diff --git a/certbot/tasks/acme-challenge.yml b/certbot/tasks/acme-challenge.yml index d5fe803d..56b0c099 100644 --- a/certbot/tasks/acme-challenge.yml +++ b/certbot/tasks/acme-challenge.yml @@ -24,19 +24,20 @@ path: /usr/sbin/apachectl register: is_apache -- block: - - name: ACME challenge for Apache is installed - template: - src: acme-challenge/apache.conf.j2 - dest: /etc/apache2/conf-available/letsencrypt.conf - force: yes - notify: reload apache +- name: ACME challenge for Apache + block: + - name: ACME challenge for Apache is installed + template: + src: acme-challenge/apache.conf.j2 + dest: /etc/apache2/conf-available/letsencrypt.conf + force: yes + notify: reload apache - - name: ACME challenge for Apache is enabled - command: "a2enconf letsencrypt" - register: command_result - changed_when: "'Enabling' in command_result.stderr" - notify: reload apache + - name: ACME challenge for Apache is enabled + command: "a2enconf letsencrypt" + register: command_result + changed_when: "'Enabling' in command_result.stderr" + notify: reload apache when: is_apache.stat.exists - name: Check if HAProxy is installed diff --git a/dovecot/tasks/munin.yml b/dovecot/tasks/munin.yml index 7f5003f0..21d17519 100644 --- a/dovecot/tasks/munin.yml +++ b/dovecot/tasks/munin.yml @@ -6,12 +6,13 @@ check_mode: no register: munin_node_plugins_config -- block: - - name: Install munin plugin - copy: - src: munin_plugin - dest: /etc/munin/plugins/dovecot - mode: "0755" +- name: Munin plugins are present and configured + block: + - name: Install munin plugin + copy: + src: munin_plugin + dest: /etc/munin/plugins/dovecot + mode: "0755" # TODO : add in /etc/munin/plugin-conf.d/munin-node # [dovecot] diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml index 38d2218a..66ec48a1 100644 --- a/elasticsearch/tasks/datadir.yml +++ b/elasticsearch/tasks/datadir.yml @@ -1,44 +1,46 @@ --- -- block: - - name: "Is custom datadir present ?" - stat: - path: "{{ elasticsearch_custom_datadir }}" - register: elasticsearch_custom_datadir_test - check_mode: no +- name: Set real datadir value when customized + block: + - name: "Is custom datadir present ?" + stat: + path: "{{ elasticsearch_custom_datadir }}" + register: elasticsearch_custom_datadir_test + check_mode: no - - name: "read the real datadir" - command: readlink -f /var/lib/elasticsearch - changed_when: false - register: elasticsearch_current_real_datadir_test - check_mode: no + - name: "read the real datadir" + command: readlink -f /var/lib/elasticsearch + changed_when: false + register: elasticsearch_current_real_datadir_test + check_mode: no tags: - elasticsearch when: - elasticsearch_custom_datadir != '' - elasticsearch_custom_datadir != None -- block: - - name: elasticsearch is stopped - service: - name: elasticsearch - state: stopped +- name: Datadir is moved to custom path + block: + - name: elasticsearch is stopped + service: + name: elasticsearch + state: stopped - - name: Move elasticsearch datadir to custom datadir - command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }} - args: - creates: "{{ elasticsearch_custom_datadir }}" + - name: Move elasticsearch datadir to custom datadir + command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }} + args: + creates: "{{ elasticsearch_custom_datadir }}" - - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch - file: - src: "{{ elasticsearch_custom_datadir }}" - dest: '/var/lib/elasticsearch' - state: link + - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch + file: + src: "{{ elasticsearch_custom_datadir }}" + dest: '/var/lib/elasticsearch' + state: link - - name: elasticsearch is started - service: - name: elasticsearch - state: started + - name: elasticsearch is started + service: + name: elasticsearch + state: started tags: - elasticsearch when: diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml index 81510fa0..2f7cae39 100644 --- a/elasticsearch/tasks/plugin_head.yml +++ b/elasticsearch/tasks/plugin_head.yml @@ -8,28 +8,29 @@ system: yes shell: /bin/false -- block: - - name: Head repository is checked-out - git: - repo: "https://github.com/mobz/elasticsearch-head.git" - dest: "{{ elasticsearch_plugin_head_clone_dir }}" - clone: yes - tags: - - packages +- name: Head plugin is installed + block: + - name: Head repository is checked-out + git: + repo: "https://github.com/mobz/elasticsearch-head.git" + dest: "{{ elasticsearch_plugin_head_clone_dir }}" + clone: yes + tags: + - packages - - name: Create tmpdir - file: - dest: "{{ elasticsearch_plugin_head_tmp_dir }}" - state: directory + - name: Create tmpdir + file: + dest: "{{ elasticsearch_plugin_head_tmp_dir }}" + state: directory - - name: NPM packages for head are installed - npm: - path: "{{ elasticsearch_plugin_head_clone_dir }}" - tags: - - packages - - npm - environment: - TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}" + - name: NPM packages for head are installed + npm: + path: "{{ elasticsearch_plugin_head_clone_dir }}" + tags: + - packages + - npm + environment: + TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}" become_user: "{{ elasticsearch_plugin_head_owner }}" become: yes diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index 32bd9a99..28548b54 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -7,50 +7,51 @@ changed_when: False check_mode: no -- block: - - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" - file: - path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" - owner: elasticsearch - group: elasticsearch - mode: "0755" - state: directory - tags: - - elasticsearch +- name: Tmpdir is moved to custom path + block: + - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + file: + path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + owner: elasticsearch + group: elasticsearch + mode: "0755" + state: directory + tags: + - elasticsearch - - name: change JVM tmpdir (< 6.x) - lineinfile: - dest: /etc/elasticsearch/jvm.options - line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" - regexp: "^-Djava.io.tmpdir=" - insertafter: "## JVM configuration" - notify: - - restart elasticsearch - tags: - - elasticsearch - when: elastic_stack_version is version_compare('6', '<') + - name: change JVM tmpdir (< 6.x) + lineinfile: + dest: /etc/elasticsearch/jvm.options + line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + regexp: "^-Djava.io.tmpdir=" + insertafter: "## JVM configuration" + notify: + - restart elasticsearch + tags: + - elasticsearch + when: elastic_stack_version is version_compare('6', '<') - - name: check if ES_TMPDIR is available (>= 6.x) - lineinfile: - dest: /etc/default/elasticsearch - line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" - regexp: "^ES_TMPDIR=" - insertafter: "JAVA_HOME" - notify: - - restart elasticsearch - tags: - - elasticsearch - when: elastic_stack_version is version_compare('6', '>=') + - name: check if ES_TMPDIR is available (>= 6.x) + lineinfile: + dest: /etc/default/elasticsearch + line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + regexp: "^ES_TMPDIR=" + insertafter: "JAVA_HOME" + notify: + - restart elasticsearch + tags: + - elasticsearch + when: elastic_stack_version is version_compare('6', '>=') - - name: change JVM tmpdir (>= 6.x) - lineinfile: - dest: /etc/elasticsearch/jvm.options - line: "-Djava.io.tmpdir=${ES_TMPDIR}" - regexp: "^-Djava.io.tmpdir=" - insertafter: "## JVM configuration" - notify: - - restart elasticsearch - tags: - - elasticsearch - when: elastic_stack_version is version_compare('6', '>=') + - name: change JVM tmpdir (>= 6.x) + lineinfile: + dest: /etc/elasticsearch/jvm.options + line: "-Djava.io.tmpdir=${ES_TMPDIR}" + regexp: "^-Djava.io.tmpdir=" + insertafter: "## JVM configuration" + notify: + - restart elasticsearch + tags: + - elasticsearch + when: elastic_stack_version is version_compare('6', '>=') when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 diff --git a/evoacme/tasks/certbot.yml b/evoacme/tasks/certbot.yml index 44fe4bb5..5e18cfec 100644 --- a/evoacme/tasks/certbot.yml +++ b/evoacme/tasks/certbot.yml @@ -1,18 +1,19 @@ --- -- block: - - name: install jessie-backports - include_role: - name: evolix/apt - tasks_from: backports.yml +- name: Use backports for jessie + block: + - name: install jessie-backports + include_role: + name: evolix/apt + tasks_from: backports.yml - - name: Add exceptions for certbot dependencies - copy: - src: backports-certbot - dest: /etc/apt/preferences.d/z-backports-certbot - notify: apt update + - name: Add exceptions for certbot dependencies + copy: + src: backports-certbot + dest: /etc/apt/preferences.d/z-backports-certbot + notify: apt update - - meta: flush_handlers + - meta: flush_handlers when: ansible_distribution_release == "jessie" - name: Install certbot with apt diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 665e7eb0..8956d824 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -25,24 +25,24 @@ # SSL cert -- block: +- name: Default certificate is present + block: + - name: Create private key and csr for default site ({{ ansible_fqdn }}) + command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}" + args: + creates: "/etc/ssl/private/{{ ansible_fqdn }}.key" - - name: Create private key and csr for default site ({{ ansible_fqdn }}) - command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}" - args: - creates: "/etc/ssl/private/{{ ansible_fqdn }}.key" + - name: Adjust rights on private key + file: + path: /etc/ssl/private/{{ ansible_fqdn }}.key + owner: root + group: ssl-cert + mode: "0640" - - name: Adjust rights on private key - file: - path: /etc/ssl/private/{{ ansible_fqdn }}.key - owner: root - group: ssl-cert - mode: "0640" - - - name: Create certificate for default site - command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt - args: - creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" + - name: Create certificate for default site + command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt + args: + creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" when: evolinux_default_www_ssl_cert - meta: flush_handlers diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index c86b1b8f..f7c07fee 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -33,67 +33,69 @@ changed_when: "'FAILED' in raidmodel.stdout" failed_when: "'FAILED' in raidmodel.stdout" -- block: - - name: Add HPE GPG key - apt_key: - #url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub - data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}" +- name: HP Smart Array package is present + block: + - name: Add HPE GPG key + apt_key: + #url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub + data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}" - - name: Add HPE repository - apt_repository: - repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free' - state: present + - name: Add HPE repository + apt_repository: + repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free' + state: present - - name: Install packages for HP hardware - apt: - name: - - cciss-vol-status - - ssacli - state: present + - name: Install packages for HP hardware + apt: + name: + - cciss-vol-status + - ssacli + state: present - - name: Configure packages for HP hardware - template: - src: hardware/cciss-vol-statusd.j2 - dest: /etc/init.d/cciss-vol-statusd - mode: "0755" + - name: Configure packages for HP hardware + template: + src: hardware/cciss-vol-statusd.j2 + dest: /etc/init.d/cciss-vol-statusd + mode: "0755" - - name: Enable HP hardware in systemd - service: - name: cciss-vol-statusd - enabled: true - state: started + - name: Enable HP hardware in systemd + service: + name: cciss-vol-statusd + enabled: true + state: started when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" -- block: - - name: Add HW tool GPG key - apt_key: - # url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key - data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}" - when: ansible_distribution_major_version is version_compare('9', '>=') +- name: MegaRAID SAS package is present + block: + - name: Add HW tool GPG key + apt_key: + # url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key + data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}" + when: ansible_distribution_major_version is version_compare('9', '>=') - - name: Add HW tool repository - apt_repository: - repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main' - state: present + - name: Add HW tool repository + apt_repository: + repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main' + state: present - - name: Install packages for DELL/LSI hardware - apt: - name: - - megacli - - megaclisas-status - allow_unauthenticated: yes + - name: Install packages for DELL/LSI hardware + apt: + name: + - megacli + - megaclisas-status + allow_unauthenticated: yes - - name: Configure packages for DELL/LSI hardware - template: - src: hardware/megaclisas-statusd.j2 - dest: /etc/default/megaclisas-statusd - mode: "0755" + - name: Configure packages for DELL/LSI hardware + template: + src: hardware/megaclisas-statusd.j2 + dest: /etc/default/megaclisas-statusd + mode: "0755" - - name: Enable DELL/LSI hardware in systemd - service: - name: megaclisas-statusd - enabled: true - state: started + - name: Enable DELL/LSI hardware in systemd + service: + name: megaclisas-statusd + enabled: true + state: started when: "'MegaRAID SAS' in raidmodel.stdout" - meta: flush_handlers diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index 6bec3be7..0aca06d6 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -54,16 +54,17 @@ changed_when: false when: filebeat_logstash_plugin and logstash_plugin.stat.exists -- block: - - include_role: - name: evolix/remount-usr +- name: Logstash plugin is installed + block: + - include_role: + name: evolix/remount-usr - - name: Logstash plugin is installed - command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats + - name: logstash-plugin install logstash-input-beats + command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats when: - - filebeat_logstash_plugin - - logstash_plugin.stat.exists - - not logstash_plugin_installed | success + - filebeat_logstash_plugin + - logstash_plugin.stat.exists + - not logstash_plugin_installed | success - name: cloud_metadata processor is disabled replace: diff --git a/kvm-host/tasks/images.yml b/kvm-host/tasks/images.yml index 527eb048..420e83ec 100644 --- a/kvm-host/tasks/images.yml +++ b/kvm-host/tasks/images.yml @@ -1,20 +1,22 @@ --- -- block: - - name: "Is {{ kvm_custom_libvirt_images_path }} present ?" - stat: - path: "{{ kvm_custom_libvirt_images_path }}" - check_mode: no - register: kvm_custom_libvirt_images_path_test +- name: Set images path when customized + block: + - name: "Is {{ kvm_custom_libvirt_images_path }} present ?" + stat: + path: "{{ kvm_custom_libvirt_images_path }}" + check_mode: no + register: kvm_custom_libvirt_images_path_test - - name: "read the real datadir" - command: readlink -f /var/lib/libvirt/images - changed_when: False - check_mode: no - register: kvm_libvirt_images_current_real_path_test + - name: "read the real datadir" + command: readlink -f /var/lib/libvirt/images + changed_when: False + check_mode: no + register: kvm_libvirt_images_current_real_path_test when: kvm_custom_libvirt_images_path != '' -- block: +- name: Images directory is moved to custom path + block: - name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}" command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }} args: @@ -33,6 +35,6 @@ dest: '/var/lib/libvirt/images' state: link when: - - kvm_custom_libvirt_images_path != '' - - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout - - not kvm_custom_libvirt_images_path_test.stat.exists + - kvm_custom_libvirt_images_path != '' + - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout + - not kvm_custom_libvirt_images_path_test.stat.exists