From 8d2a184bbb6c59842572bf6cf211aedc31bfadee Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Tue, 31 Oct 2017 05:10:46 -0400
Subject: [PATCH] move network package install

---
 roles/3-base-server/tasks/main.yml      | 24 +++++++++++++
 roles/network/tasks/dansguardian.yml    |  6 ++--
 roles/network/tasks/dhcpd.yml           |  3 +-
 roles/network/tasks/enable_services.yml |  1 +
 roles/network/tasks/main.yml            | 23 -------------
 roles/network/tasks/named.yml           | 46 ++++++++++++-------------
 roles/network/tasks/squid.yml           | 14 ++++----
 roles/network/tasks/wondershaper.yml    |  6 ++--
 8 files changed, 62 insertions(+), 61 deletions(-)

diff --git a/roles/3-base-server/tasks/main.yml b/roles/3-base-server/tasks/main.yml
index 877ab58e4..6729c5597 100644
--- a/roles/3-base-server/tasks/main.yml
+++ b/roles/3-base-server/tasks/main.yml
@@ -20,6 +20,30 @@
   # has no "when: XXXXX_install" flag
   tags: base, mysql
 
+- include_tasks: roles/network/tasks/named.yml
+  tags:
+    - named
+    - network
+    - domain
+
+- include_tasks: roles/network/tasks/dhcpd.yml
+  tags:
+    - dhcpd
+    - network
+    - domain
+
+- include_tasks: roles/network/tasks/squid.yml
+  tags:
+    - squid
+    - network
+  when: squid_install
+
+- include_tasks: roles/network/tasks/wondershaper.yml
+  tags:
+    - wondershaper
+    - network
+  when: wondershaper_install
+
 - name: Make sure there is a content directory
   file: dest={{ doc_root }}/local_content
         state=directory
diff --git a/roles/network/tasks/dansguardian.yml b/roles/network/tasks/dansguardian.yml
index 64610759d..2d4cebc40 100644
--- a/roles/network/tasks/dansguardian.yml
+++ b/roles/network/tasks/dansguardian.yml
@@ -7,7 +7,7 @@
     - download
 
 - name: Copy DansGuardian config file
-  template: src=squid/dansguardian.conf.j2
+  template: src=roles/network/templates/squid/dansguardian.conf.j2
             dest=/etc/dansguardian/dansguardian.conf
             owner=dansguardian
             group=dansguardian
@@ -15,7 +15,7 @@
   when: ansible_distribution == "Fedora"
 
 - name: Copy DansGuardian config file
-  template: src=squid/dansguardian.conf.debian.j2
+  template: src=roles/network/templates/squid/dansguardian.conf.debian.j2
             dest=/etc/dansguardian/dansguardian.conf
             owner=dansguardian
             group=dansguardian
@@ -23,7 +23,7 @@
   when: is_debuntu
 
 - name: Copy DansGuardian config file for CentOS
-  template: src=squid/dansguardian.conf.centos.j2
+  template: src=roles/network/templates/squid/dansguardian.conf.centos.j2
             dest=/etc/dansguardian/dansguardian.conf
             owner=dansguardian
             group=vscan
diff --git a/roles/network/tasks/dhcpd.yml b/roles/network/tasks/dhcpd.yml
index b26ecf73c..8ef5306f3 100644
--- a/roles/network/tasks/dhcpd.yml
+++ b/roles/network/tasks/dhcpd.yml
@@ -23,8 +23,7 @@
             group=root
             mode={{ item.mode }}
   with_items:
-   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
-   - { src: 'dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
+   - { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
 
 - name: Create dhcpd needed files
   command: touch /var/lib/dhcpd/dhcpd.leases
diff --git a/roles/network/tasks/enable_services.yml b/roles/network/tasks/enable_services.yml
index a23dddab4..59b051c64 100644
--- a/roles/network/tasks/enable_services.yml
+++ b/roles/network/tasks/enable_services.yml
@@ -17,6 +17,7 @@
             mode={{ item.mode }}
   with_items:
    - { src: 'dhcp/dhcpd-env.j2' , dest: '/etc/sysconfig/dhcpd' , mode: '0644' }
+   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
   when: dhcpd_enabled
 
 - name: Copy named file
diff --git a/roles/network/tasks/main.yml b/roles/network/tasks/main.yml
index b21af9868..05b7a6b18 100644
--- a/roles/network/tasks/main.yml
+++ b/roles/network/tasks/main.yml
@@ -21,29 +21,6 @@
     - hostname
     - domain
 
-- include_tasks: named.yml
-  tags:
-    - named
-    - network
-    - domain
-
-- include_tasks: dhcpd.yml
-  tags:
-    - dhcpd
-    - network
-    - domain
-
-- include_tasks: squid.yml
-  tags:
-    - squid
-    - network
-  when: squid_install
-
-- include_tasks: wondershaper.yml
-  tags:
-    - wondershaper
-    - network
-
 - include_tasks: iptables.yml
   tags:
     - iptables
diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml
index 182a58f88..07b58ec17 100644
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@@ -41,37 +41,37 @@
             group=root
             mode={{ item.mode }}
   with_items:
-    - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
-    - { src: 'named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
-    - { src: 'named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
-    - { src: 'named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
-    - { src: 'named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
-    - { src: 'named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', owner: "root" , mode: '0644' }
+    - { src: 'roles/network/templates/named/named.j2', dest: '/etc/sysconfig/named', owner: "root" , mode: '0644' }
+    - { src: 'roles/network/templates/named/named', dest: '/etc/sysconfig/olpc-scripts/domain_config.d/named', owner: "root" , mode: '0644' }
+    - { src: 'roles/network/templates/named/localdomain.zone', dest: '/var/named-iiab/localdomain.zone',owner: "{{ dns_user }}" , mode: '0644' }
+    - { src: 'roles/network/templates/named/localhost.zone', dest: '/var/named-iiab/localhost.zone', owner: "{{ dns_user }}" , mode: '0644' }
+    - { src: 'roles/network/templates/named/named.broadcast', dest: '/var/named-iiab/named.broadcast', owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.ip6.local', dest: '/var/named-iiab/named.ip6.local' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.local', dest: '/var/named-iiab/named.local' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.rfc1912.zones', dest: '/var/named-iiab/named.rfc1912.zones' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.root', dest: '/var/named-iiab/named.root' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.root.hints', dest: '/var/named-iiab/named.root.hints' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.zero', dest: '/var/named-iiab/named.zero' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.external.zone.db', dest: '/var/named-iiab/school.external.zone.db' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.internal.zone.16.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.16.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.internal.zone.32.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.32.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.internal.zone.48.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.48.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
 # the following two files are not writeable by named, but bind 9.4 cannot discover that fact correctly
-    - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
-    - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
-    - { src: 'named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
-    - { src: 'named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.internal.zone.db', dest: '/var/named-iiab/school.internal.zone.db' , owner: "root" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.local.zone.db', dest: '/var/named-iiab/school.local.zone.db' , owner: "root" , mode: '0644'}
+    - { src: 'roles/network/templates/named/school.internal.zone.in-addr.db.j2', dest: '/var/named-iiab/school.internal.zone.in-addr.db' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/dummy', dest: '/var/named-iiab/data/dummy' , owner: "{{ dns_user }}" , mode: '0644'}
+    - { src: 'roles/network/templates/named/named.blackhole', dest: '/var/named-iiab/named.blackhole' , owner: "{{ dns_user }}" , mode: '0644'}
 
 - name: Substitute our unit file which uses $OPTIONS from sysconfig
-  template: src=named/{{ dns_service }}.service
+  template: src=roles/network/templates/named/{{ dns_service }}.service
             dest=/etc/systemd/system/{{ dns_service }}.service
             mode=0644
 
 - name: The dns-jail redirect requires the named.blackhole,disabling recursion
 #        in named-iiab.conf, and the redirection of 404 error documents to /
-  template: src=named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
+  template: src=roles/network/templates/named/dns-jail.conf dest=/etc/{{ apache_config_dir }}/
   when: dns_jail_enabled
 
 - name: Separate enabling required for Debian
diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 7b0a9388c..a82163ab3 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -19,32 +19,32 @@
             group={{ item.group }}
             mode={{ item.mode }}
   with_items:
-    - src: 'squid/squid.sysconfig'
+    - src: 'roles/network/templates/squid/squid.sysconfig'
       dest: '/etc/sysconfig/squid'
       owner: 'root'
       group: 'root'
       mode: '0755'
-    - src: 'squid/sites.whitelist.txt'
+    - src: 'roles/network/templates/squid/sites.whitelist.txt'
       dest: '/etc/{{ proxy }}/sites.whitelist.txt'
       owner: '{{ proxy_user }}'
       group: '{{ proxy_user }}'
       mode: '0644'
-    - src: 'squid/allowregex.rules'
+    - src: 'roles/network/templates/squid/allowregex.rules'
       dest: '/etc/{{ proxy }}/allowregex.rules'
       owner: '{{ proxy_user }}'
       group: '{{ proxy_user }}'
       mode: '0644'
-    - src: 'squid/denyregex.rules'
+    - src: 'roles/network/templates/squid/denyregex.rules'
       dest: '/etc/{{ proxy }}/denyregex.rules'
       owner: '{{ proxy_user }}'
       group: '{{ proxy_user }}'
       mode: '0644'
-    - src: 'squid/dstaddress.rules'
+    - src: 'roles/network/templates/squid/dstaddress.rules'
       dest: '/etc/{{ proxy }}/dstaddress.rules'
       owner: '{{ proxy_user }}'
       group: '{{ proxy_user }}'
       mode: '0644'
-    - src: 'squid/iiab-httpcache.j2'
+    - src: 'roles/network/templates/squid/iiab-httpcache.j2'
       dest: '/usr/bin/iiab-httpcache'
       owner: 'root'
       group: 'root'
@@ -64,7 +64,7 @@
         mode=0750
         state=directory
 
-- include_tasks: dansguardian.yml
+- include_tasks: roles/network/tasks/dansguardian.yml
   when: dansguardian_install
 
 - name: Stop Squid
diff --git a/roles/network/tasks/wondershaper.yml b/roles/network/tasks/wondershaper.yml
index 5fec75b3b..04c66bdf5 100644
--- a/roles/network/tasks/wondershaper.yml
+++ b/roles/network/tasks/wondershaper.yml
@@ -1,12 +1,12 @@
 - name: Copy Wondershaper service script
   template: backup=yes
-            src=wondershaper/wondershaper.service
+            src=roles/network/templates/wondershaper/wondershaper.service
             dest=/etc/systemd/system/wondershaper.service
             mode=0644
 
 - name: Copy Wondershaper script
   template: backup=yes
-            src=wondershaper/wondershaper.j2
+            src=roles/network/templates/wondershaper/wondershaper.j2
             dest=/usr/bin/wondershaper
             owner=root
             group=root
@@ -20,7 +20,7 @@
         state=directory
 
 - name: Copy Wondershaper config script
-  template: src=wondershaper/wondershaper.conf
+  template: src=roles/network/templates/wondershaper/wondershaper.conf
             dest=/etc/conf.d/wondershaper.conf
             owner=root
             group=root