diff --git a/evoacme/handlers/main.yml b/evoacme/handlers/main.yml index abaa8099..1ea11783 100644 --- a/evoacme/handlers/main.yml +++ b/evoacme/handlers/main.yml @@ -18,3 +18,8 @@ service: name: squid3 state: reloaded + +- name: reload squid + service: + name: squid + state: reloaded diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml index 1677a22f..b076f61f 100644 --- a/evoacme/tasks/certbot.yml +++ b/evoacme/tasks/certbot.yml @@ -53,17 +53,24 @@ dest: /etc/cron.daily/certbot mode: "0755" -- name: Find squid3 config whitelist - shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null +- name: Find squid config whitelist + shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null failed_when: false changed_when: false check_mode: no - register: squid3_whitelist_files + register: squid_whitelist_files + +- name: set squid_service_name=squid3 for Debian < 9 + set_fact: + squid_service_name: squid3 + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version | version_compare('9', '<') - name: Let's Encrypt OCSP server is authorized by squid lineinfile: - dest: "{{ squid3_whitelist_files.stdout_lines | first }}" + dest: "{{ squid_whitelist_files.stdout_lines | first }}" line: "http://.*.letsencrypt.org/.*" state: present - notify: reload squid3 - when: squid3_whitelist_files.stdout != "" + notify: "reload {{ squid_service_name | default('squid') }}" + when: squid_whitelist_files.stdout != "" diff --git a/jenkins/handlers/main.yml b/jenkins/handlers/main.yml index 58b03f3f..b7d269cf 100644 --- a/jenkins/handlers/main.yml +++ b/jenkins/handlers/main.yml @@ -1,5 +1,10 @@ --- -- name: Reload Squid +- name: reload squid + service: + name: squid + state: reloaded + +- name: reload squid3 service: name: squid3 state: reloaded @@ -8,4 +13,3 @@ service: name: jenkins state: restarted - diff --git a/jenkins/tasks/main.yml b/jenkins/tasks/main.yml index 734b8a91..70f6771d 100644 --- a/jenkins/tasks/main.yml +++ b/jenkins/tasks/main.yml @@ -4,23 +4,32 @@ # url: https://jenkins-ci.org/debian/jenkins-ci.org.key data: "{{ lookup('file', 'jenkins.key') }}" -- name: Check if Squid is present - stat: - path: /etc/squid3/whitelist-custom.conf - register: _squid3_whitelist +- name: Find squid config whitelist + shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null + failed_when: false + changed_when: false check_mode: no + register: squid_whitelist_files -- name: Append jenkins repositories to Squid whitelist +- name: set squid_service_name=squid3 for Debian < 9 + set_fact: + squid_service_name: squid3 + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version | version_compare('9', '<') + +- name: Append packages.dotdeb.org to Squid whitelist lineinfile: - name: /etc/squid3/whitelist-custom.conf + dest: "{{ squid_whitelist_files.stdout_lines | first }}" line: "{{ item }}" + state: present with_items: - "http://pkg.jenkins-ci.org/.*" - "http://mirrors.jenkins.io/.*" - "http://jenkins.mirror.isppower.de/.*" - "http://ftp.icm.edu.pl/.*" - notify: Reload Squid - when: _squid3_whitelist.stat.exists + notify: "reload {{ squid_service_name | default('squid') }}" + when: squid_whitelist_files.stdout != "" - meta: flush_handlers diff --git a/mongodb/tasks/main.yml b/mongodb/tasks/main.yml index f3c0c244..f659df2d 100644 --- a/mongodb/tasks/main.yml +++ b/mongodb/tasks/main.yml @@ -1,21 +1,30 @@ --- # tasks file for mongodb -- name: Check if Squid is present - stat: - path: /etc/squid3/whitelist-custom.conf - register: _squid3_whitelist +- name: Find squid config whitelist + shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null + failed_when: false + changed_when: false check_mode: no + register: squid_whitelist_files -- name: add keyserver to Squid whitelist +- name: set squid_service_name=squid3 for Debian < 9 + set_fact: + squid_service_name: squid3 + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version | version_compare('9', '<') + +- name: Append packages.dotdeb.org to Squid whitelist lineinfile: - dest: /etc/squid3/whitelist-custom.conf + dest: "{{ squid_whitelist_files.stdout_lines | first }}" line: "{{ item }}" - notify: reload squid3 + state: present with_items: - "http://keyserver.ubuntu.com/.*" - "hkp://keyserver.ubuntu.com/.*" - "http://repo.mongodb.org/.*" - when: _squid3_whitelist.stat.exists + notify: "reload {{ squid_service_name | default('squid') }}" + when: squid_whitelist_files.stdout != "" - meta: flush_handlers diff --git a/newrelic-sources/handlers/main.yml b/newrelic-sources/handlers/main.yml index 0a402c8b..3e8e7d5a 100644 --- a/newrelic-sources/handlers/main.yml +++ b/newrelic-sources/handlers/main.yml @@ -1,10 +1,15 @@ --- -- name: Reload Squid +- name: reload squid3 service: name: squid3 state: reloaded +- name: reload squid + service: + name: squid + state: reloaded + - name: apt update apt: update_cache: yes diff --git a/newrelic-sources/tasks/main.yml b/newrelic-sources/tasks/main.yml index 5a8ecf6b..86b6a1d4 100644 --- a/newrelic-sources/tasks/main.yml +++ b/newrelic-sources/tasks/main.yml @@ -4,11 +4,27 @@ # url: https://download.newrelic.com/548C16BF.gpg data: "{{ lookup('file', '548C16BF.gpg') }}" +- name: Find squid config whitelist + shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null + failed_when: false + changed_when: false + check_mode: no + register: squid_whitelist_files + +- name: set squid_service_name=squid3 for Debian < 9 + set_fact: + squid_service_name: squid3 + when: + - ansible_distribution == "Debian" + - ansible_distribution_major_version | version_compare('9', '<') + - name: Append packages.dotdeb.org to Squid whitelist lineinfile: - name: /etc/squid3/whitelist-custom.conf + dest: "{{ squid_whitelist_files.stdout_lines | first }}" line: "http://apt.newrelic.com/.*" - notify: Reload Squid + state: present + notify: "reload {{ squid_service_name | default('squid') }}" + when: squid_whitelist_files.stdout != "" - meta: flush_handlers diff --git a/squid/defaults/main.yml b/squid/defaults/main.yml index 8964de16..2f81cc43 100644 --- a/squid/defaults/main.yml +++ b/squid/defaults/main.yml @@ -4,3 +4,5 @@ log2mail_alert_email: Null squid_address: "{{ ansible_default_ipv4.address }}" squid_whitelist_items: [] + +squid_service_name: squid