Skip to content

2.4.0 #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

2.4.0 #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
2b2cde1
Rename template fact file
Turgon37 Mar 21, 2020
e59268e
Disable travis notification on failure
Turgon37 Mar 21, 2020
1290a8f
Typo
Turgon37 Apr 26, 2020
4fa9336
Add job to produce node_exporter metrics regularly
Turgon37 Apr 26, 2020
4eaf9fc
Add needrestart
Turgon37 May 24, 2020
7d424ca
Update docs
Turgon37 May 24, 2020
8dbce21
Update ansible compatibility range
Turgon37 May 24, 2020
5a9f80e
Minor typo
Turgon37 May 24, 2020
b0842d5
Update molecule tests
Turgon37 May 24, 2020
c1087b4
Fix ansible repostory test
Turgon37 May 24, 2020
dfc2bbb
Fix lint
Turgon37 May 24, 2020
a844eb1
feat(needrestart): add new options
Turgon37 Jul 27, 2020
b0b3e04
docs(readme): new options
Turgon37 Jul 27, 2020
5bd6d05
docs(readme): update changelog
Turgon37 Jul 27, 2020
43ca750
fix(needrestart): fix override_rc type
Turgon37 Jul 27, 2020
5e2394e
docs(readme): fix readme
Turgon37 Jul 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ cache: pip
services:
- docker
env:
- ANSIBLE='ansible>=2.4.0'
- ANSIBLE='ansible~=2.7.0'
- ANSIBLE='ansible~=2.8.0'
- ANSIBLE='ansible~=2.9.0'
matrix:
fast_finish: true

Expand All @@ -14,7 +16,7 @@ install:
pip install
${ANSIBLE}
'ansible-lint>=3.4.15'
'molecule>=2.13.0'
${MOLECULE:-molecule>=2.15.0,<3.0.0}
docker
'testinfra>=1.7.0'

Expand All @@ -25,3 +27,4 @@ notifications:
webhooks:
urls: ['https://galaxy.ansible.com/api/v1/notifications/']
if: 'branch = master OR tag IS present'
on_failure: never
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

Items starting with `DEPRECATE` are important deprecation notices.

## 2.4.0 (2020-07-27)

+ Add job to produce node_exporter metrics regularly
+ Add needrestart

## 2.3.0 (2020-03-17)

+ Update APT::NeverAutoRemove configuration
Expand Down
70 changes: 43 additions & 27 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@ Require Ansible >= 2.4

### Dependencies

If you use the zabbix monitoring profile you will need the role [ansible-zabbix-agent](https://github.com/Turgon37/ansible-zabbix-agent)
* roles

| Name | Description |
| -------------------------------------------------------------------------------------- | -------------------------------------------- |
| [ansible-zabbix-agent](https://github.com/Turgon37/ansible-zabbix-agent) | If you use the zabbix monitoring profile |
| [ansible-prometheus-exporter](https://github.com/Turgon37/ansible-prometheus-exporter) | If you use the prometheus monitoring profile |

## OS Family

Expand All @@ -35,38 +40,49 @@ At this day the role can be used to :
* configure listchanges
* monitoring items for
* Zabbix
* Prometheus
* [local facts](#facts)

## Role Variables

All variables which can be overridden are stored in [defaults/main.yml](defaults/main.yml) file as well as in table below. To see default values please refer to this file.

| Name | Types/Values | Description |
| ----------------------------------------------------------| ----------------------|------------------------------------------------------------------------------------------------------ |
| `apt__facts` | Boolean | Install the local fact script |
| `apt__use_cached_updates_list` | Boolean | If true, apt will produce files with packages that require update after each apt-update operation |
| `apt__monitoring` | String | The name of the monitoring "profile" to use. Available 'zabbix') |
| `apt__repositories` | List of Dict | see official apt_repository module |
| `apt__repositories_purge` | Boolean | If true, all non ansible managed repositories will be removed |
| `apt__keys` | List of Dict | see official apt_key module |
| `apt__proxy` | Dict | Configure the http proxy for APT, format of dict => {host: 'host', port: 8080, https: True} |
| `apt__periodic_enabled` | Boolean | Enable periodic cron task for APT |
| `apt__periodic_update_package_lists` | Integer | If > 0, automatic apt-get update will be performed by periodic task every n-days |
| `apt__periodic_unattended_upgrade` | Integer | If > 0, automatic apt-get upgrade for security updates will be performed by periodic task every n-days|
| `apt__periodic_download_upgradeable_packages` | Integer | If > 0, automatic apt-get download will be performed by periodic task every n-days |
| `apt__periodic_*` | | See others periodic settings in the [defaults/main.yml](defaults/main.yml) |
| `apt__unattended_upgrades_mail` | String | Specify the mail address of the recipient for report messages |
| `apt__unattended_upgrades_automatic_reboot` | Boolean | If true, automatic reboot will be performed when needed (kernel upgrade..) |
| `apt__unattended_upgrades_automatic_reboot_time` | String | A specific time that you allow the servers to be reboot |
| `apt__unattended_upgrades_package_blacklist` | List of String | List of package name (regexp allowed) to blacklist from auto upgrade |
| `apt__unattended_upgrades_*` | | See others unattended_upgrades settings in the [defaults/main.yml](defaults/main.yml) |
| `apt__listchanges_enabled` | Boolean | Enable listchanges feature |
| `apt__listchanges_configurations_(global/group/host)` | | Change listchanges configurations (see below for example) |
| `apt__configurations_purge` | Boolean | If true, all non ansible managed configuration will be removed |
| `apt__configurations_purge_whitelist_(global/group/host)` | List of file names | List of configuration filenames to exclude from purge |
| `apt__configurations_(global/group/host) | Dict of configurations| Deploy apt configurations in apt.conf.d |
| `apt__repositories_(global/group/host)` | List of repositories | List of repositories to configure |
| `apt__pins_(global/group/host)` | Dict of pins | Dict of pinning configurations |
| Name | Types/Values | Description |
| --------------------------------------------------------- | ---------------------- | ------------------------------------------------------------------------------------------------------ |
| `apt__facts` | Boolean | Install the local fact script |
| `apt__use_cached_updates_list` | Boolean | If true, apt will produce files with packages that require update after each apt-update operation |
| `apt__monitoring` | String | The name of the monitoring "profile" to use. Available 'zabbix') |
| `apt__repositories` | List of Dict | see official apt_repository module |
| `apt__repositories_purge` | Boolean | If true, all non ansible managed repositories will be removed |
| `apt__keys` | List of Dict | see official apt_key module |
| `apt__proxy` | Dict | Configure the http proxy for APT, format of dict => {host: 'host', port: 8080, https: True} |
| `apt__periodic_enabled` | Boolean | Enable periodic cron task for APT |
| `apt__periodic_update_package_lists` | Integer | If > 0, automatic apt-get update will be performed by periodic task every n-days |
| `apt__periodic_unattended_upgrade` | Integer | If > 0, automatic apt-get upgrade for security updates will be performed by periodic task every n-days |
| `apt__periodic_download_upgradeable_packages` | Integer | If > 0, automatic apt-get download will be performed by periodic task every n-days |
| `apt__periodic_*` | | See others periodic settings in the [defaults/main.yml](defaults/main.yml) |
| `apt__unattended_upgrades_mail` | String | Specify the mail address of the recipient for report messages |
| `apt__unattended_upgrades_automatic_reboot` | Boolean | If true, automatic reboot will be performed when needed (kernel upgrade..) |
| `apt__unattended_upgrades_automatic_reboot_time` | String | A specific time that you allow the servers to be reboot |
| `apt__unattended_upgrades_package_blacklist` | List of String | List of package name (regexp allowed) to blacklist from auto upgrade |
| `apt__unattended_upgrades_*` | | See others unattended_upgrades settings in the [defaults/main.yml](defaults/main.yml) |
| `apt__listchanges_enabled` | Boolean | Enable listchanges feature |
| `apt__listchanges_configurations_(global/group/host)` | | Change listchanges configurations (see below for example) |
| `apt__configurations_purge` | Boolean | If true, all non ansible managed configuration will be removed |
| `apt__configurations_purge_whitelist_(global/group/host)` | List of file names | List of configuration filenames to exclude from purge |
| `apt__configurations_(global/group/host)` | Dict of configurations | Deploy apt configurations in apt.conf.d |
| `apt__repositories_(global/group/host)` | List of repositories | List of repositories to configure |
| `apt__pins_(global/group/host)` | Dict of pins | Dict of pinning configurations |
| `apt__needrestart_enabled` | Boolean | Enable or not the apt needrestart feature |
| `apt__needrestart_verbosity` | Integer | Change output verbosity |
| `apt__needrestart_mode` | String | (l)ist only, (i)nteractive or (a)utomatically. |
| `apt__needrestart_defno` | Boolean | Set all answer to no by default |
| `apt__needrestart_interpscan` | Boolean | Enable interpreter scanners. |
| `apt__needrestart_blacklist_(global/group/host)` | List of regex | Blacklist binaries |
| `apt__needrestart_blacklist_interp_(global/group/host)` | List of regex | Ignore script files |
| `apt__needrestart_blacklist_mappings_(global/group/host)` | List of regex | Ignore +x mapped files |
| `apt__needrestart_blacklist_rc_(global/group/host)` | List of regex | Blacklist services |
| `apt__needrestart_override_rc_(global/group/host)` | Hash of regex | Override service |

### APT configuration

Expand Down
84 changes: 84 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,16 @@ apt__facts: true
apt__packages_names:
- apt-listchanges
- debian-keyring
- needrestart
- 'python{{ python__version_major|d(3) }}-apt'
- unattended-upgrades


### APT MONITORING
# Periodic prometheus apt job frequency (systemd timer syntax)
apt__monitoring_prometheus_timer_frequency: 15m


### APT CONFIGURATION
# ---------------------------------------
# This key is put into each included configuration file
Expand Down Expand Up @@ -237,6 +243,11 @@ apt__configurations_default:
70debconf:
content: |-
DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};
99needrestart:
content: |-
{% if apt__needrestart_enabled|bool %}
DPkg::Post-Invoke {"test -x /usr/lib/needrestart/apt-pinvoke && /usr/lib/needrestart/apt-pinvoke || true"; };
{% endif %}


# This dict is intended to be used at global inventory level
Expand Down Expand Up @@ -472,6 +483,79 @@ apt__listchanges_configurations: '{{
}}'


## Needrestart
# Enable or not the apt needrestart feature
apt__needrestart_enabled: false

# Main configuration file of apt listchanges
apt__needrestart_configuration_file: /etc/needrestart/conf.d/ansible.conf

# Verbosity:
# 0 => quiet
# 1 => normal (default)
# 2 => verbose
apt__needrestart_verbosity: 1

# Restart mode: (l)ist only, (i)nteractive or (a)utomatically.
apt__needrestart_mode: i

# Change default answer to 'no' in (i)nteractive mode.
apt__needrestart_defno: false

# Enable interpreter scanners.
apt__needrestart_interpscan: true

# Blacklist binaries (list of regex).
apt__needrestart_blacklist_global: []
apt__needrestart_blacklist_group: []
apt__needrestart_blacklist_host: []
apt__needrestart_blacklist: '{{
apt__needrestart_blacklist_global
|union(apt__needrestart_blacklist_group)
|union(apt__needrestart_blacklist_host)
}}'

# Ignore script files matching these regexs:
apt__needrestart_blacklist_interp_global: []
apt__needrestart_blacklist_interp_group: []
apt__needrestart_blacklist_interp_host: []
apt__needrestart_blacklist_interp: '{{
apt__needrestart_blacklist_interp_global
|union(apt__needrestart_blacklist_interp_group)
|union(apt__needrestart_blacklist_interp_host)
}}'

# Ignore +x mapped files matching one of these regexs:
apt__needrestart_blacklist_mappings_global: []
apt__needrestart_blacklist_mappings_group: []
apt__needrestart_blacklist_mappings_host: []
apt__needrestart_blacklist_mappings: '{{
apt__needrestart_blacklist_mappings_global
|union(apt__needrestart_blacklist_mappings_group)
|union(apt__needrestart_blacklist_mappings_host)
}}'

# Blacklist services (list of regex)
apt__needrestart_blacklist_rc_global: []
apt__needrestart_blacklist_rc_group: []
apt__needrestart_blacklist_rc_host: []
apt__needrestart_blacklist_rc: '{{
apt__needrestart_blacklist_rc_global
|union(apt__needrestart_blacklist_rc_group)
|union(apt__needrestart_blacklist_rc_host)
}}'

# Override service default selection (hash of regex).
apt__needrestart_override_rc_global: {}
apt__needrestart_override_rc_group: {}
apt__needrestart_override_rc_host: {}
apt__needrestart_override_rc: '{{
apt__needrestart_override_rc_global
|combine(apt__needrestart_override_rc_group)
|combine(apt__needrestart_override_rc_host)
}}'


## Misc
# Path to the stamp file to update after each update
apt__update_stamp_file: '{{ apt__variable_directory }}/periodic/update-success-stamp'
Expand Down
3 changes: 2 additions & 1 deletion meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ galaxy_info:
author: Pierre GINDRAUD
description: This role configure APT repos and settings
license: MIT
min_ansible_version: 2.4
min_ansible_version: 2.7
platforms:
- name: Debian
versions:
- jessie
- stretch
- buster
galaxy_tags:
- apt
- aptitude
Expand Down
14 changes: 0 additions & 14 deletions molecule/default/Dockerfile.j2
View file
Open in desktop

This file was deleted.

16 changes: 0 additions & 16 deletions molecule/default/INSTALL.rst
View file
Open in desktop

This file was deleted.

Loading