diff --git a/defaults/main.yml b/defaults/main.yml
index d4fd99672124819d1f766df82d1dcb555a20d520..5d6218f9fed21063731a52d2eecd39af52908f12 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,6 @@
jailkit: false
-jailroot: '/jails'
+jailroot: /jails
jailsite_init_force: false
jailuser_init: false
-jailkit_components: 'extendedshell git jk_lsh rsync scp sftp ssh php drush netutils'
+jailkit_components: extendedshell git jk_lsh rsync scp sftp ssh php drush netutils
jailusers: []
diff --git a/tasks/initjail.yml b/tasks/initjail.yml
index 61c406741fcd94b5f23fcd6c5aae26559d87f432..57e95e2deb3d1c1e946d4460e269c0d9c86b70ff 100644
--- a/tasks/initjail.yml
+++ b/tasks/initjail.yml
@@ -1,27 +1,27 @@
---
# file: roles/jailkit/tasks/initjail.yml
-- name: "Init Jail"
+- name: Init Jail
shell: jk_init -j {{ jailroot }}/{{ drupal.jail.name }} {{ jailkit_components }}
-- name: "Copy Tools"
+- name: Copy Tools
shell: jk_cp -j {{ jailroot }}/{{ drupal.jail.name }} -o -s -f /bin/bash /usr/bin/groups /etc/group /usr/bin/tput
-- name: "Create Apache Group"
+- name: Create Apache Group
group:
name='{{ drupal.jail.name }}'
-- name: "Create Apache User"
+- name: Create Apache User
user:
name='{{ drupal.jail.name }}'
shell='/bin/false'
group='{{ drupal.jail.name }}'
groups='www-data'
-- name: "Apply Apache User to Jail"
+- name: Apply Apache User to Jail
shell: jk_jailuser -m -j {{ jailroot }}/{{ drupal.jail.name }} {{ drupal.jail.name }}
-- name: "Add main Apache User to Jail Group"
+- name: Add main Apache User to Jail Group
user:
name='www-data'
groups='{{ drupal.jail.name }}'
diff --git a/tasks/initjailusers.yml b/tasks/initjailusers.yml
index cadf09f573560716480edf077cf9af017bc1d7ff..49d1243c04185b717959555ceba8d548115a76f0 100644
--- a/tasks/initjailusers.yml
+++ b/tasks/initjailusers.yml
@@ -1,16 +1,17 @@
---
# file: roles/jailkit/tasks/initjailusers.yml
-- name: "Get User ID"
+- name: Get User ID
command: id -u {{ username }}
register: userid
changed_when: false
- tags: 'always'
+ tags:
+ - always
-- name: "Copy user home directory into jails"
+- name: Copy user home directory into jails
shell: jk_cp -j {{ jailroot }}/{{ item.0.jail.name }} -o -s -f /home/{{ username }}/{{ item.1 }}
with_nested:
- - '{{ drupal_settings|default([]) }}'
+ - {{ drupal_settings|default([]) }}
- ['.bashrc',
'.config',
'.git-prompt.sh',
@@ -22,18 +23,20 @@
]
when: item.0.jail is defined and username in item.0.jail.users and (limit_site is not defined or limit_site == 'False' or item.0.id is not defined or limit_site == item.0.id)
ignore_errors: true
- tags: 'JailUserInit'
+ tags:
+ - JailUserInit
-- name: "Add User to Jail Group"
+- name: Add User to Jail Group
user:
name='{{ username }}'
groups='{{ item.jail.name }}'
append=yes
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (username in item.jail.users or username in admins) and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
- tags: 'SetPermissions'
+ tags:
+ - SetPermissions
-- name: "Add User To Jail /etc/passwd"
+- name: Add User To Jail /etc/passwd
lineinfile:
dest='{{ jailroot }}/{{ item.jail.name }}/etc/passwd'
state=present
@@ -41,9 +44,10 @@
line='{{ username }}:x:{{ userid.stdout }}:0::/var/www{{ item.webRoot|default("") }}:/bin/bash'
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and username in item.jail.users and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
- tags: 'SetPermissions'
+ tags:
+ - SetPermissions
-- name: "File Modes and Ownership"
+- name: File Modes and Ownership
file:
path='{{ jailroot }}/{{ item.jail.name }}/home/{{ username }}'
owner='{{ username }}'
@@ -53,5 +57,5 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (username in item.jail.users or username in admins) and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
tags:
- - 'JailUserInit'
- - 'SetPermissions'
+ - JailUserInit
+ - SetPermissions
diff --git a/tasks/install.yml b/tasks/install.yml
index a8bc3d200a7385179c84b4dfd859d9b758ef4b37..3ebfb28849d33e98e913ca83b19c742fc3f71aad 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,7 +1,7 @@
---
# file: roles/jailkit/tasks/install.yml
-- name: "Make sure an empty directory /tmp/jailkit exists"
+- name: Make sure an empty directory /tmp/jailkit exists
file:
path='/tmp/jailkit'
state='{{ item }}'
@@ -9,18 +9,18 @@
- absent
- directory
-- name: "Download JailKit"
+- name: Download JailKit
get_url:
url='http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz'
dest='/tmp/jailkit-2.17.tar.gz'
-- name: "Unpack JailKit"
+- name: Unpack JailKit
unarchive:
src='/tmp/jailkit-2.17.tar.gz'
dest='/tmp/jailkit'
copy=no
-- name: "Compile JailKit"
+- name: Compile JailKit
shell: "{{ item }} chdir=/tmp/jailkit/jailkit-2.17"
with_items:
- ./configure
diff --git a/tasks/jailkit.yml b/tasks/jailkit.yml
index fdc85e653a507ec017720943630f310e8590d502..ba00cf799878ab97267160a256b243567e0bc514 100644
--- a/tasks/jailkit.yml
+++ b/tasks/jailkit.yml
@@ -3,22 +3,23 @@
---
# file: roles/jailkit/tasks/jailkit.yml
-- include_tasks: '../../php/tasks/variables.yml'
- tags: 'always'
+- include_tasks: ../../php/tasks/variables.yml
+ tags:
+ - always
-- name: "Reset Permissions in User Homes"
+- name: Reset Permissions in User Homes
file:
- path: '/home/{{ item }}'
- state: 'directory'
+ path: /home/{{ item }}
+ state: directory
owner: '{{ item }}'
- group: 'root'
+ group: root
recurse: yes
follow: no
with_flattened:
- - '{{ admins }}'
- - '{{ jailusers }}'
+ - {{ admins }}
+ - {{ jailusers }}
-- name: "Check JailKit Requirement"
+- name: Check JailKit Requirement
shell: ls /usr/sbin/jk_init
register: jailkit_available
failed_when: false
@@ -27,7 +28,7 @@
- import_tasks: install.yml
when: jailkit_available is defined and jailkit_available.stdout != '/usr/sbin/jk_init'
-- name: "Create Jail Root Directory"
+- name: Create Jail Root Directory
file:
path='{{ jailroot }}'
state='directory'
@@ -35,10 +36,10 @@
group='root'
mode='755'
-- name: "Python Components"
+- name: Python Components
pip: name=pick
-- name: "Jail Script"
+- name: Jail Script
template:
src='jail'
dest='/usr/local/bin/jail'
@@ -46,16 +47,17 @@
group='root'
mode='755'
-- name: "Basic Config"
+- name: Basic Config
template:
src='jk_init.ini'
dest='/etc/jailkit/jk_init.ini'
owner='root'
group='root'
mode='644'
- tags: 'always'
+ tags:
+ - always
-- name: "Create Jail Directory"
+- name: Create Jail Directory
file:
path='{{ jailroot }}/{{ item.jail.name }}'
state='directory'
@@ -66,14 +68,14 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
-- name: "Init Jails"
+- name: Init Jails
include_tasks: initjail.yml
with_items: '{{ drupal_settings|default([]) }}'
loop_control:
loop_var: drupal
when: drupal.jail is defined and (jail_available is changed or jailsite_init_force) and (limit_site is not defined or limit_site == 'False' or drupal.id is not defined or limit_site == drupal.id)
-- name: "Ensure tmp Directory"
+- name: Ensure tmp Directory
file:
path='{{ jailroot }}/{{ item.jail.name }}/tmp'
state='directory'
@@ -83,7 +85,7 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
-- name: "Ensure var and log Directory"
+- name: Ensure var and log Directory
file:
path='{{ jailroot }}/{{ item.jail.name }}/var/log'
state='directory'
@@ -93,7 +95,7 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
-- name: "Ensure Apache Log Directory"
+- name: Ensure Apache Log Directory
file:
path='{{ jailroot }}/{{ item.jail.name }}/var/log/apache2'
state='directory'
@@ -103,7 +105,7 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
-- name: "Install logrotate script"
+- name: Install logrotate script
template:
src='etc-logrotate-apache2'
dest='/etc/logrotate.d/apache2-{{ item.jail.name }}'
@@ -112,9 +114,10 @@
mode='644'
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
- tags: 'logrotate'
+ tags:
+ - logrotate
-- name: "Ensure Apache Web Directory"
+- name: Ensure Apache Web Directory
file:
path='{{ jailroot }}/{{ item.jail.name }}/var/www{{ item.webRoot|default("") }}'
state='directory'
@@ -126,12 +129,12 @@
- block:
- - name: "Remove PHP PHP Default Pool"
+ - name: Remove PHP PHP Default Pool
file:
path='/etc/{{ php_base_dir|default("php5") }}/fpm/pool.d/www.conf'
state='absent'
- - name: "Create PHP Pool"
+ - name: Create PHP Pool
template:
src='php_pool.conf'
dest='/etc/{{ php_base_dir|default("php5") }}/fpm/pool.d/{{ item.jail.name }}.conf'
@@ -141,12 +144,12 @@
with_items: '{{ drupal_settings|default([]) }}'
when: item.jail is defined and (limit_site is not defined or limit_site == 'False' or item.id is not defined or limit_site == item.id)
tags:
- - 'ApacheConfig'
+ - ApacheConfig
notify: "Restart PHP-FPM"
when: php_fpm
-- name: "Copy Jail Start Script to user home directory"
+- name: Copy Jail Start Script to user home directory
template:
src='.jail'
dest='/home/{{ username }}/.jail'
@@ -154,29 +157,29 @@
group='root'
mode='755'
with_flattened:
- - '{{ admins }}'
- - '{{ jailusers }}'
+ - {{ admins }}
+ - {{ jailusers }}
loop_control:
loop_var: username
when: username != tunnel_user_name
tags:
- - 'JailUserInit'
- - 'SetPermissions'
- - 'shells'
+ - JailUserInit
+ - SetPermissions
+ - shells
-- name: "Init Users"
+- name: Init Users
include_tasks: initjailusers.yml
with_flattened:
- - '{{ admins }}'
- - '{{ jailusers }}'
+ - {{ admins }}
+ - {{ jailusers }}
loop_control:
loop_var: username
when: username != tunnel_user_name and jailuser_init
tags:
- - 'JailUserInit'
- - 'SetPermissions'
+ - JailUserInit
+ - SetPermissions
-- name: "Update config files"
+- name: Update config files
template:
src='{{ item }}.ini'
dest='/etc/jailkit/{{ item }}.ini'
@@ -184,17 +187,17 @@
group=root
mode='644'
with_items:
- - 'jk_chrootsh'
- - 'jk_uchroot'
- - 'jk_update'
- - 'jk_socketd'
+ - jk_chrootsh
+ - jk_uchroot
+ - jk_update
+ - jk_socketd
-- name: "Update Jails"
+- name: Update Jails
include_tasks: updatejail.yml
with_items: '{{ drupal_settings|default([]) }}'
loop_control:
loop_var: drupal
when: drupal.jail is defined and (limit_site is not defined or limit_site == 'False' or drupal.id is not defined or limit_site == drupal.id)
tags:
- - 'UpdateJails'
- - 'shells'
+ - UpdateJails
+ - shells
diff --git a/tasks/main.yml b/tasks/main.yml
index 9a94522fb1a873752ae8943ba08c1bcfbf99b139..9b23cc6ccba901525eb732e56172403e3bffa9ad 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,14 @@
---
# file: roles/jailkit/tasks/main.yml
-- name: "JailKit Role"
- set_fact: role_jailkit_started=true
- tags: 'always'
+- name: JailKit Role
+ set_fact:
+ role_jailkit_started: yes
+ tags:
+ - always
- block:
- import_tasks: jailkit.yml
- when: '"jailkit" not in excluded_roles and jailkit'
+ when: not excluded_roles or "jailkit" not in excluded_roles and jailkit
diff --git a/tasks/updatejail.yml b/tasks/updatejail.yml
index 455aa971fbfff9579485196d0ca8ed8462831419..f787c426aa21b6896462437190333baedab46356 100644
--- a/tasks/updatejail.yml
+++ b/tasks/updatejail.yml
@@ -3,37 +3,37 @@
- block:
- - name: "JailKit Update Components"
+ - name: JailKit Update Components
shell: jk_init -j {{ jailroot }}/{{ drupal.jail.name }} {{ jailkit_components }}
- - name: "JailKit Update Directories"
+ - name: JailKit Update Directories
shell: jk_update -j {{ jailroot }}/{{ drupal.jail.name }} --skip=/etc/drush/aliases.drushrc.php /bin /dev /etc /home /lib /lib64 /opt /usr
- - name: "Reset Permissions in User Homes"
+ - name: Reset Permissions in User Homes
file:
path: '{{ jailroot }}/{{ drupal.jail.name }}/home/{{ item }}'
- state: 'directory'
+ state: directory
owner: '{{ item }}'
- group: 'root'
+ group: root
recurse: yes
follow: no
with_flattened:
- - '{{ admins }}'
- - '{{ jailusers }}'
+ - {{ admins }}
+ - {{ jailusers }}
- - name: "Set shell for crontabs"
+ - name: Set shell for crontabs
cron:
- name: 'SHELL'
+ name: SHELL
env: yes
- value: '/usr/sbin/jk_chrootsh'
+ value: /usr/sbin/jk_chrootsh
user: '{{ drupal.jail.name }}'
- - name: "Ensure proper symlink for PHP executable in Jail"
+ - name: Ensure proper symlink for PHP executable in Jail
file:
- src: '/usr/bin/php{{ php_version }}'
+ src: /usr/bin/php{{ php_version }}
dest: '{{ jailroot }}/{{ drupal.jail.name }}/etc/alternatives/php'
- state: 'link'
+ state: link
tags:
- - 'UpdateJails'
- - 'shells'
+ - UpdateJails
+ - shells