Better squid/squid3 whitelist and reload

evoacme/handlers/main.yml

@@ -18,3 +18,8 @@
   service:
     name: squid3
     state: reloaded
+
+- name: reload squid
+  service:
+    name: squid
+    state: reloaded

evoacme/tasks/certbot.yml

@@ -53,17 +53,24 @@
     dest: /etc/cron.daily/certbot
     mode: "0755"
 
-- name: Find squid3 config whitelist
+- name: Find squid config whitelist
-  shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
+  shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
   failed_when: false
   changed_when: false
   check_mode: no
-  register: squid3_whitelist_files
+  register: squid_whitelist_files
+
+- name: set squid_service_name=squid3 for Debian < 9
+  set_fact:
+    squid_service_name: squid3
+  when:
+  - ansible_distribution == "Debian"
+  - ansible_distribution_major_version | version_compare('9', '<')
 
 - name: Let's Encrypt OCSP server is authorized by squid
   lineinfile:
-    dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
+    dest: "{{ squid_whitelist_files.stdout_lines | first }}"
     line: "http://.*.letsencrypt.org/.*"
     state: present
-  notify: reload squid3
+  notify: "reload {{ squid_service_name | default('squid') }}"
-  when: squid3_whitelist_files.stdout != ""
+  when: squid_whitelist_files.stdout != ""

jenkins/handlers/main.yml

@@ -1,5 +1,10 @@
 ---
-- name: Reload Squid
+- name: reload squid
+  service:
+    name: squid
+    state: reloaded
+
+- name: reload squid3
   service:
     name: squid3
     state: reloaded
@@ -8,4 +13,3 @@
   service:
     name: jenkins
     state: restarted
-

jenkins/tasks/main.yml

@@ -4,23 +4,32 @@
     # url: https://jenkins-ci.org/debian/jenkins-ci.org.key
     data: "{{ lookup('file', 'jenkins.key') }}"
 
-- name: Check if Squid is present
+- name: Find squid config whitelist
-  stat:
+  shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
-    path: /etc/squid3/whitelist-custom.conf
+  failed_when: false
-  register: _squid3_whitelist
+  changed_when: false
   check_mode: no
+  register: squid_whitelist_files
 
-- name: Append jenkins repositories to Squid whitelist
+- name: set squid_service_name=squid3 for Debian < 9
+  set_fact:
+    squid_service_name: squid3
+  when:
+  - ansible_distribution == "Debian"
+  - ansible_distribution_major_version | version_compare('9', '<')
+
+- name: Append packages.dotdeb.org to Squid whitelist
   lineinfile:
-    name: /etc/squid3/whitelist-custom.conf
+    dest: "{{ squid_whitelist_files.stdout_lines | first }}"
     line: "{{ item }}"
+    state: present
   with_items:
     - "http://pkg.jenkins-ci.org/.*"
     - "http://mirrors.jenkins.io/.*"
     - "http://jenkins.mirror.isppower.de/.*"
     - "http://ftp.icm.edu.pl/.*"
-  notify: Reload Squid
+  notify: "reload {{ squid_service_name | default('squid') }}"
-  when: _squid3_whitelist.stat.exists
+  when: squid_whitelist_files.stdout != ""
 
 - meta: flush_handlers
 

mongodb/tasks/main.yml

@@ -1,21 +1,30 @@
 ---
 # tasks file for mongodb
-- name: Check if Squid is present
+- name: Find squid config whitelist
-  stat:
+  shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
-    path: /etc/squid3/whitelist-custom.conf
+  failed_when: false
-  register: _squid3_whitelist
+  changed_when: false
   check_mode: no
+  register: squid_whitelist_files
 
-- name: add keyserver to Squid whitelist
+- name: set squid_service_name=squid3 for Debian < 9
+  set_fact:
+    squid_service_name: squid3
+  when:
+  - ansible_distribution == "Debian"
+  - ansible_distribution_major_version | version_compare('9', '<')
+
+- name: Append packages.dotdeb.org to Squid whitelist
   lineinfile:
-    dest: /etc/squid3/whitelist-custom.conf
+    dest: "{{ squid_whitelist_files.stdout_lines | first }}"
     line: "{{ item }}"
-  notify: reload squid3
+    state: present
   with_items:
   - "http://keyserver.ubuntu.com/.*"
   - "hkp://keyserver.ubuntu.com/.*"
   - "http://repo.mongodb.org/.*"
-  when: _squid3_whitelist.stat.exists
+  notify: "reload {{ squid_service_name | default('squid') }}"
+  when: squid_whitelist_files.stdout != ""
 
 - meta: flush_handlers
 

newrelic-sources/handlers/main.yml

@@ -1,10 +1,15 @@
 ---
 
-- name: Reload Squid
+- name: reload squid3
   service:
     name: squid3
     state: reloaded
 
+- name: reload squid
+  service:
+    name: squid
+    state: reloaded
+
 - name: apt update
   apt:
     update_cache: yes

newrelic-sources/tasks/main.yml

@@ -4,11 +4,27 @@
     # url: https://download.newrelic.com/548C16BF.gpg
     data: "{{ lookup('file', '548C16BF.gpg') }}"
 
+- name: Find squid config whitelist
+  shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
+  failed_when: false
+  changed_when: false
+  check_mode: no
+  register: squid_whitelist_files
+
+- name: set squid_service_name=squid3 for Debian < 9
+  set_fact:
+    squid_service_name: squid3
+  when:
+  - ansible_distribution == "Debian"
+  - ansible_distribution_major_version | version_compare('9', '<')
+
 - name: Append packages.dotdeb.org to Squid whitelist
   lineinfile:
-    name: /etc/squid3/whitelist-custom.conf
+    dest: "{{ squid_whitelist_files.stdout_lines | first }}"
     line: "http://apt.newrelic.com/.*"
-  notify: Reload Squid
+    state: present
+  notify: "reload {{ squid_service_name | default('squid') }}"
+  when: squid_whitelist_files.stdout != ""
 
 - meta: flush_handlers
 

squid/defaults/main.yml

@@ -4,3 +4,5 @@ log2mail_alert_email: Null
 
 squid_address: "{{ ansible_default_ipv4.address }}"
 squid_whitelist_items: []
+
+squid_service_name: squid