Merge pull request #676 from holta/2-common

2-common: indentation/syntax per new Ansible docs
2025-03-09 15:40:17 +00:00 · 2018-02-12 21:57:22 -05:00 · 2018-02-12 21:57:22 -05:00 · 50602d30ad
commit 50602d30ad
parent a8eb07efef 144ab33f24
5 changed files with 153 additions and 89 deletions
--- a/roles/2-common/tasks/iptables.yml
+++ b/roles/2-common/tasks/iptables.yml
@ -1,55 +1,64 @@
- name: Disable firewalld service
+- name: Disable firewalld service (OS's other than debuntu)
-  service: name=firewalld
+  service:
-           enabled=no
+    name: firewalld
    enabled: no
  when: not is_debuntu
- name: Use larger hammer to disable firewalld (2 symbolic links involved)
+- name: Use larger hammer to disable firewalld -- 2 symbolic links involved (OS's other than debuntu)
  shell: "systemctl disable firewalld.service"
  when: not is_debuntu
- name: Mask firewalld service
+- name: Mask firewalld service (OS's other than debuntu)
  shell: 'systemctl mask firewalld'
  ignore_errors: yes
  when: not installing and not is_debuntu
- name: Stop firewalld service
+- name: Stop firewalld service (OS's other than debuntu)
-  service: name=firewalld
+  service:
-           state=stopped
+    name: firewalld
    state: stopped
  ignore_errors: yes
  when: not installing and not is_debuntu
 - name: Remove iptables.service file from /etc
-  file: path=/etc/systemd/system/iptables.service
+  file:
-        state=absent
+    path: /etc/systemd/system/iptables.service
    state: absent
 - name: Remove iptables-xs.service file from /etc
-  file: path=/etc/systemd/system/iptables-xs.service
+  file:
-        state=absent
+    path: /etc/systemd/system/iptables-xs.service
    state: absent
- name: Install iptables service package
+- name: Install iptables service package (debuntu)
-  package: name=iptables-persistent
+  package:
-           state=present
+    name: iptables-persistent
    state: present
  when: is_debuntu
  tags:
    - download
- name: Install iptables service package
+- name: Install iptables service package (OS's other than debuntu)
-  package: name=iptables-services
+  package:
-           state=present
+    name: iptables-services
    state: present
  when: not is_debuntu
  tags:
    - download
 - name: Install iptables services
-  template: src={{ item.0 }}
+  template:
-            dest={{ item.1 }}
+    src: "{{ item.0 }}"
-            owner='root'
+    dest: "{{ item.1 }}"
-            group='root'
+    owner: root
-            mode={{ item.2 }}
+    group: root
    mode: "{{ item.2 }}"
  with_items:
   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- name: Install Debian config
+- name: Install Debian config (debuntu)
-  template: src=iptables dest=/etc/network/if-pre-up.d/iptables
+  template:
-            mode=0755
+    src: iptables
    dest: /etc/network/if-pre-up.d/iptables
    mode: 0755
  when: is_debuntu
--- a/roles/2-common/tasks/main.yml
+++ b/roles/2-common/tasks/main.yml
@ -20,24 +20,65 @@
 - include_tasks: iptables.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present
+- sysctl:
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present
+    name: net.ipv4.ip_forward
- sysctl: name=net.ipv4.conf.default.accept_source_route value=0 state=present
+    value: 1
- sysctl: name=kernel.sysrq value=1 state=present
+    state: present
- sysctl: name=kernel.core_uses_pid value=1 state=present
+
- sysctl: name=net.ipv4.tcp_syncookies value=1 state=present
+- sysctl:
- sysctl: name=kernel.shmmax value=268435456 state=present
+    name: net.ipv4.conf.default.rp_filter
    value: 1
    state: present
 - sysctl:
    name: net.ipv4.conf.default.accept_source_route
    value: 0
    state: present
 - sysctl:
    name: kernel.sysrq
    value: 1
    state: present
 - sysctl:
    name: kernel.core_uses_pid
    value: 1
    state: present
 - sysctl:
    name: net.ipv4.tcp_syncookies
    value: 1
    state: present
 - sysctl:
    name: kernel.shmmax
    value: 268435456
    state: present
 # IPv6 disabled
- sysctl: name=net.ipv6.conf.all.disable_ipv6 value=1 state=present
+
- sysctl: name=net.ipv6.conf.default.disable_ipv6 value=1 state=present
+- sysctl:
- sysctl: name=net.ipv6.conf.lo.disable_ipv6 value=1 state=present
+    name: net.ipv6.conf.all.disable_ipv6
    value: 1
    state: present
 - sysctl:
    name: net.ipv6.conf.default.disable_ipv6
    value: 1
    state: present
 - sysctl:
    name: net.ipv6.conf.lo.disable_ipv6
    value: 1
    state: present
 - name: Install custom profile file
-  template: dest=/etc/profile.d/zzz_iiab.sh
+  template:
-            src=zzz_iiab.sh
+    dest: /etc/profile.d/zzz_iiab.sh
-            owner=root
+    src: zzz_iiab.sh
-            mode=0644
+    owner: root
-            backup=no
+    mode: 0644
    backup: no
 - include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18
@ -47,7 +88,8 @@
 - include_tasks: iiab-startup.yml
 - name: Recording STAGE 2 HAS COMPLETED ==========================
-  lineinfile: dest=/etc/iiab/iiab.env
+  lineinfile:
-              regexp='^STAGE=*'
+    dest: /etc/iiab/iiab.env
-              line='STAGE=2'
+    regexp: '^STAGE=*'
-              state=present
+    line: 'STAGE=2'
    state: present
--- a/roles/2-common/tasks/net_mods.yml
+++ b/roles/2-common/tasks/net_mods.yml
@ -1,32 +1,36 @@
- name: Disable systemd-networkd.service
+- name: Disable systemd-networkd.service (OS's other than centos)
-  service: name=systemd-networkd.service
+  service:
-           enabled=no
+    name: systemd-networkd.service
    enabled: no
  when: not is_centos
- name: Mask systemd-networkd.service
+- name: Mask systemd-networkd.service (OS's other than centos)
  shell: 'systemctl mask systemd-networkd'
  when: not is_centos
 - name: Disable systemd-hostnamed.service
-  service: name=systemd-hostnamed.service
+  service:
-           enabled=no
+    name: systemd-hostnamed.service
    enabled: no
 - name: Disable dbus-org.freedesktop.hostname1.service
-  service: name=dbus-org.freedesktop.hostname1
+  service:
-           enabled=no
+    name: dbus-org.freedesktop.hostname1
    enabled: no
 - name: Mask dbus-org.freedesktop.hostname1.service
  shell: 'systemctl mask dbus-org.freedesktop.hostname1'
 - name: Disable network.service
-  service: name=network
+  service:
-           enabled=no
+    name: network
    enabled: no
 - name: Mask network.service
  shell: 'systemctl mask network.service'
 # Network Manager starts this if needed
 - name: Disable wpa_supplicant
-  service: name=wpa_supplicant
+  service:
-           enabled=no
+    name: wpa_supplicant
-
+    enabled: no
--- a/roles/2-common/tasks/prep.yml
+++ b/roles/2-common/tasks/prep.yml
@ -1,29 +1,33 @@
 - name: Install iiab-extra repos
-  template: backup=no
+  template:
-            dest=/etc/yum.repos.d/iiab-extra.repo
+    backup: no
-            src=iiab-extra.repo
+    dest: /etc/yum.repos.d/iiab-extra.repo
-            owner=root
+    src: iiab-extra.repo
-            group=root
+    owner: root
-            mode=0666
+    group: root
    mode: 0666
 - name: Install iiab-testing repos
-  template: backup=no
+  template:
-            dest=/etc/yum.repos.d/iiab-testing.repo
+    backup: no
-            src=iiab-testing.repo
+    dest: /etc/yum.repos.d/iiab-testing.repo
-            owner=root
+    src: iiab-testing.repo
-            group=root
+    owner: root
-            mode=0666
+    group: root
    mode: 0666
 - name: Get the createrepo program
-  package: name=createrepo
+  package:
-           state=present
+    name: createrepo
    state: present
 - name: Install local repo file
-  template: dest=/etc/yum.repos.d/iiab-local.repo
+  template:
-            src=local.repo
+    dest: /etc/yum.repos.d/iiab-local.repo
-            owner=root
+    src: local.repo
-            group=root
+    owner: root
-            mode=0644
+    group: root
    mode: 0644
 - name: Create local repo
  shell: createrepo {{ yum_packages_dir }}
--- a/roles/2-common/tasks/udev.yml
+++ b/roles/2-common/tasks/udev.yml
@ -1,21 +1,24 @@
 - name: Does systemd-udevd.service exist
-  stat: path="{{ systemd_location }}/systemd-udevd.service"
+  stat:
    path: "{{ systemd_location }}/systemd-udevd.service"
  register: udev_unit
 - name: Copy udevd service to /etc/systemd/system to modify
-  copy: src={{ systemd_location }}/systemd-udevd.service
+  copy:
-        dest=/etc/systemd/system/systemd-udevd.service
+    src: "{{ systemd_location }}/systemd-udevd.service"
-        owner=root
+    dest: /etc/systemd/system/systemd-udevd.service
-        group=root
+    owner: root
-        mode=0644
+    group: root
    mode: 0644
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists
 - name: Change MountFlags from slave to shared
-  lineinfile: backup=no
+  lineinfile:
-              dest=/etc/systemd/system/systemd-udevd.service
+    backup: no
-              regexp='^MountFlags'
+    dest: /etc/systemd/system/systemd-udevd.service
-              line='MountFlags=shared'
+    regexp: '^MountFlags'
-              state=present
+    line: 'MountFlags=shared'
    state: present
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists
 # ubuntu 16.04 comes with ansible 2.0.0.2 -- no systemd module
@ -28,7 +31,9 @@
  when: udev_unit.stat.exists is defined and udev_unit.stat.exists
 - name: Reload systemd-udevd so it has rootfs open read-write
-  template: src=udev-reload.service dest=/etc/systemd/system/
+  template:
    src: udev-reload.service
    dest: /etc/systemd/system/
 - name: Enable the reload service
  shell: systemctl enable udev-reload.service