+
+Reverse the default sort order.
+
+=item B
+
+Pause display.
+
+=item B
+
+Quit B
+
+=item B
+
+Reset the server's status counters via a I command.
+
+=item B
+
+Togle IP reverse lookup. Default is on.
+
+=item B
+
+Change the sleep time (number of seconds between display refreshes).
+
+=item B
+
+Set the number of seconds a query will need to run before it is
+considered old and will be highlighted.
+
+=item B
+
+Show only threads owned by a giver user.
+
+=back
+
+The B key has a command-line counterpart: B<-s>.
+
+The B key has two command-line counterparts: B<-header> and
+B<-noheader>.
+
+=head1 BUGS
+
+This is more of a BUGS + WishList.
+
+Some performance information is not available when talking to a
+version 3.22.x MySQL server. Additional information (about threads
+mostly) was added to the output of I in MySQL 3.23.x and
+B makes use of it. If the information is not available, you
+will simply see zeros where the real numbers should be.
+
+Simply running this program will increase your overall counters (such
+as the number of queries run). But you may or may not view that as a
+bug.
+
+B consumes too much CPU time when running (verified on older
+versions of Linux and FreeBSD). It's likely a problem related to
+Term::ReadKey. I haven't had time to investigate yet, so B now
+automatically lowers its priority when you run it. You may also think
+about running B on another workstation instead of your database
+server. However, C on Solaris does B have this problem.
+Newer versions of Linux and FreeBSD seem to have fixed this.
+
+You can't specify the maximum number of threads to list. If you have
+many threads and a tall xterm, B will always try to display as
+many as it can fit.
+
+The size of most of the columns in the display has a small maximum
+width. If you have fairly long database/user/host names the display
+may appear odd. I have no good idea as to how best to deal with that
+yet. Suggestions are welcome.
+
+It'd be nice if you could just add B configuration directives
+in your C file instead of having a separate config file.
+
+You should be able to specify the columns you'd like to see in the
+display and the order in which they appear. If you only have one
+username that connects to your database, it's probably not worth
+having the User column appear, for example.
+
+=head1 AUTHOR
+
+mytop was developed and is maintained by Jeremy D. Zawodny
+(Jeremy@Zawodny.com).
+
+If you wish to e-mail me regarding this software, B subscribe
+to the B mailing list. See the B homepage for details.
+
+=head1 DISCLAIMER
+
+While I use this software in my job at Yahoo!, I am solely responsible
+for it. Yahoo! does not necessarily support this software in any
+way. It is merely a personal idea which happened to be very useful in
+my job.
+
+=head1 RECRUITING
+
+If you hack Perl and grok MySQL, come work at Yahoo! Contact me for
+details. Or just send me your resume. Er, unless we just had layoffs,
+in which case we're not hiring. :-(
+
+=head1 SEE ALSO
+
+Please check the MySQL manual if you're not sure where some of the
+output of B is coming from.
+
+=head1 COPYRIGHT
+
+Copyright (C) 2000-2010, Jeremy D. Zawodny.
+
+=head1 CREDITS
+
+Fix a bug. Add a feature. See your name here!
+
+Many thanks go to these fine folks:
+
+=over
+
+=item Mark Grennan (mark@grennan.com) www.linuxfangoy.com
+
+Added updates for MySQL 5.x. Added 'S' (slow) highlighting.
+Added 'C' to turn on and off Color. Added 'l' command to change
+color for long running queries. Fixed a few documentation issues.
+Monitors Slave status. Added color to Queue hit ratio.
+Added number of rows sorted per second.
+Created release 1.7.
+
+=item Sami Ahlroos (sami@avis-net.de)
+
+Suggested the idle/noidle stuff.
+
+=item Jan Willamowius (jan@janhh.shnet.org)
+
+Mirnor bug report. Documentation fixes.
+
+=item Alex Osipov (alex@acky.net)
+
+Long command-line options, Unix socket support.
+
+=item Stephane Enten (tuf@grolier.fr)
+
+Suggested batch mode.
+
+=item Richard Ellerbrock (richarde@eskom.co.za)
+
+Bug reports and usability suggestions.
+
+=item William R. Mattil (wrm@newton.irngtx.tel.gte.com)
+
+Bug report about empty passwords not working.
+
+=item Benjamin Pflugmann (philemon@spin.de)
+
+Suggested -P command-line flag as well as other changes.
+
+=item Justin Mecham
+
+Suggested setting $0 to `mytop'.
+
+=item Thorsten Kunz
+
+Provided a fix for cases when we try remove the domain name from the
+display even if it is actually an IP address.
+
+=item Sasha Pachev
+
+Provided the idea of real-time queries per second in the main display.
+
+=item Paul DuBois
+
+Pointed out some option-handling bugs.
+
+=item Mike Wexler
+
+Suggested that we don't mangle (normalize) whitespace in query info by
+default.
+
+=item Mark Zweifel
+
+Make the --idle command-line argument negatable.
+
+=item Axel Schwenke
+
+Noticed the inccorect formula for query cache hit percentages in
+version 1.2.
+
+=item Steven Roussey
+
+Supplied a patch to help filter binary junk in queries so that
+terminals don't freak out.
+
+=item jon r. luini
+
+Supplied a patch that formed the basis for C<-prompt> support. Sean
+Leach submitted a similar patch.
+
+=item Yogish Baliga
+
+Supplied a patch that formed the basis for C<-resolve> support.
+
+=item Per Andreas Buer
+
+Supplied an excellent patch to tidy up the top display. This includes
+showing most values in short form, such as 10k rather than 10000.
+
+=back
+
+See the Changes file on the B distribution page for more
+details on what has changed.
+
+=head1 LICENSE
+
+B is licensed under the GNU General Public License version
+2. For the full license information, please visit
+http://www.gnu.org/copyleft/gpl.html
+
+=cut
+
+__END__
diff --git a/mysql-oracle/handlers/main.yml b/mysql-oracle/handlers/main.yml
new file mode 100644
index 00000000..7571ebc5
--- /dev/null
+++ b/mysql-oracle/handlers/main.yml
@@ -0,0 +1,21 @@
+---
+- name: restart munin-node
+ service:
+ name: munin-node
+ state: restarted
+
+- name: restart nagios-nrpe-server
+ service:
+ name: nagios-nrpe-server
+ state: restarted
+
+- name: restart mysql
+ service:
+ name: mysql
+ state: restarted
+
+- name: reload systemd
+ command: systemctl daemon-reload
+
+- name: Restart minifirewall
+ command: /etc/init.d/minifirewall restart
diff --git a/mysql-oracle/meta/main.yml b/mysql-oracle/meta/main.yml
new file mode 100644
index 00000000..8cb59054
--- /dev/null
+++ b/mysql-oracle/meta/main.yml
@@ -0,0 +1,20 @@
+galaxy_info:
+ author: Evolix
+ description: Install and configure MySQL 5.7 (with Oracle packages)
+
+ issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
+
+ license: GPLv2
+
+ min_ansible_version: 2.2
+
+ platforms:
+ - name: Debian
+ versions:
+ - jessie
+ - stretch
+
+dependencies: []
+ # List your role dependencies here, one per line.
+ # Be sure to remove the '[]' above if you add dependencies
+ # to this list.
diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml
new file mode 100644
index 00000000..09131f92
--- /dev/null
+++ b/mysql-oracle/tasks/config.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "Copy MySQL defaults config file"
+ copy:
+ src: evolinux-defaults.cnf
+ dest: "/etc/mysql/conf.d/z-evolinux-defaults.cnf"
+ owner: root
+ group: root
+ mode: "0644"
+ force: yes
+ tags:
+ - mysql
+
+- name: "Copy MySQL custom config file"
+ template:
+ src: evolinux-custom.cnf.j2
+ dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf"
+ owner: root
+ group: root
+ mode: "0644"
+ force: no
+ tags:
+ - mysql
diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml
new file mode 100644
index 00000000..28beb1ed
--- /dev/null
+++ b/mysql-oracle/tasks/datadir.yml
@@ -0,0 +1,45 @@
+---
+
+- block:
+ - name: "Is {{ mysql_custom_datadir }} present ?"
+ stat:
+ path: "{{ mysql_custom_datadir }}"
+ check_mode: no
+ register: mysql_custom_datadir_test
+
+ - name: "read the real datadir"
+ command: readlink -f /var/lib/mysql
+ changed_when: False
+ check_mode: no
+ register: mysql_current_real_datadir_test
+ tags:
+ - mysql
+ when: mysql_custom_datadir != ''
+
+- block:
+ - name: MySQL is stopped
+ service:
+ name: mysql
+ state: stopped
+
+ - name: Move MySQL datadir to {{ mysql_custom_datadir }}
+ command: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }}
+ args:
+ creates: "{{ mysql_custom_datadir }}"
+
+ - name: Symlink {{ mysql_custom_datadir }} to /var/lib/mysql
+ file:
+ src: "{{ mysql_custom_datadir }}"
+ dest: '/var/lib/mysql'
+ state: link
+
+ - name: MySQL is started
+ service:
+ name: mysql
+ state: started
+ tags:
+ - mysql
+ when:
+ - mysql_custom_datadir != ''
+ - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
+ - not mysql_custom_datadir_test.stat.exists
diff --git a/mysql-oracle/tasks/log2mail.yml b/mysql-oracle/tasks/log2mail.yml
new file mode 100644
index 00000000..568b6649
--- /dev/null
+++ b/mysql-oracle/tasks/log2mail.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Is log2mail present ?
+ stat:
+ path: /etc/log2mail/config
+ check_mode: no
+ register: log2mail_config_dir
+ tags:
+ - mysql
+ - log2mail
+
+- name: Copy log2mail config
+ template:
+ src: log2mail.j2
+ dest: /etc/log2mail/config/mysql.conf
+ owner: log2mail
+ group: adm
+ mode: "0640"
+ when: log2mail_config_dir.stat.exists
+ tags:
+ - mysql
+ - log2mail
diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml
new file mode 100644
index 00000000..273960a9
--- /dev/null
+++ b/mysql-oracle/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- include: packages.yml
+
+- include: users.yml
+
+- include: config.yml
+
+- include: datadir.yml
+
+- include: tmpdir.yml
+
+- include: nrpe.yml
+
+- include: munin.yml
+
+- include: log2mail.yml
+
+- include: utils.yml
diff --git a/mysql-oracle/tasks/munin.yml b/mysql-oracle/tasks/munin.yml
new file mode 100644
index 00000000..52b6eed4
--- /dev/null
+++ b/mysql-oracle/tasks/munin.yml
@@ -0,0 +1,64 @@
+---
+
+- name: is Munin present ?
+ stat:
+ path: /etc/munin/plugin-conf.d/munin-node
+ check_mode: no
+ register: munin_node_plugins_config
+ tags:
+ - mysql
+ - munin
+
+- block:
+ - name: Install perl libraries for Munin
+ apt:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - libdbd-mysql-perl
+ - libcache-cache-perl
+
+ - name: Enable core Munin plugins
+ file:
+ src: '/usr/share/munin/plugins/{{ item }}'
+ dest: /etc/munin/plugins/{{ item }}
+ state: link
+ with_items:
+ - mysql_bytes
+ - mysql_queries
+ - mysql_slowqueries
+ - mysql_threads
+ notify: restart munin-node
+
+ - name: Enable contributed Munin plugins
+ file:
+ src: /usr/share/munin/plugins/mysql_
+ dest: '/etc/munin/plugins/mysql_{{ item }}'
+ state: link
+ with_items:
+ - commands
+ - connections
+ - files_tables
+ - innodb_bpool
+ - innodb_bpool_act
+ - innodb_insert_buf
+ - innodb_io
+ - innodb_io_pend
+ - innodb_log
+ - innodb_rows
+ - innodb_semaphores
+ - myisam_indexes
+ - network_traffic
+ - qcache
+ - qcache_mem
+ - select_types
+ - slow
+ - sorts
+ - table_locks
+ - tmp_tables
+ notify: restart munin-node
+
+ when: munin_node_plugins_config.stat.exists
+ tags:
+ - mysql
+ - munin
diff --git a/mysql-oracle/tasks/nrpe.yml b/mysql-oracle/tasks/nrpe.yml
new file mode 100644
index 00000000..c02fc007
--- /dev/null
+++ b/mysql-oracle/tasks/nrpe.yml
@@ -0,0 +1,55 @@
+---
+
+- name: is NRPE present ?
+ stat:
+ path: /etc/nagios/nrpe.d/evolix.cfg
+ check_mode: no
+ register: nrpe_evolix_config
+ tags:
+ - mysql
+ - nrpe
+
+- name: NRPE user exists for MySQL ?
+ stat:
+ path: ~nagios/.my.cnf
+ check_mode: no
+ register: nrpe_my_cnf
+ tags:
+ - mysql
+ - nrpe
+
+- block:
+ - name: Create a password for NRPE
+ command: "apg -n 1 -m 16 -M lcN"
+ register: mysql_nrpe_password
+ check_mode: no
+ changed_when: False
+
+ - name: Create nrpe user
+ mysql_user:
+ name: nrpe
+ password: '{{ mysql_nrpe_password.stdout }}'
+ priv: "*.*:REPLICATION CLIENT"
+ config_file: /root/.my.cnf
+ update_password: always
+ state: present
+ register: create_nrpe_user
+
+ - name: Store credentials in nagios home
+ ini_file:
+ dest: "~nagios/.my.cnf"
+ owner: nagios
+ group: nagios
+ mode: "0600"
+ section: client
+ option: '{{ item.option }}'
+ value: '{{ item.value }}'
+ with_items:
+ - { option: 'user', value: 'nrpe' }
+ - { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
+ when: create_nrpe_user.changed
+
+ when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password)
+ tags:
+ - mysql
+ - nrpe
diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml
new file mode 100644
index 00000000..76128f59
--- /dev/null
+++ b/mysql-oracle/tasks/packages.yml
@@ -0,0 +1,86 @@
+---
+
+- name: MySQL APT config package is available
+ copy:
+ src: mysql-apt-config_0.8.9-1_all.deb
+ dest: /root/mysql-apt-config_0.8.9-1_all.deb
+
+- include_role:
+ name: remount-usr
+
+- name: MySQL APT config package is installed
+ apt:
+ deb: /root/mysql-apt-config_0.8.9-1_all.deb
+ state: installed
+ register: mysql_apt_config_deb
+
+- name: Open firewall for MySQL.com repository
+ replace:
+ name: /etc/default/minifirewall
+ regexp: "^(HTTPSITES='((?!(repo\\.mysql\\.com|0\\.0\\.0\\.0)).)*)'$"
+ replace: "\\1 repo.mysql.com'"
+ notify: Restart minifirewall
+
+- meta: flush_handlers
+
+- name: APT cache is up-to-date
+ apt:
+ update_cache: yes
+ when: mysql_apt_config_deb | changed
+
+- name: Install MySQL packages
+ apt:
+ name: '{{ item }}'
+ update_cache: yes
+ state: present
+ with_items:
+ - mysql-server
+ - mysql-client
+ - libmysqlclient20
+ tags:
+ - mysql
+ - packages
+
+- include_role:
+ name: remount-usr
+
+- name: mysql-systemd-start scripts is installed
+ copy:
+ src: debian/mysql-systemd-start
+ dest: /usr/share/mysql/mysql-systemd-start
+ mode: "0755"
+ owner: root
+ group: root
+ force: yes
+
+- name: systemd unit is installed
+ copy:
+ src: debian/mysql-server-5.7.mysql.service
+ dest: /etc/systemd/system/mysql.service
+ mode: "0755"
+ owner: root
+ group: root
+ force: yes
+ register: mysql_systemd_unit
+
+# - name: systemd daemon is reloaded
+# systemd:
+# daemon_reload: yes
+# when: mysql_systemd_unit | changed
+
+- name: MySQL is started
+ service:
+ name: mysql
+ daemon_reload: yes
+ state: started
+ tags:
+ - mysql
+ - services
+
+- name: apg package is installed
+ apt:
+ name: apg
+ state: present
+ tags:
+ - mysql
+ - packages
diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml
new file mode 100644
index 00000000..2c2c0d91
--- /dev/null
+++ b/mysql-oracle/tasks/tmpdir.yml
@@ -0,0 +1,23 @@
+---
+
+- block:
+ - name: "Create {{ mysql_custom_tmpdir }}"
+ file:
+ path: "{{ mysql_custom_tmpdir }}"
+ owner: mysql
+ group: mysql
+ mode: "0700"
+ state: directory
+ tags:
+ - mysql
+
+ - name: Configure tmpdir
+ ini_file:
+ dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf"
+ section: mysqld
+ option: tmpdir
+ value: "{{ mysql_custom_tmpdir }}"
+ notify: restart mysql
+ tags:
+ - mysql
+ when: mysql_custom_tmpdir != ''
diff --git a/mysql-oracle/tasks/users.yml b/mysql-oracle/tasks/users.yml
new file mode 100644
index 00000000..bab76418
--- /dev/null
+++ b/mysql-oracle/tasks/users.yml
@@ -0,0 +1,89 @@
+---
+
+# dependency for mysql_user and mysql_db
+- name: python-mysqldb is installed (Ansible dependency)
+ apt:
+ name: python-mysqldb
+ state: present
+ tags:
+ - mysql
+
+- name: create a password for mysqladmin
+ command: "apg -n 1 -m 16 -M lcN"
+ register: mysql_admin_password
+ changed_when: False
+ tags:
+ - mysql
+
+- name: there is a mysqladmin user
+ mysql_user:
+ name: mysqladmin
+ password: '{{ mysql_admin_password.stdout }}'
+ priv: "*.*:ALL,GRANT"
+ update_password: on_create
+ state: present
+ config_file: "/etc/mysql/debian.cnf"
+ register: create_mysqladmin_user
+ tags:
+ - mysql
+
+- name: mysqladmin is the default user
+ ini_file:
+ dest: /root/.my.cnf
+ mode: "0600"
+ section: client
+ option: '{{ item.option }}'
+ value: '{{ item.value }}'
+ create: yes
+ with_items:
+ - { option: 'user', value: 'mysqladmin' }
+ - { option: password, value: '{{ mysql_admin_password.stdout }}' }
+ when: create_mysqladmin_user | changed
+ tags:
+ - mysql
+
+
+- name: create a password for debian-sys-maint
+ command: "apg -n 1 -m 16 -M lcN"
+ register: mysql_debian_password
+ changed_when: False
+ tags:
+ - mysql
+
+- name: there is a debian-sys-maint user
+ mysql_user:
+ name: debian-sys-maint
+ password: '{{ mysql_debian_password.stdout }}'
+ priv: "*.*:ALL,GRANT"
+ update_password: on_create
+ state: present
+ config_file: "/root/.my.cnf"
+ register: create_debian_user
+ tags:
+ - mysql
+
+- name: store debian-sys-maint user credentials
+ ini_file:
+ dest: /etc/mysql/debian.cnf
+ mode: "0600"
+ section: "{{ item[0] }}"
+ option: '{{ item[1].option }}'
+ value: '{{ item[1].value }}'
+ create: yes
+ with_nested:
+ - [ "client", "mysql_upgrade" ]
+ - [ { option: 'user', value: 'debian-sys-maint' },
+ { option: password, value: '{{ mysql_debian_password.stdout }}' }
+ ]
+ when: create_debian_user | changed
+ tags:
+ - mysql
+
+- name: remove root user
+ mysql_user:
+ name: root
+ host_all: yes
+ config_file: "/root/.my.cnf"
+ state: absent
+ tags:
+ - mysql
diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml
new file mode 100644
index 00000000..c5979ede
--- /dev/null
+++ b/mysql-oracle/tasks/utils.yml
@@ -0,0 +1,198 @@
+---
+
+- include_role:
+ name: remount-usr
+ when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
+
+- name: Scripts directory exists
+ file:
+ dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}"
+ mode: "0700"
+ state: directory
+ tags:
+ - mysql
+
+# mytop
+
+- name: "mytop is installed (jessie)"
+ apt:
+ name: mytop
+ state: present
+ tags:
+ - packages
+ - mytop
+ - mysql
+ when: ansible_distribution_release == "jessie"
+
+# - name: "mysql-utilities are installed (Debian 9 or later)"
+# apt:
+# name: "{{ item }}"
+# with_items:
+# - mysql-utilities
+# when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: "mytop dependencies are installed (Debian 9 or later)"
+ apt:
+ name: "{{ item }}"
+ with_items:
+ - libconfig-inifiles-perl
+ - libdbd-mysql-perl
+ - libdbi-perl
+ - libterm-readkey-perl
+ - libtime-hires-perl
+ tags:
+ - packages
+ - mytop
+ - mysql
+ when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- include_role:
+ name: remount-usr
+ tags:
+ - mytop
+ - mysql
+
+- name: "mytop is installed (Debian 9 or later)"
+ copy:
+ src: mytop
+ dest: /usr/local/bin/mytop
+ mode: "0755"
+ owner: root
+ group: staff
+ force: yes
+ tags:
+ - mytop
+ - mysql
+ when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: Read debian-sys-maint password
+ shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
+ register: mysql_debian_password
+ changed_when: False
+ check_mode: no
+ tags:
+ - mytop
+ - mysql
+
+- name: mytop configuration is copied
+ template:
+ src: mytop-config.j2
+ dest: /root/.mytop
+ mode: "0600"
+ force: yes
+ tags:
+ - mytop
+ - mysql
+
+# mysqltuner
+
+- include_role:
+ name: remount-usr
+ tags:
+ - mysql
+ when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
+
+- name: mysqltuner is installed
+ # copy:
+ # src: mysqltuner.pl
+ # dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl"
+ # mode: "0700"
+ apt:
+ name: mysqltuner
+ state: present
+ tags:
+ - mysql
+ - mysqltuner
+
+- name: aha is installed
+ apt:
+ name: aha
+ tags:
+ - mysql
+
+# automatic optimizations
+
+- include_role:
+ name: remount-usr
+ tags:
+ - mysql
+ when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
+
+- name: mysql-optimize.sh is installed
+ copy:
+ src: mysql-optimize.sh
+ dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
+ mode: "0700"
+ tags:
+ - mysql
+
+- name: "Cron dir for optimize is present"
+ file:
+ path: "/etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}"
+ state: directory
+ mode: "0755"
+ owner: root
+ group: root
+ tags:
+ - mysql
+
+- name: "Enable cron to optimize MySQL"
+ file:
+ src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
+ dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
+ state: link
+ when: mysql_cron_optimize | bool
+ tags:
+ - mysql
+
+- name: "Disable cron to optimize MySQL"
+ file:
+ dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
+ state: absent
+ when: not (mysql_cron_optimize | bool)
+ tags:
+ - mysql
+
+- name: "Cron dir for mysqltuner is present"
+ file:
+ path: "/etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}"
+ state: directory
+ mode: "0755"
+ owner: root
+ group: root
+ tags:
+ - mysql
+ - mysqltuner
+
+- name: "Enable mysqltuner in cron"
+ copy:
+ src: mysqltuner.cron.sh
+ dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
+ mode: "0700"
+ when: mysql_cron_mysqltuner | bool
+ tags:
+ - mysql
+ - mysqltuner
+
+- name: "Disable mysqltuner in cron"
+ file:
+ dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
+ state: absent
+ when: not (mysql_cron_mysqltuner | bool)
+ tags:
+ - mysql
+ - mysqltuner
+
+# my-add.sh
+
+- include_role:
+ name: remount-usr
+ when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
+
+- name: Install my-add.sh
+ copy:
+ src: my-add.sh
+ dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh"
+ mode: "0700"
+ tags:
+ - mysql
diff --git a/mysql-oracle/templates/evolinux-custom.cnf.j2 b/mysql-oracle/templates/evolinux-custom.cnf.j2
new file mode 100644
index 00000000..fa818eaf
--- /dev/null
+++ b/mysql-oracle/templates/evolinux-custom.cnf.j2
@@ -0,0 +1,4 @@
+[mysqld]
+#bind-address = 0.0.0.0
+thread_cache_size = {{ mysql_thread_cache_size }}
+innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }}
diff --git a/mysql-oracle/templates/log2mail.j2 b/mysql-oracle/templates/log2mail.j2
new file mode 100644
index 00000000..8a1ad3c3
--- /dev/null
+++ b/mysql-oracle/templates/log2mail.j2
@@ -0,0 +1,29 @@
+file = /var/log/syslog
+pattern = "is marked as crashed and should be repaired"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
+
+file = /var/log/syslog
+pattern = "init function returned error"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
+
+file = /var/log/syslog
+pattern = "try to repair it"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
+
+file = /var/log/syslog
+pattern = "InnoDB: Fatal error"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
+
+file = /var/log/syslog
+pattern = "as a STORAGE ENGINE failed"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
+
+file = /var/log/syslog
+pattern = "The total blob data length"
+mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }}
+template = /etc/log2mail/mail
diff --git a/mysql-oracle/templates/mytop-config.j2 b/mysql-oracle/templates/mytop-config.j2
new file mode 100644
index 00000000..507ab99d
--- /dev/null
+++ b/mysql-oracle/templates/mytop-config.j2
@@ -0,0 +1,3 @@
+user = debian-sys-maint
+pass = {{ mysql_debian_password.stdout }}
+db = mysql
diff --git a/mysql-oracle/tests/test.yml b/mysql-oracle/tests/test.yml
new file mode 100644
index 00000000..d75783bf
--- /dev/null
+++ b/mysql-oracle/tests/test.yml
@@ -0,0 +1,4 @@
+---
+- hosts: test-kitchen
+ roles:
+ - role: mysql-oracle
diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml
index a6fc307c..114f614b 100644
--- a/mysql/tasks/utils.yml
+++ b/mysql/tasks/utils.yml
@@ -1,5 +1,9 @@
---
+- include_role:
+ name: remount-usr
+ when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
+
- name: Ensure scripts directory exists
file:
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}"
@@ -74,7 +78,7 @@
# automatic optimizations
- include_role:
- name: remount-usr
+ name: remount-usr
when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr")
- name: Optimize script for MySQL
@@ -122,6 +126,7 @@
copy:
src: mysqltuner.cron.sh
dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
+ mode: "0700"
when: mysql_cron_mysqltuner
tags:
- mysql
diff --git a/nagios-nrpe/files/plugins/check_ftp_login.pl b/nagios-nrpe/files/plugins/check_ftp_login.pl
old mode 100644
new mode 100755
diff --git a/nagios-nrpe/files/plugins/check_http_many b/nagios-nrpe/files/plugins/check_http_many
old mode 100644
new mode 100755
diff --git a/nagios-nrpe/files/plugins/check_open_files b/nagios-nrpe/files/plugins/check_open_files
new file mode 100755
index 00000000..33e52744
--- /dev/null
+++ b/nagios-nrpe/files/plugins/check_open_files
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+exitCode=0
+
+for user in $(getent passwd | grep -ve root -e www-data | cut -d: -f1); do
+ openFiles=$(lsof -n -u "$user" | wc -l)
+ if [[ $openFiles -ge 3200 ]]; then
+ echo "CRITICAL: $user has more than 3200 files opened!"
+ exitCode=2
+ elif [[ $openFiles -ge 2000 ]]; then
+ echo "WARNING: $user has more than 2000 files opened!"
+ if [[ $exitCode -ne 2 ]]; then
+ exitCode=1
+ fi
+ fi
+done
+
+if [[ $exitCode -eq 1 || $exitCode -eq 2 ]]; then
+ exit $exitCode
+else
+ echo "OK"
+ exit 0
+fi
+
+
diff --git a/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh
new file mode 100644
index 00000000..59619030
--- /dev/null
+++ b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# timestamp modulo 1 day.
+time=$(($(date +"%s") %86400))
+
+# pour trouver les valeurs : prendre l'heure en *UTC*
+# et faire H * 3600 + M * 60 + S
+if [ $time -ge 7200 ] && [ $time -lt 10800 ]; then
+ echo "In excluded time slot."
+ exit 0
+else
+ $@
+ exit $?
+fi
diff --git a/nagios-nrpe/files/plugins_bsd/check_carp_if b/nagios-nrpe/files/plugins_bsd/check_carp_if
deleted file mode 100755
index 3fe1dc54..00000000
--- a/nagios-nrpe/files/plugins_bsd/check_carp_if
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-# Copyright (c) 2012, Claudiu Vasadi
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# The views and conclusions contained in the software and documentation are those
-# of the authors and should not be interpreted as representing official policies,
-# either expressed or implied, of the FreeBSD Project.
-
-
-#
-# Script to check the state (master/backup) of a carp internface
-# $1 - carp if
-# $2 - state
-#
-
-. /usr/local/libexec/nagios/utils.sh
-
-# check if $1 and $2 is set
-if [ -z "$1" ];then
- echo "carp interface not set. Exiting ..."
- exit "$STATE_CRITICAL"
-fi
-
-if [ -z "$2" ];then
- echo "Interface status not set. Exiting ..."
- exit "$STATE_CRITICAL"
-fi
-
-# check if the carp interface exists or not
-ifconfig $1 > /dev/null
-if [ $? != "0" ];then
- echo "carp interface $1 does not exist. Exiting ...."
- exit "$STATE_CRITICAL"
-fi
-
-# check state
-ifconfig $1 | grep -i $2 > /dev/null
-if [ $? != "0" ];then
- echo "NOT_OK - $1 should be $2"
- exit "$STATE_CRITICAL"
-else
- echo "OK - $1 is $2"
- exit "$STATE_OK"
-fi
diff --git a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh b/nagios-nrpe/files/plugins_bsd/check_free_mem.sh
deleted file mode 100755
index f0b79c8a..00000000
--- a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh
+++ /dev/null
@@ -1,162 +0,0 @@
-#!/bin/ksh
-
-################################################################################
-# Sample Nagios plugin to monitor free memory on the local machine #
-# Author: Daniele Mazzocchio (http://www.kernel-panic.it/) #
-################################################################################
-
-VERSION="Version 1.0"
-AUTHOR="(c) 2007-2009 Daniele Mazzocchio (danix@kernel-panic.it)"
-
-PROGNAME=`/usr/bin/basename $0`
-
-# Constants
-BYTES_IN_MB=$(( 1024 * 1024 ))
-KB_IN_MB=1024
-
-# Exit codes
-STATE_OK=0
-STATE_WARNING=1
-STATE_CRITICAL=2
-STATE_UNKNOWN=3
-
-# Helper functions #############################################################
-
-function print_revision {
- # Print the revision number
- echo "$PROGNAME - $VERSION"
-}
-
-function print_usage {
- # Print a short usage statement
- echo "Usage: $PROGNAME [-v] -w -c "
-}
-
-function print_help {
- # Print detailed help information
- print_revision
- echo "$AUTHOR\n\nCheck free memory on local machine\n"
- print_usage
-
- /bin/cat <<__EOT
-
-Options:
--h
- Print detailed help screen
--V
- Print version information
-
--w INTEGER
- Exit with WARNING status if less than INTEGER MB of memory are free
--w PERCENT%
- Exit with WARNING status if less than PERCENT of memory is free
--c INTEGER
- Exit with CRITICAL status if less than INTEGER MB of memory are free
--c PERCENT%
- Exit with CRITICAL status if less than PERCENT of memory is free
--v
- Verbose output
-__EOT
-}
-
-# Main #########################################################################
-
-# Total memory size (in MB)
-tot_mem=$(( `/sbin/sysctl -n hw.physmem` / BYTES_IN_MB))
-# Free memory size (in MB)
-free_mem=$(/usr/bin/vmstat | /usr/bin/tail -1 | /usr/bin/awk '{ print $4 }' | tr -d 'M')
-# Free memory size (in percentage)
-free_mem_perc=$(( free_mem * 100 / tot_mem ))
-
-# Verbosity level
-verbosity=0
-# Warning threshold
-thresh_warn=
-# Critical threshold
-thresh_crit=
-
-# Parse command line options
-while [ "$1" ]; do
- case "$1" in
- -h | --help)
- print_help
- exit $STATE_OK
- ;;
- -V | --version)
- print_revision
- exit $STATE_OK
- ;;
- -v | --verbose)
- : $(( verbosity++ ))
- shift
- ;;
- -w | --warning | -c | --critical)
- if [[ -z "$2" || "$2" = -* ]]; then
- # Threshold not provided
- echo "$PROGNAME: Option '$1' requires an argument"
- print_usage
- exit $STATE_UNKNOWN
- elif [[ "$2" = +([0-9]) ]]; then
- # Threshold is a number (MB)
- thresh=$2
- elif [[ "$2" = +([0-9])% ]]; then
- # Threshold is a percentage
- thresh=$(( tot_mem * ${2%\%} / 100 ))
- else
- # Threshold is neither a number nor a percentage
- echo "$PROGNAME: Threshold must be integer or percentage"
- print_usage
- exit $STATE_UNKNOWN
- fi
- [[ "$1" = *-w* ]] && thresh_warn=$thresh || thresh_crit=$thresh
- shift 2
- ;;
- -?)
- print_usage
- exit $STATE_OK
- ;;
- *)
- echo "$PROGNAME: Invalid option '$1'"
- print_usage
- exit $STATE_UNKNOWN
- ;;
- esac
-done
-
-if [[ -z "$thresh_warn" || -z "$thresh_crit" ]]; then
- # One or both thresholds were not specified
- echo "$PROGNAME: Threshold not set"
- print_usage
- exit $STATE_UNKNOWN
-elif [[ "$thresh_crit" -gt "$thresh_warn" ]]; then
- # The warning threshold must be greater than the critical threshold
- echo "$PROGNAME: Warning free space should be more than critical free space"
- print_usage
- exit $STATE_UNKNOWN
-fi
-
-if [[ "$verbosity" -ge 2 ]]; then
- # Print debugging information
- /bin/cat <<__EOT
-Debugging information:
- Warning threshold: $thresh_warn MB
- Critical threshold: $thresh_crit MB
- Verbosity level: $verbosity
- Total memory: $tot_mem MB
- Free memory: $free_mem MB ($free_mem_perc%)
-__EOT
-fi
-
-if [[ "$free_mem" -lt "$thresh_crit" ]]; then
- # Free memory is less than the critical threshold
- echo "MEMORY CRITICAL - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
- exit $STATE_CRITICAL
-elif [[ "$free_mem" -lt "$thresh_warn" ]]; then
- # Free memory is less than the warning threshold
- echo "MEMORY WARNING - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
- exit $STATE_WARNING
-else
- # There's enough free memory!
- echo "MEMORY OK - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
- exit $STATE_OK
-fi
diff --git a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh b/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh
deleted file mode 100755
index 4cdeaa94..00000000
--- a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-IPSECCTL="/sbin/ipsecctl -s sa"
-STATUS=0
-
-LINE1=`$IPSECCTL | grep "from $1 to $2" `
-if [ $? -eq 1 ]; then
- STATUS=2;
- OUTPUT1="No VPN from $1 to $2 "
-fi
-
-LINE2=`$IPSECCTL | grep "from $2 to $1" `
-if [ $? -eq 1 ]; then
- STATUS=2;
- OUTPUT2="No VPN from $2 to $1"
-fi
-
-if [ $STATUS -eq 0 ]; then
- echo "VPN OK - $3 is up"
- exit $STATUS
-else
- echo "VPN DOWN - $3 is down ($OUTPUT1 $OUTPUT2)"
- exit $STATUS
-fi
diff --git a/nagios-nrpe/files/plugins_bsd/check_openvpn b/nagios-nrpe/files/plugins_bsd/check_openvpn
deleted file mode 100755
index 4ae14acd..00000000
--- a/nagios-nrpe/files/plugins_bsd/check_openvpn
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-if netstat -an|grep '.1194' >/dev/null; then
- echo "VPN OK"
- return 0
-else
- echo "PROCESS NOT LISTENING"
- return 2
-fi
diff --git a/nagios-nrpe/files/plugins_bsd/check_pf_states b/nagios-nrpe/files/plugins_bsd/check_pf_states
deleted file mode 100755
index fa93e50f..00000000
--- a/nagios-nrpe/files/plugins_bsd/check_pf_states
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh
-
-# Script writen by Evolix
-
-_WARNING_STATES_LIMIT=130000
-_CRTICAL_STATES_LIMIT=150000
-
-. /usr/local/libexec/nagios/utils.sh
-
-_CHECK_STATES=$(/sbin/pfctl -si | /usr/bin/grep current | /usr/bin/sed s,\ current\ entries\ ,,g | /usr/bin/sed -e 's,^[ \t]*,,' | /usr/bin/sed 's, *$,,')
-
-if [ $_CHECK_STATES -lt $_WARNING_STATES_LIMIT ];then
- echo "OK: States number ($_CHECK_STATES) is below threshold ($_WARNING_STATES_LIMIT / $_CRTICAL_STATES_LIMIT)"
- exit "$STATE_OK"
-elif [ $_CHECK_STATES -ge $_WARNING_STATES_LIMIT ] && [ $_CHECK_STATES -lt $_CRTICAL_STATES_LIMIT ];then
- echo "WARNING: States number is $_CHECK_STATES (threshold WARNING = $_WARNING_STATES_LIMIT)"
- exit "$_STATE_WARNING"
-else
- echo "CRITICAL: States number is $_CHECK_STATES (threshold CRITICAL = $_CRTICAL_STATES_LIMIT)"
- exit "$_STATE_CRITICAL"
-fi
diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2
index 3d07600e..0be4e38e 100644
--- a/nagios-nrpe/templates/evolix.cfg.j2
+++ b/nagios-nrpe/templates/evolix.cfg.j2
@@ -66,6 +66,7 @@ command[check_glusterfs]={{ nagios_plugins_directory }}/check_glusterfs -v all -
command[check_supervisord_status]={{ nagios_plugins_directory }}/check_supervisord
command[check_varnish]={{ nagios_plugins_directory }}/check_varnish_health -i 127.0.0.1 -p 6082 -s /etc/varnish/secret -w 2 -c 4
command[check_haproxy]={{ nagios_plugins_directory }}/check_haproxy_stats -s /var/run/haproxy.sock -w 80 -c 90
+command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall
# Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates).
# Beware! All checks must not take more than 10s!
diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml
index 61700738..0591945d 100644
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@@ -3,6 +3,8 @@
nginx_minimal: False
nginx_jessie_backports: False
+nginx_package_name: "nginx-full"
+
nginx_default_ipaddr_whitelist_ips: []
nginx_additional_ipaddr_whitelist_ips: []
nginx_ipaddr_whitelist_present: "{{ nginx_default_ipaddr_whitelist_ips | union(nginx_additional_ipaddr_whitelist_ips) | unique }}"
diff --git a/nginx/tasks/packages_jessie.yml b/nginx/tasks/packages_jessie.yml
index 356b0b5e..25cc18ed 100644
--- a/nginx/tasks/packages_jessie.yml
+++ b/nginx/tasks/packages_jessie.yml
@@ -3,7 +3,7 @@
- name: Ensure Nginx is installed
apt:
- name: nginx-full
+ name: "{{ nginx_package_name }}"
state: present
notify: restart nginx
tags:
diff --git a/nginx/tasks/packages_stretch.yml b/nginx/tasks/packages_stretch.yml
index 637cb044..565b9b1d 100644
--- a/nginx/tasks/packages_stretch.yml
+++ b/nginx/tasks/packages_stretch.yml
@@ -3,7 +3,7 @@
- name: Ensure Nginx is installed
apt:
- name: nginx-full
+ name: "{{ nginx_package_name }}"
state: present
notify: restart nginx
tags:
diff --git a/nginx/tasks/server_status.yml b/nginx/tasks/server_status.yml
index 702d0082..4eeed7e7 100644
--- a/nginx/tasks/server_status.yml
+++ b/nginx/tasks/server_status.yml
@@ -29,6 +29,7 @@
- debug:
var: nginx_serverstatus_suffix
+ verbosity: 1
- name: replace server-status suffix in default site index
replace:
diff --git a/nginx/templates/evolinux-default.conf.j2 b/nginx/templates/evolinux-default.conf.j2
index 8ea1bd88..eeffa686 100644
--- a/nginx/templates/evolinux-default.conf.j2
+++ b/nginx/templates/evolinux-default.conf.j2
@@ -1,12 +1,11 @@
server {
-
listen [::]:80;
listen 80;
server_name {{ ansible_fqdn }};
+
return 301 https://{{ ansible_fqdn }}$request_uri;
}
server {
-
listen 443 ssl;
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
@@ -23,10 +22,12 @@ server {
root /var/www;
# Auth.
+ satisfy any;
include /etc/nginx/snippets/ipaddr_whitelist;
+ deny all;
+
auth_basic "Reserved {{ ansible_fqdn }}";
auth_basic_user_file /etc/nginx/snippets/private_htpasswd;
- satisfy any;
location / {
index index.html index.htm;
diff --git a/nodejs/README.md b/nodejs/README.md
index 8170f4ae..bd3ec15e 100644
--- a/nodejs/README.md
+++ b/nodejs/README.md
@@ -8,4 +8,4 @@ Everything is in the `tasks/main.yml` file.
## Variables
-* `nodejs_apt_version`: version for the repository (default: `node_6.x`).
+* `nodejs_apt_version`: version for the repository (default: `node_8.x`).
diff --git a/nodejs/defaults/main.yml b/nodejs/defaults/main.yml
index f51e88aa..bae84bfa 100644
--- a/nodejs/defaults/main.yml
+++ b/nodejs/defaults/main.yml
@@ -1,2 +1,3 @@
---
-nodejs_apt_version: 'node_6.x'
+nodejs_apt_version: 'node_8.x'
+nodejs_install_yarn: False
diff --git a/nodejs/files/yarnpkg.gpg.key b/nodejs/files/yarnpkg.gpg.key
new file mode 100644
index 00000000..800c737d
--- /dev/null
+++ b/nodejs/files/yarnpkg.gpg.key
@@ -0,0 +1,152 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk
+FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn
+CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID
+TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI
+cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB
+XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4
+zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5
+ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3
+dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE
+g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1
+qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB
+tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD
+BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2
+QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2
+bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34
+qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+
+We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi
+edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk
+FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD
+Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk
+Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy
+Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe
+t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS
+ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+
+udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1
+lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd
+nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7
+w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa
+3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea
+Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II
+TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/
+m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9
++8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC
+QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC
+JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ
+FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT
+rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb
+6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf
+hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm
+ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu
+MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J
+jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i
+Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR
+2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi
+Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge
+uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E
+V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd
+C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M
+tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC
+fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT
+zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE
+v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS
+pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH
+N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW
+94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x
+GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B
+66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE
+GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA
+CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5
+iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm
+dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO
+WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP
+gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA
+7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg
+jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W
+KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW
+6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve
+nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC
+QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG
+VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m
+Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa
+83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD
+xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5
+JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/
+sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI
+eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He
+r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa
+qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J
+ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB
+XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p
+wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz
+/09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K
+fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9
+upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z
+rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE
+yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN
+TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG
+p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP
+5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO
+gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX
+4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF
+AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy
+7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM
++fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo
+hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI
+dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR
+fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F
+NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR
+IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS
+fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s
+MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A
+9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz
+1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl
+smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I
+XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb
+1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy
+9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z
+gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv
+7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ
+unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe
+cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa
+gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE
+341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj
+wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5
+hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk
+zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8
+JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu
+Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB
+nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9
+dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi
+iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6
+ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd
+jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl
+dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF
+pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2
+LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs
+CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI
+z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN
+7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK
+rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK
+vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf
+O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48
+hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/
+fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR
+t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc
+6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP
+0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd
+Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3
+kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf
+3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ
+VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA
+e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE
+emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW
+r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh
+0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE
+RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU
+luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ
+jeDghj400U6pjSUW3bIC/PI=
+=gZNT
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml
index dc024cbd..bad66d95 100644
--- a/nodejs/tasks/main.yml
+++ b/nodejs/tasks/main.yml
@@ -1,6 +1,5 @@
---
-
- name: APT https transport is enabled
apt:
name: apt-transport-https
@@ -9,16 +8,16 @@
- system
- packages
-- name: Node GPG key is installed
+- name: NodeJS GPG key is installed
apt_key:
- #url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+ # url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
data: "{{ lookup('file', 'nodesource.gpg.key') }}"
tags:
- system
- packages
- nodejs
-- name: Node sources list ({{ nodejs_apt_version }}) is available
+- name: NodeJS sources list ({{ nodejs_apt_version }}) is available
apt_repository:
repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main"
filename: nodesource
@@ -29,10 +28,13 @@
- packages
- nodejs
-- name: Node is installed
+- name: NodeJS is installed
apt:
name: nodejs
state: present
tags:
- packages
- nodejs
+
+- include: yarn.yml
+ when: nodejs_install_yarn
diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml
new file mode 100644
index 00000000..47af5c50
--- /dev/null
+++ b/nodejs/tasks/yarn.yml
@@ -0,0 +1,32 @@
+---
+
+- name: yarn GPG key is installed
+ apt_key:
+ # url: https://dl.yarnpkg.com/debian/pubkey.gpg
+ data: "{{ lookup('file', 'yarnpkg.gpg.key') }}"
+ tags:
+ - system
+ - packages
+ - nodejs
+ - yarn
+
+- name: yarn sources list is available
+ apt_repository:
+ repo: "deb https://dl.yarnpkg.com/debian/ stable main"
+ filename: yarn
+ update_cache: yes
+ state: present
+ tags:
+ - system
+ - packages
+ - nodejs
+ - yarn
+
+- name: yarn is installed
+ apt:
+ name: yarn
+ state: present
+ tags:
+ - packages
+ - nodejs
+ - yarn
diff --git a/opendkim/files/opendkim-add.sh b/opendkim/files/opendkim-add.sh
index a7da1ce0..fa663a59 100644
--- a/opendkim/files/opendkim-add.sh
+++ b/opendkim/files/opendkim-add.sh
@@ -1,5 +1,13 @@
#!/bin/sh
+
+dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q
+
+if [ "$?" -ne 0 ]; then
+ echo "Require opendkim-tools and opendkim"
+ exit 1
+fi
+
if [ "$#" -ne 1 ]; then
echo "Usage : $0 example.com" >&2
exit 1
diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml
index 8c81b686..7196ef46 100644
--- a/opendkim/tasks/main.yml
+++ b/opendkim/tasks/main.yml
@@ -62,7 +62,7 @@
systemd:
name: opendkim
state: started
- enabled: True
+ enabled: True
tags:
- opendkim
diff --git a/packweb-apache/README.md b/packweb-apache/README.md
index 99e25da1..e99c285e 100644
--- a/packweb-apache/README.md
+++ b/packweb-apache/README.md
@@ -11,5 +11,6 @@ See `tasks/main.yml`.
Main variables are :
* `packweb_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create web accounts)
+* `packweb_mysql_variant`: which Variant to use for MySQL (`debian` or `oracle`, default: `debian`)
The full list of variables (with default values) can be found in `defaults/main.yml`.
diff --git a/packweb-apache/defaults/main.yml b/packweb-apache/defaults/main.yml
index 8282d081..7f79e90d 100644
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@@ -8,3 +8,5 @@ packweb_apache_modphp: True
packweb_apache_fpm: False
packweb_phpmyadmin_suffix: ""
+
+packweb_mysql_variant: "debian"
diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml
index 914dbebb..47348f1a 100644
--- a/packweb-apache/meta/main.yml
+++ b/packweb-apache/meta/main.yml
@@ -16,4 +16,5 @@ galaxy_info:
dependencies:
- { role: squid, squid_localproxy_enable: True }
- - mysql
+ - { role: mysql, when: packweb_mysql_variant == "debian" }
+ - { role: mysql-oracle, when: packweb_mysql_variant == "oracle" }
diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml
index 06dc4202..6736f971 100644
--- a/php/tasks/fpm.yml
+++ b/php/tasks/fpm.yml
@@ -5,8 +5,8 @@
name: '{{ item }}'
state: present
with_items:
- - php5-fpm
- - php5
+ - php5-fpm
+ - php5
when: ansible_distribution_release == "jessie"
- name: "Install PHP FPM packages (Debian 9 or later)"
@@ -14,8 +14,8 @@
name: '{{ item }}'
state: present
with_items:
- - php-fpm
- - php
+ - php-fpm
+ - php
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: "Set config files for FPM (jessie)"
@@ -43,12 +43,13 @@
mode: "0644"
create: yes
with_items:
- - { option: "short_open_tag", value: "Off" }
- - { option: "expose_php", value: "Off" }
- - { option: "display_errors", value: "Off" }
- - { option: "log_errors", value: "On" }
- - { option: "html_errors", value: "Off" }
- - { option: "allow_url_fopen", value: "Off" }
+ - { option: "short_open_tag", value: "Off" }
+ - { option: "expose_php", value: "Off" }
+ - { option: "display_errors", value: "Off" }
+ - { option: "log_errors", value: "On" }
+ - { option: "html_errors", value: "Off" }
+ - { option: "allow_url_fopen", value: "Off" }
+ notify: restart php-fpm
- name: Disable PHP functions for FPM
ini_file:
@@ -56,6 +57,7 @@
section: PHP
option: disable_functions
value: "exec,shell-exec,system,passthru,putenv,popen"
+ notify: restart php-fpm
- name: Custom php.ini for FPM
copy:
@@ -63,6 +65,7 @@
content: |
; Put customized values here.
force: no
+ notify: restart php-fpm
- name: Set default PHP FPM values
ini_file:
@@ -73,14 +76,15 @@
mode: "0644"
create: yes
with_items:
- - { option: "pm", value: "ondemand" }
- - { option: "pm.max_children", value: "100" }
- - { option: "pm.process_idle_timeout", value: "10s" }
- - { option: "slowlog", value: "log/$pool.log.slow" }
- - { option: "request_slowlog_timeout", value: "5s" }
- - { option: "pm.status_path", value: "/fpm_status" }
- - { option: "request_terminate_timeout", value: "60s" }
- - { option: "chroot", value: "/var/www/html" }
+ - { option: "pm", value: "ondemand" }
+ - { option: "pm.max_children", value: "100" }
+ - { option: "pm.process_idle_timeout", value: "10s" }
+ - { option: "slowlog", value: "log/$pool.log.slow" }
+ - { option: "request_slowlog_timeout", value: "5s" }
+ - { option: "pm.status_path", value: "/fpm_status" }
+ - { option: "request_terminate_timeout", value: "60s" }
+ - { option: "chroot", value: "/var/www/html" }
+ notify: restart php-fpm
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Custom PHP FPM values
@@ -89,7 +93,9 @@
content: |
; Put customized values here.
; default_charset = "ISO-8859-1"
+ mode: "0644"
force: no
+ notify: restart php-fpm
- name: "Set custom values for PHP to enable Symfony"
ini_file:
@@ -99,6 +105,6 @@
value: "{{ item.value }}"
mode: "0644"
with_items:
- - { option: "date.timezone", value: "Europe/Paris" }
+ - { option: "date.timezone", value: "Europe/Paris" }
+ notify: restart php-fpm
when: php_symfony_requirements
-
diff --git a/postfix/tasks/common.yml b/postfix/tasks/common.yml
new file mode 100644
index 00000000..08ee6a56
--- /dev/null
+++ b/postfix/tasks/common.yml
@@ -0,0 +1,22 @@
+---
+
+- name: check if main.cf is default
+ shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -'
+ changed_when: False
+ check_mode: no
+ register: default_main_cf
+ tags:
+ - postfix
+
+- name: add lines in /etc/.gitignore
+ lineinfile:
+ dest: /etc/.gitignore
+ line: '{{ item }}'
+ state: present
+ create: no
+ with_items:
+ - "postfix/sa-blacklist.access"
+ - "postfix/*.db"
+ tags:
+ - postfix
+ - etc-git
diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml
index a1b5a424..0e0fff2d 100644
--- a/postfix/tasks/main.yml
+++ b/postfix/tasks/main.yml
@@ -1,11 +1,6 @@
---
-- name: check if main.cf is default
- shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -'
- changed_when: False
- check_mode: no
- register: default_main_cf
- tags:
- - postfix
+
+- include: common.yml
- include: minimal.yml
when: postfix_packmail == False
diff --git a/postfix/templates/packmail_master.cf.j2 b/postfix/templates/packmail_master.cf.j2
index 7326cb35..50aeeec4 100644
--- a/postfix/templates/packmail_master.cf.j2
+++ b/postfix/templates/packmail_master.cf.j2
@@ -120,7 +120,7 @@ policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policyd-spf
dovecot unix - n n - - pipe
- flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
+ flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop}
scan unix - - y - 10 smtp
localhost:10026 inet n - y - 10 smtpd
diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml
index 6a606165..128812af 100644
--- a/postgresql/tasks/config.yml
+++ b/postgresql/tasks/config.yml
@@ -15,7 +15,7 @@
- name: Copy PostgreSQL config file
template:
- src: postgresql.conf
+ src: postgresql.conf.j2
dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/evolinux.conf"
owner: postgres
group: postgres
diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml
index ee42591e..489f8068 100644
--- a/postgresql/tasks/pgdg-repo.yml
+++ b/postgresql/tasks/pgdg-repo.yml
@@ -20,6 +20,6 @@
- name: Add APT preference file
template:
- src: postgresql.pref
+ src: postgresql.pref.j2
dest: /etc/apt/preferences.d/
mode: "0644"
diff --git a/postgresql/templates/postgresql.conf b/postgresql/templates/postgresql.conf.j2
similarity index 100%
rename from postgresql/templates/postgresql.conf
rename to postgresql/templates/postgresql.conf.j2
diff --git a/postgresql/templates/postgresql.pref b/postgresql/templates/postgresql.pref.j2
similarity index 100%
rename from postgresql/templates/postgresql.pref
rename to postgresql/templates/postgresql.pref.j2
diff --git a/proftpd/README.md b/proftpd/README.md
index 1fcb4910..dae8abef 100644
--- a/proftpd/README.md
+++ b/proftpd/README.md
@@ -16,3 +16,30 @@ Main variables are :
* `proftpd_port` : port for the control socket (default: `21`)
The full list of variables (with default values) can be found in `defaults/main.yml`.
+
+## Accounts management
+
+Proftpd accounts can be maintened with the `proftpd_accounts` var, it can be set in inventory/host_vars/inventory_hostname :
+
+~~~
+proftpd_accounts:
+- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534 }
+- { name: 'ftp2', home: '/srv/data/ftp2', uid: 116, gid: 65534 }
+~~~
+
+The password will be randomly generated and printed to the screen the first time you run the task.
+
+You can force is value by set the `password` field with the hashed version of your password.
+
+eg. for "test" password hashed with sha512 :
+
+~~~
+proftpd_accounts:
+- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534, password: '$6$/Yy0b0No3GWh$3ZY1GZFI25eyQDBrANyHw.NFPqPqdg6sCi89nM/aNitmESZ2jGfROveS5xowy.WjX9tMC7.KPoabKPyxOpBJY0' }
+~~~
+
+For generate the sha512 version of yours password :
+
+~~~
+echo "test" | mkpasswd --method=sha-512 -
+~~~
diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml
index 3dc9511c..8bba4c29 100644
--- a/proftpd/defaults/main.yml
+++ b/proftpd/defaults/main.yml
@@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}"
proftpd_fqdn: "{{ ansible_fqdn }}"
proftpd_default_address: []
proftpd_port: "21"
+proftpd_accounts: []
+proftpd_accounts_final: []
diff --git a/proftpd/tasks/account.yml b/proftpd/tasks/account.yml
index 7f3cbe58..a03fd1f1 100644
--- a/proftpd/tasks/account.yml
+++ b/proftpd/tasks/account.yml
@@ -65,7 +65,7 @@
dest: /etc/proftpd/conf.d/z-evolinux.conf
state: present
line: " AllowUser {{ proftpd_name }}"
- insertbefore: "DenyAll"
+ insertbefore: "DenyAll"
notify: restart proftpd
tags:
- proftpd
diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml
new file mode 100644
index 00000000..b1563eaf
--- /dev/null
+++ b/proftpd/tasks/accounts.yml
@@ -0,0 +1,37 @@
+---
+- include: accounts_password.yml
+ when: item.password is undefined
+ with_items: "{{ proftpd_accounts }}"
+ tags:
+ - proftpd
+
+- set_fact:
+ proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}"
+ when: item.password is defined
+ with_items: "{{ proftpd_accounts }}"
+ tags:
+ - proftpd
+
+- name: Create FTP account
+ lineinfile:
+ dest: /etc/proftpd/vpasswd
+ state: present
+ create: yes
+ mode: "0440"
+ line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false"
+ regexp: "^{{ item.name }}:.*"
+ with_items: "{{ proftpd_accounts_final }}"
+ notify: restart proftpd
+ tags:
+ - proftpd
+
+- name: Allow FTP account
+ lineinfile:
+ dest: /etc/proftpd/conf.d/z-evolinux.conf
+ state: present
+ line: "\tAllowUser {{ item.name }}"
+ insertbefore: "DenyAll"
+ with_items: "{{ proftpd_accounts_final }}"
+ notify: restart proftpd
+ tags:
+ - proftpd
diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml
new file mode 100644
index 00000000..01517083
--- /dev/null
+++ b/proftpd/tasks/accounts_password.yml
@@ -0,0 +1,42 @@
+---
+- name: Check if FTP account exist
+ command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd
+ failed_when: false
+ check_mode: no
+ changed_when: check_ftp_account.rc != 0
+ register: check_ftp_account
+
+- block:
+
+ - name: Get current FTP password
+ shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
+ register: protftpd_cur_password
+ check_mode: no
+ changed_when: false
+
+ - name: Set password for this account
+ set_fact:
+ protftpd_password: "{{ protftpd_cur_password.stdout }}"
+
+ when: check_ftp_account.rc == 0
+
+- block:
+
+ - name: Generate FTP password
+ command: "apg -n 1 -m 16 -M lcN"
+ register: proftpd_apg_password
+ check_mode: no
+
+ - name: Print generated password
+ debug:
+ msg: "{{ proftpd_apg_password.stdout }}"
+
+ - name: Hash generated password
+ set_fact:
+ protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}"
+
+ when: check_ftp_account.rc != 0
+
+- name: Update proftpd_accounts with password
+ set_fact:
+ proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}"
diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml
index a48c9836..5fe33dbb 100644
--- a/proftpd/tasks/main.yml
+++ b/proftpd/tasks/main.yml
@@ -55,3 +55,6 @@
notify: restart proftpd
tags:
- proftpd
+
+- include: accounts.yml
+ when: proftpd_accounts != "[]"
diff --git a/rbenv/tasks/main.yml b/rbenv/tasks/main.yml
index 7b680e83..aa914508 100644
--- a/rbenv/tasks/main.yml
+++ b/rbenv/tasks/main.yml
@@ -18,76 +18,106 @@
- rbenv
- packages
-- block:
- - name: Rbenv repository is checked out for {{ username }}
- git:
- repo: '{{ rbenv_repo }}'
- dest: '{{ rbenv_root }}'
- version: '{{ rbenv_version }}'
- accept_hostkey: yes
- force: yes
-
- - name: plugins directory for {{ username }}
- file:
- path: '{{ rbenv_root }}/plugins'
- state: directory
-
- - name: plugins are installed for {{ username }}
- git:
- repo: '{{ item.repo }}'
- dest: '{{ rbenv_root }}/plugins/{{ item.name }}'
- version: '{{ item.version }}'
- accept_hostkey: yes
- force: yes
- with_items:
- - "{{ rbenv_plugins }}"
-
- - name: Rbenv is initialized in profile for {{ username }}
- blockinfile:
- dest: '~{{ username }}/.profile'
- block: |
- export PATH="{{ rbenv_root }}/bin:$PATH"
- eval "$(rbenv init -)"
- marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
-
- - name: default gems are installed for {{ username }}
- copy:
- src: default-gems
- dest: '{{ rbenv_root }}/default-gems'
-
- - name: gemrc for {{ username }}
- copy:
- src: gemrc
- dest: ~/.gemrc
-
- - name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ?
- shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}"
- args:
- warn: no
- failed_when: False
- changed_when: False
- register: ruby_installed
-
- - name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long)
- shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}"
- args:
- warn: no
- when: ruby_installed.rc != 0
-
- - name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ?
- shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'"
- args:
- warn: no
- register: ruby_selected
- changed_when: False
- failed_when: False
-
- - name: select Ruby {{ rbenv_ruby_version }} for {{ username }}
- shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash"
- args:
- warn: no
- when: ruby_selected.rc != 0
+- name: gemrc for {{ username }}
+ copy:
+ src: gemrc
+ dest: "~{{ username }}/.gemrc"
+ owner: '{{ username }}'
+ group: '{{ username }}'
+- name: Rbenv repository is checked out for {{ username }}
+ git:
+ repo: '{{ rbenv_repo }}'
+ dest: '{{ rbenv_root }}'
+ version: '{{ rbenv_version }}'
+ accept_hostkey: yes
+ force: yes
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: default gems are installed for {{ username }}
+ copy:
+ src: default-gems
+ dest: '{{ rbenv_root }}/default-gems'
+ owner: '{{ username }}'
+ group: '{{ username }}'
+
+- name: plugins directory for {{ username }}
+ file:
+ path: '{{ rbenv_root }}/plugins'
+ state: directory
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: plugins are installed for {{ username }}
+ git:
+ repo: '{{ item.repo }}'
+ dest: '{{ rbenv_root }}/plugins/{{ item.name }}'
+ version: '{{ item.version }}'
+ accept_hostkey: yes
+ force: yes
+ with_items:
+ - "{{ rbenv_plugins }}"
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: Rbenv is initialized in profile for {{ username }}
+ blockinfile:
+ dest: '~{{ username }}/.profile'
+ block: |
+ export PATH="{{ rbenv_root }}/bin:$PATH"
+ eval "$(rbenv init -)"
+ marker: "# {mark} ANSIBLE MANAGED RBENV INIT"
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ?
+ shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}"
+ args:
+ warn: no
+ failed_when: False
+ changed_when: False
+ register: ruby_installed
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long)
+ shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}"
+ args:
+ warn: no
+ when: ruby_installed.rc != 0
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ?
+ shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'"
+ args:
+ warn: no
+ register: ruby_selected
+ changed_when: False
+ failed_when: False
+ become_user: "{{ username }}"
+ become: yes
+ tags:
+ - rbenv
+
+- name: select Ruby {{ rbenv_ruby_version }} for {{ username }}
+ shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash"
+ args:
+ warn: no
+ when: ruby_selected.rc != 0
become_user: "{{ username }}"
become: yes
tags:
diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml
index 5270a5aa..7864fa51 100644
--- a/redmine/tasks/main.yml
+++ b/redmine/tasks/main.yml
@@ -4,26 +4,26 @@
name: "{{ item }}"
state: present
with_items:
- - libpam-systemd
- - ruby
- - ruby-dev
- - bundler
- - imagemagick
- - git-core
- - git-svn
- - gcc
- - build-essential
- - libxml2-dev
- - libxslt1-dev
- - libssl-dev
- - libmagickwand-dev
- - libmagickcore-dev
- - libmysqlclient-dev
- - python-mysqldb
+ - libpam-systemd
+ - ruby
+ - ruby-dev
+ - bundler
+ - imagemagick
+ - git-core
+ - git-svn
+ - gcc
+ - build-essential
+ - libxml2-dev
+ - libxslt1-dev
+ - libssl-dev
+ - libmagickwand-dev
+ - libmagickcore-dev
+ - libmysqlclient-dev
+ - python-mysqldb
tags:
- - redmine
+ - redmine
-#- name:
+#- name:
# lineinfile:
# with_items:
# - 'https://github.com/.*'
@@ -38,7 +38,7 @@
dest: /etc/systemd/user/puma.service
mode: "0644"
tags:
- - redmine
+ - redmine
- name: Create puma config dir
file:
@@ -47,14 +47,14 @@
mode: "0755"
owner: root
tags:
- - redmine
+ - redmine
- name: Create redmine group
group:
name: "{{ redmine_user }}"
state: present
tags:
- - redmine
+ - redmine
- name: Add www-data to redmine group
user:
@@ -62,7 +62,7 @@
groups: "{{ redmine_user }}"
append: yes
tags:
- - redmine
+ - redmine
- name: Create redmine user
user:
@@ -73,7 +73,7 @@
home: "/home/{{ redmine_user }}"
shell: /bin/bash
tags:
- - redmine
+ - redmine
- name: Create required directory
file:
@@ -83,11 +83,11 @@
group: "{{ redmine_user }}"
mode: "0750"
with_items:
- - "/home/{{ redmine_user }}"
- - "/home/{{ redmine_user }}/files"
- - "/home/{{ redmine_user }}/log"
+ - "/home/{{ redmine_user }}"
+ - "/home/{{ redmine_user }}/files"
+ - "/home/{{ redmine_user }}/log"
tags:
- - redmine
+ - redmine
- name: Touch Nginx logs file
file:
@@ -98,10 +98,10 @@
mode: "0640"
changed_when: false
with_items:
- - nginx_access.log
- - nginx_error.log
+ - nginx_access.log
+ - nginx_error.log
tags:
- - redmine
+ - redmine
- name: Enable systemd user mode
command: "loginctl enable-linger {{ redmine_user }}"
@@ -115,7 +115,7 @@
group: "{{ redmine_user }}"
mode: "0640"
tags:
- - redmine
+ - redmine
- name: Update or clone Redmine git
git:
@@ -125,9 +125,10 @@
umask: "027"
update: yes
become_user: "{{ redmine_user }}"
+ become: yes
register: redmine_git_task
tags:
- - redmine
+ - redmine
- name: Deploy custom Gemfile
copy:
@@ -137,6 +138,8 @@
group: "{{ redmine_user }}"
mode: "0640"
register: redmine_local_gemfile_task
+ tags:
+ - redmine
- name: Get actual Mysql password
shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'"
@@ -145,7 +148,7 @@
changed_when: False
failed_when: false
tags:
- - redmine
+ - redmine
- name: Generate Mysql password
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
@@ -160,7 +163,7 @@
set_fact:
redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}"
tags:
- - redmine
+ - redmine
- name: Create Mysql database
mysql_db:
@@ -168,7 +171,7 @@
config_file: "/root/.my.cnf"
state: present
tags:
- - redmine
+ - redmine
- name: Create Mysql user
mysql_user:
@@ -179,7 +182,7 @@
update_password: always
state: present
tags:
- - redmine
+ - redmine
- name: Store credentials in my.cnf
ini_file:
@@ -195,7 +198,7 @@
- { option: 'database', value: "{{ redmine_db_name }}" }
- { option: 'password', value: '{{ redmine_db_pass }}' }
tags:
- - redmine
+ - redmine
- name: Copy configurations file
template:
@@ -205,23 +208,23 @@
group: "{{ redmine_user }}"
mode: "0640"
with_items:
- - 'configuration.yml'
- - 'database.yml'
- - 'additional_environment.rb'
+ - 'configuration.yml'
+ - 'database.yml'
+ - 'additional_environment.rb'
tags:
- - redmine
+ - redmine
- name: Install Redmine plugins
include: plugins.yml
with_items: "{{ redmine_plugins }}"
tags:
- - redmine
+ - redmine
- name: Install Redmine themes
include: themes.yml
with_items: "{{ redmine_themes }}"
tags:
- - redmine
+ - redmine
- name: Update local gems with bundle
bundler:
@@ -230,14 +233,20 @@
gem_path: "/home/{{ redmine_user }}/.gems"
user_install: yes
become_user: "{{ redmine_user }}"
+ become: yes
when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed
+ tags:
+ - redmine
- name: Migrate database with rake
shell: bundle exec rake -qf ~/www/Rakefile db:migrate
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
when: redmine_git_task.changed
+ tags:
+ - redmine
- name: Populate Mysql database
shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated
@@ -246,13 +255,19 @@
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
+ tags:
+ - redmine
- name: Migrate plugins
shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
when: redmine_plugin_install.changed
+ tags:
+ - redmine
- name: Generate secret token
shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token
@@ -261,8 +276,9 @@
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
tags:
- - redmine
+ - redmine
- name: Copy puma config
template:
@@ -285,8 +301,9 @@
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
tags:
- - redmine
+ - redmine
- name: Reload puma service
systemd:
@@ -297,4 +314,5 @@
become_user: "{{ redmine_user }}"
become_method: sudo
become_flags: '-iu {{ redmine_user }}'
+ become: yes
when: redmine_puma_config_task.changed
diff --git a/redmine/tasks/plugins.yml b/redmine/tasks/plugins.yml
index aacb2a27..479ffeaf 100644
--- a/redmine/tasks/plugins.yml
+++ b/redmine/tasks/plugins.yml
@@ -2,7 +2,7 @@
- name: Copy/Update plugin from archive
unarchive:
src: "{{ item.zip }}"
- dest: "/home/{{ redmine_user }}/www/plugins/"
+ dest: "/home/{{ redmine_user }}/www/plugins/"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
@@ -17,10 +17,10 @@
version: "{{ item.tree | default('master') }}"
register: redmine_plugin_install
when: item.git is defined
-
+
- name: Fix rights on plugin dir
file:
- path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
+ path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "u=rwX,g=rX,o="
diff --git a/redmine/tasks/themes.yml b/redmine/tasks/themes.yml
index ea5046de..510e2038 100644
--- a/redmine/tasks/themes.yml
+++ b/redmine/tasks/themes.yml
@@ -2,7 +2,7 @@
- name: Copy/Update theme from archive
unarchive:
src: "{{ item.zip }}"
- dest: "/home/{{ redmine_user }}/www/public/themes/"
+ dest: "/home/{{ redmine_user }}/www/public/themes/"
remote_src: yes
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
@@ -15,10 +15,10 @@
dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
version: "{{ item.tree | default('master') }}"
when: item.git is defined
-
+
- name: Fix rights on theme dir
file:
- path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
+ path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}"
owner: "{{ redmine_user }}"
group: "{{ redmine_user }}"
mode: "0750"
diff --git a/squid/files/evolinux-whitelist-defaults.conf b/squid/files/evolinux-whitelist-defaults.conf
index ada4fcdc..125eda7d 100644
--- a/squid/files/evolinux-whitelist-defaults.conf
+++ b/squid/files/evolinux-whitelist-defaults.conf
@@ -9,6 +9,7 @@
^spamassassin\.apache\.org$
^.*sa-update.*$
^pear\.php\.net$
+^repo\.mysql\.com$
# Let's Encrypt
^.*\.letsencrypt.org$
diff --git a/squid/files/whitelist-evolinux.conf b/squid/files/whitelist-evolinux.conf
index 10bcd779..5c22f4a7 100644
--- a/squid/files/whitelist-evolinux.conf
+++ b/squid/files/whitelist-evolinux.conf
@@ -9,6 +9,7 @@ http://.*clamav.net/.*
http://spamassassin.apache.org/.*
http://.*sa-update.*
http://pear.php.net/.*
+http://repo.mysql.com/.*
# Let's Encrypt
http://.*.letsencrypt.org/.*
diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml
index 56fb76ff..2c9a634d 100644
--- a/tomcat-instance/tasks/user.yml
+++ b/tomcat-instance/tasks/user.yml
@@ -37,7 +37,7 @@
- name: Run newaliases
command: newaliases
- when: tomcat_instance_mail_alias | changed
+ when: tomcat_instance_mail_alias | changed
- name: Enable sudo right
lineinfile:
diff --git a/webapps/evoadmin-mail/tasks/user.yml b/webapps/evoadmin-mail/tasks/user.yml
index 5b267e72..5ec87f78 100644
--- a/webapps/evoadmin-mail/tasks/user.yml
+++ b/webapps/evoadmin-mail/tasks/user.yml
@@ -55,7 +55,7 @@
dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php"
owner: "www-{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
- when: ldap_admin_password is defined
+ when: ldap_admin_password is defined
- name: "Copy conf.php"
template:
diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml
index 185549aa..46c04f13 100644
--- a/webapps/evoadmin-web/tasks/main.yml
+++ b/webapps/evoadmin-web/tasks/main.yml
@@ -1,5 +1,9 @@
---
+- fail:
+ msg: Please configure var evoadmin_contact_email
+ when: evoadmin_contact_email is none
+
- include: packages.yml
- include: user.yml
@@ -18,4 +22,3 @@
marker: ""
block: |
Interface admin web (EvoAdmin-web)
-
diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml
index d8a4598b..6b6a67e2 100644
--- a/webapps/wordpress/tasks/main.yml
+++ b/webapps/wordpress/tasks/main.yml
@@ -28,7 +28,7 @@
changed_when: false
- name: Read mysql config from .my.cnf
- set_fact:
+ set_fact:
db_host: "{{ lookup('ini', 'host section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default=127.0.0.1') }}"
db_user: "{{ lookup('ini', 'user section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default={{ ansible_user }}') }}"
db_pwd: "{{ lookup('ini', 'password section=client file=/tmp/wordpress-{{ ansible_user }}.cnf') }}"
@@ -44,7 +44,7 @@
- name: Configure Wordpress (wp-config.php)
shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
args:
- creates: "{{ ansible_env.HOME }}/www/wp-config.php"
+ creates: "{{ ansible_env.HOME }}/www/wp-config.php"
- name: Configure site
shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
@@ -90,7 +90,7 @@
Votre nouveau site WordPress a bien été installé à l’adresse :
http://{{ wordpress_host }}
-
+
Vous pouvez vous y connecter en tant qu’administrateur avec les informations suivantes :
Identifiant : admin