Update tags and add kernel-cleanup script
This commit is contained in:
parent
1c05c8729f
commit
ca3a5e144f
|
@ -18,10 +18,12 @@
|
||||||
#
|
#
|
||||||
# Remove obsolete issue-gen
|
# Remove obsolete issue-gen
|
||||||
#
|
#
|
||||||
- name: remove obsolete issue-gen script
|
- name: remove obsolete issue-gen script from PVC installer
|
||||||
file:
|
file:
|
||||||
dest: /etc/network/if-up.d/issue-gen
|
dest: /etc/network/if-up.d/issue-gen
|
||||||
state: absent
|
state: absent
|
||||||
|
when: newhost is defined and newhost
|
||||||
|
tags: always
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install custom fact scripts
|
# Install custom fact scripts
|
||||||
|
@ -31,6 +33,7 @@
|
||||||
dest: "/etc/ansible/facts.d"
|
dest: "/etc/ansible/facts.d"
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
|
tags: base-ansible
|
||||||
|
|
||||||
- name: install custom facts
|
- name: install custom facts
|
||||||
template:
|
template:
|
||||||
|
@ -42,22 +45,27 @@
|
||||||
- host_id
|
- host_id
|
||||||
- host_group
|
- host_group
|
||||||
- dhcp_status
|
- dhcp_status
|
||||||
|
tags: base-ansible
|
||||||
|
|
||||||
- name: regather facts
|
- name: regather facts
|
||||||
setup:
|
setup:
|
||||||
when: installed_facts.changed
|
when: installed_facts.changed
|
||||||
|
tags: base-ansible
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: ansible_local.host_group
|
var: ansible_local.host_group
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
tags: always
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: ansible_local.host_id
|
var: ansible_local.host_id
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
tags: always
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: ansible_local.dhcp_status
|
var: ansible_local.dhcp_status
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
tags: always
|
||||||
|
|
||||||
#
|
#
|
||||||
# Configure APT
|
# Configure APT
|
||||||
|
@ -71,14 +79,14 @@
|
||||||
- { src: "etc/apt/apt.conf.d/10norecommends.j2", dest: "/etc/apt/apt.conf.d/10norecommends" }
|
- { src: "etc/apt/apt.conf.d/10norecommends.j2", dest: "/etc/apt/apt.conf.d/10norecommends" }
|
||||||
- { src: "etc/apt/preferences.d/pins.j2", dest: "/etc/apt/preferences.d/pins" }
|
- { src: "etc/apt/preferences.d/pins.j2", dest: "/etc/apt/preferences.d/pins" }
|
||||||
- { src: "etc/apt/sources.list.{{ ansible_machine }}.j2", dest: "/etc/apt/sources.list" }
|
- { src: "etc/apt/sources.list.{{ ansible_machine }}.j2", dest: "/etc/apt/sources.list" }
|
||||||
tags: apt
|
tags: base-apt
|
||||||
|
|
||||||
- name: add key for bonilan repo
|
- name: add key for bonilan repo
|
||||||
apt_key:
|
apt_key:
|
||||||
url: "https://repo.bonifacelabs.net/debian/bonifacelabs_signing_key.pub"
|
url: "https://repo.bonifacelabs.net/debian/bonifacelabs_signing_key.pub"
|
||||||
id: "83D07192314835D4"
|
id: "83D07192314835D4"
|
||||||
state: present
|
state: present
|
||||||
tags: apt
|
tags: base-apt
|
||||||
|
|
||||||
#
|
#
|
||||||
# Safe apt upgrades (on first install only)
|
# Safe apt upgrades (on first install only)
|
||||||
|
@ -87,6 +95,8 @@
|
||||||
- name: apt update
|
- name: apt update
|
||||||
apt:
|
apt:
|
||||||
update-cache: yes
|
update-cache: yes
|
||||||
|
when: newhost is defined and newhost
|
||||||
|
tags: base-apt
|
||||||
|
|
||||||
- name: aptitude safe upgrade with autoremove
|
- name: aptitude safe upgrade with autoremove
|
||||||
apt:
|
apt:
|
||||||
|
@ -94,6 +104,7 @@
|
||||||
autoremove: yes
|
autoremove: yes
|
||||||
upgrade: safe
|
upgrade: safe
|
||||||
when: newhost is defined and newhost
|
when: newhost is defined and newhost
|
||||||
|
tags: base-apt
|
||||||
|
|
||||||
- name: install dbus
|
- name: install dbus
|
||||||
apt:
|
apt:
|
||||||
|
@ -101,12 +112,14 @@
|
||||||
- dbus
|
- dbus
|
||||||
state: latest
|
state: latest
|
||||||
when: newhost is defined and newhost
|
when: newhost is defined and newhost
|
||||||
|
tags: base-apt
|
||||||
|
|
||||||
- name: clean out apt cache
|
- name: clean out apt cache
|
||||||
file:
|
file:
|
||||||
path: "/var/cache/apt/archives"
|
path: "/var/cache/apt/archives"
|
||||||
state: absent
|
state: absent
|
||||||
when: newhost is defined and newhost
|
when: newhost is defined and newhost
|
||||||
|
tags: base-apt
|
||||||
|
|
||||||
#
|
#
|
||||||
# Purge unneeded packages
|
# Purge unneeded packages
|
||||||
|
@ -123,15 +136,13 @@
|
||||||
state: absent
|
state: absent
|
||||||
purge: yes
|
purge: yes
|
||||||
autoremove: yes
|
autoremove: yes
|
||||||
|
tags: base-packages
|
||||||
#
|
|
||||||
# Install common packages
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: set override debconf selections
|
- name: set override debconf selections
|
||||||
shell: 'echo "{{ item }}" | debconf-set-selections'
|
shell: 'echo "{{ item }}" | debconf-set-selections'
|
||||||
with_items:
|
with_items:
|
||||||
- "wireshark-common wireshark-common/install-setuid boolean true"
|
- "wireshark-common wireshark-common/install-setuid boolean true"
|
||||||
|
tags: base-packages
|
||||||
|
|
||||||
- name: install common packages (all arch)
|
- name: install common packages (all arch)
|
||||||
apt:
|
apt:
|
||||||
|
@ -202,6 +213,17 @@
|
||||||
- haveged
|
- haveged
|
||||||
- linux-image-amd64
|
- linux-image-amd64
|
||||||
- linux-headers-amd64
|
- linux-headers-amd64
|
||||||
|
tags: base-packages
|
||||||
|
|
||||||
|
- name: install cleanup scripts
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: 0755
|
||||||
|
with_items:
|
||||||
|
- { src: "usr/local/sbin/kernel-cleanup.sh.j2", dest: "/usr/local/sbin/kernel-cleanup.sh" }
|
||||||
|
- { src: "usr/local/sbin/dpkg-cleanup.sh.j2", dest: "/usr/local/sbin/dpkg-cleanup.sh" }
|
||||||
|
tags: base-packages
|
||||||
|
|
||||||
#
|
#
|
||||||
# System configuration
|
# System configuration
|
||||||
|
@ -212,7 +234,7 @@
|
||||||
template:
|
template:
|
||||||
src: etc/network/interfaces.j2
|
src: etc/network/interfaces.j2
|
||||||
dest: /etc/network/interfaces
|
dest: /etc/network/interfaces
|
||||||
tags: network
|
tags: base-network
|
||||||
|
|
||||||
- name: install per-interface files
|
- name: install per-interface files
|
||||||
template:
|
template:
|
||||||
|
@ -221,13 +243,14 @@
|
||||||
with_dict: "{{ networks }}"
|
with_dict: "{{ networks }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: network
|
loop_var: network
|
||||||
tags: network
|
tags: base-network
|
||||||
|
|
||||||
# capabilities
|
# capabilities
|
||||||
- name: set ping capabilities
|
- name: set ping capabilities
|
||||||
capabilities:
|
capabilities:
|
||||||
path: /bin/ping
|
path: /bin/ping
|
||||||
capability: cap_net_raw=ep
|
capability: cap_net_raw=ep
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
# locale
|
# locale
|
||||||
- name: install locale config files
|
- name: install locale config files
|
||||||
|
@ -239,6 +262,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/default/locale.j2", dest: "/etc/default/locale" }
|
- { src: "etc/default/locale.j2", dest: "/etc/default/locale" }
|
||||||
- { src: "etc/locale.gen.j2", dest: "/etc/locale.gen" }
|
- { src: "etc/locale.gen.j2", dest: "/etc/locale.gen" }
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
- name: set timezone
|
- name: set timezone
|
||||||
file:
|
file:
|
||||||
|
@ -246,6 +270,30 @@
|
||||||
dest: /etc/localtime
|
dest: /etc/localtime
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: yes
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
|
# sysctl
|
||||||
|
- name: install sysctl tweaks
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
with_items:
|
||||||
|
- { src: "etc/sysctl.d/pvc.conf.j2", dest: "/etc/sysctl.d/pvc.conf" }
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
|
- name: activate sysctl tweaks
|
||||||
|
shell: "sysctl -p {{ item }}"
|
||||||
|
with_items:
|
||||||
|
- /etc/sysctl.d/pvc.conf
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
|
# sudo
|
||||||
|
- name: write the sudoers file
|
||||||
|
template:
|
||||||
|
src: "etc/sudoers.j2"
|
||||||
|
dest: "/etc/sudoers"
|
||||||
|
mode: 0440
|
||||||
|
tags: base-system
|
||||||
|
|
||||||
# dns
|
# dns
|
||||||
- name: write the hosts config
|
- name: write the hosts config
|
||||||
|
@ -254,29 +302,16 @@
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/hosts.j2", dest: "/etc/hosts" }
|
- { src: "etc/hosts.j2", dest: "/etc/hosts" }
|
||||||
tags: dns
|
tags: base-dns
|
||||||
|
|
||||||
- name: write the resolver configs
|
- name: write the resolver configs
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/dhcp/dhclient-enter-hooks.d/noresolv.j2", dest: "/etc/dhcp/dhclient-enter-hooks.d/noresolv" }
|
|
||||||
- { src: "etc/resolv.conf.j2", dest: "/etc/resolv.conf" }
|
- { src: "etc/resolv.conf.j2", dest: "/etc/resolv.conf" }
|
||||||
tags: dns
|
- { src: "etc/dhcp/dhclient-enter-hooks.d/noresolv.j2", dest: "/etc/dhcp/dhclient-enter-hooks.d/noresolv" }
|
||||||
|
tags: base-dns
|
||||||
# acpi
|
|
||||||
- name: install sysctl tweaks
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
with_items:
|
|
||||||
- { src: "etc/sysctl.d/pvc.conf.j2", dest: "/etc/sysctl.d/pvc.conf" }
|
|
||||||
|
|
||||||
- name: activate sysctl tweaks
|
|
||||||
shell: "sysctl -p {{ item }}"
|
|
||||||
with_items:
|
|
||||||
- /etc/sysctl.d/pvc.conf
|
|
||||||
|
|
||||||
# syslog
|
# syslog
|
||||||
- name: install rsyslog and logrotate configs
|
- name: install rsyslog and logrotate configs
|
||||||
|
@ -288,7 +323,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/rsyslog.conf.j2", dest: "/etc/rsyslog.conf" }
|
- { src: "etc/rsyslog.conf.j2", dest: "/etc/rsyslog.conf" }
|
||||||
- { src: "etc/logrotate.d/rsyslog.j2", dest: "/etc/logrotate.d/rsyslog" }
|
- { src: "etc/logrotate.d/rsyslog.j2", dest: "/etc/logrotate.d/rsyslog" }
|
||||||
tags: rsyslog
|
tags: base-syslog
|
||||||
|
|
||||||
- name: set journalctl persistence
|
- name: set journalctl persistence
|
||||||
template:
|
template:
|
||||||
|
@ -297,7 +332,7 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/systemd/journald.conf.j2", dest: "/etc/systemd/journald.conf" }
|
- { src: "etc/systemd/journald.conf.j2", dest: "/etc/systemd/journald.conf" }
|
||||||
tags: rsyslog
|
tags: base-syslog
|
||||||
|
|
||||||
# cron
|
# cron
|
||||||
- name: install crontab
|
- name: install crontab
|
||||||
|
@ -307,6 +342,7 @@
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/crontab.j2", dest: "/etc/crontab" }
|
- { src: "etc/crontab.j2", dest: "/etc/crontab" }
|
||||||
|
tags: base-cron
|
||||||
|
|
||||||
# mta
|
# mta
|
||||||
- name: install postfix generic config
|
- name: install postfix generic config
|
||||||
|
@ -315,15 +351,14 @@
|
||||||
dest: "/etc/postfix/main.cf"
|
dest: "/etc/postfix/main.cf"
|
||||||
notify:
|
notify:
|
||||||
- restart postfix
|
- restart postfix
|
||||||
|
tags: base-mta
|
||||||
|
|
||||||
- name: touch the postfix aliases file
|
- name: touch the postfix aliases file
|
||||||
file:
|
file:
|
||||||
dest: /etc/postfix/aliases
|
dest: /etc/postfix/aliases
|
||||||
state: touch
|
state: touch
|
||||||
|
tags: base-mta
|
||||||
|
|
||||||
#
|
|
||||||
# Local alias maps
|
|
||||||
#
|
|
||||||
- name: install local alias maps for various users
|
- name: install local alias maps for various users
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/aliases"
|
dest: "/etc/aliases"
|
||||||
|
@ -337,6 +372,7 @@
|
||||||
- clamav
|
- clamav
|
||||||
notify:
|
notify:
|
||||||
- newaliases
|
- newaliases
|
||||||
|
tags: base-mta
|
||||||
|
|
||||||
# ntp
|
# ntp
|
||||||
- name: write the NTP config file
|
- name: write the NTP config file
|
||||||
|
@ -347,23 +383,26 @@
|
||||||
- restart ntp
|
- restart ntp
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/ntp.conf.j2", dest: "/etc/ntp.conf" }
|
- { src: "etc/ntp.conf.j2", dest: "/etc/ntp.conf" }
|
||||||
tags: ntp
|
tags: base-time
|
||||||
|
|
||||||
# ssl
|
# ssl
|
||||||
- name: ensure haveged is running
|
- name: ensure haveged is running
|
||||||
service:
|
service:
|
||||||
name: haveged
|
name: haveged
|
||||||
state: started
|
state: started
|
||||||
|
tags: base-ssl
|
||||||
|
|
||||||
- name: generate diffie-hellman parameters
|
- name: generate diffie-hellman parameters
|
||||||
command: openssl dhparam -out /etc/ssl/dhparams.pem 2048
|
command: openssl dhparam -out /etc/ssl/dhparams.pem 2048
|
||||||
args:
|
args:
|
||||||
creates: /etc/ssl/dhparams.pem
|
creates: /etc/ssl/dhparams.pem
|
||||||
|
tags: base-ssl
|
||||||
|
|
||||||
- name: correct permissions on dhparams
|
- name: correct permissions on dhparams
|
||||||
file:
|
file:
|
||||||
dest: /etc/ssl/dhparams.pem
|
dest: /etc/ssl/dhparams.pem
|
||||||
mode: 0440
|
mode: 0440
|
||||||
|
tags: base-ssl
|
||||||
|
|
||||||
# ssh
|
# ssh
|
||||||
- name: write the sshd_config files
|
- name: write the sshd_config files
|
||||||
|
@ -377,13 +416,13 @@
|
||||||
- { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
|
- { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
|
||||||
- { src: 'etc/ssh/shosts.equiv.j2', dest: '/etc/ssh/shosts.equiv' }
|
- { src: 'etc/ssh/shosts.equiv.j2', dest: '/etc/ssh/shosts.equiv' }
|
||||||
- { src: 'etc/ssh/ssh_known_hosts.j2', dest: '/etc/ssh/ssh_known_hosts' }
|
- { src: 'etc/ssh/ssh_known_hosts.j2', dest: '/etc/ssh/ssh_known_hosts' }
|
||||||
tags: ssh
|
tags: base-ssh
|
||||||
|
|
||||||
- name: write sshd pam.d config
|
- name: write sshd pam.d config
|
||||||
template:
|
template:
|
||||||
src: "etc/pam.d/sshd.j2"
|
src: "etc/pam.d/sshd.j2"
|
||||||
dest: "/etc/pam.d/sshd"
|
dest: "/etc/pam.d/sshd"
|
||||||
tags: ssh
|
tags: base-ssh
|
||||||
|
|
||||||
- name: remove unneeded SSH keys (leave only RSA and ED25519)
|
- name: remove unneeded SSH keys (leave only RSA and ED25519)
|
||||||
file:
|
file:
|
||||||
|
@ -396,7 +435,7 @@
|
||||||
- /etc/ssh/ssh_host_ecdsa_key.pub
|
- /etc/ssh/ssh_host_ecdsa_key.pub
|
||||||
notify:
|
notify:
|
||||||
- restart ssh
|
- restart ssh
|
||||||
tags: ssh
|
tags: base-ssh
|
||||||
|
|
||||||
- name: set permissions on rsa and ed25519 host keys (just in case they're wrong)
|
- name: set permissions on rsa and ed25519 host keys (just in case they're wrong)
|
||||||
file:
|
file:
|
||||||
|
@ -407,20 +446,14 @@
|
||||||
- { name: 'ssh_host_rsa_key.pub', mode: '644' }
|
- { name: 'ssh_host_rsa_key.pub', mode: '644' }
|
||||||
- { name: 'ssh_host_ed25519_key', mode: '600' }
|
- { name: 'ssh_host_ed25519_key', mode: '600' }
|
||||||
- { name: 'ssh_host_ed25519_key.pub', mode: '644' }
|
- { name: 'ssh_host_ed25519_key.pub', mode: '644' }
|
||||||
tags: ssh
|
tags: base-ssh
|
||||||
|
|
||||||
# sudo
|
|
||||||
- name: write the sudoers file
|
|
||||||
template:
|
|
||||||
src: "etc/sudoers.j2"
|
|
||||||
dest: "/etc/sudoers"
|
|
||||||
mode: 0440
|
|
||||||
|
|
||||||
# bash
|
# bash
|
||||||
- name: write the bash.bashrc config file
|
- name: write the bash.bashrc config file
|
||||||
template:
|
template:
|
||||||
src: "etc/bash.bashrc.j2"
|
src: "etc/bash.bashrc.j2"
|
||||||
dest: "/etc/bash.bashrc"
|
dest: "/etc/bash.bashrc"
|
||||||
|
tags: base-shell
|
||||||
|
|
||||||
# motd
|
# motd
|
||||||
- name: ensure update-motd and profile.d scripts are present
|
- name: ensure update-motd and profile.d scripts are present
|
||||||
|
@ -432,7 +465,7 @@
|
||||||
- { src: "usr/local/sbin/update-motd.sh.j2", dest: "/usr/local/sbin/update-motd.sh" }
|
- { src: "usr/local/sbin/update-motd.sh.j2", dest: "/usr/local/sbin/update-motd.sh" }
|
||||||
- { src: "etc/profile.d/w.sh.j2", dest: "/etc/profile.d/w.sh" }
|
- { src: "etc/profile.d/w.sh.j2", dest: "/etc/profile.d/w.sh" }
|
||||||
- { src: "etc/profile.d/pvc.sh.j2", dest: "/etc/profile.d/zzz_pvc.sh" }
|
- { src: "etc/profile.d/pvc.sh.j2", dest: "/etc/profile.d/zzz_pvc.sh" }
|
||||||
tags: motd
|
tags: base-shell
|
||||||
|
|
||||||
- name: install update-motd crontab
|
- name: install update-motd crontab
|
||||||
template:
|
template:
|
||||||
|
@ -441,23 +474,13 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items:
|
with_items:
|
||||||
- { src: "etc/cron.d/update-motd.j2", dest: "/etc/cron.d/update-motd" }
|
- { src: "etc/cron.d/update-motd.j2", dest: "/etc/cron.d/update-motd" }
|
||||||
tags: motd
|
tags: base-shell
|
||||||
|
|
||||||
- name: ensure /etc/motd is absent
|
- name: ensure /etc/motd is absent
|
||||||
file:
|
file:
|
||||||
dest: "/etc/motd"
|
dest: "/etc/motd"
|
||||||
state: absent
|
state: absent
|
||||||
tags: motd
|
tags: base-shell
|
||||||
|
|
||||||
# dpkg
|
|
||||||
- name: install dpkg-cleanup script
|
|
||||||
template:
|
|
||||||
src: "{{ item.src }}"
|
|
||||||
dest: "{{ item.dest }}"
|
|
||||||
mode: 0755
|
|
||||||
with_items:
|
|
||||||
- { src: "usr/local/sbin/dpkg-cleanup.sh.j2", dest: "/usr/local/sbin/dpkg-cleanup.sh" }
|
|
||||||
tags: dpkg
|
|
||||||
|
|
||||||
# fail2ban
|
# fail2ban
|
||||||
- name: install fail2ban configurations
|
- name: install fail2ban configurations
|
||||||
|
@ -471,7 +494,7 @@
|
||||||
- { src: "etc/fail2ban/filter.d/sshd.conf.j2", dest: "/etc/fail2ban/filter.d/sshd.conf" }
|
- { src: "etc/fail2ban/filter.d/sshd.conf.j2", dest: "/etc/fail2ban/filter.d/sshd.conf" }
|
||||||
- { src: "etc/fail2ban/jail.d/sshd.conf.j2", dest: "/etc/fail2ban/jail.d/sshd.conf" }
|
- { src: "etc/fail2ban/jail.d/sshd.conf.j2", dest: "/etc/fail2ban/jail.d/sshd.conf" }
|
||||||
- { src: "etc/fail2ban/jail.d/sshd.local.j2", dest: "/etc/fail2ban/jail.d/sshd.local" }
|
- { src: "etc/fail2ban/jail.d/sshd.local.j2", dest: "/etc/fail2ban/jail.d/sshd.local" }
|
||||||
tags: fail2ban
|
tags: base-fail2ban
|
||||||
|
|
||||||
# check-mk-agent
|
# check-mk-agent
|
||||||
- name: install check_mk agent plugins
|
- name: install check_mk agent plugins
|
||||||
|
@ -487,7 +510,7 @@
|
||||||
- freshness
|
- freshness
|
||||||
- kernelversion
|
- kernelversion
|
||||||
- ownership
|
- ownership
|
||||||
tags: check-mk-agent
|
tags: base-cmkagent
|
||||||
|
|
||||||
#
|
#
|
||||||
# Configure users
|
# Configure users
|
||||||
|
@ -734,7 +757,7 @@
|
||||||
- name: create vimdir
|
- name: create vimdir
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
dest: /var/home/{{ item.name }}/.vim
|
dest: /var/home/{{ item.name }}/.vim
|
||||||
owner: "{{ item.name }}"
|
owner: "{{ item.name }}"
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
|
@ -756,5 +779,6 @@
|
||||||
- postfix
|
- postfix
|
||||||
- ntp
|
- ntp
|
||||||
- ssh
|
- ssh
|
||||||
|
tags: base-services
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# kernel-cleanup.sh - Remove obsolete packages and config files
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
# Determine the active running kernel
|
||||||
|
RUNNING_KERNEL="$( uname -v | awk '{ print $4 }' )"
|
||||||
|
|
||||||
|
# Determine the list of installed kernels (latest is always last)
|
||||||
|
INSTALLED_KERNELS=( $( dpkg -l | grep 'linux-image-[0-9]' | awk '{ print $3 }' ) )
|
||||||
|
NUM_INSTALLED=${{ '{#' }}INSTALLED_KERNELS[@]}
|
||||||
|
|
||||||
|
if [[ ${NUM_INSTALLED} -le 1 ]]; then
|
||||||
|
echo "A single kernel is installed, aborting cleanly."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
LATEST_KERNEL="${INSTALLED_KERNELS[-1]}"
|
||||||
|
if [[ ${LATEST_KERNEL} == ${RUNNING_KERNEL} ]]; then
|
||||||
|
force="--allow-remove-essential"
|
||||||
|
else
|
||||||
|
force=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove the latest kernel from the array
|
||||||
|
NUM_REMOVABLE=$(( ${NUM_INSTALLED} - 1 ))
|
||||||
|
REMOVABLE_KERNELS=( ${INSTALLED_KERNELS[@]:0:${NUM_REMOVABLE}} )
|
||||||
|
|
||||||
|
PURGE_PACKAGES=()
|
||||||
|
for KERNEL in ${REMOVABLE_KERNELS[@]}; do
|
||||||
|
PURGE_PACKAGES+=( $( dpkg -l | grep ${KERNEL} | awk '{ print $2 }' ) )
|
||||||
|
done
|
||||||
|
|
||||||
|
# Override the "linux-check-removal" script
|
||||||
|
mv /usr/bin/linux-check-removal /usr/bin/linux-check-removal.orig
|
||||||
|
echo -e '#!/bin/sh\necho "Overriding default linux-check-removal script!"\nexit 0' > /usr/bin/linux-check-removal
|
||||||
|
chmod +x /usr/bin/linux-check-removal
|
||||||
|
|
||||||
|
# Remove the packages
|
||||||
|
echo "Removing: ${PURGE_PACKAGES[@]}"
|
||||||
|
apt-get purge --yes ${force} ${PURGE_PACKAGES[@]}
|
||||||
|
|
||||||
|
# Restore the "linux-check-removal" script
|
||||||
|
mv /usr/bin/linux-check-removal.orig /usr/bin/linux-check-removal
|
||||||
|
|
||||||
|
# Make sure there is still a valid kernel installed (just in case something broke)
|
||||||
|
if [[ $( dpkg -l | grep 'linux-image-[0-9]' | wc -l ) -lt 1 ]]; then
|
||||||
|
echo "WARNING: NO KERNEL IS INSTALLED. THROWING ERROR AND ABORTING."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
exit 0
|
Loading…
Reference in New Issue