Mateusz Suski
37 lines
1.4 KiB
YAML
37 lines
1.4 KiB
YAML
---
|
|
- name: Gather current mount facts
|
|
ansible.builtin.set_fact:
|
|
cis_current_mount_paths: "{{ ansible_mounts | map(attribute='mount') | list }}"
|
|
|
|
- name: Report filesystem mount option mode
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
{{ 'OK: Mount option management is enabled for configured targets.'
|
|
if cis_manage_mount_options | bool
|
|
else 'WARNING: Mount option management is disabled. No production filesystems will be remounted.' }}
|
|
|
|
- name: Show configured mount option recommendations
|
|
ansible.builtin.debug:
|
|
msg: "Review {{ item.path }} for options: {{ item.options | join(',') }}"
|
|
loop: "{{ cis_mount_option_targets }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
when: not cis_manage_mount_options | bool
|
|
|
|
- name: Persist configured mount options without remounting
|
|
ansible.posix.mount:
|
|
path: "{{ item.path }}"
|
|
src: "{{ cis_mount_fact.device }}"
|
|
fstype: "{{ cis_mount_fact.fstype }}"
|
|
state: present
|
|
opts: "{{ ((cis_mount_fact.options | default('defaults')).split(',') + item.options) | unique | join(',') }}"
|
|
loop: "{{ cis_mount_option_targets }}"
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
vars:
|
|
cis_mount_fact: "{{ ansible_mounts | selectattr('mount', 'equalto', item.path) | list | first | default({}) }}"
|
|
when:
|
|
- cis_manage_mount_options | bool
|
|
- item.path in cis_current_mount_paths
|
|
register: cis_mount_option_results
|