1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Native YAML - system (#3625)

* Native YAML - system

* Remove comment that is not applicable to the code
This commit is contained in:
Fabio Alessandro Locati 2016-12-02 15:48:22 +00:00 committed by Matt Clay
parent 737c6afb54
commit cc25f24475
26 changed files with 514 additions and 135 deletions

View file

@ -73,16 +73,29 @@ author: "Brian Coca (@bcoca)"
EXAMPLES = ''' EXAMPLES = '''
# Set default locale to fr_FR.UTF-8 # Set default locale to fr_FR.UTF-8
debconf: name=locales question='locales/default_environment_locale' value=fr_FR.UTF-8 vtype='select' - debconf:
name: locales
question: locales/default_environment_locale
value: fr_FR.UTF-8
vtype: select
# set to generate locales: # set to generate locales:
debconf: name=locales question='locales/locales_to_be_generated' value='en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8' vtype='multiselect' - debconf:
name: locales
question: locales/locales_to_be_generated
value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8
vtype: multiselect
# Accept oracle license # Accept oracle license
debconf: name='oracle-java7-installer' question='shared/accepted-oracle-license-v1-1' value='true' vtype='select' - debconf:
name: oracle-java7-installer
question: shared/accepted-oracle-license-v1-1
value: true
vtype: select
# Specifying package you can register/return the list of questions and current values # Specifying package you can register/return the list of questions and current values
debconf: name='tzdata' - debconf:
name: tzdata
''' '''
def get_selections(module, pkg): def get_selections(module, pkg):

View file

@ -58,10 +58,15 @@ notes:
EXAMPLES = ''' EXAMPLES = '''
# Create a ext2 filesystem on /dev/sdb1. # Create a ext2 filesystem on /dev/sdb1.
- filesystem: fstype=ext2 dev=/dev/sdb1 - filesystem:
fstype: ext2
dev: /dev/sdb1
# Create a ext4 filesystem on /dev/sdb1 and check disk blocks. # Create a ext4 filesystem on /dev/sdb1 and check disk blocks.
- filesystem: fstype=ext4 dev=/dev/sdb1 opts="-cc" - filesystem:
fstype: ext4
dev: /dev/sdb1
opts: -cc
''' '''
def _get_dev_size(dev, module): def _get_dev_size(dev, module):

View file

@ -94,14 +94,48 @@ author: "Adam Miller (@maxamillion)"
''' '''
EXAMPLES = ''' EXAMPLES = '''
- firewalld: service=https permanent=true state=enabled - firewalld:
- firewalld: port=8081/tcp permanent=true state=disabled service: https
- firewalld: port=161-162/udp permanent=true state=enabled permanent: true
- firewalld: zone=dmz service=http permanent=true state=enabled state: enabled
- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
- firewalld: source='192.168.1.0/24' zone=internal state=enabled - firewalld:
- firewalld: zone=trusted interface=eth2 permanent=true state=enabled port: 8081/tcp
- firewalld: masquerade=yes state=enabled permanent=true zone=dmz permanent: true
state: disabled
- firewalld:
port: 161-162/udp
permanent: true
state: enabled
- firewalld:
zone: dmz
service: http
permanent: true
state: enabled
- firewalld:
rich_rule: 'rule service name="ftp" audit limit value="1/m" accept'
permanent: true
state: enabled
- firewalld:
source: 192.0.2.0/24
zone: internal
state: enabled
- firewalld:
zone: trusted
interface: eth2
permanent: true
state: enabled
- firewalld:
masquerade: yes
state: enabled
permanent: true
zone: dmz
''' '''
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule

View file

@ -59,24 +59,40 @@ author: Brian Coca
EXAMPLES = ''' EXAMPLES = '''
# get root user info # get root user info
- getent: database=passwd key=root - getent:
- debug: var=getent_passwd database: passwd
key: root
- debug:
var: getent_passwd
# get all groups # get all groups
- getent: database=group split=':' - getent:
- debug: var=getent_group database: group
split: ':'
- debug:
var: getent_group
# get all hosts, split by tab # get all hosts, split by tab
- getent: database=hosts - getent:
- debug: var=getent_hosts database: hosts
- debug:
var: getent_hosts
# get http service info, no error if missing # get http service info, no error if missing
- getent: database=services key=http fail_key=False - getent:
- debug: var=getent_services database: services
key: http
fail_key: False
- debug:
var: getent_services
# get user password hash (requires sudo/root) # get user password hash (requires sudo/root)
- getent: database=shadow key=www-data split=: - getent:
- debug: var=getent_shadow database: shadow
key: www-data
split: ':'
- debug:
var: getent_shadow
''' '''

View file

@ -121,26 +121,53 @@ author: "Taneli Leppä (@rosmo)"
EXAMPLES = """ EXAMPLES = """
- name: create gluster volume - name: create gluster volume
gluster_volume: state=present name=test1 bricks=/bricks/brick1/g1 rebalance=yes cluster="192.168.1.10,192.168.1.11" gluster_volume:
state: present
name: test1
bricks: /bricks/brick1/g1
rebalance: yes
cluster:
- 192.0.2.10
- 192.0.2.11
run_once: true run_once: true
- name: tune - name: tune
gluster_volume: state=present name=test1 options='{performance.cache-size: 256MB}' gluster_volume:
state: present
name: test1
options:
performance.cache-size: 256MB
- name: start gluster volume - name: start gluster volume
gluster_volume: state=started name=test1 gluster_volume:
state: started
name: test1
- name: limit usage - name: limit usage
gluster_volume: state=present name=test1 directory=/foo quota=20.0MB gluster_volume:
state: present
name: test1
directory: /foo
quota: 20.0MB
- name: stop gluster volume - name: stop gluster volume
gluster_volume: state=stopped name=test1 gluster_volume:
state: stopped
name: test1
- name: remove gluster volume - name: remove gluster volume
gluster_volume: state=absent name=test1 gluster_volume:
state: absent
name: test1
- name: create gluster volume with multiple bricks - name: create gluster volume with multiple bricks
gluster_volume: state=present name=test2 bricks="/bricks/brick1/g2,/bricks/brick2/g2" cluster="192.168.1.10,192.168.1.11" gluster_volume:
state: present
name: test2
bricks: /bricks/brick1/g2,/bricks/brick2/g2
cluster:
- 192.0.2.10
- 192.0.2.11
run_once: true run_once: true
""" """

View file

@ -295,25 +295,49 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Block specific IP # Block specific IP
- iptables: chain=INPUT source=8.8.8.8 jump=DROP - iptables:
chain: INPUT
source: 8.8.8.8
jump: DROP
become: yes become: yes
# Forward port 80 to 8600 # Forward port 80 to 8600
- iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600" - iptables:
table: nat
chain: PREROUTING
in_interface: eth0
protocol: tcp
match: tcp
destination_port: 80
jump: REDIRECT
to_ports: 8600
comment: Redirect web traffic to port 8600
become: yes become: yes
# Allow related and established connections # Allow related and established connections
- iptables: chain=INPUT ctstate=ESTABLISHED,RELATED jump=ACCEPT - iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
become: yes become: yes
# Tag all outbound tcp packets with DSCP mark 8 # Tag all outbound tcp packets with DSCP mark 8
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark=8 protocol=tcp - iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark: 8
protocol: tcp
# Tag all outbound tcp packets with DSCP DiffServ class CS1 # Tag all outbound tcp packets with DSCP DiffServ class CS1
- iptables: chain=OUTPUT jump=DSCP table=mangle set_dscp_mark_class=CS1 protocol=tcp - iptables:
chain: OUTPUT
jump: DSCP
table: mangle
set_dscp_mark_class: CS1
protocol: tcp
''' '''
def append_param(rule, param, flag, is_list): def append_param(rule, param, flag, is_list):
if is_list: if is_list:
for item in param: for item in param:

View file

@ -52,7 +52,9 @@ requirements: []
EXAMPLES = ''' EXAMPLES = '''
# Blacklist the nouveau driver module # Blacklist the nouveau driver module
- kernel_blacklist: name=nouveau state=present - kernel_blacklist:
name: nouveau
state: present
''' '''

View file

@ -62,11 +62,11 @@ author: "Matthew Vernon (@mcv21)"
''' '''
EXAMPLES = ''' EXAMPLES = '''
# Example using with_file to set the system known_hosts file
- name: tell the host about our servers it might want to ssh to - name: tell the host about our servers it might want to ssh to
known_hosts: path='/etc/ssh/ssh_known_hosts' known_hosts:
name='foo.com.invalid' path: /etc/ssh/ssh_known_hosts
key="{{ lookup('file', 'pubkeys/foo.com.invalid') }}" name: foo.com.invalid
key: "{{ lookup('file', 'pubkeys/foo.com.invalid') }}"
''' '''
# Makes sure public host keys are present or absent in the given known_hosts # Makes sure public host keys are present or absent in the given known_hosts

View file

@ -40,7 +40,9 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Ensure a locale exists. # Ensure a locale exists.
- locale_gen: name=de_CH.UTF-8 state=present - locale_gen:
name: de_CH.UTF-8
state: present
''' '''
import os import os

View file

@ -66,17 +66,24 @@ notes:
EXAMPLES = ''' EXAMPLES = '''
# Create a volume group on top of /dev/sda1 with physical extent size = 32MB. # Create a volume group on top of /dev/sda1 with physical extent size = 32MB.
- lvg: vg=vg.services pvs=/dev/sda1 pesize=32 - lvg:
vg: vg.services
pvs: /dev/sda1
pesize: 32
# Create or resize a volume group on top of /dev/sdb1 and /dev/sdc5. # Create or resize a volume group on top of /dev/sdb1 and /dev/sdc5.
# If, for example, we already have VG vg.services on top of /dev/sdb1, # If, for example, we already have VG vg.services on top of /dev/sdb1,
# this VG will be extended by /dev/sdc5. Or if vg.services was created on # this VG will be extended by /dev/sdc5. Or if vg.services was created on
# top of /dev/sda5, we first extend it with /dev/sdb1 and /dev/sdc5, # top of /dev/sda5, we first extend it with /dev/sdb1 and /dev/sdc5,
# and then reduce by /dev/sda5. # and then reduce by /dev/sda5.
- lvg: vg=vg.services pvs=/dev/sdb1,/dev/sdc5 - lvg:
vg: vg.services
pvs: /dev/sdb1,/dev/sdc5
# Remove a volume group with name vg.services. # Remove a volume group with name vg.services.
- lvg: vg=vg.services state=absent - lvg:
vg: vg.services
state: absent
''' '''
def parse_vgs(data): def parse_vgs(data):

View file

@ -92,52 +92,109 @@ notes:
EXAMPLES = ''' EXAMPLES = '''
# Create a logical volume of 512m. # Create a logical volume of 512m.
- lvol: vg=firefly lv=test size=512 - lvol:
vg: firefly
lv: test
size: 512
# Create a logical volume of 512m with disks /dev/sda and /dev/sdb # Create a logical volume of 512m with disks /dev/sda and /dev/sdb
- lvol: vg=firefly lv=test size=512 pvs=/dev/sda,/dev/sdb - lvol:
vg: firefly
lv: test
size: 512
pvs: /dev/sda,/dev/sdb
# Create cache pool logical volume # Create cache pool logical volume
- lvol: vg=firefly lv=lvcache size=512m opts='--type cache-pool' - lvol:
vg: firefly
lv: lvcache
size: 512m
opts: --type cache-pool
# Create a logical volume of 512g. # Create a logical volume of 512g.
- lvol: vg=firefly lv=test size=512g - lvol:
vg: firefly
lv: test
size: 512g
# Create a logical volume the size of all remaining space in the volume group # Create a logical volume the size of all remaining space in the volume group
- lvol: vg=firefly lv=test size=100%FREE - lvol:
vg: firefly
lv: test
size: 100%FREE
# Create a logical volume with special options # Create a logical volume with special options
- lvol: vg=firefly lv=test size=512g opts="-r 16" - lvol:
vg: firefly
lv: test
size: 512g
opts: -r 16
# Extend the logical volume to 1024m. # Extend the logical volume to 1024m.
- lvol: vg=firefly lv=test size=1024 - lvol:
vg: firefly
lv: test
size: 1024
# Extend the logical volume to consume all remaining space in the volume group # Extend the logical volume to consume all remaining space in the volume group
- lvol: vg=firefly lv=test size=+100%FREE - lvol:
vg: firefly
lv: test
size: +100%FREE
# Extend the logical volume to take all remaining space of the PVs # Extend the logical volume to take all remaining space of the PVs
- lvol: vg=firefly lv=test size=100%PVS - lvol:
vg: firefly
lv: test
size: 100%PVS
# Resize the logical volume to % of VG # Resize the logical volume to % of VG
- lvol: vg-firefly lv=test size=80%VG force=yes - lvol:
vg: firefly
lv: test
size: 80%VG
force: yes
# Reduce the logical volume to 512m # Reduce the logical volume to 512m
- lvol: vg=firefly lv=test size=512 force=yes - lvol:
vg: firefly
lv: test
size: 512
force: yes
# Set the logical volume to 512m and do not try to shrink if size is lower than current one # Set the logical volume to 512m and do not try to shrink if size is lower than current one
- lvol: vg=firefly lv=test size=512 shrink=no - lvol:
vg: firefly
lv: test
size: 512
shrink: no
# Remove the logical volume. # Remove the logical volume.
- lvol: vg=firefly lv=test state=absent force=yes - lvol:
vg: firefly
lv: test
state: absent
force: yes
# Create a snapshot volume of the test logical volume. # Create a snapshot volume of the test logical volume.
- lvol: vg=firefly lv=test snapshot=snap1 size=100m - lvol:
vg: firefly
lv: test
snapshot: snap1
size: 100m
# Deactivate a logical volume # Deactivate a logical volume
- lvol: vg=firefly lv=test active=false - lvol:
vg: firefly
lv: test
active: false
# Create a deactivated logical volume # Create a deactivated logical volume
- lvol: vg=firefly lv=test size=512g active=false - lvol:
vg: firefly
lv: test
size: 512g
active: false
''' '''
import re import re

View file

@ -46,10 +46,13 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Build the default target # Build the default target
- make: chdir=/home/ubuntu/cool-project - make:
chdir: /home/ubuntu/cool-project
# Run `install` target as root # Run `install` target as root
- make: chdir=/home/ubuntu/cool-project target=install - make:
chdir: /home/ubuntu/cool-project
target: install
become: yes become: yes
# Pass in extra arguments to build # Pass in extra arguments to build

View file

@ -52,9 +52,15 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Add the 802.1q module # Add the 802.1q module
- modprobe: name=8021q state=present - modprobe:
name: 8021q
state: present
# Add the dummy module # Add the dummy module
- modprobe: name=dummy state=present params="numdummies=2" - modprobe:
name: dummy
state: present
params: 'numdummies=2'
''' '''
from ansible.module_utils.basic import * from ansible.module_utils.basic import *

View file

@ -88,18 +88,28 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# perform a discovery on 10.1.2.3 and show available target nodes # perform a discovery on 10.1.2.3 and show available target nodes
- open_iscsi: show_nodes=yes discover=yes portal=10.1.2.3 - open_iscsi:
show_nodes: yes
discover: yes
portal: 10.1.2.3
# discover targets on portal and login to the one available # discover targets on portal and login to the one available
# (only works if exactly one target is exported to the initiator) # (only works if exactly one target is exported to the initiator)
- open_iscsi: portal={{iscsi_target}} login=yes discover=yes - open_iscsi:
portal: '{{ iscsi_target }}'
login: yes
discover: yes
# description: connect to the named target, after updating the local # description: connect to the named target, after updating the local
# persistent database (cache) # persistent database (cache)
- open_iscsi: login=yes target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d - open_iscsi:
login: yes
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
# description: discconnect from the cached named target # description: discconnect from the cached named target
- open_iscsi: login=no target=iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d" - open_iscsi:
login: no
target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d'
''' '''
import glob import glob

View file

@ -59,11 +59,20 @@ requirements:
EXAMPLES = ''' EXAMPLES = '''
# Example action to start service httpd, if not running # Example action to start service httpd, if not running
- openwrt_init: state=started name=httpd - openwrt_init:
state: started
name: httpd
# Example action to stop service cron, if running # Example action to stop service cron, if running
- openwrt_init: name=cron state=stopped - openwrt_init:
name: cron
state: stopped
# Example action to reload service httpd, in all cases # Example action to reload service httpd, in all cases
- openwrt_init: name=httpd state=reloaded - openwrt_init:
name: httpd
state: reloaded
# Example action to enable service httpd # Example action to enable service httpd
- openwrt_init: - openwrt_init:
name: httpd name: httpd

View file

@ -72,15 +72,43 @@ notes:
''' '''
EXAMPLES = ''' EXAMPLES = '''
- osx_defaults: domain=com.apple.Safari key=IncludeInternalDebugMenu type=bool value=true state=present - osx_defaults:
- osx_defaults: domain=NSGlobalDomain key=AppleMeasurementUnits type=string value=Centimeters state=present domain: com.apple.Safari
- osx_defaults: domain=com.apple.screensaver host=currentHost key=showClock type=int value=1 key: IncludeInternalDebugMenu
- osx_defaults: key=AppleMeasurementUnits type=string value=Centimeters type: bool
value: true
state: present
- osx_defaults:
domain: NSGlobalDomain
key: AppleMeasurementUnits
type: string
value: Centimeters
state: present
- osx_defaults:
domain: com.apple.screensaver
host: currentHost
key: showClock
type: int
value: 1
- osx_defaults:
key: AppleMeasurementUnits
type: string
value: Centimeters
- osx_defaults: - osx_defaults:
key: AppleLanguages key: AppleLanguages
type: array type: array
value: ["en", "nl"] value:
- osx_defaults: domain=com.geekchimp.macable key=ExampleKeyToRemove state=absent - en
- nl
- osx_defaults:
domain: com.geekchimp.macable
key: ExampleKeyToRemove
state: absent
''' '''
import datetime import datetime

View file

@ -89,13 +89,27 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Add or modify nofile soft limit for the user joe # Add or modify nofile soft limit for the user joe
- pam_limits: domain=joe limit_type=soft limit_item=nofile value=64000 - pam_limits:
domain: joe
limit_type: soft
limit_item: nofile
value: 64000
# Add or modify fsize hard limit for the user smith. Keep or set the maximal value. # Add or modify fsize hard limit for the user smith. Keep or set the maximal value.
- pam_limits: domain=smith limit_type=hard limit_item=fsize value=1000000 use_max=yes - pam_limits:
domain: smith
limit_type: hard
limit_item: fsize
value: 1000000
use_max: yes
# Add or modify memlock, both soft and hard, limit for the user james with a comment. # Add or modify memlock, both soft and hard, limit for the user james with a comment.
- pam_limits: domain=james limit_type=- limit_item=memlock value=unlimited comment="unlimited memory lock for james" - pam_limits:
domain: james
limit_type: -
limit_item: memlock
value: unlimited
comment: unlimited memory lock for james
''' '''
def main(): def main():

View file

@ -102,19 +102,25 @@ EXAMPLES = '''
- puppet - puppet
# Run puppet and timeout in 5 minutes # Run puppet and timeout in 5 minutes
- puppet: timeout=5m - puppet:
timeout: 5m
# Run puppet using a different environment # Run puppet using a different environment
- puppet: environment=testing - puppet:
environment: testing
# Run puppet using a specific certname # Run puppet using a specific certname
- puppet: certname=agent01.example.com - puppet:
certname: agent01.example.com
# Run puppet using a specific piece of Puppet code. Has no effect with a # Run puppet using a specific piece of Puppet code. Has no effect with a
# puppetmaster. # puppetmaster.
- puppet: execute='include ::mymodule' - puppet:
execute: 'include ::mymodule'
# Run puppet using a specific tags # Run puppet using a specific tags
- puppet: tags=update,nginx - puppet:
tags: update,nginx
''' '''

View file

@ -72,7 +72,10 @@ author: Dag Wieers
EXAMPLES = ''' EXAMPLES = '''
# Allow apache to modify files in /srv/git_repos # Allow apache to modify files in /srv/git_repos
- sefcontext: target='/srv/git_repos(/.*)?' setype=httpd_git_rw_content_t state=present - sefcontext:
target: '/srv/git_repos(/.*)?'
setype: httpd_git_rw_content_t
state: present
''' '''
RETURN = ''' RETURN = '''
@ -255,4 +258,4 @@ def main():
if __name__ == '__main__': if __name__ == '__main__':
main() main()

View file

@ -56,7 +56,9 @@ author: Michael Scherer <misc@zarb.org>
''' '''
EXAMPLES = ''' EXAMPLES = '''
- selinux_permissive: name=httpd_t permissive=true - selinux_permissive:
name: httpd_t
permissive: true
''' '''
HAVE_SEOBJECT = False HAVE_SEOBJECT = False

View file

@ -61,11 +61,25 @@ author: Dan Keder
EXAMPLES = ''' EXAMPLES = '''
# Allow Apache to listen on tcp port 8888 # Allow Apache to listen on tcp port 8888
- seport: ports=8888 proto=tcp setype=http_port_t state=present - seport:
ports: 8888
proto: tcp
setype: http_port_t
state: present
# Allow sshd to listen on tcp port 8991 # Allow sshd to listen on tcp port 8991
- seport: ports=8991 proto=tcp setype=ssh_port_t state=present - seport:
ports: 8991
proto: tcp
setype: ssh_port_t
state: present
# Allow memcached to listen on tcp ports 10000-10100 and 10112 # Allow memcached to listen on tcp ports 10000-10100 and 10112
- seport: ports=10000-10100,10112 proto=tcp setype=memcache_port_t state=present - seport:
ports: 10000-10100,10112
proto: tcp
setype: memcache_port_t
state: present
''' '''
try: try:

View file

@ -107,31 +107,55 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Create and install a zone, but don't boot it # Create and install a zone, but don't boot it
solaris_zone: name=zone1 state=present path=/zones/zone1 sparse=true root_password="Be9oX7OSwWoU." - solaris_zone:
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' name: zone1
state: present
path: /zones/zone1
sparse: true
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Create and install a zone and boot it # Create and install a zone and boot it
solaris_zone: name=zone1 state=running path=/zones/zone1 root_password="Be9oX7OSwWoU." - solaris_zone:
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' name: zone1
state: running
path: /zones/zone1
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Boot an already installed zone # Boot an already installed zone
solaris_zone: name=zone1 state=running - solaris_zone:
name: zone1
state: running
# Stop a zone # Stop a zone
solaris_zone: name=zone1 state=stopped - solaris_zone:
name: zone1
state: stopped
# Destroy a zone # Destroy a zone
solaris_zone: name=zone1 state=absent - solaris_zone:
name: zone1
state: absent
# Detach a zone # Detach a zone
solaris_zone: name=zone1 state=detached - solaris_zone:
name: zone1
state: detached
# Configure a zone, ready to be attached # Configure a zone, ready to be attached
solaris_zone: name=zone1 state=configured path=/zones/zone1 root_password="Be9oX7OSwWoU." - solaris_zone:
config='set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end' name: zone1
state: configured
path: /zones/zone1
root_password: Be9oX7OSwWoU.
config: 'set autoboot=true; add net; set physical=bge0; set address=10.1.1.1; end'
# Attach a zone # Attach a zone
solaris_zone: name=zone1 state=attached attach_options='-u' - solaris_zone:
name: zone1
state: attached
attach_options=: -u
''' '''
class Zone(object): class Zone(object):

View file

@ -67,22 +67,35 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Example action to start svc dnscache, if not running # Example action to start svc dnscache, if not running
- svc: name=dnscache state=started - svc:
name: dnscache
state: started
# Example action to stop svc dnscache, if running # Example action to stop svc dnscache, if running
- svc: name=dnscache state=stopped - svc:
name: dnscache
state: stopped
# Example action to kill svc dnscache, in all cases # Example action to kill svc dnscache, in all cases
- svc : name=dnscache state=killed - svc:
name: dnscache
state: killed
# Example action to restart svc dnscache, in all cases # Example action to restart svc dnscache, in all cases
- svc : name=dnscache state=restarted - svc:
name: dnscache
state: restarted
# Example action to reload svc dnscache, in all cases # Example action to reload svc dnscache, in all cases
- svc: name=dnscache state=reloaded - svc:
name: dnscache
state: reloaded
# Example using alt svc directory location # Example using alt svc directory location
- svc: name=dnscache state=reloaded service_dir=/var/service - svc:
name: dnscache
state: reloaded
service_dir: /var/service
''' '''
import platform import platform

View file

@ -71,7 +71,8 @@ diff:
EXAMPLES = ''' EXAMPLES = '''
- name: set timezone to Asia/Tokyo - name: set timezone to Asia/Tokyo
timezone: name=Asia/Tokyo timezone:
name: Asia/Tokyo
''' '''

View file

@ -125,60 +125,103 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Allow everything and enable UFW # Allow everything and enable UFW
ufw: state=enabled policy=allow - ufw:
state: enabled
policy: allow
# Set logging # Set logging
ufw: logging=on - ufw:
logging: on
# Sometimes it is desirable to let the sender know when traffic is # Sometimes it is desirable to let the sender know when traffic is
# being denied, rather than simply ignoring it. In these cases, use # being denied, rather than simply ignoring it. In these cases, use
# reject instead of deny. In addition, log rejected connections: # reject instead of deny. In addition, log rejected connections:
ufw: rule=reject port=auth log=yes - ufw:
rule: reject
port: auth
log: yes
# ufw supports connection rate limiting, which is useful for protecting # ufw supports connection rate limiting, which is useful for protecting
# against brute-force login attacks. ufw will deny connections if an IP # against brute-force login attacks. ufw will deny connections if an IP
# address has attempted to initiate 6 or more connections in the last # address has attempted to initiate 6 or more connections in the last
# 30 seconds. See http://www.debian-administration.org/articles/187 # 30 seconds. See http://www.debian-administration.org/articles/187
# for details. Typical usage is: # for details. Typical usage is:
ufw: rule=limit port=ssh proto=tcp - ufw:
rule: limit
port: ssh
proto: tcp
# Allow OpenSSH. (Note that as ufw manages its own state, simply removing # Allow OpenSSH. (Note that as ufw manages its own state, simply removing
# a rule=allow task can leave those ports exposed. Either use delete=yes # a rule=allow task can leave those ports exposed. Either use delete=yes
# or a separate state=reset task) # or a separate state=reset task)
ufw: rule=allow name=OpenSSH - ufw:
rule: allow
name: OpenSSH
# Delete OpenSSH rule # Delete OpenSSH rule
ufw: rule=allow name=OpenSSH delete=yes - ufw:
rule: allow
name: OpenSSH
delete: yes
# Deny all access to port 53: # Deny all access to port 53:
ufw: rule=deny port=53 - ufw:
rule: deny
port: 53
# Allow port range 60000-61000 # Allow port range 60000-61000
ufw: rule=allow port=60000:61000 - ufw:
rule: allow
port: '60000:61000'
# Allow all access to tcp port 80: # Allow all access to tcp port 80:
ufw: rule=allow port=80 proto=tcp - ufw:
rule: allow
port: 80
proto: tcp
# Allow all access from RFC1918 networks to this host: # Allow all access from RFC1918 networks to this host:
ufw: rule=allow src={{ item }} - ufw:
with_items: rule: allow
- 10.0.0.0/8 src: '{{ item }}'
- 172.16.0.0/12 with_items:
- 192.168.0.0/16 - 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
# Deny access to udp port 514 from host 1.2.3.4: # Deny access to udp port 514 from host 1.2.3.4:
ufw: rule=deny proto=udp src=1.2.3.4 port=514 - ufw:
rule: deny
proto: udp
src: 1.2.3.4
port: 514
# Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 # Allow incoming access to eth0 from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
ufw: rule=allow interface=eth0 direction=in proto=udp src=1.2.3.5 from_port=5469 dest=1.2.3.4 to_port=5469 - ufw:
rule: allow
interface: eth0
direction: in
proto: udp
src: 1.2.3.5
from_port: 5469
dest: 1.2.3.4
to_port: 5469
# Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host. # Deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host.
# Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work. # Note that IPv6 must be enabled in /etc/default/ufw for IPv6 firewalling to work.
ufw: rule=deny proto=tcp src=2001:db8::/32 port=25 - ufw:
rule: deny
proto: tcp
src: '2001:db8::/32'
port: 25
# Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24. # Deny forwarded/routed traffic from subnet 1.2.3.0/24 to subnet 4.5.6.0/24.
# Can be used to further restrict a global FORWARD policy set to allow # Can be used to further restrict a global FORWARD policy set to allow
ufw: rule=deny route=yes src=1.2.3.0/24 dest=4.5.6.0/24 - ufw:
rule: deny
route: yes
src: 1.2.3.0/24
dest: 4.5.6.0/24
''' '''
from operator import itemgetter from operator import itemgetter

View file

@ -54,22 +54,38 @@ author: "Johan Wiren (@johanwiren)"
EXAMPLES = ''' EXAMPLES = '''
# Create a new file system called myfs in pool rpool with the setuid property turned off # Create a new file system called myfs in pool rpool with the setuid property turned off
- zfs: name=rpool/myfs state=present setuid=off - zfs:
name: rpool/myfs
state: present
setuid: off
# Create a new volume called myvol in pool rpool. # Create a new volume called myvol in pool rpool.
- zfs: name=rpool/myvol state=present volsize=10M - zfs:
name: rpool/myvol
state: present
volsize: 10M
# Create a snapshot of rpool/myfs file system. # Create a snapshot of rpool/myfs file system.
- zfs: name=rpool/myfs@mysnapshot state=present - zfs:
name: rpool/myfs@mysnapshot
state: present
# Create a new file system called myfs2 with snapdir enabled # Create a new file system called myfs2 with snapdir enabled
- zfs: name=rpool/myfs2 state=present snapdir=enabled - zfs:
name: rpool/myfs2
state: present
snapdir: enabled
# Create a new file system by cloning a snapshot # Create a new file system by cloning a snapshot
- zfs: name=rpool/cloned_fs state=present origin=rpool/myfs@mysnapshot - zfs:
name: rpool/cloned_fs
state: present
origin: rpool/myfs@mysnapshot
# Destroy a filesystem # Destroy a filesystem
- zfs: name=rpool/myfs state=absent - zfs:
name: rpool/myfs
state: absent
''' '''