Merge branch 'unstable' into stable
This commit is contained in:
commit
62189dbca8
|
@ -9,8 +9,6 @@ apache_evolinux_default_enabled: True
|
|||
apache_evolinux_default_ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
apache_evolinux_default_ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
||||
apache_phpmyadmin_set: False
|
||||
apache_phpmyadmin_suffix: ""
|
||||
apache_serverstatus_suffix: ""
|
||||
|
||||
apache_log2mail_include: True
|
||||
|
|
|
@ -20,3 +20,7 @@ SetEnvIf User-Agent "ApacheBench" GoAway=1
|
|||
##SSLUseStapling on
|
||||
##SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling-cache(150000)
|
||||
#</IfModule>
|
||||
|
||||
#<FilesMatch ".(eot|ttf|otf|woff)">
|
||||
# Header set Access-Control-Allow-Origin "*"
|
||||
#</FilesMatch>
|
||||
|
|
|
@ -12,6 +12,7 @@ galaxy_info:
|
|||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- stretch
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
src: evolinux-default.conf.j2
|
||||
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
force: no
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
@ -134,11 +134,6 @@
|
|||
check_mode: no
|
||||
tags:
|
||||
- apache
|
||||
when: apache_phpmyadmin_set
|
||||
|
||||
- include: phpmyadmin.yml
|
||||
when: apache_phpmyadmin_set and _default_index.stat.exists
|
||||
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- phpmyadmin
|
||||
- apg
|
||||
|
||||
- name: generate random string for phpmyadmin suffix
|
||||
command: "apg -a 1 -M N -n 1"
|
||||
changed_when: False
|
||||
register: _random_phpmyadmin_suffix
|
||||
|
||||
- name: overwrite apache_phpmyadmin_suffix
|
||||
set_fact:
|
||||
apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
|
||||
when: apache_phpmyadmin_suffix == ""
|
||||
tags:
|
||||
- apache
|
||||
- phpmyadmin
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ apache_phpmyadmin_suffix }}"
|
||||
tags:
|
||||
- apache
|
||||
- phpmyadmin
|
|
@ -67,6 +67,8 @@
|
|||
|
||||
DocumentRoot /var/www/
|
||||
|
||||
# We override these 2 Directory directives setted in apache2.conf.
|
||||
# We want no access except from allowed IP address.
|
||||
<Directory />
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
@ -80,12 +82,6 @@
|
|||
SSLCertificateFile {{ apache_evolinux_default_ssl_cert }}
|
||||
SSLCertificateKeyFile {{ apache_evolinux_default_ssl_key }}
|
||||
|
||||
# We override these 2 Directory directives setted in apache2.conf.
|
||||
# We want no access except from allowed IP address.
|
||||
<Directory />
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# Munin. We need to set Directory directive as Alias take precedence.
|
||||
Alias /munin /var/cache/munin/www
|
||||
<Directory /var/cache/munin/>
|
||||
|
@ -106,6 +102,9 @@
|
|||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
# BEGIN phpMyAdmin section
|
||||
# END phpMyAdmin section
|
||||
|
||||
CustomLog /var/log/apache2/access.log vhost_combined
|
||||
ErrorLog /var/log/apache2/error.log
|
||||
LogLevel warn
|
||||
|
|
|
@ -1,16 +1,3 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<title>Public Key Server -- Get "0x44975278b8612b5d "</title>
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<style type="text/css">
|
||||
/*<![CDATA[*/
|
||||
.uid { color: green; text-decoration: underline; }
|
||||
.warn { color: red; font-weight: bold; }
|
||||
/*]]>*/
|
||||
</style></head><body><h1>Public Key Server -- Get "0x44975278b8612b5d "</h1>
|
||||
<pre>
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: keyserver.ubuntu.com
|
||||
|
@ -930,6 +917,4 @@ yLns4jIKY8dehPner0Y8RX31/0eQOknRwRSl6uceu/6liJT23KHYzT3FPGHuK2QH6AHnORGS
|
|||
g6FmBsbXSzosQOKWE3sO0dzjPIE6DRKwZIJmqQKvHqeAvPsC0U7JBWlKl0eMoIuDjp9qFDKz
|
||||
BWcdiQ==
|
||||
=iUyJ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
</pre>
|
||||
</body></html>
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
|
@ -143,7 +143,6 @@ evolinux_default_www_include: True
|
|||
|
||||
evolinux_default_www_files: True
|
||||
evolinux_default_www_ssl_cert: True
|
||||
evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||
|
||||
# hardware
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
src: default_www/index.html.j2
|
||||
dest: /var/www/index.html
|
||||
mode: "0755"
|
||||
force: no
|
||||
when: evolinux_default_www_files
|
||||
|
||||
# SSL cert
|
||||
|
@ -27,7 +28,7 @@
|
|||
- block:
|
||||
|
||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "{{ evolinux_default_www_ssl_subject }}"
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
|
||||
args:
|
||||
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
block: |
|
||||
Match Group sudo
|
||||
Match Group evolinux-sudo
|
||||
PasswordAuthentication no
|
||||
Match Address {{ evolinux_ssh_password_auth_addresses | join(',') }}
|
||||
PasswordAuthentication yes
|
||||
|
|
|
@ -59,13 +59,15 @@
|
|||
<ul id="evolinks">
|
||||
<li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
|
||||
<li><a href="/server-status">Server Status</a></li>
|
||||
<!--
|
||||
<li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
|
||||
<li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
|
||||
<li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
|
||||
<li><a href="/info.php">Infos PHP</a></li>
|
||||
<li><a href="/opcache.php">Infos OpCache PHP</a></li>
|
||||
-->
|
||||
<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->
|
||||
<!-- <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li> -->
|
||||
<!-- <li><a href="/cgi-bin/awstats.pl">Stats web</a></li> -->
|
||||
<!-- <li><a href="/info.php">Infos PHP</a></li> -->
|
||||
<!-- <li><a href="/opcache.php">Infos OpCache PHP</a></li> -->
|
||||
<!-- BEGIN evoadmin-web section -->
|
||||
<!-- END evoadmin-web section -->
|
||||
<!-- BEGIN evoadmin-mail section -->
|
||||
<!-- END evoadmin-mail section -->
|
||||
</ul>
|
||||
|
||||
<p class="footer">
|
||||
|
|
|
@ -14,14 +14,14 @@
|
|||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
|
||||
- name: list users with a shell
|
||||
shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: home_of_shell_users
|
||||
|
||||
- include: trap.yml home={{ item }}
|
||||
with_items: "{{ home_of_shell_users.stdout_lines }}"
|
||||
# - name: list users with a shell
|
||||
# shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
||||
# changed_when: False
|
||||
# check_mode: no
|
||||
# register: home_of_shell_users
|
||||
#
|
||||
# - include: trap.yml home={{ item }}
|
||||
# with_items: "{{ home_of_shell_users.stdout_lines }}"
|
||||
|
||||
- name: Is minifirewall installed?
|
||||
stat:
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
- fail:
|
||||
msg: only compatible with Debian 8
|
||||
when:
|
||||
- ansible_distribution =! "Debian" or ansible_distribution_release != "jessie"
|
||||
- ansible_distribution != "Debian" or ansible_distribution_release != "jessie"
|
||||
|
||||
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
|
||||
- name: MongoDB public GPG Key
|
||||
|
|
|
@ -18,7 +18,7 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
|
|||
|
||||
## Available variables
|
||||
|
||||
* `mysql_variant` : install Oracle's MySQL or MariaDB (default: `oracle`) ;
|
||||
* `mysql_variant` : install Oracle's MySQL or MariaDB (default: `oracle`) [Debian 8 only];
|
||||
* `mysql_replace_root_with_mysqladmin`: switch from `root` to `mysqladmin` user or not ;
|
||||
* `mysql_thread_cache_size`: number of threads for the cache ;
|
||||
* `mysql_innodb_buffer_pool_size`: amount of RAM dedicated to InnoDB ;
|
||||
|
@ -30,4 +30,4 @@ Tasks are extracted in several files, included in `tasks/main.yml` :
|
|||
* `mysql_scripts_dir`: email address to send Log2mail messages to (default: `general_scripts_dir`).
|
||||
* `mysql_force_new_nrpe_password` : change the password for NRPE even if it exists already (default: `False`).
|
||||
|
||||
NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet).
|
||||
NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet).
|
||||
|
|
22
mysql/tasks/config_stretch.yml
Normal file
22
mysql/tasks/config_stretch.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
- name: Copy MySQL defaults config file
|
||||
copy:
|
||||
src: evolinux-defaults.cnf
|
||||
dest: /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: yes
|
||||
tags:
|
||||
- mysql
|
||||
|
||||
- name: Copy MySQL custom config file
|
||||
template:
|
||||
src: evolinux-custom.cnf.j2
|
||||
dest: /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
force: no
|
||||
tags:
|
||||
- mysql
|
|
@ -12,7 +12,11 @@
|
|||
- include: users_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: config.yml
|
||||
- include: config_stretch.yml
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- include: config_jessie.yml
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: datadir.yml
|
||||
|
||||
|
|
|
@ -10,16 +10,7 @@
|
|||
|
||||
# mytop
|
||||
|
||||
# mytop is installed with MariaB
|
||||
# the package has been removed of Stretch repositories
|
||||
- name: Is mytop available ?
|
||||
command: which mytop
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: which_mytop
|
||||
|
||||
- name: Install mytop
|
||||
- name: "Install mytop (jessie)"
|
||||
apt:
|
||||
name: mytop
|
||||
state: present
|
||||
|
@ -27,7 +18,16 @@
|
|||
- packages
|
||||
- mytop
|
||||
- mysql
|
||||
when: which_mytop.rc != 0
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: "Install depends for mytop (Debian 9 or later)"
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- mariadb-client-10.1
|
||||
- libconfig-inifiles-perl
|
||||
- libterm-readkey-perl
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Read debian-sys-maint password
|
||||
shell: cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3
|
||||
|
@ -62,7 +62,6 @@
|
|||
tags:
|
||||
- mysql
|
||||
- mysqltuner
|
||||
- mysqltuner
|
||||
|
||||
- name: Install aha
|
||||
apt:
|
||||
|
|
|
@ -6,3 +6,5 @@ packweb_enable_evoadmin_vhost: True
|
|||
packweb_fhs_retrictions: True
|
||||
packweb_apache_modphp: True
|
||||
packweb_apache_fpm: False
|
||||
|
||||
packweb_phpmyadmin_suffix: ""
|
||||
|
|
3
packweb-apache/files/info.php
Normal file
3
packweb-apache/files/info.php
Normal file
|
@ -0,0 +1,3 @@
|
|||
<?php
|
||||
phpinfo();
|
||||
?>
|
|
@ -40,6 +40,11 @@
|
|||
- /etc/phpmyadmin
|
||||
- /var/log/installer
|
||||
|
||||
- name: Change group to www-data for /etc/phpmyadmin/
|
||||
file:
|
||||
dest: /etc/phpmyadmin/
|
||||
group: www-data
|
||||
|
||||
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
||||
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
||||
register: command_result
|
||||
|
|
|
@ -23,6 +23,18 @@
|
|||
php_fpm_enable: True
|
||||
when: packweb_apache_fpm
|
||||
|
||||
- name: install info.php
|
||||
copy:
|
||||
src: info.php
|
||||
dest: /var/www/info.php
|
||||
mode: "0644"
|
||||
|
||||
- name: enable info.php link in default site index
|
||||
lineinfile:
|
||||
dest: /var/www/index.html
|
||||
line: ' <li><a href="/info.php">Infos PHP</a></li>'
|
||||
regexp: "Infos PHP"
|
||||
|
||||
- name: Add elements to user account template
|
||||
file:
|
||||
path: "/etc/skel/{{ item.path }}"
|
||||
|
|
|
@ -2,8 +2,11 @@
|
|||
|
||||
- name: Install phpmyadmin
|
||||
apt:
|
||||
name: phpmyadmin
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- phpmyadmin
|
||||
- apg
|
||||
|
||||
- name: Check if phpmyadmin default configuration is present
|
||||
stat:
|
||||
|
@ -20,7 +23,37 @@
|
|||
changed_when: "'Disabling' in command_result.stderr"
|
||||
when: pma_default_config.stat.exists
|
||||
|
||||
- name: Change group to www-data for /etc/phpmyadmin/
|
||||
file:
|
||||
dest: /etc/phpmyadmin/
|
||||
group: www-data
|
||||
- name: generate random string for phpmyadmin suffix
|
||||
command: "apg -a 1 -M N -n 1"
|
||||
changed_when: False
|
||||
register: _random_phpmyadmin_suffix
|
||||
|
||||
- name: overwrite packweb_phpmyadmin_suffix
|
||||
set_fact:
|
||||
packweb_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
|
||||
when: packweb_phpmyadmin_suffix == ""
|
||||
|
||||
- name: enable phpMyAdmin config
|
||||
blockinfile:
|
||||
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||
marker: "# {mark} phpMyAdmin section"
|
||||
block: |
|
||||
Alias /phpmyadmin /var/www
|
||||
Alias /phpmyadmin-{{ packweb_phpmyadmin_suffix }} /usr/share/phpmyadmin/
|
||||
Include /etc/phpmyadmin/apache.conf
|
||||
<Directory /usr/share/phpmyadmin/>
|
||||
Require all denied
|
||||
Include /etc/apache2/ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
- name: enable phpmyadmin link in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
|
||||
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ packweb_phpmyadmin_suffix }}"
|
||||
|
|
|
@ -2,3 +2,4 @@
|
|||
|
||||
php_fpm_enable: False
|
||||
php_apache_enable: False
|
||||
php_symfony_requirements: False
|
||||
|
|
|
@ -57,3 +57,14 @@
|
|||
content: |
|
||||
# Put customized values here.
|
||||
force: no
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony"
|
||||
ini_file:
|
||||
dest: "{{ php_apache_custom_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
|
|
@ -88,3 +88,14 @@
|
|||
# Put customized values here.
|
||||
force: no
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_custom_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
phpini_cli_defaults_file: /etc/php5/cli/conf.d/z-evolinux-defaults.ini
|
||||
phpini_cli_custom_file: /etc/php5/cli/conf.d/zzz-evolinux-custom.ini
|
||||
|
||||
- name: Set default php.ini values for CLI
|
||||
- name: "Set default php.ini values for CLI (jessie)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_defaults_file }}"
|
||||
section: PHP
|
||||
|
@ -39,7 +39,7 @@
|
|||
- { option: "html_errors", value: "Off" }
|
||||
- { option: "allow_url_fopen", value: "Off" }
|
||||
|
||||
- name: Disable PHP functions for CLI
|
||||
- name: "Disable PHP functions for CLI (jessie)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_defaults_file }}"
|
||||
section: PHP
|
||||
|
@ -52,3 +52,15 @@
|
|||
content: |
|
||||
# Put customized values here.
|
||||
force: no
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony (jessie)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_custom_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@
|
|||
phpini_cli_defaults_file: /etc/php/7.0/cli/conf.d/z-evolinux-defaults.ini
|
||||
phpini_cli_custom_file: /etc/php/7.0/cli/conf.d/zzz-evolinux-custom.ini
|
||||
|
||||
- name: Set default php.ini values for CLI
|
||||
- name: "Set default php.ini values for CLI (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_defaults_file }}"
|
||||
section: PHP
|
||||
|
@ -40,16 +40,27 @@
|
|||
- { option: "html_errors", value: "Off" }
|
||||
- { option: "allow_url_fopen", value: "Off" }
|
||||
|
||||
- name: Disable PHP functions for CLI
|
||||
- name: "Disable PHP functions for CLI (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_defaults_file }}"
|
||||
section: PHP
|
||||
option: disable_functions
|
||||
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||
|
||||
- name: Custom php.ini for CLI
|
||||
- name: "Custom php.ini for CLI (Debian 9 or later)"
|
||||
copy:
|
||||
dest: "{{ phpini_cli_custom_file }}"
|
||||
content: |
|
||||
# Put customized values here.
|
||||
force: no
|
||||
|
||||
- name: "Set custom values for PHP to enable Symfony (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: "{{ phpini_cli_custom_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
with_items:
|
||||
- { option: "date.timezone", value: "Europe/Paris" }
|
||||
when: php_symfony_requirements
|
||||
|
|
8
redmine/defaults/main.yml
Normal file
8
redmine/defaults/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
puma_env: 'production'
|
||||
puma_worker: 2
|
||||
puma_min_thread: 0
|
||||
puma_max_thread: 4
|
||||
redmine_db_name: "{{ redmine_user }}"
|
||||
redmine_db_host: "localhost"
|
||||
redmine_db_username: "{{ redmine_user }}"
|
1
redmine/files/Gemfile.local
Normal file
1
redmine/files/Gemfile.local
Normal file
|
@ -0,0 +1 @@
|
|||
gem "puma"
|
23
redmine/files/profile
Normal file
23
redmine/files/profile
Normal file
|
@ -0,0 +1,23 @@
|
|||
# ~/.profile: executed by the command interpreter for login shells.
|
||||
|
||||
umask 027
|
||||
|
||||
# if running bash
|
||||
if [ -n "$BASH_VERSION" ]; then
|
||||
# include .bashrc if it exists
|
||||
if [ -f "$HOME/.bashrc" ]; then
|
||||
. "$HOME/.bashrc"
|
||||
fi
|
||||
fi
|
||||
|
||||
# set PATH so it includes gems bin
|
||||
if [ -d "$HOME/bin" ] ; then
|
||||
export PATH="$HOME/.gems/ruby/2.1.0/bin:$PATH"
|
||||
fi
|
||||
|
||||
# For systemctl --user
|
||||
export XDG_RUNTIME_DIR=/run/user/$UID
|
||||
|
||||
# Ruby vars
|
||||
export RAILS_ENV=production
|
||||
export BUNDLE_GEMFILE="$HOME/www/Gemfile"
|
17
redmine/files/puma.service
Normal file
17
redmine/files/puma.service
Normal file
|
@ -0,0 +1,17 @@
|
|||
[Unit]
|
||||
Description=Puma HTTP server for Ruby Apps : %u
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=%h/www
|
||||
UMask=0027
|
||||
PIDFile=%h/ruby.pid
|
||||
ExecStartPre=/bin/mkdir -m 0750 -p %h/run
|
||||
ExecStart=/usr/bin/bundle exec puma --bind unix://%h/run/puma.sock?umask=0007 --pidfile %h/run/puma.pid --dir %h/www --config /etc/puma/%u.rb
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
KillMode=process
|
||||
#Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=puma.service
|
281
redmine/tasks/main.yml
Normal file
281
redmine/tasks/main.yml
Normal file
|
@ -0,0 +1,281 @@
|
|||
---
|
||||
- name: Install dependancy
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- libpam-systemd
|
||||
- ruby
|
||||
- ruby-dev
|
||||
- bundler
|
||||
- imagemagick
|
||||
- git-core
|
||||
- git-svn
|
||||
- gcc
|
||||
- build-essential
|
||||
- libxml2-dev
|
||||
- libxslt1-dev
|
||||
- libssl-dev
|
||||
- libmagickwand-dev
|
||||
- libmagickcore-dev
|
||||
- libmysqlclient-dev
|
||||
- python-mysqldb
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
#- name:
|
||||
# lineinfile:
|
||||
# with_items:
|
||||
# - 'https://github.com/.*'
|
||||
# - 'http://rubygems.org/.*'
|
||||
# - 'http://.*.rubygems.org/.*'
|
||||
# tags:
|
||||
# - redmine
|
||||
|
||||
- name: Deploy systemd unit
|
||||
copy:
|
||||
src: puma.service
|
||||
dest: /etc/systemd/user/puma.service
|
||||
mode: "0644"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create puma config dir
|
||||
file:
|
||||
path: /etc/puma
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: root
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create redmine group
|
||||
group:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Add www-data to redmine group
|
||||
user:
|
||||
name: www-data
|
||||
groups: "{{ redmine_user }}"
|
||||
append: yes
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create redmine user
|
||||
user:
|
||||
name: "{{ redmine_user }}"
|
||||
state: present
|
||||
group: "{{ redmine_user }}"
|
||||
createhome: yes
|
||||
home: "/home/{{ redmine_user }}"
|
||||
shell: /bin/bash
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create required directory
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0750"
|
||||
with_items:
|
||||
- "/home/{{ redmine_user }}"
|
||||
- "/home/{{ redmine_user }}/files"
|
||||
- "/home/{{ redmine_user }}/log"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Touch Nginx logs file
|
||||
file:
|
||||
path: "/home/{{ redmine_user }}/log/{{ item }}"
|
||||
state: touch
|
||||
owner: "root"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
changed_when: false
|
||||
with_items:
|
||||
- nginx_access.log
|
||||
- nginx_error.log
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Enable systemd user mode
|
||||
command: "loginctl enable-linger {{ redmine_user }}"
|
||||
changed_when: false
|
||||
|
||||
- name: Set user .profile
|
||||
copy:
|
||||
src: profile
|
||||
dest: "/home/{{ redmine_user }}/.profile"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update or clone Redmine git
|
||||
git:
|
||||
repo: 'https://github.com/redmine/redmine.git'
|
||||
dest: "/home/{{ redmine_user }}/www"
|
||||
version: '3.4-stable'
|
||||
umask: "027"
|
||||
update: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
register: redmine_git_task
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Deploy custom Gemfile
|
||||
copy:
|
||||
src: Gemfile.local
|
||||
dest: "/home/{{ redmine_user }}/www"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
register: redmine_local_gemfile_task
|
||||
|
||||
- name: Get actual Mysql password
|
||||
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
|
||||
register: redmine_get_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
failed_when: false
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Generate Mysql password
|
||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||
register: redmine_generate_mysql_password
|
||||
check_mode: no
|
||||
changed_when: False
|
||||
when: redmine_get_mysql_password.stdout == ""
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Set Mysql password
|
||||
set_fact:
|
||||
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql database
|
||||
mysql_db:
|
||||
name: "{{ redmine_db_name }}"
|
||||
config_file: "/root/.my.cnf"
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Create Mysql user
|
||||
mysql_user:
|
||||
name: "{{ redmine_db_username }}"
|
||||
password: '{{ redmine_db_pass }}'
|
||||
priv: "{{ redmine_user }}.*:ALL"
|
||||
config_file: "/root/.my.cnf"
|
||||
update_password: always
|
||||
state: present
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Store credentials in my.cnf
|
||||
ini_file:
|
||||
dest: "/home/{{ redmine_user }}/.my.cnf"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0600"
|
||||
section: client
|
||||
option: '{{ item.option }}'
|
||||
value: '{{ item.value }}'
|
||||
with_items:
|
||||
- { option: 'user', value: "{{ redmine_db_username }}" }
|
||||
- { option: 'database', value: "{{ redmine_db_name }}" }
|
||||
- { option: 'password', value: '{{ redmine_db_pass }}' }
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy configurations file
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/home/{{ redmine_user }}/www/config/{{ item }}"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
with_items:
|
||||
- 'configuration.yml'
|
||||
- 'database.yml'
|
||||
- 'additional_environment.rb'
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Update local gems with bundle
|
||||
bundler:
|
||||
state: present
|
||||
gemfile: "/home/{{ redmine_user }}/www/Gemfile"
|
||||
gem_path: "/home/{{ redmine_user }}/.gems"
|
||||
user_install: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
when: redmine_git_task.changed or redmine_local_gemfile_task.changed
|
||||
|
||||
- name: Migrate database with rake
|
||||
shell: bundle exec rake -qf ~/www/Rakefile db:migrate
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
when: redmine_git_task.changed
|
||||
|
||||
- name: Populate Mysql database
|
||||
shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated
|
||||
args:
|
||||
creates: "/home/{{ redmine_user }}/.populated"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
|
||||
- name: Generate secret token
|
||||
shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token
|
||||
args:
|
||||
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Copy puma config
|
||||
template:
|
||||
src: puma.rb.j2
|
||||
dest: "/etc/puma/{{ redmine_user }}.rb"
|
||||
owner: "{{ redmine_user }}"
|
||||
group: "{{ redmine_user }}"
|
||||
mode: "0640"
|
||||
register: redmine_puma_config_task
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Start puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
enabled: yes
|
||||
state: started
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
tags:
|
||||
- redmine
|
||||
|
||||
- name: Reload puma service
|
||||
systemd:
|
||||
name: puma
|
||||
daemon_reload: yes
|
||||
state: reloaded
|
||||
user: yes
|
||||
become_user: "{{ redmine_user }}"
|
||||
become_method: sudo
|
||||
become_flags: '-iu {{ redmine_user }}'
|
||||
when: redmine_puma_config_task.changed
|
1
redmine/templates/additional_environment.rb.j2
Normal file
1
redmine/templates/additional_environment.rb.j2
Normal file
|
@ -0,0 +1 @@
|
|||
config.paths['log'] = "/home/{{ redmine_user }}/log/redmine.log"
|
11
redmine/templates/configuration.yml.j2
Normal file
11
redmine/templates/configuration.yml.j2
Normal file
|
@ -0,0 +1,11 @@
|
|||
production:
|
||||
email_delivery:
|
||||
delivery_method: :smtp
|
||||
smtp_settings:
|
||||
address: localhost
|
||||
port: 25
|
||||
domain: "{{ ansible_domain }}"
|
||||
ssl: false
|
||||
enable_starttls_auto: false
|
||||
attachments_storage_path: /home/{{ redmine_user }}/files
|
||||
autologin_cookie_secure: true
|
7
redmine/templates/database.yml.j2
Normal file
7
redmine/templates/database.yml.j2
Normal file
|
@ -0,0 +1,7 @@
|
|||
production:
|
||||
adapter: mysql2
|
||||
database: {{ redmine_db_name }}
|
||||
host: {{ redmine_db_host }}
|
||||
username: {{ redmine_db_username }}
|
||||
password: "{{ redmine_db_pass }}"
|
||||
encoding: utf8
|
4
redmine/templates/puma.rb.j2
Normal file
4
redmine/templates/puma.rb.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
environment '{{ puma_env }}'
|
||||
workers {{ puma_worker }}
|
||||
threads {{ puma_min_thread }}, {{ puma_max_thread }}
|
||||
tag 'Redmine {{ redmine_user }}'
|
|
@ -9,7 +9,6 @@ evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
|
|||
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||
evoadmin_username: evoadmin
|
||||
evoadmin_ssl_subject: "/CN={{ evoadmin_host }}"
|
||||
|
||||
evoadmin_enable_vhost: True
|
||||
|
||||
|
|
|
@ -11,3 +11,11 @@
|
|||
- include: web.yml
|
||||
|
||||
- include: ftp.yml
|
||||
|
||||
- name: enable evoadmin-web link in default site index
|
||||
blockinfile:
|
||||
dest: /var/www/index.html
|
||||
marker: "<!-- {mark} evoadmin-web section -->"
|
||||
block: |
|
||||
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
state: present
|
||||
|
||||
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "{{ evoadmin_ssl_subject }}"
|
||||
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "/CN={{ evoadmin_host }}"
|
||||
args:
|
||||
creates: "/etc/ssl/private/{{ evoadmin_host }}.key"
|
||||
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
---
|
||||
|
||||
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
- name: "Set custom values for PHP config (jessie)"
|
||||
ini_file:
|
||||
dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
dest: /etc/php5/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: /etc/php/7.0/apache2/conf.d/z-evolinux_defaults.ini
|
||||
dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
|
|
Loading…
Reference in a new issue