squid: don't fail when minifirewall is absent

2017-01-13 09:05:32 +01:00 · 2017-01-13 09:05:32 +01:00 · 63c7123985
parent 45a3e73947
commit 63c7123985
1 changed files with 30 additions and 31 deletions
--- a/squid/tasks/minifirewall.yml
+++ b/squid/tasks/minifirewall.yml
@ -1,39 +1,38 @@
 ---
- name: verify that minifirewall is present
+- name: Check if Minifirewall is present
  stat:
    path: /etc/default/minifirewall
  register: minifirewall_test
- fail:
+- name: configure Minifirewall for Squid
-    msg: "You must install and configure minifirewall to use Squid"
+  block:
-  when: not minifirewall_test.stat.exists
+  - name: HTTPSITES list is commented in minifirewall
    replace:
      dest: /etc/default/minifirewall
      regexp: "^(HTTPSITES='[^0-9])"
      replace: '#\1'
- name: HTTPSITES list is commented in minifirewall
+  - name: all HTTPSITES are authorized in minifirewall
-  replace:
+    lineinfile:
-    dest: /etc/default/minifirewall
+      dest: /etc/default/minifirewall
-    regexp: "^(HTTPSITES='[^0-9])"
+      line: "HTTPSITES='0.0.0.0/0'"
-    replace: '#\1'
+      insertafter: "^#HTTPSITES="
- name: all HTTPSITES are authorized in minifirewall
+  - name: add iptables rules for the proxy
-  lineinfile:
+    lineinfile:
-    dest: /etc/default/minifirewall
+      dest: /etc/default/minifirewall
-    line: "HTTPSITES='0.0.0.0/0'"
+      regexp: "^#? *{{ item }}"
-    insertafter: "^#HTTPSITES="
+      line: "{{ item }}"
      insertafter: "^# Proxy"
    with_items:
      - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT"
      - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
      - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
      - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
- name: add minifirewall rules for the proxy
+  - name: remove minifirewall example rule for the proxy
-  lineinfile:
+    lineinfile:
-    dest: /etc/default/minifirewall
+      dest: /etc/default/minifirewall
-    regexp: "^#? *{{ item }}"
+      regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
-    line: "{{ item }}"
+      state: absent
-    insertafter: "^# Proxy"
+  when: minifirewall_test.stat.exists
  with_items:
    - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT"
    - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
    - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
    - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
 - name: remove minifirewall example rule for the proxy
  lineinfile:
    dest: /etc/default/minifirewall
    regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
    state: absent