feat: Import code for role

README.md

@@ -1,102 +1,139 @@
-# Role Name
+# AIDE
 
 [![ansible-lint.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/ansible-test.yml) [![markdownlint.yml](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/markdownlint.yml) [![shellcheck.yml](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/aide/actions/workflows/woke.yml)
 
-Ansible role for managing Advanced Intrusion Detection Environment (AIDE).
+This is an ansible role that installs and configures the [Advanced Intrusion Detection Environment (AIDE)](https://aide.github.io). For Day 2 tasks it can run integrity checks and update the AIDE database.
+
+_Notice:_ This is a very early stage of a work in progress. Please use with
+extreme caution as it might break your system.
+
+## What does this role do for you?
+
+* It ensures that the `aide` package is installed on the remote nodes
+* As an optional task it can generate the `/etc/aide.conf` file and template it out to the remote nodes
+* It initializes the AIDE database
+* The AIDE databases from the remote nodes are stored in a central directory on the controller node
+* It runs AIDE integrity checks on the remote nodes
+* It updates the AIDE databases and stores them on the controller node
+
+## How does the role do that?
+
+* The role is controlled by using role variables
+* If you run the playbook without specifying any role variable the role will change nothing on your remote nodes
+* To execute some supported use cases you need to explicitly specify one or more of the following variables
+
+### Available tags to control and use the role
+
+## What does this role not do for you?
+
+* It does not explain how to create a good AIDE configuration that suits your requirements; that task remains for you to accomplish
 
 ## Requirements
 
-Any prerequisites that may not be covered by Ansible itself or the role should
-be mentioned here.  This includes platform dependencies not managed by the
-role, hardware requirements, external collections, etc.  There should be a
-distinction between *control node* requirements (like collections) and
-*managed node* requirements (like special hardware, platform provisioning).
+This role has no special requirements as it uses `ansible.builtin` modules
+only.
+
+## Role Variables
+
+### aide_custom_template
 
-### Collection requirements
+This variable takes a string to specify a path where the custom template for aide.conf is located.
 
-For instance, if the role depends on some collections and has a
-`meta/collection-requirements.yml` file for installing those dependencies, and
-in order to manage `rpm-ostree` systems, it should be mentioned here that the
- user should run
+To be sure that everething is correct, template needs to start with following snippet:
 
-```bash
-ansible-galaxy collection install -vv -r meta/collection-requirements.yml
+``` jinja
+{{ ansible_managed | comment }}
+{{ "system_role:aide" | comment(prefix="", postfix="") }}
 ```
 
-on the *control node* before using the role.
+Default: `null`
 
-## Role Variables
+Type: `string`
 
-A description of all input variables (i.e. variables that are defined in
-`defaults/main.yml`) for the role should go here as these form an API of the
-role.  Each variable should have its own section e.g.
+### aide_db_fetch_dir
 
-### aide_foo
+This variable takes a string to specify the directory on the Ansible Control
+Node (ACN) where the role will store the AIDE database fetched from the remote
+nodes. The default value is `files` which is expected to be a directory in the
+same directory as the playbook.
 
-This variable is required.  It is a string that lists the foo of the role.
-There is no default value.
+In case you like to store the fetched AIDE database files somewhere else you
+need to specify a different path here.
 
-### aide_bar
+Default: `files`
 
-This variable is optional.  It is a boolean that tells the role to disable bar.
-The default value is `true`.
+Type: `string
 
-Variables that are not intended as input, like variables defined in
-`vars/main.yml`, variables that are read from other roles and/or the global
-scope (ie. hostvars, group vars, etc.) can be also mentioned here but keep in
-mind that as these are probably not part of the role API they may change during
-the lifetime.
+### aide_install
 
-Example of setting the variables:
+With this variable the role ensures that the `aide` package is installed on the remote nodes
 
-```yaml
-aide_foo: "oof"
-aide_bar: false
-```
+Default: `false`
 
-## Variables Exported by the Role
+Type: `bool`
 
-This section is optional.  Some roles may export variables for playbooks to
-use later.  These are analogous to "return values" in Ansible modules.  For
-example, if a role performs some action that will require a system reboot, but
-the user wants to defer the reboot, the role might set a variable like
-`aide_reboot_needed: true` that the playbook can use to reboot at a more
-convenient time.
+### aide_init
 
-Example:
+Initializes the AIDE database.
 
-### aide_reboot_needed
+Default: `false`
 
-Default `false` - if `true`, this means a reboot is needed to apply the changes
-made by the role
+Type: `bool`
+
+### aide_fetch_db
+
+Fetches database from the remote nodes to store it on the controller node
+
+Default: `false`
+
+Type: `bool`
+
+### aide_check
+
+Runs an integrity check on the remote nodes
+
+Default: `false`
+
+Type: `bool`
+
+### aide_update
+
+Updates the AIDE database and stores it on the controller node
+
+Default: `false`
+
+Type: `bool`
 
 ## Example Playbook
 
 Including an example of how to use your role (for instance, with variables
 passed in as parameters) is always nice for users too:
 
 ```yaml
-- name: Manage the aide subsystem
-  hosts: all
-  vars:
-    aide_foo: "foo foo!"
-    aide_bar: false
-  roles:
-    - linux-system-roles.aide
+# SPDX-License-Identifier: MIT
+---
+- name: Example aide role invocation
+  hosts: targets
+  tasks:
+    - name: Include role aide
+      vars:
+        aide_db_fetch_dir: files
+        aide_install: true
+        aide_generate_config: true
+        aide_init: true
+        aide_check: false
+        aide_update: false
+      ansible.builtin.include_role:
+        name: linux-system-roles.aide
 ```
 
-More examples can be provided in the [`examples/`](examples) directory. These
-can be useful, especially for documentation.
-
-## rpm-ostree
-
-See README-ostree.md
+More examples can be found in the [`examples/`](examples) directory.
 
 ## License
 
-Whenever possible, please prefer MIT.
+MIT.
 
 ## Author Information
 
-An optional section for the role authors to include contact information, or a
-website (HTML is not allowed).
+* Radovan Sroka
+* Joerg Kastning

ansible_pytest_extra_requirements.txt

@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: MIT
+
+# ansible and dependencies for all supported platforms
+ansible ; python_version > "2.6"
+idna<2.8 ; python_version < "2.7"
+PyYAML<5.1 ; python_version < "2.7"

contributing.md

@@ -1,4 +1,4 @@
-# Contributing to the aide Linux System Role
+# Contributing to the Aide Linux System Role
 
 ## Where to start
 

defaults/main.yml

@@ -3,6 +3,23 @@
 # Here is the right place to put the role's input variables.
 # This file also serves as a documentation for such a variables.
 
+# Path to template file
+aide_custom_template: null
+
 # Examples of role input variables:
-aide_foo: foo
-aide_bar: true
+aide_db_fetch_dir: files
+
+# Enable install phase
+aide_install: false
+
+# Enable initialization of the database phase
+aide_init: false
+
+# Fetch db
+aide_fetch_db: false
+
+# Enable check database phase
+aide_check: false
+
+# Enable database update phase
+aide_update: false