From cc25f24475ee30fff2e3751f70f1c3ec76b70df8 Mon Sep 17 00:00:00 2001 From: Fabio Alessandro Locati Date: Fri, 2 Dec 2016 15:48:22 +0000 Subject: [PATCH] Native YAML - system (#3625) * Native YAML - system * Remove comment that is not applicable to the code --- lib/ansible/modules/extras/system/debconf.py | 21 ++++- .../modules/extras/system/filesystem.py | 9 +- .../modules/extras/system/firewalld.py | 50 +++++++++-- lib/ansible/modules/extras/system/getent.py | 36 +++++--- .../modules/extras/system/gluster_volume.py | 41 +++++++-- lib/ansible/modules/extras/system/iptables.py | 36 ++++++-- .../modules/extras/system/kernel_blacklist.py | 4 +- .../modules/extras/system/known_hosts.py | 8 +- .../modules/extras/system/locale_gen.py | 4 +- lib/ansible/modules/extras/system/lvg.py | 13 ++- lib/ansible/modules/extras/system/lvol.py | 89 +++++++++++++++---- lib/ansible/modules/extras/system/make.py | 7 +- lib/ansible/modules/extras/system/modprobe.py | 10 ++- .../modules/extras/system/open_iscsi.py | 18 +++- .../modules/extras/system/openwrt_init.py | 15 +++- .../modules/extras/system/osx_defaults.py | 40 +++++++-- .../modules/extras/system/pam_limits.py | 20 ++++- lib/ansible/modules/extras/system/puppet.py | 16 ++-- .../modules/extras/system/sefcontext.py | 7 +- .../extras/system/selinux_permissive.py | 4 +- lib/ansible/modules/extras/system/seport.py | 20 ++++- .../modules/extras/system/solaris_zone.py | 46 +++++++--- lib/ansible/modules/extras/system/svc.py | 25 ++++-- lib/ansible/modules/extras/system/timezone.py | 3 +- lib/ansible/modules/extras/system/ufw.py | 79 ++++++++++++---- lib/ansible/modules/extras/system/zfs.py | 28 ++++-- 26 files changed, 514 insertions(+), 135 deletions(-) diff --git a/lib/ansible/modules/extras/system/debconf.py b/lib/ansible/modules/extras/system/debconf.py index 05e545a7ed..468f0b5725 100644 --- a/lib/ansible/modules/extras/system/debconf.py +++ b/lib/ansible/modules/extras/system/debconf.py @@ -73,16 +73,29 @@ author: "Brian Coca (@bcoca)" EXAMPLES = ''' # Set default locale to fr_FR.UTF-8 -debconf: name=locales question='locales/default_environment_locale' value=fr_FR.UTF-8 vtype='select' +- debconf: + name: locales + question: locales/default_environment_locale + value: fr_FR.UTF-8 + vtype: select # set to generate locales: -debconf: name=locales question='locales/locales_to_be_generated' value='en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8' vtype='multiselect' +- debconf: + name: locales + question: locales/locales_to_be_generated + value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8 + vtype: multiselect # Accept oracle license -debconf: name='oracle-java7-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select' +- debconf: + name: oracle-java7-installer + question: shared/accepted-oracle-license-v1-1 + value: true + vtype: select # Specifying package you can register/return the list of questions and current values -debconf: name='tzdata' +- debconf: + name: tzdata ''' def get_selections(module, pkg): diff --git a/lib/ansible/modules/extras/system/filesystem.py b/lib/ansible/modules/extras/system/filesystem.py index 10fa5afbb1..70c7c320b3 100644 --- a/lib/ansible/modules/extras/system/filesystem.py +++ b/lib/ansible/modules/extras/system/filesystem.py @@ -58,10 +58,15 @@ notes: EXAMPLES = ''' # Create a ext2 filesystem on /dev/sdb1. -- filesystem: fstype=ext2 dev=/dev/sdb1 +- filesystem: + fstype: ext2 + dev: /dev/sdb1 # Create a ext4 filesystem on /dev/sdb1 and check disk blocks. -- filesystem: fstype=ext4 dev=/dev/sdb1 opts="-cc" +- filesystem: + fstype: ext4 + dev: /dev/sdb1 + opts: -cc ''' def _get_dev_size(dev, module): diff --git a/lib/ansible/modules/extras/system/firewalld.py b/lib/ansible/modules/extras/system/firewalld.py index 6efae7e571..2c89a57450 100644 --- a/lib/ansible/modules/extras/system/firewalld.py +++ b/lib/ansible/modules/extras/system/firewalld.py @@ -94,14 +94,48 @@ author: "Adam Miller (@maxamillion)" ''' EXAMPLES = ''' -- firewalld: service=https permanent=true state=enabled -- firewalld: port=8081/tcp permanent=true state=disabled -- firewalld: port=161-162/udp permanent=true state=enabled -- firewalld: zone=dmz service=http permanent=true state=enabled -- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled -- firewalld: source='192.168.1.0/24' zone=internal state=enabled -- firewalld: zone=trusted interface=eth2 permanent=true state=enabled -- firewalld: masquerade=yes state=enabled permanent=true zone=dmz +- firewalld: + service: https + permanent: true + state: enabled + +- firewalld: + port: 8081/tcp + permanent: true + state: disabled + +- firewalld: + port: 161-162/udp + permanent: true + state: enabled + +- firewalld: + zone: dmz + service: http + permanent: true + state: enabled + +- firewalld: + rich_rule: 'rule service name="ftp" audit limit value="1/m" accept' + permanent: true + state: enabled + +- firewalld: + source: 192.0.2.0/24 + zone: internal + state: enabled + +- firewalld: + zone: trusted + interface: eth2 + permanent: true + state: enabled + +- firewalld: + masquerade: yes + state: enabled + permanent: true + zone: dmz ''' from ansible.module_utils.basic import AnsibleModule diff --git a/lib/ansible/modules/extras/system/getent.py b/lib/ansible/modules/extras/system/getent.py index 995ba01514..d3cf9eed4a 100644 --- a/lib/ansible/modules/extras/system/getent.py +++ b/lib/ansible/modules/extras/system/getent.py @@ -59,24 +59,40 @@ author: Brian Coca EXAMPLES = ''' # get root user info -- getent: database=passwd key=root -- debug: var=getent_passwd +- getent: + database: passwd + key: root +- debug: + var: getent_passwd # get all groups -- getent: database=group split=':' -- debug: var=getent_group +- getent: + database: group + split: ':' +- debug: + var: getent_group # get all hosts, split by tab -- getent: database=hosts -- debug: var=getent_hosts +- getent: + database: hosts +- debug: + var: getent_hosts # get http service info, no error if missing -- getent: database=services key=http fail_key=False -- debug: var=getent_services +- getent: + database: services + key: http + fail_key: False +- debug: + var: getent_services # get user password hash (requires sudo/root) -- getent: database=shadow key=www-data split=: -- debug: var=getent_shadow +- getent: + database: shadow + key: www-data + split: ':' +- debug: + var: getent_shadow ''' diff --git a/lib/ansible/modules/extras/system/gluster_volume.py b/lib/ansible/modules/extras/system/gluster_volume.py index 4043f10ae1..f5bca5f9e8 100644 --- a/lib/ansible/modules/extras/system/gluster_volume.py +++ b/lib/ansible/modules/extras/system/gluster_volume.py @@ -121,26 +121,53 @@ author: "Taneli Leppä (@rosmo)" EXAMPLES = """ - name: create gluster volume - gluster_volume: state=present name=test1 bricks=/bricks/brick1/g1 rebalance=yes cluster="192.168.1.10,192.168.1.11" + gluster_volume: + state: present + name: test1 + bricks: /bricks/brick1/g1 + rebalance: yes + cluster: + - 192.0.2.10 + - 192.0.2.11 run_once: true - name: tune - gluster_volume: state=present name=test1 options='{performance.cache-size: 256MB}' + gluster_volume: + state: present + name: test1 + options: + performance.cache-size: 256MB - name: start gluster volume - gluster_volume: state=started name=test1 + gluster_volume: + state: started + name: test1 - name: limit usage - gluster_volume: state=present name=test1 directory=/foo quota=20.0MB + gluster_volume: + state: present + name: test1 + directory: /foo + quota: 20.0MB - name: stop gluster volume - gluster_volume: state=stopped name=test1 + gluster_volume: + state: stopped + name: test1 - name: remove gluster volume - gluster_volume: state=absent name=test1 + gluster_volume: + state: absent + name: test1 - name: create gluster volume with multiple bricks - gluster_volume: state=present name=test2 bricks="/bricks/brick1/g2,/bricks/brick2/g2" cluster="192.168.1.10,192.168.1.11" + gluster_volume: + state: present + name: test2 + bricks: /bricks/brick1/g2,/bricks/brick2/g2 + cluster: + - 192.0.2.10 + - 192.0.2.11 run_once: true """ diff --git a/lib/ansible/modules/extras/system/iptables.py b/lib/ansible/modules/extras/system/iptables.py index 5d05518236..8a08e38d78 100644 --- a/lib/ansible/modules/extras/system/iptables.py +++ b/lib/ansible/modules/extras/system/iptables.py @@ -295,25 +295,49 @@ options: EXAMPLES = ''' # Block specific IP -- iptables: chain=INPUT source=8.8.8.8 jump=DROP +- iptables: + chain: INPUT + source: 8.8.8.8 + jump: DROP become: yes # Forward port 80 to 8600 -- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600" +- iptables: + table: nat + chain: PREROUTING + in_interface: eth0 + protocol: tcp + match: tcp + destination_port: 80 + jump: REDIRECT + to_ports: 8600 + comment: Redirect web traffic to port 8600 become: yes # Allow related and established connections -- iptables: chain=INPUT ctstate=ESTABLISHED,RELATED jump=ACCEPT +- iptables: + chain: INPUT + ctstate: ESTABLISHED,RELATED + jump: ACCEPT become: yes # Tag all outbound tcp packets with DSCP mark 8 -- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark=8 protocol=tcp +- iptables: + chain: OUTPUT + jump: DSCP + table: mangle + set_dscp_mark: 8 + protocol: tcp # Tag all outbound tcp packets with DSCP DiffServ class CS1 -- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark_class=CS1 protocol=tcp +- iptables: + chain: OUTPUT + jump: DSCP + table: mangle + set_dscp_mark_class: CS1 + protocol: tcp ''' - def append_param(rule, param, flag, is_list): if is_list: for item in param: diff --git a/lib/ansible/modules/extras/system/kernel_blacklist.py b/lib/ansible/modules/extras/system/kernel_blacklist.py index 296a082a2e..2100b158fd 100644 --- a/lib/ansible/modules/extras/system/kernel_blacklist.py +++ b/lib/ansible/modules/extras/system/kernel_blacklist.py @@ -52,7 +52,9 @@ requirements: [] EXAMPLES = ''' # Blacklist the nouveau driver module -- kernel_blacklist: name=nouveau state=present +- kernel_blacklist: + name: nouveau + state: present ''' diff --git a/lib/ansible/modules/extras/system/known_hosts.py b/lib/ansible/modules/extras/system/known_hosts.py index 810759989f..40c13002dd 100644 --- a/lib/ansible/modules/extras/system/known_hosts.py +++ b/lib/ansible/modules/extras/system/known_hosts.py @@ -62,11 +62,11 @@ author: "Matthew Vernon (@mcv21)" ''' EXAMPLES = ''' -# Example using with_file to set the system known_hosts file - name: tell the host about our servers it might want to ssh to - known_hosts: path='/etc/ssh/ssh_known_hosts' - name='foo.com.invalid' - key="{{ lookup('file', 'pubkeys/foo.com.invalid') }}" + known_hosts: + path: /etc/ssh/ssh_known_hosts + name: foo.com.invalid + key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}" ''' # Makes sure public host keys are present or absent in the given known_hosts diff --git a/lib/ansible/modules/extras/system/locale_gen.py b/lib/ansible/modules/extras/system/locale_gen.py index 62626e8587..db3e41a8cb 100644 --- a/lib/ansible/modules/extras/system/locale_gen.py +++ b/lib/ansible/modules/extras/system/locale_gen.py @@ -40,7 +40,9 @@ options: EXAMPLES = ''' # Ensure a locale exists. -- locale_gen: name=de_CH.UTF-8 state=present +- locale_gen: + name: de_CH.UTF-8 + state: present ''' import os diff --git a/lib/ansible/modules/extras/system/lvg.py b/lib/ansible/modules/extras/system/lvg.py index 2d2710e38b..d0b0409a63 100644 --- a/lib/ansible/modules/extras/system/lvg.py +++ b/lib/ansible/modules/extras/system/lvg.py @@ -66,17 +66,24 @@ notes: EXAMPLES = ''' # Create a volume group on top of /dev/sda1 with physical extent size = 32MB. -- lvg: vg=vg.services pvs=/dev/sda1 pesize=32 +- lvg: + vg: vg.services + pvs: /dev/sda1 + pesize: 32 # Create or resize a volume group on top of /dev/sdb1 and /dev/sdc5. # If, for example, we already have VG vg.services on top of /dev/sdb1, # this VG will be extended by /dev/sdc5. Or if vg.services was created on # top of /dev/sda5, we first extend it with /dev/sdb1 and /dev/sdc5, # and then reduce by /dev/sda5. -- lvg: vg=vg.services pvs=/dev/sdb1,/dev/sdc5 +- lvg: + vg: vg.services + pvs: /dev/sdb1,/dev/sdc5 # Remove a volume group with name vg.services. -- lvg: vg=vg.services state=absent +- lvg: + vg: vg.services + state: absent ''' def parse_vgs(data): diff --git a/lib/ansible/modules/extras/system/lvol.py b/lib/ansible/modules/extras/system/lvol.py index 978ce7d1c5..c3213bdd24 100644 --- a/lib/ansible/modules/extras/system/lvol.py +++ b/lib/ansible/modules/extras/system/lvol.py @@ -92,52 +92,109 @@ notes: EXAMPLES = ''' # Create a logical volume of 512m. -- lvol: vg=firefly lv=test size=512 +- lvol: + vg: firefly + lv: test + size: 512 # Create a logical volume of 512m with disks /dev/sda and /dev/sdb -- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb +- lvol: + vg: firefly + lv: test + size: 512 + pvs: /dev/sda,/dev/sdb # Create cache pool logical volume -- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool' +- lvol: + vg: firefly + lv: lvcache + size: 512m + opts: --type cache-pool # Create a logical volume of 512g. -- lvol: vg=firefly lv=test size=512g +- lvol: + vg: firefly + lv: test + size: 512g # Create a logical volume the size of all remaining space in the volume group -- lvol: vg=firefly lv=test size=100%FREE +- lvol: + vg: firefly + lv: test + size: 100%FREE # Create a logical volume with special options -- lvol: vg=firefly lv=test size=512g opts="-r 16" +- lvol: + vg: firefly + lv: test + size: 512g + opts: -r 16 # Extend the logical volume to 1024m. -- lvol: vg=firefly lv=test size=1024 +- lvol: + vg: firefly + lv: test + size: 1024 # Extend the logical volume to consume all remaining space in the volume group -- lvol: vg=firefly lv=test size=+100%FREE +- lvol: + vg: firefly + lv: test + size: +100%FREE # Extend the logical volume to take all remaining space of the PVs -- lvol: vg=firefly lv=test size=100%PVS +- lvol: + vg: firefly + lv: test + size: 100%PVS # Resize the logical volume to % of VG -- lvol: vg-firefly lv=test size=80%VG force=yes +- lvol: + vg: firefly + lv: test + size: 80%VG + force: yes # Reduce the logical volume to 512m -- lvol: vg=firefly lv=test size=512 force=yes +- lvol: + vg: firefly + lv: test + size: 512 + force: yes # Set the logical volume to 512m and do not try to shrink if size is lower than current one -- lvol: vg=firefly lv=test size=512 shrink=no +- lvol: + vg: firefly + lv: test + size: 512 + shrink: no # Remove the logical volume. -- lvol: vg=firefly lv=test state=absent force=yes +- lvol: + vg: firefly + lv: test + state: absent + force: yes # Create a snapshot volume of the test logical volume. -- lvol: vg=firefly lv=test snapshot=snap1 size=100m +- lvol: + vg: firefly + lv: test + snapshot: snap1 + size: 100m # Deactivate a logical volume -- lvol: vg=firefly lv=test active=false +- lvol: + vg: firefly + lv: test + active: false # Create a deactivated logical volume -- lvol: vg=firefly lv=test size=512g active=false +- lvol: + vg: firefly + lv: test + size: 512g + active: false ''' import re diff --git a/lib/ansible/modules/extras/system/make.py b/lib/ansible/modules/extras/system/make.py index 497b21328b..5207470bb0 100644 --- a/lib/ansible/modules/extras/system/make.py +++ b/lib/ansible/modules/extras/system/make.py @@ -46,10 +46,13 @@ options: EXAMPLES = ''' # Build the default target -- make: chdir=/home/ubuntu/cool-project +- make: + chdir: /home/ubuntu/cool-project # Run `install` target as root -- make: chdir=/home/ubuntu/cool-project target=install +- make: + chdir: /home/ubuntu/cool-project + target: install become: yes # Pass in extra arguments to build diff --git a/lib/ansible/modules/extras/system/modprobe.py b/lib/ansible/modules/extras/system/modprobe.py index 1bb1d3f70b..1acd2ef3ed 100644 --- a/lib/ansible/modules/extras/system/modprobe.py +++ b/lib/ansible/modules/extras/system/modprobe.py @@ -52,9 +52,15 @@ options: EXAMPLES = ''' # Add the 802.1q module -- modprobe: name=8021q state=present +- modprobe: + name: 8021q + state: present + # Add the dummy module -- modprobe: name=dummy state=present params="numdummies=2" +- modprobe: + name: dummy + state: present + params: 'numdummies=2' ''' from ansible.module_utils.basic import * diff --git a/lib/ansible/modules/extras/system/open_iscsi.py b/lib/ansible/modules/extras/system/open_iscsi.py index 74349ce868..77586289e7 100644 --- a/lib/ansible/modules/extras/system/open_iscsi.py +++ b/lib/ansible/modules/extras/system/open_iscsi.py @@ -88,18 +88,28 @@ options: EXAMPLES = ''' # perform a discovery on 10.1.2.3 and show available target nodes -- open_iscsi: show_nodes=yes discover=yes portal=10.1.2.3 +- open_iscsi: + show_nodes: yes + discover: yes + portal: 10.1.2.3 # discover targets on portal and login to the one available # (only works if exactly one target is exported to the initiator) -- open_iscsi: portal={{iscsi_target}} login=yes discover=yes +- open_iscsi: + portal: '{{ iscsi_target }}' + login: yes + discover: yes # description: connect to the named target, after updating the local # persistent database (cache) -- open_iscsi: login=yes target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d +- open_iscsi: + login: yes + target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' # description: discconnect from the cached named target -- open_iscsi: login=no target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d" +- open_iscsi: + login: no + target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' ''' import glob diff --git a/lib/ansible/modules/extras/system/openwrt_init.py b/lib/ansible/modules/extras/system/openwrt_init.py index c54cd3295b..297826076c 100644 --- a/lib/ansible/modules/extras/system/openwrt_init.py +++ b/lib/ansible/modules/extras/system/openwrt_init.py @@ -59,11 +59,20 @@ requirements: EXAMPLES = ''' # Example action to start service httpd, if not running -- openwrt_init: state=started name=httpd +- openwrt_init: + state: started + name: httpd + # Example action to stop service cron, if running -- openwrt_init: name=cron state=stopped +- openwrt_init: + name: cron + state: stopped + # Example action to reload service httpd, in all cases -- openwrt_init: name=httpd state=reloaded +- openwrt_init: + name: httpd + state: reloaded + # Example action to enable service httpd - openwrt_init: name: httpd diff --git a/lib/ansible/modules/extras/system/osx_defaults.py b/lib/ansible/modules/extras/system/osx_defaults.py index 0b1b57949f..71e4ee6289 100644 --- a/lib/ansible/modules/extras/system/osx_defaults.py +++ b/lib/ansible/modules/extras/system/osx_defaults.py @@ -72,15 +72,43 @@ notes: ''' EXAMPLES = ''' -- osx_defaults: domain=com.apple.Safari key=IncludeInternalDebugMenu type=bool value=true state=present -- osx_defaults: domain=NSGlobalDomain key=AppleMeasurementUnits type=string value=Centimeters state=present -- osx_defaults: domain=com.apple.screensaver host=currentHost key=showClock type=int value=1 -- osx_defaults: key=AppleMeasurementUnits type=string value=Centimeters +- osx_defaults: + domain: com.apple.Safari + key: IncludeInternalDebugMenu + type: bool + value: true + state: present + +- osx_defaults: + domain: NSGlobalDomain + key: AppleMeasurementUnits + type: string + value: Centimeters + state: present + +- osx_defaults: + domain: com.apple.screensaver + host: currentHost + key: showClock + type: int + value: 1 + +- osx_defaults: + key: AppleMeasurementUnits + type: string + value: Centimeters + - osx_defaults: key: AppleLanguages type: array - value: ["en", "nl"] -- osx_defaults: domain=com.geekchimp.macable key=ExampleKeyToRemove state=absent + value: + - en + - nl + +- osx_defaults: + domain: com.geekchimp.macable + key: ExampleKeyToRemove + state: absent ''' import datetime diff --git a/lib/ansible/modules/extras/system/pam_limits.py