Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sudoer improvements pr devel 2.x #2249

Open
wants to merge 338 commits into
base: devel-2.x
Choose a base branch
from
Open

Sudoer improvements pr devel 2.x #2249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
338 commits
Select commit Hold shift + click to select a range
b6adbc6
Changing import_role to include_vars for vars only Wazuh roles. (#1524)
gregharvey Mar 14, 2024
68c9e8d
Wazuh fixes pr 2.x (#1526)
gregharvey Mar 14, 2024
1e13a87
Adding cipher to client template and fixing default push route. (#1528)
gregharvey Mar 15, 2024
14cd950
Switching key server pr 2.x (#1531)
drazenCE Mar 20, 2024
e519246
Fixing-mysql-role (#1534)
drazenCE Mar 21, 2024
ee3723a
Fixing-broken-mysql-role (#1536)
drazenCE Mar 21, 2024
a60f90c
R68801 gzip nginx cloudfront pr 2.x (#1544)
tymofiisobchenko Mar 27, 2024
2470f04
Making Duplicity use venvs. (#1547)
gregharvey Mar 27, 2024
c626f7f
Ansible in init pr 2.x (#1554)
gregharvey Mar 29, 2024
4a0e81f
Mailpit role pr 2.x (#1522)
gregharvey Mar 29, 2024
3e001dd
Acm san cert replacement pr 2.x (#1561)
gregharvey Mar 31, 2024
cdd8ec5
Making Bookworm the default base distro. (#1565)
gregharvey Apr 2, 2024
fa8720f
Nginx domain handling pr 2.x (#1568)
gregharvey Apr 4, 2024
02de7d5
Fixing timer backup job for LDAP servers. (#1574)
gregharvey Apr 4, 2024
4c8b319
Ldap server schedule fixes pr 2.x (#1578)
gregharvey Apr 4, 2024
c4ed98e
Adding-ami-cleanup-role (#1580)
matej5 Apr 4, 2024
37f0157
Adding ami cleanup role 2.x pr 2.x (#1582)
matej5 Apr 4, 2024
c3ae7e7
r68801-improve-caching-behavior-and-some-nginx-fixes (#1572)
tymofiisobchenko Apr 5, 2024
cf5191a
moving-assume-role-to-files-folder (#1588)
matej5 Apr 5, 2024
33f2e46
Adding-retry-and-delay-on-lambda-creation-due-to-IAM-role-creation (#…
matej5 Apr 5, 2024
cc2250d
Adding-wait-task-prior-to-lambda-creation (#1595)
matej5 Apr 5, 2024
b084270
nginx-config-backup-and-cleaup-vhosts-on-rebuild (#1590)
tymofiisobchenko Apr 5, 2024
fa9a537
Adding-CF-S3-logging (#1596)
matej5 Apr 9, 2024
527daf2
php clear_env config option (#1599)
nfawbert Apr 9, 2024
75f753a
move ssl to domain.yml to fix the loop; remove checking for existing …
tymofiisobchenko Apr 10, 2024
427ec50
Allowing multiple clamscan wrapper scripts and timers per server. (#1…
gregharvey Apr 12, 2024
7db4aee
r69219-Updating-Scheduler-json-target (#1603)
matej5 Apr 15, 2024
64905aa
R68069 alb healthchecks and nginx pr 2.x (#1609)
tymofiisobchenko Apr 23, 2024
f3d8ab7
R69332 le cron mail alerts pr 2.x (#1605)
drazenCE Apr 23, 2024
7a9147f
Aws acl defaults pr 2.x (#1614)
gregharvey Apr 25, 2024
40049ca
Small-changes-to-roles (#1617)
matej5 Apr 29, 2024
fe089cd
Updating-aws-acl-role (#1626)
matej5 May 3, 2024
5c6c300
Apt repo role pr 2.x (#1620)
gregharvey May 6, 2024
d6924b2
Apt repo role pr 2.x (#1631)
gregharvey May 7, 2024
9a92247
Merge branch 'devel-2.x' into 2.x
gregharvey May 7, 2024
ffdb991
required_paramater_for_gp3_storage_type_tidying_up_and_refactoring (#…
tymofiisobchenko May 8, 2024
9e856a0
fixing_rds_vars (#1652)
tymofiisobchenko May 8, 2024
6135c88
Fixing-aws-acl-condition (#1654)
matej5 May 8, 2024
2044147
Apt repo role pr 2.x (#1661)
gregharvey May 13, 2024
f919e25
Bug fixes 2.x pr 2.x (#1662)
gregharvey May 13, 2024
e8d74e5
fix(scripts): Fix git checkout to fetch any new branches (#1655)
klausi May 13, 2024
25baa04
Apt repo role pr 2.x (#1666)
gregharvey May 14, 2024
f08fe67
Bug fixes 2.x pr 2.x (#1667)
gregharvey May 14, 2024
f42142f
Bug fixes 2.x pr 2.x (#1670)
gregharvey May 14, 2024
f93ae3a
Updating-waf-acl-role (#1672)
matej5 May 15, 2024
f2f2c96
Setting up proxy vhost pr 2.x (#1674)
drazenCE May 15, 2024
bbad84f
Fixing-typo (#1676)
drazenCE May 15, 2024
2f749bf
New-version-of-aws-acl-role (#1683)
matej5 May 20, 2024
9134709
Updating-nginx-template (#1688)
drazenCE May 21, 2024
09f1332
Updating-aws_backup-to-register-iam-arn-2 (#1696)
matej5 May 22, 2024
e4f16ee
Updating-nginx-htpasswd-task-2 (#1698)
matej5 May 22, 2024
c3913a9
Bug fixes 2.x pr 2.x (#1702)
gregharvey May 22, 2024
76560e9
r69424-Adding-resource-group-task (#1706)
matej5 May 23, 2024
872aa49
Adding lock file behaviour to ce-provision. (#1708)
gregharvey May 24, 2024
5127832
Bug fixes 2.x pr 2.x (#1715)
gregharvey May 27, 2024
d3b057e
Bug fixes 2.x pr 2.x (#1717)
gregharvey May 27, 2024
65f72f4
Creating a ce-provision installer script. (#1724)
gregharvey May 29, 2024
e8c73f2
Installer pr 2.x (#1726)
gregharvey May 29, 2024
8445562
Bug fixes 2.x pr 2.x (#1730)
gregharvey May 29, 2024
897fc3d
Installer pr 2.x (#1732)
gregharvey May 29, 2024
939d1e3
Installing certbot in a python venv. (#1659)
gregharvey May 29, 2024
9428d42
Installer pr 2.x (#1735)
gregharvey May 29, 2024
548a648
Bug fixes 2.x pr 2.x (#1737)
gregharvey May 31, 2024
f70996e
Bug fixes 2.x pr 2.x (#1738)
gregharvey May 31, 2024
ef3b85c
Fixing-ACM-SAN-behaviour (#1739)
drazenCE May 31, 2024
a732b1c
Bug fixes 2.x pr 2.x (#1742)
gregharvey Jun 3, 2024
09d4d1c
Bug fixes 2.x pr 2.x (#1749)
gregharvey Jun 4, 2024
c16f342
Bug fixes 2.x pr 2.x (#1752)
gregharvey Jun 4, 2024
1c6bbc4
Bug fixes 2.x pr 2.x (#1754)
gregharvey Jun 5, 2024
b212b0f
Bug fixes 2.x pr 2.x (#1756)
gregharvey Jun 5, 2024
bb1d5cd
Redoing-changes-for-aws-acl-role (#1728)
matej5 Jun 7, 2024
d08fd78
Remvoing-scp-extra-args-temporary (#1761)
matej5 Jun 13, 2024
00b9892
Bug fixes 2.x pr 2.x (#1765)
gregharvey Jun 13, 2024
a1f3d9e
Bug fixes 2.x pr 2.x (#1767)
gregharvey Jun 13, 2024
49940d9
Bug fixes 2.x pr 2.x (#1769)
gregharvey Jun 13, 2024
b556265
Bug fixes 2.x pr 2.x (#1771)
gregharvey Jun 13, 2024
c8f437b
Managing-mime-types-nginx (#1773)
drazenCE Jun 19, 2024
78d9859
Whitelisting ce vpn ip wazuh pr 2.x (#1775)
drazenCE Jun 20, 2024
f52aeaf
Updating-wazuh-vars (#1777)
drazenCE Jun 25, 2024
c1601eb
add community.postgresql collection and remove varnish master release…
nfawbert Jun 25, 2024
1dd7153
Updating wazuh vars pr 2.x (#1781)
drazenCE Jun 25, 2024
1644e8b
Updating wazuh vars pr 2.x (#1783)
drazenCE Jun 25, 2024
29c8f53
Updating wazuh vars pr 2.x (#1785)
drazenCE Jun 25, 2024
2645a53
Updating wazuh vars pr 2.x (#1787)
drazenCE Jun 25, 2024
da8e909
r68065 mattermost role first commit (#1789)
nfawbert Jun 26, 2024
1d52a29
r68065 install python psycopg2 (#1791)
nfawbert Jun 27, 2024
f935659
r68065 use psycopg binary package as compiling creates depsolve issue…
nfawbert Jun 27, 2024
996f67c
permissions for postgres setup (#1795)
nfawbert Jun 27, 2024
bcb8383
r68065 add mattermost group before user (#1797)
nfawbert Jun 27, 2024
c7e68a5
Updating-duplicity (#1804)
drazenCE Jul 1, 2024
69e741c
enable mattermost systemd unit (#1810)
nfawbert Jul 2, 2024
8694d1f
nginx include for mattermost (#1812)
nfawbert Jul 2, 2024
e6637ca
ssl on handled by nginx role (#1814)
nfawbert Jul 2, 2024
bcde5ae
fix mattermost nginx include (#1822)
nfawbert Jul 3, 2024
be379a5
remove unsupported nginx option (#1824)
nfawbert Jul 3, 2024
a58040d
Restore testing update pr 2.x (#1832)
matej5 Jul 8, 2024
21ffa8d
Resolving conflicts pr 2.x (#1834)
matej5 Jul 9, 2024
f1e3478
initial commit - mattermost local backups (#1838)
nfawbert Jul 9, 2024
303e501
r69995-Updating-vhost-for-LE-validation (#1843)
matej5 Jul 11, 2024
a71e3b2
Changing priority flexibility pr 2.x (#1841)
matej5 Jul 11, 2024
2037c74
Aws acl role changes for ip set pr 2.x (#1848)
matej5 Jul 12, 2024
6d519bd
add_php_repo_before_apt_extra_packages_task_from_common_base (#1850)
tymofiisobchenko Jul 12, 2024
419387c
fix_opensearch_vars (#1852)
tymofiisobchenko Jul 15, 2024
184387a
wait_timeout_for_opensearch_domain_creation (#1854)
tymofiisobchenko Jul 15, 2024
6a31637
Updating-aws-acl-task (#1856)
matej5 Jul 17, 2024
8c3f3cf
Bug fixes 2.x pr 2.x (#1859)
gregharvey Jul 18, 2024
bcee996
Bug fixes 2.x pr 2.x (#1860)
gregharvey Jul 18, 2024
cdb037f
Small-changes-on-aws-acl-and-RDS-validation (#1863)
matej5 Jul 23, 2024
1678f2a
Updating-user-ansible-vars (#1864)
drazenCE Jul 30, 2024
1ffa2ad
Updating user ansible vars pr 2.x (#1867)
drazenCE Jul 30, 2024
acb8ae9
add_vars_to_user_deploy_user_provision (#1869)
tymofiisobchenko Jul 31, 2024
0fea705
Disabling-general-log-mariadb (#1871)
drazenCE Jul 31, 2024
8facd99
Updating-aws_acl-role (#1873)
matej5 Aug 1, 2024
37fa346
r70260-rkhunter-whitelist (#1877)
drazenCE Aug 7, 2024
4605fff
fix(nginx): Remove default nginx dummy vhost that could clash with Va…
klausi Aug 14, 2024
c7bc57c
Wazuh-var-update (#1903)
drazenCE Aug 27, 2024
166a0e8
Wazuh-agent-vars-more-readable (#1905)
drazenCE Aug 27, 2024
1f7c08c
Filebeat-restart-task-wazuh (#1907)
drazenCE Aug 28, 2024
5d3153a
Filebeat restart task wazuh pr 2.x (#1909)
drazenCE Aug 28, 2024
e5306ea
Adding-gawk-to-extra-packages (#1910)
drazenCE Sep 2, 2024
229551c
Updating-filebeat-restart-task (#1913)
drazenCE Sep 3, 2024
38bc576
Adding motd to exit role pr 2.x (#1915)
matej5 Sep 3, 2024
6491f83
Fixing-motd-task (#1917)
drazenCE Sep 4, 2024
1ce0265
Motd-switch-egrep-with-awk (#1919)
drazenCE Sep 4, 2024
5c240df
Motd-task-update (#1922)
drazenCE Sep 4, 2024
d0fec1f
Fixing motd task when running on localhost pr 2.x (#1924)
matej5 Sep 5, 2024
ec1ff32
Apt bug workaround pr 2.x (#1935)
tymofiisobchenko Sep 9, 2024
e68f1e3
Pushing-aws-backup-validation-role (#1944)
matej5 Sep 9, 2024
91306be
fix(redis): Convert maxmemory setting to int before comparing (#1897)
klausi Sep 10, 2024
e476b63
Reverting-nginx-username (#1945)
drazenCE Sep 11, 2024
094cf0f
Reverting nginx username pr 2.x (#1947)
drazenCE Sep 11, 2024
829ad7c
Updating-nginx-vars (#1950)
drazenCE Sep 11, 2024
894f233
Bug fixes 2.x pr 2.x (#1952)
gregharvey Sep 11, 2024
0fda124
r70597 new system role for ipv6 disablement (#1954)
nfawbert Sep 13, 2024
89f779e
Fixing-json-file-for-restore-testing (#1956)
matej5 Sep 13, 2024
743e477
Fixing json file for restore testing pr 2.x (#1957)
matej5 Sep 13, 2024
01fa3e8
updating asg role to support custom rule on http and https (#1959)
filiprupic Sep 16, 2024
42968b3
Bug fixes 2.x pr 2.x (#1962)
gregharvey Sep 16, 2024
48f70db
Bug fixes 2.x pr 2.x (#1966)
gregharvey Sep 16, 2024
2b40728
r70596 create swap directory (#1968)
nfawbert Sep 17, 2024
054630c
70325 adding asg redirect pr 2.x (#1963)
filiprupic Sep 17, 2024
44bd4bb
swapfile path and clamav exclusion (#1970)
nfawbert Sep 17, 2024
07483c4
Galaxy role pr 2.x (#1974)
gregharvey Sep 19, 2024
63a3168
Bug fixes 2.x pr 2.x (#1975)
gregharvey Sep 19, 2024
d365903
Bug fixes 2.x pr 2.x (#1978)
gregharvey Sep 19, 2024
e3e92fc
Bug fixes 2.x pr 2.x (#1980)
gregharvey Sep 19, 2024
d54a77f
Updating defaults pr 2.x (#1982)
matej5 Sep 27, 2024
81ba000
Updating defaults pr 2.x (#1984)
matej5 Sep 27, 2024
263178a
Removing-gawk-apt (#1985)
drazenCE Sep 30, 2024
68af278
Adding-gawk-removing-gawk-csh (#1987)
drazenCE Oct 1, 2024
7733709
Adding-when-statement-for-assigning-instance (#1990)
matej5 Oct 2, 2024
c7cc767
Matching-2.x-and-devel-branches (#1999)
matej5 Oct 2, 2024
1e1c155
Adding-aws-ses-role (#2003)
matej5 Oct 2, 2024
b9f7099
Resolving-conflicts (#2015)
matej5 Oct 9, 2024
6de09d0
Resolving-conflicts (#2018)
matej5 Oct 10, 2024
11bbb4f
Updating nginx ssl le roles pr 2.x (#2021)
drazenCE Oct 10, 2024
9cc13a0
r70260 Option to ignore false-positive shared memory segment warnings…
nfawbert Oct 14, 2024
3624d58
Adding-wazuh-ossec-from-enigma00a (#2027)
drazenCE Oct 17, 2024
4df8e0b
Updating-gitlab-runner-env (#2031)
drazenCE Oct 18, 2024
f4a2eb1
r70987-decom-vpn-guest (#2034)
nfawbert Oct 21, 2024
4091736
r70797 nodhcp module in system role for hetzner cloud systems (#2036)
nfawbert Oct 21, 2024
62e947d
fix pipefail with bash (#2038)
nfawbert Oct 21, 2024
ecf8d48
fix var in templ (#2040)
nfawbert Oct 21, 2024
13bf15a
R70928 adding webroot option for le ssl task and fixing looping over …
matej5 Oct 28, 2024
6731f91
Updating-local-ossec-rules (#2045)
drazenCE Oct 29, 2024
c4aeab0
Updating-wazuh-vars (#2048)
drazenCE Oct 30, 2024
c35b2a6
r70260-rkhunter-tested-good-tweaks (#2051)
nfawbert Nov 5, 2024
ad461b8
Fixing-LE-renew-timer (#2052)
matej5 Nov 6, 2024
9b81481
R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055)
nfawbert Nov 7, 2024
b39f21a
Updating-system-role-condition (#2056)
drazenCE Nov 7, 2024
28128ea
Updating system role condition pr 2.x (#2059)
drazenCE Nov 7, 2024
237cec3
r71121-tweak-nohetznerdhcp-condition (#2061)
nfawbert Nov 8, 2024
92df478
Changing-aws-acl-when-statement (#2063)
matej5 Nov 11, 2024
6fe3800
R71127 r71052 check pr 2.x (#2073)
tymofiisobchenko Nov 12, 2024
05baa41
Newer aws collection test pr 2.x (#2077)
tymofiisobchenko Nov 13, 2024
a1bfc21
r71171-efs-client-upgrade (#2079)
tymofiisobchenko Nov 19, 2024
57ce7c3
Turning-off-ami-cleanup-task (#2083)
matej5 Nov 21, 2024
f757a67
Changing subnet for rds pr 2.x (#2087)
matej5 Nov 27, 2024
08bc58b
fix(debian/duplicity): Fix missing compilation dependencies (#2029)
klausi Nov 27, 2024
7de6408
fix(php-fpm): Set a good process children default for bigger servers …
klausi Nov 27, 2024
9666c52
Fixing-RDS-backup-validation (#2089)
matej5 Nov 28, 2024
52e9020
Updating-postfix-default-transport-maps (#2092)
drazenCE Dec 3, 2024
b66c484
Updated lambda backup validation reporting pr 2.x (#2099)
matej5 Dec 4, 2024
3ea00fa
Bug fixes 2.x pr 2.x (#2096)
gregharvey Dec 4, 2024
c63908c
Avoiding-backup-restoration-for-dev-env (#2108)
matej5 Dec 5, 2024
019107f
Updating-nodejs-to-nodistro (#2094)
drazenCE Dec 5, 2024
2551c45
r71344-Updating-aws-acl-role (#2111)
matej5 Dec 5, 2024
1042aa1
r71344-Updating-aws-acl-role (#2112)
matej5 Dec 5, 2024
1f27e9e
Fixing-non-utf8-item (#2116)
matej5 Dec 5, 2024
faf190d
Fixing non utf8 item pr 2.x (#2117)
matej5 Dec 5, 2024
997a693
Fixing-utf8 (#2129)
drazenCE Dec 9, 2024
d455a4f
Fixing utf8-2.x (#2131)
drazenCE Dec 9, 2024
e780882
Changing-lambda-creation-from-tip-file-to-s3 (#2122)
matej5 Dec 9, 2024
461792d
Updating email notification title pr 2.x (#2140)
matej5 Dec 9, 2024
f969f1b
Adding-defaults-to-max-children (#2141)
drazenCE Dec 11, 2024
83157d1
Adding defaults to max children pr 2.x (#2144)
drazenCE Dec 11, 2024
2740a8a
Updating-php-defaults (#2145)
drazenCE Dec 12, 2024
e52a546
Updating php defaults pr 2.x (#2147)
drazenCE Dec 13, 2024
e8b9b63
efs_version_fix_for_old_debian_workaround (#2151)
tymofiisobchenko Dec 17, 2024
653c23e
fix(duplicity): Fix file name of include/exclude list (#2152)
klausi Dec 17, 2024
af394a8
Bug fixes 2.x pr 2.x (#2120)
gregharvey Dec 18, 2024
ca98e15
Update .wikis2pages.yml
gregharvey Dec 18, 2024
7ee7f1c
Nightly builds (#2153)
gregharvey Dec 21, 2024
237a59a
Updating-wazuh-template (#2154)
drazenCE Dec 23, 2024
