diff --git a/.ansible-lint b/.ansible-lint index a37aba5..574559c 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -21,6 +21,6 @@ exclude_paths: - .markdownlint.yaml - examples/roles/ mock_roles: - - linux-system-roles.template + - linux-system-roles.aide supported_ansible_also: - "2.14.0" diff --git a/.github/workflows/tft.yml b/.github/workflows/tft.yml index ccb89b0..0ade297 100644 --- a/.github/workflows/tft.yml +++ b/.github/workflows/tft.yml @@ -181,7 +181,7 @@ jobs: api_key: ${{ secrets.TF_API_KEY_RH }} update_pull_request_status: false tmt_hardware: '{ "memory": ">= ${{ needs.prepare_vars.outputs.memory }} MB" }' - tmt_plan_filter: "tag:general,template" + tmt_plan_filter: "tag:general,aide" - name: Set final commit status uses: myrotvorets/set-commit-status-action@master diff --git a/.github/workflows/weekly_ci.yml b/.github/workflows/weekly_ci.yml index aff7f38..c13fc57 100644 --- a/.github/workflows/weekly_ci.yml +++ b/.github/workflows/weekly_ci.yml @@ -4,7 +4,7 @@ name: Weekly CI trigger on: # yamllint disable-line rule:truthy workflow_dispatch: schedule: - - cron: 0 0 * * 6 + - cron: 0 11 * * 6 env: BRANCH_NAME: weekly-ci COMMIT_MESSAGE: "ci: This PR is to trigger periodic CI testing" diff --git a/README.md b/README.md index 7229849..900c259 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ # Role Name -[![ansible-lint.yml](https://github.com/linux-system-roles/template/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/template/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/template/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/template/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/template/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/template/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/template/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/woke.yml) +[![ansible-lint.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml) -![template](https://github.com/linux-system-roles/template/workflows/tox/badge.svg) - -A template for an ansible role that configures some GNU/Linux subsystem or -service. A brief description of the role goes here. +Ansible role for managing Advanced Intrusion Detection Environment (AIDE). ## Requirements @@ -34,12 +31,12 @@ A description of all input variables (i.e. variables that are defined in `defaults/main.yml`) for the role should go here as these form an API of the role. Each variable should have its own section e.g. -### template_foo +### aide_foo This variable is required. It is a string that lists the foo of the role. There is no default value. -### template_bar +### aide_bar This variable is optional. It is a boolean that tells the role to disable bar. The default value is `true`. @@ -53,8 +50,8 @@ the lifetime. Example of setting the variables: ```yaml -template_foo: "oof" -template_bar: false +aide_foo: "oof" +aide_bar: false ``` ## Variables Exported by the Role @@ -63,12 +60,12 @@ This section is optional. Some roles may export variables for playbooks to use later. These are analogous to "return values" in Ansible modules. For example, if a role performs some action that will require a system reboot, but the user wants to defer the reboot, the role might set a variable like -`template_reboot_needed: true` that the playbook can use to reboot at a more +`aide_reboot_needed: true` that the playbook can use to reboot at a more convenient time. Example: -### template_reboot_needed +### aide_reboot_needed Default `false` - if `true`, this means a reboot is needed to apply the changes made by the role @@ -79,13 +76,13 @@ Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: ```yaml -- name: Manage the template subsystem +- name: Manage the aide subsystem hosts: all vars: - template_foo: "foo foo!" - template_bar: false + aide_foo: "foo foo!" + aide_bar: false roles: - - linux-system-roles.template + - linux-system-roles.aide ``` More examples can be provided in the [`examples/`](examples) directory. These diff --git a/contributing.md b/contributing.md index 44e3ad0..4bc2ae1 100644 --- a/contributing.md +++ b/contributing.md @@ -1,4 +1,4 @@ -# Contributing to the template Linux System Role +# Contributing to the aide Linux System Role ## Where to start @@ -12,10 +12,10 @@ This has all of the common information that all role developers need: * How to create git commits and submit pull requests **Bugs and needed implementations** are listed on -[Github Issues](https://github.com/linux-system-roles/template/issues). +[Github Issues](https://github.com/linux-system-roles/aide/issues). Issues labeled with -[**help wanted**](https://github.com/linux-system-roles/template/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) +[**help wanted**](https://github.com/linux-system-roles/aide/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) are likely to be suitable for new contributors! -**Code** is managed on [Github](https://github.com/linux-system-roles/template), using +**Code** is managed on [Github](https://github.com/linux-system-roles/aide), using [Pull Requests](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). diff --git a/defaults/main.yml b/defaults/main.yml index 6944529..a5858b6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,5 +4,5 @@ # This file also serves as a documentation for such a variables. # Examples of role input variables: -template_foo: foo -template_bar: true +aide_foo: foo +aide_bar: true diff --git a/examples/simple.yml b/examples/simple.yml index 4f1456e..10359eb 100644 --- a/examples/simple.yml +++ b/examples/simple.yml @@ -1,9 +1,9 @@ # SPDX-License-Identifier: MIT --- -- name: Example template role invocation +- name: Example aide role invocation hosts: all vars: - template_foo: example variable value - template_bar: false + aide_foo: example variable value + aide_bar: false roles: - - linux-system-roles.template + - linux-system-roles.aide diff --git a/handlers/main.yml b/handlers/main.yml index 726022e..9822dcd 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ # SPDX-License-Identifier: MIT --- -- name: Handler for template to restart services +- name: Handler for aide to restart services service: name: "{{ item }}" state: restarted - loop: "{{ __template_services }}" + loop: "{{ __aide_services }}" diff --git a/tasks/main.yml b/tasks/main.yml index 6eb72a5..e756be5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,9 +6,9 @@ # Examples of some tasks: - name: Ensure required packages are installed package: - name: "{{ __template_packages }}" + name: "{{ __aide_packages }}" state: present - use: "{{ (__template_is_ostree | d(false)) | + use: "{{ (__aide_is_ostree | d(false)) | ternary('ansible.posix.rhel_rpm_ostree', omit) }}" - name: Ensure required services are enabled and started @@ -16,12 +16,12 @@ name: "{{ item }}" state: started enabled: true - loop: "{{ __template_services }}" + loop: "{{ __aide_services }}" -- name: Generate /etc/{{ __template_foo_config }} +- name: Generate /etc/{{ __aide_foo_config }} template: - src: "{{ __template_foo_config }}.j2" - dest: /etc/{{ __template_foo_config }} + src: "{{ __aide_foo_config }}.j2" + dest: /etc/{{ __aide_foo_config }} backup: true mode: "0400" - notify: Handler for template to restart services + notify: Handler for aide to restart services diff --git a/tests/roles/linux-system-roles.template/defaults b/tests/roles/linux-system-roles.aide/defaults similarity index 100% rename from tests/roles/linux-system-roles.template/defaults rename to tests/roles/linux-system-roles.aide/defaults diff --git a/tests/roles/linux-system-roles.template/handlers b/tests/roles/linux-system-roles.aide/handlers similarity index 100% rename from tests/roles/linux-system-roles.template/handlers rename to tests/roles/linux-system-roles.aide/handlers diff --git a/tests/roles/linux-system-roles.template/meta b/tests/roles/linux-system-roles.aide/meta similarity index 100% rename from tests/roles/linux-system-roles.template/meta rename to tests/roles/linux-system-roles.aide/meta diff --git a/tests/roles/linux-system-roles.template/tasks b/tests/roles/linux-system-roles.aide/tasks similarity index 100% rename from tests/roles/linux-system-roles.template/tasks rename to tests/roles/linux-system-roles.aide/tasks diff --git a/tests/roles/linux-system-roles.template/templates b/tests/roles/linux-system-roles.aide/templates similarity index 100% rename from tests/roles/linux-system-roles.template/templates rename to tests/roles/linux-system-roles.aide/templates diff --git a/tests/roles/linux-system-roles.template/vars b/tests/roles/linux-system-roles.aide/vars similarity index 100% rename from tests/roles/linux-system-roles.template/vars rename to tests/roles/linux-system-roles.aide/vars diff --git a/tests/setup-snapshot.yml b/tests/setup-snapshot.yml index a7704df..8611bf1 100644 --- a/tests/setup-snapshot.yml +++ b/tests/setup-snapshot.yml @@ -4,11 +4,11 @@ tasks: - name: Set platform/version specific variables include_role: - name: linux-system-roles.template + name: linux-system-roles.aide tasks_from: set_vars.yml public: true - name: Install test packages package: - name: "{{ __template_packages }}" + name: "{{ __aide_packages }}" state: present diff --git a/tests/tests_default.yml b/tests/tests_default.yml index 4457422..b82e8f2 100644 --- a/tests/tests_default.yml +++ b/tests/tests_default.yml @@ -4,10 +4,10 @@ hosts: all gather_facts: false # test that role works in this case roles: - - linux-system-roles.template + - linux-system-roles.aide tasks: - name: Check header for ansible_managed, fingerprint include_tasks: tasks/check_header.yml vars: __file: /etc/foo.conf - __fingerprint: system_role:template + __fingerprint: system_role:aide diff --git a/tests/tests_include_vars_from_parent.yml b/tests/tests_include_vars_from_parent.yml index fc795dd..26e39ee 100644 --- a/tests/tests_include_vars_from_parent.yml +++ b/tests/tests_include_vars_from_parent.yml @@ -44,7 +44,7 @@ import_role: name: caller vars: - roletoinclude: linux-system-roles.template + roletoinclude: linux-system-roles.aide - name: Cleanup file: diff --git a/tests/vars/rh_distros_vars.yml b/tests/vars/rh_distros_vars.yml new file mode 100644 index 0000000..72a891a --- /dev/null +++ b/tests/vars/rh_distros_vars.yml @@ -0,0 +1,20 @@ +# vars for handling conditionals for RedHat and clones +# DO NOT EDIT - file is auto-generated +# repo is https://github.com/linux-system-roles/.github +# file is playbooks/templates/tests/vars/rh_distros_vars.yml +--- +# Ansible distribution identifiers that the role treats like RHEL +__aide_rh_distros: + - AlmaLinux + - CentOS + - RedHat + - Rocky + +# Same as above but includes Fedora +__aide_rh_distros_fedora: "{{ __aide_rh_distros + ['Fedora'] }}" + +# Use this in conditionals to check if distro is Red Hat or clone +__aide_is_rh_distro: "{{ ansible_distribution in __aide_rh_distros }}" + +# Use this in conditionals to check if distro is Red Hat or clone, or Fedora +__aide_is_rh_distro_fedora: "{{ ansible_distribution in __aide_rh_distros_fedora }}" diff --git a/vars/AlmaLinux_10.yml b/vars/AlmaLinux_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/AlmaLinux_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/AlmaLinux_8.yml b/vars/AlmaLinux_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/AlmaLinux_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/AlmaLinux_9.yml b/vars/AlmaLinux_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/AlmaLinux_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/CentOS_10.yml b/vars/CentOS_10.yml deleted file mode 100644 index 7331ad9..0000000 --- a/vars/CentOS_10.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 10 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_10.yml b/vars/CentOS_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/CentOS_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/CentOS_7.yml b/vars/CentOS_7.yml deleted file mode 100644 index 24448bc..0000000 --- a/vars/CentOS_7.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 7 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_7.yml b/vars/CentOS_7.yml new file mode 120000 index 0000000..105e630 --- /dev/null +++ b/vars/CentOS_7.yml @@ -0,0 +1 @@ +RedHat_7.yml \ No newline at end of file diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml deleted file mode 100644 index 0fb6af8..0000000 --- a/vars/CentOS_8.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 8 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/CentOS_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml deleted file mode 100644 index 7c25b3c..0000000 --- a/vars/CentOS_9.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 9 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/CentOS_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/Rocky_10.yml b/vars/Rocky_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/Rocky_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/Rocky_8.yml b/vars/Rocky_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/Rocky_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/Rocky_9.yml b/vars/Rocky_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/Rocky_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 24f178c..3c51452 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -5,11 +5,11 @@ # value in a platform/version specific file in vars/ # Examples of non-distribution specific (generic) internal variables: -__template_foo_config: foo.conf -__template_packages: [] -__template_services: [] +__aide_foo_config: foo.conf +__aide_packages: [] +__aide_services: [] # ansible_facts required by the role -__template_required_facts: +__aide_required_facts: - distribution - distribution_major_version - distribution_version @@ -17,5 +17,23 @@ __template_required_facts: # the subsets of ansible_facts that need to be gathered in case any of the # facts in required_facts is missing; see the documentation of # the 'gather_subset' parameter of the 'setup' module -__template_required_facts_subsets: "{{ ['!all', '!min'] + - __template_required_facts }}" +__aide_required_facts_subsets: "{{ ['!all', '!min'] + + __aide_required_facts }}" + +# BEGIN - DO NOT EDIT THIS BLOCK - rh distros variables +# Ansible distribution identifiers that the role treats like RHEL +__aide_rh_distros: + - AlmaLinux + - CentOS + - RedHat + - Rocky + +# Same as above but includes Fedora +__aide_rh_distros_fedora: "{{ __aide_rh_distros + ['Fedora'] }}" + +# Use this in conditionals to check if distro is Red Hat or clone +__aide_is_rh_distro: "{{ ansible_distribution in __aide_rh_distros }}" + +# Use this in conditionals to check if distro is Red Hat or clone, or Fedora +__aide_is_rh_distro_fedora: "{{ ansible_distribution in __aide_rh_distros_fedora }}" +# END - DO NOT EDIT THIS BLOCK - rh distros variables