Allow more --check runs
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Use “when: not ansible_check_mode” or “when <file>.stat.exists or not
ansible_check_mode” in order to provide a meaningful diff if possible.
This is an improvement from the previously reverted commit
1728eaee68
.
This commit is contained in:
parent
7005344a5b
commit
fc692cf65b
|
@ -3,13 +3,16 @@
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: reload apache
|
- name: reload apache
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart munin-node
|
- name: restart munin-node
|
||||||
service:
|
service:
|
||||||
name: munin-node
|
name: munin-node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -14,7 +14,12 @@
|
||||||
- name: Load IP whitelist task
|
- name: Load IP whitelist task
|
||||||
include: ip_whitelist.yml
|
include: ip_whitelist.yml
|
||||||
|
|
||||||
- name: include private IP whitelist for server-status
|
- name: Is status.conf present?
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/mods-available/status.conf
|
||||||
|
register: _status_conf
|
||||||
|
|
||||||
|
- name: Include private IP whitelist for server-status
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/apache2/mods-available/status.conf
|
dest: /etc/apache2/mods-available/status.conf
|
||||||
line: " include /etc/apache2/ipaddr_whitelist.conf"
|
line: " include /etc/apache2/ipaddr_whitelist.conf"
|
||||||
|
@ -22,6 +27,7 @@
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: _status_conf.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Copy private_htpasswd
|
- name: Copy private_htpasswd
|
||||||
copy:
|
copy:
|
||||||
|
@ -35,6 +41,11 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: Is private_htpasswd present?
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/private_htpasswd
|
||||||
|
register: _private_htpasswd
|
||||||
|
|
||||||
- name: add user:pwd to private htpasswd
|
- name: add user:pwd to private htpasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/apache2/private_htpasswd
|
dest: /etc/apache2/private_htpasswd
|
||||||
|
@ -44,6 +55,7 @@
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: _private_htpasswd.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: remove user:pwd from private htpasswd
|
- name: remove user:pwd from private htpasswd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -54,3 +66,4 @@
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: _private_htpasswd.stat.exists or not ansible_check_mode
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: add IP addresses to private IP whitelist
|
- name: Is ipaddr_whitelist.conf present?
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/ipaddr_whitelist.conf
|
||||||
|
register: _ipaddr_whitelist_conf
|
||||||
|
|
||||||
|
- name: Add IP addresses to private IP whitelist
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
line: "Require ip {{ item }}"
|
line: "Require ip {{ item }}"
|
||||||
|
@ -10,8 +15,9 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
- ips
|
- ips
|
||||||
|
when: _ipaddr_whitelist_conf.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: remove IP addresses from private IP whitelist
|
- name: Remove IP addresses from private IP whitelist
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
line: "Require ip {{ item }}"
|
line: "Require ip {{ item }}"
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Add log2mail config for Apache segfaults
|
- name: Add log2mail config for Apache segfaults
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -53,6 +53,7 @@
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: basic modules are enabled
|
- name: basic modules are enabled
|
||||||
apache2_module:
|
apache2_module:
|
||||||
|
@ -61,7 +62,9 @@
|
||||||
loop:
|
loop:
|
||||||
- cgi
|
- cgi
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
when:
|
||||||
|
- apache_mpm == "prefork" or apache_mpm == "itk"
|
||||||
|
- not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
@ -123,14 +126,21 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: default vhost is enabled
|
- name: Is 000-evolinux-default.conf present?
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||||
|
register: _000_evolinux_default_conf
|
||||||
|
|
||||||
|
- name: Default vhost is enabled
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||||
dest: /etc/apache2/sites-enabled/000-default.conf
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: yes
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
when: apache_evolinux_default_enabled | bool
|
when:
|
||||||
|
- apache_evolinux_default_enabled | bool
|
||||||
|
- _000_evolinux_default_conf.stat.exists or not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
@ -138,7 +148,7 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: is umask already present?
|
- name: Is umask already present?
|
||||||
command: "grep -E '^umask ' /etc/apache2/envvars"
|
command: "grep -E '^umask ' /etc/apache2/envvars"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
@ -147,6 +157,11 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: Is envvars present?
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/envvars
|
||||||
|
register: _envvars
|
||||||
|
|
||||||
- name: Add a mark in envvars for umask
|
- name: Add a mark in envvars for umask
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/apache2/envvars
|
dest: /etc/apache2/envvars
|
||||||
|
@ -155,7 +170,9 @@
|
||||||
## Set umask for writing by Apache user.
|
## Set umask for writing by Apache user.
|
||||||
## Set rights on files and directories written by Apache
|
## Set rights on files and directories written by Apache
|
||||||
umask 007
|
umask 007
|
||||||
when: envvar_grep_umask.rc != 0
|
when:
|
||||||
|
- envvar_grep_umask.rc != 0
|
||||||
|
- _envvars.stat.exists or not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
@ -183,6 +200,11 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: Is logrotate.d/apache2 present?
|
||||||
|
stat:
|
||||||
|
path: /etc/logrotate.d/apache2
|
||||||
|
register: _logrotate_d_apache2
|
||||||
|
|
||||||
- name: "logrotate: {{ apache_logrotate_frequency }}"
|
- name: "logrotate: {{ apache_logrotate_frequency }}"
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/logrotate.d/apache2
|
dest: /etc/logrotate.d/apache2
|
||||||
|
@ -190,6 +212,7 @@
|
||||||
replace: "{{ apache_logrotate_frequency }}"
|
replace: "{{ apache_logrotate_frequency }}"
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: _logrotate_d_apache2.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
||||||
replace:
|
replace:
|
||||||
|
@ -198,6 +221,7 @@
|
||||||
replace: '\1 {{ apache_logrotate_rotate }}'
|
replace: '\1 {{ apache_logrotate_rotate }}'
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
when: _logrotate_d_apache2.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- include: log2mail.yml
|
- include: log2mail.yml
|
||||||
when: apache_log2mail_include
|
when: apache_log2mail_include
|
||||||
|
|
|
@ -23,6 +23,7 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
- munin
|
- munin
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: "Install fcgi packages for Munin graphs"
|
- name: "Install fcgi packages for Munin graphs"
|
||||||
apt:
|
apt:
|
||||||
|
@ -43,6 +44,7 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
- munin
|
- munin
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: "Apache has access to /var/log/munin/"
|
- name: "Apache has access to /var/log/munin/"
|
||||||
file:
|
file:
|
||||||
|
@ -51,3 +53,4 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
- munin
|
- munin
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -21,15 +21,22 @@
|
||||||
args:
|
args:
|
||||||
creates: "{{ apache_serverstatus_suffix_file }}"
|
creates: "{{ apache_serverstatus_suffix_file }}"
|
||||||
|
|
||||||
|
- name: Is apache_serverstatus_suffix_file present?
|
||||||
|
stat:
|
||||||
|
path: "{{ apache_serverstatus_suffix_file }}"
|
||||||
|
register: _apache_serverstatus_suffix_file
|
||||||
|
|
||||||
- name: read apache server status suffix
|
- name: read apache server status suffix
|
||||||
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
|
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: new_apache_serverstatus_suffix
|
register: new_apache_serverstatus_suffix
|
||||||
|
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: overwrite apache_serverstatus_suffix
|
- name: overwrite apache_serverstatus_suffix
|
||||||
set_fact:
|
set_fact:
|
||||||
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
|
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
|
||||||
|
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: apache_serverstatus_suffix
|
var: apache_serverstatus_suffix
|
||||||
|
@ -40,12 +47,14 @@
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
regexp: '__SERVERSTATUS_SUFFIX__'
|
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||||
replace: "{{ apache_serverstatus_suffix }}"
|
replace: "{{ apache_serverstatus_suffix }}"
|
||||||
|
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: add server-status suffix in default site index if missing
|
- name: add server-status suffix in default site index if missing
|
||||||
replace:
|
replace:
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
regexp: '"/server-status-?"'
|
regexp: '"/server-status-?"'
|
||||||
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
|
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
|
||||||
|
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: add server-status suffix in default VHost
|
- name: add server-status suffix in default VHost
|
||||||
replace:
|
replace:
|
||||||
|
@ -53,12 +62,19 @@
|
||||||
regexp: '<Location /server-status-?>'
|
regexp: '<Location /server-status-?>'
|
||||||
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
|
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
when: _apache_serverstatus_suffix_file.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
|
- name: Is munin-node present?
|
||||||
|
stat:
|
||||||
|
path: /etc/munin/plugin-conf.d/munin-node
|
||||||
|
register: _munin_node
|
||||||
|
|
||||||
- name: Munin configuration has a section for apache
|
- name: Munin configuration has a section for apache
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/munin/plugin-conf.d/munin-node
|
dest: /etc/munin/plugin-conf.d/munin-node
|
||||||
line: "[apache_*]"
|
line: "[apache_*]"
|
||||||
create: no
|
create: no
|
||||||
|
when: _munin_node.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: apache-status URL is configured for Munin
|
- name: apache-status URL is configured for Munin
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -68,3 +84,4 @@
|
||||||
insertafter: "[apache_*]"
|
insertafter: "[apache_*]"
|
||||||
create: no
|
create: no
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
|
when: _munin_node.stat.exists or not ansible_check_mode
|
||||||
|
|
|
@ -8,14 +8,22 @@
|
||||||
- etc-git
|
- etc-git
|
||||||
when:
|
when:
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: Install and configure utilities
|
- name: Install and configure utilities
|
||||||
include: utils.yml
|
include: utils.yml
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
||||||
|
- name: Is git present?
|
||||||
|
stat:
|
||||||
|
path: /usr/bin/git
|
||||||
|
register: _git
|
||||||
|
|
||||||
- name: Configure repositories
|
- name: Configure repositories
|
||||||
include: repositories.yml
|
include: repositories.yml
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
when: etc_git_config_repositories | bool
|
when:
|
||||||
|
- etc_git_config_repositories | bool
|
||||||
|
- _git.stat.exists or not ansible_check_mode
|
||||||
|
|
|
@ -1,14 +1,17 @@
|
||||||
- name: newaliases
|
- name: newaliases
|
||||||
command: newaliases
|
command: newaliases
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Test Apache conf
|
- name: Test Apache conf
|
||||||
command: apache2ctl -t
|
command: apache2ctl -t
|
||||||
notify: "Reload Apache conf"
|
notify: "Reload Apache conf"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: reload apache2
|
- name: reload apache2
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: apt update
|
- name: apt update
|
||||||
apt:
|
apt:
|
||||||
|
@ -18,8 +21,10 @@
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: reload squid
|
- name: reload squid
|
||||||
service:
|
service:
|
||||||
name: squid
|
name: squid
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -10,6 +10,8 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout | length > 0
|
when:
|
||||||
|
- not ansible_check_mode
|
||||||
|
- evocheck_run.stdout | length > 0
|
||||||
tags:
|
tags:
|
||||||
- evocheck-exec
|
- evocheck-exec
|
||||||
|
|
|
@ -38,6 +38,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: ssl-cert
|
group: ssl-cert
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Create certificate for default site
|
- name: Create certificate for default site
|
||||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||||
|
|
|
@ -43,7 +43,9 @@
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
when: ansible_virtualization_role == "host"
|
when:
|
||||||
|
- ansible_virtualization_role == "host"
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
## RAID
|
## RAID
|
||||||
# Dell and others: MegaRAID SAS
|
# Dell and others: MegaRAID SAS
|
||||||
|
@ -108,6 +110,7 @@
|
||||||
name: ssacli
|
name: ssacli
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
|
when: not ansible_check_mode
|
||||||
when:
|
when:
|
||||||
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
|
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
|
||||||
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
|
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
|
||||||
|
@ -134,6 +137,7 @@
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: cciss-vol-statusd init script is present (HP gen <10)
|
- name: cciss-vol-statusd init script is present (HP gen <10)
|
||||||
template:
|
template:
|
||||||
|
@ -246,6 +250,7 @@
|
||||||
allow_unauthenticated: yes
|
allow_unauthenticated: yes
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure packages for DELL/LSI hardware
|
- name: Configure packages for DELL/LSI hardware
|
||||||
template:
|
template:
|
||||||
|
@ -263,6 +268,7 @@
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- config
|
- config
|
||||||
|
when: not ansible_check_mode
|
||||||
when:
|
when:
|
||||||
- "'MegaRAID' in raidmodel.stdout"
|
- "'MegaRAID' in raidmodel.stdout"
|
||||||
- evolinux_packages_hardware_raid | bool
|
- evolinux_packages_hardware_raid | bool
|
||||||
|
|
|
@ -16,6 +16,12 @@
|
||||||
daemon-reload: yes
|
daemon-reload: yes
|
||||||
state: started
|
state: started
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
|
- name: Is log2mail/config/default present?
|
||||||
|
stat:
|
||||||
|
path: /etc/log2mail/config/default
|
||||||
|
register: _log2mail_config_default
|
||||||
|
|
||||||
- name: log2mail config is present
|
- name: log2mail config is present
|
||||||
blockinfile:
|
blockinfile:
|
||||||
|
@ -32,4 +38,5 @@
|
||||||
notify: restart log2mail
|
notify: restart log2mail
|
||||||
tags:
|
tags:
|
||||||
- log2mail
|
- log2mail
|
||||||
|
when: _log2mail_config_default.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
|
|
|
@ -89,7 +89,9 @@
|
||||||
apt:
|
apt:
|
||||||
name: serveur-base
|
name: serveur-base
|
||||||
allow_unauthenticated: yes
|
allow_unauthenticated: yes
|
||||||
when: evolinux_packages_serveur_base | bool
|
when:
|
||||||
|
- evolinux_packages_serveur_base | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: Install/Update packages for Stretch and later
|
- name: Install/Update packages for Stretch and later
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -11,6 +11,11 @@
|
||||||
- packages
|
- packages
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
- name: Is main.cf present?
|
||||||
|
stat:
|
||||||
|
path: /etc/postfix/main.cf
|
||||||
|
register: _main_cf
|
||||||
|
|
||||||
- name: configure postfix myhostname
|
- name: configure postfix myhostname
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/postfix/main.cf
|
dest: /etc/postfix/main.cf
|
||||||
|
@ -20,6 +25,7 @@
|
||||||
notify: reload postfix
|
notify: reload postfix
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
when: _main_cf.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: configure postfix mynetworks
|
- name: configure postfix mynetworks
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -30,6 +36,7 @@
|
||||||
notify: reload postfix
|
notify: reload postfix
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
when: _main_cf.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: fetch users list
|
- name: fetch users list
|
||||||
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
|
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
|
||||||
|
@ -41,6 +48,11 @@
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
- name: Is aliases present?
|
||||||
|
stat:
|
||||||
|
path: /etc/aliases
|
||||||
|
register: _aliases
|
||||||
|
|
||||||
- name: each user is aliased to root
|
- name: each user is aliased to root
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/aliases
|
dest: /etc/aliases
|
||||||
|
@ -48,7 +60,9 @@
|
||||||
line: "{{ item }}: root"
|
line: "{{ item }}: root"
|
||||||
loop: "{{ non_root_users_list.stdout_lines }}"
|
loop: "{{ non_root_users_list.stdout_lines }}"
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_users_alias_root | bool
|
when:
|
||||||
|
- evolinux_postfix_users_alias_root | bool
|
||||||
|
- _aliases.stat.exists or not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
@ -65,7 +79,9 @@
|
||||||
- error
|
- error
|
||||||
- bounce
|
- bounce
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_mailer_alias_root | bool
|
when:
|
||||||
|
- evolinux_postfix_mailer_alias_root | bool
|
||||||
|
- _aliases.stat.exists or not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
@ -75,7 +91,9 @@
|
||||||
regexp: "^root:"
|
regexp: "^root:"
|
||||||
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_root_alias | bool
|
when:
|
||||||
|
- evolinux_postfix_root_alias | bool
|
||||||
|
- _aliases.stat.exists or not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
|
|
@ -154,13 +154,21 @@
|
||||||
register: grep_profile_evomaintenance
|
register: grep_profile_evomaintenance
|
||||||
|
|
||||||
## Don't add the trap if it is present or commented
|
## Don't add the trap if it is present or commented
|
||||||
|
|
||||||
|
- name: "Is '/home/{{ user.name }}' present?"
|
||||||
|
stat:
|
||||||
|
path: '/home/{{ user.name }}'
|
||||||
|
register: _home_user_name
|
||||||
|
|
||||||
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
|
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
state: present
|
state: present
|
||||||
dest: '/home/{{ user.name }}/.profile'
|
dest: '/home/{{ user.name }}/.profile'
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
|
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
|
||||||
when: grep_profile_evomaintenance.rc != 0
|
when:
|
||||||
|
- grep_profile_evomaintenance.rc != 0
|
||||||
|
- _home_user_name.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
# SSH keys
|
# SSH keys
|
||||||
|
|
||||||
|
@ -192,5 +200,6 @@
|
||||||
when:
|
when:
|
||||||
- user.ssh_keys is defined
|
- user.ssh_keys is defined
|
||||||
- user.ssh_keys | length > 0
|
- user.ssh_keys | length > 0
|
||||||
|
- _home_user_name.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -3,13 +3,16 @@
|
||||||
service:
|
service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart haproxy
|
- name: restart haproxy
|
||||||
service:
|
service:
|
||||||
name: haproxy
|
name: haproxy
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart munin-node
|
- name: restart munin-node
|
||||||
service:
|
service:
|
||||||
name: munin-node
|
name: munin-node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -114,6 +114,11 @@
|
||||||
- config
|
- config
|
||||||
- update-config
|
- update-config
|
||||||
|
|
||||||
|
- name: Is haproxy.cfg present?
|
||||||
|
stat:
|
||||||
|
path: /etc/haproxy/haproxy.cfg
|
||||||
|
register: _haproxy_cfg
|
||||||
|
|
||||||
- name: Rotate logs with dateext
|
- name: Rotate logs with dateext
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/logrotate.d/haproxy
|
dest: /etc/logrotate.d/haproxy
|
||||||
|
@ -123,6 +128,12 @@
|
||||||
tags:
|
tags:
|
||||||
- haproxy
|
- haproxy
|
||||||
- logrotate
|
- logrotate
|
||||||
|
when: _haproxy_cfg.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
|
- name: Is logrotate.d/haproxy present?
|
||||||
|
stat:
|
||||||
|
path: /etc/logrotate.d/haproxy
|
||||||
|
register: _logrotate_d_haproxy
|
||||||
|
|
||||||
- name: Rotate logs with nodelaycompress
|
- name: Rotate logs with nodelaycompress
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -133,6 +144,7 @@
|
||||||
tags:
|
tags:
|
||||||
- haproxy
|
- haproxy
|
||||||
- logrotate
|
- logrotate
|
||||||
|
when: _logrotate_d_haproxy.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Set net.ipv4.ip_nonlocal_bind
|
- name: Set net.ipv4.ip_nonlocal_bind
|
||||||
sysctl:
|
sysctl:
|
||||||
|
|
|
@ -5,11 +5,17 @@
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
|
- name: "Is sources.list present?"
|
||||||
|
stat:
|
||||||
|
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
|
register: _sources_list
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||||
replace:
|
replace:
|
||||||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
when: _sources_list.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -5,11 +5,17 @@
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
|
||||||
|
|
||||||
|
- name: "Is sources.list present?"
|
||||||
|
stat:
|
||||||
|
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
|
register: _sources_list
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||||
replace:
|
replace:
|
||||||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
when: _sources_list.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -5,11 +5,17 @@
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
|
||||||
|
|
||||||
|
- name: "Is sources.list present?"
|
||||||
|
stat:
|
||||||
|
path: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
|
register: _sources_list
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||||
replace:
|
replace:
|
||||||
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
when: _sources_list.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -1,9 +1,16 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Is lxc installed?
|
||||||
|
stat:
|
||||||
|
path: /usr/bin/lxc-ls
|
||||||
|
register: _lxc_ls
|
||||||
|
|
||||||
- name: "Check if container {{ name }} exists"
|
- name: "Check if container {{ name }} exists"
|
||||||
command: "lxc-ls {{ name }}"
|
command: "lxc-ls {{ name }}"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: container_exists
|
register: container_exists
|
||||||
|
when: _lxc_ls.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "Create container {{ name }}"
|
- name: "Create container {{ name }}"
|
||||||
lxc_container:
|
lxc_container:
|
||||||
|
@ -12,20 +19,31 @@
|
||||||
template: debian
|
template: debian
|
||||||
state: stopped
|
state: stopped
|
||||||
template_options: "--arch amd64 --release {{ release }}"
|
template_options: "--arch amd64 --release {{ release }}"
|
||||||
when: container_exists.stdout_lines | length == 0
|
when:
|
||||||
|
- container_exists.stdout_lines | length == 0
|
||||||
|
- _lxc_container.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
|
- name: "Is container {{ name }} created?"
|
||||||
|
stat:
|
||||||
|
path: "/var/lib/lxc/{{ name }}"
|
||||||
|
register: _lxc_container
|
||||||
|
|
||||||
- name: "Disable network configuration inside container {{ name }}"
|
- name: "Disable network configuration inside container {{ name }}"
|
||||||
replace:
|
replace:
|
||||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
|
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
|
||||||
regexp: "^#CONFIGURE_INTERFACES=yes"
|
regexp: "^#CONFIGURE_INTERFACES=yes"
|
||||||
replace: CONFIGURE_INTERFACES=no
|
replace: CONFIGURE_INTERFACES=no
|
||||||
when: lxc_network_type == "none"
|
when:
|
||||||
|
- lxc_network_type == "none"
|
||||||
|
- _lxc_container.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
|
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
|
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
|
||||||
line: "NETDOWN=no"
|
line: "NETDOWN=no"
|
||||||
when: lxc_network_type == "none" and release == "jessie"
|
when:
|
||||||
|
- lxc_network_type == "none" and release == "jessie"
|
||||||
|
- _lxc_container.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
|
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
|
||||||
file:
|
file:
|
||||||
|
@ -44,13 +62,16 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
|
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
|
||||||
line: "127.0.0.1 {{ name }}"
|
line: "127.0.0.1 {{ name }}"
|
||||||
|
when: _lxc_container.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "Fix permission on /dev for container {{ name }}"
|
- name: "Fix permission on /dev for container {{ name }}"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
|
name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
|
||||||
line: "chmod 755 /dev"
|
line: "chmod 755 /dev"
|
||||||
insertbefore: "^exit 0$"
|
insertbefore: "^exit 0$"
|
||||||
when: release == 'jessie'
|
when:
|
||||||
|
- release == 'jessie'
|
||||||
|
- _lxc_container.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: "Ensure that {{ name }} container is running"
|
- name: "Ensure that {{ name }} container is running"
|
||||||
lxc_container:
|
lxc_container:
|
||||||
|
|
|
@ -43,11 +43,17 @@
|
||||||
- lxc_unprivilegied_containers | bool
|
- lxc_unprivilegied_containers | bool
|
||||||
- root_subuids.rc != 0
|
- root_subuids.rc != 0
|
||||||
|
|
||||||
|
- name: Is lxc present?
|
||||||
|
stat:
|
||||||
|
path: /var/lib/lxc
|
||||||
|
register: _lib_lxc
|
||||||
|
|
||||||
- name: Get filesystem options
|
- name: Get filesystem options
|
||||||
command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
|
command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS
|
||||||
changed_when: false
|
changed_when: false
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: check_fs_options
|
register: check_fs_options
|
||||||
|
when: _lib_lxc.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Check if options are correct
|
- name: Check if options are correct
|
||||||
assert:
|
assert:
|
||||||
|
@ -56,6 +62,7 @@
|
||||||
- "'noexec' not in check_fs_options.stdout"
|
- "'noexec' not in check_fs_options.stdout"
|
||||||
- "'nosuid' not in check_fs_options.stdout"
|
- "'nosuid' not in check_fs_options.stdout"
|
||||||
msg: "LXC directory is in a filesystem with incompatible options"
|
msg: "LXC directory is in a filesystem with incompatible options"
|
||||||
|
when: _lib_lxc.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Create containers
|
- name: Create containers
|
||||||
include: create-container.yml
|
include: create-container.yml
|
||||||
|
|
|
@ -24,12 +24,18 @@
|
||||||
var: minifirewall_is_running
|
var: minifirewall_is_running
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: Is minifirewall present?
|
||||||
|
stat:
|
||||||
|
path: /etc/default/minifirewall
|
||||||
|
register: _minifirewall
|
||||||
|
|
||||||
- name: Begin marker for IP addresses
|
- name: Begin marker for IP addresses
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
|
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
|
||||||
insertbefore: '^# Main interface'
|
insertbefore: '^# Main interface'
|
||||||
create: no
|
create: no
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: End marker for IP addresses
|
- name: End marker for IP addresses
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -37,6 +43,7 @@
|
||||||
create: no
|
create: no
|
||||||
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
|
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
|
||||||
insertafter: '^PRIVILEGIEDIPS='
|
insertafter: '^PRIVILEGIEDIPS='
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Verify that at least 1 trusted IP is provided
|
- name: Verify that at least 1 trusted IP is provided
|
||||||
assert:
|
assert:
|
||||||
|
@ -84,6 +91,7 @@
|
||||||
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
||||||
create: no
|
create: no
|
||||||
register: minifirewall_config_ips
|
register: minifirewall_config_ips
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Begin marker for ports
|
- name: Begin marker for ports
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -91,6 +99,7 @@
|
||||||
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
|
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||||
insertbefore: '^# Protected services'
|
insertbefore: '^# Protected services'
|
||||||
create: no
|
create: no
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: End marker for ports
|
- name: End marker for ports
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -98,6 +107,7 @@
|
||||||
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
|
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
|
||||||
insertafter: '^SERVICESUDP3='
|
insertafter: '^SERVICESUDP3='
|
||||||
create: no
|
create: no
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure ports
|
- name: Configure ports
|
||||||
blockinfile:
|
blockinfile:
|
||||||
|
@ -122,6 +132,7 @@
|
||||||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||||
create: no
|
create: no
|
||||||
register: minifirewall_config_ports
|
register: minifirewall_config_ports
|
||||||
|
when: _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure DNSSERVEURS
|
- name: Configure DNSSERVEURS
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -193,7 +204,9 @@
|
||||||
line: "PROXY='{{ minifirewall_proxy }}'"
|
line: "PROXY='{{ minifirewall_proxy }}'"
|
||||||
regexp: "PROXY=('|\").*('|\")"
|
regexp: "PROXY=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_proxy is not none
|
when:
|
||||||
|
- minifirewall_proxy is not none
|
||||||
|
- _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure PROXYPORT
|
- name: Configure PROXYPORT
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -201,7 +214,9 @@
|
||||||
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
||||||
regexp: "PROXYPORT=('|\").*('|\")"
|
regexp: "PROXYPORT=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_proxyport is not none
|
when:
|
||||||
|
- minifirewall_proxyport is not none
|
||||||
|
- _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
# Warning: keep double quotes for the value,
|
# Warning: keep double quotes for the value,
|
||||||
# since we often reference a shell variable that needs to be interpolated
|
# since we often reference a shell variable that needs to be interpolated
|
||||||
|
@ -211,7 +226,9 @@
|
||||||
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
||||||
regexp: "PROXYBYPASS=('|\").*('|\")"
|
regexp: "PROXYBYPASS=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_proxybypass is not none
|
when:
|
||||||
|
- minifirewall_proxyport is not none
|
||||||
|
- _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure BACKUPSERVERS
|
- name: Configure BACKUPSERVERS
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -219,7 +236,9 @@
|
||||||
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
||||||
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_backupservers is not none
|
when:
|
||||||
|
- minifirewall_backupservers is not none
|
||||||
|
- _minifirewall.stat.exists or not ansible_check_mode
|
||||||
|
|
||||||
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -4,11 +4,13 @@
|
||||||
service:
|
service:
|
||||||
name: munin-node
|
name: munin-node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart munin_node
|
- name: restart munin_node
|
||||||
service:
|
service:
|
||||||
name: munin_node
|
name: munin_node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: systemd daemon-reload
|
- name: systemd daemon-reload
|
||||||
systemd:
|
systemd:
|
||||||
|
|
|
@ -32,7 +32,9 @@
|
||||||
removes: /var/lib/munin/localdomain
|
removes: /var/lib/munin/localdomain
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
|
|
||||||
when: not ansible_hostname == "localdomain"
|
when:
|
||||||
|
- not ansible_hostname == "localdomain"
|
||||||
|
- not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
|
@ -79,6 +81,7 @@
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
tags:
|
tags:
|
||||||
- munin
|
- munin
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Enable sensors_ plugin on dedicated hardware
|
- name: Enable sensors_ plugin on dedicated hardware
|
||||||
file:
|
file:
|
||||||
|
@ -92,6 +95,7 @@
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
tags:
|
tags:
|
||||||
- munin
|
- munin
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Enable ipmi_ plugin on dedicated hardware
|
- name: Enable ipmi_ plugin on dedicated hardware
|
||||||
file:
|
file:
|
||||||
|
@ -105,6 +109,7 @@
|
||||||
- temp
|
- temp
|
||||||
- power
|
- power
|
||||||
- volts
|
- volts
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: adjustments for grsec kernel
|
- name: adjustments for grsec kernel
|
||||||
blockinfile:
|
blockinfile:
|
||||||
|
|
|
@ -43,3 +43,4 @@
|
||||||
- mysql_custom_datadir | length > 0
|
- mysql_custom_datadir | length > 0
|
||||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
- not mysql_custom_datadir_test.stat.exists
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
|
@ -43,3 +43,4 @@
|
||||||
- mysql_custom_logdir | length > 0
|
- mysql_custom_logdir | length > 0
|
||||||
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
||||||
- not mysql_custom_logdir_test.stat.exists
|
- not mysql_custom_logdir_test.stat.exists
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
|
@ -42,6 +42,7 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- services
|
- services
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: apg package is installed
|
- name: apg package is installed
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- services
|
- services
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: apg package is installed
|
- name: apg package is installed
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -155,7 +155,9 @@
|
||||||
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
||||||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||||
state: link
|
state: link
|
||||||
when: mysql_cron_optimize | bool
|
when:
|
||||||
|
- mysql_cron_optimize | bool
|
||||||
|
- not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
|
|
@ -4,8 +4,10 @@
|
||||||
service:
|
service:
|
||||||
name: nagios-nrpe-server
|
name: nagios-nrpe-server
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart nrpe
|
- name: restart nrpe
|
||||||
service:
|
service:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -21,3 +21,4 @@
|
||||||
notify: restart ntp
|
notify: restart ntp
|
||||||
tags:
|
tags:
|
||||||
- ntp
|
- ntp
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -14,7 +14,9 @@
|
||||||
block: |
|
block: |
|
||||||
# Used for Evoadmin-web
|
# Used for Evoadmin-web
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
when: envvar_grep_path.rc != 0
|
when:
|
||||||
|
- envvar_grep_path.rc != 0
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: Additional packages are installed
|
- name: Additional packages are installed
|
||||||
apt:
|
apt:
|
||||||
|
@ -34,6 +36,7 @@
|
||||||
- negotiation
|
- negotiation
|
||||||
- alias
|
- alias
|
||||||
- log_forensic
|
- log_forensic
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Copy Apache settings for modules
|
- name: Copy Apache settings for modules
|
||||||
copy:
|
copy:
|
||||||
|
@ -60,3 +63,4 @@
|
||||||
loop:
|
loop:
|
||||||
- evolinux-evasive
|
- evolinux-evasive
|
||||||
- evolinux-modsec
|
- evolinux-modsec
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
AllowFullYearView=3
|
AllowFullYearView=3
|
||||||
ErrorMessages="An error occured. Contact your Administrator"
|
ErrorMessages="An error occured. Contact your Administrator"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Create conf-available/awstats-icon.conf file
|
- name: Create conf-available/awstats-icon.conf file
|
||||||
copy:
|
copy:
|
||||||
|
@ -39,6 +40,7 @@
|
||||||
register: command_result
|
register: command_result
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Create awstats cron
|
- name: Create awstats cron
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -46,6 +48,7 @@
|
||||||
create: yes
|
create: yes
|
||||||
regexp: '-config=awstats'
|
regexp: '-config=awstats'
|
||||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Comment default awstat cron's tasks
|
- name: Comment default awstat cron's tasks
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -54,3 +57,4 @@
|
||||||
line: '#\1'
|
line: '#\1'
|
||||||
backrefs: yes
|
backrefs: yes
|
||||||
state: present
|
state: present
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -26,6 +26,7 @@
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
line: ' <li><a href="/info.php">Infos PHP</a></li>'
|
line: ' <li><a href="/info.php">Infos PHP</a></li>'
|
||||||
regexp: "Infos PHP"
|
regexp: "Infos PHP"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: install opcache.php
|
- name: install opcache.php
|
||||||
copy:
|
copy:
|
||||||
|
@ -38,6 +39,7 @@
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
|
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
|
||||||
regexp: "Infos OpCache PHP"
|
regexp: "Infos OpCache PHP"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Add elements to user account template
|
- name: Add elements to user account template
|
||||||
file:
|
file:
|
||||||
|
@ -64,6 +66,7 @@
|
||||||
loop:
|
loop:
|
||||||
- access.log
|
- access.log
|
||||||
- error.log
|
- error.log
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: "Install userlogrotate (jessie)"
|
- name: "Install userlogrotate (jessie)"
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
state: present
|
state: present
|
||||||
name: proxy_fcgi
|
name: proxy_fcgi
|
||||||
notify: restart apache2
|
notify: restart apache2
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: remount-usr
|
name: remount-usr
|
||||||
|
|
|
@ -65,10 +65,12 @@
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: new_packweb_phpmyadmin_suffix
|
register: new_packweb_phpmyadmin_suffix
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: overwrite packweb_phpmyadmin_suffix
|
- name: overwrite packweb_phpmyadmin_suffix
|
||||||
set_fact:
|
set_fact:
|
||||||
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
|
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: packweb_phpmyadmin_suffix
|
var: packweb_phpmyadmin_suffix
|
||||||
|
@ -86,15 +88,18 @@
|
||||||
Require all denied
|
Require all denied
|
||||||
Include /etc/apache2/ipaddr_whitelist.conf
|
Include /etc/apache2/ipaddr_whitelist.conf
|
||||||
</Directory>
|
</Directory>
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: enable phpmyadmin link in default site index
|
- name: enable phpmyadmin link in default site index
|
||||||
replace:
|
replace:
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
|
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
|
||||||
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
|
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: replace phpmyadmin suffix in default site index
|
- name: replace phpmyadmin suffix in default site index
|
||||||
replace:
|
replace:
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||||
replace: "{{ packweb_phpmyadmin_suffix }}"
|
replace: "{{ packweb_phpmyadmin_suffix }}"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -4,23 +4,28 @@
|
||||||
service:
|
service:
|
||||||
name: php5-fpm
|
name: php5-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart php7.0-fpm
|
- name: restart php7.0-fpm
|
||||||
service:
|
service:
|
||||||
name: php7.0-fpm
|
name: php7.0-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart php7.3-fpm
|
- name: restart php7.3-fpm
|
||||||
service:
|
service:
|
||||||
name: php7.3-fpm
|
name: php7.3-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart php7.4-fpm
|
- name: restart php7.4-fpm
|
||||||
service:
|
service:
|
||||||
name: php7.4-fpm
|
name: php7.4-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart php8.1-fpm
|
- name: restart php8.1-fpm
|
||||||
service:
|
service:
|
||||||
name: php8.1-fpm
|
name: php8.1-fpm
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
file:
|
file:
|
||||||
dest: "{{ php_cli_custom_ini_file }}"
|
dest: "{{ php_cli_custom_ini_file }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: "Set custom values for PHP to enable Symfony"
|
- name: "Set custom values for PHP to enable Symfony"
|
||||||
ini_file:
|
ini_file:
|
||||||
|
@ -35,4 +36,6 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- { option: "date.timezone", value: "Europe/Paris" }
|
- { option: "date.timezone", value: "Europe/Paris" }
|
||||||
when: php_symfony_requirements | bool
|
when:
|
||||||
|
- php_symfony_requirements | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
|
@ -79,12 +79,14 @@
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/php
|
- /etc/php
|
||||||
- /etc/php/{{ php_version }}
|
- /etc/php/{{ php_version }}
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_cli.yml
|
- include: config_cli.yml
|
||||||
- name: "Enforce permissions on PHP cli directory (Debian 12)"
|
- name: "Enforce permissions on PHP cli directory (Debian 12)"
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/{{ php_version }}/cli
|
dest: /etc/php/{{ php_version }}/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable
|
||||||
|
@ -93,7 +95,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/{{ php_version }}/fpm
|
dest: /etc/php/{{ php_version }}/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when:
|
||||||
|
- php_fpm_enable
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable
|
when: php_apache_enable
|
||||||
|
@ -102,7 +106,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/{{ php_version }}/apache2
|
dest: /etc/php/{{ php_version }}/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when:
|
||||||
|
- php_apache_enable
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable
|
||||||
|
|
|
@ -68,12 +68,14 @@
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/php
|
- /etc/php
|
||||||
- /etc/php/7.4
|
- /etc/php/7.4
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_cli.yml
|
- include: config_cli.yml
|
||||||
- name: "Enforce permissions on PHP cli directory (Debian 11)"
|
- name: "Enforce permissions on PHP cli directory (Debian 11)"
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/cli
|
dest: /etc/php/7.4/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable
|
||||||
|
@ -82,7 +84,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/fpm
|
dest: /etc/php/7.4/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when:
|
||||||
|
- php_fpm_enable
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable
|
when: php_apache_enable
|
||||||
|
@ -91,7 +95,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/apache2
|
dest: /etc/php/7.4/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when:
|
||||||
|
- php_apache_enable
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable
|
||||||
|
|
|
@ -68,12 +68,14 @@
|
||||||
loop:
|
loop:
|
||||||
- /etc/php
|
- /etc/php
|
||||||
- /etc/php/7.3
|
- /etc/php/7.3
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_cli.yml
|
- include: config_cli.yml
|
||||||
- name: "Enforce permissions on PHP cli directory (Debian 10)"
|
- name: "Enforce permissions on PHP cli directory (Debian 10)"
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.3/cli
|
dest: /etc/php/7.3/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable | bool
|
when: php_fpm_enable | bool
|
||||||
|
@ -82,7 +84,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.3/fpm
|
dest: /etc/php/7.3/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable | bool
|
when:
|
||||||
|
- php_fpm_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable | bool
|
when: php_apache_enable | bool
|
||||||
|
@ -91,7 +95,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.3/apache2
|
dest: /etc/php/7.3/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable | bool
|
when:
|
||||||
|
- php_apache_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable | bool
|
when: php_sury_enable | bool
|
||||||
|
|
|
@ -56,6 +56,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5
|
dest: /etc/php5
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_cli.yml
|
- include: config_cli.yml
|
||||||
|
|
||||||
|
@ -63,6 +64,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5/cli
|
dest: /etc/php5/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable | bool
|
when: php_fpm_enable | bool
|
||||||
|
@ -71,7 +73,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5/fpm
|
dest: /etc/php5/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable | bool
|
when:
|
||||||
|
- php_fpm_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable | bool
|
when: php_apache_enable | bool
|
||||||
|
@ -80,4 +84,6 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5/apache2
|
dest: /etc/php5/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable | bool
|
when:
|
||||||
|
- php_apache_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
|
@ -68,6 +68,7 @@
|
||||||
loop:
|
loop:
|
||||||
- /etc/php
|
- /etc/php
|
||||||
- /etc/php/7.0
|
- /etc/php/7.0
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_cli.yml
|
- include: config_cli.yml
|
||||||
|
|
||||||
|
@ -75,6 +76,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.0/cli
|
dest: /etc/php/7.0/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable | bool
|
when: php_fpm_enable | bool
|
||||||
|
@ -83,7 +85,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.0/fpm
|
dest: /etc/php/7.0/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable | bool
|
when:
|
||||||
|
- php_fpm_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable | bool
|
when: php_apache_enable | bool
|
||||||
|
@ -92,7 +96,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.0/apache2
|
dest: /etc/php/7.0/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable | bool
|
when:
|
||||||
|
- php_apache_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable | bool
|
when: php_sury_enable | bool
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/cli
|
dest: /etc/php/7.4/cli
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Symlink Evolix Apache config files from 7.4 to 7.0
|
- name: Symlink Evolix Apache config files from 7.4 to 7.0
|
||||||
file:
|
file:
|
||||||
|
@ -30,7 +31,9 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/apache2
|
dest: /etc/php/7.4/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable | bool
|
when:
|
||||||
|
- php_apache_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
||||||
file:
|
file:
|
||||||
|
@ -49,4 +52,6 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/fpm
|
dest: /etc/php/7.4/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable | bool
|
when:
|
||||||
|
- php_fpm_enable | bool
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
|
@ -3,3 +3,4 @@
|
||||||
service:
|
service:
|
||||||
name: proftpd
|
name: proftpd
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -70,6 +70,7 @@
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Put empty vpasswd file if missing
|
- name: Put empty vpasswd file if missing
|
||||||
copy:
|
copy:
|
||||||
|
@ -92,6 +93,7 @@
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- include: accounts.yml
|
- include: accounts.yml
|
||||||
when: proftpd_accounts | length > 0
|
when: proftpd_accounts | length > 0
|
||||||
|
|
|
@ -3,31 +3,38 @@
|
||||||
service:
|
service:
|
||||||
name: munin-node
|
name: munin-node
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart squid
|
- name: restart squid
|
||||||
service:
|
service:
|
||||||
name: squid
|
name: squid
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: reload squid
|
- name: reload squid
|
||||||
service:
|
service:
|
||||||
name: squid
|
name: squid
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart squid3
|
- name: restart squid3
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: reload squid3
|
- name: reload squid3
|
||||||
service:
|
service:
|
||||||
name: squid3
|
name: squid3
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart log2mail
|
- name: restart log2mail
|
||||||
service:
|
service:
|
||||||
name: log2mail
|
name: log2mail
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: restart minifirewall
|
- name: restart minifirewall
|
||||||
command: /etc/init.d/minifirewall restart
|
command: /etc/init.d/minifirewall restart
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -121,6 +121,7 @@
|
||||||
when:
|
when:
|
||||||
- squid_localproxy_enable | bool
|
- squid_localproxy_enable | bool
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: "evolinux custom overrides (Debian 9 or later)"
|
- name: "evolinux custom overrides (Debian 9 or later)"
|
||||||
copy:
|
copy:
|
||||||
|
|
|
@ -10,3 +10,4 @@
|
||||||
remote_src: False
|
remote_src: False
|
||||||
src: ftp/evolinux.conf.diff
|
src: ftp/evolinux.conf.diff
|
||||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -3,7 +3,9 @@
|
||||||
- name: "Ensure that evoadmin_contact_email is defined"
|
- name: "Ensure that evoadmin_contact_email is defined"
|
||||||
fail:
|
fail:
|
||||||
msg: Please configure var evoadmin_contact_email
|
msg: Please configure var evoadmin_contact_email
|
||||||
when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0
|
when:
|
||||||
|
- evoadmin_contact_email is none or evoadmin_contact_email | length == 0
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- include: packages.yml
|
- include: packages.yml
|
||||||
|
|
||||||
|
@ -23,3 +25,4 @@
|
||||||
marker: "<!-- {mark} evoadmin-web section -->"
|
marker: "<!-- {mark} evoadmin-web section -->"
|
||||||
block: |
|
block: |
|
||||||
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
|
<li><a href="https://{{ evoadmin_host }}">Interface admin web (EvoAdmin-web)</a></li>
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: ssl-cert
|
group: ssl-cert
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
when: not ansible_check_mode
|
||||||
|
|
||||||
- name: Create certificate for default site
|
- name: Create certificate for default site
|
||||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||||
|
|
|
@ -54,7 +54,9 @@
|
||||||
dest: "{{ evoadmin_document_root }}"
|
dest: "{{ evoadmin_document_root }}"
|
||||||
version: jessie
|
version: jessie
|
||||||
update: False
|
update: False
|
||||||
when: ansible_distribution_release == "jessie"
|
when:
|
||||||
|
- ansible_distribution_release == "jessie"
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: "Clone evoadmin repository (Debian 9 or later)"
|
- name: "Clone evoadmin repository (Debian 9 or later)"
|
||||||
git:
|
git:
|
||||||
|
@ -62,7 +64,9 @@
|
||||||
dest: "{{ evoadmin_document_root }}"
|
dest: "{{ evoadmin_document_root }}"
|
||||||
version: master
|
version: master
|
||||||
update: False
|
update: False
|
||||||
when: ansible_distribution_major_version is version('9', '>=')
|
when:
|
||||||
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
- not ansible_check_mode
|
||||||
|
|
||||||
- name: Change ownership on git repository
|
- name: Change ownership on git repository
|
||||||
file:
|
file:
|
||||||
|
|
Loading…
Reference in a new issue