From 872718c658e10e6043b028ae4133c889977e4eb6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 16 Mar 2023 15:19:15 -0400 Subject: [PATCH] Add notation about alternate location of ansible plays Make it known that plays may now be private. --- .../el7/profiles/default/ansible/firstboot.d/README.txt | 4 ++++ .../el7/profiles/default/ansible/post.d/README.txt | 4 ++++ .../el8/profiles/default/ansible/firstboot.d/README.txt | 4 ++++ .../el8/profiles/default/ansible/post.d/README.txt | 4 ++++ .../genesis/profiles/default/ansible/onboot.d/README.txt | 4 ++++ .../suse15/profiles/hpc/ansible/firstboot.d/README.txt | 4 ++++ .../suse15/profiles/hpc/ansible/post.d/README.txt | 4 ++++ .../suse15/profiles/server/ansible/firstboot.d/README.txt | 4 ++++ .../suse15/profiles/server/ansible/post.d/README.txt | 4 ++++ 9 files changed, 36 insertions(+) diff --git a/confluent_osdeploy/el7/profiles/default/ansible/firstboot.d/README.txt b/confluent_osdeploy/el7/profiles/default/ansible/firstboot.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/el7/profiles/default/ansible/firstboot.d/README.txt +++ b/confluent_osdeploy/el7/profiles/default/ansible/firstboot.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/el7/profiles/default/ansible/post.d/README.txt b/confluent_osdeploy/el7/profiles/default/ansible/post.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/el7/profiles/default/ansible/post.d/README.txt +++ b/confluent_osdeploy/el7/profiles/default/ansible/post.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt b/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt +++ b/confluent_osdeploy/el8/profiles/default/ansible/firstboot.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt b/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt +++ b/confluent_osdeploy/el8/profiles/default/ansible/post.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/genesis/profiles/default/ansible/onboot.d/README.txt b/confluent_osdeploy/genesis/profiles/default/ansible/onboot.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/genesis/profiles/default/ansible/onboot.d/README.txt +++ b/confluent_osdeploy/genesis/profiles/default/ansible/onboot.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/suse15/profiles/hpc/ansible/firstboot.d/README.txt b/confluent_osdeploy/suse15/profiles/hpc/ansible/firstboot.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/ansible/firstboot.d/README.txt +++ b/confluent_osdeploy/suse15/profiles/hpc/ansible/firstboot.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/suse15/profiles/hpc/ansible/post.d/README.txt b/confluent_osdeploy/suse15/profiles/hpc/ansible/post.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/suse15/profiles/hpc/ansible/post.d/README.txt +++ b/confluent_osdeploy/suse15/profiles/hpc/ansible/post.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/suse15/profiles/server/ansible/firstboot.d/README.txt b/confluent_osdeploy/suse15/profiles/server/ansible/firstboot.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/suse15/profiles/server/ansible/firstboot.d/README.txt +++ b/confluent_osdeploy/suse15/profiles/server/ansible/firstboot.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed. diff --git a/confluent_osdeploy/suse15/profiles/server/ansible/post.d/README.txt b/confluent_osdeploy/suse15/profiles/server/ansible/post.d/README.txt index 97e5f506..ad6fc712 100644 --- a/confluent_osdeploy/suse15/profiles/server/ansible/post.d/README.txt +++ b/confluent_osdeploy/suse15/profiles/server/ansible/post.d/README.txt @@ -1,6 +1,10 @@ Ansible playbooks ending in .yml or .yaml that are placed into this directory will be executed at the appropriate phase of the install process. +Alternatively, plays may be placed in /var/lib/confluent/private/os//ansible/. +This prevents public clients from being able to read the plays, which is not necessary for them to function, +and may protect them from divulging material contained in the plays or associated roles. + The 'hosts' may be omitted, and if included will be ignored, replaced with the host that is specifically requesting the playbooks be executed.