forked from evolix/ansible-roles
evomaintenance: fix role compatibility with OpenBSD
This commit is contained in:
parent
357914b44e
commit
85c779164a
|
@ -19,6 +19,7 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
* evoacme: better error when apache2ctl fails
|
* evoacme: better error when apache2ctl fails
|
||||||
|
* evomaintenance: fix role compatibility with OpenBSD
|
||||||
* spamassassin: add missing right for amavis
|
* spamassassin: add missing right for amavis
|
||||||
* amavis: fix output result checking
|
* amavis: fix output result checking
|
||||||
|
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
- name: Install Evolix public repositry
|
|
||||||
include_role:
|
|
||||||
name: apt
|
|
||||||
tasks_from: evolix_public.yml
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: evomaintenance is installed
|
|
||||||
apt:
|
|
||||||
name: evomaintenance
|
|
||||||
allow_unauthenticated: yes
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
26
evomaintenance/tasks/install_package_debian.yml
Normal file
26
evomaintenance/tasks/install_package_debian.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Evolix public repositry is installed
|
||||||
|
include_role:
|
||||||
|
name: apt
|
||||||
|
tasks_from: evolix_public.yml
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Package is installed
|
||||||
|
apt:
|
||||||
|
name: evomaintenance
|
||||||
|
allow_unauthenticated: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Configuration is installed
|
||||||
|
template:
|
||||||
|
src: evomaintenance.j2
|
||||||
|
dest: /etc/evomaintenance.cf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
force: "{{ evomaintenance_force_config | bool }}"
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
|
@ -1,12 +1,14 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: dependencies are installed
|
- name: Dependencies are installed
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- postgresql-client
|
- postgresql-client
|
||||||
- sudo
|
- sudo
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: remount-usr
|
name: remount-usr
|
||||||
|
@ -46,3 +48,14 @@
|
||||||
backup: yes
|
backup: yes
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Configuration is installed
|
||||||
|
template:
|
||||||
|
src: evomaintenance.j2
|
||||||
|
dest: /etc/evomaintenance.cf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0600"
|
||||||
|
force: "{{ evomaintenance_force_config | bool }}"
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
46
evomaintenance/tasks/install_vendor_openbsd.yml
Normal file
46
evomaintenance/tasks/install_vendor_openbsd.yml
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: /usr/share/scripts exists
|
||||||
|
file:
|
||||||
|
dest: /usr/share/scripts
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
state: directory
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Script is installed
|
||||||
|
copy:
|
||||||
|
src: evomaintenance.sh
|
||||||
|
dest: /usr/share/scripts/evomaintenance.sh
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
force: yes
|
||||||
|
backup: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Template is installed
|
||||||
|
copy:
|
||||||
|
src: evomaintenance.tpl
|
||||||
|
dest: /usr/share/scripts/evomaintenance.tpl
|
||||||
|
mode: "0600"
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
force: yes
|
||||||
|
backup: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Configuration is installed
|
||||||
|
template:
|
||||||
|
src: evomaintenance.j2
|
||||||
|
dest: /etc/evomaintenance.cf
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: "0600"
|
||||||
|
force: "{{ evomaintenance_force_config | bool }}"
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
|
@ -3,54 +3,18 @@
|
||||||
- set_fact:
|
- set_fact:
|
||||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
|
|
||||||
- include: install_package.yml
|
- include: install_package_debian.yml
|
||||||
when: not evomaintenance_install_vendor
|
when:
|
||||||
|
- not evomaintenance_install_vendor
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
|
||||||
- include: install_vendor.yml
|
- include: install_vendor_debian.yml
|
||||||
when: evomaintenance_install_vendor
|
when:
|
||||||
|
- evomaintenance_install_vendor
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
|
||||||
- name: configuration is applied
|
- include: install_vendor_openbsd.yml
|
||||||
template:
|
when:
|
||||||
src: evomaintenance.j2
|
- ansible_distribution == "OpenBSD"
|
||||||
dest: /etc/evomaintenance.cf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0600"
|
|
||||||
force: "{{ evomaintenance_force_config | bool }}"
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: Is minifirewall installed?
|
- include: minifirewall.yml
|
||||||
stat:
|
|
||||||
path: /etc/default/minifirewall
|
|
||||||
register: minifirewall_default_file
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: minifirewall section for evomaintenance
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/default/minifirewall
|
|
||||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
|
||||||
insertafter: "^# EvoMaintenance"
|
|
||||||
with_items: "{{ evomaintenance_hosts }}"
|
|
||||||
notify: "{{ minifirewall_restart_handler_name }}"
|
|
||||||
when: minifirewall_default_file.stat.exists
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: remove minifirewall example rule for the proxy
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/default/minifirewall
|
|
||||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
|
||||||
state: absent
|
|
||||||
notify: "{{ minifirewall_restart_handler_name }}"
|
|
||||||
when: minifirewall_default_file.stat.exists
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: Force restart minifirewall
|
|
||||||
command: /bin/true
|
|
||||||
notify: restart minifirewall
|
|
||||||
when: minifirewall_restart_force
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
36
evomaintenance/tasks/minifirewall.yml
Normal file
36
evomaintenance/tasks/minifirewall.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Is minifirewall installed?
|
||||||
|
stat:
|
||||||
|
path: /etc/default/minifirewall
|
||||||
|
register: minifirewall_default_file
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: minifirewall section for evomaintenance
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/default/minifirewall
|
||||||
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||||
|
insertafter: "^# EvoMaintenance"
|
||||||
|
with_items: "{{ evomaintenance_hosts }}"
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
|
when: minifirewall_default_file.stat.exists
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: remove minifirewall example rule for the proxy
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/default/minifirewall
|
||||||
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||||
|
state: absent
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
|
when: minifirewall_default_file.stat.exists
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Force restart minifirewall
|
||||||
|
command: /bin/true
|
||||||
|
notify: restart minifirewall
|
||||||
|
when: minifirewall_restart_force
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
Loading…
Reference in a new issue