debops.etckeeper default variables

General configuration, installation

etckeeper__enabled

Enable or disable support for etckeeper on a given host. Disabling this option does not remove existing etckeeper installation and committing changes via Ansible local facts will be disabled.

etckeeper__enabled: True
etckeeper__installed

This variable keeps the install status of etckeeper to distinguish between new and existing installation.

etckeeper__installed: '{{ ansible_local.etckeeper.installed
                          if (ansible_local|d() and ansible_local.etckeeper|d() and
                              ansible_local.etckeeper.installed|d())
                          else False }}'
etckeeper__base_packages

List of default APT packages to install for etckeeper support.

etckeeper__base_packages:
  - '{{ "mercurial" if (etckeeper__vcs == "hg") else etckeeper__vcs }}'
  - 'etckeeper'
etckeeper__packages

List of additional APT packages to install with etckeeper.

etckeeper__packages: []

Package management options

etckeeper__highlevel_package_manager

The high-level package manager that's being used. (apt, pacman-g2, yum, dnf, zypper etc). This will only be used when your distribution was not able to predefine this.

etckeeper__highlevel_package_manager: '{{ ansible_local.etckeeper.highlevel_package_manager
                                          if (ansible_local|d() and ansible_local.etckeeper|d() and
                                              ansible_local.etckeeper.highlevel_package_manager|d())
                                          else ansible_pkg_mgr }}'
etckeeper__lowlevel_package_manager

The low-level package manager that's being used. (dpkg, rpm, pacman, pacman-g2, etc) This will only be used when your distribution was not able to predefine this.

etckeeper__lowlevel_package_manager: '{{ ansible_local.etckeeper.lowlevel_package_manager
                                         if (ansible_local|d() and ansible_local.etckeeper|d() and
                                             ansible_local.etckeeper.lowlevel_package_manager|d())
                                         else etckeeper__high_low_pkg_map[etckeeper__highlevel_package_manager] }}'
etckeeper__high_low_pkg_map

A YAML dictionary that maps the high-level package manager to a low-level package manager.

etckeeper__high_low_pkg_map:
  'apt':       'dpkg'
  'yum':       'rpm'
  'dnf':       'rpm'
  'zypper':    'rpm'
  'pacman':    'pacman'

Commit messages

etckeeper__commit_message_init

Commit message for the initial commit created by the role.

etckeeper__commit_message_init: 'Initial commit by "debops.etckeeper" Ansible role'
etckeeper__commit_message_update

Commit message for the subsequent commits created by the role.

etckeeper__commit_message_update: 'Committed by "debops.etckeeper" Ansible role'
etckeeper__commit_message_fact

Commit message used by the Ansible local fact.

etckeeper__commit_message_fact: 'Committed by Ansible local facts'

Version control ignore list

These list variables define what paths in /etc directory should be ignored by etckeeper. They will be added in the /etc/.gitignore file. See etckeeper__gitignore for more details.

etckeeper__block_marker

The string that marks the beginning and end of the section in the .gitignore file managed by the debops.etckeeper` role. It shouldn't be changed once deployed, the ``{mark} string is required.

etckeeper__block_marker: '# {mark} section managed by debops.etckeeper Ansible role'
etckeeper__default_gitignore

The default list of .gitignore paths defined by the role.

etckeeper__default_gitignore:

  - name: 'tor-keys'
    comment: |
      There is no benefit in tracking Tor keys and it is a potential security
      vulnerability.
    ignore: 'tor/keys/'

  - name: 'ssh-host-keys'
    comment: 'No need to track the SSH host keys'
    ignore: 'ssh/ssh_host_*_key'

  - name: 'mandos-seckey'
    comment: |
      There is no benefit in tracking Mandos keys and it is a potential security
      vulnerability in case the /etc/ repository is pushed to an external remote.
    ignore: 'keys/mandos/seckey.txt'

  - name: 'xorg-conf-backup'
    ignore: 'X11/xorg.conf.backup'

  - name: 'apparmor-libvirt'
    comment: |
      Files are generated and managed by libvirt and it is believed that there
      is very little benefit in tracking these files.
    ignore: 'apparmor.d/libvirt/*.files'

  - name: 'zfs-zpool-cache'
    ignore: 'zfs/zpool.cache'
etckeeper__gitignore

List of .gitignore paths which should be ignored on all hosts in the Ansible inventory.

etckeeper__gitignore: []
etckeeper__group_gitignore

List of .gitignore paths which should be ignored on hosts in a specific Ansible inventory group.

etckeeper__group_gitignore: []
etckeeper__host_gitignore

List of .gitignore paths which should be ignored on specific hosts in the Ansible inventory.

etckeeper__host_gitignore: []
etckeeper__combined_gitignore

List which combines all of the .gitignore entries together and is used in the role tasks and templates.

etckeeper__combined_gitignore: '{{ etckeeper__default_gitignore
                                   + etckeeper__gitignore
                                   + etckeeper__group_gitignore
                                   + etckeeper__host_gitignore }}'

Version control options

etckeeper__vcs

Which VCS to use to version /etc directory. Supported commands:

  • git (default)
  • hg
  • bzr
  • darcs

Note that any other VCS than git has not really been tested. You might have to fix some bugs in this role when you want to use them.

etckeeper__vcs: '{{ ansible_local.etckeeper.vcs
                    if (ansible_local|d() and ansible_local.etckeeper|d() and
                        ansible_local.etckeeper.vcs|d())
                    else "git" }}'
etckeeper__vcs_user

The committer name for etckeeper to use in commits if no interactive user was detected.

etckeeper__vcs_user: 'The /etc Keeper'
etckeeper__vcs_email

Email address for etckeeper to use in commits if no interactive user was detected.

etckeeper__vcs_email: 'root@{{ ansible_fqdn }}'
etckeeper__git_commit_options

Options passed to git commit when run by etckeeper.

etckeeper__git_commit_options: '{{ ansible_local.etckeeper.git_commit_options
                                   if (ansible_local|d() and ansible_local.etckeeper|d() and
                                       ansible_local.etckeeper.git_commit_options|d())
                                   else "" }}'
etckeeper__hg_commit_options

Options passed to hg commit when run by etckeeper.

etckeeper__hg_commit_options: '{{ ansible_local.etckeeper.hg_commit_options
                                  if (ansible_local|d() and ansible_local.etckeeper|d() and
                                      ansible_local.etckeeper.hg_commit_options|d())
                                  else "" }}'
etckeeper__bzr_commit_options

Options passed to bzr commit when run by etckeeper.

etckeeper__bzr_commit_options: '{{ ansible_local.etckeeper.bzr_commit_options
                                   if (ansible_local|d() and ansible_local.etckeeper|d() and
                                       ansible_local.etckeeper.bzr_commit_options|d())
                                   else "" }}'
etckeeper__darcs_commit_options

Options passed to darcs record when run by etckeeper.

etckeeper__darcs_commit_options: '{{ ansible_local.etckeeper.darcs_commit_options
                                     if (ansible_local|d() and ansible_local.etckeeper|d() and
                                         ansible_local.etckeeper.darcs_commit_options|d())
                                     else "-a" }}'
etckeeper__avoid_daily_autocommits

Set this option to True to avoid etckeeper committing existing changes to /etc automatically once per day.

etckeeper__avoid_daily_autocommits: '{{ True
                                        if (ansible_local|d() and ansible_local.etckeeper|d() and
                                            (ansible_local.etckeeper.avoid_daily_autocommits|d() == "1"))
                                        else False }}'
etckeeper__avoid_special_file_warning

Set this option to True to avoid special file warning (the option is enabled automatically by cronjob regardless).

etckeeper__avoid_special_file_warning: '{{ True
                                           if (ansible_local|d() and ansible_local.etckeeper|d() and
                                               (ansible_local.etckeeper.avoid_special_file_warning|d() == "1"))
                                           else False }}'
etckeeper__avoid_commit_before_install

Set this option to True to avoid etckeeper committing existing changes to /etc before installation. It will cancel the installation, so you can commit the changes by hand.

etckeeper__avoid_commit_before_install: '{{ True
                                            if (ansible_local|d() and ansible_local.etckeeper|d() and
                                                (ansible_local.etckeeper.avoid_commit_before_install|d() == "1"))
                                            else False }}'
etckeeper__push_remote

To push each commit to a remote, put the name of the remote here (eg, "origin" for git). Space-separated lists of multiple remotes also work (eg, "origin gitlab github" for git).

etckeeper__push_remote: '{{ ansible_local.etckeeper.push_remote
                            if (ansible_local|d() and ansible_local.etckeeper|d() and
                                ansible_local.etckeeper.push_remote|d())
                            else "" }}'