Skip to content

Commit

Permalink
Merge pull request #467 from konstruktoid/motd
Browse files Browse the repository at this point in the history 
ensure motd-news is masked
  • Loading branch information
@konstruktoid
konstruktoid authored Dec 29, 2023
2 parents 0f4e9bb + 1109212 commit e5fb412
Show file tree
Hide file tree
Showing 2 changed files with 124 additions and 114 deletions.
16 changes: 0 additions & 16 deletions handlers/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,22 +104,6 @@
enabled: false
state: stopped

- name: Mask motdnews timer
become: true
ansible.builtin.systemd:
name: motd-news.timer
masked: true
enabled: false
state: stopped

- name: Mask motdnews service
become: true
ansible.builtin.systemd:
name: motd-news.service
masked: true
enabled: false
state: stopped

- name: Run dnf autoremove
ansible.builtin.dnf:
autoremove: true
Expand Down
222 changes: 124 additions & 98 deletions tasks/motdnews.yml
View file
Original file line number Diff line number Diff line change
@@ -1,109 +1,135 @@
---
- name: Stat /etc/default/motd-news
ansible.builtin.stat:
path: /etc/default/motd-news
register: motd_news
- name: Manage apt esm, motd-news and Ubuntu PRO
when: ansible_os_family == "Debian"
tags:
- motd
block:
- name: Stat /etc/default/motd-news
ansible.builtin.stat:
path: /etc/default/motd-news
register: motd_news
tags:
- motd

- name: Disable motd-news
become: true
ansible.builtin.lineinfile:
regexp: ^ENABLED=
line: ENABLED=0
dest: /etc/default/motd-news
mode: "0644"
state: present
create: false
backrefs: true
notify:
- Mask motdnews timer
- Mask motdnews service
when: ansible_os_family == "Debian" and motd_news.stat.exists
tags:
- motd
- name: Disable motd-news
become: true
ansible.builtin.lineinfile:
regexp: ^ENABLED=
line: ENABLED=0
dest: /etc/default/motd-news
mode: "0644"
state: present
create: false
backrefs: true
when: motd_news.stat.exists
tags:
- motd

- name: Find update-motd.d files
become: true
ansible.builtin.find:
paths: /etc/update-motd.d
file_type: file
register: update_motd_permissions
tags:
- motd
- name: Find update-motd.d files
become: true
ansible.builtin.find:
paths: /etc/update-motd.d
file_type: file
register: update_motd_permissions
tags:
- motd

- name: Update motd permissions
become: true
ansible.builtin.file:
dest: "{{ item.path }}"
mode: "0444"
with_items:
- "{{ update_motd_permissions.files }}"
when: ansible_os_family == "Debian"
tags:
- motd
- name: Update motd permissions
become: true
ansible.builtin.file:
dest: "{{ item.path }}"
mode: "0444"
with_items:
- "{{ update_motd_permissions.files }}"
tags:
- motd

- name: Set /etc/update-motd.d permission
become: true
ansible.builtin.file:
dest: /etc/update-motd.d
mode: "0755"
when: ansible_os_family == "Debian"
tags:
- motd
- name: Set /etc/update-motd.d permission
become: true
ansible.builtin.file:
dest: /etc/update-motd.d
mode: "0755"
tags:
- motd

- name: Stat /usr/bin/pro
ansible.builtin.stat:
path: /usr/bin/pro
register: ubuntu_advantage_pro
when: ansible_os_family == "Debian"
tags:
- apt_news
- ubuntu-pro
- name: Stat /usr/bin/pro
ansible.builtin.stat:
path: /usr/bin/pro
register: ubuntu_advantage_pro
tags:
- apt_news
- ubuntu-pro

- name: Check apt_news status
ansible.builtin.shell: |
set -o pipefail
pro config show | grep '^apt_news.*False'
args:
executable: /bin/bash
register: ubuntu_advantage_pro_state
changed_when: false
failed_when: ubuntu_advantage_pro_state.rc > 1
when: ansible_os_family == "Debian" and ubuntu_advantage_pro.stat.exists
tags:
- apt_news
- ubuntu-pro
- name: Check apt_news status
ansible.builtin.shell: |
set -o pipefail
pro config show | grep '^apt_news.*False'
args:
executable: /bin/bash
register: ubuntu_advantage_pro_state
changed_when: false
failed_when: ubuntu_advantage_pro_state.rc > 1
when: ubuntu_advantage_pro.stat.exists
tags:
- apt_news
- ubuntu-pro

- name: Disable apt_news
become: true
ansible.builtin.command:
cmd: pro config set apt_news=false
register: disable_apt_news
changed_when: disable_apt_news.rc != 0
failed_when: disable_apt_news.rc != 0
when:
- ansible_os_family == "Debian"
- ubuntu_advantage_pro.stat.exists
- ubuntu_advantage_pro_state.rc != 0
tags:
- apt_news
- ubuntu-pro
- name: Disable apt_news
become: true
ansible.builtin.command:
cmd: pro config set apt_news=false
register: disable_apt_news
changed_when: disable_apt_news.rc != 0
failed_when: disable_apt_news.rc != 0
when:
- ubuntu_advantage_pro.stat.exists
- ubuntu_advantage_pro_state.rc != 0
tags:
- apt_news
- ubuntu-pro

- name: Stat apt ESM hook
ansible.builtin.stat:
path: /etc/apt/apt.conf.d/20apt-esm-hook.conf
register: ubuntu_esm_hook
when: ansible_os_family == "Debian"
tags:
- ubuntu-pro
- name: Stat apt ESM hook
ansible.builtin.stat:
path: /etc/apt/apt.conf.d/20apt-esm-hook.conf
register: ubuntu_esm_hook
tags:
- ubuntu-pro

- name: Remove apt ESM hook
become: true
ansible.builtin.file:
dest: /etc/apt/apt.conf.d/20apt-esm-hook.conf
state: absent
when: ubuntu_esm_hook.stat.exists
tags:
- ubuntu-pro

- name: Get motdnews timer state
ansible.builtin.systemd:
name: motd-news.timer
register: motd_news_timer

- name: Get motdnews service state
ansible.builtin.systemd:
name: motd-news.service
register: motd_news_service

- name: Mask motdnews timer
become: true
ansible.builtin.systemd:
name: motd-news.timer
masked: true
enabled: false
state: stopped
when: motd_news_timer['status']['LoadState'] == "loaded"
tags:
- motd

- name: Remove apt ESM hook
become: true
ansible.builtin.file:
dest: /etc/apt/apt.conf.d/20apt-esm-hook.conf
state: absent
when: ansible_os_family == "Debian" and ubuntu_esm_hook.stat.exists
tags:
- ubuntu-pro
- name: Mask motdnews service
become: true
ansible.builtin.systemd:
name: motd-news.service
masked: true
enabled: false
state: stopped
when: motd_news_service['status']['LoadState'] == "loaded"
tags:
- motd

0 comments on commit e5fb412

Please sign in to comment.