Update git.ipr domain

CHANGELOG.md

@@ -1,5 +1,32 @@
+## v2.0.1
 
-## v1.0
+### Fix
+* Use flatten to manage packages list.
+* Prefix module with "ansible.builtin.".
+
+## v2.0.0
+
+### Features
+* Adapt for Debian Buster (starts with Arpwatch version 2.1a15-7).
+* Drop Debian Stretch support. Stay in v1.* to be able to manage Arpwatch on Debian Stretch.
+
+### Fix
+* Arpwatch doesn't support configuration file. Remove /etc/arpwatch.conf
+
+## v1.0.2
+
+### Fix
+* Fix E405 Remote package tasks should have a retry.
+* Fix E102 No Jinja2 in when.
+* Fix E404 Doesn't need a relative path in role.
+
+## v1.0.1
+
+### Fix
+* Set empty dependencies line to fix Galaxy warning.
+* Use to_nice_json to manage packages list.
+
+## v1.0.0
 
 ### Features
 * Install Arpwatch.

README.md

@@ -18,6 +18,7 @@ Manage Arpwatch installation and configuration.
 * **arpwatch__enabled** : Enable or disable support for Arpwatch on a given host [default : `True`].
 * **arpwatch__service_manage** : If the arpwatch service should be managed [default : `True`].
 * **arpwatch__service_name** : The service name to manage [default : `arpwatch`].
+* **arpwatch__conf_interfaces** : List of network interfaces where arpwatch should listen [default : `[ '{{ ansible_default_ipv4.interface }}' ]`].
 * **arpwatch__conf_src** : Template used to provide configuration file [default : `../templates/etc/arpwatch.conf.j2`].
 * **arpwatch__conf_username** : Username that should run Arpwatch [default : `arpwatch`].
 * **arpwatch__conf_args** : Arguments to apply to Arpwatch [default : `-N -p`].
@@ -39,7 +40,7 @@ This role will :
 * Manage `arpwatch` configuration (/etc/arpwatch.conf).
 * Allow to set the user that run Arpwatch.
 * Allow to set arguments to pass Arpwatch service.
-* Ensure `arpwatch` service is enabled and started.
+* Ensure to start an `arpwatch` process for the main network interface at least.
 * Ensure to restart `arpwatch` service if configuration changed.
 
 ## Development
@@ -61,7 +62,7 @@ Jérémy Gardais
 * [IPR][ipr website] (Institut de Physique de Rennes)
 
 [gogs to github hook]: https://stackoverflow.com/a/21998477
-[arpwatch source]: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.arpwatch
+[arpwatch source]: https://git.ipr.univ-rennes.fr/cellinfo/ansible.arpwatch
 [arpwatch github]: https://github.com/ipr-cnrs/arpwatch
 [wtfpl website]: http://www.wtfpl.net/about/
 [ipr website]: https://ipr.univ-rennes1.fr/

defaults/main.yml

@@ -46,12 +46,11 @@ arpwatch__service_manage: True
 # Configuration [[[
 # -----------------------------
 
-# .. envvar:: arpwatch__conf_src [[[.
+# .. envvar:: arpwatch__conf_interfaces [[[.
-# Template used to provide configuration file.
+# List of network interfaces that should have a running arpwatch process.
 #
-# Must be a relative path from default/ directory of this role or to your
+# By default, only listen on the main network interface.
-# ansible inventory directory.
+arpwatch__conf_interfaces: [ '{{ ansible_default_ipv4.interface }}' ]
-arpwatch__conf_src: '../templates/etc/arpwatch.conf.j2'
 
                                                                    # ]]]
 # .. envvar:: arpwatch__conf_username [[[.

handlers/main.yml

@@ -2,9 +2,10 @@
 # handlers file for arpwatch
 - name: restart arpwatch service
   service:
-    name: '{{ arpwatch__service_name }}'
+    name: '{{ arpwatch__service_name }}@{{ item }}'
     state: '{{ "restarted" if (arpwatch__enabled | d(True) | bool and
                             (arpwatch__service_manage | d(True) | bool))
           else "stopped" }}'
     enabled: '{{ arpwatch__service_manage | d(True) | bool }}'
-
+  with_items:
+    - '{{ arpwatch__conf_interfaces }}'

meta/main.yml

@@ -1,14 +1,18 @@
+---
+
+dependencies: []
+
 galaxy_info:
   author: "Jérémy Gardais"
   description: "Manage Arpwatch installation and configuration"
   license: WTFPL
   company: IPR
-  issue_tracker_url: https://git.ipr.univ-rennes1.fr/cellinfo/ansible.arpwatch/issues
+  issue_tracker_url: https://git.ipr.univ-rennes.fr/cellinfo/ansible.arpwatch/issues
-  min_ansible_version: 2.4
+  min_ansible_version: 2.9
   platforms:
   - name: Debian
     versions:
-    - stretch
+    - buster
   galaxy_tags:
     - system
     - arpwatch

tasks/main.yml

@@ -5,46 +5,34 @@
 
 # Manage required system packages [[[1
 - name: Ensure required packages are in there desired state
-  package:
+  ansible.builtin.package:
-    name: '{{ item }}'
+    name: '{{ arpwatch__base_packages | flatten }}'
     state: 'present'
     install_recommends: False
-  with_flattened:
+  register: pkg_result
-    - '{{ arpwatch__base_packages }}'
+  until: pkg_result is success
   when: arpwatch__enabled|bool
 
-# Manage configuration file [[[1
+# Manage service default [[[1
-## Manage Arpwatch configuration [[[
-- name: Create Arpwatch configuration
-  template:
-    src: '{{ arpwatch__conf_src }}'
-    dest: "/etc/arpwatch.conf"
-    owner: root
-    group: root
-    mode: '0644'
-  when: arpwatch__enabled|bool
-  notify: ['restart arpwatch service']
-                                                                   # ]]]
-## Manage service default [[[
 - name: Manage service default
-  template:
+  ansible.builtin.template:
-    src: '../templates/etc/default/arpwatch.j2'
+    src: 'etc/default/arpwatch.j2'
     dest: "/etc/default/arpwatch"
     owner: root
     group: root
     mode: '0644'
-  when: '{{ ((arpwatch__enabled | bool) and
+  when: ((arpwatch__enabled | bool) and
-             (arpwatch__service_manage | bool)) }}'
+         (arpwatch__service_manage | bool))
   notify: ['restart arpwatch service']
-                                                                   # ]]]
 
 # Manage service [[[1
-- name: Manage arpwatch service
+- name: Manage arpwatch service by network interface
-  service:
+  ansible.builtin.service:
-    name: '{{ arpwatch__service_name }}'
+    name: '{{ arpwatch__service_name }}@{{ item }}'
     state: '{{ "started" if ((arpwatch__enabled | d(True) | bool) and
                              (arpwatch__service_manage | d(True) | bool))
           else "stopped" }}'
     enabled: '{{ ((arpwatch__enabled | d(True) | bool) and
                   (arpwatch__service_manage | d(True) | bool)) }}'
-
+  with_items:
+    - '{{ arpwatch__conf_interfaces }}'

templates/etc/arpwatch.conf.j2

@@ -1,24 +0,0 @@
-## {{ ansible_managed }}
-
-# /etc/arpwatch.conf: Debian-specific way to watch multiple interfaces.
-# Format of this configuration file is:
-#
-#<dev1>	<arpwatch options for dev1>
-#<dev2>	<arpwatch options for dev2>
-#...
-#<devN>	<arpwatch options for devN>
-#
-# You can set global options for all interfaces by editing
-# /etc/default/arpwatch
-
-# For example:
-
-#eth0	-m root
-#eth1	-m root
-#eth2	-m root
-
-# or, if you have an MTA configured for plussed addressing:
-#
-#eth0	-m root+eth0
-#eth1	-m root+eth1
-#eth2	-m root+eth2

templates/etc/default/arpwatch.j2

@@ -2,8 +2,25 @@
 
 # Global options for arpwatch(8).
 
+# do not use the -i, -f or -u options here, they are added automatically
 # Debian: don't report bogons, don't use PROMISC.
 ARGS="{{ arpwatch__conf_args }}"
 
+# if you want to add a pcap filter, uncomment and adjust the option below (you
+# will need spaces so adding -F to the ARGS above will cause problems). See -F
+# option in man 8 arpwatch for more information
+#PCAP_FILTER="not ether host (00:11:22:33:44:55 or 66:77:88:99:aa:bb)"
+
 # Debian: run as `{{ arpwatch__conf_username }}' user.  Empty this to run as root.
 RUNAS="{{ arpwatch__conf_username }}"
+
+# when using systemd you have to enable arpwatch explicitly for each interface
+# you want to run it on by running:
+# systemctl enable arpwatch@IFACE
+# systemctl start arpwatch@IFACE
+
+# For the LSB init script, enter a list of interfaces into the list below;
+# arpwatch will be started to listen on these interfaces.
+# Note: This is ignored when using systemd!
+# INTERFACES="eth0 eth1"
+INTERFACES=""