diff --git a/R/tasks/r-packages-updater.yml b/R/tasks/r-packages-updater.yml
index 2f09fd98..942e59b8 100644
--- a/R/tasks/r-packages-updater.yml
+++ b/R/tasks/r-packages-updater.yml
@@ -7,10 +7,10 @@
file: dest={{ r_packages_svn_base_dir }} state=directory
- name: Cron job that installs new R packages, if any
- cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
+ cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" hour="5-0,1-2" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
- name: Cron job that upgrades existing R packages and installs new ones, if any
- cron: name="install new R packages" user=root cron_file=upgrade-r-packages hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
+ cron: name="install new R packages" user=root cron_file=upgrade-r-packages minute="7" hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
when: r_packages_updater
tags: [ 'r_software', 'r_pkg', 'r_plugins', 'r_plugins_github', 'r_cran_pkgs', 'r_github_pkgs', 'r_packages_updater' ]
diff --git a/R/templates/update_r_packages.sh.j2 b/R/templates/update_r_packages.sh.j2
index 91e42ba7..4964943c 100644
--- a/R/templates/update_r_packages.sh.j2
+++ b/R/templates/update_r_packages.sh.j2
@@ -75,7 +75,7 @@ function fail() {
function init_env() {
if [ -f $LOCK_FILE ] ; then
OLDPROC=$( cat $LOCK_FILE )
- OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC )
+ OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC | awk '{ print $2 }' )
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
logger "update_r_packages: $OLDPROC_RUNNING"
diff --git a/docker/meta/main.yml b/docker/meta/main.yml
new file mode 100644
index 00000000..6a91b6e1
--- /dev/null
+++ b/docker/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - role: '../../library/roles/python-env'
diff --git a/docker/vars/main.yml b/docker/vars/main.yml
new file mode 100644
index 00000000..4b7fefdb
--- /dev/null
+++ b/docker/vars/main.yml
@@ -0,0 +1,6 @@
+---
+py_env_install: True
+py_env_pip_pkgs:
+ - docker-compose
+ - docker-py
+
diff --git a/joomla-org/defaults/main.yml b/joomla-org/defaults/main.yml
index aaf98f28..cbf36b5d 100644
--- a/joomla-org/defaults/main.yml
+++ b/joomla-org/defaults/main.yml
@@ -1,8 +1,13 @@
---
joomla_dist_name: Joomla
-joomla_dist_version: 3.4.8
+joomla_major: 3
+joomla_minor: 8
+joomla_fix: 2
+joomla_dist_version: '{{ joomla_major }}.{{ joomla_minor }}.{{ joomla_fix }}'
joomla_dist_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
-joomla_tar_url: 'https://github.com/joomla/joomla-cms/releases/download/{{ joomla_dist_version }}/{{ joomla_dist_file }}'
+joomla_download_version: '{{ joomla_major }}-{{ joomla_minor }}-{{ joomla_fix }}'
+joomla_download_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
+joomla_tar_url: 'https://downloads.joomla.org/cms/joomla{{ joomla_major }}/{{ joomla_download_version }}/{{ joomla_download_file }}?format=zip'
joomla_download_dir: /srv/joomla
joomla_install_dir: /var/www
diff --git a/joomla-org/tasks/main.yml b/joomla-org/tasks/main.yml
index 03cecb4d..1a42478c 100644
--- a/joomla-org/tasks/main.yml
+++ b/joomla-org/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: Install the joomla php prerequisites
apt: name={{ item }} state=present
- with_items: joomla_php_prereq
+ with_items: '{{ joomla_php_prereq }}'
tags: joomla
- name: Ensure that the download and install dirs exist
@@ -12,7 +12,7 @@
tags: joomla
- name: Download the joomla distribution file
- get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }}
+ get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }} validate_certs=no
register: joomla_download
tags: joomla
@@ -25,14 +25,14 @@
shell: cp -a {{ joomla_download_dir }}/joomla-unpacked/* {{ joomla_install_dir }}/
args:
creates: '{{ joomla_install_dir }}/index.php'
- with_items: phpfpm_pools
+ with_items: '{{ phpfpm_pools }}'
when: ( joomla_download | changed )
register: unpack_joomla
tags: joomla
- name: Set the correct ownership of the joomla files
file: dest={{ joomla_install_dir }} owner={{ item.user }} group={{ item.group }} recurse=yes state=directory
- with_items: phpfpm_pools
+ with_items: '{{ phpfpm_pools }}'
when: ( unpack_joomla | changed )
tags: joomla
diff --git a/letsencrypt-acmetool-client/defaults/main.yml b/letsencrypt-acmetool-client/defaults/main.yml
index 14951eb8..2d7da682 100644
--- a/letsencrypt-acmetool-client/defaults/main.yml
+++ b/letsencrypt-acmetool-client/defaults/main.yml
@@ -22,7 +22,8 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fq
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
# responses parameters
-letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
+#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
+letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
letsencrypt_acme_agree_tos: true
letsencrypt_acme_rsa_key_size: 4096
letsencrypt_ocsp_must_staple: True
diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml
index 8c17a575..100f1d33 100644
--- a/letsencrypt-acmetool-client/tasks/main.yml
+++ b/letsencrypt-acmetool-client/tasks/main.yml
@@ -28,7 +28,7 @@
- name: Create the letsencrypt acme user
user: name={{ letsencrypt_acme_user }} home={{ letsencrypt_acme_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
when: letsencrypt_acme_install
- tags: letsencrypt
+ tags: [ 'letsencrypt', 'letsencrypt_user' ]
- name: Create the letsencrypt acme home, if it does not exist already. In a separate step because it could be already there.
file: dest={{ letsencrypt_acme_user_home }} owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} state=directory recurse=yes
@@ -93,7 +93,7 @@
capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=absent
when:
- letsencrypt_acme_install
- - "'{{ letsencrypt_acme_authenticator }}' != 'listener'"
+ - letsencrypt_acme_authenticator != 'listener'
ignore_errors: True
tags: letsencrypt
@@ -125,7 +125,7 @@
- name: Install a daily cron job to renew the certificates when needed
become: True
become_user: '{{ letsencrypt_acme_user }}'
- cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
+ cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
when: letsencrypt_acme_install
tags: letsencrypt
diff --git a/letsencrypt-client/defaults/main.yml b/letsencrypt-client/defaults/main.yml
deleted file mode 100644
index b740b07b..00000000
--- a/letsencrypt-client/defaults/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-letsencrypt_install: False
-letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt'
-letsencrypt_dest_dir: /opt
-letsencrypt_update_repo: True
-letsencrypt_prerequisites:
- - git
- - bc
-
-letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto'
-letsencrypt_install_path: /root/.local/share/letsencrypt
-letsencrypt_config_dir: /etc/letsencrypt
-letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}'
-# In seconds. Default 7 days
-letsencrypt_renew_before: 604800
-letsencrypt_logdir: /var/log/letsencrypt
-# The various services maintainers need to put the reconfigure/restart scripts there
-letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt
-
-# cli.ini parameters
-letsencrypt_rsa_key_size: 4096
-letsencrypt_email: sysadmin@example.com
-letsencrypt_authenticator: standalone
-letsencrypt_standalone_supp_challenges: 'http-01'
-letsencrypt_agree_tos: True
-letsencrypt_verbose: False
-letsencrypt_text_interface: True
-# The first on the list gives the name to the certs live directory.
-# If it is not the machine FQDN, change the letsencrypt_cert_dir definition.
-letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org'
-letsencrypt_renew_by_default: True
-letsencrypt_standalone_port: 9999
-
diff --git a/letsencrypt-client/tasks/main.yml b/letsencrypt-client/tasks/main.yml
deleted file mode 100644
index 6f5b2810..00000000
--- a/letsencrypt-client/tasks/main.yml
+++ /dev/null
@@ -1,50 +0,0 @@
----
-- name: Install the letsencrypt package dependencies
- apt: name={{ item }} state=present
- with_items: '{{ letsencrypt_prerequisites }}'
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Get the letsencrypt client
- git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }}
- with_items: '{{ letsencrypt_prerequisites }}'
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: letsencrypt initializaztion
- command: '{{ letsencrypt_auto }}'
- args:
- creates: '{{ letsencrypt_install_path }}/bin/letsencrypt'
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Create the letsencrypt config directory
- file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Create the letsencrypt services scripts directory
- file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Install the letsencrypt cli.ini file
- template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Install a default file that shell scripts can include
- template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Install the command that asks for the certificates and their renewal
- template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550
- when: letsencrypt_install
- tags: letsencrypt
-
-- name: Install a daily cron job to renew the certificates when needed
- cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1"
- when: letsencrypt_install
- tags: letsencrypt
-
diff --git a/letsencrypt-client/templates/cli.ini.j2 b/letsencrypt-client/templates/cli.ini.j2
deleted file mode 100644
index 0fffec63..00000000
--- a/letsencrypt-client/templates/cli.ini.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-rsa-key-size = {{ letsencrypt_rsa_key_size }}
-email = {{ letsencrypt_email }}
-authenticator = {{ letsencrypt_authenticator }}
-standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }}
-agree-tos = {{ letsencrypt_agree_tos }}
-{% if letsencrypt_verbose %}
-verbose = {{ letsencrypt_verbose }}
-{% endif %}
-text = {{ letsencrypt_text_interface }}
-renew-by-default = {{ letsencrypt_renew_by_default }}
diff --git a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 b/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2
deleted file mode 100644
index bd57ebd8..00000000
--- a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-
-RENEW_BEFORE={{ letsencrypt_renew_before }}
-LETSENCRYPT_BIN={{ letsencrypt_auto }}
-LE_CERT_DIR={{ letsencrypt_certs_dir }}
-LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
-LOG_DIR={{ letsencrypt_logdir }}
-VALIDITY_RETVAL=0
-DOMAINS="{{ letsencrypt_domains }}"
-CERT_DOMAINS_LIST=
-ACTION=certonly
-RETVAL=0
-
-# Check if the cert file exists. If not, it is a certificate request and not a renewal.
-if [ -f $LE_CERT_DIR/cert.pem ] ; then
- VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
- VALIDITY_RETVAL=$?
- if [ $VALIDITY_RETVAL -eq 0 ] ; then
- echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
- exit 0
- else
- ACTION=renew
- fi
-fi
-
-if [ "$ACTION" === "certonly" ] ; then
- for dom in $DOMAINS ; do
- CERT_DOMAINS_LIST+=" -d $dom"
- done
-fi
-
-# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
-$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
-RETVAL=$?
-
-# Run the reconfiguration scripts to make the involved services load the new certificate
-for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
- if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
- echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
- $LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
- fi
-done
-
-exit 0
-
diff --git a/letsencrypt-client/templates/letsencrypt-default.j2 b/letsencrypt-client/templates/letsencrypt-default.j2
deleted file mode 100644
index 1ee49c46..00000000
--- a/letsencrypt-client/templates/letsencrypt-default.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }}
-LE_EMAIL={{ letsencrypt_email }}
-LE_AUTHENTICATOR={{ letsencrypt_authenticator }}
-LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }}
-LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
-LE_COMMAND={{ letsencrypt_auto }}
-LE_CERTS_DIR={{ letsencrypt_certs_dir }}
-LE_LOG_DIR={{ letsencrypt_logdir }}
diff --git a/nagios/templates/common-nrpe.cfg.j2 b/nagios/templates/common-nrpe.cfg.j2
index 0965f01a..338da03e 100644
--- a/nagios/templates/common-nrpe.cfg.j2
+++ b/nagios/templates/common-nrpe.cfg.j2
@@ -35,7 +35,8 @@ command[global_check_linux_raid]={{ nagios_plugins_dir }}/check_raid
command[global_check_smart]={{ nagios_isti_plugdir }}/check_smart -d $ARG1$ -i $ARG2$
# Network interfaces
-command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
+#command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
+command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e -D -S -n \(l\|eth\|p\|bond\)
# Restart ntp (via handler)
command[global_restart_ntp]=/usr/bin/sudo /etc/init.d/ntp start
diff --git a/nginx/templates/nginx-virthost.j2 b/nginx/templates/nginx-virthost.j2
index 709a4145..5d8ca561 100644
--- a/nginx/templates/nginx-virthost.j2
+++ b/nginx/templates/nginx-virthost.j2
@@ -27,7 +27,6 @@ server {
return 301 https://{{ item.server_name }}$request_uri;
}
{% else %}
- # This is the default for nginx on Ubuntu 14.04
root {{ item.root | default('/usr/share/nginx/html/') }};
index {{ item.index | default('index.html index.htm') }};
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
@@ -81,7 +80,10 @@ server {
{% endif %}
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
# Proxy stuff
+ {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
+ {% else %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
+ {% endif %}
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }};
@@ -171,7 +173,10 @@ server {
{% endif %}
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
# Proxy stuff
+ {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
+ {% else %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
+ {% endif %}
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }}
diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml
index 2c46becf..cde0ff4f 100644
--- a/postgresql/defaults/main.yml
+++ b/postgresql/defaults/main.yml
@@ -62,12 +62,19 @@ psql_autovacuum_configuration:
# SSL as a special case
psql_enable_ssl: False
psql_force_ssl_client_connection: False
-postgresql_letsencrypt_managed: True
-psql_conf_ssl_parameters:
+postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
+psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
+psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
+psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
+psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
+psql_conf_ssl_parameters:
- { name: 'ssl', value: 'true' }
- - { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' }
- - { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' }
- - { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' }
+ - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }
+ - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_path }}' }
+ - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' }
+
+psql_conf_disable_ssl_parameters:
+ - { name: 'ssl', value: 'false' }
psql_set_shared_memory: False
psql_sysctl_file: 30-postgresql-shm.conf
diff --git a/postgresql/files/pgpool-letsencrypt-acme.sh b/postgresql/files/pgpool-letsencrypt-acme.sh
index 3409f27e..38ac48b9 100644
--- a/postgresql/files/pgpool-letsencrypt-acme.sh
+++ b/postgresql/files/pgpool-letsencrypt-acme.sh
@@ -26,10 +26,8 @@ chgrp postgres ${PGPOOL2_KEYFILE}
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log
if [ -x /bin/systemctl ] ; then
- sleep $RANDOM
systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1
else
- sleep $RANDOM
service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1
fi
diff --git a/postgresql/files/postgresql-backup.cron b/postgresql/files/postgresql-backup.cron
index bd7ed0d4..e7972984 100755
--- a/postgresql/files/postgresql-backup.cron
+++ b/postgresql/files/postgresql-backup.cron
@@ -13,7 +13,8 @@ fi
# Remote backup performed by duplicity. When active, do not run via cron
if [ -x /etc/cron.daily/duplicity_backup ] ; then
- echo "duplicity backups active. Exiting" > $LOG_FILE
+ DATE=$( date )
+ echo "$DATE: duplicity backups active. Exiting" >> $LOG_FILE
exit 0
fi
@@ -23,7 +24,8 @@ if [ -f /var/log/backuppc.log ] ; then
. /var/log/backuppc.log
LAST_BACKUP_TIME=$( expr $TMSTMP - $BACKUP_TIMESTAMP )
if [ $LAST_BACKUP_TIME -lt 86400 -a $BACKUP_RESULT == 'OK' ] ; then
- echo "BackupPC is active, doing nothing" > $LOG_FILE
+ DATE=$( date )
+ echo "$DATE: BackupPC is active, doing nothing" >> $LOG_FILE
exit 0
fi
fi
@@ -34,20 +36,22 @@ PG_RUNNING=$?
if [ $PG_BACKUP_ENABLED == 'True' ] ; then
if [ "$PG_RUNNING" -ne "0" -a "$PG_RUNNING" -ne "3" ] ; then
- echo "The postgresql service is not running" > $LOG_FILE
+ DATE=$( date )
+ echo "$DATE: The postgresql service is not running" >> $LOG_FILE
exit 1
else
if [ ! -d $LOG_DIR ] ; then
mkdir -p $LOG_DIR
fi
DATE_START=$( date )
- echo "$DATE_START: Starting the backup procedure" > $LOG_FILE
+ echo "$DATE_START: Starting the backup procedure" >> $LOG_FILE
$PG_BCK_BIN >> $LOG_FILE 2>&1
DATE_END=$( date )
echo "$DATE_END: Backup procedure finished" >> $LOG_FILE
fi
else
- echo "Postgresql backups administratively disabled" > $LOG_FILE
+ DATE=$( date )
+ echo "$DATE: Postgresql backups administratively disabled" >> $LOG_FILE
fi
if [ "${USE_NAGIOS}" == "yes" ] ; then
diff --git a/postgresql/files/postgresql-letsencrypt-acme.sh b/postgresql/files/postgresql-letsencrypt-acme.sh
index bfacd724..a3c227ea 100644
--- a/postgresql/files/postgresql-letsencrypt-acme.sh
+++ b/postgresql/files/postgresql-letsencrypt-acme.sh
@@ -26,10 +26,8 @@ chgrp postgres ${POSTGRESQL_KEYFILE}
echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
if [ -x /bin/systemctl ] ; then
- sleep $RANDOM
systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
else
- sleep $RANDOM
service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
fi
diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml
index 91a94b02..f44fba2c 100644
--- a/postgresql/tasks/main.yml
+++ b/postgresql/tasks/main.yml
@@ -32,11 +32,9 @@
when: psql_pgpool_service_install
- include: postgresql-letsencrypt-acmetool.yml
when:
- - postgresql_letsencrypt_managed
- letsencrypt_acme_install is defined
- include: pgpool-letsencrypt-acmetool.yml
when:
- - pgpool_letsencrypt_managed
- letsencrypt_acme_install is defined
diff --git a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml
index f19b99b5..627e6e67 100644
--- a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml
+++ b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml
@@ -1,17 +1,23 @@
---
-- name: Create the acme hooks directory if it does not yet exist
- file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+- block:
+ - name: Create the acme hooks directory if it does not yet exist
+ file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+
+ - name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
+ copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
+
when:
- psql_pgpool_service_install
- pgpool_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
-- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
- copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
+
+- block:
+ - name: Remove the letsencrypt hook for pgpool
+ file: dest=/usr/lib/acme/hooks/pgpool state=absent
+
when:
- psql_pgpool_service_install
- - pgpool_letsencrypt_managed
- - letsencrypt_acme_install
+ - not pgpool_letsencrypt_managed
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
-
diff --git a/postgresql/tasks/postgresql-letsencrypt-acmetool.yml b/postgresql/tasks/postgresql-letsencrypt-acmetool.yml
index 2f9a3ac2..8531a461 100644
--- a/postgresql/tasks/postgresql-letsencrypt-acmetool.yml
+++ b/postgresql/tasks/postgresql-letsencrypt-acmetool.yml
@@ -1,15 +1,21 @@
---
-- name: Create the acme hooks directory if it does not yet exist
- file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+- block:
+ - name: Create the acme hooks directory if it does not yet exist
+ file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
+
+ - name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
+ copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
+
when:
- postgresql_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
-- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
- copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
- when:
- - postgresql_letsencrypt_managed
- - letsencrypt_acme_install
- tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
+- block:
+ - name: Remove the letsencrypt certificate hook for postgresql
+ file: dest=/usr/lib/acme/hooks/postgresql state=absent
+
+ when:
+ - not postgresql_letsencrypt_managed
+ tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
diff --git a/postgresql/tasks/postgresql-ssl-config.yml b/postgresql/tasks/postgresql-ssl-config.yml
index 4c0fba9e..d7fbfb32 100644
--- a/postgresql/tasks/postgresql-ssl-config.yml
+++ b/postgresql/tasks/postgresql-ssl-config.yml
@@ -1,6 +1,6 @@
---
- block:
- - name: Setup ssl in the postgresql configuration
+ - name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
@@ -11,7 +11,19 @@
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
- name: Create a postgres accessible ssl key file if it does not exist
- copy: src=/var/lib/acme/live/{{ ansible_fqdn }}/privkey dest=/etc/pki/postgresql/postgresql.key owner=postgres group=postgres mode=0400 remote_src=True
+ copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True
when: psql_enable_ssl
- tags: [ 'postgresql', 'postgres', 'pg_conf' ]
+ tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
+
+
+- block:
+ - name: Disable SSL in the postgresql configuration
+ become: True
+ become_user: postgres
+ action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
+ with_items: '{{ psql_conf_disable_ssl_parameters }}'
+ notify: Restart postgresql
+
+ when: not psql_enable_ssl
+ tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
diff --git a/logstash-rsyslog/defaults/main.yml b/rsyslog-logstash/defaults/main.yml
similarity index 100%
rename from logstash-rsyslog/defaults/main.yml
rename to rsyslog-logstash/defaults/main.yml
diff --git a/logstash-rsyslog/handlers/main.yml b/rsyslog-logstash/handlers/main.yml
similarity index 100%
rename from logstash-rsyslog/handlers/main.yml
rename to rsyslog-logstash/handlers/main.yml
diff --git a/logstash-rsyslog/tasks/main.yml b/rsyslog-logstash/tasks/main.yml
similarity index 100%
rename from logstash-rsyslog/tasks/main.yml
rename to rsyslog-logstash/tasks/main.yml
diff --git a/logstash-rsyslog/templates/old-rsyslog-logstash.conf.j2 b/rsyslog-logstash/templates/old-rsyslog-logstash.conf.j2
similarity index 100%
rename from logstash-rsyslog/templates/old-rsyslog-logstash.conf.j2
rename to rsyslog-logstash/templates/old-rsyslog-logstash.conf.j2
diff --git a/logstash-rsyslog/templates/rsyslog-logstash.conf.j2 b/rsyslog-logstash/templates/rsyslog-logstash.conf.j2
similarity index 100%
rename from logstash-rsyslog/templates/rsyslog-logstash.conf.j2
rename to rsyslog-logstash/templates/rsyslog-logstash.conf.j2
diff --git a/shinyproxy/defaults/main.yml b/shinyproxy/defaults/main.yml
index 4d0105f3..1452b58b 100644
--- a/shinyproxy/defaults/main.yml
+++ b/shinyproxy/defaults/main.yml
@@ -1,6 +1,6 @@
---
shinyproxy_install: False
-shinyproxy_version: 1.0.0
+shinyproxy_version: 1.0.2
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
shinyproxy_app_name: shinyproxy.jar
diff --git a/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml b/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml
deleted file mode 100644
index 464de925..00000000
--- a/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-accounting_insert_storage_se_plugin_install: False
-accounting_insert_storage_se_plugin_upgrade: False
-
-accounting_insert_storage_se_plugin_name: accounting-insert-storage-se-plugin
-accounting_insert_storage_se_plugin_group_id: org.gcube.accounting
-accounting_insert_storage_se_plugin_version : 1.0.1-4.5.0-148393
-accounting_insert_storage_se_plugin_artifact_id: accounting-insert-storage-se-plugin
-accounting_insert_storage_se_plugin_extension: jar
-accounting_insert_storage_se_plugin_classifier: jar-with-dependencies
-accounting_insert_storage_se_plugin_file: '{{ accounting_insert_storage_se_plugin_name }}-{{ accounting_insert_storage_se_plugin_version }}-{{ accounting_insert_storage_se_plugin_classifier }}.{{ accounting_insert_storage_se_plugin_extension }}'
diff --git a/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml b/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml
deleted file mode 100644
index c9d6da19..00000000
--- a/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- block:
- - name: Remove the old accounting insert storage plugin
- shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
- notify: Restart smartgears
-
- become: True
- become_user: '{{ smartgears_user }}'
- when: not accounting_insert_storage_se_plugin_install
- tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]
-
-- block:
- - name: Get the accounting insert storage plugin and install it inside the smart executor
- maven_artifact: artifact_id={{ accounting_insert_storage_se_plugin_name }} version={{ accounting_insert_storage_se_plugin_version | default(omit) }} group_id={{ accounting_insert_storage_se_plugin_group_id }} extension={{ accounting_insert_storage_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ accounting_insert_storage_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }}
- register: accounting_insert_storage_download
-
- - name: Remove the old accounting insert storage plugin
- shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
- when: (accounting_insert_storage_download | changed)
-
- - name: Copy the accounting aggregator plugin to its final destination
- copy: src={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_file }} remote_src=yes
- notify: Restart smartgears
-
- become: True
- become_user: '{{ smartgears_user }}'
- when: accounting_insert_storage_se_plugin_install
- tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]
-
diff --git a/smartgears/accounting_rstudio_se_plugin/defaults/main.yml b/smartgears/accounting_rstudio_se_plugin/defaults/main.yml
index ec556e55..70fd4ab8 100644
--- a/smartgears/accounting_rstudio_se_plugin/defaults/main.yml
+++ b/smartgears/accounting_rstudio_se_plugin/defaults/main.yml
@@ -2,7 +2,7 @@
accounting_insert_rstudio_se_plugin_install: False
accounting_insert_rstudio_se_plugin_name: accounting-insert-rstudio-se-plugin
-accounting_insert_rstudio_se_plugin_version: '1.0.0-4.4.0-142716'
+accounting_insert_rstudio_se_plugin_version: 'latest'
accounting_insert_rstudio_se_plugin_group_id: 'org.gcube.accounting'
accounting_insert_rstudio_se_plugin_artifact_id: accounting-insert-rstudio-se-plugin
accounting_insert_rstudio_se_plugin_extension: jar
diff --git a/smartgears/accounting_rstudio_se_plugin/tasks/main.yml b/smartgears/accounting_rstudio_se_plugin/tasks/main.yml
index c6d73fa9..8817e633 100644
--- a/smartgears/accounting_rstudio_se_plugin/tasks/main.yml
+++ b/smartgears/accounting_rstudio_se_plugin/tasks/main.yml
@@ -1,7 +1,7 @@
---
- block:
- name: Remove the old accounting insert storage plugin
- shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
notify: Restart smartgears
- name: Disable the cron job that calculates the home used space
@@ -18,7 +18,7 @@
register: accounting_insert_rstudio_download
- name: Remove the old accounting insert storage plugin
- shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
when: (accounting_insert_rstudio_download | changed)
- name: Copy the accounting aggregator plugin to its final destination
@@ -30,6 +30,7 @@
template: src=calculate_home_space.j2 dest=/usr/local/bin/calculate_home_space mode=0755 owner=root group=root
- name: Install a cron job that calculates the home used space
+ become_user: root
cron: name="Calculate the home used space" special_time=hourly user=root job="/usr/local/bin/calculate_home_space >/dev/null 2>&1"
become: True
diff --git a/smartgears/ckan_connector/defaults/main.yml b/smartgears/ckan_connector/defaults/main.yml
index 54518aac..d4aa4b33 100644
--- a/smartgears/ckan_connector/defaults/main.yml
+++ b/smartgears/ckan_connector/defaults/main.yml
@@ -1,9 +1,10 @@
---
ckan_connector_gcube_repository: 'gcube-staging'
ckan_connector_plugin_install: False
-ckan_connector_ver: 1.1.2-4.3.0-142056
+ckan_connector_ver: latest
ckan_connector_name: ckan-connector
-ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.war'
-ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ ckan_connector_gcube_repository }}/org/gcube/data/access/{{ ckan_connector_name }}/{{ ckan_connector_ver}}/{{ ckan_connector_filename }}'
-ckan_connector_war_file: '{{ ckan_connector_name }}.war'
+ckan_connector_extension: war
+ckan_connector_group_id: org.gcube.data.access
+ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.{{ ckan_connector_extension }}'
+
ckan_connector_user: ckan_connector
diff --git a/smartgears/ckan_connector/tasks/main.yml b/smartgears/ckan_connector/tasks/main.yml
index d61093a5..5399c5d2 100644
--- a/smartgears/ckan_connector/tasks/main.yml
+++ b/smartgears/ckan_connector/tasks/main.yml
@@ -1,29 +1,53 @@
---
- block:
+ - name: Remove the installed CKAN connector
+ file: dest={{ item }} state=absent
+ with_items:
+ - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
+ - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
+ notify: Restart smartgears
+
+ - name: Remove the CKAN connector fixer script
+ become_user: root
+ file: dest=/usr/local/bin/ckan-connector-fixer state=absent
+
+ become: True
+ become_user: '{{ smartgears_user }}'
+ when: not ckan_connector_plugin_install
+ tags: [ 'smartgears', 'ckan', 'ckan_connector', 'tomcat' ]
+
+- block:
+ - name: Get the CKAN connector war file
+ maven_artifact: artifact_id={{ ckan_connector_name }} version={{ ckan_connector_ver }} group_id={{ ckan_connector_group_id }} extension={{ ckan_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }}
+ register: ckan_connector_download
+
- name: Remove the installed CKAN connector before upgrading
file: dest={{ item }} state=absent
with_items:
- - '{{ smartgears_instance_path }}/webapps/ckan-connector'
- - '{{ smartgears_instance_path }}/webapps/ckan-connector.war'
- when: smartgears_upgrade
+ - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
+ - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
+ when: ( ckan_connector_download | changed )
+ notify: Restart smartgears
- - name: Get the CKAN connector war file
- get_url: url={{ ckan_connector_url }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
+ - name: Create the CKAN connector webapp directory
+ file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=directory
+ when: ( ckan_connector_download | changed )
- - name: Unpack the CKAN connector war file
- shell: mkdir {{ smartgears_instance_path }}/webapps/ckan-connector ; cd {{ smartgears_instance_path }}/webapps/ckan-connector ; jar xf {{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
+ - name: Unarchive the CKAN connector war file
+ unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}
args:
- creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/web.xml'
+ creates: '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}/WEB-INF/web.xml'
+ notify: Restart smartgears
- name: Install the CKAN connector web.xml template
template: src=ckan-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.tpl mode=0440
- name: Install the CKAN connector fixer script
- become: False
+ become_user: root
template: src=ckan-connector-fixer.sh.j2 dest=/usr/local/bin/ckan-connector-fixer owner=root group=root mode=0550
- name: Fix the CKAN connector web.xml
- become: False
+ become_user: root
shell: /usr/local/bin/ckan-connector-fixer init
args:
creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.configured'
diff --git a/smartgears/fhn_manager/defaults/main.yml b/smartgears/fhn_manager/defaults/main.yml
index 74a68289..45a2b7ab 100644
--- a/smartgears/fhn_manager/defaults/main.yml
+++ b/smartgears/fhn_manager/defaults/main.yml
@@ -1,7 +1,7 @@
---
fhn_manager_install: False
smart_executor_install: False
-fhn_manager_version: 1.2.4-4.7.0-154701
+fhn_manager_version: 1.2.4-4.8.0-154701
fhn_manager_name: fhn-manager-service
fhn_group_id: org.gcube.resources.federation
fhn_extension: war
diff --git a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2
index 46c73f57..a0707aac 100644
--- a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2
+++ b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2
@@ -4,7 +4,7 @@
{{ item.webapp_group }}
{{ item.version }}
{% if item.description is defined %}
- "{{ item.description }}"
+ {{ item.description }}
{% endif %}
{% if item.persistence_location is defined %}
diff --git a/smartgears/geoserver_connector/tasks/main.yml b/smartgears/geoserver_connector/tasks/main.yml
index 674b8265..6821a682 100644
--- a/smartgears/geoserver_connector/tasks/main.yml
+++ b/smartgears/geoserver_connector/tasks/main.yml
@@ -7,7 +7,7 @@
become: True
become_user: '{{ smartgears_user }}'
when: not gcube_geoserver_connector_install
- tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
+ tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]
- block:
- name: Get the gcube connector
@@ -26,4 +26,4 @@
become: True
become_user: '{{ smartgears_user }}'
when: gcube_geoserver_connector_install
- tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
+ tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]
diff --git a/smartgears/is_exporter_se_plugin/tasks/main.yml b/smartgears/is_exporter_se_plugin/tasks/main.yml
index d8b8a99e..75c62726 100644
--- a/smartgears/is_exporter_se_plugin/tasks/main.yml
+++ b/smartgears/is_exporter_se_plugin/tasks/main.yml
@@ -1,14 +1,28 @@
---
- block:
- name: Remove the old is-exporter plugin
- shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/is-exporter-se-plugin-*-jar-with-dependencies.jar
- when: is_exporter_se_plugin_upgrade
-
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
+ notify: Restart smartgears
+
+ become: True
+ become_user: '{{ smartgears_user }}'
+ when: not is_exporter_se_plugin_install
+ tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
+
+- block:
+ - name: Download the is-exporter plugin
+ maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }}
+ register: is_exporter_plugin_download
+
+ - name: Remove the old is-exporter plugin
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
+ when: ( is_exporter_plugin_download | changed )
+
- name: Install the is-exporter plugin inside the smart executor lib directory
- maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }}
+ copy: src={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }} remote_src=yes force=yes
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: is_exporter_se_plugin_install
- tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
\ No newline at end of file
+ tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
diff --git a/smartgears/is_sweeper_se_plugin/tasks/main.yml b/smartgears/is_sweeper_se_plugin/tasks/main.yml
index 37af278e..c2f59e1b 100644
--- a/smartgears/is_sweeper_se_plugin/tasks/main.yml
+++ b/smartgears/is_sweeper_se_plugin/tasks/main.yml
@@ -16,7 +16,7 @@
- name: Remove the old is-sweeper plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_name }}-*-{{ is_sweeper_se_plugin_classifier }}.{{ is_sweeper_se_plugin_extension }}
- when: ( is_sweeper_plugin_download )
+ when: ( is_sweeper_plugin_download | changed )
- name: Install the is-sweeper plugin inside the smart executor lib directory
copy: src={{ smartgears_downloads_dir }}/{{ is_sweeper_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_file }} remote_src=yes force=yes
diff --git a/smartgears/quota_se_plugin/defaults/main.yml b/smartgears/quota_se_plugin/defaults/main.yml
new file mode 100644
index 00000000..60e92c21
--- /dev/null
+++ b/smartgears/quota_se_plugin/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+quota_se_plugin_install: False
+quota_se_plugin_upgrade: False
+
+quota_se_plugin_name: accounting-insert-storage-se-plugin
+quota_se_plugin_group_id: org.gcube.accounting
+quota_se_plugin_version : 1.0.1-4.5.0-148393
+quota_se_plugin_artifact_id: accounting-insert-storage-se-plugin
+quota_se_plugin_extension: jar
+quota_se_plugin_classifier: jar-with-dependencies
+quota_se_plugin_file: '{{ quota_se_plugin_name }}-{{ quota_se_plugin_version }}-{{ quota_se_plugin_classifier }}.{{ quota_se_plugin_extension }}'
diff --git a/smartgears/quota_se_plugin/tasks/main.yml b/smartgears/quota_se_plugin/tasks/main.yml
new file mode 100644
index 00000000..0b806314
--- /dev/null
+++ b/smartgears/quota_se_plugin/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+- block:
+ - name: Remove the old quota plugin
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_artifact_id }}-*-jar-with-dependencies.jar
+ notify: Restart smartgears
+
+ become: True
+ become_user: '{{ smartgears_user }}'
+ when: not quota_se_plugin_install
+ tags: [ 'smartgears', 'quota_se', 'tomcat' ]
+
+- block:
+ - name: Get the quota plugin and install it inside the smart executor
+ maven_artifact: artifact_id={{ quota_se_plugin_name }} version={{ quota_se_plugin_version | default(omit) }} group_id={{ quota_se_plugin_group_id }} extension={{ quota_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ quota_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }}
+ register: quota_storage_download
+
