elb_application_lb - Module fails if listener default action is anything other than Forward #2376

ichekaldin · 2024-11-05T19:54:24Z

Summary

elb_application_lb module fails if any of load balancer listeners contain any action other than forward under DefaultActions.

For example:

- amazon.aws.elb_application_lb:
    name: example
    listeners:
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: forward
            TargetGroupArn: "{{ target_group_arn }}"
    scheme: internet-facing
    security_groups: "{{ security_groups }}"
    subnets: "{{ subnets }}"

works, while:

- amazon.aws.elb_application_lb:
    name: example
    listeners:
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Host: "#{host}"
              Query: "#{query}"
              Path: "/#{path}"
              Port: "443"
              Protocol: HTTPS
              StatusCode: HTTP_301
    scheme: internet-facing
    security_groups: "{{ security_groups }}"
    subnets: "{{ subnets }}"

doesn't.

Same is true of other types of actions: redirect, fixed-response, or authenticate-oidc.

I believe this was introduced in #2050 and is triggered by these lines in:

line 163:

    return sorted(actions, key=lambda x: (x["TargetGroupArn"], x["Type"]))

line 799:

                [{"TargetGroupArn": x["TargetGroupArn"], "Type": x["Type"]} for x in current_default_actions]

Issue Type

Bug Report

Component Name

elb_application_lb

Ansible Version

$ ansible --version
ansible [core 2.18.0]
  config file = /root/.ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /root/.env/lib/python3.12/site-packages/ansible
  ansible collection location = /root/.ansible/collections:
  executable location = /root/.env/bin/ansible
  python version = 3.12.7 (main, Oct  1 2024, 02:05:46) [Clang 16.0.0 (clang-1600.0.26.3)] (/root/.env/bin/python3.12)
  jinja version = 3.1.4
  libyaml = True

Collection Versions

$ ansible-galaxy collection list
Collection            Version
--------------------- -------
amazon.aws            9.0.0  
ansible.netcommon     7.1.0  
ansible.posix         1.6.0  
ansible.utils         5.1.1  
community.aws         9.0.0
community.general     10.0.0 
community.network     5.0.3

AWS SDK versions

$ pip show boto boto3 botocore
Name: boto3
Version: 1.35.54
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /root/.env/lib/python3.12/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: 
---
Name: botocore
Version: 1.35.54
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: 
License: Apache License 2.0
Location: /root/.env/lib/python3.12/site-packages
Requires: jmespath, python-dateutil, urllib3
Required-by: boto3, s3transfer

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

- amazon.aws.elb_application_lb:
    name: example
    listeners:
      - Protocol: HTTP
        Port: 80
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Host: "#{host}"
              Query: "#{query}"
              Path: "/#{path}"
              Port: "443"
              Protocol: HTTPS
              StatusCode: HTTP_301
      - Protocol: HTTPS
        Port: 443
        Certificates:
          - CertificateArn: "{{ certificate_arn }}"
        DefaultActions:
          - Type: fixed-response
            FixedResponseConfig:
              ContentType: text/plain
              MessageBody: Not available
              StatusCode: "404"
    scheme: internet-facing
    security_groups: "{{ security_groups }}"
    subnets: "{{ subnets }}"

Expected Results

A load balancer is created or updated successfully.

Resulting load balancer has a listener on port 80 that redirects to port 443, and a listener on port 443 that returns a fixed response of HTTP 404.

Actual Results

fatal: [localhost]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n  File \"/root/.ansible/tmp/ansible-tmp-1730787347.3631353-16953-25684946836848/AnsiballZ_elb_application_lb.py\", line 107, in <module>\n    _ansiballz_main()\n  File \"/root/.ansible/tmp/ansible-tmp-1730787347.3631353-16953-25684946836848/AnsiballZ_elb_application_lb.py\", line 99, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/root/.ansible/tmp/ansible-tmp-1730787347.3631353-16953-25684946836848/AnsiballZ_elb_application_lb.py\", line 47, in invoke_module\n    runpy.run_module(mod_name='ansible_collections.amazon.aws.plugins.modules.elb_application_lb', init_globals=dict(_module_fqn='ansible_collections.amazon.aws.plugins.modules.elb_application_lb', _modlib_path=modlib_path),\n  File \"<frozen runpy>\", line 226, in run_module\n  File \"<frozen runpy>\", line 98, in _run_module_code\n  File \"<frozen runpy>\", line 88, in _run_code\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/modules/elb_application_lb.py\", line 1060, in <module>\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/modules/elb_application_lb.py\", line 1052, in main\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/modules/elb_application_lb.py\", line 860, in create_or_update_alb\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/elbv2.py\", line 918, in compare_listeners\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/elbv2.py\", line 850, in _group_listeners\n  File \"/tmp/ansible_amazon.aws.elb_application_lb_payload_udakew3v/ansible_amazon.aws.elb_application_lb_payload.zip/ansible_collections/amazon/aws/plugins/module_utils/elbv2.py\", line 799, in _compare_listener\nKeyError: 'TargetGroupArn'\n", "module_stdout": "", "msg": "MODULE FAILURE: No start of json char found\nSee stdout/stderr for the exact error", "rc": 1}

Code of Conduct

I agree to follow the Ansible Code of Conduct

The text was updated successfully, but these errors were encountered:

…ons/amazon.aws#2376

* r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision ansible-collections/amazon.aws#2376

sebrhex · 2024-11-20T16:06:13Z

Same here, is there a workaround like pinning a version?

pspoc-ac-yuri-bucci · 2024-11-21T18:30:35Z

Same here, i fixed last version 8.2.1 to workaround

fabricat-mdb · 2024-11-25T09:56:15Z

As a workaround, I'm using _sort_actions instead of _sort_listener_actions in elbv2.py, and I've partially applied the changes proposed in PR #2377.
So my code becomes like this:

            current_actions_sorted = _sort_actions(
                {
                    k: v
                    for k, v in x.items()
                    if k
                    in ["AuthenticateOidcConfig", "FixedResponseConfig", "RedirectConfig", "TargetGroupArn", "Type"]
                }
                for x in current_default_actions
            )
            if current_actions_sorted != _sort_actions(new_default_actions):

_sort_actions simply uses Order as the sorting key. I noticed that Order is always present in current_listener (and is required in module parameters) when the listener has more than one default action.
When there is only one default action, sorting should not change lists.

Now, the module does not fail anymore, but it always returns as "changed".
This is probably related to Order being defaulted to 0 instead of 1 here, and/or to AuthenticateOidcConfig.ClientSecret being not returned in the AuthenticateOidcActionConfig object.

This is what I could do: I lack some skills to code a 100% working solution, sorry.

SUMMARY Fixes #2376. ISSUE TYPE Bugfix Pull Request COMPONENT NAME elbv2 elb_application_lb ADDITIONAL INFORMATION Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Bikouo Aubin

SUMMARY Fixes #2376. ISSUE TYPE Bugfix Pull Request COMPONENT NAME elbv2 elb_application_lb ADDITIONAL INFORMATION Reviewed-by: Mandar Kulkarni <[email protected]> Reviewed-by: Bikouo Aubin (cherry picked from commit bb3914a)

This is a backport of PR #2377 as merged into main (bb3914a). SUMMARY Fixes #2376. ISSUE TYPE Bugfix Pull Request COMPONENT NAME elbv2 elb_application_lb ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis

* Bug fixes 2.x pr 2.x (#1771) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Managing-mime-types-nginx (#1773) * Whitelisting ce vpn ip wazuh pr 2.x (#1775) * Whitelisting-CE-VPN-IP-wazuh * Fixing-wazuh-whitelist-variable * Updating-wazuh-vars (#1777) * add community.postgresql collection and remove varnish master release (#1779) * Updating wazuh vars pr 2.x (#1781) * Updating-wazuh-vars * Updating-manager-vars * Updating wazuh vars pr 2.x (#1783) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Updating wazuh vars pr 2.x (#1785) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Updating wazuh vars pr 2.x (#1787) * Updating-wazuh-vars * Updating-manager-vars * Updating-wazuh-manager-active-response * Updating-wazuh-manager-active-response-2x * Fixing-wazuh-broken-pipeline * Tweaking-wazuh-vars * r68065 mattermost role first commit (#1789) * r68065 mattermost role first commit * fixing linting/syntax * reload systemd with ansible.builtin.systemd_service * handler for postgresql reloads * default systemd unit file for mattermost role * r68065 install python psycopg2 (#1791) * r68065 use psycopg binary package as compiling creates depsolve issues (#1793) * permissions for postgres setup (#1795) * r68065 add mattermost group before user (#1797) * Updating-duplicity (#1804) * enable mattermost systemd unit (#1810) * nginx include for mattermost (#1812) * nginx include for mattermost * add mattermost project type * ssl on handled by nginx role (#1814) * fix mattermost nginx include (#1822) * remove unsupported nginx option (#1824) * Restore testing update pr 2.x (#1832) * Restore-testing-update * Restore-testing-update-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Resolving conflicts pr 2.x (#1834) * Fixing-conflicts-and-updating-docs * Fixed-conflicts * Fixed-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * initial commit - mattermost local backups (#1838) * r69995-Updating-vhost-for-LE-validation (#1843) Co-authored-by: Matej Stajduhar <[email protected]> * Changing priority flexibility pr 2.x (#1841) * Changing-priority-flexibility * Changing-priority-flexibility-2 * Adding-aws-acl-to-meta * Adding-cast-to-int-for-priority --------- Co-authored-by: Matej Stajduhar <[email protected]> * Aws acl role changes for ip set pr 2.x (#1848) * aws_acl-role-changes-for-ip-set * aws_acl-role-changes-for-ip-set-docs-update --------- Co-authored-by: Matej Stajduhar <[email protected]> * add_php_repo_before_apt_extra_packages_task_from_common_base (#1850) * fix_opensearch_vars (#1852) * wait_timeout_for_opensearch_domain_creation (#1854) * wait_timeout_for_opensearch_domain_creation * remove trailing space * Updating-aws-acl-task (#1856) Co-authored-by: Matej Stajduhar <[email protected]> * Docs update and making Ansible installation via _init an option. * Bug fixes 2.x pr 2.x (#1859) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Bug fixes 2.x pr 2.x (#1860) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Small-changes-on-aws-acl-and-RDS-validation (#1863) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-user-ansible-vars (#1864) * Updating user ansible vars pr 2.x (#1867) * Updating-user-ansible-vars * Fixing-syntax * add_vars_to_user_deploy_user_provision (#1869) * Disabling-general-log-mariadb (#1871) * Updating-aws_acl-role (#1873) Co-authored-by: Matej Stajduhar <[email protected]> * r70260-rkhunter-whitelist (#1877) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting * Wazuh-var-update (#1903) * Wazuh-agent-vars-more-readable (#1905) * Filebeat-restart-task-wazuh (#1907) * Filebeat restart task wazuh pr 2.x (#1909) * Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart * Adding-gawk-to-extra-packages (#1910) * Updating-filebeat-restart-task (#1913) * Adding motd to exit role pr 2.x (#1915) * Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-motd-task (#1917) * Motd-switch-egrep-with-awk (#1919) * Motd-task-update (#1922) * Motd-task-update * Restoring-deleted-task * Fixing motd task when running on localhost pr 2.x (#1924) * Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar <[email protected]> * Apt bug workaround pr 2.x (#1935) * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic * Pushing-aws-backup-validation-role (#1944) * Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(redis): Convert maxmemory setting to int before comparing (#1897) * Reverting-nginx-username (#1945) * Reverting nginx username pr 2.x (#1947) * Reverting-nginx-username * Minor-fix-nginx-username * Updating-nginx-vars (#1950) * Documentation update. * Fixing role dependency in NGINX role. * Bug fixes 2.x pr 2.x (#1952) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * r70597 new system role for ipv6 disablement (#1954) * r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role * Fixing-json-file-for-restore-testing (#1956) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing json file for restore testing pr 2.x (#1957) * Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar <[email protected]> * updating asg role to support custom rule on http and https (#1959) Co-authored-by: filip <[email protected]> * Adding installation path handling for Galaxy collections. * Bug fixes 2.x pr 2.x (#1962) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Bug fixes 2.x pr 2.x (#1966) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * r70596 create swap directory (#1968) * r70596 create swap directory * remove stat check * 70325 adding asg redirect pr 2.x (#1963) * updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip <[email protected]> * swapfile path and clamav exclusion (#1970) * Galaxy role pr 2.x (#1974) * Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Bug fixes 2.x pr 2.x (#1975) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Bug fixes 2.x pr 2.x (#1978) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Bug fixes 2.x pr 2.x (#1980) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating defaults pr 2.x (#1982) * Updated-defaults-for-aws_acl-role * Removing-Identity-search --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating defaults pr 2.x (#1984) * Updated-defaults-for-aws_acl-role * Removing-Identity-search * Removing-undefined-variable --------- Co-authored-by: Matej Stajduhar <[email protected]> * Removing-gawk-apt (#1985) * Adding-gawk-removing-gawk-csh (#1987) * Adding-when-statement-for-assigning-instance (#1990) * Adding-when-statement-for-assigning-instance * Adding-check-prior-to-assigning-resources * Adding-check-prior-to-assigning-resources * Adding-region-to-aws-cli-command * Print-protected-resource * Adding-resource-type-definition * Resolved-conflicts * Removing-empty-line * Disabling-assigning-instance-to-restore-testing-plan --------- Co-authored-by: Matej Stajduhar <[email protected]> * Matching-2.x-and-devel-branches (#1999) Co-authored-by: Matej Stajduhar <[email protected]> * Adding-aws-ses-role (#2003) * Adding-aws-ses-role * Removing-python-script * Changing-domain-name * Using-variable-for-domain-name --------- Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2015) Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2018) Co-authored-by: Matej Stajduhar <[email protected]> * Updating nginx ssl le roles pr 2.x (#2021) * Updating-nginx-SSL-LE-roles * Updating-nginx-vars * r70260 Option to ignore false-positive shared memory segment warnings (#2023) * Adding-wazuh-ossec-from-enigma00a (#2027) * Updating-gitlab-runner-env (#2031) * r70987-decom-vpn-guest (#2034) * r70797 nodhcp module in system role for hetzner cloud systems (#2036) * r70797 nodhcp module in system role for hetzner cloud systems * fix syntax * r70797 set pipefail to resolve linting failure * fix pipefail with bash (#2038) * fix var in templ (#2040) * R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042) * r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains * Changing-LE-cron * Changing-script-from-sh-to-bash --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating-local-ossec-rules (#2045) * Updating-local-ossec-rules * Fixing-syntax * Updating-wazuh-vars (#2048) * Updating-wazuh-vars * Changing-var-defaults * Removing-wrong-variables * r70260-rkhunter-tested-good-tweaks (#2051) * Fixing-LE-renew-timer (#2052) Co-authored-by: Matej Stajduhar <[email protected]> * R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055) * r70260-rkhunter-tweak-portpathwhitelist TEST * sanitise portpath items * Updating-system-role-condition (#2056) * Updating system role condition pr 2.x (#2059) * Updating-system-role-condition * Updating-system-role-condition-v2 * r71121-tweak-nohetznerdhcp-condition (#2061) * Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar <[email protected]> * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar <[email protected]> * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-postfix-default-transport-maps (#2092) * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar <[email protected]> * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar <[email protected]> * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar <[email protected]> * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. --------- Co-authored-by: drazenCE <[email protected]> Co-authored-by: nfawbert <[email protected]> Co-authored-by: Matej Štajduhar <[email protected]> Co-authored-by: Matej Stajduhar <[email protected]> Co-authored-by: tymofiisobchenko <[email protected]> Co-authored-by: Klaus Purer <[email protected]> Co-authored-by: Filip Rupic <[email protected]> Co-authored-by: filip <[email protected]>

* Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar <[email protected]> * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision ansible-collections/amazon.aws#2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar <[email protected]> * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-postfix-default-transport-maps (#2092) * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar <[email protected]> * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar <[email protected]> * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar <[email protected]> * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. * Allowing script to skip iptables. * Misnamed flag. * Adding user_provision role to configure controller user. * Wrapping cleanup so it doesn't break GitHub Actions. * Completing variables for user_provisin. * Missed the sudoers var. * Quoting vars. * GitLab installer needs _domain_name. * Logic error in clean-up script. * Fixing paths to ce-provision in container. * Trying to fix CI perms issues. * Git dubious ownership error. * Git dubious ownership error. * Running the web server test as the controller user. * Missed a controller var. * Commenting out the CE container to test. * Adding a separate step for Git actions. * Need sudo for Ubuntu. * efs_version_fix_for_old_debian_workaround (#2151) * Using a volume to persist data between steps. * Adding debug commands to test volumes. * Tweaking volumes. * Adding the checkout command back in. * Trying a different approach. * ls command looks good, so putting web build back in. * More Ansible Galaxy debug. * Trying to make ansible-galaxy detect installed roles. * Run galaxy command as controller. * Trying galaxy command and cd wrapped in su. * Specifically checking the contents of galaxy/roles. * Trying a double-tap install process. * Quick refactor and debug of SSH. * Adding OpenSSH server package. * Checking for a firewall. * Checking listening packages. * Starting SSHD especially. * Starting SSHD without systemd. * Pre-empting config a bit more. * More galaxy path debug. * fix(duplicity): Fix file name of include/exclude list (#2152) * Running a find to see if we can find the missing roles. * More verbosity. * Checking for missing requirements file. * Removing eroneous when clause. * Tidying up redundant debug lines. * Creating a separate ci.yml play targeting localhost. * Making sure sshd is running. * Tidying up GitLab CI file and installing SSHD. * Installing SSHD as a separate step. * SSHD already installed, starting it instead. * Don't create systemd timers in containers. * Preparing a test GitLab build. * Making builds nightly and fixing GitLab role bug. * Ensuring is_local var exists and making lock behaviour optional. * Fixing location and owner of Blackfire config so it is configurable. * Documentation update. * Removing all is defined checks for is_local since it is now always defined. * Letting GitLab know it's on Docker earlier. * Trying to run runsvdir-start to avoid container freezing. * Temporarily skipping reconfigure of GitLab to test the rest. * Trying to move GitLab reconfigure commands to CI. * Fixing service namespace for runner and reinstating GitLab tasks. * Trying to get config script working for GitLab in CI. * No systemd, do not try to restart gitlab-runner. * Removing firewall role from CI GitLab test, don't need it and it breaks CI. * Outputting PostGreSQL logs to see if there are errors. * Outputting PostGreSQL logs to see if there are errors. * Trying the config script for GitLab again. * Suppressing extra GitLab config for CI runs. * Setting Blackfire CLI defaults to use ce-dev user. --------- Co-authored-by: Matej Štajduhar <[email protected]> Co-authored-by: Matej Stajduhar <[email protected]> Co-authored-by: tymofiisobchenko <[email protected]> Co-authored-by: Klaus Purer <[email protected]> Co-authored-by: drazenCE <[email protected]>

