update..

2021-07-08 18:56:07 +02:00 · 2021-07-08 18:56:07 +02:00 · ebc9d1303e
commit ebc9d1303e
parent bec58dbf36
6 changed files with 112 additions and 45 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -10,7 +10,19 @@
 [defaults]
-ansible_managed = *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
+ansible_managed = *** [ Ansible managed file: DO NOT EDIT DIRECTLY ] ***
 # Use of 'ansible_managed' 
 # 
 #    + use with filter 'comment' - WITHOUT leading comment sign:
 #
 #         {{ ansible_managed | comment }}
 #
 #
 #    + use without filter 'comment' - WITH leading comment sign:
 #
 #         # {{ ansible_managed }}
 #gathering = smart
 #fact_caching = jsonfile
 #fact_caching_connection = ~/.cache/
--- a/51
+++ b/51
@ -22,9 +22,7 @@ gw-irights.oopen.de
 gw-km.oopen.de
 gw-mbr.oopen.de
 gw-opp.oopen.de
 172.16.62.2
 gw-ro.oopen.de
 172.16.72.1
 gw-spr.oopen.de
 gw-kb.oopen.de
@ -41,7 +39,6 @@ ga-st-gw-ersatz.ga.netz
 ga-st-gw.oopen.de
 ga-al-gw.ga.netz
 ga-nh-gw.ga.netz
 192.168.11.182
 server16.warenform.de
 helden.warenform.de
@ -87,9 +84,6 @@ o13-pad.oopen.de
 o13-schleuder.oopen.de
 o13-web.oopen.de
 o14.oopen.de
 a.mx.oopen.de
 o17.oopen.de
 test.mx.oopen.de
 meet2.oopen.de
@ -162,7 +156,7 @@ e.mx.oopen.de
 etherpad.oopen.de
 web-02.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # O.OPEN - b.mx web-01 ...
 o36.oopen.de
@ -191,9 +185,7 @@ gw-km.oopen.de
 gw-irights.oopen.de
 gw-mbr.oopen.de
 gw-opp.oopen.de
 172.16.62.2
 gw-ro.oopen.de
 172.16.72.1
 gw-km.oopen.de
 gw-spr.oopen.de
@ -213,7 +205,6 @@ ga-st-gw-ersatz.ga.netz
 ga-st-gw.oopen.de
 ga-al-gw.ga.netz
 ga-nh-gw.ga.netz
 192.168.11.182
 # ---
 # - Warenform Server
@ -287,10 +278,6 @@ o13-pad.oopen.de
 o13-schleuder.oopen.de
 o13-web.oopen.de
 # - o14.oopen.de
 o14.oopen.de
 a.mx.oopen.de
 o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
@ -373,7 +360,7 @@ e.mx.oopen.de
 etherpad.oopen.de
 web-02.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # O.OPEN - b.mx web-01 ...
 o36.oopen.de
@ -445,9 +432,6 @@ o13-mail.oopen.de
 o13-mumble.oopen.de
 o13-web.oopen.de
 # o14.oopen.de
 a.mx.oopen.de
 # o17.oopen.de
 test.mariadb.oopen.de
 test.mx.oopen.de
@ -485,7 +469,7 @@ cl-02.oopen.de
 e.mx.oopen.de
 web-02.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36 - b.mx, web-01, web-03,--
 matomo-01.oopen.de
@ -703,9 +687,6 @@ c.mx.oopen.de
 o13-mail.oopen.de
 o13-schleuder.oopen.de
 # o14.oopen.de
 a.mx.oopen.de
 # o17.oopen.de
 test.mx.oopen.de
@ -718,7 +699,7 @@ mail.faire-mobilitaet.de
 # o35.oopen.de
 e.mx.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36 - b.mx, web-01, web-03,--
 web-01.oopen.de
@ -756,16 +737,13 @@ lists.mx.warenform.de
 o13-board.oopen.de
 o13-mail.oopen.de
 # o14.oopen.de
 a.mx.oopen.de
 # o25.oopen.de
 mail.faire-mobilitaet.de
 # o35.oopen.de
 e.mx.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36 - b.mx, web-01, web-03,--
 web-01.oopen.de
@ -959,9 +937,6 @@ c.mx.oopen.de
 # o13.oopen.de
 o13-mail.oopen.de
 # o14.oopen.de
 a.mx.oopen.de
 # o17.oopen.de
 test.mx.oopen.de
@ -977,7 +952,7 @@ mail.faire-mobilitaet.de
 # o35.oopen.de
 d.mx.oopen.de
 e.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36.oopen.de - b.mx, web-01, web-03
 b.mx.oopen.de
@ -1078,7 +1053,6 @@ o34.oopen.de
 o12.oopen.de
 o13.oopen.de
 o14.oopen.de
 o17.oopen.de
 o18.oopen.de
 #o20.oopen.de
@ -1142,9 +1116,6 @@ o13-pad.oopen.de
 o13-schleuder.oopen.de
 o13-web.oopen.de
 # - o14.oopen.de
 a.mx.oopen.de
 # - o17.oopen.de
 test.mx.oopen.de
 test.mariadb.oopen.de
@ -1218,7 +1189,7 @@ etherpad.oopen.de
 web-02.oopen.de
 b.ns.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36 - b.mx, web-01, web-03,--
 b.mx.oopen.de
@ -1321,10 +1292,6 @@ o13-pad.oopen.de
 o13-schleuder.oopen.de
 o13-web.oopen.de
 # - o14.oopen.de
 o14.oopen.de
 a.mx.oopen.de
 # - o17.oopen.de
 o17.oopen.de
 test.mx.oopen.de
@ -1410,7 +1377,7 @@ etherpad.oopen.de
 web-02.oopen.de
 b.ns.oopen.de
 d.mx.oopen.de
-95.217.204.247
+a.mx.oopen.de
 # o36 - b.mx, web-01, web-03,--
 b.mx.oopen.de
@ -1458,7 +1425,6 @@ ga-st-gw-ersatz.ga.netz
 ga-st-gw.oopen.de
 ga-al-gw.ga.netz
 ga-nh-gw.ga.netz
 192.168.11.182
 # - readonly gateways
 gw-123.oopen.de
@ -1504,7 +1470,6 @@ ga-st-gw-ersatz.ga.netz
 ga-st-gw.oopen.de
 ga-al-gw.ga.netz
 ga-nh-gw.ga.netz
 192.168.11.182
 gw-replacement3.local.netz
--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@ -1,4 +1,8 @@
 # *** ---------------------------------------------- ***
 # ***                                                ***
 # {{ ansible_managed }}
 # ***                                                ***
 # *** ---------------------------------------------- ***
 #-----------------------------
 # Daemon
--- a/roles/common/templates/etc/sudoers.j2
+++ b/roles/common/templates/etc/sudoers.j2
@ -1,4 +1,4 @@
-# {{ ansible_managed }}
+{{ ansible_managed | comment }}
 # This file MUST be edited with the 'visudo' command as root.
 #
--- a/roles/modify-ipt-gateway-ro/tasks/main.yml
+++ b/roles/modify-ipt-gateway-ro/tasks/main.yml
@ -804,6 +804,49 @@
    - nc_turn_service_ipv6_present is changed
 # ---
 # Allow  Outbound Streamin / Echo360 Video Streaming
 # ---
 - name: Check if String 'allow_outbound_streaming..' (IPv4) is present
  shell: grep -q -E "^allow_outbound_streaming=" /ro/etc/ipt-firewall/main_ipv4.conf
  register: allow_outbound_streaming_ipv4_present
  when: main_ipv4_exists.stat.exists
  failed_when: "allow_outbound_streaming_ipv4_present.rc > 1"
  changed_when: "allow_outbound_streaming_ipv4_present.rc > 0"
 - name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_outbound_streaming)
  blockinfile:
    path: /ro/etc/ipt-firewall/main_ipv4.conf
    insertafter: '^#?\s*allow_mumble_request_out'
    block: |
      allow_outbound_streaming=true
      allow_echo360_video_streaming=true
    marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)"
  when:
    - main_ipv4_exists.stat.exists
    - allow_outbound_streaming_ipv4_present is changed
 - name: Check if String 'allow_outbound_streaming..' (IPv6) is present
  shell: grep -q -E "^allow_outbound_streaming=" /ro/etc/ipt-firewall/main_ipv6.conf
  register: allow_outbound_streaming_ipv6_present
  when: main_ipv6_exists.stat.exists
  failed_when: "allow_outbound_streaming_ipv6_present.rc > 1"
  changed_when: "allow_outbound_streaming_ipv6_present.rc > 0"
 - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_outbound_streaming)
  blockinfile:
    path: /ro/etc/ipt-firewall/main_ipv6.conf
    insertafter: '^#?\s*allow_mumble_request_out'
    block: |
      allow_outbound_streaming=true
      allow_echo360_video_streaming=true
    marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)"
  when:
    - main_ipv6_exists.stat.exists
    - allow_outbound_streaming_ipv6_present is changed
 # ---
 # Remove Marker set by blockinfile
 # ---
--- a/roles/modify-ipt-gateway/tasks/main.yml
+++ b/roles/modify-ipt-gateway/tasks/main.yml
@ -935,6 +935,49 @@
    - bigbluebutton_service_ipv6_present is changed
 # ---
 # Allow  Outbound Streamin / Echo360 Video Streaming
 # ---
 - name: Check if String 'allow_outbound_streaming..' (IPv4) is present
  shell: grep -q -E "^allow_outbound_streaming=" /etc/ipt-firewall/main_ipv4.conf
  register: allow_outbound_streaming_ipv4_present
  when: main_ipv4_exists.stat.exists
  failed_when: "allow_outbound_streaming_ipv4_present.rc > 1"
  changed_when: "allow_outbound_streaming_ipv4_present.rc > 0"
 - name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_outbound_streaming)
  blockinfile:
    path: /etc/ipt-firewall/main_ipv4.conf
    insertafter: '^#?\s*allow_mumble_request_out'
    block: |
      allow_outbound_streaming=true
      allow_echo360_video_streaming=true
    marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)"
  when:
    - main_ipv4_exists.stat.exists
    - allow_outbound_streaming_ipv4_present is changed
 - name: Check if String 'allow_outbound_streaming..' (IPv6) is present
  shell: grep -q -E "^allow_outbound_streaming=" /etc/ipt-firewall/main_ipv6.conf
  register: allow_outbound_streaming_ipv6_present
  when: main_ipv6_exists.stat.exists
  failed_when: "allow_outbound_streaming_ipv6_present.rc > 1"
  changed_when: "allow_outbound_streaming_ipv6_present.rc > 0"
 - name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_outbound_streaming)
  blockinfile:
    path: /etc/ipt-firewall/main_ipv6.conf
    insertafter: '^#?\s*allow_mumble_request_out'
    block: |
      allow_outbound_streaming=true
      allow_echo360_video_streaming=true
    marker: "# Marker set by modify-ipt-gateway.yml (allow_outbound_streaming)"
  when:
    - main_ipv6_exists.stat.exists
    - allow_outbound_streaming_ipv6_present is changed
 # ---
 # Remove Marker set by blockinfile
 # ---