external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-02-15 04:32:11 +00:00
Code Issues Releases Wiki Activity

move network package install - double check after rebase

Browse source
This commit is contained in:
Jerry Vonau 2017-10-31 05:10:46 -04:00
parent 55ee21dd49
commit 6cae3930b7
8 changed files with 62 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
roles/3-base-server/tasks/main.yml
View file

@ -20,6 +20,30 @@
# has no "when: XXXXX_install" flag
tags: base, mysql
- include_tasks: roles/network/tasks/named.yml
tags:
- named
- network
- domain
- include_tasks: roles/network/tasks/dhcpd.yml
tags:
- dhcpd
- network
- domain
- include_tasks: roles/network/tasks/squid.yml
tags:
- squid
- network
when: squid_install
- include_tasks: roles/network/tasks/wondershaper.yml
tags:
- wondershaper
- network
when: wondershaper_install
- name: Make sure there is a content directory
file: dest={{ doc_root }}/local_content
state=directory

6
roles/network/tasks/dansguardian.yml
View file

@ -7,7 +7,7 @@
- download
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.j2
template: src=roles/network/templates/squid/dansguardian.conf.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
@ -15,7 +15,7 @@
when: ansible_distribution == "Fedora"
- name: Copy DansGuardian config file
template: src=squid/dansguardian.conf.debian.j2
template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=dansguardian
@ -23,7 +23,7 @@
when: is_debuntu
- name: Copy DansGuardian config file for CentOS
template: src=squid/dansguardian.conf.centos.j2
template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
dest=/etc/dansguardian/dansguardian.conf
owner=dansguardian
group=vscan

3
roles/network/tasks/dhcpd.yml
View file

@ -24,8 +24,7 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
- { src: 'dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
- name: Create dhcpd needed files
command: touch /var/lib/dhcpd/dhcpd.leases

1
roles/network/tasks/enable_services.yml
View file

@ -23,6 +23,7 @@
mode={{ item.mode }}
with_items:
- { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
- { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
when: dhcpd_enabled and dhcpd_install
- name: Copy named file

38
roles/network/tasks/main.yml
View file

@ -21,47 +21,9 @@
- hostname
- domain
- include_tasks: named.yml
tags:
- network
- named
- domain
- include_tasks: dhcpd.yml
tags:
- dhcpd
- network
- domain
- include_tasks: squid.yml
tags:
- network
#### end install portion
#### start network layout
# setting installing would skip configuring network
# but would configure but not start services
#- include: computed_network.yml
# when: not installing
# tags:
# - network
# - network-discover
- include_tasks: wondershaper.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- include_tasks: iptables.yml
tags:
- network
- named
- dhcpd
- dnsmasq
- squid
- include_tasks: avahi.yml
tags:

46
roles/network/tasks/named.yml
View file

@ -41,37 +41,37 @@
group=root
mode={{ item.mode }}
with_items:
- { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
- { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
- { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
# the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
- { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
- { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
- { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
- name: Substitute our unit file which uses $OPTIONS from sysconfig
template: src=named/{{ dns_service }}.service
template: src=roles/network/templates/named/{{ dns_service }}.service
dest=/etc/systemd/system/{{ dns_service }}.service
mode=0644
- name: The dns-jail redirect requires the named.blackhole,disabling recursion
# in named-iiab.conf, and the redirection of 404 error documents to /
template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
when: dns_jail_enabled
- name: Separate enabling required for Debian

14
roles/network/tasks/squid.yml
View file

@ -19,32 +19,32 @@
group={{ item.group }}
mode={{ item.mode }}
with_items:
- src: 'squid/squid.sysconfig'
- src: 'roles/network/templates/squid/squid.sysconfig'
dest: '/etc/sysconfig/squid'
owner: 'root'
group: 'root'
mode: '0755'
- src: 'squid/sites.whitelist.txt'
- src: 'roles/network/templates/squid/sites.whitelist.txt'
dest: '/etc/{{ proxy }}/sites.whitelist.txt'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/allowregex.rules'
- src: 'roles/network/templates/squid/allowregex.rules'
dest: '/etc/{{ proxy }}/allowregex.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/denyregex.rules'
- src: 'roles/network/templates/squid/denyregex.rules'
dest: '/etc/{{ proxy }}/denyregex.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/dstaddress.rules'
- src: 'roles/network/templates/squid/dstaddress.rules'
dest: '/etc/{{ proxy }}/dstaddress.rules'
owner: '{{ proxy_user }}'
group: '{{ proxy_user }}'
mode: '0644'
- src: 'squid/iiab-httpcache.j2'
- src: 'roles/network/templates/squid/iiab-httpcache.j2'
dest: '/usr/bin/iiab-httpcache'
owner: 'root'
group: 'root'
@ -64,7 +64,7 @@
mode=0750
state=directory
- include_tasks: dansguardian.yml
- include_tasks: roles/network/tasks/dansguardian.yml
when: dansguardian_install
#- name: Stop Squid

6
roles/network/tasks/wondershaper.yml
View file

@ -1,12 +1,12 @@
- name: Copy Wondershaper service script
template: backup=yes
src=wondershaper/wondershaper.service
src=roles/network/templates/wondershaper/wondershaper.service
dest=/etc/systemd/system/wondershaper.service
mode=0644
- name: Copy Wondershaper script
template: backup=yes
src=wondershaper/wondershaper.j2
src=roles/network/templates/wondershaper/wondershaper.j2
dest=/usr/bin/wondershaper
owner=root
group=root
@ -20,7 +20,7 @@
state=directory
- name: Copy Wondershaper config script
template: src=wondershaper/wondershaper.conf
template: src=roles/network/templates/wondershaper/wondershaper.conf
dest=/etc/conf.d/wondershaper.conf
owner=root
group=root