Compare commits
16 commits
stable
...
mattermost
Author | SHA1 | Date | |
---|---|---|---|
03fa6ab871 | |||
90a578feaa | |||
464c49754d | |||
59fdc7ea00 | |||
Ludovic Poujol | c524ffb472 | ||
a7570a49a3 | |||
0589271110 | |||
1474f06927 | |||
114d857e89 | |||
aa13676cc4 | |||
f05a6aa25c | |||
56fbe99164 | |||
229d2f366e | |||
b7e24fc3ea | |||
de953a30db | |||
Jérémy Lecour | aea1404a21 |
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -13,8 +13,17 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* bind: New variables to change IPs bind will listen on & send notify/transfer commands
|
||||||
|
* evolinux-base: install evobackup-client (default: true)
|
||||||
|
* munin: add linux_psi contrib plugin
|
||||||
|
* evolinux-base: Create custom SSH configuration file
|
||||||
|
* lxc: new lxc_template_mirror option (useful to get old Debian from archive.debian.org)
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* log2mail: task log2mail.yml of evolinux-base converted to a role
|
||||||
|
* lxc-solr: update solr9 version + fix URL in README
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
@ -29,6 +38,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* certbot: allow haproxy deploy hook to work with evoacme too (using env variables)
|
||||||
* evobackup-client: upstream release 24.05.1
|
* evobackup-client: upstream release 24.05.1
|
||||||
* evolinux-base: improve adding the current user to SSH AllowGroups of AllowUsers
|
* evolinux-base: improve adding the current user to SSH AllowGroups of AllowUsers
|
||||||
* evolinux-users: improve SSH configuration
|
* evolinux-users: improve SSH configuration
|
||||||
|
@ -38,6 +48,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* apt: use archive.debian.org with Buster
|
* apt: use archive.debian.org with Buster
|
||||||
|
* fail2ban: remount-usr added because it is needed for last task
|
||||||
|
|
||||||
## [24.04] 2024-04-30
|
## [24.04] 2024-04-30
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,26 @@
|
||||||
---
|
---
|
||||||
bind_recursive_server: False
|
bind_recursive_server: false
|
||||||
bind_authoritative_server: True
|
bind_authoritative_server: true
|
||||||
bind_chroot_set: True
|
bind_chroot_set: true
|
||||||
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
|
||||||
#bind_chroot_path: /var/chroot-bind
|
|
||||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
||||||
|
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: /var/run/named.stats
|
||||||
bind_log_file: /var/log/bind.log
|
bind_log_file: /var/log/bind.log
|
||||||
bind_query_file: /var/log/bind_queries.log
|
bind_query_file: /var/log/bind_queries.log
|
||||||
bind_query_file_enabled: False
|
bind_query_file_enabled: false
|
||||||
bind_cache_dir: /var/cache/bind
|
bind_cache_dir: /var/cache/bind
|
||||||
|
|
||||||
|
# String (bind syntax) of IPv4/ to listen on (or any by default)
|
||||||
|
# eg. "192.0.2.1; 192.0.2.3" or all interfaces : "any ;"
|
||||||
|
bind_listen_on_ipv4: "any;"
|
||||||
|
|
||||||
|
# String (bind syntax) of IPv6 to listen on (or any by default)
|
||||||
|
# eg. "2001:db8::1; 2001:db8::42" or all interfaces : "any ;" or not at all "none;"
|
||||||
|
bind_listen_on_ipv6: "any;"
|
||||||
|
|
||||||
|
# For server with multiples IP Adresses, enforce the usage of a specific IP for NOTIFY commands
|
||||||
|
bind_notify_source: ''
|
||||||
|
|
||||||
|
# For server with multiples IP Adresses, enforce the usage of a specific IP for TRANSFER commands
|
||||||
|
bind_transfer_source: ''
|
||||||
|
|
|
@ -10,8 +10,15 @@ options {
|
||||||
masterfile-format text;
|
masterfile-format text;
|
||||||
statistics-file "{{ bind_statistics_file }}";
|
statistics-file "{{ bind_statistics_file }}";
|
||||||
|
|
||||||
listen-on-v6 { any; };
|
listen-on { {{ bind_listen_on_ipv4 }} };
|
||||||
listen-on { any; };
|
listen-on-v6 { {{ bind_listen_on_ipv6 }} };
|
||||||
|
|
||||||
|
{% if bind_notify_source is defined and bind_notify_source|length %}
|
||||||
|
notify-source {{ bind_notify_source }};
|
||||||
|
{% endif %}
|
||||||
|
{% if bind_transfer_source is defined and bind_transfer_source|length %}
|
||||||
|
transfer-source {{ bind_transfer_source }};
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
allow-query { localhost; };
|
allow-query { localhost; };
|
||||||
allow-recursion { localhost; };
|
allow-recursion { localhost; };
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
# /!\ MODIFIED to work with evoacme OR certbot
|
||||||
|
private_keys_dirs="/etc/ssl/private" # Only used for evoacme
|
||||||
|
|
||||||
error() {
|
error() {
|
||||||
>&2 echo "${PROGNAME}: $1"
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
@ -13,7 +15,7 @@ daemon_found_and_running() {
|
||||||
test -n "$(pidof haproxy)" && test -n "${haproxy_bin}"
|
test -n "$(pidof haproxy)" && test -n "${haproxy_bin}"
|
||||||
}
|
}
|
||||||
found_renewed_lineage() {
|
found_renewed_lineage() {
|
||||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${private_key}"
|
||||||
}
|
}
|
||||||
config_check() {
|
config_check() {
|
||||||
${haproxy_bin} -c -f "${haproxy_config_file}" > /dev/null 2>&1
|
${haproxy_bin} -c -f "${haproxy_config_file}" > /dev/null 2>&1
|
||||||
|
@ -24,7 +26,7 @@ concat_files() {
|
||||||
chown root: "${haproxy_cert_dir}"
|
chown root: "${haproxy_cert_dir}"
|
||||||
|
|
||||||
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
||||||
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
|
cat "${RENEWED_LINEAGE}/fullchain.pem" "${private_key}" > "${haproxy_cert_file}"
|
||||||
chmod 600 "${haproxy_cert_file}"
|
chmod 600 "${haproxy_cert_file}"
|
||||||
chown root: "${haproxy_cert_file}"
|
chown root: "${haproxy_cert_file}"
|
||||||
}
|
}
|
||||||
|
@ -58,10 +60,19 @@ main() {
|
||||||
if daemon_found_and_running; then
|
if daemon_found_and_running; then
|
||||||
readonly haproxy_config_file="/etc/haproxy/haproxy.cfg"
|
readonly haproxy_config_file="/etc/haproxy/haproxy.cfg"
|
||||||
readonly haproxy_cert_dir=$(detect_haproxy_cert_dir)
|
readonly haproxy_cert_dir=$(detect_haproxy_cert_dir)
|
||||||
|
if [ -z "${EVOACME_VHOST_NAME}" ]; then
|
||||||
|
# CERTBOT
|
||||||
|
private_key=${RENEWED_LINEAGE}/privkey.pem
|
||||||
|
cert_name=$(basename "${RENEWED_LINEAGE}")
|
||||||
|
else
|
||||||
|
# EVOACME
|
||||||
|
private_key=${private_keys_dirs}/$(basename $(dirname ${RENEWED_LINEAGE})).key
|
||||||
|
cert_name=$(basename $(dirname "${RENEWED_LINEAGE}"))
|
||||||
|
fi
|
||||||
|
|
||||||
if found_renewed_lineage; then
|
if found_renewed_lineage; then
|
||||||
haproxy_cert_file="${haproxy_cert_dir}/$(basename "${RENEWED_LINEAGE}").pem"
|
haproxy_cert_file="${haproxy_cert_dir}/${cert_name}.pem"
|
||||||
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
|
failed_cert_file="/root/${cert_name}.failed.pem"
|
||||||
|
|
||||||
concat_files
|
concat_files
|
||||||
|
|
||||||
|
@ -77,7 +88,8 @@ main() {
|
||||||
error "HAProxy config is broken, you must fix it !"
|
error "HAProxy config is broken, you must fix it !"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
|
|
||||||
|
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or "${private_key}""
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
debug "HAProxy is not running or missing. Skip."
|
debug "HAProxy is not running or missing. Skip."
|
||||||
|
@ -91,3 +103,4 @@ readonly QUIET=${QUIET:-"0"}
|
||||||
readonly haproxy_bin=$(command -v haproxy)
|
readonly haproxy_bin=$(command -v haproxy)
|
||||||
|
|
||||||
main
|
main
|
||||||
|
|
||||||
|
|
|
@ -243,3 +243,6 @@ evolinux_utils_include: True
|
||||||
|
|
||||||
# Autosysadmin
|
# Autosysadmin
|
||||||
evolinux_autosysadmin_include: false
|
evolinux_autosysadmin_include: false
|
||||||
|
|
||||||
|
# Evobackup client
|
||||||
|
evolinux_evobackup_client_include: True
|
||||||
|
|
|
@ -74,11 +74,6 @@
|
||||||
name: postfix
|
name: postfix
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
- name: restart log2mail
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: log2mail
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
- name: restart systemd-journald
|
- name: restart systemd-journald
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: systemd-journald.service
|
name: systemd-journald.service
|
||||||
|
|
|
@ -116,7 +116,8 @@
|
||||||
when: evolinux_provider_orange_fce_include | bool
|
when: evolinux_provider_orange_fce_include | bool
|
||||||
|
|
||||||
- name: Override Log2mail service
|
- name: Override Log2mail service
|
||||||
ansible.builtin.import_tasks: log2mail.yml
|
ansible.builtin.include_role:
|
||||||
|
name: evolix/log2mail
|
||||||
when: evolinux_log2mail_include | bool
|
when: evolinux_log2mail_include | bool
|
||||||
|
|
||||||
- ansible.builtin.import_tasks: motd.yml
|
- ansible.builtin.import_tasks: motd.yml
|
||||||
|
@ -158,6 +159,11 @@
|
||||||
name: 'evolix/autosysadmin-restart_nrpe'
|
name: 'evolix/autosysadmin-restart_nrpe'
|
||||||
when: evolinux_autosysadmin_include | bool
|
when: evolinux_autosysadmin_include | bool
|
||||||
|
|
||||||
|
- name: Evobackup (client)
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: 'evolix/evobackup-client'
|
||||||
|
when: evolinux_evobackup_client_include | bool
|
||||||
|
|
||||||
- name: fail2ban
|
- name: fail2ban
|
||||||
ansible.builtin.include_role:
|
ansible.builtin.include_role:
|
||||||
name: evolix/fail2ban
|
name: evolix/fail2ban
|
||||||
|
|
|
@ -16,6 +16,14 @@
|
||||||
dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
|
dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: create custom SSH server configuration file
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/ssh/sshd_config.d/zzz-evolinux-custom.conf
|
||||||
|
state: touch
|
||||||
|
mode: "0644"
|
||||||
|
modification_time: preserve
|
||||||
|
access_time: preserve
|
||||||
|
|
||||||
# Should we allow the current user?
|
# Should we allow the current user?
|
||||||
- name: Allow the current user
|
- name: Allow the current user
|
||||||
block:
|
block:
|
||||||
|
|
|
@ -112,6 +112,9 @@
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: evolix/remount-usr
|
||||||
|
|
||||||
- name: Script unban_ip is installed
|
- name: Script unban_ip is installed
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
src: unban_ip.sh
|
src: unban_ip.sh
|
||||||
|
|
3
log2mail/defaults/main.yml
Normal file
3
log2mail/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
log2mail_alert_email: Null
|
||||||
|
general_alert_email: "root@localhost"
|
5
log2mail/handlers/main.yml
Normal file
5
log2mail/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: restart log2mail
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: log2mail
|
||||||
|
state: restarted
|
|
@ -23,18 +23,14 @@
|
||||||
marker: "# {mark} ANSIBLE MANAGED RULES FOR DEFAULT INSTANCE"
|
marker: "# {mark} ANSIBLE MANAGED RULES FOR DEFAULT INSTANCE"
|
||||||
state: absent
|
state: absent
|
||||||
notify: restart log2mail
|
notify: restart log2mail
|
||||||
tags:
|
|
||||||
- log2mail
|
|
||||||
|
|
||||||
- name: log2mail evolinux-defaults config is present
|
- name: log2mail evolinux-defaults config is present
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: log2mail/evolinux-defaults.j2
|
src: evolinux-defaults.j2
|
||||||
dest: /etc/log2mail/config/evolinux-defaults
|
dest: /etc/log2mail/config/evolinux-defaults
|
||||||
owner: log2mail
|
owner: log2mail
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart log2mail
|
notify: restart log2mail
|
||||||
tags:
|
|
||||||
- log2mail
|
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php5-sqlite php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php5-sqlite php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -5,18 +5,18 @@
|
||||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||||
|
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
|
@ -51,17 +51,17 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -4,18 +4,18 @@
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||||
ansible.builtin.replace:
|
ansible.builtin.replace:
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||||
regexp: 'bullseye/updates'
|
regexp: 'bullseye/updates'
|
||||||
replace: 'bullseye-security'
|
replace: 'bullseye-security'
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
|
@ -50,17 +50,17 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -4,24 +4,24 @@
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
|
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - system bookworm repository"
|
- name: "{{ lxc_php_container_name }} - system bookworm repository"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: bookworm_basics.sources.j2
|
src: bookworm_basics.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
||||||
force: true
|
force: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - security bookworm repository"
|
- name: "{{ lxc_php_container_name }} - security bookworm repository"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: bookworm_security.sources.j2
|
src: bookworm_security.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
||||||
|
@ -44,17 +44,17 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -4,38 +4,38 @@
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
|
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - system bookworm repository"
|
- name: "{{ lxc_php_container_name }} - system bookworm repository"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: bookworm_basics.sources.j2
|
src: bookworm_basics.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
||||||
force: true
|
force: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - security bookworm repository"
|
- name: "{{ lxc_php_container_name }} - security bookworm repository"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: bookworm_security.sources.j2
|
src: bookworm_security.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
||||||
force: true
|
force: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: sury.sources.j2
|
src: sury.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.sources"
|
||||||
force: true
|
force: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Add sury failsafe repo"
|
- name: "{{ lxc_php_container_name }} - Add sury failsafe repo"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: evolix_sury.sources.j2
|
src: evolix_sury.sources.j2
|
||||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/evolix_sury.sources"
|
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/evolix_sury.sources"
|
||||||
|
@ -66,17 +66,17 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_container_name }}"
|
||||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||||
|
|
||||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: z-evolinux-defaults.ini.j2
|
src: z-evolinux-defaults.ini.j2
|
||||||
dest: "{{ line_item }}"
|
dest: "{{ line_item }}"
|
||||||
|
|
|
@ -15,7 +15,7 @@ Since this role depend on the lxc role, please refer to it for a full variable l
|
||||||
* `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
|
* `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
|
||||||
* `name`: name of the LXC container to create.
|
* `name`: name of the LXC container to create.
|
||||||
* `release`: Debian version to install
|
* `release`: Debian version to install
|
||||||
* `solr_version`: Solr version to install *(refer to https://archive.apache.org/dist/lucene/solr/ for a full version list)*
|
* `solr_version`: Solr version to install *(refer to https://archive.apache.org/dist/solr/solr/ for a full version list)*
|
||||||
* `solr_port`: port for Solr to listen on
|
* `solr_port`: port for Solr to listen on
|
||||||
Eg.:
|
Eg.:
|
||||||
```
|
```
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
# solr_port: 8985
|
# solr_port: 8985
|
||||||
# - name: solr9
|
# - name: solr9
|
||||||
# release: bullseye
|
# release: bullseye
|
||||||
# solr_version: 9.0.0
|
# solr_version: 9.6.1
|
||||||
# solr_port: 8985
|
# solr_port: 8985
|
||||||
lxc_containers: []
|
lxc_containers: []
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,10 @@ lxc_network_type: "none"
|
||||||
# Partition to bind mount into containers.
|
# Partition to bind mount into containers.
|
||||||
lxc_mount_part: "/home"
|
lxc_mount_part: "/home"
|
||||||
|
|
||||||
|
# Mirror URL (optionnal).
|
||||||
|
# For old Debian, use https://archive.debian.org/debian/
|
||||||
|
lxc_template_mirror: ""
|
||||||
|
|
||||||
# List of LXC containers to create.
|
# List of LXC containers to create.
|
||||||
# Eg.:
|
# Eg.:
|
||||||
# lxc_containers:
|
# lxc_containers:
|
||||||
|
|
|
@ -6,13 +6,16 @@
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: container_exists
|
register: container_exists
|
||||||
|
|
||||||
|
- ansible.builtin.set_fact:
|
||||||
|
lxc_template_mirror_option: "{{ '--mirror ' + lxc_template_mirror if lxc_template_mirror != '' else '' }}"
|
||||||
|
|
||||||
- name: "Create container {{ name }}"
|
- name: "Create container {{ name }}"
|
||||||
community.general.lxc_container:
|
community.general.lxc_container:
|
||||||
name: "{{ name }}"
|
name: "{{ name }}"
|
||||||
container_log: true
|
container_log: true
|
||||||
template: debian
|
template: debian
|
||||||
state: stopped
|
state: stopped
|
||||||
template_options: "--arch amd64 --release {{ release }}"
|
template_options: "--arch amd64 --release {{ release }} {{ lxc_template_mirror_option }}"
|
||||||
when: container_exists.stdout_lines | length == 0
|
when: container_exists.stdout_lines | length == 0
|
||||||
|
|
||||||
- name: "Disable network configuration inside container {{ name }}"
|
- name: "Disable network configuration inside container {{ name }}"
|
||||||
|
|
360
munin/files/plugins/linux-psi
Normal file
360
munin/files/plugins/linux-psi
Normal file
|
@ -0,0 +1,360 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
|
||||||
|
: << =cut
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
linux_psi - Plugin to monitor the pressure stall information for CPU, Memory and
|
||||||
|
IO as reported by the Linux kernel.
|
||||||
|
|
||||||
|
This plugin monitors the pressure stall information (psi) as reported by the
|
||||||
|
Linux Kernel. By default it reports all average intervals (10 seconds,
|
||||||
|
60 seconds and 300 seconds) as well as the total values as a rate of change
|
||||||
|
(DERIVE) for all resources (cpu, memory, io). The average intervals can be
|
||||||
|
configured if you only deem some of them useful. See CONFIGURATION for
|
||||||
|
explanations on that.
|
||||||
|
|
||||||
|
This is a multigraph plugin that, by default, will create six detail graphs and
|
||||||
|
one summary graph (so seven in total). The summary graph will contain the 300
|
||||||
|
seconds average percentages of all resources. The detail graphs are split in two
|
||||||
|
graphs per resource. One combining all average intervals and one for the
|
||||||
|
"totals" (rate of change) for the given resource.
|
||||||
|
|
||||||
|
There are no defaults for warnings and criticals, because this highly depends on
|
||||||
|
the system, so you need to configure them yourself (if you want any). It is
|
||||||
|
recommended that you first lookup the meaning of the different values.
|
||||||
|
|
||||||
|
For more information on psi see:
|
||||||
|
https://www.kernel.org/doc/html/latest/accounting/psi.html
|
||||||
|
|
||||||
|
=head1 CONFIGURATION
|
||||||
|
|
||||||
|
Simply create a symlink in your plugins directory like with any other plugin.
|
||||||
|
No additional configuration needed, no specific user required (typically).
|
||||||
|
|
||||||
|
If you want to configure alerts, just add "warn_" or "crit_" in front of the
|
||||||
|
internal name.
|
||||||
|
|
||||||
|
Optional configuration examples:
|
||||||
|
|
||||||
|
[linux_psi]
|
||||||
|
env.resources cpu io memory - Specify the resources to monitor. Leave one
|
||||||
|
out if you don't want this one to be
|
||||||
|
monitored.
|
||||||
|
env.intervals avg10 avg60 avg300 - Sepcify the average intervals to monitor.
|
||||||
|
Leave one out if you don't want this one to
|
||||||
|
be monitored
|
||||||
|
env.scopes some full - Specify the scopes to monitor. Leave one out
|
||||||
|
If you don't want it to be monitored.
|
||||||
|
env.summary_interval avg300 - Specify the interval to be used for the
|
||||||
|
summary-graph.
|
||||||
|
env.warn_psi_cpu_avg300_some 5 - Set a warning-level of 5 for
|
||||||
|
"psi_cpu_avg300_some"
|
||||||
|
env.crit_psi_io_total_full 2000 - Set a critical-level of 2000 for
|
||||||
|
"psi_io_total_full"
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
2022, HaseHarald
|
||||||
|
|
||||||
|
=head1 LICENSE
|
||||||
|
|
||||||
|
LGPLv3
|
||||||
|
|
||||||
|
=head1 BUGS
|
||||||
|
|
||||||
|
=head1 TODO
|
||||||
|
|
||||||
|
=head1 MAGIC MARKERS
|
||||||
|
|
||||||
|
#%# family=auto
|
||||||
|
#%# capabilities=autoconf
|
||||||
|
|
||||||
|
=cut
|
||||||
|
|
||||||
|
|
||||||
|
# This file contains a munin-plugin to graph the psi (pressure) for CPU, Memory
|
||||||
|
# and IO, as reported by the Linux kernel.
|
||||||
|
#
|
||||||
|
# This is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Lesser General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Lesser General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Lesser General Public License
|
||||||
|
# along with this plugin. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
|
||||||
|
resource_defaults=('cpu' 'io' 'memory')
|
||||||
|
interval_defaults=('avg10' 'avg60' 'avg300')
|
||||||
|
scope_defaults=('some' 'full')
|
||||||
|
pressure_dir=${pressure_dir:-'/proc/pressure/'}
|
||||||
|
pressure_resources=( "${resources[@]:-${resource_defaults[@]}}" )
|
||||||
|
pressure_intervals=( "${intervals[@]:-${interval_defaults[@]}}" )
|
||||||
|
pressure_scopes=( "${scopes[@]:-${scope_defaults[@]}}" )
|
||||||
|
summary_interval="${summary_interval:-avg300}"
|
||||||
|
|
||||||
|
check_autoconf() {
|
||||||
|
if [ -d "${pressure_dir}" ]; then
|
||||||
|
printf "yes\n"
|
||||||
|
else
|
||||||
|
printf "no (%s not found)\n" "${pressure_dir}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get_pressure_value() {
|
||||||
|
local resource
|
||||||
|
local interval
|
||||||
|
local scope
|
||||||
|
|
||||||
|
resource="$1"
|
||||||
|
interval="$2"
|
||||||
|
scope="${3:-some}"
|
||||||
|
|
||||||
|
grep "$scope" "${pressure_dir}/${resource}" | grep -o -E "${interval}=[0-9]{1,}(\.[0-9]{1,}){0,1}" | cut -d '=' -f 2
|
||||||
|
}
|
||||||
|
|
||||||
|
get_printable_name() {
|
||||||
|
local kind
|
||||||
|
local value
|
||||||
|
local printable_name
|
||||||
|
kind="$1"
|
||||||
|
value="$2"
|
||||||
|
printable_name=""
|
||||||
|
|
||||||
|
case "$kind" in
|
||||||
|
|
||||||
|
interval)
|
||||||
|
case "$interval" in
|
||||||
|
avg10)
|
||||||
|
printable_name="10sec"
|
||||||
|
;;
|
||||||
|
avg60)
|
||||||
|
printable_name="60sec"
|
||||||
|
;;
|
||||||
|
avg300)
|
||||||
|
printable_name="5min"
|
||||||
|
;;
|
||||||
|
total)
|
||||||
|
printable_name="Total"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "ERROR: Could not determine interval %s ! Must be one of 'avg10' 'avg60' 'avg300' 'total'\n" "$value" >&2
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
scope)
|
||||||
|
case "$value" in
|
||||||
|
some)
|
||||||
|
printable_name="Some"
|
||||||
|
;;
|
||||||
|
full)
|
||||||
|
printable_name="Full"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "ERROR: Could not determine scope %s ! Must be one of 'full' 'some'.\n" "$value" >&2
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
resource)
|
||||||
|
case "$value" in
|
||||||
|
cpu)
|
||||||
|
printable_name="CPU"
|
||||||
|
;;
|
||||||
|
io)
|
||||||
|
printable_name="IO"
|
||||||
|
;;
|
||||||
|
memory)
|
||||||
|
printable_name="Memory"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "ERROR: Could not determine resource-type %s ! Must be one of 'cpu' 'io' 'memory'.\n" "$value" >&2
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
printf "ERROR: Could not determine kind %s ! Must be one of 'interval' 'scope' 'resource'\n" "$kind" >&2
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
printf "%s" "$printable_name"
|
||||||
|
}
|
||||||
|
|
||||||
|
iterate_config() {
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
local printable_resource
|
||||||
|
printable_resource=$( get_printable_name resource "$resource" )
|
||||||
|
printf "multigraph linux_psi.%s_avg\n" "$resource"
|
||||||
|
printf "graph_title %s Pressure Stall Information - Average\n" "$printable_resource"
|
||||||
|
printf "graph_category system\n"
|
||||||
|
printf "graph_info Average PSI based latency caused by lack of %s resources.\n" "$printable_resource"
|
||||||
|
printf "graph_vlabel %%\n"
|
||||||
|
printf "graph_scale no\n"
|
||||||
|
for interval in "${pressure_intervals[@]}"; do
|
||||||
|
local printable_interval
|
||||||
|
printable_interval=$( get_printable_name interval "$interval" )
|
||||||
|
output_config "$resource" "$interval"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
done
|
||||||
|
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
local interval
|
||||||
|
local printable_resource
|
||||||
|
interval="total"
|
||||||
|
printable_resource=$( get_printable_name resource "$resource" )
|
||||||
|
|
||||||
|
printf "multigraph linux_psi.%s_total\n" "$resource"
|
||||||
|
printf "graph_title %s Pressure Stall Information - Rate\n" "$printable_resource"
|
||||||
|
printf "graph_category system\n"
|
||||||
|
printf "graph_info Total PSI based latency rate caused by lack of %s resources.\n" "$printable_resource"
|
||||||
|
printf "graph_vlabel rate\n"
|
||||||
|
output_config "$resource" "$interval"
|
||||||
|
echo ""
|
||||||
|
done
|
||||||
|
|
||||||
|
printf "multigraph linux_psi\n"
|
||||||
|
printf "graph_title Pressure Stall Information - Average\n"
|
||||||
|
printf "graph_vlabel %%\n"
|
||||||
|
printf "graph_scale no\n"
|
||||||
|
printf "graph_category system\n"
|
||||||
|
printf "graph_info Average PSI based latency caused by lack of resources.\n"
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
output_config "$resource" "$summary_interval"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
|
|
||||||
|
iterate_values() {
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
printf "multigraph linux_psi.%s_avg\n" "$resource"
|
||||||
|
for interval in "${pressure_intervals[@]}"; do
|
||||||
|
output_values "$resource" "$interval"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
done
|
||||||
|
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
local interval
|
||||||
|
interval="total"
|
||||||
|
printf "multigraph linux_psi.%s_total\n" "$resource"
|
||||||
|
output_values "$resource" "$interval"
|
||||||
|
echo ""
|
||||||
|
done
|
||||||
|
|
||||||
|
printf "multigraph linux_psi\n"
|
||||||
|
for resource in "${pressure_resources[@]}"; do
|
||||||
|
output_values "$resource" "$summary_interval"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
|
|
||||||
|
output_config() {
|
||||||
|
local resource
|
||||||
|
local interval
|
||||||
|
local printable_resource
|
||||||
|
local printable_interval
|
||||||
|
|
||||||
|
resource="$1"
|
||||||
|
interval="$2"
|
||||||
|
printable_resource=$( get_printable_name resource "$resource" )
|
||||||
|
printable_interval=$( get_printable_name interval "$interval" )
|
||||||
|
|
||||||
|
for scope in "${pressure_scopes[@]}"; do
|
||||||
|
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
|
||||||
|
continue
|
||||||
|
else
|
||||||
|
local printable_scope
|
||||||
|
local this_warn_var
|
||||||
|
local this_crit_var
|
||||||
|
|
||||||
|
printable_scope=$( get_printable_name scope "$scope" )
|
||||||
|
this_warn_var=$( echo "warn_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
|
||||||
|
this_crit_var=$( echo "crit_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
|
||||||
|
|
||||||
|
printf "psi_%s_%s_%s.min 0\n" "$resource" "$interval" "$scope"
|
||||||
|
printf "psi_%s_%s_%s.label %s %s %s\n" "$resource" "$interval" "$scope" "$printable_resource" "$printable_interval" "$printable_scope"
|
||||||
|
if [ -n "${!this_warn_var}" ]; then
|
||||||
|
printf "psi_%s_%s_%s.warning %s\n" "$resource" "$interval" "$scope" "${!this_warn_var}"
|
||||||
|
fi
|
||||||
|
if [ -n "${!this_crit_var}" ]; then
|
||||||
|
printf "psi_%s_%s_%s.critical %s\n" "$resource" "$interval" "$scope" "${!this_crit_var}"
|
||||||
|
fi
|
||||||
|
if [ "$interval" == "total" ]; then
|
||||||
|
printf "psi_%s_%s_%s.type DERIVE\n" "$resource" "$interval" "$scope"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
output_values() {
|
||||||
|
local resource
|
||||||
|
local interval
|
||||||
|
resource="$1"
|
||||||
|
interval="$2"
|
||||||
|
|
||||||
|
for scope in "${pressure_scopes[@]}"; do
|
||||||
|
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
|
||||||
|
continue
|
||||||
|
else
|
||||||
|
printf "psi_%s_%s_%s.value %s\n" "$resource" "$interval" "$scope" "$(get_pressure_value "$resource" "$interval" "$scope")"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
output_usage() {
|
||||||
|
printf >&2 "%s - munin plugin to graph pressure stall information for CPU, Memory and IO as reported by the Linux kernel.\n" "${0##*/}"
|
||||||
|
printf >&2 "Usage: %s [config]\n" "${0##*/}"
|
||||||
|
printf >&2 "You may use environment settings in a plugin-config file, used by munin (for example /etc/munin/plugin-conf.d/munin-node) to further adjust settings.\n"
|
||||||
|
printf >&2 "You can use these settings to configure which resources, intervals or scopes are monitored or to configure warning and critical levels.\n"
|
||||||
|
printf >&2 "To do so use a syntax like this:\n"
|
||||||
|
printf >&2 "[linux_psi]\n"
|
||||||
|
printf >&2 "env.resources cpu io memory\n"
|
||||||
|
printf >&2 "env.intervals avg10 avg60 avg300\n"
|
||||||
|
printf >&2 "env.scopes some full\n"
|
||||||
|
printf >&2 "env.summary_interval avg300\n"
|
||||||
|
printf >&2 "env.warn_psi_cpu_avg300_some 5\n"
|
||||||
|
printf >&2 "env.crit_psi_io_total_full 2000\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$#" in
|
||||||
|
0)
|
||||||
|
iterate_values
|
||||||
|
;;
|
||||||
|
|
||||||
|
1)
|
||||||
|
case "$1" in
|
||||||
|
autoconf)
|
||||||
|
check_autoconf
|
||||||
|
;;
|
||||||
|
config)
|
||||||
|
iterate_config
|
||||||
|
;;
|
||||||
|
fetch)
|
||||||
|
iterate_values
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
output_usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
output_usage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
|
@ -46,6 +46,7 @@
|
||||||
dest: '/usr/share/munin/plugins/{{ item }}'
|
dest: '/usr/share/munin/plugins/{{ item }}'
|
||||||
loop:
|
loop:
|
||||||
- dhcp_pool
|
- dhcp_pool
|
||||||
|
- linux-psi
|
||||||
tags:
|
tags:
|
||||||
- munin
|
- munin
|
||||||
|
|
||||||
|
@ -77,6 +78,7 @@
|
||||||
- postfix_mailqueue
|
- postfix_mailqueue
|
||||||
- postfix_mailstats
|
- postfix_mailstats
|
||||||
- postfix_mailvolume
|
- postfix_mailvolume
|
||||||
|
- linux-psi
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
tags:
|
tags:
|
||||||
- munin
|
- munin
|
||||||
|
|
49
webapps/mattermost/LISEZMOI.md
Normal file
49
webapps/mattermost/LISEZMOI.md
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
mattermost
|
||||||
|
=====
|
||||||
|
|
||||||
|
Ce rĂ´le installe un serveur mattermost.
|
||||||
|
|
||||||
|
Notez qu'hormis le présent fichier LISEZMOI.md, tous les fichiers du rôle mattermost sont rédigés en anglais afin de suivre les conventions de la communauté Ansible, favoriser sa réutilisation et son amélioration, etc. Libre à vous cependant de faire appel à ce role dans un playbook rédigé principalement en français ou toute autre langue.
|
||||||
|
|
||||||
|
Requis
|
||||||
|
------
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
Variables du rĂ´le
|
||||||
|
-----------------
|
||||||
|
|
||||||
|
Plusieurs des valeurs par défaut dans defaults/main.yml doivent être changées soit directement dans defaults/main.yml ou mieux encore en les supplantant ailleurs, par exemple dans votre playbook (voir l'exemple ci-bas).
|
||||||
|
|
||||||
|
DĂ©pendances
|
||||||
|
------------
|
||||||
|
|
||||||
|
Ce rôle Ansible dépend des rôles suivants :
|
||||||
|
|
||||||
|
- nodejs
|
||||||
|
|
||||||
|
Exemple de playbook
|
||||||
|
-------------------
|
||||||
|
|
||||||
|
```
|
||||||
|
- name: "DĂ©ployer un serveur mattermost"
|
||||||
|
hosts:
|
||||||
|
- all
|
||||||
|
vars:
|
||||||
|
# Supplanter ici les variables du rĂ´le
|
||||||
|
domains: ['votre-vrai-domaine.org']
|
||||||
|
service: 'mon-mattermost'
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- { role: webapps/mattermost , tags: "mattermost" }
|
||||||
|
```
|
||||||
|
|
||||||
|
Licence
|
||||||
|
-------
|
||||||
|
|
||||||
|
GPLv3
|
||||||
|
|
||||||
|
Infos sur l'auteur
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Mathieu Gauthier-Pilote, administrateur de systèmes chez Evolix.
|
49
webapps/mattermost/README.md
Normal file
49
webapps/mattermost/README.md
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
mattermost
|
||||||
|
=====
|
||||||
|
|
||||||
|
This role installs or upgrades the server for mattermost.
|
||||||
|
|
||||||
|
FRENCH: Voir le fichier LISEZMOI.md pour le français.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
...
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
Several of the default values in defaults/main.yml must be changed either directly in defaults/main.yml or better even by overwriting them somewhere else, for example in your playbook (see the example below).
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
This Ansible role depends on the following other roles:
|
||||||
|
|
||||||
|
- nodejs
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
```
|
||||||
|
- name: "Deploy a mattermost server"
|
||||||
|
hosts:
|
||||||
|
- all
|
||||||
|
vars:
|
||||||
|
# Overwrite the role variables here
|
||||||
|
domains: ['your-real-domain.org']
|
||||||
|
service: 'my-mattermost'
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- { role: webapps/mattermost , tags: "mattermost" }
|
||||||
|
```
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
GPLv3
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
Mathieu Gauthier-Pilote, sys. admin. at Evolix.
|
13
webapps/mattermost/defaults/main.yml
Normal file
13
webapps/mattermost/defaults/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# defaults file for vars
|
||||||
|
mattermost_system_dep: "['git', 'nginx', 'postgresql', 'python3-psycopg2', 'certbot', 'acl']"
|
||||||
|
mattermost_version: '7.8.1'
|
||||||
|
mattermost_download_url: "https://releases.mattermost.com/{{ mattermost_version }}/mattermost-team-{{ mattermost_version }}-linux-amd64.tar.gz"
|
||||||
|
mattermost_domains: ['example.domain.org']
|
||||||
|
mattermost_certbot_admin_email: 'mgauthier@evolix.ca'
|
||||||
|
mattermost_home_base: '/home'
|
||||||
|
mattermost_app_port: '8065'
|
||||||
|
mattermost_db_host: '127.0.0.1'
|
||||||
|
mattermost_db_name: "{{ mattermost_service }}"
|
||||||
|
mattermost_db_user: "{{ mattermost_service }}"
|
||||||
|
mattermost_db_password: 'UQ6_CHANGE_ME_Gzb'
|
2
webapps/mattermost/handlers/main.yml
Normal file
2
webapps/mattermost/handlers/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# handlers file
|
52
webapps/mattermost/meta/main.yml
Normal file
52
webapps/mattermost/meta/main.yml
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: Mathieu Gauthier-Pilote
|
||||||
|
description: sys. admin.
|
||||||
|
company: Evolix
|
||||||
|
|
||||||
|
# If the issue tracker for your role is not on github, uncomment the
|
||||||
|
# next line and provide a value
|
||||||
|
# issue_tracker_url: http://example.com/issue/tracker
|
||||||
|
|
||||||
|
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||||
|
# - BSD-3-Clause (default)
|
||||||
|
# - MIT
|
||||||
|
# - GPL-2.0-or-later
|
||||||
|
# - GPL-3.0-only
|
||||||
|
# - Apache-2.0
|
||||||
|
# - CC-BY-4.0
|
||||||
|
license: license GPL-3.0-only
|
||||||
|
|
||||||
|
min_ansible_version: 2.10
|
||||||
|
|
||||||
|
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||||
|
# min_ansible_container_version:
|
||||||
|
|
||||||
|
#
|
||||||
|
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||||
|
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
# platforms:
|
||||||
|
# - name: Fedora
|
||||||
|
# versions:
|
||||||
|
# - all
|
||||||
|
# - 25
|
||||||
|
# - name: SomePlatform
|
||||||
|
# versions:
|
||||||
|
# - all
|
||||||
|
# - 1.0
|
||||||
|
# - 7
|
||||||
|
# - 99.99
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||||
|
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||||
|
# remove the '[]' above, if you add tags to this list.
|
||||||
|
#
|
||||||
|
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||||
|
# Maximum 20 tags per role.
|
||||||
|
|
||||||
|
dependencies: []
|
||||||
|
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||||
|
# if you add dependencies to this list.
|
120
webapps/mattermost/tasks/main.yml
Normal file
120
webapps/mattermost/tasks/main.yml
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
---
|
||||||
|
# tasks file for mattermost install
|
||||||
|
|
||||||
|
- name: Install main system dependencies
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ mattermost_system_dep }}"
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Add UNIX account
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ mattermost_service }}"
|
||||||
|
shell: /bin/bash
|
||||||
|
home: "{{ mattermost_home_base }}/{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Add PostgreSQL user
|
||||||
|
ansible.builtin.postgresql_user:
|
||||||
|
name: "{{ mattermost_db_user }}"
|
||||||
|
password: "{{ mattermost_db_password }}"
|
||||||
|
no_password_changes: true
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Add PostgreSQL database
|
||||||
|
ansible.builtin.postgresql_db:
|
||||||
|
name: "{{ mattermost_db_name }}"
|
||||||
|
owner: "{{ mattermost_db_user }}"
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Unarchive mattermost archive
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "{{ mattermost_download_url }}"
|
||||||
|
dest: ~/
|
||||||
|
remote_src: yes
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Create the mattermost data dir if needed
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: ~/mattermost/data
|
||||||
|
state: directory
|
||||||
|
mode: '0750'
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Template mattermost conf file
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "config.json.j2"
|
||||||
|
dest: "~/mattermost/config/config.json"
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Template mattermost systemd unit
|
||||||
|
template:
|
||||||
|
src: "mattermost.service.j2"
|
||||||
|
dest: "/etc/systemd/system/mattermost@.service"
|
||||||
|
|
||||||
|
- name: Start mattermost systemd unit
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "mattermost@{{ mattermost_service }}"
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Template nginx snippet for Let's Encrypt/Certbot
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "letsencrypt.conf.j2"
|
||||||
|
dest: "/etc/nginx/snippets/letsencrypt.conf"
|
||||||
|
|
||||||
|
- name: Check if SSL certificate is present and register result
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/letsencrypt/live/{{ mattermost_domains |first }}/fullchain.pem"
|
||||||
|
register: ssl
|
||||||
|
|
||||||
|
- name: Generate certificate only if required (first time)
|
||||||
|
block:
|
||||||
|
- name: Template vhost without SSL for successfull LE challengce
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "vhost.conf.j2"
|
||||||
|
dest: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
|
||||||
|
- name: Enable temporary nginx vhost for mattermost
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{ mattermost_service }}.conf"
|
||||||
|
state: link
|
||||||
|
- name: Reload nginx conf
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
- name: Make sure /var/lib/letsencrypt exists and has correct permissions
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /var/lib/letsencrypt
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
- name: Generate certificate with certbot
|
||||||
|
ansible.builtin.shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt --non-interactive --agree-tos --email {{ mattermost_certbot_admin_email }} -d {{ mattermost_domains |first }}
|
||||||
|
- name: Create the ssl dir if needed
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/nginx/ssl
|
||||||
|
state: directory
|
||||||
|
mode: '0750'
|
||||||
|
- name: Template ssl bloc for nginx vhost
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "ssl.conf.j2"
|
||||||
|
dest: "/etc/nginx/ssl/{{ mattermost_domains |first }}.conf"
|
||||||
|
when: ssl.stat.exists != true
|
||||||
|
|
||||||
|
- name: (Re)check if SSL certificate is present and register result
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/letsencrypt/live/{{ mattermost_domains |first }}/fullchain.pem"
|
||||||
|
register: ssl
|
||||||
|
|
||||||
|
- name: (Re)template conf file for nginx vhost with SSL
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "vhost.conf.j2"
|
||||||
|
dest: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
|
||||||
|
|
||||||
|
- name: Enable nginx vhost for mattermost
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: "/etc/nginx/sites-available/{{ mattermost_service }}.conf"
|
||||||
|
dest: "/etc/nginx/sites-enabled/{{ mattermost_service }}.conf"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Reload nginx conf
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
63
webapps/mattermost/tasks/upgrade.yml
Normal file
63
webapps/mattermost/tasks/upgrade.yml
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
---
|
||||||
|
# tasks file for mattermost upgrade
|
||||||
|
|
||||||
|
- name: Start mattermost systemd unit
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "mattermost@{{ mattermost_service }}"
|
||||||
|
state: stopped
|
||||||
|
|
||||||
|
- name: set current date and time as a fact
|
||||||
|
ansible.builtin.set_fact: backup_date="{{ ansible_date_time.iso8601_basic_short }}"
|
||||||
|
|
||||||
|
- name: backup current mattermost files
|
||||||
|
ansible.builtin.command: "mv ~/mattermost/ ~/mattermost_{{ mattermost_backup_date }}"
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Dump database to a file with compression
|
||||||
|
ansible.builtin.postgresql_db:
|
||||||
|
name: "{{ mattermost_db_name }}"
|
||||||
|
state: dump
|
||||||
|
target: "~/{{ mattermost_db_name }}.sql.gz"
|
||||||
|
become_user: postgres
|
||||||
|
|
||||||
|
- name: Unarchive new mattermost archive
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "{{ mattermost_download_url }}"
|
||||||
|
dest: ~/
|
||||||
|
remote_src: yes
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: restore dirs from backup
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: ~/mattermost
|
||||||
|
remote_src: true
|
||||||
|
loop:
|
||||||
|
- "~/mattermost_{{ mattermost_backup_date }}/config"
|
||||||
|
- "~/mattermost_{{ mattermost_backup_date }}/data"
|
||||||
|
- "~/mattermost_{{ mattermost_backup_date }}/logs"
|
||||||
|
- "~/mattermost_{{ mattermost_backup_date }}/plugins"
|
||||||
|
- "~/mattermost_{{ mattermost_backup_date }}/client/plugins"
|
||||||
|
become_user: "{{ mattermost_service }}"
|
||||||
|
|
||||||
|
- name: Start mattermost systemd unit
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: "mattermost@{{ mattermost_service }}"
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Reload nginx conf
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: Define variable to skip next task by default
|
||||||
|
ansible.builtin.set_fact:
|
||||||
|
keep_db_dump: true
|
||||||
|
|
||||||
|
- name: Remove database dump
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "~/{{ mattermost_db_name }}.sql.gz"
|
||||||
|
state: absent
|
||||||
|
become_user: postgres
|
||||||
|
when: keep_db_dump is undefined
|
||||||
|
tags: clean
|
605
webapps/mattermost/templates/config.json.j2
Normal file
605
webapps/mattermost/templates/config.json.j2
Normal file
|
@ -0,0 +1,605 @@
|
||||||
|
{
|
||||||
|
"ServiceSettings": {
|
||||||
|
"SiteURL": "http://{{ mattermost_domains | first }}",
|
||||||
|
"WebsocketURL": "",
|
||||||
|
"LicenseFileLocation": "",
|
||||||
|
"ListenAddress": "127.0.0.1:{{ mattermost_app_port }}",
|
||||||
|
"ConnectionSecurity": "",
|
||||||
|
"TLSCertFile": "",
|
||||||
|
"TLSKeyFile": "",
|
||||||
|
"TLSMinVer": "1.2",
|
||||||
|
"TLSStrictTransport": false,
|
||||||
|
"TLSStrictTransportMaxAge": 63072000,
|
||||||
|
"TLSOverwriteCiphers": [],
|
||||||
|
"UseLetsEncrypt": false,
|
||||||
|
"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
|
||||||
|
"Forward80To443": false,
|
||||||
|
"TrustedProxyIPHeader": [],
|
||||||
|
"ReadTimeout": 300,
|
||||||
|
"WriteTimeout": 300,
|
||||||
|
"IdleTimeout": 60,
|
||||||
|
"MaximumLoginAttempts": 10,
|
||||||
|
"GoroutineHealthThreshold": -1,
|
||||||
|
"EnableOAuthServiceProvider": true,
|
||||||
|
"EnableIncomingWebhooks": true,
|
||||||
|
"EnableOutgoingWebhooks": true,
|
||||||
|
"EnableCommands": true,
|
||||||
|
"EnablePostUsernameOverride": false,
|
||||||
|
"EnablePostIconOverride": false,
|
||||||
|
"GoogleDeveloperKey": "",
|
||||||
|
"EnableLinkPreviews": true,
|
||||||
|
"EnablePermalinkPreviews": true,
|
||||||
|
"RestrictLinkPreviews": "",
|
||||||
|
"EnableTesting": false,
|
||||||
|
"EnableDeveloper": false,
|
||||||
|
"DeveloperFlags": "",
|
||||||
|
"EnableClientPerformanceDebugging": false,
|
||||||
|
"EnableOpenTracing": false,
|
||||||
|
"EnableSecurityFixAlert": true,
|
||||||
|
"EnableInsecureOutgoingConnections": false,
|
||||||
|
"AllowedUntrustedInternalConnections": "",
|
||||||
|
"EnableMultifactorAuthentication": false,
|
||||||
|
"EnforceMultifactorAuthentication": false,
|
||||||
|
"EnableUserAccessTokens": false,
|
||||||
|
"AllowCorsFrom": "",
|
||||||
|
"CorsExposedHeaders": "",
|
||||||
|
"CorsAllowCredentials": false,
|
||||||
|
"CorsDebug": false,
|
||||||
|
"AllowCookiesForSubdomains": false,
|
||||||
|
"ExtendSessionLengthWithActivity": true,
|
||||||
|
"SessionLengthWebInDays": 30,
|
||||||
|
"SessionLengthWebInHours": 720,
|
||||||
|
"SessionLengthMobileInDays": 30,
|
||||||
|
"SessionLengthMobileInHours": 720,
|
||||||
|
"SessionLengthSSOInDays": 30,
|
||||||
|
"SessionLengthSSOInHours": 720,
|
||||||
|
"SessionCacheInMinutes": 10,
|
||||||
|
"SessionIdleTimeoutInMinutes": 43200,
|
||||||
|
"WebsocketSecurePort": 443,
|
||||||
|
"WebsocketPort": 80,
|
||||||
|
"WebserverMode": "gzip",
|
||||||
|
"EnableGifPicker": true,
|
||||||
|
"GfycatAPIKey": "2_KtH_W5",
|
||||||
|
"GfycatAPISecret": "3wLVZPiswc3DnaiaFoLkDvB4X0IV6CpMkj4tf2inJRsBY6-FnkT08zGmppWFgeof",
|
||||||
|
"EnableCustomEmoji": true,
|
||||||
|
"EnableEmojiPicker": true,
|
||||||
|
"PostEditTimeLimit": -1,
|
||||||
|
"TimeBetweenUserTypingUpdatesMilliseconds": 5000,
|
||||||
|
"EnablePostSearch": true,
|
||||||
|
"EnableFileSearch": true,
|
||||||
|
"MinimumHashtagLength": 3,
|
||||||
|
"EnableUserTypingMessages": true,
|
||||||
|
"EnableChannelViewedMessages": true,
|
||||||
|
"EnableUserStatuses": true,
|
||||||
|
"ExperimentalEnableAuthenticationTransfer": true,
|
||||||
|
"ClusterLogTimeoutMilliseconds": 2000,
|
||||||
|
"EnablePreviewFeatures": true,
|
||||||
|
"EnableTutorial": true,
|
||||||
|
"EnableOnboardingFlow": true,
|
||||||
|
"ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
|
||||||
|
"ExperimentalGroupUnreadChannels": "disabled",
|
||||||
|
"EnableAPITeamDeletion": false,
|
||||||
|
"EnableAPITriggerAdminNotifications": false,
|
||||||
|
"EnableAPIUserDeletion": false,
|
||||||
|
"ExperimentalEnableHardenedMode": false,
|
||||||
|
"ExperimentalStrictCSRFEnforcement": false,
|
||||||
|
"EnableEmailInvitations": false,
|
||||||
|
"DisableBotsWhenOwnerIsDeactivated": true,
|
||||||
|
"EnableBotAccountCreation": false,
|
||||||
|
"EnableSVGs": false,
|
||||||
|
"EnableLatex": false,
|
||||||
|
"EnableInlineLatex": true,
|
||||||
|
"PostPriority": true,
|
||||||
|
"EnableAPIChannelDeletion": false,
|
||||||
|
"EnableLocalMode": false,
|
||||||
|
"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket",
|
||||||
|
"EnableAWSMetering": false,
|
||||||
|
"SplitKey": "",
|
||||||
|
"FeatureFlagSyncIntervalSeconds": 30,
|
||||||
|
"DebugSplit": false,
|
||||||
|
"ThreadAutoFollow": true,
|
||||||
|
"CollapsedThreads": "always_on",
|
||||||
|
"ManagedResourcePaths": "",
|
||||||
|
"EnableCustomGroups": true,
|
||||||
|
"SelfHostedPurchase": true,
|
||||||
|
"AllowSyncedDrafts": true
|
||||||
|
},
|
||||||
|
"TeamSettings": {
|
||||||
|
"SiteName": "Mattermost",
|
||||||
|
"MaxUsersPerTeam": 50,
|
||||||
|
"EnableUserCreation": true,
|
||||||
|
"EnableOpenServer": false,
|
||||||
|
"EnableUserDeactivation": false,
|
||||||
|
"RestrictCreationToDomains": "",
|
||||||
|
"EnableCustomUserStatuses": true,
|
||||||
|
"EnableCustomBrand": false,
|
||||||
|
"CustomBrandText": "",
|
||||||
|
"CustomDescriptionText": "",
|
||||||
|
"RestrictDirectMessage": "any",
|
||||||
|
"EnableLastActiveTime": true,
|
||||||
|
"UserStatusAwayTimeout": 300,
|
||||||
|
"MaxChannelsPerTeam": 2000,
|
||||||
|
"MaxNotificationsPerChannel": 1000,
|
||||||
|
"EnableConfirmNotificationsToChannel": true,
|
||||||
|
"TeammateNameDisplay": "username",
|
||||||
|
"ExperimentalViewArchivedChannels": true,
|
||||||
|
"ExperimentalEnableAutomaticReplies": false,
|
||||||
|
"LockTeammateNameDisplay": false,
|
||||||
|
"ExperimentalPrimaryTeam": "",
|
||||||
|
"ExperimentalDefaultChannels": []
|
||||||
|
},
|
||||||
|
"ClientRequirements": {
|
||||||
|
"AndroidLatestVersion": "",
|
||||||
|
"AndroidMinVersion": "",
|
||||||
|
"IosLatestVersion": "",
|
||||||
|
"IosMinVersion": ""
|
||||||
|
},
|
||||||
|
"SqlSettings": {
|
||||||
|
"DriverName": "postgres",
|
||||||
|
"DataSource": "postgres://{{ mattermost_db_user }}:{{ mattermost_db_password }}@{{ mattermost_db_host }}:5432/{{ mattermost_db_name }}?sslmode=disable&connect_timeout=10",
|
||||||
|
"DataSourceReplicas": [],
|
||||||
|
"DataSourceSearchReplicas": [],
|
||||||
|
"MaxIdleConns": 20,
|
||||||
|
"ConnMaxLifetimeMilliseconds": 3600000,
|
||||||
|
"ConnMaxIdleTimeMilliseconds": 300000,
|
||||||
|
"MaxOpenConns": 300,
|
||||||
|
"Trace": false,
|
||||||
|
"AtRestEncryptKey": "xcipqdpb6k5hrjpfhsdixyhsscmtsujz",
|
||||||
|
"QueryTimeout": 30,
|
||||||
|
"DisableDatabaseSearch": false,
|
||||||
|
"MigrationsStatementTimeoutSeconds": 100000,
|
||||||
|
"ReplicaLagSettings": []
|
||||||
|
},
|
||||||
|
"LogSettings": {
|
||||||
|
"EnableConsole": true,
|
||||||
|
"ConsoleLevel": "INFO",
|
||||||
|
"ConsoleJson": true,
|
||||||
|
"EnableColor": false,
|
||||||
|
"EnableFile": true,
|
||||||
|
"FileLevel": "INFO",
|
||||||
|
"FileJson": true,
|
||||||
|
"FileLocation": "",
|
||||||
|
"EnableWebhookDebugging": true,
|
||||||
|
"EnableDiagnostics": true,
|
||||||
|
"VerboseDiagnostics": false,
|
||||||
|
"EnableSentry": true,
|
||||||
|
"AdvancedLoggingConfig": ""
|
||||||
|
},
|
||||||
|
"ExperimentalAuditSettings": {
|
||||||
|
"FileEnabled": false,
|
||||||
|
"FileName": "",
|
||||||
|
"FileMaxSizeMB": 100,
|
||||||
|
"FileMaxAgeDays": 0,
|
||||||
|
"FileMaxBackups": 0,
|
||||||
|
"FileCompress": false,
|
||||||
|
"FileMaxQueueSize": 1000,
|
||||||
|
"AdvancedLoggingConfig": ""
|
||||||
|
},
|
||||||
|
"NotificationLogSettings": {
|
||||||
|
"EnableConsole": true,
|
||||||
|
"ConsoleLevel": "INFO",
|
||||||
|
"ConsoleJson": true,
|
||||||
|
"EnableColor": false,
|
||||||
|
"EnableFile": true,
|
||||||
|
"FileLevel": "INFO",
|
||||||
|
"FileJson": true,
|
||||||
|
"FileLocation": "",
|
||||||
|
"AdvancedLoggingConfig": ""
|
||||||
|
},
|
||||||
|
"PasswordSettings": {
|
||||||
|
"MinimumLength": 8,
|
||||||
|
"Lowercase": false,
|
||||||
|
"Number": false,
|
||||||
|
"Uppercase": false,
|
||||||
|
"Symbol": false
|
||||||
|
},
|
||||||
|
"FileSettings": {
|
||||||
|
"EnableFileAttachments": true,
|
||||||
|
"EnableMobileUpload": true,
|
||||||
|
"EnableMobileDownload": true,
|
||||||
|
"MaxFileSize": 104857600,
|
||||||
|
"MaxImageResolution": 33177600,
|
||||||
|
"MaxImageDecoderConcurrency": -1,
|
||||||
|
"DriverName": "local",
|
||||||
|
"Directory": "./data/",
|
||||||
|
"EnablePublicLink": false,
|
||||||
|
"ExtractContent": true,
|
||||||
|
"ArchiveRecursion": false,
|
||||||
|
"PublicLinkSalt": "yhe99kxqhhwyitn5eo47s61u4m4rmwci",
|
||||||
|
"InitialFont": "nunito-bold.ttf",
|
||||||
|
"AmazonS3AccessKeyId": "",
|
||||||
|
"AmazonS3SecretAccessKey": "",
|
||||||
|
"AmazonS3Bucket": "",
|
||||||
|
"AmazonS3PathPrefix": "",
|
||||||
|
"AmazonS3Region": "",
|
||||||
|
"AmazonS3Endpoint": "s3.amazonaws.com",
|
||||||
|
"AmazonS3SSL": true,
|
||||||
|
"AmazonS3SignV2": false,
|
||||||
|
"AmazonS3SSE": false,
|
||||||
|
"AmazonS3Trace": false,
|
||||||
|
"AmazonS3RequestTimeoutMilliseconds": 30000
|
||||||
|
},
|
||||||
|
"EmailSettings": {
|
||||||
|
"EnableSignUpWithEmail": true,
|
||||||
|
"EnableSignInWithEmail": true,
|
||||||
|
"EnableSignInWithUsername": true,
|
||||||
|
"SendEmailNotifications": false,
|
||||||
|
"UseChannelInEmailNotifications": false,
|
||||||
|
"RequireEmailVerification": false,
|
||||||
|
"FeedbackName": "",
|
||||||
|
"FeedbackEmail": "",
|
||||||
|
"ReplyToAddress": "",
|
||||||
|
"FeedbackOrganization": "",
|
||||||
|
"EnableSMTPAuth": false,
|
||||||
|
"SMTPUsername": "",
|
||||||
|
"SMTPPassword": "",
|
||||||
|
"SMTPServer": "localhost",
|
||||||
|
"SMTPPort": "10025",
|
||||||
|
"SMTPServerTimeout": 10,
|
||||||
|
"ConnectionSecurity": "",
|
||||||
|
"SendPushNotifications": true,
|
||||||
|
"PushNotificationServer": "https://push-test.mattermost.com",
|
||||||
|
"PushNotificationContents": "full",
|
||||||
|
"PushNotificationBuffer": 1000,
|
||||||
|
"EnableEmailBatching": false,
|
||||||
|
"EmailBatchingBufferSize": 256,
|
||||||
|
"EmailBatchingInterval": 30,
|
||||||
|
"EnablePreviewModeBanner": true,
|
||||||
|
"SkipServerCertificateVerification": false,
|
||||||
|
"EmailNotificationContentsType": "full",
|
||||||
|
"LoginButtonColor": "#0000",
|
||||||
|
"LoginButtonBorderColor": "#2389D7",
|
||||||
|
"LoginButtonTextColor": "#2389D7",
|
||||||
|
"EnableInactivityEmail": true
|
||||||
|
},
|
||||||
|
"RateLimitSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"PerSec": 10,
|
||||||
|
"MaxBurst": 100,
|
||||||
|
"MemoryStoreSize": 10000,
|
||||||
|
"VaryByRemoteAddr": true,
|
||||||
|
"VaryByUser": false,
|
||||||
|
"VaryByHeader": ""
|
||||||
|
},
|
||||||
|
"PrivacySettings": {
|
||||||
|
"ShowEmailAddress": true,
|
||||||
|
"ShowFullName": true
|
||||||
|
},
|
||||||
|
"SupportSettings": {
|
||||||
|
"TermsOfServiceLink": "https://mattermost.com/terms-of-use/",
|
||||||
|
"PrivacyPolicyLink": "https://mattermost.com/privacy-policy/",
|
||||||
|
"AboutLink": "https://docs.mattermost.com/about/product.html/",
|
||||||
|
"HelpLink": "https://mattermost.com/default-help/",
|
||||||
|
"ReportAProblemLink": "https://mattermost.com/default-report-a-problem/",
|
||||||
|
"SupportEmail": "",
|
||||||
|
"CustomTermsOfServiceEnabled": false,
|
||||||
|
"CustomTermsOfServiceReAcceptancePeriod": 365,
|
||||||
|
"EnableAskCommunityLink": true
|
||||||
|
},
|
||||||
|
"AnnouncementSettings": {
|
||||||
|
"EnableBanner": false,
|
||||||
|
"BannerText": "",
|
||||||
|
"BannerColor": "#f2a93b",
|
||||||
|
"BannerTextColor": "#333333",
|
||||||
|
"AllowBannerDismissal": true,
|
||||||
|
"AdminNoticesEnabled": true,
|
||||||
|
"UserNoticesEnabled": true,
|
||||||
|
"NoticesURL": "https://notices.mattermost.com/",
|
||||||
|
"NoticesFetchFrequency": 3600,
|
||||||
|
"NoticesSkipCache": false
|
||||||
|
},
|
||||||
|
"ThemeSettings": {
|
||||||
|
"EnableThemeSelection": true,
|
||||||
|
"DefaultTheme": "default",
|
||||||
|
"AllowCustomThemes": true,
|
||||||
|
"AllowedThemes": []
|
||||||
|
},
|
||||||
|
"GitLabSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"Secret": "",
|
||||||
|
"Id": "",
|
||||||
|
"Scope": "",
|
||||||
|
"AuthEndpoint": "",
|
||||||
|
"TokenEndpoint": "",
|
||||||
|
"UserAPIEndpoint": "",
|
||||||
|
"DiscoveryEndpoint": "",
|
||||||
|
"ButtonText": "",
|
||||||
|
"ButtonColor": ""
|
||||||
|
},
|
||||||
|
"GoogleSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"Secret": "",
|
||||||
|
"Id": "",
|
||||||
|
"Scope": "profile email",
|
||||||
|
"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
|
||||||
|
"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token",
|
||||||
|
"UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata",
|
||||||
|
"DiscoveryEndpoint": "",
|
||||||
|
"ButtonText": "",
|
||||||
|
"ButtonColor": ""
|
||||||
|
},
|
||||||
|
"Office365Settings": {
|
||||||
|
"Enable": false,
|
||||||
|
"Secret": "",
|
||||||
|
"Id": "",
|
||||||
|
"Scope": "User.Read",
|
||||||
|
"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
|
||||||
|
"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
|
||||||
|
"UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me",
|
||||||
|
"DiscoveryEndpoint": "",
|
||||||
|
"DirectoryId": ""
|
||||||
|
},
|
||||||
|
"OpenIdSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"Secret": "",
|
||||||
|
"Id": "",
|
||||||
|
"Scope": "profile openid email",
|
||||||
|
"AuthEndpoint": "",
|
||||||
|
"TokenEndpoint": "",
|
||||||
|
"UserAPIEndpoint": "",
|
||||||
|
"DiscoveryEndpoint": "",
|
||||||
|
"ButtonText": "",
|
||||||
|
"ButtonColor": "#145DBF"
|
||||||
|
},
|
||||||
|
"LdapSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"EnableSync": false,
|
||||||
|
"LdapServer": "",
|
||||||
|
"LdapPort": 389,
|
||||||
|
"ConnectionSecurity": "",
|
||||||
|
"BaseDN": "",
|
||||||
|
"BindUsername": "",
|
||||||
|
"BindPassword": "",
|
||||||
|
"UserFilter": "",
|
||||||
|
"GroupFilter": "",
|
||||||
|
"GuestFilter": "",
|
||||||
|
"EnableAdminFilter": false,
|
||||||
|
"AdminFilter": "",
|
||||||
|
"GroupDisplayNameAttribute": "",
|
||||||
|
"GroupIdAttribute": "",
|
||||||
|
"FirstNameAttribute": "",
|
||||||
|
"LastNameAttribute": "",
|
||||||
|
"EmailAttribute": "",
|
||||||
|
"UsernameAttribute": "",
|
||||||
|
"NicknameAttribute": "",
|
||||||
|
"IdAttribute": "",
|
||||||
|
"PositionAttribute": "",
|
||||||
|
"LoginIdAttribute": "",
|
||||||
|
"PictureAttribute": "",
|
||||||
|
"SyncIntervalMinutes": 60,
|
||||||
|
"SkipCertificateVerification": false,
|
||||||
|
"PublicCertificateFile": "",
|
||||||
|
"PrivateKeyFile": "",
|
||||||
|
"QueryTimeout": 60,
|
||||||
|
"MaxPageSize": 0,
|
||||||
|
"LoginFieldName": "",
|
||||||
|
"LoginButtonColor": "#0000",
|
||||||
|
"LoginButtonBorderColor": "#2389D7",
|
||||||
|
"LoginButtonTextColor": "#2389D7",
|
||||||
|
"Trace": false
|
||||||
|
},
|
||||||
|
"ComplianceSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"Directory": "./data/",
|
||||||
|
"EnableDaily": false,
|
||||||
|
"BatchSize": 30000
|
||||||
|
},
|
||||||
|
"LocalizationSettings": {
|
||||||
|
"DefaultServerLocale": "en",
|
||||||
|
"DefaultClientLocale": "en",
|
||||||
|
"AvailableLocales": ""
|
||||||
|
},
|
||||||
|
"SamlSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"EnableSyncWithLdap": false,
|
||||||
|
"EnableSyncWithLdapIncludeAuth": false,
|
||||||
|
"IgnoreGuestsLdapSync": false,
|
||||||
|
"Verify": true,
|
||||||
|
"Encrypt": true,
|
||||||
|
"SignRequest": false,
|
||||||
|
"IdpURL": "",
|
||||||
|
"IdpDescriptorURL": "",
|
||||||
|
"IdpMetadataURL": "",
|
||||||
|
"ServiceProviderIdentifier": "",
|
||||||
|
"AssertionConsumerServiceURL": "",
|
||||||
|
"SignatureAlgorithm": "RSAwithSHA1",
|
||||||
|
"CanonicalAlgorithm": "Canonical1.0",
|
||||||
|
"ScopingIDPProviderId": "",
|
||||||
|
"ScopingIDPName": "",
|
||||||
|
"IdpCertificateFile": "",
|
||||||
|
"PublicCertificateFile": "",
|
||||||
|
"PrivateKeyFile": "",
|
||||||
|
"IdAttribute": "",
|
||||||
|
"GuestAttribute": "",
|
||||||
|
"EnableAdminAttribute": false,
|
||||||
|
"AdminAttribute": "",
|
||||||
|
"FirstNameAttribute": "",
|
||||||
|
"LastNameAttribute": "",
|
||||||
|
"EmailAttribute": "",
|
||||||
|
"UsernameAttribute": "",
|
||||||
|
"NicknameAttribute": "",
|
||||||
|
"LocaleAttribute": "",
|
||||||
|
"PositionAttribute": "",
|
||||||
|
"LoginButtonText": "SAML",
|
||||||
|
"LoginButtonColor": "#34a28b",
|
||||||
|
"LoginButtonBorderColor": "#2389D7",
|
||||||
|
"LoginButtonTextColor": "#ffffff"
|
||||||
|
},
|
||||||
|
"NativeAppSettings": {
|
||||||
|
"AppCustomURLSchemes": [
|
||||||
|
"mmauth://",
|
||||||
|
"mmauthbeta://"
|
||||||
|
],
|
||||||
|
"AppDownloadLink": "https://mattermost.com/download/#mattermostApps",
|
||||||
|
"AndroidAppDownloadLink": "https://mattermost.com/mattermost-android-app/",
|
||||||
|
"IosAppDownloadLink": "https://mattermost.com/mattermost-ios-app/"
|
||||||
|
},
|
||||||
|
"ClusterSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"ClusterName": "",
|
||||||
|
"OverrideHostname": "",
|
||||||
|
"NetworkInterface": "",
|
||||||
|
"BindAddress": "",
|
||||||
|
"AdvertiseAddress": "",
|
||||||
|
"UseIPAddress": true,
|
||||||
|
"EnableGossipCompression": true,
|
||||||
|
"EnableExperimentalGossipEncryption": false,
|
||||||
|
"ReadOnlyConfig": true,
|
||||||
|
"GossipPort": 8074,
|
||||||
|
"StreamingPort": 8075,
|
||||||
|
"MaxIdleConns": 100,
|
||||||
|
"MaxIdleConnsPerHost": 128,
|
||||||
|
"IdleConnTimeoutMilliseconds": 90000
|
||||||
|
},
|
||||||
|
"MetricsSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"BlockProfileRate": 0,
|
||||||
|
"ListenAddress": ":8067"
|
||||||
|
},
|
||||||
|
"ExperimentalSettings": {
|
||||||
|
"ClientSideCertEnable": false,
|
||||||
|
"ClientSideCertCheck": "secondary",
|
||||||
|
"LinkMetadataTimeoutMilliseconds": 5000,
|
||||||
|
"RestrictSystemAdmin": false,
|
||||||
|
"UseNewSAMLLibrary": false,
|
||||||
|
"EnableSharedChannels": false,
|
||||||
|
"EnableRemoteClusterService": false,
|
||||||
|
"EnableAppBar": false,
|
||||||
|
"PatchPluginsReactDOM": false
|
||||||
|
},
|
||||||
|
"AnalyticsSettings": {
|
||||||
|
"MaxUsersForStatistics": 2500
|
||||||
|
},
|
||||||
|
"ElasticsearchSettings": {
|
||||||
|
"ConnectionURL": "http://localhost:9200",
|
||||||
|
"Username": "elastic",
|
||||||
|
"Password": "changeme",
|
||||||
|
"EnableIndexing": false,
|
||||||
|
"EnableSearching": false,
|
||||||
|
"EnableAutocomplete": false,
|
||||||
|
"Sniff": true,
|
||||||
|
"PostIndexReplicas": 1,
|
||||||
|
"PostIndexShards": 1,
|
||||||
|
"ChannelIndexReplicas": 1,
|
||||||
|
"ChannelIndexShards": 1,
|
||||||
|
"UserIndexReplicas": 1,
|
||||||
|
"UserIndexShards": 1,
|
||||||
|
"AggregatePostsAfterDays": 365,
|
||||||
|
"PostsAggregatorJobStartTime": "03:00",
|
||||||
|
"IndexPrefix": "",
|
||||||
|
"LiveIndexingBatchSize": 1,
|
||||||
|
"BatchSize": 10000,
|
||||||
|
"RequestTimeoutSeconds": 30,
|
||||||
|
"SkipTLSVerification": false,
|
||||||
|
"CA": "",
|
||||||
|
"ClientCert": "",
|
||||||
|
"ClientKey": "",
|
||||||
|
"Trace": ""
|
||||||
|
},
|
||||||
|
"BleveSettings": {
|
||||||
|
"IndexDir": "",
|
||||||
|
"EnableIndexing": false,
|
||||||
|
"EnableSearching": false,
|
||||||
|
"EnableAutocomplete": false,
|
||||||
|
"BatchSize": 10000
|
||||||
|
},
|
||||||
|
"DataRetentionSettings": {
|
||||||
|
"EnableMessageDeletion": false,
|
||||||
|
"EnableFileDeletion": false,
|
||||||
|
"EnableBoardsDeletion": false,
|
||||||
|
"MessageRetentionDays": 365,
|
||||||
|
"FileRetentionDays": 365,
|
||||||
|
"BoardsRetentionDays": 365,
|
||||||
|
"DeletionJobStartTime": "02:00",
|
||||||
|
"BatchSize": 3000
|
||||||
|
},
|
||||||
|
"MessageExportSettings": {
|
||||||
|
"EnableExport": false,
|
||||||
|
"ExportFormat": "actiance",
|
||||||
|
"DailyRunTime": "01:00",
|
||||||
|
"ExportFromTimestamp": 0,
|
||||||
|
"BatchSize": 10000,
|
||||||
|
"DownloadExportResults": false,
|
||||||
|
"GlobalRelaySettings": {
|
||||||
|
"CustomerType": "A9",
|
||||||
|
"SMTPUsername": "",
|
||||||
|
"SMTPPassword": "",
|
||||||
|
"EmailAddress": "",
|
||||||
|
"SMTPServerTimeout": 1800
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"JobSettings": {
|
||||||
|
"RunJobs": true,
|
||||||
|
"RunScheduler": true,
|
||||||
|
"CleanupJobsThresholdDays": -1,
|
||||||
|
"CleanupConfigThresholdDays": -1
|
||||||
|
},
|
||||||
|
"ProductSettings": {
|
||||||
|
"EnablePublicSharedBoards": false
|
||||||
|
},
|
||||||
|
"PluginSettings": {
|
||||||
|
"Enable": true,
|
||||||
|
"EnableUploads": false,
|
||||||
|
"AllowInsecureDownloadURL": false,
|
||||||
|
"EnableHealthCheck": true,
|
||||||
|
"Directory": "./plugins",
|
||||||
|
"ClientDirectory": "./client/plugins",
|
||||||
|
"Plugins": {
|
||||||
|
"playbooks": {
|
||||||
|
"BotUserID": "fno5xebm33bhpbb7phdxmr91xe"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"PluginStates": {
|
||||||
|
"com.mattermost.apps": {
|
||||||
|
"Enable": true
|
||||||
|
},
|
||||||
|
"com.mattermost.calls": {
|
||||||
|
"Enable": true
|
||||||
|
},
|
||||||
|
"com.mattermost.nps": {
|
||||||
|
"Enable": true
|
||||||
|
},
|
||||||
|
"focalboard": {
|
||||||
|
"Enable": true
|
||||||
|
},
|
||||||
|
"playbooks": {
|
||||||
|
"Enable": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"EnableMarketplace": true,
|
||||||
|
"EnableRemoteMarketplace": true,
|
||||||
|
"AutomaticPrepackagedPlugins": true,
|
||||||
|
"RequirePluginSignature": false,
|
||||||
|
"MarketplaceURL": "https://api.integrations.mattermost.com",
|
||||||
|
"SignaturePublicKeyFiles": [],
|
||||||
|
"ChimeraOAuthProxyURL": ""
|
||||||
|
},
|
||||||
|
"DisplaySettings": {
|
||||||
|
"CustomURLSchemes": [],
|
||||||
|
"ExperimentalTimezone": true
|
||||||
|
},
|
||||||
|
"GuestAccountsSettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"AllowEmailAccounts": true,
|
||||||
|
"EnforceMultifactorAuthentication": false,
|
||||||
|
"RestrictCreationToDomains": ""
|
||||||
|
},
|
||||||
|
"ImageProxySettings": {
|
||||||
|
"Enable": false,
|
||||||
|
"ImageProxyType": "local",
|
||||||
|
"RemoteImageProxyURL": "",
|
||||||
|
"RemoteImageProxyOptions": ""
|
||||||
|
},
|
||||||
|
"CloudSettings": {
|
||||||
|
"CWSURL": "https://customers.mattermost.com",
|
||||||
|
"CWSAPIURL": "https://portal.internal.prod.cloud.mattermost.com"
|
||||||
|
},
|
||||||
|
"ImportSettings": {
|
||||||
|
"Directory": "./import",
|
||||||
|
"RetentionDays": 30
|
||||||
|
},
|
||||||
|
"ExportSettings": {
|
||||||
|
"Directory": "./export",
|
||||||
|
"RetentionDays": 30
|
||||||
|
}
|
||||||
|
}
|
5
webapps/mattermost/templates/letsencrypt.conf.j2
Normal file
5
webapps/mattermost/templates/letsencrypt.conf.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
location ~ /.well-known/acme-challenge {
|
||||||
|
alias /var/lib/letsencrypt/;
|
||||||
|
try_files $uri =404;
|
||||||
|
allow all;
|
||||||
|
}
|
20
webapps/mattermost/templates/mattermost.service.j2
Normal file
20
webapps/mattermost/templates/mattermost.service.j2
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Mattermost
|
||||||
|
After=network.target
|
||||||
|
After=postgresql.service
|
||||||
|
Requires=postgresql.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
Restart=always
|
||||||
|
WorkingDirectory={{ mattermost_home_base }}/%i/mattermost
|
||||||
|
ExecStart=/{{ mattermost_home_base }}/%i/mattermost/bin/mattermost
|
||||||
|
TimeoutStartSec=3600
|
||||||
|
LimitNOFILE=49152
|
||||||
|
RestartSec=10
|
||||||
|
User=%i
|
||||||
|
Group=%i
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
22
webapps/mattermost/templates/ssl.conf.j2
Normal file
22
webapps/mattermost/templates/ssl.conf.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
##
|
||||||
|
# Certificates
|
||||||
|
# you need a certificate to run in production. see https://letsencrypt.org/
|
||||||
|
##
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ mattermost_domains | first }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ mattermost_domains | first }}/privkey.pem;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Security hardening (as of Nov 15, 2020)
|
||||||
|
# based on Mozilla Guideline v5.6
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
|
||||||
|
ssl_session_timeout 1d; # defaults to 5m
|
||||||
|
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||||
|
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
73
webapps/mattermost/templates/vhost.conf.j2
Normal file
73
webapps/mattermost/templates/vhost.conf.j2
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
upstream backend_{{ mattermost_service }} {
|
||||||
|
server 127.0.0.1:{{ mattermost_app_port }};
|
||||||
|
keepalive 32;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name {{ mattermost_domains | first }};
|
||||||
|
|
||||||
|
# For certbot
|
||||||
|
include /etc/nginx/snippets/letsencrypt.conf;
|
||||||
|
|
||||||
|
{% if ssl.stat.exists %}
|
||||||
|
location / { return 301 https://$host$request_uri; }
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if ssl.stat.exists %}
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
|
server_name {{ mattermost_domains | first }};
|
||||||
|
|
||||||
|
access_log /var/log/nginx/{{ mattermost_service }}.access.log;
|
||||||
|
error_log /var/log/nginx/{{ mattermost_service }}.error.log;
|
||||||
|
|
||||||
|
include /etc/nginx/snippets/letsencrypt.conf;
|
||||||
|
include /etc/nginx/ssl/{{ mattermost_domains | first }}.conf;
|
||||||
|
|
||||||
|
location ~ /api/v[0-9]+/(users/)?websocket$ {
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
proxy_buffers 256 16k;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
client_body_timeout 60;
|
||||||
|
send_timeout 300;
|
||||||
|
lingering_timeout 5;
|
||||||
|
proxy_connect_timeout 90;
|
||||||
|
proxy_send_timeout 300;
|
||||||
|
proxy_read_timeout 90s;
|
||||||
|
proxy_pass http://backend_{{ mattermost_service }};
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
client_max_body_size 50M;
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||||
|
proxy_buffers 256 16k;
|
||||||
|
proxy_buffer_size 16k;
|
||||||
|
proxy_read_timeout 600s;
|
||||||
|
#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
|
||||||
|
#proxy_cache mattermost_cache;
|
||||||
|
#proxy_cache_revalidate on;
|
||||||
|
#proxy_cache_min_uses 2;
|
||||||
|
#proxy_cache_use_stale timeout;
|
||||||
|
#proxy_cache_lock on;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass http://backend_{{ mattermost_service }};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{% endif %}
|
2
webapps/mattermost/tests/inventory
Normal file
2
webapps/mattermost/tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
localhost
|
||||||
|
|
5
webapps/mattermost/tests/test.yml
Normal file
5
webapps/mattermost/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- mattermost
|
2
webapps/mattermost/vars/main.yml
Normal file
2
webapps/mattermost/vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# vars file
|
Loading…
Reference in a new issue