Switch from using tags to variables

Signed-off-by: Radovan Sroka <[email protected]>

README.md

@@ -24,11 +24,6 @@ extreme caution as it might break your system.
 
 ### Available tags to control and use the role
 
-* __install__ - With this tag the role ensures that the `aide` package is installed on the remote nodes
-* __generate_config__ - Generates the file `/etc/aide.conf` using `templates/aide.conf.j2`; the template needs to be adjusted to fit your requirements; if you do not use this tag the default configuration file shipped with the `aide` package will be used
-* __init__ - Initializes the AIDE database and fetches it from the remote nodes to store it on the controller node
-* __check__ - Runs an integrity check on the remote nodes
-* __update__ - Updates the AIDE database and stores it on the controller node
 
 ## What does this role not do for you?
 
@@ -51,11 +46,45 @@ same directory as the playbook.
 In case you like to store the fetched AIDE database files somewhere else you
 need to specify a different path here.
 
-Example of setting the variables:
+### aide_install
 
-```yaml
-aide_db_fetch_dir: files
-```
+With this variable the role ensures that the `aide` package is installed on the remote nodes
+
+Default: `true`
+
+Type: `bool`
+
+### aide_generate_config
+
+Generates the file `/etc/aide.conf` using `templates/aide.conf.j2`; the template needs to be adjusted to fit your requirements; if you do not use this varable the default configuration file shipped with the `aide` package will be used.
+
+Default: `true`
+
+Type: `bool`
+
+### aide_init
+
+Initializes the AIDE database and fetches it from the remote nodes to store it on the controller node
+
+Default: `true`
+
+Type: `bool`
+
+### aide_check
+
+Runs an integrity check on the remote nodes
+
+Default: `false`
+
+Type: `bool`
+
+### aide_update
+
+Updates the AIDE database and stores it on the controller node
+
+Default: `false`
+
+Type: `bool`
 
 ## Example Playbook
 
@@ -69,16 +98,15 @@ passed in as parameters) is always nice for users too:
   hosts: targets
   tasks:
     - name: Include role aide
-      tags:
-        - install
-        - generate_config
-        - init
-        - check
-        - update
       vars:
         aide_db_fetch_dir: files
+        aide_install: true
+        aide_generate_config: true
+        aide_init: true
+        aide_check: false
+        aide_update: false
       ansible.builtin.include_role:
-        name: aide
+        name: linux-system-roles.aide
 ```
 
 More examples can be found in the [`examples/`](examples) directory.

defaults/main.yml

@@ -5,3 +5,18 @@
 
 # Examples of role input variables:
 aide_db_fetch_dir: files
+
+# Enable install phase
+aide_install: true
+
+# Enable config file generation phase
+aide_generate_config: true
+
+# Enable initialization of the database phase
+aide_init: true
+
+# Enable check database phase
+aide_check: false
+
+# Enable database update phase
+aide_update: false

examples/simple.yml → examples/default.yml

@@ -4,13 +4,12 @@
   hosts: targets
   tasks:
     - name: Include role aide
-      tags:
-        - install
-        - generate_config
-        - init
-        - check
-        - update
       vars:
         aide_db_fetch_dir: files
+        aide_install: true
+        aide_generate_config: true
+        aide_init: true
+        aide_check: false
+        aide_update: false
       ansible.builtin.include_role:
         name: linux-system-roles.aide

examples/just_check.yml

@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Example aide role invocation
+  hosts: targets
+  tasks:
+    - name: Include role aide
+      vars:
+        aide_db_fetch_dir: files
+        aide_install: false
+        aide_generate_config: false
+        aide_init: false
+        aide_check: true
+        aide_update: false
+      ansible.builtin.include_role:
+        name: linux-system-roles.aide

examples/just_update.yml

@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: MIT
+---
+- name: Example aide role invocation
+  hosts: targets
+  tasks:
+    - name: Include role aide
+      vars:
+        aide_db_fetch_dir: files
+        aide_install: false
+        aide_generate_config: false
+        aide_init: false
+        aide_check: false
+        aide_update: true
+      ansible.builtin.include_role:
+        name: linux-system-roles.aide

tasks/main.yml

@@ -10,34 +10,28 @@
     state: present
     use: "{{ (__aide_is_ostree | d(false)) |
              ternary('ansible.posix.rhel_rpm_ostree', omit) }}"
-  tags:
-    - never
-    - install
+  when:
+    - aide_install
 
 - name: Ensure required services are enabled and started
   ansible.builtin.service:
     name: "{{ item }}"
     state: started
     enabled: true
   loop: "{{ __aide_services }}"
-  tags:
-    - never
 
 - name: Generate "/etc/{{ __aide_config }}"
   ansible.builtin.template:
     src: "{{ __aide_config }}.j2"
     dest: "/etc/{{ __aide_config }}"
     backup: true
     mode: "0400"
-  tags:
-    - never
-    - generate_config
+  when:
+    - aide_generate_config
 
 - name: Initialize AIDE database and fetch it
-  become: true
-  tags:
-    - never
-    - init
+  when:
+    - aide_init
   block:
     - name: Initialize AIDE database
       ansible.builtin.command:
@@ -55,10 +49,8 @@
         state: absent
 
 - name: Check AIDE integrity
-  become: true
-  tags:
-    - never
-    - check
+  when:
+    - aide_check
   block:
     - name: Copy AIDE reference database to remote
       ansible.builtin.copy:
@@ -76,10 +68,8 @@
       changed_when: true
 
 - name: Update AIDE database and fetch it
-  become: true
-  tags:
-    - never
-    - update
+  when:
+    - aide_update
   block:
     - name: Update AIDE database
       ansible.builtin.command:

vars/main.yml

@@ -7,6 +7,7 @@
 # Examples of non-distribution specific (generic) internal variables:
 __aide_config: aide.conf
 __aide_packages: ['aide']
+__aide_services: []
 __aide_db_name: /var/lib/aide/aide.db.gz
 __aide_db_new_name: /var/lib/aide/aide.db.new.gz
 # ansible_facts required by the role