diff --git a/CHANGELOG.md b/CHANGELOG.md index 3326c50b..5352eaec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The **patch** part changes incrementally at each release. ### Fixed * evoacme: better error when apache2ctl fails +* evomaintenance: fix role compatibility with OpenBSD * spamassassin: add missing right for amavis * amavis: fix output result checking diff --git a/evomaintenance/tasks/install_package.yml b/evomaintenance/tasks/install_package.yml deleted file mode 100644 index 62b9f04d..00000000 --- a/evomaintenance/tasks/install_package.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- - -- name: Install Evolix public repositry - include_role: - name: apt - tasks_from: evolix_public.yml - tags: - - evomaintenance - -- name: evomaintenance is installed - apt: - name: evomaintenance - allow_unauthenticated: yes - tags: - - evomaintenance diff --git a/evomaintenance/tasks/install_package_debian.yml b/evomaintenance/tasks/install_package_debian.yml new file mode 100644 index 00000000..2c811d79 --- /dev/null +++ b/evomaintenance/tasks/install_package_debian.yml @@ -0,0 +1,26 @@ +--- + +- name: Evolix public repositry is installed + include_role: + name: apt + tasks_from: evolix_public.yml + tags: + - evomaintenance + +- name: Package is installed + apt: + name: evomaintenance + allow_unauthenticated: yes + tags: + - evomaintenance + +- name: Configuration is installed + template: + src: evomaintenance.j2 + dest: /etc/evomaintenance.cf + owner: root + group: root + mode: "0600" + force: "{{ evomaintenance_force_config | bool }}" + tags: + - evomaintenance diff --git a/evomaintenance/tasks/install_vendor.yml b/evomaintenance/tasks/install_vendor_debian.yml similarity index 72% rename from evomaintenance/tasks/install_vendor.yml rename to evomaintenance/tasks/install_vendor_debian.yml index 018bc515..c39e6204 100644 --- a/evomaintenance/tasks/install_vendor.yml +++ b/evomaintenance/tasks/install_vendor_debian.yml @@ -1,12 +1,14 @@ --- -- name: dependencies are installed +- name: Dependencies are installed apt: name: "{{ item }}" state: present with_items: - postgresql-client - sudo + tags: + - evomaintenance - include_role: name: remount-usr @@ -46,3 +48,14 @@ backup: yes tags: - evomaintenance + +- name: Configuration is installed + template: + src: evomaintenance.j2 + dest: /etc/evomaintenance.cf + owner: root + group: root + mode: "0600" + force: "{{ evomaintenance_force_config | bool }}" + tags: + - evomaintenance diff --git a/evomaintenance/tasks/install_vendor_openbsd.yml b/evomaintenance/tasks/install_vendor_openbsd.yml new file mode 100644 index 00000000..01b723ea --- /dev/null +++ b/evomaintenance/tasks/install_vendor_openbsd.yml @@ -0,0 +1,46 @@ +--- + +- name: /usr/share/scripts exists + file: + dest: /usr/share/scripts + mode: "0700" + owner: root + group: wheel + state: directory + tags: + - evomaintenance + +- name: Script is installed + copy: + src: evomaintenance.sh + dest: /usr/share/scripts/evomaintenance.sh + mode: "0700" + owner: root + group: wheel + force: yes + backup: yes + tags: + - evomaintenance + +- name: Template is installed + copy: + src: evomaintenance.tpl + dest: /usr/share/scripts/evomaintenance.tpl + mode: "0600" + owner: root + group: wheel + force: yes + backup: yes + tags: + - evomaintenance + +- name: Configuration is installed + template: + src: evomaintenance.j2 + dest: /etc/evomaintenance.cf + owner: root + group: wheel + mode: "0600" + force: "{{ evomaintenance_force_config | bool }}" + tags: + - evomaintenance diff --git a/evomaintenance/tasks/main.yml b/evomaintenance/tasks/main.yml index d2e1f064..1b58b3e0 100644 --- a/evomaintenance/tasks/main.yml +++ b/evomaintenance/tasks/main.yml @@ -3,54 +3,18 @@ - set_fact: minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" -- include: install_package.yml - when: not evomaintenance_install_vendor +- include: install_package_debian.yml + when: + - not evomaintenance_install_vendor + - ansible_distribution == "Debian" -- include: install_vendor.yml - when: evomaintenance_install_vendor +- include: install_vendor_debian.yml + when: + - evomaintenance_install_vendor + - ansible_distribution == "Debian" -- name: configuration is applied - template: - src: evomaintenance.j2 - dest: /etc/evomaintenance.cf - owner: root - group: root - mode: "0600" - force: "{{ evomaintenance_force_config | bool }}" - tags: - - evomaintenance +- include: install_vendor_openbsd.yml + when: + - ansible_distribution == "OpenBSD" -- name: Is minifirewall installed? - stat: - path: /etc/default/minifirewall - register: minifirewall_default_file - tags: - - evomaintenance - -- name: minifirewall section for evomaintenance - lineinfile: - dest: /etc/default/minifirewall - line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT" - insertafter: "^# EvoMaintenance" - with_items: "{{ evomaintenance_hosts }}" - notify: "{{ minifirewall_restart_handler_name }}" - when: minifirewall_default_file.stat.exists - tags: - - evomaintenance - -- name: remove minifirewall example rule for the proxy - lineinfile: - dest: /etc/default/minifirewall - regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)' - state: absent - notify: "{{ minifirewall_restart_handler_name }}" - when: minifirewall_default_file.stat.exists - tags: - - evomaintenance - -- name: Force restart minifirewall - command: /bin/true - notify: restart minifirewall - when: minifirewall_restart_force - tags: - - evomaintenance +- include: minifirewall.yml diff --git a/evomaintenance/tasks/minifirewall.yml b/evomaintenance/tasks/minifirewall.yml new file mode 100644 index 00000000..524ab90b --- /dev/null +++ b/evomaintenance/tasks/minifirewall.yml @@ -0,0 +1,36 @@ +--- + +- name: Is minifirewall installed? + stat: + path: /etc/default/minifirewall + register: minifirewall_default_file + tags: + - evomaintenance + +- name: minifirewall section for evomaintenance + lineinfile: + dest: /etc/default/minifirewall + line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT" + insertafter: "^# EvoMaintenance" + with_items: "{{ evomaintenance_hosts }}" + notify: "{{ minifirewall_restart_handler_name }}" + when: minifirewall_default_file.stat.exists + tags: + - evomaintenance + +- name: remove minifirewall example rule for the proxy + lineinfile: + dest: /etc/default/minifirewall + regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)' + state: absent + notify: "{{ minifirewall_restart_handler_name }}" + when: minifirewall_default_file.stat.exists + tags: + - evomaintenance + +- name: Force restart minifirewall + command: /bin/true + notify: restart minifirewall + when: minifirewall_restart_force + tags: + - evomaintenance