forked from evolix/ansible-roles
Change mode with leading 0, but still as String
This commit is contained in:
parent
5efb9b04e1
commit
294cea44e8
|
@ -32,7 +32,7 @@
|
||||||
- name: Fix perms on homedirectory for '{{ user.name }}'
|
- name: Fix perms on homedirectory for '{{ user.name }}'
|
||||||
file:
|
file:
|
||||||
name: '/home/{{ user.name }}'
|
name: '/home/{{ user.name }}'
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: is evomaintenance installed?
|
- name: is evomaintenance installed?
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
file:
|
file:
|
||||||
dest: '/home/{{ user.name }}/.ssh/'
|
dest: '/home/{{ user.name }}/.ssh/'
|
||||||
state: directory
|
state: directory
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
owner: '{{ user.name }}'
|
owner: '{{ user.name }}'
|
||||||
group: '{{ user.name }}'
|
group: '{{ user.name }}'
|
||||||
|
|
||||||
|
@ -126,7 +126,7 @@
|
||||||
- name: Verify Evolinux sudoers file permissions
|
- name: Verify Evolinux sudoers file permissions
|
||||||
file:
|
file:
|
||||||
path: /etc/sudoers.d/evolinux
|
path: /etc/sudoers.d/evolinux
|
||||||
mode: "440"
|
mode: "0440"
|
||||||
state: file
|
state: file
|
||||||
|
|
||||||
- name: Add user in sudoers file for '{{ user.name }}'
|
- name: Add user in sudoers file for '{{ user.name }}'
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
dest: /etc/apt/sources.list.d/backports.list
|
dest: /etc/apt/sources.list.d/backports.list
|
||||||
force: yes
|
force: yes
|
||||||
backup: yes
|
backup: yes
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
notify: apt update
|
notify: apt update
|
||||||
|
|
||||||
- name: Backports configuration
|
- name: Backports configuration
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
dest: /etc/apt/preferences.d/backports
|
dest: /etc/apt/preferences.d/backports
|
||||||
force: yes
|
force: yes
|
||||||
backup: yes
|
backup: yes
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
notify: apt update
|
notify: apt update
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: munin/drbd-plugin
|
src: munin/drbd-plugin
|
||||||
dest: /etc/munin/plugins/drbd
|
dest: /etc/munin/plugins/drbd
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
when: munin_plugins_dir.stat.exists
|
when: munin_plugins_dir.stat.exists
|
||||||
notify: restart munin-node
|
notify: restart munin-node
|
||||||
|
|
||||||
|
|
|
@ -29,5 +29,5 @@
|
||||||
copy:
|
copy:
|
||||||
src: "nagios/check_drbd"
|
src: "nagios/check_drbd"
|
||||||
dest: "/usr/local/lib/nagios/plugins/check_drbd"
|
dest: "/usr/local/lib/nagios/plugins/check_drbd"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
when: nagios_plugins_dir.stat.exists
|
when: nagios_plugins_dir.stat.exists
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
||||||
owner: elasticsearch
|
owner: elasticsearch
|
||||||
group: elasticsearch
|
group: elasticsearch
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
state: directory
|
state: directory
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/.git
|
path: /etc/.git
|
||||||
owner: root
|
owner: root
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: /etc/.gitignore is present
|
- name: /etc/.gitignore is present
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
src: gitignore
|
src: gitignore
|
||||||
dest: /etc/.gitignore
|
dest: /etc/.gitignore
|
||||||
owner: root
|
owner: root
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
|
|
||||||
- name: does /etc/ have any commit?
|
- name: does /etc/ have any commit?
