Browse Source

Better squid/squid3 whitelist and reload

samba
Jérémy Lecour 5 years ago committed by Jérémy Lecour
parent
commit
bc99227259
  1. 5
      evoacme/handlers/main.yml
  2. 19
      evoacme/tasks/certbot.yml
  3. 8
      jenkins/handlers/main.yml
  4. 25
      jenkins/tasks/main.yml
  5. 25
      mongodb/tasks/main.yml
  6. 7
      newrelic-sources/handlers/main.yml
  7. 20
      newrelic-sources/tasks/main.yml
  8. 2
      squid/defaults/main.yml

5
evoacme/handlers/main.yml

@ -18,3 +18,8 @@
service:
name: squid3
state: reloaded
- name: reload squid
service:
name: squid
state: reloaded

19
evoacme/tasks/certbot.yml

@ -53,17 +53,24 @@
dest: /etc/cron.daily/certbot
mode: "0755"
- name: Find squid3 config whitelist
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid3_whitelist_files
register: squid_whitelist_files
- name: set squid_service_name=squid3 for Debian < 9
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '<')
- name: Let's Encrypt OCSP server is authorized by squid
lineinfile:
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "http://.*.letsencrypt.org/.*"
state: present
notify: reload squid3
when: squid3_whitelist_files.stdout != ""
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""

8
jenkins/handlers/main.yml

@ -1,5 +1,10 @@
---
- name: Reload Squid
- name: reload squid
service:
name: squid
state: reloaded
- name: reload squid3
service:
name: squid3
state: reloaded
@ -8,4 +13,3 @@
service:
name: jenkins
state: restarted

25
jenkins/tasks/main.yml

@ -4,23 +4,32 @@
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
data: "{{ lookup('file', 'jenkins.key') }}"
- name: Check if Squid is present
stat:
path: /etc/squid3/whitelist-custom.conf
register: _squid3_whitelist
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: Append jenkins repositories to Squid whitelist
- name: set squid_service_name=squid3 for Debian < 9
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '<')
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
name: /etc/squid3/whitelist-custom.conf
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "{{ item }}"
state: present
with_items:
- "http://pkg.jenkins-ci.org/.*"
- "http://mirrors.jenkins.io/.*"
- "http://jenkins.mirror.isppower.de/.*"
- "http://ftp.icm.edu.pl/.*"
notify: Reload Squid
when: _squid3_whitelist.stat.exists
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers

25
mongodb/tasks/main.yml

@ -1,21 +1,30 @@
---
# tasks file for mongodb
- name: Check if Squid is present
stat:
path: /etc/squid3/whitelist-custom.conf
register: _squid3_whitelist
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: add keyserver to Squid whitelist
- name: set squid_service_name=squid3 for Debian < 9
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '<')
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
dest: /etc/squid3/whitelist-custom.conf
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "{{ item }}"
notify: reload squid3
state: present
with_items:
- "http://keyserver.ubuntu.com/.*"
- "hkp://keyserver.ubuntu.com/.*"
- "http://repo.mongodb.org/.*"
when: _squid3_whitelist.stat.exists
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers

7
newrelic-sources/handlers/main.yml

@ -1,10 +1,15 @@
---
- name: Reload Squid
- name: reload squid3
service:
name: squid3
state: reloaded
- name: reload squid
service:
name: squid
state: reloaded
- name: apt update
apt:
update_cache: yes

20
newrelic-sources/tasks/main.yml

@ -4,11 +4,27 @@
# url: https://download.newrelic.com/548C16BF.gpg
data: "{{ lookup('file', '548C16BF.gpg') }}"
- name: Find squid config whitelist
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
failed_when: false
changed_when: false
check_mode: no
register: squid_whitelist_files
- name: set squid_service_name=squid3 for Debian < 9
set_fact:
squid_service_name: squid3
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version | version_compare('9', '<')
- name: Append packages.dotdeb.org to Squid whitelist
lineinfile:
name: /etc/squid3/whitelist-custom.conf
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
line: "http://apt.newrelic.com/.*"
notify: Reload Squid
state: present
notify: "reload {{ squid_service_name | default('squid') }}"
when: squid_whitelist_files.stdout != ""
- meta: flush_handlers

2
squid/defaults/main.yml

@ -4,3 +4,5 @@ log2mail_alert_email: Null
squid_address: "{{ ansible_default_ipv4.address }}"
squid_whitelist_items: []
squid_service_name: squid

Loading…
Cancel
Save