35 tasks/*.yml writing to iiab_state.yml

roles/network/tasks/dansguardian.yml

@@ -11,7 +11,7 @@
     dest: /etc/dansguardian/dansguardian.conf
     owner: dansguardian
     group: dansguardian
-    mode: 0640
+    mode: '0640'
   when: ansible_distribution == "Fedora"
 
 - name: Install /etc/dansguardian/dansguardian.conf from template (debuntu)
@@ -20,7 +20,7 @@
     dest: /etc/dansguardian/dansguardian.conf
     owner: dansguardian
     group: dansguardian
-    mode: 0640
+    mode: '0640'
   when: is_debuntu | bool
 
 - name: Install /etc/dansguardian/dansguardian.conf from template (CentOS)
@@ -29,7 +29,7 @@
     dest: /etc/dansguardian/dansguardian.conf
     owner: dansguardian
     group: vscan
-    mode: 0640
+    mode: '0640'
   when: ansible_distribution == "CentOS"
 
 - name: Create directory /var/log/dansguardian (OS's other than CentOS)
@@ -37,7 +37,7 @@
     path: /var/log/dansguardian
     owner: dansguardian
     group: dansguardian
-    mode: 0750
+    mode: '0750'
     state: directory
   when: ansible_distribution != "CentOS"
 
@@ -46,7 +46,7 @@
     path: /var/log/dansguardian
     owner: dansguardian
     group: vscan
-    mode: 0750
+    mode: '0750'
     state: directory
   when: ansible_distribution == "CentOS"
 
@@ -55,4 +55,3 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^dansguardian_installed'
     line: 'dansguardian_installed: True'
-    state: present

roles/network/tasks/dhcpd.yml

@@ -3,16 +3,12 @@
     name: isc-dhcp-server
     state: present
   when: is_debuntu | bool
-  tags:
-    - download
 
 - name: Install dhcp package (not debuntu)
   package:
     name: dhcp
     state: present
   when: not is_debuntu
-  tags:
-    - download
 
 - name: Create non-privileged user 'dhcpd' (debuntu)
   user:
@@ -37,13 +33,11 @@
 
 - name: Install systemd unit file to /etc/systemd/system/dhcpd.service
   template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: "{{ item.mode }}"
-  with_items:
-   - { src: 'roles/network/templates/dhcp/dhcpd.service', dest: '/etc/systemd/system/dhcpd.service', mode: '0644' }
+    src: roles/network/templates/dhcp/dhcpd.service
+    dest: /etc/systemd/system/dhcpd.service
+    # owner: root
+    # group: root
+    # mode: '0644'
 
 - name: Create file /var/lib/dhcpd/dhcpd.leases (redhat)
   command: touch /var/lib/dhcpd/dhcpd.leases
@@ -56,8 +50,8 @@
     path: /var/lib/dhcpd/dhcpd.leases
     owner: dhcpd
     group: dhcpd
-    mode: 0644
-    state: file
+    mode: '0644'
+    # state: file
   when: is_redhat | bool
 
 - name: "Add 'dhcpd_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@@ -65,4 +59,3 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^dhcpd_installed'
     line: 'dhcpd_installed: True'
-    state: present

roles/network/tasks/named.yml

@@ -5,8 +5,6 @@
       - bind9utils
     state: present
   when: is_debuntu | bool
-  tags:
-    - download
 
 - name: "Install named packages: bind, bind-utils (OS's other than debuntu)"
   package:
@@ -15,8 +13,6 @@
       - bind-utils
     state: present
   when: not is_debuntu
-  tags:
-    - download
 
 # or we have to change the serial number in the config files.
 - name: Stop named before copying files (if first_run and debuntu)
@@ -30,7 +26,7 @@
     path: "{{ item }}"
     owner: "{{ dns_user }}"
     group: root
-    mode: 0755
+    mode: '0755'
     state: directory
   with_items:
     - /var/named-iiab
@@ -72,7 +68,7 @@
   template:
     src: "roles/network/templates/named/{{ dns_service }}.service"
     dest: "/etc/systemd/system/{{ dns_service }}.service"
-    mode: 0644
+    mode: '0644'
 
 - name: "Install /etc/{{ apache_config_dir }}/dns-jail.conf from template: dns-jail redirect requires the named.blackhole, disabling recursion (if dns_jail_enabled)"
 #        in named-iiab.conf, and the redirection of 404 error documents to /
@@ -81,31 +77,19 @@
     dest: "/etc/{{ apache_config_dir }}/"
   when: dns_jail_enabled | bool
 
-- name: Create symlink dns-jail.conf from sites-enabled to sites-available (if debuntu and dns_jail_enabled)
-  file:
-    src: "/etc/{{ apache_config_dir }}/dns-jail.conf"
-    path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
-    state: link
-  when: is_debuntu and dns_jail_enabled
-
-- name: Remove symlink /etc/{{ apache_service }}/sites-enabled/dns-jail.conf (if debuntu and not dns_jail_enabled)
-  file: 
-    path: "/etc/{{ apache_service }}/sites-enabled/dns-jail.conf"
-    state: absent
-  when: is_debuntu and not dns_jail_enabled
-
-- name: Remove symlink /etc/{{ apache_config_dir }}/dns-jail.conf (if not debuntu and not dns_jail_enabled)
-  file:
-    path: "/etc/{{ apache_config_dir }}/dns-jail.conf"
-    state: absent
-  when: not is_debuntu and not dns_jail_enabled
-
 - name: "Add 'named_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   lineinfile:
     dest: "{{ iiab_state_file }}"
     regexp: '^named_installed'
     line: 'named_installed: True'
-    state: present
+
+- name: Enable dns-jail.conf via Apache
+  command: a2ensite dns-jail.conf
+  when: dns_jail_enabled | bool
+
+- name: Disable dns-jail.conf via Apache
+  command: a2dissite: dns-jail.conf
+  when: not dns_jail_enabled
 
 - name: Start named systemd service
   systemd:

roles/network/tasks/squid.yml

@@ -4,8 +4,6 @@
       - "{{ proxy }}"
       - cadaver
     state: present
-  tags:
-    - download
 
 - name: "Bigger hammer for Ubuntu, run: /etc/init.d/squid stop"
   command: /etc/init.d/squid stop
@@ -68,7 +66,7 @@
     path: /library/cache
     owner: "{{ proxy_user }}"
     group: "{{ proxy_user }}"
-    mode: 0750
+    mode: '0750'
     state: directory
 
 - name: Create Squid directory /var/log/{{ proxy }}
@@ -76,7 +74,7 @@
     path: "/var/log/{{ proxy }}"
     owner: "{{ proxy_user }}"
     group: "{{ proxy_user }}"
-    mode: 0750
+    mode: '0750'
     state: directory
 
 - include_tasks: roles/network/tasks/dansguardian.yml
@@ -87,7 +85,6 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^squid_installed'
     line: 'squid_installed: True'
-    state: present
 
 # {{ proxy }} is normally "squid", but is "squid3" on raspbian-8 & debian-8
 - name: Add '{{ proxy }}' variable values to {{ iiab_ini_file }}

roles/network/tasks/wondershaper.yml

@@ -3,39 +3,39 @@
     backup: yes
     src: roles/network/templates/wondershaper/wondershaper.service
     dest: /etc/systemd/system/wondershaper.service
-    mode: 0644
+    # mode: '0644'
 
 - name: Install /usr/bin/wondershaper from template
   template:
     backup: yes
     src: roles/network/templates/wondershaper/wondershaper.j2
     dest: /usr/bin/wondershaper
-    owner: root
-    group: root
-    mode: 0744
+    # owner: root
+    # group: root
+    # mode: '0744'
 
 - name: Create conf.d directory
   file:
     path: /etc/conf.d
-    owner: root
-    group: root
-    mode: 0755
+    # owner: root
+    # group: root
+    # mode: '0755'
     state: directory
 
 - name: Install /etc/conf.d/wondershaper.conf from template
   template:
     src: roles/network/templates/wondershaper/wondershaper.conf
     dest: /etc/conf.d/wondershaper.conf
-    owner: root
-    group: root
-    mode: 0600
+    # owner: root
+    # group: root
+    mode: '0600'
 
-- name: Create fact (link) for /etc/conf.d/wondershaper.conf
+- name: Create fact (symlink) /etc/ansible/facts.d/wondershaper.fact -> /etc/conf.d/wondershaper.conf
   file:
     src: /etc/conf.d/wondershaper.conf
     dest: /etc/ansible/facts.d/wondershaper.fact
-    owner: root
-    group: root
+    # owner: root
+    # group: root
     state: link
 
 - name: "Add 'wondershaper_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
@@ -43,7 +43,6 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^wondershaper_installed'
     line: 'wondershaper_installed: True'
-    state: present
 
 - name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
   ini_file: