diff --git a/library/roles/ELK/elasticsearch/tasks/plugins.yml b/library/roles/ELK/elasticsearch/tasks/plugins.yml
deleted file mode 100644
index bfe64918..00000000
--- a/library/roles/ELK/elasticsearch/tasks/plugins.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- block:
- - name: Manage a list of elasticsearch plugins
- elasticsearch_plugin: name="{{ item.name }}" state={{ item.state }} plugin_bin={{ elasticsearch_plugin_bin }} url={{ item.url|default(omit) }} version={{ item.version|default(omit) }}
- with_items: '{{ elasticsearch_plugins | default ([]) }}'
-
- - name: Install the elasticsearch HQ plugin
- elasticsearch_plugin: name="{{ item.name }}" state={{ item.state }} plugin_bin={{ elasticsearch_plugin_bin }} url={{ item.url|default(omit) }} version={{ item.version|default(omit) }}
- with_items: '{{ elasticsearch_hq_plugin | default ([]) }}'
- when:
- - elasticsearch_major_version <= 2
- - elasticsearch_hq_install
-
- when: elasticsearch_plugins is defined
- tags: [ 'elasticsearch', 'es_plugins' ]
-
diff --git a/library/roles/R/defaults/main.yml b/library/roles/R/defaults/main.yml
index dbcd237d..296d38b0 100644
--- a/library/roles/R/defaults/main.yml
+++ b/library/roles/R/defaults/main.yml
@@ -10,8 +10,8 @@
# The install/remove script has been taken from here: http://adamj.eu/tech/2014/07/19/installing-and-removing-r-packages-with-ansible/
#
-# Set to present if you want install from CRAN
-r_install_cran_repo: absent
+# Set to True if you want install from the CRAN deb repository
+r_install_cran_repo: False
#r_cran_mirror_site: http://cran.rstudio.com
r_cran_set_default_mirror: True
r_cran_mirror_site: https://cran.mirror.garr.it/mirrors/CRAN/
diff --git a/library/roles/R/tasks/r-installation.yml b/library/roles/R/tasks/r-installation.yml
index afceb9d2..97a2cfe6 100644
--- a/library/roles/R/tasks/r-installation.yml
+++ b/library/roles/R/tasks/r-installation.yml
@@ -1,10 +1,20 @@
---
-- name: Manage the cran repository key
- apt_key: id=E084DAB9 keyserver=keyserver.ubuntu.com state={{ r_install_cran_repo }}
- tags: [ 'r_software', 'r_repo', 'r_repo_key' ]
+- block:
+ - name: Add the cran repository key
+ apt_key: id=E084DAB9 keyserver=keyserver.ubuntu.com state=present
+ tags: [ 'r_software', 'r_repo', 'r_repo_key' ]
-- name: Manage the cran repository definition
- apt_repository: repo='deb http://cran.rstudio.com/bin/linux/ubuntu {{ ansible_distribution_release }}/' state={{ r_install_cran_repo }} update_cache=yes
+ - name: Add the CRAN repository
+ apt_repository: repo='deb http://cran.rstudio.com/bin/linux/ubuntu {{ ansible_distribution_release }}/' state=present update_cache=yes
+
+ when: r_install_cran_repo | bool
+ tags: [ 'r_software', 'r_repo' ]
+
+- block:
+ - name: Remove the CRAN repository
+ apt_repository: repo='deb http://cran.rstudio.com/bin/linux/ubuntu {{ ansible_distribution_release }}/' state=absent update_cache=yes
+
+ when: not r_install_cran_repo | bool
tags: [ 'r_software', 'r_repo' ]
- name: Remove the hold state from the debian R packages
diff --git a/library/roles/apache/tasks/apache-letsencrypt.yml b/library/roles/apache/tasks/apache-letsencrypt.yml
index 4b1d6621..86928be5 100644
--- a/library/roles/apache/tasks/apache-letsencrypt.yml
+++ b/library/roles/apache/tasks/apache-letsencrypt.yml
@@ -25,8 +25,8 @@
copy: src=apache-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/apache2 owner=root group=root mode=4555
when:
- - letsencrypt_acme_install is defined and letsencrypt_acme_install
- - apache_letsencrypt_managed
+ - letsencrypt_acme_install is defined and letsencrypt_acme_install | bool
+ - apache_letsencrypt_managed | bool
tags: [ 'apache', 'letsencrypt' ]
- block:
@@ -38,6 +38,6 @@
- name: Remove the letsencrypt hook for apache
file: path={{ letsencrypt_acme_services_scripts_dir }}/apache2 state=absent
- when: not apache_letsencrypt_managed
+ when: not apache_letsencrypt_managed | bool
tags: [ 'apache', 'letsencrypt' ]
diff --git a/library/roles/ckan/ckan/defaults/main.yml b/library/roles/ckan/ckan/defaults/main.yml
index 9636c34d..db2061c1 100644
--- a/library/roles/ckan/ckan/defaults/main.yml
+++ b/library/roles/ckan/ckan/defaults/main.yml
@@ -75,11 +75,23 @@ ckan_ldap_fallback: True
ckan_ckanext_lire: False
ckan_ckanext_lire_n: lire
ckan_ckanext_lire_url: 'https://github.com/milicp/ckanext-lire.git'
-# OAI-PMH
-ckan_oai_pmh: False
+# Kata OAI-PMH
+ckan_kata_oai_pmh: False
ckan_oai_pmh_name: oaipmh
ckan_oai_pmh_state: absent
-ckan_oai_pmh_url: 'git+https://github.com/florenthemmi/ckanext-oaipmh#egg=ckanext-oaipm'
+ckan_oai_pmh_url: 'git+https://github.com/kata-csc/ckanext-oaipmh#egg=ckanext-oaipmh'
+ckan_oai_pmh_kata_plugin_url: 'git+https://github.com/kata-csc/ckanext-kata.git#egg=ckanext-kata'
+ckan_oai_pmh_kata_ini_state: 'present'
+ckan_oai_pmh_kata_ini_options:
+ - { section: 'app:main', option: 'kata.storage.malware_scan', value: 'false', state: '{{ ckan_oai_pmh_kata_ini_state }}' }
+ - { section: 'app:main', option: 'kata.ldap.enabled', value: 'false', state: '{{ ckan_oai_pmh_kata_ini_state }}' }
+ - { section: 'app:main', option: 'kata.disable_contact', value: 'true', state: '{{ ckan_oai_pmh_kata_ini_state }}' }
+
+# OLD OAI-PMH
+ckan_oai_pm: False
+ckan_oai_pm_name: oaipmh
+ckan_oai_pm_state: absent
+ckan_oai_pm_url: 'git+https://github.com/florenthemmi/ckanext-oaipmh#egg=ckanext-oaipm'
# Google analytics
ckan_google_analytics: False
ckan_ga_plugin_state: '{{ ckan_plugins_state }}'
@@ -93,6 +105,10 @@ ckan_star_ratings_name: rating
ckan_star_ratings_url: 'git+https://github.com/6aika/ckanext-rating.git#egg=ckanext-rating'
ckan_memcache_sessions: False
+ckan_memcache_deb_pkgs:
+ - libmemcached10
+ - libmemcached-dev
+
ckan_memcache_ini_opts:
- { section: 'app:main', option: 'beaker.session.type', value: 'ext:memcached', state: 'present' }
- { section: 'app:main', option: 'beaker.session.url ', value: "{{ mc_ipaddress | default('127.0.0.1') }}:{{ mc_port | default('11211') }}", state: 'present' }
@@ -138,6 +154,9 @@ ckan_pip_dependencies:
- xmltodict
- ndg-httpsclient
- pyasn1
+ - enum
+ - ipaddress
+ - x509
ckan_pip_versioned_dependencies:
- { name: 'SQLAlchemy', version: '0.9.6', state: 'present' }
diff --git a/library/roles/ckan/ckan/tasks/ckan-config.yml b/library/roles/ckan/ckan/tasks/ckan-config.yml
index 8ef3d7aa..fef8961c 100644
--- a/library/roles/ckan/ckan/tasks/ckan-config.yml
+++ b/library/roles/ckan/ckan/tasks/ckan-config.yml
@@ -1,9 +1,17 @@
---
- name: Configure the CKAN plugins list into the configuration file
- ini_file: dest={{ ckan_config_file }} section={{ item.section }} option={{ item.option }} value={{ item.value }} state={{ item.state }} backup=yes
+ ini_file: dest={{ ckan_config_file }} section={{ item.section }} option={{ item.option }} value={{ item.value }} state={{ item.state }} backup=no
with_items: '{{ ckan_production_ini_plugins_opts }}'
notify:
- Restart CKAN
- Restart fetch and gather consumers
tags: [ 'ckan', 'ckan_ini', 'ckan_plugins' ]
+- name: Configure the CKAN options used by the KATA plugin
+ ini_file: dest={{ ckan_config_file }} section={{ item.section }} option={{ item.option }} value={{ item.value }} state={{ item.state }} backup=no
+ with_items: '{{ ckan_oai_pmh_kata_ini_options }}'
+ notify:
+ - Restart CKAN
+ - Restart fetch and gather consumers
+ tags: [ 'ckan', 'ckan_ini', 'ckan_plugins', 'ckan_oai_pmh' ]
+
diff --git a/library/roles/ckan/ckan/tasks/ckan-memcache.yml b/library/roles/ckan/ckan/tasks/ckan-memcache.yml
index 6afe2c96..52673138 100644
--- a/library/roles/ckan/ckan/tasks/ckan-memcache.yml
+++ b/library/roles/ckan/ckan/tasks/ckan-memcache.yml
@@ -1,4 +1,11 @@
---
+- block:
+ - name: Install the memcache library deb package
+ apt: pkg={{ ckan_memcache_deb_pkgs }} state=present cache_valid_time=1800
+
+ when: ckan_memcache_sessions is defined and ckan_memcache_sessions
+ tags: [ 'ckan', 'ckan_sessions', 'ckan_memcache' ]
+
- block:
- name: Install the memcache library
pip: name=pylibmc virtualenv={{ ckan_virtenv }} state=present
@@ -9,9 +16,6 @@
tags: [ 'ckan', 'ckan_sessions', 'ckan_memcache' ]
- block:
- - name: Install the memcache library deb package
- apt: pkg=libmemcached10 state=present update_cache=yes cache_valid_time=1800
-
- name: Configure CKAN so that it uses memcache for its sessions
ini_file: dest={{ ckan_config_file }} section={{ item.section }} option={{ item.option }} value={{ item.value }} state={{ item.state }}
with_items: '{{ ckan_memcache_ini_opts }}'
diff --git a/library/roles/ckan/ckan/tasks/ckan-plugins.yml b/library/roles/ckan/ckan/tasks/ckan-plugins.yml
index dcf07cca..9aa50b08 100644
--- a/library/roles/ckan/ckan/tasks/ckan-plugins.yml
+++ b/library/roles/ckan/ckan/tasks/ckan-plugins.yml
@@ -6,6 +6,10 @@
tags: [ 'ckan', 'geonetwork', 'ckan_plugins', 'ckan_pip_deps' ]
- block:
+ - name: Upgrade pip inside the virtualenv
+ pip: name=pip virtualenv={{ ckan_virtenv }} state=latest
+ tags: [ 'ckan', 'geonetwork', 'ckan_plugins', 'ckan_pip_deps' ]
+
- name: Install some python versioned plugins dependencies inside the CKAN virtualenv
pip: name={{ item.name }} virtualenv={{ ckan_virtenv }} version={{ item.version }} state={{ item.state }}
with_items: '{{ ckan_pip_versioned_dependencies }}'
@@ -165,12 +169,36 @@
notify: Restart CKAN
tags: [ 'ckan', 'ckan_lire', 'ckan_plugins' ]
- - name: Download the CKAN OAI-PMH plugin
+ - name: Download the KATA CKAN OAI-PMH plugin
pip: name='{{ ckan_oai_pmh_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_oai_pmh | bool
+ when: ckan_kata_oai_pmh | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_oai_pmh', 'ckan_plugins' ]
-
+
+ - name: Download the KATA CKAN ckanext-oaiphm requirements
+ pip: requirements={{ ckan_virtenv }}/src/ckanext-oaipmh/requirements.txt virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
+ when: ckan_kata_oai_pmh | bool
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_oai_pmh', 'ckan_plugins' ]
+
+ - name: Download the KATA CKAN plugin
+ pip: name='{{ ckan_oai_pmh_kata_plugin_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
+ when: ckan_kata_oai_pmh | bool
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_oai_pmh', 'ckan_plugins' ]
+
+ - name: Download the KATA CKAN requirements
+ pip: requirements={{ ckan_virtenv }}/src/ckanext-kata/requirements.txt virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
+ when: ckan_kata_oai_pmh | bool
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_oai_pmh', 'ckan_plugins' ]
+
+ - name: Download the opendatasoft CKAN OAI-PMH plugin
+ pip: name='{{ ckan_oai_pm_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
+ when: ckan_oai_pm | bool
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_oai_pm', 'ckan_plugins' ]
+
- name: Download the CKAN google analytics plugin python requirements
pip: name='genshi' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
when: ckan_google_analytics | bool
diff --git a/library/roles/deb-set-hostname/tasks/main.yml b/library/roles/deb-set-hostname/tasks/main.yml
deleted file mode 100644
index 6f3ebab5..00000000
--- a/library/roles/deb-set-hostname/tasks/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: Set the hostname when different from the inventory one.
- hostname: name={{ hostname }}
- when: hostname is defined
- tags: [ 'bootstrap', 'set_hostname' ]
-
-- name: Set the hostname as defined in the inventory
- hostname: name={{ inventory_hostname }}
- when: hostname is not defined
- tags: [ 'bootstrap', 'set_hostname' ]
-
-- name: Add the hostname to /etc/hosts
- shell: grep -v {{ ansible_default_ipv4.address }} /etc/hosts > /etc/hosts.tmp ; echo "{{ ansible_default_ipv4.address }} {{ hostname }} {{ ansible_hostname }}" >> /etc/hosts.tmp ; /bin/mv /etc/hosts.tmp /etc/hosts
- when:
- - hostname is defined
- - ansible_virtualization_type == 'xen'
- tags: [ 'bootstrap', 'set_hostname' ]
diff --git a/library/roles/deb-set-locale/defaults/main.yml b/library/roles/deb-set-locale/defaults/main.yml
deleted file mode 100644
index c8e7d739..00000000
--- a/library/roles/deb-set-locale/defaults/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-deb_default_locale: "en_US.UTF-8"
-deb_locales_list:
- - { name: '{{ deb_default_locale }}' }
- - { name: 'en_US' }
- - { name: 'it_IT.UTF-8' }
- - { name: 'it_IT' }
-
diff --git a/library/roles/deb-set-locale/tasks/main.yml b/library/roles/deb-set-locale/tasks/main.yml
deleted file mode 100644
index 39ae7af6..00000000
--- a/library/roles/deb-set-locale/tasks/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- block:
- - name: Add/remove a list of locales
- locale_gen: name={{ item.name }} state={{ item.state | default('present') }}
- with_items: '{{ deb_locales_list }}'
-
- - name: Set the default locale
- shell: update-locale LANG={{ deb_default_locale }}
-
- tags: locale
diff --git a/library/roles/geonetwork/geonetwork/templates/3.2-web.xml.j2 b/library/roles/geonetwork/geonetwork/templates/3.2-web.xml.j2
index 44826d1a..43b5e2f1 100644
--- a/library/roles/geonetwork/geonetwork/templates/3.2-web.xml.j2
+++ b/library/roles/geonetwork/geonetwork/templates/3.2-web.xml.j2
@@ -330,11 +330,13 @@
</init-param>
<!--
- Specified what geonetwork data directory to use.
+ Specified what geonetwork data directory to use. -->
<init-param>
<param-name>geonetwork.dir</param-name>
- <param-value>/app/geonetwork_data_dir</param-value>
- </init-param>-->
+ <param-value>{{ geonetwork_data_directory }}</param-value>
+ </init-param>
+
+
<load-on-startup>1</load-on-startup>
</servlet>
diff --git a/library/roles/hdf5/defaults/main.yml b/library/roles/hdf5/defaults/main.yml
index 3ed9d9c0..4e13e74c 100644
--- a/library/roles/hdf5/defaults/main.yml
+++ b/library/roles/hdf5/defaults/main.yml
@@ -7,3 +7,9 @@ hdf5_pkgs_list:
- hdf5-helpers
- libhdf5-10
- libhdf5-dev
+
+hdf5_bionic_pkgs_list:
+ - hdf5-tools
+ - hdf5-helpers
+ - libhdf5-100
+ - libhdf5-dev
diff --git a/library/roles/hdf5/tasks/main.yml b/library/roles/hdf5/tasks/main.yml
index e865c1f8..291b4978 100644
--- a/library/roles/hdf5/tasks/main.yml
+++ b/library/roles/hdf5/tasks/main.yml
@@ -7,7 +7,14 @@
apt_repository: repo='deb [arch=amd64] http://ppa.research-infrastructures.eu/trusty-infrascience {{ ansible_distribution_release }} main' update_cache=yes
- name: Install the hdf5 packages
- apt: pkg={{ item }} state={{ hdf5_pkg_state }} update_cache=yes cache_valid_time=3600
- with_items: '{{ hdf5_pkgs_list }}'
+ apt: pkg={{ hdf5_pkgs_list }} state={{ hdf5_pkg_state }} update_cache=yes cache_valid_time=3600
- tags: [ 'hdf5' ]
\ No newline at end of file
+ when: ansible_distribution_release == 'trusty'
+ tags: [ 'hdf5' ]
+
+- block:
+ - name: Install the hdf5 packages
+ apt: pkg={{ hdf5_bionic_pkgs_list }} state={{ hdf5_pkg_state }} update_cache=yes cache_valid_time=3600
+
+ when: ansible_distribution_release == 'bionic'
+ tags: [ 'hdf5' ]
diff --git a/library/roles/motd/tasks/deb_motd.yml b/library/roles/motd/tasks/deb_motd.yml
index b19c4bd8..125c32ac 100644
--- a/library/roles/motd/tasks/deb_motd.yml
+++ b/library/roles/motd/tasks/deb_motd.yml
@@ -15,4 +15,6 @@
creates: /etc/.custom_motd
ignore_errors: True
+ when:
+ - ( ansible_distribution == 'Ubuntu' ) or ( ansible_distribution == 'Debian' and ansible_distribution_major_version >= '9' )
tags: motd
diff --git a/library/roles/pandoc/tasks/main.yml b/library/roles/pandoc/tasks/main.yml
index d92186a7..6f781df3 100644
--- a/library/roles/pandoc/tasks/main.yml
+++ b/library/roles/pandoc/tasks/main.yml
@@ -1,8 +1,17 @@
---
-- name: Get the pandoc deb package
- get_url: url={{pandoc_pkg_url}} dest=/srv/{{ pandoc_pkg_file }}
+- block:
+ - name: Get the pandoc deb package
+ get_url: url={{pandoc_pkg_url}} dest=/srv/{{ pandoc_pkg_file }}
+
+ - name: Install the pandoc deb package
+ apt: deb=/srv/{{ pandoc_pkg_file }}
+
+ when: ansible_facts['distribution_version'] is version('16.04', '<')
tags: pandoc
-- name: Install the pandoc deb package
- apt: deb=/srv/{{ pandoc_pkg_file }}
+- block:
+ - name: Install the pandoc deb package, distribution version
+ apt: pkg=pandoc state=present cache_valid_time=3600
+
+ when: ansible_facts['distribution_version'] is version('16.04', '>=')
tags: pandoc
diff --git a/library/roles/python-env/tasks/main.yml b/library/roles/python-env/tasks/main.yml
index c82b185b..a721e861 100644
--- a/library/roles/python-env/tasks/main.yml
+++ b/library/roles/python-env/tasks/main.yml
@@ -4,33 +4,31 @@
apt: name={{ py_env_basic_pkgs | default([]) }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600
when:
- - py_env_install
- - is_not_trusty
+ - py_env_install | bool
+ - ansible_facts['distribution_version'] is version('16.04', '>=')
tags: [ "python", "py_env" ]
- block:
- name: Remove python deb packages
apt: name={{ py_env_dpkg_toremove | default([]) }} state=absent
- when:
- - py_env_install
+ when: py_env_install | bool
tags: [ "python", "py_env", "py_env_pkgs" ]
- block:
- - name: Install python deb packages
- apt: name={{ py_env_dpkg | default([]) }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600
-
- name: Install deb packages needed to compile the pip modules
apt: name={{ py_pip_deps | default([]) }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600
- - name: Install a list of pip packages
- pip: name={{ py_env_pip_pkgs | default ([]) }} state=latest
-
- name: Install a list of versioned pip packages
pip: name={{ item.pkg }} version={{ item.version }}
with_items: '{{ py_env_versioned_pip_pkgs | default ([]) }}'
- when:
- - py_env_install
+ - name: Install a list of pip packages
+ pip: name={{ py_env_pip_pkgs | default ([]) }} state=latest
+
+ - name: Install python deb packages
+ apt: name={{ py_env_dpkg | default([]) }} state={{ py_env_pkgs_state }} update_cache=yes cache_valid_time=600
+
+ when: py_env_install | bool
tags: [ "python", "py_env", "py_env_pkgs" ]
diff --git a/library/roles/timezone/defaults/main.yml b/library/roles/timezone/defaults/main.yml
deleted file mode 100644
index c2387a6f..00000000
--- a/library/roles/timezone/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-timezone: "Europe/Rome"
-
diff --git a/library/roles/timezone/tasks/main.yml b/library/roles/timezone/tasks/main.yml
deleted file mode 100644
index 57a0e911..00000000
--- a/library/roles/timezone/tasks/main.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: Set the timezone on Ubuntu >=18
- command: timedatectl set-timezone {{ timezone }}
- when: ansible_distribution_version is version_compare('18.04', '>=')
- tags: timezone
-
-- name: Write the timezone file
- template: src=etc-timezone.j2 dest=/etc/timezone owner=root group=root mode=0644
- register: set_timezone
- tags: timezone
-
-- name: Reconfigure the system tzdata
- command: dpkg-reconfigure --frontend noninteractive tzdata
- when: set_timezone is changed
- tags: timezone
-
diff --git a/library/roles/timezone/templates/etc-timezone.j2 b/library/roles/timezone/templates/etc-timezone.j2
deleted file mode 100644
index 0b6d0093..00000000
--- a/library/roles/timezone/templates/etc-timezone.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ timezone }}
diff --git a/library/roles/tomcat-multiple-instances/defaults/main.yml b/library/roles/tomcat-multiple-instances/defaults/main.yml
index 4ad949da..ff7aeae3 100644
--- a/library/roles/tomcat-multiple-instances/defaults/main.yml
+++ b/library/roles/tomcat-multiple-instances/defaults/main.yml
@@ -59,7 +59,12 @@ tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC"
tomcat_m_reverse_proxy_name_enabled: False
tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}'
tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}'
-
+tomcat_m_proxy_enabled: False
+tomcat_m_proxy_http_host: 'localhost'
+tomcat_m_proxy_http_port: '3128'
+tomcat_m_proxy_https_host: '{{ tomcat_m_proxy_http_host }}'
+tomcat_m_proxy_https_port: '{{ tomcat_m_proxy_http_port }}'
+tomcat_m_proxy_opts: "-DproxySet=true -Dhttp.proxyHost={{ tomcat_m_proxy_http_host }} -Dhttp.proxyPort={{ tomcat_m_proxy_http_port }} -Dhttps.proxyHost={{ tomcat_m_proxy_https_host }} -Dhttps.proxyPort={{ tomcat_m_proxy_https_port }}"
tomcat_m_other_java_opts: ""
tomcat_m_webapps_autodeploy: False
tomcat_m_webapps_unpack: False
@@ -89,5 +94,5 @@ tomcat_m_jmx_ip_address: '{{ ansible_default_ipv4.address }}'
# This is only an example. Insert a line for each tomcat instance. 'app_contexts' can be used to automatically configure apache or nginx virtualhost http/ajp proxy
#
#tomcat_m_instances:
-# - { http_enabled: True, http_port: '8180', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '8105', java_home: '{{ jdk_java_home }}', user: '{{ tomcat_m_default_user }}', user_home: '{{ tomcat_m_instances_base_path }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ tomcat_m_instances_base_path }}/8180', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', install_server_xml: True, default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/8180/conf', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_monitorpass: '{{ set_in_a_vault_file }}', jmx_controlpass: '{{ set_in_a_vault_file }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_uri: '{{ tomcat_m_remote_debugging_uri }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], app_contexts: [ 'app1', 'app2' ] }
+# - { http_enabled: True, http_port: '8180', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '8105', java_home: '{{ jdk_java_home }}', user: '{{ tomcat_m_default_user }}', user_home: '{{ tomcat_m_instances_base_path }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ tomcat_m_instances_base_path }}/8180', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', install_server_xml: True, default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', proxy_enabled: '{{ tomcat_m_proxy_enabled }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/8180/conf', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_monitorpass: '{{ set_in_a_vault_file }}', jmx_controlpass: '{{ set_in_a_vault_file }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_uri: '{{ tomcat_m_remote_debugging_uri }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], app_contexts: [ 'app1', 'app2' ] }
diff --git a/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2 b/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2
index acba45e4..54afff18 100644
--- a/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2
+++ b/library/roles/tomcat-multiple-instances/templates/tomcat-default.j2
@@ -29,6 +29,13 @@ JAVA_OPTS="{{ item.java_opts }} $JAVA_OPTS $JAVA_HEAP $JAVA_PERMGEN"
{% if item.java_gc_opts is defined %}
JAVA_OPTS="{{ item.java_gc_opts }} $JAVA_OPTS"
{% endif %}
+{% if item.proxy_enabled is defined and item.proxy_enabled %}
+{% if item.proxy_opts is defined %}
+JAVA_OPTS="${JAVA_OPTS} {{ item.proxy_opts }}"
+{% else %}
+JAVA_OPTS="${JAVA_OPTS} {{ tomcat_m_proxy_opts }}"
+{% endif %}
+{% endif %}
{% if item.other_java_opts is defined %}
JAVA_OPTS="${JAVA_OPTS} {{ item.other_java_opts }}"
{% endif %}
diff --git a/library/roles/tomcat/defaults/main.yml b/library/roles/tomcat/defaults/main.yml
index ef784eb1..39ffa85e 100644
--- a/library/roles/tomcat/defaults/main.yml
+++ b/library/roles/tomcat/defaults/main.yml
@@ -27,6 +27,12 @@ tomcat_java_opts: "-Xms{{ tomcat_min_heap_size }} -Xmx{{ tomcat_heap_size }}"
tomcat_additional_java_8_opts: "-XX:+CrashOnOutOfMemoryError"
tomcat_java_gc_opts: "-XX:+UseConcMarkSweepGC"
#tomcat_other_java_opts: "-Djsse.enableSNIExtension=false"
+tomcat_proxy_enabled: False
+tomcat_proxy_http_host: 'localhost'
+tomcat_proxy_http_port: '3128'
+tomcat_proxy_https_host: '{{ tomcat_proxy_http_host }}'
+tomcat_proxy_https_port: '{{ tomcat_proxy_http_port }}'
+tomcat_proxy_opts: "-DproxySet=true -Dhttp.proxyHost={{ tomcat_proxy_http_host }} -Dhttp.proxyPort={{ tomcat_proxy_http_port }} -Dhttps.proxyHost={{ tomcat_proxy_https_host }} -Dhttps.proxyPort={{ tomcat_proxy_https_port }}"
tomcat_other_java_opts: ""
tomcat_install_server_xml: True
tomcat_install_default_conf: True
diff --git a/library/roles/tomcat/templates/tomcat-default.j2 b/library/roles/tomcat/templates/tomcat-default.j2
index fd908844..698f4366 100644
--- a/library/roles/tomcat/templates/tomcat-default.j2
+++ b/library/roles/tomcat/templates/tomcat-default.j2
@@ -35,6 +35,9 @@ JAVA_OPTS="{{ tomcat_java_opts }} $JAVA_OPTS"
{% if tomcat_java_gc_opts is defined %}
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_java_gc_opts }}"
{% endif %}
+{% if tomcat_proxy_enabled %}
+JAVA_OPTS="${JAVA_OPTS} {{ tomcat_proxy_opts }}"
+{% endif %}
{% if tomcat_other_java_opts is defined %}
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_other_java_opts }}"
{% endif %}
diff --git a/library/roles/ubuntu-deb-general/defaults/main.yml b/library/roles/ubuntu-deb-general/defaults/main.yml
index 797dfd90..9cc5e312 100644
--- a/library/roles/ubuntu-deb-general/defaults/main.yml
+++ b/library/roles/ubuntu-deb-general/defaults/main.yml
@@ -34,6 +34,8 @@ common_packages:
default_python_packages_trusty:
- python-software-properties
+ - python-lxml
+ - python-boto
default_python_packages:
- python-lxml
@@ -144,9 +146,6 @@ default_security_limits: '{{ root_security_limits }}'
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
-#
-infrascience_internal_ppa: False
-
#
# debian/ubuntu distributions controllers
#
diff --git a/library/roles/ubuntu-deb-general/meta/main.yml b/library/roles/ubuntu-deb-general/meta/main.yml
index ad35f92d..4a05223d 100644
--- a/library/roles/ubuntu-deb-general/meta/main.yml
+++ b/library/roles/ubuntu-deb-general/meta/main.yml
@@ -1,10 +1,8 @@
---
dependencies:
- role: '../../library/roles/deb-apt-setup'
- - role: '../../library/roles/ubuntu-python-setup'
- - role: '../../library/roles/deb-set-hostname'
- - role: '../../library/roles/deb-set-locale'
- - role: '../../library/roles/timezone'
+ - { role: '../../library/roles/ubuntu-python-setup', when: ansible_distribution_release == "trusty" }
+ - role: 'basic-system-setup'
- role: '../../library/roles/motd'
- role: '../../library/roles/ntp'
- role: '../../library/roles/linux-kernel-sysctl'
diff --git a/library/roles/ubuntu-deb-general/tasks/packages.yml b/library/roles/ubuntu-deb-general/tasks/packages.yml
index ad434750..7e998911 100644
--- a/library/roles/ubuntu-deb-general/tasks/packages.yml
+++ b/library/roles/ubuntu-deb-general/tasks/packages.yml
@@ -3,18 +3,24 @@
apt: pkg=aptitude state=present cache_valid_time=1800
tags: packages
-- name: Install the basic python packages
- apt: pkg={{ default_python_packages }} state=present update_cache=yes cache_valid_time=1800
+- name: Install the basic python packages. Not Trusty
+ apt: pkg={{ default_python_packages }} state=present cache_valid_time=1800
+ when:
+ - ansible_distribution == "Ubuntu"
+ - ansible_distribution_release != "trusty"
tags: packages
- name: Install the basic python packages on trusty
apt: pkg={{ default_python_packages_trusty }} state=present update_cache=yes cache_valid_time=1800
- when: is_trusty | bool
+ when:
+ - ansible_distribution == "Ubuntu"
+ - ansible_distribution_release == "trusty"
tags: packages
- name: Install software-properties-common if needed
apt: pkg=software-properties-common state=present update_cache=yes cache_valid_time=1800
- when: is_ubuntu | bool
+ when:
+ - ansible_distribution == "Ubuntu"
tags: packages
- name: Default the backports repository on debian 7
@@ -32,49 +38,6 @@
when: is_debian8 | bool
tags: jessie-backports
-- name: apt key for the internal ppa repository
- apt_key: url=http://ppa.research-infrastructures.eu/system/keys/system-archive.asc state=present
- when:
- - is_ubuntu | bool
- - egi_image is not defined or not egi_image
- - infrascience_internal_ppa | bool
- ignore_errors: True
- tags: packages
-
-- name: Remove the broken system apt repository
- apt_repository: repo='deb http://ppa.research-infrastructures.eu/system stable main' state=absent
- when: is_ubuntu | bool
- tags: packages
-
-- name: setup system apt repository
- apt_repository: repo='deb [arch=amd64] http://ppa.research-infrastructures.eu/system stable main' update_cache=yes
- when:
- - is_ubuntu | bool
- - infrascience_internal_ppa | bool
- ignore_errors: True
- tags: packages
-
-- name: Remove the broken system apt repository for specific distributions
- apt_repository: repo='deb http://ppa.research-infrastructures.eu/system {{ ansible_distribution_release }} main' state=absent
- when: is_trusty | bool
- tags: packages
-
-- name: setup system apt repository for specific distributions
- apt_repository: repo='deb [arch=amd64] http://ppa.research-infrastructures.eu/system {{ ansible_distribution_release }} main' update_cache=yes
- when:
- - is_trusty | bool
- - infrascience_internal_ppa | bool
- ignore_errors: True
- tags: packages
-
-- name: Setup the infrascience trusty repository
- apt_repository: repo='deb [arch=amd64] http://ppa.research-infrastructures.eu/trusty-infrascience {{ ansible_distribution_release }} main' update_cache=yes
- when:
- - is_trusty | bool
- - infrascience_internal_ppa | bool
- ignore_errors: True
- tags: packages
-
- name: install common packages
apt: pkg={{ common_packages }} state={{ pkg_state }} update_cache=yes cache_valid_time=1800
tags: [ 'packages', 'common_pkgs' ]
diff --git a/library/roles/ubuntu-deb-general/templates/ntp.conf.j2 b/library/roles/ubuntu-deb-general/templates/ntp.conf.j2
new file mode 100644
index 00000000..b4670dd6
--- /dev/null
+++ b/library/roles/ubuntu-deb-general/templates/ntp.conf.j2
@@ -0,0 +1,69 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+# Specify one or more NTP servers.
+
+# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
+# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
+# more information.
+pool 0.ubuntu.pool.ntp.org iburst
+pool 1.ubuntu.pool.ntp.org iburst
+pool 2.ubuntu.pool.ntp.org iburst
+pool 3.ubuntu.pool.ntp.org iburst
+
+# Use Ubuntu's ntp server as a fallback.
+pool ntp.ubuntu.com
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery limited
+restrict -6 default kod notrap nomodify nopeer noquery limited
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Needed for adding pool entries
+restrict source notrap nomodify noquery
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+{% if nagios_monitoring_server_ip is defined %}
+{% for ip in nagios_monitoring_server_ip %}
+restrict {{ ip }} mask 255.255.255.255
+{% endfor %}
+{% endif %}
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines. Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+
+#Changes recquired to use pps synchonisation as explained in documentation:
+#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918
+
+#server 127.127.8.1 mode 135 prefer # Meinberg GPS167 with PPS
+#fudge 127.127.8.1 time1 0.0042 # relative to PPS for my hardware
+
+#server 127.127.22.1 # ATOM(PPS)
+#fudge 127.127.22.1 flag3 1 # enable PPS API
diff --git a/library/roles/ubuntu-python-setup/defaults/main.yml b/library/roles/ubuntu-python-setup/defaults/main.yml
index 29565a57..593a2460 100644
--- a/library/roles/ubuntu-python-setup/defaults/main.yml
+++ b/library/roles/ubuntu-python-setup/defaults/main.yml
@@ -1,10 +1,12 @@
---
python_pkgs_state: present
python_get_pip_url: https://bootstrap.pypa.io/get-pip.py
-python_force_pip_fix: False
+force_python_fix: False
python_basic_pkgs:
- python-pip
+ - python-requests
+ - python-lxml
python_pip_dev_packages:
- libpython-dev
@@ -19,4 +21,5 @@ python_pip_fix_ssl_warnings:
- ndg-httpsclient
- urllib3
- pyasn1
-
+ - ipaddress
+ - enum
diff --git a/library/roles/ubuntu-python-setup/tasks/main.yml b/library/roles/ubuntu-python-setup/tasks/main.yml
index 8aa3d735..d558410e 100644
--- a/library/roles/ubuntu-python-setup/tasks/main.yml
+++ b/library/roles/ubuntu-python-setup/tasks/main.yml
@@ -1,7 +1,16 @@
---
- block:
+ - name: Check if the pip downloader is already installed
+ stat:
+ path: '/usr/local/lib/get-pip.py'
+ get_checksum: yes
+ follow: no
+ checksum_algorithm: sha256
+ register: get_pip_file
+
- name: Install the get-pip.py pip downloader
- get_url: url={{ python_get_pip_url }} dest=/usr/local/lib/get-pip.py
+ get_url: url={{ python_get_pip_url }} dest=/usr/local/lib/get-pip.py #checksum="sha256:{{ get_pip_file.stat.checksum }}"
+ when: not get_pip_file.stat.exists
- name: Install a script that fixes the broken trusty pip package
copy: src=pip-fixer.sh dest=/usr/local/bin/python-pip-fixer mode=0755 owner=root group=root
@@ -9,7 +18,7 @@
- name: Fix the trusty pip installation
shell: /usr/local/bin/python-pip-fixer
- when: python_pip_fixer is changed or python_force_pip_fix
+ when: python_pip_fixer is changed or force_python_fix | bool
- name: Install the python dev headers and other dev requirements
apt: pkg={{ python_pip_dev_packages }} state={{ python_pkgs_state }} update_cache=yes cache_valid_time=1800
@@ -27,5 +36,5 @@
pip: name={{ python_pip_fix_ssl_warnings | default ([]) }} state={{ python_pkgs_state }}
register: python_pip_env_workaround
- when: is_trusty
+ when: ansible_distribution_release == "trusty"
tags: [ "python", 'py_env', 'ansible_setup' ]
diff --git a/library/roles/users/tasks/main.yml b/library/roles/users/tasks/main.yml
index 0b1bfd46..f648dce6 100644
--- a/library/roles/users/tasks/main.yml
+++ b/library/roles/users/tasks/main.yml
@@ -47,7 +47,17 @@
with_items: '{{ users_system_users }}'
when:
- item.ssh_key is defined
- - ( item.log_as_root is defined ) and ( item.log_as_root )
+ - item.log_as_root is defined
+ - item.log_as_root
+
+ - name: ensure that the users can not login with their ssh keys as root
+ authorized_key: user=root key="{{ item.ssh_key }}" state=absent
+ with_items: '{{ users_system_users }}'
+ when:
+ - item.ssh_key is defined
+ - item.log_as_root is defined
+ - not item.log_as_root
+
when: users_system_users is defined
tags: users
@@ -81,7 +91,16 @@
with_items: '{{ users_system_users_adjunct }}'
when:
- item.ssh_key is defined
- - ( item.log_as_root is defined ) and ( item.log_as_root )
+ - item.log_as_root is defined
+ - item.log_as_root
+
+ - name: ensure that the additional users cannot login with their ssh keys as root
+ authorized_key: user=root key="{{ item.ssh_key }}" state=absent
+ with_items: '{{ users_system_users_adjunct }}'
+ when:
+ - item.ssh_key is defined
+ - item.log_as_root is defined
+ - not item.log_as_root
when: users_system_users_adjunct is defined
tags: users