forked from evolix/ansible-roles
Better squid/squid3 whitelist and reload
This commit is contained in:
parent
0c5117dd4e
commit
bc99227259
|
@ -18,3 +18,8 @@
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload squid
|
||||||
|
service:
|
||||||
|
name: squid
|
||||||
|
state: reloaded
|
||||||
|
|
|
@ -53,17 +53,24 @@
|
||||||
dest: /etc/cron.daily/certbot
|
dest: /etc/cron.daily/certbot
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Find squid3 config whitelist
|
- name: Find squid config whitelist
|
||||||
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: squid3_whitelist_files
|
register: squid_whitelist_files
|
||||||
|
|
||||||
|
- name: set squid_service_name=squid3 for Debian < 9
|
||||||
|
set_fact:
|
||||||
|
squid_service_name: squid3
|
||||||
|
when:
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '<')
|
||||||
|
|
||||||
- name: Let's Encrypt OCSP server is authorized by squid
|
- name: Let's Encrypt OCSP server is authorized by squid
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||||
line: "http://.*.letsencrypt.org/.*"
|
line: "http://.*.letsencrypt.org/.*"
|
||||||
state: present
|
state: present
|
||||||
notify: reload squid3
|
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||||
when: squid3_whitelist_files.stdout != ""
|
when: squid_whitelist_files.stdout != ""
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Reload Squid
|
- name: reload squid
|
||||||
|
service:
|
||||||
|
name: squid
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload squid3
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
@ -8,4 +13,3 @@
|
||||||
service:
|
service:
|
||||||
name: jenkins
|
name: jenkins
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
|
|
@ -4,23 +4,32 @@
|
||||||
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
||||||
data: "{{ lookup('file', 'jenkins.key') }}"
|
data: "{{ lookup('file', 'jenkins.key') }}"
|
||||||
|
|
||||||
- name: Check if Squid is present
|
- name: Find squid config whitelist
|
||||||
stat:
|
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||||
path: /etc/squid3/whitelist-custom.conf
|
failed_when: false
|
||||||
register: _squid3_whitelist
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
register: squid_whitelist_files
|
||||||
|
|
||||||
- name: Append jenkins repositories to Squid whitelist
|
- name: set squid_service_name=squid3 for Debian < 9
|
||||||
|
set_fact:
|
||||||
|
squid_service_name: squid3
|
||||||
|
when:
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '<')
|
||||||
|
|
||||||
|
- name: Append packages.dotdeb.org to Squid whitelist
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: /etc/squid3/whitelist-custom.conf
|
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- "http://pkg.jenkins-ci.org/.*"
|
- "http://pkg.jenkins-ci.org/.*"
|
||||||
- "http://mirrors.jenkins.io/.*"
|
- "http://mirrors.jenkins.io/.*"
|
||||||
- "http://jenkins.mirror.isppower.de/.*"
|
- "http://jenkins.mirror.isppower.de/.*"
|
||||||
- "http://ftp.icm.edu.pl/.*"
|
- "http://ftp.icm.edu.pl/.*"
|
||||||
notify: Reload Squid
|
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||||
when: _squid3_whitelist.stat.exists
|
when: squid_whitelist_files.stdout != ""
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
|
|
@ -1,21 +1,30 @@
|
||||||
---
|
---
|
||||||
# tasks file for mongodb
|
# tasks file for mongodb
|
||||||
- name: Check if Squid is present
|
- name: Find squid config whitelist
|
||||||
stat:
|
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||||
path: /etc/squid3/whitelist-custom.conf
|
failed_when: false
|
||||||
register: _squid3_whitelist
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
register: squid_whitelist_files
|
||||||
|
|
||||||
- name: add keyserver to Squid whitelist
|
- name: set squid_service_name=squid3 for Debian < 9
|
||||||
|
set_fact:
|
||||||
|
squid_service_name: squid3
|
||||||
|
when:
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '<')
|
||||||
|
|
||||||
|
- name: Append packages.dotdeb.org to Squid whitelist
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/squid3/whitelist-custom.conf
|
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
notify: reload squid3
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- "http://keyserver.ubuntu.com/.*"
|
- "http://keyserver.ubuntu.com/.*"
|
||||||
- "hkp://keyserver.ubuntu.com/.*"
|
- "hkp://keyserver.ubuntu.com/.*"
|
||||||
- "http://repo.mongodb.org/.*"
|
- "http://repo.mongodb.org/.*"
|
||||||
when: _squid3_whitelist.stat.exists
|
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||||
|
when: squid_whitelist_files.stdout != ""
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Reload Squid
|
- name: reload squid3
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload squid
|
||||||
|
service:
|
||||||
|
name: squid
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
- name: apt update
|
- name: apt update
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
|
@ -4,11 +4,27 @@
|
||||||
# url: https://download.newrelic.com/548C16BF.gpg
|
# url: https://download.newrelic.com/548C16BF.gpg
|
||||||
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
||||||
|
|
||||||
|
- name: Find squid config whitelist
|
||||||
|
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||||
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
|
check_mode: no
|
||||||
|
register: squid_whitelist_files
|
||||||
|
|
||||||
|
- name: set squid_service_name=squid3 for Debian < 9
|
||||||
|
set_fact:
|
||||||
|
squid_service_name: squid3
|
||||||
|
when:
|
||||||
|
- ansible_distribution == "Debian"
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '<')
|
||||||
|
|
||||||
- name: Append packages.dotdeb.org to Squid whitelist
|
- name: Append packages.dotdeb.org to Squid whitelist
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: /etc/squid3/whitelist-custom.conf
|
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||||
line: "http://apt.newrelic.com/.*"
|
line: "http://apt.newrelic.com/.*"
|
||||||
notify: Reload Squid
|
state: present
|
||||||
|
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||||
|
when: squid_whitelist_files.stdout != ""
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
|
|
@ -4,3 +4,5 @@ log2mail_alert_email: Null
|
||||||
|
|
||||||
squid_address: "{{ ansible_default_ipv4.address }}"
|
squid_address: "{{ ansible_default_ipv4.address }}"
|
||||||
squid_whitelist_items: []
|
squid_whitelist_items: []
|
||||||
|
|
||||||
|
squid_service_name: squid
|
||||||
|
|
Loading…
Reference in a new issue