+ - name: Remove the old quota plugin
+ shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
+ when: (quota_storage_download | changed)
+
+ - name: Copy the quota plugin to its final destination
+ copy: src={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_file }} remote_src=yes
+ notify: Restart smartgears
+
+ become: True
+ become_user: '{{ smartgears_user }}'
+ when: quota_se_plugin_install
+ tags: [ 'smartgears', 'quota_se', 'tomcat' ]
+
diff --git a/smartgears/r_connector/tasks/main.yml b/smartgears/r_connector/tasks/main.yml
index 1ed477fd..bb181cab 100644
--- a/smartgears/r_connector/tasks/main.yml
+++ b/smartgears/r_connector/tasks/main.yml
@@ -1,10 +1,11 @@
---
- block:
- - name: Remove the installed R connector before upgrading
+ - name: Remove the installed R connector
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
+ notify: Restart smartgears
- name: Remove the packages required to enable the LDAP PAM authentication
become: False
@@ -32,20 +33,22 @@
register: r_connector_download
- name: Remove the installed R connector before upgrading
- file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=absent
+ file: dest={{ item }} state=absent
+ with_items:
+ - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
+ - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
+ notify: Restart smartgears
when: ( r_connector_download | changed )
- name: Create the R connector webapp directory
file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=directory
when: ( r_connector_download | changed )
- - name: Copy the R connector war file into the webapps directory
- copy: src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }} remote_src=yes force=yes
-
- name: Unarchive the R connector war file
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}
args:
creates: '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml'
+ notify: Restart smartgears
- name: Obtain the permission to read the Rstudio secure cookie key
become_user: root
diff --git a/smartgears/resource_registry/tasks/main.yml b/smartgears/resource_registry/tasks/main.yml
index a369223f..b8ed65bb 100644
--- a/smartgears/resource_registry/tasks/main.yml
+++ b/smartgears/resource_registry/tasks/main.yml
@@ -5,6 +5,7 @@
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
+ notify: Restart smartgears
become: True
become_user: '{{ d4science_user }}'
@@ -17,17 +18,16 @@
register: resource_registry_download
- name: Remove the old resource-registry files
- file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=absent
+ file: path={{ item }} state=absent
+ with_items:
+ - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
+ - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
when: ( resource_registry_download | changed )
- name: Create the resource-registry working directory
file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }}
when: ( resource_registry_download | changed )
- - name: Copy the resource registry war file into the webapps directory
- copy: src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }} remote_src=yes force=yes
- notify: Restart smartgears
-
- name: Unarchive the resource registry war
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} creates={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}/WEB-INF/lib
notify: Restart smartgears
diff --git a/smartgears/sis_geotk_dt_plugin/defaults/main.yml b/smartgears/sis_geotk_dt_plugin/defaults/main.yml
index fe7e0674..93bedc91 100644
--- a/smartgears/sis_geotk_dt_plugin/defaults/main.yml
+++ b/smartgears/sis_geotk_dt_plugin/defaults/main.yml
@@ -6,8 +6,9 @@ sis_geotk_dt_plugin_group_id : org.gcube.data.transfer
sis_geotk_dt_plugin_artifact_id : '{{ sis_geotk_dt_plugin_name }}'
sis_geotk_dt_plugin_version : latest
sis_geotk_dt_plugin_extension: jar
-sis_geotk_dt_plugin_classifier: jar-with-dependencies
-sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-jar-with-dependencies.{{ sis_geotk_dt_plugin_extension }}'
+sis_geotk_dt_plugin_classifier: uberjar
+sis_geotk_dt_plugin_uber_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-{{ sis_geotk_dt_plugin_classifier }}.{{ sis_geotk_dt_plugin_extension }}'
+sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}.{{ sis_geotk_dt_plugin_extension }}'
catalina_apps_conf:
- { app_name: '{{ data_trasfer_service_name }}', plugin_name: '{{ sis_geotk_dt_plugin_name }}' }
diff --git a/smartgears/sis_geotk_dt_plugin/tasks/main.yml b/smartgears/sis_geotk_dt_plugin/tasks/main.yml
index 4fbd92a8..e69954e7 100644
--- a/smartgears/sis_geotk_dt_plugin/tasks/main.yml
+++ b/smartgears/sis_geotk_dt_plugin/tasks/main.yml
@@ -9,24 +9,31 @@
tags: [ 'smartgears', 'sis_geotk', 'tomcat' ]
- block:
- - name: Create the plugin directory inside data transfer
- file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
-
- - name: Get the Sis geotk data transfer plugin
- maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version | default(omit) }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }}
- register: sis_geotk_download
+ - name: Get the Sis geotk data transfer uber plugin
+ maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }}
+ register: sis_geotk_download
- name: Remove the old Sis geotk data transfer plugin
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=absent
when: (sis_geotk_download | changed)
- - name: Copy the Sis geotk data transfer plugin to its final destination
- copy: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ sis_geotk_dt_plugin_file }} remote_src=yes
+ - name: Create the plugin directory inside data transfer
+ file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
+
+ - name: Unarchive the Sis geotk data transfer uber plugin to expose its libraries
+ unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
+ when: (sis_geotk_download | changed)
notify: Restart smartgears
- - name: Unarchive the Sis geotk data transfer plugin to expose its libraries
- unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
- when: (sis_geotk_download | changed)
+ - name: Get the Sis geotk data transfer uber plugin
+ maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes
+
+ - name: Remove the Sis geotk uber jar org and META-INF directories
+ file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent
+ with_items:
+ - org
+ - 'META-INF'
+ notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
diff --git a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
index a38dbabb..787a7b65 100644
--- a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
+++ b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
@@ -69,6 +69,18 @@ server {
