Majic Projects ~ [CLOSED] MAR-19 - Simplify role parameters by using more default values

Majic Projects

Majic Ansible Roles

Projects
Wiki
- Quick links
- Wiki
- Project wikis
- Conntrackt
- Django Pydenticon
- Gimmecert
- Majic Ansible Roles
- Pydenticon
- Scripts
- Global content

You are not logged in

Majic Ansible Roles / Closed Enhancement MAR-19 Simplify role parameters by using more default values

There are no more issues in that direction.

This issue has been closed with status "Closed" and resolution "RESOLVED".

- No additional actions available

Issue basics

Type of issue

Enhancement Unknown issue type
Issue label

No label set
Category

Not determined
Targetted for

1.0.0 Not determined
Status

Closed

Status not determined
Progress
Priority

Not determined

Affected by this issue (0)

There are no items

People involved

Posted by
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Owned by

Not owned by anyone
Assigned to
branko (@branko)

Branko Majic
@branko

Last seen online at Sep 29, 2024 - 18:46

Show user details
Not assigned to anyone
Subscribers

0 subscriber(s)

Click here to show the list of subscribers

Times and dates

Posted at

Aug 25, 2015
Last updated

Jan 19, 2016
Estimated time

Not estimated
Time spent

2 days No time spent

Click here to see time logged against this issue

Issue details

Resolution

RESOLVED Not determined
Reproducability

Not determined
Severity

Not determined

Attachments (0)

There is nothing attached to this issue

Child issues (0)

This issue does not have any child issues

Duplicate issues (0)

This issue does not have any duplicates

Show / hide more details »

Description

The current roles have a lot of different configuration parameters, many of which are mandatory. It might be beneficial to identify and simplify the role configuration by making more of the mandatory parameters optional.

Parameters that should be set to default values should be chosen based on how logical it is that a user will want to provide a custom value.

In some cases perhaps it will be possible to set-up defaults based on some of the mandatory options.

In general, even removing some options could make roles easier to use (less flexibility, but perhaps that'd be better).

What follows is a summary of what changes should be made.

In role '''preseed''':

* ''ansible_key'' should be optional, defaulting to ''~/.ssh/id_rsa.pub''.
* ''preseed_directory'' should be optional, defaulting to ''cwd/preseed/''.
* ''preseed_servers'' should be optional, and completely redesigned.
** Ability to define default parameters for all servers. These parameters should be completely optional, with some sane defaults.
** Ability to override one or more default parameter values for one or more servers.
** Preseed files should be generated for all servers in the inventory. Eventually ignore ''localhost''.

In role '''bootstrap''':

* ''ansible_key'' should be optional, defaulting to ''~/.ssh/id_rsa.pub''.

In role '''common''':

* ''os_users'' is ok as optional, but some of the parameters in the items in list should also be optional.
** ''additional_groups'' should be optional, defaulting to empty list (switch to list syntax if possible).
** ''uid'' should be optional, defaulting to whatever Ansible user module will pick.
** ''authorized_keys'' should be optional, defaulting to empty list.
** ''password'' should be optional, defaulting to invalid value (say '!') that would make it impossible to log-in with password.
* ''os_groups'' is ok as optional, but within it some parameters should be made optional as well.
** ''gid'' should be optional, defaulting to whatever the Ansible's group module would use.
* ''incoming_connection_limit'' should be optional, defaulting to 3.
* ''incoming_connection_limit_burst'' should be optional, defaulting to 9.

In role '''ldap_client''':

* ''ldap_client_config'' should be optional. In addition, this should be turned into a simple list of entries that would get added to the file (instead of current complicated system).

In role '''ldap_server''':

* ''ldap_server_config'' should be made optional, including its subparams.
** ''domain'' should be optional, defaulting it to host's domain if available. If not, raise an error.
** ''organization'' should be optional, defaulting it to value ''Private''.
** ''log_level'' should be optional, defaulting to 256.
** ''tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_ldap.pem''
** ''tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_ldap.key''
** ''ssf'' should be optional, defaulting to 128.
* ''ldap_permissions'' should be optional, defaulting to something relatively easy/simple.
* ''ldap_entries'' should be optional, defaulting to empty list.

In role '''xmpp_server''':

* ''xmpp_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_xmpp.key''.
* ''xmpp_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_xmpp.pem''.
* ''xmpp_domains'' should be optional, defaulting to server's domain. If no domain is available, error out.
* ''xmpp_ldap_filter'' should be optional, defaulting it to $mailuser@$host.
* ''xmpp_ldap_scope'' should be optional, defaulting it to subtree.
* ''xmpp_ldap_tls'' should be removed, and value in template should be forced to true/yes.
* ''xmpp_ldap_base'' should be optional, defaulting to domain of server. If no domain is available, error-out.

In role '''mail_server''':

* ''mail_ldap_tls_truststore'' should be optional, defaulting to ''tls_cert_dir/truststore.pem''.
* ''mail_ldap_root_dn'' should be renamed to ''mail_ldap_base_dn''.
* ''mail_user'' should be optional, defaulting to ''vmail''.
* ''mail_user_uid'' should be optional, defaulting to whatever the user module would use.
* ''mail_user_gid'' should be optional, defaulting to whatever the group module would use.
* ''imap_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_imap.pem''.
* ''imap_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_imap.key''.
* ''smtp_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_smtp.pem''.
* ''smtp_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_smtp.key''.
* ''imap_folder_separator'' should be optional, defaulting to whatever I currently use.
* ''smtp_rbl'' should be optional, setting it to whatever I currently use.
* ''mail_postmaster'' should be optional, defaulting to postmaster@server's domain. If no domain is defined, raise error.
* ''smtp_allow_relay_from'' should be optional, defaulting to empty list.

In role '''mail_forwarder''':

* ''local_mail_aliases'' should be optional, defaulting to empty list.
* ''smtp_relay_host'' should be optional, defaulting to none.
* ''smtp_relay_truststore'' should be optional, defaulting to ''tls_cert_dir/truststore.pem''.

In role '''web_server''':

* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''web_default_title'' should be optional, defaulting to ''Welcome''.
* ''web_default_message'' should be optional, defaulting to ''You are attempting to access the web server using a wrong name or an IP address. Please check your URL''

In role '''php_website''':

* ''admin'' should be optional, defaulting to the website user.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''uid'' should be optional, defaulting to whatever the user module picks.

In role '''wsgi_website''':

* ''admin'' should be optional, defaulting to the website user.
* ''https_tls_certificate'' should be optional, defaulting to ''tls_cert_dir/FQDN_https.pem''.
* ''https_tls_key'' should be optional, defaulting to ''tls_private_dir/FQDN_https.key''.
* ''uid'' should be optional, defaulting to whatever the user module picks.

Todos (0 / 0)

Options

Issue created

Welcome to The Bug Genie

Log in with your username and password