library/roles/ckan/ckan: Lot of modifications so that the playbooks are able to install CKAN with the services distributed on different machines.

library/roles/postgresql/tasks: Fix the SSL certificates paths.
This commit is contained in:
Andrea Dell'Amico 2016-06-21 23:24:48 +02:00
parent 49be6b992d
commit 66caef7db1
7 changed files with 24 additions and 11 deletions

View File

@ -18,9 +18,15 @@
file: dest={{ ckan_file_storage_dir }} state=directory owner={{ apache_user }} mode=0700
tags: ckan
- name: authorization file for the psql command, if the database is on a remote server
template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600
when: "'{{ psql_db_host }}' != 'localhost'"
tags: [ 'pg_backup', 'postgresql', 'postgres' ]
- name: Initialize the CKAN databases
shell: ckan db init ; ckan datastore set-permissions | su - postgres -c 'psql --set ON_ERROR_STOP=1'
shell: ckan db init ; ckan datastore set-permissions | psql --set ON_ERROR_STOP=1 -h {{ psql_db_host }} -U {{ ckan_db_user }} -w {{ ckan_datastore_db_name }}
when: ( ckan_install | changed )
ignore_errors: True
tags: ckan
- name: Create the pip cache directory with the right permissions

View File

@ -1,6 +1,6 @@
---
- name: Restart apache
service: name=apache state=restarted enabled=yes
service: name=apache2 state=restarted enabled=yes
when: ( ckan_install | changed )
tags: ckan

View File

@ -0,0 +1,8 @@
# Loop psql_db_data to add multiple databases
{% if psql_db_data is defined %}
{% for db in psql_db_data %}
{%if db.pwd is defined %}
{{ psql_db_host }}:{{ psql_db_port }}:{{ db.name }}:{{ db.user }}:{{ db.pwd }}
{% endif %}
{% endfor %}
{% endif %}

View File

@ -36,9 +36,9 @@ psql_enable_ssl: False
postgresql_letsencrypt_managed: True
psql_conf_ssl_parameters:
- { name: 'ssl', value: 'true' }
- { name: 'ssl_cert_file', value: "'/var/lib/acme/live/{{ ansible_fqdn }}/cert'" }
- { name: 'ssl_key_file', value: "'/etc/pki/postgresql/postgresql.key'" }
- { name: 'ssl_ca_file', value: "'/var/lib/acme/live/{{ ansible_fqdn }}/chain'" }
- { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' }
- { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' }
- { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' }
psql_set_shared_memory: False
psql_sysctl_file: 30-postgresql-shm.conf

View File

@ -11,10 +11,6 @@
template: src=pg_backup-default.j2 dest=/etc/default/pg_backup owner=root mode=0744
tags: [ 'pg_backup', 'postgresql', 'postgres' ]
- name: authorization file for the database backup
template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600
tags: [ 'pg_backup', 'postgresql', 'postgres' ]
- name: Create the postgresql backups data directory
file: dest={{ pg_backup_destdir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
tags: [ 'pg_backup', 'postgresql', 'postgres' ]

View File

@ -17,3 +17,6 @@
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- name: authorization file for the psql command
template: src=pgpass.j2 dest={{ pg_backup_pass_file }} owner=root mode=0600
tags: [ 'pg_backup', 'postgresql', 'postgres' ]

View File

@ -1,6 +1,6 @@
---
- name: Setup ssl in the postgresql configuration
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="{{ item.value }}"
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_ssl_parameters }}'
when: psql_enable_ssl
notify: Restart postgresql