evolix
/
ansible-roles
16
2
Fork 0
Code Issues 50 Pull Requests 8 Releases 27 Wiki Activity
Browse Source

Add names to many blocks

pull/95/head
Jérémy Lecour Jérémy Lecour <jlecour@evolix.fr> 5 months ago
parent
3b258cc43e
commit
6801f4e00e
10 changed files with 236 additions and 224 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -13
      certbot/tasks/acme-challenge.yml
  2. +7
    -6
      dovecot/tasks/munin.yml
  3. +31
    -29
      elasticsearch/tasks/datadir.yml
  4. +21
    -20
      elasticsearch/tasks/plugin_head.yml
  5. +44
    -43
      elasticsearch/tasks/tmpdir.yml
  6. +14
    -13
      evoacme/tasks/certbot.yml
  7. +18
    -18
      evolinux-base/tasks/default_www.yml
  8. +61
    -59
      evolinux-base/tasks/hardware.yml
  9. +9
    -8
      filebeat/tasks/main.yml
  10. +17
    -15
      kvm-host/tasks/images.yml

+ 14
- 13
certbot/tasks/acme-challenge.yml View File

@@ -24,19 +24,20 @@
path: /usr/sbin/apachectl
register: is_apache

- block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache

- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
- name: ACME challenge for Apache
block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache

- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
when: is_apache.stat.exists

- name: Check if HAProxy is installed


+ 7
- 6
dovecot/tasks/munin.yml View File

@@ -6,12 +6,13 @@
check_mode: no
register: munin_node_plugins_config

- block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
- name: Munin plugins are present and configured
block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"

# TODO : add in /etc/munin/plugin-conf.d/munin-node
# [dovecot]


+ 31
- 29
elasticsearch/tasks/datadir.yml View File

@@ -1,44 +1,46 @@
---

- block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no
- name: Set real datadir value when customized
block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no

- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
tags:
- elasticsearch
when:
- elasticsearch_custom_datadir != ''
- elasticsearch_custom_datadir != None

- block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped
- name: Datadir is moved to custom path
block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped

- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"
- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"

- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link

- name: elasticsearch is started
service:
name: elasticsearch
state: started
- name: elasticsearch is started
service:
name: elasticsearch
state: started
tags:
- elasticsearch
when:


+ 21
- 20
elasticsearch/tasks/plugin_head.yml View File

@@ -8,28 +8,29 @@
system: yes
shell: /bin/false

- block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages
- name: Head plugin is installed
block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages

- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory
- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory

- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
become_user: "{{ elasticsearch_plugin_head_owner }}"
become: yes



+ 44
- 43
elasticsearch/tasks/tmpdir.yml View File

@@ -7,50 +7,51 @@
changed_when: False
check_mode: no

- block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch
- name: Tmpdir is moved to custom path
block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch

- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')
- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')

- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')

- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

+ 14
- 13
evoacme/tasks/certbot.yml View File

@@ -1,18 +1,19 @@
---

- block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml

- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update

- meta: flush_handlers
- name: Use backports for jessie
block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml

- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update

- meta: flush_handlers
when: ansible_distribution_release == "jessie"

- name: Install certbot with apt


+ 18
- 18
evolinux-base/tasks/default_www.yml View File

@@ -25,24 +25,24 @@

# SSL cert

- block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
- name: Default certificate is present
block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
when: evolinux_default_www_ssl_cert

- meta: flush_handlers

+ 61
- 59
evolinux-base/tasks/hardware.yml View File

@@ -33,67 +33,69 @@
changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout"

- block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"

- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present

- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present

- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"

- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
- name: HP Smart Array package is present
block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"

- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present

- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present

- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"

- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"

- block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')

- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present

- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes

- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"

- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
- name: MegaRAID SAS package is present
block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')

- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present

- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes

- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"

- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
when: "'MegaRAID SAS' in raidmodel.stdout"

- meta: flush_handlers

+ 9
- 8
filebeat/tasks/main.yml View File

@@ -54,16 +54,17 @@
changed_when: false
when: filebeat_logstash_plugin and logstash_plugin.stat.exists

- block:
- include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed
block:
- include_role:
name: evolix/remount-usr

- name: Logstash plugin is installed
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
- name: logstash-plugin install logstash-input-beats
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
when:
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success

- name: cloud_metadata processor is disabled
replace:


+ 17
- 15
kvm-host/tasks/images.yml View File

@@ -1,20 +1,22 @@
---

- block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: Set images path when customized
block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test

- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
when: kvm_custom_libvirt_images_path != ''

- block:
- name: Images directory is moved to custom path
block:
- name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}"
command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
args:
@@ -33,6 +35,6 @@
dest: '/var/lib/libvirt/images'
state: link
when:
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists

Write Preview
Loading…
Cancel
Save