-
Notifications
You must be signed in to change notification settings - Fork 687
/
main.yml
118 lines (100 loc) · 2.87 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
---
- name: Create temporary directory for Tor configuration check
connection: local
become: no
tempfile:
state: directory
register: torrc_check_dir
- name: Fetch current Tor configuration from app server
become: no
fetch:
src: /etc/tor/torrc
dest: "{{ torrc_check_dir.path }}"
- name: Create directory to hold the Tor configuration from the backup
connection: local
become: no
file:
path: "{{ torrc_check_dir.path }}/backup"
state: directory
- name: Extract Tor configuration from backup
connection: local
become: no
unarchive:
dest: "{{ torrc_check_dir.path }}/backup/"
src: "{{ restore_file }}"
extra_opts:
- "etc/tor/torrc"
- name: Check for Tor configuration differences between the backup and server
connection: local
become: no
command: "python {{ role_path }}/files/compare_torrc.py {{ torrc_check_dir.path }}"
- name: Remove temporary directory for Tor configuration check
connection: local
become: no
file:
path: "{{ torrc_check_dir.path }}"
state: absent
when: torrc_check_dir.path is defined
- name: Copy backup to application server
synchronize:
src: "{{ restore_file }}"
dest: /tmp/{{ restore_file }}
partial: yes
- name: Extract backup
unarchive:
dest: /
remote_src: yes
src: "/tmp/{{ restore_file}}"
when: restore_skip_tor is not defined
- name: Extract backup, skipping tor service configuration
unarchive:
dest: /
remote_src: yes
src: "/tmp/{{ restore_file}}"
exclude: "var/lib/tor,etc/tor/torrc"
when: restore_skip_tor is defined
- name: Reconfigure securedrop-app-code
command: dpkg-reconfigure securedrop-app-code
- name: Reconfigure securedrop-config
command: dpkg-reconfigure securedrop-config
- name: Reload Apache service
service:
name: apache2
state: reloaded
- name: Copy disable_v2.py script for Focal
copy:
src: "{{ role_path }}/files/disable_v2.py"
dest: /opt/disable_v2.py
when: ansible_distribution_release == 'focal'
- name: Execute disable_v2 script on Focal
command: python3 /opt/disable_v2.py /etc/tor/torrc /etc/tor/torrc
when: ansible_distribution_release == 'focal'
- name: Remove v2 tor source directory
file:
state: absent
path: /var/lib/tor/services/source
when: ansible_distribution_release == 'focal'
- name: Remove v2 tor journalist directory
file:
state: absent
path: /var/lib/tor/services/journalist
when: ansible_distribution_release == 'focal'
- name: Remove disable_v2.py script on Focal
file:
state: absent
path: /opt/disable_v2.py
when: ansible_distribution_release == 'focal'
- name: Reload Tor service
service:
name: tor
state: reloaded
async: 60
poll: 0
register: tor_reload_job
- name: Wait for Tor reload
async_status:
jid: "{{ tor_reload_job.ansible_job_id }}"
register: tor_reload
until: tor_reload.finished
retries: 6
delay: 10