Browse Source

Remove dynamic add of whitelist Squid proxy

evolinux-users
Gregory Colpart 4 years ago
parent
commit
41329af173
  1. 21
      evoacme/tasks/certbot.yml
  2. 29
      jenkins/tasks/main.yml
  3. 27
      mongodb/tasks/main.yml
  4. 24
      newrelic/tasks/sources.yml
  5. 7
      squid/files/evolinux-whitelist-defaults.conf
  6. 9
      squid/files/whitelist-evolinux.conf

21
evoacme/tasks/certbot.yml

@ -53,24 +53,3 @@
dest: /etc/cron.daily/certbot
mode: "0755"
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: set squid_service_name=squid3 for Debian < 9
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_release == "jessie"
- name: Let's Encrypt OCSP server is authorized by squid
lineinfile:
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "http://.*.letsencrypt.org/.*"
state: present
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""

29
jenkins/tasks/main.yml

@ -4,35 +4,6 @@
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
data: "{{ lookup('file', 'jenkins.key') }}"
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: set squid_service_name=squid3 for Debian 8
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_release == "jessie"
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "{{ item }}"
state: present
with_items:
- "http://pkg.jenkins-ci.org/.*"
- "http://mirrors.jenkins.io/.*"
- "http://jenkins.mirror.isppower.de/.*"
- "http://ftp.icm.edu.pl/.*"
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers
- name: Add jenkins APT repository
apt_repository:
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/

27
mongodb/tasks/main.yml

@ -1,32 +1,5 @@
---
# tasks file for mongodb
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: set squid_service_name=squid3 for Debian 8
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_release == "jessie"
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "{{ item }}"
state: present
with_items:
- "http://keyserver.ubuntu.com/.*"
- "hkp://keyserver.ubuntu.com/.*"
- "http://repo.mongodb.org/.*"
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
- name: MongoDB public GPG Key

24
newrelic/tasks/sources.yml

@ -5,30 +5,6 @@
# url: https://download.newrelic.com/548C16BF.gpg
data: "{{ lookup('file', '548C16BF.gpg') }}"
- name: set squid_service_name=squid3 for Debian 8
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_release == "jessie"
- name: Find squid config whitelist
shell: find /etc/{{ squid_service_name | default('squid') }}/whitelist-custom.conf /etc/{{ squid_service_name | default('squid') }}/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "http://apt.newrelic.com/.*"
state: present
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers
- name: Install NewRelic repository
apt_repository:
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"

7
squid/files/evolinux-whitelist-defaults.conf

@ -117,3 +117,10 @@
^www\.express-mailing\.com$
^bot\.whatismyipaddress\.com$
^ipecho\.net$
^keyserver\.ubuntu\.com$
^repo\.mongodb\.org$
^pkg\.jenkins-ci\.org$
^mirrors\.jenkins\.io$
^jenkins\.mirror\.isppower\.de$
^ftp\.icm\.edu\.pl$
^apt\.newrelic\.com$

9
squid/files/whitelist-evolinux.conf

@ -117,5 +117,10 @@ http://.*icanhazip.com/.*
http://www.express-mailing.com/.*
http://bot.whatismyipaddress.com/.*
http://ipecho.net/.*
### Various / Manual entry
http://keyserver.ubuntu.com/.*
http://repo.mongodb.org/.*
http://pkg.jenkins-ci.org/.*
http://mirrors.jenkins.io/.*
http://jenkins.mirror.isppower.de/.*
http://ftp.icm.edu.pl/.*
http://apt.newrelic.com/.*
Loading…
Cancel
Save