From af896fe1fcc25010ffa95ad03d817bf96a73239b Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 18 Jan 2019 15:32:45 +0100 Subject: [PATCH 1/8] * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config - Ensure the client won't respond to anybody but accept the timeserver answers - Should work on both Jessie and Stretch --- CHANGELOG.md | 1 + ntpd/defaults/main.yml | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4eb149f4..99ffac3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. ### Changed ### Fixed +* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config ### Security diff --git a/ntpd/defaults/main.yml b/ntpd/defaults/main.yml index 221a829c..88253844 100644 --- a/ntpd/defaults/main.yml +++ b/ntpd/defaults/main.yml @@ -2,7 +2,9 @@ ntpd_servers: - 'ntp.evolix.net iburst' ntpd_acls: -- '-4 default kod notrap nomodify nopeer noquery' -- '-6 default kod notrap nomodify nopeer noquery' +- '-4 default ignore' +- '-6 default ignore' +- 'source nomodify noquery notrap' # Debian 9 and later +- 'ntp.evolix.net nomodify noquery notrap' # Debian 8 - '127.0.0.1' - '::1' From 2c874afb3ccec884105718b4946bee8791fb6622 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Thu, 24 Jan 2019 11:47:03 +0100 Subject: [PATCH 2/8] proftpd: add FTPS and SFTP support --- CHANGELOG.md | 1 + proftpd/defaults/main.yml | 9 ++++++++- proftpd/tasks/accounts.yml | 27 ++++++++++++++++++++++++++- proftpd/tasks/main.yml | 25 ++++++++++++++++++++++++- proftpd/templates/ftps.conf.j2 | 33 +++++++++++++++++++++++++++++++++ proftpd/templates/sftp.conf.j2 | 28 ++++++++++++++++++++++++++++ 6 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 proftpd/templates/ftps.conf.j2 create mode 100644 proftpd/templates/sftp.conf.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 99ffac3f..9b05512b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ The **patch** part changes incrementally at each release. * redis: add a variable for renamed/disabled commands * redis: add a variable to disable the restart handler * redis: add a variable to force a restart (even with no change) +* proftpd: add FTPS and SFTP support ### Changed * redis: distinction between main and master password diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml index 8bba4c29..f955cd39 100644 --- a/proftpd/defaults/main.yml +++ b/proftpd/defaults/main.yml @@ -2,6 +2,13 @@ proftpd_hostname: "{{ ansible_hostname }}" proftpd_fqdn: "{{ ansible_fqdn }}" proftpd_default_address: [] -proftpd_port: "21" +proftpd_ftp_enable: True +proftpd_port: 21 +proftpd_ftps_enable: False +proftpd_ftps_port: 990 +proftpd_ftps_cert: "/etc/ssl/certs/ssl-cert-snakeoil.pem" +proftpd_ftps_key: "/etc/ssl/private/ssl-cert-snakeoil.key" +proftpd_sftp_enable: False +proftpd_sftp_port: 2222 proftpd_accounts: [] proftpd_accounts_final: [] diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml index b1563eaf..95098df2 100644 --- a/proftpd/tasks/accounts.yml +++ b/proftpd/tasks/accounts.yml @@ -25,7 +25,7 @@ tags: - proftpd -- name: Allow FTP account +- name: Allow FTP account (FTP) lineinfile: dest: /etc/proftpd/conf.d/z-evolinux.conf state: present @@ -33,5 +33,30 @@ insertbefore: "DenyAll" with_items: "{{ proftpd_accounts_final }}" notify: restart proftpd + when: proftpd_ftp_enable + tags: + - proftpd + +- name: Allow FTP account (FTPS) + lineinfile: + dest: /etc/proftpd/conf.d/ftps.conf + state: present + line: "\tAllowUser {{ item.name }}" + insertbefore: "DenyAll" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + when: proftpd_ftps_enable + tags: + - proftpd + +- name: Allow FTP account (SFTP) + lineinfile: + dest: /etc/proftpd/conf.d/sftp.conf + state: present + line: "\tAllowUser {{ item.name }}" + insertbefore: "DenyAll" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + when: proftpd_sftp_enable tags: - proftpd diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index 5fe33dbb..71b95e9b 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -15,13 +15,36 @@ tags: - proftpd -- name: local jail is installed +- name: FTP jail is installed template: src: evolinux.conf.j2 dest: /etc/proftpd/conf.d/z-evolinux.conf mode: "0644" force: no notify: restart proftpd + when: proftpd_ftp_enable + tags: + - proftpd + +- name: FTPS jail is installed + template: + src: ftps.conf.j2 + dest: /etc/proftpd/conf.d/ftps.conf + mode: "0644" + force: no + notify: restart proftpd + when: proftpd_ftps_enable + tags: + - proftpd + +- name: SFTP jail is installed + template: + src: sftp.conf.j2 + dest: /etc/proftpd/conf.d/sftp.conf + mode: "0644" + force: no + notify: restart proftpd + when: proftpd_sftp_enable tags: - proftpd diff --git a/proftpd/templates/ftps.conf.j2 b/proftpd/templates/ftps.conf.j2 new file mode 100644 index 00000000..ceec0631 --- /dev/null +++ b/proftpd/templates/ftps.conf.j2 @@ -0,0 +1,33 @@ + + LoadModule mod_tls.c + + + + TLSEngine on + TLSLog /var/log/proftpd/ftps.log + TLSProtocol TLSv1 + + TLSRSACertificateFile {{ proftpd_ftps_cert }} + TLSRSACertificateKeyFile {{ proftpd_ftps_key }} + + #TLSOptions AllowClientRenegotiations + + TLSOptions AllowPerUser + TLSVerifyClient off + TLSRequired off + + TLSRenegotiate required off + TLSOptions NoSessionReuseRequired + + RequireValidShell off + Port {{ proftpd_ftps_port }} + AuthUserFile /etc/proftpd/vpasswd + DefaultRoot ~ + + PassivePorts 60000 61000 + + + AllowGroup ftpusers + DenyAll + + diff --git a/proftpd/templates/sftp.conf.j2 b/proftpd/templates/sftp.conf.j2 new file mode 100644 index 00000000..5f12ca9c --- /dev/null +++ b/proftpd/templates/sftp.conf.j2 @@ -0,0 +1,28 @@ + + LoadModule mod_tls.c + + + + LoadModule mod_sftp.c + + + + SFTPEngine on + Port {{ proftpd_sftp_port }} + DefaultRoot ~ + + SFTPLog /var/log/proftpd/sftp.log + + SFTPAuthMethods password + SFTPHostKey /etc/ssh/ssh_host_ecdsa_key + SFTPHostKey /etc/ssh/ssh_host_rsa_key + + RequireValidShell off + + AuthUserFile /etc/proftpd/vpasswd + + + AllowGroup ftpusers + DenyAll + + From fabac07210e987225ae54c31f566ec6a50516500 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Mon, 28 Jan 2019 14:26:13 +0100 Subject: [PATCH 3/8] redis: add variable for configure unixsocketperm --- CHANGELOG.md | 1 + redis/defaults/main.yml | 1 + redis/templates/redis.conf.j2 | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b05512b..dc8d7877 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ The **patch** part changes incrementally at each release. ## [Unreleased] ### Added +* redis: add variable for configure unixsocketperm ### Changed diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml index a64fb832..cb8d451d 100644 --- a/redis/defaults/main.yml +++ b/redis/defaults/main.yml @@ -5,6 +5,7 @@ redis_conf_path: /etc/redis/redis.conf redis_port: 6379 redis_bind_interface: 127.0.0.1 redis_unixsocket: '/var/run/redis/redis.sock' +redis_unixsocketperm: 770 redis_pidfile: "/var/run/redis/{{ redis_daemon }}.pid" redis_timeout: 300 diff --git a/redis/templates/redis.conf.j2 b/redis/templates/redis.conf.j2 index 4dcdba86..f2f17c70 100644 --- a/redis/templates/redis.conf.j2 +++ b/redis/templates/redis.conf.j2 @@ -5,6 +5,7 @@ bind {{ redis_bind_interface }} {% if redis_unixsocket %} unixsocket {{ redis_unixsocket }} +unixsocketperm {{ redis_unixsocketperm }} {% endif %} {% if redis_password %} From 0794e6f620398b91a8368bec6e961285461f5d0e Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Mon, 28 Jan 2019 14:29:01 +0100 Subject: [PATCH 4/8] redmine: refactoring of redmine role with use of rbenv --- CHANGELOG.md | 1 + redmine/defaults/main.yml | 1 + redmine/files/Gemfile.local | 2 - redmine/files/logrotate | 8 + redmine/files/profile | 3 +- redmine/files/puma.service | 2 +- redmine/files/syslog.conf | 4 + redmine/handlers/main.yml | 10 + redmine/meta/main.yml | 3 + redmine/tasks/config.yml | 59 ++++ redmine/tasks/main.yml | 330 +----------------- redmine/tasks/mysql.yml | 62 ++++ redmine/tasks/nginx.yml | 26 ++ redmine/tasks/packages.yml | 21 ++ redmine/tasks/plugins.yml | 28 -- redmine/tasks/release.yml | 123 +++++++ redmine/tasks/source.yml | 98 ++++++ redmine/tasks/syslog.yml | 27 ++ redmine/tasks/themes.yml | 26 -- redmine/tasks/user.yml | 44 +++ redmine/templates/Gemfile.local.j2 | 5 + .../templates/additional_environment.rb.j2 | 15 +- redmine/templates/nginx.conf.j2 | 44 +++ 23 files changed, 563 insertions(+), 379 deletions(-) delete mode 100644 redmine/files/Gemfile.local create mode 100644 redmine/files/logrotate create mode 100644 redmine/files/syslog.conf create mode 100644 redmine/handlers/main.yml create mode 100644 redmine/meta/main.yml create mode 100644 redmine/tasks/config.yml create mode 100644 redmine/tasks/mysql.yml create mode 100644 redmine/tasks/nginx.yml create mode 100644 redmine/tasks/packages.yml delete mode 100644 redmine/tasks/plugins.yml create mode 100644 redmine/tasks/release.yml create mode 100644 redmine/tasks/source.yml create mode 100644 redmine/tasks/syslog.yml delete mode 100644 redmine/tasks/themes.yml create mode 100644 redmine/tasks/user.yml create mode 100644 redmine/templates/Gemfile.local.j2 create mode 100644 redmine/templates/nginx.conf.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index dc8d7877..8551fc81 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes incrementally at each release. * redis: add variable for configure unixsocketperm ### Changed +* redmine: refactoring of redmine role with use of rbenv ### Fixed * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config diff --git a/redmine/defaults/main.yml b/redmine/defaults/main.yml index 049e6551..1a260ecc 100644 --- a/redmine/defaults/main.yml +++ b/redmine/defaults/main.yml @@ -3,6 +3,7 @@ puma_env: 'production' puma_worker: 2 puma_min_thread: 0 puma_max_thread: 4 +redmine_version: "4.0.1" redmine_db_name: "{{ redmine_user }}" redmine_db_host: "localhost" redmine_db_username: "{{ redmine_user }}" diff --git a/redmine/files/Gemfile.local b/redmine/files/Gemfile.local deleted file mode 100644 index b0aa3f4d..00000000 --- a/redmine/files/Gemfile.local +++ /dev/null @@ -1,2 +0,0 @@ -gem "puma" -gem "xpath", "< 3.0.0" diff --git a/redmine/files/logrotate b/redmine/files/logrotate new file mode 100644 index 00000000..55d19257 --- /dev/null +++ b/redmine/files/logrotate @@ -0,0 +1,8 @@ +/var/log/redmine/*.log { + daily + rotate 7 + missingok + notifempty + compress + create 640 root adm +} diff --git a/redmine/files/profile b/redmine/files/profile index 57d0668e..ddfcc44f 100644 --- a/redmine/files/profile +++ b/redmine/files/profile @@ -12,7 +12,7 @@ fi # set PATH so it includes gems bin if [ -d "$HOME/bin" ] ; then - export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH" + export PATH="$HOME/www/.gem/ruby/2.3.0/bin:$PATH" fi # For systemctl --user @@ -20,4 +20,3 @@ export XDG_RUNTIME_DIR=/run/user/$UID # Ruby vars export RAILS_ENV=production -export BUNDLE_GEMFILE="$HOME/www/Gemfile" diff --git a/redmine/files/puma.service b/redmine/files/puma.service index 6e993607..f64f2580 100644 --- a/redmine/files/puma.service +++ b/redmine/files/puma.service @@ -7,7 +7,7 @@ WorkingDirectory=%h/www UMask=0027 PIDFile=%h/ruby.pid ExecStartPre=/bin/mkdir -m 0750 -p %h/run -ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb +ExecStart=%h/.rbenv/bin/rbenv exec bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config %h/config/puma.rb ExecReload=/bin/kill -USR2 $MAINPID KillMode=process #Restart=on-failure diff --git a/redmine/files/syslog.conf b/redmine/files/syslog.conf new file mode 100644 index 00000000..0c31a3bf --- /dev/null +++ b/redmine/files/syslog.conf @@ -0,0 +1,4 @@ +# Send Redmine messages to a dedicated logdir +$template Redmine, "/var/log/redmine/%PROGRAMNAME:%.log" +if $programname startswith 'redmine_' then ?Redmine +&~ diff --git a/redmine/handlers/main.yml b/redmine/handlers/main.yml new file mode 100644 index 00000000..3759afc4 --- /dev/null +++ b/redmine/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: restart rsyslog + service: + name: rsyslog + state: restarted + +- name: reload nginc + service: + name: nginx + state: reloaded diff --git a/redmine/meta/main.yml b/redmine/meta/main.yml new file mode 100644 index 00000000..72b1bd7b --- /dev/null +++ b/redmine/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - nginx diff --git a/redmine/tasks/config.yml b/redmine/tasks/config.yml new file mode 100644 index 00000000..a08ba1c6 --- /dev/null +++ b/redmine/tasks/config.yml @@ -0,0 +1,59 @@ +--- +- name: Create systemd config dir + file: + state: directory + dest: "/home/{{ redmine_user }}/{{ item }}" + mode: "0750" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + with_items: + - ".config" + - ".config/systemd" + - ".config/systemd/user" + tags: + - redmine + +- name: Deploy systemd unit + copy: + src: puma.service + dest: "/home/{{ redmine_user }}/.config/systemd/user/puma.service" + mode: "0644" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Set user .profile + copy: + src: profile + dest: "/home/{{ redmine_user }}/.profile" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + tags: + - redmine + +- name: Create config directory + file: + path: "/home/{{ redmine_user }}/config" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + tags: + - redmine + +- name: Copy configurations file + template: + src: "{{ item }}.j2" + dest: "/home/{{ redmine_user }}/config/{{ item }}" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + with_items: + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' + - 'puma.rb' + tags: + - redmine diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index d5a93a36..2b7fd225 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -1,319 +1,13 @@ --- -- name: Install dependancy - apt: - name: "{{ item }}" - state: present - with_items: - - libpam-systemd - - ruby - - ruby-dev - - bundler - - imagemagick - - git-core - - git-svn - - gcc - - build-essential - - libxml2-dev - - libxslt1-dev - - libssl-dev - - libmagickwand-dev - - libmagickcore-dev - - libmysqlclient-dev - - python-mysqldb - tags: - - redmine - -#- name: -# lineinfile: -# with_items: -# - 'https://github.com/.*' -# - 'http://rubygems.org/.*' -# - 'http://.*.rubygems.org/.