Ansible roles

These Ansible roles are simple in style and work well together on many distributions and many Ansible version.

Integration tests

A weekly test to verify if roles work well together.

Build Status ARA report.

Unit tests

A monthly test to see of the role still works on the current distributions. Some roles contain a version that requires frequent tests.

#Role nameBuild statusVersion
1alternatives
2anaconda
3ansible
4ansible_lint
5apt_autostart
6ara
7artifactory
8at
9atom
10awx
11backup
12bios_update
13bootstrap
14buildtools
15ca
16cargo
17clamav
18cloud9
19cntlm
20common
21cron
22dhcpd
23digitalocean-agent
24dns
25docker
26docker-ce
27dovecot
28environment
29epel
30etherpad
31firewall
32fail2ban
33git
34gitlab_runner
35glusterfs
36go
37gotop
38haproxy
39haveged
40httpd
41investigate
42irslackd
43java
44jenkins
45kernel
46logrotate
47logwatch
48locale
49lynis
50mediawiki
51memcached
52mitogen
53molecule
54mssql
55mysql
56natrouter
57nginx
58npm
59ntp
60openssh
61openvas
62owncloud
63packer
64php
65php_fpm
66phpmyadmin
67postfix
68powertop
69python_pip
70reboot
71redis
72release
73restore
74revealmd
75roundcubemail
76rsyslog
77ruby
78rundeck
79scl
80selinux
81service
82skeletonnot tested
83snort
84sosreport
85spamassassin
86squid
87storage
88stratis
89sudo-pair
90sysstat
91terraform
92tftpd
93tomcat
94travis
95update
96users
97vagrant
98xinetd
99y
100zabbix
101zabbix_repository
102zabbix_server
103zabbix_agent
104zabbix_proxy
105zabbix_web

Dependencies

Most roles have a “soft dependency” described in requirements.yml. You can choose to use those roles if you like them. Here is an overview of these soft dependencies.

Overview of dependencies

The dependencies are soft for these reasons:

Because these dependecies are loose, you have to include them in your playbook yourself:

- name: make the best machine ever
  hosts: all
  become: yes

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.java
    - role: robertdebock.tomcat

Some roles have a hard dependecies” on another role, mainy for a shared handler or variables set in the parent role, used in the child role. More details on how to use these roles. These hard dependencies are describe in meta/main.yml under dependencies.

Role Depends on Reason
ca httpd inherited variable
common reboot A reboot is used in tasks/main.yml with include_role.
openvas selinux SELinux is configured in tasks/main.yml with include_role.
openvpn ca OpenSSL keys are created in tasks/main.yml with include_role.
php httpd handler
phpmyadmin httpd handler
roundcubemail httpd handler
selinux reboot A reboot is used in tasks/main.yml with include_role.
spamassassin rsyslog handler
tftpd xinetd handler
update reboot A reboot is used in tasks/main.yml with include_role.
zabbix httpd handler & inherited variable

Here is an overview of the hard dependencies:

Overview of hard dependencies

Tests

Unit tests and integration tests are use to verify the quality of the roles, read more about testing

Distributions

The goal is to let all Ansible roles work on as many distributions as possible, but this is sometimes not possible. For each distribution, the current and previous release is tested. A role may work on diferent distributions, like Red Hat Enterprise Linux (RHEL), but it’s not tested against it. By default these Linux distributions are included in the tests:

Distribution Version(s)
Archlinux latest
Alpine latest & edge*
CentOS 6 & latest
Debian stable, latest & unstable*
Fedora latest & rawhide*
OpenSUSE leap & tumbleweed
Ubuntu 17 (artful), latest, devel*

Exceptions in distributions

Some Ansible roles do not work on all distributions. This table lists why.

Ansible role Excepted Linux distribution(s) Reasoning
ara CentOS 6 Depends on Ansible role python_pip.
awx CentOS 6 Depends on Ansible role python_pip.
cargo Alpine & CentOS 6 Weird error & rust is too old.
cloud9 Alpine npm: exec: line 2: /home/cloud9/.c9/node/bin/node: not found.
cloud9 ArchLinux, CentOS 6 Python version 2.7 is required to install pty.js..
cloud9 OpenSUSE configure: error: "curses not found".
digitalocean-agent Alpine, ArchLinux, OpenSUSE Not supported by DigitalOcean.
digitalocean-agent Debian, Ubuntu Package attempts to start service which is not possible in Docker.
docker CentOS 6 Depends on Ansible role python_pip.
docker_ce Many Docker CE has limited support for distributions.
glusterfs Alpine GlusterFS is not available.
httpd CentOS 6 the SNI (Subject Name Indication) extension to TLS is not available on this platform.
mitogen CentOS 6 Depends on Ansible role python_pip.
mssql Alpine, ArchLinux, CentOS 6, Debian, Fedora, OpenSUSE Tumbleweed & Ubuntu latest Not supported by Microsoft.
npm OpenSUSE Tumbleweed No JSON object could be decoded.
openvas Archlinux, CentOS 6 Depends on Ansible role python_pip and selinux.
owncloud CentOS 6 Depends on Ansible role python_pip.
php CentOS 6 Depends on Ansible role httpd.
phpmyadmin CentOS 6 Depends on Ansible role httpd.
phpmyadmin Alpine There is no MySQL, only mariadb.
python_pip CentOS 6 No package matching 'python-pip' found available.
redis CentOS 6 Depends on Ansible role python_pip.
revealmd OpenSUSE Tumbleweed No JSON object could be decoded.
roundcubemail CentOS 6 Depends on Ansible role httpd.
rsyslog ArchLinux Package is only available in AUR.
selinux ArchLinux Package is only available in AUR.
spamassassin Archlinux Depends on Ansible role rsyslog.
sudo_pair Alpine & CentOS 6 Depends on Ansible role cargo.
tftpd Alpine Depends on Ansible role xinetd.
tftpd Archlinux The package tftpd is not available.
xinetd Alpine The package xinetd is not available.
zabbix ArchLinux, Alpine, Debian, Fedora & OpenSUSE Zabbix has limited OS support.

Ansible version

The goal is to let all roles work on these Ansible version:

See errors? Please help and make a merge request on git.