tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ansible-roles/dnet_user_services_perms/tasks/main.yml

119 lines
5.5 KiB
YAML
Raw Blame History

---
- name: Add the all the users to the dnet group
user: name={{ item.login }} groups={{ dnet_group }}
with_items: users_system_users
tags: [ 'dnet', 'users' ]
- name: Install the sudoers config that permits the dnet users to restart tomcat
template: src=dnet-sudoers.j2 dest=/etc/sudoers.d/dnet-group owner=root group=root mode=0440
tags: [ 'tomcat', 'dnet', 'sudo', 'users' ]
- name: Create the dnet data dirs
file: name={{ item }} state=directory owner={{ dnet_user }} group={{ dnet_group }} mode=0750
with_items: dnet_data_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Create the dnet log dirs
file: name={{ item }} state=directory owner={{ tomcat_user }} group={{ dnet_group }} mode=0750
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the read/write permissions on the dnet data dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
with_items: dnet_data_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the dnet data dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
with_items: dnet_data_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the read permissions on the dnet log dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the dnet log dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Install additional packages, if needed
apt: pkg={{ item }} state=installed
with_items: dnet_additional_packages
when: dnet_additional_packages is defined
tags: ['dnet', 'pkgs']
- name: Install additional python modules, if needed
pip: name={{ item }} state=present
with_items: dnet_additional_python_modules
when: dnet_additional_python_modules is defined
tags: ['dnet', 'pkgs']
#
# Acls for the single tomcat instance
#
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read permissions on the tomcat log directory. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_logdir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the tomcat log directory. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_logdir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
#
# Same steps, but when we are using multiple tomcat instances
#
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present
when: tomcat_m_instances is defined
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'webapps', 'common', 'common/classes' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
when: tomcat_m_instances is defined
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'webapps', 'common', 'common/classes' ]
tags: [ 'tomcat', 'dnet', 'users' ]
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read permissions on the tomcat log directory. multiple tomcat instances
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present
when: tomcat_m_instances is defined
with_items: tomcat_m_instances
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the tomcat log directory. multiple tomcat instances
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
when: tomcat_m_instances is defined
with_items: tomcat_m_instances
tags: [ 'tomcat', 'dnet', 'users' ]
Reference in New Issue View Git Blame Copy Permalink