forked from evolix/ansible-roles
Remove dynamic add of whitelist Squid proxy
This commit is contained in:
parent
32bcec3cc8
commit
41329af173
|
@ -53,24 +53,3 @@
|
||||||
dest: /etc/cron.daily/certbot
|
dest: /etc/cron.daily/certbot
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Find squid config whitelist
|
|
||||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
check_mode: no
|
|
||||||
register: squid_whitelist_files
|
|
||||||
|
|
||||||
- name: set squid_service_name=squid3 for Debian < 9
|
|
||||||
set_fact:
|
|
||||||
squid_service_name: squid3
|
|
||||||
when:
|
|
||||||
- ansible_distribution == "Debian"
|
|
||||||
- ansible_distribution_release == "jessie"
|
|
||||||
|
|
||||||
- name: Let's Encrypt OCSP server is authorized by squid
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
|
||||||
line: "http://.*.letsencrypt.org/.*"
|
|
||||||
state: present
|
|
||||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
|
||||||
when: squid_whitelist_files.stdout != ""
|
|
||||||
|
|
|
@ -4,35 +4,6 @@
|
||||||
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
||||||
data: "{{ lookup('file', 'jenkins.key') }}"
|
data: "{{ lookup('file', 'jenkins.key') }}"
|
||||||
|
|
||||||
- name: Find squid config whitelist
|
|
||||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
check_mode: no
|
|
||||||
register: squid_whitelist_files
|
|
||||||
|
|
||||||
- name: set squid_service_name=squid3 for Debian 8
|
|
||||||
set_fact:
|
|
||||||
squid_service_name: squid3
|
|
||||||
when:
|
|
||||||
- ansible_distribution == "Debian"
|
|
||||||
- ansible_distribution_release == "jessie"
|
|
||||||
|
|
||||||
- name: Append packages.dotdeb.org to Squid whitelist
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
|
||||||
line: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- "http://pkg.jenkins-ci.org/.*"
|
|
||||||
- "http://mirrors.jenkins.io/.*"
|
|
||||||
- "http://jenkins.mirror.isppower.de/.*"
|
|
||||||
- "http://ftp.icm.edu.pl/.*"
|
|
||||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
|
||||||
when: squid_whitelist_files.stdout != ""
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
|
||||||
|
|
||||||
- name: Add jenkins APT repository
|
- name: Add jenkins APT repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
|
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
|
||||||
|
|
|
@ -1,32 +1,5 @@
|
||||||
---
|
---
|
||||||
# tasks file for mongodb
|
# tasks file for mongodb
|
||||||
- name: Find squid config whitelist
|
|
||||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
check_mode: no
|
|
||||||
register: squid_whitelist_files
|
|
||||||
|
|
||||||
- name: set squid_service_name=squid3 for Debian 8
|
|
||||||
set_fact:
|
|
||||||
squid_service_name: squid3
|
|
||||||
when:
|
|
||||||
- ansible_distribution == "Debian"
|
|
||||||
- ansible_distribution_release == "jessie"
|
|
||||||
|
|
||||||
- name: Append packages.dotdeb.org to Squid whitelist
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
|
||||||
line: "{{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- "http://keyserver.ubuntu.com/.*"
|
|
||||||
- "hkp://keyserver.ubuntu.com/.*"
|
|
||||||
- "http://repo.mongodb.org/.*"
|
|
||||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
|
||||||
when: squid_whitelist_files.stdout != ""
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
|
||||||
|
|
||||||
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
|
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
|
||||||
- name: MongoDB public GPG Key
|
- name: MongoDB public GPG Key
|
||||||
|
|
|
@ -5,30 +5,6 @@
|
||||||
# url: https://download.newrelic.com/548C16BF.gpg
|
# url: https://download.newrelic.com/548C16BF.gpg
|
||||||
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
||||||
|
|
||||||
- name: set squid_service_name=squid3 for Debian 8
|
|
||||||
set_fact:
|
|
||||||
squid_service_name: squid3
|
|
||||||
when:
|
|
||||||
- ansible_distribution == "Debian"
|
|
||||||
- ansible_distribution_release == "jessie"
|
|
||||||
|
|
||||||
- name: Find squid config whitelist
|
|
||||||
shell: find /etc/{{ squid_service_name | default('squid') }}/whitelist-custom.conf /etc/{{ squid_service_name | default('squid') }}/whitelist.conf 2> /dev/null
|
|
||||||
failed_when: false
|
|
||||||
changed_when: false
|
|
||||||
check_mode: no
|
|
||||||
register: squid_whitelist_files
|
|
||||||
|
|
||||||
- name: Append packages.dotdeb.org to Squid whitelist
|
|
||||||
lineinfile:
|
|
||||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
|
||||||
line: "http://apt.newrelic.com/.*"
|
|
||||||
state: present
|
|
||||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
|
||||||
when: squid_whitelist_files.stdout != ""
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
|
||||||
|
|
||||||
- name: Install NewRelic repository
|
- name: Install NewRelic repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
|
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
|
||||||
|
|
|
@ -117,3 +117,10 @@
|
||||||
^www\.express-mailing\.com$
|
^www\.express-mailing\.com$
|
||||||
^bot\.whatismyipaddress\.com$
|
^bot\.whatismyipaddress\.com$
|
||||||
^ipecho\.net$
|
^ipecho\.net$
|
||||||
|
^keyserver\.ubuntu\.com$
|
||||||
|
^repo\.mongodb\.org$
|
||||||
|
^pkg\.jenkins-ci\.org$
|
||||||
|
^mirrors\.jenkins\.io$
|
||||||
|
^jenkins\.mirror\.isppower\.de$
|
||||||
|
^ftp\.icm\.edu\.pl$
|
||||||
|
^apt\.newrelic\.com$
|
||||||
|
|
|
@ -117,5 +117,10 @@ http://.*icanhazip.com/.*
|
||||||
http://www.express-mailing.com/.*
|
http://www.express-mailing.com/.*
|
||||||
http://bot.whatismyipaddress.com/.*
|
http://bot.whatismyipaddress.com/.*
|
||||||
http://ipecho.net/.*
|
http://ipecho.net/.*
|
||||||
|
http://keyserver.ubuntu.com/.*
|
||||||
### Various / Manual entry
|
http://repo.mongodb.org/.*
|
||||||
|
http://pkg.jenkins-ci.org/.*
|
||||||
|
http://mirrors.jenkins.io/.*
|
||||||
|
http://jenkins.mirror.isppower.de/.*
|
||||||
|
http://ftp.icm.edu.pl/.*
|
||||||
|
http://apt.newrelic.com/.*
|
||||||
|
|
Loading…
Reference in a new issue