Ansible roles

These Ansible roles are simple in style and work well together on many distributions and many Ansible version.

Integration tests

A weekly test to verify if roles work well together.

Build Status ARA report.

Unit tests

A monthly test to see of the role still works on the current distributions. Some roles contain a version that requires frequent tests.

#Role nameBuild statusVersion
1anaconda
2ansible
3ansible_lint
4apt_autostart
5ara
6artifactory
7at
8atom
9awx
10backup
11bios_update
12bootstrap
13buildtools
14ca
15cargo
16clamav
17cloud9
18cntlm
19common
20cron
21dhcpd
22digitalocean-agent
23dns
24docker
25docker-ce
26dovecot
27epel
28etherpad
29firewall
30fail2ban
31git
32glusterfs
33go
34gotop
35haproxy
36haveged
37httpd
38investigate
39irslackd
40java
41jenkins
42kernel
43logrotate
44logwatch
45locale
46lynis
47mediawiki
48memcached
49mitogen
50molecule
51mssql
52mysql
53natrouter
54nginx
55npm
56ntp
57openssh
58openvas
59owncloud
60packer
61php
62php_fpm
63phpmyadmin
64postfix
65powertop
66python_pip
67reboot
68redis
69release
70restore
71revealmd
72roundcubemail
73rsyslog
74ruby
75rundeck
76scl
77selinux
78service
79skeletonnot tested
80snort
81sosreport
82spamassassin
83squid
84storage
85sudo-pair
86sysstat
87terraform
88tftpd
89tomcat
90travis
91update
92users
93vagrant
94xinetd
95y
96zabbix
97zabbix_repository
98zabbix_server
99zabbix_agent
100zabbix_proxy
101zabbix_web

Dependencies

Most roles have a “soft dependency” described in requirements.yml. You can choose to use those roles if you like them. Here is an overview of these soft dependencies.

Overview of dependencies

The dependencies are soft for these reasons:

Because these dependecies are loose, you have to include them in your playbook yourself:

- name: make the best machine ever
  hosts: all
  become: yes

  roles:
    - role: robertdebock.bootstrap
    - role: robertdebock.java
    - role: robertdebock.tomcat

Some roles have a hard dependecies” on another role, mainy for a shared handler or variables set in the parent role, used in the child role. More details on how to use these roles. These hard dependencies are describe in meta/main.yml under dependencies.

Role Depends on Reason
ca httpd inherited variable
common reboot A reboot is used in tasks/main.yml with include_role.
openvas selinux SELinux is configured in tasks/main.yml with include_role.
openvpn ca OpenSSL keys are created in tasks/main.yml with include_role.
php httpd handler
phpmyadmin httpd handler
roundcubemail httpd handler
selinux reboot A reboot is used in tasks/main.yml with include_role.
spamassassin rsyslog handler
tftpd xinetd handler
update reboot A reboot is used in tasks/main.yml with include_role.
zabbix httpd handler & inherited variable

Here is an overview of the hard dependencies:

Overview of hard dependencies

Tests

Unit tests and integration tests are use to verify the quality of the roles, read more about testing

Distributions

The goal is to let all Ansible roles work on as many distributions as possible, but this is sometimes not possible. For each distribution, the current and previous release is tested. A role may work on diferent distributions, like Red Hat Enterprise Linux (RHEL), but it’s not tested against it. By default these Linux distributions are included in the tests:

Distribution Version(s)
Archlinux latest
Alpine latest & edge*
CentOS 6 & latest
Debian stable, latest & unstable*
Fedora latest & rawhide*
OpenSUSE leap & tumbleweed
Ubuntu 17 (artful), latest, devel*

Exceptions in distributions

Some Ansible roles do not work on all distributions. This table lists why.

Ansible role Excepted Linux distribution(s) Reasoning
ara CentOS 6 Depends on Ansible role python_pip.
awx CentOS 6 Depends on Ansible role python_pip.
cargo Alpine & CentOS 6 Weird error & rust is too old.
cloud9 Alpine npm: exec: line 2: /home/cloud9/.c9/node/bin/node: not found.
cloud9 ArchLinux, CentOS 6 Python version 2.7 is required to install pty.js..
cloud9 OpenSUSE configure: error: "curses not found".
digitalocean-agent Alpine, ArchLinux, OpenSUSE Not supported by DigitalOcean.
digitalocean-agent Debian, Ubuntu Package attempts to start service which is not possible in Docker.
docker CentOS 6 Depends on Ansible role python_pip.
docker_ce Many Docker CE has limited support for distributions.
glusterfs Alpine GlusterFS is not available.
httpd CentOS 6 the SNI (Subject Name Indication) extension to TLS is not available on this platform.
mitogen CentOS 6 Depends on Ansible role python_pip.
mssql Alpine, ArchLinux, CentOS 6, Debian, Fedora, OpenSUSE Tumbleweed & Ubuntu latest Not supported by Microsoft.
npm OpenSUSE Tumbleweed No JSON object could be decoded.
openvas Archlinux, CentOS 6 Depends on Ansible role python_pip and selinux.
owncloud CentOS 6 Depends on Ansible role python_pip.
php CentOS 6 Depends on Ansible role httpd.
phpmyadmin CentOS 6 Depends on Ansible role httpd.
phpmyadmin Alpine There is no MySQL, only mariadb.
python_pip CentOS 6 No package matching 'python-pip' found available.
redis CentOS 6 Depends on Ansible role python_pip.
revealmd OpenSUSE Tumbleweed No JSON object could be decoded.
roundcubemail CentOS 6 Depends on Ansible role httpd.
rsyslog ArchLinux Package is only available in AUR.
selinux ArchLinux Package is only available in AUR.
spamassassin Archlinux Depends on Ansible role rsyslog.
sudo_pair Alpine & CentOS 6 Depends on Ansible role cargo.
tftpd Alpine Depends on Ansible role xinetd.
tftpd Archlinux The package tftpd is not available.
xinetd Alpine The package xinetd is not available.
zabbix ArchLinux, Alpine, Debian, Fedora & OpenSUSE Zabbix has limited OS support.

Ansible version

The goal is to let all roles work on these Ansible version:

See errors? Please help and make a merge request on git.