NAME blog.hoberg.ch - useless things for DevOps DESCRIPTION blog.hoberg.ch is a text mode blog about BSD, Linux and typical DevOP content like Ansible, Puppet etc. running on pyhpblog. OPTIONS [website] [blog] [privacy] [impress] CONTENT - Ansible yum_versionlock module released & merged My new Ansible module 'yum_versionlock' just got pushed and merged. With this module you're able to lock/prevent certain packages from being updated by YUM's or DFN's system package manager or from automated patch integration systems that are based on this. Links: GitHub new module: yum_versionlock #1405 BOTMETA.yml - Ansible with_sequence loop in when condition with zero/0 integer When using Ansible function 'with_sequence' on a task where the end value is zero (0) combained with a when condition it may fail with: to count backwards make stride negative But there may be usecases where you want to evaluate the when condition before the sequence will be and not to fail. So a negative value may still be legit to use for your needs. For example you want to define if some hotfixes (or even no hotfix) should be downloaded you propably would write: - name: Download patch files uri: url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz" with_sequence: start=1 end={{ hotfix_max_patchfile }} when: hotfix_max_patchfile|int > 0 But if 'hotfix_max_patchfile' is zero (0) it will fail. You will also find some solutions like creating a condition for the end value that could look like this: - name: Download patch files uri: url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz" with_sequence: start=1 end={{ hotfix_max_patchfile|int if hotfix_max_patchfile|int > 0 else 1 }} when: hotfix_max_patchfile|int > 0 This will work and set the variable 'hotfix_max_patchfile' to 1 which is no problem in here, because of the defined when condition. The task will be simply skipped - but this won't look that good. A cleaner way would be to outsource the needed tasks in subplaybooks and include them as a non static one. So the included tasks won't be executed and skipped like the usual static way (default). So you could write: main.yml: --- - include: download.yml static: no when: - hotfix_max_patchfile|int > 0 download.yml: --- - name: Download patch files uri: url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz" with_sequence: start=1 end={{ hotfix_max_patchfile }} In that case you won't need any dirty hacks and have a clean way to write your tasks. - Ansible callback module "audit": Logs all Ansible information to CSV file This new Ansible callback module will log meta information to a given CSV file to make sure this can be audited at any time. It will log the date, time, executor (who started the task), limits, extra vars, affected hosts etc. Download(s): GitHub: audit.py, audit.ini - Ansible callback module "msteams": Send messages to Microsoft Teams chat This new Ansible callback module will send start/fin notifications to a desired Microsoft Teams chat channel/room. It will inform the squad about ongoing deployments including who (executor), used playbook, limit, extra vars, affected hosts and duration. Download(s): GitHub: msteams.py, msteams.ini - Linux Kernel 5.0.0-RC1: Precompiled for Debian 9 and CentOS 7 Attached you can find download links for precompiled Linux Kernel images in version 5.0.0-RC1 for: - Debian 9 (as .deb files) - CentOS / RHEL 7 (as .rpm files) This Kernel images are compiled with default config 'yes' and only for x64 systems. Download(s): Debian 9: linux-image-5.0.0-RC1_5.0.0-RC1-1_amd64.deb CentOS 7: kernel-5.0.0-RC1-1.x86_64.rpm - Linux Kernel 4.20: Precompiled for Debian 9 and CentOS 7 Attached you can find download links for precompiled Linux Kernel images in version 4.20 for: - Debian 9 (as .deb files) - CentOS / RHEL 7 (as .rpm files) This Kernel images are compiled with default config 'yes' and only for x64 systems. Download(s): Debian 9: linux-image-4.20.0_4.20.0-1_amd64.deb CentOS 7: kernel-4.20.0-1.x86_64.rpm - Ansible module "move": Moving files/directories across filesystems This new Ansible module adds support to move files or directories across filesystems. Instead of copy and delete it will try to use systems mv action if possible. When moving files across different partitions or filesystems it will fallback to copy und delete source file. This module may be helpfull when moving larger files or having less disk space. Download(s): GitHub: Upstream move.py - Ansible module "freshclam": Update ClamAV signatures from Ansible This new and simple Ansible module allows to update ClamAV signatures from an Ansible task. This may be used after ClamAV packages have been installed to make sure these are up2date. Download(s): GitHub: Upstream freshclam.py - Ansible module "java_cert": Import cert as trust cacert & force update This PR for Ansible module 'java_cert' will add two new features to trust an imported certificate as "trust cacert" and allows an additional option as 'force_update' to force re-importing a cert file. This may be helpfull to handle expired certificates. Download(s): GitHub: Upstream java_cert.py GitHub: Ansible Pull request #37708 - Ansible module "cran": (Un)Install Microsoft R packages This new Ansible module adds support to manage (install/remove) CRAN packages for Microsoft "R". Simple Ansible tasks will make sure to (un)install your desired R package(s) and to return correct task states like "ok", "changed" and "failed". Download(s): GitHub: Upstream cran.py GitHub: Ansible Pull request #42046 - FreeIPA: User password expire notification This script will send emails to FreeIPA users (email is obtained from FreeIPA LDAP directory) when their password is going to expire within a few days. You may configure the days before this mail should be send. For security reason you should avoid to use the DirectoryManager credentials. Download(s): GitHub: Upstream freeipa_password_expire_notification.py - Ansible module "yum_versionlock": (Un)Locks package(s) from being updated by YUM This new Ansible module adds support to prevent packages from being updated by packagemanager YUM. This module may (un)lock one or more packages and will support CentOS, RHEL, etc. Download(s): GitHub: Upstream yum_versionlock.py GitHub: Ansible Pull request #41778 blog.hoberg.ch (C) 2020 [privacy] | [impress]