|
||||||
command: "git log"
|
command: "git log"
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
- name: Fix crt dir's right
|
- name: Fix crt dir's right
|
||||||
file:
|
file:
|
||||||
path: "{{ evoacme_crt_dir }}"
|
path: "{{ evoacme_crt_dir }}"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
owner: acme
|
owner: acme
|
||||||
group: acme
|
group: acme
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -24,7 +24,7 @@
|
||||||
- name: Fix log dir's right
|
- name: Fix log dir's right
|
||||||
file:
|
file:
|
||||||
path: "{{ evoacme_log_dir }}"
|
path: "{{ evoacme_log_dir }}"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
owner: acme
|
owner: acme
|
||||||
group: acme
|
group: acme
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
- name: Fix challenge dir's right
|
- name: Fix challenge dir's right
|
||||||
file:
|
file:
|
||||||
path: "{{ evoacme_acme_dir }}"
|
path: "{{ evoacme_acme_dir }}"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
owner: acme
|
owner: acme
|
||||||
group: acme
|
group: acme
|
||||||
state: directory
|
state: directory
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
dest: /etc/apache2/conf-available/letsencrypt.conf
|
dest: /etc/apache2/conf-available/letsencrypt.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: reload apache2
|
notify: reload apache2
|
||||||
|
|
||||||
- name: Enable acme challenge conf
|
- name: Enable acme challenge conf
|
||||||
|
|
|
@ -92,13 +92,13 @@
|
||||||
content: |
|
content: |
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
sudo /opt/certbot/certbot-auto $@
|
sudo /opt/certbot/certbot-auto $@
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Add sudo right for source install
|
- name: Add sudo right for source install
|
||||||
copy:
|
copy:
|
||||||
src: files/sudoers
|
src: files/sudoers
|
||||||
dest: /etc/sudoers.d/certbot
|
dest: /etc/sudoers.d/certbot
|
||||||
mode: "440"
|
mode: "0440"
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
when: evoacme_certbot_release is undefined
|
when: evoacme_certbot_release is undefined
|
||||||
|
|
||||||
|
@ -111,4 +111,4 @@
|
||||||
copy:
|
copy:
|
||||||
src: certbot.cron
|
src: certbot.cron
|
||||||
dest: /etc/cron.daily/certbot
|
dest: /etc/cron.daily/certbot
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
|
@ -30,4 +30,4 @@
|
||||||
dest: /etc/default/evoacme
|
dest: /etc/default/evoacme
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
|
|
|
@ -4,4 +4,4 @@
|
||||||
dest: /etc/nginx/letsencrypt.conf
|
dest: /etc/nginx/letsencrypt.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Copy make-csr.sh script
|
- name: Copy make-csr.sh script
|
||||||
copy:
|
copy:
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
dest: /usr/local/bin/make-csr
|
dest: /usr/local/bin/make-csr
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Copy evoacme script
|
- name: Copy evoacme script
|
||||||
copy:
|
copy:
|
||||||
|
@ -21,4 +21,4 @@
|
||||||
dest: /usr/local/bin/evoacme
|
dest: /usr/local/bin/evoacme
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
with_items:
|
with_items:
|
||||||
- "APT::Install-Recommends \"0\";"
|
- "APT::Install-Recommends \"0\";"
|
||||||
- "APT::Install-Suggests \"0\";"
|
- "APT::Install-Suggests \"0\";"
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
line: "{{ item }}"
|
line: "{{ item }}"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
with_items:
|
with_items:
|
||||||
- "DPkg::Pre-Invoke { \"mount -oremount,exec /tmp && mount -oremount,rw /usr || true\"; };"
|
- "DPkg::Pre-Invoke { \"mount -oremount,exec /tmp && mount -oremount,rw /usr || true\"; };"
|
||||||
- "DPkg::Post-Invoke { \"mount -oremount /tmp && mount -oremount /usr || exit 0\"; };"
|
- "DPkg::Post-Invoke { \"mount -oremount /tmp && mount -oremount /usr || exit 0\"; };"
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
dest: /etc/apt/sources.list.d/evolix_public.list
|
dest: /etc/apt/sources.list.d/evolix_public.list
|
||||||
force: yes
|
force: yes
|
||||||
backup: yes
|
backup: yes
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
when: evolinux_apt_public_sources
|
when: evolinux_apt_public_sources
|
||||||
|
|
||||||
- name: Remove Aptitude
|
- name: Remove Aptitude
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
path: /etc/ssl/private/{{ ansible_fqdn }}.key
|
path: /etc/ssl/private/{{ ansible_fqdn }}.key
|
||||||
owner: root
|
owner: root
|
||||||
group: ssl-cert
|
group: ssl-cert
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
|
|
||||||
- name: Create certificate for default site
|
- name: Create certificate for default site
|
||||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||||
|
@ -62,7 +62,7 @@
|
||||||
template:
|
template:
|
||||||
src: default_www/nginx_default_site.j2
|
src: default_www/nginx_default_site.j2
|
||||||
dest: /etc/nginx/sites-available/000-default
|
dest: /etc/nginx/sites-available/000-default
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
# force: yes
|
# force: yes
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
tags:
|
tags:
|
||||||
|
@ -95,7 +95,7 @@
|
||||||
template:
|
template:
|
||||||
src: default_www/apache_default_site.j2
|
src: default_www/apache_default_site.j2
|
||||||
dest: /etc/apache2/sites-available/000-default
|
dest: /etc/apache2/sites-available/000-default
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
# force: yes
|
# force: yes
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -43,7 +43,7 @@
|
||||||
template:
|
template:
|
||||||
src: hardware/cciss-vol-statusd.j2
|
src: hardware/cciss-vol-statusd.j2
|
||||||
dest: /etc/init.d/cciss-vol-statusd
|
dest: /etc/init.d/cciss-vol-statusd
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Enable HP hardware in systemd
|
- name: Enable HP hardware in systemd
|
||||||
service:
|
service:
|
||||||
|
@ -70,7 +70,7 @@
|
||||||
template:
|
template:
|
||||||
src: hardware/megaclisas-statusd.j2
|
src: hardware/megaclisas-statusd.j2
|
||||||
dest: /etc/default/megaclisas-statusd
|
dest: /etc/default/megaclisas-statusd
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Enable DELL/LSI hardware in systemd
|
- name: Enable DELL/LSI hardware in systemd
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: logs/rsyslog.conf
|
src: logs/rsyslog.conf
|
||||||
dest: /etc/rsyslog.conf
|
dest: /etc/rsyslog.conf
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart rsyslog
|
notify: restart rsyslog
|
||||||
when: evolinux_logs_rsyslog_conf
|
when: evolinux_logs_rsyslog_conf
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
file:
|
file:
|
||||||
path: /root
|
path: /root
|
||||||
state: directory
|
state: directory
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
when: evolinux_root_chmod
|
when: evolinux_root_chmod
|
||||||
|
|
||||||
- name: "Customize root's bashrc..."
|
- name: "Customize root's bashrc..."
|
||||||
|
|
|
@ -119,7 +119,7 @@
|
||||||
src: system/init_alert5.j2
|
src: system/init_alert5.j2
|
||||||
dest: /etc/init.d/alert5
|
dest: /etc/init.d/alert5
|
||||||
force: no
|
force: no
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
when: evolinux_system_alert5_init
|
when: evolinux_system_alert5_init
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /etc/fail2ban/filter.d/
|
dest: /etc/fail2ban/filter.d/
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
with_items:
|
with_items:
|
||||||
- dovecot-evolix.conf
|
- dovecot-evolix.conf
|
||||||
- sasl-evolix.conf
|
- sasl-evolix.conf
|
||||||
|
@ -20,5 +20,5 @@
|
||||||
template:
|
template:
|
||||||
src: jail.local.j2
|
src: jail.local.j2
|
||||||
dest: /etc/fail2ban/jail.local
|
dest: /etc/fail2ban/jail.local
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
|
|
|
@ -18,6 +18,6 @@
|
||||||
copy:
|
copy:
|
||||||
src: logrotate
|
src: logrotate
|
||||||
dest: /etc/logrotate.d/kibana
|
dest: /etc/logrotate.d/kibana
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
get_url:
|
get_url:
|
||||||
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/virtualization/{{ item }}"
|
url: "https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/virtualization/{{ item }}"
|
||||||
dest: "/etc/munin/plugins/"
|
