Skip to content
This repository was archived by the owner on Oct 7, 2025. It is now read-only.

Conversation

@nfawbert
Copy link
Contributor

No description provided.

gregharvey and others added 30 commits November 10, 2023 16:23
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.

* Grouping python activities together after role downloads.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.

* Grouping python activities together after role downloads.

* Need a cache update to make the 'parallel' package avaiable.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.

* Grouping python activities together after role downloads.

* Need a cache update to make the 'parallel' package avaiable.

* Updating path to ce_deploy role for galaxy requirements files.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.

* Grouping python activities together after role downloads.

* Need a cache update to make the 'parallel' package avaiable.

* Updating path to ce_deploy role for galaxy requirements files.

* For shell scripts to work Ansible's python venv needs adding to path.
* Updating paths in meta roles.

* Excluding wazuh role from linting.

* Removing exclusion from CI because it's in .ansible-lint.

* Adding debian readme to complete sidebar in docs.

* Being more generic with Python version for venv to avoid Debian version issues.

* We shouldn't need to remove all the old Ansible system stuff any more.

* Grouping python activities together after role downloads.

* Need a cache update to make the 'parallel' package avaiable.

* Updating path to ce_deploy role for galaxy requirements files.

* For shell scripts to work Ansible's python venv needs adding to path.

* Making sure _common.sh sources Ansible binary path in Python venv.
* Adding support for PHP session lifetime.

* Updating module namespaces.
* Making SG handling consistent with a new role.

* Updating documentation.
* Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.

* Adding dnsutils and telnet as standard to common_base.

* Removing merge error.
* Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.

* Adding dnsutils and telnet as standard to common_base.

* Removing merge error.

* Adding atop and sysstat as default too.
* Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.

* Default packages pr 1.x (#1257)

* Adding extra packages to common_base.

* Fixing typo.
* Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.

* Adding dnsutils and telnet as standard to common_base.

* Removing merge error.

* Adding atop and sysstat as default too.

* Adding extra packages to common_base.

* Fixing typo.

* Default packages pr 1.x (#1257)

* Adding extra packages to common_base.

* Fixing typo.

* Removing diagnostic packages from containers.
* Adding support for PHP session lifetime. (#1240)

* Adding support for PHP session lifetime.

* Updating module namespaces.

* Default packages pr 1.x (#1257)

* Adding extra packages to common_base.

* Fixing typo.

* Default packages pr 1.x (#1261)

* Adding extra packages to common_base.

* Fixing typo.

* Removing diagnostic packages from containers.

* Providing Backblaze support in Duplicity role.

* Moving Duplicity S3 options to an Ansible variable.

* Duplicity updates pr 1.x (#1265)

* Providing Backblaze support in Duplicity role.

* Moving Duplicity S3 options to an Ansible variable.

* Correcting path for cron.

* Duplicity updates pr 1.x (#1267)

* Providing Backblaze support in Duplicity role.

* Moving Duplicity S3 options to an Ansible variable.

* Correcting path for cron.

* Option to suppress making a cron script.

* Duplicity updates pr 1.x (#1268)

* Providing Backblaze support in Duplicity role.

* Moving Duplicity S3 options to an Ansible variable.

* Correcting path for cron.

* Option to suppress making a cron script.

* duplicity not in path for cron so needs full path in script.

* Duplicity updates pr 1.x (#1270)

* Providing Backblaze support in Duplicity role.

* Moving Duplicity S3 options to an Ansible variable.

* Correcting path for cron.

* Option to suppress making a cron script.

* duplicity not in path for cron so needs full path in script.

* R66963 separate lb fix pr 1.x (#1272)

* r66963-separate-lb-fix

* attempt to add TGW routes to list

* Updating Duplicity docs.

* Removing obsolete templates.

* Accidentally doubled a PHP var.

---------

Co-authored-by: tymofiisobchenko <[email protected]>
* Adding a --ansible-path option so you can provide the location of Ansible.

* Ensuring our venv Ansible ends up in PATH.

* Improving docs.

* Single quotes not required around path to Ansible.

* Pleasing the linter.
* Adding a --ansible-path option so you can provide the location of Ansible.

* Ensuring our venv Ansible ends up in PATH.

* Improving docs.

* Single quotes not required around path to Ansible.

* Pleasing the linter.

* Still trying to please the linter.
* Adding a --ansible-path option so you can provide the location of Ansible.

* Ensuring our venv Ansible ends up in PATH.

* Improving docs.

* Single quotes not required around path to Ansible.

* Pleasing the linter.

* Still trying to please the linter.

* Using -z to check ANSIBLE_PATH var.
* Docs update for ansible role.

* Adding apparmor role.

* Syntax error in with_items.
* Fixing dependency paths.

* Adding vim and unzip to common installs.

* First pass at a phpMyAdmin role.
* Adding support for mail aliases to the postfix role.

* Adding more default packages.

* Fixing paths to roles.
* Adding support for mail aliases to the postfix role.

* Adding more default packages.

* Fixing paths to roles.

* Forgot to comment the ansible_managed line.

* Adding vim line to start of AppArmor template.
* Adding support for mail aliases to the postfix role.

* Adding more default packages.

* Fixing paths to roles.

* Forgot to comment the ansible_managed line.

* Adding vim line to start of AppArmor template.

* Fixing EOF in apparmor template.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.
gregharvey and others added 26 commits September 16, 2024 19:30
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.
* r70596 create swap directory

* remove stat check
* updating asg role to support custom rule on http and https

* updating readme properly

* updating docs for the asg role

---------

Co-authored-by: filip <[email protected]>
* Deleting obsolete Debian 10 requirements files.

* Adding first pass at generic and reusable Ansible Galaxy role.

* Docs update.

* Updating README files.

* Updating ce_provision and ce_deploy to use ansible_galaxy role.

* Ansible Galaxy docs enhancement.

* Cannot use _ansible in variable names, reserved.

* Removing blocks for Galaxy installation, not needed.

* Variables passed to Galaxy role were wrong.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.
* Improving AWS subnet docs.

* Error in timers structure in the SSL role.

* Removing obsolete backports requirements.

* Allow the billing role to access Sustainability information.

* Missing comma in IAM billing policy.

* Removing broken GitLab Runner code.

* Fixed the include_role task in gitlab_runner.

* Suppressing a failure if there is no system pip to call.

* Logic error in Ansible installer username, needs to be set from calling role.

* ansible_user is a reserved variable, seems to be causing issues.

* _ansible_ANYTHING is reserved, using _install_username instead.

* python_boto role also needs the username set in the calling role.

* Updating python_boto docs.

* Making profile.d loading more robust.

* Also pip removing ansible-core and trying with pip and pip3 to cover all bases.

* Updating bad AWS SG role var namespacing in other roles.

* Refactoring how we handle python3-pip.

* Allow passing in of the Python interpreter to Ansible.

* Updating the packages server for CE.

* Installing Ansible in a venv on all machines.

* Changing common_base format for readability.

* No need to specify Python to the point release.

* Docs update.

* Fixing LDAP SSL to use systemd timer.

* Allowing different systemd timer names for different Ansible installs.

* Fixing dynamic key name in ansible role.

* Trying to debug missing timer_command var.

* Treating the timer string so it becomes a dict.

* Moving default log location for clamav.

* Updating ClamAV docs.

* Grouping systemd timer tasks together.

* Exposing ce-provision version in build output.

* Wrong variable in meta role for controller username.

* Removing any reference to _aws variables in debian role defaults.

* Setting more sane ASG defaults.

* Making ClamAV timers a list so they can be entirely replaced.

* Spacing fix for linting.

* Renaming npm module.

* Removing NGINX installation as part of phpMyAdmin role by default.

* Fixing Varnish handler names.

* Excluding name[casing] rule from linting due to false positives.

* Put rule in wrong place!

* Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC.

* Capturing lock file limitations in comment.

* Updating documentation for LE.

* Using pip to install certbot plugins.

* Updating README docs.

* Docs error corrected.

* Working around deprecated SSH algorithms.

* Upgrading SSH key type standard for controller and deploy users.

* Adding SCP args for legacy mode needed by Packer.

* Adding an extra when clause to ACM SAN cert check.

* Trying different approach to ACM SAN cert check.

* Removing /bin/which from rkhunter defaults, it isn't present in Debian 11.

* RDS param group module has changed name.

* Adding passlib to libraries installed for ce-provision.

* Adding in valid path for 'which' to rkhunter.

* Catching up documentation.

* Catching up documentation.

* Making user creation optional and home directories a variable.

* Missed passing new home var to task.

* Fixing firewall.bash deletion issues.

* Getting rid of accidental extra braces.

* Simplifying usernames so you only need to set one var.

* Docs update and making Ansible installation via _init an option.

* Variable path error.

* Updating linter ignore paths.

* Making the NGINX test result var private.

* Documentation update.

* Fixing role dependency in NGINX role.

* Adding installation path handling for Galaxy collections.

* Removing -p option due to unexpected ill effects for role paths.

* Moving X-Content-Type-Options header to project type templates.

* Adding some inline documentation.

* Fixing Postfix template to allow external relays.

* Adding a FQDN postfix transport map.
* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

---------

Co-authored-by: Matej Stajduhar <[email protected]>
* Updated-defaults-for-aws_acl-role

* Removing-Identity-search

* Removing-undefined-variable

---------

Co-authored-by: Matej Stajduhar <[email protected]>
* Adding-when-statement-for-assigning-instance

* Adding-check-prior-to-assigning-resources

* Adding-check-prior-to-assigning-resources

* Adding-region-to-aws-cli-command

* Print-protected-resource

* Adding-resource-type-definition

* Resolved-conflicts

* Removing-empty-line

* Disabling-assigning-instance-to-restore-testing-plan

---------

Co-authored-by: Matej Stajduhar <[email protected]>
* Adding-aws-ses-role

* Removing-python-script

* Changing-domain-name

* Using-variable-for-domain-name

---------

Co-authored-by: Matej Stajduhar <[email protected]>
Co-authored-by: Matej Stajduhar <[email protected]>
Co-authored-by: Matej Stajduhar <[email protected]>
* Updating-nginx-SSL-LE-roles

* Updating-nginx-vars
* r70797 nodhcp module in system role for hetzner cloud systems

* fix syntax

* r70797 set pipefail to resolve linting failure
…70797-fix-lint-fail-pipefail-bash-PR-devel-2.x
@gitguardian
Copy link

gitguardian bot commented Oct 21, 2024

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
5773360 Triggered Generic Password 65f72f4 install.sh View secret
11380256 Triggered Username Password bb1d5cd roles/debian/wazuh/defaults/main.yml View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@sonarqubecloud
Copy link

@nfawbert nfawbert merged commit 9b0ab76 into devel-2.x Oct 21, 2024
4 of 6 checks passed
@nfawbert nfawbert deleted the r70797-fix-lint-fail-pipefail-bash-PR-devel-2.x branch October 21, 2024 16:22
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants