CHANGELOG.md

@@ -1,18 +1,3 @@
-## v2.0.1
-
-### Fix
-* Use flatten to manage packages list.
-* Prefix module with "ansible.builtin.".
-
-## v2.0.0
-
-### Features
-* Adapt for Debian Buster (starts with Arpwatch version 2.1a15-7).
-* Drop Debian Stretch support. Stay in v1.* to be able to manage Arpwatch on Debian Stretch.
-
-### Fix
-* Arpwatch doesn't support configuration file. Remove /etc/arpwatch.conf
-
 ## v1.0.2
 
 ### Fix

README.md

@@ -18,7 +18,6 @@ Manage Arpwatch installation and configuration.
 * **arpwatch__enabled** : Enable or disable support for Arpwatch on a given host [default : `True`].
 * **arpwatch__service_manage** : If the arpwatch service should be managed [default : `True`].
 * **arpwatch__service_name** : The service name to manage [default : `arpwatch`].
-* **arpwatch__conf_interfaces** : List of network interfaces where arpwatch should listen [default : `[ '{{ ansible_default_ipv4.interface }}' ]`].
 * **arpwatch__conf_src** : Template used to provide configuration file [default : `../templates/etc/arpwatch.conf.j2`].
 * **arpwatch__conf_username** : Username that should run Arpwatch [default : `arpwatch`].
 * **arpwatch__conf_args** : Arguments to apply to Arpwatch [default : `-N -p`].
@@ -40,7 +39,7 @@ This role will :
 * Manage `arpwatch` configuration (/etc/arpwatch.conf).
 * Allow to set the user that run Arpwatch.
 * Allow to set arguments to pass Arpwatch service.
-* Ensure to start an `arpwatch` process for the main network interface at least.
+* Ensure `arpwatch` service is enabled and started.
 * Ensure to restart `arpwatch` service if configuration changed.
 
 ## Development
@@ -62,7 +61,7 @@ Jérémy Gardais
 * [IPR][ipr website] (Institut de Physique de Rennes)
 
 [gogs to github hook]: https://stackoverflow.com/a/21998477
-[arpwatch source]: https://git.ipr.univ-rennes.fr/cellinfo/ansible.arpwatch
+[arpwatch source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.arpwatch
 [arpwatch github]: https://github.com/ipr-cnrs/arpwatch
 [wtfpl website]: http://www.wtfpl.net/about/
 [ipr website]: https://ipr.univ-rennes1.fr/

defaults/main.yml

@@ -46,11 +46,12 @@ arpwatch__service_manage: True
 # Configuration [[[
 # -----------------------------
 
-# .. envvar:: arpwatch__conf_interfaces [[[.
+# .. envvar:: arpwatch__conf_src [[[.
-# List of network interfaces that should have a running arpwatch process.
+# Template used to provide configuration file.
 #
-# By default, only listen on the main network interface.
+# Must be a relative path from default/ directory of this role or to your
-arpwatch__conf_interfaces: [ '{{ ansible_default_ipv4.interface }}' ]
+# ansible inventory directory.
+arpwatch__conf_src: 'etc/arpwatch.conf.j2'
 
                                                                    # ]]]
 # .. envvar:: arpwatch__conf_username [[[.

handlers/main.yml

@@ -2,10 +2,8 @@
 # handlers file for arpwatch
 - name: restart arpwatch service
   service:
-    name: '{{ arpwatch__service_name }}@{{ item }}'
+    name: '{{ arpwatch__service_name }}'
     state: '{{ "restarted" if (arpwatch__enabled | d(True) | bool and
                             (arpwatch__service_manage | d(True) | bool))
           else "stopped" }}'
     enabled: '{{ arpwatch__service_manage | d(True) | bool }}'
-  with_items:
-    - '{{ arpwatch__conf_interfaces }}'

meta/main.yml

@@ -7,12 +7,12 @@ galaxy_info:
   description: "Manage Arpwatch installation and configuration"
   license: WTFPL
   company: IPR
-  issue_tracker_url: https://git.ipr.univ-rennes.fr/cellinfo/ansible.arpwatch/issues
+  issue_tracker_url: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.arpwatch/issues
-  min_ansible_version: 2.9
+  min_ansible_version: 2.4
   platforms:
   - name: Debian
     versions:
-    - buster
+    - stretch
   galaxy_tags:
     - system
     - arpwatch