dest: "/etc/munin/plugins/"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
with_items:
|
with_items:
|
||||||
- kvm_cpu
|
- kvm_cpu
|
||||||
- kvm_io
|
- kvm_io
|
||||||
|
|
|
@ -3,13 +3,13 @@
|
||||||
file:
|
file:
|
||||||
path: "/usr/share/scripts"
|
path: "/usr/share/scripts"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
|
|
||||||
- name: Copy listupgrade script
|
- name: Copy listupgrade script
|
||||||
template:
|
template:
|
||||||
src: listupgrade.sh.j2
|
src: listupgrade.sh.j2
|
||||||
dest: "/usr/share/scripts/listupgrade.sh"
|
dest: "/usr/share/scripts/listupgrade.sh"
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
force: yes
|
force: yes
|
||||||
|
@ -19,13 +19,13 @@
|
||||||
file:
|
file:
|
||||||
path: /etc/evolinux
|
path: /etc/evolinux
|
||||||
state: directory
|
state: directory
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
|
|
||||||
- name: Copy listupgrade config
|
- name: Copy listupgrade config
|
||||||
template:
|
template:
|
||||||
src: listupgrade.cnf.j2
|
src: listupgrade.cnf.j2
|
||||||
dest: /etc/evolinux/listupgrade.cnf
|
dest: /etc/evolinux/listupgrade.cnf
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
force: no
|
force: no
|
||||||
|
@ -34,6 +34,6 @@
|
||||||
template:
|
template:
|
||||||
src: listupgrade_cron.j2
|
src: listupgrade_cron.j2
|
||||||
dest: /etc/cron.d/listupgrade
|
dest: /etc/cron.d/listupgrade
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
template:
|
template:
|
||||||
src: evolinux-defaults.conf.j2
|
src: evolinux-defaults.conf.j2
|
||||||
dest: /etc/monit/conf.d/z-evolinux-defaults.conf
|
dest: /etc/monit/conf.d/z-evolinux-defaults.conf
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart monit
|
notify: restart monit
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
dest: /etc/mysql/conf.d/z-evolinux-defaults.cnf
|
dest: /etc/mysql/conf.d/z-evolinux-defaults.cnf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
@ -16,7 +16,7 @@
|
||||||
dest: /etc/mysql/conf.d/zzz-evolinux-custom.cnf
|
dest: /etc/mysql/conf.d/zzz-evolinux-custom.cnf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
force: no
|
force: no
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
template:
|
template:
|
||||||
src: log2mail.j2
|
src: log2mail.j2
|
||||||
dest: /etc/log2mail/config/mysql.conf
|
dest: /etc/log2mail/config/mysql.conf
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
when: log2mail_config_dir.stat.exists
|
when: log2mail_config_dir.stat.exists
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
path: "{{ mysql_custom_tmpdir }}"
|
path: "{{ mysql_custom_tmpdir }}"
|
||||||
owner: mysql
|
owner: mysql
|
||||||
group: mysql
|
group: mysql
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
- name: mysqladmin is the default user
|
- name: mysqladmin is the default user
|
||||||
ini_file:
|
ini_file:
|
||||||
dest: /root/.my.cnf
|
dest: /root/.my.cnf
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
section: client
|
section: client
|
||||||
option: '{{ item.option }}'
|
option: '{{ item.option }}'
|
||||||
value: '{{ item.value }}'
|
value: '{{ item.value }}'
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
template:
|
template:
|
||||||
src: mytop.j2
|
src: mytop.j2
|
||||||
dest: /root/.mytop
|
dest: /root/.mytop
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
force: yes
|
force: yes
|
||||||
tags:
|
tags:
|
||||||
- mytop
|
- mytop
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: mysqltuner.pl
|
src: mysqltuner.pl
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl"
|
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl"
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- mysqltuner
|
- mysqltuner
|
||||||
|
@ -51,7 +51,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: mysql-optimize.sh
|
src: mysql-optimize.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -84,7 +84,7 @@
|
||||||
- name: Ensure /usr/share/scripts exists
|
- name: Ensure /usr/share/scripts exists
|
||||||
file:
|
file:
|
||||||
dest: /usr/share/scripts
|
dest: /usr/share/scripts
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
@ -93,6 +93,6 @@
|
||||||
copy:
|
copy:
|
||||||
src: my-add.sh
|
src: my-add.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh"
|
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh"
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: nginx/evolinux-defaults.conf
|
src: nginx/evolinux-defaults.conf
|
||||||
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
# force: yes
|
# force: yes
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
tags:
|
tags:
|
||||||
|
@ -49,8 +49,8 @@
|
||||||
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
directory_mode: "640"
|
directory_mode: "0640"
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
force: no
|
force: no
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
tags:
|
tags:
|
||||||
|
@ -82,8 +82,8 @@
|
||||||
dest: /etc/nginx/snippets/private_htpasswd
|
dest: /etc/nginx/snippets/private_htpasswd
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
directory_mode: "640"
|
directory_mode: "0640"
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
force: no
|
force: no
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: munin/evolinux.nginx
|
src: munin/evolinux.nginx
|
||||||
dest: /etc/munin/plugin-conf.d/
|
dest: /etc/munin/plugin-conf.d/
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart munin
|
notify: restart munin
|
||||||
|
|
||||||
- name: Enable Munin plugins for Nginx
|
- name: Enable Munin plugins for Nginx
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: init.d/spawn-fcgi-munin-graph
|
src: init.d/spawn-fcgi-munin-graph
|
||||||
dest: /etc/init.d/
|
dest: /etc/init.d/
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
register: install_spawn_fcgi_munin_graph
|
register: install_spawn_fcgi_munin_graph
|
||||||
|
|
||||||
- name: Reload systemd
|
- name: Reload systemd
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
dest: /etc/postfix/main.cf
|
dest: /etc/postfix/main.cf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
when: default_main_cf.stdout == "5450c05d65878e99dad696c7c722e511 -"
|
when: default_main_cf.stdout == "5450c05d65878e99dad696c7c722e511 -"
|
||||||
notify: restart postfix
|
notify: restart postfix
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: postgres
|
owner: postgres
|
||||||
group: postgres
|
group: postgres
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Copy PostgreSQL config file
|
- name: Copy PostgreSQL config file
|
||||||
template:
|
template:
|
||||||
|
@ -19,5 +19,5 @@
|
||||||
dest: /etc/postgresql/9.4/main/conf.d/evolinux.conf
|
dest: /etc/postgresql/9.4/main/conf.d/evolinux.conf
|
||||||
owner: postgres
|
owner: postgres
|
||||||
group: postgres
|
group: postgres
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart postgresql
|
notify: restart postgresql
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
template:
|
template:
|
||||||
src: evolinux.conf.j2
|
src: evolinux.conf.j2
|
||||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
dest: /etc/rabbitmq/rabbitmq-env.conf
|
dest: /etc/rabbitmq/rabbitmq-env.conf
|
||||||
owner: rabbitmq
|
owner: rabbitmq
|
||||||
group: rabbitmq
|
group: rabbitmq
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
force: no
|
force: no
|
||||||
|
|
||||||
- name: Create rabbitmq.config
|
- name: Create rabbitmq.config
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
dest: /etc/rabbitmq/rabbitmq.config
|
dest: /etc/rabbitmq/rabbitmq.config
|
||||||
owner: rabbitmq
|
owner: rabbitmq
|
||||||
group: rabbitmq
|
group: rabbitmq
|
||||||
mode: "600"
|
mode: "0600"
|
||||||
force: no
|
force: no
|
||||||
|
|
||||||
- name: Adjust ulimit
|
- name: Adjust ulimit
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
template:
|
template:
|
||||||
src: redis.conf.j2
|
src: redis.conf.j2
|
||||||
dest: "{{ redis_conf_path }}"
|
dest: "{{ redis_conf_path }}"
|
||||||
mode: "644"
|
mode: "0644"
|
||||||
notify: restart redis
|
notify: restart redis
|
||||||
tags:
|
tags:
|
||||||
- redis
|
- redis
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
template:
|
template:
|
||||||
src: log2mail.j2
|
src: log2mail.j2
|
||||||
dest: /etc/log2mail/config/squid.conf
|
dest: /etc/log2mail/config/squid.conf
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
owner: log2mail
|
owner: log2mail
|
||||||
group: adm
|
group: adm
|
||||||
notify: restart log2mail
|
notify: restart log2mail
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
file:
|
file:
|
||||||
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin"
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin"
|
||||||
state: directory
|
state: directory
|
||||||
mode: "770"
|
mode: "0770"
|
||||||
owner: "{{ tomcat_instance_name }}"
|
owner: "{{ tomcat_instance_name }}"
|
||||||
group: "{{ tomcat_instance_name }}"
|
group: "{{ tomcat_instance_name }}"
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin/"
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin/"
|
||||||
mode: "770"
|
mode: "0770"
|
||||||
owner: "{{ tomcat_instance_name }}"
|
owner: "{{ tomcat_instance_name }}"
|
||||||
group: "{{ tomcat_instance_name }}"
|
group: "{{ tomcat_instance_name }}"
|
||||||
with_fileglob:
|
with_fileglob:
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
template:
|
template:
|
||||||
src: 'templates/server.xml.j2'
|
src: 'templates/server.xml.j2'
|
||||||
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml"
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml"
|
||||||
mode: "660"
|
mode: "0660"
|
||||||
owner: "{{ tomcat_instance_name }}"
|
owner: "{{ tomcat_instance_name }}"
|
||||||
group: "{{ tomcat_instance_name }}"
|
group: "{{ tomcat_instance_name }}"
|
||||||
force: no
|
force: no
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
template:
|
template:
|
||||||
src: 'templates/env.j2'
|
src: 'templates/env.j2'
|
||||||
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env"
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env"
|
||||||
mode: "660"
|
mode: "0660"
|
||||||
owner: "{{ tomcat_instance_name }}"
|
owner: "{{ tomcat_instance_name }}"
|
||||||
group: "{{ tomcat_instance_name }}"
|
group: "{{ tomcat_instance_name }}"
|
||||||
force: no
|
force: no
|
||||||
|
|
|
@ -7,6 +7,6 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile"
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile"
|
||||||
state: present
|
state: present
|
||||||
mode: "640"
|
mode: "0640"
|
||||||
create: yes
|
create: yes
|
||||||
line: 'export XDG_RUNTIME_DIR=/run/user/$UID'
|
line: 'export XDG_RUNTIME_DIR=/run/user/$UID'
|
||||||
|
|
|
@ -14,11 +14,11 @@
|
||||||
state: directory
|
state: directory
|
||||||
owner: 'root'
|
owner: 'root'
|
||||||
group: 'root'
|
group: 'root'
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
|
|
||||||
- name: Copy systemd unit
|
- name: Copy systemd unit
|
||||||
copy:
|
copy:
|
||||||
src: 'files/tomcat.service'
|
src: 'files/tomcat.service'
|
||||||
dest: "/etc/systemd/user/tomcat.service"
|
dest: "/etc/systemd/user/tomcat.service"
|
||||||
mode: "755"
|
mode: "0755"
|
||||||
notify: systemd reload
|
notify: systemd reload
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: '/etc/sudoers.d/tomcat'
|
dest: '/etc/sudoers.d/tomcat'
|
||||||
state: present
|
state: present
|
||||||
mode: "440"
|
mode: "0440"
|
||||||
create: yes
|
create: yes
|
||||||
line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL"
|
line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL"
|
||||||
validate: 'visudo -cf %s'
|
validate: 'visudo -cf %s'
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: '/etc/sudoers.d/tomcat'
|
dest: '/etc/sudoers.d/tomcat'
|
||||||
state: present
|
state: present
|
||||||
mode: "440"
|
mode: "0440"
|
||||||
create: yes
|
create: yes
|
||||||
line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
|
line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
|
||||||
validate: 'visudo -cf %s'
|
validate: 'visudo -cf %s'
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: "reload-vcl.sh"
|
src: "reload-vcl.sh"
|
||||||
dest: "/etc/varnish/reload-vcl.sh"
|
dest: "/etc/varnish/reload-vcl.sh"
|
||||||
mode: "700"
|
mode: "0700"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue