evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Add names to many blocks

This commit is contained in:
Jérémy Lecour 2019-12-31 16:56:03 +01:00 committed by Jérémy Lecour
parent 3b258cc43e
commit 6801f4e00e
10 changed files with 223 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
certbot/tasks/acme-challenge.yml
View File

@ -24,19 +24,20 @@
path: /usr/sbin/apachectl
register: is_apache
- block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache
- name: ACME challenge for Apache
block:
- name: ACME challenge for Apache is installed
template:
src: acme-challenge/apache.conf.j2
dest: /etc/apache2/conf-available/letsencrypt.conf
force: yes
notify: reload apache
- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
- name: ACME challenge for Apache is enabled
command: "a2enconf letsencrypt"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
when: is_apache.stat.exists
- name: Check if HAProxy is installed

13
dovecot/tasks/munin.yml
View File

@ -6,12 +6,13 @@
check_mode: no
register: munin_node_plugins_config
- block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
- name: Munin plugins are present and configured
block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
# TODO : add in /etc/munin/plugin-conf.d/munin-node
# [dovecot]

60
elasticsearch/tasks/datadir.yml
View File

@ -1,44 +1,46 @@
---
- block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no
- name: Set real datadir value when customized
block:
- name: "Is custom datadir present ?"
stat:
path: "{{ elasticsearch_custom_datadir }}"
register: elasticsearch_custom_datadir_test
check_mode: no
- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
- name: "read the real datadir"
command: readlink -f /var/lib/elasticsearch
changed_when: false
register: elasticsearch_current_real_datadir_test
check_mode: no
tags:
- elasticsearch
when:
- elasticsearch_custom_datadir != ''
- elasticsearch_custom_datadir != None
- block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped
- name: Datadir is moved to custom path
block:
- name: elasticsearch is stopped
service:
name: elasticsearch
state: stopped
- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"
- name: Move elasticsearch datadir to custom datadir
command: mv {{ elasticsearch_current_real_datadir_test.stdout }} {{ elasticsearch_custom_datadir }}
args:
creates: "{{ elasticsearch_custom_datadir }}"
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link
- name: Symlink {{ elasticsearch_custom_datadir }} to /var/lib/elasticsearch
file:
src: "{{ elasticsearch_custom_datadir }}"
dest: '/var/lib/elasticsearch'
state: link
- name: elasticsearch is started
service:
name: elasticsearch
state: started
- name: elasticsearch is started
service:
name: elasticsearch
state: started
tags:
- elasticsearch
when:

41
elasticsearch/tasks/plugin_head.yml
View File

@ -8,28 +8,29 @@
system: yes
shell: /bin/false
- block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages
- name: Head plugin is installed
block:
- name: Head repository is checked-out
git:
repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes
tags:
- packages
- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory
- name: Create tmpdir
file:
dest: "{{ elasticsearch_plugin_head_tmp_dir }}"
state: directory
- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
- name: NPM packages for head are installed
npm:
path: "{{ elasticsearch_plugin_head_clone_dir }}"
tags:
- packages
- npm
environment:
TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}"
become_user: "{{ elasticsearch_plugin_head_owner }}"
become: yes

87
elasticsearch/tasks/tmpdir.yml
View File

@ -7,50 +7,51 @@
changed_when: False
check_mode: no
- block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch
- name: Tmpdir is moved to custom path
block:
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
file:
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
owner: elasticsearch
group: elasticsearch
mode: "0755"
state: directory
tags:
- elasticsearch
- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')
- name: change JVM tmpdir (< 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '<')
- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: check if ES_TMPDIR is available (>= 6.x)
lineinfile:
dest: /etc/default/elasticsearch
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
regexp: "^ES_TMPDIR="
insertafter: "JAVA_HOME"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
- name: change JVM tmpdir (>= 6.x)
lineinfile:
dest: /etc/elasticsearch/jvm.options
line: "-Djava.io.tmpdir=${ES_TMPDIR}"
regexp: "^-Djava.io.tmpdir="
insertafter: "## JVM configuration"
notify:
- restart elasticsearch
tags:
- elasticsearch
when: elastic_stack_version is version_compare('6', '>=')
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

23
evoacme/tasks/certbot.yml
View File

@ -1,18 +1,19 @@
---
- block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml
- name: Use backports for jessie
block:
- name: install jessie-backports
include_role:
name: evolix/apt
tasks_from: backports.yml
- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update
- name: Add exceptions for certbot dependencies
copy:
src: backports-certbot
dest: /etc/apt/preferences.d/z-backports-certbot
notify: apt update
- meta: flush_handlers
- meta: flush_handlers
when: ansible_distribution_release == "jessie"
- name: Install certbot with apt

32
evolinux-base/tasks/default_www.yml
View File

@ -25,24 +25,24 @@
# SSL cert
- block:
- name: Default certificate is present
block:
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/{{ ansible_fqdn }}.csr -batch -subj "/CN={{ ansible_fqdn }}"
args:
creates: "/etc/ssl/private/{{ ansible_fqdn }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ ansible_fqdn }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
args:
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
when: evolinux_default_www_ssl_cert
- meta: flush_handlers

104
evolinux-base/tasks/hardware.yml
View File

@ -33,67 +33,69 @@
changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout"
- block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"
- name: HP Smart Array package is present
block:
- name: Add HPE GPG key
apt_key:
#url: https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub
data: "{{ lookup('file', 'hpePublicKey2048_key1.pub') }}"
- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
- name: Add HPE repository
apt_repository:
repo: 'deb https://downloads.linux.hpe.com/SDR/repo/mcp {{ ansible_distribution_release }}/current non-free'
state: present
- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present
- name: Install packages for HP hardware
apt:
name:
- cciss-vol-status
- ssacli
state: present
- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
- name: Configure packages for HP hardware
template:
src: hardware/cciss-vol-statusd.j2
dest: /etc/init.d/cciss-vol-statusd
mode: "0755"
- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
- name: Enable HP hardware in systemd
service:
name: cciss-vol-statusd
enabled: true
state: started
when: "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')
- name: MegaRAID SAS package is present
block:
- name: Add HW tool GPG key
apt_key:
# url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key
data: "{{ lookup('file', 'hwraid.le-vert.net.gpg.key') }}"
when: ansible_distribution_major_version is version_compare('9', '>=')
- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
- name: Add HW tool repository
apt_repository:
repo: 'deb http://hwraid.le-vert.net/debian {{ ansible_distribution_release }} main'
state: present
- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
- name: Install packages for DELL/LSI hardware
apt:
name:
- megacli
- megaclisas-status
allow_unauthenticated: yes
- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
- name: Configure packages for DELL/LSI hardware
template:
src: hardware/megaclisas-statusd.j2
dest: /etc/default/megaclisas-statusd
mode: "0755"
- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
- name: Enable DELL/LSI hardware in systemd
service:
name: megaclisas-statusd
enabled: true
state: started
when: "'MegaRAID SAS' in raidmodel.stdout"
- meta: flush_handlers

17
filebeat/tasks/main.yml
View File

@ -54,16 +54,17 @@
changed_when: false
when: filebeat_logstash_plugin and logstash_plugin.stat.exists
- block:
- include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed
block:
- include_role:
name: evolix/remount-usr
- name: Logstash plugin is installed
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
- name: logstash-plugin install logstash-input-beats
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
when:
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success
- filebeat_logstash_plugin
- logstash_plugin.stat.exists
- not logstash_plugin_installed | success
- name: cloud_metadata processor is disabled
replace:

32
kvm-host/tasks/images.yml
View File

@ -1,20 +1,22 @@
---
- block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: Set images path when customized
block:
- name: "Is {{ kvm_custom_libvirt_images_path }} present ?"
stat:
path: "{{ kvm_custom_libvirt_images_path }}"
check_mode: no
register: kvm_custom_libvirt_images_path_test
- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
- name: "read the real datadir"
command: readlink -f /var/lib/libvirt/images
changed_when: False
check_mode: no
register: kvm_libvirt_images_current_real_path_test
when: kvm_custom_libvirt_images_path != ''
- block:
- name: Images directory is moved to custom path
block:
- name: "Move libvirt images to {{ kvm_custom_libvirt_images_path }}"
command: mv /var/lib/libvirt/images {{ kvm_custom_libvirt_images_path }}
args:
@ -33,6 +35,6 @@
dest: '/var/lib/libvirt/images'
state: link
when:
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists
- kvm_custom_libvirt_images_path != ''
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists