From 17651158da5b7fd882d969c0bd388a30f828a90a Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 5 Jul 2024 17:01:05 +0200 Subject: [PATCH] Update to 2024-07-05 17:01 --- roles/common/defaults/main.yml | 4 +++- roles/gitea/defaults/main.yml | 4 ++-- roles/glpi/defaults/main.yml | 10 +++++----- roles/vault_agent/defaults/main/main.yml | 7 ++++++- roles/vault_agent/tasks/conf.yml | 6 ++++++ roles/vault_agent/tasks/directories.yml | 2 ++ roles/vault_agent/templates/vault-agent.hcl.j2 | 2 ++ 7 files changed, 26 insertions(+), 9 deletions(-) diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index bb782cb..4065ea1 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -60,7 +60,9 @@ sebool: [] # persistent: True system_swappiness: 10 -system_sysctl: {} +system_sysctl: + # Prevent poluting the console with kernel messages on EL9 + kernel.printk: 4 4 1 7 # system_sysctl: # vm.vfs_cache_pressure: 500 # vm.dirty_ratio: 10 diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 1ca4a72..471e9b1 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version to install -gitea_version: '1.22.0' +gitea_version: '1.22.1' # URL to the binary gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64 # sha256 of the binary -gitea_bin_sha256: a31086f073cb9592d28611394b2de3655db515d961e4fdcf5b549cb40753ef3d +gitea_bin_sha256: b8043324545eec269fc8f18c22b49fc365ed367e0dd41e081b79832de2570f9c # Handle updates. If set to false, ansible will only install # Gitea and then won't touch an existing installation gitea_manage_upgrade: True diff --git a/roles/glpi/defaults/main.yml b/roles/glpi/defaults/main.yml index 7cb70ed..ddad531 100644 --- a/roles/glpi/defaults/main.yml +++ b/roles/glpi/defaults/main.yml @@ -2,9 +2,9 @@ glpi_id: 1 glpi_manage_upgrade: True -glpi_version: '10.0.15' +glpi_version: '10.0.16' glpi_archive_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz -glpi_archive_sha256: 8ce94c1403c1143a5b503f18f7b7b9a5d29e83489fc81cc7287b719df0b97236 +glpi_archive_sha256: 2c49ea2104c6a107999b28160aa3283ed23b59fb0ba7f3899f1e388830365ce0 glpi_root_dir: /opt/glpi_{{ glpi_id }} glpi_php_user: php-glpi_{{ glpi_id }} # If set, will use the following custom PHP FPM pool, which must be created @@ -51,9 +51,9 @@ glpi_plugins: sha256: e45568c2628c1e7bf65b8d5d62b1e54c03b2c870c4d424aa10e711bfa4b0b520 url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.6/glpi-mreporting-1.8.6.tar.bz2 fields: - version: 1.21.8 - sha256: 724293351194336b836d9651d5633d8aa3c6e726dcfcba478ed160e04f505d8a - url: https://github.com/pluginsGLPI/fields/releases/download/1.21.8/glpi-fields-1.21.8.tar.bz2 + version: 1.21.10 + sha256: acef7d52cb3d7467c952833f2cd3f89b5846c39aea2b2efbf0fbe0d7f50a9615 + url: https://github.com/pluginsGLPI/fields/releases/download/1.21.10/glpi-fields-1.21.10.tar.bz2 webapplications: version: 4.0.1 sha256: bbd3a9a01c2bd708af83563ed162ebfa9f56fdd616aaf6f1892e9a36e970ec9d diff --git a/roles/vault_agent/defaults/main/main.yml b/roles/vault_agent/defaults/main/main.yml index bbb7eb6..b4c688a 100644 --- a/roles/vault_agent/defaults/main/main.yml +++ b/roles/vault_agent/defaults/main/main.yml @@ -26,9 +26,14 @@ vault_agent_sinks: [] # List of templates vault_agent_templates: [] # vault_agent_templates: -# # Use only one of source or contents +# # Use only one of source contents or data can be used # - source: /srv/foo.tpl # contents: "{{ with secret \"kv/bar\" }}{{.Data.data.baz}}{{ end }}" +# data: | +# [[- with pkiCert "pki/nomad/issue/jenkins" "common_name=jenkins.nomad" ]] +# [[ .Cert ]] +# [[ .Key ]] +# [[- end ]] # destination: /src/foo # left_delimiter = "[[" # right_delimiter = "]]" diff --git a/roles/vault_agent/tasks/conf.yml b/roles/vault_agent/tasks/conf.yml index f9af859..518ef5c 100644 --- a/roles/vault_agent/tasks/conf.yml +++ b/roles/vault_agent/tasks/conf.yml @@ -31,3 +31,9 @@ notify: restart vault-agent tags: vault,consul,nomad +- name: Deploy templates + copy: content={{ item.data }} dest={{ vault_agent_root_dir }}/templates/ansible/{{ item.destination | regex_replace('/', '_') }} + when: item.data is defined + loop: "{{ vault_agent_templates }}" + notify: restart vault-agent + tags: vault,consul,nomad diff --git a/roles/vault_agent/tasks/directories.yml b/roles/vault_agent/tasks/directories.yml index 04924bd..052f256 100644 --- a/roles/vault_agent/tasks/directories.yml +++ b/roles/vault_agent/tasks/directories.yml @@ -14,5 +14,7 @@ - dir: bin - dir: templates/nomad - dir: templates/consul + - dir: templates/ansible + - dir: templates/custom tags: vault,consul,nomad diff --git a/roles/vault_agent/templates/vault-agent.hcl.j2 b/roles/vault_agent/templates/vault-agent.hcl.j2 index f0d628a..1536a82 100644 --- a/roles/vault_agent/templates/vault-agent.hcl.j2 +++ b/roles/vault_agent/templates/vault-agent.hcl.j2 @@ -51,6 +51,8 @@ template { source = "{{ template.source }}" {% elif template.contents is defined %} contents = "{{ template.contents }}" +{% elif template.data is defined %} + source = "{{ vault_agent_root_dir }}/templates/ansible/{{ template.destination | regex_replace('/', '_') }}" {% endif %} destination = "{{ template.destination }}" {% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}