From 55c8e462df338d3cbd8a6ab694f04cf428dd06f1 Mon Sep 17 00:00:00 2001
From: Bruno TATU <btatu@evolix.fr>
Date: Fri, 15 Dec 2017 12:18:35 +0100
Subject: [PATCH] whitelist_squid: support Stretch & Jessie

---
 playbooks/whitelist_squid.yml | 91 +++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 playbooks/whitelist_squid.yml

diff --git a/playbooks/whitelist_squid.yml b/playbooks/whitelist_squid.yml
new file mode 100644
index 0000000..32e12a5
--- /dev/null
+++ b/playbooks/whitelist_squid.yml
@@ -0,0 +1,91 @@
+# Maintainer : Bruno TATU <btatu@evolix.fr> - Aout 2017
+# Ex: ansible-playbook -i ~/.ansible/hosts whitelist_squid.yml -K -e "host=serveur00"
+---
+- hosts: "{{ host }}"
+  become: yes
+
+  vars_prompt:
+    - name: urls
+      prompt: "Liste des domaines à whitelister (ex : d1.com,d2.com)"
+      private: no
+
+  vars:
+    - ticket: "#mail.todo.support:"
+
+  tasks:
+
+# Test
+#
+
+  - name: Verifie si c'est une Jessie
+    stat:
+      path: /etc/squid3/whitelist.conf
+    register: config_jessie
+
+  - name: Verifie si c'est une Stretch
+    stat:
+      path: /etc/squid/evolinux-whitelist-defaults.conf
+    register: config_stretch
+
+# Apply :
+# Si seulement 1 domaines est déja présent alors, on ne fait pas d'evomaintenance
+
+  - block:
+
+    - block:
+
+      - name: Whitelist domaines pour Jessie
+        lineinfile:
+          dest: '{{ config_jessie.stat.path }}'
+          line: "http://{{ item }}/.*"
+        with_items:
+          - '{{ urls.split(",") }}'
+  
+      - name: Reload Squid
+        command: /etc/init.d/squid3 reload
+  
+      when: config_jessie.stat.exists
+
+    - block:
+
+      - name: Whitelist domaines pour Stretch
+        lineinfile:
+          dest: '{{ config_stretch.stat.path }}'
+          line: "^{{ item }}$"
+        with_items:
+          - '{{ urls.split(",") }}'
+  
+      - name: Reload Squid
+        command: /etc/init.d/squid reload
+  
+      when: config_stretch.stat.exists
+
+  
+  ## Verify :
+  # Doit plutôt vérifier si c'est "X-Squid-Error: ERR_ACCESS_DENIED" 0 ne bloque ou pas
+  
+  #  - name: test headers
+  #    uri:
+  #      url: http://placeholder.stratis.fr/700-394
+  #      method: HEAD
+  #    register: login
+  #    ignore_errors: yes
+  #
+  #  - debug:
+  #      msg: "{{ login.x_squid_error }}"
+  
+  #  - name: Update successful?
+  #    uri: 
+  #      url: "http://{{ item }}"
+  #      method: GET
+  #      status_code: 200,301,302,403,404
+  #    with_items:
+  #      - "{{ urls.split(',') }}"
+  
+  ## Save configuration
+  #
+  
+    - name: Evomaintenance
+      shell: "echo '{{ ticket }} whitelist domaine(s) dans squid'|/bin/sh /usr/share/scripts/evomaintenance.sh"
+
+    when: config_jessie.stat.exists or config_stretch.stat.exists