ansible-roles/ghn-gcore/gcore-authorization/tasks/main.yml

---
- block:
    - name: Ensure that postgres is running
      service: name=postgresql state=started

    - name: Create postgres database {{ psql_db_name }} and user {{ psql_db_user }}
      shell: sudo -u postgres createdb {{ psql_db_name }} && sudo -u postgres createuser -s {{ psql_db_user }}
      ignore_errors: True

    - name: Set password for user {{ psql_db_user }} and grant all privileges on database {{ psql_db_name }}
      shell: sudo -u postgres psql -c "ALTER USER {{ psql_db_user }}  WITH PASSWORD '{{ authorization_db_pwd }}';" &&  sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE {{ psql_db_name }} TO {{ psql_db_user }}";
      ignore_errors: True

    - name: Change postgres authentication method to password for localhost
      lineinfile:  dest=/var/lib/pgsql/data/pg_hba.conf state=present regexp='^host    all             all             127.0.0.1/32' line='host    all             all             127.0.0.1/32            password'

    - name: Change postgres authentication method to password for localhost ipv6
      lineinfile:  dest=/var/lib/pgsql/data/pg_hba.conf state=present regexp='^host    all             all             ::1/128' line='host    all             all             ::1/128                 password'

    - name: Change postgres port to {{ postgres_port }}
      lineinfile:  dest="/usr/lib/systemd/system/postgresql.service" state=present regexp='^Environment=PGPORT=' line='Environment=PGPORT={{ postgres_port }}'

    - name: Change pgpool port to {{ pgpool_port }}
      lineinfile:  dest="/etc/pgpool-II/pgpool.conf" state=present regexp='^port =' line='port = {{ pgpool_port }}'

    - name: Tell pgpool to connect to postgreqsl on port  {{ postgres_port }}
      lineinfile:  dest="/etc/pgpool-II/pgpool.conf" state=present regexp='^backend_port0 =' line='backend_port0 = {{ postgres_port }}'

    - name: Tell pgpool to enable ssl
      lineinfile:  dest="/etc/pgpool-II/pgpool.conf" state=present regexp='^ssl = on' line='ssl = on'

    - name: Running semanage to enable postgres to bind port {{ postgres_port }}
      seport: ports={{ postgres_port }} proto=tcp setype=postgresql_port_t state=present reload=yes

    - name: Running setsebool to allow tcp connections to the db
      seboolean: name=httpd_can_network_connect_db state=yes persistent=yes

#    - name: restart postgres
#      service: name=postgresql state=restarted

    #### on CentOS 7 we need to tell systemd to reload the service file since we made changes there
    - name: restart postgresql
      systemd: name=postgresql state=restarted enabled=yes daemon_reload=yes

    - name: restart pgpool
      service: name=pgpool state=restarted

    - name: Stop tomcat when upgrading
      service: name=tomcat state=stopped

    - name: Create the authorization service webapp directory
      file: dest={{ tomcat_document_root }}/webapps/authorization-service state=directory owner={{ tomcat_user }}  group={{ tomcat_user }}

    - name: Get and unpack the authorization war file
      unarchive: copy=no src={{ authorization_service_url }} dest={{ tomcat_document_root }}/webapps/authorization-service owner={{ tomcat_user }}  group={{ tomcat_user }}
      args:
        creates: '{{ tomcat_document_root }}/webapps/authorization-service/WEB-INF/AuthorizationConfiguration.xml'

    - name: Install the authorization service AuthorizationConfiguration.xml template
      template: src=AuthorizationConfiguration.xml.j2 dest={{ tomcat_document_root }}/webapps/authorization-service/{{ authorization_service_config_dest }} mode=0440 owner={{ tomcat_user }}  group={{ tomcat_user }}

    - name: Install the authorization service persistence.xml template
      template: src=persistence.xml.j2 dest={{ tomcat_document_root }}/webapps/authorization-service/{{ authorization_service_persistence_dest }} mode=0440 owner={{ tomcat_user }}  group={{ tomcat_user }}

    - name: Install the logback configuration
      template: src=logback.xml.j2 dest={{ tomcat_document_root }}/lib/logback.xml mode=0644 owner={{ tomcat_user }}  group={{ tomcat_user }}

#    - name: restore ownership
#      file: dest={{ tomcat_document_root }} owner=root group=tomcat recurse=yes

    - name: Start tomcat
      service: name=tomcat state=started

  become: true
  become_user: root