forked from evolix/ansible-roles
Preliminary support for Bullseye
This commit is contained in:
parent
6bfef35729
commit
2f68ae5339
20 changed files with 299 additions and 9 deletions
|
@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release.
|
|||
|
||||
### Added
|
||||
|
||||
* Preliminary support for Debian 11 « Bullseye »
|
||||
* certbot: add script for manual deploy hooks execution
|
||||
* listupgrade: crontab is configurable
|
||||
|
||||
|
|
3
apt/files/bullseye_backports_preferences
Normal file
3
apt/files/bullseye_backports_preferences
Normal file
|
@ -0,0 +1,3 @@
|
|||
Package: *
|
||||
Pin: release a=bullseye-backports
|
||||
Pin-Priority: 50
|
|
@ -19,6 +19,7 @@
|
|||
- /etc/apt/sources.list.d/debian-jessie.list
|
||||
- /etc/apt/sources.list.d/debian-stretch.list
|
||||
- /etc/apt/sources.list.d/debian-buster.list
|
||||
- /etc/apt/sources.list.d/debian-bullseye.list
|
||||
- /etc/apt/sources.list.d/debian-update.list
|
||||
when: apt_clean_gandi_sourceslist | bool
|
||||
tags:
|
||||
|
|
|
@ -153,7 +153,7 @@
|
|||
|
||||
|
||||
|
||||
- name: Install alert5 init script (buster)
|
||||
- name: Install alert5 init script (buster and later)
|
||||
template:
|
||||
src: system/alert5.sh.j2
|
||||
dest: /usr/share/scripts/alert5.sh
|
||||
|
@ -163,7 +163,7 @@
|
|||
- evolinux_system_alert5_init | bool
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
|
||||
- name: Install alert5 service (buster)
|
||||
- name: Install alert5 service (buster and later)
|
||||
copy:
|
||||
src: alert5.service
|
||||
dest: /etc/systemd/system/alert5.service
|
||||
|
@ -173,7 +173,7 @@
|
|||
- evolinux_system_alert5_init | bool
|
||||
- ansible_distribution_major_version is version('10', '>=')
|
||||
|
||||
- name: Enable alert5 init script (buster)
|
||||
- name: Enable alert5 init script (buster and later)
|
||||
systemd:
|
||||
name: alert5
|
||||
daemon_reload: yes
|
||||
|
|
|
@ -34,3 +34,4 @@ haproxy_deny_ips: []
|
|||
|
||||
haproxy_backports_packages_stretch: haproxy libssl1.0.0
|
||||
haproxy_backports_packages_buster: haproxy
|
||||
haproxy_backports_packages_bullseye: haproxy
|
||||
|
|
|
@ -15,6 +15,10 @@
|
|||
haproxy_backports_packages: "{{ haproxy_backports_packages_buster }}"
|
||||
when: ansible_distribution_release == 'buster'
|
||||
|
||||
- set_fact:
|
||||
haproxy_backports_packages: "{{ haproxy_backports_packages_bullseye }}"
|
||||
when: ansible_distribution_release == 'bullseye'
|
||||
|
||||
- name: Prefer HAProxy package from backports
|
||||
template:
|
||||
src: haproxy_apt_preferences.j2
|
||||
|
|
|
@ -18,4 +18,4 @@ lxc_php_container_releases:
|
|||
php56: "jessie"
|
||||
php70: "stretch"
|
||||
php73: "buster"
|
||||
php74: "buster"
|
||||
php74: "bullseye"
|
||||
|
|
|
@ -13,8 +13,8 @@
|
|||
create: yes
|
||||
mode: "0644"
|
||||
loop:
|
||||
- "deb https://packages.sury.org/php/ buster main"
|
||||
- "deb http://pub.evolix.net/ buster-php74/"
|
||||
- "deb https://packages.sury.org/php/ bullseye main"
|
||||
- "deb http://pub.evolix.net/ bullseye-php74/"
|
||||
|
||||
- name: copy pub.evolix.net GPG key
|
||||
copy:
|
||||
|
|
30
mongodb/files/server-4.4.asc
Normal file
30
mongodb/files/server-4.4.asc
Normal file
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v1
|
||||
|
||||
mQINBFzteqwBEADSirbLWsjgkQmdWr06jXPN8049MCqXQIZ2ovy9uJPyLkHgOCta
|
||||
8dmX+8Fkk5yNOLScjB1HUGJxAWJG+AhldW1xQGeo6loDfTW1mlfetq/zpW7CKbUp
|
||||
qve9eYYulneAy/81M/UoUZSzHqj6XY39wzJCH20H+Qx3WwcqXgSU7fSFXyJ4EBYs
|
||||
kWybbrAra5v29LUTBd7OvvS+Swovdh4T31YijUOUUL/gJkBI9UneVyV7/8DdUoVJ
|
||||
a8ym2pZ6ALy+GZrWBHcCKD/rQjEkXJnDglu+FSUI50SzaC9YX31TTzEMJijiPi6I
|
||||
MIZJMXLH7GpCIDcvyrLWIRYVJAQRoYJB4rmp42HTyed4eg4RnSiFrxVV5xQaDnSl
|
||||
/8zSOdVMBVewp8ipv34VeRXgNTgRkhA2JmL+KlALMkPo7MbRkJF01DiOOsIdz3Iu
|
||||
43oYg3QYmqxZI6kZNtXpUMnJeuRmMQJJN8yc9ZdOA9Ll2TTcIql8XEsjGcM7IWM9
|
||||
CP6zGwCcbrv72Ka+h/bGaLpwLbpkr5I8PjjSECn9fBcgnVX6HfKH7u3y11+Va1nh
|
||||
a8ZEE1TuOqRxnVDQ+K4iwaZFgFYsBMKo2ghoU2ZbZxu14vs6Eksn6UFsm8DpPwfy
|
||||
jtLtdje8jrbYAqAy5zIMLoW+I6Rb5sU3Olh9nI7NW4T5qQeemBcuRAwB4QARAQAB
|
||||
tDdNb25nb0RCIDQuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u
|
||||
Z29kYi5jb20+iQI+BBMBAgAoBQJc7XqsAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsE
|
||||
FgIDAQIeAQIXgAAKCRBlZAjjkM+x9SKmD/9BzdjFAgBPPkUnD5pJQgsBQKUEkDsu
|
||||
cht6Q0Y4M635K7okpqJvXtZV5Mo+ajWZjUeHn4wPdVgzF2ItwVLRjjak3tIZfe3+
|
||||
ME5Y27Aej3LeqQC3Q5g6SnpeZwVEhWzU35CnyhQecP4AhDG3FO0gKUn3GkEgmsd6
|
||||
rnXAQLEw3VUYO8boxqBF3zjmFLIIaODYNmO1bLddJgvZlefUC62lWBBUs6Z7PBnl
|
||||
q7qBQFhz9qV9zXZwCT2/vgGLg5JcwVdcJXwAsQSr1WCVd7Y79+JcA7BZiSg9FAQd
|
||||
4t2dCkkctoUKgXsAH5fPwErGNj5L6iUnhFODPvdDJ7l35UcIZ2h74lqfEh+jh8eo
|
||||
UgxkcI2y2FY/lPapcPPKe0FHzCxG2U/NRdM+sqrIfp9+s88Bj+Eub7OhW4dF3AlL
|
||||
bh/BGHL9R8xAJRDLv8v7nsKkZWUnJaskeDFCKX3rjcTyTRWTG7EuMCmCn0Ou1hKc
|
||||
R3ECvIq0pVfVh+qk0hu+A5Dvj6k3QDcTfse+KfSAJkYvRKiuRuq5KgYcX3YSzL6K
|
||||
aZitMyu18XsQxKavpIGzaDhWyrVAig3XXF//zxowYVwuOikr5czgqizu87cqjpyn
|
||||
S0vVG4Q3+LswH4xVTn3UWadY/9FkM167ecouu4g3op29VDi7hCKsMeFvFP6OOIls
|
||||
G4vQ/QbzucK77Q==
|
||||
=eD3N
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
BIN
mongodb/files/server-4.4.gpg
Normal file
BIN
mongodb/files/server-4.4.gpg
Normal file
Binary file not shown.
|
@ -12,4 +12,7 @@
|
|||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- include: main_buster.yml
|
||||
when: ansible_distribution_major_version is version('10', '>=')
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- include: main_bullseye.yml
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
|
|
80
mongodb/tasks/main_bullseye.yml
Normal file
80
mongodb/tasks/main_bullseye.yml
Normal file
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
|
||||
# https://wiki.debian.org/DebianRepository/UseThirdParty
|
||||
- name: Add MongoDB GPG key for version 4.4
|
||||
copy:
|
||||
src: server-4.4.gpg
|
||||
dest: /usr/share/keyrings/mongodb-server-4.4.gpg
|
||||
force: yes
|
||||
|
||||
- name: enable APT sources list
|
||||
apt_repository:
|
||||
repo: deb [signed-by=/usr/share/keyrings/mongodb-server-4.4.gpg] http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main
|
||||
state: present
|
||||
filename: mongodb-org-4.4
|
||||
update_cache: yes
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name: mongodb-org
|
||||
update_cache: yes
|
||||
state: present
|
||||
register: _mongodb_install_package
|
||||
|
||||
- name: MongoDB service in enabled and started
|
||||
systemd:
|
||||
name: mongod
|
||||
enabled: yes
|
||||
state: started
|
||||
when: _mongodb_install_package.changed
|
||||
|
||||
- name: install dependency for monitoring
|
||||
apt:
|
||||
name: python-pymongo
|
||||
state: present
|
||||
|
||||
- name: Custom configuration
|
||||
template:
|
||||
src: mongodb_bullseye.conf.j2
|
||||
dest: "/etc/mongod.conf"
|
||||
force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
|
||||
notify: restart mongod
|
||||
|
||||
- name: Configure logrotate
|
||||
template:
|
||||
src: logrotate_bullseye.j2
|
||||
dest: /etc/logrotate.d/mongodb
|
||||
force: yes
|
||||
backup: no
|
||||
|
||||
- name: Munin plugins are present
|
||||
copy:
|
||||
src: "munin/{{ item }}"
|
||||
dest: '/usr/local/share/munin/plugins/{{ item }}'
|
||||
force: yes
|
||||
with_items:
|
||||
- mongo_btree
|
||||
- mongo_collections
|
||||
- mongo_conn
|
||||
- mongo_docs
|
||||
- mongo_lock
|
||||
- mongo_mem
|
||||
- mongo_ops
|
||||
- mongo_page_faults
|
||||
notify: restart munin-node
|
||||
|
||||
- name: Enable core Munin plugins
|
||||
file:
|
||||
src: '/usr/local/share/munin/plugins/{{ item }}'
|
||||
dest: /etc/munin/plugins/{{ item }}
|
||||
state: link
|
||||
with_items:
|
||||
- mongo_btree
|
||||
- mongo_collections
|
||||
- mongo_conn
|
||||
- mongo_docs
|
||||
- mongo_lock
|
||||
- mongo_mem
|
||||
- mongo_ops
|
||||
- mongo_page_faults
|
||||
notify: restart munin-node
|
15
mongodb/templates/logrotate_bullseye.j2
Normal file
15
mongodb/templates/logrotate_bullseye.j2
Normal file
|
@ -0,0 +1,15 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
/var/log/mongodb/mongod.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 365
|
||||
dateext
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
sharedscripts
|
||||
postrotate
|
||||
pidof mongod | xargs kill -USR1
|
||||
endscript
|
||||
}
|
39
mongodb/templates/mongodb_bullseye.conf.j2
Normal file
39
mongodb/templates/mongodb_bullseye.conf.j2
Normal file
|
@ -0,0 +1,39 @@
|
|||
# mongodb.conf - {{ ansible_managed }}
|
||||
|
||||
# for documentation of all options, see:
|
||||
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||
|
||||
# Where and how to store data.
|
||||
storage:
|
||||
dbPath: /var/lib/mongodb
|
||||
journal:
|
||||
enabled: true
|
||||
# engine:
|
||||
# mmapv1:
|
||||
# wiredTiger:
|
||||
|
||||
# where to write logging data.
|
||||
systemLog:
|
||||
destination: file
|
||||
logRotate: reopen
|
||||
logAppend: true
|
||||
path: /var/log/mongodb/mongodb.log
|
||||
|
||||
# network interfaces
|
||||
net:
|
||||
port: {{ mongodb_port }}
|
||||
bindIp: {{ mongodb_bind }}
|
||||
|
||||
#security:
|
||||
|
||||
#operationProfiling:
|
||||
|
||||
#replication:
|
||||
|
||||
#sharding:
|
||||
|
||||
## Enterprise-Only Options:
|
||||
|
||||
#auditLog:
|
||||
|
||||
#snmp:
|
|
@ -14,3 +14,8 @@
|
|||
service:
|
||||
name: php7.3-fpm
|
||||
state: restarted
|
||||
|
||||
- name: restart php7.4-fpm
|
||||
service:
|
||||
name: php7.4-fpm
|
||||
state: restarted
|
||||
|
|
|
@ -12,3 +12,6 @@
|
|||
|
||||
- include: main_buster.yml
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- include: main_bullseye.yml
|
||||
when: ansible_distribution_release == "bullseye"
|
||||
|
|
97
php/tasks/main_bullseye.yml
Normal file
97
php/tasks/main_bullseye.yml
Normal file
|
@ -0,0 +1,97 @@
|
|||
---
|
||||
|
||||
- name: "Set variables (Debian 10 or later)"
|
||||
set_fact:
|
||||
php_cli_defaults_ini_file: /etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini
|
||||
php_cli_custom_ini_file: /etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini
|
||||
php_apache_defaults_ini_file: /etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini
|
||||
php_apache_custom_ini_file: /etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini
|
||||
php_fpm_defaults_ini_file: /etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini
|
||||
php_fpm_custom_ini_file: /etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini
|
||||
php_fpm_debian_default_pool_file: /etc/php/7.4/fpm/pool.d/www.conf
|
||||
php_fpm_default_pool_file: /etc/php/7.4/fpm/pool.d/www-evolinux-defaults.conf
|
||||
php_fpm_default_pool_custom_file: /etc/php/7.4/fpm/pool.d/www-evolinux-zcustom.conf
|
||||
php_fpm_default_pool_socket: /var/run/php/php7.4-fpm.sock
|
||||
php_fpm_service_name: php7.4-fpm
|
||||
|
||||
# Packages
|
||||
|
||||
- name: "Set package list (Debian 9 or later)"
|
||||
set_fact:
|
||||
php_stretch_packages:
|
||||
- php-cli
|
||||
- php-gd
|
||||
- php-intl
|
||||
- php-imap
|
||||
- php-ldap
|
||||
- php-mysql
|
||||
# php-mcrypt is no longer packaged for PHP 7.2
|
||||
- php-pgsql
|
||||
- php-sqlite3
|
||||
- php-gettext
|
||||
- php-curl
|
||||
- php-ssh2
|
||||
- php-zip
|
||||
- composer
|
||||
- libphp-phpmailer
|
||||
|
||||
- include: sury_pre.yml
|
||||
when: php_sury_enable
|
||||
|
||||
- name: "Install PHP packages (Debian 9 or later)"
|
||||
apt:
|
||||
name: '{{ php_stretch_packages }}'
|
||||
state: present
|
||||
|
||||
- name: "Install mod_php packages (Debian 9 or later)"
|
||||
apt:
|
||||
name:
|
||||
- libapache2-mod-php
|
||||
- php
|
||||
state: present
|
||||
when: php_apache_enable
|
||||
|
||||
- name: "Install PHP FPM packages (Debian 9 or later)"
|
||||
apt:
|
||||
name:
|
||||
- php-fpm
|
||||
- php
|
||||
state: present
|
||||
when: php_fpm_enable
|
||||
|
||||
# Configuration
|
||||
|
||||
- name: Enforce permissions on PHP directory
|
||||
file:
|
||||
dest: "{{ item }}"
|
||||
mode: "0755"
|
||||
with_items:
|
||||
- /etc/php
|
||||
- /etc/php/7.4
|
||||
|
||||
- include: config_cli.yml
|
||||
- name: Enforce permissions on PHP cli directory
|
||||
file:
|
||||
dest: /etc/php/7.4/cli
|
||||
mode: "0755"
|
||||
|
||||
- include: config_fpm.yml
|
||||
when: php_fpm_enable
|
||||
|
||||
- name: Enforce permissions on PHP fpm directory
|
||||
file:
|
||||
dest: /etc/php/7.4/fpm
|
||||
mode: "0755"
|
||||
when: php_fpm_enable
|
||||
|
||||
- include: config_apache.yml
|
||||
when: php_apache_enable
|
||||
|
||||
- name: Enforce permissions on PHP apache2 directory
|
||||
file:
|
||||
dest: /etc/php/7.4/apache2
|
||||
mode: "0755"
|
||||
when: php_apache_enable
|
||||
|
||||
- include: sury_post.yml
|
||||
when: php_sury_enable
|
|
@ -5,10 +5,10 @@
|
|||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- include: packages_stretch.yml
|
||||
when: ansible_distribution_major_version is version('9', '=')
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- include: packages_buster.yml
|
||||
when: ansible_distribution_major_version is version('10', '=')
|
||||
when: ansible_distribution_release == "buster"
|
||||
|
||||
- include: packages_bullseye.yml
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
|
|
|
@ -21,6 +21,13 @@
|
|||
- ansible_distribution_release == "buster"
|
||||
- tomcat_version is not defined
|
||||
|
||||
- name: Set Tomcat version to 10 on Debian 11 if missing
|
||||
set_fact:
|
||||
tomcat_version: 10
|
||||
when:
|
||||
- ansible_distribution_release == "bullseye"
|
||||
- tomcat_version is not defined
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name:
|
||||
|
|
|
@ -52,6 +52,7 @@
|
|||
- config
|
||||
- update-config
|
||||
|
||||
# TODO: verify if it's still necessary for Debian 11
|
||||
- name: Override Varnish systemd unit (Buster and later)
|
||||
template:
|
||||
src: varnish.conf.buster.j2
|
||||
|
|
Loading…
Reference in a new issue