Jose/ansible_role_proxmox_provision
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'refactor ♻️: Refactor logrotate configuration for dynamic handling of multiple files' (#4) from dev into main
Some checks failed
ansible-lint / Ansible Lint (push) Failing after 6s
Details
Gitleaks Scan / gitleaks (push) Successful in 5s
Details
Markdown Lint / markdown-lint (push) Successful in 5s
Details

Browse Source 
Reviewed-on: #4
This commit was merged in pull request #4.
This commit is contained in:
Jose
2026-02-08 19:47:25 +01:00
parent daf4d74d93 4a02a41d43
commit ba322dd97b
2 changed files with 112 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
handlers/main.yml
View File

@@ -15,61 +15,6 @@
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
daemon_reexec: true daemon_reexec: true
- name: Patch legacy proxmoxlib.js - name: logrotate reload
block: ansible.builtin.command: logrotate /etc/logrotate.conf
- name: Patch legacy proxmoxlib.js changed_when: false
ansible.builtin.replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
regexp: "if \\(data.status !== 'Active'\\)"
replace: "if (false)"
register: patch_legacy
failed_when: patch_legacy.matched == 0
notify: Restart pveproxy
- name: Re-stat proxmoxlib.js
ansible.builtin.stat:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
checksum_algorithm: sha256
register: proxmoxlib_js_after
- name: Store patched checksum (legacy)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_js_after.stat.checksum }}\n"
- name: Restart pveproxy
ansible.builtin.systemd:
name: pveproxy
state: restarted
- name: Patch minified proxmoxlib.js
block:
- name: Patch minified proxmoxlib.min.js
ansible.builtin.replace:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
regexp: "data.status!=='Active'"
replace: "false"
register: patch_minified
failed_when: patch_minified.matched == 0
- name: Re-stat proxmoxlib.min.js
ansible.builtin.stat:
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
checksum_algorithm: sha256
register: proxmoxlib_min_after
- name: Store patched checksum (minified)
ansible.builtin.copy:
dest: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256
owner: root
group: root
mode: "0644"
content: "{{ proxmoxlib_min_after.stat.checksum }}\n"
- name: Restart pveproxy
ansible.builtin.systemd:
name: pveproxy
state: restarted

116
tasks/logrotate.yml
View File

@@ -1,8 +1,110 @@
--- ---
- name: logrotate | Configure Proxmox logrotate limits
ansible.builtin.template: - name: logrotate | Configure all main Proxmox logs
src: logrotate-pve.j2
dest: /etc/logrotate.d/proxmox vars:
owner: root proxmox_logrotate_files:
group: root - /etc/logrotate.conf
mode: "0644" - /etc/logrotate.d/pve
- /etc/logrotate.d/pve-firewall
loop: "{{ proxmox_logrotate_files }}"
loop_control:
loop_var: item
block:
- name: Check if {{ item }} exists
ansible.builtin.stat:
path: "{{ item }}"
register: logrotate_file
- name: Configure {{ item }}
block:
- name: Backup {{ item }} once
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ item }}.original"
remote_src: true
args:
creates: "{{ item }}.original"
- name: Ensure daily rotation
ansible.builtin.replace:
path: "{{ item }}"
regexp: '^\s*weekly'
replace: 'daily'
notify: logrotate reload
- name: Set rotate (number of retained logs)
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^(\s*rotate\s+).*'
line: ' rotate {{ proxmox_logrotate_rotate }}'
state: present
insertafter: '^\s*daily'
notify: logrotate reload
- name: Ensure maxsize is set
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^(\s*maxsize\s+).*'
line: ' maxsize {{ proxmox_logrotate_maxsize }}'
state: present
insertafter: '^\s*rotate'
notify: logrotate reload
- name: Ensure Compress
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^\s*compress\b'
line: ' compress'
state: present
insertafter: '^\s*maxsize'
notify: logrotate reload
- name: Ensure delaycompress
ansible.builtin.lineinfile:
path: "{{ item }}"
regexp: '^\s*delaycompress\b'
line: ' delaycompress'
state: present
insertafter: '^\s*compress'
notify: logrotate reload
when: logrotate_file.stat.exists
# only for logrotate.conf
- name: Uncomment dateext if commented
ansible.builtin.replace:
path: /etc/logrotate.conf
regexp: '^\s*#\s*(dateext)\b'
replace: '\1'
notify: logrotate reload
- name: Uncomment compress if commented
ansible.builtin.replace:
path: /etc/logrotate.conf
regexp: '^\s*#\s*(compress)\b'
replace: '\1'
notify: logrotate reload
- name: Ensure missingok is present
ansible.builtin.lineinfile:
path: /etc/logrotate.conf
regexp: '^\s*missingok\b'
line: 'missingok'
state: present
insertafter: EOF
notify: logrotate reload
- name: Ensure notifempty is present
ansible.builtin.lineinfile:
path: /etc/logrotate.conf
regexp: '^\s*notifempty\b'
line: 'notifempty'
state: present
insertafter: EOF
notify: logrotate reload