From 4afa43240bf282c134cb38896c9faeb3a742b998 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Tue, 9 Sep 2025 12:27:56 +0200 Subject: [PATCH] remove non-sap roles --- README.md | 3 -- docs/DEVELOPMENT.md | 16 ------ roles/os_ansible_user/README.md | 56 --------------------- roles/os_ansible_user/defaults/main.yml | 7 --- roles/os_ansible_user/tasks/main.yml | 47 ----------------- roles/os_etchosts/README.md | 48 ------------------ roles/os_etchosts/defaults/main.yml | 3 -- roles/os_etchosts/tasks/main.yml | 7 --- roles/os_etchosts/tasks/update_etchosts.yml | 16 ------ roles/os_knownhosts/README.md | 29 ----------- roles/os_knownhosts/defaults/main.yml | 3 -- roles/os_knownhosts/tasks/main.yml | 15 ------ 12 files changed, 250 deletions(-) delete mode 100644 roles/os_ansible_user/README.md delete mode 100644 roles/os_ansible_user/defaults/main.yml delete mode 100644 roles/os_ansible_user/tasks/main.yml delete mode 100644 roles/os_etchosts/README.md delete mode 100644 roles/os_etchosts/defaults/main.yml delete mode 100644 roles/os_etchosts/tasks/main.yml delete mode 100644 roles/os_etchosts/tasks/update_etchosts.yml delete mode 100644 roles/os_knownhosts/README.md delete mode 100644 roles/os_knownhosts/defaults/main.yml delete mode 100644 roles/os_knownhosts/tasks/main.yml diff --git a/README.md b/README.md index 36d7e17..ae807a3 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,6 @@ Within this Ansible Collection, there are various Ansible Roles and Ansible Modu | Name                    | Summary | | :-- | :-- | -| [os_ansible_user](/roles/os_ansible_user) | creates Ansible user `ansadm` with ssh key | -| [os_etchosts](/roles/os_etchosts) | updates `/etc/hosts` | -| [os_knownhosts](/roles/os_knownhosts) | updates known hosts file `/.ssh/known_hosts` | | [sap_control](/roles/sap_control) | starting and stopping SAP systems | | [sap_fapolicy](/roles/sap_fapolicy) | update service `fapolicyd` for generic / sap nw / sap hana related uids | | [sap_firewall](/roles/sap_firewall) | update service `firewalld` for generic / sap nw / sap hana related ports | diff --git a/docs/DEVELOPMENT.md b/docs/DEVELOPMENT.md index 1ba4920..4a86d86 100644 --- a/docs/DEVELOPMENT.md +++ b/docs/DEVELOPMENT.md @@ -18,22 +18,6 @@ collection/ │ ├── sap_monitor_nw_response.sh │ └── sap_monitor_nw_status.sh ├── roles/ -│ ├── os_ansible_user -│ │ ├── defaults -│ │ │ └── main.yml -│ │ └── tasks -│ │ └── main.yml -│ ├── os_etchosts -│ │ ├── defaults -│ │ │ └── main.yml -│ │ └── tasks -│ │ ├── main.yml -│ │ └── update_etchosts.yml -│ ├── os_knownhosts -│ │ ├── defaults -│ │ │ └── main.yml -│ │ └── tasks -│ │ └── main.yml │ ├── sap_control │ │ ├── defaults │ │ │ └── main.yml diff --git a/roles/os_ansible_user/README.md b/roles/os_ansible_user/README.md deleted file mode 100644 index 03eb712..0000000 --- a/roles/os_ansible_user/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# os_ansible_user Ansible Role - -Ansible role for creating an ansible user for your managed systems - -## Prerequisites - -- Create your Ansible user in your Ansible command host -- Generate a key via `ssh-keygen` -- > **_Note:_** Highly recommended that you do this manually and not be part of the automation for security reasons -- A userid that has sudo privileges (or direct root) to create the Ansible user - - Provide the user in your `vars` - ```yaml - ansible_user: admin_user - ansible_password: your_password - ansible_sudo_pass: your_password - ``` - -## Overview - -### Variables - -| **Variable** | **Info** | **Default** | **Required** | -| :--- | :--- | :--- | :--- | -| os_ansible_user_userid | Ansible user to be created | | yes | -| os_ansible_user_password | Password of the Ansible user to be created | | yes | -| os_ansible_user_uid | Ansible user Unix user id | | yes | -| os_ansible_user_gid | Ansible user Unix group id | | yes | -| os_ansible_user_keyfile | Key filename found in `~./ssh/` | "id_ecdsa.pub" | yes | -| os_ansible_user_force_recreate | Forcefully recreate user by deleting existing user first | "yes" | no | - -### Input and Execution - -- Sample execution: - - ```bash - ansible-playbook --connection=local --limit localhost -i "localhost," os-create-ansible-user.yml" - ``` - -- Sample playbook - - ```yaml - --- - - hosts: all - become: true - vars: - ansible_user: admin_user - ansible_password: your_password - ansible_sudo_pass: your_password - os_ansible_user_userid: ansadm - os_ansible_user_password: 'my_password' - os_ansible_user_uid: 1010 - os_ansible_user_gid: 1010 - os_ansible_user_keyfile: id_ecdsa.pub - roles: - - { role: community.sap_operations.os_ansible_user } - ``` diff --git a/roles/os_ansible_user/defaults/main.yml b/roles/os_ansible_user/defaults/main.yml deleted file mode 100644 index 42e5510..0000000 --- a/roles/os_ansible_user/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -os_ansible_user_userid: ansadm -os_ansible_user_password: "" -os_ansible_user_uid: "" -os_ansible_user_gid: "" -os_ansible_user_keyfile: id_ecdsa.pub - -os_ansible_user_force_recreate: true diff --git a/roles/os_ansible_user/tasks/main.yml b/roles/os_ansible_user/tasks/main.yml deleted file mode 100644 index 391bc34..0000000 --- a/roles/os_ansible_user/tasks/main.yml +++ /dev/null @@ -1,47 +0,0 @@ -- name: Remove existing {{ os_ansible_user_userid }} - block: - - name: Kill all processes under {{ os_ansible_user_userid }} - ignore_errors: true - ansible.builtin.shell: | - killall -u {{ os_ansible_user_userid }} - - - name: Remove {{ os_ansible_user_userid }} - ansible.builtin.user: - name: '{{ os_ansible_user_userid }}' - state: absent - remove: true - force: true - - - name: Remove {{ os_ansible_user_userid }} group - ansible.builtin.group: - name: '{{ os_ansible_user_userid }}' - state: absent - when: os_ansible_user_force_recreate - -- name: Create {{ os_ansible_user_userid }} group - ansible.builtin.group: - name: '{{ os_ansible_user_userid }}' - gid: '{{ os_ansible_user_gid }}' - state: present - -- name: Create {{ os_ansible_user_userid }} - ansible.builtin.user: - name: '{{ os_ansible_user_userid }}' - comment: "Ansible User" - uid: '{{ os_ansible_user_uid }}' - group: '{{ os_ansible_user_userid }}' - groups: "{{ os_ansible_user_userid }},wheel" - -- name: Add to sudoers NOPASSWD - ansible.builtin.shell: | - echo '{{ os_ansible_user_password }}' | passwd --stdin {{ os_ansible_user_userid }} - echo -e '{{ os_ansible_user_userid }}\tALL=(ALL)\tNOPASSWD: ALL' > /etc/sudoers.d/{{ os_ansible_user_userid }} - -- name: Add key - ansible.posix.authorized_key: - user: '{{ os_ansible_user_userid }}' - state: present - manage_dir: true - key: "{{ lookup('file', item) }}" - with_fileglob: - - /home/{{ os_ansible_user_userid }}/.ssh/{{ os_ansible_user_keyfile }} diff --git a/roles/os_etchosts/README.md b/roles/os_etchosts/README.md deleted file mode 100644 index 51c5260..0000000 --- a/roles/os_etchosts/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# os_etchosts Ansible Role - -Ansible role for updating /etc/hosts - -## Overview - -### Variables - -| **Variable** | **Info** | **Default** | **Required** | -| :--- | :--- | :--- | :--- | -| os_etchosts_entries | List of ip addresses and hostnames (please see sample) | | yes | -| os_etchosts_fqdn | Fully qualified domain name | | yes | -| os_etchosts_delimiter | Delimiter between the hosts entries | "\t" | no | - -### Input and Execution - -- Sample execution: - - ```bash - ansible-playbook --connection=local --limit localhost -i "localhost," sap-etchosts-update.yml" - ``` - -- Sample playbook - - ```yaml - --- - - hosts: all - become: true - vars: - sap_os_tools_etchosts_entries: - - "10.0.0.1 hana01-lb" - - "10.0.0.2 hana02-lb" - - "10.0.1.1 s4hana01-ci" - - "10.0.1.2 s4hana01-app" - sap_os_tools_etchosts_fqdn: "poc.cloud" - roles: - - { role: community.sap_operations.os_etchosts } - ``` - -- Sample result - - ```console - cat /etc/hosts - 10.0.0.1 hana01-lb.poc.cloud hana01-lb - 10.0.0.2 hana02-lb.poc.cloud hana02-lb - 10.0.1.1 s4hana01-ci.poc.cloud s4hana01-ci - 10.0.1.2 s4hana01-app.poc.cloud s4hana01-app - ``` diff --git a/roles/os_etchosts/defaults/main.yml b/roles/os_etchosts/defaults/main.yml deleted file mode 100644 index 01774bb..0000000 --- a/roles/os_etchosts/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -os_etchosts_delimiter: "\t" -os_etchosts_fqdn: "" -os_etchosts_entries: [] diff --git a/roles/os_etchosts/tasks/main.yml b/roles/os_etchosts/tasks/main.yml deleted file mode 100644 index d98adec..0000000 --- a/roles/os_etchosts/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -# SAP OS Tools - /etc/hosts - -- name: SAP OS Tools - /etc/hosts - ansible.builtin.include_tasks: update_etchosts.yml - loop: "{{ os_etchosts_entries }}" - loop_control: - loop_var: passed_entry diff --git a/roles/os_etchosts/tasks/update_etchosts.yml b/roles/os_etchosts/tasks/update_etchosts.yml deleted file mode 100644 index 845979a..0000000 --- a/roles/os_etchosts/tasks/update_etchosts.yml +++ /dev/null @@ -1,16 +0,0 @@ -- name: SAP OS Tools - /etc/hosts - Split passed entry - ansible.builtin.set_fact: - passed_ip: "{{ passed_entry.split()[0] }}" - passed_host: "{{ passed_entry.split()[1] }}" - -- name: SAP OS Tools - /etc/hosts - Deduplicate values from /etc/hosts - ansible.builtin.lineinfile: - path: /etc/hosts - create: false - regexp: (?i)^\s*{{ passed_ip }}\s+ - state: absent - -- name: SAP OS Tools - /etc/hosts - Update - ansible.builtin.lineinfile: - path: /etc/hosts - line: "{{ passed_ip }}{{ os_etchosts_delimiter }}{{ passed_host }}.{{ os_etchosts_fqdn }}{{ os_etchosts_delimiter }}{{ passed_host }}" diff --git a/roles/os_knownhosts/README.md b/roles/os_knownhosts/README.md deleted file mode 100644 index b488375..0000000 --- a/roles/os_knownhosts/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# os_knownhosts Ansible Role - -Ansible role for updating known hosts file `/.ssh/known_hosts`. This is usually used on the Ansible control / central node. - -## Overview - - -### Input and Execution - -Just execute the role, no need to set vafriable inputs. Put the target host(s) in the inventory `-i` argument - -- Sample execution: - - ```bash - ansible-playbook -i "host_you_want_to_update," sap-knownhosts-update.yml" - ``` - -- Sample playbook - - ```yaml - --- - - - name: Store known hosts of 'all' the hosts in the inventory file - hosts: localhost - connection: local - roles: - - { role: community.sap_operations.os_knownhosts } - - ``` diff --git a/roles/os_knownhosts/defaults/main.yml b/roles/os_knownhosts/defaults/main.yml deleted file mode 100644 index 791ab7d..0000000 --- a/roles/os_knownhosts/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -ssh_known_hosts_command: "ssh-keyscan -T 10" -ssh_known_hosts_file: "{{ lookup('env','HOME') + '/.ssh/known_hosts' }}" -ssh_known_hosts: "{{ groups['all'] }}" diff --git a/roles/os_knownhosts/tasks/main.yml b/roles/os_knownhosts/tasks/main.yml deleted file mode 100644 index 7718da5..0000000 --- a/roles/os_knownhosts/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Update known hosts file - $HOME/.ssh/known_hosts ---- - -- name: Scan ssh public key for each host - ansible.builtin.shell: "ssh-keyscan {{ item }},`dig +short {{ item }}`" - with_items: "{{ ssh_known_hosts }}" - register: ssh_known_host_results - ignore_errors: true - -- name: Add/update public key in the '{{ ssh_known_hosts_file }}' - ansible.builtin.known_hosts: - name: "{{ item.item }}" - key: "{{ item.stdout }}" - path: "{{ ssh_known_hosts_file }}" - with_items: "{{ ssh_known_host_results.results }}"