Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks

This commit is contained in:
Roberto Cirillo 2019-03-28 16:42:59 +01:00
commit 732997b256
41 changed files with 444 additions and 112 deletions

8
create_new_role_stub Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
new_role=$1
mkdir "$new_role"
mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta,handlers}
touch "${new_role}"/{defaults,tasks,vars,meta,handlers}/main.yml

View File

@ -1,7 +1,6 @@
---
- name: Install fail2ban on ubuntu >= 14.04 and debian >= 8
apt: pkg={{ item }} state=present
with_items: '{{ f2b_packages }}'
apt: pkg={{ f2b_packages }} state=present
tags: fail2ban
- name: Ensure that fail2ban is enabled and running

View File

@ -1,4 +1,8 @@
---
iptables_deb_pkgs:
- iptables
- iptables-persistent
#
# Reference only. Check the iptables-rules.v4.j2 for the list of accepted variables
#

View File

@ -1,10 +1,7 @@
---
- block:
- name: Install the needed iptables packages
apt: pkg={{ item }} state=present
with_items:
- iptables
- iptables-persistent
apt: pkg={{ iptables_deb_pkgs }} state=present cache_valid_time=1800
- name: Create the /etc/iptables directory when needed
file: dest=/etc/iptables state=directory owner=root group=root mode=0755

View File

@ -36,8 +36,7 @@
tags: letsencrypt
- name: Install the letsencrypt acmetool package and some deps
apt: pkg={{ item }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
with_items: '{{ letsencrypt_acme_pkgs }}'
apt: pkg={{ letsencrypt_acme_pkgs }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
when:
- letsencrypt_acme_install
- letsencrypt_pkg_install

24
mono/defaults/main.yml Normal file
View File

@ -0,0 +1,24 @@
---
mono_repo_server: 'keyserver.ubuntu.com'
mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
mono_rh_key: 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF'
mono_rh_repo_url: 'https://download.mono-project.com/repo/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo'
mono_deb_prerequisites:
- apt-transport-https
- dirmngr
- gnupg
- ca-certificates
mono_deb_packages:
- mono-devel
- referenceassemblies-pcl
- mono-xsp4
mono_rh_packages:
- mono-devel
- referenceassemblies-pcl
- xsp

42
mono/tasks/main.yml Normal file
View File

@ -0,0 +1,42 @@
---
- block:
- name: Install the Mono dependencies on Deb based distributions
apt: name={{ mono_deb_prerequisites }} state=present cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
tags: mono
- block:
- name: Install the deb Mono repository key
apt_key:
keyserver: {{ mono_repo_server }}
id: {{ mono_deb_repo_key_id }}
- name: Install the deb Mono repository
apt_repository:
repo: '{{ mono_deb_repo_url }}'
state: present
update_cache: yes
- name: Install the Mono packages on Deb based distributions
apt: name={{ mono_deb_packages }} state=present cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
tags: mono
- block:
- name: Install the RH Mono repository key
rpm_key:
state: present
key: {{ mono_rh_key }}
- name: Install the RH Mono repository
get_url:
dest: /etc/yum.repos.d/mono-{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo
url: {{ mono_rh_repo_url }}
- name: Install the Mono packages on RH based distributions
yum: name={{ mono_rh_packages }} state=present
when: ansible_distribution_file_variety != "Debian"
tags: mono

