Refs #8025 Role debian-base: Refactor vn-repo to ensure idempotency and enhance major Bacula task.

inventories/group_vars/all.yml

@@ -20,18 +20,4 @@ awx_pub_key: >
   ssh-ed25519 
   AAAAC3NzaC1lZDI1NTE5AAAAIKzAwWm+IsqZCgMzjdZ7Do3xWtVtoUCpWJpH7KSi2a/H 
   awx@verdnatura.es
-base_packages:
-  - htop
-  - psmisc
-  - bash-completion
-  - screen
-  - aptitude
-  - tree
-  - btop
-  - ncdu
-  - debconf-utils
-  - net-tools
-locales_present:
-  - en_US.UTF-8
-  - es_ES.UTF-8
 passbolt_folder: e0d517be-6783-4b97-9742-acaa9b09742f

roles/debian-base/defaults/main.yaml

@@ -12,8 +12,24 @@ fail2ban_base_packages:
 vn_host:
   url: http://apt.verdnatura.es/pool/main/v/vn-host
   package: vn-host_2.0.2_all.deb
+  name: vn-host
 time_server_spain: ntp.roa.es
 nagios_packages:
   - nagios-nrpe-server
   - nagios-plugins-contrib
   - monitoring-plugins-basic
+base_packages:
+  - htop
+  - psmisc
+  - bash-completion
+  - screen
+  - aptitude
+  - tree
+  - btop
+  - ncdu
+  - debconf-utils
+  - net-tools
+locales_present:
+  - en_US.UTF-8
+  - es_ES.UTF-8
+

roles/debian-base/tasks/bacula.yml

@@ -2,17 +2,31 @@
   apt:
     name: bacula-fd
     state: present
-- name: Load Bacula default passwords
+- name: Read content file in base64
   slurp:
     src: /etc/bacula/common_default_passwords
-  register: bacula_passwords
+  register: file_content
+- name: Going to text plane
+  set_fact:
+    file_content_decoded: "{{ file_content.content | b64decode }}"
+- name: Extracting passwords
+  set_fact:
+    passwords: "{{ file_content_decoded.splitlines() | select('match', '^[^#]') | map('regex_replace', '^([^=]+)=(.+)$', '\\1:\\2') | list }}"
+- name: Initialize password dictionary
+  set_fact:
+    bacula_passwords: {}
+- name: Convert lines to individual variables generating a new dict
+  set_fact:
+    bacula_passwords: "{{ bacula_passwords | combine({item.split(':')[0].lower(): item.split(':')[1] | regex_replace('\\n$', '') }) }}"
+  loop: "{{ passwords }}"
+  when: "'FDPASSWD' in item or 'FDMPASSWD' in item"
 - name: Configure Bacula FD
   template:
     src: bacula-fd.conf
     dest: /etc/bacula/bacula-fd.conf
     owner: root
     group: bacula
-    mode: u=rw,g=r,o=
+    mode: '0640'
     backup: true
 - name: Restart Bacula FD service
   service:

roles/debian-base/tasks/main.yml

@@ -24,3 +24,7 @@
   tags: nrpe
 - import_tasks: fail2ban.yml
   tags: fail2ban
+- import_tasks: bacula.yml
+  tags: bacula
+- import_tasks: vn-repo.yml
+  tags: vn-repo

roles/debian-base/tasks/vn-repo.yml

@@ -1,12 +1,3 @@
-- name: Download vn-host Debian package
-  get_url:
-    url: "{{ vn_host.url }}/{{ vn_host.package }}"
-    dest: "/tmp/{{ vn_host.package }}"
-    mode: u=rw,g=r,o=r
 - name: Install package
   apt:
-    deb: "/tmp/{{ vn_host.package }}"
+    deb: "{{ vn_host.url }}/{{ vn_host.package }}"
-- name: Delete package
-  file:
-    path: "/tmp/{{ vn_host.package }}"
-    state: absent

roles/debian-base/templates/bacula-fd.conf

@@ -1,10 +1,10 @@
 Director {
   Name = bacula-dir
-  Password = "{{ FDPASSWD }}"
+  Password = "{{ bacula_passwords.fdpasswd }}"
 }
 Director {
   Name = bacula-mon
-  Password = "{{ FDMPASSWD }}"
+  Password = "{{ bacula_passwords.fdmpasswd }}"
   Monitor = yes
 }
 FileDaemon {

roles/debian-base/templates/jail.local

@@ -14,6 +14,7 @@ action    = %(action_)s
 #+++++++++++++++ Jails
 
 [sshd]
+ignoreip  = 127.0.0.1/8
 enabled   = true
 port      = 0:65535
 filter    = sshd