forked from evolix/ansible-roles
Merge remote-tracking branch 'origin/unstable' into change_timezone
This commit is contained in:
commit
f026883d4f
28
CHANGELOG.md
28
CHANGELOG.md
|
@ -12,6 +12,22 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* varnish: variable for jail configuration
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
* lxc: Force lxc containers to be in the correct timezone
|
||||||
|
|
||||||
|
### Removed
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
## [10.3.0] 2020-12-21
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
* dovecot: Update munin plugin & configure it
|
* dovecot: Update munin plugin & configure it
|
||||||
* dovecot: vmail uid/gid are configurable
|
* dovecot: vmail uid/gid are configurable
|
||||||
* evoacme: variable to disable Debian version check (default: False)
|
* evoacme: variable to disable Debian version check (default: False)
|
||||||
|
@ -23,21 +39,23 @@ The **patch** part changes incrementally at each release.
|
||||||
* redis: variable to force use of port 6379 in instances mode
|
* redis: variable to force use of port 6379 in instances mode
|
||||||
* redis: check maxmemory in NRPE check
|
* redis: check maxmemory in NRPE check
|
||||||
* lxc-php: Allow php containers to contact local MySQL with localhost
|
* lxc-php: Allow php containers to contact local MySQL with localhost
|
||||||
|
* varnish: config file name is configurable
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* Create system users for vmail (dovecot) and evoadmin
|
||||||
* apt: disable APT Periodic
|
* apt: disable APT Periodic
|
||||||
* evoacme: upstream release 20.12
|
* evoacme: upstream release 20.12
|
||||||
* evocheck: upstream release 20.12
|
* evocheck: upstream release 20.12
|
||||||
|
* evolinux-users: improve uid/login checks
|
||||||
|
* tomcat-instance: fail if uid already exists
|
||||||
|
* varnish: change template name for better readability
|
||||||
|
* varnish: no threadpool delay by default
|
||||||
|
* varnish: no custom reload script for Debian 10 and later
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
* cerbot: parse HAProxy config file only if HAProxy is found
|
* cerbot: parse HAProxy config file only if HAProxy is found
|
||||||
* lxc: Force lxc containers to be in the correct timezone
|
|
||||||
|
|
||||||
### Removed
|
|
||||||
|
|
||||||
### Security
|
|
||||||
|
|
||||||
## [10.2.0] 2020-09-17
|
## [10.2.0] 2020-09-17
|
||||||
|
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
group:
|
group:
|
||||||
name: vmail
|
name: vmail
|
||||||
gid: "{{ dovecot_vmail_gid }}"
|
gid: "{{ dovecot_vmail_gid }}"
|
||||||
|
system: True
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
|
@ -50,6 +51,7 @@
|
||||||
group: vmail
|
group: vmail
|
||||||
uid: "{{ dovecot_vmail_uid }}"
|
uid: "{{ dovecot_vmail_uid }}"
|
||||||
shell: /bin/false
|
shell: /bin/false
|
||||||
|
system: True
|
||||||
tags:
|
tags:
|
||||||
- dovecot
|
- dovecot
|
||||||
|
|
||||||
|
|
|
@ -2,20 +2,41 @@
|
||||||
|
|
||||||
# Unix account
|
# Unix account
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "You must provide a value for the 'user.name ' variable."
|
||||||
|
when: user.name is not defined or user.name == ''
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "You must provide a value for the 'user.uid ' variable."
|
||||||
|
when: user.uid is not defined or user.uid == ''
|
||||||
|
|
||||||
- name: "Test if '{{ user.name }}' exists"
|
- name: "Test if '{{ user.name }}' exists"
|
||||||
command: 'getent passwd {{ user.name }}'
|
command: 'id -u "{{ user.name }}"'
|
||||||
register: loginisbusy
|
register: get_id_from_login
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
- name: "Test if uid exists for '{{ user.name }}'"
|
- name: "Test if uid '{{ user.uid }}' exists"
|
||||||
command: 'getent passwd {{ user.uid }}'
|
command: 'id -un -- "{{ user.uid }}"'
|
||||||
register: uidisbusy
|
register: get_login_from_id
|
||||||
failed_when: False
|
failed_when: False
|
||||||
changed_when: False
|
changed_when: False
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
|
# Error if
|
||||||
|
# the uid already exists
|
||||||
|
# and the user associated with this uid is not the desired user
|
||||||
|
- name: "Fail if uid already exists for another user"
|
||||||
|
fail:
|
||||||
|
msg: "Uid '{{ user.uid }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ user.name }}'"
|
||||||
|
when:
|
||||||
|
- get_login_from_id.rc == 0
|
||||||
|
- get_login_from_id.stdout != user.name
|
||||||
|
|
||||||
|
# Create/Update the user account with defined uid if
|
||||||
|
# the user doesn't already exist and the uid isn't already used
|
||||||
|
# or the user exists with the defined uid
|
||||||
- name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
|
- name: "Unix account for '{{ user.name }}' is present (with uid '{{ user.uid }}')"
|
||||||
user:
|
user:
|
||||||
state: present
|
state: present
|
||||||
|
@ -24,11 +45,13 @@
|
||||||
comment: '{{ user.fullname }}'
|
comment: '{{ user.fullname }}'
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
password: '{{ user.password_hash }}'
|
password: '{{ user.password_hash }}'
|
||||||
update_password: on_create
|
update_password: "on_create"
|
||||||
when:
|
when:
|
||||||
- loginisbusy.rc != 0
|
- (get_id_from_login.rc != 0 and get_login_from_id.rc != 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout == user.name)
|
||||||
- uidisbusy.rc != 0
|
|
||||||
|
|
||||||
|
# Create/Update the user account without defined uid if
|
||||||
|
# the user doesn't already exist but the defined uid is already used
|
||||||
|
# or another user already exists with a the same uid
|
||||||
- name: "Unix account for '{{ user.name }}' is present (with random uid)"
|
- name: "Unix account for '{{ user.name }}' is present (with random uid)"
|
||||||
user:
|
user:
|
||||||
state: present
|
state: present
|
||||||
|
@ -36,10 +59,9 @@
|
||||||
comment: '{{ user.fullname }}'
|
comment: '{{ user.fullname }}'
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
password: '{{ user.password_hash }}'
|
password: '{{ user.password_hash }}'
|
||||||
update_password: on_create
|
update_password: "on_create"
|
||||||
when:
|
when:
|
||||||
- loginisbusy.rc != 0
|
- (get_id_from_login.rc != 0 and get_login_from_id.rc == 0) or (get_id_from_login.rc == 0 and get_login_from_id.stdout != user.name)
|
||||||
- uidisbusy.rc == 0
|
|
||||||
|
|
||||||
- name: Is /etc/aliases present?
|
- name: Is /etc/aliases present?
|
||||||
stat:
|
stat:
|
||||||
|
|
|
@ -1,4 +1,24 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- fail:
|
||||||
|
msg: "You must provide a value for the 'tomcat_instance_port' variable."
|
||||||
|
when: tomcat_instance_port is not defined or tomcat_instance_port == ''
|
||||||
|
|
||||||
|
|
||||||
|
- name: "Test if uid '{{ tomcat_instance_port }}' exists"
|
||||||
|
command: 'id -un -- "{{ tomcat_instance_port }}"'
|
||||||
|
register: get_login_from_id
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: "Fail if uid already exists for another user"
|
||||||
|
fail:
|
||||||
|
msg: "Uid '{{ tomcat_instance_port }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ tomcat_instance_name }}'"
|
||||||
|
when:
|
||||||
|
- get_login_from_id.rc == 0
|
||||||
|
- get_login_from_id.stdout != tomcat_instance_name
|
||||||
|
|
||||||
- name: Create group instance
|
- name: Create group instance
|
||||||
group:
|
group:
|
||||||
name: "{{ tomcat_instance_name }}"
|
name: "{{ tomcat_instance_name }}"
|
||||||
|
|
|
@ -10,9 +10,10 @@ varnish_malloc_size: "2G"
|
||||||
varnish_storage: malloc,{{ varnish_malloc_size }}
|
varnish_storage: malloc,{{ varnish_malloc_size }}
|
||||||
|
|
||||||
varnish_thread_pools: "{{ ansible_processor_cores * ansible_processor_count }}"
|
varnish_thread_pools: "{{ ansible_processor_cores * ansible_processor_count }}"
|
||||||
varnish_thread_pool_add_delay: 2
|
varnish_thread_pool_add_delay: 0
|
||||||
varnish_thread_pool_min: 500
|
varnish_thread_pool_min: 500
|
||||||
varnish_thread_pool_max: 5000
|
varnish_thread_pool_max: 5000
|
||||||
|
varnish_jail: "unix,user=vcache"
|
||||||
|
|
||||||
varnish_config_file: /etc/varnish/default.vcl
|
varnish_config_file: /etc/varnish/default.vcl
|
||||||
varnish_secret_file: /etc/varnish/secret
|
varnish_secret_file: /etc/varnish/secret
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
UUID=`cat /proc/sys/kernel/random/uuid`
|
|
||||||
/usr/sbin/varnishd -C -f /etc/varnish/default.vcl >/dev/null \
|
|
||||||
&&/usr/bin/varnishadm -T localhost:6082 -S /etc/varnish/secret "vcl.load vcl_$UUID /etc/varnish/default.vcl" \
|
|
||||||
&& /usr/bin/varnishadm -T localhost:6082 -S /etc/varnish/secret "vcl.use vcl_$UUID"
|
|
|
@ -18,14 +18,14 @@
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
|
||||||
- name: Copy Custom Varnish ExecReload script (Debian <=9)
|
- name: Copy Custom Varnish ExecReload script (Debian <10)
|
||||||
copy:
|
template:
|
||||||
src: "reload-vcl.sh"
|
src: "reload-vcl.sh.j2"
|
||||||
dest: "/etc/varnish/reload-vcl.sh"
|
dest: "/etc/varnish/reload-vcl.sh"
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
when: ansible_distribution_major_version is version('9', '<=')
|
when: ansible_distribution_major_version is version('10', '<')
|
||||||
notify: reload varnish
|
notify: reload varnish
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
@ -37,11 +37,24 @@
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
|
||||||
- name: Override Varnish systemd unit
|
- name: Override Varnish systemd unit (Stretch and before)
|
||||||
template:
|
template:
|
||||||
src: varnish.conf.j2
|
src: varnish.conf.jessie.j2
|
||||||
dest: /etc/systemd/system/varnish.service.d/evolinux.conf
|
dest: /etc/systemd/system/varnish.service.d/evolinux.conf
|
||||||
force: yes
|
force: yes
|
||||||
|
when: ansible_distribution_major_version is version('10', '<')
|
||||||
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart varnish
|
||||||
|
tags:
|
||||||
|
- varnish
|
||||||
|
|
||||||
|
- name: Override Varnish systemd unit (Buster and later)
|
||||||
|
template:
|
||||||
|
src: varnish.conf.buster.j2
|
||||||
|
dest: /etc/systemd/system/varnish.service.d/evolinux.conf
|
||||||
|
force: yes
|
||||||
|
when: ansible_distribution_major_version is version('10', '>=')
|
||||||
notify:
|
notify:
|
||||||
- reload systemd
|
- reload systemd
|
||||||
- restart varnish
|
- restart varnish
|
||||||
|
@ -62,13 +75,17 @@
|
||||||
- name: Copy Varnish configuration
|
- name: Copy Varnish configuration
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /etc/varnish/default.vcl
|
dest: "{{ varnish_config_file }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: yes
|
force: yes
|
||||||
with_first_found:
|
with_first_found:
|
||||||
|
- "templates/varnish/varnish.{{ inventory_hostname }}.vcl.j2"
|
||||||
- "templates/varnish/default.{{ inventory_hostname }}.vcl.j2"
|
- "templates/varnish/default.{{ inventory_hostname }}.vcl.j2"
|
||||||
|
- "templates/varnish/varnish.{{ host_group }}.vcl.j2"
|
||||||
- "templates/varnish/default.{{ host_group }}.vcl.j2"
|
- "templates/varnish/default.{{ host_group }}.vcl.j2"
|
||||||
|
- "templates/varnish/varnish.default.vcl.j2"
|
||||||
- "templates/varnish/default.default.vcl.j2"
|
- "templates/varnish/default.default.vcl.j2"
|
||||||
|
- "varnish.vcl.j2"
|
||||||
- "default.vcl.j2"
|
- "default.vcl.j2"
|
||||||
notify: reload varnish
|
notify: reload varnish
|
||||||
tags:
|
tags:
|
||||||
|
|
5
varnish/templates/reload-vcl.sh.j2
Normal file
5
varnish/templates/reload-vcl.sh.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
UUID=`cat /proc/sys/kernel/random/uuid`
|
||||||
|
/usr/sbin/varnishd -C -f {{ varnish_config_file }} >/dev/null \
|
||||||
|
&& /usr/bin/varnishadm -T {{ varnish_management_address }} -S {{ varnish_secret_file }} "vcl.load vcl_$UUID {{ varnish_config_file }}" \
|
||||||
|
&& /usr/bin/varnishadm -T {{ varnish_management_address }} -S {{ varnish_secret_file }} "vcl.use vcl_$UUID"
|
5
varnish/templates/varnish.conf.buster.j2
Normal file
5
varnish/templates/varnish.conf.buster.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/sbin/varnishd -F -j {{ varnish_jail }} {{ varnish_addresses | map('regex_replace', '^(.*)$', '-a \\1') | list | join(' ') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }}
|
|
@ -1,7 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=
|
|
||||||
ExecStart=/usr/sbin/varnishd -F {{ varnish_addresses | map('regex_replace', '^(.*)$', '-a \\1') | list | join(' ') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }}
|
|
||||||
ExecReload=
|
|
||||||
ExecReload=/etc/varnish/reload-vcl.sh
|
|
7
varnish/templates/varnish.conf.jessie.j2
Normal file
7
varnish/templates/varnish.conf.jessie.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/sbin/varnishd -F -j {{ varnish_jail }} {{ varnish_addresses | map('regex_replace', '^(.*)$', '-a \\1') | list | join(' ') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }}
|
||||||
|
ExecReload=
|
||||||
|
ExecReload=/etc/varnish/reload-vcl.sh
|
|
@ -6,6 +6,7 @@
|
||||||
comment: "Evoadmin Web Account"
|
comment: "Evoadmin Web Account"
|
||||||
home: "{{ evoadmin_home_dir }}"
|
home: "{{ evoadmin_home_dir }}"
|
||||||
password: "!"
|
password: "!"
|
||||||
|
system: yes
|
||||||
|
|
||||||
- name: Create www-evoadmin group
|
- name: Create www-evoadmin group
|
||||||
group:
|
group:
|
||||||
|
@ -22,6 +23,7 @@
|
||||||
- name: "Create www-evoadmin (Debian 9 or later)"
|
- name: "Create www-evoadmin (Debian 9 or later)"
|
||||||
user:
|
user:
|
||||||
name: www-evoadmin
|
name: www-evoadmin
|
||||||
|
system: yes
|
||||||
when: ansible_distribution_major_version is version('9', '>=')
|
when: ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
- name: Is /etc/aliases present?
|
- name: Is /etc/aliases present?
|
||||||
|
|
Loading…
Reference in a new issue