cyhy_amis/ansible/roles/cyhy_mailer/tasks/main.yml at 7ca25edf567d4105380f929bdafa3ef25778a8a7 · cisagov/cyhy_amis · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
#
# cyhy-mailer secrets
#
# The cyhy-mailer container does not run as root, so the creds files
# need to be globally readable.  The Compose specification does allow
# one to specify the uid, gid, and mode of the secrets files, but that
# only works in swarm mode.
#
- name: Create the secrets directory for cyhy-mailer
  ansible.builtin.file:
    group: cyhy
    mode: u=rwx,g=rx,o=rx
    owner: cyhy
    path: /var/cyhy/cyhy-mailer/secrets
    state: directory

- name: Create the cyhy-mailer credentials file to allow reading the cyhy database
  ansible.builtin.template:
    dest: /var/cyhy/cyhy-mailer/secrets/database_creds.yml
    group: cyhy
    mode: u=r,g=r,o=r
    owner: cyhy
    src: database_creds.yml.j2

- name: Create the AWS config
  ansible.builtin.template:
    dest: /var/cyhy/cyhy-mailer/secrets/aws_config
    group: cyhy
    mode: u=r,g=r,o=r
    owner: cyhy
    src: aws_config.j2

# The compose command will automatically use docker-compose.yml and
# docker-compose.override.yml, so this is a way for us to tune
# compose's behavior to the particular machine.
#
# In our case we want to send the BOD 18-01 reports on the BOD docker
# instance and the CyHy-related reports on the reporter instance.
- name: Create a symlink for the docker compose override file
  ansible.builtin.file:
    group: cyhy
    mode: u=rw,g=rw,o=r
    owner: cyhy
    path: /var/cyhy/cyhy-mailer/docker-compose.override.yml
    src: /var/cyhy/cyhy-mailer/{{ cyhy_mailer_docker_compose_override_file_for_mailer }}
    state: link

#
# Create a cron job for the sending of reports
#
# - name: Create the cron job
#   block:
#     - name: Add /usr/local/bin to cron's path
#       ansible.builtin.cron:
#         env: true
#         name: PATH
#         user: cyhy
#         value: /usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

#     - name: Create a cron job for sending BOD 18-01 reports
#       ansible.builtin.cron:
#         hour: 12
#         job: cd /var/cyhy/cyhy-mailer && docker compose up --detach 2>&1 | /usr/bin/logger --tag cyhy-mailer
#         minute: 0
#         name: "Sending BOD 18-01 reports"
#         user: cyhy
#         weekday: 1
#   when: production_workspace