From adccda1cf77386d65ae016a8fee299aad3a752d9 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 19 Mar 2019 18:48:11 +0100
Subject: [PATCH 01/30] nextcloud: add the postgresql role as dependency
(conditionally).
---
nextcloud/meta/main.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/nextcloud/meta/main.yml b/nextcloud/meta/main.yml
index 5095747..08d6aa0 100644
--- a/nextcloud/meta/main.yml
+++ b/nextcloud/meta/main.yml
@@ -1,5 +1,6 @@
---
dependencies:
+ - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
- { role: '../../library/roles/php-fpm' }
- { role: '../../library/roles/nginx' }
- { role: '../../library/roles/redis', when nextcloud_use_redis }
From 7907003ec64769283c5ec299d3dd76c1b664c9ab Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 19 Mar 2019 18:53:42 +0100
Subject: [PATCH 02/30] library/roles/create_new_role_stub: Script that creates
a role directory tree.
---
create_new_role_stub | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100755 create_new_role_stub
diff --git a/create_new_role_stub b/create_new_role_stub
new file mode 100755
index 0000000..25870ae
--- /dev/null
+++ b/create_new_role_stub
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+new_role=$1
+
+mkdir "$new_role"
+mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta}
+touch "${new_role}"/{defaults,tasks,vars,meta}/main.yml
+
From 2178279d06aa9f919e31b4470706690b2c51849d Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Wed, 20 Mar 2019 19:11:14 +0100
Subject: [PATCH 03/30] Role that installs the latest mono distribution.
---
mono/defaults/main.yml | 24 +++++++++++++++++++++++
mono/tasks/main.yml | 43 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 67 insertions(+)
create mode 100644 mono/defaults/main.yml
create mode 100644 mono/tasks/main.yml
diff --git a/mono/defaults/main.yml b/mono/defaults/main.yml
new file mode 100644
index 0000000..41cbae1
--- /dev/null
+++ b/mono/defaults/main.yml
@@ -0,0 +1,24 @@
+---
+mono_repo_server: 'hkp://keyserver.ubuntu.com'
+mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
+mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
+
+mono_rh_key: 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF'
+mono_rh_repo_url: 'https://download.mono-project.com/repo/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo'
+
+mono_deb_prerequisites:
+ - apt-transport-https
+ - dirmngr
+ - gnupg
+ - ca-certificates
+
+mono_deb_packages:
+ - mono-devel
+ - referenceassemblies-pcl
+ - mono-xsp4
+
+mono_rh_packages:
+ - mono-devel
+ - referenceassemblies-pcl
+ - xsp
+
diff --git a/mono/tasks/main.yml b/mono/tasks/main.yml
new file mode 100644
index 0000000..9f09a27
--- /dev/null
+++ b/mono/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- block:
+ - name: Install the Mono dependencies on Deb based distributions
+ apt: name={{ mono_deb_prerequisites }} state=present cache_valid_time=1800
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: mono
+
+- block:
+ - name: Install the deb Mono repository key
+ apt_key:
+ keyserver: {{ mono_repo_server }}
+ url: {{ mono_repo_server }}
+ id: {[ mono_deb_repo_key_id }}
+
+ - name: Install the deb Mono repository
+ apt_repository:
+ repo: '{{ mono_deb_repo_url }}'
+ state: present
+ update_cache: yes
+
+ - name: Install the Mono packages on Deb based distributions
+ apt: name={{ mono_deb_packages }} state=present cache_valid_time=1800
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: mono
+
+- block:
+ - name: Install the RH Mono repository key
+ rpm_key:
+ state: present
+ key: {{ mono_rh_key }}
+
+ - name: Install the RH Mono repository
+ get_url:
+ dest: /etc/yum.repos.d/mono-{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo
+ url: {{ mono_rh_repo_url }}
+
+ - name: Install the Mono packages on RH based distributions
+ yum: name={{ mono_rh_packages }} state=present
+
+ when: ansible_distribution_file_variety != "Debian"
+ tags: mono
From 233b1984126d4195da358f85ab374100bf9fe7a9 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Wed, 20 Mar 2019 19:15:04 +0100
Subject: [PATCH 04/30] Specify the server port for the gpg repo key.
---
mono/defaults/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mono/defaults/main.yml b/mono/defaults/main.yml
index 41cbae1..a5738ab 100644
--- a/mono/defaults/main.yml
+++ b/mono/defaults/main.yml
@@ -1,5 +1,5 @@
---
-mono_repo_server: 'hkp://keyserver.ubuntu.com'
+mono_repo_server: 'hkp://keyserver.ubuntu.com:80'
mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
From 426c10d3f5c69e4a0fdcd313d830d8a2fa272164 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 21 Mar 2019 19:37:35 +0100
Subject: [PATCH 05/30] Adapt the postfix role so that it can be used on both
debian and RH based distributions.
---
postfix-relay/defaults/main.yml | 16 ++++++
postfix-relay/meta/main.yml | 4 +-
postfix-relay/tasks/smtp-common-packages.yml | 52 +++++++++++---------
postfix-relay/templates/main.cf.j2 | 23 +++++----
4 files changed, 59 insertions(+), 36 deletions(-)
diff --git a/postfix-relay/defaults/main.yml b/postfix-relay/defaults/main.yml
index eceb23b..9b7d549 100644
--- a/postfix-relay/defaults/main.yml
+++ b/postfix-relay/defaults/main.yml
@@ -1,6 +1,17 @@
---
postfix_enabled: True
postfix_install_packages: True
+
+postfix_relay_rh_pkgs:
+ - postfix
+ - cyrus-sasl-lib
+ - cyrus-sasl-plain
+ - cyrus-sasl-md5
+
+postfix_relay_deb_pkgs:
+ - postfix
+ - libsasl2-2
+
# Set it to true when you want configure your machine to send email to a relay
postfix_relay_client: False
postfix_biff: "no"
@@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True
+# Options: noanonymous, noplaintext
+postfix_smtp_sasl_security_options: noanonymous
+postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
+postfix_smtp_sasl_mechanism_filter: plain, login
+
# Set it in the local rules
#postfix_relay_host: smtp-relay.example.com
postfix_relay_port: 587
diff --git a/postfix-relay/meta/main.yml b/postfix-relay/meta/main.yml
index 51ba52d..5fae87e 100644
--- a/postfix-relay/meta/main.yml
+++ b/postfix-relay/meta/main.yml
@@ -1,3 +1,3 @@
---
-dependencies:
- - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
+#dependencies:
+# - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
diff --git a/postfix-relay/tasks/smtp-common-packages.yml b/postfix-relay/tasks/smtp-common-packages.yml
index a07eb47..f5b186c 100644
--- a/postfix-relay/tasks/smtp-common-packages.yml
+++ b/postfix-relay/tasks/smtp-common-packages.yml
@@ -1,11 +1,16 @@
---
- block:
+ - name: Install postfix and libsas to do mail relay on deb systems
+ apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
+ when: ansible_distribution_file_variety == "Debian"
- - name: Install postfix and libsas to do mail relay
- action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
- with_items:
- - postfix
- - libsasl2-2
+ - name: Install postfix and libsas to do mail relay on RH systems
+ yum: pkg={{ postfix_relay_rh_pkgs }} state=present
+ when: ansible_distribution_file_variety == "RedHat"
+
+ - name: Remove the ssmtp package on RH systems
+ yum: pkg=ssmtp state=absent
+ when: ansible_distribution_file_variety == "RedHat"
- name: Write the postfix main configuration file
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
@@ -15,18 +20,6 @@
template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
notify: Restart postfix
- - name: Install the postfix NRPE nagios check
- copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
- with_items: '{{ postfix_nagios_checks }}'
- when: postfix_nagios_check
- tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
- - name: Install the postfix NRPE command configuration
- template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
- notify: Reload NRPE server
- when: postfix_nagios_check
- tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
- name: Ensure that postfix is started and enabled
service: name=postfix state=started enabled=yes
when: postfix_enabled
@@ -39,12 +32,27 @@
tags: postfix-relay
- block:
+ - name: Install the postfix NRPE nagios check
+ copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
+ with_items: '{{ postfix_nagios_checks }}'
- - name: Remove postfix and libsas
- action: apt pkg={{ item }} state=absent
- with_items:
- - postfix
- - libsasl2-2
+ - name: Install the postfix NRPE command configuration
+ template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
+ notify: Reload NRPE server
+
+ when:
+ - postfix_install_packages
+ - postfix_nagios_check
+ tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
+
+- block:
+ - name: Remove postfix and libsas on deb systems
+ action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
+ when: ansible_distribution_file_variety == "Debian"
+
+ - name: Remove postfix and libsas to do mail relay on RH systems
+ yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
+ when: ansible_distribution_file_variety == "RedHat"
when: not postfix_install_packages
tags: postfix-relay
diff --git a/postfix-relay/templates/main.cf.j2 b/postfix-relay/templates/main.cf.j2
index d934150..a95cfb2 100644
--- a/postfix-relay/templates/main.cf.j2
+++ b/postfix-relay/templates/main.cf.j2
@@ -1,8 +1,3 @@
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
smtpd_banner = $myhostname ESMTP $mail_name
biff = {{ postfix_biff }}
@@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = {{ ansible_fqdn }}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
+{% if domain_name is defined %}
+myorigin = {{ domain_name }}
+{% else %}
+myorigin = {{ ansible_fqdn }}
+{% endif %}
mydestination = {{ ansible_fqdn }}, localhost
{% if postfix_use_relay_host %}
relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
{% endif %}
{% if not postfix_relay_server %}
mynetworks = 127.0.0.1
-inet_interfaces = localhost, ip6-localhost
+inet_interfaces = localhost
inet_protocols = ipv4
{% endif %}
mailbox_size_limit = 0
@@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
{% if postfix_use_sasl_auth %}
smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
-smtp_sasl_tls_security_options = noanonymous
-smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
+smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
+smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relay_server %}
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
-smtpd_sasl_tls_security_options = noanonymous
+smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
+smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtpd_helo_required = yes
mynetworks = {{ postfix_mynetworks }}
inet_interfaces = {{ postfix_interfaces }}
From a96cda67265550df84a49577d19df0ca6f6f727a Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 21 Mar 2019 19:41:22 +0100
Subject: [PATCH 06/30] nextcloud: New default version.
---
nextcloud/defaults/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nextcloud/defaults/main.yml b/nextcloud/defaults/main.yml
index 5b84253..7de5d79 100644
--- a/nextcloud/defaults/main.yml
+++ b/nextcloud/defaults/main.yml
@@ -1,5 +1,5 @@
---
-nextcloud_version: 13.0.4
+nextcloud_version: 15.0.5
nextcloud_dist_filename: 'nextcloud-{{ nextcloud_version }}.tar.bz2'
nextcloud_download_url: 'https://download.nextcloud.com/server/releases/{{ nextcloud_dist_filename }}'
nextcloud_use_redis: True
From 2399031c921a93f7b7f467109a05ad3c783ef3ab Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 21 Mar 2019 20:21:29 +0100
Subject: [PATCH 07/30] Fix the mono repo key server, and a typo.
---
mono/defaults/main.yml | 2 +-
mono/tasks/main.yml | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/mono/defaults/main.yml b/mono/defaults/main.yml
index a5738ab..f6daeb8 100644
--- a/mono/defaults/main.yml
+++ b/mono/defaults/main.yml
@@ -1,5 +1,5 @@
---
-mono_repo_server: 'hkp://keyserver.ubuntu.com:80'
+mono_repo_server: 'keyserver.ubuntu.com'
mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
diff --git a/mono/tasks/main.yml b/mono/tasks/main.yml
index 9f09a27..552e111 100644
--- a/mono/tasks/main.yml
+++ b/mono/tasks/main.yml
@@ -10,8 +10,7 @@
- name: Install the deb Mono repository key
apt_key:
keyserver: {{ mono_repo_server }}
- url: {{ mono_repo_server }}
- id: {[ mono_deb_repo_key_id }}
+ id: {{ mono_deb_repo_key_id }}
- name: Install the deb Mono repository
apt_repository:
From 105fc0bcfc1c3e94c8b9c85e33bdddc4a8e7bea7 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 21 Mar 2019 22:49:58 +0100
Subject: [PATCH 08/30] Role that installs the onlyoffice portal service.
---
onlyoffice_portal/defaults/main.yml | 6 ++++
onlyoffice_portal/meta/main.yml | 4 +++
onlyoffice_portal/tasks/main.yml | 35 ++++++++++++++++++
.../templates/onlyoffice-letsencrypt.sh | 36 +++++++++++++++++++
onlyoffice_portal/vars/main.yml | 4 +++
5 files changed, 85 insertions(+)
create mode 100644 onlyoffice_portal/defaults/main.yml
create mode 100644 onlyoffice_portal/meta/main.yml
create mode 100644 onlyoffice_portal/tasks/main.yml
create mode 100644 onlyoffice_portal/templates/onlyoffice-letsencrypt.sh
create mode 100644 onlyoffice_portal/vars/main.yml
diff --git a/onlyoffice_portal/defaults/main.yml b/onlyoffice_portal/defaults/main.yml
new file mode 100644
index 0000000..973543c
--- /dev/null
+++ b/onlyoffice_portal/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+onlyoffice_deb_repo_key: CB2DE8E5
+onlyoffice_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_deb_packages: onlyoffice-communityserver
+onlyoffice_letsencrypt_managed: True
diff --git a/onlyoffice_portal/meta/main.yml b/onlyoffice_portal/meta/main.yml
new file mode 100644
index 0000000..6fe1960
--- /dev/null
+++ b/onlyoffice_portal/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+ - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+ - { role: '../../library/roles/mono' }
diff --git a/onlyoffice_portal/tasks/main.yml b/onlyoffice_portal/tasks/main.yml
new file mode 100644
index 0000000..2fc2356
--- /dev/null
+++ b/onlyoffice_portal/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- block:
+ - name: Install the deb OnlyOffice repository key
+ apt_key:
+ keyserver: {{ onlyoffice_deb_repo_key_server }}
+ id: {{ onlyoffice_deb_repo_key }}
+
+ - name: Install the deb Mono repository
+ apt_repository:
+ repo: '{{ onlyoffice_deb_repo }}'
+ state: present
+ update_cache: yes
+
+ - name: Install the Mono packages on Deb based distributions
+ apt: name={{ onlyoffice_deb_packages }} state=present cache_valid_time=1800
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: onlyoffice
+
+- block:
+ - name: Install a letsencrypt acme hook
+ template: src=onlyoffice-letsencrypt.sh dest=/usr/lib/acme/hooks/onlyoffice owner=root group=root mode=4555
+
+ - name: Run the letsencrypt acme hook if the certificates are not in place
+ shell: /usr/lib/acme/hooks/onlyoffice
+ args:
+ creates: /var/www/onlyoffice/Data/certs/onlyoffice.key
+ register: initialize_onlyoffice_https
+
+ - name: Reconfigure the OnlyOffice service for https
+ shell: /var/www/onlyoffice/Tools/default-onlyoffice-ssl.sh
+ when: initialize_onlyoffice_https is changed
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: [ 'onlyoffic', 'letsencrypt' ]
diff --git a/onlyoffice_portal/templates/onlyoffice-letsencrypt.sh b/onlyoffice_portal/templates/onlyoffice-letsencrypt.sh
new file mode 100644
index 0000000..38e065c
--- /dev/null
+++ b/onlyoffice_portal/templates/onlyoffice-letsencrypt.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+LE_CERTS_DIR="{{ letsencrypt_acme_certs_dir }}"
+LE_LOG_DIR=/var/log/letsencrypt
+LE_LOG_FILE=$LE_LOG_DIR/onlyoffice.log
+onlyoffice_certdir=/var/www/onlyoffice/Data/certs
+
+DATE=$( date )
+
+[ ! -d "$onlyoffice_certdir" ] && mkdir -p "$onlyoffice_certdir"
+[ ! -d "$LE_LOG_DIR" ] && mkdir "$LE_LOG_DIR"
+echo "$DATE" >> "$LE_LOG_DIR/postgresql.log"
+
+if [ -f /etc/default/letsencrypt ] ; then
+ . /etc/default/letsencrypt
+else
+ echo "No letsencrypt default file" >> $LE_LOG_FILE
+fi
+
+echo "Copy the key file" >> $LE_LOG_FILE
+cp "${LE_CERTS_DIR}/privkey" $onlyoffice_certdir/onlyoffice.key
+chmod 400 $onlyoffice_certdir/onlyoffice.key
+chown root:root $onlyoffice_certdir/onlyoffice.key
+cp "${LE_CERTS_DIR}/cert" $onlyoffice_certdir/onlyoffice.crt
+chmod 400 $onlyoffice_certdir/onlyoffice.crt
+chown root:root $onlyoffice_certdir/onlyoffice.crt
+
+echo "Restart the onlyoffice service" >> $LE_LOG_FILE
+if [ -x /bin/systemctl ] ; then
+ systemctl reload nginx >> $LE_LOG_FILE 2>&1
+else
+ service nginx reload >> $LE_LOG_FILE 2>&1
+fi
+echo "Done." >> $LE_LOG_FILE
+
+exit 0
\ No newline at end of file
diff --git a/onlyoffice_portal/vars/main.yml b/onlyoffice_portal/vars/main.yml
new file mode 100644
index 0000000..65064b5
--- /dev/null
+++ b/onlyoffice_portal/vars/main.yml
@@ -0,0 +1,4 @@
+---
+letsencrypt_acme_install: True
+http_port: 80
+https_port: 443
From 66bb6e3db48e02e96a94efb7b868c9f8aa26869e Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Fri, 22 Mar 2019 17:27:53 +0100
Subject: [PATCH 09/30] Fix the packages installation task.
---
fail2ban/tasks/fail2ban.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fail2ban/tasks/fail2ban.yml b/fail2ban/tasks/fail2ban.yml
index 74e76d7..6b00765 100644
--- a/fail2ban/tasks/fail2ban.yml
+++ b/fail2ban/tasks/fail2ban.yml
@@ -1,7 +1,6 @@
---
- name: Install fail2ban on ubuntu >= 14.04 and debian >= 8
- apt: pkg={{ item }} state=present
- with_items: '{{ f2b_packages }}'
+ apt: pkg={{ f2b_packages }} state=present
tags: fail2ban
- name: Ensure that fail2ban is enabled and running
From ee585a6ac4b0b9838c67308113d44a09a875c97e Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Fri, 22 Mar 2019 17:28:06 +0100
Subject: [PATCH 10/30] Fix the packages installation task.
---
iptables/defaults/main.yml | 4 ++++
iptables/tasks/main.yml | 5 +----
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/iptables/defaults/main.yml b/iptables/defaults/main.yml
index 9da4e53..4726177 100644
--- a/iptables/defaults/main.yml
+++ b/iptables/defaults/main.yml
@@ -1,4 +1,8 @@
---
+iptables_deb_pkgs:
+ - iptables
+ - iptables-persistent
+
#
# Reference only. Check the iptables-rules.v4.j2 for the list of accepted variables
#
diff --git a/iptables/tasks/main.yml b/iptables/tasks/main.yml
index 06ea7fa..5441f83 100644
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@@ -1,10 +1,7 @@
---
- block:
- name: Install the needed iptables packages
- apt: pkg={{ item }} state=present
- with_items:
- - iptables
- - iptables-persistent
+ apt: pkg={{ iptables_deb_pkgs }} state=present cache_valid_time=1800
- name: Create the /etc/iptables directory when needed
file: dest=/etc/iptables state=directory owner=root group=root mode=0755
From 7c19e0a3c73c740c60277e8657d87b3fc3a9d125 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Sat, 23 Mar 2019 11:24:24 +0100
Subject: [PATCH 11/30] Fix the apt tasks.
---
nginx/tasks/nginx.yml | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/nginx/tasks/nginx.yml b/nginx/tasks/nginx.yml
index 897b376..7b1ee0b 100644
--- a/nginx/tasks/nginx.yml
+++ b/nginx/tasks/nginx.yml
@@ -7,26 +7,20 @@
tags: [ 'nginx', 'nginx_ppa' ]
- name: Install the nginx web server
- apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
- with_items:
- - nginx-full
+ apt: pkg=nginx-full state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when:
- not nginx_use_ldap_pam_auth
- ansible_distribution_major_version <= '14'
tags: nginx
- name: Install the nginx web server if we need ldap auth via pam
- apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
- with_items:
- - nginx-extras
+ apt: pkg=nginx-extras state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when:
- nginx_use_ldap_pam_auth
- ansible_distribution_major_version <= '14'
tags: nginx
- name: Install the nginx web server on Ubuntu >= 16.04
- apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
- with_items:
- - nginx
+ apt: pkg=nginx state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when: ansible_distribution_major_version >= '16'
tags: nginx
From 23e9010dfcc320dab91b6d597cdae11c3925b502 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 13:15:39 +0100
Subject: [PATCH 12/30] rabbitmq: some cleanup.
---
rabbitmq/defaults/main.yml | 2 ++
rabbitmq/tasks/main.yml | 5 ++---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/rabbitmq/defaults/main.yml b/rabbitmq/defaults/main.yml
index 9a65589..70abda0 100644
--- a/rabbitmq/defaults/main.yml
+++ b/rabbitmq/defaults/main.yml
@@ -13,6 +13,8 @@ rabbitmq_disabled_plugins: ''
rabbitmq_default_f: /etc/default/rabbitmq-server
rabbitmq_fileno: 4096
rabbitmq_admin_u: r_admin
+#rabbitmq_admin_pwd: use a vault file
+
#
# See http://www.rabbitmq.com/networking.html
# 4369 (epmd), 25672 (Erlang distribution)
diff --git a/rabbitmq/tasks/main.yml b/rabbitmq/tasks/main.yml
index b1aef7b..cc68618 100644
--- a/rabbitmq/tasks/main.yml
+++ b/rabbitmq/tasks/main.yml
@@ -7,8 +7,7 @@
apt_repository: repo='{{ rabbitmq_repo }}' state=present
- name: Install the rabbitMQ package
- apt: pkg={{ item }} state={{ rabbitmq_pkg_state }} update_cache=yes
- with_items: '{{ rabbitmq_server_pkg }}'
+ apt: pkg={{ rabbitmq_server_pkg }} state={{ rabbitmq_pkg_state }} update_cache=yes
- name: Set the rabbitMQ max files
lineinfile: name={{ rabbitmq_default_f }} regexp="^ulimit" line="ulimit -n {{ rabbitmq_fileno }}"
@@ -18,7 +17,7 @@
rabbitmq_plugin: names={{ rabbitmq_enabled_plugins }} state=enabled
- name: Disable some rabbitMQ plugins
- rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default('') }} state=disabled
+ rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default([]) }} state=disabled
- name: Create an admin user
rabbitmq_user: user={{ rabbitmq_admin_u }} password={{ rabbitmq_admin_pwd | default('changemeASAP') }} tags=administrator vhost=/ configure_priv=.* read_priv=.* write_priv=.* state=present
From ba175a030ab1f2b64a619f493219c8088bdb267c Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 13:16:48 +0100
Subject: [PATCH 13/30] redis: Fix the apt tasks.
---
redis/tasks/main.yml | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml
index fd77cb6..1103643 100644
--- a/redis/tasks/main.yml
+++ b/redis/tasks/main.yml
@@ -4,8 +4,7 @@
apt_repository: repo='{{ redis_ppa_repo }}' update_cache=yes
- name: Install the Redis packages
- apt: name={{ item }} state={{ redis_pkg_state }} cache_valid_time=1800
- with_items: '{{ redis_server_pkg }}'
+ apt: name={{ redis_server_pkg }} state={{ redis_pkg_state }} cache_valid_time=1800
- name: Install the Redis configuration
template: src={{ item }}.j2 dest=/etc/redis/{{ item }} owner=redis group=redis mode=0440
@@ -29,8 +28,7 @@
service: name=redis-server state=stopped enabled=no
- name: Remove the Redis packages
- apt: name={{ item }} state=absent
- with_items: '{{ redis_server_pkg }}'
+ apt: name={{ redis_server_pkg }} state=absent
- name: Remove the Redis PPA
apt_repository: repo='{{ redis_ppa_repo }}' state=absent update_cache=yes
From 140a916e990ef9eb73994d1083bf7c69c99f15fd Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 13:19:47 +0100
Subject: [PATCH 14/30] node_js: fix the apt tasks.
---
node_js/tasks/main.yml | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/node_js/tasks/main.yml b/node_js/tasks/main.yml
index 44cdce1..0dc52db 100644
--- a/node_js/tasks/main.yml
+++ b/node_js/tasks/main.yml
@@ -7,8 +7,7 @@
with_items: '{{ node_js_repo_urls }}'
- name: Install the Node.js packages
- apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
- with_items: '{{ node_js_pkgs }}'
+ apt: pkg={{ node_js_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
tags: [ 'nodejs', 'node_js' ]
@@ -21,8 +20,7 @@
with_items: '{{ node_js_yarn_repo_urls }}'
- name: Install the Node.js yarn packages
- apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
- with_items: '{{ node_js_yarn_pkgs }}'
+ apt: pkg={{ node_js_yarn_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
when: node_js_yarn_install
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
@@ -33,8 +31,7 @@
with_items: '{{ node_js_yarn_repo_urls }}'
- name: Install the Node.js yarn packages
- apt: pkg={{ item }} state=absent update_cache=True cache_valid_time=1800
- with_items: '{{ node_js_yarn_pkgs }}'
+ apt: pkg={{ node_js_yarn_pkgs }} state=absent update_cache=True cache_valid_time=1800
when: not node_js_yarn_install
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
From 69ad68c14e9639eab3c660d788d289acb0f8c97b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Mon, 25 Mar 2019 14:18:28 +0100
Subject: [PATCH 15/30] Move the dataminer components roles into the
dataminer_app dependencies.
---
smartgears/dataminer_app/meta/main.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/smartgears/dataminer_app/meta/main.yml b/smartgears/dataminer_app/meta/main.yml
index 2fbb345..a0f1937 100644
--- a/smartgears/dataminer_app/meta/main.yml
+++ b/smartgears/dataminer_app/meta/main.yml
@@ -4,3 +4,7 @@ dependencies:
- { role: ../../library/roles/conda, when: dataminer_conda_install }
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
- { role: ../../library/roles/python3-env, when: py3_env_install }
+ - { role: ../../library/roles/pandoc }
+ - { role: ../../library/roles/octave, when: octave_install }
+ - { role: ../../library/roles/ubuntugis, when: ubuntugis_repo_install }
+ - { role: ../../library/roles/R, when: r_install }
From 57f53d6ef4079fd99556a6b5cb856f5dc01bbb9a Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 17:36:56 +0100
Subject: [PATCH 16/30] Split the dataminer playbook.
---
smartgears/{dataminer_app => dataminer-service}/meta/main.yml | 1 +
1 file changed, 1 insertion(+)
rename smartgears/{dataminer_app => dataminer-service}/meta/main.yml (89%)
diff --git a/smartgears/dataminer_app/meta/main.yml b/smartgears/dataminer-service/meta/main.yml
similarity index 89%
rename from smartgears/dataminer_app/meta/main.yml
rename to smartgears/dataminer-service/meta/main.yml
index a0f1937..393590a 100644
--- a/smartgears/dataminer_app/meta/main.yml
+++ b/smartgears/dataminer-service/meta/main.yml
@@ -1,6 +1,7 @@
---
dependencies:
- { role: ../../library/roles/smartgears/smartgears-service }
+ - { role: ../../library/roles/smartgears/dataminer_app }
- { role: ../../library/roles/conda, when: dataminer_conda_install }
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
- { role: ../../library/roles/python3-env, when: py3_env_install }
From 99f51f02faf6e5b852226dbecbb93854521118a4 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 17:37:27 +0100
Subject: [PATCH 17/30] Split the smartgears base playbook.
---
smartgears/smartgears-service/meta/main.yml | 1 +
smartgears/smartgears/meta/main.yml | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/smartgears/smartgears-service/meta/main.yml b/smartgears/smartgears-service/meta/main.yml
index b94071c..1628c6f 100644
--- a/smartgears/smartgears-service/meta/main.yml
+++ b/smartgears/smartgears-service/meta/main.yml
@@ -1,5 +1,6 @@
---
dependencies:
+ - role: '../../library/roles/tomcat-multiple-instances'
- { role: '../../library/roles/smartgears/smartgears' }
- { role: '../../library/roles/smartgears/smartgears-nginx-frontend', when: setup_nginx is defined and setup_nginx }
- { role: '../../library/roles/smartgears/resource_updater', when: resource_updater_install is defined }
diff --git a/smartgears/smartgears/meta/main.yml b/smartgears/smartgears/meta/main.yml
index a30f4a7..c8f4f0a 100644
--- a/smartgears/smartgears/meta/main.yml
+++ b/smartgears/smartgears/meta/main.yml
@@ -1,3 +1,3 @@
---
-dependencies:
- - role: '../../library/roles/tomcat-multiple-instances'
+#dependencies:
+# - role: '../../library/roles/tomcat-multiple-instances'
From ab08cce03e218453d762e666f2184bb995f97042 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 20:17:53 +0100
Subject: [PATCH 18/30] Enable url_fopen for nextcloud.
---
nextcloud/vars/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nextcloud/vars/main.yml b/nextcloud/vars/main.yml
index e69794e..4fa8055 100644
--- a/nextcloud/vars/main.yml
+++ b/nextcloud/vars/main.yml
@@ -32,7 +32,7 @@ phpfpm_default_memory_limit: "512M"
php_global_settings:
- { option: 'always_populate_raw_post_data', value: '-1' }
- - { option: 'allow_url_fopen', value: 'off' }
+ - { option: 'allow_url_fopen', value: 'on' }
- { option: 'max_execution_time', value: '240' }
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
- { option: 'max_input_vars', value: '1400' }
From 78cb5df2d445281dac4f83dff5e5c9ad5463cb1b Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 20:18:10 +0100
Subject: [PATCH 19/30] rabbitmq: remove a not existant module from the list.
---
rabbitmq/defaults/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rabbitmq/defaults/main.yml b/rabbitmq/defaults/main.yml
index 70abda0..0781b84 100644
--- a/rabbitmq/defaults/main.yml
+++ b/rabbitmq/defaults/main.yml
@@ -6,7 +6,7 @@ rabbitmq_pkg_state: present
rabbitmq_server_pkg:
- rabbitmq-server
-rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp,webmachine'
+rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp'
rabbitmq_disabled_plugins: ''
From 148c098f9f00b4384636d0926ee3339656256125 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Mon, 25 Mar 2019 20:18:48 +0100
Subject: [PATCH 20/30] Role that installs the onlyoffice document server.
---
onlyoffice_docserver/defaults/main.yml | 25 +++++++++++
onlyoffice_docserver/handlers/main.yml | 6 +++
onlyoffice_docserver/meta/main.yml | 6 +++
onlyoffice_docserver/tasks/main.yml | 34 +++++++++++++++
.../onlyoffice-documentserver-ssl.conf | 43 +++++++++++++++++++
onlyoffice_docserver/vars/main.yml | 12 ++++++
6 files changed, 126 insertions(+)
create mode 100644 onlyoffice_docserver/defaults/main.yml
create mode 100644 onlyoffice_docserver/handlers/main.yml
create mode 100644 onlyoffice_docserver/meta/main.yml
create mode 100644 onlyoffice_docserver/tasks/main.yml
create mode 100644 onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf
create mode 100644 onlyoffice_docserver/vars/main.yml
diff --git a/onlyoffice_docserver/defaults/main.yml b/onlyoffice_docserver/defaults/main.yml
new file mode 100644
index 0000000..cae6dc4
--- /dev/null
+++ b/onlyoffice_docserver/defaults/main.yml
@@ -0,0 +1,25 @@
+---
+onlyoffice_docserver_deb_repo_key: CB2DE8E5
+onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_docserver_deb_packages: onlyoffice-communityserver
+onlyoffice_docserver_letsencrypt_managed: True
+
+onlyoffice_docserver_use_nginx_role: True
+
+onlyoffice_docserver_deb_packages_dependencies:
+ - libcurl3
+ - libxml2
+ - supervisor
+ - fonts-dejavu
+ - fonts-liberation
+ - ttf-mscorefonts-installer
+ - fonts-crosextra-carlito
+ - fonts-takao-gothic
+ - fonts-opensymbol
+ - npm
+ - nginx-extras
+
+onlyoffice_docserver_packages:
+ - onlyoffice-documentserver
+
diff --git a/onlyoffice_docserver/handlers/main.yml b/onlyoffice_docserver/handlers/main.yml
new file mode 100644
index 0000000..f48f37d
--- /dev/null
+++ b/onlyoffice_docserver/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Reload nginx
+ service:
+ name: nginx
+ enabled: yes
+ state: reloaded
diff --git a/onlyoffice_docserver/meta/main.yml b/onlyoffice_docserver/meta/main.yml
new file mode 100644
index 0000000..0d66776
--- /dev/null
+++ b/onlyoffice_docserver/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+ - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+ - { role: '../../library/roles/redis' }
+ - { role: '../../library/roles/rabbitmq' }
+ - { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role }
diff --git a/onlyoffice_docserver/tasks/main.yml b/onlyoffice_docserver/tasks/main.yml
new file mode 100644
index 0000000..e1aa9ee
--- /dev/null
+++ b/onlyoffice_docserver/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- block:
+ - name: Install the deb OnlyOffice repository key
+ apt_key:
+ keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}'
+ id: '{{ onlyoffice_docserver_deb_repo_key }}'
+
+ - name: Install the deb OnlyOffice repository
+ apt_repository:
+ repo: '{{ onlyoffice_docserver_deb_repo }}'
+ state: present
+ update_cache: yes
+
+ - name: Install the OnlyOffice document server deb dependencies
+ apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
+
+ - name: The OnlyOffice document server packages must be done manually, because it is interactive
+ debug:
+ msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
+
+# - name: Install the OnlyOffice document server package
+# apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: onlyoffice
+
+- block:
+ - name: Install the OnlyOffice document server configuration that enables SSL
+ template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
+ when: onlyoffice_docserver_use_nginx_role
+ notify: Reload nginx
+
+ when: ansible_distribution_file_variety == "Debian"
+ tags: [ 'onlyoffice', 'letsencrypt' ]
diff --git a/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf b/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf
new file mode 100644
index 0000000..0ca187f
--- /dev/null
+++ b/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf
@@ -0,0 +1,43 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+
+## Normal HTTP host
+server {
+ listen 0.0.0.0:80;
+ listen [::]:80 default_server;
+ server_name _;
+ server_tokens off;
+
+ include /etc/nginx/snippets/letsencrypt-proxy.conf;
+ ## Redirects all traffic to the HTTPS host
+ root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+ rewrite ^ https://$host$request_uri? permanent;
+}
+
+#HTTP host for internal services
+server {
+ listen 127.0.0.1:80;
+ listen [::1]:80;
+ server_name localhost;
+ server_tokens off;
+
+ include /etc/nginx/snippets/letsencrypt-proxy.conf;
+ include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
+ include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
+}
+
+## HTTPS host
+server {
+ listen 0.0.0.0:443 ssl http2;
+ listen [::]:443 ssl http2 default_server;
+ server_tokens off;
+ root /usr/share/nginx/html;
+
+ ## Strong SSL Security
+ ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+ ssl on;
+ include /etc/nginx/snippets/nginx-server-ssl.conf;
+ # add_header X-Frame-Options SAMEORIGIN;
+ add_header X-Content-Type-Options nosniff;
+ include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+
+}
diff --git a/onlyoffice_docserver/vars/main.yml b/onlyoffice_docserver/vars/main.yml
new file mode 100644
index 0000000..de3a4f7
--- /dev/null
+++ b/onlyoffice_docserver/vars/main.yml
@@ -0,0 +1,12 @@
+---
+http_port: 80
+https_port: 443
+redis_install: True
+
+psql_postgresql_install: True
+pg_use_postgresql_org_repo: True
+psql_version: 11
+pg_backup_retain_copies: 2
+
+psql_db_data:
+ - { name: 'onlyoffice', encoding: 'UTF8', user: 'onlyoffice', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }
From 8c2bc364c9434557d5387669561707080bac00b1 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Tue, 26 Mar 2019 13:56:48 +0100
Subject: [PATCH 21/30] Fix the letsencrypt acmetool apt task.
---
letsencrypt-acmetool-client/tasks/main.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml
index fabcfc8..d114f97 100644
--- a/letsencrypt-acmetool-client/tasks/main.yml
+++ b/letsencrypt-acmetool-client/tasks/main.yml
@@ -36,8 +36,7 @@
tags: letsencrypt
- name: Install the letsencrypt acmetool package and some deps
- apt: pkg={{ item }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
- with_items: '{{ letsencrypt_acme_pkgs }}'
+ apt: pkg={{ letsencrypt_acme_pkgs }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
when:
- letsencrypt_acme_install
- letsencrypt_pkg_install
From 2ed9ff6e09431731c921d8e2555763a9ae1fe600 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 15:21:55 +0100
Subject: [PATCH 22/30] onlyoffice document server: install the local
configuration settings from a template.
---
onlyoffice_docserver/defaults/main.yml | 11 +++++++++++
onlyoffice_docserver/tasks/main.yml | 24 +++++++++++++++---------
onlyoffice_docserver/vars/main.yml | 3 ++-
3 files changed, 28 insertions(+), 10 deletions(-)
diff --git a/onlyoffice_docserver/defaults/main.yml b/onlyoffice_docserver/defaults/main.yml
index cae6dc4..bf75c98 100644
--- a/onlyoffice_docserver/defaults/main.yml
+++ b/onlyoffice_docserver/defaults/main.yml
@@ -23,3 +23,14 @@ onlyoffice_docserver_deb_packages_dependencies:
onlyoffice_docserver_packages:
- onlyoffice-documentserver
+onlyoffice_docserver_db_host: localhost
+onlyoffice_docserver_db_user: onlyoffice
+onlyoffice_docserver_db_name: onlyoffice
+#onlyoffice_docserver_db_pwd: 'put it into a vault file'
+
+onlyoffice_docserver_redis_host: localhost
+
+onlyoffice_docserver_rabbitmq_url: 'amqp://guest:guest@localhost'
+
+onlyoffice_docserver_use_a_secret_key: 'true'
+#onlyoffice_docserver_secret_key: 'put it into a vault file'
\ No newline at end of file
diff --git a/onlyoffice_docserver/tasks/main.yml b/onlyoffice_docserver/tasks/main.yml
index e1aa9ee..9b09523 100644
--- a/onlyoffice_docserver/tasks/main.yml
+++ b/onlyoffice_docserver/tasks/main.yml
@@ -14,6 +14,21 @@
- name: Install the OnlyOffice document server deb dependencies
apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
+ - name: Create some OnlyOffice directories where we will install our config files
+ file: dest={{ item }} state=directory
+ with_items:
+ - /etc/onlyoffice/documentserver
+ - /etc/onlyoffice/documentserver/nginx
+
+ - name: Install the OnlyOffice local configuration from a template
+ template: src=local.json dest=/etc/onlyoffice/documentserver/local.json owner=root group=root mode=0444
+
+ - name: Install the OnlyOffice document server configuration that enables SSL
+ template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
+ when: onlyoffice_docserver_letsencrypt_managed
+ notify: Reload nginx
+ tags: [ 'onlyoffice', 'letsencrypt', 'nginx' ]
+
- name: The OnlyOffice document server packages must be done manually, because it is interactive
debug:
msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
@@ -23,12 +38,3 @@
when: ansible_distribution_file_variety == "Debian"
tags: onlyoffice
-
-- block:
- - name: Install the OnlyOffice document server configuration that enables SSL
- template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
- when: onlyoffice_docserver_use_nginx_role
- notify: Reload nginx
-
- when: ansible_distribution_file_variety == "Debian"
- tags: [ 'onlyoffice', 'letsencrypt' ]
diff --git a/onlyoffice_docserver/vars/main.yml b/onlyoffice_docserver/vars/main.yml
index de3a4f7..6b1bd97 100644
--- a/onlyoffice_docserver/vars/main.yml
+++ b/onlyoffice_docserver/vars/main.yml
@@ -9,4 +9,5 @@ psql_version: 11
pg_backup_retain_copies: 2
psql_db_data:
- - { name: 'onlyoffice', encoding: 'UTF8', user: 'onlyoffice', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }
+ - { name: '{{ onlyoffice_docserver_db_name }}', encoding: 'UTF8', user: '{{ onlyoffice_docserver_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }
+
From 56c60b92ee598236211b77582b8f7eca2a29d964 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 15:47:21 +0100
Subject: [PATCH 23/30] nextcloud: change the default PHP version.
---
nextcloud/vars/main.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nextcloud/vars/main.yml b/nextcloud/vars/main.yml
index 4fa8055..a056f3e 100644
--- a/nextcloud/vars/main.yml
+++ b/nextcloud/vars/main.yml
@@ -6,7 +6,7 @@ redis_install: True
http_port: 80
https_port: 443
-php_version: 7.0
+php_version: 7.2
phpfpm_base_dir: '/etc/php/{{ php_version }}/fpm'
phpfpm_cli_dir: '/etc/php/{{ php_version }}/cli'
From c5dd7a06611d307b078af234ffbd1605a1095b76 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 16:42:58 +0100
Subject: [PATCH 24/30] nextcloud: remove the php-mcrypt from the packages
list, it is part of the core distribution.
---
nextcloud/vars/main.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/nextcloud/vars/main.yml b/nextcloud/vars/main.yml
index a056f3e..3e98d2e 100644
--- a/nextcloud/vars/main.yml
+++ b/nextcloud/vars/main.yml
@@ -16,7 +16,6 @@ php_fpm_packages:
- 'php{{ php_version }}-json'
- 'php{{ php_version }}-ldap'
- 'php{{ php_version }}-{{ nextcloud_db }}'
- - 'php{{ php_version }}-mcrypt'
- 'php{{ php_version }}-xml'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-intl'
From 34926ad30577e03deeacea8827353f43d2995c24 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 16:47:30 +0100
Subject: [PATCH 25/30] Fix the apt tasks.
---
php-fpm/tasks/main.yml | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/php-fpm/tasks/main.yml b/php-fpm/tasks/main.yml
index ac631f2..fa29e7c 100644
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
@@ -11,13 +11,11 @@
tags: [ 'php', 'php_ppa' ]
- name: Install the php-fpm package
- apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
- with_items: '{{ php_fpm_packages }}'
+ apt: pkg={{ php_fpm_packages }} state=present update_cache=yes cache_valid_time=3600
tags: php
- name: Install additional php packages
- apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
- with_items: '{{ php_additional_packages | default([]) }}'
+ apt: pkg={{ php_additional_packages | default([]) }} state=present update_cache=yes cache_valid_time=3600
tags: php
- name: Set the timezone if we have one
From 3f7e05bdf09952c0ef004cd7fb394180bc80d1fb Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 17:42:22 +0100
Subject: [PATCH 26/30] postgres: fix the apt tasks.
---
postgresql/tasks/packages.yml | 17 ++++++++---------
postgresql/tasks/pgpool-ii.yml | 6 ++----
postgresql/tasks/postgis.yml | 3 +--
postgresql/tasks/postgres_pgpool.yml | 3 +--
4 files changed, 12 insertions(+), 17 deletions(-)
diff --git a/postgresql/tasks/packages.yml b/postgresql/tasks/packages.yml
index cc61f11..604f93e 100644
--- a/postgresql/tasks/packages.yml
+++ b/postgresql/tasks/packages.yml
@@ -1,12 +1,11 @@
---
-- name: install the postgresql packages
- apt: pkg={{ item }} state={{ psql_pkg_state }}
- with_items: '{{ postgresql_pkgs }}'
- notify: Restart postgresql
- tags: [ 'postgresql', 'postgres' ]
-
-- name: Install the packages that ansible needs to manage the postgresql users and databases
- apt: pkg={{ item }} state={{ psql_pkg_state }}
- with_items: '{{ psql_ansible_needed_pkgs }}'
+- block:
+ - name: Install the packages that ansible needs to manage the postgresql users and databases
+ apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }}
+
+ - name: install the postgresql packages
+ apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }}
+ notify: Restart postgresql
+
tags: [ 'postgresql', 'postgres' ]
diff --git a/postgresql/tasks/pgpool-ii.yml b/postgresql/tasks/pgpool-ii.yml
index 90f988d..b6e31f5 100644
--- a/postgresql/tasks/pgpool-ii.yml
+++ b/postgresql/tasks/pgpool-ii.yml
@@ -1,8 +1,7 @@
---
- block:
- name: Install the pgpool package
- apt: name={{ item }} state={{ psql_pgpool_pkg_state }}
- with_items: '{{ pgpool_pkgs }}'
+ apt: name={{ pgpool_pkgs }} state={{ psql_pgpool_pkg_state }} cache_valid_time=1800
- name: Configure pcp
#template: src=pcp.conf.j2 dest=/etc/pgpool2/pcp.conf owner=root group=postgres mode=0640
@@ -59,8 +58,7 @@
service: name=pgpool2 state=stopped enabled=no
- name: Install the pgpool packages
- apt: name={{ item }} state=absent
- with_items: '{{ pgpool_pkgs }}'
+ apt: name={{ pgpool_pkgs }} state=absent
- name: Remove the pgpool failover sudoers file
file: dest=/etc/sudoers.d/pgpool-wd state=absent
diff --git a/postgresql/tasks/postgis.yml b/postgresql/tasks/postgis.yml
index 6c432f6..55f1168 100644
--- a/postgresql/tasks/postgis.yml
+++ b/postgresql/tasks/postgis.yml
@@ -1,7 +1,6 @@
---
- name: install the postgresql GIS packages
- apt: pkg={{ item }} state={{ psql_pkg_state }}
- with_items: '{{ postgres_gis_pkgs }}'
+ apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }}
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'postgis' ]
diff --git a/postgresql/tasks/postgres_pgpool.yml b/postgresql/tasks/postgres_pgpool.yml
index 8e79cc4..21f9cba 100644
--- a/postgresql/tasks/postgres_pgpool.yml
+++ b/postgresql/tasks/postgres_pgpool.yml
@@ -1,7 +1,6 @@
---
- name: Install the packages needed by postgres when running behind a pgpool server
- apt: pkg={{ item }} state={{ psql_pkg_state }}
- with_items: '{{ postgresql_pgpool_pkgs }}'
+ apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }}
when: psql_pgpool_install
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pgpool' ]
From aef871b4c0e972bf7f6817a322e95b46603ddbb0 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 17:42:45 +0100
Subject: [PATCH 27/30] nextcloud: fix the path of the installation directory.
---
nextcloud/tasks/nextcloud-install.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nextcloud/tasks/nextcloud-install.yml b/nextcloud/tasks/nextcloud-install.yml
index 84555a2..a9cff53 100644
--- a/nextcloud/tasks/nextcloud-install.yml
+++ b/nextcloud/tasks/nextcloud-install.yml
@@ -11,7 +11,7 @@
get_url: url={{ nextcloud_download_url }} dest=/srv/{{ nextcloud_dist_filename }}
- name: Unpack the nextcloud archive
- unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ item.doc_root }} owner={{ item.user }} group={{ item.user }}
+ unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ nextcloud_web_basedir }} owner={{ item.user }} group={{ item.user }}
args:
creates: '{{ item.doc_root }}/index.php'
with_items: '{{ phpfpm_pools }}'
From ae515277ad047438bfa49fc6e4d1148f1043a9a2 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 17:43:10 +0100
Subject: [PATCH 28/30] nextcloud: fix the path of the base data directory.
---
nextcloud/defaults/main.yml | 5 +++--
nextcloud/meta/main.yml | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/nextcloud/defaults/main.yml b/nextcloud/defaults/main.yml
index 7de5d79..5fc38f9 100644
--- a/nextcloud/defaults/main.yml
+++ b/nextcloud/defaults/main.yml
@@ -6,8 +6,9 @@ nextcloud_use_redis: True
nextcloud_use_memcache: False
nextcloud_web_basedir: /var/www
nextcloud_web_root: '{{ nextcloud_web_basedir }}/nextcloud'
-nextcloud_data_dir: /srv/nextcloud/data
-nextcloud_oc_dir: /srv/nextcloud/oc_keys
+nextcloud_data_base_dir: /srv
+nextcloud_data_dir: '{{ nextcloud_data_base_dir }}/nextcloud/data'
+nextcloud_oc_dir: '{{ nextcloud_data_base_dir }}/nextcloud/oc_keys'
nextcloud_servername: '{{ ansible_fqdn }}'
nextcloud_servernames:
- { webroot: '{{ nextcloud_web_root }}', id: 1, name: '{{ nextcloud_servername }}' }
diff --git a/nextcloud/meta/main.yml b/nextcloud/meta/main.yml
index 08d6aa0..4be987f 100644
--- a/nextcloud/meta/main.yml
+++ b/nextcloud/meta/main.yml
@@ -1,6 +1,6 @@
---
dependencies:
- - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+ - { role: '../../library/roles/postgresql' }
- { role: '../../library/roles/php-fpm' }
- { role: '../../library/roles/nginx' }
- { role: '../../library/roles/redis', when nextcloud_use_redis }
From 9e343a0bf1acc457f0c222421a05c32e2be9b38a Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 26 Mar 2019 18:41:03 +0100
Subject: [PATCH 29/30] postgresql: manage the change of the data directory.
---
postgresql/tasks/postgresql-config.yml | 35 +++++++++++++++++++-------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/postgresql/tasks/postgresql-config.yml b/postgresql/tasks/postgresql-config.yml
index b27fcc0..a70ea5a 100644
--- a/postgresql/tasks/postgresql-config.yml
+++ b/postgresql/tasks/postgresql-config.yml
@@ -1,14 +1,31 @@
---
-- name: Create the postgresql data directory if it is not in the default place
- file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
- when: psql_use_alternate_data_dir
- tags: [ 'postgresql', 'postgres', 'pg_conf' ]
+- block:
+ - name: Check if the new postgresql data directory exists
+ stat: path={{ psql_data_dir }}
+ register: postgresql_data_dir
+
+ - name: Stop the postgresql service while reconfiguring the data directory
+ service: name=postgresql state=stopped
+ when: postgresql_data_dir.stat.isdir is not defined
+
+ - name: Create the postgresql data directory if it is not in the default place
+ file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
+
+ - name: Set the postgresql data dir if it is different from the default
+ become: True
+ become_user: postgres
+ action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
+
+ - name: Copy the postgresql data directory into the new place
+ shell: '[ "/var/lib/postgresql/{{ psql_version }}/main" != "{{ psql_data_dir }}" ] && cp -a /var/lib/postgresql/{{ psql_version }}/main/* {{ psql_data_dir }}'
+ args:
+ creates: '{{ psql_data_dir }}/main/base'
+ when: postgresql_data_dir.stat.isdir is not defined
+
+ - name: Start the postgresql service that will use the new data directory
+ service: name=postgresql state=started
+ when: postgresql_data_dir.stat.isdir is not defined
-- name: Set the postgresql data dir if it is different from the default
- become: True
- become_user: postgres
- action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
- notify: Restart postgresql
when: psql_use_alternate_data_dir
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
From 30d7f63c89bfd71cc022d743a8a9df03f52b4f22 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Thu, 28 Mar 2019 16:41:16 +0100
Subject: [PATCH 30/30] library/roles/create_new_role_stub: Create the handlers
directory.
---
create_new_role_stub | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/create_new_role_stub b/create_new_role_stub
index 25870ae..9f57dca 100755
--- a/create_new_role_stub
+++ b/create_new_role_stub
@@ -3,6 +3,6 @@
new_role=$1
mkdir "$new_role"
-mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta}
-touch "${new_role}"/{defaults,tasks,vars,meta}/main.yml
+mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta,handlers}
+touch "${new_role}"/{defaults,tasks,vars,meta,handlers}/main.yml