From 09763679131a9c4bfd8d3b891f589b44d42a3657 Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Fri, 21 Sep 2018 23:43:50 +0200 Subject: Use one variable for chroot or nspawn environment --- roles/fedora/tasks/hostname.yml | 6 +++--- roles/space_server/handlers/main.yml | 22 +++++++++++----------- roles/space_server/tasks/avahi.yml | 6 +++--- roles/space_server/tasks/bird.yml | 6 +++--- roles/space_server/tasks/blackhole.yml | 6 +++--- roles/space_server/tasks/dhcpd.yml | 6 +++--- roles/space_server/tasks/gettys.yml | 12 ++++++------ roles/space_server/tasks/networkd.yml | 6 +++--- roles/space_server/tasks/nftables.yml | 6 +++--- roles/space_server/tasks/radius.yml | 12 ++++++------ roles/space_server/tasks/radvd.yml | 6 +++--- roles/space_server/tasks/resolved.yml | 12 ++++++------ roles/space_server/tasks/sshd.yml | 6 +++--- roles/space_server/tasks/timesyncd.yml | 6 +++--- roles/space_server/tasks/unbound.yml | 6 +++--- space.yml | 4 ++++ 16 files changed, 66 insertions(+), 62 deletions(-) diff --git a/roles/fedora/tasks/hostname.yml b/roles/fedora/tasks/hostname.yml index 5299270..2e755ca 100644 --- a/roles/fedora/tasks/hostname.yml +++ b/roles/fedora/tasks/hostname.yml @@ -2,11 +2,11 @@ - name: Set hostname hostname: name: '{{ hostname }}' - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' copy: dest: /etc/hostname content: "{{ hostname }}\n" - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/handlers/main.yml b/roles/space_server/handlers/main.yml index e8943d3..5ecb341 100644 --- a/roles/space_server/handlers/main.yml +++ b/roles/space_server/handlers/main.yml @@ -3,25 +3,25 @@ systemd: name: nftables.service state: reloaded - when: "'container' not in ansible_env" + when: not chroot - name: restart networkd systemd: name: systemd-networkd.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart blackhole systemd: name: blackhole.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart sshd systemd: name: sshd.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart bird systemd: @@ -30,43 +30,43 @@ with_items: - bird - bird6 - when: "'container' not in ansible_env" + when: not chroot - name: restart dhcpd systemd: name: dhcpd.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart radvd systemd: name: radvd.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart radiusd systemd: name: radiusd.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart getusers systemd: name: getusers.timer state: restarted daemon_reload: yes - when: "'container' not in ansible_env" + when: not chroot - name: restart unbound systemd: name: unbound.service state: restarted - when: "'container' not in ansible_env" + when: not chroot - name: restart avahi-daemon systemd: name: avahi-daemon.service state: restarted - when: "'container' not in ansible_env" + when: not chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/avahi.yml b/roles/space_server/tasks/avahi.yml index db8a5ee..1ed1e7c 100644 --- a/roles/space_server/tasks/avahi.yml +++ b/roles/space_server/tasks/avahi.yml @@ -93,12 +93,12 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable avahi-daemon.service args: creates: '/etc/systemd/system/multi-user.target.wants/avahi-daemon.service' - when: "'container' in ansible_env" + when: chroot - name: Use nss-mdns lineinfile: diff --git a/roles/space_server/tasks/bird.yml b/roles/space_server/tasks/bird.yml index 17f0a99..8f4e20b 100644 --- a/roles/space_server/tasks/bird.yml +++ b/roles/space_server/tasks/bird.yml @@ -55,14 +55,14 @@ with_items: - bird - bird6 - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: 'systemctl enable {{ item }}.service' args: creates: '/etc/systemd/system/multi-user.target.wants/{{ item }}.service' with_items: - bird - bird6 - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/blackhole.yml b/roles/space_server/tasks/blackhole.yml index b62a7ca..2fd1b5e 100644 --- a/roles/space_server/tasks/blackhole.yml +++ b/roles/space_server/tasks/blackhole.yml @@ -22,11 +22,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable blackhole.service args: creates: '/etc/systemd/system/multi-user.target.wants/blackhole.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/dhcpd.yml b/roles/space_server/tasks/dhcpd.yml index a15ce49..53ad1a6 100644 --- a/roles/space_server/tasks/dhcpd.yml +++ b/roles/space_server/tasks/dhcpd.yml @@ -21,11 +21,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable dhcpd.service args: creates: '/etc/systemd/system/multi-user.target.wants/dhcpd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/gettys.yml b/roles/space_server/tasks/gettys.yml index bdf293a..ea351f4 100644 --- a/roles/space_server/tasks/gettys.yml +++ b/roles/space_server/tasks/gettys.yml @@ -4,22 +4,22 @@ name: getty@tty1.service enabled: no state: stopped - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl disable getty@tty1.service args: removes: '/etc/systemd/system/getty.target.wants/getty@tty1.service' - when: "'container' in ansible_env" + when: chroot - name: Enable serial-getty@ttyS0 systemd: name: serial-getty@ttyS0.service enabled: yes - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable serial-getty@ttyS0.service args: creates: '/etc/systemd/system/getty.target.wants/serial-getty@ttyS0.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/networkd.yml b/roles/space_server/tasks/networkd.yml index ecd5d52..b46b728 100644 --- a/roles/space_server/tasks/networkd.yml +++ b/roles/space_server/tasks/networkd.yml @@ -40,11 +40,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable systemd-networkd.service args: creates: '/etc/systemd/system/multi-user.target.wants/systemd-networkd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/nftables.yml b/roles/space_server/tasks/nftables.yml index 2dc8fce..ac5e441 100644 --- a/roles/space_server/tasks/nftables.yml +++ b/roles/space_server/tasks/nftables.yml @@ -32,11 +32,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable nftables.service args: creates: '/etc/systemd/system/multi-user.target.wants/nftables.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/radius.yml b/roles/space_server/tasks/radius.yml index b480d3f..11ab1b0 100644 --- a/roles/space_server/tasks/radius.yml +++ b/roles/space_server/tasks/radius.yml @@ -89,12 +89,12 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable getusers.timer args: creates: '/etc/systemd/system/timers.target.wants/getusers.timer' - when: "'container' in ansible_env" + when: chroot - name: Create service drop-in directory file: @@ -111,11 +111,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable radiusd.service args: creates: '/etc/systemd/system/multi-user.target.wants/radiusd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/radvd.yml b/roles/space_server/tasks/radvd.yml index 3c25c5c..ec1be83 100644 --- a/roles/space_server/tasks/radvd.yml +++ b/roles/space_server/tasks/radvd.yml @@ -30,11 +30,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable radvd.service args: creates: '/etc/systemd/system/multi-user.target.wants/radvd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/resolved.yml b/roles/space_server/tasks/resolved.yml index d95d1d1..9196e1c 100644 --- a/roles/space_server/tasks/resolved.yml +++ b/roles/space_server/tasks/resolved.yml @@ -5,12 +5,12 @@ # enabled: yes # masked: no # state: started -# when: "'container' not in ansible_env" -#- name: '- when in nspawn' +# when: not chroot +#- name: '- when in chroot' # command: systemctl enable systemd-resolved.service # args: # creates: '/etc/systemd/system/multi-user.target.wants/systemd-resolved.service' -# when: "'container' in ansible_env" +# when: chroot # #- name: Use systemd-resolved # lineinfile: @@ -24,11 +24,11 @@ enabled: no masked: no state: stopped - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl disable systemd-resolved.service args: removes: '/etc/systemd/system/multi-user.target.wants/systemd-resolved.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/sshd.yml b/roles/space_server/tasks/sshd.yml index cc8a232..112f817 100644 --- a/roles/space_server/tasks/sshd.yml +++ b/roles/space_server/tasks/sshd.yml @@ -27,11 +27,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable sshd.service args: creates: '/etc/systemd/system/multi-user.target.wants/sshd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/timesyncd.yml b/roles/space_server/tasks/timesyncd.yml index cf964e3..3217889 100644 --- a/roles/space_server/tasks/timesyncd.yml +++ b/roles/space_server/tasks/timesyncd.yml @@ -5,11 +5,11 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable systemd-timesyncd.service args: creates: '/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service' - when: "'container' in ansible_env" + when: chroot # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/tasks/unbound.yml b/roles/space_server/tasks/unbound.yml index a9c4610..b11c338 100644 --- a/roles/space_server/tasks/unbound.yml +++ b/roles/space_server/tasks/unbound.yml @@ -21,12 +21,12 @@ enabled: yes masked: no state: started - when: "'container' not in ansible_env" -- name: '- when in nspawn' + when: not chroot +- name: '- when in chroot' command: systemctl enable unbound.service args: creates: '/etc/systemd/system/multi-user.target.wants/unbound.service' - when: "'container' in ansible_env" + when: chroot - name: Use our own resolver copy: diff --git a/space.yml b/space.yml index 96b95e2..0b026df 100644 --- a/space.yml +++ b/space.yml @@ -1,6 +1,10 @@ --- - hosts: space pre_tasks: + - name: Detect chroot + set_fact: + chroot: "{{ ansible_connection == 'chroot' or 'container' in ansible_env }}" + tags: always - name: Load secrets include_vars: '{{ item }}' with_first_found: -- cgit v1.2.1