Fix a bunch of places that didn't use the full correct mode
This commit is contained in:
Kevin Fenzi
parent
1c6e9a11f4
commit
42afc9a637
7 changed files with 25 additions and 25 deletions
|
|
@ -17,7 +17,7 @@
|
||||||
- ansible-server
|
- ansible-server
|
||||||
|
|
||||||
- name: installing the phx2 dns check script
|
- name: installing the phx2 dns check script
|
||||||
copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=755
|
copy: src=dns_check.py dest=/usr/local/bin/dns_check owner=root mode=0755
|
||||||
tags:
|
tags:
|
||||||
- ansible-server
|
- ansible-server
|
||||||
#
|
#
|
||||||
|
|
|
||||||
|
|
@ -57,7 +57,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: copy ifcfg files - non virthost
|
- name: copy ifcfg files - non virthost
|
||||||
template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=644
|
template: src=ifcfg.j2 dest=/etc/sysconfig/network-scripts/ifcfg-{{item}} mode=0644
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ ansible_interfaces }}"
|
- "{{ ansible_interfaces }}"
|
||||||
notify:
|
notify:
|
||||||
|
|
@ -92,7 +92,7 @@
|
||||||
hostname: name="{{inventory_hostname}}"
|
hostname: name="{{inventory_hostname}}"
|
||||||
|
|
||||||
- name: sshd_config
|
- name: sshd_config
|
||||||
copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
|
copy: src={{ item }} dest=/etc/ssh/sshd_config mode=0600
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- "{{ sshd_config }}"
|
- "{{ sshd_config }}"
|
||||||
- ssh/sshd_config.{{ inventory_hostname }}
|
- ssh/sshd_config.{{ inventory_hostname }}
|
||||||
|
|
@ -185,7 +185,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: iptables
|
- name: iptables
|
||||||
template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 validate="/sbin/iptables-restore --text %s"
|
template: src={{ item }} dest=/etc/sysconfig/iptables mode=0600 validate="/sbin/iptables-restore --text %s"
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- iptables/iptables.{{ datacenter }}
|
- iptables/iptables.{{ datacenter }}
|
||||||
- iptables/iptables.{{ inventory_hostname }}
|
- iptables/iptables.{{ inventory_hostname }}
|
||||||
|
|
@ -209,7 +209,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: ip6tables
|
- name: ip6tables
|
||||||
template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=600 backup=yes
|
template: src={{ item }} dest=/etc/sysconfig/ip6tables mode=0600 backup=yes
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- iptables/ip6tables.{{ datacenter }}
|
- iptables/ip6tables.{{ datacenter }}
|
||||||
- iptables/ip6tables.{{ inventory_hostname }}
|
- iptables/ip6tables.{{ inventory_hostname }}
|
||||||
|
|
@ -244,7 +244,7 @@
|
||||||
- flush journald tmpfiles to persistent store
|
- flush journald tmpfiles to persistent store
|
||||||
|
|
||||||
- name: rsyslog.conf
|
- name: rsyslog.conf
|
||||||
copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
|
copy: src={{ item }} dest=/etc/rsyslog.conf mode=0644
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- rsyslog/rsyslog.conf.{{ inventory_hostname }}
|
- rsyslog/rsyslog.conf.{{ inventory_hostname }}
|
||||||
- rsyslog/rsyslog.conf.{{ dist_tag }}
|
- rsyslog/rsyslog.conf.{{ dist_tag }}
|
||||||
|
|
@ -257,7 +257,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: rsyslog log rotate for rsyslog servers
|
- name: rsyslog log rotate for rsyslog servers
|
||||||
copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=644
|
copy: src=rsyslog/merged-rsyslog dest=/etc/logrotate.d/merged-rsyslog mode=0644
|
||||||
when: inventory_hostname.startswith('log')
|
when: inventory_hostname.startswith('log')
|
||||||
notify:
|
notify:
|
||||||
- restart rsyslog
|
- restart rsyslog
|
||||||
|
|
@ -278,7 +278,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: log everything to log01 except on mirrorlist, do not log local4 there.
|
- name: log everything to log01 except on mirrorlist, do not log local4 there.
|
||||||
copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
|
copy: src=rsyslog/rsyslog-log01 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644
|
||||||
when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins'))
|
when: not inventory_hostname.startswith(('mirrorlist','copr','jenkins'))
|
||||||
tags:
|
tags:
|
||||||
- rsyslogd
|
- rsyslogd
|
||||||
|
|
@ -286,7 +286,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: log everything to log01 except on mirrorlist, do log local4 there.
|
- name: log everything to log01 except on mirrorlist, do log local4 there.
|
||||||
copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=644
|
copy: src=rsyslog/rsyslog-log01-nolocal4 dest=/etc/rsyslog.d/rsyslog-log01.conf mode=0644
|
||||||
when: inventory_hostname.startswith('mirrorlist')
|
when: inventory_hostname.startswith('mirrorlist')
|
||||||
tags:
|
tags:
|
||||||
- rsyslogd
|
- rsyslogd
|
||||||
|
|
@ -311,7 +311,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: install a sync httpd logs cron script only on log01
|
- name: install a sync httpd logs cron script only on log01
|
||||||
copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=755
|
copy: src=syncHttpLogs.sh dest=/etc/cron.daily/syncHttpLogs.sh mode=0755
|
||||||
when: inventory_hostname.startswith('log01')
|
when: inventory_hostname.startswith('log01')
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
@ -349,7 +349,7 @@
|
||||||
dest="/etc/profile.d/setstgps1.sh"
|
dest="/etc/profile.d/setstgps1.sh"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
when: env == 'staging'
|
when: env == 'staging'
|
||||||
tags:
|
tags:
|
||||||
- base
|
- base
|
||||||
|
|
@ -364,7 +364,7 @@
|
||||||
dest="/etc/profile.d/setprodps1.sh"
|
dest="/etc/profile.d/setprodps1.sh"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
when: env == 'production'
|
when: env == 'production'
|
||||||
tags:
|
tags:
|
||||||
- base
|
- base
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: watchdog device configuration
|
- name: watchdog device configuration
|
||||||
copy: src=watchdog.conf dest=/etc/watchdog.conf owner=root group=root mode=644
|
copy: src=watchdog.conf dest=/etc/watchdog.conf owner=root group=root mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- watchdog
|
- watchdog
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
- name: create /srv/web/pub for nfs mounts
|
- name: create /srv/web/pub for nfs mounts
|
||||||
file: dest=/srv/web/pub state=directory mode=755
|
file: dest=/srv/web/pub state=directory mode=0755
|
||||||
tags:
|
tags:
|
||||||
- batcave
|
- batcave
|
||||||
- config
|
- config
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@
|
||||||
# setup /etc/nsswitch.conf to use nssdb
|
# setup /etc/nsswitch.conf to use nssdb
|
||||||
#
|
#
|
||||||
- name: setup /etc/nsswitch.conf for client use
|
- name: setup /etc/nsswitch.conf for client use
|
||||||
copy: src=nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=644
|
copy: src=nsswitch.conf dest=/etc/nsswitch.conf owner=root mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- fas_client
|
- fas_client
|
||||||
|
|
@ -48,7 +48,7 @@
|
||||||
# Currently the default template is used, but could be modified on a host basis.
|
# Currently the default template is used, but could be modified on a host basis.
|
||||||
#
|
#
|
||||||
- name: setup /etc/fas.conf for client use
|
- name: setup /etc/fas.conf for client use
|
||||||
template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
|
template: src={{ item }} dest=/etc/fas.conf owner=root mode=0600
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- ../templates/{{ inventory_hostname }}.fas.conf.j2
|
- ../templates/{{ inventory_hostname }}.fas.conf.j2
|
||||||
- ../templates/{{ ansible_hostname }}.fas.conf.j2
|
- ../templates/{{ ansible_hostname }}.fas.conf.j2
|
||||||
|
|
@ -70,20 +70,20 @@
|
||||||
# - config
|
# - config
|
||||||
|
|
||||||
- name: fas_client cron job
|
- name: fas_client cron job
|
||||||
copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=644
|
copy: src=fas-client.cron dest=/etc/cron.d/fas-client owner=root mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- fas_client
|
- fas_client
|
||||||
|
|
||||||
- name: fas_client_aliases cron job
|
- name: fas_client_aliases cron job
|
||||||
copy: src=fas-client-aliases.cron dest=/etc/cron.d/fas-client-aliases owner=root mode=644
|
copy: src=fas-client-aliases.cron dest=/etc/cron.d/fas-client-aliases owner=root mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- fas_client
|
- fas_client
|
||||||
when: fas_aliases is defined
|
when: fas_aliases is defined
|
||||||
|
|
||||||
- name: fas_client_aliases template
|
- name: fas_client_aliases template
|
||||||
copy: src=aliases.template dest=/etc/aliases.template owner=root mode=644
|
copy: src=aliases.template dest=/etc/aliases.template owner=root mode=0644
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
- fas_client
|
- fas_client
|
||||||
|
|
|
||||||
|
|
@ -100,7 +100,7 @@
|
||||||
dest="/etc/fedmsg.d/{{ item }}"
|
dest="/etc/fedmsg.d/{{ item }}"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
with_items:
|
with_items:
|
||||||
- ssl.py
|
- ssl.py
|
||||||
- endpoints.py
|
- endpoints.py
|
||||||
|
|
@ -137,7 +137,7 @@
|
||||||
dest="/etc/fedmsg.d/{{ item }}"
|
dest="/etc/fedmsg.d/{{ item }}"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
with_items:
|
with_items:
|
||||||
- policy.py
|
- policy.py
|
||||||
when: "'persistent-cloud' not in group_names"
|
when: "'persistent-cloud' not in group_names"
|
||||||
|
|
@ -158,7 +158,7 @@
|
||||||
dest="/etc/fedmsg.d/{{ item }}"
|
dest="/etc/fedmsg.d/{{ item }}"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
with_items:
|
with_items:
|
||||||
- ssl.py
|
- ssl.py
|
||||||
- endpoints-external.py
|
- endpoints-external.py
|
||||||
|
|
@ -183,7 +183,7 @@
|
||||||
dest="/etc/fedmsg.d/{{ item }}"
|
dest="/etc/fedmsg.d/{{ item }}"
|
||||||
owner=root
|
owner=root
|
||||||
group=root
|
group=root
|
||||||
mode=644
|
mode=0644
|
||||||
with_items:
|
with_items:
|
||||||
- endpoints-external-composer.py
|
- endpoints-external-composer.py
|
||||||
when: "'releng-stg' in group_names"
|
when: "'releng-stg' in group_names"
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
when: ansible_distribution_major_version|int > 21
|
when: ansible_distribution_major_version|int > 21
|
||||||
|
|
||||||
- name: rsyncd.conf file
|
- name: rsyncd.conf file
|
||||||
copy: src={{ item }} dest=/etc/rsyncd.conf mode=644
|
copy: src={{ item }} dest=/etc/rsyncd.conf mode=0644
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- "{{ rsyncd_conf }}"
|
- "{{ rsyncd_conf }}"
|
||||||
- rsyncd.conf.{{ inventory_hostname }}
|
- rsyncd.conf.{{ inventory_hostname }}
|
||||||
|
|
@ -37,7 +37,7 @@
|
||||||
- config
|
- config
|
||||||
|
|
||||||
- name: xinetd rsync file
|
- name: xinetd rsync file
|
||||||
copy: src={{ item }} dest=/etc/xinetd.d/rsync mode=644
|
copy: src={{ item }} dest=/etc/xinetd.d/rsync mode=0644
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- "{{ rsync }}"
|
- "{{ rsync }}"
|
||||||
- rsync.{{ inventory_hostname }}
|
- rsync.{{ inventory_hostname }}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue