evolix
/
ansible-roles
18
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Add names to many blocks

This commit is contained in:
Jérémy Lecour 2019-12-31 16:56:03 +01:00 committed by Jérémy Lecour
parent 3b258cc43e
commit 6801f4e00e
10 changed files with 223 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
certbot/tasks/acme-challenge.yml
View File

@ -24,19 +24,20 @@
path: /usr/sbin/apachectl path: /usr/sbin/apachectl
register: is_apache register: is_apache
- block: - name: ACME challenge for Apache
- name: ACME challenge for Apache is installed block:
template: - name: ACME challenge for Apache is installed
src: acme-challenge/apache.conf.j2 template:
dest: /etc/apache2/conf-available/letsencrypt.conf src: acme-challenge/apache.conf.j2
force: yes dest: /etc/apache2/conf-available/letsencrypt.conf
notify: reload apache force: yes
notify: reload apache
- name: ACME challenge for Apache is enabled - name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt" command: "a2enconf letsencrypt"
register: command_result register: command_result
changed_when: "'Enabling' in command_result.stderr" changed_when: "'Enabling' in command_result.stderr"
notify: reload apache notify: reload apache
when: is_apache.stat.exists when: is_apache.stat.exists
- name: Check if HAProxy is installed - name: Check if HAProxy is installed

13
dovecot/tasks/munin.yml
View File

@ -6,12 +6,13 @@
check_mode: no check_mode: no
register: munin_node_plugins_config register: munin_node_plugins_config
- block: - name: Munin plugins are present and configured
- name: Install munin plugin block:
copy: - name: Install munin plugin
src: munin_plugin copy:
dest: /etc/munin/plugins/dovecot src: munin_plugin
mode: "0755" dest: /etc/munin/plugins/dovecot
mode: "0755"
# TODO : add in /etc/munin/plugin-conf.d/munin-node # TODO : add in /etc/munin/plugin-conf.d/munin-node
# [dovecot] # [dovecot]

60
elasticsearch/tasks/datadir.yml
View File

@ -1,44 +1,46 @@
--- ---
- block: - name: Set real datadir value when customized
- name: "Is custom datadir present ?" block:
stat: - name: "Is custom datadir present ?"
path: "{{ elasticsearch_custom_datadir }}" stat:
register: elasticsearch_custom_datadir_test path: "{{ elasticsearch_custom_datadir }}"
check_mode: no register: elasticsearch_custom_datadir_test
check_mode: no
- name: "read the real datadir" - name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch command: readlink -f /var/lib/elasticsearch
changed_when: false changed_when: false
register: elasticsearch_current_real_datadir_test register: elasticsearch_current_real_datadir_test
check_mode: no check_mode: no
tags: tags:
- elasticsearch - elasticsearch
when: when:
- elasticsearch_custom_datadir != '' - elasticsearch_custom_datadir != ''
- elasticsearch_custom_datadir != None - elasticsearch_custom_datadir != None
- block: - name: Datadir is moved to custom path
- name: elasticsearch is stopped block:
service: - name: elasticsearch is stopped
name: elasticsearch service:
state: stopped name: elasticsearch
state: stopped
- name: Move elasticsearch datadir to custom datadir - name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }} command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args: args:
creates: "{{ elasticsearch_custom_datadir }}" creates: "{{ elasticsearch_custom_datadir }}"
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch - name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file: file:
src: "{{ elasticsearch_custom_datadir }}" src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch' dest: '/var/lib/elasticsearch'
state: link state: link
- name: elasticsearch is started - name: elasticsearch is started
service: service:
name: elasticsearch name: elasticsearch
state: started state: started
tags: tags:
- elasticsearch - elasticsearch
when: when:

41
elasticsearch/tasks/plugin_head.yml
View File

@ -8,28 +8,29 @@
system: yes system: yes
shell: /bin/false shell: /bin/false
- block: - name: Head plugin is installed
- name: Head repository is checked-out block:
git: - name: Head repository is checked-out
repo: "https://github.com/mobz/elasticsearch-head.git" git:
dest: "{{ elasticsearch_plugin_head_clone_dir }}" repo: "https://github.com/mobz/elasticsearch-head.git"
clone: yes dest: "{{ elasticsearch_plugin_head_clone_dir }}"
tags: clone: yes
- packages tags:
- packages
- name: Create tmpdir - name: Create tmpdir
file: file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}" dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory state: directory
- name: NPM packages for head are installed - name: NPM packages for head are installed
npm: npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}" path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags: tags:
- packages - packages
- npm - npm
environment: environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}" TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
become_user: "{{ elasticsearch_plugin_head_owner }}" become_user: "{{ elasticsearch_plugin_head_owner }}"
become: yes become: yes

87
elasticsearch/tasks/tmpdir.yml
View File

@ -7,50 +7,51 @@
changed_when: False changed_when: False
check_mode: no check_mode: no
- block: - name: Tmpdir is moved to custom path
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" block:
file: - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" file:
owner: elasticsearch path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
group: elasticsearch owner: elasticsearch
mode: "0755" group: elasticsearch
state: directory mode: "0755"
tags: state: directory
- elasticsearch tags:
- elasticsearch
- name: change JVM tmpdir (< 6.x) - name: change JVM tmpdir (< 6.x)
lineinfile: lineinfile:
dest: /etc/elasticsearch/jvm.options dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir=" regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration" insertafter: "## JVM configuration"
notify: notify:
- restart elasticsearch - restart elasticsearch
tags: tags:
- elasticsearch - elasticsearch
when: elastic_stack_version is version_compare('6', '<') when: elastic_stack_version is version_compare('6', '<')
- name: check if ES_TMPDIR is available (>= 6.x) - name: check if ES_TMPDIR is available (>= 6.x)
lineinfile: lineinfile:
dest: /etc/default/elasticsearch dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR=" regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME" insertafter: "JAVA_HOME"
notify: notify:
- restart elasticsearch - restart elasticsearch
tags: tags:
- elasticsearch - elasticsearch
when: elastic_stack_version is version_compare('6', '>=') when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x) - name: change JVM tmpdir (>= 6.x)
lineinfile: lineinfile:
dest: /etc/elasticsearch/jvm.options dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}" line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir=" regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration" insertafter: "## JVM configuration"
notify: notify:
- restart elasticsearch - restart elasticsearch
tags: tags:
- elasticsearch - elasticsearch
when: elastic_stack_version is version_compare('6', '>=') when: elastic_stack_version is version_compare('6', '>=')
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

23
evoacme/tasks/certbot.yml
View File

@ -1,18 +1,19 @@
--- ---
- block: - name: Use backports for jessie
- name: install jessie-backports block:
include_role: - name: install jessie-backports
name: evolix/apt include_role:
tasks_from: backports.yml name: evolix/apt
tasks_from: backports.yml
- name: Add exceptions for certbot dependencies - name: Add exceptions for certbot dependencies
copy: copy:
src: backports-certbot src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update notify: apt update
- meta: flush_handlers - meta: flush_handlers
when: ansible_distribution_release == "jessie" when: ansible_distribution_release == "jessie"
- name: Install certbot with apt - name: Install certbot with apt

32
evolinux-base/tasks/default_www.yml
View File

@ -25,24 +25,24 @@
# SSL cert # SSL cert
- block: - name: Default certificate is present
block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Create private key and csr for default site ({{ ansible_fqdn }}) - name: Adjust rights on private key
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}" file:
args: path: /etc/ssl/private/{{ ansible_fqdn }}.key
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key" owner: root
group: ssl-cert
mode: "0640"
- name: Adjust rights on private key - name: Create certificate for default site
file: command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
path: /etc/ssl/private/{{ ansible_fqdn }}.key args:
owner: root creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
when: evolinux_default_www_ssl_cert when: evolinux_default_www_ssl_cert
- meta: flush_handlers - meta: flush_handlers

104
evolinux-base/tasks/hardware.yml
View File

@ -33,67 +33,69 @@
changed_when: "'FAILED' in raidmodel.stdout" changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout" failed_when: "'FAILED' in raidmodel.stdout"
- block: - name: HP Smart Array package is present
- name: Add HPE GPG key block:
apt_key: - name: Add HPE GPG key
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub apt_key:
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}" #url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"
- name: Add HPE repository - name: Add HPE repository
apt_repository: apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free' repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present state: present
- name: Install packages for HP hardware - name: Install packages for HP hardware
apt: apt:
name: name:
- cciss-vol-status - cciss-vol-status
- ssacli - ssacli
state: present state: present
- name: Configure packages for HP hardware - name: Configure packages for HP hardware
template: template:
src: hardware/cciss-vol-statusd.j2 src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd dest: /etc/init.d/cciss-vol-statusd
mode: "0755" mode: "0755"
- name: Enable HP hardware in systemd - name: Enable HP hardware in systemd
service: service:
name: cciss-vol-statusd name: cciss-vol-statusd
enabled: true enabled: true
state: started state: started
when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- block: - name: MegaRAID SAS package is present
- name: Add HW tool GPG key block:
apt_key: - name: Add HW tool GPG key
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key apt_key:
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}" # url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
when: ansible_distribution_major_version is version_compare('9', '>=') data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')
- name: Add HW tool repository - name: Add HW tool repository
apt_repository: apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main' repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present state: present
- name: Install packages for DELL/LSI hardware - name: Install packages for DELL/LSI hardware
apt: apt:
name: name:
- megacli - megacli
- megaclisas-status - megaclisas-status
allow_unauthenticated: yes allow_unauthenticated: yes
- name: Configure packages for DELL/LSI hardware - name: Configure packages for DELL/LSI hardware
template: template:
src: hardware/megaclisas-statusd.j2 src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd dest: /etc/default/megaclisas-statusd
mode: "0755" mode: "0755"
- name: Enable DELL/LSI hardware in systemd - name: Enable DELL/LSI hardware in systemd
service: service:
name: megaclisas-statusd name: megaclisas-statusd
enabled: true enabled: true
state: started state: started
when: "'MegaRAID SAS' in raidmodel.stdout" when: "'MegaRAID SAS' in raidmodel.stdout"
- meta: flush_handlers - meta: flush_handlers

17
filebeat/tasks/main.yml
View File

@ -54,16 +54,17 @@
changed_when: false changed_when: false
when: filebeat_logstash_plugin and logstash_plugin.stat.exists when: filebeat_logstash_plugin and logstash_plugin.stat.exists
- block: - name: Logstash plugin is installed
- include_role: block:
name: evolix/remount-usr - include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed - name: logstash-plugin install logstash-input-beats
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
when: when:
- filebeat_logstash_plugin - filebeat_logstash_plugin
- logstash_plugin.stat.exists - logstash_plugin.stat.exists
- not logstash_plugin_installed | success - not logstash_plugin_installed | success
- name: cloud_metadata processor is disabled - name: cloud_metadata processor is disabled
replace: replace:

32
kvm-host/tasks/images.yml
View File

@ -1,20 +1,22 @@
--- ---
- block: - name: Set images path when customized
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?" block:
stat: - name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
path: "{{ kvm_custom_libvirt_images_path }}" stat:
check_mode: no path: "{{ kvm_custom_libvirt_images_path }}"
register: kvm_custom_libvirt_images_path_test check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: "read the real datadir" - name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images command: readlink -f /var/lib/libvirt/images
changed_when: False changed_when: False
check_mode: no check_mode: no
register: kvm_libvirt_images_current_real_path_test register: kvm_libvirt_images_current_real_path_test
when: kvm_custom_libvirt_images_path != '' when: kvm_custom_libvirt_images_path != ''
- block: - name: Images directory is moved to custom path
block:
- name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}" - name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}"
command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }} command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
args: args:
@ -33,6 +35,6 @@
dest: '/var/lib/libvirt/images' dest: '/var/lib/libvirt/images'
state: link state: link
when: when:
- kvm_custom_libvirt_images_path != '' - kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists - not kvm_custom_libvirt_images_path_test.stat.exists