proftpd: use proftpd_accounts list for create ftp accounts
* need documentation * faster, easier, more robust and reliable than loop on include_role with account.yml task * account.yml task will be removed in future release
This commit is contained in:
parent
01379f5a29
commit
d0fcd1c2d1
|
@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}"
|
||||||
proftpd_fqdn: "{{ ansible_fqdn }}"
|
proftpd_fqdn: "{{ ansible_fqdn }}"
|
||||||
proftpd_default_address: []
|
proftpd_default_address: []
|
||||||
proftpd_port: "21"
|
proftpd_port: "21"
|
||||||
|
proftpd_accounts: []
|
||||||
|
proftpd_accounts_final: []
|
||||||
|
|
37
proftpd/tasks/accounts.yml
Normal file
37
proftpd/tasks/accounts.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
- include: accounts_password.yml
|
||||||
|
when: item.password is undefined
|
||||||
|
with_items: "{{ proftpd_accounts }}"
|
||||||
|
tags:
|
||||||
|
- proftpd
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
proftpd_accounts_final: "{{ proftpd_accounts_final + item }}"
|
||||||
|
when: item.password is defined
|
||||||
|
with_items: "{{ proftpd_accounts }}"
|
||||||
|
tags:
|
||||||
|
- proftpd
|
||||||
|
|
||||||
|
- name: Create FTP account
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/proftpd/vpasswd
|
||||||
|
state: present
|
||||||
|
create: yes
|
||||||
|
mode: "0440"
|
||||||
|
line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
|
||||||
|
regexp: "^{{ item.name }}:.*"
|
||||||
|
with_items: "{{ proftpd_accounts_final }}"
|
||||||
|
notify: restart proftpd
|
||||||
|
tags:
|
||||||
|
- proftpd
|
||||||
|
|
||||||
|
- name: Allow FTP account
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
state: present
|
||||||
|
line: " AllowUser {{ item.name }}"
|
||||||
|
insertbefore: "DenyAll"
|
||||||
|
with_items: "{{ proftpd_accounts_final }}"
|
||||||
|
notify: restart proftpd
|
||||||
|
tags:
|
||||||
|
- proftpd
|
42
proftpd/tasks/accounts_password.yml
Normal file
42
proftpd/tasks/accounts_password.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: Check if FTP account exist
|
||||||
|
command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
|
||||||
|
failed_when: false
|
||||||
|
check_mode: no
|
||||||
|
changed_when: check_ftp_account.rc != 0
|
||||||
|
register: check_ftp_account
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: Get current FTP password
|
||||||
|
shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
|
||||||
|
register: protftpd_cur_password
|
||||||
|
check_mode: no
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Set password for this account
|
||||||
|
set_fact:
|
||||||
|
protftpd_password: "{{ protftpd_cur_password.stdout }}"
|
||||||
|
|
||||||
|
when: check_ftp_account.rc == 0
|
||||||
|
|
||||||
|
- block:
|
||||||
|
|
||||||
|
- name: Generate FTP password
|
||||||
|
command: "apg -n 1 -m 16 -M lcN"
|
||||||
|
register: proftpd_apg_password
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: Print generated password
|
||||||
|
debug:
|
||||||
|
msg: "{{ proftpd_apg_password.stdout }}"
|
||||||
|
|
||||||
|
- name: Hash generated password
|
||||||
|
set_fact:
|
||||||
|
protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}"
|
||||||
|
|
||||||
|
when: check_ftp_account.rc != 0
|
||||||
|
|
||||||
|
- name: Update proftpd_accounts with password
|
||||||
|
set_fact:
|
||||||
|
proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}"
|
|
@ -55,3 +55,6 @@
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
|
- include: accounts.yml
|
||||||
|
when: proftpd_accounts != "[]"
|
||||||
|
|
Loading…
Reference in a new issue