proftpd: use proftpd_accounts list for create ftp accounts
* need documentation * faster, easier, more robust and reliable than loop on include_role with account.yml task * account.yml task will be removed in future release
This commit is contained in:
parent
01379f5a29
commit
d0fcd1c2d1
|
@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}"
|
|||
proftpd_fqdn: "{{ ansible_fqdn }}"
|
||||
proftpd_default_address: []
|
||||
proftpd_port: "21"
|
||||
proftpd_accounts: []
|
||||
proftpd_accounts_final: []
|
||||
|
|
37
proftpd/tasks/accounts.yml
Normal file
37
proftpd/tasks/accounts.yml
Normal file
|
@ -0,0 +1,37 @@
|
|||
---
|
||||
- include: accounts_password.yml
|
||||
when: item.password is undefined
|
||||
with_items: "{{ proftpd_accounts }}"
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- set_fact:
|
||||
proftpd_accounts_final: "{{ proftpd_accounts_final + item }}"
|
||||
when: item.password is defined
|
||||
with_items: "{{ proftpd_accounts }}"
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Create FTP account
|
||||
lineinfile:
|
||||
dest: /etc/proftpd/vpasswd
|
||||
state: present
|
||||
create: yes
|
||||
mode: "0440"
|
||||
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
|
||||
regexp: "^{{ item.name }}:.*"
|
||||
with_items: "{{ proftpd_accounts_final }}"
|
||||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- name: Allow FTP account
|
||||
lineinfile:
|
||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||
state: present
|
||||
line: " AllowUser {{ item.name }}"
|
||||
insertbefore: "DenyAll"
|
||||
with_items: "{{ proftpd_accounts_final }}"
|
||||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
42
proftpd/tasks/accounts_password.yml
Normal file
42
proftpd/tasks/accounts_password.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: Check if FTP account exist
|
||||
command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
|
||||
failed_when: false
|
||||
check_mode: no
|
||||
changed_when: check_ftp_account.rc != 0
|
||||
register: check_ftp_account
|
||||
|
||||
- block:
|
||||
|
||||
- name: Get current FTP password
|
||||
shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
|
||||
register: protftpd_cur_password
|
||||
check_mode: no
|
||||
changed_when: false
|
||||
|
||||
- name: Set password for this account
|
||||
set_fact:
|
||||
protftpd_password: "{{ protftpd_cur_password.stdout }}"
|
||||
|
||||
when: check_ftp_account.rc == 0
|
||||
|
||||
- block:
|
||||
|
||||
- name: Generate FTP password
|
||||
command: "apg -n 1 -m 16 -M lcN"
|
||||
register: proftpd_apg_password
|
||||
check_mode: no
|
||||
|
||||
- name: Print generated password
|
||||
debug:
|
||||
msg: "{{ proftpd_apg_password.stdout }}"
|
||||
|
||||
- name: Hash generated password
|
||||
set_fact:
|
||||
protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}"
|
||||
|
||||
when: check_ftp_account.rc != 0
|
||||
|
||||
- name: Update proftpd_accounts with password
|
||||
set_fact:
|
||||
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}"
|
|
@ -55,3 +55,6 @@
|
|||
notify: restart proftpd
|
||||
tags:
|
||||
- proftpd
|
||||
|
||||
- include: accounts.yml
|
||||
when: proftpd_accounts != "[]"
|
||||
|
|
Loading…
Reference in a new issue