majic-ansible-roles Changeset

Changeset - 7276805aace1

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 16 days ago 2024-09-03 13:21:14
branko@majic.rs

MAR-218: Fix partial becomes (become_user without become on task level).

1 file changed with 4 insertions and 0 deletions:

roles/mail_server/molecule/default/prepare.yml

0 comments (0 inline, 0 general)

roles/mail_server/molecule/default/prepare.yml

➞

Show inline comments

@@ @@ -65,85 +65,89 @@ @@
           - nmap
         state: present
 - name: Prepare, helpers, local ClamAV database mirror (avoid upstream rate limits)
   hosts: clamav-database
   become: true
   tasks:
     - name: Install system packages for hosting the ClamAV database
       apt:
         name:
           - nginx
           - virtualenv
         state: present
     - name: Set-up directory for ClamAV database sync tool virtual environment
       file:
         path: /var/lib/cvdupdate
         state: directory
         owner: vagrant
         group: vagrant
         mode: 0755
     - name: Create virtual environment for running ClamAV database sync tool
       become: true
       become_user: vagrant
       command:
         cmd: "/usr/bin/virtualenv --python /usr/bin/python3 --prompt '(cvdupdate) ' /var/lib/cvdupdate"
         creates: "/var/lib/cvdupdate"
     - name: Deploy pip requirements file for running the ClamAV database sync tool
       copy:
         src: cvdupdate-requirements.txt
         dest: /var/lib/cvdupdate/requirements.txt
         owner: vagrant
         group: vagrant
         mode: 0644
     - name: Install requirements in the pipreqcheck virtual environment
       become: true
       become_user: vagrant
       pip:
         requirements: /var/lib/cvdupdate/requirements.txt
         virtualenv: /var/lib/cvdupdate
     - name: Allow traversal of Vagrant directory by the http server user
       file:
         path: /vagrant/
         mode: 0711
     - name: Create directory for storing ClamAV database files
       file:
         path: /vagrant/clamav-database
         state: directory
         owner: vagrant
         group: vagrant
         mode: 0755
     - name: Configure default location for storing ClamAV database files
       become: true
       become_user: vagrant
       command: "/var/lib/cvdupdate/bin/cvd config set --dbdir /vagrant/clamav-database/"
     - name: Download/update the ClamAV database files
       become: true
       become_user: vagrant
       command: "/var/lib/cvdupdate/bin/cvd update"
     - name: Allow all users to read ClamAV database files
       file:
         path: "/vagrant/clamav-database/"
         mode: "g=u-w,o=u-w"
         recurse: true
     - name: Deploy nginx TLS private key
       copy:
         dest: "/etc/ssl/private/nginx_https.key"
         content: "{{ clamav_database_http_server_tls_key }}"
         mode: 0640
         owner: root
         group: root
       notify:
         - Restart nginx
     - name: Deploy nginx TLS certificate
       copy:
         dest: "/etc/ssl/certs/nginx_https.pem"
         content: "{{ clamav_database_http_server_tls_certificate }}"
         mode: 0644

0 comments (0 inline, 0 general)