proftpd: use proftpd_accounts list for create ftp accounts

* need documentation * faster, easier, more robust and reliable than loop on include_role with account.yml task * account.yml task will be removed in future release
2018-02-27 17:10:25 +01:00 · 2018-02-27 17:10:25 +01:00 · d0fcd1c2d1
parent 01379f5a29
commit d0fcd1c2d1
4 changed files with 84 additions and 0 deletions
--- a/proftpd/defaults/main.yml
+++ b/proftpd/defaults/main.yml
@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}"
 proftpd_fqdn: "{{ ansible_fqdn }}"
 proftpd_default_address: []
 proftpd_port: "21"
+proftpd_accounts: []
+proftpd_accounts_final: []
--- a/proftpd/tasks/accounts.yml
+++ b/proftpd/tasks/accounts.yml
@ -0,0 +1,37 @@
+---
+- include: accounts_password.yml
+  when: item.password is undefined
+  with_items: "{{ proftpd_accounts }}"
+  tags:
+    - proftpd
+
+- set_fact:
+    proftpd_accounts_final: "{{ proftpd_accounts_final + item }}"
+  when: item.password is defined
+  with_items: "{{ proftpd_accounts }}"
+  tags:
+    - proftpd
+
+- name: Create FTP account
+  lineinfile:
+    dest: /etc/proftpd/vpasswd
+    state: present
+    create: yes
+    mode: "0440"
+    line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
+    regexp: "^{{ item.name }}:.*"
+  with_items: "{{ proftpd_accounts_final }}"
+  notify: restart proftpd
+  tags:
+    - proftpd
+
+- name: Allow FTP account
+  lineinfile:
+    dest: /etc/proftpd/conf.d/z-evolinux.conf
+    state: present
+    line: " AllowUser {{ item.name }}"
+    insertbefore: "DenyAll"
+  with_items: "{{ proftpd_accounts_final }}"
+  notify: restart proftpd
+  tags:
+    - proftpd
--- a/proftpd/tasks/accounts_password.yml
+++ b/proftpd/tasks/accounts_password.yml
@ -0,0 +1,42 @@
+---
+- name: Check if FTP account exist
+  command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
+  failed_when: false
+  check_mode: no
+  changed_when: check_ftp_account.rc != 0
+  register: check_ftp_account
+
+- block:
+
+  - name: Get current FTP password
+    shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
+    register: protftpd_cur_password
+    check_mode: no
+    changed_when: false
+
+  - name: Set password for this account
+    set_fact:
+      protftpd_password: "{{ protftpd_cur_password.stdout }}"
+
+  when: check_ftp_account.rc == 0
+
+- block:
+
+  - name: Generate FTP password
+    command: "apg -n 1 -m 16 -M lcN"
+    register: proftpd_apg_password
+    check_mode: no
+
+  - name: Print generated password
+    debug:
+      msg: "{{ proftpd_apg_password.stdout }}"
+
+  - name: Hash generated password
+    set_fact:
+      protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}"
+
+  when: check_ftp_account.rc != 0
+
+- name: Update proftpd_accounts with password
+  set_fact:
+    proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}"
--- a/proftpd/tasks/main.yml
+++ b/proftpd/tasks/main.yml
@ -55,3 +55,6 @@
  notify: restart proftpd
  tags:
    - proftpd
+
+- include: accounts.yml
+  when: proftpd_accounts != "[]"