Ansible-Cleanup: A CLI tool to find and remove unused playbooks, tasks, and variables

Ansible-cleanup provides a command line tool to find and remove unused playbooks, tasks, group variables, and host variables. It maintains a clean codebase by recursively scanning your Ansible repository and listing files that are safe to delete.

Features

Identify unused playbooks and tasks: Scans the repository to find all unused playbooks and tasks. It analyzes the codebase and determines which playbooks and tasks are no longer referenced or used.
Find unused YAML files in group_vars and host_vars: Parses the “hosts” file, load all hosts and groups into a data structure. It then scans the group_vars and host_vars directories, identifying any YAML files that correspond to hosts or groups that no longer exist. This ensures that your variable files remain relevant and up-to-date.

Installation

Here is how to install ansible-cleanup using pip:

pip install --user git+https://github.com/jamescherti/ansible-cleanup

The pip command above will install the executable files in ~/.local/bin/.

Command Line Interface

The ansible-cleanup executable routes execution to specific cleanup modules using subcommands.

ansible-cleanup imports

This subcommand acts as a static code analyzer for your Ansible execution paths. It takes a root playbook (or multiple playbooks) as an argument and recursively traces every import_playbook, include_tasks, import_role, and related Ansible includes. It then compares the files it successfully resolved against all the YAML files in your repository to find the orphans.

As infrastructure evolves, old task files and sub-playbooks are often disconnected from the main execution tree but are left behind in the repository. Manually tracing YAML includes across dozens of files is tedious and prone to human error. This command automates the discovery of dead code, ensuring your repository only contains files that are actually executed.

Usage:

Pass your primary entry-point playbook (e.g., site.yml or main.yml) as an argument. The script will output the absolute paths of any .yml or .yaml files that are not referenced anywhere in the execution tree.

$ ansible-cleanup imports site.yaml
/path/to/repo/playbooks/old_deployment_tasks.yml
/path/to/repo/playbooks/deprecated_setup.yaml

ansible-cleanup vars

This subcommand manages your variable definitions. It reads your local hosts inventory file and builds a comprehensive list of all active hosts and groups. It then cross-references this active list against the files located in your host_vars and group_vars directories to find files named after hosts or groups that are not defined in the inventory.

When servers are decommissioned or host groups are renamed, engineers frequently remove them from the hosts file but forget to delete the corresponding variable files in host_vars/ or group_vars/. Over time, this leads to significant repository bloat and confusion over which variables are actually applied. This tool securely flags those forgotten files for deletion.

Execute the command in the directory containing your hosts file, host_vars directory, and group_vars directory. It requires no arguments.

Usage:

$ ansible-cleanup vars
/path/to/repo/host_vars/decommissioned-db-server-01.yml
/path/to/repo/group_vars/legacy-web-nodes.yaml

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Ansible-role-flatpak, an Ansible Role that Installs and Configures Flatpak

Variable	Description	Default
`flatpak_packages`	List of Flatpak packages to install.	[]
`flatpak_update_script`	Whether to enable automatic daily updates and cleanup of Flatpak packages.	false
`flatpak_update_script_cmd_prefix`	Optional prefix command to run before the Flatpak update command (e.g., `nice`, `ionice`).	”
`flatpak_update_script_cmd_suffix`	Optional suffix to append to the Flatpak update command.	‘>/dev/null’
`flatpak_update_script_remove_unused`	Delete unused Flatpak packages after a successful update	true
`flatpak_update_script_script_path`	Path to the update script.	‘/etc/cron.daily/flatpak-update’
`flatpak_install_desktop_portal`	Install the desktop portal. Values: ” (no desktop portal), “gtk”, or “gnome”. Can be a string or a list of values, such as [“gtk”, “gnome”]	[‘gtk’]
`flatpak_proxy`	Proxy settings for Flatpak (optional). Leave empty if not using a proxy.	”

ansible-role-auto-upgrade – An Ansible role that automates upgrading Linux operating systems

The ansible-role-auto-upgrade Ansible role automates regular upgrades of supported operating systems:

Debian-based systems (e.g., Ubuntu, Debian, Linux Mint). This role provides a simpler alternative to unattended-upgrades for applying system updates.

(In future versions, Arch Linux and Gentoo will also be supported.)

License

Distributed under terms of the MIT license.

Do you like ansible-role-auto-upgrade?

Please star ansible-role-auto-upgrade on GitHub.

ansible-role-reniced – An Ansible role that configures reniced on Debian and Ubuntu based operating systems

The ansible-role-reniced Ansible role configures reniced on Debian and Ubuntu based operating systems.

Customizations

When reniced_conf is defined, it is used as the configuration content.

Include the role using:

- name: Import role reniced
  when: ansible_facts.os_family == "Debian"
  ansible.builtin.import_role:
    name: reniced

Variables:

reniced_conf: |
  # high prio network services
  0 ^apache
  0 ^nfsd
  0 ^ntpd
  0 ^openvpn
  0 ^portmap
  0 ^ppp
  0 ^rpc.
  0 ^sshd

  # medium prio network services
  5 ^inn$
  5 ^mysqld

  # low prio network services
  15i ^amavisd-new
  15i ^clamd
  15 ^controlchan
  15 ^exim4
  15 ^freshclam
  15 ^innwatch
  12 ^mailman
  15 ^rc.news
  15i ^spamd

  # long running user processes (screen)
  3 ^irssi

  # test OOM settings
  o1 bash

Author and license

Distributed under terms of the MIT license.

ansible-role-apt – An Ansible role that manages the APT configuration and updates the /etc/apt/sources.list for Debian and Ubuntu systems

Variable	Description	Default
`apt_debian_community`	Enables community repositories (Debian contrib and main, or Ubuntu universe)	true
`apt_debian_nonfree`	Enables non-free repositories (Debian non-free, non-free-firmware, or Ubuntu multiverse)	true
`apt_debian_backports`	Enables the backports repository on Debian (no effect on Ubuntu systems)	false
`apt_deb_src`	Enables source package repositories (deb-src entries)	false

Variable	Description	Default
`apt_mirror_url_debian`	Debian mirror URL	`"http://deb.debian.org/debian"`
`apt_mirror_url_debian_security`	Debian security mirror URL	`"http://deb.debian.org/debian-security"`
`apt_mirror_url_ubuntu`	Ubuntu mirror URL	`"http://archive.ubuntu.com/ubuntu"`

Ansible: ansible-role-tuned, an Ansible role which configures tuned

Ansible: Installing and configuring Gitolite using Ansible for secure Git repository management

Ansible: Reintegrating /etc/rc.local in Linux systems that use Systemd as their init system

For years, /etc/rc.local has been a staple in Linux administration, providing a straightforward means to execute scripts or commands automatically upon system startup. However, with the transition to newer init systems like systemd, the /etc/rc.local script is no longer executed at boot time.

Ansible tasks that restore the /etc/rc.local script

The following Ansible tasks will create and configure /etc/rc.local and also ensure its execution by Systemd at boot time.

---
# Description: Reintegrate /etc/rc.local in Linux systems that use Systemd 
#              as their init system.
# Author: James Cherti
# License: MIT
# URL: https://www.jamescherti.com/ansible-config-etc-rc-local-linux-systemd/

- name: Check if /etc/rc.local exists
  stat:
    path: "/etc/rc.local"
  register: etc_rc_local_file

- name: Create the file /etc/rc.local should it not already exist
  copy:
    dest: /etc/rc.local
    owner: root
    group: root
    mode: 0750
    content: |
      #!/usr/bin/env bash
  when: not etc_rc_local_file.stat.exists

- name: Create the systemd service rc-local.service
  register: rc_local
  copy:
    dest: /etc/systemd/system/rc-local.service
    owner: root
    group: root
    mode: 0644
    content: |
      [Unit]
      Description=/etc/rc.local compatibility

      [Service]
      Type=oneshot
      ExecStart=/etc/rc.local
      TimeoutSec=0
      RemainAfterExit=yes
      SysVStartPriority=99

      [Install]
      WantedBy=multi-user.target

- name: Reload systemd daemon
  systemd:
    daemon_reload: yes
  when: rc_local.changed|bool

- name: Enable rc-local.service
  systemd:
    name: rc-local
    enabled: true
Code language: YAML (yaml)

Features

Installation

Command Line Interface

ansible-cleanup imports

Usage:

ansible-cleanup vars

Usage:

License

Links

Requirements

Role Variables

Author and license

Links

License

Do you like ansible-role-auto-upgrade?

Links

Customizations

Author and license

Links

Role variables

Author and license

Links

Features

Usage

Example Playbook

Author and license

Links

Requirements

Author and License

Links

Ansible tasks that restore the /etc/rc.local script