View File

@ -1,13 +1,14 @@
---
nextcloud_version: 13.0.4
nextcloud_version: 15.0.5
nextcloud_dist_filename: 'nextcloud-{{ nextcloud_version }}.tar.bz2'
nextcloud_download_url: 'https://download.nextcloud.com/server/releases/{{ nextcloud_dist_filename }}'
nextcloud_use_redis: True
nextcloud_use_memcache: False
nextcloud_web_basedir: /var/www
nextcloud_web_root: '{{ nextcloud_web_basedir }}/nextcloud'
nextcloud_data_dir: /srv/nextcloud/data
nextcloud_oc_dir: /srv/nextcloud/oc_keys
nextcloud_data_base_dir: /srv
nextcloud_data_dir: '{{ nextcloud_data_base_dir }}/nextcloud/data'
nextcloud_oc_dir: '{{ nextcloud_data_base_dir }}/nextcloud/oc_keys'
nextcloud_servername: '{{ ansible_fqdn }}'
nextcloud_servernames:
- { webroot: '{{ nextcloud_web_root }}', id: 1, name: '{{ nextcloud_servername }}' }

View File

@ -1,5 +1,6 @@
---
dependencies:
- { role: '../../library/roles/postgresql' }
- { role: '../../library/roles/php-fpm' }
- { role: '../../library/roles/nginx' }
- { role: '../../library/roles/redis', when nextcloud_use_redis }

View File

@ -11,7 +11,7 @@
get_url: url={{ nextcloud_download_url }} dest=/srv/{{ nextcloud_dist_filename }}
- name: Unpack the nextcloud archive
unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ item.doc_root }} owner={{ item.user }} group={{ item.user }}
unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ nextcloud_web_basedir }} owner={{ item.user }} group={{ item.user }}
args:
creates: '{{ item.doc_root }}/index.php'
with_items: '{{ phpfpm_pools }}'

View File

@ -6,7 +6,7 @@ redis_install: True
http_port: 80
https_port: 443
php_version: 7.0
php_version: 7.2
phpfpm_base_dir: '/etc/php/{{ php_version }}/fpm'
phpfpm_cli_dir: '/etc/php/{{ php_version }}/cli'
@ -16,7 +16,6 @@ php_fpm_packages:
- 'php{{ php_version }}-json'
- 'php{{ php_version }}-ldap'
- 'php{{ php_version }}-{{ nextcloud_db }}'
- 'php{{ php_version }}-mcrypt'
- 'php{{ php_version }}-xml'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-intl'
@ -32,7 +31,7 @@ phpfpm_default_memory_limit: "512M"
php_global_settings:
- { option: 'always_populate_raw_post_data', value: '-1' }
- { option: 'allow_url_fopen', value: 'off' }
- { option: 'allow_url_fopen', value: 'on' }
- { option: 'max_execution_time', value: '240' }
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
- { option: 'max_input_vars', value: '1400' }

View File

@ -7,26 +7,20 @@
tags: [ 'nginx', 'nginx_ppa' ]
- name: Install the nginx web server
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
with_items:
- nginx-full
apt: pkg=nginx-full state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when:
- not nginx_use_ldap_pam_auth
- ansible_distribution_major_version <= '14'
tags: nginx
- name: Install the nginx web server if we need ldap auth via pam
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
with_items:
- nginx-extras
apt: pkg=nginx-extras state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when:
- nginx_use_ldap_pam_auth
- ansible_distribution_major_version <= '14'
tags: nginx
- name: Install the nginx web server on Ubuntu >= 16.04
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
with_items:
- nginx
apt: pkg=nginx state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
when: ansible_distribution_major_version >= '16'
tags: nginx

View File

@ -7,8 +7,7 @@
with_items: '{{ node_js_repo_urls }}'
- name: Install the Node.js packages
apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
with_items: '{{ node_js_pkgs }}'
apt: pkg={{ node_js_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
tags: [ 'nodejs', 'node_js' ]
@ -21,8 +20,7 @@
with_items: '{{ node_js_yarn_repo_urls }}'
- name: Install the Node.js yarn packages
apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
with_items: '{{ node_js_yarn_pkgs }}'
apt: pkg={{ node_js_yarn_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
when: node_js_yarn_install
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
@ -33,8 +31,7 @@
with_items: '{{ node_js_yarn_repo_urls }}'
- name: Install the Node.js yarn packages
apt: pkg={{ item }} state=absent update_cache=True cache_valid_time=1800
with_items: '{{ node_js_yarn_pkgs }}'
apt: pkg={{ node_js_yarn_pkgs }} state=absent update_cache=True cache_valid_time=1800
when: not node_js_yarn_install
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]

View File

@ -0,0 +1,36 @@
---
onlyoffice_docserver_deb_repo_key: CB2DE8E5
onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com'
onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
onlyoffice_docserver_deb_packages: onlyoffice-communityserver
onlyoffice_docserver_letsencrypt_managed: True
onlyoffice_docserver_use_nginx_role: True
onlyoffice_docserver_deb_packages_dependencies:
- libcurl3
- libxml2
- supervisor
- fonts-dejavu
- fonts-liberation
- ttf-mscorefonts-installer
- fonts-crosextra-carlito
- fonts-takao-gothic
- fonts-opensymbol
- npm
- nginx-extras
onlyoffice_docserver_packages:
- onlyoffice-documentserver
onlyoffice_docserver_db_host: localhost
onlyoffice_docserver_db_user: onlyoffice
onlyoffice_docserver_db_name: onlyoffice
#onlyoffice_docserver_db_pwd: 'put it into a vault file'
onlyoffice_docserver_redis_host: localhost
onlyoffice_docserver_rabbitmq_url: 'amqp://guest:guest@localhost'
onlyoffice_docserver_use_a_secret_key: 'true'
#onlyoffice_docserver_secret_key: 'put it into a vault file'

View File

@ -0,0 +1,6 @@
---
- name: Reload nginx
service:
name: nginx
enabled: yes
state: reloaded

View File

@ -0,0 +1,6 @@
---
dependencies:
- { role: '../../library/roles/postgresql', when: psql_postgresql_install }
- { role: '../../library/roles/redis' }
- { role: '../../library/roles/rabbitmq' }
- { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role }

View File

@ -0,0 +1,40 @@
---
- block:
- name: Install the deb OnlyOffice repository key
apt_key:
keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}'
id: '{{ onlyoffice_docserver_deb_repo_key }}'
- name: Install the deb OnlyOffice repository
apt_repository:
repo: '{{ onlyoffice_docserver_deb_repo }}'
state: present
update_cache: yes
- name: Install the OnlyOffice document server deb dependencies
apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
- name: Create some OnlyOffice directories where we will install our config files
file: dest={{ item }} state=directory
with_items:
- /etc/onlyoffice/documentserver
- /etc/onlyoffice/documentserver/nginx
- name: Install the OnlyOffice local configuration from a template
template: src=local.json dest=/etc/onlyoffice/documentserver/local.json owner=root group=root mode=0444
- name: Install the OnlyOffice document server configuration that enables SSL
template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
when: onlyoffice_docserver_letsencrypt_managed
notify: Reload nginx
tags: [ 'onlyoffice', 'letsencrypt', 'nginx' ]
- name: The OnlyOffice document server packages must be done manually, because it is interactive
debug:
msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
# - name: Install the OnlyOffice document server package
# apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
tags: onlyoffice

View File

@ -0,0 +1,43 @@
include /etc/nginx/includes/onlyoffice-http.conf;
## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;
include /etc/nginx/snippets/letsencrypt-proxy.conf;
## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}
#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;
include /etc/nginx/snippets/letsencrypt-proxy.conf;
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}
## HTTPS host
server {
listen 0.0.0.0:443 ssl http2;
listen [::]:443 ssl http2 default_server;
server_tokens off;
root /usr/share/nginx/html;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
include /etc/nginx/snippets/nginx-server-ssl.conf;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
}

View File

@ -0,0 +1,13 @@
---
http_port: 80
https_port: 443
redis_install: True
psql_postgresql_install: True
pg_use_postgresql_org_repo: True
psql_version: 11
pg_backup_retain_copies: 2
psql_db_data:
- { name: '{{ onlyoffice_docserver_db_name }}', encoding: 'UTF8', user: '{{ onlyoffice_docserver_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }

View File

@ -0,0 +1,6 @@
---
onlyoffice_deb_repo_key: CB2DE8E5
onlyoffice_deb_repo_key_server: 'keyserver.ubuntu.com'
onlyoffice_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
onlyoffice_deb_packages: onlyoffice-communityserver
onlyoffice_letsencrypt_managed: True

View File

@ -0,0 +1,4 @@
---
dependencies:
- { role: '../../library/roles/postgresql', when: psql_postgresql_install }
- { role: '../../library/roles/mono' }

View File

@ -0,0 +1,35 @@
---
- block:
- name: Install the deb OnlyOffice repository key
apt_key:
keyserver: {{ onlyoffice_deb_repo_key_server }}
id: {{ onlyoffice_deb_repo_key }}
- name: Install the deb Mono repository
apt_repository:
repo: '{{ onlyoffice_deb_repo }}'
state: present
update_cache: yes
- name: Install the Mono packages on Deb based distributions
apt: name={{ onlyoffice_deb_packages }} state=present cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
tags: onlyoffice
- block:
- name: Install a letsencrypt acme hook
template: src=onlyoffice-letsencrypt.sh dest=/usr/lib/acme/hooks/onlyoffice owner=root group=root mode=4555
- name: Run the letsencrypt acme hook if the certificates are not in place
shell: /usr/lib/acme/hooks/onlyoffice
args:
creates: /var/www/onlyoffice/Data/certs/onlyoffice.key
register: initialize_onlyoffice_https
- name: Reconfigure the OnlyOffice service for https
shell: /var/www/onlyoffice/Tools/default-onlyoffice-ssl.sh
when: initialize_onlyoffice_https is changed
when: ansible_distribution_file_variety == "Debian"
tags: [ 'onlyoffic', 'letsencrypt' ]

View File

@ -0,0 +1,36 @@
#!/bin/bash
LE_CERTS_DIR="{{ letsencrypt_acme_certs_dir }}"
LE_LOG_DIR=/var/log/letsencrypt
LE_LOG_FILE=$LE_LOG_DIR/onlyoffice.log
onlyoffice_certdir=/var/www/onlyoffice/Data/certs
DATE=$( date )
[ ! -d "$onlyoffice_certdir" ] && mkdir -p "$onlyoffice_certdir"
[ ! -d "$LE_LOG_DIR" ] && mkdir "$LE_LOG_DIR"
echo "$DATE" >> "$LE_LOG_DIR/postgresql.log"
if [ -f /etc/default/letsencrypt ] ; then
. /etc/default/letsencrypt
else
echo "No letsencrypt default file" >> $LE_LOG_FILE
fi
echo "Copy the key file" >> $LE_LOG_FILE
cp "${LE_CERTS_DIR}/privkey" $onlyoffice_certdir/onlyoffice.key
chmod 400 $onlyoffice_certdir/onlyoffice.key
chown root:root $onlyoffice_certdir/onlyoffice.key
cp "${LE_CERTS_DIR}/cert" $onlyoffice_certdir/onlyoffice.crt
chmod 400 $onlyoffice_certdir/onlyoffice.crt
chown root:root $onlyoffice_certdir/onlyoffice.crt
echo "Restart the onlyoffice service" >> $LE_LOG_FILE
if [ -x /bin/systemctl ] ; then
systemctl reload nginx >> $LE_LOG_FILE 2>&1
else
service nginx reload >> $LE_LOG_FILE 2>&1
fi
echo "Done." >> $LE_LOG_FILE
exit 0

View File

@ -0,0 +1,4 @@
---
letsencrypt_acme_install: True
http_port: 80
https_port: 443

View File

@ -11,13 +11,11 @@
tags: [ 'php', 'php_ppa' ]
- name: Install the php-fpm package
apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
with_items: '{{ php_fpm_packages }}'
apt: pkg={{ php_fpm_packages }} state=present update_cache=yes cache_valid_time=3600
tags: php
- name: Install additional php packages
apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
with_items: '{{ php_additional_packages | default([]) }}'
apt: pkg={{ php_additional_packages | default([]) }} state=present update_cache=yes cache_valid_time=3600
tags: php
- name: Set the timezone if we have one

View File

@ -1,6 +1,17 @@
---
postfix_enabled: True
postfix_install_packages: True
postfix_relay_rh_pkgs:
- postfix
- cyrus-sasl-lib
- cyrus-sasl-plain
- cyrus-sasl-md5
postfix_relay_deb_pkgs:
- postfix
- libsasl2-2
# Set it to true when you want configure your machine to send email to a relay
postfix_relay_client: False
postfix_biff: "no"
@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
postfix_use_sasl_auth: True
postfix_smtp_sasl_auth_enable: "yes"
postfix_smtp_create_relay_user: True
# Options: noanonymous, noplaintext
postfix_smtp_sasl_security_options: noanonymous
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
postfix_smtp_sasl_mechanism_filter: plain, login
# Set it in the local rules
#postfix_relay_host: smtp-relay.example.com
postfix_relay_port: 587

View File

@ -1,3 +1,3 @@
---
dependencies:
- { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
#dependencies:
# - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }

View File

@ -1,11 +1,16 @@
---
- block:
- name: Install postfix and libsas to do mail relay on deb systems
apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
when: ansible_distribution_file_variety == "Debian"
- name: Install postfix and libsas to do mail relay
action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
with_items:
- postfix
- libsasl2-2
- name: Install postfix and libsas to do mail relay on RH systems
yum: pkg={{ postfix_relay_rh_pkgs }} state=present
when: ansible_distribution_file_variety == "RedHat"
- name: Remove the ssmtp package on RH systems
yum: pkg=ssmtp state=absent
when: ansible_distribution_file_variety == "RedHat"
- name: Write the postfix main configuration file
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
@ -15,18 +20,6 @@
template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
notify: Restart postfix
- name: Install the postfix NRPE nagios check
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
with_items: '{{ postfix_nagios_checks }}'
when: postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- name: Install the postfix NRPE command configuration
template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
notify: Reload NRPE server
when: postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- name: Ensure that postfix is started and enabled
service: name=postfix state=started enabled=yes
when: postfix_enabled
@ -39,12 +32,27 @@
tags: postfix-relay
- block:
- name: Install the postfix NRPE nagios check
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
with_items: '{{ postfix_nagios_checks }}'
- name: Remove postfix and libsas
action: apt pkg={{ item }} state=absent
with_items:
- postfix
- libsasl2-2
- name: Install the postfix NRPE command configuration
template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
notify: Reload NRPE server
when:
- postfix_install_packages
- postfix_nagios_check
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
- block:
- name: Remove postfix and libsas on deb systems
action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
when: ansible_distribution_file_variety == "Debian"
- name: Remove postfix and libsas to do mail relay on RH systems
yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
when: ansible_distribution_file_variety == "RedHat"
when: not postfix_install_packages
tags: postfix-relay

View File

@ -1,8 +1,3 @@
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name
biff = {{ postfix_biff }}
@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = {{ ansible_fqdn }}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
{% if domain_name is defined %}
myorigin = {{ domain_name }}
{% else %}
myorigin = {{ ansible_fqdn }}
{% endif %}
mydestination = {{ ansible_fqdn }}, localhost
{% if postfix_use_relay_host %}
relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
{% endif %}
{% if not postfix_relay_server %}
mynetworks = 127.0.0.1
inet_interfaces = localhost, ip6-localhost
inet_interfaces = localhost
inet_protocols = ipv4
{% endif %}
mailbox_size_limit = 0
@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
{% if postfix_use_sasl_auth %}
smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
{% endif %}
{% if postfix_relay_server %}
smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
smtpd_helo_required = yes
mynetworks = {{ postfix_mynetworks }}
inet_interfaces = {{ postfix_interfaces }}

View File

@ -1,12 +1,11 @@
---
- name: install the postgresql packages
apt: pkg={{ item }} state={{ psql_pkg_state }}
with_items: '{{ postgresql_pkgs }}'
notify: Restart postgresql
tags: [ 'postgresql', 'postgres' ]
- name: Install the packages that ansible needs to manage the postgresql users and databases
apt: pkg={{ item }} state={{ psql_pkg_state }}
with_items: '{{ psql_ansible_needed_pkgs }}'
- block:
- name: Install the packages that ansible needs to manage the postgresql users and databases
apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }}
- name: install the postgresql packages
apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }}
notify: Restart postgresql
tags: [ 'postgresql', 'postgres' ]

View File

@ -1,8 +1,7 @@
---
- block:
- name: Install the pgpool package
apt: name={{ item }} state={{ psql_pgpool_pkg_state }}
with_items: '{{ pgpool_pkgs }}'
apt: name={{ pgpool_pkgs }} state={{ psql_pgpool_pkg_state }} cache_valid_time=1800
- name: Configure pcp
#template: src=pcp.conf.j2 dest=/etc/pgpool2/pcp.conf owner=root group=postgres mode=0640
@ -59,8 +58,7 @@
service: name=pgpool2 state=stopped enabled=no
- name: Install the pgpool packages
apt: name={{ item }} state=absent
with_items: '{{ pgpool_pkgs }}'
apt: name={{ pgpool_pkgs }} state=absent
- name: Remove the pgpool failover sudoers file
file: dest=/etc/sudoers.d/pgpool-wd state=absent

View File

@ -1,7 +1,6 @@
---
- name: install the postgresql GIS packages
apt: pkg={{ item }} state={{ psql_pkg_state }}
with_items: '{{ postgres_gis_pkgs }}'
apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }}
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'postgis' ]

View File

@ -1,7 +1,6 @@
---
- name: Install the packages needed by postgres when running behind a pgpool server
apt: pkg={{ item }} state={{ psql_pkg_state }}
with_items: '{{ postgresql_pgpool_pkgs }}'
apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }}
when: psql_pgpool_install
notify: Restart postgresql
tags: [ 'postgresql', 'postgres', 'pgpool' ]

View File

@ -1,14 +1,31 @@
---
- name: Create the postgresql data directory if it is not in the default place
file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
when: psql_use_alternate_data_dir
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
- block:
- name: Check if the new postgresql data directory exists
stat: path={{ psql_data_dir }}
register: postgresql_data_dir
- name: Stop the postgresql service while reconfiguring the data directory
service: name=postgresql state=stopped
when: postgresql_data_dir.stat.isdir is not defined
- name: Create the postgresql data directory if it is not in the default place
file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
- name: Set the postgresql data dir if it is different from the default
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
- name: Copy the postgresql data directory into the new place
shell: '[ "/var/lib/postgresql/{{ psql_version }}/main" != "{{ psql_data_dir }}" ] && cp -a /var/lib/postgresql/{{ psql_version }}/main/* {{ psql_data_dir }}'
args:
creates: '{{ psql_data_dir }}/main/base'
when: postgresql_data_dir.stat.isdir is not defined
- name: Start the postgresql service that will use the new data directory
service: name=postgresql state=started
when: postgresql_data_dir.stat.isdir is not defined
- name: Set the postgresql data dir if it is different from the default
become: True
become_user: postgres
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
notify: Restart postgresql
when: psql_use_alternate_data_dir
tags: [ 'postgresql', 'postgres', 'pg_conf' ]

View File

@ -6,13 +6,15 @@ rabbitmq_pkg_state: present
rabbitmq_server_pkg:
- rabbitmq-server
rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp,webmachine'
rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp'
rabbitmq_disabled_plugins: ''
rabbitmq_default_f: /etc/default/rabbitmq-server
rabbitmq_fileno: 4096
rabbitmq_admin_u: r_admin
#rabbitmq_admin_pwd: use a vault file
#
# See http://www.rabbitmq.com/networking.html
# 4369 (epmd), 25672 (Erlang distribution)

View File

@ -7,8 +7,7 @@
apt_repository: repo='{{ rabbitmq_repo }}' state=present
- name: Install the rabbitMQ package
apt: pkg={{ item }} state={{ rabbitmq_pkg_state }} update_cache=yes
with_items: '{{ rabbitmq_server_pkg }}'
apt: pkg={{ rabbitmq_server_pkg }} state={{ rabbitmq_pkg_state }} update_cache=yes
- name: Set the rabbitMQ max files
lineinfile: name={{ rabbitmq_default_f }} regexp="^ulimit" line="ulimit -n {{ rabbitmq_fileno }}"
@ -18,7 +17,7 @@
rabbitmq_plugin: names={{ rabbitmq_enabled_plugins }} state=enabled
- name: Disable some rabbitMQ plugins
rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default('') }} state=disabled
rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default([]) }} state=disabled
- name: Create an admin user
rabbitmq_user: user={{ rabbitmq_admin_u }} password={{ rabbitmq_admin_pwd | default('changemeASAP') }} tags=administrator vhost=/ configure_priv=.* read_priv=.* write_priv=.* state=present

View File

@ -4,8 +4,7 @@
apt_repository: repo='{{ redis_ppa_repo }}' update_cache=yes
- name: Install the Redis packages
apt: name={{ item }} state={{ redis_pkg_state }} cache_valid_time=1800
with_items: '{{ redis_server_pkg }}'
apt: name={{ redis_server_pkg }} state={{ redis_pkg_state }} cache_valid_time=1800
- name: Install the Redis configuration
template: src={{ item }}.j2 dest=/etc/redis/{{ item }} owner=redis group=redis mode=0440
@ -29,8 +28,7 @@
service: name=redis-server state=stopped enabled=no
- name: Remove the Redis packages
apt: name={{ item }} state=absent
with_items: '{{ redis_server_pkg }}'
apt: name={{ redis_server_pkg }} state=absent
- name: Remove the Redis PPA
apt_repository: repo='{{ redis_ppa_repo }}' state=absent update_cache=yes

View File

@ -0,0 +1,11 @@
---
dependencies:
- { role: ../../library/roles/smartgears/smartgears-service }
- { role: ../../library/roles/smartgears/dataminer_app }
- { role: ../../library/roles/conda, when: dataminer_conda_install }
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
- { role: ../../library/roles/python3-env, when: py3_env_install }
- { role: ../../library/roles/pandoc }
- { role: ../../library/roles/octave, when: octave_install }
- { role: ../../library/roles/ubuntugis, when: ubuntugis_repo_install }
- { role: ../../library/roles/R, when: r_install }

View File

@ -1,6 +0,0 @@
---
dependencies:
- { role: ../../library/roles/smartgears/smartgears-service }
- { role: ../../library/roles/conda, when: dataminer_conda_install }
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
- { role: ../../library/roles/python3-env, when: py3_env_install }

View File

@ -1,5 +1,6 @@
---
dependencies:
- role: '../../library/roles/tomcat-multiple-instances'
- { role: '../../library/roles/smartgears/smartgears' }
- { role: '../../library/roles/smartgears/smartgears-nginx-frontend', when: setup_nginx is defined and setup_nginx }
- { role: '../../library/roles/smartgears/resource_updater', when: resource_updater_install is defined }

View File

@ -1,3 +1,3 @@
---
dependencies:
- role: '../../library/roles/tomcat-multiple-instances'
#dependencies:
# - role: '../../library/roles/tomcat-multiple-instances'