diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | handlers/restart_services.yml | 15 | ||||
| -rw-r--r-- | playbooks/groups/arm-packager.yml | 8 | ||||
| -rw-r--r-- | playbooks/groups/arm-qa.yml | 8 | ||||
| -rw-r--r-- | playbooks/groups/arm-releng.yml | 5 | ||||
| -rw-r--r-- | playbooks/groups/backup-server.yml | 11 | ||||
| -rw-r--r-- | playbooks/groups/badges-backend.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/badges-web.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/beaker.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/gallery.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/kernel-qa.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/keyserver.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/koji-hub.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/mailman.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/mirrorlist.yml | 14 | ||||
| -rw-r--r-- | playbooks/groups/postgresl-server.yml | 13 | ||||
| -rw-r--r-- | playbooks/groups/releng.yml | 4 | ||||
| -rw-r--r-- | playbooks/groups/sign.yml | 4 | ||||
| -rw-r--r-- | playbooks/groups/taskbot.yml | 10 | ||||
| -rw-r--r-- | playbooks/groups/virthost.yml | 11 | ||||
| -rw-r--r-- | playbooks/rkhunter_update.yml | 8 | ||||
| -rw-r--r-- | roles/denyhosts/files/allowed-hosts (renamed from files/denyhosts/allowed-hosts) | 0 | ||||
| -rw-r--r-- | roles/denyhosts/files/denyhosts.conf (renamed from files/denyhosts/denyhosts.conf) | 0 | ||||
| -rw-r--r-- | roles/denyhosts/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/denyhosts/tasks/main.yml (renamed from tasks/denyhosts.yml) | 4 | ||||
| -rw-r--r-- | roles/fas_client/files/fas-client.cron (renamed from files/fas-client/fas-client.cron) | 0 | ||||
| -rw-r--r-- | roles/fas_client/files/nsswitch.conf (renamed from files/fas-client/nsswitch.conf) | 0 | ||||
| -rw-r--r-- | roles/fas_client/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/fas_client/tasks/main.yml (renamed from tasks/fas_client.yml) | 18 | ||||
| -rw-r--r-- | roles/fas_client/templates/fas.conf.j2 (renamed from files/fas-client/fas.conf.j2) | 0 | ||||
| -rw-r--r-- | roles/geoip/files/geoip_sync (renamed from files/geoip/geoip_sync) | 0 | ||||
| -rw-r--r-- | roles/geoip/tasks/main.yml (renamed from tasks/geoip.yml) | 4 | ||||
| -rw-r--r-- | roles/mirrorlist/files/mirrorlist-server.conf (renamed from files/mirrorlist/mirrorlist-server.conf) | 0 | ||||
| -rw-r--r-- | roles/mirrorlist/files/mm-authorized_key (renamed from files/mirrorlist/mm-authorized_key) | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | roles/mirrorlist/files/mm_sync_data (renamed from files/mirrorlist/mm_sync_data) | 0 | ||||
| -rw-r--r-- | roles/mirrorlist/files/supervisord.conf (renamed from files/mirrorlist/supervisord.conf) | 0 | ||||
| -rw-r--r-- | roles/mirrorlist/tasks/main.yml (renamed from tasks/mirrorlist.yml) | 6 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_cron.cfg (renamed from files/nagios/client/check_cron.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_disk.cfg (renamed from files/nagios/client/check_disk.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_lock.cfg (renamed from files/nagios/client/check_lock.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_mirrorlist_cache.cfg (renamed from files/nagios/client/check_mirrorlist_cache.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_postfix_queue.cfg (renamed from files/nagios/client/check_postfix_queue.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_raid.cfg (renamed from files/nagios/client/check_raid.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/check_swap.cfg (renamed from files/nagios/client/check_swap.cfg) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/files/nrpe.cfg (renamed from files/nagios/client/nrpe.cfg) | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | roles/nagios_client/files/scripts/check_lock (renamed from files/nagios/client/scripts/check_lock) | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | roles/nagios_client/files/scripts/check_postfix_queue (renamed from files/nagios/client/scripts/check_postfix_queue) | 0 | ||||
| -rw-r--r--[-rwxr-xr-x] | roles/nagios_client/files/scripts/check_raid.py (renamed from files/nagios/client/scripts/check_raid.py) | 0 | ||||
| -rw-r--r-- | roles/nagios_client/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/nagios_client/tasks/main.yml (renamed from tasks/nagios_client.yml) | 6 | ||||
| -rw-r--r-- | roles/postgresql_server/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/postgresql_server/tasks/main.yml (renamed from tasks/postgresql_server.yml) | 0 | ||||
| -rw-r--r-- | roles/rkhunter/files/rkhunter.conf.j2 (renamed from files/rkhunter/rkhunter.conf.j2) | 0 | ||||
| -rw-r--r-- | roles/rkhunter/files/rkhunter.sysconfig (renamed from files/rkhunter/rkhunter.sysconfig) | 0 | ||||
| -rw-r--r-- | roles/rkhunter/tasks/main.yml (renamed from tasks/rkhunter.yml) | 4 |
55 files changed, 138 insertions, 108 deletions
diff --git a/.gitignore b/.gitignore index 1377554eb..b94898552 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *.swp +*.pyc diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 805ee4e11..23aa481c3 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -26,9 +26,6 @@ - name: restart crond action: service name=crond state=restarted -- name: restart denyhosts - action: service name=denyhosts state=restarted - - name: restart httpd action: service name=httpd state=restarted @@ -59,9 +56,6 @@ - name: restart nfslock action: service name=nfslock state=restarted -- name: restart nrpe - action: service name=nrpe state=restarted - - name: restart ntpd action: service name=ntpd state=restarted @@ -71,9 +65,6 @@ - name: restart postfix action: service name=postfix state=restarted -- name: restart postgresql - service: name=postgresql state=restarted - - name: restart rpcbind action: service name=rpcbind state=restarted @@ -92,11 +83,7 @@ - name: restart sshd action: service name=sshd state=restarted -- name: restart supervisord - action: service name=supervisord state=restarted - - name: restart xinetd action: service name=xinetd state=restarted -- name: run fasclient - action: command /usr/bin/fasClient -i + diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml index efdc0faaf..fa02fa42d 100644 --- a/playbooks/groups/arm-packager.yml +++ b/playbooks/groups/arm-packager.yml @@ -11,17 +11,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml index af789b28a..3f281af25 100644 --- a/playbooks/groups/arm-qa.yml +++ b/playbooks/groups/arm-qa.yml @@ -11,17 +11,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/arm-releng.yml b/playbooks/groups/arm-releng.yml index d2f32129b..3858ee9b7 100644 --- a/playbooks/groups/arm-releng.yml +++ b/playbooks/groups/arm-releng.yml @@ -10,9 +10,10 @@ - /srv/web/infra/ansible/vars/global.yml - ${private}/vars.yml + roles: + - fas_client + tasks: - # This task sets up fas_client for user management - - include: $tasks/fas_client.yml # This task sets up /etc/hosts for us - include: $tasks/hosts.yml # This task includes our common scripts diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index 965c8cb47..90a4dd46b 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -13,18 +13,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/mysql_server.yml - include: $tasks/bacula_server.yml - include: $tasks/rdiff_backup_server.yml diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml index 77514dd7f..696cf0943 100644 --- a/playbooks/groups/badges-backend.yml +++ b/playbooks/groups/badges-backend.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/openvpn_client.yml only_if: "'$env' != 'staging'" - include: $tasks/fedmsg_base.yml diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml index c93eb85da..41a70f2a9 100644 --- a/playbooks/groups/badges-web.yml +++ b/playbooks/groups/badges-web.yml @@ -32,17 +32,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/openvpn_client.yml only_if: "'$env' != 'staging'" - include: $tasks/fedmsg_base.yml diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml index ddd2dd215..6296bd247 100644 --- a/playbooks/groups/beaker.yml +++ b/playbooks/groups/beaker.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml index 596ce8b68..17e1961c3 100644 --- a/playbooks/groups/gallery.yml +++ b/playbooks/groups/gallery.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/fedmsg_base.yml - include: $tasks/apache.yml diff --git a/playbooks/groups/kernel-qa.yml b/playbooks/groups/kernel-qa.yml index b08ebe32b..b46335ab8 100644 --- a/playbooks/groups/kernel-qa.yml +++ b/playbooks/groups/kernel-qa.yml @@ -12,18 +12,20 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml index d8a4ba7a3..9c1c29693 100644 --- a/playbooks/groups/keyserver.yml +++ b/playbooks/groups/keyserver.yml @@ -29,17 +29,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/fedmsg_base.yml - include: $tasks/apache.yml - include: $tasks/keyserver.yml diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 4d26766d9..1cf81954a 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -30,17 +30,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - include: $tasks/koji/koji_hub.yml diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index d85eab8e6..bea5f2319 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml index a6bc4d1e6..f824d6b55 100644 --- a/playbooks/groups/mirrorlist.yml +++ b/playbooks/groups/mirrorlist.yml @@ -38,24 +38,26 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - geoip + - fas_client + - mirrorlist + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/openvpn_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/apache.yml - include: $tasks/mod_wsgi.yml - - include: $tasks/geoip.yml - - include: $tasks/mirrorlist.yml handlers: diff --git a/playbooks/groups/postgresl-server.yml b/playbooks/groups/postgresl-server.yml index d95801dd7..bb33a360f 100644 --- a/playbooks/groups/postgresl-server.yml +++ b/playbooks/groups/postgresl-server.yml @@ -30,20 +30,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - postgresql_server + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - - include: $tasks/postgresql_server.yml # TODO: add iscsi task diff --git a/playbooks/groups/releng.yml b/playbooks/groups/releng.yml index 649cfbbc5..f6428405a 100644 --- a/playbooks/groups/releng.yml +++ b/playbooks/groups/releng.yml @@ -31,10 +31,12 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - nagios_client + tasks: - include: $tasks/koji/releng_config.yml - include: $tasks/motd.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/sign.yml b/playbooks/groups/sign.yml index c287286cd..1c5c64d20 100644 --- a/playbooks/groups/sign.yml +++ b/playbooks/groups/sign.yml @@ -19,9 +19,11 @@ tasks: - include: $tasks/base.yml - include: $tasks/serialgetty.yml - - include: $tasks/rkhunter.yml - include: $tasks/motd.yml - include: $tasks/sign_setup.yml + roles: + - rkhunter + handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/taskbot.yml b/playbooks/groups/taskbot.yml index 5c4e24ab9..eab5ae91e 100644 --- a/playbooks/groups/taskbot.yml +++ b/playbooks/groups/taskbot.yml @@ -28,19 +28,21 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: # this is how you include other task lists - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/collectd/client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml handlers: - include: $handlers/restart_services.yml diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index 5d5b22c01..ab93d9071 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -12,18 +12,19 @@ - ${private}/vars.yml - ${vars}/${ansible_distribution}.yml - tasks: + roles: + - rkhunter + - denyhosts + - nagios_client + - fas_client + tasks: - include: $tasks/hosts.yml - include: $tasks/yumrepos.yml - include: $tasks/base.yml - - include: $tasks/fas_client.yml - include: $tasks/2fa_client.yml - include: $tasks/motd.yml - include: $tasks/sudo.yml - - include: $tasks/rkhunter.yml - - include: $tasks/denyhosts.yml - - include: $tasks/nagios_client.yml - include: $tasks/collectd/client.yml - include: $tasks/virthost.yml diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index a47d6bf26..c69ea645e 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -6,20 +6,20 @@ tasks: - name: expire-caches - action: command yum clean expire-cache + command: yum clean expire-cache - name: yum -y ${yumcommand} - action: command yum -y ${yumcommand} + command: yum -y ${yumcommand} async: 7200 poll: 15 - name: check for rkhunter - action: command /usr/bin/test -f /usr/bin/rkhunter + command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: run rkhunter --propupd - action: command /usr/bin/rkhunter --propupd + command: /usr/bin/rkhunter --propupd when: rkhunter|success diff --git a/files/denyhosts/allowed-hosts b/roles/denyhosts/files/allowed-hosts index f5a88b7b0..f5a88b7b0 100644 --- a/files/denyhosts/allowed-hosts +++ b/roles/denyhosts/files/allowed-hosts diff --git a/files/denyhosts/denyhosts.conf b/roles/denyhosts/files/denyhosts.conf index 577b8518e..577b8518e 100644 --- a/files/denyhosts/denyhosts.conf +++ b/roles/denyhosts/files/denyhosts.conf diff --git a/roles/denyhosts/handlers/main.yml b/roles/denyhosts/handlers/main.yml new file mode 100644 index 000000000..83c446bce --- /dev/null +++ b/roles/denyhosts/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart denyhosts + action: service name=denyhosts state=restarted diff --git a/tasks/denyhosts.yml b/roles/denyhosts/tasks/main.yml index cc4e7566a..1e0a1c40d 100644 --- a/tasks/denyhosts.yml +++ b/roles/denyhosts/tasks/main.yml @@ -6,14 +6,14 @@ - packages - name: /etc/denyhosts.conf - copy: src=$files/denyhosts/denyhosts.conf dest=/etc/denyhosts.conf + copy: src=denyhosts.conf dest=/etc/denyhosts.conf notify: - restart denyhosts tags: - config - name: /var/lib/denyhosts/allowed-hosts - copy: src=$files/denyhosts/allowed-hosts dest=/var/lib/denyhosts/allowed-hosts + copy: src=allowed-hosts dest=/var/lib/denyhosts/allowed-hosts notify: - restart denyhosts tags: diff --git a/files/fas-client/fas-client.cron b/roles/fas_client/files/fas-client.cron index 4ec50f9a8..4ec50f9a8 100644 --- a/files/fas-client/fas-client.cron +++ b/roles/fas_client/files/fas-client.cron diff --git a/files/fas-client/nsswitch.conf b/roles/fas_client/files/nsswitch.conf index fb4ff626f..fb4ff626f 100644 --- a/files/fas-client/nsswitch.conf +++ b/roles/fas_client/files/nsswitch.conf diff --git a/roles/fas_client/handlers/main.yml b/roles/fas_client/handlers/main.yml new file mode 100644 index 000000000..354ef9d89 --- /dev/null +++ b/roles/fas_client/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: run fasclient + action: command /usr/bin/fasClient -i diff --git a/tasks/fas_client.yml b/roles/fas_client/tasks/main.yml index fedeb5b1f..c2f64c7c8 100644 --- a/tasks/fas_client.yml +++ b/roles/fas_client/tasks/main.yml @@ -9,7 +9,7 @@ # nss_db is needed to store user/group info. # - name: install package needed for fas-client - action: yum state=installed name=$item + yum: state=installed name=$item with_items: - fas-clients - cronie @@ -27,7 +27,7 @@ - packages - name: install nss_db on rhel hosts only - action: yum state=installed name=nss_db + yum: state=installed name=nss_db only_if: "'${ansible_distribution}' == 'RedHat'" tags: - packages @@ -36,7 +36,7 @@ # setup /etc/nsswitch.conf to use nssdb # - name: setup /etc/nsswitch.conf for client use - action: copy src=$files/fas-client/nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=644 + copy: src=nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=644 tags: - config @@ -54,12 +54,12 @@ # Currently the default template is used, but could be modified on a host basis. # - name: setup /etc/fas.conf for client use - action: template src=$item dest=/etc/fas.conf owner=root mode=600 + template: src=$item dest=/etc/fas.conf owner=root mode=600 with_first_found: - - $files/fas-client/${ansible_fqdn}.fas.conf.j2 - - $files/fas-client/${ansible_hostname}.fas.conf.j2 - - $files/fas-client/${ansible_hostname}.fas.conf.j2 - - $files/fas-client/fas.conf.j2 + - ${ansible_fqdn}.fas.conf.j2 + - ${ansible_hostname}.fas.conf.j2 + - ${ansible_hostname}.fas.conf.j2 + - fas.conf.j2 tags: - config notify: @@ -75,6 +75,6 @@ # - config - name: fas_client cron job - action: copy src=$files/fas-client/fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644 + copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644 tags: - config diff --git a/files/fas-client/fas.conf.j2 b/roles/fas_client/templates/fas.conf.j2 index d3af01dd4..d3af01dd4 100644 --- a/files/fas-client/fas.conf.j2 +++ b/roles/fas_client/templates/fas.conf.j2 diff --git a/files/geoip/geoip_sync b/roles/geoip/files/geoip_sync index 2c5ce7991..2c5ce7991 100644 --- a/files/geoip/geoip_sync +++ b/roles/geoip/files/geoip_sync diff --git a/tasks/geoip.yml b/roles/geoip/tasks/main.yml index d37a5d5d0..da72a52b6 100644 --- a/tasks/geoip.yml +++ b/roles/geoip/tasks/main.yml @@ -10,6 +10,4 @@ with_fileglob: $bigfiles/geoip/*.dat - name: geoip syncing script via cron - copy: src=$files/geoip/geoip_sync dest=/etc/cron.d/geoip_sync mode=0644 - - + copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644 diff --git a/files/mirrorlist/mirrorlist-server.conf b/roles/mirrorlist/files/mirrorlist-server.conf index 1ee87bcc3..1ee87bcc3 100644 --- a/files/mirrorlist/mirrorlist-server.conf +++ b/roles/mirrorlist/files/mirrorlist-server.conf diff --git a/files/mirrorlist/mm-authorized_key b/roles/mirrorlist/files/mm-authorized_key index bef6a5561..bef6a5561 100644 --- a/files/mirrorlist/mm-authorized_key +++ b/roles/mirrorlist/files/mm-authorized_key diff --git a/files/mirrorlist/mm_sync_data b/roles/mirrorlist/files/mm_sync_data index e48bdc7b3..e48bdc7b3 100755..100644 --- a/files/mirrorlist/mm_sync_data +++ b/roles/mirrorlist/files/mm_sync_data diff --git a/files/mirrorlist/supervisord.conf b/roles/mirrorlist/files/supervisord.conf index 2183276e3..2183276e3 100644 --- a/files/mirrorlist/supervisord.conf +++ b/roles/mirrorlist/files/supervisord.conf diff --git a/tasks/mirrorlist.yml b/roles/mirrorlist/tasks/main.yml index 0bc4cf81e..6fb68afdb 100644 --- a/tasks/mirrorlist.yml +++ b/roles/mirrorlist/tasks/main.yml @@ -16,11 +16,11 @@ - name: add authorized_keys for mirrormanager authorized_key: key="{{ item }}" user=mirrormanager state=present with_file: - - $files/mirrorlist/mm-authorized_key + - mm-authorized_key # install mirrorlist-server.conf apache config - name: mirrorlist-server apache conf - copy: src=$files/mirrorlist/mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf + copy: src=mirrorlist-server.conf dest=/etc/httpd/conf.d/mirrorlist-server.conf notify: - restart apache tags: @@ -39,7 +39,7 @@ # setup and configure supervisord - name: /etc/supervisord.conf - copy: src=$files/mirrorlist/supervisord.conf dest=/etc/supervisord.conf mode=0644 + copy: src=supervisord.conf dest=/etc/supervisord.conf mode=0644 notify: - restart supervisord diff --git a/files/nagios/client/check_cron.cfg b/roles/nagios_client/files/check_cron.cfg index e01f40799..e01f40799 100644 --- a/files/nagios/client/check_cron.cfg +++ b/roles/nagios_client/files/check_cron.cfg diff --git a/files/nagios/client/check_disk.cfg b/roles/nagios_client/files/check_disk.cfg index d5d32903f..d5d32903f 100644 --- a/files/nagios/client/check_disk.cfg +++ b/roles/nagios_client/files/check_disk.cfg diff --git a/files/nagios/client/check_lock.cfg b/roles/nagios_client/files/check_lock.cfg index 9525f9f39..9525f9f39 100644 --- a/files/nagios/client/check_lock.cfg +++ b/roles/nagios_client/files/check_lock.cfg diff --git a/files/nagios/client/check_mirrorlist_cache.cfg b/roles/nagios_client/files/check_mirrorlist_cache.cfg index bd4b17130..bd4b17130 100644 --- a/files/nagios/client/check_mirrorlist_cache.cfg +++ b/roles/nagios_client/files/check_mirrorlist_cache.cfg diff --git a/files/nagios/client/check_postfix_queue.cfg b/roles/nagios_client/files/check_postfix_queue.cfg index 557469803..557469803 100644 --- a/files/nagios/client/check_postfix_queue.cfg +++ b/roles/nagios_client/files/check_postfix_queue.cfg diff --git a/files/nagios/client/check_raid.cfg b/roles/nagios_client/files/check_raid.cfg index 5c15d450c..5c15d450c 100644 --- a/files/nagios/client/check_raid.cfg +++ b/roles/nagios_client/files/check_raid.cfg diff --git a/files/nagios/client/check_swap.cfg b/roles/nagios_client/files/check_swap.cfg index bc4f19d5d..bc4f19d5d 100644 --- a/files/nagios/client/check_swap.cfg +++ b/roles/nagios_client/files/check_swap.cfg diff --git a/files/nagios/client/nrpe.cfg b/roles/nagios_client/files/nrpe.cfg index 6933f788b..6933f788b 100644 --- a/files/nagios/client/nrpe.cfg +++ b/roles/nagios_client/files/nrpe.cfg diff --git a/files/nagios/client/scripts/check_lock b/roles/nagios_client/files/scripts/check_lock index 1a58e95ef..1a58e95ef 100755..100644 --- a/files/nagios/client/scripts/check_lock +++ b/roles/nagios_client/files/scripts/check_lock diff --git a/files/nagios/client/scripts/check_postfix_queue b/roles/nagios_client/files/scripts/check_postfix_queue index 44ab4445f..44ab4445f 100755..100644 --- a/files/nagios/client/scripts/check_postfix_queue +++ b/roles/nagios_client/files/scripts/check_postfix_queue diff --git a/files/nagios/client/scripts/check_raid.py b/roles/nagios_client/files/scripts/check_raid.py index 48cddd93d..48cddd93d 100755..100644 --- a/files/nagios/client/scripts/check_raid.py +++ b/roles/nagios_client/files/scripts/check_raid.py diff --git a/roles/nagios_client/handlers/main.yml b/roles/nagios_client/handlers/main.yml new file mode 100644 index 000000000..1086c3d4f --- /dev/null +++ b/roles/nagios_client/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart nrpe + action: service name=nrpe state=restarted diff --git a/tasks/nagios_client.yml b/roles/nagios_client/tasks/main.yml index 56093f088..5888ede7f 100644 --- a/tasks/nagios_client.yml +++ b/roles/nagios_client/tasks/main.yml @@ -18,7 +18,7 @@ - packages - name: install local nrpe check scripts that are not packaged - copy: src=$files/nagios/client/scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios + copy: src=scripts/$item dest=/usr/lib64/nagios/plugins/$item mode=0755 owner=nagios group=nagios with_items: - check_postfix_queue - check_raid.py @@ -36,14 +36,14 @@ # FIXME? figure out nrpe selinux policy of DOOM is needed - name: /etc/nagios/nrpe.cfg - template: src=$files/nagios/client/nrpe.cfg dest=/etc/nagios/nrpe.cfg + template: src=nrpe.cfg dest=/etc/nagios/nrpe.cfg notify: - restart nrpe tags: - config - name: install nrpe client configs - template: src=$files/nagios/client/$item dest=/etc/nrpe.d/$item + template: src=$item dest=/etc/nrpe.d/$item with_items: - check_mirrorlist_cache.cfg - check_raid.cfg diff --git a/roles/postgresql_server/handlers/main.yml b/roles/postgresql_server/handlers/main.yml new file mode 100644 index 000000000..c51e7d1cc --- /dev/null +++ b/roles/postgresql_server/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart postgresql + service: name=postgresql state=restarted diff --git a/tasks/postgresql_server.yml b/roles/postgresql_server/tasks/main.yml index ca74bc616..ca74bc616 100644 --- a/tasks/postgresql_server.yml +++ b/roles/postgresql_server/tasks/main.yml diff --git a/files/rkhunter/rkhunter.conf.j2 b/roles/rkhunter/files/rkhunter.conf.j2 index 705517580..705517580 100644 --- a/files/rkhunter/rkhunter.conf.j2 +++ b/roles/rkhunter/files/rkhunter.conf.j2 diff --git a/files/rkhunter/rkhunter.sysconfig b/roles/rkhunter/files/rkhunter.sysconfig index 0c463db71..0c463db71 100644 --- a/files/rkhunter/rkhunter.sysconfig +++ b/roles/rkhunter/files/rkhunter.sysconfig diff --git a/tasks/rkhunter.yml b/roles/rkhunter/tasks/main.yml index 325315b79..4bec0f7b1 100644 --- a/tasks/rkhunter.yml +++ b/roles/rkhunter/tasks/main.yml @@ -6,12 +6,12 @@ - packages - name: rkhunter.conf - template: src=$files/rkhunter/rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640 + template: src=rkhunter.conf.j2 dest=/etc/rkhunter.conf mode=0640 tags: - config - name: rkhunter sysconfig - copy: src=$files/rkhunter/rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640 + copy: src=rkhunter.sysconfig dest=/etc/sysconfig/rkhunter mode=0640 tags: - config |