Native YAML - system (#3625)
* Native YAML - system * Remove comment that is not applicable to the code
This commit is contained in:
parent
737c6afb54
commit
cc25f24475
26 changed files with 514 additions and 135 deletions
|
@ -73,16 +73,29 @@ author: "Brian Coca (@bcoca)"
|
|||
|
||||
EXAMPLES = '''
|
||||
# Set default locale to fr_FR.UTF-8
|
||||
debconf: name=locales question='locales/default_environment_locale' value=fr_FR.UTF-8 vtype='select'
|
||||
- debconf:
|
||||
name: locales
|
||||
question: locales/default_environment_locale
|
||||
value: fr_FR.UTF-8
|
||||
vtype: select
|
||||
|
||||
# set to generate locales:
|
||||
debconf: name=locales question='locales/locales_to_be_generated' value='en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8' vtype='multiselect'
|
||||
- debconf:
|
||||
name: locales
|
||||
question: locales/locales_to_be_generated
|
||||
value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8
|
||||
vtype: multiselect
|
||||
|
||||
# Accept oracle license
|
||||
debconf: name='oracle-java7-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
|
||||
- debconf:
|
||||
name: oracle-java7-installer
|
||||
question: shared/accepted-oracle-license-v1-1
|
||||
value: true
|
||||
vtype: select
|
||||
|
||||
# Specifying package you can register/return the list of questions and current values
|
||||
debconf: name='tzdata'
|
||||
- debconf:
|
||||
name: tzdata
|
||||
'''
|
||||
|
||||
def get_selections(module, pkg):
|
||||
|
|
|
@ -58,10 +58,15 @@ notes:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Create a ext2 filesystem on /dev/sdb1.
|
||||
- filesystem: fstype=ext2 dev=/dev/sdb1
|
||||
- filesystem:
|
||||
fstype: ext2
|
||||
dev: /dev/sdb1
|
||||
|
||||
# Create a ext4 filesystem on /dev/sdb1 and check disk blocks.
|
||||
- filesystem: fstype=ext4 dev=/dev/sdb1 opts="-cc"
|
||||
- filesystem:
|
||||
fstype: ext4
|
||||
dev: /dev/sdb1
|
||||
opts: -cc
|
||||
'''
|
||||
|
||||
def _get_dev_size(dev, module):
|
||||
|
|
|
@ -94,14 +94,48 @@ author: "Adam Miller (@maxamillion)"
|
|||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- firewalld: service=https permanent=true state=enabled
|
||||
- firewalld: port=8081/tcp permanent=true state=disabled
|
||||
- firewalld: port=161-162/udp permanent=true state=enabled
|
||||
- firewalld: zone=dmz service=http permanent=true state=enabled
|
||||
- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
|
||||
- firewalld: source='192.168.1.0/24' zone=internal state=enabled
|
||||
- firewalld: zone=trusted interface=eth2 permanent=true state=enabled
|
||||
- firewalld: masquerade=yes state=enabled permanent=true zone=dmz
|
||||
- firewalld:
|
||||
service: https
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
port: 8081/tcp
|
||||
permanent: true
|
||||
state: disabled
|
||||
|
||||
- firewalld:
|
||||
port: 161-162/udp
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
zone: dmz
|
||||
service: http
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
rich_rule: 'rule service name="ftp" audit limit value="1/m" accept'
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
source: 192.0.2.0/24
|
||||
zone: internal
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
zone: trusted
|
||||
interface: eth2
|
||||
permanent: true
|
||||
state: enabled
|
||||
|
||||
- firewalld:
|
||||
masquerade: yes
|
||||
state: enabled
|
||||
permanent: true
|
||||
zone: dmz
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
|
|
|
@ -59,24 +59,40 @@ author: Brian Coca
|
|||
|
||||
EXAMPLES = '''
|
||||
# get root user info
|
||||
- getent: database=passwd key=root
|
||||
- debug: var=getent_passwd
|
||||
- getent:
|
||||
database: passwd
|
||||
key: root
|
||||
- debug:
|
||||
var: getent_passwd
|
||||
|
||||
# get all groups
|
||||
- getent: database=group split=':'
|
||||
- debug: var=getent_group
|
||||
- getent:
|
||||
database: group
|
||||
split: ':'
|
||||
- debug:
|
||||
var: getent_group
|
||||
|
||||
# get all hosts, split by tab
|
||||
- getent: database=hosts
|
||||
- debug: var=getent_hosts
|
||||
- getent:
|
||||
database: hosts
|
||||
- debug:
|
||||
var: getent_hosts
|
||||
|
||||
# get http service info, no error if missing
|
||||
- getent: database=services key=http fail_key=False
|
||||
- debug: var=getent_services
|
||||
- getent:
|
||||
database: services
|
||||
key: http
|
||||
fail_key: False
|
||||
- debug:
|
||||
var: getent_services
|
||||
|
||||
# get user password hash (requires sudo/root)
|
||||
- getent: database=shadow key=www-data split=:
|
||||
- debug: var=getent_shadow
|
||||
- getent:
|
||||
database: shadow
|
||||
key: www-data
|
||||
split: ':'
|
||||
- debug:
|
||||
var: getent_shadow
|
||||
|
||||
'''
|
||||
|
||||
|
|
|
@ -121,26 +121,53 @@ author: "Taneli Leppä (@rosmo)"
|
|||
|
||||
EXAMPLES = """
|
||||
- name: create gluster volume
|
||||
gluster_volume: state=present name=test1 bricks=/bricks/brick1/g1 rebalance=yes cluster="192.168.1.10,192.168.1.11"
|
||||
gluster_volume:
|
||||
state: present
|
||||
name: test1
|
||||
bricks: /bricks/brick1/g1
|
||||
rebalance: yes
|
||||
cluster:
|
||||
- 192.0.2.10
|
||||
- 192.0.2.11
|
||||
run_once: true
|
||||
|
||||
- name: tune
|
||||
gluster_volume: state=present name=test1 options='{performance.cache-size: 256MB}'
|
||||
gluster_volume:
|
||||
state: present
|
||||
name: test1
|
||||
options:
|
||||
performance.cache-size: 256MB
|
||||
|
||||
- name: start gluster volume
|
||||
gluster_volume: state=started name=test1
|
||||
gluster_volume:
|
||||
state: started
|
||||
name: test1
|
||||
|
||||
- name: limit usage
|
||||
gluster_volume: state=present name=test1 directory=/foo quota=20.0MB
|
||||
gluster_volume:
|
||||
state: present
|
||||
name: test1
|
||||
directory: /foo
|
||||
quota: 20.0MB
|
||||
|
||||
- name: stop gluster volume
|
||||
gluster_volume: state=stopped name=test1
|
||||
gluster_volume:
|
||||
state: stopped
|
||||
name: test1
|
||||
|
||||
- name: remove gluster volume
|
||||
gluster_volume: state=absent name=test1
|
||||
gluster_volume:
|
||||
state: absent
|
||||
name: test1
|
||||
|
||||
- name: create gluster volume with multiple bricks
|
||||
gluster_volume: state=present name=test2 bricks="/bricks/brick1/g2,/bricks/brick2/g2" cluster="192.168.1.10,192.168.1.11"
|
||||
gluster_volume:
|
||||
state: present
|
||||
name: test2
|
||||
bricks: /bricks/brick1/g2,/bricks/brick2/g2
|
||||
cluster:
|
||||
- 192.0.2.10
|
||||
- 192.0.2.11
|
||||
run_once: true
|
||||
"""
|
||||
|
||||
|
|
|
@ -295,25 +295,49 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Block specific IP
|
||||
- iptables: chain=INPUT source=8.8.8.8 jump=DROP
|
||||
- iptables:
|
||||
chain: INPUT
|
||||
source: 8.8.8.8
|
||||
jump: DROP
|
||||
become: yes
|
||||
|
||||
# Forward port 80 to 8600
|
||||
- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600"
|
||||
- iptables:
|
||||
table: nat
|
||||
chain: PREROUTING
|
||||
in_interface: eth0
|
||||
protocol: tcp
|
||||
match: tcp
|
||||
destination_port: 80
|
||||
jump: REDIRECT
|
||||
to_ports: 8600
|
||||
comment: Redirect web traffic to port 8600
|
||||
become: yes
|
||||
|
||||
# Allow related and established connections
|
||||
- iptables: chain=INPUT ctstate=ESTABLISHED,RELATED jump=ACCEPT
|
||||
- iptables:
|
||||
chain: INPUT
|
||||
ctstate: ESTABLISHED,RELATED
|
||||
jump: ACCEPT
|
||||
become: yes
|
||||
|
||||
# Tag all outbound tcp packets with DSCP mark 8
|
||||
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark=8 protocol=tcp
|
||||
- iptables:
|
||||
chain: OUTPUT
|
||||
jump: DSCP
|
||||
table: mangle
|
||||
set_dscp_mark: 8
|
||||
protocol: tcp
|
||||
|
||||
# Tag all outbound tcp packets with DSCP DiffServ class CS1
|
||||
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark_class=CS1 protocol=tcp
|
||||
- iptables:
|
||||
chain: OUTPUT
|
||||
jump: DSCP
|
||||
table: mangle
|
||||
set_dscp_mark_class: CS1
|
||||
protocol: tcp
|
||||
'''
|
||||
|
||||
|
||||
def append_param(rule, param, flag, is_list):
|
||||
if is_list:
|
||||
for item in param:
|
||||
|
|
|
@ -52,7 +52,9 @@ requirements: []
|
|||
|
||||
EXAMPLES = '''
|
||||
# Blacklist the nouveau driver module
|
||||
- kernel_blacklist: name=nouveau state=present
|
||||
- kernel_blacklist:
|
||||
name: nouveau
|
||||
state: present
|
||||
'''
|
||||
|
||||
|
||||
|
|
|
@ -62,11 +62,11 @@ author: "Matthew Vernon (@mcv21)"
|
|||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
# Example using with_file to set the system known_hosts file
|
||||
- name: tell the host about our servers it might want to ssh to
|
||||
known_hosts: path='/etc/ssh/ssh_known_hosts'
|
||||
name='foo.com.invalid'
|
||||
key="{{ lookup('file', 'pubkeys/foo.com.invalid') }}"
|
||||
known_hosts:
|
||||
path: /etc/ssh/ssh_known_hosts
|
||||
name: foo.com.invalid
|
||||
key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}"
|
||||
'''
|
||||
|
||||
# Makes sure public host keys are present or absent in the given known_hosts
|
||||
|
|
|
@ -40,7 +40,9 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Ensure a locale exists.
|
||||
- locale_gen: name=de_CH.UTF-8 state=present
|
||||
- locale_gen:
|
||||
name: de_CH.UTF-8
|
||||
state: present
|
||||
'''
|
||||
|
||||
import os
|
||||
|
|
|
@ -66,17 +66,24 @@ notes:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Create a volume group on top of /dev/sda1 with physical extent size = 32MB.
|
||||
- lvg: vg=vg.services pvs=/dev/sda1 pesize=32
|
||||
- lvg:
|
||||
vg: vg.services
|
||||
pvs: /dev/sda1
|
||||
pesize: 32
|
||||
|
||||
# Create or resize a volume group on top of /dev/sdb1 and /dev/sdc5.
|
||||
# If, for example, we already have VG vg.services on top of /dev/sdb1,
|
||||
# this VG will be extended by /dev/sdc5. Or if vg.services was created on
|
||||
# top of /dev/sda5, we first extend it with /dev/sdb1 and /dev/sdc5,
|
||||
# and then reduce by /dev/sda5.
|
||||
- lvg: vg=vg.services pvs=/dev/sdb1,/dev/sdc5
|
||||
- lvg:
|
||||
vg: vg.services
|
||||
pvs: /dev/sdb1,/dev/sdc5
|
||||
|
||||
# Remove a volume group with name vg.services.
|
||||
- lvg: vg=vg.services state=absent
|
||||
- lvg:
|
||||
vg: vg.services
|
||||
state: absent
|
||||
'''
|
||||
|
||||
def parse_vgs(data):
|
||||
|
|
|
@ -92,52 +92,109 @@ notes:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Create a logical volume of 512m.
|
||||
- lvol: vg=firefly lv=test size=512
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512
|
||||
|
||||
# Create a logical volume of 512m with disks /dev/sda and /dev/sdb
|
||||
- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512
|
||||
pvs: /dev/sda,/dev/sdb
|
||||
|
||||
# Create cache pool logical volume
|
||||
- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool'
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: lvcache
|
||||
size: 512m
|
||||
opts: --type cache-pool
|
||||
|
||||
# Create a logical volume of 512g.
|
||||
- lvol: vg=firefly lv=test size=512g
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512g
|
||||
|
||||
# Create a logical volume the size of all remaining space in the volume group
|
||||
- lvol: vg=firefly lv=test size=100%FREE
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 100%FREE
|
||||
|
||||
# Create a logical volume with special options
|
||||
- lvol: vg=firefly lv=test size=512g opts="-r 16"
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512g
|
||||
opts: -r 16
|
||||
|
||||
# Extend the logical volume to 1024m.
|
||||
- lvol: vg=firefly lv=test size=1024
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 1024
|
||||
|
||||
# Extend the logical volume to consume all remaining space in the volume group
|
||||
- lvol: vg=firefly lv=test size=+100%FREE
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: +100%FREE
|
||||
|
||||
# Extend the logical volume to take all remaining space of the PVs
|
||||
- lvol: vg=firefly lv=test size=100%PVS
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 100%PVS
|
||||
|
||||
# Resize the logical volume to % of VG
|
||||
- lvol: vg-firefly lv=test size=80%VG force=yes
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 80%VG
|
||||
force: yes
|
||||
|
||||
# Reduce the logical volume to 512m
|
||||
- lvol: vg=firefly lv=test size=512 force=yes
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512
|
||||
force: yes
|
||||
|
||||
# Set the logical volume to 512m and do not try to shrink if size is lower than current one
|
||||
- lvol: vg=firefly lv=test size=512 shrink=no
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512
|
||||
shrink: no
|
||||
|
||||
# Remove the logical volume.
|
||||
- lvol: vg=firefly lv=test state=absent force=yes
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
state: absent
|
||||
force: yes
|
||||
|
||||
# Create a snapshot volume of the test logical volume.
|
||||
- lvol: vg=firefly lv=test snapshot=snap1 size=100m
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
snapshot: snap1
|
||||
size: 100m
|
||||
|
||||
# Deactivate a logical volume
|
||||
- lvol: vg=firefly lv=test active=false
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
active: false
|
||||
|
||||
# Create a deactivated logical volume
|
||||
- lvol: vg=firefly lv=test size=512g active=false
|
||||
- lvol:
|
||||
vg: firefly
|
||||
lv: test
|
||||
size: 512g
|
||||
active: false
|
||||
'''
|
||||
|
||||
import re
|
||||
|
|
|
@ -46,10 +46,13 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Build the default target
|
||||
- make: chdir=/home/ubuntu/cool-project
|
||||
- make:
|
||||
chdir: /home/ubuntu/cool-project
|
||||
|
||||
# Run `install` target as root
|
||||
- make: chdir=/home/ubuntu/cool-project target=install
|
||||
- make:
|
||||
chdir: /home/ubuntu/cool-project
|
||||
target: install
|
||||
become: yes
|
||||
|
||||
# Pass in extra arguments to build
|
||||
|
|
|
@ -52,9 +52,15 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Add the 802.1q module
|
||||
- modprobe: name=8021q state=present
|
||||
- modprobe:
|
||||
name: 8021q
|
||||
state: present
|
||||
|
||||
# Add the dummy module
|
||||
- modprobe: name=dummy state=present params="numdummies=2"
|
||||
- modprobe:
|
||||
name: dummy
|
||||
state: present
|
||||
params: 'numdummies=2'
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import *
|
||||
|
|
|
@ -88,18 +88,28 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# perform a discovery on 10.1.2.3 and show available target nodes
|
||||
- open_iscsi: show_nodes=yes discover=yes portal=10.1.2.3
|
||||
- open_iscsi:
|
||||
show_nodes: yes
|
||||
discover: yes
|
||||
portal: 10.1.2.3
|
||||
|
||||
# discover targets on portal and login to the one available
|
||||
# (only works if exactly one target is exported to the initiator)
|
||||
- open_iscsi: portal={{iscsi_target}} login=yes discover=yes
|
||||
- open_iscsi:
|
||||
portal: '{{ iscsi_target }}'
|
||||
login: yes
|
||||
discover: yes
|
||||
|
||||
# description: connect to the named target, after updating the local
|
||||
# persistent database (cache)
|
||||
- open_iscsi: login=yes target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d
|
||||
- open_iscsi:
|
||||
login: yes
|
||||
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
|
||||
|
||||
# description: discconnect from the cached named target
|
||||
- open_iscsi: login=no target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d"
|
||||
- open_iscsi:
|
||||
login: no
|
||||
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
|
||||
'''
|
||||
|
||||
import glob
|
||||
|
|
|
@ -59,11 +59,20 @@ requirements:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Example action to start service httpd, if not running
|
||||
- openwrt_init: state=started name=httpd
|
||||
- openwrt_init:
|
||||
state: started
|
||||
name: httpd
|
||||
|
||||
# Example action to stop service cron, if running
|
||||
- openwrt_init: name=cron state=stopped
|
||||
- openwrt_init:
|
||||
name: cron
|
||||
state: stopped
|
||||
|
||||
# Example action to reload service httpd, in all cases
|
||||
- openwrt_init: name=httpd state=reloaded
|
||||
- openwrt_init:
|
||||
name: httpd
|
||||
state: reloaded
|
||||
|
||||
# Example action to enable service httpd
|
||||
- openwrt_init:
|
||||
name: httpd
|
||||
|
|
|
@ -72,15 +72,43 @@ notes:
|
|||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- osx_defaults: domain=com.apple.Safari key=IncludeInternalDebugMenu type=bool value=true state=present
|
||||
- osx_defaults: domain=NSGlobalDomain key=AppleMeasurementUnits type=string value=Centimeters state=present
|
||||
- osx_defaults: domain=com.apple.screensaver host=currentHost key=showClock type=int value=1
|
||||
- osx_defaults: key=AppleMeasurementUnits type=string value=Centimeters
|
||||
- osx_defaults:
|
||||
domain: com.apple.Safari
|
||||
key: IncludeInternalDebugMenu
|
||||
type: bool
|
||||
value: true
|
||||
state: present
|
||||
|
||||
- osx_defaults:
|
||||
domain: NSGlobalDomain
|
||||
key: AppleMeasurementUnits
|
||||
type: string
|
||||
value: Centimeters
|
||||
state: present
|
||||
|
||||
- osx_defaults:
|
||||
domain: com.apple.screensaver
|
||||
host: currentHost
|
||||
key: showClock
|
||||
type: int
|
||||
value: 1
|
||||
|
||||
- osx_defaults:
|
||||
key: AppleMeasurementUnits
|
||||
type: string
|
||||
value: Centimeters
|
||||
|
||||
- osx_defaults:
|
||||
key: AppleLanguages
|
||||
type: array
|
||||
value: ["en", "nl"]
|
||||
- osx_defaults: domain=com.geekchimp.macable key=ExampleKeyToRemove state=absent
|
||||
value:
|
||||
- en
|
||||
- nl
|
||||
|
||||
- osx_defaults:
|
||||
domain: com.geekchimp.macable
|
||||
key: ExampleKeyToRemove
|
||||
state: absent
|
||||
'''
|
||||
|
||||
import datetime
|
||||
|
|
|
@ -89,13 +89,27 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Add or modify nofile soft limit for the user joe
|
||||
- pam_limits: domain=joe limit_type=soft limit_item=nofile value=64000
|
||||
- pam_limits:
|
||||
domain: joe
|
||||
limit_type: soft
|
||||
limit_item: nofile
|
||||
value: 64000
|
||||
|
||||
# Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
|
||||
- pam_limits: domain=smith limit_type=hard limit_item=fsize value=1000000 use_max=yes
|
||||
- pam_limits:
|
||||
domain: smith
|
||||
limit_type: hard
|
||||
limit_item: fsize
|
||||
value: 1000000
|
||||
use_max: yes
|
||||
|
||||
# Add or modify memlock, both soft and hard, limit for the user james with a comment.
|
||||
- pam_limits: domain=james limit_type=- limit_item=memlock value=unlimited comment="unlimited memory lock for james"
|
||||
- pam_limits:
|
||||
domain: james
|
||||
limit_type: -
|
||||
limit_item: memlock
|
||||
value: unlimited
|
||||
comment: unlimited memory lock for james
|
||||
'''
|
||||
|
||||
def main():
|
||||
|
|
|
@ -102,19 +102,25 @@ EXAMPLES = '''
|
|||
- puppet
|
||||
|
||||
# Run puppet and timeout in 5 minutes
|
||||
- puppet: timeout=5m
|
||||
- puppet:
|
||||
timeout: 5m
|
||||
|
||||
# Run puppet using a different environment
|
||||
- puppet: environment=testing
|
||||
- puppet:
|
||||
environment: testing
|
||||
|
||||
# Run puppet using a specific certname
|
||||
- puppet: certname=agent01.example.com
|
||||
- puppet:
|
||||
certname: agent01.example.com
|
||||
|
||||
# Run puppet using a specific piece of Puppet code. Has no effect with a
|
||||
# puppetmaster.
|
||||
- puppet: execute='include ::mymodule'
|
||||
- puppet:
|
||||
execute: 'include ::mymodule'
|
||||
|
||||
# Run puppet using a specific tags
|
||||
- puppet: tags=update,nginx
|
||||
- puppet:
|
||||
tags: update,nginx
|
||||
'''
|
||||
|
||||
|
||||
|
|
|
@ -72,7 +72,10 @@ author: Dag Wieers
|
|||
|
||||
EXAMPLES = '''
|
||||
# Allow apache to modify files in /srv/git_repos
|
||||
- sefcontext: target='/srv/git_repos(/.*)?' setype=httpd_git_rw_content_t state=present
|
||||
- sefcontext:
|
||||
target: '/srv/git_repos(/.*)?'
|
||||
setype: httpd_git_rw_content_t
|
||||
state: present
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
|
@ -255,4 +258,4 @@ def main():
|
|||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
main()
|
||||
|
|
|
@ -56,7 +56,9 @@ author: Michael Scherer <misc@zarb.org>
|
|||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- selinux_permissive: name=httpd_t permissive=true
|
||||
- selinux_permissive:
|
||||
name: httpd_t
|
||||
permissive: true
|
||||
'''
|
||||
|
||||
HAVE_SEOBJECT = False
|
||||
|
|
|
@ -61,11 +61,25 @@ author: Dan Keder
|
|||
|
||||
EXAMPLES = '''
|
||||
# Allow Apache to listen on tcp port 8888
|
||||
- seport: ports=8888 proto=tcp setype=http_port_t state=present
|
||||
- seport:
|
||||
ports: 8888
|
||||
proto: tcp
|
||||
setype: http_port_t
|
||||
state: present
|
||||
|
||||
# Allow sshd to listen on tcp port 8991
|
||||
- seport: ports=8991 proto=tcp setype=ssh_port_t state=present
|
||||
- seport:
|
||||
ports: 8991
|
||||
proto: tcp
|
||||
setype: ssh_port_t
|
||||
state: present
|
||||
|
||||
# Allow memcached to listen on tcp ports 10000-10100 and 10112
|
||||
- seport: ports=10000-10100,10112 proto=tcp setype=memcache_port_t state=present
|
||||
- seport:
|
||||
ports: 10000-10100,10112
|
||||
proto: tcp
|
||||
setype: memcache_port_t
|
||||
state: present
|
||||
'''
|
||||
|
||||
try:
|
||||
|
|
|
@ -107,31 +107,55 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Create and install a zone, but don't boot it
|
||||
solaris_zone: name=zone1 state=present path=/zones/zone1 sparse=true root_password="Be9oX7OSwWoU."
|
||||
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: present
|
||||
path: /zones/zone1
|
||||
sparse: true
|
||||
root_password: Be9oX7OSwWoU.
|
||||
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
|
||||
# Create and install a zone and boot it
|
||||
solaris_zone: name=zone1 state=running path=/zones/zone1 root_password="Be9oX7OSwWoU."
|
||||
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: running
|
||||
path: /zones/zone1
|
||||
root_password: Be9oX7OSwWoU.
|
||||
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
|
||||
# Boot an already installed zone
|
||||
solaris_zone: name=zone1 state=running
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: running
|
||||
|
||||
# Stop a zone
|
||||
solaris_zone: name=zone1 state=stopped
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: stopped
|
||||
|
||||
# Destroy a zone
|
||||
solaris_zone: name=zone1 state=absent
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: absent
|
||||
|
||||
# Detach a zone
|
||||
solaris_zone: name=zone1 state=detached
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: detached
|
||||
|
||||
# Configure a zone, ready to be attached
|
||||
solaris_zone: name=zone1 state=configured path=/zones/zone1 root_password="Be9oX7OSwWoU."
|
||||
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: configured
|
||||
path: /zones/zone1
|
||||
root_password: Be9oX7OSwWoU.
|
||||
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
|
||||
|
||||
# Attach a zone
|
||||
solaris_zone: name=zone1 state=attached attach_options='-u'
|
||||
- solaris_zone:
|
||||
name: zone1
|
||||
state: attached
|
||||
attach_options=: -u
|
||||
'''
|
||||
|
||||
class Zone(object):
|
||||
|
|
|
@ -67,22 +67,35 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Example action to start svc dnscache, if not running
|
||||
- svc: name=dnscache state=started
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: started
|
||||
|
||||
# Example action to stop svc dnscache, if running
|
||||
- svc: name=dnscache state=stopped
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: stopped
|
||||
|
||||
# Example action to kill svc dnscache, in all cases
|
||||
- svc : name=dnscache state=killed
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: killed
|
||||
|
||||
# Example action to restart svc dnscache, in all cases
|
||||
- svc : name=dnscache state=restarted
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: restarted
|
||||
|
||||
# Example action to reload svc dnscache, in all cases
|
||||
- svc: name=dnscache state=reloaded
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: reloaded
|
||||
|
||||
# Example using alt svc directory location
|
||||
- svc: name=dnscache state=reloaded service_dir=/var/service
|
||||
- svc:
|
||||
name: dnscache
|
||||
state: reloaded
|
||||
service_dir: /var/service
|
||||
'''
|
||||
|
||||
import platform
|
||||
|
|
|
@ -71,7 +71,8 @@ diff:
|
|||
|
||||
EXAMPLES = '''
|
||||
- name: set timezone to Asia/Tokyo
|
||||
timezone: name=Asia/Tokyo
|
||||
timezone:
|
||||
name: Asia/Tokyo
|
||||
'''
|
||||
|
||||
|
||||
|
|
|
@ -125,60 +125,103 @@ options:
|
|||
|
||||
EXAMPLES = '''
|
||||
# Allow everything and enable UFW
|
||||
ufw: state=enabled policy=allow
|
||||
- ufw:
|
||||
state: enabled
|
||||
policy: allow
|
||||
|
||||
# Set logging
|
||||
ufw: logging=on
|
||||
- ufw:
|
||||
logging: on
|
||||
|
||||
# Sometimes it is desirable to let the sender know when traffic is
|
||||
# being denied, rather than simply ignoring it. In these cases, use
|
||||
# reject instead of deny. In addition, log rejected connections:
|
||||
ufw: rule=reject port=auth log=yes
|
||||
- ufw:
|
||||
rule: reject
|
||||
port: auth
|
||||
log: yes
|
||||
|
||||
# ufw supports connection rate limiting, which is useful for protecting
|
||||
# against brute-force login attacks. ufw will deny connections if an IP
|
||||
# address has attempted to initiate 6 or more connections in the last
|
||||
# 30 seconds. See http://www.debian-administration.org/articles/187
|
||||
# for details. Typical usage is:
|
||||
ufw: rule=limit port=ssh proto=tcp
|
||||
- ufw:
|
||||
rule: limit
|
||||
port: ssh
|
||||
proto: tcp
|
||||
|
||||
# Allow OpenSSH. (Note that as ufw manages its own state, simply removing
|
||||
# a rule=allow task can leave those ports exposed. Either use delete=yes
|
||||
# or a separate state=reset task)
|
||||
ufw: rule=allow name=OpenSSH
|
||||
- ufw:
|
||||
rule: allow
|
||||
name: OpenSSH
|
||||
|
||||
# Delete OpenSSH rule
|
||||
ufw: rule=allow name=OpenSSH delete=yes
|
||||
- ufw:
|
||||
rule: allow
|
||||
name: OpenSSH
|
||||
delete: yes
|
||||
|
||||
# Deny all access to port 53:
|
||||
ufw: rule=deny port=53
|
||||
- ufw:
|
||||
rule: deny
|
||||
port: 53
|
||||
|
||||
# Allow port range 60000-61000
|
||||
ufw: rule=allow port=60000:61000
|
||||
- ufw:
|
||||
rule: allow
|
||||
port: '60000:61000'
|
||||
|
||||
# Allow all access to tcp port 80:
|
||||
ufw: rule=allow port=80 proto=tcp
|
||||
- ufw:
|
||||
rule: allow
|
||||
port: 80
|
||||
proto: tcp
|
||||
|
||||
# Allow all access from RFC1918 networks to this host:
|
||||
ufw: rule=allow src={{ item }}
|
||||
with_items:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
- ufw:
|
||||
rule: allow
|
||||
src: '{{ item }}'
|
||||
with_items:
|
||||
- 10.0.0.0/8
|
||||
- 172.16.0.0/12
|
||||
- 192.168.0.0/16
|
||||
|
||||
# Deny access to udp port 514 from host 1.2.3.4:
|
||||
ufw: rule=deny proto=udp src=1.2.3.4 port=514
|
||||
- ufw:
|
||||
rule: deny
|
||||
proto: udp
|
||||
src: 1.2.3.4
|
||||
port: 514
|
||||
|
||||
# Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
|
||||
ufw: rule=allow interface=eth0 direction=in proto=udp src=1.2.3.5 from_port=5469 dest=1.2.3.4 to_port=5469
|
||||
- ufw:
|
||||
rule: allow
|
||||
interface: eth0
|
||||
direction: in
|
||||
proto: udp
|
||||
src: 1.2.3.5
|
||||
from_port: 5469
|
||||
dest: 1.2.3.4
|
||||
to_port: 5469
|
||||
|
||||
# Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host.
|
||||
# Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work.
|
||||
ufw: rule=deny proto=tcp src=2001:db8::/32 port=25
|
||||
- ufw:
|
||||
rule: deny
|
||||
proto: tcp
|
||||
src: '2001:db8::/32'
|
||||
port: 25
|
||||
|
||||
# Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24.
|
||||
# Can be used to further restrict a global FORWARD policy set to allow
|
||||
ufw: rule=deny route=yes src=1.2.3.0/24 dest=4.5.6.0/24
|
||||
- ufw:
|
||||
rule: deny
|
||||
route: yes
|
||||
src: 1.2.3.0/24
|
||||
dest: 4.5.6.0/24
|
||||
'''
|
||||
|
||||
from operator import itemgetter
|
||||
|
|
|
@ -54,22 +54,38 @@ author: "Johan Wiren (@johanwiren)"
|
|||
|
||||
EXAMPLES = '''
|
||||
# Create a new file system called myfs in pool rpool with the setuid property turned off
|
||||
- zfs: name=rpool/myfs state=present setuid=off
|
||||
- zfs:
|
||||
name: rpool/myfs
|
||||
state: present
|
||||
setuid: off
|
||||
|
||||
# Create a new volume called myvol in pool rpool.
|
||||
- zfs: name=rpool/myvol state=present volsize=10M
|
||||
- zfs:
|
||||
name: rpool/myvol
|
||||
state: present
|
||||
volsize: 10M
|
||||
|
||||
# Create a snapshot of rpool/myfs file system.
|
||||
- zfs: name=rpool/myfs@mysnapshot state=present
|
||||
- zfs:
|
||||
name: rpool/myfs@mysnapshot
|
||||
state: present
|
||||
|
||||
# Create a new file system called myfs2 with snapdir enabled
|
||||
- zfs: name=rpool/myfs2 state=present snapdir=enabled
|
||||
- zfs:
|
||||
name: rpool/myfs2
|
||||
state: present
|
||||
snapdir: enabled
|
||||
|
||||
# Create a new file system by cloning a snapshot
|
||||
- zfs: name=rpool/cloned_fs state=present origin=rpool/myfs@mysnapshot
|
||||
- zfs:
|
||||
name: rpool/cloned_fs
|
||||
state: present
|
||||
origin: rpool/myfs@mysnapshot
|
||||
|
||||
# Destroy a filesystem
|
||||
- zfs: name=rpool/myfs state=absent
|
||||
- zfs:
|
||||
name: rpool/myfs
|
||||
state: absent
|
||||
'''
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue