blob: 98c4f0b247819e0bef7521640cac4e483ddd750b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
- include: vpn.yml
- name: Install apt-cacher-ng
apt: pkg=apt-cacher-ng
- name: Install squid proxy server
apt: pkg={{ item }}
with_items:
- squid3
- libnettle4
- libdb5.1
- name: See if we need debian's updated squid3
# the trusty version of squid3 is terribly broken and won't support
# on disk caches:
# http://www.mail-archive.com/squid-users@lists.squid-cache.org/msg01171.html
shell: "dpkg --compare-versions `dpkg -s squid3 | grep Version | cut -d: -f2` lt 3.4"
register: squid_ver
ignore_errors: true
changed_when: false
- name: download squid3
get_url: url={{ item.link }} dest={{ item.dest }}
with_items:
- {link: 'http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3-common_3.4.8-5~bpo70+1_all.deb', dest: '/tmp/squid3_common.deb'}
- {link: 'http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.4.8-5~bpo70+1_amd64.deb', dest: '/tmp/squid3.deb'}
when: squid_ver is defined and squid_ver.rc == 0
- name: install squid3 packages
apt: deb={{ item }} force=yes
with_items:
- '/tmp/squid3_common.deb'
- '/tmp/squid3.deb'
when: squid_ver is defined and squid_ver.rc == 0
- name: delete squid3 packages
file: path={{ item }} state=absent
with_items:
- '/tmp/squid3_common.deb'
- '/tmp/squid3.deb'
when: squid_ver is defined and squid_ver.rc == 0
- name: Configure squid proxy server
lineinfile: dest=/etc/squid3/squid.conf backup=yes
insertafter="^# INSERT YOUR OWN RULE\(S\) HERE"
line="include /etc/squid3/colo.conf"
- name: Copy colo overrides for squid
copy: src=colo-squid.conf
dest=/etc/squid3/colo.conf
owner=root group=root mode=0644
notify:
- reload squid
- name: Copy iptables NAT rules (NOTE - does not enable them)
copy: src=iptables
dest=/etc/rc.aus-colo-nat
owner=root
group=root
mode=0655
- name: Enable iptables rules at start-up
lineinfile: 'dest=/etc/rc.local
line="/etc/rc.aus-colo-nat #ADDED BY ANSIBLE"
regexp="^\/etc\/rc.aus-colo-nat #ADDED BY ANSIBLE"
insertbefore="exit 0"'
- name: Set up network interfaces
copy: src=router-interfaces
dest=/etc/network/interfaces
owner=root
group=root
mode=0644
- name: Set up hosts file
template: src=hosts.j2
dest=/etc/hosts
owner=root
group=root
mode=0644
tags:
- dnsmasq
- name: Install dnsmasq
action: apt pkg=dnsmasq
- name: Configure dnsmas.d
template: src=router-dnsmasq.j2
dest=/etc/dnsmasq.d/aus-colo
owner=root
group=root
mode=0644
notify:
- reload dnsmasq
tags:
- dnsmasq
- name: Install pdu_power script
action: copy src=pdu_power
dest=/usr/local/bin/pdu_power
owner=root
group=root
mode=755
tags:
- pdu_power
- name: Install pdu_power configuration
action: template src=pdu_power.conf.j2
dest=/etc/pdu_power.conf
owner=root
group=root
mode=440
tags:
- pdu_power
- colo_user
- name: Configure pdu_power sudoers
action: copy src=pdu_power.sudoers
dest=/etc/sudoers.d/pdu_power
owner=root
group=root
mode=440
tags:
- pdu_power
|