library/roles: roles added for memcache and revive-adserver. Various fixes to the haproxy, php-fpm, varnish and yii roles.

2015-05-31 19:35:38 +02:00 · 2015-05-31 19:35:38 +02:00 · 93be7129fe
parent 96ee606381
commit 93be7129fe
16 changed files with 306 additions and 72 deletions
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@ -1,7 +1,7 @@
 ---
 haproxy_latest_release: False
 haproxy_version: 1.5
-haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_distribution }}-backports-{{ haproxy_version }} main"
+haproxy_latest_repo: "deb http://haproxy.debian.net {{ ansible_lsb.codename }}-backports-{{ haproxy_version }} main"
 haproxy_pkg_state: latest
 haproxy_default_port: 80
--- a/haproxy/tasks/main.yml
+++ b/haproxy/tasks/main.yml
@ -17,11 +17,11 @@
  tags: haproxy
 - name: Install the haproxy package
-  apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports
+  apt: name=haproxy state=present default_release={{ ansible_lsb.codename }}-backports
  when: not haproxy_latest_release
  tags: haproxy
 - name: Install the haproxy package
-  apt: name=haproxy state=latest default_release={{ ansible_distribution}}-backports-{{ haproxy_version }}
+  apt: name=haproxy state=latest default_release={{ ansible_lsb.codename }}-backports-{{ haproxy_version }}
-  when: not haproxy_latest_release
+  when: haproxy_latest_release
  tags: haproxy
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@ -23,7 +23,7 @@
  with_items:
    - rules.v4
    - rules.v6
-  when: is_not_ubuntu_less_than_precise
+  when: ( is_not_ubuntu_less_than_precise ) or ( is_debian7)
  notify:
    - Start the iptables service
  tags:
--- a/memcached/defaults/main.yml
+++ b/memcached/defaults/main.yml
@ -0,0 +1,10 @@
 ---
 mc_pkg_state: present
 mc_enabled: True
 mc_port: 11211
 mc_user: memcached
 mc_maxconn: 1024
 mc_cachesize: 256
 mc_options: ""
 mc_ipaddress: 127.0.0.1
--- a/memcached/handlers/main.yml
+++ b/memcached/handlers/main.yml
@ -0,0 +1,4 @@
 ---
 - name: Restart memcached
  service: name=memcached state=restarted
--- a/memcached/tasks/main.yml
+++ b/memcached/tasks/main.yml
@ -0,0 +1,34 @@
 ---
 - name: Install the memcached package
  apt: name={{ item }} state={{ mc_pkg_state }}
  with_items:
    - memcached
  tags: [ 'memcache', 'memcached' ]
 - name: Install the memcached conf file
  template: src={{ item }}.j2 dest=/etc/{{ item }} owner=root group=root mode=0444
  with_items:
    - memcached.conf
  notify: Restart memcached
  tags: [ 'memcache', 'memcached' ]
 - name: Enable memcached
  action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='yes' syntax=shell
  when: mc_enabled
  tags: [ 'memcache', 'memcached' ]
 - name: Ensure that the memcached service is started and enabled
  service: name=memcached state=started enabled=yes
  when: mc_enabled
  tags: [ 'memcache', 'memcached' ]
 - name: Ensure that the memcached service is stopped
  service: name=memcached state=stopped enabled=no
  when: not mc_enabled
  tags: [ 'memcache', 'memcached' ]
 - name: Disable memcached
  action: configfile path=/etc/default/memcached key=ENABLE_MEMCACHED value='no' syntax=shell
  when: not mc_enabled
  tags: [ 'memcache', 'memcached' ]
