forked from evolix/ansible-roles
Better squid/squid3 whitelist and reload
This commit is contained in:
parent
0c5117dd4e
commit
bc99227259
|
@ -18,3 +18,8 @@
|
|||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
|
|
|
@ -53,17 +53,24 @@
|
|||
dest: /etc/cron.daily/certbot
|
||||
mode: "0755"
|
||||
|
||||
- name: Find squid3 config whitelist
|
||||
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid3_whitelist_files
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian < 9
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '<')
|
||||
|
||||
- name: Let's Encrypt OCSP server is authorized by squid
|
||||
lineinfile:
|
||||
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "http://.*.letsencrypt.org/.*"
|
||||
state: present
|
||||
notify: reload squid3
|
||||
when: squid3_whitelist_files.stdout != ""
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
---
|
||||
- name: Reload Squid
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
|
||||
- name: reload squid3
|
||||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
|
@ -8,4 +13,3 @@
|
|||
service:
|
||||
name: jenkins
|
||||
state: restarted
|
||||
|
||||
|
|
|
@ -4,23 +4,32 @@
|
|||
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
||||
data: "{{ lookup('file', 'jenkins.key') }}"
|
||||
|
||||
- name: Check if Squid is present
|
||||
stat:
|
||||
path: /etc/squid3/whitelist-custom.conf
|
||||
register: _squid3_whitelist
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: Append jenkins repositories to Squid whitelist
|
||||
- name: set squid_service_name=squid3 for Debian < 9
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '<')
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
name: /etc/squid3/whitelist-custom.conf
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- "http://pkg.jenkins-ci.org/.*"
|
||||
- "http://mirrors.jenkins.io/.*"
|
||||
- "http://jenkins.mirror.isppower.de/.*"
|
||||
- "http://ftp.icm.edu.pl/.*"
|
||||
notify: Reload Squid
|
||||
when: _squid3_whitelist.stat.exists
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
|
|
@ -1,21 +1,30 @@
|
|||
---
|
||||
# tasks file for mongodb
|
||||
- name: Check if Squid is present
|
||||
stat:
|
||||
path: /etc/squid3/whitelist-custom.conf
|
||||
register: _squid3_whitelist
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: add keyserver to Squid whitelist
|
||||
- name: set squid_service_name=squid3 for Debian < 9
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '<')
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
dest: /etc/squid3/whitelist-custom.conf
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "{{ item }}"
|
||||
notify: reload squid3
|
||||
state: present
|
||||
with_items:
|
||||
- "http://keyserver.ubuntu.com/.*"
|
||||
- "hkp://keyserver.ubuntu.com/.*"
|
||||
- "http://repo.mongodb.org/.*"
|
||||
when: _squid3_whitelist.stat.exists
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Reload Squid
|
||||
- name: reload squid3
|
||||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
|
||||
- name: reload squid
|
||||
service:
|
||||
name: squid
|
||||
state: reloaded
|
||||
|
||||
- name: apt update
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
|
|
@ -4,11 +4,27 @@
|
|||
# url: https://download.newrelic.com/548C16BF.gpg
|
||||
data: "{{ lookup('file', '548C16BF.gpg') }}"
|
||||
|
||||
- name: Find squid config whitelist
|
||||
shell: find /etc/squid/whitelist-custom.conf /etc/squid3/whitelist-custom.conf /etc/squid/whitelist.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid_whitelist_files
|
||||
|
||||
- name: set squid_service_name=squid3 for Debian < 9
|
||||
set_fact:
|
||||
squid_service_name: squid3
|
||||
when:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version | version_compare('9', '<')
|
||||
|
||||
- name: Append packages.dotdeb.org to Squid whitelist
|
||||
lineinfile:
|
||||
name: /etc/squid3/whitelist-custom.conf
|
||||
dest: "{{ squid_whitelist_files.stdout_lines | first }}"
|
||||
line: "http://apt.newrelic.com/.*"
|
||||
notify: Reload Squid
|
||||
state: present
|
||||
notify: "reload {{ squid_service_name | default('squid') }}"
|
||||
when: squid_whitelist_files.stdout != ""
|
||||
|
||||
- meta: flush_handlers
|
||||
|
||||
|
|
|
@ -4,3 +4,5 @@ log2mail_alert_email: Null
|
|||
|
||||
squid_address: "{{ ansible_default_ipv4.address }}"
|
||||
squid_whitelist_items: []
|
||||
|
||||
squid_service_name: squid
|
||||
|
|
Loading…
Reference in a new issue