{% if context != "whn-manager" %}
{% if context != '' %}
location /{{ context }} {
+ {% if varnish_install is defined and varnish_install %}
+ {% if smartgears_nginx_cors_enabled %}
+ include /etc/nginx/snippets/nginx-cors.conf;
+ {% if nginx_cors_extended_rules %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
+ {% else %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
+ {% endif %}
+ {% else %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
+ {% endif %}
+ {% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
@@ -79,6 +91,7 @@ server {
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
+ {% endif %}
}
{% endif %}
{% endif %}
@@ -198,6 +211,18 @@ server {
{% if context != "whn-manager" %}
{% if context != '' %}
location /{{ context }} {
+ {% if varnish_install is defined and varnish_install %}
+ {% if smartgears_nginx_cors_enabled %}
+ include /etc/nginx/snippets/nginx-cors.conf;
+ {% if nginx_cors_extended_rules %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
+ {% else %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
+ {% endif %}
+ {% else %}
+ proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
+ {% endif %}
+ {% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
@@ -208,6 +233,7 @@ server {
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
+ {% endif %}
}
{% endif %}
{% endif %}
diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml
index ea281daf..c50fa608 100644
--- a/smartgears/smartgears/defaults/main.yml
+++ b/smartgears/smartgears/defaults/main.yml
@@ -56,6 +56,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
smartgears_log_use_timesize_appender: True
smartgears_loglevel: WARN
smartgears_dataanalysis_loglevel: DEBUG
+smartgears_dataanalysis_log_max_history: 90
smartgears_log_max_history: 30
smartgears_log_max_file_size: 10MB
smartgears_log_total_file_cap: 2GB
diff --git a/smartgears/smartgears/templates/logback.xml.j2 b/smartgears/smartgears/templates/logback.xml.j2
index 9f822160..7e479331 100644
--- a/smartgears/smartgears/templates/logback.xml.j2
+++ b/smartgears/smartgears/templates/logback.xml.j2
@@ -72,7 +72,7 @@
{% if smartgears_log_use_timesize_appender %}
{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.%i.log
- {{ smartgears_log_max_history }}
+ {{ smartgears_dataanalysis_log_max_history }}
{{ smartgears_log_max_file_size }}
{{ smartgears_log_total_file_cap }}
@@ -80,7 +80,7 @@
{{ smartgears_log_max_file_size }}
{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.log
- {{ smartgears_log_max_history }}
+ {{ smartgears_dataanalysis_log_max_history }}
{% endif %}
diff --git a/smartgears/social-networking-library-ws/tasks/main.yml b/smartgears/social-networking-library-ws/tasks/main.yml
index 6877b833..075d2562 100644
--- a/smartgears/social-networking-library-ws/tasks/main.yml
+++ b/smartgears/social-networking-library-ws/tasks/main.yml
@@ -5,6 +5,7 @@
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
+ notify: Restart smartgears
become: True
become_user: '{{ d4science_user }}'
@@ -14,6 +15,15 @@
- block:
- name: Get the social-networking-library-ws war
maven_artifact: artifact_id={{ social_networking_library_ws_name }} version={{ social_networking_library_ws_version | default(omit) }} group_id={{ social_networking_library_ws_group_id }} extension={{ social_networking_library_ws_extension | default('war') }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }}
+ register: social_networking_library_ws_download
+
+ - name: Remove the old social-networking-library-ws files when upgrading
+ file: path={{ item }} state=absent
+ with_items:
+ - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
+ - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
+ when: ( social_networking_library_ws_download | changed )
+ notify: Restart smartgears
- name: Copy the social_networking_library_ws war into the tomcat webapps dir
copy: src={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }} dest={{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }} remote_src=yes force=yes
diff --git a/tomcat-multiple-instances/defaults/main.yml b/tomcat-multiple-instances/defaults/main.yml
index 65ffe372..27518624 100644
--- a/tomcat-multiple-instances/defaults/main.yml
+++ b/tomcat-multiple-instances/defaults/main.yml
@@ -31,6 +31,10 @@ tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC"
# exactly one CPU chip that contains one or two cores, you should also add
# the "-XX:+CMSIncrementalMode" option.
#tomcat_m_other_java_opts: "-Djsse.enableSNIExtension=false"
+tomcat_m_reverse_proxy_name_enabled: False
+tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}'
+tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}'
+
tomcat_m_other_java_opts: ""
tomcat_m_webapps_autodeploy: False
tomcat_m_webapps_unpack: False
diff --git a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 b/tomcat-multiple-instances/templates/tomcat-server.xml.j2
index 32d71519..af880bf7 100644
--- a/tomcat-multiple-instances/templates/tomcat-server.xml.j2
+++ b/tomcat-multiple-instances/templates/tomcat-server.xml.j2
@@ -38,8 +38,12 @@
{% if item.http_enabled %}
-
+
{% endif %}
+ {% if tomcat_m_reverse_proxy_name_enabled %}
+ proxyName="{{ tomcat_m_reverse_proxy_name }}"
+ proxyPort="{{ tomcat_m_reverse_proxy_port }}"
+ {% endif %}
+ />
{% endif %}
{% if item.ajp_enabled %}
-
{% endif %}
diff --git a/tomcat/defaults/main.yml b/tomcat/defaults/main.yml
index 8f89f17a..f7d67c7a 100644
--- a/tomcat/defaults/main.yml
+++ b/tomcat/defaults/main.yml
@@ -9,6 +9,7 @@ tomcat_pkgs:
- libapr1
tomcat_user: tomcat7
tomcat_max_threads: 200
+
tomcat_min_heap_size: 2048m
tomcat_permgen_defined: True
tomcat_heap_size: '{{ tomcat_min_heap_size }}'
@@ -29,6 +30,9 @@ tomcat_ajp_enabled: False
tomcat_ajp_port: 8009
tomcat_ajp_address: 127.0.0.1
tomcat_direct_access: False
+tomcat_reverse_proxy_name_enabled: False
+tomcat_reverse_proxy_name: '{{ ansible_fqdn }}'
+tomcat_reverse_proxy_port: '{{ http_port | default(80) }}'
# There is a bug that kills tomcat after 50 days if the shutdown port is enabled
# Disable the shutdown port by default
#tomcat_shutdown_port: 8005
diff --git a/tomcat/templates/tomcat-server.xml.j2 b/tomcat/templates/tomcat-server.xml.j2
index 7007299c..75bb0bca 100644
--- a/tomcat/templates/tomcat-server.xml.j2
+++ b/tomcat/templates/tomcat-server.xml.j2
@@ -62,8 +62,11 @@
{% if tomcat_http_enabled %}
-
+
{% endif %}
+ {% if tomcat_reverse_proxy_name_enabled %}
+ proxyName="{{ tomcat_reverse_proxy_name }}"
+ proxyPort="{{ tomcat_reverse_proxy_port }}"
+ {% endif %}
+ />
-
-
{% endif %}
{% if tomcat_ajp_enabled %}
-
{% endif %}