forked from evolix/ansible-roles
Improve Ansible syntax
replace « x | changed » by « x is changed » add explicit « bool » filter use « length » filter instead of string comparison
This commit is contained in:
parent
3dde4ee6d3
commit
2ed77c60f0
|
@ -21,9 +21,9 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
- packages
|
- packages
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
- apache_mpm == "itk"
|
- apache_mpm == "itk"
|
||||||
|
|
||||||
- name: packages are installed (jessie)
|
- name: packages are installed (jessie)
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ apache_serverstatus_suffix }}\u000A"
|
content: "{{ apache_serverstatus_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: apache_serverstatus_suffix != ""
|
when: apache_serverstatus_suffix | length > 0
|
||||||
|
|
||||||
- name: generate random string for server-status suffix
|
- name: generate random string for server-status suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
- /etc/apt/sources.list.d/debian-stretch.list
|
- /etc/apt/sources.list.d/debian-stretch.list
|
||||||
- /etc/apt/sources.list.d/debian-buster.list
|
- /etc/apt/sources.list.d/debian-buster.list
|
||||||
- /etc/apt/sources.list.d/debian-update.list
|
- /etc/apt/sources.list.d/debian-update.list
|
||||||
when: apt_clean_gandi_sourceslist
|
when: apt_clean_gandi_sourceslist | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
|
||||||
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
|
||||||
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
|
||||||
when: apt_evolinux_config
|
when: apt_evolinux_config | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
|
||||||
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
|
||||||
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
|
||||||
when: apt_hooks
|
when: apt_hooks | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
apt:
|
apt:
|
||||||
name: aptitude
|
name: aptitude
|
||||||
state: absent
|
state: absent
|
||||||
when: apt_remove_aptitude
|
when: apt_remove_aptitude | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
|
@ -50,6 +50,6 @@
|
||||||
- name: Upgrading system
|
- name: Upgrading system
|
||||||
apt:
|
apt:
|
||||||
upgrade: dist
|
upgrade: dist
|
||||||
when: apt_upgrade
|
when: apt_upgrade | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -4,7 +4,9 @@
|
||||||
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
|
||||||
register: apt_mark
|
register: apt_mark
|
||||||
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
changed_when: "item + ' set on hold.' in apt_mark.stdout"
|
||||||
failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
|
failed_when:
|
||||||
|
- apt_mark.rc != 0
|
||||||
|
- apt_mark.stdout | length > 0
|
||||||
loop: "{{ apt_hold_packages }}"
|
loop: "{{ apt_hold_packages }}"
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -10,30 +10,30 @@
|
||||||
|
|
||||||
- name: Custom configuration
|
- name: Custom configuration
|
||||||
include: config.yml
|
include: config.yml
|
||||||
when: apt_config
|
when: apt_config | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install basics repositories
|
- name: Install basics repositories
|
||||||
include: basics.yml
|
include: basics.yml
|
||||||
when: apt_install_basics
|
when: apt_install_basics | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install APT Backports repository
|
- name: Install APT Backports repository
|
||||||
include: backports.yml
|
include: backports.yml
|
||||||
when: apt_install_backports
|
when: apt_install_backports | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install Evolix Public APT repository
|
- name: Install Evolix Public APT repository
|
||||||
include: evolix_public.yml
|
include: evolix_public.yml
|
||||||
when: apt_install_evolix_public
|
when: apt_install_evolix_public | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
||||||
- name: Install check for packages marked hold
|
- name: Install check for packages marked hold
|
||||||
include: hold_packages.yml
|
include: hold_packages.yml
|
||||||
when: apt_install_hold_packages
|
when: apt_install_hold_packages | bool
|
||||||
tags:
|
tags:
|
||||||
- apt
|
- apt
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
bind_cache_dir: /var/cache/bind
|
bind_cache_dir: /var/cache/bind
|
||||||
bind_statistics_file: /var/run/named.stats
|
bind_statistics_file: /var/run/named.stats
|
||||||
bind_chroot_path: /var/chroot-bind
|
bind_chroot_path: /var/chroot-bind
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: configure apparmor
|
- name: configure apparmor
|
||||||
template:
|
template:
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server | bool
|
||||||
|
|
||||||
- name: enable zones.rfc1918 for recursive server
|
- name: enable zones.rfc1918 for recursive server
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
line: 'include "/etc/bind/zones.rfc1918";'
|
line: 'include "/etc/bind/zones.rfc1918";'
|
||||||
regexp: "zones.rfc1918"
|
regexp: "zones.rfc1918"
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_recursive_server
|
when: bind_recursive_server | bool
|
||||||
|
|
||||||
- name: Set bind configuration for authoritative server
|
- name: Set bind configuration for authoritative server
|
||||||
template:
|
template:
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_authoritative_server
|
when: bind_authoritative_server | bool
|
||||||
|
|
||||||
- name: Create systemd service
|
- name: Create systemd service
|
||||||
template:
|
template:
|
||||||
|
@ -75,7 +75,7 @@
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: not bind_chroot_set
|
when: not (bind_chroot_set | bool)
|
||||||
|
|
||||||
- name: "touch {{ bind_query_file }} if non chroot"
|
- name: "touch {{ bind_query_file }} if non chroot"
|
||||||
file:
|
file:
|
||||||
|
@ -84,7 +84,7 @@
|
||||||
group: adm
|
group: adm
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
state: touch
|
state: touch
|
||||||
when: not bind_chroot_set
|
when: not (bind_chroot_set | bool)
|
||||||
|
|
||||||
- name: send chroot-bind.sh in /root
|
- name: send chroot-bind.sh in /root
|
||||||
copy:
|
copy:
|
||||||
|
@ -94,17 +94,19 @@
|
||||||
owner: root
|
owner: root
|
||||||
force: yes
|
force: yes
|
||||||
backup: yes
|
backup: yes
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: exec chroot-bind.sh
|
- name: exec chroot-bind.sh
|
||||||
command: "/root/chroot-bind.sh"
|
command: "/root/chroot-bind.sh"
|
||||||
register: chrootbind_run
|
register: chrootbind_run
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: chrootbind_run.stdout_lines
|
var: chrootbind_run.stdout_lines
|
||||||
when: bind_chroot_set and chrootbind_run.stdout != ""
|
when:
|
||||||
|
- bind_chroot_set | bool
|
||||||
|
- chrootbind_run.stdout | length > 0
|
||||||
|
|
||||||
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
- name: Modify OPTIONS in /etc/default/bind9 for chroot
|
||||||
replace:
|
replace:
|
||||||
|
@ -112,7 +114,7 @@
|
||||||
regexp: '^OPTIONS=.*'
|
regexp: '^OPTIONS=.*'
|
||||||
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
|
||||||
notify: restart bind
|
notify: restart bind
|
||||||
when: bind_chroot_set
|
when: bind_chroot_set | bool
|
||||||
|
|
||||||
- name: logrotate for bind
|
- name: logrotate for bind
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
src: cron_jessie
|
src: cron_jessie
|
||||||
dest: /etc/cron.d/certbot
|
dest: /etc/cron.d/certbot
|
||||||
force: yes
|
force: yes
|
||||||
when: certbot_custom_crontab
|
when: certbot_custom_crontab | bool
|
||||||
|
|
||||||
- name: disable self-upgrade
|
- name: disable self-upgrade
|
||||||
ini_file:
|
ini_file:
|
||||||
|
|
|
@ -73,7 +73,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
owner: root
|
owner: root
|
||||||
when: docker_tls_enabled
|
when: docker_tls_enabled | bool
|
||||||
|
|
||||||
- name: Copy shellpki utility to Docker TLS directory
|
- name: Copy shellpki utility to Docker TLS directory
|
||||||
template:
|
template:
|
||||||
|
@ -83,7 +83,7 @@
|
||||||
loop:
|
loop:
|
||||||
- shellpki.sh
|
- shellpki.sh
|
||||||
- openssl.cnf
|
- openssl.cnf
|
||||||
when: docker_tls_enabled
|
when: docker_tls_enabled | bool
|
||||||
|
|
||||||
- name: Check if certs are already created
|
- name: Check if certs are already created
|
||||||
stat:
|
stat:
|
||||||
|
@ -92,4 +92,6 @@
|
||||||
|
|
||||||
- name: Creating a CA, server key
|
- name: Creating a CA, server key
|
||||||
command: "{{ docker_tls_path }}/shellpki.sh init"
|
command: "{{ docker_tls_path }}/shellpki.sh init"
|
||||||
when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
|
when:
|
||||||
|
- docker_tls_enabled | bool
|
||||||
|
- not tls_certs_stat.stat.isdir
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
line: "cluster.name: {{ elasticsearch_cluster_name }}"
|
||||||
regexp: "^cluster.name:"
|
regexp: "^cluster.name:"
|
||||||
insertafter: "^# *cluster.name:"
|
insertafter: "^# *cluster.name:"
|
||||||
when: elasticsearch_cluster_name|default("", True)
|
when: elasticsearch_cluster_name | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
line: "network.host: {{ elasticsearch_network_host }}"
|
line: "network.host: {{ elasticsearch_network_host }}"
|
||||||
regexp: "^network.host:"
|
regexp: "^network.host:"
|
||||||
insertafter: "^# *network.host:"
|
insertafter: "^# *network.host:"
|
||||||
when: elasticsearch_network_host|default("", True)
|
when: elasticsearch_network_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
line: "network.publish_host: {{ elasticsearch_network_publish_host }}"
|
||||||
regexp: "^network.publish_host:"
|
regexp: "^network.publish_host:"
|
||||||
insertafter: "^network.host:"
|
insertafter: "^network.host:"
|
||||||
when: elasticsearch_network_publish_host|default("", True)
|
when: elasticsearch_network_publish_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
line: "http.publish_host: {{ elasticsearch_http_publish_host }}"
|
||||||
regexp: "^http.publish_host:"
|
regexp: "^http.publish_host:"
|
||||||
insertafter: "^http.port:"
|
insertafter: "^http.port:"
|
||||||
when: elasticsearch_http_publish_host|default("", True)
|
when: elasticsearch_http_publish_host | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@
|
||||||
dest: /etc/elasticsearch/elasticsearch.yml
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}"
|
line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}"
|
||||||
regexp: "^discovery.seed_hosts:"
|
regexp: "^discovery.seed_hosts:"
|
||||||
when: elasticsearch_discovery_seed_hosts
|
when: elasticsearch_discovery_seed_hosts | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
dest: /etc/elasticsearch/elasticsearch.yml
|
dest: /etc/elasticsearch/elasticsearch.yml
|
||||||
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}"
|
line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}"
|
||||||
regexp: "^cluster.initial_master_nodes:"
|
regexp: "^cluster.initial_master_nodes:"
|
||||||
when: elasticsearch_cluster_initial_master_nodes
|
when: elasticsearch_cluster_initial_master_nodes | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -98,7 +98,7 @@
|
||||||
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
|
||||||
regexp: "^discovery.zen.ping.unicast.hosts:"
|
regexp: "^discovery.zen.ping.unicast.hosts:"
|
||||||
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
insertafter: "^#discovery.zen.ping.unicast.hosts"
|
||||||
when: elasticsearch_cluster_members|default("", True)
|
when: elasticsearch_cluster_members | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
||||||
|
@ -108,6 +108,6 @@
|
||||||
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
|
||||||
regexp: "^discovery.zen.minimum_master_nodes:"
|
regexp: "^discovery.zen.minimum_master_nodes:"
|
||||||
insertafter: "^#discovery.zen.minimum_master_nodes"
|
insertafter: "^#discovery.zen.minimum_master_nodes"
|
||||||
when: elasticsearch_minimum_master_nodes|default("", True)
|
when: elasticsearch_minimum_master_nodes | default("", True) | length > 0
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
|
|
|
@ -16,8 +16,8 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir is not none
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir | length > 0
|
||||||
|
|
||||||
- name: Datadir is moved to custom path
|
- name: Datadir is moved to custom path
|
||||||
block:
|
block:
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when:
|
when:
|
||||||
- elasticsearch_custom_datadir != ''
|
- elasticsearch_custom_datadir is not none
|
||||||
- elasticsearch_custom_datadir != None
|
- elasticsearch_custom_datadir | length > 0
|
||||||
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
- elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
|
||||||
- not elasticsearch_custom_datadir_test.stat.exists
|
- not elasticsearch_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
- include: additional_scripts.yml
|
- include: additional_scripts.yml
|
||||||
|
|
||||||
- include: plugin_head.yml
|
- include: plugin_head.yml
|
||||||
when: elasticsearch_plugin_head
|
when: elasticsearch_plugin_head | bool
|
||||||
|
|
||||||
- include: curator.yml
|
- include: curator.yml
|
||||||
when: elasticsearch_curator
|
when: elasticsearch_curator | bool
|
||||||
|
|
|
@ -9,9 +9,14 @@
|
||||||
|
|
||||||
- name: Tmpdir is moved to custom path
|
- name: Tmpdir is moved to custom path
|
||||||
block:
|
block:
|
||||||
- name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
- set_fact:
|
||||||
|
_elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
|
||||||
|
tags:
|
||||||
|
- elasticsearch
|
||||||
|
|
||||||
|
- name: "Create {{ _elasticsearch_custom_tmpdir }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
path: "{{ _elasticsearch_custom_tmpdir }}"
|
||||||
owner: elasticsearch
|
owner: elasticsearch
|
||||||
group: elasticsearch
|
group: elasticsearch
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -22,7 +27,7 @@
|
||||||
- name: change JVM tmpdir (< 6.x)
|
- name: change JVM tmpdir (< 6.x)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/elasticsearch/jvm.options
|
dest: /etc/elasticsearch/jvm.options
|
||||||
line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
|
||||||
regexp: "^-Djava.io.tmpdir="
|
regexp: "^-Djava.io.tmpdir="
|
||||||
insertafter: "## JVM configuration"
|
insertafter: "## JVM configuration"
|
||||||
notify:
|
notify:
|
||||||
|
@ -34,7 +39,7 @@
|
||||||
- name: check if ES_TMPDIR is available (>= 6.x)
|
- name: check if ES_TMPDIR is available (>= 6.x)
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/elasticsearch
|
dest: /etc/default/elasticsearch
|
||||||
line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
|
line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
|
||||||
regexp: "^ES_TMPDIR="
|
regexp: "^ES_TMPDIR="
|
||||||
insertafter: "JAVA_HOME"
|
insertafter: "JAVA_HOME"
|
||||||
notify:
|
notify:
|
||||||
|
@ -54,4 +59,4 @@
|
||||||
tags:
|
tags:
|
||||||
- elasticsearch
|
- elasticsearch
|
||||||
when: elastic_stack_version is version('6', '>=')
|
when: elastic_stack_version is version('6', '>=')
|
||||||
when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0
|
||||||
|
|
|
@ -50,7 +50,7 @@
|
||||||
register: commit_end_run
|
register: commit_end_run
|
||||||
when:
|
when:
|
||||||
- not ansible_check_mode
|
- not ansible_check_mode
|
||||||
- git_status.stdout
|
- git_status.stdout | length > 0
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
|
@ -68,6 +68,6 @@
|
||||||
chdir: "{{ repository_path }}"
|
chdir: "{{ repository_path }}"
|
||||||
warn: no
|
warn: no
|
||||||
register: git_commit
|
register: git_commit
|
||||||
when: git_log.rc != 0 or (git_init is defined and git_init.changed)
|
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
|
||||||
tags:
|
tags:
|
||||||
- etc-git
|
- etc-git
|
||||||
|
|
|
@ -16,4 +16,4 @@
|
||||||
src: "hooks/{{ hook_name }}"
|
src: "hooks/{{ hook_name }}"
|
||||||
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
when: _find_hook.stdout == ""
|
when: _find_hook.stdout | length == 0
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
msg: only compatible with Debian >= 9
|
msg: only compatible with Debian >= 9
|
||||||
when: not evoacme_disable_debian_check
|
when: not (evoacme_disable_debian_check | bool)
|
||||||
|
|
||||||
- include: certbot.yml
|
- include: certbot.yml
|
||||||
|
|
||||||
|
|
|
@ -13,4 +13,4 @@
|
||||||
command: "bkctld restart {{ evolinux_hostname }}"
|
command: "bkctld restart {{ evolinux_hostname }}"
|
||||||
# - "bkctld sync {{ evolinux_hostname }}"
|
# - "bkctld sync {{ evolinux_hostname }}"
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
when: evobackup_client__hosts|length > 1
|
when: evobackup_client__hosts | length > 1
|
||||||
|
|
|
@ -10,6 +10,6 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: evocheck_run.stdout_lines
|
var: evocheck_run.stdout_lines
|
||||||
when: evocheck_run.stdout != ""
|
when: evocheck_run.stdout | length > 0
|
||||||
tags:
|
tags:
|
||||||
- evocheck-exec
|
- evocheck-exec
|
||||||
|
|
|
@ -7,4 +7,4 @@
|
||||||
when: evocheck_force_install == "package"
|
when: evocheck_force_install == "package"
|
||||||
|
|
||||||
- include: cron.yml
|
- include: cron.yml
|
||||||
when: evocheck_update_crontab
|
when: evocheck_update_crontab | bool
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
path: /var/www
|
path: /var/www
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: evolinux_default_www_files
|
when: evolinux_default_www_files | bool
|
||||||
|
|
||||||
- name: images are copied
|
- name: images are copied
|
||||||
copy:
|
copy:
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
directory_mode: "0755"
|
directory_mode: "0755"
|
||||||
follow: yes
|
follow: yes
|
||||||
when: evolinux_default_www_files
|
when: evolinux_default_www_files | bool
|
||||||
|
|
||||||
- name: index is copied
|
- name: index is copied
|
||||||
template:
|
template:
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
dest: /var/www/index.html
|
dest: /var/www/index.html
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: no
|
force: no
|
||||||
when: evolinux_default_www_files
|
when: evolinux_default_www_files | bool
|
||||||
|
|
||||||
# SSL cert
|
# SSL cert
|
||||||
|
|
||||||
|
@ -43,6 +43,6 @@
|
||||||
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||||
args:
|
args:
|
||||||
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
||||||
when: evolinux_default_www_ssl_cert
|
when: evolinux_default_www_ssl_cert | bool
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
notify: remount /home
|
notify: remount /home
|
||||||
when:
|
when:
|
||||||
- fstab_content.stdout | regex_search('\s/home\s')
|
- fstab_content.stdout | regex_search('\s/home\s')
|
||||||
- evolinux_fstab_home
|
- evolinux_fstab_home | bool
|
||||||
|
|
||||||
- name: /tmp partition is customized
|
- name: /tmp partition is customized
|
||||||
replace:
|
replace:
|
||||||
|
@ -26,7 +26,7 @@
|
||||||
replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3'
|
replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3'
|
||||||
when:
|
when:
|
||||||
- fstab_content.stdout | regex_search('\s/tmp\s')
|
- fstab_content.stdout | regex_search('\s/tmp\s')
|
||||||
- evolinux_fstab_tmp
|
- evolinux_fstab_tmp | bool
|
||||||
|
|
||||||
- name: /usr partition is customized
|
- name: /usr partition is customized
|
||||||
replace:
|
replace:
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3'
|
replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3'
|
||||||
when:
|
when:
|
||||||
- fstab_content.stdout | regex_search('\s/usr\s')
|
- fstab_content.stdout | regex_search('\s/usr\s')
|
||||||
- evolinux_fstab_usr
|
- evolinux_fstab_usr | bool
|
||||||
|
|
||||||
- name: /var partition is customized
|
- name: /var partition is customized
|
||||||
replace:
|
replace:
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
notify: remount /var
|
notify: remount /var
|
||||||
when:
|
when:
|
||||||
- fstab_content.stdout | regex_search('\s/var\s')
|
- fstab_content.stdout | regex_search('\s/var\s')
|
||||||
- evolinux_fstab_var
|
- evolinux_fstab_var | bool
|
||||||
|
|
||||||
- name: /var/tmp is created
|
- name: /var/tmp is created
|
||||||
mount:
|
mount:
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}"
|
opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}"
|
||||||
state: mounted
|
state: mounted
|
||||||
when:
|
when:
|
||||||
- evolinux_fstab_var_tmp
|
- evolinux_fstab_var_tmp | bool
|
||||||
|
|
||||||
- name: /dev/shm is created (Debian 10 and later)
|
- name: /dev/shm is created (Debian 10 and later)
|
||||||
mount:
|
mount:
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
opts: "{{ evolinux_fstab_dev_shm_options | mandatory }}"
|
opts: "{{ evolinux_fstab_dev_shm_options | mandatory }}"
|
||||||
state: mounted
|
state: mounted
|
||||||
when:
|
when:
|
||||||
- evolinux_fstab_dev_shm
|
- evolinux_fstab_dev_shm | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -7,14 +7,14 @@
|
||||||
- name: Set hostname "{{ evolinux_hostname }}"
|
- name: Set hostname "{{ evolinux_hostname }}"
|
||||||
hostname:
|
hostname:
|
||||||
name: "{{ evolinux_hostname }}"
|
name: "{{ evolinux_hostname }}"
|
||||||
when: evolinux_hostname_hosts
|
when: evolinux_hostname_hosts | bool
|
||||||
|
|
||||||
- name: Set right localhost line in /etc/hosts
|
- name: Set right localhost line in /etc/hosts
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/hosts
|
dest: /etc/hosts
|
||||||
regexp: '^127.0.0.1(\s+)localhost.*$'
|
regexp: '^127.0.0.1(\s+)localhost.*$'
|
||||||
replace: '127.0.0.1\1localhost.localdomain localhost'
|
replace: '127.0.0.1\1localhost.localdomain localhost'
|
||||||
when: evolinux_hostname_hosts
|
when: evolinux_hostname_hosts | bool
|
||||||
|
|
||||||
- name: Set ip+fqdn+hostname in /etc/hosts
|
- name: Set ip+fqdn+hostname in /etc/hosts
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -22,21 +22,21 @@
|
||||||
regexp: '^{{ ansible_default_ipv4.address }}\s+'
|
regexp: '^{{ ansible_default_ipv4.address }}\s+'
|
||||||
line: "{{ ansible_default_ipv4.address }} {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} {{ [evolinux_hostname, evolinux_internal_hostname] | unique | join(' ') }}"
|
line: "{{ ansible_default_ipv4.address }} {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} {{ [evolinux_hostname, evolinux_internal_hostname] | unique | join(' ') }}"
|
||||||
insertafter: '127.0.0.1\s+localhost.localdomain'
|
insertafter: '127.0.0.1\s+localhost.localdomain'
|
||||||
when: evolinux_hostname_hosts
|
when: evolinux_hostname_hosts | bool
|
||||||
|
|
||||||
- name: 127.0.1.1 is removed
|
- name: 127.0.1.1 is removed
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/hosts
|
dest: /etc/hosts
|
||||||
regexp: '^127.0.1.1\s+'
|
regexp: '^127.0.1.1\s+'
|
||||||
state: absent
|
state: absent
|
||||||
when: evolinux_hostname_hosts
|
when: evolinux_hostname_hosts | bool
|
||||||
|
|
||||||
- name: /etc/mailname is up-to-date
|
- name: /etc/mailname is up-to-date
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/mailname
|
dest: /etc/mailname
|
||||||
content: "{{ evolinux_fqdn }}\n"
|
content: "{{ evolinux_fqdn }}\n"
|
||||||
force: yes
|
force: yes
|
||||||
when: evolinux_hostname_mailname
|
when: evolinux_hostname_mailname | bool
|
||||||
|
|
||||||
# Override facts
|
# Override facts
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
loop:
|
loop:
|
||||||
- { name: kernel.panic_on_oops, value: 1 }
|
- { name: kernel.panic_on_oops, value: 1 }
|
||||||
- { name: kernel.panic, value: 60 }
|
- { name: kernel.panic, value: 60 }
|
||||||
when: evolinux_kernel_reboot_after_panic
|
when: evolinux_kernel_reboot_after_panic | bool
|
||||||
|
|
||||||
- name: Don't reboot after panic
|
- name: Don't reboot after panic
|
||||||
sysctl:
|
sysctl:
|
||||||
|
@ -21,7 +21,7 @@
|
||||||
loop:
|
loop:
|
||||||
- kernel.panic_on_oops
|
- kernel.panic_on_oops
|
||||||
- kernel.panic
|
- kernel.panic
|
||||||
when: not evolinux_kernel_reboot_after_panic
|
when: not evolinux_kernel_reboot_after_panic | bool
|
||||||
|
|
||||||
- name: Disable net.ipv4.tcp_timestamps
|
- name: Disable net.ipv4.tcp_timestamps
|
||||||
sysctl:
|
sysctl:
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||||
state: present
|
state: present
|
||||||
reload: yes
|
reload: yes
|
||||||
when: evolinux_kernel_disable_tcp_timestamps
|
when: evolinux_kernel_disable_tcp_timestamps | bool
|
||||||
|
|
||||||
- name: Customize the swappiness
|
- name: Customize the swappiness
|
||||||
sysctl:
|
sysctl:
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||||
state: present
|
state: present
|
||||||
reload: yes
|
reload: yes
|
||||||
when: evolinux_kernel_customize_swappiness
|
when: evolinux_kernel_customize_swappiness | bool
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerability CVE-2016-5696
|
- name: Patch for TCP stack vulnerability CVE-2016-5696
|
||||||
sysctl:
|
sysctl:
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
|
||||||
state: present
|
state: present
|
||||||
reload: yes
|
reload: yes
|
||||||
when: evolinux_kernel_cve20165696
|
when: evolinux_kernel_cve20165696 | bool
|
||||||
|
|
||||||
- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
|
- name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
|
||||||
sysctl:
|
sysctl:
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
dest: /etc/rsyslog.conf
|
dest: /etc/rsyslog.conf
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart rsyslog
|
notify: restart rsyslog
|
||||||
when: evolinux_logs_rsyslog_conf
|
when: evolinux_logs_rsyslog_conf | bool
|
||||||
|
|
||||||
- name: Disable logrotate default conf
|
- name: Disable logrotate default conf
|
||||||
command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled
|
command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled
|
||||||
|
@ -16,25 +16,25 @@
|
||||||
removes: /etc/logrotate.d/rsyslog
|
removes: /etc/logrotate.d/rsyslog
|
||||||
creates: /etc/logrotate.d/rsyslog.disabled
|
creates: /etc/logrotate.d/rsyslog.disabled
|
||||||
notify: restart rsyslog
|
notify: restart rsyslog
|
||||||
when: evolinux_logs_disable_logrotate_rsyslog
|
when: evolinux_logs_disable_logrotate_rsyslog | bool
|
||||||
|
|
||||||
- name: Copy many logrotate files
|
- name: Copy many logrotate files
|
||||||
copy:
|
copy:
|
||||||
src: logs/logrotate.d/
|
src: logs/logrotate.d/
|
||||||
dest: /etc/logrotate.d/
|
dest: /etc/logrotate.d/
|
||||||
when: evolinux_logs_logrotate_confs
|
when: evolinux_logs_logrotate_confs | bool
|
||||||
|
|
||||||
- name: Copy rsyslog logrotate file
|
- name: Copy rsyslog logrotate file
|
||||||
template:
|
template:
|
||||||
src: logs/zsyslog.j2
|
src: logs/zsyslog.j2
|
||||||
dest: /etc/logrotate.d/zsyslog
|
dest: /etc/logrotate.d/zsyslog
|
||||||
when: evolinux_logs_logrotate_confs
|
when: evolinux_logs_logrotate_confs | bool
|
||||||
|
|
||||||
- name: Configure logrotate.conf
|
- name: Configure logrotate.conf
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/logrotate.conf
|
dest: /etc/logrotate.conf
|
||||||
regexp: "rotate [0-9]+"
|
regexp: "rotate [0-9]+"
|
||||||
replace: "rotate 12"
|
replace: "rotate 12"
|
||||||
when: evolinux_logs_default_rotate
|
when: evolinux_logs_default_rotate | bool
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -13,51 +13,51 @@
|
||||||
vars:
|
vars:
|
||||||
apt_install_basics: "{{ evolinux_apt_replace_default_sources }}"
|
apt_install_basics: "{{ evolinux_apt_replace_default_sources }}"
|
||||||
apt_install_evolix_public: "{{ evolinux_apt_public_sources }}"
|
apt_install_evolix_public: "{{ evolinux_apt_public_sources }}"
|
||||||
when: evolinux_apt_include
|
when: evolinux_apt_include | bool
|
||||||
|
|
||||||
- name: /etc versioning with Git
|
- name: /etc versioning with Git
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/etc-git
|
name: evolix/etc-git
|
||||||
when: evolinux_etcgit_include
|
when: evolinux_etcgit_include | bool
|
||||||
|
|
||||||
- name: /etc/evolinux base
|
- name: /etc/evolinux base
|
||||||
include: etc-evolinux.yml
|
include: etc-evolinux.yml
|
||||||
when: evolinux_etcevolinux_include
|
when: evolinux_etcevolinux_include | bool
|
||||||
|
|
||||||
- name: Hostname
|
- name: Hostname
|
||||||
include: hostname.yml
|
include: hostname.yml
|
||||||
when: evolinux_hostname_include
|
when: evolinux_hostname_include | bool
|
||||||
|
|
||||||
- name: Kernel tuning
|
- name: Kernel tuning
|
||||||
include: kernel.yml
|
include: kernel.yml
|
||||||
when: evolinux_kernel_include
|
when: evolinux_kernel_include | bool
|
||||||
|
|
||||||
- name: Fstab configuration
|
- name: Fstab configuration
|
||||||
include: fstab.yml
|
include: fstab.yml
|
||||||
when: evolinux_fstab_include
|
when: evolinux_fstab_include | bool
|
||||||
|
|
||||||
- name: Packages
|
- name: Packages
|
||||||
include: packages.yml
|
include: packages.yml
|
||||||
when: evolinux_packages_include
|
when: evolinux_packages_include | bool
|
||||||
|
|
||||||
- name: System settings
|
- name: System settings
|
||||||
include: system.yml
|
include: system.yml
|
||||||
when: evolinux_system_include
|
when: evolinux_system_include | bool
|
||||||
|
|
||||||
- name: Minifirewall
|
- name: Minifirewall
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/minifirewall
|
name: evolix/minifirewall
|
||||||
when: evolinux_minifirewall_include
|
when: evolinux_minifirewall_include | bool
|
||||||
|
|
||||||
- name: Evomaintenance
|
- name: Evomaintenance
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/evomaintenance
|
name: evolix/evomaintenance
|
||||||
when: evolinux_evomaintenance_include
|
when: evolinux_evomaintenance_include | bool
|
||||||
|
|
||||||
- name: SSH configuration
|
- name: SSH configuration
|
||||||
include: ssh.yml
|
include: ssh.yml
|
||||||
when: evolinux_ssh_include
|
when: evolinux_ssh_include
|
||||||
|
|
||||||
### disabled because of a memory leak
|
### disabled because of a memory leak
|
||||||
# - name: Create evolinux users
|
# - name: Create evolinux users
|
||||||
# include_role:
|
# include_role:
|
||||||
|
@ -66,66 +66,66 @@
|
||||||
|
|
||||||
- name: Root user configuration
|
- name: Root user configuration
|
||||||
include: root.yml
|
include: root.yml
|
||||||
when: evolinux_root_include
|
when: evolinux_root_include | bool
|
||||||
|
|
||||||
- name: Postfix
|
- name: Postfix
|
||||||
include: postfix.yml
|
include: postfix.yml
|
||||||
when: evolinux_postfix_include
|
when: evolinux_postfix_include | bool
|
||||||
|
|
||||||
- name: Logs management
|
- name: Logs management
|
||||||
include: logs.yml
|
include: logs.yml
|
||||||
when: evolinux_logs_include
|
when: evolinux_logs_include | bool
|
||||||
|
|
||||||
- name: Default index page
|
- name: Default index page
|
||||||
include: default_www.yml
|
include: default_www.yml
|
||||||
when: evolinux_default_www_include
|
when: evolinux_default_www_include | bool
|
||||||
|
|
||||||
- name: Hardware drivers and tools
|
- name: Hardware drivers and tools
|
||||||
include: hardware.yml
|
include: hardware.yml
|
||||||
when: evolinux_hardware_include
|
when: evolinux_hardware_include | bool
|
||||||
|
|
||||||
- name: Customize for Online.net
|
- name: Customize for Online.net
|
||||||
include: provider_online.yml
|
include: provider_online.yml
|
||||||
when: evolinux_provider_online_include
|
when: evolinux_provider_online_include | bool
|
||||||
|
|
||||||
- name: Customize for Orange FCE
|
- name: Customize for Orange FCE
|
||||||
include: provider_orange_fce.yml
|
include: provider_orange_fce.yml
|
||||||
when: evolinux_provider_orange_fce_include
|
when: evolinux_provider_orange_fce_include | bool
|
||||||
|
|
||||||
- name: Override Log2mail service
|
- name: Override Log2mail service
|
||||||
include: log2mail.yml
|
include: log2mail.yml
|
||||||
when: evolinux_log2mail_include
|
when: evolinux_log2mail_include | bool
|
||||||
|
|
||||||
- include: motd.yml
|
- include: motd.yml
|
||||||
|
|
||||||
- name: Munin
|
- name: Munin
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/munin
|
name: evolix/munin
|
||||||
when: evolinux_munin_include
|
when: evolinux_munin_include | bool
|
||||||
|
|
||||||
- name: Nagios/NRPE
|
- name: Nagios/NRPE
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/nagios-nrpe
|
name: evolix/nagios-nrpe
|
||||||
when: evolinux_nagios_nrpe_include
|
when: evolinux_nagios_nrpe_include | bool
|
||||||
|
|
||||||
- name: fail2ban
|
- name: fail2ban
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/fail2ban
|
name: evolix/fail2ban
|
||||||
when: evolinux_fail2ban_include
|
when: evolinux_fail2ban_include | bool
|
||||||
|
|
||||||
- name: Evocheck
|
- name: Evocheck
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/evocheck
|
name: evolix/evocheck
|
||||||
vars:
|
vars:
|
||||||
evocheck_force_install: "{{ evolinux_evocheck_force_install }}"
|
evocheck_force_install: "{{ evolinux_evocheck_force_install }}"
|
||||||
when: evolinux_evocheck_include
|
when: evolinux_evocheck_include | bool
|
||||||
|
|
||||||
- name: Listupgrade
|
- name: Listupgrade
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/listupgrade
|
name: evolix/listupgrade
|
||||||
when: evolinux_listupgrade_include
|
when: evolinux_listupgrade_include | bool
|
||||||
|
|
||||||
- name: Generate ldif script
|
- name: Generate ldif script
|
||||||
include_role:
|
include_role:
|
||||||
name: evolix/generate-ldif
|
name: evolix/generate-ldif
|
||||||
when: evolinux_generateldif_include
|
when: evolinux_generateldif_include | bool
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
- ssl-cert
|
- ssl-cert
|
||||||
- ca-certificates
|
- ca-certificates
|
||||||
- rename
|
- rename
|
||||||
when: evolinux_packages_system
|
when: evolinux_packages_system | bool
|
||||||
|
|
||||||
- name: Install/Update diagnostic tools
|
- name: Install/Update diagnostic tools
|
||||||
apt:
|
apt:
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
- telnet
|
- telnet
|
||||||
- traceroute
|
- traceroute
|
||||||
- man
|
- man
|
||||||
when: evolinux_packages_diagnostic
|
when: evolinux_packages_diagnostic | bool
|
||||||
|
|
||||||
- name: Install/Update hardware tools
|
- name: Install/Update hardware tools
|
||||||
apt:
|
apt:
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
- hdparm
|
- hdparm
|
||||||
- smartmontools
|
- smartmontools
|
||||||
- lm-sensors
|
- lm-sensors
|
||||||
when: evolinux_packages_hardware
|
when: evolinux_packages_hardware | bool
|
||||||
|
|
||||||
- name: Install/Update common tools
|
- name: Install/Update common tools
|
||||||
apt:
|
apt:
|
||||||
|
@ -58,21 +58,21 @@
|
||||||
- bc
|
- bc
|
||||||
- pinentry-curses
|
- pinentry-curses
|
||||||
- ncurses-term
|
- ncurses-term
|
||||||
when: evolinux_packages_common
|
when: evolinux_packages_common | bool
|
||||||
|
|
||||||
- name: Be sure that openntpd package is absent/purged
|
- name: Be sure that openntpd package is absent/purged
|
||||||
apt:
|
apt:
|
||||||
name: openntpd
|
name: openntpd
|
||||||
state: absent
|
state: absent
|
||||||
purge: True
|
purge: True
|
||||||
when: evolinux_packages_purge_openntpd
|
when: evolinux_packages_purge_openntpd | bool
|
||||||
|
|
||||||
- name: the chrony package is absent
|
- name: the chrony package is absent
|
||||||
apt:
|
apt:
|
||||||
name: chrony
|
name: chrony
|
||||||
purge: True
|
purge: True
|
||||||
state: absent
|
state: absent
|
||||||
when: evolinux_packages_purge_chrony
|
when: evolinux_packages_purge_chrony | bool
|
||||||
|
|
||||||
- name: Be sure locate/mlocate is absent/purged
|
- name: Be sure locate/mlocate is absent/purged
|
||||||
apt:
|
apt:
|
||||||
|
@ -81,19 +81,19 @@
|
||||||
- mlocate
|
- mlocate
|
||||||
state: absent
|
state: absent
|
||||||
purge: yes
|
purge: yes
|
||||||
when: evolinux_packages_purge_locate
|
when: evolinux_packages_purge_locate | bool
|
||||||
|
|
||||||
- name: Install/Update serveur-base meta-package
|
- name: Install/Update serveur-base meta-package
|
||||||
apt:
|
apt:
|
||||||
name: serveur-base
|
name: serveur-base
|
||||||
allow_unauthenticated: yes
|
allow_unauthenticated: yes
|
||||||
when: evolinux_packages_serveur_base
|
when: evolinux_packages_serveur_base | bool
|
||||||
|
|
||||||
- name: Install/Update packages for Stretch and later
|
- name: Install/Update packages for Stretch and later
|
||||||
apt:
|
apt:
|
||||||
name: net-tools
|
name: net-tools
|
||||||
when:
|
when:
|
||||||
- evolinux_packages_stretch
|
- evolinux_packages_stretch | bool
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: Install/Update packages for Buster and later
|
- name: Install/Update packages for Buster and later
|
||||||
|
@ -102,7 +102,7 @@
|
||||||
- spectre-meltdown-checker
|
- spectre-meltdown-checker
|
||||||
- binutils
|
- binutils
|
||||||
when:
|
when:
|
||||||
- evolinux_packages_buster
|
- evolinux_packages_buster | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Customize logcheck recipient
|
- name: Customize logcheck recipient
|
||||||
|
@ -110,7 +110,7 @@
|
||||||
dest: /etc/logcheck/logcheck.conf
|
dest: /etc/logcheck/logcheck.conf
|
||||||
regexp: '^SENDMAILTO=".*"$'
|
regexp: '^SENDMAILTO=".*"$'
|
||||||
line: 'SENDMAILTO="{{ logcheck_alert_email or general_alert_email | mandatory }}"'
|
line: 'SENDMAILTO="{{ logcheck_alert_email or general_alert_email | mandatory }}"'
|
||||||
when: evolinux_packages_logcheck_recipient
|
when: evolinux_packages_logcheck_recipient | bool
|
||||||
|
|
||||||
- name: Deleting rpcbind and nfs-common
|
- name: Deleting rpcbind and nfs-common
|
||||||
apt:
|
apt:
|
||||||
|
@ -118,7 +118,7 @@
|
||||||
- rpcbind
|
- rpcbind
|
||||||
- nfs-common
|
- nfs-common
|
||||||
state: absent
|
state: absent
|
||||||
when: evolinux_packages_delete_nfs
|
when: evolinux_packages_delete_nfs | bool
|
||||||
|
|
||||||
|
|
||||||
# TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes)
|
# TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes)
|
||||||
|
@ -132,7 +132,7 @@
|
||||||
- { option: "confirm", value: "1" }
|
- { option: "confirm", value: "1" }
|
||||||
- { option: "which", value: "both" }
|
- { option: "which", value: "both" }
|
||||||
when:
|
when:
|
||||||
- evolinux_packages_listchanges
|
- evolinux_packages_listchanges | bool
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
- ansible_distribution_release == "jessie"
|
- ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
- postfix
|
- postfix
|
||||||
- mailgraph
|
- mailgraph
|
||||||
state: present
|
state: present
|
||||||
when: evolinux_postfix_packages
|
when: evolinux_postfix_packages | bool
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- postfix
|
- postfix
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
line: "{{ item }}: root"
|
line: "{{ item }}: root"
|
||||||
loop: "{{ non_root_users_list.stdout_lines }}"
|
loop: "{{ non_root_users_list.stdout_lines }}"
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_users_alias_root
|
when: evolinux_postfix_users_alias_root | bool
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
- error
|
- error
|
||||||
- bounce
|
- bounce
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_mailer_alias_root
|
when: evolinux_postfix_mailer_alias_root | bool
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@
|
||||||
regexp: "^root:"
|
regexp: "^root:"
|
||||||
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
|
||||||
notify: newaliases
|
notify: newaliases
|
||||||
when: evolinux_postfix_root_alias
|
when: evolinux_postfix_root_alias | bool
|
||||||
tags:
|
tags:
|
||||||
- postfix
|
- postfix
|
||||||
|
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
- exim4-daemon-light
|
- exim4-daemon-light
|
||||||
purge: yes
|
purge: yes
|
||||||
state: absent
|
state: absent
|
||||||
when: evolinux_postfix_purge_exim
|
when: evolinux_postfix_purge_exim | bool
|
||||||
tags:
|
tags:
|
||||||
- packages
|
- packages
|
||||||
- postfix
|
- postfix
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
path: /root
|
path: /root
|
||||||
state: directory
|
state: directory
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
when: evolinux_root_chmod
|
when: evolinux_root_chmod | bool
|
||||||
|
|
||||||
- name: "Customize root's bashrc..."
|
- name: "Customize root's bashrc..."
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
- "export HISTTIMEFORMAT=\"%c : \""
|
- "export HISTTIMEFORMAT=\"%c : \""
|
||||||
- "shopt -s histappend"
|
- "shopt -s histappend"
|
||||||
- "PROMPT_COMMAND=\"history -a;${PROMPT_COMMAND}\""
|
- "PROMPT_COMMAND=\"history -a;${PROMPT_COMMAND}\""
|
||||||
when: evolinux_root_bashrc
|
when: evolinux_root_bashrc | bool
|
||||||
|
|
||||||
## .bash_history should be append-only
|
## .bash_history should be append-only
|
||||||
|
|
||||||
|
@ -28,14 +28,14 @@
|
||||||
content: ""
|
content: ""
|
||||||
dest: "/root/.bash_history"
|
dest: "/root/.bash_history"
|
||||||
force: no
|
force: no
|
||||||
when: evolinux_root_bash_history
|
when: evolinux_root_bash_history | bool
|
||||||
|
|
||||||
- name: Set umask in /root/.profile
|
- name: Set umask in /root/.profile
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/root/.profile"
|
dest: "/root/.profile"
|
||||||
line: "umask 0077"
|
line: "umask 0077"
|
||||||
regexp: "umask [0-9]+"
|
regexp: "umask [0-9]+"
|
||||||
when: evolinux_root_umask
|
when: evolinux_root_umask | bool
|
||||||
|
|
||||||
- name: "/usr/share/scripts is present in root's PATH"
|
- name: "/usr/share/scripts is present in root's PATH"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
src: root/gitconfig
|
src: root/gitconfig
|
||||||
dest: "/root/.gitconfig"
|
dest: "/root/.gitconfig"
|
||||||
force: no
|
force: no
|
||||||
when: evolinux_root_gitconfig
|
when: evolinux_root_gitconfig | bool
|
||||||
|
|
||||||
- name: Is .bash_history append-only
|
- name: Is .bash_history append-only
|
||||||
shell: lsattr /root/.bash_history | grep -E "^.*a.* "
|
shell: lsattr /root/.bash_history | grep -E "^.*a.* "
|
||||||
|
@ -61,7 +61,7 @@
|
||||||
- name: Set .bash_history append-only
|
- name: Set .bash_history append-only
|
||||||
command: chattr +a /root/.bash_history
|
command: chattr +a /root/.bash_history
|
||||||
when:
|
when:
|
||||||
- evolinux_root_bash_history_appendonly
|
- evolinux_root_bash_history_appendonly | bool
|
||||||
- bash_history_append_only.rc != 0
|
- bash_history_append_only.rc != 0
|
||||||
- "'Inappropriate ioctl' not in bash_history_append_only.stderr"
|
- "'Inappropriate ioctl' not in bash_history_append_only.stderr"
|
||||||
|
|
||||||
|
@ -71,7 +71,7 @@
|
||||||
regexp: '^SELECTED_EDITOR='
|
regexp: '^SELECTED_EDITOR='
|
||||||
line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\""
|
line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\""
|
||||||
create: yes
|
create: yes
|
||||||
when: evolinux_root_vim_default
|
when: evolinux_root_vim_default | bool
|
||||||
|
|
||||||
- name: Setting vim root configuration
|
- name: Setting vim root configuration
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -86,7 +86,7 @@
|
||||||
- "set tabstop=4"
|
- "set tabstop=4"
|
||||||
- "set softtabstop=4"
|
- "set softtabstop=4"
|
||||||
- "set shiftwidth=4"
|
- "set shiftwidth=4"
|
||||||
when: evolinux_root_vim_conf
|
when: evolinux_root_vim_conf | bool
|
||||||
|
|
||||||
- name: disable SSH access for root
|
- name: disable SSH access for root
|
||||||
replace:
|
replace:
|
||||||
|
@ -95,7 +95,7 @@
|
||||||
replace: "PermitRootLogin no"
|
replace: "PermitRootLogin no"
|
||||||
validate: '/usr/sbin/sshd -t -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: evolinux_root_disable_ssh
|
when: evolinux_root_disable_ssh | bool
|
||||||
|
|
||||||
### Disabled : it seems useless and too dangerous for now
|
### Disabled : it seems useless and too dangerous for now
|
||||||
# - name: remove root from AllowUsers directive
|
# - name: remove root from AllowUsers directive
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
path: /tmp
|
path: /tmp
|
||||||
state: directory
|
state: directory
|
||||||
mode: "u=rwx,g=rwx,o=rwxt"
|
mode: "u=rwx,g=rwx,o=rwxt"
|
||||||
when: evolinux_system_chmod_tmp
|
when: evolinux_system_chmod_tmp | bool
|
||||||
|
|
||||||
- name: Setting default locales
|
- name: Setting default locales
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
- "fr_FR ISO-8859-1"
|
- "fr_FR ISO-8859-1"
|
||||||
- "fr_FR.UTF-8 UTF-8"
|
- "fr_FR.UTF-8 UTF-8"
|
||||||
register: default_locales
|
register: default_locales
|
||||||
when: evolinux_system_locales
|
when: evolinux_system_locales | bool
|
||||||
|
|
||||||
- name: Reconfigure locales
|
- name: Reconfigure locales
|
||||||
command: /usr/sbin/locale-gen
|
command: /usr/sbin/locale-gen
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
timezone:
|
timezone:
|
||||||
name: "{{ evolinux_system_timezone | mandatory }}"
|
name: "{{ evolinux_system_timezone | mandatory }}"
|
||||||
notify: restart cron
|
notify: restart cron
|
||||||
when: evolinux_system_set_timezone
|
when: evolinux_system_set_timezone | bool
|
||||||
|
|
||||||
# TODO : find a way to force the console-data configuration
|
# TODO : find a way to force the console-data configuration
|
||||||
# non-interactively (like tzdata ↑)
|
# non-interactively (like tzdata ↑)
|
||||||
|
@ -41,13 +41,13 @@
|
||||||
dest: /etc/vim/vimrc
|
dest: /etc/vim/vimrc
|
||||||
regexp: 'let g:skip_defaults_vim ='
|
regexp: 'let g:skip_defaults_vim ='
|
||||||
line: 'let g:skip_defaults_vim = 1'
|
line: 'let g:skip_defaults_vim = 1'
|
||||||
when: evolinux_system_vim_skip_defaults
|
when: evolinux_system_vim_skip_defaults | bool
|
||||||
|
|
||||||
- name: Setting vim as default editor
|
- name: Setting vim as default editor
|
||||||
alternatives:
|
alternatives:
|
||||||
name: editor
|
name: editor
|
||||||
path: /usr/bin/vim.basic
|
path: /usr/bin/vim.basic
|
||||||
when: evolinux_system_vim_default_editor
|
when: evolinux_system_vim_default_editor | bool
|
||||||
|
|
||||||
- name: Add "umask 027" to /etc/profile.d/evolinux.sh
|
- name: Add "umask 027" to /etc/profile.d/evolinux.sh
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -55,14 +55,14 @@
|
||||||
line: "umask 027"
|
line: "umask 027"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
when: evolinux_system_profile
|
when: evolinux_system_profile | bool
|
||||||
|
|
||||||
- name: Set /etc/adduser.conf DIR_MODE to 0700
|
- name: Set /etc/adduser.conf DIR_MODE to 0700
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/adduser.conf
|
dest: /etc/adduser.conf
|
||||||
regexp: "^DIR_MODE=0755$"
|
regexp: "^DIR_MODE=0755$"
|
||||||
replace: "DIR_MODE=0700"
|
replace: "DIR_MODE=0700"
|
||||||
when: evolinux_system_dirmode_adduser
|
when: evolinux_system_dirmode_adduser | bool
|
||||||
|
|
||||||
# TODO: trouver comment ne pas faire ça sur Xen Dom-U
|
# TODO: trouver comment ne pas faire ça sur Xen Dom-U
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@
|
||||||
line: "tty2"
|
line: "tty2"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
when: evolinux_system_restrict_securetty
|
when: evolinux_system_restrict_securetty | bool
|
||||||
|
|
||||||
- name: Setting TMOUT to disconnect inactive users
|
- name: Setting TMOUT to disconnect inactive users
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -80,7 +80,7 @@
|
||||||
line: "export TMOUT=36000"
|
line: "export TMOUT=36000"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
when: evolinux_system_set_timeout
|
when: evolinux_system_set_timeout | bool
|
||||||
|
|
||||||
#- name: Customizing /etc/fstab
|
#- name: Customizing /etc/fstab
|
||||||
|
|
||||||
|
@ -97,7 +97,9 @@
|
||||||
line: "EXTRA_OPTS='-L 15'"
|
line: "EXTRA_OPTS='-L 15'"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
when: is_cron_installed.rc == 0 and evolinux_system_cron_verboselog
|
when:
|
||||||
|
- is_cron_installed.rc == 0
|
||||||
|
- evolinux_system_cron_verboselog | bool
|
||||||
|
|
||||||
- name: Modify default umask for cron deamon
|
- name: Modify default umask for cron deamon
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -105,7 +107,9 @@
|
||||||
line: "umask 022"
|
line: "umask 022"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
when: is_cron_installed.rc == 0 and evolinux_system_cron_umask
|
when:
|
||||||
|
- is_cron_installed.rc == 0
|
||||||
|
- evolinux_system_cron_umask | bool
|
||||||
|
|
||||||
- name: Randomize periodic crontabs
|
- name: Randomize periodic crontabs
|
||||||
replace:
|
replace:
|
||||||
|
@ -117,7 +121,9 @@
|
||||||
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
- { regexp: '^25\s*6((\s*\*){3})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||||
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
- { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||||
- { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
- { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
|
||||||
when: is_cron_installed.rc == 0 and evolinux_system_cron_random
|
when:
|
||||||
|
- is_cron_installed.rc == 0
|
||||||
|
- evolinux_system_cron_random | bool
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/ntpd
|
name: evolix/ntpd
|
||||||
|
@ -131,7 +137,7 @@
|
||||||
force: no
|
force: no
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when:
|
when:
|
||||||
- evolinux_system_alert5_init
|
- evolinux_system_alert5_init | bool
|
||||||
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
- name: Enable alert5 init script (jessie/stretch)
|
- name: Enable alert5 init script (jessie/stretch)
|
||||||
|
@ -139,8 +145,8 @@
|
||||||
name: alert5
|
name: alert5
|
||||||
enabled: yes
|
enabled: yes
|
||||||
when:
|
when:
|
||||||
- evolinux_system_alert5_init
|
- evolinux_system_alert5_init | bool
|
||||||
- evolinux_system_alert5_enable
|
- evolinux_system_alert5_enable | bool
|
||||||
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
- ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
|
||||||
|
|
||||||
|
|
||||||
|
@ -152,7 +158,7 @@
|
||||||
force: no
|
force: no
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when:
|
when:
|
||||||
- evolinux_system_alert5_init
|
- evolinux_system_alert5_init | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Install alert5 service (buster)
|
- name: Install alert5 service (buster)
|
||||||
|
@ -162,7 +168,7 @@
|
||||||
force: yes
|
force: yes
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
when:
|
when:
|
||||||
- evolinux_system_alert5_init
|
- evolinux_system_alert5_init | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
- name: Enable alert5 init script (buster)
|
- name: Enable alert5 init script (buster)
|
||||||
|
@ -171,8 +177,8 @@
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
enabled: yes
|
enabled: yes
|
||||||
when:
|
when:
|
||||||
- evolinux_system_alert5_init
|
- evolinux_system_alert5_init | bool
|
||||||
- evolinux_system_alert5_enable
|
- evolinux_system_alert5_enable | bool
|
||||||
- ansible_distribution_major_version is version('10', '>=')
|
- ansible_distribution_major_version is version('10', '>=')
|
||||||
|
|
||||||
## network interfaces
|
## network interfaces
|
||||||
|
@ -189,7 +195,9 @@
|
||||||
dest: /etc/network/interfaces
|
dest: /etc/network/interfaces
|
||||||
regexp: "allow-hotplug"
|
regexp: "allow-hotplug"
|
||||||
replace: "auto"
|
replace: "auto"
|
||||||
when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0
|
when:
|
||||||
|
- evolinux_system_eni_auto | bool
|
||||||
|
- grep_hotplug_eni.rc == 0
|
||||||
|
|
||||||
## /sbin/deny
|
## /sbin/deny
|
||||||
|
|
||||||
|
|
|
@ -10,4 +10,4 @@
|
||||||
- name: "Content of /etc/evolinux/todo.txt"
|
- name: "Content of /etc/evolinux/todo.txt"
|
||||||
debug:
|
debug:
|
||||||
var: evolinux_todo.stdout_lines
|
var: evolinux_todo.stdout_lines
|
||||||
when: evolinux_todo.stdout != ""
|
when: evolinux_todo.stdout | length > 0
|
||||||
|
|
|
@ -9,22 +9,22 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!"
|
msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!"
|
||||||
when: evolinux_users == {}
|
when: evolinux_users | length == 0
|
||||||
|
|
||||||
- name: Create user accounts
|
- name: Create user accounts
|
||||||
include: user.yml
|
include: user.yml
|
||||||
vars:
|
vars:
|
||||||
user: "{{ item.value }}"
|
user: "{{ item.value }}"
|
||||||
loop: "{{ evolinux_users | dict2items }}"
|
loop: "{{ evolinux_users | dict2items }}"
|
||||||
when: evolinux_users != {}
|
when: evolinux_users | length > 0
|
||||||
|
|
||||||
- name: Configure sudo
|
- name: Configure sudo
|
||||||
include: sudo.yml
|
include: sudo.yml
|
||||||
vars:
|
vars:
|
||||||
user: "{{ item.value }}"
|
user: "{{ item.value }}"
|
||||||
loop: "{{ evolinux_users | dict2items }}"
|
loop: "{{ evolinux_users | dict2items }}"
|
||||||
when: evolinux_users != {}
|
when: evolinux_users | length > 0
|
||||||
|
|
||||||
- name: Configure SSH
|
- name: Configure SSH
|
||||||
include: ssh.yml
|
include: ssh.yml
|
||||||
when: evolinux_users != {}
|
when: evolinux_users | length > 0
|
||||||
|
|
|
@ -59,6 +59,6 @@
|
||||||
regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
|
regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
|
||||||
replace: "PermitRootLogin no"
|
replace: "PermitRootLogin no"
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: evolinux_root_disable_ssh
|
when: evolinux_root_disable_ssh | bool
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -4,6 +4,8 @@
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- include: sudo_stretch.yml
|
- include: sudo_stretch.yml
|
||||||
when: ansible_distribution_major_version is defined and ansible_distribution_major_version is version('9', '>=')
|
when:
|
||||||
|
- ansible_distribution_major_version is defined
|
||||||
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -15,4 +15,4 @@
|
||||||
regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
|
regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
|
||||||
replace: '\1,{{ user.name }}'
|
replace: '\1,{{ user.name }}'
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
when: not copy_sudoers_evolinux.changed
|
when: copy_sudoers_evolinux is not changed
|
||||||
|
|
|
@ -4,11 +4,11 @@
|
||||||
|
|
||||||
- fail:
|
- fail:
|
||||||
msg: "You must provide a value for the 'user.name ' variable."
|
msg: "You must provide a value for the 'user.name ' variable."
|
||||||
when: user.name is not defined or user.name == ''
|
when: user.name is not defined or user.name | length == 0
|
||||||
|
|
||||||
- fail:
|
- fail:
|
||||||
msg: "You must provide a value for the 'user.uid ' variable."
|
msg: "You must provide a value for the 'user.uid ' variable."
|
||||||
when: user.uid is not defined or user.uid == ''
|
when: user.uid is not defined or user.uid | length == 0
|
||||||
|
|
||||||
- name: "Test if '{{ user.name }}' exists"
|
- name: "Test if '{{ user.name }}' exists"
|
||||||
command: 'id -u "{{ user.name }}"'
|
command: 'id -u "{{ user.name }}"'
|
||||||
|
@ -102,7 +102,7 @@
|
||||||
state: present
|
state: present
|
||||||
when:
|
when:
|
||||||
- evolinux_internal_group is defined
|
- evolinux_internal_group is defined
|
||||||
- evolinux_internal_group != ""
|
- evolinux_internal_group | length > 0
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
||||||
|
@ -112,7 +112,7 @@
|
||||||
append: yes
|
append: yes
|
||||||
when:
|
when:
|
||||||
- evolinux_internal_group is defined
|
- evolinux_internal_group is defined
|
||||||
- evolinux_internal_group != ""
|
- evolinux_internal_group | length > 0
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
## Optional secondary groups, defined per user
|
## Optional secondary groups, defined per user
|
||||||
|
@ -125,7 +125,7 @@
|
||||||
loop_var: group
|
loop_var: group
|
||||||
when:
|
when:
|
||||||
- user.groups is defined
|
- user.groups is defined
|
||||||
- user.groups != []
|
- user.groups | length > 0
|
||||||
|
|
||||||
- name: "Unix user '{{ user.name }}' belongs to secondary groups"
|
- name: "Unix user '{{ user.name }}' belongs to secondary groups"
|
||||||
user:
|
user:
|
||||||
|
@ -134,7 +134,7 @@
|
||||||
append: yes
|
append: yes
|
||||||
when:
|
when:
|
||||||
- user.groups is defined
|
- user.groups is defined
|
||||||
- user.groups != []
|
- user.groups | length > 0
|
||||||
|
|
||||||
# Permissions on home directory
|
# Permissions on home directory
|
||||||
|
|
||||||
|
@ -177,7 +177,9 @@
|
||||||
user: "{{ user.name }}"
|
user: "{{ user.name }}"
|
||||||
key: "{{ user.ssh_key }}"
|
key: "{{ user.ssh_key }}"
|
||||||
state: present
|
state: present
|
||||||
when: user.ssh_key is defined
|
when:
|
||||||
|
- user.ssh_key is defined
|
||||||
|
- user.ssh_key | length > 0
|
||||||
|
|
||||||
- name: "SSH public keys for '{{ user.name }}' are present"
|
- name: "SSH public keys for '{{ user.name }}' are present"
|
||||||
authorized_key:
|
authorized_key:
|
||||||
|
@ -187,6 +189,8 @@
|
||||||
loop: "{{ user.ssh_keys }}"
|
loop: "{{ user.ssh_keys }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: ssk_key
|
loop_var: ssk_key
|
||||||
when: user.ssh_keys is defined
|
when:
|
||||||
|
- user.ssh_keys is defined
|
||||||
|
- user.ssh_keys | length > 0
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
name:
|
name:
|
||||||
- postgresql-client
|
- postgresql-client
|
||||||
state: present
|
state: present
|
||||||
when: evomaintenance_hook_db
|
when: evomaintenance_hook_db | bool
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
|
|
||||||
- assert:
|
- assert:
|
||||||
that:
|
that:
|
||||||
|
@ -11,12 +11,12 @@
|
||||||
|
|
||||||
- include: install_package_debian.yml
|
- include: install_package_debian.yml
|
||||||
when:
|
when:
|
||||||
- not evomaintenance_install_vendor
|
- not (evomaintenance_install_vendor | bool)
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
|
|
||||||
- include: install_vendor_debian.yml
|
- include: install_vendor_debian.yml
|
||||||
when:
|
when:
|
||||||
- evomaintenance_install_vendor
|
- evomaintenance_install_vendor | bool
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
|
|
||||||
- include: install_vendor_openbsd.yml
|
- include: install_vendor_openbsd.yml
|
||||||
|
@ -25,5 +25,5 @@
|
||||||
|
|
||||||
- include: minifirewall.yml
|
- include: minifirewall.yml
|
||||||
when:
|
when:
|
||||||
- evomaintenance_hook_db
|
- evomaintenance_hook_db | bool
|
||||||
- ansible_distribution == "Debian"
|
- ansible_distribution == "Debian"
|
||||||
|
|
|
@ -31,6 +31,6 @@
|
||||||
- name: Force restart minifirewall
|
- name: Force restart minifirewall
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify: restart minifirewall
|
notify: restart minifirewall
|
||||||
when: minifirewall_restart_force
|
when: minifirewall_restart_force | bool
|
||||||
tags:
|
tags:
|
||||||
- evomaintenance
|
- evomaintenance
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
|
|
||||||
- name: Include ignoredips update task
|
- name: Include ignoredips update task
|
||||||
include: ip_whitelist.yml
|
include: ip_whitelist.yml
|
||||||
when: fail2ban_force_update_ignore_ips
|
when: fail2ban_force_update_ignore_ips | bool
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
option: enabled
|
option: enabled
|
||||||
value: false
|
value: false
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
when: fail2ban_disable_ssh
|
when: fail2ban_disable_ssh | bool
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,9 @@
|
||||||
register: logstash_plugin_installed
|
register: logstash_plugin_installed
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: filebeat_logstash_plugin and logstash_plugin.stat.exists
|
when:
|
||||||
|
- filebeat_logstash_plugin | bool
|
||||||
|
- logstash_plugin.stat.exists
|
||||||
|
|
||||||
- name: Logstash plugin is installed
|
- name: Logstash plugin is installed
|
||||||
block:
|
block:
|
||||||
|
@ -74,9 +76,9 @@
|
||||||
- name: logstash-plugin install logstash-input-beats
|
- name: logstash-plugin install logstash-input-beats
|
||||||
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
|
command: /usr/share/logstash/bin/logstash-plugin install logstash-input-beats
|
||||||
when:
|
when:
|
||||||
- filebeat_logstash_plugin
|
- filebeat_logstash_plugin | bool
|
||||||
- logstash_plugin.stat.exists
|
- logstash_plugin.stat.exists
|
||||||
- not logstash_plugin_installed | success
|
- not (logstash_plugin_installed | success)
|
||||||
|
|
||||||
# When we don't use a config template (default)
|
# When we don't use a config template (default)
|
||||||
- block:
|
- block:
|
||||||
|
@ -86,7 +88,7 @@
|
||||||
regexp: '^(\s+)(- add_cloud_metadata:)'
|
regexp: '^(\s+)(- add_cloud_metadata:)'
|
||||||
replace: '\1# \2'
|
replace: '\1# \2'
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when: not filebeat_processors_cloud_metadata
|
when: not (filebeat_processors_cloud_metadata | bool)
|
||||||
|
|
||||||
- name: cloud_metadata processor is disabled
|
- name: cloud_metadata processor is disabled
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -94,7 +96,7 @@
|
||||||
line: " - add_cloud_metadata: ~"
|
line: " - add_cloud_metadata: ~"
|
||||||
insert_after: '^processors:'
|
insert_after: '^processors:'
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when: filebeat_processors_cloud_metadata
|
when: filebeat_processors_cloud_metadata | bool
|
||||||
|
|
||||||
- name: Filebeat knows where to find Elasticsearch
|
- name: Filebeat knows where to find Elasticsearch
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -103,8 +105,7 @@
|
||||||
line: " hosts: [\"{{ filebeat_elasticsearch_hosts | join('\", \"') }}\"]"
|
line: " hosts: [\"{{ filebeat_elasticsearch_hosts | join('\", \"') }}\"]"
|
||||||
insertafter: "output.elasticsearch:"
|
insertafter: "output.elasticsearch:"
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when:
|
when: filebeat_elasticsearch_hosts | length > 0
|
||||||
- filebeat_elasticsearch_hosts
|
|
||||||
|
|
||||||
- name: Filebeat protocol for Elasticsearch
|
- name: Filebeat protocol for Elasticsearch
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -126,9 +127,9 @@
|
||||||
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
|
- { regexp: '^ #?password: .*', line: ' password: "{{ filebeat_elasticsearch_auth_password }}"' }
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when:
|
when:
|
||||||
- filebeat_elasticsearch_auth_username
|
- filebeat_elasticsearch_auth_username | length > 0
|
||||||
- filebeat_elasticsearch_auth_password
|
- filebeat_elasticsearch_auth_password | length > 0
|
||||||
when: not filebeat_use_config_template
|
when: not (filebeat_use_config_template | bool)
|
||||||
|
|
||||||
- name: Filebeat api_key for Elasticsearch are configured
|
- name: Filebeat api_key for Elasticsearch are configured
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -137,7 +138,7 @@
|
||||||
line: ' api_key: "{{ filebeat_elasticsearch_auth_api_key }}"'
|
line: ' api_key: "{{ filebeat_elasticsearch_auth_api_key }}"'
|
||||||
insertafter: "output.elasticsearch:"
|
insertafter: "output.elasticsearch:"
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when: filebeat_elasticsearch_auth_api_key
|
when: filebeat_elasticsearch_auth_api_key | length > 0
|
||||||
|
|
||||||
# When we use a config template
|
# When we use a config template
|
||||||
- block:
|
- block:
|
||||||
|
@ -154,5 +155,5 @@
|
||||||
- "templates/filebeat/filebeat.default.yml.j2"
|
- "templates/filebeat/filebeat.default.yml.j2"
|
||||||
- "templates/filebeat.default.yml.j2"
|
- "templates/filebeat.default.yml.j2"
|
||||||
notify: restart filebeat
|
notify: restart filebeat
|
||||||
when: filebeat_update_config
|
when: filebeat_update_config | bool
|
||||||
when: filebeat_use_config_template
|
when: filebeat_use_config_template | bool
|
||||||
|
|
|
@ -84,7 +84,7 @@
|
||||||
- update-config
|
- update-config
|
||||||
|
|
||||||
- include: packages_backports.yml
|
- include: packages_backports.yml
|
||||||
when: haproxy_backports
|
when: haproxy_backports | bool
|
||||||
|
|
||||||
- name: Install HAProxy package
|
- name: Install HAProxy package
|
||||||
apt:
|
apt:
|
||||||
|
@ -108,7 +108,7 @@
|
||||||
- "templates/haproxy/haproxy.default.cfg.j2"
|
- "templates/haproxy/haproxy.default.cfg.j2"
|
||||||
- "templates/haproxy.default.cfg.j2"
|
- "templates/haproxy.default.cfg.j2"
|
||||||
notify: reload haproxy
|
notify: reload haproxy
|
||||||
when: haproxy_update_config
|
when: haproxy_update_config | bool
|
||||||
tags:
|
tags:
|
||||||
- haproxy
|
- haproxy
|
||||||
- config
|
- config
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# when: java_version != 8
|
# when: java_version != 8
|
||||||
|
|
||||||
- include: openjdk.yml
|
- include: openjdk.yml
|
||||||
when: "{{ java_alternative == 'openjdk' }}"
|
when: java_alternative == 'openjdk'
|
||||||
|
|
||||||
- include: oracle.yml
|
- include: oracle.yml
|
||||||
when: "{{ java_alternative == 'oracle' }}"
|
when: java_alternative == 'oracle'
|
||||||
|
|
|
@ -26,6 +26,6 @@
|
||||||
alternatives:
|
alternatives:
|
||||||
name: java
|
name: java
|
||||||
path: "{{ java_bin_path[java_version] }}"
|
path: "{{ java_bin_path[java_version] }}"
|
||||||
when: java_default_alternative
|
when: java_default_alternative | bool
|
||||||
tags:
|
tags:
|
||||||
- java
|
- java
|
||||||
|
|
|
@ -52,6 +52,6 @@
|
||||||
alternatives:
|
alternatives:
|
||||||
name: java
|
name: java
|
||||||
path: "/usr/lib/jvm/oracle-java{{ java_version }}-server-jre-amd64/bin/java"
|
path: "/usr/lib/jvm/oracle-java{{ java_version }}-server-jre-amd64/bin/java"
|
||||||
when: java_default_alternative
|
when: java_default_alternative | bool
|
||||||
tags:
|
tags:
|
||||||
- java
|
- java
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
---
|
||||||
|
|
||||||
- name: install Keepalived service
|
- name: install Keepalived service
|
||||||
apt:
|
apt:
|
||||||
pkg: keepalived
|
pkg: keepalived
|
||||||
|
|
|
@ -126,4 +126,4 @@
|
||||||
# - data
|
# - data
|
||||||
|
|
||||||
- include: proxy_nginx.yml
|
- include: proxy_nginx.yml
|
||||||
when: kibana_proxy_nginx
|
when: kibana_proxy_nginx | bool
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: kvm_libvirt_images_current_real_path_test
|
register: kvm_libvirt_images_current_real_path_test
|
||||||
when: kvm_custom_libvirt_images_path != ''
|
when: kvm_custom_libvirt_images_path | length > 0
|
||||||
|
|
||||||
- name: Images directory is moved to custom path
|
- name: Images directory is moved to custom path
|
||||||
block:
|
block:
|
||||||
|
@ -35,6 +35,6 @@
|
||||||
dest: '/var/lib/libvirt/images'
|
dest: '/var/lib/libvirt/images'
|
||||||
state: link
|
state: link
|
||||||
when:
|
when:
|
||||||
- kvm_custom_libvirt_images_path != ''
|
- kvm_custom_libvirt_images_path | length > 0
|
||||||
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
|
- kvm_custom_libvirt_images_path != kvm_libvirt_images_current_real_path_test.stdout
|
||||||
- not kvm_custom_libvirt_images_path_test.stat.exists
|
- not kvm_custom_libvirt_images_path_test.stat.exists
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
debug:
|
debug:
|
||||||
msg: "WARNING: an LDAP admin password is given, but an ldapvirc file already exists. It will not be updated."
|
msg: "WARNING: an LDAP admin password is given, but an ldapvirc file already exists. It will not be updated."
|
||||||
when:
|
when:
|
||||||
- ldap_admin_password != ""
|
- ldap_admin_password | length > 0
|
||||||
- root_ldapvirc_path.stat.exists
|
- root_ldapvirc_path.stat.exists
|
||||||
|
|
||||||
# Generate ldap password if none is given and ldapvirc is absent
|
# Generate ldap password if none is given and ldapvirc is absent
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
register: new_ldap_admin_password
|
register: new_ldap_admin_password
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when:
|
when:
|
||||||
- ldap_admin_password == ""
|
- ldap_admin_password | length == 0
|
||||||
- not root_ldapvirc_path.stat.exists
|
- not root_ldapvirc_path.stat.exists
|
||||||
|
|
||||||
# Use the generated password or the one found in the file
|
# Use the generated password or the one found in the file
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
|
ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
|
||||||
when:
|
when:
|
||||||
- ldap_admin_password == ""
|
- ldap_admin_password | length == 0
|
||||||
- not root_ldapvirc_path.stat.exists
|
- not root_ldapvirc_path.stat.exists
|
||||||
|
|
||||||
- name: hash password for cn=admin
|
- name: hash password for cn=admin
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
debug:
|
debug:
|
||||||
msg: "WARNING: an LDAP nagios password is given, but a nagios config already exists. It will not be updated."
|
msg: "WARNING: an LDAP nagios password is given, but a nagios config already exists. It will not be updated."
|
||||||
when:
|
when:
|
||||||
- ldap_nagios_password != ""
|
- ldap_nagios_password | length > 0
|
||||||
- nagios_monitoring_plugins_path.stat.exists
|
- nagios_monitoring_plugins_path.stat.exists
|
||||||
|
|
||||||
# Generate ldap password if none is given and nagios config is absent
|
# Generate ldap password if none is given and nagios config is absent
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
name: apg
|
name: apg
|
||||||
state: present
|
state: present
|
||||||
when:
|
when:
|
||||||
- ldap_nagios_password == ""
|
- ldap_nagios_password | length == 0
|
||||||
- not nagios_monitoring_plugins_path.stat.exists
|
- not nagios_monitoring_plugins_path.stat.exists
|
||||||
|
|
||||||
- name: create a password for cn=admin
|
- name: create a password for cn=admin
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
register: new_ldap_nagios_password
|
register: new_ldap_nagios_password
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when:
|
when:
|
||||||
- ldap_nagios_password == ""
|
- ldap_nagios_password | length == 0
|
||||||
- not nagios_monitoring_plugins_path.stat.exists
|
- not nagios_monitoring_plugins_path.stat.exists
|
||||||
|
|
||||||
# Use the generated password or the one found in the file
|
# Use the generated password or the one found in the file
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
ldap_nagios_password: "{{ new_ldap_nagios_password.stdout }}"
|
ldap_nagios_password: "{{ new_ldap_nagios_password.stdout }}"
|
||||||
when:
|
when:
|
||||||
- ldap_nagios_password == ""
|
- ldap_nagios_password | length == 0
|
||||||
- not nagios_monitoring_plugins_path.stat.exists
|
- not nagios_monitoring_plugins_path.stat.exists
|
||||||
|
|
||||||
- name: set params for NRPE check
|
- name: set params for NRPE check
|
||||||
|
|
|
@ -8,9 +8,12 @@
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: "Create {{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}"
|
- set_fact:
|
||||||
|
_logstash_custom_tmpdir: "{{ logstash_custom_tmpdir | default(logstash_default_tmpdir, True) | mandatory }}"
|
||||||
|
|
||||||
|
- name: "Create {{ _logstash_custom_tmpdir }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}"
|
path: "{{ _logstash_custom_tmpdir }}"
|
||||||
owner: logstash
|
owner: logstash
|
||||||
group: logstash
|
group: logstash
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
@ -21,11 +24,11 @@
|
||||||
- name: change JVM tmpdir
|
- name: change JVM tmpdir
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/logstash/jvm.options
|
dest: /etc/logstash/jvm.options
|
||||||
line: "-Djava.io.tmpdir={{ logstash_custom_tmpdir or logstash_default_tmpdir | mandatory }}"
|
line: "-Djava.io.tmpdir={{ _logstash_custom_tmpdir }}"
|
||||||
regexp: "^-Djava.io.tmpdir="
|
regexp: "^-Djava.io.tmpdir="
|
||||||
insertafter: "## JVM configuration"
|
insertafter: "## JVM configuration"
|
||||||
notify:
|
notify:
|
||||||
- restart logstash
|
- restart logstash
|
||||||
tags:
|
tags:
|
||||||
- logstash
|
- logstash
|
||||||
when: (logstash_custom_tmpdir != '' and logstash_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
|
when: (logstash_custom_tmpdir is not none and logstash_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0
|
||||||
|
|
|
@ -28,6 +28,9 @@
|
||||||
name: "{{ lxc_php_version }}"
|
name: "{{ lxc_php_version }}"
|
||||||
container_config:
|
container_config:
|
||||||
- "lxc.mount.entry = /run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0"
|
- "lxc.mount.entry = /run/mysqld {{ php_conf_mysql_socket_dir | replace('/', '', 1) }} none bind,create=dir 0 0"
|
||||||
when: lxc_php_create_mysql_link and php_conf_mysql_socket_dir is string
|
when:
|
||||||
|
- lxc_php_create_mysql_link | bool
|
||||||
|
- php_conf_mysql_socket_dir is not none
|
||||||
|
- php_conf_mysql_socket_dir | length > 0
|
||||||
notify: "Restart container"
|
notify: "Restart container"
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
template: debian
|
template: debian
|
||||||
state: stopped
|
state: stopped
|
||||||
template_options: "--arch amd64 --release {{ release }}"
|
template_options: "--arch amd64 --release {{ release }}"
|
||||||
when: container_exists.stdout_lines == []
|
when: container_exists.stdout_lines | length == 0
|
||||||
|
|
||||||
- name: "Disable network configuration inside container {{ name }}"
|
- name: "Disable network configuration inside container {{ name }}"
|
||||||
replace:
|
replace:
|
||||||
|
|
|
@ -24,13 +24,13 @@
|
||||||
failed_when: false
|
failed_when: false
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: root_subuids
|
register: root_subuids
|
||||||
when: lxc_unprivilegied_containers
|
when: lxc_unprivilegied_containers | bool
|
||||||
|
|
||||||
- name: Add subuid and subgid ranges to root
|
- name: Add subuid and subgid ranges to root
|
||||||
command: usermod -v 100000-199999 -w 100000-109999 root
|
command: usermod -v 100000-199999 -w 100000-109999 root
|
||||||
when:
|
when:
|
||||||
- lxc_unprivilegied_containers
|
- lxc_unprivilegied_containers | bool
|
||||||
- root_subuids.rc
|
- root_subuids.rc != 0
|
||||||
|
|
||||||
- name: Create containers
|
- name: Create containers
|
||||||
include: create-container.yml
|
include: create-container.yml
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
notify: restart memcached
|
notify: restart memcached
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name == ""
|
when: memcached_instance_name | length == 0
|
||||||
|
|
||||||
- name: Memcached is running and enabled on boot.
|
- name: Memcached is running and enabled on boot.
|
||||||
service:
|
service:
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
state: started
|
state: started
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name == ""
|
when: memcached_instance_name | length == 0
|
||||||
|
|
||||||
- name: Add systemd template
|
- name: Add systemd template
|
||||||
copy:
|
copy:
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
dest: /etc/systemd/system/memcached@.service
|
dest: /etc/systemd/system/memcached@.service
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- name: Delete default memcached systemd configuration file
|
- name: Delete default memcached systemd configuration file
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
state: stopped
|
state: stopped
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- name: Make sure memcached.conf is absent
|
- name: Make sure memcached.conf is absent
|
||||||
file:
|
file:
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
state: absent
|
state: absent
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- name: Create a configuration file
|
- name: Create a configuration file
|
||||||
template:
|
template:
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- name: Enable and start the memcached instance
|
- name: Enable and start the memcached instance
|
||||||
systemd:
|
systemd:
|
||||||
|
@ -67,7 +67,7 @@
|
||||||
masked: no
|
masked: no
|
||||||
tags:
|
tags:
|
||||||
- memcached
|
- memcached
|
||||||
when: memcached_instance_name != ""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- include: munin.yml
|
- include: munin.yml
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
- name: Choose packages (Oracle)
|
- name: Choose packages (Oracle)
|
||||||
set_fact:
|
set_fact:
|
||||||
multi: "multi_"
|
multi: "multi_"
|
||||||
when: memcached_instance_name !=""
|
when: memcached_instance_name | length > 0
|
||||||
|
|
||||||
- name: is Munin present ?
|
- name: is Munin present ?
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -61,8 +61,7 @@
|
||||||
line: " hosts: [\"{{ metricbeat_elasticsearch_hosts | join('\", \"') }}\"]"
|
line: " hosts: [\"{{ metricbeat_elasticsearch_hosts | join('\", \"') }}\"]"
|
||||||
insertafter: "output.elasticsearch:"
|
insertafter: "output.elasticsearch:"
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when:
|
when: metricbeat_elasticsearch_hosts | length > 0
|
||||||
- metricbeat_elasticsearch_hosts
|
|
||||||
|
|
||||||
- name: Metricbeat protocol for Elasticsearch
|
- name: Metricbeat protocol for Elasticsearch
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -84,8 +83,8 @@
|
||||||
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
|
- { regexp: '^ #?password: .*', line: ' password: "{{ metricbeat_elasticsearch_auth_password }}"' }
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when:
|
when:
|
||||||
- metricbeat_elasticsearch_auth_username
|
- metricbeat_elasticsearch_auth_username | length > 0
|
||||||
- metricbeat_elasticsearch_auth_password
|
- metricbeat_elasticsearch_auth_password | length > 0
|
||||||
|
|
||||||
- name: Metricbeat api_key for Elasticsearch are configured
|
- name: Metricbeat api_key for Elasticsearch are configured
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -94,7 +93,7 @@
|
||||||
line: ' api_key: "{{ metricbeat_elasticsearch_auth_api_key }}"'
|
line: ' api_key: "{{ metricbeat_elasticsearch_auth_api_key }}"'
|
||||||
insertafter: "output.elasticsearch:"
|
insertafter: "output.elasticsearch:"
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when: metricbeat_elasticsearch_auth_api_key
|
when: metricbeat_elasticsearch_auth_api_key | length > 0
|
||||||
|
|
||||||
- name: disable cloud_metadata
|
- name: disable cloud_metadata
|
||||||
replace:
|
replace:
|
||||||
|
@ -102,7 +101,7 @@
|
||||||
regexp: '^(\s+)(- add_cloud_metadata:)'
|
regexp: '^(\s+)(- add_cloud_metadata:)'
|
||||||
replace: '\1# \2'
|
replace: '\1# \2'
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when: not metricbeat_processors_cloud_metadata
|
when: not (metricbeat_processors_cloud_metadata | bool)
|
||||||
|
|
||||||
- name: cloud_metadata processor is disabled
|
- name: cloud_metadata processor is disabled
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -110,8 +109,8 @@
|
||||||
line: " - add_cloud_metadata: ~"
|
line: " - add_cloud_metadata: ~"
|
||||||
insert_after: '^processors:'
|
insert_after: '^processors:'
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when: metricbeat_processors_cloud_metadata
|
when: metricbeat_processors_cloud_metadata | bool
|
||||||
when: not metricbeat_use_config_template
|
when: not (metricbeat_use_config_template | bool)
|
||||||
|
|
||||||
# When we use a config template
|
# When we use a config template
|
||||||
- block:
|
- block:
|
||||||
|
@ -128,5 +127,5 @@
|
||||||
- "templates/metricbeat/metricbeat.default.yml.j2"
|
- "templates/metricbeat/metricbeat.default.yml.j2"
|
||||||
- "templates/metricbeat.default.yml.j2"
|
- "templates/metricbeat.default.yml.j2"
|
||||||
notify: restart metricbeat
|
notify: restart metricbeat
|
||||||
when: metricbeat_update_config
|
when: metricbeat_update_config | bool
|
||||||
when: metricbeat_use_config_template
|
when: metricbeat_use_config_template | bool
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
replace: '/etc/init.d/minifirewall start'
|
replace: '/etc/init.d/minifirewall start'
|
||||||
when:
|
when:
|
||||||
- initd_alert5.stat.exists
|
- initd_alert5.stat.exists
|
||||||
- minifirewall_autostart
|
- minifirewall_autostart | bool
|
||||||
|
|
||||||
- name: check if /usr/share/scripts/alert5 exists
|
- name: check if /usr/share/scripts/alert5 exists
|
||||||
stat:
|
stat:
|
||||||
|
@ -26,4 +26,4 @@
|
||||||
replace: '/etc/init.d/minifirewall start'
|
replace: '/etc/init.d/minifirewall start'
|
||||||
when:
|
when:
|
||||||
- usr_share_scripts_alert5.stat.exists
|
- usr_share_scripts_alert5.stat.exists
|
||||||
- minifirewall_autostart
|
- minifirewall_autostart | bool
|
||||||
|
|
|
@ -39,8 +39,7 @@
|
||||||
|
|
||||||
- name: Verify that at least 1 trusted IP is provided
|
- name: Verify that at least 1 trusted IP is provided
|
||||||
assert:
|
assert:
|
||||||
that:
|
that: minifirewall_trusted_ips | length > 0
|
||||||
- minifirewall_trusted_ips != []
|
|
||||||
msg: You must provide at least 1 trusted IP
|
msg: You must provide at least 1 trusted IP
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
|
@ -191,7 +190,7 @@
|
||||||
dest: "{{ minifirewall_main_file }}"
|
dest: "{{ minifirewall_main_file }}"
|
||||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||||
state: absent
|
state: absent
|
||||||
when: evomaintenance_hosts != []
|
when: evomaintenance_hosts | length > 0
|
||||||
|
|
||||||
- name: Stat minifirewall config file (after)
|
- name: Stat minifirewall config file (after)
|
||||||
stat:
|
stat:
|
||||||
|
@ -207,7 +206,7 @@
|
||||||
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
||||||
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
||||||
when:
|
when:
|
||||||
- minifirewall_restart_if_needed
|
- minifirewall_restart_if_needed | bool
|
||||||
- minifirewall_is_running.rc == 0
|
- minifirewall_is_running.rc == 0
|
||||||
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
|
- minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
|
||||||
|
|
||||||
|
@ -216,7 +215,7 @@
|
||||||
register: minifirewall_init_restart
|
register: minifirewall_init_restart
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: not minifirewall_restart_if_needed
|
when: not (minifirewall_restart_if_needed | bool)
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: minifirewall_init_restart
|
var: minifirewall_init_restart
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: Compose minifirewall_restart_handler_name variable
|
- name: Compose minifirewall_restart_handler_name variable
|
||||||
set_fact:
|
set_fact:
|
||||||
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
minifirewall_restart_handler_name: "{{ minifirewall_restart_if_needed | bool | ternary('restart minifirewall', 'restart minifirewall (noop)') }}"
|
||||||
|
|
||||||
- include: install.yml
|
- include: install.yml
|
||||||
|
|
||||||
|
@ -13,10 +13,10 @@
|
||||||
- include: activate.yml
|
- include: activate.yml
|
||||||
|
|
||||||
- include: tail.yml
|
- include: tail.yml
|
||||||
when: minifirewall_tail_included
|
when: minifirewall_tail_included | bool
|
||||||
|
|
||||||
- name: Force restart minifirewall
|
- name: Force restart minifirewall
|
||||||
command: /bin/true
|
command: /bin/true
|
||||||
notify: restart minifirewall
|
notify: restart minifirewall
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: minifirewall_restart_force
|
when: minifirewall_restart_force | bool
|
||||||
|
|
|
@ -39,14 +39,14 @@
|
||||||
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
||||||
when:
|
when:
|
||||||
- minifirewall_tail_template is changed
|
- minifirewall_tail_template is changed
|
||||||
- minifirewall_restart_if_needed
|
- minifirewall_restart_if_needed | bool
|
||||||
|
|
||||||
- name: restart minifirewall (noop)
|
- name: restart minifirewall (noop)
|
||||||
meta: noop
|
meta: noop
|
||||||
register: minifirewall_init_restart
|
register: minifirewall_init_restart
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
when: not minifirewall_restart_if_needed
|
when: not (minifirewall_restart_if_needed | bool)
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: minifirewall_init_restart
|
var: minifirewall_init_restart
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
name: mongod
|
name: mongod
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
when: _mongodb_install_package.changed
|
when: _mongodb_install_package is changed
|
||||||
|
|
||||||
- name: install dependency for monitoring
|
- name: install dependency for monitoring
|
||||||
apt:
|
apt:
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_datadir_test
|
register: mysql_current_real_datadir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_datadir != ''
|
when: mysql_custom_datadir | length > 0
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_datadir != ''
|
- mysql_custom_datadir | length > 0
|
||||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
- not mysql_custom_datadir_test.stat.exists
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -47,9 +47,11 @@
|
||||||
loop:
|
loop:
|
||||||
- { option: 'user', value: 'nrpe' }
|
- { option: 'user', value: 'nrpe' }
|
||||||
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
||||||
when: create_nrpe_user.changed
|
when: create_nrpe_user is changed
|
||||||
|
|
||||||
when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password)
|
when:
|
||||||
|
- nrpe_evolix_config.stat.exists
|
||||||
|
- (not nrpe_my_cnf.stat.exists or (mysql_force_new_nrpe_password | bool))
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- nrpe
|
- nrpe
|
||||||
|
|
|
@ -87,7 +87,7 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- packages
|
- packages
|
||||||
when: mysql_install_libclient
|
when: mysql_install_libclient | bool
|
||||||
|
|
||||||
- name: MySQL is started
|
- name: MySQL is started
|
||||||
systemd:
|
systemd:
|
||||||
|
|
|
@ -20,4 +20,4 @@
|
||||||
notify: "{{ mysql_restart_handler_name }}"
|
notify: "{{ mysql_restart_handler_name }}"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_tmpdir != ''
|
when: mysql_custom_tmpdir | length > 0
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
_mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}"
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Scripts directory exists
|
- name: Scripts directory exists
|
||||||
file:
|
file:
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}"
|
dest: "{{ _mysql_scripts_dir }}"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
tags:
|
tags:
|
||||||
|
@ -95,12 +98,12 @@
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: mysqltuner is installed
|
- name: mysqltuner is installed
|
||||||
# copy:
|
# copy:
|
||||||
# src: mysqltuner.pl
|
# src: mysqltuner.pl
|
||||||
# dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl"
|
# dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl"
|
||||||
# mode: "0700"
|
# mode: "0700"
|
||||||
apt:
|
apt:
|
||||||
name: mysqltuner
|
name: mysqltuner
|
||||||
|
@ -121,12 +124,12 @@
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: mysql-optimize.sh is installed
|
- name: mysql-optimize.sh is installed
|
||||||
copy:
|
copy:
|
||||||
src: mysql-optimize.sh
|
src: mysql-optimize.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
@ -143,7 +146,7 @@
|
||||||
|
|
||||||
- name: "Enable cron to optimize MySQL"
|
- name: "Enable cron to optimize MySQL"
|
||||||
file:
|
file:
|
||||||
src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
||||||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||||
state: link
|
state: link
|
||||||
when: mysql_cron_optimize | bool
|
when: mysql_cron_optimize | bool
|
||||||
|
@ -192,12 +195,12 @@
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Install my-add.sh
|
- name: Install my-add.sh
|
||||||
copy:
|
copy:
|
||||||
src: my-add.sh
|
src: my-add.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh"
|
dest: "{{ _mysql_scripts_dir }}/my-add.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
|
@ -42,4 +42,4 @@
|
||||||
name: mysql
|
name: mysql
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
notify: "{{ mysql_restart_handler_name }}"
|
notify: "{{ mysql_restart_handler_name }}"
|
||||||
when: mariadb_systemd_override.changed
|
when: mariadb_systemd_override is changed
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_datadir_test
|
register: mysql_current_real_datadir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_datadir != ''
|
when: mysql_custom_datadir | length > 0
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_datadir != ''
|
- mysql_custom_datadir | length > 0
|
||||||
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
- not mysql_custom_datadir_test.stat.exists
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
register: mysql_current_real_logdir_test
|
register: mysql_current_real_logdir_test
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_logdir != ''
|
when: mysql_custom_logdir | length > 0
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: MySQL is stopped
|
- name: MySQL is stopped
|
||||||
|
@ -40,6 +40,6 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when:
|
when:
|
||||||
- mysql_custom_logdir != ''
|
- mysql_custom_logdir | length > 0
|
||||||
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
|
||||||
- not mysql_custom_logdir_test.stat.exists
|
- not mysql_custom_logdir_test.stat.exists
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
- include: replication.yml
|
- include: replication.yml
|
||||||
when: mysql_replication
|
when: mysql_replication | bool
|
||||||
|
|
||||||
- include: datadir.yml
|
- include: datadir.yml
|
||||||
|
|
||||||
|
|
|
@ -47,9 +47,11 @@
|
||||||
loop:
|
loop:
|
||||||
- { option: 'user', value: 'nrpe' }
|
- { option: 'user', value: 'nrpe' }
|
||||||
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
||||||
when: create_nrpe_user.changed
|
when: create_nrpe_user is changed
|
||||||
|
|
||||||
when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password)
|
when:
|
||||||
|
- nrpe_evolix_config.stat.exists
|
||||||
|
- (not nrpe_my_cnf.stat.exists or (mysql_force_new_nrpe_password | bool))
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- nrpe
|
- nrpe
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- packages
|
- packages
|
||||||
when: mysql_install_libclient
|
when: mysql_install_libclient | bool
|
||||||
|
|
||||||
- name: MySQL is started
|
- name: MySQL is started
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- packages
|
- packages
|
||||||
when: mysql_install_libclient
|
when: mysql_install_libclient | bool
|
||||||
|
|
||||||
- name: MySQL is started
|
- name: MySQL is started
|
||||||
service:
|
service:
|
||||||
|
|
|
@ -20,4 +20,4 @@
|
||||||
notify: "{{ mysql_restart_handler_name }}"
|
notify: "{{ mysql_restart_handler_name }}"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_tmpdir != ''
|
when: mysql_custom_tmpdir | length > 0
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
loop:
|
loop:
|
||||||
- { option: 'user', value: 'mysqladmin' }
|
- { option: 'user', value: 'mysqladmin' }
|
||||||
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
||||||
when: create_mysqladmin_user.changed
|
when: create_mysqladmin_user is changed
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
loop:
|
loop:
|
||||||
- { option: 'user', value: 'mysqladmin' }
|
- { option: 'user', value: 'mysqladmin' }
|
||||||
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
- { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
|
||||||
when: create_mysqladmin_user.changed
|
when: create_mysqladmin_user is changed
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@
|
||||||
_credentials:
|
_credentials:
|
||||||
- { option: 'user', value: 'debian-sys-maint' }
|
- { option: 'user', value: 'debian-sys-maint' }
|
||||||
- { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
|
- { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
|
||||||
when: create_debian_user.changed
|
when: create_debian_user is changed
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
_mysql_scripts_dir: "{{ mysql_scripts_dir | default(general_scripts_dir, True) | mandatory }}"
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Ensure scripts directory exists
|
- name: Ensure scripts directory exists
|
||||||
file:
|
file:
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}"
|
dest: "{{ _mysql_scripts_dir }}"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
state: directory
|
state: directory
|
||||||
tags:
|
tags:
|
||||||
|
@ -62,12 +65,12 @@
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Install mysqltuner
|
- name: Install mysqltuner
|
||||||
# copy:
|
# copy:
|
||||||
# src: mysqltuner.pl
|
# src: mysqltuner.pl
|
||||||
# dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl"
|
# dest: "{{ _mysql_scripts_dir }}/mysqltuner.pl"
|
||||||
# mode: "0700"
|
# mode: "0700"
|
||||||
apt:
|
apt:
|
||||||
name: mysqltuner
|
name: mysqltuner
|
||||||
|
@ -98,12 +101,12 @@
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Optimize script for MySQL
|
- name: Optimize script for MySQL
|
||||||
copy:
|
copy:
|
||||||
src: mysql-optimize.sh
|
src: mysql-optimize.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
dest: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
@ -118,10 +121,10 @@
|
||||||
|
|
||||||
- name: "Enable cron to optimize MySQL"
|
- name: "Enable cron to optimize MySQL"
|
||||||
file:
|
file:
|
||||||
src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh"
|
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
|
||||||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||||
state: link
|
state: link
|
||||||
when: mysql_cron_optimize
|
when: mysql_cron_optimize | bool
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -129,7 +132,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not mysql_cron_optimize
|
when: not (mysql_cron_optimize | bool)
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -146,7 +149,7 @@
|
||||||
src: mysqltuner.cron.sh
|
src: mysqltuner.cron.sh
|
||||||
dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
|
dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: mysql_cron_mysqltuner
|
when: mysql_cron_mysqltuner | bool
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -154,7 +157,7 @@
|
||||||
file:
|
file:
|
||||||
dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
|
dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh
|
||||||
state: absent
|
state: absent
|
||||||
when: not mysql_cron_mysqltuner
|
when: not (mysql_cron_mysqltuner | bool)
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
|
|
||||||
|
@ -162,12 +165,12 @@
|
||||||
|
|
||||||
- include_role:
|
- include_role:
|
||||||
name: evolix/remount-usr
|
name: evolix/remount-usr
|
||||||
when: (mysql_scripts_dir or general_scripts_dir) is search ("/usr")
|
when: _mysql_scripts_dir is search ("/usr")
|
||||||
|
|
||||||
- name: Install my-add.sh
|
- name: Install my-add.sh
|
||||||
copy:
|
copy:
|
||||||
src: my-add.sh
|
src: my-add.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh"
|
dest: "{{ _mysql_scripts_dir }}/my-add.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
force: "{{ mysql_force_myadd_script }}"
|
force: "{{ mysql_force_myadd_script }}"
|
||||||
tags:
|
tags:
|
||||||
|
@ -183,7 +186,7 @@
|
||||||
- name: "Install save_mysql_processlist.sh"
|
- name: "Install save_mysql_processlist.sh"
|
||||||
copy:
|
copy:
|
||||||
src: save_mysql_processlist.sh
|
src: save_mysql_processlist.sh
|
||||||
dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/save_mysql_processlist.sh"
|
dest: "{{ _mysql_scripts_dir }}/save_mysql_processlist.sh"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
force: no
|
force: no
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
regexp: '^allowed_hosts='
|
regexp: '^allowed_hosts='
|
||||||
insertafter: '# Allowed IPs'
|
insertafter: '# Allowed IPs'
|
||||||
notify: restart nagios-nrpe-server
|
notify: restart nagios-nrpe-server
|
||||||
when: nagios_nrpe_force_update_allowed_hosts
|
when: nagios_nrpe_force_update_allowed_hosts | bool
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,9 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: A /etc/network/interfaces file already exists, nothing is done.
|
msg: A /etc/network/interfaces file already exists, nothing is done.
|
||||||
when: interfaces_file.stat.exists and not force_update_eni_file
|
when:
|
||||||
|
- interfaces_file.stat.exists
|
||||||
|
- not (force_update_eni_file | bool)
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: "Look for systemd network config"
|
- name: "Look for systemd network config"
|
||||||
|
@ -38,7 +40,7 @@
|
||||||
- eni_ipv6_address | ipv6
|
- eni_ipv6_address | ipv6
|
||||||
- eni_ipv6_gateway | ipv6
|
- eni_ipv6_gateway | ipv6
|
||||||
msg: "IPv6 configuration is invalid"
|
msg: "IPv6 configuration is invalid"
|
||||||
when: eni_ipv6_address or eni_ipv6_gateway
|
when: (eni_ipv6_address | length > 0) or (eni_ipv6_gateway | length > 0)
|
||||||
|
|
||||||
- name: "A new /etc/network/interfaces is generated"
|
- name: "A new /etc/network/interfaces is generated"
|
||||||
template:
|
template:
|
||||||
|
@ -63,4 +65,4 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: You should verify your configuration, then reboot the server.
|
msg: You should verify your configuration, then reboot the server.
|
||||||
when: force_update_eni_file or not interfaces_file.stat.exists
|
when: (force_update_eni_file | bool) or (not interfaces_file.stat.exists)
|
||||||
|
|
|
@ -4,10 +4,10 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
eni_ipv4_address: "{{ ansible_default_ipv4.address | ipv4 }}"
|
eni_ipv4_address: "{{ ansible_default_ipv4.address | ipv4 }}"
|
||||||
eni_ipv4_gateway: "{{ ansible_default_ipv4.gateway | ipv4 }}"
|
eni_ipv4_gateway: "{{ ansible_default_ipv4.gateway | ipv4 }}"
|
||||||
when: ansible_default_ipv4
|
when: ansible_default_ipv4 | length > 0
|
||||||
|
|
||||||
- name: Prepare variables (IPv6)
|
- name: Prepare variables (IPv6)
|
||||||
set_fact:
|
set_fact:
|
||||||
eni_ipv6_address: "{{ ansible_default_ipv6.address | ipv6 | first }}"
|
eni_ipv6_address: "{{ ansible_default_ipv6.address | ipv6 | first }}"
|
||||||
eni_ipv6_gateway: "{{ ansible_default_ipv6.gateway | ipv6 | first }}"
|
eni_ipv6_gateway: "{{ ansible_default_ipv6.gateway | ipv6 | first }}"
|
||||||
when: ansible_default_ipv6
|
when: ansible_default_ipv6 | length > 0
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
- include: sources.yml
|
- include: sources.yml
|
||||||
|
|
||||||
- include: php.yml
|
- include: php.yml
|
||||||
when: newrelic_php
|
when: newrelic_php | bool
|
||||||
|
|
||||||
- include: sysmond.yml
|
- include: sysmond.yml
|
||||||
when: newrelic_sysmond
|
when: newrelic_sysmond | bool
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
question: "newrelic-php5/application-name"
|
question: "newrelic-php5/application-name"
|
||||||
value: "{{ newrelic_appname }}"
|
value: "{{ newrelic_appname }}"
|
||||||
vtype: string
|
vtype: string
|
||||||
when: newrelic_appname != ""
|
when: newrelic_appname | length > 0
|
||||||
|
|
||||||
- name: Pre-seed package configuration with license
|
- name: Pre-seed package configuration with license
|
||||||
debconf:
|
debconf:
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
question: "newrelic-php5/license-key"
|
question: "newrelic-php5/license-key"
|
||||||
value: "{{ newrelic_license }}"
|
value: "{{ newrelic_license }}"
|
||||||
vtype: "string"
|
vtype: "string"
|
||||||
when: newrelic_license != ""
|
when: newrelic_license | length > 0
|
||||||
|
|
||||||
- name: list newrelic config files
|
- name: list newrelic config files
|
||||||
shell: "find /etc/php* -type f -name newrelic.ini"
|
shell: "find /etc/php* -type f -name newrelic.ini"
|
||||||
|
|
|
@ -9,5 +9,5 @@
|
||||||
dest: /etc/newrelic/nrsysmond.cfg
|
dest: /etc/newrelic/nrsysmond.cfg
|
||||||
regexp: "license_key=REPLACE_WITH_REAL_KEY"
|
regexp: "license_key=REPLACE_WITH_REAL_KEY"
|
||||||
replace: "license_key={{ newrelic_license }}"
|
replace: "license_key={{ newrelic_license }}"
|
||||||
when: newrelic_license != ""
|
when: newrelic_license | length > 0
|
||||||
notify: restart newrelic-sysmond
|
notify: restart newrelic-sysmond
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "Nginx minimal mode has been removed, falling back to normal mode."
|
msg: "Nginx minimal mode has been removed, falling back to normal mode."
|
||||||
when: nginx_minimal
|
when: nginx_minimal | bool
|
||||||
|
|
||||||
- include: packages.yml
|
- include: packages.yml
|
||||||
|
|
||||||
|
@ -112,7 +112,7 @@
|
||||||
state: link
|
state: link
|
||||||
force: yes
|
force: yes
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
when: nginx_evolinux_default_enabled
|
when: nginx_evolinux_default_enabled | bool
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
- set_fact:
|
- set_fact:
|
||||||
nginx_package_name_default: nginx-light
|
nginx_package_name_default: nginx-light
|
||||||
when: nginx_minimal
|
when: nginx_minimal | bool
|
||||||
|
|
||||||
- include: packages_backports.yml
|
- include: packages_backports.yml
|
||||||
when: nginx_backports
|
when: nginx_backports | bool
|
||||||
|
|
||||||
# TODO: install "nginx" + only necessary modules, instead of "nginx-full"
|
# TODO: install "nginx" + only necessary modules, instead of "nginx-full"
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ nginx_serverstatus_suffix }}\u000A"
|
content: "{{ nginx_serverstatus_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: nginx_serverstatus_suffix != ""
|
when: nginx_serverstatus_suffix | length > 0
|
||||||
|
|
||||||
- name: generate random string for server-status suffix
|
- name: generate random string for server-status suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
|
||||||
|
|
|
@ -48,4 +48,4 @@
|
||||||
- nodejs
|
- nodejs
|
||||||
|
|
||||||
- include: yarn.yml
|
- include: yarn.yml
|
||||||
when: nodejs_install_yarn
|
when: nodejs_install_yarn | bool
|
||||||
|
|
|
@ -89,7 +89,7 @@
|
||||||
- include: awstats.yml
|
- include: awstats.yml
|
||||||
|
|
||||||
- include: fhs_retrictions.yml
|
- include: fhs_retrictions.yml
|
||||||
when: packweb_fhs_retrictions
|
when: packweb_fhs_retrictions | bool
|
||||||
|
|
||||||
- name: Periodically cache ftp directory sizes for ftpadmin.sh
|
- name: Periodically cache ftp directory sizes for ftpadmin.sh
|
||||||
cron:
|
cron:
|
||||||
|
|
|
@ -53,7 +53,7 @@
|
||||||
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
# The last character "\u000A" is a line feed (LF), it's better to keep it
|
||||||
content: "{{ packweb_phpmyadmin_suffix }}\u000A"
|
content: "{{ packweb_phpmyadmin_suffix }}\u000A"
|
||||||
force: yes
|
force: yes
|
||||||
when: packweb_phpmyadmin_suffix != ""
|
when: packweb_phpmyadmin_suffix | length > 0
|
||||||
|
|
||||||
- name: generate random string for phpmyadmin suffix
|
- name: generate random string for phpmyadmin suffix
|
||||||
shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
|
shell: "apg -a 1 -M N -n 1 > {{ packweb_phpmyadmin_suffix_file }}"
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
copy:
|
copy:
|
||||||
src: "{{ percona__apt_config_package_file }}"
|
src: "{{ percona__apt_config_package_file }}"
|
||||||
dest: "/root/{{ percona__apt_config_package_file }}"
|
dest: "/root/{{ percona__apt_config_package_file }}"
|
||||||
when: not percona__apt_config_package_installed
|
when: not (percona__apt_config_package_installed | bool)
|
||||||
|
|
||||||
# - include_role:
|
# - include_role:
|
||||||
# name: evolix/remount-usr
|
# name: evolix/remount-usr
|
||||||
|
@ -36,7 +36,7 @@
|
||||||
deb: "/root/{{ percona__apt_config_package_file }}"
|
deb: "/root/{{ percona__apt_config_package_file }}"
|
||||||
state: present
|
state: present
|
||||||
register: percona__apt_config_deb
|
register: percona__apt_config_deb
|
||||||
when: not percona__apt_config_package_installed
|
when: not (percona__apt_config_package_installed | bool)
|
||||||
|
|
||||||
- name: Percona APT config package is installed from repository
|
- name: Percona APT config package is installed from repository
|
||||||
apt:
|
apt:
|
||||||
|
@ -51,4 +51,4 @@
|
||||||
when: percona__apt_config_deb is changed
|
when: percona__apt_config_deb is changed
|
||||||
|
|
||||||
- include: xtrabackup.yml
|
- include: xtrabackup.yml
|
||||||
when: percona__install_xtrabackup
|
when: percona__install_xtrabackup | bool
|
||||||
|
|
|
@ -44,4 +44,4 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- { option: "date.timezone", value: "Europe/Paris" }
|
- { option: "date.timezone", value: "Europe/Paris" }
|
||||||
when: php_symfony_requirements
|
when: php_symfony_requirements | bool
|
||||||
|
|
|
@ -35,4 +35,4 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
loop:
|
loop:
|
||||||
- { option: "date.timezone", value: "Europe/Paris" }
|
- { option: "date.timezone", value: "Europe/Paris" }
|
||||||
when: php_symfony_requirements
|
when: php_symfony_requirements | bool
|
||||||
|
|
|
@ -79,11 +79,11 @@
|
||||||
loop:
|
loop:
|
||||||
- { option: "date.timezone", value: "Europe/Paris" }
|
- { option: "date.timezone", value: "Europe/Paris" }
|
||||||
notify: "restart {{ php_fpm_service_name }}"
|
notify: "restart {{ php_fpm_service_name }}"
|
||||||
when: php_symfony_requirements
|
when: php_symfony_requirements | bool
|
||||||
|
|
||||||
- name: Delete debian default pool
|
- name: Delete debian default pool
|
||||||
file:
|
file:
|
||||||
path: "{{ php_fpm_debian_default_pool_file }}"
|
path: "{{ php_fpm_debian_default_pool_file | mandatory }}"
|
||||||
state: absent
|
state: absent
|
||||||
notify: "restart {{ php_fpm_service_name }}"
|
notify: "restart {{ php_fpm_service_name }}"
|
||||||
when: php_fpm_remove_default_pool
|
when: php_fpm_remove_default_pool | bool
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
|
|
||||||
- fail:
|
- fail:
|
||||||
msg: only compatible with Debian >= 8
|
msg: only compatible with Debian >= 8
|
||||||
when:
|
when: ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
||||||
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
|
|
||||||
|
|
||||||
- include: main_jessie.yml
|
- include: main_jessie.yml
|
||||||
when: ansible_distribution_release == "jessie"
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
- libphp-phpmailer
|
- libphp-phpmailer
|
||||||
|
|
||||||
- include: sury_pre.yml
|
- include: sury_pre.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable | bool
|
||||||
|
|
||||||
- name: "Install PHP packages (Debian 9 or later)"
|
- name: "Install PHP packages (Debian 9 or later)"
|
||||||
apt:
|
apt:
|
||||||
|
@ -49,7 +49,7 @@
|
||||||
- libapache2-mod-php
|
- libapache2-mod-php
|
||||||
- php
|
- php
|
||||||
state: present
|
state: present
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: "Install PHP FPM packages (Debian 9 or later)"
|
- name: "Install PHP FPM packages (Debian 9 or later)"
|
||||||
apt:
|
apt:
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- php-fpm
|
- php-fpm
|
||||||
- php
|
- php
|
||||||
state: present
|
state: present
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
|
@ -76,22 +76,22 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP fpm directory
|
- name: Enforce permissions on PHP fpm directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.3/fpm
|
dest: /etc/php/7.3/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP apache2 directory
|
- name: Enforce permissions on PHP apache2 directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.3/apache2
|
dest: /etc/php/7.3/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable | bool
|
||||||
|
|
|
@ -40,7 +40,7 @@
|
||||||
- libapache2-mod-php5
|
- libapache2-mod-php5
|
||||||
- php5
|
- php5
|
||||||
state: present
|
state: present
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: "Install PHP FPM packages (jessie)"
|
- name: "Install PHP FPM packages (jessie)"
|
||||||
apt:
|
apt:
|
||||||
|
@ -48,7 +48,7 @@
|
||||||
- php5-fpm
|
- php5-fpm
|
||||||
- php5
|
- php5
|
||||||
state: present
|
state: present
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
|
@ -65,19 +65,19 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP fpm directory
|
- name: Enforce permissions on PHP fpm directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5/fpm
|
dest: /etc/php5/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP apache2 directory
|
- name: Enforce permissions on PHP apache2 directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php5/apache2
|
dest: /etc/php5/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
- libphp-phpmailer
|
- libphp-phpmailer
|
||||||
|
|
||||||
- include: sury_pre.yml
|
- include: sury_pre.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable | bool
|
||||||
|
|
||||||
- name: "Install PHP packages (Debian 9 or later)"
|
- name: "Install PHP packages (Debian 9 or later)"
|
||||||
apt:
|
apt:
|
||||||
|
@ -49,7 +49,7 @@
|
||||||
- libapache2-mod-php
|
- libapache2-mod-php
|
||||||
- php
|
- php
|
||||||
state: present
|
state: present
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: "Install PHP FPM packages (Debian 9 or later)"
|
- name: "Install PHP FPM packages (Debian 9 or later)"
|
||||||
apt:
|
apt:
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
- php-fpm
|
- php-fpm
|
||||||
- php
|
- php
|
||||||
state: present
|
state: present
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
|
|
||||||
|
@ -77,22 +77,22 @@
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- include: config_fpm.yml
|
- include: config_fpm.yml
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP fpm directory
|
- name: Enforce permissions on PHP fpm directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.0/fpm
|
dest: /etc/php/7.0/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- include: config_apache.yml
|
- include: config_apache.yml
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP apache2 directory
|
- name: Enforce permissions on PHP apache2 directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.0/apache2
|
dest: /etc/php/7.0/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- include: sury_post.yml
|
- include: sury_post.yml
|
||||||
when: php_sury_enable
|
when: php_sury_enable | bool
|
||||||
|
|
|
@ -24,13 +24,13 @@
|
||||||
loop:
|
loop:
|
||||||
- { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
|
- { src: "{{ php_apache_defaults_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini" }
|
||||||
- { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
|
- { src: "{{ php_apache_custom_ini_file }}", dest: "/etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini" }
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP 7.4/cli directory
|
- name: Enforce permissions on PHP 7.4/cli directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/apache2
|
dest: /etc/php/7.4/apache2
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_apache_enable
|
when: php_apache_enable | bool
|
||||||
|
|
||||||
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
- name: Symlink Evolix FPM config files from 7.4 to 7.0
|
||||||
file:
|
file:
|
||||||
|
@ -43,10 +43,10 @@
|
||||||
- { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
|
- { src: "{{ php_fpm_custom_ini_file }}", dest: "/etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini" }
|
||||||
- { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }
|
- { src: "{{ php_fpm_defaults_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/z-evolinux-defaults.conf" }
|
||||||
- { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/zzz-evolinux-custom.conf" }
|
- { src: "{{ php_fpm_custom_conf_file }}", dest: "/etc/php/7.4/fpm/pool.d/zzz-evolinux-custom.conf" }
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
||||||
- name: Enforce permissions on PHP 7.4/cli directory
|
- name: Enforce permissions on PHP 7.4/cli directory
|
||||||
file:
|
file:
|
||||||
dest: /etc/php/7.4/fpm
|
dest: /etc/php/7.4/fpm
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
when: php_fpm_enable
|
when: php_fpm_enable | bool
|
||||||
|
|
|
@ -3,10 +3,10 @@
|
||||||
- include: common.yml
|
- include: common.yml
|
||||||
|
|
||||||
- include: minimal.yml
|
- include: minimal.yml
|
||||||
when: postfix_packmail == False
|
when: not (postfix_packmail | bool)
|
||||||
|
|
||||||
- include: packmail.yml
|
- include: packmail.yml
|
||||||
when: postfix_packmail == True
|
when: postfix_packmail | bool
|
||||||
|
|
||||||
- include: slow_transport.yml
|
- include: slow_transport.yml
|
||||||
when: postfix_slow_transport_include
|
when: postfix_slow_transport_include | bool
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue