Commit 9de9e14c authored by Lars Beckers's avatar Lars Beckers
Browse files

lint yaml files

parent 8b0499b1
---
extends: default
rules:
comments-indentation:
level: warning
document-start:
level: error
empty-lines:
max: 1
empty-values:
forbid-in-flow-mappings: true
forbid-in-block-mappings: true
line-length:
level: warning
octal-values:
forbid-implicit-octal: true
level: warning
......@@ -9,7 +9,7 @@ dhcp_fixed_hosts: []
dhcp_options: []
dhcp_default_lease_time: "12h"
dhcp_max_leases: 150
dhcp_authoritative: yes
dhcp_authoritative: true
tftp_active: yes
tftp_active: true
tftp_root: /srv/tftp
......@@ -14,7 +14,7 @@
group:
name: dnsmasq
state: present
system: yes
system: true
tags:
- dhcp-server
......@@ -22,7 +22,7 @@
user:
name: dnsmasq
state: present
system: yes
system: true
group: dnsmasq
tags:
- dhcp-server
......@@ -42,7 +42,7 @@
state: directory
owner: "{{ dnsmasq_user }}"
group: "{{ dnsmasq_group }}"
mode: 0755
mode: '0755'
when: tftp_active
tags:
- dhcp-server
......@@ -51,6 +51,6 @@
service:
name: dnsmasq
state: started
enabled: yes
enabled: true
tags:
- dhcp-server
......@@ -5,7 +5,8 @@ mrtg_switches:
- router: "switch"
community: "public"
use_weathermap: yes
use_weathermap: true
weathermap_placement_strategy: "graphviz"
weathermap_colorscale: "viridis"
# yamllint disable-line rule:line-length
weathermap_colorscale_hash: "sha256:389c7a479cd64136ad5bf49daab59358437f69cf3c74cf74f958b093c7df50fd"
......@@ -2,31 +2,56 @@
# file: shared-roles/network/mrtg
- name: ensure mrtg is installed
apt: name=mrtg state=present
apt:
name: mrtg
state: present
tags: mrtg
- name: ensure there is a group
group: name=mrtg state=present system=yes
group:
name: mrtg
state: present
system: true
tags: mrtg
- name: ensure we have a user
user: name=mrtg group=mrtg state=present system=yes shell=/usr/sbin/nologin home=/var/www createhome=no
user:
name: mrtg
group: mrtg
state: present
system: true
shell: /usr/sbin/nologin
home: /var/www
createhome: false
tags: mrtg
- name: ensure we have the web directory
file: owner=mrtg group=www-data path=/var/www/mrtg state=directory mode="u+rwx,g+rxs"
file:
owner: mrtg
group: www-data
path: /var/www/mrtg
state: directory
mode: "u+rwx,g+rxs"
tags: mrtg
- name: create the config
# yamllint disable-line rule:line-length
command: "cfgmaker --output /etc/mrtg.cfg {% for switch in mrtg_switches %} --ifdesc=alias {{switch['community']}}@{{switch['router']}}:::::2 {% endfor %}"
tags: mrtg
- name: ensure the mrtg user can read the mrtg config file
file: path=/etc/mrtg.cfg group=mrtg
file:
path: /etc/mrtg.cfg
group: mrtg
tags: mrtg
- name: ensure the mrtg user can read and write directories
file: path="{{item}}" state=directory owner=mrtg group=mrtg mode=0755
file:
path: "{{item}}"
state: directory
owner: mrtg
group: mrtg
mode: '0755'
with_items:
- /var/lib/mrtg
- /var/log/mrtg
......@@ -38,26 +63,31 @@
dest: /etc/tmpfiles.d/10-mrtg.conf
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- create tmpfiles
tags: mrtg
- name: create an index HTML page
# yamllint disable-line rule:line-length
command: "indexmaker --output /var/www/mrtg/index.html --title='Traffic of {{domain}}' --columns=3 --pagetop='{% for switch in mrtg_switches %}<a href=\"index-{{switch['router']}}.html\"><b>{{switch['router']}}</b>.{{domain}}</a> {% endfor %} {% if use_weathermap %}<a href=\"weathermap.html\">Weathermap</a>{%endif %}' /etc/mrtg.cfg"
become: yes
become: true
become_user: mrtg
tags: mrtg
- name: create separate index HTML pages
# yamllint disable-line rule:line-length
command: "indexmaker --output /var/www/mrtg/index-{{item['router']}}.html --title {{item['router']}}.{{domain}} --filter name=~{{item['router']}}_[0-9]+ --columns=3 --pagetop='<a href=\"index.html\">back</a>' /etc/mrtg.cfg"
with_items: "{{mrtg_switches}}"
become: yes
become: true
become_user: mrtg
tags: mrtg
- name: ensure we have our cron entry
copy: src=cron-entry dest=/etc/cron.d/mrtg mode=0544
copy:
src: cron-entry
dest: /etc/cron.d/mrtg
mode: '0544'
tags: mrtg
- import_tasks: weathermap.yml
......
......@@ -20,23 +20,27 @@
tags: weathermap
- name: install rotten php requirements
pear: name=Console_Getopt state=present
pear:
name: Console_Getopt
state: present
tags: weathermap
- name: get the weathermap package
get_url:
# yamllint disable-line rule:line-length
url: https://github.com/howardjones/network-weathermap/releases/download/version-0.98/php-weathermap-0.98.zip
dest: /opt/weathermap.zip
# yamllint disable-line rule:line-length
checksum: sha256:ab058229392e9f314ee39fddb5d57a7127a53a7f21d2914f5d52e928bb321b7c
owner: root
group: root
mode: 0644
mode: '0644'
tags: weathermap
- name: unpack the weathermap package
unarchive:
src: /opt/weathermap.zip
remote_src: yes
remote_src: true
dest: /opt/
tags: weathermap
......@@ -48,18 +52,22 @@
tags: weathermap
- name: upload the weathermap script
copy: src=makeweather.py dest=/root/makeweather.py
copy:
src: makeweather.py
dest: /root/makeweather.py
tags: weathermap
- name: get the weathermap colorscale
get_url:
dest: /root/colorscale.pal
# yamllint disable-line rule:line-length
url: "https://raw.githubusercontent.com/Gnuplotting/gnuplot-palettes/master/{{weathermap_colorscale}}.pal"
checksum: "{{weathermap_colorscale_hash}}"
when: weathermap_colorscale is not none
tags: weathermap
- name: create the weathermap config
# yamllint disable-line rule:line-length
script: "makeweather.py {{weathermap_placement_strategy}} --colorscale /root/colorscale.pal"
tags: weathermap
......@@ -69,16 +77,16 @@
dest: /var/www/mrtg/
owner: mrtg
group: www-data
mode: 0644
mode: '0644'
tags: weathermap
- name: create the weathermap regularly
cron:
name: "create weathermap"
minute: "*/5"
# yamllint disable-line rule:line-length
job: "cd /opt/weathermap && /opt/weathermap/weathermap --config /etc/weathermap.conf --output /var/www/mrtg/weathermap.png"
state: present
user: mrtg
cron_file: weathermap
tags: weathermap
---
networkd_type: 'dhcp' # or: 'static', 'bond'
networkd_type: 'dhcp' # or: 'static', 'bond'
# for static type only
networkd_address: 10.10.10.10/24
......@@ -8,17 +8,19 @@ networkd_gateway: 10.10.10.1
# for bond type only
networkd_bond: bond1
networkd_bond_devices: [ eth0, eth1 ]
networkd_bond_devices:
- eth0
- eth1
networkd_bond_vlans:
- id: 23
name: storage
bridge: no
bridge: false
address: 10.10.10.10/24
- id: 42
name: public
bridge: yes
bridge: true
address: 10.10.12.22/24
gateway: 10.10.12.1
- id: 69
name: transport
bridge: yes
bridge: true
......@@ -2,4 +2,3 @@
- name: restart networkd
service: name=systemd-networkd state=restarted
......@@ -6,7 +6,7 @@
dest: /etc/systemd/network/20-wired.network
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- restart networkd
......@@ -43,16 +43,16 @@
dest: /etc/systemd/network/{{ networkd_bond }}.netdev
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- restart networkd
- name: ensure bond network is configured
- name: ensure bond network is configured
template:
src: bond.network.j2
dest: /etc/systemd/network/{{ networkd_bond }}.network
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- restart networkd
- name: ensure vlan netdevs are configured
......@@ -61,7 +61,7 @@
dest: /etc/systemd/network/vl-{{ item.name }}.netdev
owner: root
group: root
mode: 0644
mode: '0644'
with_items: "{{ networkd_bond_vlans }}"
notify:
- restart networkd
......@@ -71,7 +71,7 @@
dest: /etc/systemd/network/vl-{{ item.name }}.network
owner: root
group: root
mode: 0644
mode: '0644'
with_items: "{{ networkd_bond_vlans }}"
notify:
- restart networkd
......@@ -81,7 +81,7 @@
dest: /etc/systemd/network/vmbr-{{ item.name }}.netdev
owner: root
group: root
mode: 0644
mode: '0644'
with_items: "{{ networkd_bond_vlans }}"
when: item.bridge == True
notify:
......@@ -92,7 +92,7 @@
dest: /etc/systemd/network/vmbr-{{ item.name }}.network
owner: root
group: root
mode: 0644
mode: '0644'
with_items: "{{ networkd_bond_vlans }}"
when: item.bridge == True
notify:
......@@ -103,13 +103,13 @@
service:
name: systemd-networkd
state: started
enabled: yes
enabled: true
- name: ensure legacy methods are disabled
systemd:
name: networking
enabled: no
ignore_errors: yes
enabled: false
ignore_errors: true
- name: ensure legacy methods are really disabled
apt:
......@@ -119,5 +119,4 @@
- name: ensure we wait for network to be online
service:
name: systemd-networkd-wait-online
enabled: yes
enabled: true
......@@ -14,4 +14,3 @@
- name: restart wpasupplicant@enp2s0
service: name=wpa_supplicant-wired@enp2s0 state=restarted
......@@ -6,14 +6,14 @@
state: present
tags:
- 8021x
- name: copy host certificate
copy:
src: "{{ radius_certs_dir }}/{{ inventory_hostname }}.{{ item }}"
dest: "/etc/wpa_supplicant/{{ inventory_hostname }}.{{ item }}"
owner: root
group: root
mode: 0400
mode: '0400'
with_items:
- pem
- key
......@@ -23,10 +23,11 @@
- name: configure wpasupplicant
template:
src: wpa_supplicant.j2
# yamllint disable-line rule:line-length
dest: "/etc/wpa_supplicant/wpa_supplicant-wired-{{ ansible_default_ipv4.interface }}.conf"
owner: root
group: root
mode: 0640
mode: '0640'
notify:
- "restart wpasupplicant@{{ ansible_default_ipv4.interface }}"
tags:
......@@ -48,7 +49,7 @@
dest: /usr/local/bin/wpa_wait.sh
owner: root
group: root
mode: 0755
mode: '0755'
tags:
- 8021x
......@@ -58,7 +59,7 @@
path: /etc/systemd/system/systemd-networkd.service.d
owner: root
group: root
mode: 0644
mode: '0644'
tags:
- 8021x
......@@ -68,7 +69,7 @@
dest: /etc/systemd/system/systemd-networkd.service.d/override.conf
owner: root
group: root
mode: 0644
mode: '0644'
notify:
- reload systemd service files
tags:
......@@ -80,7 +81,6 @@
service:
name: "wpa_supplicant-wired@{{ ansible_default_ipv4.interface }}"
state: started
enabled: yes
enabled: true
tags:
- 8021x
......@@ -40,8 +40,9 @@ radius_vlan_assignments:
radius_tunnel_checks:
- station: OtherStationSSID
# yamllint disable-line rule:line-length
condition: '(Ldap-Group == "CN=vlan42,CN=Users,DC=asta,DC=rwth-aachen,DC=de") || (&User-Name =~ /^host\/.*\.example\.com$/ )'
error: 'Not allowed to use this SSID'
# yamllint disable-line rule:line-length
- condition: '(&User-Name =~ /^host\/.*\.example\.com$/ ) || (Ldap-Group == "CN=foobar,CN=Users,DC=asta,DC=rwth-aachen,DC=de")'
error: 'User not allowed'
......@@ -21,7 +21,7 @@
dest: /etc/freeradius/3.0/certs/
owner: root
group: freerad
mode: 0640
mode: '0640'
with_items:
- dh
- cacert.pem
......@@ -39,7 +39,7 @@
dest: "/etc/freeradius/3.0/{{ item }}"
owner: root
group: root
mode: 0644
mode: '0644'
with_items:
- mods-available/eap
- mods-available/ldap
......@@ -55,7 +55,7 @@
dest: "/etc/freeradius/3.0/{{ item }}"
owner: root
group: freerad
mode: 0640
mode: '0640'
with_items:
- mods-available/mschap
- mods-available/realm
......@@ -71,7 +71,7 @@
- reload freeradius
tags:
- freeradius
- name: enable freeradius server modules
file:
src: "/etc/freeradius/3.0/mods-available/{{ item }}"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment