Merge branch 'bullseye' into unstable
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
commit
ba3ed5e903
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -12,19 +12,33 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* Preliminary support for Debian 11 « Bullseye »
|
||||||
|
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||||
* certbot: add script for manual deploy hooks execution
|
* certbot: add script for manual deploy hooks execution
|
||||||
* listupgrade: crontab is configurable
|
* listupgrade: crontab is configurable
|
||||||
|
* mongodb: create munin plugins directory if missing
|
||||||
|
* redis: instance service for Debian 11
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* Use python3 modules for Debian 11 and later
|
||||||
|
* elasticsearch: 7.x by default
|
||||||
|
* evolinux-base: force Debian version to buster for Evolix repository (temporary)
|
||||||
|
* kibana: 7.x by default
|
||||||
* listupgrade: upstream release 21.06.3
|
* listupgrade: upstream release 21.06.3
|
||||||
|
* mysql: mariadb-client-10.5 on Debian 11
|
||||||
|
* mysql: use python3 with Debian 11 and later
|
||||||
* squid: improve default whitelist (more specific patterns)
|
* squid: improve default whitelist (more specific patterns)
|
||||||
|
* squid: must be started in foreground mode for systemd
|
||||||
|
* squid: remove obsolete variable on Squid 4
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* certbot: sync_remote excludes itself
|
* certbot: sync_remote excludes itself
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
|
* php: remove php-gettext for 7.4
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
## [10.6.0] 2021-06-28
|
## [10.6.0] 2021-06-28
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: apache_serverstatus_suffix
|
var: apache_serverstatus_suffix
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
- name: replace server-status suffix in default site index
|
- name: replace server-status suffix in default site index
|
||||||
replace:
|
replace:
|
||||||
|
|
3
apt/files/bullseye_backports_preferences
Normal file
3
apt/files/bullseye_backports_preferences
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
Package: *
|
||||||
|
Pin: release a=bullseye-backports
|
||||||
|
Pin-Priority: 50
|
|
@ -19,6 +19,7 @@
|
||||||
- /etc/apt/sources.list.d/debian-jessie.list
|
- /etc/apt/sources.list.d/debian-jessie.list
|
||||||
- /etc/apt/sources.list.d/debian-stretch.list
|
- /etc/apt/sources.list.d/debian-stretch.list
|
||||||
- /etc/apt/sources.list.d/debian-buster.list
|
- /etc/apt/sources.list.d/debian-buster.list
|
||||||
|
- /etc/apt/sources.list.d/debian-bullseye.list
|
||||||
- /etc/apt/sources.list.d/debian-update.list
|
- /etc/apt/sources.list.d/debian-update.list
|
||||||
when: apt_clean_gandi_sourceslist | bool
|
when: apt_clean_gandi_sourceslist | bool
|
||||||
tags:
|
tags:
|
||||||
|
|
3
apt/templates/bullseye_backports.list.j2
Normal file
3
apt/templates/bullseye_backports.list.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
deb http://mirror.evolix.org/debian bullseye-backports {{ apt_backports_components | mandatory }}
|
5
apt/templates/bullseye_basics.list.j2
Normal file
5
apt/templates/bullseye_basics.list.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
|
||||||
|
deb http://mirror.evolix.org/debian/ bullseye-updates {{ apt_basics_components | mandatory }}
|
||||||
|
deb http://security.debian.org/ bullseye-security {{ apt_basics_components | mandatory }}
|
|
@ -1,3 +1,8 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% if ansible_distribution_release == 'bullseye' %}
|
||||||
|
# Force previous Debian version (temporary)
|
||||||
|
deb http://pub.evolix.net/ buster/
|
||||||
|
{% else %}
|
||||||
deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
deb http://pub.evolix.net/ {{ ansible_distribution_release }}/
|
||||||
|
{% endif %}
|
||||||
|
|
8
bullseye-detect/tasks/main.yml
Normal file
8
bullseye-detect/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# Force facts until Debian 11 is released because Ansible is dumb
|
||||||
|
- set_fact:
|
||||||
|
ansible_distribution_major_version: 11
|
||||||
|
ansible_distribution: "Debian"
|
||||||
|
ansible_distribution_release: "bullseye"
|
||||||
|
when: "ansible_lsb.codename == 'bullseye' or ansible_lsb.release == 'testing/unstable'"
|
|
@ -40,9 +40,20 @@
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- docker-ce
|
- docker-ce
|
||||||
- python-docker
|
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: python-docker is installed
|
||||||
|
apt:
|
||||||
|
name: python-docker
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
|
||||||
|
- name: python3-docker is installed
|
||||||
|
apt:
|
||||||
|
name: python3-docker
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
|
||||||
- name: Copy Docker daemon configuration file
|
- name: Copy Docker daemon configuration file
|
||||||
template:
|
template:
|
||||||
src: daemon.json.j2
|
src: daemon.json.j2
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
elastic_stack_version: "6.x"
|
elastic_stack_version: "7.x"
|
||||||
|
|
||||||
elasticsearch_cluster_name: Null
|
elasticsearch_cluster_name: Null
|
||||||
elasticsearch_cluster_members: Null
|
elasticsearch_cluster_members: Null
|
||||||
|
|
BIN
elasticsearch/files/elastic.gpg
Normal file
BIN
elasticsearch/files/elastic.gpg
Normal file
Binary file not shown.
|
@ -52,4 +52,4 @@
|
||||||
name: elasticsearch
|
name: elasticsearch
|
||||||
enabled: yes
|
enabled: yes
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
|
|
|
@ -14,6 +14,7 @@ galaxy_info:
|
||||||
- jessie
|
- jessie
|
||||||
- stretch
|
- stretch
|
||||||
- buster
|
- buster
|
||||||
|
- bullseye
|
||||||
|
|
||||||
galaxy_tags: []
|
galaxy_tags: []
|
||||||
# List tags for your role here, one per line. A tag is
|
# List tags for your role here, one per line. A tag is
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
- name: Disable net.ipv4.tcp_timestamps
|
- name: Disable net.ipv4.tcp_timestamps
|
||||||
sysctl:
|
sysctl:
|
||||||
name: net.ipv4.tcp_timestamps
|
name: net.ipv4.tcp_timestamps
|
||||||
value: 0
|
value: '0'
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||||
state: present
|
state: present
|
||||||
reload: yes
|
reload: yes
|
||||||
|
|
|
@ -153,7 +153,7 @@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Install alert5 init script (buster)
|
- name: Install alert5 init script (buster and later)
|
||||||
template:
|
template:
|
||||||
src: system/alert5.sh.j2
|
src: system/alert5.sh.j2
|
||||||
dest: /usr/share/scripts/alert5.sh
|
dest: /usr/share/scripts/alert5.sh
|
||||||
|
@ -163,7 +163,7 @@
|
||||||
- evolinux_system_alert5_init | bool
|
- evolinux_system_alert5_init | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Install alert5 service (buster)
|
- name: Install alert5 service (buster and later)
|
||||||
copy:
|
copy:
|
||||||
src: alert5.service
|
src: alert5.service
|
||||||
dest: /etc/systemd/system/alert5.service
|
dest: /etc/systemd/system/alert5.service
|
||||||
|
@ -173,7 +173,7 @@
|
||||||
- evolinux_system_alert5_init | bool
|
- evolinux_system_alert5_init | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Enable alert5 init script (buster)
|
- name: Enable alert5 init script (buster and later)
|
||||||
systemd:
|
systemd:
|
||||||
name: alert5
|
name: alert5
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
|
|
@ -34,3 +34,4 @@ haproxy_deny_ips: []
|
||||||
|
|
||||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||||
haproxy_backports_packages_buster: haproxy
|
haproxy_backports_packages_buster: haproxy
|
||||||
|
haproxy_backports_packages_bullseye: haproxy
|
||||||
|
|
|
@ -15,6 +15,10 @@
|
||||||
haproxy_backports_packages: "{{ haproxy_backports_packages_buster }}"
|
haproxy_backports_packages: "{{ haproxy_backports_packages_buster }}"
|
||||||
when: ansible_distribution_release == 'buster'
|
when: ansible_distribution_release == 'buster'
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
haproxy_backports_packages: "{{ haproxy_backports_packages_bullseye }}"
|
||||||
|
when: ansible_distribution_release == 'bullseye'
|
||||||
|
|
||||||
- name: Prefer HAProxy package from backports
|
- name: Prefer HAProxy package from backports
|
||||||
template:
|
template:
|
||||||
src: haproxy_apt_preferences.j2
|
src: haproxy_apt_preferences.j2
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
elastic_stack_version: "5.x"
|
elastic_stack_version: "7.x"
|
||||||
|
|
||||||
kibana_server_host: "127.0.0.1"
|
kibana_server_host: "127.0.0.1"
|
||||||
kibana_server_basepath: ""
|
kibana_server_basepath: ""
|
||||||
|
|
BIN
kibana/files/elastic.gpg
Normal file
BIN
kibana/files/elastic.gpg
Normal file
Binary file not shown.
|
@ -1,31 +0,0 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v2.0.14 (GNU/Linux)
|
|
||||||
|
|
||||||
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
|
|
||||||
A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
|
|
||||||
CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
|
|
||||||
j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
|
|
||||||
1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
|
|
||||||
2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
|
|
||||||
KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
|
|
||||||
Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
|
|
||||||
F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
|
|
||||||
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
|
|
||||||
7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
|
|
||||||
TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
|
|
||||||
8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
|
|
||||||
eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
|
|
||||||
zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
|
|
||||||
RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
|
|
||||||
1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
|
|
||||||
Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
|
|
||||||
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
|
|
||||||
EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
|
|
||||||
c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
|
|
||||||
TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
|
|
||||||
6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
|
|
||||||
vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
|
|
||||||
cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
|
|
||||||
qPDlGRlOgVTd9xUfHFkzB52c70E=
|
|
||||||
=92oX
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
@ -129,3 +129,5 @@
|
||||||
|
|
||||||
- include: proxy_nginx.yml
|
- include: proxy_nginx.yml
|
||||||
when: kibana_proxy_nginx | bool
|
when: kibana_proxy_nginx | bool
|
||||||
|
tags:
|
||||||
|
- kibana
|
||||||
|
|
|
@ -18,4 +18,4 @@ lxc_php_container_releases:
|
||||||
php56: "jessie"
|
php56: "jessie"
|
||||||
php70: "stretch"
|
php70: "stretch"
|
||||||
php73: "buster"
|
php73: "buster"
|
||||||
php74: "buster"
|
php74: "bullseye"
|
||||||
|
|
|
@ -13,8 +13,8 @@
|
||||||
create: yes
|
create: yes
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- "deb https://packages.sury.org/php/ buster main"
|
- "deb https://packages.sury.org/php/ bullseye main"
|
||||||
- "deb http://pub.evolix.net/ buster-php74/"
|
- "deb http://pub.evolix.net/ bullseye-php74/"
|
||||||
|
|
||||||
- name: copy pub.evolix.net GPG key
|
- name: copy pub.evolix.net GPG key
|
||||||
copy:
|
copy:
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||||
lxc_container:
|
lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-zip php-mbstring php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -5,7 +5,18 @@
|
||||||
- lxc
|
- lxc
|
||||||
- debootstrap
|
- debootstrap
|
||||||
- xz-utils
|
- xz-utils
|
||||||
- python-lxc
|
|
||||||
|
- name: python-lxc is installed
|
||||||
|
apt:
|
||||||
|
name: python-lxc
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
|
||||||
|
- name: python3-lxc is installed
|
||||||
|
apt:
|
||||||
|
name: python3-lxc
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
|
||||||
- name: Install additional packages on Buster
|
- name: Install additional packages on Buster
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -121,13 +121,13 @@
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /etc/metricbeat/metricbeat.yml
|
dest: /etc/metricbeat/metricbeat.yml
|
||||||
force: "{{ metricbeat_force_config }}"
|
force: "{{ metricbeat_force_config }}"
|
||||||
loop: "{{ query('first_found', templates) }}"
|
loop: "{{ query('first_found', templates) }}"
|
||||||
vars:
|
vars:
|
||||||
templates:
|
templates:
|
||||||
- "templates/metricbeat/metricbeat.{{ inventory_hostname }}.yml.j2"
|
- "templates/metricbeat/metricbeat.{{ inventory_hostname }}.yml.j2"
|
||||||
- "templates/metricbeat/metricbeat.{{ host_group | default('all') }}.yml.j2"
|
- "templates/metricbeat/metricbeat.{{ host_group | default('all') }}.yml.j2"
|
||||||
- "templates/metricbeat/metricbeat.default.yml.j2"
|
- "templates/metricbeat/metricbeat.default.yml.j2"
|
||||||
- "templates/metricbeat.default.yml.j2"
|
- "templates/metricbeat.default.yml.j2"
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when: metricbeat_update_config | bool
|
when: metricbeat_update_config | bool
|
||||||
when: metricbeat_use_config_template | bool
|
when: metricbeat_use_config_template | bool
|
||||||
|
|
30
mongodb/files/server-4.4.asc
Normal file
30
mongodb/files/server-4.4.asc
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
mQINBFzteqwBEADSirbLWsjgkQmdWr06jXPN8049MCqXQIZ2ovy9uJPyLkHgOCta
|
||||||
|
8dmX+8Fkk5yNOLScjB1HUGJxAWJG+AhldW1xQGeo6loDfTW1mlfetq/zpW7CKbUp
|
||||||
|
qve9eYYulneAy/81M/UoUZSzHqj6XY39wzJCH20H+Qx3WwcqXgSU7fSFXyJ4EBYs
|
||||||
|
kWybbrAra5v29LUTBd7OvvS+Swovdh4T31YijUOUUL/gJkBI9UneVyV7/8DdUoVJ
|
||||||
|
a8ym2pZ6ALy+GZrWBHcCKD/rQjEkXJnDglu+FSUI50SzaC9YX31TTzEMJijiPi6I
|
||||||
|
MIZJMXLH7GpCIDcvyrLWIRYVJAQRoYJB4rmp42HTyed4eg4RnSiFrxVV5xQaDnSl
|
||||||
|
/8zSOdVMBVewp8ipv34VeRXgNTgRkhA2JmL+KlALMkPo7MbRkJF01DiOOsIdz3Iu
|
||||||
|
43oYg3QYmqxZI6kZNtXpUMnJeuRmMQJJN8yc9ZdOA9Ll2TTcIql8XEsjGcM7IWM9
|
||||||
|
CP6zGwCcbrv72Ka+h/bGaLpwLbpkr5I8PjjSECn9fBcgnVX6HfKH7u3y11+Va1nh
|
||||||
|
a8ZEE1TuOqRxnVDQ+K4iwaZFgFYsBMKo2ghoU2ZbZxu14vs6Eksn6UFsm8DpPwfy
|
||||||
|
jtLtdje8jrbYAqAy5zIMLoW+I6Rb5sU3Olh9nI7NW4T5qQeemBcuRAwB4QARAQAB
|
||||||
|
tDdNb25nb0RCIDQuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u
|
||||||
|
Z29kYi5jb20+iQI+BBMBAgAoBQJc7XqsAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsE
|
||||||
|
FgIDAQIeAQIXgAAKCRBlZAjjkM+x9SKmD/9BzdjFAgBPPkUnD5pJQgsBQKUEkDsu
|
||||||
|
cht6Q0Y4M635K7okpqJvXtZV5Mo+ajWZjUeHn4wPdVgzF2ItwVLRjjak3tIZfe3+
|
||||||
|
ME5Y27Aej3LeqQC3Q5g6SnpeZwVEhWzU35CnyhQecP4AhDG3FO0gKUn3GkEgmsd6
|
||||||
|
rnXAQLEw3VUYO8boxqBF3zjmFLIIaODYNmO1bLddJgvZlefUC62lWBBUs6Z7PBnl
|
||||||
|
q7qBQFhz9qV9zXZwCT2/vgGLg5JcwVdcJXwAsQSr1WCVd7Y79+JcA7BZiSg9FAQd
|
||||||
|
4t2dCkkctoUKgXsAH5fPwErGNj5L6iUnhFODPvdDJ7l35UcIZ2h74lqfEh+jh8eo
|
||||||
|
UgxkcI2y2FY/lPapcPPKe0FHzCxG2U/NRdM+sqrIfp9+s88Bj+Eub7OhW4dF3AlL
|
||||||
|
bh/BGHL9R8xAJRDLv8v7nsKkZWUnJaskeDFCKX3rjcTyTRWTG7EuMCmCn0Ou1hKc
|
||||||
|
R3ECvIq0pVfVh+qk0hu+A5Dvj6k3QDcTfse+KfSAJkYvRKiuRuq5KgYcX3YSzL6K
|
||||||
|
aZitMyu18XsQxKavpIGzaDhWyrVAig3XXF//zxowYVwuOikr5czgqizu87cqjpyn
|
||||||
|
S0vVG4Q3+LswH4xVTn3UWadY/9FkM167ecouu4g3op29VDi7hCKsMeFvFP6OOIls
|
||||||
|
G4vQ/QbzucK77Q==
|
||||||
|
=eD3N
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
BIN
mongodb/files/server-4.4.gpg
Normal file
BIN
mongodb/files/server-4.4.gpg
Normal file
Binary file not shown.
|
@ -12,4 +12,7 @@
|
||||||
when: ansible_distribution_release == "stretch"
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- include: main_buster.yml
|
- include: main_buster.yml
|
||||||
when: ansible_distribution_major_version is version('10', '>=')
|
when: ansible_distribution_release == "buster"
|
||||||
|
|
||||||
|
- include: main_bullseye.yml
|
||||||
|
when: ansible_distribution_major_version is version('11', '>=')
|
||||||
|
|
95
mongodb/tasks/main_bullseye.yml
Normal file
95
mongodb/tasks/main_bullseye.yml
Normal file
|
@ -0,0 +1,95 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# https://wiki.debian.org/DebianRepository/UseThirdParty
|
||||||
|
- name: MongoDB embedded GPG key is absent
|
||||||
|
apt_key:
|
||||||
|
id: "B8612B5D"
|
||||||
|
keyring: /etc/apt/trusted.gpg
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Add MongoDB GPG key
|
||||||
|
copy:
|
||||||
|
src: server-4.4.asc
|
||||||
|
dest: /etc/apt/trusted.gpg.d/mongodb-server-4.4.asc
|
||||||
|
force: yes
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: enable APT sources list
|
||||||
|
apt_repository:
|
||||||
|
repo: deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main
|
||||||
|
state: present
|
||||||
|
filename: mongodb-org-4.4
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Install packages
|
||||||
|
apt:
|
||||||
|
name: mongodb-org
|
||||||
|
update_cache: yes
|
||||||
|
state: present
|
||||||
|
register: _mongodb_install_package
|
||||||
|
|
||||||
|
- name: MongoDB service in enabled and started
|
||||||
|
systemd:
|
||||||
|
name: mongod
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
when: _mongodb_install_package.changed
|
||||||
|
|
||||||
|
- name: install dependency for monitoring
|
||||||
|
apt:
|
||||||
|
name: python3-pymongo
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Custom configuration
|
||||||
|
template:
|
||||||
|
src: mongodb_bullseye.conf.j2
|
||||||
|
dest: "/etc/mongod.conf"
|
||||||
|
force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
|
||||||
|
notify: restart mongod
|
||||||
|
|
||||||
|
- name: Configure logrotate
|
||||||
|
template:
|
||||||
|
src: logrotate_bullseye.j2
|
||||||
|
dest: /etc/logrotate.d/mongodb
|
||||||
|
force: yes
|
||||||
|
backup: no
|
||||||
|
|
||||||
|
- name: Munin plugins local directory exists
|
||||||
|
file:
|
||||||
|
dest: /usr/local/share/munin/plugins/
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Munin plugins are present
|
||||||
|
copy:
|
||||||
|
src: "munin/{{ item }}"
|
||||||
|
dest: '/usr/local/share/munin/plugins/{{ item }}'
|
||||||
|
force: yes
|
||||||
|
with_items:
|
||||||
|
- mongo_btree
|
||||||
|
- mongo_collections
|
||||||
|
- mongo_conn
|
||||||
|
- mongo_docs
|
||||||
|
- mongo_lock
|
||||||
|
- mongo_mem
|
||||||
|
- mongo_ops
|
||||||
|
- mongo_page_faults
|
||||||
|
notify: restart munin-node
|
||||||
|
|
||||||
|
- name: Enable core Munin plugins
|
||||||
|
file:
|
||||||
|
src: '/usr/local/share/munin/plugins/{{ item }}'
|
||||||
|
dest: /etc/munin/plugins/{{ item }}
|
||||||
|
state: link
|
||||||
|
with_items:
|
||||||
|
- mongo_btree
|
||||||
|
- mongo_collections
|
||||||
|
- mongo_conn
|
||||||
|
- mongo_docs
|
||||||
|
- mongo_lock
|
||||||
|
- mongo_mem
|
||||||
|
- mongo_ops
|
||||||
|
- mongo_page_faults
|
||||||
|
notify: restart munin-node
|
15
mongodb/templates/logrotate_bullseye.j2
Normal file
15
mongodb/templates/logrotate_bullseye.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
/var/log/mongodb/mongod.log {
|
||||||
|
daily
|
||||||
|
missingok
|
||||||
|
rotate 365
|
||||||
|
dateext
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
notifempty
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
pidof mongod | xargs kill -USR1
|
||||||
|
endscript
|
||||||
|
}
|
39
mongodb/templates/mongodb_bullseye.conf.j2
Normal file
39
mongodb/templates/mongodb_bullseye.conf.j2
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# mongodb.conf - {{ ansible_managed }}
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: /var/lib/mongodb
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
# engine:
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: file
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
path: /var/log/mongodb/mongodb.log
|
||||||
|
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_port }}
|
||||||
|
bindIp: {{ mongodb_bind }}
|
||||||
|
|
||||||
|
#security:
|
||||||
|
|
||||||
|
#operationProfiling:
|
||||||
|
|
||||||
|
#replication:
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
||||||
|
## Enterprise-Only Options:
|
||||||
|
|
||||||
|
#auditLog:
|
||||||
|
|
||||||
|
#snmp:
|
|
@ -5,6 +5,16 @@
|
||||||
apt:
|
apt:
|
||||||
name: python-mysqldb
|
name: python-mysqldb
|
||||||
state: present
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
tags:
|
||||||
|
- mysql
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python3-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
# mytop
|
# mytop
|
||||||
|
|
||||||
- name: "mytop is installed (jessie)"
|
- name: "mytop is installed (Debian 9)"
|
||||||
apt:
|
apt:
|
||||||
name: mytop
|
name: mytop
|
||||||
state: present
|
state: present
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
# name: mysql-utilities
|
# name: mysql-utilities
|
||||||
# when: ansible_distribution_major_version is version('9', '>=')
|
# when: ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: "mytop dependencies are installed (stretch)"
|
- name: "mytop dependencies are installed (Buster)"
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- libconfig-inifiles-perl
|
- libconfig-inifiles-perl
|
||||||
|
@ -46,13 +46,21 @@
|
||||||
- mysql
|
- mysql
|
||||||
when: ansible_distribution_release == "stretch"
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- name: "Install dependencies for mytop (Debian 10 or later)"
|
- name: "Install dependencies for mytop (Debian 10)"
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- mariadb-client-10.3
|
- mariadb-client-10.3
|
||||||
- libconfig-inifiles-perl
|
- libconfig-inifiles-perl
|
||||||
- libterm-readkey-perl
|
- libterm-readkey-perl
|
||||||
when: ansible_distribution_major_version is version('10', '>=')
|
when: ansible_distribution_release == "buster"
|
||||||
|
|
||||||
|
- name: "Install dependencies for mytop (Debian 11 or later)"
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- mariadb-client-10.5
|
||||||
|
- libconfig-inifiles-perl
|
||||||
|
- libterm-readkey-perl
|
||||||
|
when: ansible_distribution_major_version is version('11', '>=')
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
|
|
|
@ -6,13 +6,22 @@
|
||||||
when: mysql_variant == "mariadb"
|
when: mysql_variant == "mariadb"
|
||||||
|
|
||||||
# dependency for mysql_user and mysql_db
|
# dependency for mysql_user and mysql_db
|
||||||
|
|
||||||
- name: python-mysqldb is installed (Ansible dependency)
|
- name: python-mysqldb is installed (Ansible dependency)
|
||||||
apt:
|
apt:
|
||||||
name: python-mysqldb
|
name: python-mysqldb
|
||||||
state: present
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python3-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
tags:
|
||||||
|
- mysql
|
||||||
|
|
||||||
- name: create a password for mysqladmin
|
- name: create a password for mysqladmin
|
||||||
command: "apg -n 1 -m 16 -M lcN"
|
command: "apg -n 1 -m 16 -M lcN"
|
||||||
|
|
|
@ -1,13 +1,22 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
# dependency for mysql_user and mysql_db
|
# dependency for mysql_user and mysql_db
|
||||||
|
|
||||||
- name: python-mysqldb is installed (Ansible dependency)
|
- name: python-mysqldb is installed (Ansible dependency)
|
||||||
apt:
|
apt:
|
||||||
name: python-mysqldb
|
name: python-mysqldb
|
||||||
state: present
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python3-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
tags:
|
||||||
|
- mysql
|
||||||
|
|
||||||
- name: create a password for mysqladmin
|
- name: create a password for mysqladmin
|
||||||
command: "apg -n 1 -m 16 -M lcN"
|
command: "apg -n 1 -m 16 -M lcN"
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
|
|
||||||
# mytop
|
# mytop
|
||||||
|
|
||||||
- name: "Install mytop (jessie)"
|
- name: "Install mytop (Debian 9)"
|
||||||
apt:
|
apt:
|
||||||
name: mytop
|
name: mytop
|
||||||
state: present
|
state: present
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
- mysql
|
- mysql
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- name: "Install dependencies for mytop (stretch)"
|
- name: "Install dependencies for mytop (Debian 9)"
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- mariadb-client-10.1
|
- mariadb-client-10.1
|
||||||
|
@ -35,13 +35,21 @@
|
||||||
- libterm-readkey-perl
|
- libterm-readkey-perl
|
||||||
when: ansible_distribution_release == "stretch"
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- name: "Install dependencies for mytop (Debian 10 or later)"
|
- name: "Install dependencies for mytop (Debian 10)"
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- mariadb-client-10.3
|
- mariadb-client-10.3
|
||||||
- libconfig-inifiles-perl
|
- libconfig-inifiles-perl
|
||||||
- libterm-readkey-perl
|
- libterm-readkey-perl
|
||||||
when: ansible_distribution_major_version is version('10', '>=')
|
when: ansible_distribution_release == "buster"
|
||||||
|
|
||||||
|
- name: "Install dependencies for mytop (Debian 11 or later)"
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- mariadb-client-10.5
|
||||||
|
- libconfig-inifiles-perl
|
||||||
|
- libterm-readkey-perl
|
||||||
|
when: ansible_distribution_major_version is version('11', '>=')
|
||||||
|
|
||||||
- name: Read debian-sys-maint password
|
- name: Read debian-sys-maint password
|
||||||
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
Package: phpmyadmin php-twig
|
Package: phpmyadmin php-twig
|
||||||
Pin: release a=buster-backports
|
Pin: release a=buster-backports
|
||||||
Pin-Priority: 999
|
Pin-Priority: 999
|
||||||
|
|
|
@ -14,3 +14,8 @@
|
||||||
service:
|
service:
|
||||||
name: php7.3-fpm
|
name: php7.3-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart php7.4-fpm
|
||||||
|
service:
|
||||||
|
name: php7.4-fpm
|
||||||
|
state: restarted
|
||||||
|
|
|
@ -12,3 +12,6 @@
|
||||||
|
|
||||||
- include: main_buster.yml
|
- include: main_buster.yml
|
||||||
when: ansible_distribution_release == "buster"
|
when: ansible_distribution_release == "buster"
|
||||||
|
|
||||||
|
- include: main_bullseye.yml
|
||||||
|
when: ansible_distribution_release == "bullseye"
|
||||||
|
|
96
php/tasks/main_bullseye.yml
Normal file
96
php/tasks/main_bullseye.yml
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Set variables (Debian 10 or later)"
|
||||||
|
set_fact:
|
||||||
|
php_cli_defaults_ini_file: /etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_cli_custom_ini_file: /etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_apache_defaults_ini_file: /etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_apache_custom_ini_file: /etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_fpm_defaults_ini_file: /etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini
|
||||||
|
php_fpm_custom_ini_file: /etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini
|
||||||
|
php_fpm_debian_default_pool_file: /etc/php/7.4/fpm/pool.d/www.conf
|
||||||
|
php_fpm_default_pool_file: /etc/php/7.4/fpm/pool.d/www-evolinux-defaults.conf
|
||||||
|
php_fpm_default_pool_custom_file: /etc/php/7.4/fpm/pool.d/www-evolinux-zcustom.conf
|
||||||
|
php_fpm_default_pool_socket: /var/run/php/php7.4-fpm.sock
|
||||||
|
php_fpm_service_name: php7.4-fpm
|
||||||
|
|
||||||
|
# Packages
|
||||||
|
|
||||||
|
- name: "Set package list (Debian 9 or later)"
|
||||||
|
set_fact:
|
||||||
|
php_stretch_packages:
|
||||||
|
- php-cli
|
||||||
|
- php-gd
|
||||||
|
- php-intl
|
||||||
|
- php-imap
|
||||||
|
- php-ldap
|
||||||
|
- php-mysql
|
||||||
|
# php-mcrypt is no longer packaged for PHP 7.2
|
||||||
|
- php-pgsql
|
||||||
|
- php-sqlite3
|
||||||
|
- php-curl
|
||||||
|
- php-ssh2
|
||||||
|
- php-zip
|
||||||
|
- composer
|
||||||
|
- libphp-phpmailer
|
||||||
|
|
||||||
|
- include: sury_pre.yml
|
||||||
|
when: php_sury_enable
|
||||||
|
|
||||||
|
- name: "Install PHP packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name: '{{ php_stretch_packages }}'
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: "Install mod_php packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- libapache2-mod-php
|
||||||
|
- php
|
||||||
|
state: present
|
||||||
|
when: php_apache_enable
|
||||||
|
|
||||||
|
- name: "Install PHP FPM packages (Debian 9 or later)"
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- php-fpm
|
||||||
|
- php
|
||||||
|
state: present
|
||||||
|
when: php_fpm_enable
|
||||||
|
|
||||||
|
# Configuration
|
||||||
|
|
||||||
|
- name: Enforce permissions on PHP directory
|
||||||
|
file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
mode: "0755"
|
||||||
|
with_items:
|
||||||
|
- /etc/php
|
||||||
|
- /etc/php/7.4
|
||||||
|
|
||||||
|
- include: config_cli.yml
|
||||||
|
- name: Enforce permissions on PHP cli directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.4/cli
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- include: config_fpm.yml
|
||||||
|
when: php_fpm_enable
|
||||||
|
|
||||||
|
- name: Enforce permissions on PHP fpm directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.4/fpm
|
||||||
|
mode: "0755"
|
||||||
|
when: php_fpm_enable
|
||||||
|
|
||||||
|
- include: config_apache.yml
|
||||||
|
when: php_apache_enable
|
||||||
|
|
||||||
|
- name: Enforce permissions on PHP apache2 directory
|
||||||
|
file:
|
||||||
|
dest: /etc/php/7.4/apache2
|
||||||
|
mode: "0755"
|
||||||
|
when: php_apache_enable
|
||||||
|
|
||||||
|
- include: sury_post.yml
|
||||||
|
when: php_sury_enable
|
|
@ -5,10 +5,10 @@
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- include: packages_stretch.yml
|
- include: packages_stretch.yml
|
||||||
when: ansible_distribution_major_version is version('9', '=')
|
when: ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- include: packages_buster.yml
|
- include: packages_buster.yml
|
||||||
when: ansible_distribution_major_version is version('10', '=')
|
when: ansible_distribution_release == "buster"
|
||||||
|
|
||||||
- include: packages_bullseye.yml
|
- include: packages_bullseye.yml
|
||||||
when: ansible_distribution_major_version is version('11', '>=')
|
when: ansible_distribution_major_version is version('11', '>=')
|
||||||
|
|
|
@ -9,10 +9,17 @@
|
||||||
register: postgresql_nrpe_password
|
register: postgresql_nrpe_password
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
- name: Install python dependencies for postgresql_user
|
- name: python-psycopg2 is installed (Ansible dependency)
|
||||||
apt:
|
apt:
|
||||||
name: python-psycopg2
|
name: python-psycopg2
|
||||||
state: present
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
|
||||||
|
- name: python3-psycopg2 is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-psycopg2
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
|
||||||
- name: Is nrpe present ?
|
- name: Is nrpe present ?
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -1,9 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: check_rabbitmq dependencies
|
- name: python-requests is installed (check_rabbitmq dependency)
|
||||||
apt:
|
apt:
|
||||||
name: python-requests
|
name: python-requests
|
||||||
state: present
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
|
||||||
|
- name: python3-requests is installed (check_rabbitmq dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-requests
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
|
|
45
redis/templates/redis-server@bullseye.service.j2
Normal file
45
redis/templates/redis-server@bullseye.service.j2
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Advanced key-value store
|
||||||
|
After=network.target
|
||||||
|
Documentation=http://redis.io/documentation, man:redis-server(1)
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf --supervised systemd --daemonize no
|
||||||
|
PIDFile=/run/redis-%i/redis-server.pid
|
||||||
|
TimeoutStopSec=0
|
||||||
|
Restart=always
|
||||||
|
User=redis-%i
|
||||||
|
Group=redis-%i
|
||||||
|
RuntimeDirectory=redis-%i
|
||||||
|
RuntimeDirectoryMode=2755
|
||||||
|
|
||||||
|
UMask=007
|
||||||
|
PrivateTmp=yes
|
||||||
|
LimitNOFILE=65535
|
||||||
|
PrivateDevices=yes
|
||||||
|
ProtectHome={{ redis_data_dir_prefix is match('/home') | ternary('no', 'yes') }}
|
||||||
|
ReadOnlyDirectories=/
|
||||||
|
ReadWritePaths=-{{ redis_data_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_log_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_pid_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_socket_dir_prefix }}-%i
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictNamespaces=true
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||||
|
|
||||||
|
# redis-server can write to its own config file when in cluster mode so we
|
||||||
|
# permit writing there by default. If you are not using this feature, it is
|
||||||
|
# recommended that you replace the following lines with "ProtectSystem=full".
|
||||||
|
ProtectSystem=true
|
||||||
|
ReadWriteDirectories=-{{ redis_conf_dir_prefix }}-%i
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Install dependancy
|
- name: Install dependency
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- libpam-systemd
|
- libpam-systemd
|
||||||
|
@ -14,7 +14,24 @@
|
||||||
- libmagickwand-dev
|
- libmagickwand-dev
|
||||||
- libmagickcore-dev
|
- libmagickcore-dev
|
||||||
- libmariadbclient-dev
|
- libmariadbclient-dev
|
||||||
- python-mysqldb
|
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
tags:
|
||||||
|
- redmine
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python3-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
|
tags:
|
||||||
|
- redmine
|
|
@ -1,4 +0,0 @@
|
||||||
# systemd override for Squid
|
|
||||||
[Service]
|
|
||||||
ExecStart=
|
|
||||||
ExecStart=/usr/sbin/squid -sYC -f /etc/squid/evolinux-defaults.conf
|
|
|
@ -22,6 +22,13 @@
|
||||||
- squidclient
|
- squidclient
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Fetch packages
|
||||||
|
package_facts:
|
||||||
|
manager: auto
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: ansible_facts.packages[squid_daemon_name]
|
||||||
|
|
||||||
- name: "Set alternative config file (Debian 9 or later)"
|
- name: "Set alternative config file (Debian 9 or later)"
|
||||||
copy:
|
copy:
|
||||||
src: default_squid
|
src: default_squid
|
||||||
|
|
|
@ -16,8 +16,8 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: "Squid systemd unit service is present"
|
- name: "Squid systemd unit service is present"
|
||||||
copy:
|
template:
|
||||||
src: systemd-override.conf
|
src: systemd-override.conf.j2
|
||||||
dest: /etc/systemd/system/squid.service.d/override.conf
|
dest: /etc/systemd/system/squid.service.d/override.conf
|
||||||
force: yes
|
force: yes
|
||||||
register: _squid_systemd_override
|
register: _squid_systemd_override
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
http_port 8888 transparent
|
http_port 8888 transparent
|
||||||
cache deny all
|
cache deny all
|
||||||
ignore_expect_100 on
|
{% if ansible_facts.packages[squid_daemon_name][0]['version'] is version (4, '<') %}ignore_expect_100 on{% endif %}
|
||||||
tcp_outgoing_address {{ squid_address }}
|
tcp_outgoing_address {{ squid_address }}
|
||||||
|
|
8
squid/templates/systemd-override.conf.j2
Normal file
8
squid/templates/systemd-override.conf.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# systemd override for Squid
|
||||||
|
[Service]
|
||||||
|
ExecStart=
|
||||||
|
{% if ansible_distribution_major_version is version('11', '>=') %}
|
||||||
|
ExecStart=/usr/sbin/squid --foreground -sYC -f /etc/squid/evolinux-defaults.conf
|
||||||
|
{% else %}
|
||||||
|
ExecStart=/usr/sbin/squid -sYC -f /etc/squid/evolinux-defaults.conf
|
||||||
|
{% endif %}
|
|
@ -21,6 +21,13 @@
|
||||||
- ansible_distribution_release == "buster"
|
- ansible_distribution_release == "buster"
|
||||||
- tomcat_version is not defined
|
- tomcat_version is not defined
|
||||||
|
|
||||||
|
- name: Set Tomcat version to 10 on Debian 11 if missing
|
||||||
|
set_fact:
|
||||||
|
tomcat_version: 10
|
||||||
|
when:
|
||||||
|
- ansible_distribution_release == "bullseye"
|
||||||
|
- tomcat_version is not defined
|
||||||
|
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
|
|
|
@ -52,6 +52,7 @@
|
||||||
- config
|
- config
|
||||||
- update-config
|
- update-config
|
||||||
|
|
||||||
|
# TODO: verify if it's still necessary for Debian 11
|
||||||
- name: Override Varnish systemd unit (Buster and later)
|
- name: Override Varnish systemd unit (Buster and later)
|
||||||
template:
|
template:
|
||||||
src: varnish.conf.buster.j2
|
src: varnish.conf.buster.j2
|
||||||
|
|
|
@ -16,7 +16,24 @@
|
||||||
- php-apcu
|
- php-apcu
|
||||||
- php-redis
|
- php-redis
|
||||||
- php-bcmath
|
- php-bcmath
|
||||||
- python-mysqldb
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '<=')
|
||||||
|
tags:
|
||||||
|
- nextcloud
|
||||||
|
|
||||||
|
# dependency for mysql_user and mysql_db
|
||||||
|
- name: python3-mysqldb is installed (Ansible dependency)
|
||||||
|
apt:
|
||||||
|
name: python3-mysqldb
|
||||||
|
state: present
|
||||||
|
when: ansible_distribution_major_version is version('10', '>')
|
||||||
tags:
|
tags:
|
||||||
- nextcloud
|
- nextcloud
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue