ansible-public/playbooks/whitelist_squid.yml

92 lines
2.1 KiB
YAML

# Maintainer : Bruno TATU <btatu@evolix.fr> - Aout 2017
# Ex: ansible-playbook -i ~/.ansible/hosts whitelist_squid.yml -K -e "host=serveur00"
---
- hosts: "{{ host }}"
become: yes
vars_prompt:
- name: urls
prompt: "Liste des domaines à whitelister (ex : d1.com,d2.com)"
private: no
vars:
- ticket: "#mail.todo.support:"
tasks:
# Test
#
- name: Verifie si c'est une Jessie
stat:
path: /etc/squid3/whitelist.conf
register: config_jessie
- name: Verifie si c'est une Stretch
stat:
path: /etc/squid/evolinux-whitelist-defaults.conf
register: config_stretch
# Apply :
# Si seulement 1 domaines est déja présent alors, on ne fait pas d'evomaintenance
- block:
- block:
- name: Whitelist domaines pour Jessie
lineinfile:
dest: '{{ config_jessie.stat.path }}'
line: "http://{{ item }}/.*"
with_items:
- '{{ urls.split(",") }}'
- name: Reload Squid
command: /etc/init.d/squid3 reload
when: config_jessie.stat.exists
- block:
- name: Whitelist domaines pour Stretch
lineinfile:
dest: '{{ config_stretch.stat.path }}'
line: "^{{ item }}$"
with_items:
- '{{ urls.split(",") }}'
- name: Reload Squid
command: /etc/init.d/squid reload
when: config_stretch.stat.exists
## Verify :
# Doit plutôt vérifier si c'est "X-Squid-Error: ERR_ACCESS_DENIED" 0 ne bloque ou pas
# - name: test headers
# uri:
# url: http://placeholder.stratis.fr/700-394
# method: HEAD
# register: login
# ignore_errors: yes
#
# - debug:
# msg: "{{ login.x_squid_error }}"
# - name: Update successful?
# uri:
# url: "http://{{ item }}"
# method: GET
# status_code: 200,301,302,403,404
# with_items:
# - "{{ urls.split(',') }}"
## Save configuration
#
- name: Evomaintenance
shell: "echo '{{ ticket }} whitelist domaine(s) dans squid'|/bin/sh /usr/share/scripts/evomaintenance.sh"
when: config_jessie.stat.exists or config_stretch.stat.exists