Compare commits

...

23 commits

Author SHA1 Message Date
Mathieu Trossevin 62dce66cbd
Cleanup: Update changelog 2020-12-23 15:10:21 +01:00
Mathieu Trossevin fe7d9290bf
[Cleanup] whitespaces + missed space before/after var name 2020-12-23 15:08:45 +01:00
Mathieu Trossevin 208d7d603c
[Cleanup] webapps
Probably the most dangerous part of the cleanup, replace call to the
shell module that don't seems to make use of shell features with the
command module.
2020-12-23 15:08:45 +01:00
Mathieu Trossevin 6fb78be66c
[Cleanup] munin: space before and after variable names 2020-12-23 15:08:44 +01:00
Mathieu Trossevin c51669531b
[Cleanup] squid: Compare with empty string + name tasks 2020-12-23 15:08:44 +01:00
Mathieu Trossevin 2b08a2d81d
[Cleanup] redmine
Add galaxy_info to meta/main (based on the one on the wiki)

Add become to all tasks that have become_user defined
2020-12-23 15:08:44 +01:00
Mathieu Trossevin 082e02fe6f
[Cleanup] redis
Space before and after variable names, comparison with empty strings and
naming two tasks
2020-12-23 15:08:44 +01:00
Mathieu Trossevin 9e0202d3de
[Cleanup] postgresql: space before and after variable name 2020-12-23 15:08:43 +01:00
Mathieu Trossevin 119e134373
[Cleanup] php and postfix
Comparison with litteral True and False ( `var == False` ⇔ `not var` or
`var is boolean and var` or ` var is sameas False` should there be a
need to check if it is really a boolean that is False and not only
something evaluationg to False)
2020-12-23 15:08:43 +01:00
Mathieu Trossevin dc5d206488
[Cleanup] packweb-apache 2020-12-23 15:08:43 +01:00
Mathieu Trossevin 498d85b549
[Cleanup] nginx: whitespace + comparison with empty string 2020-12-23 15:08:43 +01:00
Mathieu Trossevin c3caa31bf2
[Cleanup] newrelic, don't compare to empty string 2020-12-23 15:08:42 +01:00
Mathieu Trossevin 97d3d29210
[Cleanup] networkd-to-ifconfig
Add changed_when: false to shell command that does not change anything.
2020-12-23 15:08:42 +01:00
Mathieu Trossevin 478beab856
[Cleanup] mysql-oracle (name + comparison with empty string) 2020-12-23 15:08:42 +01:00
Mathieu Trossevin 93f981be3b
[Cleanup] memcached and metricbeat
Don't compare with empty string
2020-12-23 15:08:40 +01:00
Mathieu Trossevin d206ae4c85
[Cleanup] lxc-solr
Replaced direct call to lxc-attach with the lxc_container module calling
a container_command.

(+ spaces before and after variable name)
2020-12-23 15:06:43 +01:00
Mathieu Trossevin 5cf81335e6
[Cleanup] multiple small role cleaning
Mostly whitespace and comparison with empty strings
2020-12-23 15:06:42 +01:00
Mathieu Trossevin 440bec2feb
[Cleanup] fail2ban
Name all tasks.

It would seems that the task creating the `fail2ban_ignore_ips` fact for
the whitelist exist in both main.yml and ip_whitelist.yml, one of them
might be superfluous.
2020-12-23 15:06:42 +01:00
Mathieu Trossevin 63a0894906
[Cleanup] Clean up elasticsearch role
Don't compare with empty string

Explicitly checkout master branch of head repository.

Space after variable name
2020-12-23 15:06:42 +01:00
Mathieu Trossevin 26eec48954
[Cleanup] amazon-ec2, apache, bind, evolinux-todo, evomaintenance
Don't compare with empty string

Name all tasks

Variables should have space before and after their name
2020-12-23 15:06:41 +01:00
Mathieu Trossevin 0825d88552
[Cleanup] Clean up evoacme and evocheck roles
Don't compare with empty string as an empty string is already false and
a non-empty string is already true.

Name all tasks.
2020-12-23 15:06:38 +01:00
Mathieu Trossevin 3ec85f9560
[Cleanup] Clean up evolinux-base and evolinux-users
evolinux-users: Add name to all tasks for self documentation purposes
and don't compare with empty string.

evolinux-base: Remove trailing whitespaces.
2020-12-23 15:05:04 +01:00
Mathieu Trossevin 2036db938b
[Cleanup] Cleanup the mysql role
Remove the useless call for `cat` as `grep` take a file as it's second
argument that tell it to search for the pattern in a specific file
instead of whatever is passed to it through stdin.

Name both task defining the position of the config directory for
self-documentation purposes (and please ansible-lint defaults).

Change role description to it's description in the readme instead of the
default description asking for the role to be described.

Don't compare to empty string, an empty string is already false while a
non-empty string is true.
2020-12-23 15:02:20 +01:00
73 changed files with 192 additions and 127 deletions

View file

@ -22,6 +22,10 @@ The **patch** part changes incrementally at each release.
### Security ### Security
### Other
* Generic cleanup of roles
## [10.3.0] 2020-12-21 ## [10.3.0] 2020-12-21
### Added ### Added

View file

@ -3,34 +3,34 @@
- name: Launch new instance(s) - name: Launch new instance(s)
ec2: ec2:
state: present state: present
aws_access_key: "{{aws_access_key}}" aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{aws_secret_key}}" aws_secret_key: "{{ aws_secret_key }}"
region: "{{aws_region}}" region: "{{ aws_region }}"
image: "{{ec2_base_ami}}" image: "{{ ec2_base_ami }}"
instance_type: "{{ec2_instance_type}}" instance_type: "{{ ec2_instance_type }}"
count: "{{ec2_instance_count}}" count: "{{ ec2_instance_count }}"
assign_public_ip: "{{ec2_public_ip}}" assign_public_ip: "{{ ec2_public_ip }}"
group: "{{ec2_security_group.name}}" group: "{{ ec2_security_group.name }}"
key_name: "{{ec2_keyname}}" key_name: "{{ ec2_keyname }}"
wait: yes wait: yes
register: ec2 register: ec2
- name: Add newly created instance(s) to inventory - name: Add newly created instance(s) to inventory
add_host: add_host:
hostname: "{{item.public_dns_name}}" hostname: "{{ item.public_dns_name }}"
groupname: launched-instances groupname: launched-instances
ansible_user: admin ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no" ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
with_items: "{{ec2.instances}}" with_items: "{{ ec2.instances }}"
- debug: - debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}" msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
with_items: "{{ec2.instances}}" with_items: "{{ ec2.instances }}"
- name: Wait for SSH to come up on all instances (give up after 2m) - name: Wait for SSH to come up on all instances (give up after 2m)
wait_for: wait_for:
state: started state: started
host: "{{item.public_dns_name}}" host: "{{ item.public_dns_name }}"
port: 22 port: 22
timeout: 120 timeout: 120
with_items: "{{ec2.instances}}" with_items: "{{ ec2.instances }}"

View file

@ -10,7 +10,7 @@
force: no force: no
tags: tags:
- apache - apache
- name: Load IP whitelist task - name: Load IP whitelist task
include: ip_whitelist.yml include: ip_whitelist.yml

View file

@ -14,7 +14,7 @@
# The last character "\u000A" is a line feed (LF), it's better to keep it # The last character "\u000A" is a line feed (LF), it's better to keep it
content: "{{ apache_serverstatus_suffix }}\u000A" content: "{{ apache_serverstatus_suffix }}\u000A"
force: yes force: yes
when: apache_serverstatus_suffix != "" when: apache_serverstatus_suffix
- name: generate random string for server-status suffix - name: generate random string for server-status suffix
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}" shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"

View file

@ -4,7 +4,7 @@
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})" shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
register: apt_mark register: apt_mark
changed_when: "item + ' set on hold.' in apt_mark.stdout" changed_when: "item + ' set on hold.' in apt_mark.stdout"
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == '' failed_when: apt_mark.rc != 0 and apt_mark.stdout
loop: "{{ apt_hold_packages }}" loop: "{{ apt_hold_packages }}"
tags: tags:
- apt - apt

View file

@ -94,7 +94,7 @@
- debug: - debug:
var: chrootbind_run.stdout_lines var: chrootbind_run.stdout_lines
when: bind_chroot_set and chrootbind_run.stdout != "" when: bind_chroot_set and chrootbind_run.stdout
- name: Modify OPTIONS in /etc/default/bind9 for chroot - name: Modify OPTIONS in /etc/default/bind9 for chroot
replace: replace:

View file

@ -16,7 +16,7 @@
tags: tags:
- elasticsearch - elasticsearch
when: when:
- elasticsearch_custom_datadir != '' - elasticsearch_custom_datadir
- elasticsearch_custom_datadir != None - elasticsearch_custom_datadir != None
- name: Datadir is moved to custom path - name: Datadir is moved to custom path
@ -44,7 +44,7 @@
tags: tags:
- elasticsearch - elasticsearch
when: when:
- elasticsearch_custom_datadir != '' - elasticsearch_custom_datadir
- elasticsearch_custom_datadir != None - elasticsearch_custom_datadir != None
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
- not elasticsearch_custom_datadir_test.stat.exists - not elasticsearch_custom_datadir_test.stat.exists

View file

@ -15,6 +15,7 @@
repo: "https://github.com/mobz/elasticsearch-head.git" repo: "https://github.com/mobz/elasticsearch-head.git"
dest: "{{ elasticsearch_plugin_head_clone_dir }}" dest: "{{ elasticsearch_plugin_head_clone_dir }}"
clone: yes clone: yes
version: master
tags: tags:
- packages - packages

View file

@ -54,4 +54,4 @@
tags: tags:
- elasticsearch - elasticsearch
when: elastic_stack_version is version('6', '>=') when: elastic_stack_version is version('6', '>=')
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 when: (elasticsearch_custom_tmpdir and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

View file

@ -1,5 +1,6 @@
--- ---
- ini_file: - name: "Configure openssl key generation"
ini_file:
dest: "{{ evoacme_crt_dir }}/openssl.cnf" dest: "{{ evoacme_crt_dir }}/openssl.cnf"
section: 'req' section: 'req'
option: "{{ item.name }}" option: "{{ item.name }}"

View file

@ -16,4 +16,4 @@
src: "hooks/{{ hook_name }}" src: "hooks/{{ hook_name }}"
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}" dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
mode: "0750" mode: "0750"
when: _find_hook.stdout == "" when: not _find_hook.stdout

View file

@ -10,6 +10,6 @@
- debug: - debug:
var: evocheck_run.stdout_lines var: evocheck_run.stdout_lines
when: evocheck_run.stdout != "" when: evocheck_run.stdout
tags: tags:
- evocheck-exec - evocheck-exec

View file

@ -29,7 +29,7 @@
# HP gen <10: Hewlett-Packard Company Smart Array # HP gen <10: Hewlett-Packard Company Smart Array
# HP gen >=10: Adaptec Smart Storage PQI # HP gen >=10: Adaptec Smart Storage PQI
- name: Detect if RAID is installed - name: Detect if RAID is installed
shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller" shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"'
check_mode: no check_mode: no
register: raidmodel register: raidmodel
changed_when: "'FAILED' in raidmodel.stdout" changed_when: "'FAILED' in raidmodel.stdout"

View file

@ -32,9 +32,8 @@
- postfix - postfix
- name: fetch users list - name: fetch users list
shell: getent passwd | cut -d":" -f 1 | grep -v root shell: 'getent passwd | cut -d":" -f 1 | grep -v root'
check_mode: no check_mode: no
register: non_root_users_list register: non_root_users_list
changed_when: False changed_when: False
tags: tags:

View file

@ -10,4 +10,4 @@
- name: "Content of /etc/evolinux/todo.txt" - name: "Content of /etc/evolinux/todo.txt"
debug: debug:
var: evolinux_todo.stdout_lines var: evolinux_todo.stdout_lines
when: evolinux_todo.stdout != "" when: evolinux_todo.stdout

View file

@ -22,11 +22,13 @@
var: grep_allowusers_ssh var: grep_allowusers_ssh
verbosity: 1 verbosity: 1
- assert: - name: "Check that only AllowUsers or AllowGroups is present"
assert:
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)" that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
msg: "We can't deal with AllowUsers and AllowGroups at the same time" msg: "We can't deal with AllowUsers and AllowGroups at the same time"
- set_fact: - name: "Define which protection method to use"
set_fact:
# If "AllowGroups is present" or "AllowUsers is absent and Debian 10+", # If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}" ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
# If "AllowGroups is absent" and "AllowUsers is absent or Debian <10" # If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"

View file

@ -102,7 +102,7 @@
state: present state: present
when: when:
- evolinux_internal_group is defined - evolinux_internal_group is defined
- evolinux_internal_group != "" - evolinux_internal_group
- ansible_distribution_major_version is version('9', '>=') - ansible_distribution_major_version is version('9', '>=')
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)" - name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
@ -112,7 +112,7 @@
append: yes append: yes
when: when:
- evolinux_internal_group is defined - evolinux_internal_group is defined
- evolinux_internal_group != "" - evolinux_internal_group
- ansible_distribution_major_version is version('9', '>=') - ansible_distribution_major_version is version('9', '>=')
## Optional secondary groups, defined per user ## Optional secondary groups, defined per user

View file

@ -1,9 +1,11 @@
--- ---
- set_fact: - name: "Choose if minifirewall will need to be restarted"
set_fact:
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}" minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
- assert: - name: "Check that API variables are set"
assert:
that: that:
- evomaintenance_api_endpoint is not none - evomaintenance_api_endpoint is not none
- evomaintenance_api_key is not none - evomaintenance_api_key is not none

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define the whitelist from variables"
set_fact:
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
- name: Update ignoreips lists - name: Update ignoreips lists
@ -12,4 +13,4 @@
notify: restart fail2ban notify: restart fail2ban
tags: tags:
- fail2ban - fail2ban
- ips - ips

View file

@ -15,7 +15,8 @@
tags: tags:
- fail2ban - fail2ban
- set_fact: - name: "Define ip whitelist from variables"
set_fact:
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}" fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
tags: tags:
- fail2ban - fail2ban

View file

@ -15,7 +15,7 @@
- name: Install openjdk package - name: Install openjdk package
apt: apt:
name: "openjdk-{{ java_version}}-jre-headless" name: "openjdk-{{ java_version }}-jre-headless"
default_release: "{{ java_apt_release }}" default_release: "{{ java_apt_release }}"
state: present state: present
tags: tags:

View file

@ -13,7 +13,7 @@
changed_when: False changed_when: False
check_mode: no check_mode: no
register: kvm_libvirt_images_current_real_path_test register: kvm_libvirt_images_current_real_path_test
when: kvm_custom_libvirt_images_path != '' when: kvm_custom_libvirt_images_path
- name: Images directory is moved to custom path - name: Images directory is moved to custom path
block: block:
@ -35,6 +35,6 @@
dest: '/var/lib/libvirt/images' dest: '/var/lib/libvirt/images'
state: link state: link
when: when:
- kvm_custom_libvirt_images_path != '' - kvm_custom_libvirt_images_path
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout - kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
- not kvm_custom_libvirt_images_path_test.stat.exists - not kvm_custom_libvirt_images_path_test.stat.exists

View file

@ -4,7 +4,7 @@
failed_when: False failed_when: False
changed_when: False changed_when: False
register: is_cron_installed register: is_cron_installed
- name: "log rotation script" - name: "log rotation script"
template: template:
src: rotate_logstash_logs.j2 src: rotate_logstash_logs.j2

View file

@ -28,4 +28,4 @@
- restart logstash - restart logstash
tags: tags:
- logstash - logstash
when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0 when: (logstash_custom_tmpdir and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0

View file

@ -4,7 +4,7 @@
msg: Please configure var lxc_php_version msg: Please configure var lxc_php_version
when: lxc_php_version is none when: lxc_php_version is none
- name: "Update APT cache in container {{lxc_php_version}}" - name: "Update APT cache in container {{ lxc_php_version }}"
lxc_container: lxc_container:
name: "{{ lxc_php_version }}" name: "{{ lxc_php_version }}"
container_command: "apt-get update" container_command: "apt-get update"

View file

@ -11,6 +11,6 @@
with_items: with_items:
- "{{ lxc_containers }}" - "{{ lxc_containers }}"
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}" - include: "solr.yml name={{ item.name }} solr_version={{ item.solr_version }} solr_port={{ item.solr_port }}"
with_items: with_items:
- "{{ lxc_containers }}" - "{{ lxc_containers }}"

View file

@ -1,6 +1,9 @@
--- ---
- name: Install openjdk-8-jre-headless and lsof packages - name: Install openjdk-8-jre-headless and lsof packages
command: "lxc-attach -n {{name}} -- apt-get install -y openjdk-8-jre-headless lsof" lxc_container:
name: "{{ name }}"
container_command: "apt-get install -y openjdk-8-jre-headless lsof"
state: started
- name: "Download Solr {{ solr_version }}" - name: "Download Solr {{ solr_version }}"
get_url: get_url:
@ -15,10 +18,16 @@
remote_src: yes remote_src: yes
- name: "Install Solr {{ solr_version }}" - name: "Install Solr {{ solr_version }}"
command: "lxc-attach -n {{name}} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz" lxc_container:
name: "{{ name }}"
container_command: "/root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
state: started
- name: "Stop Solr" - name: "Stop Solr"
command: "lxc-attach -n {{name}} -- /etc/init.d/solr stop" lxc_container:
name: "{{ name }}"
container_command: "/etc/init.d/solr stop"
state: started
ignore_errors: True ignore_errors: True
- name: "Make sure /home/solr exists" - name: "Make sure /home/solr exists"
@ -27,11 +36,17 @@
state: directory state: directory
mode: '0755' mode: '0755'
- name: "Move Solr data directory to /home/solr/{{name}}" - name: "Move Solr data directory to /home/solr/{{ name }}"
command: "lxc-attach -n {{name}} -- mv /var/solr /home/solr/{{name}}" lxc_container:
name: "{{ name }}"
container_command: "mv /var/solr /home/solr/{{ name }}"
state: started
- name: "Create a symbolic link to /home/solr/{{name}}" - name: "Create a symbolic link to /home/solr/{{ name }}"
command: "lxc-attach -n {{name}} -- ln -s /home/solr/{{name}} /var/solr" lxc_container:
name: "{{ name }}"
container_command: "ln -s /home/solr/{{ name }} /var/solr"
state: started
- name: "Set Solr port to {{ solr_port }}" - name: "Set Solr port to {{ solr_port }}"
lineinfile: lineinfile:
@ -39,4 +54,7 @@
line: "SOLR_PORT={{ solr_port }}" line: "SOLR_PORT={{ solr_port }}"
- name: "Start Solr" - name: "Start Solr"
command: "lxc-attach -n {{name}} -- /etc/init.d/solr start" lxc_container:
name: "{{ name }}"
container_command: "/etc/init.d/solr start"
state: started

View file

@ -1,6 +1,6 @@
galaxy_info: galaxy_info:
author: Evolix author: Evolix
description: Creation of LXC Containers description: Creation of LXC Containers
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues

View file

@ -13,7 +13,7 @@
notify: restart memcached notify: restart memcached
tags: tags:
- memcached - memcached
when: memcached_instance_name == "" when: memcached_instance_name
- name: Memcached is running and enabled on boot. - name: Memcached is running and enabled on boot.
service: service:
@ -22,7 +22,7 @@
state: started state: started
tags: tags:
- memcached - memcached
when: memcached_instance_name == "" when: memcached_instance_name
- name: Add systemd template - name: Add systemd template
copy: copy:
@ -30,7 +30,7 @@
dest: /etc/systemd/system/memcached@.service dest: /etc/systemd/system/memcached@.service
tags: tags:
- memcached - memcached
when: memcached_instance_name != "" when: memcached_instance_name
- name: Delete default memcached systemd configuration file - name: Delete default memcached systemd configuration file
systemd: systemd:
@ -39,7 +39,7 @@
state: stopped state: stopped
tags: tags:
- memcached - memcached
when: memcached_instance_name != "" when: memcached_instance_name
- name: Make sure memcached.conf is absent - name: Make sure memcached.conf is absent
file: file:
@ -47,7 +47,7 @@
state: absent state: absent
tags: tags:
- memcached - memcached
when: memcached_instance_name != "" when: memcached_instance_name
- name: Create a configuration file - name: Create a configuration file
template: template:
@ -56,7 +56,7 @@
mode: "0644" mode: "0644"
tags: tags:
- memcached - memcached
when: memcached_instance_name != "" when: memcached_instance_name
- name: Enable and start the memcached instance - name: Enable and start the memcached instance
systemd: systemd:
@ -67,7 +67,7 @@
masked: no masked: no
tags: tags:
- memcached - memcached
when: memcached_instance_name != "" when: memcached_instance_name
- include: munin.yml - include: munin.yml

View file

@ -2,7 +2,7 @@
- name: Choose packages (Oracle) - name: Choose packages (Oracle)
set_fact: set_fact:
multi: "multi_" multi: "multi_"
when: memcached_instance_name !="" when: memcached_instance_name
- name: is Munin present ? - name: is Munin present ?
stat: stat:

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define the mysql config directory"
set_fact:
mysql_config_directory: "/etc/mysql/mysql.conf.d" mysql_config_directory: "/etc/mysql/mysql.conf.d"
- name: "Copy MySQL defaults config file" - name: "Copy MySQL defaults config file"

View file

@ -14,7 +14,7 @@
register: mysql_current_real_datadir_test register: mysql_current_real_datadir_test
tags: tags:
- mysql - mysql
when: mysql_custom_datadir != '' when: mysql_custom_datadir
- block: - block:
- name: MySQL is stopped - name: MySQL is stopped
@ -40,6 +40,6 @@
tags: tags:
- mysql - mysql
when: when:
- mysql_custom_datadir != '' - mysql_custom_datadir
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
- not mysql_custom_datadir_test.stat.exists - not mysql_custom_datadir_test.stat.exists

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: 'Define which handler will be called to "restart" mysql'
set_fact:
mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}" mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
- include: packages.yml - include: packages.yml

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define which configuration package will be installed"
set_fact:
mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
- name: Set default MySQL version to 5.7 - name: Set default MySQL version to 5.7

View file

@ -20,4 +20,4 @@
notify: "{{ mysql_restart_handler_name }}" notify: "{{ mysql_restart_handler_name }}"
tags: tags:
- mysql - mysql
when: mysql_custom_tmpdir != '' when: mysql_custom_tmpdir

View file

@ -1,6 +1,6 @@
galaxy_info: galaxy_info:
author: Evolix author: Evolix
description: your description description: Install and configure mysql
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define the config directory of mysql"
set_fact:
mysql_config_directory: /etc/mysql/conf.d mysql_config_directory: /etc/mysql/conf.d
- name: "Copy MySQL defaults config file (jessie)" - name: "Copy MySQL defaults config file (jessie)"

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define the config directory of mysql"
set_fact:
mysql_config_directory: /etc/mysql/mariadb.conf.d mysql_config_directory: /etc/mysql/mariadb.conf.d
- name: "Copy MySQL defaults config file (Debian 9 or later)" - name: "Copy MySQL defaults config file (Debian 9 or later)"

View file

@ -14,7 +14,7 @@
register: mysql_current_real_datadir_test register: mysql_current_real_datadir_test
tags: tags:
- mysql - mysql
when: mysql_custom_datadir != '' when: mysql_custom_datadir
- block: - block:
- name: MySQL is stopped - name: MySQL is stopped
@ -40,6 +40,6 @@
tags: tags:
- mysql - mysql
when: when:
- mysql_custom_datadir != '' - mysql_custom_datadir
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout - mysql_custom_datadir != mysql_current_real_datadir_test.stdout
- not mysql_custom_datadir_test.stat.exists - not mysql_custom_datadir_test.stat.exists

View file

@ -14,7 +14,7 @@
register: mysql_current_real_logdir_test register: mysql_current_real_logdir_test
tags: tags:
- mysql - mysql
when: mysql_custom_logdir != '' when: mysql_custom_logdir
- block: - block:
- name: MySQL is stopped - name: MySQL is stopped
@ -40,6 +40,6 @@
tags: tags:
- mysql - mysql
when: when:
- mysql_custom_logdir != '' - mysql_custom_logdir
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout - mysql_custom_logdir != mysql_current_real_logdir_test.stdout
- not mysql_custom_logdir_test.stat.exists - not mysql_custom_logdir_test.stat.exists

View file

@ -20,4 +20,4 @@
notify: "{{ mysql_restart_handler_name }}" notify: "{{ mysql_restart_handler_name }}"
tags: tags:
- mysql - mysql
when: mysql_custom_tmpdir != '' when: mysql_custom_tmpdir

View file

@ -41,7 +41,7 @@
when: ansible_distribution_major_version is version('10', '>=') when: ansible_distribution_major_version is version('10', '>=')
- name: Read debian-sys-maint password - name: Read debian-sys-maint password
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3' shell: 'grep -m1 "password = .*" /etc/mysql/debian.cnf | cut -d" " -f3'
register: mysql_debian_password register: mysql_debian_password
changed_when: False changed_when: False
check_mode: no check_mode: no

View file

@ -2,11 +2,13 @@
- name: "Parse addresses" - name: "Parse addresses"
shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2" shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
changed_when: false
register: network_address_grep register: network_address_grep
check_mode: no check_mode: no
- name: "Parse gateways" - name: "Parse gateways"
shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2" shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
changed_when: false
register: network_gateway_grep register: network_gateway_grep
check_mode: no check_mode: no

View file

@ -6,7 +6,7 @@
question: "newrelic-php5/application-name" question: "newrelic-php5/application-name"
value: "{{ newrelic_appname }}" value: "{{ newrelic_appname }}"
vtype: string vtype: string
when: newrelic_appname != "" when: newrelic_appname
- name: Pre-seed package configuration with license - name: Pre-seed package configuration with license
debconf: debconf:
@ -14,7 +14,7 @@
question: "newrelic-php5/license-key" question: "newrelic-php5/license-key"
value: "{{ newrelic_license }}" value: "{{ newrelic_license }}"
vtype: "string" vtype: "string"
when: newrelic_license != "" when: newrelic_license
- name: list newrelic config files - name: list newrelic config files
shell: "find /etc/php* -type f -name newrelic.ini" shell: "find /etc/php* -type f -name newrelic.ini"

View file

@ -9,5 +9,5 @@
dest: /etc/newrelic/nrsysmond.cfg dest: /etc/newrelic/nrsysmond.cfg
regexp: "license_key=REPLACE_WITH_REAL_KEY" regexp: "license_key=REPLACE_WITH_REAL_KEY"
replace: "license_key={{ newrelic_license }}" replace: "license_key={{ newrelic_license }}"
when: newrelic_license != "" when: newrelic_license
notify: restart newrelic-sysmond notify: restart newrelic-sysmond

View file

@ -10,7 +10,7 @@
tags: tags:
- nginx - nginx
- packages - packages
- name: Ensure nginx service is running as configured. - name: Ensure nginx service is running as configured.
service: service:
name: nginx name: nginx

View file

@ -14,7 +14,7 @@
# The last character "\u000A" is a line feed (LF), it's better to keep it # The last character "\u000A" is a line feed (LF), it's better to keep it
content: "{{ nginx_serverstatus_suffix }}\u000A" content: "{{ nginx_serverstatus_suffix }}\u000A"
force: yes force: yes
when: nginx_serverstatus_suffix != "" when: nginx_serverstatus_suffix
- name: generate random string for server-status suffix - name: generate random string for server-status suffix
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}" shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"

View file

@ -1,6 +1,7 @@
--- ---
- fail: - name: Check for compatibility
fail:
msg: only compatible with Debian >= 8 msg: only compatible with Debian >= 8
when: when:
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')

View file

@ -48,7 +48,7 @@
# The last character "\u000A" is a line feed (LF), it's better to keep it # The last character "\u000A" is a line feed (LF), it's better to keep it
content: "{{ packweb_phpmyadmin_suffix }}\u000A" content: "{{ packweb_phpmyadmin_suffix }}\u000A"
force: yes force: yes
when: packweb_phpmyadmin_suffix != "" when: packweb_phpmyadmin_suffix
- name: generate random string for phpmyadmin suffix - name: generate random string for phpmyadmin suffix
shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}" shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"

View file

@ -1,6 +1,7 @@
--- ---
- fail: - name: Check for compatibility
fail:
msg: only compatible with Debian >= 8 msg: only compatible with Debian >= 8
when: when:
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')

View file

@ -14,8 +14,8 @@ galaxy_info:
- jessie - jessie
dependencies: dependencies:
- { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail == True } - { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail }
- { role: evolix/spamassasin, when: postfix_packmail == True } - { role: evolix/spamassasin, when: postfix_packmail }
- { role: evolix/clamav, when: postfix_packmail == True } - { role: evolix/clamav, when: postfix_packmail }
- { role: evolix/opendkim, when: postfix_packmail == True } - { role: evolix/opendkim, when: postfix_packmail }
- { role: evolix/dovecot, when: postfix_packmail == True } - { role: evolix/dovecot, when: postfix_packmail }

View file

@ -3,10 +3,10 @@
- include: common.yml - include: common.yml
- include: minimal.yml - include: minimal.yml
when: postfix_packmail == False when: not postfix_packmail
- include: packmail.yml - include: packmail.yml
when: postfix_packmail == True when: postfix_packmail
- include: slow_transport.yml - include: slow_transport.yml
when: postfix_slow_transport_include when: postfix_slow_transport_include

View file

@ -10,13 +10,13 @@
- name: Allow conf.d/*.conf files to be included in PostgreSQL configuration - name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
lineinfile: lineinfile:
name: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf" name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
line: include_dir = 'conf.d' line: include_dir = 'conf.d'
notify: restart postgresql notify: restart postgresql
- name: Create conf.d directory - name: Create conf.d directory
file: file:
name: "/etc/postgresql/{{postgresql_version}}/main/conf.d/" name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/"
state: directory state: directory
owner: postgres owner: postgres
group: postgres group: postgres
@ -25,7 +25,7 @@
- name: Copy PostgreSQL config file - name: Copy PostgreSQL config file
template: template:
src: postgresql.conf.j2 src: postgresql.conf.j2
dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/zz-evolinux.conf" dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf"
owner: postgres owner: postgres
group: postgres group: postgres
mode: "0644" mode: "0644"

View file

@ -12,8 +12,8 @@
- name: Add Munin plugins for PostgreSQL - name: Add Munin plugins for PostgreSQL
file: file:
state: link state: link
src: '/usr/share/munin/plugins/{{item}}' src: '/usr/share/munin/plugins/{{ item }}'
dest: '/etc/munin/plugins/{{item}}' dest: '/etc/munin/plugins/{{ item }}'
with_items: with_items:
- postgres_bgwriter - postgres_bgwriter
- postgres_checkpoints - postgres_checkpoints
@ -26,10 +26,10 @@
- name: Add Munin plugins for PostgreSQL (for specific databases) - name: Add Munin plugins for PostgreSQL (for specific databases)
file: file:
state: link state: link
src: '/usr/share/munin/plugins/{{item[0]}}' src: '/usr/share/munin/plugins/{{ item[0] }}'
dest: '/etc/munin/plugins/{{item[0]}}{{item[1]}}' dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}'
with_nested: with_nested:
- ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_'] - ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_']
- '{{postgresql_databases}}' - '{{ postgresql_databases }}'
notify: restart munin-node notify: restart munin-node
when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists

View file

@ -35,7 +35,7 @@
lineinfile: lineinfile:
name: /etc/nagios/nrpe.d/evolix.cfg name: /etc/nagios/nrpe.d/evolix.cfg
regexp: '^command\[check_pgsql\]=' regexp: '^command\[check_pgsql\]='
line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"' line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
notify: restart nagios-nrpe-server notify: restart nagios-nrpe-server
when: postgresql_create_nrpe_user.changed when: postgresql_create_nrpe_user.changed
when: nrpe_evolix_config.stat.exists when: nrpe_evolix_config.stat.exists

View file

@ -10,8 +10,8 @@
- name: Install postgresql package - name: Install postgresql package
apt: apt:
name: '{{item}}' name: '{{ item }}'
with_items: with_items:
- "postgresql-{{postgresql_version}}" - "postgresql-{{ postgresql_version }}"
- ptop - ptop
- libdbd-pg-perl - libdbd-pg-perl

View file

@ -10,7 +10,7 @@
- name: Add PGDG repository - name: Add PGDG repository
apt_repository: apt_repository:
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main" repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
update_cache: yes update_cache: yes
- name: Add GPG key for PGDG repository - name: Add GPG key for PGDG repository

View file

@ -1,5 +1,5 @@
--- ---
- name: Install PostGIS extention - name: Install PostGIS extention
apt: apt:
name: name:
- postgis - postgis

View file

@ -39,7 +39,7 @@
- name: Enable redis munin plugin - name: Enable redis munin plugin
file: file:
src: /usr/local/share/munin/plugins/redis_ src: /usr/local/share/munin/plugins/redis_
dest: "/etc/munin/plugins/redis_{{item}}" dest: "/etc/munin/plugins/redis_{{ item }}"
state: link state: link
with_items: with_items:
- connected_clients - connected_clients
@ -67,7 +67,7 @@
value: '{{ redis_password }}' value: '{{ redis_password }}'
notify: restart munin-node notify: restart munin-node
when: when:
- redis_password != '' - redis_password
- redis_password != None - redis_password != None
- (munin_redis_blocs_in_config.stdout | int) <= 1 - (munin_redis_blocs_in_config.stdout | int) <= 1
tags: redis tags: redis
@ -77,6 +77,6 @@
debug: debug:
msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed" msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
when: when:
- redis_password != '' - redis_password
- redis_password != None - redis_password != None
- (munin_redis_blocs_in_config.stdout | int) > 1 - (munin_redis_blocs_in_config.stdout | int) > 1

View file

@ -39,7 +39,7 @@
- name: Enable redis munin plugin - name: Enable redis munin plugin
file: file:
src: /usr/local/share/munin/plugins/redis_ src: /usr/local/share/munin/plugins/redis_
dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}" dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ item }}"
state: link state: link
with_items: with_items:
- connected_clients - connected_clients

View file

@ -1,6 +1,7 @@
--- ---
- set_fact: - name: "Define if redis needs to restart or not"
set_fact:
redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}" redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
- name: Redis is installed. - name: Redis is installed.
@ -30,7 +31,8 @@
tags: tags:
- redis - redis
- set_fact: - name: "Define which version of redis is installed"
set_fact:
redis_installed_version: "{{ _redis_installed_version.stdout }}" redis_installed_version: "{{ _redis_installed_version.stdout }}"
check_mode: no check_mode: no
tags: tags:

View file

@ -1,3 +1,19 @@
--- ---
galaxy_info:
author: Evolix
description: Install redmine on a Debian install
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
license: GPLv2
min_ansible_version: 2.2
platforms:
- name: Debian
version:
- jessie
- stretch
dependencies: dependencies:
- { role: evolix/nginx } - { role: evolix/nginx }

View file

@ -13,7 +13,7 @@
register: redmine_generate_mysql_password register: redmine_generate_mysql_password
check_mode: no check_mode: no
changed_when: False changed_when: False
when: redmine_get_mysql_password.stdout == "" when: not redmine_get_mysql_password.stdout
tags: tags:
- redmine - redmine

View file

@ -22,6 +22,7 @@
state: stopped state: stopped
user: yes user: yes
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
tags: tags:
- redmine - redmine
@ -79,6 +80,7 @@
chdir: "/home/{{ redmine_user }}/www" chdir: "/home/{{ redmine_user }}/www"
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb" creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
tags: tags:
- redmine - redmine
@ -88,6 +90,7 @@
args: args:
chdir: "/home/{{ redmine_user }}/www/" chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
tags: tags:
- redmine - redmine
@ -97,6 +100,7 @@
args: args:
chdir: "/home/{{ redmine_user }}/www/" chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
when: redmine_mysql_create.changed when: redmine_mysql_create.changed
tags: tags:
@ -107,6 +111,7 @@
args: args:
chdir: "/home/{{ redmine_user }}/www/" chdir: "/home/{{ redmine_user }}/www/"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
tags: tags:
- redmine - redmine
@ -118,6 +123,7 @@
state: started state: started
user: yes user: yes
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
environment: "{{ user_env }}" environment: "{{ user_env }}"
tags: tags:
- redmine - redmine

View file

@ -57,6 +57,7 @@
version: "{{ item.tree | default('master') }}" version: "{{ item.tree | default('master') }}"
umask: "027" umask: "027"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
when: item.git is defined when: item.git is defined
with_items: "{{ redmine_plugins }}" with_items: "{{ redmine_plugins }}"
tags: tags:
@ -82,6 +83,7 @@
version: "{{ item.tree | default('master') }}" version: "{{ item.tree | default('master') }}"
umask: "027" umask: "027"
become_user: "{{ redmine_user }}" become_user: "{{ redmine_user }}"
become: yes
when: item.git is defined when: item.git is defined
with_items: "{{ redmine_themes }}" with_items: "{{ redmine_themes }}"
tags: tags:

View file

@ -60,7 +60,7 @@
failed_when: False failed_when: False
changed_when: False changed_when: False
register: is_cron_installed register: is_cron_installed
- name: enable sa-update.sh cron - name: enable sa-update.sh cron
lineinfile: lineinfile:
dest: /etc/cron.d/sa-update dest: /etc/cron.d/sa-update

View file

@ -1,6 +1,7 @@
--- ---
- fail: - name: Check for role compatibility
fail:
msg: only compatible with Debian >= 8 msg: only compatible with Debian >= 8
when: when:
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<') - ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
@ -79,7 +80,7 @@
content: | content: |
# Put customized values here. # Put customized values here.
force: no force: no
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
- name: "evolinux http_access for local proxy (Debian 9 or later)" - name: "evolinux http_access for local proxy (Debian 9 or later)"
copy: copy:
@ -95,7 +96,7 @@
content: | content: |
# Put customized values here. # Put customized values here.
force: no force: no
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
- name: "evolinux overrides for local proxy (Debian 9 or later)" - name: "evolinux overrides for local proxy (Debian 9 or later)"
template: template:
@ -111,7 +112,7 @@
content: | content: |
# Put customized values here. # Put customized values here.
force: no force: no
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=') when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
- name: add some URL in whitelist (Debian 8) - name: add some URL in whitelist (Debian 8)
lineinfile: lineinfile:

View file

@ -6,7 +6,7 @@
failed_when: False failed_when: False
check_mode: no check_mode: no
register: _squid_systemd_active register: _squid_systemd_active
- name: Squid systemd overrides directory exists - name: Squid systemd overrides directory exists
file: file:
dest: /etc/systemd/system/squid.service.d/ dest: /etc/systemd/system/squid.service.d/

View file

@ -64,8 +64,8 @@
- name: Patch logrotate conf - name: Patch logrotate conf
replace: replace:
name: /etc/logrotate.d/varnish name: /etc/logrotate.d/varnish
regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{item}}.*)' regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)'
replace: '\1systemctl -q is-active {{item}} && \2' replace: '\1systemctl -q is-active {{ item }} && \2'
with_items: with_items:
- varnishlog - varnishlog
- varnishncsa - varnishncsa

View file

@ -33,7 +33,7 @@
- name: Enable varnish4 munin plugin - name: Enable varnish4 munin plugin
file: file:
src: /usr/local/share/munin/plugins/varnish4_ src: /usr/local/share/munin/plugins/varnish4_
dest: "/etc/munin/plugins/varnish4_{{item}}" dest: "/etc/munin/plugins/varnish4_{{ item }}"
state: link state: link
with_items: with_items:
- backend_traffic - backend_traffic

View file

@ -15,7 +15,7 @@
tags: tags:
- evoadmin-mail - evoadmin-mail
- name: Active evoadminmail VHost - name: Active evoadminmail VHost
file: file:
src: "/etc/nginx/sites-available/evoadminmail.conf" src: "/etc/nginx/sites-available/evoadminmail.conf"
dest: "/etc/nginx/sites-enabled/evoadminmail.conf" dest: "/etc/nginx/sites-enabled/evoadminmail.conf"

View file

@ -116,7 +116,7 @@
src: "/etc/nginx/sites-available/roundcube.conf" src: "/etc/nginx/sites-available/roundcube.conf"
dest: "/etc/nginx/sites-enabled/roundcube.conf" dest: "/etc/nginx/sites-enabled/roundcube.conf"
state: link state: link
when: roundcube_webserver == "nginx" when: roundcube_webserver == "nginx"
notify: reload nginx notify: reload nginx
- name: enable roundcube link in default site index - name: enable roundcube link in default site index

View file

@ -12,7 +12,7 @@
mode: "0750" mode: "0750"
- name: Download Wordpress - name: Download Wordpress
shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}' command: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
args: args:
creates: "{{ ansible_env.HOME }}/www/index.php" creates: "{{ ansible_env.HOME }}/www/index.php"
@ -42,12 +42,12 @@
delegate_to: localhost delegate_to: localhost
- name: Configure Wordpress (wp-config.php) - name: Configure Wordpress (wp-config.php)
shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}' command: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
args: args:
creates: "{{ ansible_env.HOME }}/www/wp-config.php" creates: "{{ ansible_env.HOME }}/www/wp-config.php"
- name: Configure site - name: Configure site
shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' command: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
changed_when: false changed_when: false
- name: Check if Wordpress is up to date - name: Check if Wordpress is up to date
@ -58,7 +58,7 @@
changed_when: check_version.rc changed_when: check_version.rc
- name: Update Wordpress - name: Update Wordpress
shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}' command: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
args: args:
removes: "{{ ansible_env.HOME }}/www/index.php" removes: "{{ ansible_env.HOME }}/www/index.php"
when: check_version.rc when: check_version.rc