evolix
/
ansible-roles
14
2
Fork 1
Code Issues 53 Pull Requests 12 Releases 31 Wiki Activity
Browse Source

Add names to many blocks

pull/95/head
Jérémy Lecour 1 year ago
committed by Jérémy Lecour
parent
3b258cc43e
commit
6801f4e00e
10 changed files with 236 additions and 224 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -13
      certbot/tasks/acme-challenge.yml
  2. +7
    -6
      dovecot/tasks/munin.yml
  3. +31
    -29
      elasticsearch/tasks/datadir.yml
  4. +21
    -20
      elasticsearch/tasks/plugin_head.yml
  5. +44
    -43
      elasticsearch/tasks/tmpdir.yml
  6. +14
    -13
      evoacme/tasks/certbot.yml
  7. +18
    -18
      evolinux-base/tasks/default_www.yml
  8. +61
    -59
      evolinux-base/tasks/hardware.yml
  9. +9
    -8
      filebeat/tasks/main.yml
  10. +17
    -15
      kvm-host/tasks/images.yml

+ 14
- 13
certbot/tasks/acme-challenge.yml View File

@ -24,19 +24,20 @@
path: /usr/sbin/apachectl
register: is_apache
- block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache
- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
- name: ACME challenge for Apache
block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache
- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
when: is_apache.stat.exists
- name: Check if HAProxy is installed


+ 7
- 6
dovecot/tasks/munin.yml View File

@ -6,12 +6,13 @@
check_mode: no
register: munin_node_plugins_config
- block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
- name: Munin plugins are present and configured
block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
# TODO : add in /etc/munin/plugin-conf.d/munin-node
# [dovecot]


+ 31
- 29
elasticsearch/tasks/datadir.yml View File

@ -1,44 +1,46 @@
---
- block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no
- name: Set real datadir value when customized
block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no
- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
tags:
- elasticsearch
when:
- elasticsearch_custom_datadir != ''
- elasticsearch_custom_datadir != None
- block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped
- name: Datadir is moved to custom path
block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped
- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"
- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link
- name: elasticsearch is started
service:
name: elasticsearch
state: started
- name: elasticsearch is started
service:
name: elasticsearch
state: started
tags:
- elasticsearch
when:


+ 21
- 20
elasticsearch/tasks/plugin_head.yml View File

@ -8,28 +8,29 @@
system: yes
shell: /bin/false
- block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages
- name: Head plugin is installed
block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages
- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory
- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory
- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
become_user: "{{ elasticsearch_plugin_head_owner }}"
become: yes


+ 44
- 43
elasticsearch/tasks/tmpdir.yml View File

@ -7,50 +7,51 @@
changed_when: False
check_mode: no
- block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch
- name: Tmpdir is moved to custom path
block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch
- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')
- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')
- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

+ 14
- 13
evoacme/tasks/certbot.yml View File

@ -1,18 +1,19 @@
---
- block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml
- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update
- meta: flush_handlers
- name: Use backports for jessie
block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml
- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update
- meta: flush_handlers
when: ansible_distribution_release == "jessie"
- name: Install certbot with apt


+ 18
- 18
evolinux-base/tasks/default_www.yml View File

@ -25,24 +25,24 @@
# SSL cert
- block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
- name: Default certificate is present
block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
when: evolinux_default_www_ssl_cert
- meta: flush_handlers

+ 61
- 59
evolinux-base/tasks/hardware.yml View File

@ -33,67 +33,69 @@
changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout"
- block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"
- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present
- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
- name: HP Smart Array package is present
block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"
- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present
- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')
- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
- name: MegaRAID SAS package is present
block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')
- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
when: "'MegaRAID SAS' in raidmodel.stdout"
- meta: flush_handlers

+ 9
- 8
filebeat/tasks/main.yml View File

@ -54,16 +54,17 @@
changed_when: false
when: filebeat_logstash_plugin and logstash_plugin.stat.exists
- block:
- include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed
block:
- include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
- name: logstash-plugin install logstash-input-beats
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
when:
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success
- name: cloud_metadata processor is disabled
replace:


+ 17
- 15
kvm-host/tasks/images.yml View File

@ -1,20 +1,22 @@
---
- block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: Set images path when customized
block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
when: kvm_custom_libvirt_images_path != ''
- block:
- name: Images directory is moved to custom path
block:
- name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}"
command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
args:
@ -33,6 +35,6 @@
dest: '/var/lib/libvirt/images'
state: link
when:
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists

Write Preview
Loading…
Cancel
Save