add buster support and check vars

3ca15c16 · Chris Croome · f84767b3 · 3ca15c16 · 3ca15c16 · 3ca15c16
Verified Commit 3ca15c16 authored 4 months ago by Chris Croome
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -32,6 +32,12 @@ fail2ban_pkgs:
      - python3-pyinotify
      - whois
    pkgs_absent: []
+  - name: bullseye
+    pkgs_present:
+      - fail2ban
+      - python3-pyinotify
+      - whois
+    pkgs_absent: []
  - name: trixie
    pkgs_present:
      - fail2ban

--- a/meta/argument_specs.yml
+++ b/meta/argument_specs.yml
@@ -68,6 +68,7 @@ argument_specs:
            description: The Linux distro name.
            choices:
              - bookworm
+              - bullseye
              - jammy
              - noble
              - trixie

--- a/tasks/check.yml
+++ b/tasks/check.yml
+# Copyright 2018-2023 Chris Croome
+#
+# This file is part of the Webarchitects Fail2ban Ansible role.
+#
+# The Webarchitects Fail2ban Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+#
+# The Webarchitects Fail2ban Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with the Webarchitects Fail2ban Ansible role. If not, see <https://www.gnu.org/licenses/>.
+---
+- name: Check role variables
+  block:
+
+    - name: Gather distribution facts
+      ansible.builtin.setup:
+        gather_subset:
+          - distribution
+      when: ansible_facts.distribution_release is not defined
+
+    - name: Distro packages need to be specified
+      ansible.builtin.assert:
+        that:
+          - ansible_facts.distribution_release in (fail2ban_pkgs | community.general.json_query('[].name'))
+        quiet: "{% if ansible_verbosity == 0 %}true{% else %}false{% endif %}"
+        fail_msg: >-
+          The distro {{ ansible_facts.distribution_release }} needs to be listed in the fail2ban_pkgs array, currently the array
+          contains {{ (fail2ban_pkgs | community.general.json_query('[].name')) | join(', ') }}
+
+    - name: Debug fail2ban_pkgs
+      ansible.builtin.debug:
+        var: fail2ban_pkgs
+        verbosity: "{% if ansible_check_mode | bool or ansible_diff_mode | bool %}1{% else %}2{% endif %}"
+
+    - name: Debug fail2ban_pkgs_absent
+      ansible.builtin.debug:
+        var: fail2ban_pkgs_absent
+        verbosity: "{% if ansible_check_mode | bool or ansible_diff_mode | bool %}0{% else %}1{% endif %}"
+
+    - name: Debug fail2ban_pkgs_present
+      ansible.builtin.debug:
+        var: fail2ban_pkgs_present
+        verbosity: "{% if ansible_check_mode | bool or ansible_diff_mode | bool %}0{% else %}1{% endif %}"
+
+    - name: Check that lists of packages present and absent are defined
+      ansible.builtin.assert:
+        that:
+          - (fail2ban_pkgs | community.general.json_query(fail2ban_jpq.pkgs_absent)) | type_debug == "list"
+          - (fail2ban_pkgs | community.general.json_query(fail2ban_jpq.pkgs_present)) | type_debug == "list"
+        quiet: "{% if ansible_check_mode or ansible_verbosity >= 1 %}false{% else %}true{% endif %}"
+
+  tags:
+    - fail2ban
+...
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -22,6 +22,9 @@
      ansible.builtin.include_tasks: verify.yml
      when: fail2ban_verify | bool

+    - name: Check Fail2ban variables
+      ansible.builtin.include_tasks: check.yml
+
    - name: Include fail2ban package tasks
      ansible.builtin.include_tasks: pkg.yml


--- a/tasks/verify.yml
+++ b/tasks/verify.yml
@@ -49,13 +49,6 @@
        argument_spec: "{{ fail2ban_combined_argument_spec['argument_specs']['main']['options'] }}"
        provided_arguments: "{{ fail2banhostvars }}"

-    - name: Check that lists of packages present and absent are defined
-      ansible.builtin.assert:
-        that:
-          - (fail2ban_pkgs | community.general.json_query(fail2ban_jpq.pkgs_absent)) | type_debug == "list"
-          - (fail2ban_pkgs | community.general.json_query(fail2ban_jpq.pkgs_present)) | type_debug == "list"
-        quiet: "{% if ansible_check_mode or ansible_verbosity >= 1 %}false{% else %}true{% endif %}"
-
  when: fail2ban_verify | bool
  tags:
    - fail2ban