From bba5e273aeefc6bc4d1b894f7e526252fd0d1702 Mon Sep 17 00:00:00 2001 From: Jason Rothstein Date: Sun, 14 Nov 2021 11:33:05 -0600 Subject: [PATCH] Role shell --- handlers/main.yml | 27 ++++++++- tasks/main.yml | 149 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 174 insertions(+), 2 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 53dd825..7063426 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,27 @@ --- -# handlers file for ensure_postfix \ No newline at end of file +# handlers file for ensure_postfix +- name: 'ensure_postfix.package_facts' + ansible.builtin.package_facts: +- name: 'ensure_postfix.service_facts' + ansible.builtin.service_facts: +- name: 'ensure_postfix.service_reload' + when: + - ansible_system == 'Linux' + - ansible_service_mgr == 'systemd' + - ensure_postfix is defined + ansible.builtin.systemd: + daemon_reload: 'yes' +- name: 'ensure_postfix.services' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.service_list is defined + - ensure_postfix.service_list is iterable + - item.state == 'started' + ansible.builtin.service: + enabled: '{{ item.enabled }}' + name: '{{ item.name }}' + state: 'restarted' + loop: '{{ ensure_postfix.service_list }}' + loop_control: + label: '{{ item.name }} will be restarted' diff --git a/tasks/main.yml b/tasks/main.yml index 649b962..54dda11 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,2 +1,149 @@ --- -# tasks file for ensure_postfix \ No newline at end of file +# tasks file for ensure_postfix +- name: 'include variables' + when: + - ansible_system == 'Linux' + include_vars: + file: '{{ lookup("first_found", findme ) }}' + name: 'ensure_postfix' + vars: + findme: + files: + - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml' + - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml' + - '{{ ansible_distribution }}-default.yml' + - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml' + - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml' + - '{{ ansible_os_family }}-default.yml' + - 'default.yml' + paths: + - '../vars/' + errors: 'ignore' +- name: 'package discovery' + when: + - ansible_system == 'Linux' + - packages is not defined + ansible.builtin.package_facts: +- name: 'service discovery' + when: + - ansible_system == 'Linux' + - services is not defined + ansible.builtin.service_facts: +- name: 'ensure sysctl' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.sysctl_list is defined + - ensure_postfix.sysctl_list is iterable + ansible.posix.sysctl: + name: '{{ item.name }}' + reload: '{{ item.reload | default(omit) }}' + state: '{{ item.state }}' + sysctl_file: '{{ item.sysctl_file | default(omit) }}' + sysctl_set: '{{ item.sysctl_set | default(omit) }}' + value: '{{ item.value | default(omit) }}' + loop: '{{ ensure_postfix.sysctl_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.value }}' +- name: 'ensure packages' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.package_list is defined + - ensure_postfix.package_list is iterable + - packages[item.name] is not defined + ansible.builtin.package: + name: '{{ item.name }}' + state: '{{ item.state }}' + loop: '{{ ensure_postfix.package_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' + notify: + - 'ensure_postfix.package_facts' + - 'ensure_postfix.service_facts' +- name: 'ensure seboolean' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.seboolean_list is defined + - ensure_postfix.seboolean_list is iterable + ansible.posix.seboolean: + name: '{{ item.name }}' + persistent: '{{ item.persistent }}' + state: '{{ item.state }}' + loop: '{{ ensure_postfix.seboolean_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' +- name: 'find certificates' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.template_list is defined + - ensure_postfix.template_list is iterable + ansible.builtin.find: + file_type: 'file' + paths: + - '/etc/httpd/md/domains/' + patterns: + - 'pubcert.pem' + - 'privkey.pem' + recurse: 'yes' + register: 'certificates' +- name: 'ensure configurations' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.template_list is defined + - ensure_postfix.template_list is iterable + ansible.builtin.template: + backup: 'no' + dest: '{{ item.dest }}' + group: '{{ item.group | default(omit) }}' + mode: '{{ item.mode | default(omit) }}' + owner: '{{ item.owner | default(omit) }}' + selevel: '{{ iteml.selevel | default(omit) }}' + serole: '{{ item.serole | default(omit) }}' + setype: '{{ item.setype | default(omit) }}' + seuser: '{{ item.seuser | default(omit) }}' + src: '{{ item.src }}' + loop: '{{ ensure_postfix.template_list }}' + loop_control: + label: '{{ item.dest }} will be ensured' + notify: + - 'ensure_postfix.package_facts' + - 'ensure_postfix.service_facts' + - 'ensure_postfix.service_reload' + - 'ensure_postfix.services' +- name: 'ensure firewall' + when: + - ansible_system == 'Linux' + - packages["firewalld"] is defined + - packages["python3-firewall"] is defined + - ensure_postfix is defined + - ensure_postfix.firewall_list is defined + - ensure_postfix.firewall_list is iterable + ansible.posix.firewalld: + permanent: '{{ item.permanent }}' + service: '{{ item.service }}' + state: '{{ item.state }}' + loop: '{{ ensure_postfix.firewall_list }}' + loop_control: + label: '{{ item.service }} will be {{ item.state }}' +- name: 'ensure services' + when: + - ansible_system == 'Linux' + - ensure_postfix is defined + - ensure_postfix.service_list is defined + - ensure_postfix.service_list is iterable + ansible.builtin.service: + enabled: '{{ item.enabled }}' + name: '{{ item.name }}' + state: '{{ item.state }}' + loop: '{{ ensure_postfix.service_list }}' + loop_control: + label: '{{ item.name }} will be {{ item.state }}' + notify: + - 'ensure_postfix.package_facts' + - 'ensure_postfix.service_facts' +- name: 'flush handlers' + meta: 'flush_handlers'