f41c496
Updating le template (#2156)
drazenCE Dec 31, 2024
123bced
Reworking-nodejs-for-older-versions (#2157)
drazenCE Jan 2, 2025
984c502
Reworking nodejs for older versions pr 2.x (#2159)
drazenCE Jan 3, 2025
d7f2a1b
Reworking nodejs for older versions pr 2.x (#2160)
drazenCE Jan 3, 2025
9c15d0e
Reworking nodejs for older versions pr 2.x (#2161)
drazenCE Jan 3, 2025
3cab7e3
Publish docs pr 2.x (#2164)
gregharvey Jan 6, 2025
7f05cf2
Merge branch 'devel-2.x' into 2.x
gregharvey Jan 6, 2025
2a8f937
Publish docs pr 2.x (#2166)
gregharvey Jan 7, 2025
1130f7a
Publish docs pr 2.x (#2168)
gregharvey Jan 7, 2025
ff7c0ac
Publish docs pr 2.x (#2171)
gregharvey Jan 7, 2025
7415e4c
Publish docs pr 2.x (#2174)
gregharvey Jan 8, 2025
bfc862b
Publish docs pr 2.x (#2177)
gregharvey Jan 8, 2025
9a12fcc
Publish docs pr 2.x (#2179)
gregharvey Jan 8, 2025
2a0d997
Publish docs pr 2.x (#2181)
gregharvey Jan 8, 2025
c55ba2c
Publish docs pr 2.x (#2184)
gregharvey Jan 8, 2025
63583d3
Publish docs pr 2.x (#2186)
gregharvey Jan 8, 2025
e3e122b
GitHub Actions - updating markdown docs - (#2187)
github-actions[bot] Jan 8, 2025
efb357c
Publish docs pr 2.x (#2189)
gregharvey Jan 8, 2025
66c6ed9
Publish docs pr 2.x (#2193)
gregharvey Jan 8, 2025
67ea50f
r71115-default-ldap-ca-cert (#2197)
nfawbert Jan 8, 2025
9893d68
Documentation update - 2.x (#2198)
github-actions[bot] Jan 8, 2025
8a4d8c5
Publish docs pr 2.x (#2203)
gregharvey Jan 8, 2025
4fada37
Publish docs pr 2.x (#2205)
gregharvey Jan 8, 2025
8ddb254
Documentation update - 2.x (#2200)
github-actions[bot] Jan 8, 2025
72137a4
Enhanced quick start pr 2.x (#2207)
gregharvey Jan 9, 2025
537b60e
Documentation update - 2.x (#2208)
github-actions[bot] Jan 13, 2025
bf90d80
Enhanced quick start pr 2.x (#2211)
gregharvey Jan 13, 2025
5de8638
Publish docs pr 2.x (#2216)
gregharvey Jan 13, 2025
fb03534
Publish docs pr 2.x (#2218)
gregharvey Jan 13, 2025
0986cb2
Documentation update - 2.x (#2213)
github-actions[bot] Jan 13, 2025
8de3b45
Publish docs pr 2.x (#2220)
gregharvey Jan 13, 2025
e879264
Bug fixes 2.x pr 2.x (#2225)
gregharvey Jan 14, 2025
2ad05bb
Bug fixes 2.x pr 2.x (#2229)
gregharvey Jan 14, 2025
858de79
Documentation update - 2.x (#2226)
github-actions[bot] Jan 14, 2025
a81e2d1
Bug fixes 2.x pr 2.x (#2231)
gregharvey Jan 15, 2025
5096fa9
Bug fixes 2.x pr 2.x (#2233)
gregharvey Jan 15, 2025
24b4a9b
Bug fixes 2.x pr 2.x (#2235)
gregharvey Jan 15, 2025
13fd86a
Bug fixes 2.x pr 2.x (#2240)
gregharvey Jan 15, 2025
fdf1e22
Updating-descriptions (#2237)
matej5 Jan 15, 2025
02d550c
Bug fixes 2.x pr 2.x (#2242)
gregharvey Jan 15, 2025
9ef5312
Bug fixes 2.x pr 2.x (#2244)
gregharvey Jan 15, 2025
344d9a3
Documentation update - 2.x (#2245)
github-actions[bot] Jan 15, 2025
07b9df8
Allowing more flexible definition of sudo privileges via user_ansible.
gregharvey Jan 16, 2025
a244db1
Merging devel
gregharvey Jan 16, 2025
6c8e090
Fixing ce-deploy example.
gregharvey Jan 16, 2025
6566546
Merge branch 'sudoer_improvements' into sudoer_improvements-PR-devel-2.x
gregharvey Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 11 additions & 4 deletions ce-dev/ansible/vars/_common/user_deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
_user_deploy_username: ce-dev
user_deploy:
username: ce-dev
username: "{{ _user_deploy_username }}"
utility_host: "localhost"
utility_username: ce-dev
sudoer: false
utility_username: "{{ _user_deploy_username }}"
sudo_config:
entity_name: "{{ _user_deploy_username }}"
hosts: "ALL"
operators: "(ALL)"
tags: "NOPASSWD:"
commands: "ALL"
filename: "{{ _user_deploy_username }}"
groups: []
ssh_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbzq9srh/W23MBCx/GmlTO3aJckDjZnCcczAAGtx3rAzGFEtvFgDaZbbHK+ya2SSazzQbfSXmwWAYABtFu6qRmZtDCBKlHhR7rI9MysiACmSX6X6fVIDbCZoVXIZIVGR0wdv52+kMArMktO9Y456jlman5whd3b7VD5LOt1xKQRLVQ7KjsxgQ/hpolSo6ZmsJuJe2xF9NMSfpQetmprTEFoCbXbVOl6XDUVqYsNF/e55A2jXBng2UNluztWQDnaP2sDODPk5uw3Fy6Znk0auYe9CmImUZX5x+BLulJIJWmsDa2+Ls3MCpF9VKPqV/UInETJ5P3ge1ieC8a1dboPL4/T9XERPXuGxeZtISNHwFZ3mGSjrbqFpMpJHZ7G41oGqBOq9dsw4eY3G0YlvMtv8Nqu2MtOQz/nGFSniES6e7Q4aHtBOoCbpJt7tDcpIDy9YfEhgQHxNtdAmt0n7GS71O0HS+15y89EzJ46139vZeuvSUkdgUxhQ5ZWhp1u3/6XyaCKt+SHKH5CbbrXQrfP/g98wm4W6kVAAjtkEXZ6rwsc71WdRLxZr17ArOpG+YVTJ67+iMEgsaEw9bi2DNDVeYl51NmNc4d873iH7d/0gsRq4ECzZwoNB0X9N6n0F5cVjQvx2802FzwHUMA2V8gS64UBuoC2OIv/r3YSkwuplzggw== [email protected]"
#- "{{ lookup('file', '{{ _ce_provision_data_dir }}/provision-controller/home/ce-dev/.ssh/id_rsa.pub') }}" # works locally
#- "{{ lookup('file', '{{ _ce_provision_data_dir }}/provision-controller/home/' + _user_deploy_username + '/.ssh/id_rsa.pub') }}" # works locally
15 changes: 11 additions & 4 deletions ce-dev/ansible/vars/_common/user_provision.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,16 @@
_user_provision_username: ce-dev
user_provision:
username: ce-dev
username: "{{ _user_provision_username }}"
utility_host: "localhost"
utility_username: ce-dev
sudoer: true
utility_username: "{{ _user_provision_username }}"
sudo_config:
entity_name: "{{ _user_provision_username }}"
hosts: "ALL"
operators: "(ALL)"
tags: "NOPASSWD:"
commands: "ALL"
filename: "{{ _user_provision_username }}"
groups: []
ssh_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbzq9srh/W23MBCx/GmlTO3aJckDjZnCcczAAGtx3rAzGFEtvFgDaZbbHK+ya2SSazzQbfSXmwWAYABtFu6qRmZtDCBKlHhR7rI9MysiACmSX6X6fVIDbCZoVXIZIVGR0wdv52+kMArMktO9Y456jlman5whd3b7VD5LOt1xKQRLVQ7KjsxgQ/hpolSo6ZmsJuJe2xF9NMSfpQetmprTEFoCbXbVOl6XDUVqYsNF/e55A2jXBng2UNluztWQDnaP2sDODPk5uw3Fy6Znk0auYe9CmImUZX5x+BLulJIJWmsDa2+Ls3MCpF9VKPqV/UInETJ5P3ge1ieC8a1dboPL4/T9XERPXuGxeZtISNHwFZ3mGSjrbqFpMpJHZ7G41oGqBOq9dsw4eY3G0YlvMtv8Nqu2MtOQz/nGFSniES6e7Q4aHtBOoCbpJt7tDcpIDy9YfEhgQHxNtdAmt0n7GS71O0HS+15y89EzJ46139vZeuvSUkdgUxhQ5ZWhp1u3/6XyaCKt+SHKH5CbbrXQrfP/g98wm4W6kVAAjtkEXZ6rwsc71WdRLxZr17ArOpG+YVTJ67+iMEgsaEw9bi2DNDVeYl51NmNc4d873iH7d/0gsRq4ECzZwoNB0X9N6n0F5cVjQvx2802FzwHUMA2V8gS64UBuoC2OIv/r3YSkwuplzggw== [email protected]"
#- "{{ lookup('file', '{{ _ce_provision_data_dir }}/provision-controller/home/ce-dev/.ssh/id_rsa.pub') }}" # works locally
#- "{{ lookup('file', '{{ _ce_provision_data_dir }}/provision-controller/home/' + _user_provision_username + '/.ssh/id_rsa.pub') }}" # works locally
8 changes: 7 additions & 1 deletion install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,13 @@ user_provision:
update_password: always
utility_username: "${CONTROLLER_USER}"
utility_host: localhost
sudoer: true
sudo_config:
entity_name: "${CONTROLLER_USER}"
hosts: "ALL"
operators: "(ALL)"
tags: "NOPASSWD:"
commands: "ALL"
filename: "${CONTROLLER_USER}"
groups:
- bypass2fa
ssh_keys:
Expand Down
9 changes: 8 additions & 1 deletion roles/debian/user_ansible/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,14 @@ user_ansible:
# Local username of the deploy user.
utility_host: "localhost"
utility_username: "{{ _user_ansible_username }}"
sudoer: false
sudo_config: {} # an empty dictionary will skip creating a sudo config
# Example sudo config allowing full sudo permissions - see the debian/sudo_config role for more details.
# entity_name: "{{ _user_ansible_username }}"
# hosts: "ALL"
# operators: "(ALL)"
# tags: "NOPASSWD:"
# commands: "ALL"
# filename: "{{ _user_ansible_username }}"
# List of additional groups to add the user to.
groups: []
# List of SSH pub keys to authorize. These must be provided as strings (content of the pub key).
Expand Down
10 changes: 2 additions & 8 deletions roles/debian/user_ansible/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,8 @@
ansible.builtin.include_role:
name: debian/sudo_config
vars:
sudo_config:
entity_name: "{{ user_ansible.username }}"
hosts: "ALL"
operators: "(ALL)"
tags: "NOPASSWD:"
commands: "ALL"
filename: "{{ user_ansible.username }}"
when: user_ansible.sudoer
sudo_config: "{{ user_ansible.sudo_config }}"
when: user_ansible.sudo_config | length > 0

- name: Copy SSH public key to target.
ansible.posix.authorized_key:
Expand Down
10 changes: 9 additions & 1 deletion roles/debian/user_deploy/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,15 @@ user_deploy:
# Local username of the deploy user.
utility_host: "localhost"
utility_username: "{{ _user_deploy_username }}"
sudoer: false
sudo_config: {}
# Example config allowing for feature branching. Allows manipulation of NGINX vhosts and cron.d files.
# Uncomment to use.
# entity_name: "{{ _user_deploy_username }}"
# hosts: "ALL"
# operators: "(ALL)"
# tags: "NOPASSWD:"
# commands: "/usr/bin/systemctl reload nginx, /usr/bin/systemctl restart nginx, /usr/sbin/nginx -t, sudoedit /etc/nginx/sites-available, sudoedit /etc/nginx/sites-enabled, sudoedit /etc/cron.d"
# filename: "{{ _user_deploy_username }}"
# List of additional groups to add the user to.
groups:
- docker # add the docker group so we can do container builds
Expand Down
9 changes: 8 additions & 1 deletion roles/debian/user_provision/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,14 @@ user_provision:
# Local username of the system user.
utility_host: "localhost"
utility_username: "{{ _user_provision_username }}"
sudoer: true
# Sudo configuration for full passwordless admin privileges.
sudo_config:
entity_name: "{{ _user_provision_username }}"
hosts: "ALL"
operators: "(ALL)"
tags: "NOPASSWD:"
commands: "ALL"
filename: "{{ _user_provision_username }}"
# List of additional groups to add the user to.
groups: []
# List of SSH pub keys to authorize. These must be provided as strings (content of the pub key).
Expand Down
Loading