Skip to content
Snippets Groups Projects
Commit 29ae53a7 authored by Felix Schäfer's avatar Felix Schäfer :construction_worker:
Browse files

Explicit file permissions

parent 7edc46ec
No related branches found
No related tags found
No related merge requests found
Pipeline #62763 passed
...@@ -4,4 +4,7 @@ ...@@ -4,4 +4,7 @@
template: template:
src: certpaths.j2 src: certpaths.j2
dest: "/etc/haproxy/{{ item.name }}.certpaths" dest: "/etc/haproxy/{{ item.name }}.certpaths"
owner: root
group: root
mode: 0644
when: item.ssl is defined and (item.ssl.cert is defined or item.ssl.acme_domains is defined) when: item.ssl is defined and (item.ssl.cert is defined or item.ssl.acme_domains is defined)
...@@ -37,6 +37,9 @@ ...@@ -37,6 +37,9 @@
file: file:
path: "{{ haproxy_config_dir }}/frontends.d" path: "{{ haproxy_config_dir }}/frontends.d"
state: directory state: directory
owner: root
group: root
mode: 0755
- name: "List files for the frontends" - name: "List files for the frontends"
find: find:
...@@ -56,6 +59,9 @@ ...@@ -56,6 +59,9 @@
template: template:
src: "frontend.cfg" src: "frontend.cfg"
dest: "{{ haproxy_config_dir }}/frontends.d/{{ item.name }}.cfg" dest: "{{ haproxy_config_dir }}/frontends.d/{{ item.name }}.cfg"
owner: root
group: root
mode: 0644
loop: "{{ haproxy_frontends }}" loop: "{{ haproxy_frontends }}"
when: haproxy_frontends is defined when: haproxy_frontends is defined
...@@ -65,6 +71,9 @@ ...@@ -65,6 +71,9 @@
file: file:
path: "{{ haproxy_config_dir }}/backends.d" path: "{{ haproxy_config_dir }}/backends.d"
state: directory state: directory
owner: root
group: root
mode: 0755
- name: "List files for the backends" - name: "List files for the backends"
find: find:
...@@ -84,6 +93,9 @@ ...@@ -84,6 +93,9 @@
template: template:
src: "backend.cfg" src: "backend.cfg"
dest: "{{ haproxy_config_dir }}/backends.d/{{ item.name }}.cfg" dest: "{{ haproxy_config_dir }}/backends.d/{{ item.name }}.cfg"
owner: root
group: root
mode: 0644
loop: "{{ haproxy_backends }}" loop: "{{ haproxy_backends }}"
when: haproxy_backends is defined when: haproxy_backends is defined
...@@ -93,6 +105,9 @@ ...@@ -93,6 +105,9 @@
file: file:
path: "{{ haproxy_config_dir }}/listen.d" path: "{{ haproxy_config_dir }}/listen.d"
state: directory state: directory
owner: root
group: root
mode: 0755
- name: "List files the listen sections" - name: "List files the listen sections"
find: find:
...@@ -112,6 +127,9 @@ ...@@ -112,6 +127,9 @@
template: template:
src: "listen.cfg" src: "listen.cfg"
dest: "{{ haproxy_config_dir }}/listen.d/{{ item.name }}.cfg" dest: "{{ haproxy_config_dir }}/listen.d/{{ item.name }}.cfg"
owner: root
group: root
mode: 0644
loop: "{{ haproxy_listen }}" loop: "{{ haproxy_listen }}"
when: haproxy_listen is defined when: haproxy_listen is defined
...@@ -121,6 +139,9 @@ ...@@ -121,6 +139,9 @@
file: file:
path: "{{ haproxy_config_dir }}/userlists.d" path: "{{ haproxy_config_dir }}/userlists.d"
state: directory state: directory
owner: root
group: root
mode: 0755
- name: "List files for the userlists" - name: "List files for the userlists"
find: find:
...@@ -140,13 +161,21 @@ ...@@ -140,13 +161,21 @@
template: template:
src: userlist.cfg src: userlist.cfg
dest: "{{ haproxy_config_dir }}/userlists.d/{{ item.name }}.cfg" dest: "{{ haproxy_config_dir }}/userlists.d/{{ item.name }}.cfg"
owner: root
group: root
mode: 0644
loop: "{{ haproxy_userlists }}" loop: "{{ haproxy_userlists }}"
when: haproxy_userlists is defined when: haproxy_userlists is defined
## ASSEMBLE CONFIG - GLOBAL & DEFAULT ## ASSEMBLE CONFIG - GLOBAL & DEFAULT
- name: 'Create the compiled folder' - name: 'Create the compiled folder'
file: path={{ haproxy_config_dir }}/compiled state=directory file:
path: "{{ haproxy_config_dir }}/compiled"
state: directory
owner: root
group: root
mode: 0755
- name: 'Merge global config' - name: 'Merge global config'
set_fact: set_fact:
...@@ -156,6 +185,9 @@ ...@@ -156,6 +185,9 @@
template: template:
src: "global.cfg" src: "global.cfg"
dest: "{{ haproxy_config_dir }}/compiled/01-global.cfg" dest: "{{ haproxy_config_dir }}/compiled/01-global.cfg"
owner: root
group: root
mode: 0644
- name: 'Merge default config' - name: 'Merge default config'
set_fact: set_fact:
...@@ -165,6 +197,9 @@ ...@@ -165,6 +197,9 @@
template: template:
src: "defaults.cfg" src: "defaults.cfg"
dest: "{{ haproxy_config_dir }}/compiled/02-defaults.cfg" dest: "{{ haproxy_config_dir }}/compiled/02-defaults.cfg"
owner: root
group: root
mode: 0644
when: haproxy_defaults is defined when: haproxy_defaults is defined
## ASSEMBLE FINAL CONFIG ## ASSEMBLE FINAL CONFIG
...@@ -173,25 +208,40 @@ ...@@ -173,25 +208,40 @@
assemble: assemble:
src: "{{ haproxy_config_dir }}/backends.d" src: "{{ haproxy_config_dir }}/backends.d"
dest: "{{ haproxy_config_dir }}/compiled/03-backends.cfg" dest: "{{ haproxy_config_dir }}/compiled/03-backends.cfg"
owner: root
group: root
mode: 0644
- name: 'Assemble the frontends configuration file' - name: 'Assemble the frontends configuration file'
assemble: assemble:
src: "{{ haproxy_config_dir }}/frontends.d" src: "{{ haproxy_config_dir }}/frontends.d"
dest: "{{ haproxy_config_dir }}/compiled/04-frontends.cfg" dest: "{{ haproxy_config_dir }}/compiled/04-frontends.cfg"
owner: root
group: root
mode: 0644
- name: 'Assemble the listen sections configuration file' - name: 'Assemble the listen sections configuration file'
assemble: assemble:
src: "{{ haproxy_config_dir }}/listen.d" src: "{{ haproxy_config_dir }}/listen.d"
dest: "{{ haproxy_config_dir }}/compiled/05-listen.cfg" dest: "{{ haproxy_config_dir }}/compiled/05-listen.cfg"
owner: root
group: root
mode: 0644
- name: 'Assemble the userlists sections configuration file' - name: 'Assemble the userlists sections configuration file'
assemble: assemble:
src: "{{ haproxy_config_dir }}/userlists.d" src: "{{ haproxy_config_dir }}/userlists.d"
dest: "{{ haproxy_config_dir }}/compiled/06-userlists.cfg" dest: "{{ haproxy_config_dir }}/compiled/06-userlists.cfg"
owner: root
group: root
mode: 0644
- name: 'Assemble the final configuration file' - name: 'Assemble the final configuration file'
assemble: assemble:
src: "{{ haproxy_config_dir }}/compiled" src: "{{ haproxy_config_dir }}/compiled"
dest: "{{ haproxy_config_file }}" dest: "{{ haproxy_config_file }}"
owner: root
group: root
mode: 0644
backup: true backup: true
notify: reload haproxy notify: reload haproxy
...@@ -50,12 +50,18 @@ ...@@ -50,12 +50,18 @@
file: file:
name: "{{ haproxy_global.chroot }}" name: "{{ haproxy_global.chroot }}"
state: directory state: directory
owner: root
group: root
mode: 0755
when: haproxy_global.chroot is defined and haproxy_global.chroot when: haproxy_global.chroot is defined and haproxy_global.chroot
- name: Create service override directory - name: Create service override directory
file: file:
path: /etc/systemd/system/haproxy.service.d path: /etc/systemd/system/haproxy.service.d
state: directory state: directory
owner: root
group: root
mode: 0755
- name: Copy service override - name: Copy service override
copy: copy:
...@@ -64,3 +70,6 @@ ...@@ -64,3 +70,6 @@
[Unit] [Unit]
Wants=network-online.target Wants=network-online.target
After=network-online.target After=network-online.target
owner: root
group: root
mode: 0644
...@@ -3,6 +3,9 @@ ...@@ -3,6 +3,9 @@
template: template:
src: tls_temp.cfg src: tls_temp.cfg
dest: /etc/haproxy/haproxy.cfg dest: /etc/haproxy/haproxy.cfg
owner: root
group: root
mode: 0644
- name: Restart haproxy - name: Restart haproxy
systemd: systemd:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment