Merge branch 'debian12' into unstable
gitea/ansible-roles/pipeline/head This commit looks good
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
This commit is contained in:
commit
08db230c29
|
@ -12,11 +12,15 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
|
||||
### Added
|
||||
|
||||
* all: Use proper keyrings directory for APT version
|
||||
* all: Add signed-by option for additional APT sources
|
||||
* all: preliminary work to support Debian 12
|
||||
* evolinux-base: replace regular kernel by cloud kernel on virtual servers
|
||||
* nagios-nrpe: check_haproxy_stats supports DRAIN status
|
||||
* lxc-php: set php-fpm umask to 007
|
||||
* varnish: create special tmp directory for syntax validation
|
||||
* nagios-nrpe: check_ceph_*
|
||||
* nagios-nrpe: check_haproxy_stats supports DRAIN status
|
||||
* packweb-apache: enable log_forensic module
|
||||
* varnish: create special tmp directory for syntax validation
|
||||
|
||||
### Changed
|
||||
|
||||
|
@ -29,6 +33,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
* lxc-solr: download URL according to Solr Version
|
||||
* lxc-solr: set homedir and port at install
|
||||
* minifirewall: whitelist deb.freexian.com
|
||||
* packweb-apache: manual dependencies resolution
|
||||
* redis: some values should be quoted
|
||||
* redis: variable to disable transparent hugepage (default: do nothing)
|
||||
* squid: whitelist deb.freexian.com
|
||||
|
|
|
@ -25,3 +25,5 @@ apt_check_hold_cron_hour: "*/4"
|
|||
apt_check_hold_cron_weekday: "*"
|
||||
apt_check_hold_cron_day: "*"
|
||||
apt_check_hold_cron_month: "*"
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -19,7 +19,7 @@
|
|||
- name: Add Evolix GPG key
|
||||
copy:
|
||||
src: reg.asc
|
||||
dest: /etc/apt/trusted.gpg.d/reg.asc
|
||||
dest: "{{ apt_keyring_dir }}/reg.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://mirror.evolix.org/debian bookworm {{ apt_basics_components | mandatory }}
|
||||
deb http://mirror.evolix.org/debian/ bookworm-updates {{ apt_basics_components | mandatory }}
|
||||
deb http://security.debian.org/debian-security bookworm-security {{ apt_basics_components | mandatory }}
|
|
@ -1,3 +1,7 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
||||
{% if ansible_distribution_release == "bookworm" %}
|
||||
deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye/
|
||||
{% else %}
|
||||
deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
||||
{% endif %}
|
|
@ -28,3 +28,5 @@ docker_tls_ca_key: ca/ca-key.pem
|
|||
docker_tls_cert: server/cert.pem
|
||||
docker_tls_key: server/key.pem
|
||||
docker_tls_csr: server/server.csr
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -19,7 +19,7 @@
|
|||
- name: Add Docker's official GPG key
|
||||
copy:
|
||||
src: docker-debian.asc
|
||||
dest: /etc/apt/trusted.gpg.d/docker-debian.asc
|
||||
dest: "{{ apt_keyring_dir }}/docker-debian.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -27,7 +27,7 @@
|
|||
|
||||
- name: Add Docker repository
|
||||
apt_repository:
|
||||
repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
||||
repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
||||
state: present
|
||||
filename: docker.list
|
||||
|
||||
|
|
|
@ -29,3 +29,5 @@ elasticsearch_plugin_head_clone_dir: "{{ elasticsearch_plugin_head_home }}/www"
|
|||
elasticsearch_plugin_head_tmp_dir: "{{ elasticsearch_plugin_head_home }}/tmp"
|
||||
|
||||
elasticsearch_additional_scripts_dir: /usr/share/scripts
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -29,7 +29,7 @@
|
|||
- name: Elastic GPG key is installed
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
dest: "{{ apt_keyring_dir }}/elastic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
filename: elastic
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
|
@ -21,6 +21,8 @@ evolinux_apt_public_sources: True
|
|||
evolinux_apt_upgrade: True
|
||||
evolinux_apt_remove_aptitude: True
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
||||
|
||||
# etc-evolinux
|
||||
|
||||
evolinux_etcevolinux_include: True
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
- name: HPE GPG key is installed
|
||||
copy:
|
||||
src: hpePublicKey2048_key1.asc
|
||||
dest: /etc/apt/trusted.gpg.d/hpePublicKey2048_key1.asc
|
||||
dest: "{{ apt_keyring_dir }}/hpePublicKey2048_key1.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -91,7 +91,7 @@
|
|||
|
||||
- name: Add HPE repository
|
||||
apt_repository:
|
||||
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
|
||||
repo: 'deb [signed-by={{ apt_keyring_dir }}/hpePublicKey2048_key1.asc] https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
|
||||
state: present
|
||||
tags:
|
||||
- packages
|
||||
|
@ -208,7 +208,7 @@
|
|||
- name: HWRaid GPG key is installed
|
||||
copy:
|
||||
src: hwraid.le-vert.net.asc
|
||||
dest: /etc/apt/trusted.gpg.d/hwraid.le-vert.net.asc
|
||||
dest: "{{ apt_keyring_dir }}/hwraid.le-vert.net.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -219,7 +219,7 @@
|
|||
|
||||
- name: Add HW tool repository
|
||||
apt_repository:
|
||||
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
|
||||
repo: 'deb [signed-by={{ apt_keyring_dir }}/hwraid.le-vert.net.asc] http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
|
||||
state: present
|
||||
tags:
|
||||
- packages
|
||||
|
|
|
@ -22,3 +22,5 @@ filebeat_use_config_template: False
|
|||
filebeat_update_config: True
|
||||
filebeat_force_config: True
|
||||
filebeat_upgrade_package: False
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -29,7 +29,7 @@
|
|||
- name: Elastic GPG key is installed
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
dest: "{{ apt_keyring_dir }}/elastic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
filename: elastic
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
|
@ -10,3 +10,5 @@ fluentd_host_port:
|
|||
|
||||
fluentd_flush_interval:
|
||||
fluentd_heartbeat_type:
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -21,7 +21,7 @@
|
|||
- name: Add Fluentd GPG key
|
||||
copy:
|
||||
src: fluentd.asc
|
||||
dest: /etc/apt/trusted.gpg.d/fluentd.asc
|
||||
dest: "{{ apt_keyring_dir }}/fluentd.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -32,7 +32,7 @@
|
|||
|
||||
- name: Fluentd sources list is available
|
||||
apt_repository:
|
||||
repo: "deb http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/fluentd.asc] http://packages.treasuredata.com/3/debian/{{ ansible_distribution_release }}/ {{ ansible_distribution_release }} contrib"
|
||||
filename: treasuredata
|
||||
update_cache: yes
|
||||
state: present
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -20,7 +20,7 @@
|
|||
- name: Add Jenkins GPG key
|
||||
copy:
|
||||
src: jenkins.asc
|
||||
dest: /etc/apt/trusted.gpg.d/jenkins.asc
|
||||
dest: "{{ apt_keyring_dir }}/jenkins.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -28,7 +28,7 @@
|
|||
|
||||
- name: Add jenkins APT repository
|
||||
apt_repository:
|
||||
repo: deb http://pkg.jenkins-ci.org/debian-stable binary/
|
||||
repo: deb [signed-by={{ apt_keyring_dir }}/jenkins.asc] http://pkg.jenkins-ci.org/debian-stable binary/
|
||||
filename: jenkins
|
||||
update_cache: yes
|
||||
|
||||
|
|
|
@ -9,3 +9,5 @@ kibana_proxy_nginx: False
|
|||
kibana_proxy_domain: "kibana.{{ ansible_fqdn }}"
|
||||
kibana_proxy_ssl_cert: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
||||
kibana_proxy_ssl_key: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -29,7 +29,7 @@
|
|||
- name: Elastic GPG key is installed
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
dest: "{{ apt_keyring_dir }}/elastic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
filename: elastic
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
|
@ -7,4 +7,6 @@ logstash_log_rotate_days: 365
|
|||
logstash_custom_tmpdir: Null
|
||||
logstash_default_tmpdir: /var/lib/logstash/tmp
|
||||
logstash_log_syslog_enabled: True
|
||||
logstash_config_force: True
|
||||
logstash_config_force: True
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -29,7 +29,7 @@
|
|||
- name: Elastic GPG key is installed
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
dest: "{{ apt_keyring_dir }}/elastic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
filename: elastic
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
|
@ -30,4 +30,4 @@ lxc_php_services:
|
|||
php80: 'php8.0-fpm.service'
|
||||
php81: 'php8.1-fpm.service'
|
||||
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -19,13 +19,13 @@
|
|||
create: yes
|
||||
mode: "0644"
|
||||
loop:
|
||||
- "deb https://packages.sury.org/php/ bullseye main"
|
||||
- "deb http://pub.evolix.net/ bullseye-php80/"
|
||||
- "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
|
||||
- "deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye-php80/"
|
||||
|
||||
- name: copy pub.evolix.net GPG key
|
||||
copy:
|
||||
src: reg.asc
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -33,7 +33,7 @@
|
|||
- name: copy packages.sury.org GPG Key
|
||||
copy:
|
||||
src: sury.gpg
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
|
|
@ -19,13 +19,13 @@
|
|||
create: yes
|
||||
mode: "0644"
|
||||
loop:
|
||||
- "deb https://packages.sury.org/php/ bullseye main"
|
||||
- "deb http://pub.evolix.net/ bullseye-php81/"
|
||||
- "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
|
||||
- "deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye-php81/"
|
||||
|
||||
- name: copy pub.evolix.net GPG key
|
||||
copy:
|
||||
src: reg.asc
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/reg.asc
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/reg.asc
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -33,7 +33,7 @@
|
|||
- name: copy packages.sury.org GPG Key
|
||||
copy:
|
||||
src: sury.gpg
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/trusted.gpg.d/sury.gpg
|
||||
dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
|
|
@ -28,3 +28,5 @@ metricbeat_tags: Null
|
|||
# metricbeat_fields:
|
||||
# - "env: staging"
|
||||
metricbeat_fields: Null
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -29,7 +29,7 @@
|
|||
- name: Elastic GPG key is installed
|
||||
copy:
|
||||
src: elastic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/elastic.asc
|
||||
dest: "{{ apt_keyring_dir }}/elastic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -40,7 +40,7 @@
|
|||
|
||||
- name: Elastic sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/elastic.asc] https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||
filename: elastic
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
|
|
@ -7,4 +7,6 @@ mongodb_bind: 127.0.0.1
|
|||
# otherwise it can disable important settings, like authorization :/
|
||||
mongodb_force_config: False
|
||||
|
||||
mongodb_version: 4.4
|
||||
mongodb_version: 4.4
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -21,7 +21,7 @@
|
|||
- name: Add MongoDB GPG key
|
||||
copy:
|
||||
src: "server-{{mongodb_version}}.asc"
|
||||
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc"
|
||||
dest: "{{ apt_keyring_dir }}/mongodb-server-{{mongodb_version}}.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -29,7 +29,7 @@
|
|||
|
||||
- name: enable APT sources list
|
||||
apt_repository:
|
||||
repo: "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{mongodb_version}} main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{mongodb_version}}.asc] http://repo.mongodb.org/apt/debian bullseye/mongodb-org/{{mongodb_version}} main"
|
||||
state: present
|
||||
filename: "mongodb-org-{{mongodb_version}}"
|
||||
update_cache: yes
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
- name: Add MongoDB GPG key
|
||||
copy:
|
||||
src: "server-{{mongodb_version}}.asc"
|
||||
dest: "/etc/apt/trusted.gpg.d/mongodb-server-{{mongodb_version}}.asc"
|
||||
dest: "{{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: enable APT sources list
|
||||
apt_repository:
|
||||
repo: "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/{{mongodb_version}} main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/mongodb-server-{{ mongodb_version }}.asc] http://repo.mongodb.org/apt/debian buster/mongodb-org/{{ mongodb_version }} main"
|
||||
state: present
|
||||
filename: "mongodb-org-{{mongodb_version}}"
|
||||
update_cache: yes
|
||||
|
|
|
@ -4,44 +4,44 @@
|
|||
set_fact:
|
||||
mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
|
||||
|
||||
- include: packages_stretch.yml
|
||||
- include_tasks: packages_stretch.yml
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- include: packages_jessie.yml
|
||||
- include_tasks: packages_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
## There is nothing to do with users on Debian 11 - yet we need a /root/.my.cnf for compatibility
|
||||
- include: users_bullseye.yml
|
||||
when: ansible_distribution_release == "bullseye"
|
||||
## There is nothing to do with users on Debian 11+ - yet we need a /root/.my.cnf for compatibility
|
||||
- include_tasks: users_bullseye.yml
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
|
||||
- include: users_buster.yml
|
||||
- include_tasks: users_buster.yml
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- include: users_stretch.yml
|
||||
- include_tasks: users_stretch.yml
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- include: users_jessie.yml
|
||||
- include_tasks: users_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: config_stretch.yml
|
||||
- include_tasks: config_stretch.yml
|
||||
when: ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- include: config_jessie.yml
|
||||
- include_tasks: config_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: replication.yml
|
||||
- include_tasks: replication.yml
|
||||
when: mysql_replication | bool
|
||||
|
||||
- include: datadir.yml
|
||||
- include_tasks: datadir.yml
|
||||
|
||||
- include: logdir.yml
|
||||
- include_tasks: logdir.yml
|
||||
|
||||
- include: tmpdir.yml
|
||||
- include_tasks: tmpdir.yml
|
||||
|
||||
- include: nrpe.yml
|
||||
- include_tasks: nrpe.yml
|
||||
|
||||
- include: munin.yml
|
||||
- include_tasks: munin.yml
|
||||
|
||||
- include: log2mail.yml
|
||||
- include_tasks: log2mail.yml
|
||||
|
||||
- include: utils.yml
|
||||
- include_tasks: utils.yml
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
# mytop
|
||||
|
||||
- name: "Install mytop (Debian 9)"
|
||||
- name: "Install mytop (Debian 8)"
|
||||
apt:
|
||||
name: mytop
|
||||
state: present
|
||||
|
@ -43,14 +43,23 @@
|
|||
- libterm-readkey-perl
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- name: "Install dependencies for mytop (Debian 11 or later)"
|
||||
- name: "Install dependencies for mytop (Debian 11)"
|
||||
apt:
|
||||
name:
|
||||
- mariadb-client-10.5
|
||||
- libconfig-inifiles-perl
|
||||
- libterm-readkey-perl
|
||||
- libdbd-mariadb-perl
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
when: ansible_distribution_release == "bullseye"
|
||||
|
||||
- name: "Install dependencies for mytop (Debian 12 or later)"
|
||||
apt:
|
||||
name:
|
||||
- mariadb-client-10.6
|
||||
- libconfig-inifiles-perl
|
||||
- libterm-readkey-perl
|
||||
- libdbd-mariadb-perl
|
||||
when: ansible_distribution_major_version is version('12', '=')
|
||||
|
||||
- name: Read debian-sys-maint password (Debian < 11)
|
||||
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
||||
|
|
|
@ -5,3 +5,5 @@ newrelic_php: False
|
|||
|
||||
newrelic_license: ""
|
||||
newrelic_appname: ""
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -15,7 +15,7 @@
|
|||
- name: Add NewRelic GPG key
|
||||
copy:
|
||||
src: newrelic.asc
|
||||
dest: /etc/apt/trusted.gpg.d/newrelic.asc
|
||||
dest: "{{ apt_keyring_dir }}/newrelic.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: Install NewRelic repository
|
||||
apt_repository:
|
||||
repo: "deb http://apt.newrelic.com/debian/ newrelic non-free"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/newrelic.asc] http://apt.newrelic.com/debian/ newrelic non-free"
|
||||
state: present
|
||||
filename: newrelic
|
||||
update_cache: yes
|
||||
|
|
|
@ -4,3 +4,5 @@
|
|||
nodejs_apt_version: 'node_16.x'
|
||||
|
||||
nodejs_install_yarn: False
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -32,7 +32,7 @@
|
|||
- name: NodeJS GPG key is installed
|
||||
copy:
|
||||
src: nodesource.asc
|
||||
dest: /etc/apt/trusted.gpg.d/nodesource.asc
|
||||
dest: "{{ apt_keyring_dir }}/nodesource.asc"
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -43,7 +43,7 @@
|
|||
|
||||
- name: NodeJS sources list ({{ nodejs_apt_version }}) is available
|
||||
apt_repository:
|
||||
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/nodesource.asc] https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
|
||||
filename: nodesource
|
||||
update_cache: yes
|
||||
state: present
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
- name: Yarn GPG key is installed
|
||||
copy:
|
||||
src: yarn.asc
|
||||
dest: /etc/apt/trusted.gpg.d/yarn.asc
|
||||
dest: "{{ apt_keyring_dir }}/yarn.asc"
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -37,7 +37,7 @@
|
|||
|
||||
- name: Yarn sources list is available
|
||||
apt_repository:
|
||||
repo: "deb https://dl.yarnpkg.com/debian/ stable main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/yarn.asc] https://dl.yarnpkg.com/debian/ stable main"
|
||||
filename: yarn
|
||||
update_cache: yes
|
||||
state: present
|
||||
|
|
|
@ -26,18 +26,5 @@ galaxy_info:
|
|||
|
||||
allow_duplicates: true
|
||||
|
||||
dependencies:
|
||||
- { role: evolix/apache }
|
||||
- { role: evolix/php, php_apache_enable: True, when: packweb_apache_modphp }
|
||||
- { role: evolix/php, php_fpm_enable: True, when: packweb_apache_fpm }
|
||||
- { role: evolix/squid, squid_localproxy_enable: True }
|
||||
- { role: evolix/mysql, when: packweb_mysql_variant == "debian" }
|
||||
- { role: evolix/mysql-oracle, when: packweb_mysql_variant == "oracle" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php56, lxc_php_create_mysql_link: True, when: "'php56' in packweb_multiphp_versions" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php70, lxc_php_create_mysql_link: True, when: "'php70' in packweb_multiphp_versions" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php73, lxc_php_create_mysql_link: True, when: "'php73' in packweb_multiphp_versions" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php74, lxc_php_create_mysql_link: True, when: "'php74' in packweb_multiphp_versions" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php80, lxc_php_create_mysql_link: True, when: "'php80' in packweb_multiphp_versions" }
|
||||
- { role: evolix/lxc-php, lxc_php_version: php81, lxc_php_create_mysql_link: True, when: "'php81' in packweb_multiphp_versions" }
|
||||
- { role: evolix/webapps/evoadmin-web, evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}", evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}" }
|
||||
- { role: evolix/evoacme }
|
||||
dependencies: []
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
- include
|
||||
- negotiation
|
||||
- alias
|
||||
- log_forensic
|
||||
|
||||
- name: Copy Apache settings for modules
|
||||
copy:
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
|
||||
- import_role:
|
||||
name: evolix/apache
|
||||
|
||||
- import_role:
|
||||
name: evolix/php
|
||||
vars:
|
||||
php_apache_enable: True
|
||||
when: packweb_apache_modphp
|
||||
|
||||
- import_role:
|
||||
name: evolix/php
|
||||
vars:
|
||||
php_fpm_enable: True
|
||||
when: packweb_apache_fpm
|
||||
|
||||
- import_role:
|
||||
name: evolix/squid
|
||||
vars:
|
||||
squid_localproxy_enable: True
|
||||
|
||||
- import_role:
|
||||
name: evolix/mysql
|
||||
when: packweb_mysql_variant == "debian"
|
||||
|
||||
- import_role:
|
||||
name: evolix/mysql-oracle
|
||||
when: packweb_mysql_variant == "oracle"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php56
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php56' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php70
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php70' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php73
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php73' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php74
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php74' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php80
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php80' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/lxc-php
|
||||
vars:
|
||||
lxc_php_version: php81
|
||||
lxc_php_create_mysql_link: True
|
||||
when: "'php81' in packweb_multiphp_versions"
|
||||
|
||||
- import_role:
|
||||
name: evolix/webapps/evoadmin-web
|
||||
vars:
|
||||
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
|
||||
evoadmin_multiphp_versions: "{{ packweb_multiphp_versions }}"
|
||||
|
||||
- import_role:
|
||||
name: evolix/evoacme
|
|
@ -1,5 +1,8 @@
|
|||
---
|
||||
|
||||
- name: Dependencies are satisfied
|
||||
include_tasks: dependencies.yml
|
||||
|
||||
- fail:
|
||||
msg: only compatible with Debian >= 8
|
||||
when:
|
||||
|
|
|
@ -2,3 +2,5 @@
|
|||
|
||||
percona__install_xtrabackup: True
|
||||
percona__xtrabackup_package_name: percona-xtrabackup-24
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -18,7 +18,7 @@
|
|||
- name: Add Percona GPG key
|
||||
copy:
|
||||
src: percona.asc
|
||||
dest: /etc/apt/trusted.gpg.d/percona.asc
|
||||
dest: "{{ apt_keyring_dir }}/percona.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
|
|
@ -8,3 +8,5 @@ php_symfony_requirements: False
|
|||
php_modules_mysqlnd: False
|
||||
|
||||
php_fpm_remove_default_pool: False
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -19,3 +19,8 @@
|
|||
service:
|
||||
name: php7.4-fpm
|
||||
state: restarted
|
||||
|
||||
- name: restart php8.1-fpm
|
||||
service:
|
||||
name: php8.1-fpm
|
||||
state: restarted
|
||||
|
|
|
@ -4,17 +4,20 @@
|
|||
that:
|
||||
- ansible_distribution == "Debian"
|
||||
- ansible_distribution_major_version is version('8', '>=')
|
||||
- ansible_distribution_major_version is version('11', '<=')
|
||||
msg: This is only compatible with Debian 8 → 11
|
||||
- ansible_distribution_major_version is version('12', '<=')
|
||||
msg: This is only compatible with Debian 8 → 12
|
||||
|
||||
- include: main_jessie.yml
|
||||
- include_tasks: main_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: main_stretch.yml
|
||||
- include_tasks: main_stretch.yml
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- include: main_buster.yml
|
||||
- include_tasks: main_buster.yml
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- include: main_bullseye.yml
|
||||
- include_tasks: main_bullseye.yml
|
||||
when: ansible_distribution_release == "bullseye"
|
||||
|
||||
- include_tasks: main_bookworm.yml
|
||||
when: ansible_distribution_release == "bookworm"
|
||||
|
|
|
@ -0,0 +1,108 @@
|
|||
---
|
||||
|
||||
- name: "Set php version to 8.1 (Debian 12)"
|
||||
set_fact:
|
||||
php_version: "8.1"
|
||||
|
||||
- name: "Set php config directories (Debian 12)"
|
||||
set_fact:
|
||||
php_cli_conf_dir: "/etc/php/{{ php_version }}/cli/conf.d"
|
||||
php_apache_conf_dir: "/etc/php/{{ php_version }}/apache2/conf.d"
|
||||
php_fpm_conf_dir: "/etc/php/{{ php_version }}/fpm/conf.d"
|
||||
php_fpm_pool_dir: "/etc/php/{{ php_version }}/fpm/pool.d"
|
||||
|
||||
- name: "Set php config files (Debian 12)"
|
||||
set_fact:
|
||||
php_cli_defaults_ini_file: "{{ php_cli_conf_dir }}/z-evolinux-defaults.ini"
|
||||
php_cli_custom_ini_file: "{{ php_cli_conf_dir }}/zzz-evolinux-custom.ini"
|
||||
php_apache_defaults_ini_file: "{{ php_apache_conf_dir }}/z-evolinux-defaults.ini"
|
||||
php_apache_custom_ini_file: "{{ php_apache_conf_dir }}/zzz-evolinux-custom.ini"
|
||||
php_fpm_defaults_ini_file: "{{ php_fpm_conf_dir }}/z-evolinux-defaults.ini"
|
||||
php_fpm_custom_ini_file: "{{ php_fpm_conf_dir }}/zzz-evolinux-custom.ini"
|
||||
php_fpm_debian_default_pool_file: "{{ php_fpm_pool_dir}}/www.conf"
|
||||
php_fpm_default_pool_file: "{{ php_fpm_pool_dir}}/www-evolinux-defaults.conf"
|
||||
php_fpm_default_pool_custom_file: "{{ php_fpm_pool_dir}}/www-evolinux-zcustom.conf"
|
||||
php_fpm_default_pool_socket: "/var/run/php/php{{ php_version }}-fpm.sock"
|
||||
php_fpm_service_name: "php{{ php_version }}-fpm"
|
||||
|
||||
# Packages
|
||||
|
||||
- name: "Set package list (Debian 12)"
|
||||
set_fact:
|
||||
php_stretch_packages:
|
||||
- php-cli
|
||||
- php-gd
|
||||
- php-intl
|
||||
- php-imap
|
||||
- php-ldap
|
||||
- php-mysql
|
||||
# php-mcrypt is no longer packaged for PHP 7.2
|
||||
- php-pgsql
|
||||
- php-sqlite3
|
||||
- php-curl
|
||||
- php-ssh2
|
||||
- php-xml
|
||||
- php-zip
|
||||
- composer
|
||||
- libphp-phpmailer
|
||||
|
||||
- include: sury_pre.yml
|
||||
when: php_sury_enable
|
||||
|
||||
- name: "Install PHP packages (Debian 12)"
|
||||
apt:
|
||||
name: '{{ php_stretch_packages }}'
|
||||
state: present
|
||||
|
||||
- name: "Install mod_php packages (Debian 12)"
|
||||
apt:
|
||||
name:
|
||||
- libapache2-mod-php
|
||||
- php
|
||||
state: present
|
||||
when: php_apache_enable
|
||||
|
||||
- name: "Install PHP FPM packages (Debian 12)"
|
||||
apt:
|
||||
name:
|
||||
- php-fpm
|
||||
- php
|
||||
state: present
|
||||
when: php_fpm_enable
|
||||
|
||||
# Configuration
|
||||
|
||||
- name: "Enforce permissions on PHP directory (Debian 12)"
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/{{ php_version }}
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: "Enforce permissions on PHP cli directory (Debian 12)"
|
||||
file:
|
||||
dest: /etc/php/{{ php_version }}/cli
|
||||
mode: "0755"
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
||||
- name: "Enforce permissions on PHP fpm directory (Debian 12)"
|
||||
file:
|
||||
dest: /etc/php/{{ php_version }}/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
||||
- name: "Enforce permissions on PHP apache2 directory (Debian 12)"
|
||||
file:
|
||||
dest: /etc/php/{{ php_version }}/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
|
@ -3,7 +3,7 @@
|
|||
- name: Setup deb.sury.org repository - Add GPG key
|
||||
copy:
|
||||
src: sury.gpg
|
||||
dest: /etc/apt/trusted.gpg.d/sury.gpg
|
||||
dest: "{{ apt_keyring_dir }}/sury.gpg"
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -20,7 +20,7 @@
|
|||
|
||||
- name: Setup deb.sury.org repository - Add source list
|
||||
apt_repository:
|
||||
repo: "deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ {{ ansible_distribution_release }} main"
|
||||
filename: sury
|
||||
state: present
|
||||
|
||||
|
|
|
@ -20,3 +20,5 @@ locales_default: fr_FR.UTF-8
|
|||
|
||||
# PostGIS
|
||||
postgresql_install_postgis: False
|
||||
|
||||
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
|
||||
- name: "Set variables (Debian 12)"
|
||||
set_fact:
|
||||
postgresql_version: '15'
|
||||
when: postgresql_version is none or postgresql_version | length == 0
|
||||
|
||||
- include: pgdg-repo.yml
|
||||
when: postgresql_version != '15'
|
||||
|
||||
- name: Install postgresql package
|
||||
apt:
|
||||
name:
|
||||
- "postgresql-{{postgresql_version}}"
|
||||
- pgtop
|
||||
- libdbd-pg-perl
|
|
@ -23,7 +23,7 @@
|
|||
- name: Add PGDG GPG key
|
||||
copy:
|
||||
src: postgresql.asc
|
||||
dest: /etc/apt/trusted.gpg.d/postgresql.asc
|
||||
dest: "{{ apt_keyring_dir }}/postgresql.asc"
|
||||
force: yes
|
||||
mode: "0644"
|
||||
owner: root
|
||||
|
@ -31,7 +31,7 @@
|
|||
|
||||
- name: Add PGDG repository
|
||||
apt_repository:
|
||||
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
||||
repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
||||
update_cache: yes
|
||||
|
||||
- name: Add APT preference file
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
group: root
|
||||
mode: "0755"
|
||||
force: yes
|
||||
when: ansible_distribution_major_version is version('11', '==')
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
|
||||
- name: check_rabbitmq is available for NRPE
|
||||
lineinfile:
|
||||
|
|
|
@ -17,6 +17,14 @@
|
|||
- 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.12.9-2_all.deb'
|
||||
when: ansible_distribution_major_version is version('10', '=')
|
||||
|
||||
- name: Install PHP packages from sid (Debian 12)
|
||||
apt:
|
||||
deb: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- 'http://mirror.evolix.org/debian/pool/main/p/php-log/php-log_1.13.2-1_all.deb'
|
||||
when: ansible_distribution_major_version is version('12', '=')
|
||||
|
||||
- name: Install PHP packages
|
||||
apt:
|
||||
name:
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version is version('9', '=')
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 10)"
|
||||
ini_file:
|
||||
|
@ -25,7 +25,7 @@
|
|||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version is version('10', '=')
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 11)"
|
||||
ini_file:
|
||||
|
@ -34,7 +34,16 @@
|
|||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_major_version is version('11', '=')
|
||||
when: ansible_distribution_release == "bullseye"
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 11)"
|
||||
ini_file:
|
||||
dest: /etc/php/8.1/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache2
|
||||
when: ansible_distribution_release == "bookworm"
|
||||
|
||||
- name: Install evoadmin VHost
|
||||
template:
|
||||
|
|
Loading…
Reference in New Issue