Majic Projects
Majic Ansible Roles
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Majic Ansible Roles / Closed Enhancement MAR-19 Simplify role parameters by using more default values
Go to the next issue (open or closed)
Go to the next open issue
There are no more issues in that direction.
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Enhancement
  • Category
    Not determined
  • Targetted for
    1.0.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    Not estimated
  • Time spent
    2 days
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description
The current roles have a lot of different configuration parameters, many of which are mandatory. It might be beneficial to identify and simplify the role configuration by making more of the mandatory parameters optional.

Parameters that should be set to default values should be chosen based on how logical it is that a user will want to provide a custom value.

In some cases perhaps it will be possible to set-up defaults based on some of the mandatory options.

In general, even removing some options could make roles easier to use (less flexibility, but perhaps that'd be better).

What follows is a summary of what changes should be made.

In role '''preseed''':

* ''ansible_key'' should be optional, defaulting to ''~/.ssh/id_rsa.pub''.
* ''preseed_directory'' should be optional, defaulting to ''cwd/preseed/''.
* ''preseed_servers'' should be optional, and completely redesigned.
** Ability to define default parameters for all servers. These parameters should be completely optional, with some sane defaults.
** Ability to override one or more default parameter values for one or more servers.
** Preseed files should be generated for all servers in the inventory. Eventually ignore ''localhost''.

In role '''bootstrap''':

* ''ansible_key'' should be optional, defaulting to ''~/.ssh/id_rsa.pub''.

In role '''common''':

* ''os_users'' is ok as optional, but some of the parameters in the items in list should also be optional.
** ''additional_groups'' should be optional, defaulting to empty list (switch to list syntax if possible).
** ''uid'' should be optional, defaulting to whatever Ansible user module will pick.
** ''authorized_keys'' should be optional, defaulting to empty list.
** ''password'' should be optional, defaulting to invalid value (say '!') that would make it impossible to log-in with password.
* ''os_groups'' is ok as optional, but within it some parameters should be made optional as well.
** ''gid'' should be optional, defaulting to whatever the Ansible's group module would use.
* ''incoming_connection_limit'' should be optional, defaulting to 3.
* ''incoming_connection_limit_burst'' should be optional, defaulting to 9.

In role '''ldap_client''':

* ''ldap_client_config'' should be optional. In addition, this should be turned into a simple list of entries that would get added to the file (instead of current complicated system).

In role '''ldap_server''':

* ''ldap_server_config'' should be made optional, including its subparams.
** ''domain'' should be optional, defaulting it to host's domain if available. If not, raise an error.
** ''organization'' should be optional, defaulting it to value ''Private''.
** ''log_level'' should be optional, defaulting to 256.
** ''tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_ldap.pem''
** ''tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_ldap.key''
** ''ssf'' should be optional, defaulting to 128.
* ''ldap_permissions'' should be optional, defaulting to something relatively easy/simple.
* ''ldap_entries'' should be optional, defaulting to empty list.

In role '''xmpp_server''':

* ''xmpp_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_xmpp.key''.
* ''xmpp_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_xmpp.pem''.
* ''xmpp_domains'' should be optional, defaulting to server's domain. If no domain is available, error out.
* ''xmpp_ldap_filter'' should be optional, defaulting it to $mailuser@$host.
* ''xmpp_ldap_scope'' should be optional, defaulting it to subtree.
* ''xmpp_ldap_tls'' should be removed, and value in template should be forced to true/yes.
* ''xmpp_ldap_base'' should be optional, defaulting to domain of server. If no domain is available, error-out.

In role '''mail_server''':

* ''mail_ldap_tls_truststore'' should be optional, defaulting to ''tls_cert_dir/truststore.pem''.
* ''mail_ldap_root_dn'' should be renamed to ''mail_ldap_base_dn''.
* ''mail_user'' should be optional, defaulting to ''vmail''.
* ''mail_user_uid'' should be optional, defaulting to whatever the user module would use.
* ''mail_user_gid'' should be optional, defaulting to whatever the group module would use.
* ''imap_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_imap.pem''.
* ''imap_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_imap.key''.
* ''smtp_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_smtp.pem''.
* ''smtp_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_smtp.key''.
* ''imap_folder_separator'' should be optional, defaulting to whatever I currently use.
* ''smtp_rbl'' should be optional, setting it to whatever I currently use.
* ''mail_postmaster'' should be optional, defaulting to postmaster@server's domain. If no domain is defined, raise error.
* ''smtp_allow_relay_from'' should be optional, defaulting to empty list.

In role '''mail_forwarder''':

* ''local_mail_aliases'' should be optional, defaulting to empty list.
* ''smtp_relay_host'' should be optional, defaulting to none.
* ''smtp_relay_truststore'' should be optional, defaulting to ''tls_cert_dir/truststore.pem''.

In role '''web_server''':

* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''web_default_title'' should be optional, defaulting to ''Welcome''.
* ''web_default_message'' should be optional, defaulting to ''You are attempting to access the web server using a wrong name or an IP address. Please check your URL''

In role '''php_website''':

* ''admin'' should be optional, defaulting to the website user.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''uid'' should be optional, defaulting to whatever the user module picks.

In role '''wsgi_website''':

* ''admin'' should be optional, defaulting to the website user.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''uid'' should be optional, defaulting to whatever the user module picks.
Todos (0 / 0)
Issue created