*' -# tags: -# - redmine - -- name: Deploy systemd unit - copy: - src: puma.service - dest: /etc/systemd/user/puma.service - mode: "0644" - tags: - - redmine - -- name: Create puma config dir - file: - path: /etc/puma - state: directory - mode: "0755" - owner: root - tags: - - redmine - -- name: Create redmine group - group: - name: "{{ redmine_user }}" - state: present - tags: - - redmine - -- name: Add www-data to redmine group - user: - name: www-data - groups: "{{ redmine_user }}" - append: yes - tags: - - redmine - -- name: Create redmine user - user: - name: "{{ redmine_user }}" - state: present - group: "{{ redmine_user }}" - createhome: yes - home: "/home/{{ redmine_user }}" - shell: /bin/bash - tags: - - redmine - -- name: Create required directory - file: - path: "{{ item }}" - state: directory - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - with_items: - - "/home/{{ redmine_user }}" - - "/home/{{ redmine_user }}/files" - - "/home/{{ redmine_user }}/log" - tags: - - redmine - -- name: Touch Nginx logs file - file: - path: "/home/{{ redmine_user }}/log/{{ item }}" - state: touch - owner: "root" - group: "{{ redmine_user }}" - mode: "0640" - changed_when: false - with_items: - - nginx_access.log - - nginx_error.log - tags: - - redmine - -- name: Enable systemd user mode - command: "loginctl enable-linger {{ redmine_user }}" - changed_when: false - -- name: Set user .profile - copy: - src: profile - dest: "/home/{{ redmine_user }}/.profile" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - tags: - - redmine - -- name: Update or clone Redmine git - git: - repo: 'https://github.com/redmine/redmine.git' - dest: "/home/{{ redmine_user }}/www" - version: '3.4-stable' - umask: "027" - update: yes - become_user: "{{ redmine_user }}" - become: yes - register: redmine_git_task - tags: - - redmine - -- name: Deploy custom Gemfile - copy: - src: Gemfile.local - dest: "/home/{{ redmine_user }}/www" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - register: redmine_local_gemfile_task - tags: - - redmine - -- name: Get actual Mysql password - shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" - register: redmine_get_mysql_password - check_mode: no - changed_when: False - failed_when: false - tags: - - redmine - -- name: Generate Mysql password - shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' - register: redmine_generate_mysql_password - check_mode: no - changed_when: False - when: redmine_get_mysql_password.stdout == "" - tags: - - redmine - -- name: Set Mysql password - set_fact: - redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" - tags: - - redmine - -- name: Create Mysql database - mysql_db: - name: "{{ redmine_db_name }}" - config_file: "/root/.my.cnf" - state: present - tags: - - redmine - -- name: Create Mysql user - mysql_user: - name: "{{ redmine_db_username }}" - password: '{{ redmine_db_pass }}' - priv: "{{ redmine_user }}.*:ALL" - config_file: "/root/.my.cnf" - update_password: always - state: present - tags: - - redmine - -- name: Store credentials in my.cnf - ini_file: - dest: "/home/{{ redmine_user }}/.my.cnf" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0600" - section: client - option: '{{ item.option }}' - value: '{{ item.value }}' - with_items: - - { option: 'host', value: "{{ redmine_db_host }}" } - - { option: 'user', value: "{{ redmine_db_username }}" } - - { option: 'database', value: "{{ redmine_db_name }}" } - - { option: 'password', value: '{{ redmine_db_pass }}' } - tags: - - redmine - -- name: Copy configurations file - template: - src: "{{ item }}.j2" - dest: "/home/{{ redmine_user }}/www/config/{{ item }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - with_items: - - 'configuration.yml' - - 'database.yml' - - 'additional_environment.rb' - tags: - - redmine - -- name: Install Redmine plugins - include: plugins.yml - with_items: "{{ redmine_plugins }}" - tags: - - redmine - -- name: Install Redmine themes - include: themes.yml - with_items: "{{ redmine_themes }}" - tags: - - redmine - -- name: Update local gems with bundle - bundler: - state: present - gemfile: "/home/{{ redmine_user }}/www/Gemfile" - gem_path: "/home/{{ redmine_user }}/.gems" - user_install: yes - become_user: "{{ redmine_user }}" - become: yes - when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed - tags: - - redmine - -- name: Migrate database with rake - shell: bundle exec rake -qf ~/www/Rakefile db:migrate - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_git_task.changed - tags: - - redmine - -- name: Populate Mysql database - shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated - args: - creates: "/home/{{ redmine_user }}/.populated" - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Migrate plugins - shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_plugin_install.changed - tags: - - redmine - -- name: Generate secret token - shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token - args: - creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Copy puma config - template: - src: puma.rb.j2 - dest: "/etc/puma/{{ redmine_user }}.rb" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0640" - register: redmine_puma_config_task - tags: - - redmine - -- name: Start puma service - systemd: - name: puma - daemon_reload: yes - enabled: yes - state: started - user: yes - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - tags: - - redmine - -- name: Reload puma service - systemd: - name: puma - daemon_reload: yes - state: reloaded - user: yes - become_user: "{{ redmine_user }}" - become_method: sudo - become_flags: '-iu {{ redmine_user }}' - become: yes - when: redmine_puma_config_task.changed +- include: packages.yml +- include: syslog.yml +- include: user.yml +- include_role: + name: rbenv + vars: + - username: "{{ redmine_user }}" +- include: config.yml +- include: mysql.yml +- include: source.yml +- include: release.yml +- include: nginx.yml diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml new file mode 100644 index 00000000..414da319 --- /dev/null +++ b/redmine/tasks/mysql.yml @@ -0,0 +1,62 @@ +--- +- name: Get actual Mysql password + shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" + register: redmine_get_mysql_password + check_mode: no + changed_when: False + failed_when: false + tags: + - redmine + +- name: Generate Mysql password + shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' + register: redmine_generate_mysql_password + check_mode: no + changed_when: False + when: redmine_get_mysql_password.stdout == "" + tags: + - redmine + +- name: Set Mysql password + set_fact: + redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" + tags: + - redmine + +- name: Create Mysql database + mysql_db: + name: "{{ redmine_db_name }}" + config_file: "/root/.my.cnf" + state: present + collation: "utf8_general_ci" + register: redmine_mysql_create + tags: + - redmine + +- name: Store credentials in my.cnf + ini_file: + dest: "/home/{{ redmine_user }}/.my.cnf" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + with_items: + - { option: 'host', value: "{{ redmine_db_host }}" } + - { option: 'user', value: "{{ redmine_db_username }}" } + - { option: 'database', value: "{{ redmine_db_name }}" } + - { option: 'password', value: '{{ redmine_db_pass }}' } + tags: + - redmine + +- name: Create Mysql user + mysql_user: + name: "{{ redmine_db_username }}" + password: '{{ redmine_db_pass }}' + priv: "{{ redmine_user }}.*:ALL" + config_file: "/root/.my.cnf" + update_password: always + state: present + tags: + - redmine diff --git a/redmine/tasks/nginx.yml b/redmine/tasks/nginx.yml new file mode 100644 index 00000000..3940de17 --- /dev/null +++ b/redmine/tasks/nginx.yml @@ -0,0 +1,26 @@ +--- +- name: Add www-data to Redmine group + user: + name: www-data + groups: "{{ redmine_user }}" + append: True + tags: + - redmine + +- name: Copy nginx vhost + template: + src: nginx.conf.j2 + dest: "/etc/nginx/sites-available/{{ redmine_user }}.conf" + mode: "0644" + notify: reload nginx + tags: + - redmine + +- name: Enable nginx vhost + file: + src: "/etc/nginx/sites-available/{{ redmine_user }}.conf" + dest: "/etc/nginx/sites-enabled/{{ redmine_user }}.conf" + state: link + notify: reload nginx + tags: + - redmine diff --git a/redmine/tasks/packages.yml b/redmine/tasks/packages.yml new file mode 100644 index 00000000..2ac00fe9 --- /dev/null +++ b/redmine/tasks/packages.yml @@ -0,0 +1,21 @@ +--- +- name: Install dependancy + apt: + name: "{{ item }}" + state: present + with_items: + - libpam-systemd + - imagemagick + - git-core + - git-svn + - gcc + - build-essential + - libxml2-dev + - libxslt1-dev + - libssl-dev + - libmagickwand-dev + - libmagickcore-dev + - libmariadbclient-dev + - python-mysqldb + tags: + - redmine diff --git a/redmine/tasks/plugins.yml b/redmine/tasks/plugins.yml deleted file mode 100644 index 479ffeaf..00000000 --- a/redmine/tasks/plugins.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: Copy/Update plugin from archive - unarchive: - src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/plugins/" - remote_src: yes - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - register: redmine_plugin_install - when: item.zip is defined - -- name: Copy/Update plugin from git repository - git: - repo: "{{ item.git }}" - dest: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" - version: "{{ item.tree | default('master') }}" - register: redmine_plugin_install - when: item.git is defined - -- name: Fix rights on plugin dir - file: - path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "u=rwX,g=rX,o=" - recurse: True - when: item.git is defined diff --git a/redmine/tasks/release.yml b/redmine/tasks/release.yml new file mode 100644 index 00000000..730b0877 --- /dev/null +++ b/redmine/tasks/release.yml @@ -0,0 +1,123 @@ +--- +- name: Get id of user + command: "id -u {{ redmine_user }}" + register: redmine_command_user_id + changed_when: False + check_mode: False + tags: + - redmine + +- name: Define user environment + set_fact: + user_env: + XDG_RUNTIME_DIR: "/run/user/{{ redmine_command_user_id.stdout }}" + RAILS_ENV: production + tags: + - redmine + +- name: Stop puma service + systemd: + name: puma + daemon_reload: yes + state: stopped + user: yes + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Create mysqldump directory + file: + path: "/home/{{ redmine_user }}/mysqldump" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + tags: + - redmine + +- name: Dump mysql database + mysql_db: + state: dump + config_file: "/home/{{ redmine_user }}/.my.cnf" + name: "{{ redmine_db_name }}" + target: "/home/{{ redmine_user }}/mysqldump/{{ ansible_date_time.iso8601_basic_short }}.sql.gz" + tags: + - redmine + +- name: Change www link + file: + state: link + src: "/home/{{ redmine_user }}/releases/{{ redmine_version }}" + dest: "/home/{{ redmine_user }}/www" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Update Gemfile.lock + command: "~/.rbenv/bin/rbenv exec bundle lock" + args: + chdir: "/home/{{ redmine_user }}/www" + become_user: "{{ redmine_user }}" + become: yes + tags: + - redmine + +- name: Update local gems with bundle + command: "~/.rbenv/bin/rbenv exec bundle install --deployment" + args: + chdir: "/home/{{ redmine_user }}/www" + become_user: "{{ redmine_user }}" + become: yes + tags: + - redmine + +- name: Generate secret token + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q generate_secret_token" + args: + chdir: "/home/{{ redmine_user }}/www" + creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Migrate database with rake + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q db:migrate" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Populate Mysql database + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:load_default_data REDMINE_LANG=fr" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + when: redmine_mysql_create.changed + tags: + - redmine + +- name: Migrate plugins + command: "~/.rbenv/bin/rbenv exec bundle exec rake -q redmine:plugins:migrate" + args: + chdir: "/home/{{ redmine_user }}/www/" + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine + +- name: Start puma service + systemd: + name: puma + daemon_reload: yes + state: started + user: yes + become_user: "{{ redmine_user }}" + environment: "{{ user_env }}" + tags: + - redmine diff --git a/redmine/tasks/source.yml b/redmine/tasks/source.yml new file mode 100644 index 00000000..51427acf --- /dev/null +++ b/redmine/tasks/source.yml @@ -0,0 +1,98 @@ +--- +- name: Create releases directory + file: + path: "/home/{{ redmine_user }}/{{ item }}" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + with_items: + - "releases" + - "releases/{{ redmine_version }}" + tags: + - redmine + +- name: Download Redmine archive + unarchive: + src: "https://redmine.org/releases/redmine-{{ redmine_version }}.tar.gz" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}" + remote_src: True + extra_opts: --strip-components=1 + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + tags: + - redmine + +- name: Link config files + file: + state: link + src: "/home/{{ redmine_user }}/config/{{ item }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/config/{{ item }}" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + with_items: + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' + tags: + - redmine + +- name: Copy/Update plugin from archive + unarchive: + src: "{{ item.zip }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/" + remote_src: yes + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + when: item.zip is defined + with_items: "{{ redmine_plugins }}" + tags: + - redmine + +- name: Copy/Update plugin from git repository + git: + repo: "{{ item.git }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/plugins/{{ item.git | basename | splitext | first }}" + version: "{{ item.tree | default('master') }}" + umask: "027" + become_user: "{{ redmine_user }}" + when: item.git is defined + with_items: "{{ redmine_plugins }}" + tags: + - redmine + +- name: Copy/Update theme from archive + unarchive: + src: "{{ item.zip }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes" + remote_src: yes + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + when: item.zip is defined + with_items: "{{ redmine_themes }}" + tags: + - redmine + +- name: Copy/Update theme from git repository + git: + repo: "{{ item.git }}" + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/public/themes/{{ item.git | basename | splitext | first }}" + version: "{{ item.tree | default('master') }}" + umask: "027" + become_user: "{{ redmine_user }}" + when: item.git is defined + with_items: "{{ redmine_themes }}" + tags: + - redmine + +- name: Deploy custom Gemfile + template: + src: Gemfile.local.j2 + dest: "/home/{{ redmine_user }}/releases/{{ redmine_version }}/Gemfile.local" + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0640" + tags: + - redmine diff --git a/redmine/tasks/syslog.yml b/redmine/tasks/syslog.yml new file mode 100644 index 00000000..b53e2660 --- /dev/null +++ b/redmine/tasks/syslog.yml @@ -0,0 +1,27 @@ +--- +- name: Create log directory + file: + state: directory + dest: /var/log/redmine + owner: root + group: adm + mode: "0750" + tags: + - redmine + +- name: Copy syslog configuration + copy: + src: syslog.conf + dest: /etc/rsyslog.d/redmine.conf + mode: "0644" + notify: restart rsyslog + tags: + - redmine + +- name: Copy logrotate configuration + copy: + src: logrotate + dest: /etc/logrotate.d/redmine + mode: "0644" + tags: + - redmine diff --git a/redmine/tasks/themes.yml b/redmine/tasks/themes.yml deleted file mode 100644 index 510e2038..00000000 --- a/redmine/tasks/themes.