Cleanup #107
|
@ -22,6 +22,10 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
### Other
|
||||||
|
|
||||||
|
* Generic cleanup of roles
|
||||||
|
|
||||||
## [10.3.0] 2020-12-21
|
## [10.3.0] 2020-12-21
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -3,34 +3,34 @@
|
||||||
- name: Launch new instance(s)
|
- name: Launch new instance(s)
|
||||||
ec2:
|
ec2:
|
||||||
state: present
|
state: present
|
||||||
aws_access_key: "{{aws_access_key}}"
|
aws_access_key: "{{ aws_access_key }}"
|
||||||
aws_secret_key: "{{aws_secret_key}}"
|
aws_secret_key: "{{ aws_secret_key }}"
|
||||||
region: "{{aws_region}}"
|
region: "{{ aws_region }}"
|
||||||
image: "{{ec2_base_ami}}"
|
image: "{{ ec2_base_ami }}"
|
||||||
instance_type: "{{ec2_instance_type}}"
|
instance_type: "{{ ec2_instance_type }}"
|
||||||
count: "{{ec2_instance_count}}"
|
count: "{{ ec2_instance_count }}"
|
||||||
assign_public_ip: "{{ec2_public_ip}}"
|
assign_public_ip: "{{ ec2_public_ip }}"
|
||||||
group: "{{ec2_security_group.name}}"
|
group: "{{ ec2_security_group.name }}"
|
||||||
key_name: "{{ec2_keyname}}"
|
key_name: "{{ ec2_keyname }}"
|
||||||
wait: yes
|
wait: yes
|
||||||
register: ec2
|
register: ec2
|
||||||
|
|
||||||
- name: Add newly created instance(s) to inventory
|
- name: Add newly created instance(s) to inventory
|
||||||
add_host:
|
add_host:
|
||||||
hostname: "{{item.public_dns_name}}"
|
hostname: "{{ item.public_dns_name }}"
|
||||||
groupname: launched-instances
|
groupname: launched-instances
|
||||||
ansible_user: admin
|
ansible_user: admin
|
||||||
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
|
||||||
with_items: "{{ec2.instances}}"
|
with_items: "{{ ec2.instances }}"
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
|
msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
|
||||||
with_items: "{{ec2.instances}}"
|
with_items: "{{ ec2.instances }}"
|
||||||
|
|
||||||
- name: Wait for SSH to come up on all instances (give up after 2m)
|
- name: Wait for SSH to come up on all instances (give up after 2m)
|
||||||
wait_for:
|
wait_for:
|
||||||
state: started
|
state: started
|
||||||
host: "{{item.public_dns_name}}"
|
host: "{{ item.public_dns_name }}"
|
||||||
port: 22
|
port: 22
|
||||||
timeout: 120
|
timeout: 120
|
||||||
with_items: "{{ec2.instances}}"
|
with_items: "{{ ec2.instances }}"
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
force: no
|
force: no
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: Load IP whitelist task
|
- name: Load IP whitelist task
|
||||||
include: ip_whitelist.yml
|
include: ip_whitelist.yml
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ apache_serverstatus_suffix }}\u000A"
|
content: "{{ apache_serverstatus_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: apache_serverstatus_suffix != ""
|
when: apache_serverstatus_suffix
|
||||||
|
|
||||||
- name: generate random string for server-status suffix
|
- name: generate random string for server-status suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||||
register: apt_mark
|
register: apt_mark
|
||||||
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
||||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
|
failed_when: apt_mark.rc != 0 and apt_mark.stdout
|
||||||
loop: "{{ apt_hold_packages }}"
|
loop: "{{ apt_hold_packages }}"
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -94,7 +94,7 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: chrootbind_run.stdout_lines
|
var: chrootbind_run.stdout_lines
|
||||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
when: bind_chroot_set and chrootbind_run.stdout
|
||||||
|
|
||||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||||
replace:
|
replace:
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir != None
|
||||||
|
|
||||||
- name: Datadir is moved to custom path
|
- name: Datadir is moved to custom path
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir != None
|
||||||
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
||||||
- not elasticsearch_custom_datadir_test.stat.exists
|
- not elasticsearch_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
repo: "https://github.com/mobz/elasticsearch-head.git"
|
repo: "https://github.com/mobz/elasticsearch-head.git"
|
||||||
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
|
dest: "{{ elasticsearch_plugin_head_clone_dir }}"
|
||||||
clone: yes
|
clone: yes
|
||||||
|
version: master
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
|
|
|
@ -54,4 +54,4 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when: elastic_stack_version is version('6', '>=')
|
when: elastic_stack_version is version('6', '>=')
|
||||||
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
when: (elasticsearch_custom_tmpdir and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- ini_file:
|
- name: "Configure openssl key generation"
|
||||||
|
ini_file:
|
||||||
dest: "{{ evoacme_crt_dir }}/openssl.cnf"
|
dest: "{{ evoacme_crt_dir }}/openssl.cnf"
|
||||||
section: 'req'
|
section: 'req'
|
||||||
option: "{{ item.name }}"
|
option: "{{ item.name }}"
|
||||||
|
|
|
@ -16,4 +16,4 @@
|
||||||
src: "hooks/{{ hook_name }}"
|
src: "hooks/{{ hook_name }}"
|
||||||
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
when: _find_hook.stdout == ""
|
when: not _find_hook.stdout
|
||||||
|
|
|
@ -10,6 +10,6 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout != ""
|
when: evocheck_run.stdout
|
||||||
tags:
|
tags:
|
||||||
- evocheck-exec
|
- evocheck-exec
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
# HP gen <10: Hewlett-Packard Company Smart Array
|
# HP gen <10: Hewlett-Packard Company Smart Array
|
||||||
# HP gen >=10: Adaptec Smart Storage PQI
|
# HP gen >=10: Adaptec Smart Storage PQI
|
||||||
- name: Detect if RAID is installed
|
- name: Detect if RAID is installed
|
||||||
shell: lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"
|
shell: 'lspci -q | grep -e "RAID bus controller" -e "Serial Attached SCSI controller"'
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: raidmodel
|
register: raidmodel
|
||||||
changed_when: "'FAILED' in raidmodel.stdout"
|
changed_when: "'FAILED' in raidmodel.stdout"
|
||||||
|
|
|
@ -32,9 +32,8 @@
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
- name: fetch users list
|
- name: fetch users list
|
||||||
shell: getent passwd | cut -d":" -f 1 | grep -v root
|
shell: 'getent passwd | cut -d":" -f 1 | grep -v root'
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
register: non_root_users_list
|
register: non_root_users_list
|
||||||
changed_when: False
|
changed_when: False
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -10,4 +10,4 @@
|
||||||
- name: "Content of /etc/evolinux/todo.txt"
|
- name: "Content of /etc/evolinux/todo.txt"
|
||||||
debug:
|
debug:
|
||||||
var: evolinux_todo.stdout_lines
|
var: evolinux_todo.stdout_lines
|
||||||
when: evolinux_todo.stdout != ""
|
when: evolinux_todo.stdout
|
||||||
|
|
|
@ -22,11 +22,13 @@
|
||||||
var: grep_allowusers_ssh
|
var: grep_allowusers_ssh
|
||||||
verbosity: 1
|
verbosity: 1
|
||||||
|
|
||||||
- assert:
|
- name: "Check that only AllowUsers or AllowGroups is present"
|
||||||
|
assert:
|
||||||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define which protection method to use"
|
||||||
|
set_fact:
|
||||||
# If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
|
# If "AllowGroups is present" or "AllowUsers is absent and Debian 10+",
|
||||||
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
|
ssh_allowgroups: "{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0 and (ansible_distribution_major_version is version('10', '>='))) }}"
|
||||||
# If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
|
# If "AllowGroups is absent" and "AllowUsers is absent or Debian <10"
|
||||||
|
|
|
@ -102,7 +102,7 @@
|
||||||
state: present
|
state: present
|
||||||
when:
|
when:
|
||||||
- evolinux_internal_group is defined
|
- evolinux_internal_group is defined
|
||||||
- evolinux_internal_group != ""
|
- evolinux_internal_group
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
||||||
|
@ -112,7 +112,7 @@
|
||||||
append: yes
|
append: yes
|
||||||
when:
|
when:
|
||||||
- evolinux_internal_group is defined
|
- evolinux_internal_group is defined
|
||||||
- evolinux_internal_group != ""
|
- evolinux_internal_group
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
## Optional secondary groups, defined per user
|
## Optional secondary groups, defined per user
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Choose if minifirewall will need to be restarted"
|
||||||
|
set_fact:
|
||||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
|
|
||||||
- assert:
|
- name: "Check that API variables are set"
|
||||||
|
assert:
|
||||||
that:
|
that:
|
||||||
- evomaintenance_api_endpoint is not none
|
- evomaintenance_api_endpoint is not none
|
||||||
- evomaintenance_api_key is not none
|
- evomaintenance_api_key is not none
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define the whitelist from variables"
|
||||||
|
set_fact:
|
||||||
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
|
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||||
|
|
||||||
- name: Update ignoreips lists
|
- name: Update ignoreips lists
|
||||||
|
@ -12,4 +13,4 @@
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
- ips
|
- ips
|
||||||
|
|
|
@ -15,7 +15,8 @@
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define ip whitelist from variables"
|
||||||
|
set_fact:
|
||||||
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
|
fail2ban_ignore_ips: "{{ ['127.0.0.1/8'] | union(fail2ban_default_ignore_ips) | union(fail2ban_additional_ignore_ips) | unique }}"
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
- name: Install openjdk package
|
- name: Install openjdk package
|
||||||
apt:
|
apt:
|
||||||
name: "openjdk-{{ java_version}}-jre-headless"
|
name: "openjdk-{{ java_version }}-jre-headless"
|
||||||
default_release: "{{ java_apt_release }}"
|
default_release: "{{ java_apt_release }}"
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: kvm_libvirt_images_current_real_path_test
|
register: kvm_libvirt_images_current_real_path_test
|
||||||
when: kvm_custom_libvirt_images_path != ''
|
when: kvm_custom_libvirt_images_path
|
||||||
|
|
||||||
- name: Images directory is moved to custom path
|
- name: Images directory is moved to custom path
|
||||||
block:
|
block:
|
||||||
|
@ -35,6 +35,6 @@
|
||||||
dest: '/var/lib/libvirt/images'
|
dest: '/var/lib/libvirt/images'
|
||||||
state: link
|
state: link
|
||||||
when:
|
when:
|
||||||
- kvm_custom_libvirt_images_path != ''
|
- kvm_custom_libvirt_images_path
|
||||||
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
|
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
|
||||||
- not kvm_custom_libvirt_images_path_test.stat.exists
|
- not kvm_custom_libvirt_images_path_test.stat.exists
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
register: is_cron_installed
|
register: is_cron_installed
|
||||||
|
|
||||||
- name: "log rotation script"
|
- name: "log rotation script"
|
||||||
template:
|
template:
|
||||||
src: rotate_logstash_logs.j2
|
src: rotate_logstash_logs.j2
|
||||||
|
|
|
@ -28,4 +28,4 @@
|
||||||
- restart logstash
|
- restart logstash
|
||||||
tags:
|
tags:
|
||||||
- logstash
|
- logstash
|
||||||
when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
when: (logstash_custom_tmpdir and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
msg: Please configure var lxc_php_version
|
msg: Please configure var lxc_php_version
|
||||||
when: lxc_php_version is none
|
when: lxc_php_version is none
|
||||||
|
|
||||||
- name: "Update APT cache in container {{lxc_php_version}}"
|
- name: "Update APT cache in container {{ lxc_php_version }}"
|
||||||
lxc_container:
|
lxc_container:
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_command: "apt-get update"
|
container_command: "apt-get update"
|
||||||
|
|
|
@ -11,6 +11,6 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ lxc_containers }}"
|
- "{{ lxc_containers }}"
|
||||||
|
|
||||||
- include: "solr.yml name={{item.name}} solr_version={{item.solr_version}} solr_port={{item.solr_port}}"
|
- include: "solr.yml name={{ item.name }} solr_version={{ item.solr_version }} solr_port={{ item.solr_port }}"
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ lxc_containers }}"
|
- "{{ lxc_containers }}"
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
---
|
---
|
||||||
- name: Install openjdk-8-jre-headless and lsof packages
|
- name: Install openjdk-8-jre-headless and lsof packages
|
||||||
command: "lxc-attach -n {{name}} -- apt-get install -y openjdk-8-jre-headless lsof"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "apt-get install -y openjdk-8-jre-headless lsof"
|
||||||
|
state: started
|
||||||
|
|
||||||
- name: "Download Solr {{ solr_version }}"
|
- name: "Download Solr {{ solr_version }}"
|
||||||
get_url:
|
get_url:
|
||||||
|
@ -15,10 +18,16 @@
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
|
|
||||||
- name: "Install Solr {{ solr_version }}"
|
- name: "Install Solr {{ solr_version }}"
|
||||||
command: "lxc-attach -n {{name}} -- /root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "/root/solr-{{ solr_version }}/bin/install_solr_service.sh /root/solr-{{ solr_version }}.tgz"
|
||||||
|
state: started
|
||||||
|
|
||||||
- name: "Stop Solr"
|
- name: "Stop Solr"
|
||||||
command: "lxc-attach -n {{name}} -- /etc/init.d/solr stop"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "/etc/init.d/solr stop"
|
||||||
|
state: started
|
||||||
ignore_errors: True
|
ignore_errors: True
|
||||||
|
|
||||||
- name: "Make sure /home/solr exists"
|
- name: "Make sure /home/solr exists"
|
||||||
|
@ -27,11 +36,17 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
- name: "Move Solr data directory to /home/solr/{{name}}"
|
- name: "Move Solr data directory to /home/solr/{{ name }}"
|
||||||
command: "lxc-attach -n {{name}} -- mv /var/solr /home/solr/{{name}}"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "mv /var/solr /home/solr/{{ name }}"
|
||||||
|
state: started
|
||||||
|
|
||||||
- name: "Create a symbolic link to /home/solr/{{name}}"
|
- name: "Create a symbolic link to /home/solr/{{ name }}"
|
||||||
command: "lxc-attach -n {{name}} -- ln -s /home/solr/{{name}} /var/solr"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "ln -s /home/solr/{{ name }} /var/solr"
|
||||||
|
state: started
|
||||||
|
|
||||||
- name: "Set Solr port to {{ solr_port }}"
|
- name: "Set Solr port to {{ solr_port }}"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -39,4 +54,7 @@
|
||||||
line: "SOLR_PORT={{ solr_port }}"
|
line: "SOLR_PORT={{ solr_port }}"
|
||||||
|
|
||||||
- name: "Start Solr"
|
- name: "Start Solr"
|
||||||
command: "lxc-attach -n {{name}} -- /etc/init.d/solr start"
|
lxc_container:
|
||||||
|
name: "{{ name }}"
|
||||||
|
container_command: "/etc/init.d/solr start"
|
||||||
|
state: started
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
author: Evolix
|
||||||
description: Creation of LXC Containers
|
description: Creation of LXC Containers
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
notify: restart memcached
|
notify: restart memcached
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name == ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Memcached is running and enabled on boot.
|
- name: Memcached is running and enabled on boot.
|
||||||
service:
|
service:
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
state: started
|
state: started
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name == ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Add systemd template
|
- name: Add systemd template
|
||||||
copy:
|
copy:
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
dest: /etc/systemd/system/memcached@.service
|
dest: /etc/systemd/system/memcached@.service
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Delete default memcached systemd configuration file
|
- name: Delete default memcached systemd configuration file
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Make sure memcached.conf is absent
|
- name: Make sure memcached.conf is absent
|
||||||
file:
|
file:
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Create a configuration file
|
- name: Create a configuration file
|
||||||
template:
|
template:
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: Enable and start the memcached instance
|
- name: Enable and start the memcached instance
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -67,7 +67,7 @@
|
||||||
masked: no
|
masked: no
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- include: munin.yml
|
- include: munin.yml
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Choose packages (Oracle)
|
- name: Choose packages (Oracle)
|
||||||
set_fact:
|
set_fact:
|
||||||
multi: "multi_"
|
multi: "multi_"
|
||||||
when: memcached_instance_name !=""
|
when: memcached_instance_name
|
||||||
|
|
||||||
- name: is Munin present ?
|
- name: is Munin present ?
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define the mysql config directory"
|
||||||
|
set_fact:
|
||||||
mysql_config_directory: "/etc/mysql/mysql.conf.d"
|
mysql_config_directory: "/etc/mysql/mysql.conf.d"
|
||||||
|
|
||||||
- name: "Copy MySQL defaults config file"
|
- name: "Copy MySQL defaults config file"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_datadir_test
|
register: mysql_current_real_datadir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_datadir != ''
|
when: mysql_custom_datadir
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_datadir != ''
|
- mysql_custom_datadir
|
||||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
- not mysql_custom_datadir_test.stat.exists
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: 'Define which handler will be called to "restart" mysql'
|
||||||
|
set_fact:
|
||||||
mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
|
mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
|
||||||
|
|
||||||
- include: packages.yml
|
- include: packages.yml
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define which configuration package will be installed"
|
||||||
|
set_fact:
|
||||||
mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
|
mysql_apt_config_package: mysql-apt-config_0.8.9-1_all.deb
|
||||||
|
|
||||||
- name: Set default MySQL version to 5.7
|
- name: Set default MySQL version to 5.7
|
||||||
|
|
|
@ -20,4 +20,4 @@
|
||||||
notify: "{{ mysql_restart_handler_name }}"
|
notify: "{{ mysql_restart_handler_name }}"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_tmpdir != ''
|
when: mysql_custom_tmpdir
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Evolix
|
author: Evolix
|
||||||
description: your description
|
description: Install and configure mysql
|
||||||
|
|
||||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define the config directory of mysql"
|
||||||
|
set_fact:
|
||||||
mysql_config_directory: /etc/mysql/conf.d
|
mysql_config_directory: /etc/mysql/conf.d
|
||||||
|
|
||||||
- name: "Copy MySQL defaults config file (jessie)"
|
- name: "Copy MySQL defaults config file (jessie)"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define the config directory of mysql"
|
||||||
|
set_fact:
|
||||||
mysql_config_directory: /etc/mysql/mariadb.conf.d
|
mysql_config_directory: /etc/mysql/mariadb.conf.d
|
||||||
|
|
||||||
- name: "Copy MySQL defaults config file (Debian 9 or later)"
|
- name: "Copy MySQL defaults config file (Debian 9 or later)"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_datadir_test
|
register: mysql_current_real_datadir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_datadir != ''
|
when: mysql_custom_datadir
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_datadir != ''
|
- mysql_custom_datadir
|
||||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
- not mysql_custom_datadir_test.stat.exists
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_logdir_test
|
register: mysql_current_real_logdir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_logdir != ''
|
when: mysql_custom_logdir
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_logdir != ''
|
- mysql_custom_logdir
|
||||||
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
||||||
- not mysql_custom_logdir_test.stat.exists
|
- not mysql_custom_logdir_test.stat.exists
|
||||||
|
|
|
@ -20,4 +20,4 @@
|
||||||
notify: "{{ mysql_restart_handler_name }}"
|
notify: "{{ mysql_restart_handler_name }}"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_tmpdir != ''
|
when: mysql_custom_tmpdir
|
||||||
|
|
|
@ -41,7 +41,7 @@
|
||||||
when: ansible_distribution_major_version is version('10', '>=')
|
when: ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Read debian-sys-maint password
|
- name: Read debian-sys-maint password
|
||||||
shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3'
|
shell: 'grep -m1 "password = .*" /etc/mysql/debian.cnf | cut -d" " -f3'
|
||||||
register: mysql_debian_password
|
register: mysql_debian_password
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
|
@ -2,11 +2,13 @@
|
||||||
|
|
||||||
- name: "Parse addresses"
|
- name: "Parse addresses"
|
||||||
shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
|
shell: "grep Address= /etc/systemd/network/50-default.network | cut -d'=' -f2"
|
||||||
|
changed_when: false
|
||||||
register: network_address_grep
|
register: network_address_grep
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
- name: "Parse gateways"
|
- name: "Parse gateways"
|
||||||
shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
|
shell: "grep Gateway= /etc/systemd/network/50-default.network | cut -d'=' -f2"
|
||||||
|
changed_when: false
|
||||||
register: network_gateway_grep
|
register: network_gateway_grep
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
question: "newrelic-php5/application-name"
|
question: "newrelic-php5/application-name"
|
||||||
value: "{{ newrelic_appname }}"
|
value: "{{ newrelic_appname }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
when: newrelic_appname != ""
|
when: newrelic_appname
|
||||||
|
|
||||||
- name: Pre-seed package configuration with license
|
- name: Pre-seed package configuration with license
|
||||||
debconf:
|
debconf:
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
question: "newrelic-php5/license-key"
|
question: "newrelic-php5/license-key"
|
||||||
value: "{{ newrelic_license }}"
|
value: "{{ newrelic_license }}"
|
||||||
vtype: "string"
|
vtype: "string"
|
||||||
when: newrelic_license != ""
|
when: newrelic_license
|
||||||
|
|
||||||
- name: list newrelic config files
|
- name: list newrelic config files
|
||||||
shell: "find /etc/php* -type f -name newrelic.ini"
|
shell: "find /etc/php* -type f -name newrelic.ini"
|
||||||
|
|
|
@ -9,5 +9,5 @@
|
||||||
dest: /etc/newrelic/nrsysmond.cfg
|
dest: /etc/newrelic/nrsysmond.cfg
|
||||||
regexp: "license_key=REPLACE_WITH_REAL_KEY"
|
regexp: "license_key=REPLACE_WITH_REAL_KEY"
|
||||||
replace: "license_key={{ newrelic_license }}"
|
replace: "license_key={{ newrelic_license }}"
|
||||||
when: newrelic_license != ""
|
when: newrelic_license
|
||||||
notify: restart newrelic-sysmond
|
notify: restart newrelic-sysmond
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: Ensure nginx service is running as configured.
|
- name: Ensure nginx service is running as configured.
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ nginx_serverstatus_suffix }}\u000A"
|
content: "{{ nginx_serverstatus_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: nginx_serverstatus_suffix != ""
|
when: nginx_serverstatus_suffix
|
||||||
|
|
||||||
- name: generate random string for server-status suffix
|
- name: generate random string for server-status suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- fail:
|
- name: Check for compatibility
|
||||||
|
fail:
|
||||||
msg: only compatible with Debian >= 8
|
msg: only compatible with Debian >= 8
|
||||||
when:
|
when:
|
||||||
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ packweb_phpmyadmin_suffix }}\u000A"
|
content: "{{ packweb_phpmyadmin_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: packweb_phpmyadmin_suffix != ""
|
when: packweb_phpmyadmin_suffix
|
||||||
|
|
||||||
- name: generate random string for phpmyadmin suffix
|
- name: generate random string for phpmyadmin suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- fail:
|
- name: Check for compatibility
|
||||||
|
fail:
|
||||||
msg: only compatible with Debian >= 8
|
msg: only compatible with Debian >= 8
|
||||||
when:
|
when:
|
||||||
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
||||||
|
|
|
@ -14,8 +14,8 @@ galaxy_info:
|
||||||
- jessie
|
- jessie
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail == True }
|
- { role: evolix/ldap, ldap_schema: 'cn4evolix.ldif', when: postfix_packmail }
|
||||||
- { role: evolix/spamassasin, when: postfix_packmail == True }
|
- { role: evolix/spamassasin, when: postfix_packmail }
|
||||||
- { role: evolix/clamav, when: postfix_packmail == True }
|
- { role: evolix/clamav, when: postfix_packmail }
|
||||||
- { role: evolix/opendkim, when: postfix_packmail == True }
|
- { role: evolix/opendkim, when: postfix_packmail }
|
||||||
- { role: evolix/dovecot, when: postfix_packmail == True }
|
- { role: evolix/dovecot, when: postfix_packmail }
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
- include: common.yml
|
- include: common.yml
|
||||||
|
|
||||||
- include: minimal.yml
|
- include: minimal.yml
|
||||||
when: postfix_packmail == False
|
when: not postfix_packmail
|
||||||
|
|
||||||
- include: packmail.yml
|
- include: packmail.yml
|
||||||
when: postfix_packmail == True
|
when: postfix_packmail
|
||||||
|
|
||||||
- include: slow_transport.yml
|
- include: slow_transport.yml
|
||||||
when: postfix_slow_transport_include
|
when: postfix_slow_transport_include
|
||||||
|
|
|
@ -10,13 +10,13 @@
|
||||||
|
|
||||||
- name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
|
- name: Allow conf.d/*.conf files to be included in PostgreSQL configuration
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: "/etc/postgresql/{{postgresql_version}}/main/postgresql.conf"
|
name: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
|
||||||
line: include_dir = 'conf.d'
|
line: include_dir = 'conf.d'
|
||||||
notify: restart postgresql
|
notify: restart postgresql
|
||||||
|
|
||||||
- name: Create conf.d directory
|
- name: Create conf.d directory
|
||||||
file:
|
file:
|
||||||
name: "/etc/postgresql/{{postgresql_version}}/main/conf.d/"
|
name: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/"
|
||||||
state: directory
|
state: directory
|
||||||
owner: postgres
|
owner: postgres
|
||||||
group: postgres
|
group: postgres
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
- name: Copy PostgreSQL config file
|
- name: Copy PostgreSQL config file
|
||||||
template:
|
template:
|
||||||
src: postgresql.conf.j2
|
src: postgresql.conf.j2
|
||||||
dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/zz-evolinux.conf"
|
dest: "/etc/postgresql/{{ postgresql_version }}/main/conf.d/zz-evolinux.conf"
|
||||||
owner: postgres
|
owner: postgres
|
||||||
group: postgres
|
group: postgres
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -12,8 +12,8 @@
|
||||||
- name: Add Munin plugins for PostgreSQL
|
- name: Add Munin plugins for PostgreSQL
|
||||||
file:
|
file:
|
||||||
state: link
|
state: link
|
||||||
src: '/usr/share/munin/plugins/{{item}}'
|
src: '/usr/share/munin/plugins/{{ item }}'
|
||||||
dest: '/etc/munin/plugins/{{item}}'
|
dest: '/etc/munin/plugins/{{ item }}'
|
||||||
with_items:
|
with_items:
|
||||||
- postgres_bgwriter
|
- postgres_bgwriter
|
||||||
- postgres_checkpoints
|
- postgres_checkpoints
|
||||||
|
@ -26,10 +26,10 @@
|
||||||
- name: Add Munin plugins for PostgreSQL (for specific databases)
|
- name: Add Munin plugins for PostgreSQL (for specific databases)
|
||||||
file:
|
file:
|
||||||
state: link
|
state: link
|
||||||
src: '/usr/share/munin/plugins/{{item[0]}}'
|
src: '/usr/share/munin/plugins/{{ item[0] }}'
|
||||||
dest: '/etc/munin/plugins/{{item[0]}}{{item[1]}}'
|
dest: '/etc/munin/plugins/{{ item[0] }}{{ item[1] }}'
|
||||||
with_nested:
|
with_nested:
|
||||||
- ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_']
|
- ['postgres_cache_', 'postgres_connections_', 'postgres_locks_', 'postgres_querylength_', 'postgres_scans_', 'postgres_size_', 'postgres_transactions_', 'postgres_tuples_']
|
||||||
- '{{postgresql_databases}}'
|
- '{{ postgresql_databases }}'
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists
|
when: etc_munin_plugins.stat.exists and usr_share_munin_plugins.stat.exists
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
name: /etc/nagios/nrpe.d/evolix.cfg
|
name: /etc/nagios/nrpe.d/evolix.cfg
|
||||||
regexp: '^command\[check_pgsql\]='
|
regexp: '^command\[check_pgsql\]='
|
||||||
line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{postgresql_nrpe_password.stdout}}"'
|
line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
|
||||||
notify: restart nagios-nrpe-server
|
notify: restart nagios-nrpe-server
|
||||||
when: postgresql_create_nrpe_user.changed
|
when: postgresql_create_nrpe_user.changed
|
||||||
when: nrpe_evolix_config.stat.exists
|
when: nrpe_evolix_config.stat.exists
|
||||||
|
|
|
@ -10,8 +10,8 @@
|
||||||
|
|
||||||
- name: Install postgresql package
|
- name: Install postgresql package
|
||||||
apt:
|
apt:
|
||||||
name: '{{item}}'
|
name: '{{ item }}'
|
||||||
with_items:
|
with_items:
|
||||||
- "postgresql-{{postgresql_version}}"
|
- "postgresql-{{ postgresql_version }}"
|
||||||
- ptop
|
- ptop
|
||||||
- libdbd-pg-perl
|
- libdbd-pg-perl
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
- name: Add PGDG repository
|
- name: Add PGDG repository
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Add GPG key for PGDG repository
|
- name: Add GPG key for PGDG repository
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Install PostGIS extention
|
- name: Install PostGIS extention
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- postgis
|
- postgis
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
- name: Enable redis munin plugin
|
- name: Enable redis munin plugin
|
||||||
file:
|
file:
|
||||||
src: /usr/local/share/munin/plugins/redis_
|
src: /usr/local/share/munin/plugins/redis_
|
||||||
dest: "/etc/munin/plugins/redis_{{item}}"
|
dest: "/etc/munin/plugins/redis_{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
with_items:
|
||||||
- connected_clients
|
- connected_clients
|
||||||
|
@ -67,7 +67,7 @@
|
||||||
value: '{{ redis_password }}'
|
value: '{{ redis_password }}'
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
when:
|
when:
|
||||||
- redis_password != ''
|
- redis_password
|
||||||
- redis_password != None
|
- redis_password != None
|
||||||
- (munin_redis_blocs_in_config.stdout | int) <= 1
|
- (munin_redis_blocs_in_config.stdout | int) <= 1
|
||||||
tags: redis
|
tags: redis
|
||||||
|
@ -77,6 +77,6 @@
|
||||||
debug:
|
debug:
|
||||||
msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
|
msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed"
|
||||||
when:
|
when:
|
||||||
- redis_password != ''
|
- redis_password
|
||||||
- redis_password != None
|
- redis_password != None
|
||||||
- (munin_redis_blocs_in_config.stdout | int) > 1
|
- (munin_redis_blocs_in_config.stdout | int) > 1
|
||||||
|
|
|
@ -39,7 +39,7 @@
|
||||||
- name: Enable redis munin plugin
|
- name: Enable redis munin plugin
|
||||||
file:
|
file:
|
||||||
src: /usr/local/share/munin/plugins/redis_
|
src: /usr/local/share/munin/plugins/redis_
|
||||||
dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{item}}"
|
dest: "/etc/munin/plugins/{{ redis_instance_name }}_redis_{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
with_items:
|
||||||
- connected_clients
|
- connected_clients
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define if redis needs to restart or not"
|
||||||
|
set_fact:
|
||||||
redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
|
redis_restart_handler_name: "{{ redis_restart_if_needed | ternary('restart redis', 'restart redis (noop)') }}"
|
||||||
|
|
||||||
- name: Redis is installed.
|
- name: Redis is installed.
|
||||||
|
@ -30,7 +31,8 @@
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
- set_fact:
|
- name: "Define which version of redis is installed"
|
||||||
|
set_fact:
|
||||||
redis_installed_version: "{{ _redis_installed_version.stdout }}"
|
redis_installed_version: "{{ _redis_installed_version.stdout }}"
|
||||||
check_mode: no
|
check_mode: no
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -1,3 +1,19 @@
|
||||||
---
|
---
|
||||||
|
galaxy_info:
|
||||||
|
author: Evolix
|
||||||
|
description: Install redmine on a Debian install
|
||||||
|
|
||||||
|
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||||
|
|
||||||
|
license: GPLv2
|
||||||
|
|
||||||
|
min_ansible_version: 2.2
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
version:
|
||||||
|
- jessie
|
||||||
|
- stretch
|
||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: evolix/nginx }
|
- { role: evolix/nginx }
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
register: redmine_generate_mysql_password
|
register: redmine_generate_mysql_password
|
||||||
check_mode: no
|
check_mode: no
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: redmine_get_mysql_password.stdout == ""
|
when: not redmine_get_mysql_password.stdout
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
user: yes
|
user: yes
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
@ -79,6 +80,7 @@
|
||||||
chdir: "/home/{{ redmine_user }}/www"
|
chdir: "/home/{{ redmine_user }}/www"
|
||||||
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
|
creates: "/home/{{ redmine_user }}/www/config/initializers/secret_token.rb"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
@ -88,6 +90,7 @@
|
||||||
args:
|
args:
|
||||||
chdir: "/home/{{ redmine_user }}/www/"
|
chdir: "/home/{{ redmine_user }}/www/"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
@ -97,6 +100,7 @@
|
||||||
args:
|
args:
|
||||||
chdir: "/home/{{ redmine_user }}/www/"
|
chdir: "/home/{{ redmine_user }}/www/"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
when: redmine_mysql_create.changed
|
when: redmine_mysql_create.changed
|
||||||
tags:
|
tags:
|
||||||
|
@ -107,6 +111,7 @@
|
||||||
args:
|
args:
|
||||||
chdir: "/home/{{ redmine_user }}/www/"
|
chdir: "/home/{{ redmine_user }}/www/"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
@ -118,6 +123,7 @@
|
||||||
state: started
|
state: started
|
||||||
user: yes
|
user: yes
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
environment: "{{ user_env }}"
|
environment: "{{ user_env }}"
|
||||||
tags:
|
tags:
|
||||||
- redmine
|
- redmine
|
||||||
|
|
|
@ -57,6 +57,7 @@
|
||||||
version: "{{ item.tree | default('master') }}"
|
version: "{{ item.tree | default('master') }}"
|
||||||
umask: "027"
|
umask: "027"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
when: item.git is defined
|
when: item.git is defined
|
||||||
with_items: "{{ redmine_plugins }}"
|
with_items: "{{ redmine_plugins }}"
|
||||||
tags:
|
tags:
|
||||||
|
@ -82,6 +83,7 @@
|
||||||
version: "{{ item.tree | default('master') }}"
|
version: "{{ item.tree | default('master') }}"
|
||||||
umask: "027"
|
umask: "027"
|
||||||
become_user: "{{ redmine_user }}"
|
become_user: "{{ redmine_user }}"
|
||||||
|
become: yes
|
||||||
when: item.git is defined
|
when: item.git is defined
|
||||||
with_items: "{{ redmine_themes }}"
|
with_items: "{{ redmine_themes }}"
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -60,7 +60,7 @@
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
register: is_cron_installed
|
register: is_cron_installed
|
||||||
|
|
||||||
- name: enable sa-update.sh cron
|
- name: enable sa-update.sh cron
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/cron.d/sa-update
|
dest: /etc/cron.d/sa-update
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- fail:
|
- name: Check for role compatibility
|
||||||
|
fail:
|
||||||
msg: only compatible with Debian >= 8
|
msg: only compatible with Debian >= 8
|
||||||
when:
|
when:
|
||||||
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
||||||
|
@ -79,7 +80,7 @@
|
||||||
content: |
|
content: |
|
||||||
# Put customized values here.
|
# Put customized values here.
|
||||||
force: no
|
force: no
|
||||||
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
|
when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: "evolinux http_access for local proxy (Debian 9 or later)"
|
- name: "evolinux http_access for local proxy (Debian 9 or later)"
|
||||||
copy:
|
copy:
|
||||||
|
@ -95,7 +96,7 @@
|
||||||
content: |
|
content: |
|
||||||
# Put customized values here.
|
# Put customized values here.
|
||||||
force: no
|
force: no
|
||||||
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
|
when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: "evolinux overrides for local proxy (Debian 9 or later)"
|
- name: "evolinux overrides for local proxy (Debian 9 or later)"
|
||||||
template:
|
template:
|
||||||
|
@ -111,7 +112,7 @@
|
||||||
content: |
|
content: |
|
||||||
# Put customized values here.
|
# Put customized values here.
|
||||||
force: no
|
force: no
|
||||||
when: squid_localproxy_enable == False and ansible_distribution_major_version is version('9', '>=')
|
when: not squid_localproxy_enable and ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: add some URL in whitelist (Debian 8)
|
- name: add some URL in whitelist (Debian 8)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
failed_when: False
|
failed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: _squid_systemd_active
|
register: _squid_systemd_active
|
||||||
|
|
||||||
- name: Squid systemd overrides directory exists
|
- name: Squid systemd overrides directory exists
|
||||||
file:
|
file:
|
||||||
dest: /etc/systemd/system/squid.service.d/
|
dest: /etc/systemd/system/squid.service.d/
|
||||||
|
|
|
@ -64,8 +64,8 @@
|
||||||
- name: Patch logrotate conf
|
- name: Patch logrotate conf
|
||||||
replace:
|
replace:
|
||||||
name: /etc/logrotate.d/varnish
|
name: /etc/logrotate.d/varnish
|
||||||
regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{item}}.*)'
|
regexp: '^(\s+)(/usr/sbin/invoke-rc.d {{ item }}.*)'
|
||||||
replace: '\1systemctl -q is-active {{item}} && \2'
|
replace: '\1systemctl -q is-active {{ item }} && \2'
|
||||||
with_items:
|
with_items:
|
||||||
- varnishlog
|
- varnishlog
|
||||||
- varnishncsa
|
- varnishncsa
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
- name: Enable varnish4 munin plugin
|
- name: Enable varnish4 munin plugin
|
||||||
file:
|
file:
|
||||||
src: /usr/local/share/munin/plugins/varnish4_
|
src: /usr/local/share/munin/plugins/varnish4_
|
||||||
dest: "/etc/munin/plugins/varnish4_{{item}}"
|
dest: "/etc/munin/plugins/varnish4_{{ item }}"
|
||||||
state: link
|
state: link
|
||||||
with_items:
|
with_items:
|
||||||
- backend_traffic
|
- backend_traffic
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
tags:
|
tags:
|
||||||
- evoadmin-mail
|
- evoadmin-mail
|
||||||
|
|
||||||
- name: Active evoadminmail VHost
|
- name: Active evoadminmail VHost
|
||||||
file:
|
file:
|
||||||
src: "/etc/nginx/sites-available/evoadminmail.conf"
|
src: "/etc/nginx/sites-available/evoadminmail.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
|
dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
|
||||||
|
|
|
@ -116,7 +116,7 @@
|
||||||
src: "/etc/nginx/sites-available/roundcube.conf"
|
src: "/etc/nginx/sites-available/roundcube.conf"
|
||||||
dest: "/etc/nginx/sites-enabled/roundcube.conf"
|
dest: "/etc/nginx/sites-enabled/roundcube.conf"
|
||||||
state: link
|
state: link
|
||||||
when: roundcube_webserver == "nginx"
|
when: roundcube_webserver == "nginx"
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
||||||
- name: enable roundcube link in default site index
|
- name: enable roundcube link in default site index
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
|
|
||||||
- name: Download Wordpress
|
- name: Download Wordpress
|
||||||
shell: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
|
command: '{{ wordpress_wpcli }} core download --locale=fr_FR --version={{ wordpress_version }}'
|
||||||
args:
|
args:
|
||||||
creates: "{{ ansible_env.HOME }}/www/index.php"
|
creates: "{{ ansible_env.HOME }}/www/index.php"
|
||||||
|
|
||||||
|
@ -42,12 +42,12 @@
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: Configure Wordpress (wp-config.php)
|
- name: Configure Wordpress (wp-config.php)
|
||||||
shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
|
command: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}'
|
||||||
args:
|
args:
|
||||||
creates: "{{ ansible_env.HOME }}/www/wp-config.php"
|
creates: "{{ ansible_env.HOME }}/www/wp-config.php"
|
||||||
|
|
||||||
- name: Configure site
|
- name: Configure site
|
||||||
shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
|
command: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email'
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Check if Wordpress is up to date
|
- name: Check if Wordpress is up to date
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
changed_when: check_version.rc
|
changed_when: check_version.rc
|
||||||
|
|
||||||
- name: Update Wordpress
|
- name: Update Wordpress
|
||||||
shell: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
|
command: '{{ wordpress_wpcli }} core update --version={{ wordpress_version }}'
|
||||||
args:
|
args:
|
||||||
removes: "{{ ansible_env.HOME }}/www/index.php"
|
removes: "{{ ansible_env.HOME }}/www/index.php"
|
||||||
when: check_version.rc
|
when: check_version.rc
|
||||||
|
|
Loading…
Reference in a new issue