At the moment we pass boolean value to CREATE_HOME instead of yes/no.
Leveraging ternary allows to always supply expected values despite of
variable type in ansible.
Closes-Bug: #1850200
Change-Id: I957dc9b98f1de23ea66ea0e225989e4f907a02cb
Lineinfile module can manage only single occurance of line in the file,
while pam.d/sshd contains multiple occurances of pam_motd which
results in not disabling it fully.
In order to properly comment out/uncomment all occurances replace module
should be used instead.
Change-Id: I73babb2431d4fda5aa90d9a1e230c1796449c0fc
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I4f820c0073b76009ddc224cf6419d8379e4bc1d7
Right now default cloud images of Ubuntu does contain dynamic MOTD
by default, that takes around extra 0.4 sec for establishing connection.
Disabiling MOTD should improve responsivness of hosts and speedup
ansible execution as well.
With that we're keeping static MOTD that has no impact on connection
speed.
Change-Id: Iaf25f6f444055cefd60dd2e3b4d5579f2a6fcdb1
This implements STIG V-204598 [1] and disables
GSSAPIAuthentication that is enabled by default on EL
systems.
This also should speedup deployments on such systems, as
enabled GSSAPIAuthentication requires some time while
initiating connection.
[1] https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2020-12-08/finding/V-204598
Change-Id: I2d92541ccfc27e91224fd481c3792993428a052e
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I1920cd05ac5b4d32ad12bce42d9161a568f288b6
Since ansible-core 2.14 you can't use warn as module argument.
Instead, noqa should be used to instruct ansible-lint to
supress alerts.
Change-Id: Ie448fa182db8c1c9f64744ea72f27f285aa64366
Since version 2.2 chorny has removed commandkey options and
it's not a valid option for any currently supported distro.
Change-Id: I7c02cf6b7575a9ab753d85cdd6582f209f39be1b
This was deprecated a long time ago in openssh-server 7.4 and has
been generating warnings in the log file ever since.
Change-Id: Ic3f7afadcaa875e6ce871c0ce36b4b11f10a7044
With tox release of 4.0, some parameters were deprecated and are ignored now
which causes tox failures. One of the most spread issues we have is using
`whitelist_externals` isntead of `allowlist_externals`
Change-Id: I7807b7d29f4504404253f5c42b624639c8b19c97
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I664bf44a2202856a12e6484f63a0944535dc071e
Shebang is not required for modern ansible versions. But in some cases
it might lead to incorrect behaviour by using incorrect interpreter.
Change-Id: I11763ed4563506b7d25585f8c633df08a123e731
With sphinx release of 5.0.0, they changed default for language variable
to 'en' from None. With that current None valuable is not valid and should
not be used.
Change-Id: I159a23ae2c147f75c0944a0a5e92f1a19ba20e2b
With current behaviour we duplicate SSH options and don't care if same
thing is defined anywhere down the line.
With that change we change how options are defined - instead of the
template we use a list of mappings. With that
we can select and remove options that playbook supposed to manage.
With that we also keep playbook idempotency. As side effect we still
can have options duplicated but only if they have exact same value.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/840353
Change-Id: I140606f7e724fbe2a4f0b03f6a0501da7bdd5964
Closes-Bug: #1958649
Use a first_found lookup instead of a with_first_found loop so that
the 'paths' parameter can be used.
This ensures that only vars from the role are included, and not vars
from a parent calling role. This can happen when a parent role has
a higher priority vars file available for inclusion than the role
it calls.
Change-Id: I078590020a98f0b5759f3de524753e01bb9c5597
Add file to the reno documentation build to show release notes for
stable/xena.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.
Sem-Ver: feature
Change-Id: I4dffba103892d243d460e120ac5262f6752b2af1
While most our supported distributions does create LocalSocket on their
own, it's not always the case and shouldn't be trusted that much.
Change-Id: I56851f56aa85108a4898ef99c48ac77c898ccb69
Closes-Bug: #1944564
All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Id3136a5eed068e317aa1a7b33a1149629dc76d77
We aim to decrease usage of the tests repo as much as we can, so we
are switching roles to the tests completed by integrated repo.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/792639
Change-Id: Ice89ada6e009d3aaaff5fa261c7b9cf23216f159
For systems with many packages deployed or heavy loaded environments
rpm verification takes the way more time then 5 minutes ending up in
corrupted database of the rpm packages. So we set limit to 1 hour
and extending amount of retries to wait for result to match the async
timeout
Change-Id: I30d29630214914bea99fc7fd66afa3218705d733
Closes-Bug: #1921292
This halves the number of files examined by the find module on an ubuntu
focal system and nearly halves the runtime of the task on a ceph backed
VM.
Change-Id: I862351badc70fa091bebf55dd2910cccfa731ca2
This patch adds variable `security_rhel7_enable_aide`. When it's False,
all AIDE related tasks would be ommited.
Change-Id: I64af348d9f49922ab51d8cd348d987df4263faa1
motd is handled by default with pam_motd.so module. Setting Banner option
for sshd_config makes motd to be shown twice, which is excessive
Change-Id: I4e8bdbe8f482f61235b4b14a619e4ed91b01f2f4
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: Id2c810e9214981f381d5a9d4f1f2e40cb63a02af
The docs job is failing in https://review.opendev.org/671840 and thus
nothing is synced in from openstack-ansible-tests. The failure is due to
the removal of entries from doc/requirements.txt. Add those
to test-requirements.txt instead.
Change-Id: I21bcbde8acc8d4fd83b28026bcec33f388e69912
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I29c8a8f1df649c9e01213ff5937ea72a12b14e5d
Sem-Ver: feature