debops · drybjed · Nov 13, 2015 · Nov 13, 2015 · Nov 13, 2015 · Nov 13, 2015
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -26,6 +26,18 @@ v0.2.8
 - Add ``debops.dhparam`` role, included in the ``common.yml`` playbook by
   default. [drybjed]
 
+- Redesign common playbooks to only work with hosts that are in
+  ``[debops_all_hosts]`` inventory group. This should improve support for
+  non-DebOps managed hosts in Ansible inventory, but it requires modification
+  of existing inventories. [drybjed]
+
+- Add ``debops.sshd`` configuration variables to ``debops.apt_preferences``,
+  ``debops.ferm`` and ``debops.tcpwrappers`` configuration in common playbook.
+  [drybjed]
+
+- Add set of common "service" playbooks that invoke Ansible roles that are used
+  on all hosts. [drybjed]
+
 v0.2.7
 ------
 

diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
@@ -30,7 +30,7 @@
 
 
 - name: Bootstrap host for Ansible management
-  hosts: 'all:!localhost'
+  hosts: 'debops_all_hosts'
   gather_facts: False
 
   roles:

diff --git a/playbooks/common.yml b/playbooks/common.yml
@@ -3,13 +3,15 @@
 - include: core.yml
 
 - name: Common configuration for all hosts
-  hosts: 'all:!localhost:!debops_no_common'
+  hosts: 'debops_all_hosts:!debops_no_common'
   gather_facts: True
   become: True
 
   roles:
     - role: debops.apt_preferences
       tags: [ 'apt_preferences', 'role::apt_preferences' ]
+      apt_preferences_dependent_list:
+        - '{{ sshd_apt_preferences_dependent_list | d([]) }}'
 
     - role: debops.etc_services
       tags: [ 'etc_services', 'role::etc_services' ]
@@ -31,9 +33,13 @@
 
     - role: debops.ferm
       tags: [ 'ferm', 'role::ferm' ]
+      ferm_dependent_rules:
+        - '{{ (sshd_ferm_dependent_rules | d([])) }}'
 
     - role: debops.tcpwrappers
       tags: [ 'tcpwrappers', 'role::tcpwrappers' ]
+      tcpwrappers_dependent_allow:
+        - '{{ sshd_tcpwrappers_dependent_allow | d([]) }}'
 
     - role: debops.ntp
       tags: [ 'ntp', 'role::ntp' ]

diff --git a/playbooks/core.yml b/playbooks/core.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Prepare core environment
-  hosts: 'all:!localhost'
+  hosts: 'debops_all_hosts'
   become: False
 
   roles:

diff --git a/playbooks/service/apt_preferences.yml b/playbooks/service/apt_preferences.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage APT preferences
+  hosts: 'debops_all_hosts:debops_service_apt_preferences'
+  become: True
+
+  roles:
+
+    - role: debops.apt_preferences
+      tags: [ 'role::apt_preferences' ]
+
diff --git a/playbooks/service/atd.yml b/playbooks/service/atd.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage at service
+  hosts: 'debops_all_hosts:debops_service_atd'
+  become: True
+
+  roles:
+
+    - role: debops.atd
+      tags: [ 'role::atd' ]
+
diff --git a/playbooks/service/dhparam.yml b/playbooks/service/dhparam.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage Diffie-Hellman parameters
+  hosts: 'debops_all_hosts:debops_service_dhparam'
+  become: True
+
+  roles:
+
+    - role: debops.dhparam
+      tags: [ 'role::dhparam' ]
+
diff --git a/playbooks/service/directories.yml b/playbooks/service/directories.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage custom directories
+  hosts: 'debops_all_hosts:debops_service_directories'
+  become: True
+
+  roles:
+
+    - role: debops.directories
+      tags: [ 'role::directories' ]
+
diff --git a/playbooks/service/etc_services.yml b/playbooks/service/etc_services.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage service database
+  hosts: 'debops_all_hosts:debops_service_etc_services'
+  become: True
+
+  roles:
+
+    - role: debops.etc_services
+      tags: [ 'role::etc_services' ]
+
diff --git a/playbooks/service/ferm.yml b/playbooks/service/ferm.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage firewall using ferm
+  hosts: 'debops_all_hosts:debops_service_ferm'
+  become: True
+
+  roles:
+
+    - role: debops.ferm
+      tags: [ 'role::ferm' ]
+
diff --git a/playbooks/service/ifupdown.yml b/playbooks/service/ifupdown.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage network configuration
+  hosts: 'debops_all_hosts:debops_service_ifupdown'
+  become: True
+
+  roles:
+
+    - role: debops.ifupdown
+      tags: [ 'role::ifupdown' ]
+
diff --git a/playbooks/service/pki.yml b/playbooks/service/pki.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage Public Key Infrastructure
+  hosts: 'debops_all_hosts:debops_service_pki'
+  become: True
+
+  roles:
+
+    - role: debops.pki
+      tags: [ 'role::pki' ]
+
diff --git a/playbooks/service/rsyslog.yml b/playbooks/service/rsyslog.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage rsyslog
+  hosts: 'debops_all_hosts:debops_service_rsyslog'
+  become: True
+
+  roles:
+
+    - role: debops.rsyslog
+      tags: [ 'role::rsyslog' ]
+
diff --git a/playbooks/service/sshd.yml b/playbooks/service/sshd.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Manage OpenSSH Server
+  hosts: 'debops_all_hosts:debops_service_sshd'
+  become: True
+
+  roles:
+
+    - role: debops.apt_preferences
+      tags: [ 'role::apt_preferences' ]
+      apt_preferences_dependent_list:
+        - '{{ sshd_apt_preferences_dependent_list | d([]) }}'
+
+    - role: debops.ferm
+      tags: [ 'role::ferm' ]
+      ferm_dependent_rules:
+        - '{{ sshd_ferm_dependent_rules | d([]) }}'
+
+    - role: debops.tcpwrappers
+      tags: [ 'role::tcpwrappers' ]
+      tcpwrappers_dependent_allow:
+        - '{{ sshd_tcpwrappers_dependent_allow | d([]) }}'
+
+    - role: debops.sshd
+      tags: [ 'role::sshd' ]
+
diff --git a/playbooks/service/sshkeys.yml b/playbooks/service/sshkeys.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage system-wide SSH keys
+  hosts: 'debops_all_hosts:debops_service_sshkeys'
+  become: True
+
+  roles:
+
+    - role: debops.sshkeys
+      tags: [ 'role::sshkeys' ]
+
diff --git a/playbooks/service/tcpwrappers.yml b/playbooks/service/tcpwrappers.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage TCP Wrappers
+  hosts: 'debops_all_hosts:debops_service_tcpwrappers'
+  become: True
+
+  roles:
+
+    - role: debops.tcpwrappers
+      tags: [ 'role::tcpwrappers' ]
+
diff --git a/playbooks/service/users.yml b/playbooks/service/users.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Manage local users and groups
+  hosts: 'debops_all_hosts:debops_service_users'
+  become: True
+
+  roles:
+
+    - role: debops.users
+      tags: [ 'role::users' ]
+