b/lib/ansible/modules/extras/system/pam_limits.py index 544455c7d2..55ae4d52a7 100644 --- a/lib/ansible/modules/extras/system/pam_limits.py +++ b/lib/ansible/modules/extras/system/pam_limits.py @@ -89,13 +89,27 @@ options: EXAMPLES = ''' # Add or modify nofile soft limit for the user joe -- pam_limits: domain=joe limit_type=soft limit_item=nofile value=64000 +- pam_limits: + domain: joe + limit_type: soft + limit_item: nofile + value: 64000 # Add or modify fsize hard limit for the user smith. Keep or set the maximal value. -- pam_limits: domain=smith limit_type=hard limit_item=fsize value=1000000 use_max=yes +- pam_limits: + domain: smith + limit_type: hard + limit_item: fsize + value: 1000000 + use_max: yes # Add or modify memlock, both soft and hard, limit for the user james with a comment. -- pam_limits: domain=james limit_type=- limit_item=memlock value=unlimited comment="unlimited memory lock for james" +- pam_limits: + domain: james + limit_type: - + limit_item: memlock + value: unlimited + comment: unlimited memory lock for james ''' def main(): diff --git a/lib/ansible/modules/extras/system/puppet.py b/lib/ansible/modules/extras/system/puppet.py index 97c1a3eb38..411552d86b 100644 --- a/lib/ansible/modules/extras/system/puppet.py +++ b/lib/ansible/modules/extras/system/puppet.py @@ -102,19 +102,25 @@ EXAMPLES = ''' - puppet # Run puppet and timeout in 5 minutes -- puppet: timeout=5m +- puppet: + timeout: 5m # Run puppet using a different environment -- puppet: environment=testing +- puppet: + environment: testing # Run puppet using a specific certname -- puppet: certname=agent01.example.com +- puppet: + certname: agent01.example.com + # Run puppet using a specific piece of Puppet code. Has no effect with a # puppetmaster. -- puppet: execute='include ::mymodule' +- puppet: + execute: 'include ::mymodule' # Run puppet using a specific tags -- puppet: tags=update,nginx +- puppet: + tags: update,nginx ''' diff --git a/lib/ansible/modules/extras/system/sefcontext.py b/lib/ansible/modules/extras/system/sefcontext.py index 96f576c064..120481cad3 100644 --- a/lib/ansible/modules/extras/system/sefcontext.py +++ b/lib/ansible/modules/extras/system/sefcontext.py @@ -72,7 +72,10 @@ author: Dag Wieers EXAMPLES = ''' # Allow apache to modify files in /srv/git_repos -- sefcontext: target='/srv/git_repos(/.*)?' setype=httpd_git_rw_content_t state=present +- sefcontext: + target: '/srv/git_repos(/.*)?' + setype: httpd_git_rw_content_t + state: present ''' RETURN = ''' @@ -255,4 +258,4 @@ def main(): if __name__ == '__main__': - main() \ No newline at end of file + main() diff --git a/lib/ansible/modules/extras/system/selinux_permissive.py b/lib/ansible/modules/extras/system/selinux_permissive.py index df01b4333f..e97e168290 100644 --- a/lib/ansible/modules/extras/system/selinux_permissive.py +++ b/lib/ansible/modules/extras/system/selinux_permissive.py @@ -56,7 +56,9 @@ author: Michael Scherer ''' EXAMPLES = ''' -- selinux_permissive: name=httpd_t permissive=true +- selinux_permissive: + name: httpd_t + permissive: true ''' HAVE_SEOBJECT = False diff --git a/lib/ansible/modules/extras/system/seport.py b/lib/ansible/modules/extras/system/seport.py index 355b79c30f..09ff7dcc0e 100644 --- a/lib/ansible/modules/extras/system/seport.py +++ b/lib/ansible/modules/extras/system/seport.py @@ -61,11 +61,25 @@ author: Dan Keder EXAMPLES = ''' # Allow Apache to listen on tcp port 8888 -- seport: ports=8888 proto=tcp setype=http_port_t state=present +- seport: + ports: 8888 + proto: tcp + setype: http_port_t + state: present + # Allow sshd to listen on tcp port 8991 -- seport: ports=8991 proto=tcp setype=ssh_port_t state=present +- seport: + ports: 8991 + proto: tcp + setype: ssh_port_t + state: present + # Allow memcached to listen on tcp ports 10000-10100 and 10112 -- seport: ports=10000-10100,10112 proto=tcp setype=memcache_port_t state=present +- seport: + ports: 10000-10100,10112 + proto: tcp + setype: memcache_port_t + state: present ''' try: diff --git a/lib/ansible/modules/extras/system/solaris_zone.py b/lib/ansible/modules/extras/system/solaris_zone.py index d54d3460f0..62d1bf4338 100644 --- a/lib/ansible/modules/extras/system/solaris_zone.py +++ b/lib/ansible/modules/extras/system/solaris_zone.py @@ -107,31 +107,55 @@ options: EXAMPLES = ''' # Create and install a zone, but don't boot it -solaris_zone: name=zone1 state=present path=/zones/zone1 sparse=true root_password="Be9oX7OSwWoU." - config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' +- solaris_zone: + name: zone1 + state: present + path: /zones/zone1 + sparse: true + root_password: Be9oX7OSwWoU. + config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' # Create and install a zone and boot it -solaris_zone: name=zone1 state=running path=/zones/zone1 root_password="Be9oX7OSwWoU." - config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' +- solaris_zone: + name: zone1 + state: running + path: /zones/zone1 + root_password: Be9oX7OSwWoU. + config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' # Boot an already installed zone -solaris_zone: name=zone1 state=running +- solaris_zone: + name: zone1 + state: running # Stop a zone -solaris_zone: name=zone1 state=stopped +- solaris_zone: + name: zone1 + state: stopped # Destroy a zone -solaris_zone: name=zone1 state=absent +- solaris_zone: + name: zone1 + state: absent # Detach a zone -solaris_zone: name=zone1 state=detached +- solaris_zone: + name: zone1 + state: detached # Configure a zone, ready to be attached -solaris_zone: name=zone1 state=configured path=/zones/zone1 root_password="Be9oX7OSwWoU." - config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' +- solaris_zone: + name: zone1 + state: configured + path: /zones/zone1 + root_password: Be9oX7OSwWoU. + config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' # Attach a zone -solaris_zone: name=zone1 state=attached attach_options='-u' +- solaris_zone: + name: zone1 + state: attached + attach_options=: -u ''' class Zone(object): diff --git a/lib/ansible/modules/extras/system/svc.py b/lib/ansible/modules/extras/system/svc.py index e82b0591d5..376062b4be 100755 --- a/lib/ansible/modules/extras/system/svc.py +++ b/lib/ansible/modules/extras/system/svc.py @@ -67,22 +67,35 @@ options: EXAMPLES = ''' # Example action to start svc dnscache, if not running - - svc: name=dnscache state=started + - svc: + name: dnscache + state: started # Example action to stop svc dnscache, if running - - svc: name=dnscache state=stopped + - svc: + name: dnscache + state: stopped # Example action to kill svc dnscache, in all cases - - svc : name=dnscache state=killed + - svc: + name: dnscache + state: killed # Example action to restart svc dnscache, in all cases - - svc : name=dnscache state=restarted + - svc: + name: dnscache + state: restarted # Example action to reload svc dnscache, in all cases - - svc: name=dnscache state=reloaded + - svc: + name: dnscache + state: reloaded # Example using alt svc directory location - - svc: name=dnscache state=reloaded service_dir=/var/service + - svc: + name: dnscache + state: reloaded + service_dir: /var/service ''' import platform diff --git a/lib/ansible/modules/extras/system/timezone.py b/lib/ansible/modules/extras/system/timezone.py index 3c920c4bff..c750611c9b 100644 --- a/lib/ansible/modules/extras/system/timezone.py +++ b/lib/ansible/modules/extras/system/timezone.py @@ -71,7 +71,8 @@ diff: EXAMPLES = ''' - name: set timezone to Asia/Tokyo - timezone: name=Asia/Tokyo + timezone: + name: Asia/Tokyo ''' diff --git a/lib/ansible/modules/extras/system/ufw.py b/lib/ansible/modules/extras/system/ufw.py index c692211d12..67eaba131c 100644 --- a/lib/ansible/modules/extras/system/ufw.py +++ b/lib/ansible/modules/extras/system/ufw.py @@ -125,60 +125,103 @@ options: EXAMPLES = ''' # Allow everything and enable UFW -ufw: state=enabled policy=allow +- ufw: + state: enabled + policy: allow # Set logging -ufw: logging=on +- ufw: + logging: on # Sometimes it is desirable to let the sender know when traffic is # being denied, rather than simply ignoring it. In these cases, use # reject instead of deny. In addition, log rejected connections: -ufw: rule=reject port=auth log=yes +- ufw: + rule: reject + port: auth + log: yes # ufw supports connection rate limiting, which is useful for protecting # against brute-force login attacks. ufw will deny connections if an IP # address has attempted to initiate 6 or more connections in the last # 30 seconds. See http://www.debian-administration.org/articles/187 # for details. Typical usage is: -ufw: rule=limit port=ssh proto=tcp +- ufw: + rule: limit + port: ssh + proto: tcp # Allow OpenSSH. (Note that as ufw manages its own state, simply removing # a rule=allow task can leave those ports exposed. Either use delete=yes # or a separate state=reset task) -ufw: rule=allow name=OpenSSH +- ufw: + rule: allow + name: OpenSSH # Delete OpenSSH rule -ufw: rule=allow name=OpenSSH delete=yes +- ufw: + rule: allow + name: OpenSSH + delete: yes # Deny all access to port 53: -ufw: rule=deny port=53 +- ufw: + rule: deny + port: 53 # Allow port range 60000-61000 -ufw: rule=allow port=60000:61000 +- ufw: + rule: allow + port: '60000:61000' # Allow all access to tcp port 80: -ufw: rule=allow port=80 proto=tcp +- ufw: + rule: allow + port: 80 + proto: tcp # Allow all access from RFC1918 networks to this host: -ufw: rule=allow src={{ item }} -with_items: -- 10.0.0.0/8 -- 172.16.0.0/12 -- 192.168.0.0/16 +- ufw: + rule: allow + src: '{{ item }}' + with_items: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 # Deny access to udp port 514 from host 1.2.3.4: -ufw: rule=deny proto=udp src=1.2.3.4 port=514 +- ufw: + rule: deny + proto: udp + src: 1.2.3.4 + port: 514 # Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 -ufw: rule=allow interface=eth0 direction=in proto=udp src=1.2.3.5 from_port=5469 dest=1.2.3.4 to_port=5469 +- ufw: + rule: allow + interface: eth0 + direction: in + proto: udp + src: 1.2.3.5 + from_port: 5469 + dest: 1.2.3.4 + to_port: 5469 # Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host. # Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work. -ufw: rule=deny proto=tcp src=2001:db8::/32 port=25 +- ufw: + rule: deny + proto: tcp + src: '2001:db8::/32' + port: 25 # Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24. # Can be used to further restrict a global FORWARD policy set to allow -ufw: rule=deny route=yes src=1.2.3.0/24 dest=4.5.6.0/24 +- ufw: + rule: deny + route: yes + src: 1.2.3.0/24 + dest: 4.5.6.0/24 ''' from operator import itemgetter diff --git a/lib/ansible/modules/extras/system/zfs.py b/lib/ansible/modules/extras/system/zfs.py index 1a1bad4a0f..47ce13edce 100644 --- a/lib/ansible/modules/extras/system/zfs.py +++ b/lib/ansible/modules/extras/system/zfs.py @@ -54,22 +54,38 @@ author: "Johan Wiren (@johanwiren)" EXAMPLES = ''' # Create a new file system called myfs in pool rpool with the setuid property turned off -- zfs: name=rpool/myfs state=present setuid=off +- zfs: + name: rpool/myfs + state: present + setuid: off # Create a new volume called myvol in pool rpool. -- zfs: name=rpool/myvol state=present volsize=10M +- zfs: + name: rpool/myvol + state: present + volsize: 10M # Create a snapshot of rpool/myfs file system. -- zfs: name=rpool/myfs@mysnapshot state=present +- zfs: + name: rpool/myfs@mysnapshot + state: present # Create a new file system called myfs2 with snapdir enabled -- zfs: name=rpool/myfs2 state=present snapdir=enabled +- zfs: + name: rpool/myfs2 + state: present + snapdir: enabled # Create a new file system by cloning a snapshot -- zfs: name=rpool/cloned_fs state=present origin=rpool/myfs@mysnapshot +- zfs: + name: rpool/cloned_fs + state: present + origin: rpool/myfs@mysnapshot # Destroy a filesystem -- zfs: name=rpool/myfs state=absent +- zfs: + name: rpool/myfs + state: absent '''