Compare commits

...

2 commits

Author SHA1 Message Date
1f3c67019e Merge branch 'master' into rsync_mirror_logging
All checks were successful
ansible-lint / gitleaks (pull_request) Successful in 7s
ansible-lint / Ansible Lint (pull_request) Successful in 57s
2024-11-10 15:57:09 +01:00
bc6f8fdc9e add no_log as global variable (#233)
All checks were successful
ansible-lint / gitleaks (push) Successful in 5s
ansible-lint / Ansible Lint (push) Successful in 1m0s
Reviewed-on: #233
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
2024-11-10 15:56:59 +01:00
22 changed files with 37 additions and 36 deletions

View file

@ -39,4 +39,4 @@
dest: "{{ acng_security_conf_path }}" dest: "{{ acng_security_conf_path }}"
mode: "0640" mode: "0640"
notify: acng_starten_aktivieren notify: acng_starten_aktivieren
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -32,4 +32,4 @@
dest: "{{ acng_security_conf_path }}" dest: "{{ acng_security_conf_path }}"
mode: "0640" mode: "0640"
notify: acng_starten_aktivieren notify: acng_starten_aktivieren
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -5,7 +5,7 @@
when: when:
- item.state == "present" - item.state == "present"
- docker_compose_projects is defined - docker_compose_projects is defined
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: loop docker tasks - down - name: loop docker tasks - down
ansible.builtin.include_tasks: dockercompose-down.yml ansible.builtin.include_tasks: dockercompose-down.yml
@ -13,4 +13,4 @@
when: when:
- item.state == "absent" - item.state == "absent"
- docker_compose_projects is defined - docker_compose_projects is defined
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -38,7 +38,7 @@
owner: "{{ minio_user }}" owner: "{{ minio_user }}"
group: "{{ minio_user }}" group: "{{ minio_user }}"
notify: (re)start service notify: (re)start service
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: template systemd-unit - name: template systemd-unit
become: true become: true

View file

@ -38,7 +38,7 @@
owner: "{{ minio_user }}" owner: "{{ minio_user }}"
group: "{{ minio_user }}" group: "{{ minio_user }}"
notify: (re)start service notify: (re)start service
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: template systemd-unit - name: template systemd-unit
become: true become: true

View file

@ -13,7 +13,7 @@
group: root group: root
mode: '0400' mode: '0400'
when: key.rc not in [ 0 ] when: key.rc not in [ 0 ]
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: apply private key # noqa no-changed-when - name: apply private key # noqa no-changed-when
ansible.builtin.command: kubectl apply -f /root/private.key ansible.builtin.command: kubectl apply -f /root/private.key

View file

@ -7,7 +7,7 @@
owner: "{{ sanoid_user }}" owner: "{{ sanoid_user }}"
group: "{{ sanoid_user_group }}" group: "{{ sanoid_user_group }}"
mode: "0400" mode: "0400"
no_log: true no_log: "{{ no_debug | default('true') }}"
when: when:
- sanoid_syncoid_destination_host - sanoid_syncoid_destination_host

View file

@ -1,5 +1,6 @@
--- ---
### wird in vielen Rollen verwendet ### wird in vielen Rollen verwendet
no_debug: true # when set to true "no_log" is also set to true
ansible_facts_parallel: true ansible_facts_parallel: true
ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3 ssh_public_key_mg: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKL8opSQ0rWVw9uCfbuiqmXq188OP4xh66MBTO3zV5jo heimserver_mg_v3
my_mail: michael.grote@posteo.de my_mail: michael.grote@posteo.de

View file

@ -6,7 +6,7 @@
owner: root owner: root
group: root group: root
mode: "0644" mode: "0644"
no_log: true no_log: "{{ no_debug | default('true') }}"
notify: notify:
- systemctl daemon-reload - systemctl daemon-reload

View file

@ -26,7 +26,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}" dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}" with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -not -name *.j2 ').split('\n') }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: ensure templated files exists - name: ensure templated files exists
ansible.builtin.template: ansible.builtin.template:
@ -36,7 +36,7 @@
src: "{{ item }}" src: "{{ item }}"
dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}" dest: "{{ compose_dest_basedir }}/{{ item | replace(compose_src_basedir + '/', '') | replace('.j2', '') }}"
with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}" with_items: "{{ lookup('pipe', 'find '+ compose_src_basedir +'/ -type f -name *.j2').split('\n') }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
register: copy_template register: copy_template
- name: Ensure needed networks exists - name: Ensure needed networks exists

View file

@ -12,4 +12,4 @@
#pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/ #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
with_items: with_items:
- "{{ smb_users }}" - "{{ smb_users }}"
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -14,5 +14,5 @@
remove: "{{ item.remove_dir | default('false') }}" remove: "{{ item.remove_dir | default('false') }}"
create_home: false create_home: false
loop: "{{ smb_users }}" loop: "{{ smb_users }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
notify: set samba passwords notify: set samba passwords

View file

@ -6,7 +6,7 @@
# den jeweiligen group/host-Vars! # den jeweiligen group/host-Vars!
- name: Check if Admin-User exists - name: Check if Admin-User exists
no_log: true no_log: "{{ no_debug | default('true') }}"
become_user: gitea become_user: gitea
become: true become: true
ansible.builtin.command: | ansible.builtin.command: |
@ -16,7 +16,7 @@
changed_when: false changed_when: false
- name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when - name: Ensure Admin-User exists # noqa no-changed-when no-jinja-when
no_log: true no_log: "{{ no_debug | default('true') }}"
become_user: gitea become_user: gitea
become: true become: true
ansible.builtin.command: | ansible.builtin.command: |

View file

@ -5,7 +5,7 @@
# und # und
# den jeweiligen group/host-Vars! # den jeweiligen group/host-Vars!
- name: Ensure LDAP config is set up - name: Ensure LDAP config is set up
no_log: true no_log: "{{ no_debug | default('true') }}"
become_user: gitea become_user: gitea
become: true become: true
ansible.builtin.command: | ansible.builtin.command: |
@ -31,7 +31,7 @@
changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet
- name: Modify LDAP config - name: Modify LDAP config
no_log: true no_log: "{{ no_debug | default('true') }}"
become_user: gitea become_user: gitea
become: true become: true
ansible.builtin.command: | ansible.builtin.command: |

View file

@ -30,7 +30,7 @@
url: "{{ minio_url }}" url: "{{ minio_url }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
loop: "{{ minio_users }}" loop: "{{ minio_users }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
# Bug: delegate_to: localhost # Bug: delegate_to: localhost
# in ansible-devspace wird das Python Paket "minio" nicht gefunden # in ansible-devspace wird das Python Paket "minio" nicht gefunden

View file

@ -13,7 +13,7 @@
state: directory state: directory
mode: "0777" mode: "0777"
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined when: cifs_mounts is defined
- name: create credential-file - name: create credential-file
@ -25,7 +25,7 @@
group: root group: root
mode: '0400' mode: '0400'
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined when: cifs_mounts is defined
- name: mount cifs volumes - name: mount cifs volumes
@ -40,5 +40,5 @@
dump: "0" dump: "0"
passno: "0" passno: "0"
loop: "{{ cifs_mounts }}" loop: "{{ cifs_mounts }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
when: cifs_mounts is defined when: cifs_mounts is defined

View file

@ -9,7 +9,7 @@
force_basic_auth: true force_basic_auth: true
loop: "{{ munin_node_plugins }}" loop: "{{ munin_node_plugins }}"
notify: restart munin-node notify: restart munin-node
no_log: true no_log: "{{ no_debug | default('true') }}"
check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl
- name: Enable additional plugins - name: Enable additional plugins
@ -19,7 +19,7 @@
state: link state: link
notify: restart munin-node notify: restart munin-node
loop: "{{ munin_node_plugins }}" loop: "{{ munin_node_plugins }}"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Template additional plugin-config - name: Template additional plugin-config
ansible.builtin.copy: ansible.builtin.copy:
@ -31,7 +31,7 @@
notify: restart munin-node notify: restart munin-node
loop: "{{ munin_node_plugins }}" loop: "{{ munin_node_plugins }}"
when: item.config is defined when: item.config is defined
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Ensure munin-node is running - name: Ensure munin-node is running
ansible.builtin.service: ansible.builtin.service:

View file

@ -12,7 +12,7 @@
ansible.builtin.command: "pvesm add pbs {{ item.name }} --server {{ item.server }} --datastore {{ item.datastore }} --username {{ item.username }} --password {{ item.password }} --fingerprint {{ item.fingerprint }}" ansible.builtin.command: "pvesm add pbs {{ item.name }} --server {{ item.server }} --datastore {{ item.datastore }} --username {{ item.username }} --password {{ item.password }} --fingerprint {{ item.fingerprint }}"
loop: "{{ pve_pbs_datastore }}" loop: "{{ pve_pbs_datastore }}"
when: "item.name not in storages.stdout" when: "item.name not in storages.stdout"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: ensure datastore is configured - name: ensure datastore is configured
become: true become: true
@ -20,4 +20,4 @@
loop: "{{ pve_pbs_datastore }}" loop: "{{ pve_pbs_datastore }}"
when: "item.name in storages.stdout" when: "item.name in storages.stdout"
changed_when: false changed_when: false
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -10,7 +10,7 @@
ansible.builtin.command: "proxmox-backup-manager user create {{ item.name }}@{{ item.realm }}" ansible.builtin.command: "proxmox-backup-manager user create {{ item.name }}@{{ item.realm }}"
loop: "{{ pbs_users }}" loop: "{{ pbs_users }}"
when: "item.name not in users.stdout" when: "item.name not in users.stdout"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: check again which users exist - name: check again which users exist
become: true become: true
@ -24,4 +24,4 @@
loop: "{{ pbs_users }}" loop: "{{ pbs_users }}"
when: "item.name in users.stdout" when: "item.name in users.stdout"
changed_when: false changed_when: false
no_log: true no_log: "{{ no_debug | default('true') }}"

View file

@ -29,7 +29,7 @@
owner: "{{ restic_user }}" owner: "{{ restic_user }}"
group: "{{ restic_group }}" group: "{{ restic_group }}"
mode: "0600" mode: "0600"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: templates excludes - name: templates excludes
become: true become: true
@ -49,7 +49,7 @@
owner: root owner: root
group: root group: root
mode: "0600" mode: "0600"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: template restic.mount - name: template restic.mount
become: true become: true

View file

@ -20,7 +20,7 @@
owner: "{{ rsync_mirror_user }}" owner: "{{ rsync_mirror_user }}"
group: "{{ rsync_mirror_user_group }}" group: "{{ rsync_mirror_user_group }}"
mode: "0400" mode: "0400"
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Ensure rsync_mirror-Script is templated - name: Ensure rsync_mirror-Script is templated
become: true become: true

View file

@ -5,7 +5,7 @@
loop: "{{ users }}" loop: "{{ users }}"
when: item.groups is defined when: item.groups is defined
become: false become: false
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Ensure groups exist - name: Ensure groups exist
ansible.builtin.group: ansible.builtin.group:
@ -13,7 +13,7 @@
state: present state: present
loop: '{{ groups_as_list }}' loop: '{{ groups_as_list }}'
when: groups_as_list is defined when: groups_as_list is defined
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Ensure users exist - name: Ensure users exist
ansible.builtin.user: ansible.builtin.user:
@ -26,7 +26,7 @@
createhome: "{{ item.createhome | default('yes') }}" createhome: "{{ item.createhome | default('yes') }}"
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
loop: '{{ users }}' loop: '{{ users }}'
no_log: true no_log: "{{ no_debug | default('true') }}"
- name: Ensure user ssh-keys exist - name: Ensure user ssh-keys exist
ansible.posix.authorized_key: ansible.posix.authorized_key:
@ -35,7 +35,7 @@
state: "{{ item.state | default('present') }}" state: "{{ item.state | default('present') }}"
when: item.public_ssh_key is defined when: item.public_ssh_key is defined
loop: '{{ users }}' loop: '{{ users }}'
no_log: true no_log: "{{ no_debug | default('true') }}"
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a # teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
# das modul erstellt die sudoers falsch: # das modul erstellt die sudoers falsch:
@ -58,4 +58,4 @@
mode: "0440" mode: "0440"
loop: '{{ users }}' loop: '{{ users }}'
when: item.allow_sudo|default(false) and item.allow_sudo is defined when: item.allow_sudo|default(false) and item.allow_sudo is defined
no_log: true no_log: "{{ no_debug | default('true') }}"