forked from evolix/ansible-roles
evomaintenance: fix role compatibility with OpenBSD
This commit is contained in:
parent
357914b44e
commit
85c779164a
7 changed files with 135 additions and 64 deletions
|
@ -19,6 +19,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Fixed
|
||||
* evoacme: better error when apache2ctl fails
|
||||
* evomaintenance: fix role compatibility with OpenBSD
|
||||
* spamassassin: add missing right for amavis
|
||||
* amavis: fix output result checking
|
||||
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Install Evolix public repositry
|
||||
include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: evomaintenance is installed
|
||||
apt:
|
||||
name: evomaintenance
|
||||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- evomaintenance
|
26
evomaintenance/tasks/install_package_debian.yml
Normal file
26
evomaintenance/tasks/install_package_debian.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Evolix public repositry is installed
|
||||
include_role:
|
||||
name: apt
|
||||
tasks_from: evolix_public.yml
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Package is installed
|
||||
apt:
|
||||
name: evomaintenance
|
||||
allow_unauthenticated: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Configuration is installed
|
||||
template:
|
||||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
force: "{{ evomaintenance_force_config | bool }}"
|
||||
tags:
|
||||
- evomaintenance
|
|
@ -1,12 +1,14 @@
|
|||
---
|
||||
|
||||
- name: dependencies are installed
|
||||
- name: Dependencies are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- postgresql-client
|
||||
- sudo
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
|
@ -46,3 +48,14 @@
|
|||
backup: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Configuration is installed
|
||||
template:
|
||||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
force: "{{ evomaintenance_force_config | bool }}"
|
||||
tags:
|
||||
- evomaintenance
|
46
evomaintenance/tasks/install_vendor_openbsd.yml
Normal file
46
evomaintenance/tasks/install_vendor_openbsd.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
|
||||
- name: /usr/share/scripts exists
|
||||
file:
|
||||
dest: /usr/share/scripts
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: wheel
|
||||
state: directory
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Script is installed
|
||||
copy:
|
||||
src: evomaintenance.sh
|
||||
dest: /usr/share/scripts/evomaintenance.sh
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: wheel
|
||||
force: yes
|
||||
backup: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Template is installed
|
||||
copy:
|
||||
src: evomaintenance.tpl
|
||||
dest: /usr/share/scripts/evomaintenance.tpl
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: wheel
|
||||
force: yes
|
||||
backup: yes
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Configuration is installed
|
||||
template:
|
||||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0600"
|
||||
force: "{{ evomaintenance_force_config | bool }}"
|
||||
tags:
|
||||
- evomaintenance
|
|
@ -3,54 +3,18 @@
|
|||
- set_fact:
|
||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||
|
||||
- include: install_package.yml
|
||||
when: not evomaintenance_install_vendor
|
||||
- include: install_package_debian.yml
|
||||
when:
|
||||
- not evomaintenance_install_vendor
|
||||
- ansible_distribution == "Debian"
|
||||
|
||||
- include: install_vendor.yml
|
||||
when: evomaintenance_install_vendor
|
||||
- include: install_vendor_debian.yml
|
||||
when:
|
||||
- evomaintenance_install_vendor
|
||||
- ansible_distribution == "Debian"
|
||||
|
||||
- name: configuration is applied
|
||||
template:
|
||||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0600"
|
||||
force: "{{ evomaintenance_force_config | bool }}"
|
||||
tags:
|
||||
- evomaintenance
|
||||
- include: install_vendor_openbsd.yml
|
||||
when:
|
||||
- ansible_distribution == "OpenBSD"
|
||||
|
||||
- name: Is minifirewall installed?
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
register: minifirewall_default_file
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: minifirewall section for evomaintenance
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: remove minifirewall example rule for the proxy
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||
state: absent
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Force restart minifirewall
|
||||
command: /bin/true
|
||||
notify: restart minifirewall
|
||||
when: minifirewall_restart_force
|
||||
tags:
|
||||
- evomaintenance
|
||||
- include: minifirewall.yml
|
||||
|
|
36
evomaintenance/tasks/minifirewall.yml
Normal file
36
evomaintenance/tasks/minifirewall.yml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
|
||||
- name: Is minifirewall installed?
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
register: minifirewall_default_file
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: minifirewall section for evomaintenance
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: remove minifirewall example rule for the proxy
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||
state: absent
|
||||
notify: "{{ minifirewall_restart_handler_name }}"
|
||||
when: minifirewall_default_file.stat.exists
|
||||
tags:
|
||||
- evomaintenance
|
||||
|
||||
- name: Force restart minifirewall
|
||||
command: /bin/true
|
||||
notify: restart minifirewall
|
||||
when: minifirewall_restart_force
|
||||
tags:
|
||||
- evomaintenance
|
Loading…
Add table
Reference in a new issue