:
# - Restart IPv4 Firewall
- name: Check if String 'drop_mndp=..' is present
@@ -246,8 +246,69 @@
when:
- main_ipv6_exists.stat.exists
- drop_mndp_ipv6_present is changed
notify:
- Restart IPv6 Firewall
# notify:
# - Restart IPv6 Firewall
# ---
# Fix section Limit Connections - add limit_new_tcp_connections_per_seconds_ports
# ---
- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv4.conf
register: drop_limit_new_tcp_connections_per_seconds_ports_present
when: main_ipv4_exists.stat.exists
failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (limit_new_tcp_connections_per_seconds_ports)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
block: |
# - limit_new_tcp_connections_per_seconds_ports
# -
# - comma separated list of ports
# -
# - Example:
# - limit_new_tcp_connections_per_seconds_ports="80,443"
# - limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
#
limit_new_tcp_connections_per_seconds_ports=""
marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
when:
- main_ipv4_exists.stat.exists
- drop_limit_new_tcp_connections_per_seconds_ports_present is changed
# notify:
# - Restart IPv4 Firewall
- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv6.conf
register: drop_limit_new_tcp_connections_per_seconds_ports_present
when: main_ipv6_exists.stat.exists
failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (limit_new_tcp_connections_per_seconds_ports)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
block: |
# - limit_new_tcp_connections_per_seconds_ports
# -
# - comma separated list of ports
# -
# - Example:
# - limit_new_tcp_connections_per_seconds_ports="80,443"
# - limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
#
limit_new_tcp_connections_per_seconds_ports=""
marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
when:
- main_ipv6_exists.stat.exists
- drop_limit_new_tcp_connections_per_seconds_ports_present is changed
# notify:
# - Restart IPv6 Firewall
# ===
@@ -318,8 +379,8 @@
when:
- main_ipv4_exists.stat.exists
- per_ip_connection_limit_settings_ipv4_present is changed
notify:
- Restart IPv4 Firewall
# notify:
# - Restart IPv4 Firewall
- name: Check if String 'per_IP_connection_limit=..' is present
@@ -337,8 +398,8 @@
when:
- main_ipv6_exists.stat.exists
- per_ip_connection_limit_settings_ipv6_present is changed
notify:
- Restart IPv6 Firewall
# notify:
# - Restart IPv6 Firewall
@@ -363,7 +424,7 @@
- load_modules_ipv6.conf
- logging_ipv4.conf
- logging_ipv6.conf
- post_decalrations.conf
- post_declarations.conf
register: diff_script_output
- name: Ensure configuration files are latest
@@ -375,13 +436,13 @@
- load_modules_ipv6.conf
- logging_ipv4.conf
- logging_ipv6.conf
- post_decalrations.conf
- post_declarations.conf
when:
- git_firewall_repository is defined and git_firewall_repository|length > 0
- diff_script_output.changed
notify:
- Restart IPv4 Firewall
- Restart IPv6 Firewall
# notify:
# - Restart IPv4 Firewall
# - Restart IPv6 Firewall
@@ -412,9 +473,9 @@
when:
- git_firewall_repository is defined and git_firewall_repository|length > 0
- diff_script_output.changed
notify:
- Restart IPv4 Firewall
- Restart IPv6 Firewall
# notify:
# - Restart IPv4 Firewall
# - Restart IPv6 Firewall
@@ -432,3 +493,8 @@
state: absent
path: /etc/ipt-firewall/ports.conf
- name: Delete file '/etc/ipt-firewall/ports.conf' ..
file:
state: absent
path: /etc/ipt-firewall/post_decalrations.conf