--- a/memcached/templates/memcached.conf.j2
+++ b/memcached/templates/memcached.conf.j2
@ -0,0 +1,47 @@
 # memcached default config file
 # 2003 - Jay Bonci <jaybonci@debian.org>
 # This configuration file is read by the start-memcached script provided as
 # part of the Debian GNU/Linux distribution. 
 # Run memcached as a daemon. This command is implied, and is not needed for the
 # daemon to run. See the README.Debian that comes with this package for more
 # information.
 -d
 # Log memcached's output to /var/log/memcached
 logfile /var/log/memcached.log
 # Be verbose
 # -v
 # Be even more verbose (print client commands as well)
 # -vv
 # Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
 # Note that the daemon will grow to this size, but does not start out holding this much
 # memory
 -m {{ mc_cachesize }}
 # Default connection port is 11211
 -p {{ mc_port }}
 # Run the daemon as root. The start-memcached will default to running as root if no
 # -u command is present in this config file
 -u nobody
 # Specify which IP address to listen on. The default is to listen on all IP addresses
 # This parameter is one of the only security measures that memcached has, so make sure
 # it's listening on a firewalled interface.
 -l {{ mc_ipaddress }}
 # Limit the number of simultaneous incoming connections. The daemon default is 1024
 -c {{ mc_maxconn }}
 # Lock down all paged memory. Consult with the README and homepage before you do this
 # -k
 # Return error when memory is exhausted (rather than removing items)
 # -M
 # Maximize core file limit
 # -r
--- a/php-fpm/templates/php-fpm.conf.j2
+++ b/php-fpm/templates/php-fpm.conf.j2
@ -104,14 +104,6 @@ daemonize = yes
 events.mechanism = {{ phpfpm_event_mechanism }}
 {% endif %}
 ; When FPM is build with systemd integration, specify the interval,
 ; in second, between health report notification to systemd.
 ; Set to 0 to disable.
 ; Available Units: s(econds), m(inutes), h(ours)
 ; Default Unit: seconds
 ; Default value: 10
 systemd_interval = 10
 ;;;;;;;;;;;;;;;;;;;;
 ; Pool Definitions ; 
 ;;;;;;;;;;;;;;;;;;;;
--- a/revive-adserver/defaults/main.yml
+++ b/revive-adserver/defaults/main.yml
@ -0,0 +1,28 @@
 ---
 revive_pkg_state: latest
 revive_ad_version: 3.1.0
 revive_ad_download_url: 'http://download.revive-adserver.com/revive-adserver-{{ revive_ad_version }}.tar.gz'
 revive_ad_install_dir: '/opt'
 revive_ad_dir: '{{ revive_ad_install_dir }}/revive-adserver/'
 revive_ad_dest_dir: '{{ revive_ad_dir }}/ad'
 revive_ad_images_dest_dir: '{{ revive_ad_dir }}/images'
 revive_ad_user: revive
 revive_ad_php_modules:
  - php-xml-parser
  - php5-memcache
  - php5-xcache
  - libphp-pclzip
 revive_ad_php_db_server_modules:
  - php5-mysqlnd
 revive_writable_dirs:
  - var
  - var/cache
  - var/plugins
  - var/templates_compiled
  - plugins
  - www/admin/plugins
--- a/revive-adserver/tasks/main.yml
+++ b/revive-adserver/tasks/main.yml
@ -0,0 +1,79 @@
 ---
 - name: Create the revive_adserver installation directories
  file: dest={{ item }} state=directory owner=root group=root mode=0755
  with_items:
    - '{{ revive_ad_install_dir }}'
    - '{{ revive_ad_dest_dir }}'
  tags:
    - revive
    - revive_adserver
 - name: Get the revive_adserver distribution file
  get_url: url={{ revive_ad_download_url }} dest={{ revive_ad_install_dir }}/ mode=0400
  register: ad_download
  tags:
    - revive
    - revive_adserver
 - name: Unpack the revive adserver distribution file
  unarchive: src={{ revive_ad_install_dir }}/revive-adserver-{{ revive_ad_version }}.tar.gz dest={{ revive_ad_dest_dir }} copy=no
  when: ( ad_download | changed )
  tags:
    - revive
    - revive_adserver
 - name: Fix the global permissions on the revive adserver directory
  command: chown -R root:root {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}
  when: ( ad_download | changed )
  tags:
    - revive
    - revive_adserver
 - name: Move the adserver files to the right place
  shell: mv {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}/* {{ revive_ad_dest_dir }} ; rmdir {{ revive_ad_dest_dir }}/revive-adserver-{{ revive_ad_version }}
  args:
    creates: '{{ revive_ad_dest_dir }}/index.php'
  tags:
    - revive
    - revive_adserver
 - name: Remove the unneeded files
  file: dest={{ revive_ad_dest_dir }}/{{ item }} state=absent
  with_items:
    - RELEASE_NOTES.txt
  tags:
    - revive
    - revive_adserver
 - name: Give the revive user the permission to write inside a list of directories
  command: chown -R {{ revive_ad_user }} {{ revive_ad_dest_dir }}/{{ item }}
  with_items: revive_writable_dirs
  #when: ( ad_download | changed )
  tags:
    - revive
    - revive_adserver
 - name: Give the revive user the permission to write inside the images directories
  command: chown -R {{ revive_ad_user }} {{ revive_ad_images_dest_dir }}
  #when: ( ad_download | changed )
  tags:
    - revive
    - revive_adserver
 - name: Install the php required modules
  apt: name={{ item }} state={{ revive_pkg_state }}
  with_items: revive_ad_php_modules
  notify: Reload php-fpm
  tags:
    - php
    - revive
    - revive_adserver
 - name: Install the php modules to access the db servers
  apt: name={{ item }} state={{ revive_pkg_state }}
  with_items: revive_ad_php_db_server_modules
  notify: Reload php-fpm
  tags:
    - php
    - revive
    - revive_adserver
--- a/ubuntu-deb-general/defaults/main.yml
+++ b/ubuntu-deb-general/defaults/main.yml
@ -1,22 +1,4 @@
 ---
 cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm
 andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente
 tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom
 backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup
 monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja
 old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko
 root_ssh_keys:
  - '{{ cm_pubkey }}'
  - '{{ andrea_dellamico }}'
  - '{{ tommaso_piccioli }}'
  - '{{ backup_agent }}'
  - '{{ monja_dariva }}'
 obsolete_root_ssh_keys:
  - '{{ old_marko_mikulicic }}'
 #
 # Use the apt proxy
 #
@ -24,6 +6,7 @@ use_apt_proxy: False
 apt_proxy_url: "http://apt.research-infrastructures.eu:9999"
 common_packages:
  - acl
  - zile
  - dstat
  - iotop
@ -90,3 +73,67 @@ configure_munin: True
 # Manage the root ssh keys
 manage_root_ssh_keys: True
 cm_pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJN8XR/N4p6FfymWJy7mwR3vbUboC4P+7CgZalflhK5iH0P7c24/zZDY9Y5QIq58IViY7napqZuRkNHnHcvm9mxtSxQ16qe03NulABN5V/ljgR0sQAWz8pwv68LDpR9uBSCbXDdDCUUlS+zOxCHA6s7O7PSFavX4An1Vd/mjwoeR4eLRQXNcKsK2Pu/BZ3TCLmWyi2otnxFiJ8IoKW1CvjxKWmt5BvAvys0dfsdnTSVz9yiUMwN5Oj8cw/jhKqadnkvqTGfGl1ELm9L2V7hT6LM0cIom9oRsQf+JJ6loBe3UUZGaAhY2jmARmZdX3qV9Wh+UtxaWMEAXB9mf/2cK9f jenkins@cm
 andrea_dellamico: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9n6B+J5S7NPnwjejPC2WrvcRzC07WPnAoQ7ZHZ0Mv9JakyWItswzI3Drz/zI0mCamyuye+9dWz9v/ZRwUfBobVyXuptRaZIwxlMC/KsTZofpp3RHOBTteZ4/VM0VhEeiOHu+GuzNE0fRB2gsusWeMMae2cq4TjVAOMcQmJX496L703Smc14gFrP8y/P9jbC5HquuVnPR29PsW4mHidPmjdKkO7QmDfFAj44pEUGeInYOJe708C03NCpsjHw8AVdAJ6Pf16EOdDH+z8D6CByVO3s8UT0HJ85BRoIy6254/hmYLzyd/eRnCXHS/dke+ivrlA3XxG4+DmqjuJR/Jpfx adellam@semovente
 tommaso_piccioli: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzcHuDU7PgJwz34AsVG0E2+ZRx17ZKW1uDEGABNk3Z60/c9LTwWKPj6kcIRy6RzFJI5X+IgPJnYouXVmJsIWjVL8IRk8fP1ffJC6Fyf6H7+fCxu/Wwed5OoOCvKeZ0bEmJ1tlXFM6+EnxKqLCvz3fsNy8e4WKMnpS1hT8K6YB7PMjt60S3wOaxds1Lv4NmmgnfGM5uZFYrZCx1/GJCzNSh7AEEEUIVQ1B8xmXbet7whNiwDmiOnXSlt38dkIYT8kNMuRCj/r9wPr7FmoUCOFzUVXTcnuYagKyURrZ8QDyHbK6XQLYXgvCz/lWoErGFbDqpmBHHyvKSeLPxYfJpWJ70w== tom@tom
 backup_agent: ssh-dss AAAAB3NzaC1kc3MAAACBANBn5i7oJd12+GAeDVSAiPqCxcCDzWe41g3Vy/LhbYKwG0smPNJRfvyf7lKWkgolJfMJZrk7bBVhJoApkV7vkFkrSPueyRC+/ohjafpOsmxRYiOaSrDZ2c9TbGFVZTh23pUXoDPp2Z0N8l471b9Mx/nqgtflCV+IVICcDZbUhcCTAAAAFQC+fmfljTFllCMKsgrSJcQAtiIT/QAAAIEAvrsLfmQzHQjt4G5FhcPVbvP87KUsDh0xksCfMRP6bQBz/3mcnt7V5/MLll/CZMiOWjRK3ww9zCYHprUwQtAZSllFWiGUKw1tDvf1ZQGESYP/vvWwcpPZpVsRHlhRtuMsQchSRxw03yYOqEEa2akWzQlvaZ4CWWym931mZg6zY4AAAACAG/l8dU/QEMK1JP3rDV0kZYvcxjUC9Mxw5ScTyVqVnxDL75ssX9HiQamsiTk0dYNyl8qkB38FfkB4LhEb8FkHs4toN+nTNPPlLqhpYMs+anwyNy32LnXAVP02VJ2+3exwGe0b5vtIFpj+j8s7YZMHN5x6d4xhZ9oq5M2pJN6M48E= root@dlibbackup
 monja_dariva: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuQJvgDc8lQB+EArajGPEirRuYxGcInfiM3uRS0P5Dhqch6cuNdMFFjCoQVFL2Dvs7QNSRm8mvnPLWOCYLEFPBdXlA63w+n3VWoVOs0lUgQM77/axetd/K8BCkJlcA/exvVxLtzc5k8hN1k3OJY/Npi2Xa4WyEMV6t7+vYK3MXPjFBy4Y/aLWZvHcCn0zUbeB8T8PJ2S8taCIOMzemUzjGs3c0f4y6oaJx1gPw31PCahkaVS4ZLSt+0y3DRaGiXjyzgbQPf1whBOT4SSiX3SgdMvxA/Fzz2sSAn9PNfKq+/vygn7qDB79qzBhOXs36dPuwmsqggxIZasGUT/YfRp5Cw== monja@pc-monja
 old_marko_mikulicic: ssh-dss AAAAB3NzaC1kc3MAAACBAO/KjuevegLjP3SXeZAdmHySuOjlNWllsuurdzes9HwF7HBEtFAuSE7vBeNcpfsdUytq92JUBAwNk9VwxNnnyVgeznFQ7ocGBh0Yfu4j9EXiWVA7vO8xZ9kqjl+HwUELrR1a8d4mngXgNQ1OAm+i3vvpBA6b4CV2L2hrEsPL5LPVAAAAFQD0VroYiG13uOsHCJaVyWH6V7w4twAAAIA4moWcTj36r+FpJYHH3c+QGC8XgPi6mwsqJexJ3sZRfEDAuDTgB5UyLJStY5EE2pChVpACx8KDlONcyuCdA8HIDC+RAJ03tY//UR2Ndg1y0yH8BnpjFM9Ow5JcoWzz9clC4GD0zGA90aiQd37I3JfPoTTEjLvJegg/C8GtlLtB+AAAAIEAgHwTzFLfZ0Q5tDK/kxeKa/x52O4ZfOXBTOYQZy5A6+ohoOOIKuEYmUOxh9ovE38St2+Q+1CgGnhBA79Y2pBdzpvY6VwKdcQBtyZSsJ7ghMTpksdNwZkZ3rIDgMi0yeBUl9qe339dXzV77uM/Q8Tx0UhSHTEIpyu1WZ8d/AAqrCQ= marko
 root_ssh_keys:
  - '{{ cm_pubkey }}'
  - '{{ andrea_dellamico }}'
  - '{{ tommaso_piccioli }}'
  - '{{ backup_agent }}'
  - '{{ monja_dariva }}'
 obsolete_root_ssh_keys:
  - '{{ old_marko_mikulicic }}'
 #
 # debian/ubuntu distributions controllers
 #
 has_default_grub: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6"
 has_htop: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04 or {{ ansible_distribution_version }} == 12.04)"
 has_apt: "('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and '{{ ansible_lsb['major_release'] }}' >= 5"
 is_debian: "'{{ ansible_distribution }}' == 'Debian'"
 #is_debian7: "'{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 7"
 is_debian7: "'{{ ansible_distribution_release }}' == 'wheezy'"
 is_debian6: "('{{ ansible_distribution }}' == 'Debian' and {{ ansible_lsb['major_release'] }} == 6)"
 is_debian5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 5"
 is_debian4: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} == 4"
 is_not_debian6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} != 6"
 is_debian_less_than6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} < 6"
 is_not_debian_less_than_6: "('{{ ansible_distribution }}' != 'Debian') or (('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6)"
 is_hardy: "'{{ ansible_distribution_release }}' == 'hardy'"
 is_broken_hardy_lts: "'{{ ansible_distribution }}'== 'Debian' and '{{ ansible_distribution_release }}' == 'NA'"
 is_jaunty: "'{{ ansible_distribution_release }}' == 'jaunty'"
 is_quantal: "'{{ ansible_distribution_release }}' == 'quantal'"
 is_natty: "'{{ ansible_distribution_release }}' == 'natty'"
 is_precise: "'{{ ansible_distribution_release }}' == 'precise'"
 is_trusty: "'{{ ansible_distribution_release }}' == 'trusty'"
 is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'"
 is_not_precise: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 12.04) or '{{ ansible_distribution }}' == 'Debian'"
 is_not_trusty: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 14.04) or '{{ ansible_distribution }}' == 'Debian'"
 is_not_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} >= 12)"
 is_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12)"
 is_ubuntu_less_than_trusty: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 14)"
 # Ubuntu < 10.04 or Debian 4
 is_ubuntu_between_8_and_9_and_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 8.04 or {{ ansible_distribution_version }} == 8.10 or {{ ansible_distribution_version }} == 9.04)) or ({{ is_debian4 }})"
 #is_ubuntu_between_8_and_9_or_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_lsb['major_release'] }} < 12) or ({{ is_debian4 }})"
 is_ubuntu_between_8_and_9_or_is_debian_4: "'{{ is_ubuntu_between_8_and_9_and_is_debian_4 }}'"
 # Ubuntu between 10.04 and 11.04
 is_ubuntu_between_10_04_and_11_04: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.04 or {{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04)"
 # Ubuntu between 10.04 and 11.04, or Debian 6
 is_ubuntu_between_10_04_and_11_04_and_is_debian_6: "({{ is_ubuntu_between_10_04_and_11_04 }} or {{ is_debian6 }})"
 # Debian >=6
 is_debian_greater_than_5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_lsb['major_release'] }} >= 6"
 is_trusty_or_debian7: "('{{ ansible_distribution_release }}' == 'trusty') or ('{{ ansible_distribution_release }}' == 'wheezy')"
--- a/users/defaults/main.yml
+++ b/users/defaults/main.yml
@ -1,5 +1,5 @@
 ---
-users_sudoers_group: wheel
+users_sudoers_group: sudo
 users_sudoers_create_group: False
 users_sudoers_create_sudo_conf: False
 users_home_dir: /home
--- a/varnish-cache/defaults/main.yml
+++ b/varnish-cache/defaults/main.yml
@ -13,6 +13,8 @@ varnish_listen_port: 6810
 varnish_static_c_timeout: 240s
 varnish_static_first_byte_timeout: 360s
 varnish_static_between_bytes_timeout: 360s
 varnish_min_threads: 10
 varnish_max_threads: 1000
 # We are using 3000 in production
 varnish_static_max_connections: 200
 varnish_storage_file: /var/lib/varnish/varnish_storage.bin
--- a/varnish-cache/tasks/main.yml
+++ b/varnish-cache/tasks/main.yml
@ -27,23 +27,19 @@
  with_items: varnish_pkg_name
  tags: varnish
-# - name: Install the varnish parameters file. The config file needs to be set by a local task
+- name: Install the varnish parameters file. The config file needs to be set by a local task
-#   template: src={{ item }}.j2 dest=/etc/varnish/{{ item }} owner=root group=root mode=0444
+  template: src={{ item }}.j2 dest=/etc/default/varnish owner=root group=root mode=0444
-#   with_items:
+  with_items:
-#     - varnish.params
+    - varnish.params
-#   notify: Reload varnish
+  notify: Reload varnish
-#   tags:
+  tags: [ 'varnish', 'varnishconf' ]
 #     - varnish
 #     - varnishconf
-# - name: Ensure that the varnish service is started and enabled
+- name: Ensure that the varnish service is started and enabled
-#   service: name=varnish state=started enabled=yes
+  service: name=varnish state=started enabled=yes
-#   when: varnish_enabled
+  when: varnish_enabled
-#   tags:
+  tags: varnish
 #     - varnish
-# - name: Ensure that the varnish service is stopped and disabled
+- name: Ensure that the varnish service is stopped and disabled
-#   service: name=varnish state=stopped enabled=no
+  service: name=varnish state=stopped enabled=no
-#   when: not varnish_enabled
+  when: not varnish_enabled
-#   tags:
+  tags: varnish
 #     - varnish
--- a/varnish-cache/templates/varnish.params.j2
+++ b/varnish-cache/templates/varnish.params.j2
@ -3,6 +3,11 @@
 # /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
 # to be set from this shell script fragment.
 #
 {% if varnish_enabled %}
 START=yes
 {% else %}
 START=no
 {% endif %}
 # Set this to 1 to make systemd reload try to switch vcl without restart.
 RELOAD_VCL=1
@ -18,7 +23,6 @@ MEMLOCK=82000
 # the -n switch, to have more instances on a single server.
 INSTANCE=$(uname -n)
 ## Alternative 3, Advanced configuration
 #
 # See varnishd(1) for more information.
@ -40,10 +44,10 @@ VARNISH_ADMIN_LISTEN_PORT=6082
 VARNISH_SECRET_FILE=/etc/varnish/secret
 # # The minimum number of worker threads to start
-VARNISH_MIN_THREADS=2
+VARNISH_MIN_THREADS={{ varnish_min_threads }}
 #
 # # The Maximum number of worker threads to start
-VARNISH_MAX_THREADS=500
+VARNISH_MAX_THREADS={{ varnish_max_threads }}
 #
 # # Idle timeout for worker threads
 VARNISH_THREAD_TIMEOUT=120
@ -65,20 +69,13 @@ VARNISH_TTL={{ varnish_ttl }}
 # User and group for the varnishd worker processes
 VARNISH_USER={{ varnish_user }}
 VARNISH_GROUP={{ varnish_group }}
-# # sure you update this section, too.
+#
-# DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
+DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
-#               -f ${VARNISH_VCL_CONF} \
+             -f ${VARNISH_VCL_CONF} \
-#               -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
+             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
-#               -t ${VARNISH_TTL} \
+             -t ${VARNISH_TTL} \
-#               -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
+             -p thread_pool_min=${VARNISH_MIN_THREADS} \
-#  	      -S ${VARNISH_SECRET_FILE} \
+             -p thread_pool_max=${VARNISH_MAX_THREADS} \
-#               -s ${VARNISH_STORAGE} \
+             -p thread_pool_timeout=${VARNISH_THREAD_TIMEOUT} \
-# 	      -p sess_workspace=262144 \
+             -S ${VARNISH_SECRET_FILE} \
-# 	      -p default_keep=${VARNISH_TTL} \
+             -s ${VARNISH_STORAGE}"
 # 	      -p sess_timeout=360 \
 # 	      -p thread_pools=1 \
 # 	      -p thread_pool_min=200 -p thread_pool_max=4000 \
 # 	      -p thread_pool_add_delay=2 -p session_linger=100 \
 # 	      -s file,{{ varnish_ram_cache_size }}M
 # 	      "
--- a/yii/defaults/main.yml
+++ b/yii/defaults/main.yml
@ -22,11 +22,9 @@ yii_php_modules:
  - php5-xcache
  - php5-gd
  - php5-mcrypt
  - libpcre
 yii_php_db_server_modules:
  - php5-pgsql
  - php5-mysql
  - php5-mysqlnd
 yii_unneeded_files: