diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..1fea1b1 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,6 @@ + +## v1.0 + +### Features +* Install Arpwatch. +* Ensure the service is in the desired state. diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..7851f33 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,58 @@ +--- +# .. vim: foldmarker=[[[,]]]:foldmethod=marker +# +# ipr-cnrs.arpwatch default variables [[[ +# ====================================== + +# Packages and installation [[[ +# ----------------------------- + +# .. envvar:: arpwatch__base_packages [[[ +# +# List of base packages to install. +arpwatch__base_packages: + - 'arpwatch' + + # ]]] +# .. envvar:: arpwatch__enabled [[[ +# +# Enable or disable support for Arpwatch on a given host. Disabling this +# option does not remove existing installation and configuration. +# +arpwatch__enabled: True + + # ]]] +# .. envvar:: arpwatch__service_name [[[ +# +# The service name to manage. +arpwatch__service_name: 'arpwatch' + + # ]]] +# .. envvar:: arpwatch__service_manage [[[ +# +# If the arpwatch service should be managed? Possible options: +# +# ``True`` +# Default. The service is started and enabled. +# +# ``False`` +# The service is stopped and disabled from startup. +arpwatch__service_manage: True + + # ]]] + + # ]]] + +# Configuration [[[ +# ----------------------------- + +# .. envvar:: arpwatch__conf_src [[[. +# Template used to provide configuration file. +# +# Must be a relative path from default/ directory of this role or to your +# ansible inventory directory. +arpwatch__conf_src: '../templates/etc/arpwatch.conf.j2' + + # ]]] + + # ]]] diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..1af3bea --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,10 @@ +--- +# handlers file for arpwatch +- name: restart arpwatch service + service: + name: '{{ arpwatch__service_name }}' + state: '{{ "restarted" if (arpwatch__enabled | d(True) | bool and + (arpwatch__service_manage | d(True) | bool)) + else "stopped" }}' + enabled: '{{ arpwatch__service_manage | d(True) | bool }}' + diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..050774a --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,33 @@ +--- +# .. vim: foldmarker=[[[,]]]:foldmethod=marker +# +# tasks file for ipr-cnrs.arpwatch + +# Manage required system packages [[[1 +- name: Ensure required packages are in there desired state + package: + name: '{{ item }}' + state: 'present' + install_recommends: False + with_flattened: + - '{{ arpwatch__base_packages }}' + when: arpwatch__enabled|bool + +# Manage configuration file [[[1 +- name: Configure Arpwatch + template: + src: '{{ arpwatch__conf_src }}' + dest: "/etc/arpwatch.conf" + when: arpwatch__enabled|bool + notify: ['restart arpwatch service'] + +# Manage service [[[1 +- name: Manage arpwatch service + service: + name: '{{ arpwatch__service_name }}' + state: '{{ "started" if ((arpwatch__enabled | d(True) | bool) and + (arpwatch__service_manage | d(True) | bool)) + else "stopped" }}' + enabled: '{{ ((arpwatch__enabled | d(True) | bool) and + (arpwatch__service_manage | d(True) | bool)) }}' + diff --git a/templates/etc/arpwatch.conf.j2 b/templates/etc/arpwatch.conf.j2 new file mode 100644 index 0000000..07bdbcf --- /dev/null +++ b/templates/etc/arpwatch.conf.j2 @@ -0,0 +1,22 @@ +# /etc/arpwatch.conf: Debian-specific way to watch multiple interfaces. +# Format of this configuration file is: +# +# +# +#... +# +# +# You can set global options for all interfaces by editing +# /etc/default/arpwatch + +# For example: + +#eth0 -m root +#eth1 -m root +#eth2 -m root + +# or, if you have an MTA configured for plussed addressing: +# +#eth0 -m root+eth0 +#eth1 -m root+eth1 +#eth2 -m root+eth2