├── meta └── runtime.yml ├── molecule ├── logrotate │ ├── files │ │ └── override.conf │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── molecule.yml │ ├── tests │ │ └── test_default.py │ └── converge.yml ├── epel │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── converge.yml │ ├── molecule.yml │ └── tests │ │ └── test_default.py ├── ntp │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── converge.yml │ ├── molecule.yml │ └── tests │ │ └── test_default.py ├── chrony │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── molecule.yml │ ├── tests │ │ └── test_default.py │ └── converge.yml ├── default │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── molecule.yml │ ├── tests │ │ └── test_default.py │ └── converge.yml ├── remi_repo │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── converge.yml │ ├── molecule.yml │ └── tests │ │ └── test_default.py └── selinux │ ├── Dockerfile.j2 │ ├── verify.yml │ ├── molecule.yml │ ├── converge.yml │ └── tests │ └── test_default.py ├── roles ├── logrotate │ ├── vars │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── logrotate.d.j2 │ ├── meta │ │ └── main.yml │ └── README.md ├── selinux │ ├── vars │ │ ├── default.yml │ │ └── redhat.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ └── README.md ├── ntp │ ├── vars │ │ ├── Debian.yml │ │ ├── RedHat.yml │ │ ├── Suse.yml │ │ └── SLES12.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── suse.yml │ │ ├── debian.yml │ │ ├── redhat.yml │ │ └── main.yml │ ├── README.md │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ └── templates │ │ └── ntp.conf.j2 ├── remi_repo │ ├── vars │ │ ├── fedora.yml │ │ └── default.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── yum.yml │ │ ├── dnf.yml │ │ └── main.yml │ └── README.md ├── chrony │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── debian.yml │ │ ├── archlinux.yml │ │ ├── redhat.yml │ │ ├── suse.yml │ │ └── main.yml │ ├── vars │ │ ├── suse.yml │ │ ├── archlinux.yml │ │ ├── redhat.yml │ │ └── debian.yml │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── templates │ │ └── chrony.conf.j2 │ └── README.md └── epel │ ├── meta │ └── main.yml │ ├── tasks │ ├── main.yml │ ├── redhat.yml │ └── redhat_manual.yml │ ├── defaults │ └── main.yml │ └── README.md ├── .ansible-lint ├── .yamllint ├── .github └── workflows │ ├── release.yml │ ├── epel.yml │ ├── selinux.yml │ ├── ntp.yml │ ├── remi_repo.yml │ ├── chrony.yml │ └── logrotate.yml ├── plugins └── README.md ├── LICENSE ├── galaxy.yml ├── .travis.yml └── README.md /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.8" 3 | -------------------------------------------------------------------------------- /molecule/logrotate/files/override.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | ExecStartPre= 3 | -------------------------------------------------------------------------------- /roles/logrotate/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for ericsysmin.logrotate 3 | -------------------------------------------------------------------------------- /roles/selinux/vars/default.yml: -------------------------------------------------------------------------------- 1 | selinux_python_package: libselinux-python 2 | -------------------------------------------------------------------------------- /roles/logrotate/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for ericsysmin.logrotate 3 | -------------------------------------------------------------------------------- /roles/ntp/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ntp_service_name: ntp 3 | ntp_config_driftfile: /var/lib/ntp/ntp.drift 4 | -------------------------------------------------------------------------------- /roles/ntp/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ntp_service_name: ntpd 3 | ntp_config_driftfile: /var/lib/ntp/drift 4 | -------------------------------------------------------------------------------- /roles/ntp/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ntp_service_name: ntp 3 | ntp_config_driftfile: /var/lib/ntp/drift/ntp.drift 4 | -------------------------------------------------------------------------------- /roles/ntp/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart ntp 3 | service: name={{ ntp_service_name }} state=restarted 4 | -------------------------------------------------------------------------------- /roles/ntp/vars/SLES12.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ntp_service_name: ntpd 3 | ntp_config_driftfile: /var/lib/ntp/drift/ntp.drift 4 | -------------------------------------------------------------------------------- /roles/selinux/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | selinux_policy: targeted 3 | selinux_state: enforcing 4 | reboot: false 5 | -------------------------------------------------------------------------------- /roles/remi_repo/vars/fedora.yml: -------------------------------------------------------------------------------- 1 | --- 2 | remi_repo_url: "https://rpms.remirepo.net/fedora/remi-release-{{ ansible_distribution_major_version }}.rpm" 3 | -------------------------------------------------------------------------------- /roles/remi_repo/vars/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | remi_repo_url: "http://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm" 3 | -------------------------------------------------------------------------------- /roles/chrony/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart chrony 3 | ansible.builtin.service: 4 | name: "{{ chrony_service_name }}" 5 | state: restarted 6 | -------------------------------------------------------------------------------- /molecule/epel/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /molecule/ntp/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /roles/logrotate/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ericsysmin.logrotate 3 | logrotate_install: true 4 | logrotate_conf_dir: /etc/logrotate.d/ 5 | logrotate_files: [] 6 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | parseable: true 3 | skip_list: 4 | - ANSIBLE0010 5 | use_default_rules: true 6 | verbosity: 1 7 | exclude_paths: 8 | - ./tests/ 9 | - ./plugins/ 10 | -------------------------------------------------------------------------------- /molecule/chrony/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /molecule/default/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /molecule/logrotate/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /molecule/remi_repo/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /molecule/selinux/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | {{ lookup('url', 'https://raw.githubusercontent.com/ericsysmin/ansible-molecule-dockerfiles/main/' ~ item.image ~ '/Dockerfile', split_lines=False) }} 2 | -------------------------------------------------------------------------------- /roles/chrony/tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install the require packages in Debian derivatives 3 | ansible.builtin.apt: name=chrony state={{ chrony_pkg_state }} update_cache=true 4 | -------------------------------------------------------------------------------- /roles/selinux/vars/redhat.yml: -------------------------------------------------------------------------------- 1 | selinux_python_package: >- 2 | {%- if ansible_python.version.major == 2 -%}libselinux-python 3 | {%- else -%}libselinux-python3 4 | {%- endif -%} 5 | -------------------------------------------------------------------------------- /roles/chrony/vars/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_service_name: chronyd 3 | chrony_config_location: /etc/chrony.conf 4 | chrony_config_driftfile: /var/lib/chrony/drift 5 | chrony_config_keyfile: /etc/chrony.keys 6 | -------------------------------------------------------------------------------- /roles/chrony/vars/archlinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_service_name: chronyd 3 | chrony_config_location: /etc/chrony.conf 4 | chrony_config_driftfile: /var/lib/chrony/drift 5 | chrony_config_keyfile: /etc/chrony.keys 6 | -------------------------------------------------------------------------------- /roles/chrony/vars/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_service_name: chronyd 3 | chrony_config_location: /etc/chrony.conf 4 | chrony_config_driftfile: /var/lib/chrony/drift 5 | chrony_config_keyfile: /etc/chrony.keys 6 | -------------------------------------------------------------------------------- /molecule/chrony/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/default/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/epel/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/ntp/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/selinux/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/logrotate/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /molecule/remi_repo/verify.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This is an example playbook to execute Ansible tests. 3 | 4 | - name: Verify 5 | hosts: all 6 | tasks: 7 | - name: Example assertion 8 | assert: 9 | that: true 10 | -------------------------------------------------------------------------------- /roles/chrony/vars/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_service_name: chrony 3 | chrony_config_location: /etc/chrony/chrony.conf 4 | chrony_config_driftfile: /var/lib/chrony/chrony.drift 5 | chrony_config_keyfile: /etc/chrony/chrony.keys 6 | -------------------------------------------------------------------------------- /roles/chrony/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | chrony_pkg_state: present 3 | chrony_service_state: started 4 | chrony_service_enabled: yes 5 | chrony_config_server: 6 | - 0.pool.ntp.org 7 | - 1.pool.ntp.org 8 | - 2.pool.ntp.org 9 | - 3.pool.ntp.org 10 | chrony_config_logdir: /var/log/chrony 11 | chrony_config_extra_options: {} 12 | -------------------------------------------------------------------------------- /molecule/ntp/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | roles: 13 | - role: ericsysmin.system.ntp 14 | -------------------------------------------------------------------------------- /roles/ntp/tasks/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ntp | Suse | Install the required packages in Suse derivatives 3 | ansible.general.zypper: 4 | name: ntp 5 | state: "{{ ntp_pkg_state }}" 6 | when: ansible_os_family == 'Suse' 7 | register: task_result 8 | until: task_result is success 9 | retries: 10 10 | delay: 2 11 | tags: 12 | - package 13 | - ntp 14 | -------------------------------------------------------------------------------- /molecule/epel/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | roles: 13 | - role: ericsysmin.system.epel 14 | when: ansible_os_family == "RedHat" 15 | -------------------------------------------------------------------------------- /molecule/remi_repo/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | roles: 13 | - role: ericsysmin.system.remi_repo 14 | when: ansible_os_family == "RedHat" 15 | -------------------------------------------------------------------------------- /roles/epel/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: ericsymsin 4 | role_name: epel 5 | description: Role to configure EPEL on RHEL/CentOS based systems 6 | license: MIT 7 | min_ansible_version: 2.4 8 | platforms: 9 | - name: EL 10 | versions: 11 | - 6 12 | - 7 13 | - 8 14 | galaxy_tags: 15 | - epel 16 | - rhel 17 | - centos 18 | dependencies: [] 19 | -------------------------------------------------------------------------------- /roles/ntp/tasks/debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ntp | Debian | Install the required packages in Debian derivatives 3 | ansible.builtin.apt: 4 | name: ntp 5 | update_cache: yes 6 | cache_valid_time: 86400 7 | state: "{{ ntp_pkg_state }}" 8 | when: ansible_os_family == 'Debian' 9 | register: task_result 10 | until: task_result is success 11 | retries: 10 12 | delay: 2 13 | tags: 14 | - package 15 | - ntp 16 | -------------------------------------------------------------------------------- /roles/chrony/tasks/archlinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install the required packages in Arch Linux 3 | community.general.pacman: name=chrony state={{ chrony_pkg_state }} 4 | 5 | - name: Check if ntpd service exists 6 | ansible.builtin.stat: path="/usr/lib/systemd/system/ntpd.service" 7 | register: ntpd_service_status 8 | 9 | - name: Stop and mask ntpd service 10 | ansible.builtin.systemd: name=ntpd state=stopped masked=yes 11 | when: ntpd_service_status.stat.exists 12 | -------------------------------------------------------------------------------- /roles/chrony/tasks/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install the required packages in Redhat derivatives 3 | ansible.builtin.yum: name=chrony state={{ chrony_pkg_state }} 4 | 5 | - name: Check if ntpd service exists 6 | ansible.builtin.stat: path="/usr/lib/systemd/system/ntpd.service" 7 | register: ntpd_service_status 8 | 9 | - name: Stop and mask ntpd service 10 | ansible.builtin.systemd: name=ntpd state=stopped masked=yes 11 | when: ntpd_service_status.stat.exists 12 | -------------------------------------------------------------------------------- /roles/remi_repo/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | remi_repo_validate_certs: true 3 | remi_repo_gpg_key_urls: 4 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi 5 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2017 6 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2018 7 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2019 8 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2020 9 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2021 10 | - https://rpms.remirepo.net/RPM-GPG-KEY-remi2022 11 | -------------------------------------------------------------------------------- /roles/chrony/tasks/suse.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install the required packages on SuSE 3 | community.general.zypper: 4 | name: chrony 5 | state: "{{ chrony_pkg_state }}" 6 | 7 | - name: Check if ntpd service exists 8 | ansible.builtin.stat: path="/usr/lib/systemd/system/ntpd.service" 9 | register: ntpd_service_status 10 | 11 | - name: Stop and mask ntpd service 12 | ansible.builtin.systemd: name=ntpd state=stopped masked=yes 13 | when: ntpd_service_status.stat.exists 14 | -------------------------------------------------------------------------------- /molecule/chrony/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu-xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-""} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/epel/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/ntp/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /roles/epel/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ericsysmin.epel 3 | 4 | - name: epel | Install epel repo using epel-release 5 | ansible.builtin.include_tasks: "{{ ansible_os_family|lower }}.yml" 6 | when: 7 | - ansible_os_family|lower == "redhat" 8 | - not epel_manual 9 | 10 | - name: epel | Install epel repo manually 11 | ansible.builtin.include_tasks: "{{ ansible_os_family|lower }}_manual.yml" 12 | when: 13 | - ansible_os_family|lower == "redhat" 14 | - epel_manual 15 | -------------------------------------------------------------------------------- /roles/selinux/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: ericsysmin 4 | role_name: selinux 5 | company: Avi Networks 6 | description: Manage SELinux settings on a host 7 | issue_tracker_url: https://github.com/ericsysmin/ansible-role-selinux/issues 8 | license: MIT 9 | min_ansible_version: 2.0.0 10 | platforms: 11 | - name: EL 12 | versions: 13 | - 7 14 | galaxy_tags: 15 | - selinux 16 | - centos 17 | - rhel 18 | - oracle 19 | dependencies: [] 20 | -------------------------------------------------------------------------------- /molecule/default/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/logrotate/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/remi_repo/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/selinux/molecule.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dependency: 3 | name: galaxy 4 | driver: 5 | name: docker 6 | lint: | 7 | set -e 8 | yamllint . 9 | ansible-lint 10 | platforms: 11 | - name: instance 12 | image: ${MOLECULE_DISTRO:-ubuntu:xenial} 13 | privileged: true 14 | command: ${MOLECULE_COMMAND:-"sleep infinity"} 15 | volumes: 16 | - /sys/fs/cgroup:/sys/fs/cgroup:ro 17 | provisioner: 18 | name: ansible 19 | playbooks: 20 | converge: ${MOLECULE_PLAYBOOK:-converge.yml} 21 | -------------------------------------------------------------------------------- /molecule/selinux/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | - name: Install SELinux-policy 13 | package: name=selinux-policy 14 | when: ansible_os_family == "RedHat" 15 | roles: 16 | - role: ericsysmin.system.selinux 17 | when: ansible_os_family == "RedHat" 18 | -------------------------------------------------------------------------------- /molecule/epel/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/ntp/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/chrony/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/default/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/logrotate/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/remi_repo/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /molecule/selinux/tests/test_default.py: -------------------------------------------------------------------------------- 1 | import os 2 | import testinfra.utils.ansible_runner 3 | 4 | testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( 5 | os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') 6 | 7 | 8 | def test_service(host): 9 | service = host.service('docker') 10 | 11 | assert service.is_running 12 | assert service.is_enabled 13 | 14 | 15 | def test_hosts_file(host): 16 | f = host.file('/etc/hosts') 17 | 18 | assert f.exists 19 | assert f.user == 'root' 20 | assert f.group == 'root' 21 | -------------------------------------------------------------------------------- /roles/logrotate/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for ericsysmin.logrotate 3 | 4 | - name: Logrotate | Install logrotate 5 | ansible.builtin.package: name=logrotate 6 | when: logrotate_install 7 | register: task_result 8 | until: task_result is success 9 | retries: 10 10 | delay: 2 11 | 12 | - name: Logrotate | Setup logrotate.d scripts 13 | ansible.builtin.template: 14 | src: logrotate.d.j2 15 | dest: "{{ logrotate_conf_dir }}{{ item.name }}" 16 | mode: 0644 17 | with_items: "{{ logrotate_files }}" 18 | when: logrotate_files is defined 19 | -------------------------------------------------------------------------------- /roles/logrotate/templates/logrotate.d.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% if 'path' in item %} 4 | "{{ item.path }}" 5 | {% elif 'paths' in item %} 6 | {% for path in item.paths %} 7 | "{{ path }}" 8 | {% endfor %} 9 | {% endif %} 10 | { 11 | {% if item.options is defined -%} 12 | {% for option in item.options -%} 13 | {{ option }} 14 | {% endfor -%} 15 | {% endif %} 16 | {%- if item.scripts is defined -%} 17 | {%- for name, script in item.scripts.items() -%} 18 | {{ name }} 19 | {{ script }} 20 | endscript 21 | {% endfor -%} 22 | {% endif -%} 23 | } 24 | -------------------------------------------------------------------------------- /roles/remi_repo/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | role_name: remi_repo 4 | author: ericsysmin 5 | company: Avi Networks 6 | description: Remi's RPM repository for RHEL/CentOS. 7 | license: MIT 8 | min_ansible_version: 2.4 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 6 13 | - 7 14 | - name: Fedora 15 | versions: 16 | - 28 17 | - 27 18 | - 26 19 | galaxy_tags: 20 | - packaging 21 | - epel 22 | - repository 23 | - repo 24 | - redhat 25 | - rhel 26 | - centos 27 | - fedora 28 | dependencies: [] 29 | -------------------------------------------------------------------------------- /molecule/default/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | roles: 13 | - role: ericsysmin.system.selinux 14 | when: ansible_os_family == "RedHat" 15 | - role: ericsysmin.system.chrony 16 | - role: ericsysmin.system.epel 17 | when: ansible_os_family == "RedHat" 18 | - role: ericsysmin.system.logrotate 19 | - role: ericsysmin.system.remi_repo 20 | when: ansible_os_family == "RedHat" 21 | -------------------------------------------------------------------------------- /roles/epel/tasks/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install EPEL repo via Repository Package 3 | ansible.builtin.yum: name=epel-release state=present 4 | register: task_result 5 | until: task_result is success 6 | retries: 10 7 | delay: 2 8 | when: ansible_distribution == 'CentOS' or 9 | ansible_distribution == 'Red Hat Enterprise Linux' 10 | 11 | - name: Install EPEL repo via Repository Package 12 | ansible.builtin.dnf: 13 | enablerepo: PowerTools 14 | register: task_result 15 | until: task_result is success 16 | retries: 10 17 | delay: 2 18 | when: 19 | - ansible_os_family == "RedHat" 20 | - ansible_distribution_major_version|int >= 8 21 | -------------------------------------------------------------------------------- /roles/logrotate/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: ericsysmin 4 | role_name: logrotate 5 | description: Role manages logrotate instlalation 6 | issue_tracker_url: https://github.com/ericsysmin/ansible-role-logrotate/issues 7 | license: MIT 8 | min_ansible_version: 2.0 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 7 13 | - name: Fedora 14 | versions: 15 | - 27 16 | - 28 17 | - name: Ubuntu 18 | versions: 19 | - trusty 20 | - xenial 21 | - bionic 22 | - name: Debian 23 | versions: 24 | - jessie 25 | - stretch 26 | - wheezy 27 | galaxy_tags: [] 28 | dependencies: [] 29 | -------------------------------------------------------------------------------- /roles/ntp/tasks/redhat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ntp | RedHat | Remove chrony from RedHat 7 Installations to prevent conflict. 3 | ansible.builtin.yum: 4 | name: chrony 5 | state: absent 6 | when: ansible_distribution_version is version('7', ">=") 7 | register: task_result 8 | until: task_result is success 9 | retries: 10 10 | delay: 2 11 | tags: 12 | - package 13 | - ntp 14 | 15 | - name: ntp | RedHat | Install the required packages in Redhat derivatives 16 | ansible.builtin.yum: 17 | name: ntp 18 | state: "{{ ntp_pkg_state }}" 19 | register: task_result 20 | until: task_result is success 21 | retries: 10 22 | delay: 2 23 | tags: 24 | - package 25 | - ntp 26 | -------------------------------------------------------------------------------- /roles/chrony/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: chrony | Add the OS specific variables 3 | ansible.builtin.include_vars: "{{ ansible_os_family|lower }}.yml" 4 | 5 | - name: chrony | Installation 6 | ansible.builtin.include_tasks: "{{ ansible_os_family|lower }}.yml" 7 | 8 | - name: chrony | Copy the chrony.conf template file 9 | ansible.builtin.template: 10 | src: chrony.conf.j2 11 | dest: "{{ chrony_config_location }}" 12 | mode: 0644 13 | notify: 14 | - restart chrony 15 | 16 | - name: chrony | start and enable chrony service 17 | ansible.builtin.service: 18 | name: "{{ chrony_service_name }}" 19 | state: "{{ chrony_service_state }}" 20 | enabled: "{{ chrony_service_enabled }}" 21 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: 7 | max-spaces-inside: 1 8 | level: error 9 | brackets: 10 | max-spaces-inside: 1 11 | level: error 12 | colons: 13 | max-spaces-after: -1 14 | level: error 15 | commas: 16 | max-spaces-after: -1 17 | level: error 18 | comments: disable 19 | comments-indentation: disable 20 | document-start: disable 21 | empty-lines: 22 | max: 3 23 | level: error 24 | hyphens: 25 | level: error 26 | indentation: disable 27 | key-duplicates: enable 28 | line-length: disable 29 | new-line-at-end-of-file: disable 30 | new-lines: 31 | type: unix 32 | trailing-spaces: disable 33 | truthy: disable 34 | -------------------------------------------------------------------------------- /molecule/chrony/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Wait for systemd to complete initialization. # noqa 303 6 | command: systemctl is-system-running 7 | register: systemctl_status 8 | until: >- 9 | "running" in systemctl_status.stdout or "degraded" in 10 | systemctl_status.stdout 11 | retries: 30 12 | delay: 5 13 | when: 14 | - ansible_service_mgr == "systemd" 15 | - ansible_distribution == "Fedora" 16 | changed_when: false 17 | - name: Update package cache 18 | package: update_cache=yes 19 | changed_when: false 20 | register: task_result 21 | until: task_result is success 22 | retries: 10 23 | delay: 2 24 | roles: 25 | - role: ericsysmin.system.chrony 26 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: "release" 2 | on: 3 | release: 4 | types: 5 | - created 6 | jobs: 7 | release: 8 | runs-on: ubuntu-latest 9 | env: 10 | ANSIBLE_GALAXY_TOKEN: ${{ secrets.ANSIBLE_GALAXY_TOKEN }} 11 | ANSIBLE_FORCE_COLOR: 1 12 | steps: 13 | - name: Check out code 14 | uses: actions/checkout@v1 15 | 16 | - name: Set up Python 3.8 17 | uses: actions/setup-python@v1 18 | with: 19 | python-version: 3.8 20 | 21 | - name: Install dependencies 22 | run: | 23 | python -m pip install --upgrade pip 24 | pip install ansible molecule yamllint ansible-lint docker molecule-docker 25 | 26 | - name: Run the Ansible Galaxy release playbook 27 | run: >- 28 | ansible-playbook -i 'localhost,' build/galaxy_deploy.yml -e "github_tag=${{ github.ref }}" 29 | -------------------------------------------------------------------------------- /roles/chrony/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: ericsysmin 4 | role_name: chrony 5 | company: ericsymsin 6 | description: This role enables users to install and configure chrony on their hosts. 7 | license: MIT 8 | min_ansible_version: 2.4 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 7 13 | - 8 14 | - name: Debian 15 | versions: 16 | - buster 17 | - stretch 18 | - jessie 19 | - name: Ubuntu 20 | versions: 21 | - bionic 22 | - focal 23 | - xenial 24 | - name: ArchLinux 25 | versions: 26 | - any 27 | - name: opensuse 28 | versions: 29 | - 15.2 30 | - 15.1 31 | - 15.0 32 | - 42.1 33 | - 42.2 34 | - 42.3 35 | galaxy_tags: 36 | - system 37 | - chrony 38 | - ntp 39 | - time 40 | dependencies: [] 41 | -------------------------------------------------------------------------------- /roles/selinux/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: SELinux | Include {{ ansible_os_family }} specific variables 3 | ansible.builtin.include_vars: "{{ item }}" 4 | with_first_found: 5 | - vars/{{ ansible_os_family|lower }}.yml 6 | - vars/default.yml 7 | 8 | - name: SELinux | RedHat | Install libselinux-python 9 | ansible.builtin.package: name={{ selinux_python_package }} 10 | register: task_result 11 | until: task_result is success 12 | retries: 10 13 | delay: 2 14 | 15 | - name: SELinux | Set SELinux policy and state 16 | ansible.posix.selinux: policy={{ selinux_policy }} state={{ selinux_state }} 17 | register: selinux 18 | 19 | - name: SELinux | Show the output of the previous SELinux change 20 | ansible.builtin.debug: var=selinux 21 | 22 | - name: SELinux | Restart machine 23 | ansible.builtin.reboot: 24 | reboot_timeout: 3600 25 | when: selinux.reboot_required and reboot 26 | -------------------------------------------------------------------------------- /roles/ntp/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.ntp 2 | 3 | [![Build Status](https://travis-ci.com/ericsysmin/ansible-role-ntp.png?branch=main)](https://travis-ci.com/ericsysmin/ansible-role-ntp) 4 | 5 | This role enables users to install and configure ntp on their hosts. 6 | 7 | ## Requirements 8 | 9 | This role requires Ansible 2.4 or higher, and platform requirements are listed 10 | in the metadata file. 11 | 12 | ## Examples 13 | 14 | 1) Install ntp and set the default settings. 15 | 16 | ```yaml 17 | - hosts: all 18 | roles: 19 | - role: ericsysmin.system.ntp 20 | ``` 21 | 22 | 2) Install ntp and set some custom servers. 23 | 24 | ```yaml 25 | - hosts: all 26 | roles: 27 | - role: ericsysmin.system.ntp 28 | ntp_config_server: 29 | - 2.ubuntu.pool.ntp.org 30 | - 1.ubuntu.pool.ntp.org 31 | ``` 32 | 33 | ## License 34 | 35 | BSD 36 | 37 | ## Author Information 38 | 39 | [ericsysmin](https://ericsysmin.com) 40 | -------------------------------------------------------------------------------- /roles/ntp/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: ericsysmin 4 | role_name: ntp 5 | company: Avi Networks 6 | description: This role enables users to install and configure ntp on their hosts. 7 | license: GPLv2 8 | min_ansible_version: 2.4 9 | platforms: 10 | - name: EL 11 | versions: 12 | - 5 13 | - 6 14 | - 7 15 | - name: Fedora 16 | versions: 17 | - 16 18 | - 17 19 | - 18 20 | - 19 21 | - 20 22 | - 21 23 | - 22 24 | - name: Ubuntu 25 | versions: 26 | - precise 27 | - quantal 28 | - raring 29 | - saucy 30 | - name: Debian 31 | versions: 32 | - wheezy 33 | - name: SLES 34 | versions: 35 | - 11 36 | - 11SP3 37 | - 11SP4 38 | - 12 39 | galaxy_tags: 40 | - system 41 | - time 42 | - ntp 43 | - centos 44 | - ubuntu 45 | - el 46 | - redhat 47 | dependencies: [] 48 | -------------------------------------------------------------------------------- /roles/ntp/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ntp_pkg_state: present 3 | ntp_service_state: started 4 | ntp_service_enabled: yes 5 | 6 | ntp_config_server: 7 | - 0.pool.ntp.org 8 | - 1.pool.ntp.org 9 | - 2.pool.ntp.org 10 | - 3.pool.ntp.org 11 | ntp_config_restrict: 12 | - '-4 default kod notrap nomodify nopeer noquery' 13 | - '-6 default kod notrap nomodify nopeer noquery' 14 | - '127.0.0.1' 15 | - '::1' 16 | 17 | ntp_config_listen: [] 18 | 19 | ntp_config_filegen: 20 | - 'loopstats file loopstats type day enable' 21 | - 'peerstats file peerstats type day enable' 22 | - 'clockstats file clockstats type day enable' 23 | 24 | ntp_config_statistics: 'loopstats peerstats clockstats' 25 | ntp_config_crypto: '' 26 | ntp_config_includefile: '' 27 | ntp_config_keys: '' 28 | ntp_config_trustedkey: '' 29 | ntp_config_requestkey: '' 30 | ntp_config_controlkey: '' 31 | ntp_config_broadcast: '' 32 | ntp_config_broadcastclient: '' 33 | ntp_config_multicastclient: '' 34 | ntp_config_tinker_panic_enabled: '' 35 | -------------------------------------------------------------------------------- /plugins/README.md: -------------------------------------------------------------------------------- 1 | # Collections Plugins Directory 2 | 3 | This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that 4 | is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that 5 | would contain module utils and modules respectively. 6 | 7 | Here is an example directory of the majority of plugins currently supported by Ansible: 8 | 9 | └── plugins 10 | ├── action 11 | ├── become 12 | ├── cache 13 | ├── callback 14 | ├── cliconf 15 | ├── connection 16 | ├── filter 17 | ├── httpapi 18 | ├── inventory 19 | ├── lookup 20 | ├── module_utils 21 | ├── modules 22 | ├── netconf 23 | ├── shell 24 | ├── strategy 25 | ├── terminal 26 | ├── test 27 | └── vars 28 | 29 | A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible/2.9/plugins/plugins.html). 30 | -------------------------------------------------------------------------------- /roles/remi_repo/tasks/yum.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Repo Remi | YUM | Deploy repository 3 | ansible.builtin.yum: 4 | name: "{{ remi_repo_url }}" 5 | validate_certs: "{{ remi_repo_validate_certs }}" 6 | 7 | - name: Repo Remi | Enable/Disable specific remi repository 8 | block: 9 | - name: Repo Remi | Make sure yum-utils are present 10 | ansible.builtin.yum: 11 | name: yum-utils 12 | 13 | - name: Repo Remi | Enable remi repository 14 | ansible.builtin.command: yum-config-manager --enable {{ item }} 15 | loop: "{{ remi_repo_enable_list }}" 16 | when: remi_repo_enable_list is defined 17 | 18 | - name: Repo Remi | Disable remi repository 19 | ansible.builtin.command: yum-config-manager --disable {{ item }} 20 | loop: "{{ remi_repo_disable_list }}" 21 | when: remi_repo_disable_list is defined 22 | 23 | - name: Repo Remi | Update yum cache 24 | ansible.builtin.yum: 25 | update_cache: yes 26 | when: remi_repo_enable_list is defined or 27 | remi_repo_disable_list is defined 28 | -------------------------------------------------------------------------------- /roles/remi_repo/tasks/dnf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Repo Remi | DNF | Deploy repository 3 | ansible.builtin.dnf: 4 | name: "{{ remi_repo_url }}" 5 | validate_certs: "{{ remi_repo_validate_certs }}" 6 | 7 | - name: Repo Remi | Enable/Disable specific remi repository 8 | block: 9 | - name: Repo Remi | DNF | Make sure dnf-plugins-core is present 10 | ansible.builtin.dnf: 11 | name: dnf-plugins-core 12 | 13 | - name: Repo Remi | Enable remi repository 14 | ansible.builtin.command: dnf config-manager --enable {{ item }} 15 | loop: "{{ remi_repo_enable_list }}" 16 | when: remi_repo_enable_list is defined 17 | 18 | - name: Repo Remi | Disable remi repository 19 | ansible.builtin.command: dnf config-manager --disable {{ item }} 20 | loop: "{{ remi_repo_disable_list }}" 21 | when: remi_repo_disable_list is defined 22 | 23 | - name: Repo Remi | Update dnf cache 24 | ansible.builtin.dnf: 25 | update_cache: yes 26 | when: remi_repo_enable_list is defined or 27 | remi_repo_disable_list is defined 28 | -------------------------------------------------------------------------------- /roles/ntp/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ntp | Add the OS specific variables 3 | ansible.builtin.include_vars: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml" 6 | - "{{ ansible_distribution }}.yml" 7 | - "{{ ansible_os_family }}.yml" 8 | tags: 9 | - configuration 10 | - package 11 | - service 12 | - ntp 13 | 14 | - name: ntp | Installation 15 | ansible.builtin.include_tasks: "{{ ansible_os_family|lower }}.yml" 16 | 17 | - name: ntp | Copy the ntp.conf template file 18 | ansible.builtin.template: 19 | src: ntp.conf.j2 20 | dest: /etc/ntp.conf 21 | mode: 0664 22 | notify: 23 | - restart ntp 24 | tags: 25 | - configuration 26 | - package 27 | - ntp 28 | 29 | - name: Start/stop ntp service 30 | ansible.builtin.service: 31 | name: "{{ ntp_service_name }}" 32 | state: "{{ ntp_service_state }}" 33 | enabled: "{{ ntp_service_enabled }}" 34 | pattern: '/ntpd' 35 | tags: 36 | - service 37 | - ntp 38 | when: ansible_service_mgr != "systemd" 39 | -------------------------------------------------------------------------------- /molecule/logrotate/converge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Converge 3 | hosts: all 4 | pre_tasks: 5 | - name: Update package cache 6 | package: update_cache=yes 7 | changed_when: false 8 | register: task_result 9 | until: task_result is success 10 | retries: 10 11 | delay: 2 12 | - name: create containerd folder 13 | file: 14 | path: /etc/systemd/system/containerd.service.d 15 | state: directory 16 | mode: 0755 17 | when: ansible_service_mgr == "systemd" 18 | - name: override file for containerd 19 | copy: 20 | src: files/override.conf 21 | dest: /etc/systemd/system/containerd.service.d/override.conf 22 | mode: 0664 23 | when: ansible_service_mgr == "systemd" 24 | roles: 25 | - role: ericsysmin.system.logrotate 26 | logrotate_files: 27 | - name: rails 28 | path: "/var/log/service_logs" 29 | options: 30 | - weekly 31 | - size 25M 32 | - missingok 33 | - compress 34 | - delaycompress 35 | - copytruncate 36 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Eric Anderson 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /roles/chrony/templates/chrony.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | # List of NTP servers to use. 4 | {% for server in chrony_config_server %} 5 | server {{ server }} iburst 6 | {% endfor %} 7 | 8 | # This directive specify the location of the file containing ID/key pairs for 9 | # NTP authentication. 10 | keyfile {{ chrony_config_keyfile }} 11 | 12 | # This directive specify the file into which chronyd will store the rate 13 | # information. 14 | driftfile {{ chrony_config_driftfile }} 15 | 16 | # Uncomment the following line to turn logging on. 17 | #log tracking measurements statistics 18 | 19 | # Log files location. 20 | logdir {{chrony_config_logdir }} 21 | 22 | # Stop bad estimates upsetting machine clock. 23 | maxupdateskew 100.0 24 | 25 | # This directive enables kernel synchronisation (every 11 minutes) of the 26 | # real-time clock. Note that it can't be used along with the 'rtcfile' directive. 27 | rtcsync 28 | 29 | # Step the system clock instead of slewing it if the adjustment is larger than 30 | # one second, but only in the first three clock updates. 31 | makestep 1 3 32 | 33 | # Extra options 34 | {% for k, v in chrony_config_extra_options.items() %} 35 | {{ k }} {{ v }} 36 | {% endfor %} 37 | -------------------------------------------------------------------------------- /roles/selinux/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.selinux 2 | 3 | Using this module you are able manage the SELinux configuration on the host. 4 | It can also reboot the host if required. 5 | 6 | ## Requirements 7 | 8 | - `libselinux-python` package is required on the host executing the 9 | playbook/role. 10 | 11 | ## Role Variables 12 | 13 | | Variable | Required | Default | Comments | 14 | | ---------------- | -------- | ----------- | ----------------------------------------------------------------- | 15 | | `selinux_policy` | No | `targeted` | The name of the SELinux policy to use | 16 | | `selinux_state` | No | `enforcing` | The SELinux mode to be used. | 17 | | `reboot` | No | `false` | This flag will tell the remote machine to reboot after modifying. | 18 | 19 | ## Example Playbooks 20 | 21 | ### Example 22 | 23 | ```yaml 24 | - hosts: all 25 | roles: 26 | - role: ericsysmin.system.selinux 27 | selinux_state: disabled 28 | reboot: true 29 | ``` 30 | 31 | ## License 32 | 33 | MIT 34 | 35 | ## Author Information 36 | 37 | Eric Anderson 38 | [ericsysmin.com](http://ericsysmin.com) 39 | -------------------------------------------------------------------------------- /roles/logrotate/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.logrotate 2 | 3 | [![Build Status](https://travis-ci.org/ericsysmin/ansible-role-logrotate.svg?branch=main)](https://travis-ci.org/ericsysmin/ansible-role-llogrotate) 4 | 5 | This role installs logrotate on linux systems. 6 | 7 | ## Requirements 8 | 9 | None 10 | 11 | ## Role Variables 12 | 13 | | Variable | Required | Default | Comments | 14 | | -------------------- | -------- | ------------------- | ------------------------------------------ | 15 | | `logrotate_install` | No | `true` | Install package true/false | 16 | | `logrotate_conf_dir` | No | `/etc/logrotate.d/` | Configuration directory of logrotate files | 17 | | `logrotate_files` | No | `[]` | List of the logrotate files to be created | 18 | 19 | ## Dependencies 20 | 21 | None 22 | 23 | ## Example Playbook 24 | 25 | ```yaml 26 | - hosts: servers 27 | roles: 28 | - role: ericsysmin.system.logrotate 29 | logrotate_files: 30 | - name: rails 31 | path: "/var/log/service_logs" 32 | options: 33 | - weekly 34 | - size 25M 35 | - missingok 36 | - compress 37 | - delaycompress 38 | - copytruncate 39 | ``` 40 | 41 | ## License 42 | 43 | MIT 44 | 45 | ## Author Information 46 | 47 | [ericsysmin](https://ericsysmin.com) 48 | -------------------------------------------------------------------------------- /roles/remi_repo/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.remi_repo 2 | 3 | [Remi's RPM repository](http://rpms.famillecollet.com/) for RHEL/CentOS. 4 | 5 | ## Requirements 6 | 7 | None. 8 | 9 | ## Role Variables 10 | 11 | | Variable | Required | Default | Comments | 12 | | ----------------------- | -------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------ | 13 | | `remi_repo_url` | No | `http://rpms.famillecollet.com/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm` | Set url for remi repository | 14 | | `remi_repo_gpg_key_url` | No | `http://rpms.remirepo.net/RPM-GPG-KEY-remi` | GPG key location for remi repository | 15 | | `remi_repo_enable_list` | No | `[]` | List of repositories to enable | 16 | 17 | ## Dependencies 18 | 19 | None. 20 | 21 | ## Example Playbook 22 | 23 | ```yaml 24 | - hosts: servers 25 | roles: 26 | - role: ericsysmin.system.repo-remi 27 | remi_repo_enable_list: 28 | - remi-php72 29 | ``` 30 | 31 | ## License 32 | 33 | MIT 34 | 35 | ## Author Information 36 | 37 | [ericsysmin](https://ericsysmin.com/) 38 | -------------------------------------------------------------------------------- /roles/ntp/templates/ntp.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | {% if ntp_config_tinker_panic_enabled %} 4 | tinker panic 0 5 | {% endif %} 6 | 7 | driftfile {{ ntp_config_driftfile }} 8 | 9 | {% for server in ntp_config_server %} 10 | server {{ server }} 11 | {% endfor %} 12 | 13 | {% if ntp_config_statistics %} 14 | statistics {{ ntp_config_statistics }} 15 | {% endif %} 16 | 17 | {% for filegen in ntp_config_filegen %} 18 | filegen {{ filegen }} 19 | {% endfor %} 20 | 21 | {% for listen in ntp_config_listen %} 22 | interface listen {{ listen }} 23 | {% endfor %} 24 | 25 | {% for restrict in ntp_config_restrict %} 26 | restrict {{ restrict }} 27 | {% endfor %} 28 | 29 | {% if ntp_config_crypto %} 30 | crypto 31 | {% endif %} 32 | 33 | {% if ntp_config_includefile %} 34 | includefile {{ ntp_config_includefile }} 35 | {% endif %} 36 | 37 | {% if ntp_config_keys %} 38 | keys {{ ntp_config_keys }} 39 | {% endif %} 40 | 41 | {% if ntp_config_trustedkey %} 42 | trustedkey {{ ntp_config_trustedkey }} 43 | {% endif %} 44 | 45 | {% if ntp_config_requestkey %} 46 | requestkey {{ ntp_config_requestkey }} 47 | {% endif %} 48 | 49 | {% if ntp_config_controlkey %} 50 | controlkey {{ ntp_config_controlkey }} 51 | {% endif %} 52 | 53 | {% if ntp_config_broadcast %} 54 | broadcast {{ ntp_config_broadcast }} 55 | {% endif %} 56 | 57 | {% if ntp_config_broadcastclient %} 58 | broadcastclient 59 | {% endif %} 60 | 61 | {% if ntp_config_multicastclient %} 62 | multicastclient {{ ntp_config_multicastclient }} 63 | {% endif %} 64 | -------------------------------------------------------------------------------- /roles/remi_repo/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Repo Remi | Include {{ ansible_distribution }} specific variables 3 | ansible.builtin.include_vars: "{{ item }}" 4 | with_first_found: 5 | - vars/{{ ansible_distribution|lower }}.yml 6 | - vars/default.yml 7 | 8 | - name: Repo Remi | Import remi GPG keys. 9 | block: 10 | - name: Repo Remi | Import remi GPG keys. 11 | ansible.builtin.rpm_key: 12 | key: "{{ remi_repo_gpg_key_url }}" 13 | loop: "{{ remi_repo_gpg_key_urls }}" 14 | loop_control: 15 | loop_var: remi_repo_gpg_key_url 16 | register: task_result 17 | until: task_result is success 18 | retries: 10 19 | delay: 2 20 | rescue: 21 | - name: Repo Remi | Ensure curl is present (systems without SNI). 22 | ansible.builtin.package: name=curl 23 | register: task_result 24 | until: task_result is success 25 | retries: 10 26 | delay: 2 27 | - name: Repo Remi | Download GPG key (systems without SNI). # noqa no-changed-when command-instead-of-module 28 | ansible.builtin.command: "curl -sSL {{ remi_repo_gpg_key_url }} -o /tmp/remi_repo-gpg" 29 | - name: Repo Remi | Add Docker GPG key (systems without SNI). # noqa no-changed-when command-instead-of-module 30 | ansible.builtin.command: rpm --import /tmp/remi_repo-gpg 31 | - name: Repo Remi | Remove docker-gpg from tmp folder 32 | ansible.builtin.file: 33 | path: /tmp/remi_repo-gpg 34 | state: absent 35 | 36 | - name: Repo Remi | Install {{ ansible_distribution }} version of Remi Repository 37 | ansible.builtin.include_tasks: "{{ ansible_pkg_mgr }}.yml" 38 | -------------------------------------------------------------------------------- /.github/workflows/epel.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.epel" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/epel/**' 6 | - 'molecule/epel/**' 7 | - '.github/workflows/epel.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/epel/**' 11 | - 'molecule/epel/**' 12 | - '.github/workflows/epel.yml' 13 | jobs: 14 | molecule: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"centos-8", "command":"/usr/sbin/init" } 25 | collection_role: 26 | - epel 27 | steps: 28 | - name: Check out code 29 | uses: actions/checkout@v1 30 | with: 31 | path: ansible_collections/ericsysmin/system 32 | 33 | - name: Set up Python 3.12 34 | uses: actions/setup-python@v5 35 | with: 36 | python-version: 3.12 37 | 38 | - name: Install dependencies 39 | run: | 40 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 41 | curl -fsSL https://get.docker.com -o get-docker.sh 42 | sudo sh get-docker.sh 43 | python -m pip install --upgrade pip 44 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 45 | 46 | - name: Run role tests 47 | run: >- 48 | molecule --version && 49 | ansible --version && 50 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 51 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 52 | molecule --debug test -s ${{ matrix.collection_role }} 53 | -------------------------------------------------------------------------------- /.github/workflows/selinux.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.selinux" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/selinux/**' 6 | - 'molecule/selinux/**' 7 | - '.github/workflows/selinux.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/selinux/**' 11 | - 'molecule/selinux/**' 12 | - '.github/workflows/selinux.yml' 13 | jobs: 14 | molecule: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"centos-8", "command":"/usr/sbin/init" } 25 | collection_role: 26 | - selinux 27 | steps: 28 | - name: Check out code 29 | uses: actions/checkout@v1 30 | with: 31 | path: ansible_collections/ericsysmin/system 32 | 33 | - name: Set up Python 3.12 34 | uses: actions/setup-python@v5 35 | with: 36 | python-version: 3.12 37 | 38 | - name: Install dependencies 39 | run: | 40 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 41 | curl -fsSL https://get.docker.com -o get-docker.sh 42 | sudo sh get-docker.sh 43 | python -m pip install --upgrade pip 44 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 45 | 46 | - name: Run role tests 47 | run: >- 48 | molecule --version && 49 | ansible --version && 50 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 51 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 52 | molecule --debug test -s ${{ matrix.collection_role }} 53 | -------------------------------------------------------------------------------- /roles/chrony/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.chrony 2 | 3 | This role enables users to install and configure chrony on their hosts. 4 | 5 | ## Requirements 6 | 7 | None 8 | 9 | ## Role Variables 10 | 11 | | Variable | Required | Default | Comments | 12 | | ------------------------ | -------- | ------------------------------------------------------------------------ | ----------------------------------------------- | 13 | | `chrony_pkg_state` | No | `present` | Set pkg `enabled`, `disabled`, `latest` | 14 | | `chrony_service_state` | No | `started` | Set service state, started, enabled or disabled | 15 | | `chrony_service_enabled` | No | `yes` | A list of NTP servers to use. | 16 | | `chrony_config_server` | No | `["0.pool.ntp.org","1.pool.ntp.org","2.pool.ntp.org", "3.pool.ntp.org"]` | A list of NTP servers to use. | 17 | | `chrony_config_logdir` | No | `/var/log/chrony` | A list of NTP servers to use. | 18 | 19 | ## Examples 20 | 21 | 1) Install chrony and use the default settings. 22 | 23 | ```yaml 24 | - hosts: all 25 | roles: 26 | - role: ericsysmin.system.chrony 27 | ``` 28 | 29 | 2) Install chrony and use custom servers. 30 | 31 | ```yaml 32 | - hosts: all 33 | roles: 34 | - role: ericsysmin.system.chrony 35 | chrony_config_server: 36 | - 0.pool.ntp.org 37 | - 2.pool.ntp.org 38 | ``` 39 | 40 | ## License 41 | 42 | MIT 43 | 44 | ## Author Information 45 | 46 | [ericsysmin](https://ericsysmin.com) 47 | -------------------------------------------------------------------------------- /.github/workflows/ntp.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.ntp" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/ntp/**' 6 | - 'molecule/ntp/**' 7 | - '.github/workflows/ntp.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/ntp/**' 11 | - 'molecule/ntp/**' 12 | - '.github/workflows/ntp.yml' 13 | jobs: 14 | molecule: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"ubuntu-16.04", "command":"/sbin/init" } 25 | - { "distro":"ubuntu-18.04", "command":"/lib/systemd/systemd" } 26 | - { "distro":"ubuntu-20.04", "command":"/lib/systemd/systemd" } 27 | - { "distro":"debian-9", "command":"/lib/systemd/systemd" } 28 | collection_role: 29 | - ntp 30 | steps: 31 | - name: Check out code 32 | uses: actions/checkout@v1 33 | with: 34 | path: ansible_collections/ericsysmin/system 35 | 36 | - name: Set up Python 3.12 37 | uses: actions/setup-python@v5 38 | with: 39 | python-version: 3.12 40 | 41 | - name: Install dependencies 42 | run: | 43 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 44 | curl -fsSL https://get.docker.com -o get-docker.sh 45 | sudo sh get-docker.sh 46 | python -m pip install --upgrade pip 47 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 48 | 49 | - name: Run role tests 50 | run: >- 51 | molecule --version && 52 | ansible --version && 53 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 54 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 55 | molecule --debug test -s ${{ matrix.collection_role }} 56 | -------------------------------------------------------------------------------- /roles/epel/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for ericsysmin.epel 3 | 4 | epel_manual: false 5 | 6 | # vars if epel_manual is true 7 | epel_repo_gpg_key_url: "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" 8 | epel_repo_gpg_key_file: "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" 9 | epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" 10 | epel_repofile_path: "/etc/yum.repos.d/epel.repo" 11 | 12 | epel_repo_use_baseurl: false 13 | epel_repo_baseurl: http://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/$basearch 14 | epel_repo_metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-{{ ansible_distribution_major_version }}&arch=$basearch 15 | epel_repo_failovermethod: priority 16 | epel_repo_gpgcheck: true 17 | epel_repo_enabled: true 18 | epel_repo_gpgkey: file://{{ epel_repo_gpg_key_file }} 19 | 20 | epel_debuginfo_repo_use_baseurl: false 21 | epel_debuginfo_repo_baseurl: http://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/$basearch/debug 22 | epel_debuginfo_repo_metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-debug-{{ ansible_distribution_major_version }}&arch=$basearch 23 | epel_debuginfo_repo_failovermethod: priority 24 | epel_debuginfo_repo_gpgcheck: true 25 | epel_debuginfo_repo_enabled: false 26 | epel_debuginfo_repo_gpgkey: file://{{ epel_repo_gpg_key_file }} 27 | 28 | epel_source_repo_use_baseurl: false 29 | epel_source_repo_baseurl: http://download.fedoraproject.org/pub/epel/{{ ansible_distribution_major_version }}/SRPMS 30 | epel_source_repo_metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-source-{{ ansible_distribution_major_version }}&arch=$basearch 31 | epel_source_repo_failovermethod: priority 32 | epel_source_repo_gpgcheck: true 33 | epel_source_repo_enabled: false 34 | epel_source_repo_gpgkey: file://{{ epel_repo_gpg_key_file }} 35 | -------------------------------------------------------------------------------- /.github/workflows/remi_repo.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.remi_repo" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/remi_repo/**' 6 | - 'molecule/remi_repo/**' 7 | - '.github/workflows/remi_repo.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/remi_repo/**' 11 | - 'molecule/remi_repo/**' 12 | - '.github/workflows/remi_repo.yml' 13 | jobs: 14 | molecule: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"centos-8", "command":"/usr/sbin/init" } 25 | - { "distro":"fedora-32", "command":"/usr/sbin/init" } 26 | - { "distro":"fedora-31", "command":"/usr/sbin/init" } 27 | - { "distro":"fedora-30", "command":"/usr/lib/systemd/systemd" } 28 | collection_role: 29 | - remi_repo 30 | steps: 31 | - name: Check out code 32 | uses: actions/checkout@v1 33 | with: 34 | path: ansible_collections/ericsysmin/system 35 | 36 | - name: Set up Python 3.12 37 | uses: actions/setup-python@v5 38 | with: 39 | python-version: 3.12 40 | 41 | - name: Install dependencies 42 | run: | 43 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 44 | curl -fsSL https://get.docker.com -o get-docker.sh 45 | sudo sh get-docker.sh 46 | python -m pip install --upgrade pip 47 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 48 | 49 | - name: Run role tests 50 | run: >- 51 | molecule --version && 52 | ansible --version && 53 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 54 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 55 | molecule --debug test -s ${{ matrix.collection_role }} 56 | -------------------------------------------------------------------------------- /roles/epel/tasks/redhat_manual.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Import EPEL GPG key. 4 | ansible.builtin.rpm_key: 5 | key: "{{ epel_repo_gpg_key_url }}" 6 | state: present 7 | 8 | - name: epel | add epel repository 9 | ansible.builtin.yum_repository: 10 | name: epel 11 | description: Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch 12 | baseurl: "{{ epel_repo_baseurl if epel_repo_use_baseurl else omit }}" 13 | metalink: "{{ epel_repo_metalink if not epel_repo_use_baseurl else omit }}" 14 | failovermethod: "{{ epel_repo_failovermethod }}" 15 | gpgcheck: "{{ epel_repo_gpgcheck }}" 16 | enabled: "{{ epel_repo_enabled }}" 17 | gpgkey: "{{ epel_repo_gpgkey }}" 18 | file: epel 19 | 20 | - name: epel | add epel-debuginfo repository 21 | ansible.builtin.yum_repository: 22 | name: epel-debuginfo 23 | description: Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch - Debug 24 | baseurl: "{{ epel_debuginfo_repo_baseurl if epel_debuginfo_repo_use_baseurl else omit }}" 25 | metalink: "{{ epel_debuginfo_repo_metalink if not epel_debuginfo_repo_use_baseurl else omit }}" 26 | failovermethod: "{{ epel_debuginfo_repo_failovermethod }}" 27 | gpgcheck: "{{ epel_debuginfo_repo_gpgcheck }}" 28 | enabled: "{{ epel_debuginfo_repo_enabled }}" 29 | gpgkey: "{{ epel_debuginfo_repo_gpgkey }}" 30 | file: epel 31 | 32 | - name: epel | add epel-source repository 33 | ansible.builtin.yum_repository: 34 | name: epel-source 35 | description: Extra Packages for Enterprise Linux {{ ansible_distribution_major_version }} - $basearch - Source 36 | baseurl: "{{ epel_source_repo_baseurl if epel_source_repo_use_baseurl else omit }}" 37 | metalink: "{{ epel_source_repo_metalink if not epel_source_repo_use_baseurl else omit }}" 38 | failovermethod: "{{ epel_source_repo_failovermethod }}" 39 | gpgcheck: "{{ epel_source_repo_gpgcheck }}" 40 | enabled: "{{ epel_source_repo_enabled }}" 41 | gpgkey: "{{ epel_source_repo_gpgkey }}" 42 | file: epel 43 | -------------------------------------------------------------------------------- /.github/workflows/chrony.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.chrony" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/chrony/**' 6 | - 'molecule/chrony/**' 7 | - '.github/workflows/chrony.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/chrony/**' 11 | - 'molecule/chrony/**' 12 | - '.github/workflows/chrony.yml' 13 | jobs: 14 | molecule: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"centos-8", "command":"/usr/sbin/init" } 25 | - { "distro":"fedora-32", "command":"/usr/sbin/init" } 26 | - { "distro":"fedora-31", "command":"/usr/sbin/init" } 27 | - { "distro":"fedora-30", "command":"/usr/lib/systemd/systemd" } 28 | - { "distro":"ubuntu-16.04", "command":"/sbin/init" } 29 | - { "distro":"ubuntu-18.04", "command":"/lib/systemd/systemd" } 30 | - { "distro":"ubuntu-20.04", "command":"/lib/systemd/systemd" } 31 | - { "distro":"debian-9", "command":"/lib/systemd/systemd" } 32 | - { "distro":"debian-10", "command":"/lib/systemd/systemd" } 33 | collection_role: 34 | - chrony 35 | steps: 36 | - name: Check out code 37 | uses: actions/checkout@v1 38 | with: 39 | path: ansible_collections/ericsysmin/system 40 | 41 | - name: Set up Python 3.12 42 | uses: actions/setup-python@v5 43 | with: 44 | python-version: 3.12 45 | 46 | - name: Install dependencies 47 | run: | 48 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 49 | curl -fsSL https://get.docker.com -o get-docker.sh 50 | sudo sh get-docker.sh 51 | python -m pip install --upgrade pip 52 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 53 | 54 | - name: Run role tests 55 | run: >- 56 | molecule --version && 57 | ansible --version && 58 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 59 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 60 | molecule --debug test -s ${{ matrix.collection_role }} 61 | -------------------------------------------------------------------------------- /.github/workflows/logrotate.yml: -------------------------------------------------------------------------------- 1 | name: "ericsysmin.system.logrotate" 2 | on: 3 | push: 4 | paths: 5 | - 'roles/logrotate/**' 6 | - 'molecule/logrotate/**' 7 | - '.github/workflows/logrotate.yml' 8 | pull_request: 9 | paths: 10 | - 'roles/logrotate/**' 11 | - 'molecule/logrotate/**' 12 | - '.github/workflows/logrotate.yml' 13 | jobs: 14 | logrotate: 15 | runs-on: ubuntu-latest 16 | env: 17 | PY_COLORS: 1 18 | ANSIBLE_FORCE_COLOR: 1 19 | strategy: 20 | fail-fast: true 21 | matrix: 22 | molecule_distro: 23 | - { "distro":"centos-7", "command":"/usr/sbin/init" } 24 | - { "distro":"centos-8", "command":"/usr/sbin/init" } 25 | - { "distro":"fedora-32", "command":"/usr/sbin/init" } 26 | - { "distro":"fedora-31", "command":"/usr/sbin/init" } 27 | - { "distro":"fedora-30", "command":"/usr/lib/systemd/systemd" } 28 | - { "distro":"ubuntu-16.04", "command":"/sbin/init" } 29 | - { "distro":"ubuntu-18.04", "command":"/lib/systemd/systemd" } 30 | - { "distro":"ubuntu-20.04", "command":"/lib/systemd/systemd" } 31 | - { "distro":"debian-9", "command":"/lib/systemd/systemd" } 32 | - { "distro":"debian-10", "command":"/lib/systemd/systemd" } 33 | collection_role: 34 | - logrotate 35 | steps: 36 | - name: Check out code 37 | uses: actions/checkout@v1 38 | with: 39 | path: ansible_collections/ericsysmin/system 40 | 41 | - name: Set up Python 3.12 42 | uses: actions/setup-python@v5 43 | with: 44 | python-version: 3.12 45 | 46 | - name: Install dependencies 47 | run: | 48 | sudo apt install apt-transport-https ca-certificates curl software-properties-common 49 | curl -fsSL https://get.docker.com -o get-docker.sh 50 | sudo sh get-docker.sh 51 | python -m pip install --upgrade pip 52 | pip install ansible molecule yamllint ansible-lint molecule-plugins[docker] 53 | 54 | - name: Run role tests 55 | run: >- 56 | molecule --version && 57 | ansible --version && 58 | MOLECULE_COMMAND=${{ matrix.molecule_distro.command }} 59 | MOLECULE_DISTRO=${{ matrix.molecule_distro.distro }} 60 | molecule --debug test -s ${{ matrix.collection_role }} 61 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | ### REQUIRED 2 | 3 | # The namespace of the collection. This can be a company/brand/organization or product namespace under which all 4 | # content lives. May only contain alphanumeric lowercase characters and underscores. Namespaces cannot start with 5 | # underscores or numbers and cannot contain consecutive underscores 6 | namespace: ericsysmin 7 | 8 | # The name of the collection. Has the same character restrictions as 'namespace' 9 | name: system 10 | 11 | # The version of the collection. Must be compatible with semantic versioning 12 | version: 1.0.0 13 | 14 | # The path to the Markdown (.md) readme file. This path is relative to the root of the collection 15 | readme: README.md 16 | 17 | # A list of the collection's content authors. Can be just the name or in the format 'Full Name (url) 18 | # @nicks:irc/im.site#channel' 19 | authors: 20 | - Eric Anderson (https://ericsysmin.com) 21 | 22 | 23 | ### OPTIONAL but strongly recommended 24 | 25 | # A short summary description of the collection 26 | description: Collection of System Administration Roles 27 | 28 | # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only 29 | # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' 30 | # license: 31 | # - GPL-2.0-or-later 32 | 33 | # The path to the license file for the collection. This path is relative to the root of the collection. This key is 34 | # mutually exclusive with 'license' 35 | license_file: 'LICENSE' 36 | 37 | # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character 38 | # requirements as 'namespace' and 'name' 39 | tags: 40 | - system 41 | - chrony 42 | - epel 43 | - logrotate 44 | - ntp 45 | - remi_repo 46 | - selinux 47 | - rhel 48 | - ubuntu 49 | 50 | # Collections that this collection requires to be installed for it to be usable. The key of the dict is the 51 | # collection label 'namespace.name'. The value is a version range 52 | # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version 53 | # range specifiers can be set and are separated by ',' 54 | dependencies: {} 55 | 56 | # The URL of the originating SCM repository 57 | repository: https://github.com/ericsysmin/ansible-collection-system 58 | 59 | # The URL to any online docs 60 | documentation: https://github.com/ericsysmin/ansible-collection-system 61 | 62 | # The URL to the homepage of the collection/project 63 | homepage: https://github.com/ericsysmin/ansible-collection-system 64 | 65 | # The URL to the collection issue tracker 66 | issues: https://github.com/ericsysmin/ansible-collection-system/issues 67 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dist: bionic 3 | os: linux 4 | language: python 5 | services: 6 | - docker 7 | 8 | before_install: 9 | - sudo apt-get -qq update 10 | 11 | env: 12 | global: 13 | - COLLECTION_NAMESPACE: ericsysmin 14 | - COLLECTION_NAME: system 15 | jobs: 16 | # Molecule tests for chrony 17 | - ROLE=chrony MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 18 | - ROLE=chrony MOLECULE_DISTRO=centos-8 MOLECULE_COMMAND=/usr/sbin/init 19 | - ROLE=chrony MOLECULE_DISTRO=fedora-32 MOLECULE_COMMAND=/usr/sbin/init 20 | - ROLE=chrony MOLECULE_DISTRO=fedora-31 MOLECULE_COMMAND=/usr/lib/systemd/systemd 21 | - ROLE=chrony MOLECULE_DISTRO=fedora-30 MOLECULE_COMMAND=/usr/lib/systemd/systemd 22 | - ROLE=chrony MOLECULE_DISTRO=ubuntu-16.04 MOLECULE_COMMAND=/sbin/init 23 | - ROLE=chrony MOLECULE_DISTRO=ubuntu-18.04 MOLECULE_COMMAND=/lib/systemd/systemd 24 | - ROLE=chrony MOLECULE_DISTRO=ubuntu-20.04 MOLECULE_COMMAND=/lib/systemd/systemd 25 | - ROLE=chrony MOLECULE_DISTRO=debian-9 MOLECULE_COMMAND=/lib/systemd/systemd 26 | - ROLE=chrony MOLECULE_DISTRO=debian-10 MOLECULE_COMMAND=/lib/systemd/systemd 27 | # Molecule tests for epel 28 | - ROLE=epel MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 29 | - ROLE=epel MOLECULE_DISTRO=centos-8 MOLECULE_COMMAND=/usr/sbin/init 30 | # Molecule tests for logrotate 31 | - ROLE=logrotate MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 32 | - ROLE=logrotate MOLECULE_DISTRO=centos-8 MOLECULE_COMMAND=/usr/sbin/init 33 | - ROLE=logrotate MOLECULE_DISTRO=ubuntu-16.04 MOLECULE_COMMAND=/sbin/init 34 | - ROLE=logrotate MOLECULE_DISTRO=ubuntu-18.04 MOLECULE_COMMAND=/lib/systemd/systemd 35 | - ROLE=logrotate MOLECULE_DISTRO=ubuntu-20.04 MOLECULE_COMMAND=/lib/systemd/systemd 36 | - ROLE=logrotate MOLECULE_DISTRO=debian-9 MOLECULE_COMMAND=/lib/systemd/systemd 37 | - ROLE=logrotate MOLECULE_DISTRO=debian-10 MOLECULE_COMMAND=/lib/systemd/systemd 38 | # Molecule tests for ntp 39 | - ROLE=ntp MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 40 | - ROLE=ntp MOLECULE_DISTRO=ubuntu-16.04 MOLECULE_COMMAND=/sbin/init 41 | - ROLE=ntp MOLECULE_DISTRO=ubuntu-18.04 MOLECULE_COMMAND=/lib/systemd/systemd 42 | - ROLE=ntp MOLECULE_DISTRO=debian-9 MOLECULE_COMMAND=/lib/systemd/systemd 43 | # Molecule tests for remi_repo 44 | - ROLE=remi_repo MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 45 | - ROLE=remi_repo MOLECULE_DISTRO=centos-8 MOLECULE_COMMAND=/usr/sbin/init 46 | # Molecule tests for selinux 47 | - ROLE=selinux MOLECULE_DISTRO=centos-7 MOLECULE_COMMAND=/usr/sbin/init 48 | - ROLE=selinux MOLECULE_DISTRO=centos-8 MOLECULE_COMMAND=/usr/sbin/init 49 | 50 | jobs: 51 | fast_finish: true 52 | install: 53 | - pip install molecule yamllint ansible-lint docker 54 | 55 | before_script: 56 | - cd ../ 57 | - mkdir -p ansible_collections/$COLLECTION_NAMESPACE 58 | - mv ansible-collection-$COLLECTION_NAME ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME 59 | - cd ansible_collections/$COLLECTION_NAMESPACE/$COLLECTION_NAME 60 | 61 | script: 62 | - molecule test --scenario-name $ROLE 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ansible Collection - ericsysmin.system 2 | 3 | Ansible collection that holds roles, that can be used to configure common system services. 4 | 5 | ## Roles 6 | 7 | | Role | Build Status | Documentation | 8 | | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | 9 | | chrony | [![Role: ericsysmin.system.chrony](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.chrony/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.chrony%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/chrony/README.md) | 10 | | epel | [![Role: ericsysmin.system.epel](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.epel/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.epel%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/epel/README.md) | 11 | | logrotate | [![Role: ericsysmin.system.logrotate](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.logrotate/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.logrotate%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/logrotate/README.md) | 12 | | ntp | [![Role: ericsysmin.system.ntp](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.ntp/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.ntp%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/ntp/README.md) | 13 | | remi_repo | [![Role: ericsysmin.system.remi_repo](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.remi_repo/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.remi_repo%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/remi_repo/README.md) | 14 | | selinux | [![Role: ericsysmin.system.selinux](https://github.com/ericsysmin/ansible-collection-system/workflows/ericsysmin.system.selinux/badge.svg)](https://github.com/ericsysmin/ansible-collection-system/actions?query=workflow%3A%22ericsysmin.system.selinux%22) | [Documentation](https://github.com/ericsysmin/ansible-collection-system/tree/main/roles/selinux/README.md) | 15 | 16 | ## Usage 17 | 18 | You can find specific to each role within the "Documentation" link for each role. However, most should be in this format. 19 | 20 | ```yaml 21 | --- 22 | - hosts: localhost 23 | connection: local 24 | tasks: 25 | - name: Include role 26 | include_role: 27 | name: ericsysmin.system. 28 | vars: 29 | var1: value1 30 | var2: value2 31 | ``` 32 | 33 | ## Testing 34 | 35 | Testing is done through GitHub Actions, and can be tested locally as well. GitHub Actions can be located [here](https://github.com/ericsysmin/ansible-collection-system/actions). 36 | Each workflow pertains to a single role, and can be launched locally using the following command: 37 | 38 | ```bash 39 | MOLECULE_COMMAND={{ matrix.molecule_distro.command }} \ 40 | MOLECULE_DISTRO={{ matrix.molecule_distro.distro }} \ 41 | molecule --debug test -s {{ matrix.collection_role }} 42 | ``` 43 | 44 | To decide on the `MOLECULE_COMMAND` value please refer to the `.github/workflow/{{ collection_role }}.yml` file as it will have the value for proper systemd services. 45 | -------------------------------------------------------------------------------- /roles/epel/README.md: -------------------------------------------------------------------------------- 1 | # ericsysmin.system.epel 2 | 3 | Role to install EPEL on RHEL systems 4 | 5 | ## Requirements 6 | 7 | None 8 | 9 | ## Role Variables 10 | 11 | | Variable | Default | Comments | 12 | | ------------- | ------- | -------- | 13 | | `epel_manual` | `false` | | 14 | 15 | ### Vars used if `epel_manual == true` 16 | 17 | | Variable | Default | Comments | 18 | | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------- | -------- | 19 | | `epel_repo_gpg_key_url` | `http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}` | | 20 | | `epel_repo_gpg_key_url` | ` ansible_distribution_major_version }}"` | | 21 | | `epel_repo_gpg_key_file` | `/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"` | | 22 | | `epel_repo_url` | `https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"` | | 23 | | `epel_repofile_path` | `/etc/yum.repos.d/epel.repo` | | 24 | | `epel_repo_use_baseurl` | `false` | | 25 | | `epel_repo_baseurl` | ` ansible_distribution_major_version }}/$basearch` | | 26 | | `epel_repo_metalink` | ` ansible_distribution_major_version }}&arch=$basearch` | | 27 | | `epel_repo_failovermethod` | `priority` | | 28 | | `epel_repo_gpgcheck` | `true` | | 29 | | `epel_repo_enabled` | `true` | | 30 | | `epel_repo_gpgkey` | `file://{{ epel_repo_gpg_key_file }}` | | 31 | | `epel_debuginfo_repo_use_baseurl` | `false` | | 32 | | `epel_debuginfo_repo_baseurl` | ` ansible_distribution_major_version }}/$basearch/debug` | | 33 | | `epel_debuginfo_repo_metalink` | ` ansible_distribution_major_version }}&arch=$basearch` | | 34 | | `epel_debuginfo_repo_failovermethod` | `priority` | | 35 | | `epel_debuginfo_repo_gpgcheck` | `true` | | 36 | | `epel_debuginfo_repo_enabled` | `false` | | 37 | | `epel_debuginfo_repo_gpgkey` | `file://{{ epel_repo_gpg_key_file }}` | | 38 | | `epel_source_repo_use_baseurl` | `false` | | 39 | | `epel_source_repo_baseurl` | ` ansible_distribution_major_version }}/SRPMS` | | 40 | | `epel_source_repo_metalink` | ` ansible_distribution_major_version }}&arch=$basearch` | | 41 | | `epel_source_repo_failovermethod` | `priority` | | 42 | | `epel_source_repo_gpgcheck` | `true` | | 43 | | `epel_source_repo_enabled` | `false` | | 44 | | `epel_source_repo_gpgkey` | `file://{{ epel_repo_gpg_key_file }}` | | 45 | 46 | ## Dependencies 47 | 48 | None 49 | 50 | ## Example Playbook 51 | 52 | Including an example of how to use your role (for instance, with variables 53 | passed in as parameters) is always nice for users too: 54 | 55 | ```yaml 56 | - hosts: servers 57 | roles: 58 | - role: ericsysmin.system.epel 59 | ``` 60 | 61 | ```yaml 62 | - hosts: all 63 | roles: 64 | - role: ericsysmin.system.epel 65 | epel_manual: true 66 | epel_repo_use_baseurl: true 67 | ``` 68 | 69 | ## License 70 | 71 | MIT 72 | 73 | ## Author Information 74 | 75 | [ericsysmin](https://ericsysmin.com) 76 | --------------------------------------------------------------------------------