forked from evolix/ansible-roles
Remove dynamic add of whitelist Squid proxy
This commit is contained in:
parent
32bcec3cc8
commit
41329af173
|
@ -53,24 +53,3 @@
|
|||
dest: /etc/cron.daily/certbot
|
||||
mode: "0755"
|
||||
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian < 9
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Let's Encrypt OCSP server is authorized by squid
|
||||
lineinfile:
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "http://.*.letsencrypt.org/.*"
|
||||
state: present
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
|
|
@ -4,35 +4,6 @@
|
|||
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
||||
data: "{{ lookup('file', 'jenkins.key') }}"
|
||||
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian 8
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- "http://pkg.jenkins-ci.org/.*"
|
||||
- "http://mirrors.jenkins.io/.*"
|
||||
- "http://jenkins.mirror.isppower.de/.*"
|
||||
- "http://ftp.icm.edu.pl/.*"
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Add jenkins APT repository
|
||||
apt_repository:
|
||||
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
|
||||
|
|
|
@ -1,32 +1,5 @@
|
|||
---
|
||||
# tasks file for mongodb
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian 8
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- "http://keyserver.ubuntu.com/.*"
|
||||
- "hkp://keyserver.ubuntu.com/.*"
|
||||
- "http://repo.mongodb.org/.*"
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
|
||||
- name: MongoDB public GPG Key
|
||||
|
|
|
@ -5,30 +5,6 @@
|
|||
# url: https://download.newrelic.com/548C16BF.gpg
|
||||
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian 8
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/{{ squid_service_name | default('squid') }}/whitelist-custom.conf /etc/{{ squid_service_name | default('squid') }}/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "http://apt.newrelic.com/.*"
|
||||
state: present
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
- name: Install NewRelic repository
|
||||
apt_repository:
|
||||
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
|
||||
|
|
|
@ -117,3 +117,10 @@
|
|||
^www\.express-mailing\.com$
|
||||
^bot\.whatismyipaddress\.com$
|
||||
^ipecho\.net$
|
||||
^keyserver\.ubuntu\.com$
|
||||
^repo\.mongodb\.org$
|
||||
^pkg\.jenkins-ci\.org$
|
||||
^mirrors\.jenkins\.io$
|
||||
^jenkins\.mirror\.isppower\.de$
|
||||
^ftp\.icm\.edu\.pl$
|
||||
^apt\.newrelic\.com$
|
||||
|
|
|
@ -117,5 +117,10 @@ http://.*icanhazip.com/.*
|
|||
http://www.express-mailing.com/.*
|
||||
http://bot.whatismyipaddress.com/.*
|
||||
http://ipecho.net/.*
|
||||
|
||||
### Various / Manual entry
|
||||
http://keyserver.ubuntu.com/.*
|
||||
http://repo.mongodb.org/.*
|
||||
http://pkg.jenkins-ci.org/.*
|
||||
http://mirrors.jenkins.io/.*
|
||||
http://jenkins.mirror.isppower.de/.*
|
||||
http://ftp.icm.edu.pl/.*
|
||||
http://apt.newrelic.com/.*
|
||||
|
|
Loading…
Reference in a new issue