Merge pull request #676 from holta/2-common

2-common: indentation/syntax per new Ansible docs
2025-03-09 15:40:17 +00:00 · 2018-02-12 21:57:22 -05:00 · 2018-02-12 21:57:22 -05:00 · 50602d30ad
commit 50602d30ad
parent a8eb07efef 144ab33f24
5 changed files with 153 additions and 89 deletions
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@ -1,55 +1,64 @@
- name: Disable firewalld service
-  service: name=firewalld
-           enabled=no
+- name: Disable firewalld service (OS's other than debuntu)
+  service:
+    name: firewalld
+    enabled: no
  when: not is_debuntu

- name: Use larger hammer to disable firewalld (2 symbolic links involved)
+- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
  shell: "systemctl disable firewalld.service"
  when: not is_debuntu

- name: Mask firewalld service
+- name: Mask firewalld service (OS's other than debuntu)
  shell: 'systemctl mask firewalld'
  ignore_errors: yes
  when: not installing and not is_debuntu

- name: Stop firewalld service
-  service: name=firewalld
-           state=stopped
+- name: Stop firewalld service (OS's other than debuntu)
+  service:
+    name: firewalld
+    state: stopped
  ignore_errors: yes
  when: not installing and not is_debuntu

 - name: Remove iptables.service file from /etc
-  file: path=/etc/systemd/system/iptables.service
-        state=absent
+  file:
+    path: /etc/systemd/system/iptables.service
+    state: absent

 - name: Remove iptables-xs.service file from /etc
-  file: path=/etc/systemd/system/iptables-xs.service
-        state=absent
+  file:
+    path: /etc/systemd/system/iptables-xs.service
+    state: absent

- name: Install iptables service package
-  package: name=iptables-persistent
-           state=present
+- name: Install iptables service package (debuntu)
+  package:
+    name: iptables-persistent
+    state: present
  when: is_debuntu
  tags:
    - download

- name: Install iptables service package
-  package: name=iptables-services
-           state=present
+- name: Install iptables service package (OS's other than debuntu)
+  package:
+    name: iptables-services
+    state: present
  when: not is_debuntu
  tags:
    - download

 - name: Install iptables services
-  template: src={{ item.0 }}
-            dest={{ item.1 }}
-            owner='root'
-            group='root'
-            mode={{ item.2 }}
+  template:
+    src: "{{ item.0 }}"
+    dest: "{{ item.1 }}"
+    owner: root
+    group: root
+    mode: "{{ item.2 }}"
  with_items:
   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }

- name: Install Debian config
-  template: src=iptables dest=/etc/network/if-pre-up.d/iptables
-            mode=0755
+- name: Install Debian config (debuntu)
+  template:
+    src: iptables
+    dest: /etc/network/if-pre-up.d/iptables
+    mode: 0755
  when: is_debuntu
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -20,24 +20,65 @@

 - include_tasks: iptables.yml

- sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
- sysctl: name=net.ipv4.conf.default.accept_source_route value=0 state=present
- sysctl: name=kernel.sysrq value=1 state=present
- sysctl: name=kernel.core_uses_pid value=1 state=present
- sysctl: name=net.ipv4.tcp_syncookies value=1 state=present
- sysctl: name=kernel.shmmax value=268435456 state=present
+- sysctl:
+    name: net.ipv4.ip_forward
+    value: 1
+    state: present
+
+- sysctl:
+    name: net.ipv4.conf.default.rp_filter
+    value: 1
+    state: present
+
+- sysctl:
+    name: net.ipv4.conf.default.accept_source_route
+    value: 0
+    state: present
+
+- sysctl:
+    name: kernel.sysrq
+    value: 1
+    state: present
+
+- sysctl:
+    name: kernel.core_uses_pid
+    value: 1
+    state: present
+
+- sysctl:
+    name: net.ipv4.tcp_syncookies
+    value: 1
+    state: present
+
+- sysctl:
+    name: kernel.shmmax
+    value: 268435456
+    state: present
+
 # IPv6 disabled
- sysctl: name=net.ipv6.conf.all.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
+
+- sysctl:
+    name: net.ipv6.conf.all.disable_ipv6
+    value: 1
+    state: present
+
+- sysctl:
+    name: net.ipv6.conf.default.disable_ipv6
+    value: 1
+    state: present
+
+- sysctl:
+    name: net.ipv6.conf.lo.disable_ipv6
+    value: 1
+    state: present

 - name: Install custom profile file
-  template: dest=/etc/profile.d/zzz_iiab.sh
-            src=zzz_iiab.sh
-            owner=root
-            mode=0644
-            backup=no
+  template:
+    dest: /etc/profile.d/zzz_iiab.sh
+    src: zzz_iiab.sh
+    owner: root
+    mode: 0644
+    backup: no

 - include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18
@ -47,7 +88,8 @@
 - include_tasks: iiab-startup.yml

 - name: Recording STAGE 2 HAS COMPLETED ==========================
-  lineinfile: dest=/etc/iiab/iiab.env
-              regexp='^STAGE=*'
-              line='STAGE=2'
-              state=present
+  lineinfile:
+    dest: /etc/iiab/iiab.env
+    regexp: '^STAGE=*'
+    line: 'STAGE=2'
+    state: present
--- a/roles/2-common/tasks/net_mods.yml
+++ b/roles/2-common/tasks/net_mods.yml
@ -1,32 +1,36 @@
- name: Disable systemd-networkd.service
-  service: name=systemd-networkd.service
-           enabled=no
+- name: Disable systemd-networkd.service (OS's other than centos)
+  service:
+    name: systemd-networkd.service
+    enabled: no
  when: not is_centos

- name: Mask systemd-networkd.service
+- name: Mask systemd-networkd.service (OS's other than centos)
  shell: 'systemctl mask systemd-networkd'
  when: not is_centos

 - name: Disable systemd-hostnamed.service
-  service: name=systemd-hostnamed.service
-           enabled=no
+  service:
+    name: systemd-hostnamed.service
+    enabled: no

 - name: Disable dbus-org.freedesktop.hostname1.service
-  service: name=dbus-org.freedesktop.hostname1
-           enabled=no
+  service:
+    name: dbus-org.freedesktop.hostname1
+    enabled: no

 - name: Mask dbus-org.freedesktop.hostname1.service
  shell: 'systemctl mask dbus-org.freedesktop.hostname1'

 - name: Disable network.service
-  service: name=network
-           enabled=no
+  service:
+    name: network
+    enabled: no

 - name: Mask network.service
  shell: 'systemctl mask network.service'

 # Network Manager starts this if needed
 - name: Disable wpa_supplicant
-  service: name=wpa_supplicant
-           enabled=no
-
+  service:
+    name: wpa_supplicant
+    enabled: no
--- a/roles/2-common/tasks/prep.yml
+++ b/roles/2-common/tasks/prep.yml
@ -1,29 +1,33 @@
 - name: Install iiab-extra repos
-  template: backup=no
-            dest=/etc/yum.repos.d/iiab-extra.repo
-            src=iiab-extra.repo
-            owner=root
-            group=root
-            mode=0666
+  template:
+    backup: no
+    dest: /etc/yum.repos.d/iiab-extra.repo
+    src: iiab-extra.repo
+    owner: root
+    group: root
+    mode: 0666

 - name: Install iiab-testing repos
-  template: backup=no
-            dest=/etc/yum.repos.d/iiab-testing.repo
-            src=iiab-testing.repo
-            owner=root
-            group=root
-            mode=0666
+  template:
+    backup: no
+    dest: /etc/yum.repos.d/iiab-testing.repo
+    src: iiab-testing.repo
+    owner: root
+    group: root
+    mode: 0666

 - name: Get the createrepo program
-  package: name=createrepo
-           state=present
+  package:
+    name: createrepo
+    state: present

 - name: Install local repo file
-  template: dest=/etc/yum.repos.d/iiab-local.repo
-            src=local.repo
-            owner=root
-            group=root
-            mode=0644
+  template:
+    dest: /etc/yum.repos.d/iiab-local.repo
+    src: local.repo
+    owner: root
+    group: root
+    mode: 0644

 - name: Create local repo
  shell: createrepo {{ yum_packages_dir }}
--- a/roles/2-common/tasks/udev.yml
+++ b/roles/2-common/tasks/udev.yml
@ -1,21 +1,24 @@
 - name: Does systemd-udevd.service exist
-  stat: path="{{ systemd_location }}/systemd-udevd.service"
+  stat:
+    path: "{{ systemd_location }}/systemd-udevd.service"
  register: udev_unit

 - name: Copy udevd service to /etc/systemd/system to modify
-  copy: src={{ systemd_location }}/systemd-udevd.service
-        dest=/etc/systemd/system/systemd-udevd.service
-        owner=root
-        group=root
-        mode=0644
+  copy:
+    src: "{{ systemd_location }}/systemd-udevd.service"
+    dest: /etc/systemd/system/systemd-udevd.service
+    owner: root
+    group: root
+    mode: 0644
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists

 - name: Change MountFlags from slave to shared
-  lineinfile: backup=no
-              dest=/etc/systemd/system/systemd-udevd.service
-              regexp='^MountFlags'
-              line='MountFlags=shared'
-              state=present
+  lineinfile:
+    backup: no
+    dest: /etc/systemd/system/systemd-udevd.service
+    regexp: '^MountFlags'
+    line: 'MountFlags=shared'
+    state: present
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists

 # ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module
@ -28,7 +31,9 @@
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists

 - name: Reload systemd-udevd so it has rootfs open read-write
-  template: src=udev-reload.service dest=/etc/systemd/system/
+  template:
+    src: udev-reload.service
+    dest: /etc/systemd/system/

 - name: Enable the reload service
  shell: systemctl enable udev-reload.service