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Copy/Update theme from archive - unarchive: - src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/public/themes/" - remote_src: yes - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - when: item.zip is defined - -- name: Copy/Update theme from git repository - git: - repo: "{{ item.git }}" - dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" - version: "{{ item.tree | default('master') }}" - when: item.git is defined - -- name: Fix rights on theme dir - file: - path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" - owner: "{{ redmine_user }}" - group: "{{ redmine_user }}" - mode: "0750" - recurse: True - when: item.git is defined diff --git a/redmine/tasks/user.yml b/redmine/tasks/user.yml new file mode 100644 index 00000000..ecc5b6d5 --- /dev/null +++ b/redmine/tasks/user.yml @@ -0,0 +1,44 @@ +--- +- name: Create redmine group + group: + name: "{{ redmine_user }}" + state: present + tags: + - redmine + +- name: Create redmine user + user: + name: "{{ redmine_user }}" + state: present + group: "{{ redmine_user }}" + createhome: yes + home: "/home/{{ redmine_user }}" + shell: /bin/bash + tags: + - redmine + +- name: Add redmine user to Redis group + user: + name: "{{ redmine_user }}" + groups: "redis-{{ redmine_user }}" + append: True + when: redmine_redis_path is defined + tags: + - redmine + +- name: Create required directory + file: + path: "{{ item }}" + state: directory + owner: "{{ redmine_user }}" + group: "{{ redmine_user }}" + mode: "0750" + with_items: + - "/home/{{ redmine_user }}" + - "/home/{{ redmine_user }}/files" + tags: + - redmine + +- name: Enable systemd user mode + command: "loginctl enable-linger {{ redmine_user }}" + changed_when: false diff --git a/redmine/templates/Gemfile.local.j2 b/redmine/templates/Gemfile.local.j2 new file mode 100644 index 00000000..72f9857a --- /dev/null +++ b/redmine/templates/Gemfile.local.j2 @@ -0,0 +1,5 @@ +gem "syslogger" +{% if redmine_redis_path is defined %} +gem "redis-rails" +gem "redis-rack-cache" +{% endif %} diff --git a/redmine/templates/additional_environment.rb.j2 b/redmine/templates/additional_environment.rb.j2 index b6065a57..9427c305 100644 --- a/redmine/templates/additional_environment.rb.j2 +++ b/redmine/templates/additional_environment.rb.j2 @@ -1,2 +1,13 @@ -config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log" -config.log_level = :warn +config.log_level = :info +config.logger = Syslogger.new("redmine_{{ redmine_user }}") +{% if redmine_redis_path is defined %} +config.session_store :redis_store, + servers: { path: '{{ redmine_redis_path }}', db: 0, namespace: "session" } +config.cache_store = :redis_store, + "redis://{{ redmine_redis_path }}/cache_rails", + { expires_in: 90.minutes } +config.action_dispatch.rack_cache = { + metastore: "redis://{{ redmine_redis_path }}/cache_metastore", + entitystore: "redis://{{ redmine_redis_path }}/cache_entitystore" +} +{% endif %} diff --git a/redmine/templates/nginx.conf.j2 b/redmine/templates/nginx.conf.j2 new file mode 100644 index 00000000..3356ad19 --- /dev/null +++ b/redmine/templates/nginx.conf.j2 @@ -0,0 +1,44 @@ +upstream puma_{{ redmine_user }} { + server unix:/home/{{ redmine_user }}/run/puma.sock fail_timeout=0; +} +server { + server_name {{ redmine_domain }}; + + listen 0.0.0.0:80; + listen [::]:80; + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2; + + if ( $scheme = http ) { + return 301 https://$server_name$request_uri; + } + + include /etc/nginx/ssl/{{ redmine_user }}[.]conf; + root /home/{{ redmine_user }}/www/public; + access_log /var/log/nginx/{{ redmine_user }}_access.log; + error_log /var/log/nginx/{{ redmine_user }}_error.log; + error_page 503 @maintenance; + client_max_body_size 50M; + + include /etc/nginx/snippets/letsencrypt[.]conf; + + location / { + if (!-f /home/{{ redmine_user }}/run/puma.pid) { + return 503; + } + try_files $uri @puma; + } + + location @maintenance { + rewrite ^(.*)$ /500.html break; + } + + location @puma { + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_read_timeout 30; + proxy_pass http://puma_{{ redmine_user }}; + } +} From ff275efd95b76582b41c83e52cd8b199907f4dc6 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 29 Jan 2019 16:57:45 +0100 Subject: [PATCH 5/8] filebeat: disable cloud_metadata processor by default --- CHANGELOG.md | 1 + filebeat/defaults/main.yml | 2 ++ filebeat/handlers/main.yml | 6 ++++++ filebeat/tasks/main.yml | 16 ++++++++++++++++ 4 files changed, 25 insertions(+) create mode 100644 filebeat/handlers/main.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 8551fc81..d969a3f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ The **patch** part changes incrementally at each release. ## [Unreleased] ### Added +* filebeat: disable cloud_metadata processor by default * redis: add variable for configure unixsocketperm ### Changed diff --git a/filebeat/defaults/main.yml b/filebeat/defaults/main.yml index 75c8ae0f..008daa27 100644 --- a/filebeat/defaults/main.yml +++ b/filebeat/defaults/main.yml @@ -2,3 +2,5 @@ elastic_stack_version: "6.x" filebeat_logstash_plugin: False + +filebeat_processors_cloud_metadata: False diff --git a/filebeat/handlers/main.yml b/filebeat/handlers/main.yml new file mode 100644 index 00000000..0a6d83f9 --- /dev/null +++ b/filebeat/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart filebeat + systemd: + name: filebeat + state: restarted diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index eebbd8ee..e02ff6ab 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -64,3 +64,19 @@ - filebeat_logstash_plugin - logstash_plugin.stat.exists - not logstash_plugin_installed | success + +- name: cloud_metadata processor is disabled + replace: + dest: /etc/filebeat/filebeat.yml + regexp: '^(\s+)(- add_cloud_metadata:)' + replace: '\1# \2' + notify: restart filebeat + when: not filebeat_processors_cloud_metadata + +- name: cloud_metadata processor is disabled + lineinfile: + dest: /etc/filebeat/filebeat.yml + line: " - add_cloud_metadata: ~" + insert_after: '^processors:' + notify: restart filebeat + when: filebeat_processors_cloud_metadata From c8e7675a49c7e3e9de13fab251ce847c266da589 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 29 Jan 2019 17:04:36 +0100 Subject: [PATCH 6/8] metricbeat: disable cloud_metadata processor by default --- CHANGELOG.md | 1 + metricbeat/defaults/main.yml | 2 ++ metricbeat/handlers/main.yml | 6 ++++++ metricbeat/tasks/main.yml | 16 ++++++++++++++++ 4 files changed, 25 insertions(+) create mode 100644 metricbeat/handlers/main.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index d969a3f6..67d108b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release. ### Added * filebeat: disable cloud_metadata processor by default +* metricbeat: disable cloud_metadata processor by default * redis: add variable for configure unixsocketperm ### Changed diff --git a/metricbeat/defaults/main.yml b/metricbeat/defaults/main.yml index ee4cee34..df2d9649 100644 --- a/metricbeat/defaults/main.yml +++ b/metricbeat/defaults/main.yml @@ -6,3 +6,5 @@ metricbeat_elasticsearch_hosts: - "localhost:9200" metricbeat_elasticsearch_auth_username: "" metricbeat_elasticsearch_auth_password: "" + +metricbeat_processors_cloud_metadata: False diff --git a/metricbeat/handlers/main.yml b/metricbeat/handlers/main.yml new file mode 100644 index 00000000..cd83ab5d --- /dev/null +++ b/metricbeat/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart metricbeat + systemd: + name: metricbeat + state: restarted diff --git a/metricbeat/tasks/main.yml b/metricbeat/tasks/main.yml index ed51dd1f..535037ec 100644 --- a/metricbeat/tasks/main.yml +++ b/metricbeat/tasks/main.yml @@ -72,3 +72,19 @@ when: - metricbeat_elasticsearch_auth_username != "" - metricbeat_elasticsearch_auth_password != "" + +- name: disable cloud_metadata + replace: + dest: /etc/metricbeat/metricbeat.yml + regexp: '^(\s+)(- add_cloud_metadata:)' + replace: '\1# \2' + notify: restart metricbeat + when: not metricbeat_processors_cloud_metadata + +- name: cloud_metadata processor is disabled + lineinfile: + dest: /etc/metricbeat/metricbeat.yml + line: " - add_cloud_metadata: ~" + insert_after: '^processors:' + notify: restart metricbeat + when: metricbeat_processors_cloud_metadata From eb0879f3c262b6445646e3cdf6eb673e8e960749 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 31 Jan 2019 10:20:11 +0100 Subject: [PATCH 7/8] New "percona" role to install Percona repositories and tools --- CHANGELOG.md | 1 + percona/defaults/main.yml | 4 ++ .../percona-release_latest.jessie_all.deb | Bin 0 -> 10090 bytes .../percona-release_latest.stretch_all.deb | Bin 0 -> 9880 bytes percona/files/percona.asc | 30 ++++++++++++ percona/tasks/main.yml | 45 ++++++++++++++++++ percona/tasks/xtrabackup.yml | 16 +++++++ 7 files changed, 96 insertions(+) create mode 100644 percona/defaults/main.yml create mode 100644 percona/files/percona-release_latest.jessie_all.deb create mode 100644 percona/files/percona-release_latest.stretch_all.deb create mode 100644 percona/files/percona.asc create mode 100644 percona/tasks/main.yml create mode 100644 percona/tasks/xtrabackup.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 67d108b5..2c20eed1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release. ### Added * filebeat: disable cloud_metadata processor by default * metricbeat: disable cloud_metadata processor by default +* percona : new role to install Percona repositories and tools * redis: add variable for configure unixsocketperm ### Changed diff --git a/percona/defaults/main.yml b/percona/defaults/main.yml new file mode 100644 index 00000000..46a86904 --- /dev/null +++ b/percona/defaults/main.yml @@ -0,0 +1,4 @@ +--- + +percona__install_xtrabackup: True +percona__xtrabackup_package_name: percona-xtrabackup-24 diff --git a/percona/files/percona-release_latest.jessie_all.deb b/percona/files/percona-release_latest.jessie_all.deb new file mode 100644 index 0000000000000000000000000000000000000000..a387f36101761ff5bfb8c110894a5512952db3a7 GIT binary patch literal 10090 zcmbW7LvSSw6s&J-+qP{_Y}=aHwr$(a#FJ!V+qP{xx$l2kzpB@Ds;hc&&i3oYA>lW6 zHvKIKYi4d@Wo*x2Vr6ga>_tpW%)-IW!S(V@Ufa*M+SPwrUR#a;mj6nS9sCRz6Ioa%6CrixbO}2 z-h_kxEc0NVqgGSpuD1^(t^<;EcJ#2>X?NrVPN;JNYl>&JJY{;J^gNa4$q4E|5*R1S z>9EYDR_$2NSWEdZ4ZmuR=V$+h0JQ7XOjTsq=9wDQMEGd^Sj(jkA2EEfg!838G`Q(C z-$ti?1l$w=a1I5G-u$b1@4X}jF1`a_u4RS;64c;@HwLcb15>z0>k||d47z`+oB)|m z^3!I)<8gj>bJnTg#;=F>^OuH(-M&BW{b;zEXEeouJgEmT0ND%Nf;i5x<^80fS_|xW zN<9l83#ySBw;-j*e3$m$+VN{y*dp}h0V@%TJrxDwXOoYdM%M2-8l_(n`R3CkSxqpK z`m`ibHg9#2$kdXe{UHSEsDV317*6(h|8;|owFMZ8TC+_ znQ<8I3DD_T`od*P9b-TFDd>o0P=zbVgTr}H_$!9Ur?YR*@uiRhrP+3euq;Lz4TM8h zs0sdpHkXdB#T{lJ=>~2mr0x4#Q%5^mF1y!t*5O*IKz@EYK3#-4McY>A#*to96o8g8 zNin0ESw{h!i*kxT*RlUf&&Z=4h>uAG6Hg@~lTnW8WJ1q7i_tzXh(3b1h?SDiSoROi zk|TKq`6lKkamSsZjcHX$K6D)x#{#HQOQM8(mkrKx2Y<~49hufVjtVnNlVE(e8h4rD zXb>pi6gq?k=_%aE6^}{JQDM2zY$It`;eR^+5ghCgLlu@gAs#Q%Yt+N2b3$KP;h)u{ z*NUyah>63gkW!krps+C=N9!w-J>f+_`2$iX#cEPS-Iy&2Cpp7&Z(=~BDpJuz^*7{? z6Q*Q1$*bmv=eUjyi6n}?cw9_51=UXKp7B|VeJxwpbwP{aDKrmo*Z!TW{?$+&c)hWm z_Jza*aQ*RMf@~fDdii!P-TF`VY7NG&ss&)s%xUtdC}YH{8{t8cl)OHC_tml&I)LlaCT}_ zMT-Y|Uau%l2P@vHwn1H0>1(H!$CWNpx6Z+2;~Qe|_?dw{F+N*SP(S_y~5k^ zm+SsS4i}#UIq-SzqX=Cys&d=>^^3QNaMCOz0lBs4UCv&ML@8#WRs)r8T3@YKP)Svf^o8jrhEw;{qjw$qG^Cpnrq2 zgW`hx|HLPyA zR-`+epa2pO%>O9v%5+?^=K&aJgr1cTV2zp@*Oi`9-^Y7w9=?~dE%N_Q3 zNG03hfogZr2pO6*TQ;b7>Fn*X9p%UsJO^wD{xx^A9P<1|l2{?)mHOqPY~%3^g7-@a zCcEFA%o<7DVEQ&Fp6ej(c2TcdXWkRz?bOu_M>~$8Ot{YtJgy4-bn%9fd+yn{BqiZ4 zsvlji%a zz#-i>m1^Ko^F;K#JMxWK)&Xqq@RtH{B8m)4)&>60JbL^Bj1kt<0C+sLbW7Y2d>0v4 z##=NR>P2U~hwv2cLcxJbh2p1F=!5}?NS1J`YgP=rqJGs_E(<5xfk@mATc;4Cs)P`< zsNI%{-eSaH&`Lrbc7&=KlxGj~ZdaXhlcOE^nQ0Z^vU0vR0BOt6fXF(}SE(?6#ki#Y%oa<+dn~&($N3R`7s_xfEh~9iN2)35&6B?iGb|sjww@mfVL)MUH&oTWDO~C5WU@R z{rh;MpYc0OjB*_oSzS^qD}4>nh*6kVKm&+lCLD5P&1=8oq+=SSI+nAKfxfdWbrhmqF*UW#y`uy?V&E;`@TW?`=}>adz5v1`RF!xxGX3{-$(7 z2cuF7ChWMnhR#LW)-}^Bc*E%WG1fsCO&pp_B}DLAZKL>%R;S}A+LS1g%Hit zYxL7x`S@Ez?oM^><6^?R^ouOi^Xw_2q$s{pQD=_9p?sV*qY36(uUY?{(YSXBuvY3Y z?x{!p!eg)G;QY(A_=#8It8IcDgij_GpRTLOwxklHNU_npQ-QG;8_CBV=(*bwY;SO{ zg8k6nT&1>xI-?f~o#K+us0*h9TDiSd%5-5hVtg(IX$Ru?{n4!UgJ-|(*;GO$h@16x z+nrXA%*5GO|I`xum_&-SmyQV@_v;eTT;$o^;M;v<6qgIbqw6z)!k5@VCY%p=#JxjdDr zC>HC<0ccB;Z&osGEDPh-%A*ynio0?N|F=f}=iob-SkMx_yZh3gE=(-Jn*9S0!xKgO zFc`5DzNw&Q*rLZELILwmpx%qf>D9e>rdYZ90v4&?7#sx_q8q0Yz+w-LKgrf_5 zSJpTG3tVdhCzJRnXaeZd{!#!C`gq>5{I~<@s>;N2$iRou<}X#lE`92U(J08w-82Zr zZ=Bj%V4c0Cz5O##9{7uyss8CuH;HECHd6EPOWQo_jx&MhNa6k|jM{Hk79Nxa4hH`TolOzJD^1hxYf9tq-^4z5AIJSi8r% zCwjBmCqSrITmLP^Ym#_Ey=#cr^(S`&PsOJ=x%zVJRa2Fa1Bh-wkAyNw6E%}*j3`oh z@mt)$hY~padF{x?d^NY@YZm^u(oy05@btWHanBOX5glmd{vA;ID{0E z#~szXf&-QcSX;6-Z~IR6=Tf_p2O`f)BfIK{B`iloNts&g7%Ix8q8;0oDgfJD2sD#{ zOrB}=_TU>gcC(ag$oxAZXbpxd{O`G*Hhv$Bzuu|&pYiTe!?t8JE~?4D1tnGXW)D~4 z!Z`DS(`QpYB&0!|7T0se8ojmlHS8xa7x64LJrxm3%2umlZWI7^liN~5xO&37cWz0w z3*5>K;kVKcY?=`-~z!PkgOl~>bOT?m`Lp%^$i(Kep@)y4l zfvqAOsV4aty1wLO3x`!nRncOwE^~~^*0QS6B|B=}z8BX%-qS~N(ms&vHtQv99CpuI z0amedA&MrqG8adchB=Fkn#c3FYk%*&R5vpN9roX? zqKr`z@R3I}7zUzMef~@mul?IS%WZl~$jCM+G@poQw&}96%u1dDi_dhVaqU0SCM_Cp0@z-1sDf$z zLDA1FHpDA^15m9<(=TMna`4q8ByBNnO6(Zu*)R%Fkw1zJ!0@5XlJ>nCpo7QMd67_8 zQ((}0Jw2@bb^q1po{VX`{jym^pzqvu4d{b6rPT9B2u#v#ZzHLl2+^2GiPOg<&DNnz^49~0>muQllQmTd_K9s*906q2_>DpT+K#Bs`%j#~kD z0;p0|vRvmZTyDDVEa;nS-4i8HS{M3;BV`VPknyDZHZzNS)ivxR3!J1qbPQN0v zX|Sc;3v(~j$)}Qbr>amW+FuHk&@`ADFa@0fwRG5^jh?77-J4R}K{b;p@~G--L-nM= z%B`2iHC!!hJN_26(5{Abz}R1|zSdqJdYGeMM=Gomnv(tx7_EH`5Exd3+jG#|@u~k+ zV&#HAy{%=87P`g2BFt*Vi)MJ&FdTZhZj*XNqoM}GC~-D8Tp*3|DW>XT`v$Wz?{GkDkrXW&$|8Cg zAO-bGHAE+&K7n!9&}-$S&Lgjp3MF&Y@Y_DPx0>j!FLHLqu`ga6F|L#LkUXUD8LH&C_eRs&QYU29Ww%@#qBwzSoHaf> z63ZEpO6?k`wBef+9%BoL+l6QKN%RL9;n~3wxxHL(D!UjI@4$aeKc z#R$>C-B|9Lbet$k*I69|`PEkhWT8XYgY?ro{>5Nhpg<>NzxETURV&X?NFl-Lba|uj zDbQQlT-z!+2gi<7Pu+c7R|4QWd6@2WuS2!*^J-1k9&U^HQuWE7Ly-nF`*`Tj853!S z`A59L1b9pp@R?hFZlbVmi$pW|2+&gX#De^SxV}Q+AufnJaQnCQR#51-J|;>ctVVKg z$81oCn;O~jx3QbjrKmD%onhOaXu{E^1Z4kfmm&pzZdEi%SoVAUHiL~^c z-!>t)7ywoAjO$S#GGq+aXJb{@ORKL!^HWe7Z#Ng68WNi-Qh&|cKyEjBDCYQkk%|Gh{ziwg<17IboXL>i^$z^Lbia+nW^g$8(wota) z|2;V-xDNmQI;T`U8%>2`yr?9Jvjc5B&=@lYKc0$pg!a_UYGnu>vv*6HEnfVO)9; z#{7UKe=3ZzssBJ!BO0)|W_VMKP!Ai=$g|)}pBwCMMV9h2_aOqaos*k9(X_{eMFDp! zvqo=Fy&r_4#)WJ%8g_9anLJ!i-V6Sap~aI2q2Smf$>-;NzbVT6M4PT|SL7wO+G^}7 zuYRBpJ^DFL8O$LWRZ;5Cn8i&6+(LLj8??%&;Ro3PIQEEFMvNa9e# zp^ALxptyx~i*hqc(~i2pwdv|-ZmDY>FQgeo#>`co7}wTrCq|NF>fu|73Io7RaG=H@Di)6S2UO z)NX!O@f1ZY2PAMyI)3FCz{w_llnSkGnSY{VS#X=f@E4_KF&ZRY8~H11XGrm4;0x4@ zD!X_fk0a`o;m&nCFg(#WW4K%xXPD*hYSM$ihpfKtR!+ZBCWy>UKdlg(@;%ehCuTLS zyIWJjN3L({4m_!nA?L!C3kFGS-k$v_(=%l|jDh3by zu!l5HFYlh!GBI8S3zXy-fmefy5_IJ1kPP~QaN7I#O2rXdjI5|#kp-WeCMQ>!S&y$Nc^Q<5PA z=t_Jn=Omb1-XO(-@#@r*>yCv|Ub$P!samHzsp(l;eOuciV@{J^Uzi@(NxxWhCY@6? z(b|7}#UDvD_^-ax}75&{`nHqT7UxwY-)JfG_G!P>)) zWx0c~D<3hTAY-UqOD7-hkf#orc$A5WtpWTxj5oPdVlT5ZMxIgm$g(9K79f9(q>o?_ zbCgsta&XVm5422;iphsS5PUJv!-qt3B+bB;$n%UPY@_FQ%b#!m zC)Zmu5Q2w!BEBIWU;lx9m~ET2Z1U0Qiiw*xTwkWB^CRkNWS7q0i${{U>~YD5u&sy< z_ji^l9R`cI!mOcoMR)y@(9G8S^I%=&qPZ0p&TtgZZIoPcFR>jcS=GAim;ToJj&}mL zq2Q1lxgiIr+cQI0U~ZY?%cQ;~9^E!2tB9m9YSIH~0^zZTSe&ksiuEA4_UYIATA|b(dt3 zeR57|Hh3WyZj|uL=KF8xgO~EyZ`}oiz%Cj)Z&-Rfvn5|lkR;@(s5=_3@53(pI+q~! zYmNzQ$BsMg-XZyJ?~Ko^TgG);Zkbb?CBPZp(OjvNUwBr@qs@%$tsG51WrbUa2g1G0$9EsPCGj`Jg*pV^_gCQbJ;!njok7Y{%EL&qTqKs=4Oy)+l=b15!49#| zqYzbhMM}ihbq1Wy^xrn*rULSuSMZwWx_`~)+o9U+r4$4XUM&i^XlzLs$bYuYtDw;6 zF8;uv@Jg#j%^X`7NMj9EZ##$}WOrg|Don-w`sc2W6mGH@jCB?(dx9pOOP?W&H#Z1Z z#!ZQtmg!VurJ|4v z*Fd&1or27C!w$0+2xc_v+pRa2O| zgiTGg4Q@MiAJMP-eXk0gE+oS_rjp`M`?)^Iu~$)XrH4gSX{3BikVSP}exxloZJFp9biS|cx3>fo;oKFNT&(8Wv(jqrBau}GBRG6_T}Yyu=up{5sqW4~BSeZ6xCNC5uGQ6O z;p5Q-XKk#M+!Lcb3=NH&QNajnm7DV~0o#!lj=ZHSx+N(jRwSOw+IkzM?B8ZPY7QaY zm0V5nHe(T_E!X=7OwFw%+n8^5s#%fzPSEsTFhwSxv6>4@{F{Pqtuk$Vx&14rxa1go zkZ}JPfi=kphll4~0OY_BdYgNrMRqJbZU55Y+WEE=iG*9=1VbzCwtGo3OwE6t_43@= zJ)xMN-`+i2DFSu)#qY>LcHl4&vYY|_6mfb=A}zmtkAAda8u4=**{s+!HH8#YH1qI7E;a@rZhT?+Fn@p?quCx+J9?>*{< zn>@P(R$3O%QMnhird$q_SM^&&@ryRC04C=todSWycwXav05Z+J)UP9j1;}VJ(*0%) zm5y0?oqXzywzRmjp7^;AAkG?@8L2mT%i${HG@zpalJ zvu9WuewOQmd>9F&w+hVOK{<{Um%=9^Wn1V76efzh6+|`S$Df_%@1VvSglT+@4p6(? zG=CcxWDF%@1vw?6CzybhoRT$mDhe!l$N8h9L%fBSM=EYEcNYY6`*j~D3kacRRD@2E z8U10Ya$5SRn17xk{4!Ca$RA8zLhIW!;Bt-=VCiQ2Q1*f;8-LbZO-|vQH5TU$L6pHB zpR+eN!rxY9^=}mDR4C}?PY4m&EjYsAs3?C?vdF{c^=}tiFXt8IIPB;iZ~`Yq{{yd{fGtRd=%9#5C86n8F`LY5kTxmb2a?z z_EEbrOK{{D0jD+rgk~?QRBc~wV0va9O9h@Rzat00qc8ZBPngD@=}C82WMZoC{9Yg`AINDy=c}IVscD_d_}-7gLy*udPbmez`}t} z-fR>f!MFjd#gL9h^welp5WVTK8hAHz30i#_X%96v-^_{{!0DGB`YNGVNiRA=u;8gs ztK?AB;t_f8F4h1|a>XfHZ$14EYwWlJT*MBmQK?WApM-Q4+BfuVBJsHwnZJYrcHJP& zR8c`K|2FSwSOgW;n|q%24bn>i!_{gvo(p5X__Q(!8}x~{sZS`UtV8rY0x)2@?(3K+ z6%rjDO4Vqejt!4g4~?~9?_9!g_j)O{h2v>2X__0x4feS?Rocc?{99T+&}}k6mI`Rk zo6r~6TlF+{?4-$T<}GB6;21@CVjP$N7HD%Z^MJ!SSzn!P< zD4KhR%~yXS$hCjPnnViTI7yg{>85e^1QDgwn8@jkw`rX z-5u10Q7=J&c@}1gDn#yb77%dF)XEa;ar}9GM|Xn6FX&&UHCE0K{nl3c#oW}ZuCCr< z6cO4l*md5{FtUW0HOxccgrtj?n0XOYZ+oxcBUS&^Z=REgN!%irB5&1f!%ndvP^(#O z*n9ro)VYE)(HF5o&CMKUbfqmZ%cJqSqrzj6zoT)bR%w_-(p8Q|piW|~9=YqFQmDBr z9V&wDB7CI2ga*p-%XaXY$tQ|CHl!XM5F-+@ftu<=pz?tQO<3DE!6BPuzO-yMIM65| z%AI4#9SWJYg(}=J7ctio(J<}-CPL|z>g2sU#8_q<*^ct%!MH7;9t8ks>G&i8Kq3VL Y??3<)4J7u0%m^`{|MRsCL|f;70B4U#r~m)} literal 0 HcmV?d00001 diff --git a/percona/files/percona-release_latest.stretch_all.deb b/percona/files/percona-release_latest.stretch_all.deb new file mode 100644 index 0000000000000000000000000000000000000000..5479137ea633c786cc6b80e270c04b0a7be3cc4a GIT binary patch literal 9880 zcma)>Q*b3Zgwv&m?nb@{%+r~_siIa(K+sVYXxni&L?_K+x+kKwu`l|Y( z`@4Lq>m?H~b}_XQLNqfsu{L&KGO>0rcJU@9C1vB{}Kr3Z0YmA&$DrJ|IZ2|L|`mD#D4(=eWh*hxWSD+ zWBC=6t=n{=)GO0awWt{CZrgb^xcukr$(&F}hkrwYN}2SG(x4ICQ)G}c_JhFD3e)Te z8qgxU4U*X=&Nub>%(Wd2LJv27mDK_>_WJfavBvlb-$C0XlC!J_JDtGR%|$Q-5mS}C zF1A&^-O&1cY8@|B$S50Lye38r%FpfqkvC3myo>s+;9##mYKi?ho%3-^YmdZ+%Y7^6 zN`F5fsU6~VRkBLf)Z1B9_DjvT82`)0Zge#j-c^bAv(RlNI{$6zN#wxu6`yj(bprl5 z94Ip$!1M(z>;?+_#=8rG6B=Zzf)RK}NylLahOQ90b?0%%ko(N!ReCWak60AQM3vFK zXU1;M0spcQsmblakQmd)BD+F6CR^6g+*N$Eqey+L%&(Dw?XJ)#TzSojV8szr3`0 zIy?oCC*G^wNz~HtXDN@$VJ!h3uY;0F>0LGDDer?C@NNZyPv9Iyjmfw=LqYje1qNns zI0wS;uos{kxZqfDwn!8aGz+2!26P}MO{$kjWKa<#@o3FWA_R`kBMtcue46nGpqnxV zP9QGT7*h%_a=QkYh#slTTSfJl!%*xLyK?jn$~obfz--(`%7M>&wg{{@=0z?Gz!Crr zSmE78;{rPOjCc|K!Q;#cw{p1+qy}u+grjsV34wCDBh;IFl)L^DBfm~Gr^gI;_=P7JX`n?msUK^Ll+jcb$fTFP+e{e-7MtXUmL^GdM`MU^{3Y zj&eFsvk^xoNX$IGB!4+K1Ng$*1*l~U2vbe-1_5V-DzR+w)gY8huF8$b=ay4!j(t`% zW0oQd9eo8eDt!-4LD}c>LXmeSDt5(=6D&})T4^V(MGTFGcEYGrLC#Wk%&N?zk|VuR z#yCYvAj{o#8c>-@sv{=GKW72@2!KoIkvX&c2Qa(rnM{20raRK4kl|u%t?U1?HKMR; zdl~Y4w5hh+43jPRCjqJ0s{FAP5Up7HR`1@B(!2D)RN;V7VPSq=8}JWNX0HKFC7IV7 zy=lE5FPsf0^(Nð>R9HKH@$Ryp{Ye@C<{)x3mNat^gyKD|3_c}=ytRK}K<}h>BTf2hHE6S6?UsHB z(Q_pw9_mdanO4=_+BI6LlJz~S3iJTomGZcaTpwgfuHj_TaklEyyYmA9cRI6NH*OOB zV`_Q)#uMAz(=%0#fEJaRvsW$QE%<$Drg29CO`62G6HNX}Kf{tq8y?(OIG0SKwk)Oz z#OuW8=k7@2)xh2S=zMr+gCZiXM0*{FE%;(arf0SzHVwKCwb~Pzt9pg8Q5>oD?#4zI z*?)&U8{y{cSuMWLzT~diVX&G<>qu9;z+R#c{Po;)za&o*dW zkxVEC+h_YsA8m&%JQsBxeFVE?<;h7iDyM$&K6~>?YPjVQfsQVpHhSV^)V;ri zlvDKsc;Z9&PTKZ05MA>6^O^e&y!8jXJR`pvnERi<`fDQ{XKywf+wEXj8+xuKpZ1r?{Qz?PTzm z9+7ON*DxqVcQ5gTv zm#nxSdier)sE4Bf>ez~5G~CP(q|N%M8_7AJU#Pw#hZ$G?B&M65zn`0VGon0HRs@MT zb8KRzo{+tm`aWd#yUzk{5$A1*ria?GjP6k!;-j04PvK~bCS^*gAd~=BB_*lLiwsafjXg<4q0kK9Zl=nC>RS&=Fr=bh7enNJwrZ~Xm-!=bAw>#B9-5E|)7N`}GqbsP&E|3ZmQv{&DfDyK#I zB#ln%cdovD>L_0+E%_cgAq3oC3(u&o$>9=VW=;nd6O~AVAFP9qqM&3Ip`k-FLs;j? z#|Re=#D1IeCD(y$DA^3PjMQI-ORs)I{KH^{?3Q1n_&cc?nt&*X%dV+AH_d0bz@P?+ z2maB2SxL-!0YQ{kw`{1kCn6i`)epcZA*1hfOA+XI0hC7C#Ac`tg(yo~73z+KGz0!0 z&;!IJARjGS-KEBQYN<>G5n)zZh2iW%!p#8H@4iLlLJTh?zECT()5qly+LLwPzQOgH zWfEcZdU?paAzc^X+I!`Y*(fHcZ)lB@|2DhQG&NYD&}Z!!tYt&6p+K03{jwPtPXrImvbcVB{C$VB%1~O7M3{X7;)^hrHq`mOuWB3ge@WhF+q#evK zZ(2@D;V5OuL~L}nCYH*G*<5crap?a1*SKIMNhl!Z01D&Aj>fH76|;5W1)wHpLx#nl zSu&fbpo2x*dg6-+)gZ6K^RgIZd9Pu3S;mAMcXAFVzqXet#(cG3o0PS&X)NX@u4u5h z>RUOTk&8yl^2;UUW_p^TT7LJzxq+NLn&98U(*_cBLdzp zjn9K&xMZv>K8x@k&{kZZ?;%e??_Zt*$V>1^DWd-YlA)E)ncvSvIgTKk0vT31U`J0 z4B{6)ELz^CB8&Oe+2k9ax{!4C&{<#1pU`GLUz)5CC|f3ZkS4Mp?~+td z-r^RVMPSzC-X-UeFDId;bi#Hb@-^VRW>iaeb@zojr@9nkH%RM896Pr9TzwoEZg0j{ zrC5%}q!sF_arQP)`Yyg6o!Ld$Lm2|22c87c`%6K|N73ml9W;o-)O8#vsTs(ndzM#9 z?9iyb*jE!V@VFGT6&ADEpl@T?(R`0^U(aU#}s6+g9kYE`MJ zyH!UMR@|4i7=zlT8nk~trJ_B}v=3B|WhUBB7f($l&fJKOmX%`KCL}8?h{uUem>b9D zBZA6C4{h`^FtfstBUGER^W;N%!t(8~h4EYi3mW`Vsh3QW_4C>zo2pDuixV%rXyr)5 zDDj-q-0HMgec5`GuA4;05Z_JMmNZlYhFtL{ z`#yj(anQ(TSK+(i-)!BD7jnM3Q;b`QH#w&&f=@+S1BOUbtgn;TZpTgkZfa}Lnk1)r zdq8BcLCP~<&}5v7ncox{&-{fR7$iAtsqN#4haE%Fu4EkB8gkiqnPFv)kH$9)4KU%Y zwQTrBE|a}UhZxyfYZ7rJ4ATi>yFB2O+K^%Kz%`VI-pc>hzu3TCq;Kn8ZnM4fz{0AY zw(!b)NMTSf!RQOtjy;Mcd@y9k_*&DCHtg^wx`5FrxHNBmhjL38b|D-7tnjf$o?4NJ z)@79b^(e7LFJ!BNg{?$fs6){7Mf$LNuDY9JoK^rz-QDl~P?h#GO0-A2`Ax#gtZ&`+ zJ1<$d(#iL%hjSHx0(AkO8QZ)R2m>6Q8*d6_>%v&ra0Nh z80adyD=Cpav6NpvySw@&>cjTBX)&$*Qfrk%o=X<+#UuM6N{5<}*KXyg58X~9^>@P- z4Y-%K+O|Ma(V`a1YnsX08xQUy3+@9H^Kv_ov?XNLP`g2 z`$%74W5hzBgS{l{JEWQWw+V*8ufheqXK{I$FO0NDWa7IWSbqYMv45_3m;K=PGie5g z0HAJ}9F?ijO7W8dO{%}N;));IWTW~}BHTcMJFLuXR8fYVvF<1DTNn}t^lLB zc%#!3o>CZ$f0!%_35^1@U_}3g_;X=n1TYsGn=rwPsoNX>AT)*L%MZfoj}W0MCr{mp zpkp@IPZWj-`bWSU!Om-a#gb6AF)HCg?413!g!Ray+E#V=4({3T6@T!(wJA6upNaZ~ ze)_^c>D+N@*apU$vm^g6`dI5gDkG@Db9C`2TL|S1>rdD94;u62jX*dyBPTup>wRhSRxv>WGb0u5~VW8A?iqw=KG{e%RbbUd9L2GnBL2 zB}i8ygSR1s6)rd8c+$=>Uak55`y1dpP(`7eFfX7<)bU1;Gc@){et|zX((E3*_Jll< z60;PNK5r>IM!EpoI45r zw5D?#(aBX)u;{fHAH3GTs+tCy@m#bjRg|(93HMO3Qj5IwwU{~mm*SM}O-_{9T|cDn z+f0L(_~{~rD&xQ23w<-aGx=C^I@6Fg<~s&v15>19p+TOhMp`l&;e6KMEpr34mYKP(5u zvk#m|sZe>C6qg#@7RILYcs;Kd?8pv;O|PZ4tk^a+cf{A<1)~)C*O-JLANO^^R6!00*k33Sgo21N$-WE9w^OdNXG!>b@pQz_2^5erm&{4@*&cFp#Q5w1r zRykWFwPJ0xd6=bXq<^i4;8Nm=B;?{bw!$X92~pI+mQ1wqfo}D#OKhpFur2EDkmi4DicVA;a!P4Kq>dA zZBi~%T$CuFUho66;4(Fwu6;+?#ZFjihC=IR)n3yJ9KauDp+k2-h#E7Ro($EG(a&1* zBuIwT09{jXKbUA^Oq{rPLRY~piC#11Qr>k;xTq29h>H21Zs~J!AIGn-$FeSQQHf8< zCKy27EHO&q`-yX-_@k%Mh`+1GgKGNTH&d(aT0+{}`tXzF_eZ@X^ak#Zi{)S4S_)AH z*pL7VQAeMO&lLDa1|Wu%KcxUI@0C6txa9SYOs9TK3};#t0fT(Vi#GEYxYr}u~0>^KtnsSy78P4ZKZIE2now_S1l*6W$ zAzi%&pSUmJXda1@s}(qOAygR2r>3J!OrW`MEziN>nmecyOp!b?IaN`OJxl_tbt71t zP75g)PjF2^$|LOMU!mV|qtKmt!l-2;c6!zsPM5zv*CET==X%uGU6Pgu3b*Kf8c=?3 zQ5M>?V(qNk7XQohZSZm`%BtCgR~q?mO{1*Wkt@_p)azHL9Q)99c(S+BfWp06798RI zt7^~BxB%|&80C-ja>@5;5ln9O>~|8&<&vb2Xu@Wg)V%?l$YLXK2%mn+M20`m^E^tY zEyL-ob|SrOe+s@jyRNyYb*rRKsyU8#EUw2w1p<4swl(j!0}$qK66b>!4S+CQ|F zRafe`{2azu-3^E>bnRKbi7NwnOU~6bRXoi}q%1jz9jR;!Ski z%a#Qy$097_Urts*%=8$c-!4@Hnv)y^1jk zlAOF&%q_FiQP(1&*!($uPnuc8B$!^U04YmR0kE*cQsbz@H10ZaAHq-Hh52_i&(~T5 z$9$WMET}viB+*fPyr6OREF~p5mw0&o)uD@|FfarM{+=z~T#|h2oGiMKV=Hu{*G^$x zbYb#8mRVGnr_!fuz-D;>w3WpE6%aI>-fx>FvY0i$W3Rt<9LAM3_CT2c=nCP}LtfiC z1u(h%wXgkE`TeRY{dV>~vgMhdcKJ0wE1U&*o{QX9qF9?k!sH zrL7BZWBsB+reYFoh~-puAe)}Hbr1~)4BnAlUxcm~Ij;2DRiq*oDbVSr|`cjdV~c7|F%>W31BNKY8Q^a{58%lOaZ>t)Y~r1 zrsbEL`JV)#%sn(g{?X-+VH05AP;?6}#pQ^r-dp%Cf!x_%y;B&R9(4na%r5qo*f)5} z4kx83+eFWi%|auSJDR*>jw-NlYn4r4GVq70nlpl%5o=Pz#}BehZ;5r2*HM^=V!+BQ z958q77S*b$FcIo0mRd>MO|c2dIj_+j*6kp+{qDqF#@lf&W5h&aRg^uJ0l0dgUFs1l zqHbe~q+X@o7b)ANkbA+9_kiQuJSYz=o!}oQu@yO^OW^t}w}!VS=Rv_Eg5JR|5K>+s zqvUKou*O{B;K+VtwuOf2(l0@K!5HI|hC0`bcX}Abc3$$ zh}I*ofWo##)V)7%$8nhQDCXl<2BMW^kX&(Xe|!hrttf1i9=_mUp66X+oC@X0g3hTz zn5~8EnuabW7bovTtmS^u*O&A?^K#jp{#l{GaSh}khLa)4WwPsa+l;lE#@kUvh)U}t z67M)c+}BAnvOguRS+)mTT6F(=O@wLi!?5{I2Y5-UFHR>d>MLvB%yS&>Vm5 zr&t$35TnD!iH=5xD(uQWm=@UJ& zSCnrXMh&5r1P>X4gl#v3jR~cK%q+U8e_SNi45nMT;wMI$ z@weu_OoJ!ukw=b5s95IE*N54e7n@pT_{3G;m~x_R^kT@C#Gtr3Pt52O&@_Z@oxFyg zU>1MO*gpNa-lnRiJ0{VK8=zd(nyR?@A|NixDZkb8T1|%Rptkv zz@(bYLn=Uc6P$d-3wM`uKEJIpR5C9dC~y9u@M*Y3Wu;t{_Zb(SeU$fblvkx6=7Z$3 z)HA?%`mFzqKnz3jU-32Z6ismRy{9``tyb-7HpkcM#sJ)M3Kww zl`?rTC!E=bzhH;uFIlCK#f4`>&9J6()O<#X(BKXKqjEnPF6b{P>804Q)F3Yw5exE+ z6ZV~5H+28s;;K)!-lVY3jI25Jz1zD85?q{nNvQ!cGNf_fF{WH$aX!d07 zq=VROBB%pd`dMR%|Guq}IC}?Wb(nXTja(YkO!=!CvR3KByv43UxB#vUCfriABF_^i zX3r5_5&R`BpWOLd-=BToka>GEh)T1l6KqP4MC~1A`9=lvdP5_Sa)xg7buip@U8KdM>%_y+a%&1GXSkC7TRMc1t?np89y@Q5l06&F)0Z=U~oCeuz}8LKi-?Ujn<*bdH9P!Ie3Q z4$`RfzO!3_Z-Uj`SR)3`;I{5H^j5Xbs8lcu(oNIRs2 z`#VW%cvxlyN^>p5Vt!C5RG@I@-oKi2!Sl>m{qHXoLVS8PqLzd{g6~|PnuQHH(Rs|& zcDle>QY!6?+8{2DD#qL*wzk`%MQ!nq?Em-lqmXbqaQP9!LzY}%eh1%lNsZ6f4*0h{<8l&(Aw;qcyuL~iho%HxEfnc4xL6SGbNGK zTqahEW!Sz0*A&$~F<5x26z9k*K_YOqv74yR?bmnUh1!S&(z z)5k()n_ttL8UlU6QOF4=g`p~D(Vqq%^r;qoxQDgHpF*6y&*Xu&kxANO!CDYYoz~NG6p5er{BRRp8gzR z#!SQZ@q_Rj|B0dXr%cN?I1%sek&`0+Y%4$f$T==vLeUXBCVri}L>yNa(J&y!31nxn z(ZC={!l1pTwr@Q*I*O?`=ii~EW~!_RH0$|p_zTT=Bw_I0E@wj^pbqGxm8@)J`f{t{ z2}?H@qArhCdDEC$*FY2`q$&d&S@q8LYixft9qXUG*(a^<1;Ae$tSi=%gR-x3NkWXh za#+-yyAJov?@bd>IJv!2ph=50jg0*x@!K;uA|pj#u#OQ9r-ZfSLLf(i0?mLEAv>A9 zOvw3W<`?|T2l+&eA~Ss!PHa?6ZlZOrm-87VKX-fmgs8uQ!BLL(qieiHvDsXDC62nq zB`4w<^8F!_g}yp8ej?9%!w)`WbN9tppA%+gijweLRe_&9(Y<46E$<$#{PSH<96bX` zYE2D*_Q1H+B_bU5OZ2#Mw9MfZFBe|D?yS7Wq~xz#)aD4(vxuMWaUcBMy~VG`WsYPt z&`8uu^|5A5dJ^AxlPzku=a*H?Atby+B8lC}FB=d#Q#HyMwcsf(Y_ z%F=F&Vu>%Nn<}Gdo3GQfoSj(*s7VIyk*L`h)5s@uHB=|&=RJ#~Jr|{VM;(^|kojMd z!i?3K)4R>MSaoASZ@*ElkyupIWgf8r@<|}uM!E{505W$B0S4)=kchs?Y1+-BY>U)g zBoWIl$$3dfPSl8u5Qv~=QFIAwG{+G#{Y1CG_fwnFlpPCGs)yT0ik(|y6M1~_lKG44 zPe{@oG{XI#!pz@d3{&0f%C?zt#GRxy(A>_5oV*uxs#GH#4)t~MHG@^ORzbdz*l1Gk z-pZh>1Q?C?Mj21M)Lp2@X*G{B?q&OZXmviR25u#i3UxUa7#+f9~+FqhrHKorBFe|$kBgqMEnt%zJq!!I!!prixgtPrL&%pz7FL3$65}EFSN?~!^Sb6 z8I&;ga!}#Irq_v>0`-p{+0)+B4dw

L0^+1YHmLfk7fsX#>%N!tNCi-;wffCF%~ os5AfpQ8!Zqqde+J4guNpUzs_?y=NwI{gCB5)PF_i0BxQB100P4n*aa+ literal 0 HcmV?d00001 diff --git a/percona/files/percona.asc b/percona/files/percona.asc new file mode 100644 index 00000000..1c78566d --- /dev/null +++ b/percona/files/percona.asc @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQGiBEsm3aERBACyB1E9ixebIMRGtmD45c6c/wi2IVIa6O3G1f6cyHH4ump6ejOi +AX63hhEs4MUCGO7KnON1hpjuNN7MQZtGTJC0iX97X2Mk+IwB1KmBYN9sS/OqhA5C +itj2RAkug4PFHR9dy21v0flj66KjBS3GpuOadpcrZ/k0g7Zi6t7kDWV0hwCgxCa2 +f/ESC2MN3q3j9hfMTBhhDCsD/3+iOxtDAUlPMIH50MdK5yqagdj8V/sxaHJ5u/zw +YQunRlhB9f9QUFfhfnjRn8wjeYasMARDctCde5nbx3Pc+nRIXoB4D1Z1ZxRzR/lb +7S4i8KRr9xhommFnDv/egkx+7X1aFp1f2wN2DQ4ecGF4EAAVHwFz8H4eQgsbLsa6 +7DV3BACj1cBwCf8tckWsvFtQfCP4CiBB50Ku49MU2Nfwq7durfIiePF4IIYRDZgg +kHKSfP3oUZBGJx00BujtTobERraaV7lIRIwETZao76MqGt9K1uIqw4NT/jAbi9ce +rFaOmAkaujbcB11HYIyjtkAGq9mXxaVqCC3RPWGr+fqAx/akBLQ2UGVyY29uYSBN +eVNRTCBEZXZlbG9wbWVudCBUZWFtIDxteXNxbC1kZXZAcGVyY29uYS5jb20+iGAE +ExECACAFAksm3aECGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAcTL3NzS79 +Kpk/AKCQKSEgwX9r8jR+6tAnCVpzyUFOQwCfX+fw3OAoYeFZB3eu2oT8OBTiVYu5 +Ag0ESybdoRAIAKKUV8rbqlB8qwZdWlmrwQqg3o7OpoAJ53/QOIySDmqy5TmNEPLm +lHkwGqEqfbFYoTbOCEEJi2yFLg9UJCSBM/sfPaqb2jGP7fc0nZBgUBnFuA9USX72 +O0PzVAF7rCnWaIz76iY+AMI6xKeRy91TxYo/yenF1nRSJ+rExwlPcHgI685GNuFG +chAExMTgbnoPx1ka1Vqbe6iza+FnJq3f4p9luGbZdSParGdlKhGqvVUJ3FLeLTqt +caOn5cN2ZsdakE07GzdSktVtdYPT5BNMKgOAxhXKy11IPLj2Z5C33iVYSXjpTelJ +b2qHvcg9XDMhmYJyE3O4AWFh2no3Jf4ypIcABA0IAJO8ms9ov6bFqFTqA0UW2gWQ +cKFN4Q6NPV6IW0rV61ONLUc0VFXvYDtwsRbUmUYkB/L/R9fHj4lRUDbGEQrLCoE+ +/HyYvr2rxP94PT6Bkjk/aiCCPAKZRj5CFUKRpShfDIiow9qxtqv7yVd514Qqmjb4 +eEihtcjltGAoS54+6C3lbjrHUQhLwPGqlAh8uZKzfSZq0C06kTxiEqsG6VDDYWy6 +L7qaMwOqWdQtdekKiCk8w/FoovsMYED2qlWEt0i52G+0CjoRFx2zNsN3v4dWiIhk +ZSL00Mx+g3NA7pQ1Yo5Vhok034mP8L2fBLhhWaK3LG63jYvd0HLkUFhNG+xjkpeI +SQQYEQIACQUCSybdoQIbDAAKCRAcTL3NzS79KlacAJ0aAkBQapIaHNvmAhtVjLPN +wke4ZgCePe3sPPF49lBal7QaYPdjqapa1SQ= +=qcCk +-----END PGP PUBLIC KEY BLOCK----- diff --git a/percona/tasks/main.yml b/percona/tasks/main.yml new file mode 100644 index 00000000..cce78c3a --- /dev/null +++ b/percona/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- set_fact: + percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb" + +- name: Add Percona's official GPG key + apt_key: + data: "{{ lookup('file', 'percona.asc') }}" + +- name: Check if percona-release is installed + command: "dpkg -l percona-release" + failed_when: False + changed_when: False + register: percona__apt_config_package_installed + +- name: Percona APT config package is available + copy: + src: "{{ percona__apt_config_package_file }}" + dest: "/root/{{ percona__apt_config_package_file }}" + when: not percona__apt_config_package_installed + +# - include_role: +# name: remount-usr + +- name: Percona APT config package is installed from deb file + apt: + deb: "/root/{{ percona__apt_config_package_file }}" + state: present + register: percona__apt_config_deb + when: not percona__apt_config_package_installed + +- name: Percona APT config package is installed from repository + apt: + name: percona-release + state: latest + register: percona__apt_config_deb + when: percona__apt_config_package_installed + +- name: APT cache is up-to-date + apt: + update_cache: yes + when: percona__apt_config_deb | changed + +- include: xtrabackup.yml + when: percona__install_xtrabackup diff --git a/percona/tasks/xtrabackup.yml b/percona/tasks/xtrabackup.yml new file mode 100644 index 00000000..8fe6a7c5 --- /dev/null +++ b/percona/tasks/xtrabackup.yml @@ -0,0 +1,16 @@ +--- + +- name: Percona Tools is enabled + command: percona-release enable tools release + # changed_when: + # register: percona__release_enable_tools + +- name: APT cache is up-to-date + apt: + update_cache: yes + # when: percona__release_enable_tools | changed + +- name: Percona XtraBackup package is installed + apt: + name: "{{ percona__xtrabackup_package_name }}" + state: present From c296dd94c291acf8f03ad97dd1fcd071a12799af Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 31 Jan 2019 10:22:50 +0100 Subject: [PATCH 8/8] Release 9.8.0 --- CHANGELOG.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c20eed1..6f07865c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,16 @@ The **patch** part changes incrementally at each release. ## [Unreleased] +### Added + +### Changed + +### Fixed + +### Security + +## [9.8.0] - 2019-01-31 + ### Added * filebeat: disable cloud_metadata processor by default * metricbeat: disable cloud_metadata processor by default @@ -22,8 +32,6 @@ The **patch** part changes incrementally at each release. ### Fixed * ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config -### Security - ## [9.7.0] - 2019-01-17 ### Added