feat: decom os support checks
This commit is contained in:
parent
dfff4793c3
commit
8f396d90b6
2 changed files with 22 additions and 121 deletions
107
tasks/main.yaml
107
tasks/main.yaml
|
|
@ -1,44 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
# import ossupport and load variables
|
# load os variables
|
||||||
- name: "import ossupport and load variables"
|
- name: "include os specific vars"
|
||||||
tags:
|
|
||||||
- "apt"
|
|
||||||
- "apt-cleanup"
|
|
||||||
- "cron"
|
|
||||||
- "environment-file"
|
|
||||||
- "hostname"
|
|
||||||
- "firewall"
|
|
||||||
- "journald"
|
|
||||||
- "locale"
|
|
||||||
- "lldp"
|
|
||||||
- "lxd"
|
|
||||||
- "motd"
|
|
||||||
- "ntp"
|
|
||||||
- "telemetry"
|
|
||||||
- "snap"
|
|
||||||
- "sshd"
|
|
||||||
- "sysctl"
|
|
||||||
- "systemctl"
|
|
||||||
- "syslog"
|
|
||||||
- "timezone"
|
|
||||||
- "usermanagement"
|
|
||||||
block:
|
|
||||||
|
|
||||||
# check os support
|
|
||||||
- name: "check for os support"
|
|
||||||
ansible.builtin.import_tasks: "ossupport.yaml"
|
|
||||||
|
|
||||||
# load os variables
|
|
||||||
- name: "include os specific vars"
|
|
||||||
ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
|
ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
|
||||||
when: "os_support"
|
tags: "always"
|
||||||
|
|
||||||
|
|
||||||
# set hostname
|
# set hostname
|
||||||
- name: "set hostname"
|
- name: "set hostname"
|
||||||
ansible.builtin.import_tasks: "hostname.yaml"
|
ansible.builtin.import_tasks: "hostname.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "hostname"
|
tags: "hostname"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -48,7 +17,6 @@
|
||||||
# set locale
|
# set locale
|
||||||
- name: "set locale"
|
- name: "set locale"
|
||||||
ansible.builtin.import_tasks: "locale.yaml"
|
ansible.builtin.import_tasks: "locale.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "locale"
|
tags: "locale"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -58,7 +26,6 @@
|
||||||
# environment
|
# environment
|
||||||
- name: "environment"
|
- name: "environment"
|
||||||
ansible.builtin.import_tasks: "environment.yaml"
|
ansible.builtin.import_tasks: "environment.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "environment-file"
|
tags: "environment-file"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -68,13 +35,11 @@
|
||||||
# motd
|
# motd
|
||||||
- name: "motd"
|
- name: "motd"
|
||||||
ansible.builtin.import_tasks: "motd.yaml"
|
ansible.builtin.import_tasks: "motd.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "motd"
|
tags: "motd"
|
||||||
|
|
||||||
# cron jobs
|
# cron jobs
|
||||||
- name: "cron jobs"
|
- name: "cron jobs"
|
||||||
ansible.builtin.import_tasks: "cron.yaml"
|
ansible.builtin.import_tasks: "cron.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "cron"
|
tags: "cron"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -84,15 +49,12 @@
|
||||||
# swap
|
# swap
|
||||||
- name: "swap"
|
- name: "swap"
|
||||||
ansible.builtin.import_tasks: "swap.yaml"
|
ansible.builtin.import_tasks: "swap.yaml"
|
||||||
when:
|
when: 'type == "vm"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm"'
|
|
||||||
tags: "swap"
|
tags: "swap"
|
||||||
|
|
||||||
# apt
|
# apt
|
||||||
- name: "apt"
|
- name: "apt"
|
||||||
ansible.builtin.import_tasks: "apt/sources.yaml"
|
ansible.builtin.import_tasks: "apt/sources.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "apt"
|
tags: "apt"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -101,23 +63,19 @@
|
||||||
|
|
||||||
- name: "apt - packages"
|
- name: "apt - packages"
|
||||||
ansible.builtin.import_tasks: "apt/packages.yaml"
|
ansible.builtin.import_tasks: "apt/packages.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "apt"
|
tags: "apt"
|
||||||
|
|
||||||
- name: "apt - config"
|
- name: "apt - config"
|
||||||
ansible.builtin.import_tasks: "apt/config.yaml"
|
ansible.builtin.import_tasks: "apt/config.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "apt"
|
tags: "apt"
|
||||||
|
|
||||||
- name: "apt - cleanup"
|
- name: "apt - cleanup"
|
||||||
ansible.builtin.import_tasks: "apt/cleanup.yaml"
|
ansible.builtin.import_tasks: "apt/cleanup.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "apt-cleanup"
|
tags: "apt-cleanup"
|
||||||
|
|
||||||
# telemetry
|
# telemetry
|
||||||
- name: "telemetry"
|
- name: "telemetry"
|
||||||
ansible.builtin.import_tasks: "telemetry.yaml"
|
ansible.builtin.import_tasks: "telemetry.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "telemetry"
|
tags: "telemetry"
|
||||||
|
|
||||||
# service
|
# service
|
||||||
|
|
@ -126,9 +84,7 @@
|
||||||
loop: "{{ service }}"
|
loop: "{{ service }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__service"
|
loop_var: "__service"
|
||||||
when:
|
when: "service is defined"
|
||||||
- "os_support"
|
|
||||||
- "service is defined"
|
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
- name: "flush handlers"
|
- name: "flush handlers"
|
||||||
|
|
@ -137,9 +93,7 @@
|
||||||
# chrony
|
# chrony
|
||||||
- name: "ntp"
|
- name: "ntp"
|
||||||
ansible.builtin.import_tasks: "ntp.yaml"
|
ansible.builtin.import_tasks: "ntp.yaml"
|
||||||
when:
|
when: 'type == "vm" or type == "hw"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm" or type == "hw"'
|
|
||||||
tags: "ntp"
|
tags: "ntp"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -149,22 +103,17 @@
|
||||||
# snap
|
# snap
|
||||||
- name: "snap - daemon"
|
- name: "snap - daemon"
|
||||||
ansible.builtin.import_tasks: "snap/snap_daemon.yaml"
|
ansible.builtin.import_tasks: "snap/snap_daemon.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "snap"
|
tags: "snap"
|
||||||
|
|
||||||
- name: "snap - package"
|
- name: "snap - package"
|
||||||
ansible.builtin.import_tasks: "snap/snap_package.yaml"
|
ansible.builtin.import_tasks: "snap/snap_package.yaml"
|
||||||
when:
|
when: "snap_package is defined"
|
||||||
- "os_support"
|
|
||||||
- "snap_package is defined"
|
|
||||||
tags: "snap"
|
tags: "snap"
|
||||||
|
|
||||||
# llpd
|
# llpd
|
||||||
- name: "lldpd"
|
- name: "lldpd"
|
||||||
ansible.builtin.import_tasks: "lldpd.yaml"
|
ansible.builtin.import_tasks: "lldpd.yaml"
|
||||||
when:
|
when: 'type == "vm" or type == "hw"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm" or type == "hw"'
|
|
||||||
tags: "lldp"
|
tags: "lldp"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -174,9 +123,7 @@
|
||||||
# lxd
|
# lxd
|
||||||
- name: "lxd"
|
- name: "lxd"
|
||||||
ansible.builtin.import_tasks: "lxd.yaml"
|
ansible.builtin.import_tasks: "lxd.yaml"
|
||||||
when:
|
when: 'type == "vm"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm"'
|
|
||||||
tags: "lxd"
|
tags: "lxd"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -189,9 +136,7 @@
|
||||||
loop: "{{ sysctl }}"
|
loop: "{{ sysctl }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__sysctl"
|
loop_var: "__sysctl"
|
||||||
when:
|
when: 'type == "vm" or type == "hw"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm" or type == "hw"'
|
|
||||||
tags: "sysctl"
|
tags: "sysctl"
|
||||||
|
|
||||||
# systemctl
|
# systemctl
|
||||||
|
|
@ -200,24 +145,18 @@
|
||||||
loop: "{{ systemctl }}"
|
loop: "{{ systemctl }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__systemctl"
|
loop_var: "__systemctl"
|
||||||
when:
|
when: 'type == "vm"'
|
||||||
- "os_support"
|
|
||||||
- 'type == "vm"'
|
|
||||||
tags: "systemctl"
|
tags: "systemctl"
|
||||||
|
|
||||||
# syslog
|
# syslog
|
||||||
- name: "syslog - install"
|
- name: "syslog - install"
|
||||||
ansible.builtin.import_tasks: "syslog/install.yaml"
|
ansible.builtin.import_tasks: "syslog/install.yaml"
|
||||||
when:
|
when: "syslog_enable"
|
||||||
- "os_support"
|
|
||||||
- "syslog_enable"
|
|
||||||
tags: "syslog"
|
tags: "syslog"
|
||||||
|
|
||||||
- name: "syslog - config"
|
- name: "syslog - config"
|
||||||
ansible.builtin.import_tasks: "syslog/config.yaml"
|
ansible.builtin.import_tasks: "syslog/config.yaml"
|
||||||
when:
|
when: "syslog_enable"
|
||||||
- "os_support"
|
|
||||||
- "syslog_enable"
|
|
||||||
tags: "syslog"
|
tags: "syslog"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -227,7 +166,6 @@
|
||||||
# journald
|
# journald
|
||||||
- name: "journald"
|
- name: "journald"
|
||||||
ansible.builtin.import_tasks: "journald.yaml"
|
ansible.builtin.import_tasks: "journald.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "journald"
|
tags: "journald"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -237,13 +175,11 @@
|
||||||
# timezone
|
# timezone
|
||||||
- name: "timezone"
|
- name: "timezone"
|
||||||
ansible.builtin.import_tasks: "timezone.yaml"
|
ansible.builtin.import_tasks: "timezone.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "timezone"
|
tags: "timezone"
|
||||||
|
|
||||||
# sshd
|
# sshd
|
||||||
- name: "sshd"
|
- name: "sshd"
|
||||||
ansible.builtin.import_tasks: "sshd.yaml"
|
ansible.builtin.import_tasks: "sshd.yaml"
|
||||||
when: "os_support"
|
|
||||||
tags: "sshd"
|
tags: "sshd"
|
||||||
|
|
||||||
# flush handler
|
# flush handler
|
||||||
|
|
@ -256,15 +192,12 @@
|
||||||
loop: "{{ user }}"
|
loop: "{{ user }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__user"
|
loop_var: "__user"
|
||||||
when: "os_support"
|
|
||||||
tags: "usermanagement"
|
tags: "usermanagement"
|
||||||
|
|
||||||
# firewall
|
# firewall
|
||||||
- name: "firewall"
|
- name: "firewall"
|
||||||
ansible.builtin.import_tasks: "firewall/firewall-general.yaml"
|
ansible.builtin.import_tasks: "firewall/firewall-general.yaml"
|
||||||
when:
|
when: "firewall_enabled"
|
||||||
- "os_support"
|
|
||||||
- "firewall_enabled"
|
|
||||||
tags: "firewall"
|
tags: "firewall"
|
||||||
|
|
||||||
# firewall common rules
|
# firewall common rules
|
||||||
|
|
@ -274,8 +207,8 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__rule"
|
loop_var: "__rule"
|
||||||
when:
|
when:
|
||||||
- "os_support"
|
- "firewall_rules_common is defined"
|
||||||
- "firewall_rules_common is defined and firewall_enabled"
|
- "firewall_enabled"
|
||||||
tags: "firewall"
|
tags: "firewall"
|
||||||
|
|
||||||
# firewall routed rules
|
# firewall routed rules
|
||||||
|
|
@ -285,8 +218,8 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__rule"
|
loop_var: "__rule"
|
||||||
when:
|
when:
|
||||||
- "os_support"
|
- "firewall_rules_routed is defined"
|
||||||
- "firewall_rules_routed is defined and firewall_enabled"
|
- "firewall_enabled"
|
||||||
tags: "firewall"
|
tags: "firewall"
|
||||||
|
|
||||||
# firewall host rules
|
# firewall host rules
|
||||||
|
|
@ -296,6 +229,6 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: "__rule"
|
loop_var: "__rule"
|
||||||
when:
|
when:
|
||||||
- "os_support"
|
- "firewall_rules is defined"
|
||||||
- "firewall_rules is defined and firewall_enabled"
|
- "firewall_enabled"
|
||||||
tags: "firewall"
|
tags: "firewall"
|
||||||
|
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
# support debian 12
|
|
||||||
- name: "check for os support"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
os_support: true
|
|
||||||
when:
|
|
||||||
- 'ansible_distribution == "Debian"'
|
|
||||||
- 'ansible_distribution_major_version == "12"'
|
|
||||||
|
|
||||||
# support ubuntu 22
|
|
||||||
- name: "check for os support"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
os_support: true
|
|
||||||
when:
|
|
||||||
- 'ansible_distribution == "Ubuntu"'
|
|
||||||
- 'ansible_distribution_major_version == "22"'
|
|
||||||
|
|
||||||
# support ubuntu 24
|
|
||||||
- name: "check for os support"
|
|
||||||
ansible.builtin.set_fact:
|
|
||||||
os_support: true
|
|
||||||
when:
|
|
||||||
- 'ansible_distribution == "Ubuntu"'
|
|
||||||
- 'ansible_distribution_major_version == "24"'
|
|
||||||
|
|
||||||
# fail role when not supported
|
|
||||||
- name: "unsupported role"
|
|
||||||
ansible.builtin.fail:
|
|
||||||
msg: "This role not supported on this Operating System."
|
|
||||||
when:
|
|
||||||
- "os_support is not defined"
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue