Merge branch 'unstable' into stable
This commit is contained in:
commit
588efc941e
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -18,6 +18,16 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [9.4.1] - 2018-09-28
|
||||||
|
|
||||||
|
### Added
|
||||||
|
* redis: set masterauth when redis_password is defined
|
||||||
|
* evomaintenance: variable to install a vendored version
|
||||||
|
* evomaintenance: tasks/variables to handle minifirewall restarts
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
* mysql-oracle: better handle packages and users
|
||||||
|
|
||||||
## [9.4.0] - 2018-09-20
|
## [9.4.0] - 2018-09-20
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -2,9 +2,6 @@
|
||||||
|
|
||||||
Install a script to notify when operations are performed on a server
|
Install a script to notify when operations are performed on a server
|
||||||
|
|
||||||
The Debian package is available at `pub.evolix.net`.
|
|
||||||
Make you have `deb http://pub.evolix.net/ jessie/` in your sources list.
|
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
Installation and configuration are performed via `tasks/main.yml`.
|
Installation and configuration are performed via `tasks/main.yml`.
|
||||||
|
|
|
@ -2,21 +2,37 @@
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
evomaintenance_alert_email: Null
|
evomaintenance_alert_email: Null
|
||||||
|
|
||||||
evomaintenance_hostname: "{{ ansible_fqdn }}"
|
### copied from evolinux-base ###
|
||||||
|
evolinux_hostname: "{{ ansible_hostname }}"
|
||||||
|
evolinux_domain: "{{ ansible_domain }}"
|
||||||
|
evolinux_fqdn: "{{ evolinux_hostname }}.{{ evolinux_domain }}"
|
||||||
|
|
||||||
|
evolinux_internal_hostname: "{{ evolinux_hostname }}"
|
||||||
|
evolinux_internal_domain: "{{ evolinux_domain }}"
|
||||||
|
evolinux_internal_fqdn: "{{ evolinux_internal_hostname }}.{{ evolinux_internal_domain }}"
|
||||||
|
#################################
|
||||||
|
|
||||||
|
evomaintenance_install_vendor: False
|
||||||
|
evomaintenance_force_config: True
|
||||||
|
|
||||||
|
evomaintenance_hostname: "{{ evolinux_internal_fqdn }}"
|
||||||
|
|
||||||
evomaintenance_pg_host: Null
|
evomaintenance_pg_host: Null
|
||||||
evomaintenance_pg_passwd: Null
|
evomaintenance_pg_passwd: Null
|
||||||
evomaintenance_pg_db: Null
|
evomaintenance_pg_db: Null
|
||||||
evomaintenance_pg_table: Null
|
evomaintenance_pg_table: Null
|
||||||
|
|
||||||
evomaintenance_from: "evomaintenance@{{ ansible_fqdn }}"
|
evomaintenance_from: "evomaintenance@{{ evolinux_internal_fqdn }}"
|
||||||
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
evomaintenance_full_from: "Evomaintenance <{{ evomaintenance_from }}>"
|
||||||
|
|
||||||
evomaintenance_urgency_from: mama.doe@example.com
|
evomaintenance_urgency_from: mama.doe@example.com
|
||||||
evomaintenance_urgency_tel: "06.00.00.00.00"
|
evomaintenance_urgency_tel: "06.00.00.00.00"
|
||||||
|
|
||||||
evomaintenance_realm: "{{ ansible_domain }}"
|
evomaintenance_realm: "{{ evolinux_internal_domain }}"
|
||||||
|
|
||||||
evomaintenance_default_hosts: []
|
evomaintenance_default_hosts: []
|
||||||
evomaintenance_additional_hosts: []
|
evomaintenance_additional_hosts: []
|
||||||
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}"
|
||||||
|
|
||||||
|
minifirewall_restart_if_needed: True
|
||||||
|
minifirewall_restart_force: False
|
||||||
|
|
198
evomaintenance/files/evomaintenance.sh
Normal file
198
evomaintenance/files/evomaintenance.sh
Normal file
|
@ -0,0 +1,198 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# EvoMaintenance script
|
||||||
|
# Dependencies (all OS): git postgresql-client
|
||||||
|
# Dependencies (Debian): sudo
|
||||||
|
|
||||||
|
# version 0.4.1
|
||||||
|
# Copyright 2007-2018 Gregory Colpart <reg@evolix.fr>, Jérémy Lecour <jlecour@evolix.fr>, Evolix <info@evolix.fr>
|
||||||
|
|
||||||
|
get_system() {
|
||||||
|
uname -s
|
||||||
|
}
|
||||||
|
|
||||||
|
get_fqdn() {
|
||||||
|
if [ "$(get_system)" = "Linux" ]; then
|
||||||
|
hostname --fqdn
|
||||||
|
elif [ "$(get_system)" = "OpenBSD" ]; then
|
||||||
|
hostname
|
||||||
|
else
|
||||||
|
echo "OS not detected!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_tty() {
|
||||||
|
if [ "$(get_system)" = "Linux" ]; then
|
||||||
|
ps -o tty= | tail -1
|
||||||
|
elif [ "$(get_system)" = "OpenBSD" ]; then
|
||||||
|
env | grep SSH_TTY | cut -d"/" -f3
|
||||||
|
else
|
||||||
|
echo "OS not detected!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_who() {
|
||||||
|
who=$(LC_ALL=C who -m)
|
||||||
|
|
||||||
|
if [ -n "${who}" ]; then
|
||||||
|
echo "${who}"
|
||||||
|
else
|
||||||
|
LC_ALL=C who | grep $(get_tty) | tr -s ' '
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_begin_date() {
|
||||||
|
echo "$(date "+%Y") $(echo $(get_who) | cut -d" " -f3,4,5)"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_ip() {
|
||||||
|
ip=$(echo $(get_who) | cut -d" " -f6 | sed -e "s/^(// ; s/)$//")
|
||||||
|
[ -z "${ip}" ] && ip="unknown (no tty)"
|
||||||
|
[ "${ip}" = ":0" ] && ip="localhost"
|
||||||
|
|
||||||
|
echo "${ip}"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_end_date() {
|
||||||
|
date +"%Y %b %d %H:%M"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_now() {
|
||||||
|
date +"%Y-%m-%dT%H:%M:%S%z"
|
||||||
|
}
|
||||||
|
|
||||||
|
test -f /etc/evomaintenance.cf && . /etc/evomaintenance.cf
|
||||||
|
|
||||||
|
[ -n "${HOSTNAME}" ] || HOSTNAME=$(get_fqdn)
|
||||||
|
[ -n "${EVOMAINTMAIL}" ] || EVOMAINTMAIL=evomaintenance-$(echo "${HOSTNAME}" | cut -d- -f1)@${REALM}
|
||||||
|
[ -n "${LOGFILE}" ] || LOGFILE=/var/log/evomaintenance.log
|
||||||
|
|
||||||
|
# Treat unset variables as an error when substituting.
|
||||||
|
# Only after this line, because some config variables might be missing.
|
||||||
|
set -u
|
||||||
|
|
||||||
|
REAL_HOSTNAME=$(get_fqdn)
|
||||||
|
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
|
||||||
|
HOSTNAME_TEXT="${HOSTNAME}"
|
||||||
|
else
|
||||||
|
HOSTNAME_TEXT="${HOSTNAME} (${REAL_HOSTNAME})"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# TTY=$(get_tty)
|
||||||
|
# WHO=$(get_who)
|
||||||
|
IP=$(get_ip)
|
||||||
|
BEGIN_DATE=$(get_begin_date)
|
||||||
|
END_DATE=$(get_end_date)
|
||||||
|
USER=$(logname)
|
||||||
|
|
||||||
|
PATH=${PATH}:/usr/sbin
|
||||||
|
|
||||||
|
SENDMAIL_BIN=$(command -v sendmail)
|
||||||
|
GIT_BIN=$(command -v git)
|
||||||
|
|
||||||
|
GIT_REPOSITORIES="/etc /etc/bind"
|
||||||
|
|
||||||
|
# git statuses
|
||||||
|
GIT_STATUSES=""
|
||||||
|
|
||||||
|
if test -x "${GIT_BIN}"; then
|
||||||
|
# loop on possible directories managed by GIT
|
||||||
|
for dir in ${GIT_REPOSITORIES}; do
|
||||||
|
# tell Git where to find the repository and the work tree (no need to `cd …` there)
|
||||||
|
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
|
||||||
|
# If the repository and the work tree exist, try to commit changes
|
||||||
|
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
|
||||||
|
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
|
||||||
|
if [ "${CHANGED_LINES}" != "0" ]; then
|
||||||
|
STATUS=$(${GIT_BIN} status --short | tail -n 10)
|
||||||
|
# append diff data, without empty lines
|
||||||
|
GIT_STATUSES=$(printf "%s\n%s\n%s\n" "${GIT_STATUSES}" "${GIT_DIR} (last 10 lines)" "${STATUS}" | sed -e '/^$/d')
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# unset environment variables to prevent accidental influence on other git commands
|
||||||
|
unset GIT_DIR GIT_WORK_TREE
|
||||||
|
done
|
||||||
|
if [ -n "${GIT_STATUSES}" ]; then
|
||||||
|
echo "/!\ There are some uncommited changes. If you proceed, everything will be commited."
|
||||||
|
echo "${GIT_STATUSES}"
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# get input from stdin
|
||||||
|
echo "> Please, enter details about your maintenance"
|
||||||
|
read TEXTE
|
||||||
|
|
||||||
|
if [ "${TEXTE}" = "" ]; then
|
||||||
|
echo "no value..."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# recapitulatif
|
||||||
|
BLOB=$(cat <<END
|
||||||
|
Host : $HOSTNAME_TEXT
|
||||||
|
User : $USER
|
||||||
|
IP : $IP
|
||||||
|
Begin : $BEGIN_DATE
|
||||||
|
End : $END_DATE
|
||||||
|
Message : $TEXTE
|
||||||
|
END
|
||||||
|
)
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "${BLOB}"
|
||||||
|
echo ""
|
||||||
|
echo "> Press <Enter> to submit, or <Ctrl+c> to cancel."
|
||||||
|
read enter
|
||||||
|
|
||||||
|
# write log
|
||||||
|
echo "----------- $(get_now) ---------------" >> "${LOGFILE}"
|
||||||
|
echo "${BLOB}" >> "${LOGFILE}"
|
||||||
|
|
||||||
|
# git commit
|
||||||
|
GIT_COMMITS=""
|
||||||
|
|
||||||
|
if test -x "${GIT_BIN}"; then
|
||||||
|
# loop on possible directories managed by GIT
|
||||||
|
for dir in ${GIT_REPOSITORIES}; do
|
||||||
|
# tell Git where to find the repository and the work tree (no need to `cd …` there)
|
||||||
|
export GIT_DIR="${dir}/.git" GIT_WORK_TREE="${dir}"
|
||||||
|
# If the repository and the work tree exist, try to commit changes
|
||||||
|
if test -d "${GIT_DIR}" && test -d "${GIT_WORK_TREE}"; then
|
||||||
|
CHANGED_LINES=$(${GIT_BIN} status --porcelain | wc -l | tr -d ' ')
|
||||||
|
if [ "${CHANGED_LINES}" != "0" ]; then
|
||||||
|
${GIT_BIN} add --all
|
||||||
|
${GIT_BIN} commit --message "${TEXTE}" --author="${USER} <${USER}@evolix.net>" --quiet
|
||||||
|
# Add the SHA to the log file if something has been committed
|
||||||
|
SHA=$(${GIT_BIN} rev-parse --short HEAD)
|
||||||
|
STATS=$(${GIT_BIN} show --stat | tail -1)
|
||||||
|
# append commit data, without empty lines
|
||||||
|
GIT_COMMITS=$(printf "%s\n%s : %s –%s" "${GIT_COMMITS}" "${GIT_DIR}" "${SHA}" "${STATS}" | sed -e '/^$/d')
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# unset environment variables to prevent accidental influence on other git commands
|
||||||
|
unset GIT_DIR GIT_WORK_TREE
|
||||||
|
done
|
||||||
|
if [ -n "${GIT_COMMITS}" ]; then
|
||||||
|
echo "${GIT_COMMITS}" >> "${LOGFILE}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# insert into PG
|
||||||
|
# SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/\\\\\\'/g ; s@/@\\\\\/@g ; s@\\&@et@g"`
|
||||||
|
SQL_TEXTE=`echo "${TEXTE}" | sed "s/'/''/g"`
|
||||||
|
|
||||||
|
PG_QUERY="INSERT INTO evomaint(hostname,userid,ipaddress,begin_date,end_date,details) VALUES ('${HOSTNAME}','${USER}','${IP}','${BEGIN_DATE}',now(),'${SQL_TEXTE}')"
|
||||||
|
echo "${PG_QUERY}" | psql ${PGDB} ${PGTABLE} -h ${PGHOST} --quiet
|
||||||
|
|
||||||
|
# send mail
|
||||||
|
MAIL_TEXTE=$(echo "${TEXTE}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
|
||||||
|
MAIL_GIT_COMMITS=$(echo "${GIT_COMMITS}" | sed -e "s@/@\\\\\/@g ; s@&@\\\\&@")
|
||||||
|
|
||||||
|
cat /usr/share/scripts/evomaintenance.tpl | \
|
||||||
|
sed -e "s/__TO__/${EVOMAINTMAIL}/ ; s/__HOSTNAME__/${HOSTNAME_TEXT}/ ; s/__USER__/${USER}/ ; s/__BEGIN_DATE__/${BEGIN_DATE}/ ; s/__END_DATE__/${END_DATE}/ ; s/__GIT_COMMITS__/${MAIL_GIT_COMMITS}/ ; s/__TEXTE__/${MAIL_TEXTE}/ ; s/__IP__/${IP}/ ; s/__FULLFROM__/${FULLFROM}/ ; s/__FROM__/${FROM}/ ; s/__URGENCYFROM__/${URGENCYFROM}/ ; s/__URGENCYTEL__/${URGENCYTEL}/" | \
|
||||||
|
${SENDMAIL_BIN} -oi -t -f ${FROM}
|
||||||
|
|
||||||
|
exit 0
|
33
evomaintenance/files/evomaintenance.tpl
Normal file
33
evomaintenance/files/evomaintenance.tpl
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
From: __FULLFROM__
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
To: __TO__
|
||||||
|
Subject: [evomaintenance] Intervention sur __HOSTNAME__ (__USER__)
|
||||||
|
|
||||||
|
Bonjour,
|
||||||
|
|
||||||
|
Une intervention vient de se terminer sur votre serveur.
|
||||||
|
Voici les renseignements sur l'intervention :
|
||||||
|
|
||||||
|
Nom du serveur : __HOSTNAME__
|
||||||
|
Personne ayant réalisée l'intervention : __USER__
|
||||||
|
Intervention réalisée depuis : __IP__
|
||||||
|
Début de l'intervention : __BEGIN_DATE__
|
||||||
|
Fin de l'intervention : __END_DATE__
|
||||||
|
|
||||||
|
###
|
||||||
|
Renseignements sur l'intervention :
|
||||||
|
__TEXTE__
|
||||||
|
###
|
||||||
|
|
||||||
|
__GIT_COMMITS__
|
||||||
|
|
||||||
|
Pour réagir à cette intervention, vous pouvez répondre à ce message
|
||||||
|
(sur l'adresse mail __FROM__). En cas d'urgence, utilisez
|
||||||
|
l'adresse __URGENCYFROM__ ou notre téléphone portable d'astreinte
|
||||||
|
(__URGENCYTEL__)
|
||||||
|
|
||||||
|
Cordialement,
|
||||||
|
--
|
||||||
|
__FULLFROM__
|
13
evomaintenance/handlers/main.yml
Normal file
13
evomaintenance/handlers/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: restart minifirewall
|
||||||
|
command: /etc/init.d/minifirewall restart
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||||
|
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
||||||
|
|
||||||
|
- name: restart minifirewall (noop)
|
||||||
|
meta: noop
|
||||||
|
register: minifirewall_init_restart
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
15
evomaintenance/tasks/install_package.yml
Normal file
15
evomaintenance/tasks/install_package.yml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install Evolix public repositry
|
||||||
|
include_role:
|
||||||
|
name: apt
|
||||||
|
tasks_from: evolix_public.yml
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: evomaintenance is installed
|
||||||
|
apt:
|
||||||
|
name: evomaintenance
|
||||||
|
allow_unauthenticated: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
40
evomaintenance/tasks/install_vendor.yml
Normal file
40
evomaintenance/tasks/install_vendor.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: /usr/share/scripts exists
|
||||||
|
file:
|
||||||
|
dest: /usr/share/scripts
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: directory
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Script is installed
|
||||||
|
copy:
|
||||||
|
src: evomaintenance.sh
|
||||||
|
dest: /usr/share/scripts/evomaintenance.sh
|
||||||
|
mode: "0700"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: yes
|
||||||
|
backup: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Template is installed
|
||||||
|
copy:
|
||||||
|
src: evomaintenance.tpl
|
||||||
|
dest: /usr/share/scripts/evomaintenance.tpl
|
||||||
|
mode: "0600"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: yes
|
||||||
|
backup: yes
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
|
@ -1,17 +1,13 @@
|
||||||
---
|
---
|
||||||
- name: Install Evolix public repositry
|
|
||||||
include_role:
|
|
||||||
name: apt
|
|
||||||
tasks_from: evolix_public.yml
|
|
||||||
tags:
|
|
||||||
- evomaintenance
|
|
||||||
|
|
||||||
- name: evomaintenance is installed
|
- set_fact:
|
||||||
apt:
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
name: evomaintenance
|
|
||||||
allow_unauthenticated: yes
|
- include: install_package.yml
|
||||||
tags:
|
when: not evomaintenance_install_vendor
|
||||||
- evomaintenance
|
|
||||||
|
- include: install_vendor.yml
|
||||||
|
when: evomaintenance_install_vendor
|
||||||
|
|
||||||
- name: configuration is applied
|
- name: configuration is applied
|
||||||
template:
|
template:
|
||||||
|
@ -20,22 +16,10 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
|
force: "{{ evomaintenance_force_config | bool }}"
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
# - name: list users with a shell
|
|
||||||
# shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
|
||||||
# changed_when: False
|
|
||||||
# check_mode: no
|
|
||||||
# register: home_of_shell_users
|
|
||||||
# tags:
|
|
||||||
# - evomaintenance
|
|
||||||
#
|
|
||||||
# - include: trap.yml home={{ item }}
|
|
||||||
# with_items: "{{ home_of_shell_users.stdout_lines }}"
|
|
||||||
# tags:
|
|
||||||
# - evomaintenance
|
|
||||||
|
|
||||||
- name: Is minifirewall installed?
|
- name: Is minifirewall installed?
|
||||||
stat:
|
stat:
|
||||||
path: /etc/default/minifirewall
|
path: /etc/default/minifirewall
|
||||||
|
@ -49,6 +33,7 @@
|
||||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||||
insertafter: "^# EvoMaintenance"
|
insertafter: "^# EvoMaintenance"
|
||||||
with_items: "{{ evomaintenance_hosts }}"
|
with_items: "{{ evomaintenance_hosts }}"
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
when: minifirewall_default_file.stat.exists
|
when: minifirewall_default_file.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
@ -58,6 +43,14 @@
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||||
state: absent
|
state: absent
|
||||||
|
notify: "{{ minifirewall_restart_handler_name }}"
|
||||||
when: minifirewall_default_file.stat.exists
|
when: minifirewall_default_file.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
|
- name: Force restart minifirewall
|
||||||
|
command: /bin/true
|
||||||
|
notify: restart minifirewall
|
||||||
|
when: minifirewall_restart_force
|
||||||
|
tags:
|
||||||
|
- evomaintenance
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
HOSTNAME={{ evomaintenance_hostname }}
|
HOSTNAME={{ evomaintenance_hostname }}
|
||||||
EVOMAINTMAIL={{ evomaintenance_alert_email or general_alert_email | mandatory }}
|
EVOMAINTMAIL={{ evomaintenance_alert_email or general_alert_email | mandatory }}
|
||||||
|
|
||||||
export PGPASSWORD={{ evomaintenance_pg_passwd }}
|
export PGPASSWORD={{ evomaintenance_pg_passwd | mandatory }}
|
||||||
|
|
||||||
PGDB={{ evomaintenance_pg_db }}
|
PGDB={{ evomaintenance_pg_db | mandatory }}
|
||||||
PGTABLE={{ evomaintenance_pg_table }}
|
PGTABLE={{ evomaintenance_pg_table | mandatory }}
|
||||||
PGHOST={{ evomaintenance_pg_host }}
|
PGHOST={{ evomaintenance_pg_host | mandatory }}
|
||||||
FROM={{ evomaintenance_from }}
|
FROM={{ evomaintenance_from }}
|
||||||
FULLFROM="{{ evomaintenance_full_from }}"
|
FULLFROM="{{ evomaintenance_full_from }}"
|
||||||
URGENCYFROM={{ evomaintenance_urgency_from }}
|
URGENCYFROM={{ evomaintenance_urgency_from }}
|
||||||
|
|
|
@ -1,16 +1,26 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
|
||||||
|
|
||||||
|
- name: Set default MySQL version to 5.7
|
||||||
|
debconf:
|
||||||
|
name: mysql-apt-config
|
||||||
|
question: mysql-apt-config/enable-repo
|
||||||
|
value: mysql-5.7
|
||||||
|
vtype: select
|
||||||
|
|
||||||
- name: MySQL APT config package is available
|
- name: MySQL APT config package is available
|
||||||
copy:
|
copy:
|
||||||
src: mysql-apt-config_0.8.9-1_all.deb
|
src: "{{ mysql_apt_config_package }}"
|
||||||
dest: /root/mysql-apt-config_0.8.9-1_all.deb
|
dest: "/root/{{ mysql_apt_config_package }}"
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: remount-usr
|
name: remount-usr
|
||||||
|
|
||||||
- name: MySQL APT config package is installed
|
- name: MySQL APT config package is installed
|
||||||
apt:
|
apt:
|
||||||
deb: /root/mysql-apt-config_0.8.9-1_all.deb
|
deb: "/root/{{ mysql_apt_config_package }}"
|
||||||
state: present
|
state: present
|
||||||
register: mysql_apt_config_deb
|
register: mysql_apt_config_deb
|
||||||
|
|
||||||
|
@ -23,6 +33,36 @@
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
|
||||||
|
- name: /usr/share/mysql exists
|
||||||
|
file:
|
||||||
|
dest: /usr/share/mysql/
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: mysql-systemd-start scripts is installed
|
||||||
|
copy:
|
||||||
|
src: debian/mysql-systemd-start
|
||||||
|
dest: /usr/share/mysql/mysql-systemd-start
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: systemd unit is installed
|
||||||
|
copy:
|
||||||
|
src: debian/mysql-server-5.7.mysql.service
|
||||||
|
dest: /etc/systemd/system/mysql.service
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
force: yes
|
||||||
|
register: mysql_systemd_unit
|
||||||
|
|
||||||
- name: APT cache is up-to-date
|
- name: APT cache is up-to-date
|
||||||
apt:
|
apt:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
@ -52,28 +92,6 @@
|
||||||
- packages
|
- packages
|
||||||
when: mysql_install_libclient
|
when: mysql_install_libclient
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: remount-usr
|
|
||||||
|
|
||||||
- name: mysql-systemd-start scripts is installed
|
|
||||||
copy:
|
|
||||||
src: debian/mysql-systemd-start
|
|
||||||
dest: /usr/share/mysql/mysql-systemd-start
|
|
||||||
mode: "0755"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
force: yes
|
|
||||||
|
|
||||||
- name: systemd unit is installed
|
|
||||||
copy:
|
|
||||||
src: debian/mysql-server-5.7.mysql.service
|
|
||||||
dest: /etc/systemd/system/mysql.service
|
|
||||||
mode: "0755"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
force: yes
|
|
||||||
register: mysql_systemd_unit
|
|
||||||
|
|
||||||
- name: MySQL is started
|
- name: MySQL is started
|
||||||
systemd:
|
systemd:
|
||||||
name: mysql
|
name: mysql
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
update_password: on_create
|
update_password: on_create
|
||||||
state: present
|
state: present
|
||||||
config_file: "/etc/mysql/debian.cnf"
|
config_file: "/etc/mysql/debian.cnf"
|
||||||
|
check_implicit_admin: True
|
||||||
register: create_mysqladmin_user
|
register: create_mysqladmin_user
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -9,6 +9,7 @@ unixsocket {{ redis_unixsocket }}
|
||||||
|
|
||||||
{% if redis_password %}
|
{% if redis_password %}
|
||||||
requirepass {{ redis_password }}
|
requirepass {{ redis_password }}
|
||||||
|
masterauth {{ redis_password }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
timeout {{ redis_timeout }}
|
timeout {{ redis_timeout }}
|
||||||
|
|
Loading…
Reference in a new issue