92 lines
2.1 KiB
YAML
92 lines
2.1 KiB
YAML
# Maintainer : Bruno TATU <btatu@evolix.fr> - Aout 2017
|
|
# Ex: ansible-playbook -i ~/.ansible/hosts whitelist_squid.yml -K -e "host=serveur00"
|
|
---
|
|
- hosts: "{{ host }}"
|
|
become: yes
|
|
|
|
vars_prompt:
|
|
- name: urls
|
|
prompt: "Liste des domaines à whitelister (ex : d1.com,d2.com)"
|
|
private: no
|
|
|
|
vars:
|
|
- ticket: "#mail.todo.support:"
|
|
|
|
tasks:
|
|
|
|
# Test
|
|
#
|
|
|
|
- name: Verifie si c'est une Jessie
|
|
stat:
|
|
path: /etc/squid3/whitelist.conf
|
|
register: config_jessie
|
|
|
|
- name: Verifie si c'est une Stretch
|
|
stat:
|
|
path: /etc/squid/evolinux-whitelist-defaults.conf
|
|
register: config_stretch
|
|
|
|
# Apply :
|
|
# Si seulement 1 domaines est déja présent alors, on ne fait pas d'evomaintenance
|
|
|
|
- block:
|
|
|
|
- block:
|
|
|
|
- name: Whitelist domaines pour Jessie
|
|
lineinfile:
|
|
dest: '{{ config_jessie.stat.path }}'
|
|
line: "http://{{ item }}/.*"
|
|
with_items:
|
|
- '{{ urls.split(",") }}'
|
|
|
|
- name: Reload Squid
|
|
command: /etc/init.d/squid3 reload
|
|
|
|
when: config_jessie.stat.exists
|
|
|
|
- block:
|
|
|
|
- name: Whitelist domaines pour Stretch
|
|
lineinfile:
|
|
dest: '{{ config_stretch.stat.path }}'
|
|
line: "^{{ item }}$"
|
|
with_items:
|
|
- '{{ urls.split(",") }}'
|
|
|
|
- name: Reload Squid
|
|
command: /etc/init.d/squid reload
|
|
|
|
when: config_stretch.stat.exists
|
|
|
|
|
|
## Verify :
|
|
# Doit plutôt vérifier si c'est "X-Squid-Error: ERR_ACCESS_DENIED" 0 ne bloque ou pas
|
|
|
|
# - name: test headers
|
|
# uri:
|
|
# url: http://placeholder.stratis.fr/700-394
|
|
# method: HEAD
|
|
# register: login
|
|
# ignore_errors: yes
|
|
#
|
|
# - debug:
|
|
# msg: "{{ login.x_squid_error }}"
|
|
|
|
# - name: Update successful?
|
|
# uri:
|
|
# url: "http://{{ item }}"
|
|
# method: GET
|
|
# status_code: 200,301,302,403,404
|
|
# with_items:
|
|
# - "{{ urls.split(',') }}"
|
|
|
|
## Save configuration
|
|
#
|
|
|
|
- name: Evomaintenance
|
|
shell: "echo '{{ ticket }} whitelist domaine(s) dans squid'|/bin/sh /usr/share/scripts/evomaintenance.sh"
|
|
|
|
when: config_jessie.stat.exists or config_stretch.stat.exists
|