Hi,
I’m currently writing a playbook to configure a proxy server using Squid and SquidGuard. There’s a little detail I can’t seem to figure out.
I have an existing /var/squidGuard directory where I want to download blacklists from a local university. Here’s what the manual command looks like:
# cd /var/squidGuard
# rsync -arpogvt rsync://ftp.ut-capitole.fr/blacklist .
This results in a new /var/squidGuard/dest directory with lots of files.
When I do this manually I set the owner and group of this directory to the squid system user and group:
# chown -R squid:squid dest/
Now I wonder how I can make this idempotent.
- name: Create download directory
ansible.builtin.file:
path: /var/squidGuard/dest
state: directory
owner: squid
group: squid
mode: 0755
Unfortunately when I do this:
- name: Fetch blacklists (Université de Toulouse)
ansible.posix.synchronize:
src: rsync://ftp.ut-capitole.fr/blacklist
dest: /var/squidGuard
delete: true
… then I get some weird permissions on my downloaded file tree:
# ls -l
total 4
drwxr-xr-x. 76 99 99 4096 Feb 12 22:50 dest
# ls -l dest/ | head -n 5
total 192
lrwxrwxrwx. 1 99 99 9 Feb 12 22:50 ads -> publicite
drwxr-xr-x. 2 99 99 100 Feb 12 04:03 adult
lrwxrwxrwx. 1 99 99 8 Feb 12 22:50 aggressive -> agressif
drwxr-xr-x. 2 99 99 65 Feb 11 09:16 agressif
I know if I wanted to keep squid:squid permissions on my downloaded dest files, then the best way to do that would be to execute the rsync command as the squid system user. Only I don’t know how to translate that into Ansible syntax. I don’t even know if that’s possible.
Any suggestions ?