forked from ISTI-ansible-roles/ansible-roles
dnet_user_services_perms: Fix the acl tasks so that they can run safely in recursive mode.
This commit is contained in:
Andrea Dell'Amico
parent
253de6b3b2
commit
6c911f85db
|
|
@ -10,32 +10,22 @@
|
|||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the read/write permissions on the dnet data dirs
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwX state=present recursive=yes
|
||||
with_items: '{{ dnet_data_directories }}'
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read/write permissions on the dnet data dirs
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwX state=present default=yes recursive=yes
|
||||
with_items: '{{ dnet_data_directories }}'
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Recursively set the ACLs to give access and read write permissions on the dnet data directories
|
||||
shell: find {{ item }} -type d -exec setfacl -d -m group:{{ dnet_group }}:rwx,m:rwx {} \; ; find {{ item }} -type d -exec setfacl -m group:{{ dnet_group }}:rwx,m:rwx {} \; ; find {{ item }} -type f -exec setfacl -m group:{{ dnet_group }}:rw,m:rw {} \;
|
||||
with_items: '{{ dnet_data_directories }}'
|
||||
tags: [ 'dnet_acls', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the read permissions on the dnet log dirs
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rX state=present recursive=yes
|
||||
with_items: '{{ dnet_log_directories }}'
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read permissions on the dnet log dirs
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rX state=present default=yes recursive=yes
|
||||
with_items: '{{ dnet_log_directories }}'
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Recursively set the ACLs to give access and read permissions on the log directories
|
||||
shell: find {{ item }} -type d -exec setfacl -d -m group:{{ dnet_group }}:r-x {} \; ; find {{ item }} -type d -exec setfacl -m group:{{ dnet_group }}:r-x {} \; ; find {{ item }} -type f -exec setfacl -m group:{{ dnet_group }}:r {} \;
|
||||
with_items: '{{ dnet_log_directories }}'
|
||||
tags: [ 'dnet_acls', 'dnet', 'users' ]
|
||||
|
||||
|
|
|
|||
|
|
@ -4,14 +4,14 @@
|
|||
#
|
||||
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwX state=present recursive=yes
|
||||
with_items:
|
||||
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
|
||||
when: tomcat_m_instances is not defined
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwX state=present default=yes recursive=yes
|
||||
with_items:
|
||||
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
|
||||
when: tomcat_m_instances is not defined
|
||||
|
|
@ -19,14 +19,14 @@
|
|||
|
||||
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||
- name: Set the read permissions on the tomcat log directory. single tomcat instance
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rX state=present recursive=yes
|
||||
with_items:
|
||||
- [ '{{ tomcat_logdir }}' ]
|
||||
when: tomcat_m_instances is not defined
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read permissions on the tomcat log directory. single tomcat instance
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rX state=present default=yes recursive=yes
|
||||
with_items:
|
||||
- [ '{{ tomcat_logdir }}' ]
|
||||
when: tomcat_m_instances is not defined
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
#
|
||||
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
|
||||
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwX state=present recursive=yes
|
||||
with_nested:
|
||||
- '{{ tomcat_m_instances }}'
|
||||
- [ 'webapps', 'common', 'common/classes' ]
|
||||
|
|
@ -45,7 +45,7 @@
|
|||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
|
||||
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwX state=present default=yes recursive=yes
|
||||
with_nested:
|
||||
- '{{ tomcat_m_instances }}'
|
||||
- [ 'webapps', 'common', 'common/classes' ]
|
||||
|
|
@ -54,13 +54,13 @@
|
|||
|
||||
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||
- name: Set the read permissions on the tomcat log directory. multiple tomcat instances
|
||||
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rX state=present recursive=yes
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: tomcat_m_instances is defined
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
||||
- name: Set the default read permissions on the tomcat log directory. multiple tomcat instances
|
||||
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rX state=present default=yes recursive=yes
|
||||
with_items: '{{ tomcat_m_instances }}'
|
||||
when: tomcat_m_instances is defined
|
||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||
|
|
|
|||
|
|
@ -6,20 +6,12 @@
|
|||
tags: [ 'dnet', 'users', 'dnet_u_acl' ]
|
||||
|
||||
- name: Set the read/write/access permissions on the users dnet data dirs
|
||||
acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present
|
||||
acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwX') }} state=present recursive=yes
|
||||
with_items: '{{ dnet_users_data_directories | default([]) }}'
|
||||
when: not item.file
|
||||
tags: [ 'dnet', 'users', 'dnet_u_acl' ]
|
||||
|
||||
- name: Set the default read/write/access permissions on the users dnet data dirs
|
||||
acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwx') }} state=present default=yes
|
||||
acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rwX') }} state=present default=yes recursive=yes
|
||||
with_items: '{{ dnet_users_data_directories | default([]) }}'
|
||||
when: not item.file
|
||||
tags: [ 'dnet', 'users', 'dnet_u_acl' ]
|
||||
|
||||
- name: Set the read/write permissions on pre-existing files inside the users dnet data dirs
|
||||
acl: name={{ item.name }} entity={{ dnet_group }} etype=group permissions={{ item.aclperms | default ('rw') }} state=present
|
||||
with_items: '{{ dnet_users_data_directories | default([]) }}'
|
||||
when: item.file
|
||||
tags: [ 'dnet', 'users', 'dnet_u_acl' ]
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue