From d0fcd1c2d18c65371b48e61bde89cc6ba5d02723 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 27 Feb 2018 17:10:25 +0100 Subject: [PATCH] proftpd: use proftpd_accounts list for create ftp accounts * need documentation * faster, easier, more robust and reliable than loop on include_role with account.yml task * account.yml task will be removed in future release --- proftpd/defaults/main.yml | 2 ++ proftpd/tasks/accounts.yml | 37 +++++++++++++++++++++++++ proftpd/tasks/accounts_password.yml | 42 +++++++++++++++++++++++++++++ proftpd/tasks/main.yml | 3 +++ 4 files changed, 84 insertions(+) create mode 100644 proftpd/tasks/accounts.yml create mode 100644 proftpd/tasks/accounts_password.yml diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml index 3dc9511c..8bba4c29 100644 --- a/proftpd/defaults/main.yml +++ b/proftpd/defaults/main.yml @@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}" proftpd_fqdn: "{{ ansible_fqdn }}" proftpd_default_address: [] proftpd_port: "21" +proftpd_accounts: [] +proftpd_accounts_final: [] diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml new file mode 100644 index 00000000..b7e42236 --- /dev/null +++ b/proftpd/tasks/accounts.yml @@ -0,0 +1,37 @@ +--- +- include: accounts_password.yml + when: item.password is undefined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + item }}" + when: item.password is defined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- name: Create FTP account + lineinfile: + dest: /etc/proftpd/vpasswd + state: present + create: yes + mode: "0440" + line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false" + regexp: "^{{ item.name }}:.*" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd + +- name: Allow FTP account + lineinfile: + dest: /etc/proftpd/conf.d/z-evolinux.conf + state: present + line: " AllowUser {{ item.name }}" + insertbefore: "DenyAll" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml new file mode 100644 index 00000000..01517083 --- /dev/null +++ b/proftpd/tasks/accounts_password.yml @@ -0,0 +1,42 @@ +--- +- name: Check if FTP account exist + command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd + failed_when: false + check_mode: no + changed_when: check_ftp_account.rc != 0 + register: check_ftp_account + +- block: + + - name: Get current FTP password + shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2 + register: protftpd_cur_password + check_mode: no + changed_when: false + + - name: Set password for this account + set_fact: + protftpd_password: "{{ protftpd_cur_password.stdout }}" + + when: check_ftp_account.rc == 0 + +- block: + + - name: Generate FTP password + command: "apg -n 1 -m 16 -M lcN" + register: proftpd_apg_password + check_mode: no + + - name: Print generated password + debug: + msg: "{{ proftpd_apg_password.stdout }}" + + - name: Hash generated password + set_fact: + protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}" + + when: check_ftp_account.rc != 0 + +- name: Update proftpd_accounts with password + set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}" diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index a48c9836..5fe33dbb 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -55,3 +55,6 @@ notify: restart proftpd tags: - proftpd + +- include: accounts.yml + when: proftpd_accounts != "[]"