tasks/main.yml

@@ -5,17 +5,31 @@
 
 # Manage required system packages [[[1
 - name: Ensure required packages are in there desired state
-  ansible.builtin.package:
+  package:
-    name: '{{ arpwatch__base_packages | flatten }}'
+    name: '{{ item }}'
     state: 'present'
     install_recommends: False
+  with_flattened:
+    - '{{ arpwatch__base_packages | to_nice_json }}'
   register: pkg_result
   until: pkg_result is success
   when: arpwatch__enabled|bool
 
-# Manage service default [[[1
+# Manage configuration file [[[1
+## Manage Arpwatch configuration [[[
+- name: Create Arpwatch configuration
+  template:
+    src: '{{ arpwatch__conf_src }}'
+    dest: "/etc/arpwatch.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  when: arpwatch__enabled|bool
+  notify: ['restart arpwatch service']
+                                                                   # ]]]
+## Manage service default [[[
 - name: Manage service default
-  ansible.builtin.template:
+  template:
     src: 'etc/default/arpwatch.j2'
     dest: "/etc/default/arpwatch"
     owner: root
@@ -24,15 +38,14 @@
   when: ((arpwatch__enabled | bool) and
          (arpwatch__service_manage | bool))
   notify: ['restart arpwatch service']
+                                                                   # ]]]
 
 # Manage service [[[1
-- name: Manage arpwatch service by network interface
+- name: Manage arpwatch service
-  ansible.builtin.service:
+  service:
-    name: '{{ arpwatch__service_name }}@{{ item }}'
+    name: '{{ arpwatch__service_name }}'
     state: '{{ "started" if ((arpwatch__enabled | d(True) | bool) and
                              (arpwatch__service_manage | d(True) | bool))
           else "stopped" }}'
     enabled: '{{ ((arpwatch__enabled | d(True) | bool) and
                   (arpwatch__service_manage | d(True) | bool)) }}'
-  with_items:
-    - '{{ arpwatch__conf_interfaces }}'

templates/etc/arpwatch.conf.j2

@@ -0,0 +1,24 @@
+## {{ ansible_managed }}
+
+# /etc/arpwatch.conf: Debian-specific way to watch multiple interfaces.
+# Format of this configuration file is:
+#
+#<dev1>	<arpwatch options for dev1>
+#<dev2>	<arpwatch options for dev2>
+#...
+#<devN>	<arpwatch options for devN>
+#
+# You can set global options for all interfaces by editing
+# /etc/default/arpwatch
+
+# For example:
+
+#eth0	-m root
+#eth1	-m root
+#eth2	-m root
+
+# or, if you have an MTA configured for plussed addressing:
+#
+#eth0	-m root+eth0
+#eth1	-m root+eth1
+#eth2	-m root+eth2

templates/etc/default/arpwatch.j2

@@ -2,25 +2,8 @@
 
 # Global options for arpwatch(8).
 
-# do not use the -i, -f or -u options here, they are added automatically
 # Debian: don't report bogons, don't use PROMISC.
 ARGS="{{ arpwatch__conf_args }}"
 
-# if you want to add a pcap filter, uncomment and adjust the option below (you
-# will need spaces so adding -F to the ARGS above will cause problems). See -F
-# option in man 8 arpwatch for more information
-#PCAP_FILTER="not ether host (00:11:22:33:44:55 or 66:77:88:99:aa:bb)"
-
 # Debian: run as `{{ arpwatch__conf_username }}' user.  Empty this to run as root.
 RUNAS="{{ arpwatch__conf_username }}"
-
-# when using systemd you have to enable arpwatch explicitly for each interface
-# you want to run it on by running:
-# systemctl enable arpwatch@IFACE
-# systemctl start arpwatch@IFACE
-
-# For the LSB init script, enter a list of interfaces into the list below;
-# arpwatch will be started to listen on these interfaces.
-# Note: This is ignored when using systemd!
-# INTERFACES="eth0 eth1"
-INTERFACES=""