blob: 4984b5284a260093ad47efcaa2f357f881193a69 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
- include: vpn.yml
- name: Install apt-cacher-ng
apt: pkg=apt-cacher-ng
- name: Install squid proxy server
apt: pkg={{ item }}
with_items:
- squid3
- libnettle4
- libdb5.1
- name: See if we need debian's updated squid3
# the trusty version of squid3 is terribly broken and won't support
# on disk caches:
# http://www.mail-archive.com/squid-users@lists.squid-cache.org/msg01171.html
shell: "dpkg --compare-versions `dpkg -s squid3 | grep Version | cut -d: -f2` lt 3.4"
register: squid_ver
ignore_errors: true
changed_when: false
- name: download squid3
get_url: url={{ item.link }} dest={{ item.dest }}
with_items:
- {link: 'http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3-common_3.4.8-5~bpo70+1_all.deb', dest: '/tmp/squid3_common.deb'}
- {link: 'http://ftp.de.debian.org/debian/pool/main/s/squid3/squid3_3.4.8-5~bpo70+1_amd64.deb', dest: '/tmp/squid3.deb'}
when: squid_ver is defined and squid_ver.rc == 0
- name: install squid3 packages
apt: deb={{ item }} force=yes
with_items:
- '/tmp/squid3_common.deb'
- '/tmp/squid3.deb'
when: squid_ver is defined and squid_ver.rc == 0
- name: delete squid3 packages
file: path={{ item }} state=absent
with_items:
- '/tmp/squid3_common.deb'
- '/tmp/squid3.deb'
when: squid_ver is defined and squid_ver.rc == 0
- name: Configure squid proxy server
lineinfile: dest=/etc/squid3/squid.conf backup=yes
insertafter="^# INSERT YOUR OWN RULE\(S\) HERE"
line="include /etc/squid3/colo.conf"
- name: Copy colo overrides for squid
copy: src=colo-squid.conf
dest=/etc/squid3/colo.conf
owner=root group=root mode=0644
notify:
- reload squid
- name: Copy iptables NAT rules (NOTE - does not enable them)
copy: src=iptables
dest=/etc/rc.aus-colo-nat
owner=root
group=root
mode=0655
- name: Enable iptables rules at start-up
lineinfile: 'dest=/etc/rc.local
line="/etc/rc.aus-colo-nat #ADDED BY ANSIBLE"
regexp="^\/etc\/rc.aus-colo-nat #ADDED BY ANSIBLE"
insertbefore="exit 0"'
- name: Copy manage_iptables.py
copy: src=manage_iptables.py dest=/usr/local/bin/manage_iptables.py mode=0655
- name: Copy iptables.conf
copy: src=iptables.conf dest=/etc/iptables.conf mode=0655
tags:
- dns
notify:
- reload iptables
- name: Set up network interfaces
copy: src=router-interfaces
dest=/etc/network/interfaces
owner=root
group=root
mode=0644
tags:
- dns
- name: Set up hosts file
template: src=hosts.j2
dest=/etc/hosts
owner=root
group=root
mode=0644
tags:
- dns
- name: Install dnsmasq
action: apt pkg=dnsmasq
- name: Configure dnsmas.d
template: src=router-dnsmasq.j2
dest=/etc/dnsmasq.d/aus-colo
owner=root
group=root
mode=0644
notify:
- reload dnsmasq
tags:
- dns
- name: Install pdu_power script
action: copy src=pdu_power
dest=/usr/local/bin/pdu_power
owner=root
group=root
mode=0755
tags:
- pdu_power
- name: Install pdu_power configuration
action: template src=pdu_power.conf.j2
dest=/etc/pdu_power.conf
owner=root
group=root
mode=0440
tags:
- pdu_power
- colo_user
- name: Configure pdu_power sudoers
action: copy src=pdu_power.sudoers
dest=/etc/sudoers.d/pdu_power
owner=root
group=root
mode=0440
tags:
- pdu_power
|