* permissions for postgres setup (#1795) * r68065 add mattermost group before user (#1797) * Updating-duplicity (#1804) * enable mattermost systemd unit (#1810) * nginx include for mattermost (#1812) * nginx include for mattermost * add mattermost project type * ssl on handled by nginx role (#1814) * fix mattermost nginx include (#1822) * remove unsupported nginx option (#1824) * Restore testing update pr 2.x (#1832) * Restore-testing-update * Restore-testing-update-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Resolving conflicts pr 2.x (#1834) * Fixing-conflicts-and-updating-docs * Fixed-conflicts * Fixed-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * initial commit - mattermost local backups (#1838) * r69995-Updating-vhost-for-LE-validation (#1843) Co-authored-by: Matej Stajduhar <[email protected]> * Changing priority flexibility pr 2.x (#1841) * Changing-priority-flexibility * Changing-priority-flexibility-2 * Adding-aws-acl-to-meta * Adding-cast-to-int-for-priority --------- Co-authored-by: Matej Stajduhar <[email protected]> * Aws acl role changes for ip set pr 2.x (#1848) * aws_acl-role-changes-for-ip-set * aws_acl-role-changes-for-ip-set-docs-update --------- Co-authored-by: Matej Stajduhar <[email protected]> * add_php_repo_before_apt_extra_packages_task_from_common_base (#1850) * fix_opensearch_vars (#1852) * wait_timeout_for_opensearch_domain_creation (#1854) * wait_timeout_for_opensearch_domain_creation * remove trailing space * Updating-aws-acl-task (#1856) Co-authored-by: Matej Stajduhar <[email protected]> * Bug fixes 2.x pr 2.x (#1859) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Bug fixes 2.x pr 2.x (#1860) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Small-changes-on-aws-acl-and-RDS-validation (#1863) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-user-ansible-vars (#1864) * Updating user ansible vars pr 2.x (#1867) * Updating-user-ansible-vars * Fixing-syntax * add_vars_to_user_deploy_user_provision (#1869) * Disabling-general-log-mariadb (#1871) * Updating-aws_acl-role (#1873) Co-authored-by: Matej Stajduhar <[email protected]> * r70260-rkhunter-whitelist (#1877) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting * Wazuh-var-update (#1903) * Wazuh-agent-vars-more-readable (#1905) * Filebeat-restart-task-wazuh (#1907) * Filebeat restart task wazuh pr 2.x (#1909) * Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart * Adding-gawk-to-extra-packages (#1910) * Updating-filebeat-restart-task (#1913) * Adding motd to exit role pr 2.x (#1915) * Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-motd-task (#1917) * Motd-switch-egrep-with-awk (#1919) * Motd-task-update (#1922) * Motd-task-update * Restoring-deleted-task * Fixing motd task when running on localhost pr 2.x (#1924) * Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar <[email protected]> * Apt bug workaround pr 2.x (#1935) * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic * Pushing-aws-backup-validation-role (#1944) * Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(redis): Convert maxmemory setting to int before comparing (#1897) * Reverting-nginx-username (#1945) * Reverting nginx username pr 2.x (#1947) * Reverting-nginx-username * Minor-fix-nginx-username * Updating-nginx-vars (#1950) * Bug fixes 2.x pr 2.x (#1952) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * r70597 new system role for ipv6 disablement (#1954) * r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role * Fixing-json-file-for-restore-testing (#1956) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing json file for restore testing pr 2.x (#1957) * Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar <[email protected]> * updating asg role to support custom rule on http and https (#1959) Co-authored-by: filip <[email protected]> * Bug fixes 2.x pr 2.x (#1962) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Bug fixes 2.x pr 2.x (#1966) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * r70596 create swap directory (#1968) * r70596 create swap directory * remove stat check * 70325 adding asg redirect pr 2.x (#1963) * updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip <[email protected]> * swapfile path and clamav exclusion (#1970) * Galaxy role pr 2.x (#1974) * Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong. * Bug fixes 2.x pr 2.x (#1975) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Bug fixes 2.x pr 2.x (#1978) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Bug fixes 2.x pr 2.x (#1980) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating defaults pr 2.x (#1982) * Updated-defaults-for-aws_acl-role * Removing-Identity-search --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating defaults pr 2.x (#1984) * Updated-defaults-for-aws_acl-role * Removing-Identity-search * Removing-undefined-variable --------- Co-authored-by: Matej Stajduhar <[email protected]> * Removing-gawk-apt (#1985) * Adding-gawk-removing-gawk-csh (#1987) * Adding-when-statement-for-assigning-instance (#1990) * Adding-when-statement-for-assigning-instance * Adding-check-prior-to-assigning-resources * Adding-check-prior-to-assigning-resources * Adding-region-to-aws-cli-command * Print-protected-resource * Adding-resource-type-definition * Resolved-conflicts * Removing-empty-line * Disabling-assigning-instance-to-restore-testing-plan --------- Co-authored-by: Matej Stajduhar <[email protected]> * Matching-2.x-and-devel-branches (#1999) Co-authored-by: Matej Stajduhar <[email protected]> * Adding-aws-ses-role (#2003) * Adding-aws-ses-role * Removing-python-script * Changing-domain-name * Using-variable-for-domain-name --------- Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2015) Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2018) Co-authored-by: Matej Stajduhar <[email protected]> * Updating nginx ssl le roles pr 2.x (#2021) * Updating-nginx-SSL-LE-roles * Updating-nginx-vars * r70260 Option to ignore false-positive shared memory segment warnings (#2023) * Adding-wazuh-ossec-from-enigma00a (#2027) * Updating-gitlab-runner-env (#2031) * r70987-decom-vpn-guest (#2034) * r70797 nodhcp module in system role for hetzner cloud systems (#2036) * r70797 nodhcp module in system role for hetzner cloud systems * fix syntax * r70797 set pipefail to resolve linting failure * fix pipefail with bash (#2038) * fix var in templ (#2040) * R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042) * r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains * Changing-LE-cron * Changing-script-from-sh-to-bash --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating-local-ossec-rules (#2045) * Updating-local-ossec-rules * Fixing-syntax * Updating-wazuh-vars (#2048) * Updating-wazuh-vars * Changing-var-defaults * Removing-wrong-variables * r70260-rkhunter-tested-good-tweaks (#2051) * Fixing-LE-renew-timer (#2052) Co-authored-by: Matej Stajduhar <[email protected]> * R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055) * r70260-rkhunter-tweak-portpathwhitelist TEST * sanitise portpath items * Updating-system-role-condition (#2056) * Updating system role condition pr 2.x (#2059) * Updating-system-role-condition * Updating-system-role-condition-v2 * r71121-tweak-nohetznerdhcp-condition (#2061) * Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar <[email protected]> * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar <[email protected]> * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-postfix-default-transport-maps (#2092) * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar <[email protected]> * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar <[email protected]> * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * efs_version_fix_for_old_debian_workaround (#2151) * fix(duplicity): Fix file name of include/exclude list (#2152) * Bug fixes 2.x pr 2.x (#2120) * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. * Allowing script to skip iptables. * Misnamed flag. * Adding user_provision role to configure controller user. * Wrapping cleanup so it doesn't break GitHub Actions. * Completing variables for user_provisin. * Missed the sudoers var. * Quoting vars. * GitLab installer needs _domain_name. * Logic error in clean-up script. * Fixing paths to ce-provision in container. * Trying to fix CI perms issues. * Git dubious ownership error. * Git dubious ownership error. * Running the web server test as the controller user. * Missed a controller var. * Commenting out the CE container to test. * Adding a separate step for Git actions. * Need sudo for Ubuntu. * Using a volume to persist data between steps. * Adding debug commands to test volumes. * Tweaking volumes. * Adding the checkout command back in. * Trying a different approach. * ls command looks good, so putting web build back in. * More Ansible Galaxy debug. * Trying to make ansible-galaxy detect installed roles. * Run galaxy command as controller. * Trying galaxy command and cd wrapped in su. * Specifically checking the contents of galaxy/roles. * Trying a double-tap install process. * Quick refactor and debug of SSH. * Adding OpenSSH server package. * Checking for a firewall. * Checking listening packages. * Starting SSHD especially. * Starting SSHD without systemd. * Pre-empting config a bit more. * More galaxy path debug. * Running a find to see if we can find the missing roles. * More verbosity. * Checking for missing requirements file. * Removing eroneous when clause. * Tidying up redundant debug lines. * Creating a separate ci.yml play targeting localhost. * Making sure sshd is running. * Tidying up GitLab CI file and installing SSHD. * Installing SSHD as a separate step. * SSHD already installed, starting it instead. * Don't create systemd timers in containers. * Preparing a test GitLab build. * Making builds nightly and fixing GitLab role bug. * Ensuring is_local var exists and making lock behaviour optional. * Fixing location and owner of Blackfire config so it is configurable. * Documentation update. * Removing all is defined checks for is_local since it is now always defined. * Letting GitLab know it's on Docker earlier. * Trying to run runsvdir-start to avoid container freezing. * Temporarily skipping reconfigure of GitLab to test the rest. * Trying to move GitLab reconfigure commands to CI. * Fixing service namespace for runner and reinstating GitLab tasks. * Trying to get config script working for GitLab in CI. * No systemd, do not try to restart gitlab-runner. * Removing firewall role from CI GitLab test, don't need it and it breaks CI. * Outputting PostGreSQL logs to see if there are errors. * Outputting PostGreSQL logs to see if there are errors. * Trying the config script for GitLab again. * Suppressing extra GitLab config for CI runs. * Setting Blackfire CLI defaults to use ce-dev user. * Update .wikis2pages.yml * Nightly builds (#2153) * Create ce-provision-test-nightly.yml * Remove nightly check from GitLab test. * Remove nightly check from web server test. * Removing branch references. * Updating installer config branch to 2.x * Removing config branch, default is fine now * Updating-wazuh-template (#2154) * Updating le template (#2156) * Updating-le-template * Updating-le-template * Reworking-nodejs-for-older-versions (#2157) * Reworking nodejs for older versions pr 2.x (#2159) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Reworking nodejs for older versions pr 2.x (#2160) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Reworking nodejs for older versions pr 2.x (#2161) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Separating-node-tasks-for-older-node * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Publish docs pr 2.x (#2164) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Adding more debug to try to find where 1.x is coming from. * Moving the hugo script check. * More debug. * Moving the config.toml debug line. * Checking the entire disk for 2.x. * Trying a find instead of a grep. * Trying to update ce-provision and ce-deploy. * Getting more debug info. * Adding --verbose to Ansible. * Trying running Hugo directly. * Changed the Hugo start script. * Trying just running 'hugo' in the right directory. * Adding ce-deploy back in with option to not run Hugo. * Updating docs to make _Sidebar.md lose the starting slash. * Publish docs pr 2.x (#2166) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Adding more debug to try to find where 1.x is coming from. * Moving the hugo script check. * More debug. * Moving the config.toml debug line. * Checking the entire disk for 2.x. * Trying a find instead of a grep. * Trying to update ce-provision and ce-deploy. * Getting more debug info. * Adding --verbose to Ansible. * Trying running Hugo directly. * Changed the Hugo start script. * Trying just running 'hugo' in the right directory. * Adding ce-deploy back in with option to not run Hugo. * Updating docs to make _Sidebar.md lose the starting slash. * Changing sidebar paths didn't fix Hugo. * Re-removing opening slash to fix Hugo. * Fixing Sidebar merge issues. --------- Co-authored-by: nfawbert <[email protected]> Co-authored-by: drazenCE <[email protected]> Co-authored-by: Matej Štajduhar <[email protected]> Co-authored-by: Matej Stajduhar <[email protected]> Co-authored-by: tymofiisobchenko <[email protected]> Co-authored-by: Klaus Purer <[email protected]> Co-authored-by: Filip Rupic <[email protected]> Co-authored-by: filip <[email protected]>

github-actions bot added the needs_triage label Nov 5, 2024

ichekaldin mentioned this issue Nov 5, 2024

elbv2 - Fix load balancer listener comparison #2377

Merged

tymofiisobchenko added a commit to codeenigma/ce-provision that referenced this issue Nov 12, 2024

revert changes as the bug is outside of ce-provision ansible-collecti…

0402a85

…ons/amazon.aws#2376

hakbailey added has_pr and removed needs_triage labels Nov 12, 2024

softwarefactory-project-zuul bot closed this as completed in #2377 Nov 29, 2024

patchback bot mentioned this issue Dec 2, 2024

[PR #2377/bb3914af backport][stable-9] elbv2 - Fix load balancer listener comparison #2403

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

elb_application_lb - Module fails if listener default action is anything other than Forward #2376

elb_application_lb - Module fails if listener default action is anything other than Forward #2376

ichekaldin commented Nov 5, 2024

sebrhex commented Nov 20, 2024

pspoc-ac-yuri-bucci commented Nov 21, 2024

fabricat-mdb commented Nov 25, 2024

elb_application_lb - Module fails if listener default action is anything other than Forward #2376

elb_application_lb - Module fails if listener default action is anything other than Forward #2376

Comments

ichekaldin commented Nov 5, 2024

Summary

Issue Type

Component Name

Ansible Version

Collection Versions

AWS SDK versions

Configuration

OS / Environment

Steps to Reproduce

Expected Results

Actual Results

Code of Conduct

sebrhex commented Nov 20, 2024

pspoc-ac-yuri-bucci commented Nov 21, 2024

fabricat-mdb commented Nov 25, 2024