From 901243cee33e5913cf9cced4780f4cf5b2a59986 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Fri, 25 Oct 2024 13:21:43 -0600 Subject: [PATCH] refactor: Use vars/RedHat_N.yml symlink for CentOS, Rocky, Alma wherever possible We have a lot of requests to support Rocky and Alma in various system roles. The first part of adding support is adding `vars/` files for these platforms. In almost every case, for a given major version N, the vars file RedHat_N.yml can be used for CentOS, Rocky, and Alma. Rather than making a copy of the RedHat_N.yml file, just use a symlink to reduce size and maintenance burden, and standardize this across all system roles for consistency. NOTE: There is no Alma or Rocky version 7 or less. NOTE: OracleLinux is not a strict clone, so we are not going to do this for OracleLinux at this time. Support for OracleLinux will need to be done in separate PRs. For more information, see https://github.com/linux-system-roles/cockpit/issues/130 **Question**: Why not just use `ansible_facts["os_family"] == "RedHat"`? **Answer**: This is what Ansible uses as the RedHat os_family: https://github.com/ansible/ansible/blob/1e6ffc1d02559a26def6c9c3b07baf27032865a2/lib/ansible/module_utils/facts/system/distribution.py#L511 There are a lot of distributions in there. I know that Fedora is not a clone of RHEL, but it is very closely related. Most of the others are not clones, and it would generally not work to replace ansible_distribution in ['CentOS', 'Fedora', 'RedHat'] with ansible_facts['os_family'] == 'RedHat' (but it would probably work in specific cases with specific distributions). For example, OracleLinux is in there, and we know that doesn't generally work. The only ones we can be pretty sure about are `RedHat`, `CentOS`, `Fedora`, `AlmaLinux`, and `Rocky`. **Question**: Does my role really need this because it should already work on RHEL clones? **Answer**: Maybe not - but: * it doesn't hurt anything * it's there if we need it in the future * the role will be inconsistent with the other system roles if we don't have this **Question**: Why do I need the `tests/vars/rh_distros_vars.yml` file? Doesn't the test load the vars from the role? **Answer**: No, the test does not load the vars from the role until the role is included, and many tests use version and distribution before including the role. **Question**: Do we need to change the code now to use the new variables? **Answer**: No, not now, in subsequent PRs, hopefully by Alma and Rocky users. Note that there may be more work to be done to the role to fully support Rocky and Alma. Many roles have conditionals like this: ```yaml some_var: "{{ 'some value' if ansible_distribution in ['CentOS', 'RedHat'] else 'other value' }}" another_var: "{{ 'some value' if ansible_distribution in ['CentOS', 'Fedora', 'RedHat'] else 'other value' }}" ... - name: Do something when: ansible_distribution in ['CentOS', 'RedHat'] ... - name: Do something else when: ansible_distribution in ['CentOS', 'Fedora', 'RedHat'] ... ``` Adding Rocky and AlmaLinux to these conditionals will have to be done separately. In order to simplify the task, some new variables are being introduced: ```yaml __$rolename_rh_distros: - AlmaLinux - CentOS - RedHat - Rocky __$rolename_rh_distros_fedora: "{{ __$rolename_rh_distros + ['Fedora'] }}" __$rolename_is_rh_distro: "{{ ansible_distribution in __$rolename_rh_distros }}" __$rolename_is_rh_distro_fedora: "{{ ansible_distribution in __$rolename_rh_distros_fedora }}" ``` Then the conditionals can be rewritten as: ```yaml some_var: "{{ 'some value' if __$rolename_is_rh_distro else 'other value' }}" another_var: "{{ 'some value' if __$rolename_is_rh_distro_fedora else 'other value' }}" ... - name: Do something when: __$rolename_is_rh_distro | bool ... - name: Do something else when: __$rolename_is_rh_distro_fedora | bool ... ``` For tests - tests that use such conditionals will need to use `vars_files` or `include_vars` to load the variables that are defined in `tests/vars/rh_distros_vars.yml`: ```yaml vars_files: - vars/rh_distros_vars.yml ``` We don't currently have CI testing for Rocky or Alma, so someone wanting to run tests on those platforms would need to change the test code to use these. Signed-off-by: Rich Megginson --- .ansible-lint | 2 +- .github/workflows/tft.yml | 2 +- .github/workflows/weekly_ci.yml | 2 +- README.md | 27 ++++++++--------- contributing.md | 8 ++--- defaults/main.yml | 4 +-- examples/simple.yml | 8 ++--- handlers/main.yml | 4 +-- tasks/main.yml | 14 ++++----- .../defaults | 0 .../handlers | 0 .../meta | 0 .../tasks | 0 .../templates | 0 .../vars | 0 tests/setup-snapshot.yml | 4 +-- tests/tests_default.yml | 4 +-- tests/tests_include_vars_from_parent.yml | 2 +- tests/vars/rh_distros_vars.yml | 20 +++++++++++++ vars/AlmaLinux_10.yml | 1 + vars/AlmaLinux_8.yml | 1 + vars/AlmaLinux_9.yml | 1 + vars/CentOS_10.yml | 8 +---- vars/CentOS_7.yml | 8 +---- vars/CentOS_8.yml | 8 +---- vars/CentOS_9.yml | 8 +---- vars/Rocky_10.yml | 1 + vars/Rocky_8.yml | 1 + vars/Rocky_9.yml | 1 + vars/main.yml | 30 +++++++++++++++---- 30 files changed, 93 insertions(+), 76 deletions(-) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/defaults (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/handlers (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/meta (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/tasks (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/templates (100%) rename tests/roles/{linux-system-roles.template => linux-system-roles.aide}/vars (100%) create mode 100644 tests/vars/rh_distros_vars.yml create mode 120000 vars/AlmaLinux_10.yml create mode 120000 vars/AlmaLinux_8.yml create mode 120000 vars/AlmaLinux_9.yml mode change 100644 => 120000 vars/CentOS_10.yml mode change 100644 => 120000 vars/CentOS_7.yml mode change 100644 => 120000 vars/CentOS_8.yml mode change 100644 => 120000 vars/CentOS_9.yml create mode 120000 vars/Rocky_10.yml create mode 120000 vars/Rocky_8.yml create mode 120000 vars/Rocky_9.yml diff --git a/.ansible-lint b/.ansible-lint index a37aba5..574559c 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -21,6 +21,6 @@ exclude_paths: - .markdownlint.yaml - examples/roles/ mock_roles: - - linux-system-roles.template + - linux-system-roles.aide supported_ansible_also: - "2.14.0" diff --git a/.github/workflows/tft.yml b/.github/workflows/tft.yml index ccb89b0..0ade297 100644 --- a/.github/workflows/tft.yml +++ b/.github/workflows/tft.yml @@ -181,7 +181,7 @@ jobs: api_key: ${{ secrets.TF_API_KEY_RH }} update_pull_request_status: false tmt_hardware: '{ "memory": ">= ${{ needs.prepare_vars.outputs.memory }} MB" }' - tmt_plan_filter: "tag:general,template" + tmt_plan_filter: "tag:general,aide" - name: Set final commit status uses: myrotvorets/set-commit-status-action@master diff --git a/.github/workflows/weekly_ci.yml b/.github/workflows/weekly_ci.yml index aff7f38..c13fc57 100644 --- a/.github/workflows/weekly_ci.yml +++ b/.github/workflows/weekly_ci.yml @@ -4,7 +4,7 @@ name: Weekly CI trigger on: # yamllint disable-line rule:truthy workflow_dispatch: schedule: - - cron: 0 0 * * 6 + - cron: 0 11 * * 6 env: BRANCH_NAME: weekly-ci COMMIT_MESSAGE: "ci: This PR is to trigger periodic CI testing" diff --git a/README.md b/README.md index 7229849..900c259 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,8 @@ # Role Name -[![ansible-lint.yml](https://github.com/linux-system-roles/template/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/template/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/template/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/template/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/template/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/template/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/template/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/template/actions/workflows/woke.yml) +[![ansible-lint.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml) -![template](https://github.com/linux-system-roles/template/workflows/tox/badge.svg) - -A template for an ansible role that configures some GNU/Linux subsystem or -service. A brief description of the role goes here. +Ansible role for managing Advanced Intrusion Detection Environment (AIDE). ## Requirements @@ -34,12 +31,12 @@ A description of all input variables (i.e. variables that are defined in `defaults/main.yml`) for the role should go here as these form an API of the role. Each variable should have its own section e.g. -### template_foo +### aide_foo This variable is required. It is a string that lists the foo of the role. There is no default value. -### template_bar +### aide_bar This variable is optional. It is a boolean that tells the role to disable bar. The default value is `true`. @@ -53,8 +50,8 @@ the lifetime. Example of setting the variables: ```yaml -template_foo: "oof" -template_bar: false +aide_foo: "oof" +aide_bar: false ``` ## Variables Exported by the Role @@ -63,12 +60,12 @@ This section is optional. Some roles may export variables for playbooks to use later. These are analogous to "return values" in Ansible modules. For example, if a role performs some action that will require a system reboot, but the user wants to defer the reboot, the role might set a variable like -`template_reboot_needed: true` that the playbook can use to reboot at a more +`aide_reboot_needed: true` that the playbook can use to reboot at a more convenient time. Example: -### template_reboot_needed +### aide_reboot_needed Default `false` - if `true`, this means a reboot is needed to apply the changes made by the role @@ -79,13 +76,13 @@ Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: ```yaml -- name: Manage the template subsystem +- name: Manage the aide subsystem hosts: all vars: - template_foo: "foo foo!" - template_bar: false + aide_foo: "foo foo!" + aide_bar: false roles: - - linux-system-roles.template + - linux-system-roles.aide ``` More examples can be provided in the [`examples/`](examples) directory. These diff --git a/contributing.md b/contributing.md index 44e3ad0..4bc2ae1 100644 --- a/contributing.md +++ b/contributing.md @@ -1,4 +1,4 @@ -# Contributing to the template Linux System Role +# Contributing to the aide Linux System Role ## Where to start @@ -12,10 +12,10 @@ This has all of the common information that all role developers need: * How to create git commits and submit pull requests **Bugs and needed implementations** are listed on -[Github Issues](https://github.com/linux-system-roles/template/issues). +[Github Issues](https://github.com/linux-system-roles/aide/issues). Issues labeled with -[**help wanted**](https://github.com/linux-system-roles/template/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) +[**help wanted**](https://github.com/linux-system-roles/aide/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) are likely to be suitable for new contributors! -**Code** is managed on [Github](https://github.com/linux-system-roles/template), using +**Code** is managed on [Github](https://github.com/linux-system-roles/aide), using [Pull Requests](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/about-pull-requests). diff --git a/defaults/main.yml b/defaults/main.yml index 6944529..a5858b6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,5 +4,5 @@ # This file also serves as a documentation for such a variables. # Examples of role input variables: -template_foo: foo -template_bar: true +aide_foo: foo +aide_bar: true diff --git a/examples/simple.yml b/examples/simple.yml index 4f1456e..10359eb 100644 --- a/examples/simple.yml +++ b/examples/simple.yml @@ -1,9 +1,9 @@ # SPDX-License-Identifier: MIT --- -- name: Example template role invocation +- name: Example aide role invocation hosts: all vars: - template_foo: example variable value - template_bar: false + aide_foo: example variable value + aide_bar: false roles: - - linux-system-roles.template + - linux-system-roles.aide diff --git a/handlers/main.yml b/handlers/main.yml index 726022e..9822dcd 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ # SPDX-License-Identifier: MIT --- -- name: Handler for template to restart services +- name: Handler for aide to restart services service: name: "{{ item }}" state: restarted - loop: "{{ __template_services }}" + loop: "{{ __aide_services }}" diff --git a/tasks/main.yml b/tasks/main.yml index 6eb72a5..e756be5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -6,9 +6,9 @@ # Examples of some tasks: - name: Ensure required packages are installed package: - name: "{{ __template_packages }}" + name: "{{ __aide_packages }}" state: present - use: "{{ (__template_is_ostree | d(false)) | + use: "{{ (__aide_is_ostree | d(false)) | ternary('ansible.posix.rhel_rpm_ostree', omit) }}" - name: Ensure required services are enabled and started @@ -16,12 +16,12 @@ name: "{{ item }}" state: started enabled: true - loop: "{{ __template_services }}" + loop: "{{ __aide_services }}" -- name: Generate /etc/{{ __template_foo_config }} +- name: Generate /etc/{{ __aide_foo_config }} template: - src: "{{ __template_foo_config }}.j2" - dest: /etc/{{ __template_foo_config }} + src: "{{ __aide_foo_config }}.j2" + dest: /etc/{{ __aide_foo_config }} backup: true mode: "0400" - notify: Handler for template to restart services + notify: Handler for aide to restart services diff --git a/tests/roles/linux-system-roles.template/defaults b/tests/roles/linux-system-roles.aide/defaults similarity index 100% rename from tests/roles/linux-system-roles.template/defaults rename to tests/roles/linux-system-roles.aide/defaults diff --git a/tests/roles/linux-system-roles.template/handlers b/tests/roles/linux-system-roles.aide/handlers similarity index 100% rename from tests/roles/linux-system-roles.template/handlers rename to tests/roles/linux-system-roles.aide/handlers diff --git a/tests/roles/linux-system-roles.template/meta b/tests/roles/linux-system-roles.aide/meta similarity index 100% rename from tests/roles/linux-system-roles.template/meta rename to tests/roles/linux-system-roles.aide/meta diff --git a/tests/roles/linux-system-roles.template/tasks b/tests/roles/linux-system-roles.aide/tasks similarity index 100% rename from tests/roles/linux-system-roles.template/tasks rename to tests/roles/linux-system-roles.aide/tasks diff --git a/tests/roles/linux-system-roles.template/templates b/tests/roles/linux-system-roles.aide/templates similarity index 100% rename from tests/roles/linux-system-roles.template/templates rename to tests/roles/linux-system-roles.aide/templates diff --git a/tests/roles/linux-system-roles.template/vars b/tests/roles/linux-system-roles.aide/vars similarity index 100% rename from tests/roles/linux-system-roles.template/vars rename to tests/roles/linux-system-roles.aide/vars diff --git a/tests/setup-snapshot.yml b/tests/setup-snapshot.yml index a7704df..8611bf1 100644 --- a/tests/setup-snapshot.yml +++ b/tests/setup-snapshot.yml @@ -4,11 +4,11 @@ tasks: - name: Set platform/version specific variables include_role: - name: linux-system-roles.template + name: linux-system-roles.aide tasks_from: set_vars.yml public: true - name: Install test packages package: - name: "{{ __template_packages }}" + name: "{{ __aide_packages }}" state: present diff --git a/tests/tests_default.yml b/tests/tests_default.yml index 4457422..b82e8f2 100644 --- a/tests/tests_default.yml +++ b/tests/tests_default.yml @@ -4,10 +4,10 @@ hosts: all gather_facts: false # test that role works in this case roles: - - linux-system-roles.template + - linux-system-roles.aide tasks: - name: Check header for ansible_managed, fingerprint include_tasks: tasks/check_header.yml vars: __file: /etc/foo.conf - __fingerprint: system_role:template + __fingerprint: system_role:aide diff --git a/tests/tests_include_vars_from_parent.yml b/tests/tests_include_vars_from_parent.yml index fc795dd..26e39ee 100644 --- a/tests/tests_include_vars_from_parent.yml +++ b/tests/tests_include_vars_from_parent.yml @@ -44,7 +44,7 @@ import_role: name: caller vars: - roletoinclude: linux-system-roles.template + roletoinclude: linux-system-roles.aide - name: Cleanup file: diff --git a/tests/vars/rh_distros_vars.yml b/tests/vars/rh_distros_vars.yml new file mode 100644 index 0000000..72a891a --- /dev/null +++ b/tests/vars/rh_distros_vars.yml @@ -0,0 +1,20 @@ +# vars for handling conditionals for RedHat and clones +# DO NOT EDIT - file is auto-generated +# repo is https://github.com/linux-system-roles/.github +# file is playbooks/templates/tests/vars/rh_distros_vars.yml +--- +# Ansible distribution identifiers that the role treats like RHEL +__aide_rh_distros: + - AlmaLinux + - CentOS + - RedHat + - Rocky + +# Same as above but includes Fedora +__aide_rh_distros_fedora: "{{ __aide_rh_distros + ['Fedora'] }}" + +# Use this in conditionals to check if distro is Red Hat or clone +__aide_is_rh_distro: "{{ ansible_distribution in __aide_rh_distros }}" + +# Use this in conditionals to check if distro is Red Hat or clone, or Fedora +__aide_is_rh_distro_fedora: "{{ ansible_distribution in __aide_rh_distros_fedora }}" diff --git a/vars/AlmaLinux_10.yml b/vars/AlmaLinux_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/AlmaLinux_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/AlmaLinux_8.yml b/vars/AlmaLinux_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/AlmaLinux_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/AlmaLinux_9.yml b/vars/AlmaLinux_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/AlmaLinux_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/CentOS_10.yml b/vars/CentOS_10.yml deleted file mode 100644 index 7331ad9..0000000 --- a/vars/CentOS_10.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 10 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_10.yml b/vars/CentOS_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/CentOS_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/CentOS_7.yml b/vars/CentOS_7.yml deleted file mode 100644 index 24448bc..0000000 --- a/vars/CentOS_7.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 7 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_7.yml b/vars/CentOS_7.yml new file mode 120000 index 0000000..105e630 --- /dev/null +++ b/vars/CentOS_7.yml @@ -0,0 +1 @@ +RedHat_7.yml \ No newline at end of file diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml deleted file mode 100644 index 0fb6af8..0000000 --- a/vars/CentOS_8.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 8 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/CentOS_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml deleted file mode 100644 index 7c25b3c..0000000 --- a/vars/CentOS_9.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with CentOS 9 specific values. - -# Example: -__template_packages: [] -__template_services: [] diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/CentOS_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/Rocky_10.yml b/vars/Rocky_10.yml new file mode 120000 index 0000000..f830d5f --- /dev/null +++ b/vars/Rocky_10.yml @@ -0,0 +1 @@ +RedHat_10.yml \ No newline at end of file diff --git a/vars/Rocky_8.yml b/vars/Rocky_8.yml new file mode 120000 index 0000000..ad7713d --- /dev/null +++ b/vars/Rocky_8.yml @@ -0,0 +1 @@ +RedHat_8.yml \ No newline at end of file diff --git a/vars/Rocky_9.yml b/vars/Rocky_9.yml new file mode 120000 index 0000000..0eb3795 --- /dev/null +++ b/vars/Rocky_9.yml @@ -0,0 +1 @@ +RedHat_9.yml \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index 24f178c..3c51452 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -5,11 +5,11 @@ # value in a platform/version specific file in vars/ # Examples of non-distribution specific (generic) internal variables: -__template_foo_config: foo.conf -__template_packages: [] -__template_services: [] +__aide_foo_config: foo.conf +__aide_packages: [] +__aide_services: [] # ansible_facts required by the role -__template_required_facts: +__aide_required_facts: - distribution - distribution_major_version - distribution_version @@ -17,5 +17,23 @@ __template_required_facts: # the subsets of ansible_facts that need to be gathered in case any of the # facts in required_facts is missing; see the documentation of # the 'gather_subset' parameter of the 'setup' module -__template_required_facts_subsets: "{{ ['!all', '!min'] + - __template_required_facts }}" +__aide_required_facts_subsets: "{{ ['!all', '!min'] + + __aide_required_facts }}" + +# BEGIN - DO NOT EDIT THIS BLOCK - rh distros variables +# Ansible distribution identifiers that the role treats like RHEL +__aide_rh_distros: + - AlmaLinux + - CentOS + - RedHat + - Rocky + +# Same as above but includes Fedora +__aide_rh_distros_fedora: "{{ __aide_rh_distros + ['Fedora'] }}" + +# Use this in conditionals to check if distro is Red Hat or clone +__aide_is_rh_distro: "{{ ansible_distribution in __aide_rh_distros }}" + +# Use this in conditionals to check if distro is Red Hat or clone, or Fedora +__aide_is_rh_distro_fedora: "{{ ansible_distribution in __aide_rh_distros_fedora }}" +# END - DO NOT EDIT THIS BLOCK - rh distros variables