setting systemd service with immutable directories

2017-04-16 19:50:25 -04:00 · 2017-04-16 19:50:25 -04:00 · 2868763fba
commit 2868763fba
parent e3065a3752
2 changed files with 69 additions and 5 deletions
--- a/tasks/fprobe.yml
+++ b/tasks/fprobe.yml
@ -30,12 +30,46 @@
 #      command: "fprobe-ulog -c /var/tmp {{ fprobe_flow_collector }}"
 #  when: ansible_os_family == 'RedHat' and ps is defined and ps.stdout is defined and ps.stdout.find(" fprobe-ulog ") == -1

- name: add init.d script
-  template: src=init.d-fprobe.j2 dest=/etc/rc.d/init.d/fprobe-ulog mode=0755
-  when: ansible_os_family == 'RedHat' and ansible_service_mgr != 'systemd'
- name: add systemd script
-  template: "src=systemd-fprobe-ulog.service.j2 dest=/lib/systemd/system/{{ fprobe_svc }}.service mode=0644"
+- block:
+    - name: install fprobe systemd configuration
+      template:
+        src: "systemd-fprobe-ulog.service.j2"
+        dest: "/lib/systemd/system/{{ fprobe_svc }}.service"
+        mode: '0644'
+        backup: yes
+      register: systemdconf
+      ignore_errors: true
+    - block:
+        - include: "immutable.yml target_dir=/lib/systemd/system state=pre"
+        - name: install fprobe systemd configuration
+          template:
+            src: "systemd-fprobe-ulog.service.j2"
+            dest: "/lib/systemd/system/{{ fprobe_svc }}.service"
+            mode: '0644'
+            backup: yes
+        - include: "immutable.yml target_dir=/lib/systemd/system state=post"
+      when: systemdconf|failed
  when: ansible_service_mgr == 'systemd'
+- block:
+    - name: add fprobe init.d script
+      template:
+        src: init.d-fprobe.j2
+        dest: /etc/rc.d/init.d/fprobe-ulog
+        mode: '0755'
+        backup: yes
+      register: initdconf
+      ignore_errors: true
+    - block:
+        - include: "immutable.yml target_dir=/etc/rc.d/init.d state=pre"
+        - name: install fprobe systemd configuration
+          template:
+            src: init.d-fprobe.j2
+            dest: /etc/rc.d/init.d/fprobe-ulog
+            mode: '0755'
+            backup: yes
+        - include: "immutable.yml target_dir=/etc/rc.d/init.d state=post"
+      when: initdconf|failed
+  when: ansible_os_family == 'RedHat' and ansible_service_mgr != 'systemd'

 - name: ensure service is enabled and started
  service: name={{ fprobe_svc }} state=started enabled=yes
--- a/tasks/immutable.yml
+++ b/tasks/immutable.yml
@ -0,0 +1,30 @@
+---
+## manage install when some directories are immutable
+## requires target_dir, state=pre/post
+
+- block:
+## Ansible 2.3+ for get_attributes
+    - name: check target_dir {{ target_dir }} attributes
+#     stat:
+#       path: "{{ target_dir }}"
+#       get_attributes: yes
+      command: "lsattr -d '{{ target_dir }}'"
+      register: dir
+      changed_when: false
+      ignore_errors: true
+
+    - name: Remove immutable attribute
+      command: "chattr -i '{{ target_dir }}'"
+      ignore_errors: true
+      when: dir.stdout.find('-i-') != -1
+  when: state == 'pre'
+
+- name: Reestablish immutable attribute
+  command: "chattr +i '{{ target_dir }}'"
+#  file:
+#    dest: "{{ target_dir }}"
+#    attributes: '----i-----I--e--'
+  when: state == 'post'
+  ignore_errors: true
+
+