5 files changed, 19 insertions, 0 deletions

diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml
index 9b553b0..030709b 100644
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -17,20 +17,25 @@
 - name: Configure APT (1)
   template: src=etc/apt/{{ item }}.j2
             dest=/etc/apt/{{ item }}
             owner=root group=root
             mode=0644
   with_items:
     - sources.list
     - preferences
   notify:
     - apt-get update
 
 - name: Configure APT (2)
   copy: src=etc/apt/{{ item }}
         dest=/etc/apt/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
     - listchanges.conf
     - apt.conf.d/10periodic
     - apt.conf.d/50unattended-upgrades
+
+- name: Start cron
+  service: name=cron state=started
+  tags:
+    - cron
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index 64283df..ccfeaa6 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -1,10 +1,13 @@
 - name: Install fail2ban
   apt: pkg=fail2ban
 
 - name: Configure fail2ban
   template: src=etc/fail2ban/jail.local.j2
             dest=/etc/fail2ban/jail.local
             owner=root group=root
             mode=0644
   notify:
     - Restart fail2ban
+
+- name: Start fail2ban
+  service: name=fail2ban state=started
diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml
index 4c0a946..2196728 100644
--- a/roles/common/tasks/ipsec.yml
+++ b/roles/common/tasks/ipsec.yml
@@ -21,35 +21,38 @@
         mode=0644
   notify:
     - Missing IPSec certificate
 
 - name: Configure IPSec's secrets
   template: src=etc/ipsec.secrets.j2
             dest=/etc/ipsec.secrets
             owner=root group=root
             mode=0600
   notify:
     - Restart IPSec
 
 - name: Configure IPSec
   template: src=etc/ipsec.conf.j2
             dest=/etc/ipsec.conf
             owner=root group=root
             mode=0644
   notify:
     - Restart IPSec
 
+- name: Start IPSec
+  service: name=ipsec state=started
+
 - name: Auto-create a dedicated interface for IPSec
   copy: src=etc/network/if-up.d/ipsec
         dest=/etc/network/if-up.d/ipsec
         owner=root group=root
         mode=0755
   notify:
     - Reload networking
 
 # XXX: As of 1.3.1 ansible doesn't accept relative src.
 # See https://github.com/ansible/ansible/issues/4459
 - name: Auto-deactivate the dedicated interface for IPSec
   file: #src=../if-up.d/ipsec
         src=/etc/network/if-up.d/ipsec
         dest=/etc/network/if-down.d/ipsec
         owner=root group=root state=link
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index d305e29..312c31e 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -1,29 +1,34 @@
 - name: Install logging server & utilities
   apt: pkg={{ item }}
   with_items:
     - rsyslog
     - syslog-summary
     - logcheck
     - logcheck-database
     - logrotate
 
+- name: Start rsyslog
+  service: name=rsyslog state=started
+  tags:
+    - syslog
+
 - name: Configure logcheck
   copy: src=etc/logcheck/{{ item }}
         dest=/etc/logcheck/{{ item }}
         owner=root group=logcheck
         mode=0640
   with_items:
     - logcheck.conf
     - ignore.d.server/common.local
 
 - name: Minimal logging policy (1)
   lineinfile: dest=/etc/logrotate.d/rsyslog
               regexp="^/var/log/mail.(log|info)$"
               state=absent
 
 - name: Minimal logging policy (2)
   copy: src=etc/logrotate.d/fripost-mail
         dest=/etc/logrotate.d/fripost-mail
         owner=root group=root
         mode=0644
 
diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml
index 73a2ace..90ea754 100644
--- a/roles/common/tasks/samhain.yml
+++ b/roles/common/tasks/samhain.yml
@@ -1,17 +1,20 @@
 - name: Install samhain
   apt: pkg=samhain
   # XXX: Doesn't work out of the box, see #660197.
   # If this is the first installation, you may want to start with a fresh database
   #   sudo service samhain stop
   #   sudo rm /var/state/samhain/samhain_file
   #   sudo samhain -t init -p warn
   #   sudo service samhain start
   #   sudo samhain -t update -l none
 
 - name: Configure samhain
   copy: src=etc/samhain/samhainrc
         dest=/etc/samhain/samhainrc
         owner=root group=root
         mode=0644
   notify:
     - Reload samhain
+
+- name: Start samhain
+  service: name=samhain state=started