Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks

create_new_role_stub

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+new_role=$1
+
+mkdir "$new_role"
+mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta,handlers}
+touch "${new_role}"/{defaults,tasks,vars,meta,handlers}/main.yml
+

fail2ban/tasks/fail2ban.yml

@@ -1,7 +1,6 @@
 ---
 - name: Install fail2ban on ubuntu >= 14.04 and debian >= 8
-  apt: pkg={{ item }} state=present
+  apt: pkg={{ f2b_packages }} state=present
-  with_items: '{{ f2b_packages }}'
   tags: fail2ban
 
 - name: Ensure that fail2ban is enabled and running

iptables/defaults/main.yml

@@ -1,4 +1,8 @@
 ---
+iptables_deb_pkgs:
+  - iptables
+  - iptables-persistent
+
 #
 # Reference only. Check the iptables-rules.v4.j2 for the list of accepted variables
 #

iptables/tasks/main.yml

@@ -1,10 +1,7 @@
 ---
 - block:
   - name: Install the needed iptables packages
-    apt: pkg={{ item }} state=present
+    apt: pkg={{ iptables_deb_pkgs }} state=present cache_valid_time=1800
-    with_items:
-      - iptables
-      - iptables-persistent
 
   - name: Create the /etc/iptables directory when needed
     file: dest=/etc/iptables state=directory owner=root group=root mode=0755

letsencrypt-acmetool-client/tasks/main.yml

@@ -36,8 +36,7 @@
   tags: letsencrypt
 
 - name: Install the letsencrypt acmetool package and some deps
-  apt: pkg={{ item }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
+  apt: pkg={{ letsencrypt_acme_pkgs }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
-  with_items: '{{ letsencrypt_acme_pkgs }}'
   when:
     - letsencrypt_acme_install
     - letsencrypt_pkg_install

mono/defaults/main.yml

@@ -0,0 +1,24 @@
+---
+mono_repo_server: 'keyserver.ubuntu.com'
+mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
+mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
+
+mono_rh_key: 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF'
+mono_rh_repo_url: 'https://download.mono-project.com/repo/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo'
+
+mono_deb_prerequisites:
+  - apt-transport-https
+  - dirmngr
+  - gnupg
+  - ca-certificates
+
+mono_deb_packages:
+  - mono-devel
+  - referenceassemblies-pcl 
+  - mono-xsp4
+
+mono_rh_packages:
+  - mono-devel
+  - referenceassemblies-pcl 
+  - xsp
+

mono/tasks/main.yml

@@ -0,0 +1,42 @@
+---
+- block:
+  - name: Install the Mono dependencies on Deb based distributions
+    apt: name={{ mono_deb_prerequisites }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: mono
+
+- block:
+  - name: Install the deb Mono repository key
+    apt_key:
+      keyserver: {{ mono_repo_server }}
+      id: {{ mono_deb_repo_key_id }}
+
+  - name: Install the deb Mono repository
+    apt_repository:
+      repo: '{{ mono_deb_repo_url }}'
+      state: present
+      update_cache: yes
+
+  - name: Install the Mono packages on Deb based distributions
+    apt: name={{ mono_deb_packages }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: mono
+
+- block:
+  - name: Install the RH Mono repository key
+    rpm_key:
+      state: present
+      key: {{ mono_rh_key }}
+
+  - name: Install the RH Mono repository
+    get_url:
+      dest: /etc/yum.repos.d/mono-{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo
+      url: {{ mono_rh_repo_url }}
+
+  - name: Install the Mono packages on RH based distributions
+    yum: name={{ mono_rh_packages }} state=present
+
+  when: ansible_distribution_file_variety != "Debian"
+  tags: mono

nextcloud/defaults/main.yml

@@ -1,13 +1,14 @@
 ---
-nextcloud_version: 13.0.4
+nextcloud_version: 15.0.5
 nextcloud_dist_filename: 'nextcloud-{{ nextcloud_version }}.tar.bz2'
 nextcloud_download_url: 'https://download.nextcloud.com/server/releases/{{ nextcloud_dist_filename }}'
 nextcloud_use_redis: True
 nextcloud_use_memcache: False
 nextcloud_web_basedir: /var/www
 nextcloud_web_root: '{{ nextcloud_web_basedir }}/nextcloud'
-nextcloud_data_dir: /srv/nextcloud/data
+nextcloud_data_base_dir: /srv
-nextcloud_oc_dir: /srv/nextcloud/oc_keys
+nextcloud_data_dir: '{{ nextcloud_data_base_dir }}/nextcloud/data'
+nextcloud_oc_dir: '{{ nextcloud_data_base_dir }}/nextcloud/oc_keys'
 nextcloud_servername: '{{ ansible_fqdn }}'
 nextcloud_servernames:
   - { webroot: '{{ nextcloud_web_root }}', id: 1, name: '{{ nextcloud_servername }}' }

nextcloud/meta/main.yml

@@ -1,5 +1,6 @@
 ---
 dependencies:
+  - { role: '../../library/roles/postgresql' }
   - { role: '../../library/roles/php-fpm' }
   - { role: '../../library/roles/nginx' }
   - { role: '../../library/roles/redis', when nextcloud_use_redis }

nextcloud/tasks/nextcloud-install.yml

@@ -11,7 +11,7 @@
     get_url: url={{ nextcloud_download_url }} dest=/srv/{{ nextcloud_dist_filename }}
 
   - name: Unpack the nextcloud archive
-    unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ item.doc_root }} owner={{ item.user }} group={{ item.user }}
+    unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ nextcloud_web_basedir }} owner={{ item.user }} group={{ item.user }}
     args:
       creates: '{{ item.doc_root }}/index.php'
     with_items: '{{ phpfpm_pools }}'

nextcloud/vars/main.yml

@@ -6,7 +6,7 @@ redis_install: True
 http_port: 80
 https_port: 443
 
-php_version: 7.0
+php_version: 7.2
 phpfpm_base_dir: '/etc/php/{{ php_version }}/fpm'
 phpfpm_cli_dir: '/etc/php/{{ php_version }}/cli'
 
@@ -16,7 +16,6 @@ php_fpm_packages:
   - 'php{{ php_version }}-json'
   - 'php{{ php_version }}-ldap'
   - 'php{{ php_version }}-{{ nextcloud_db }}'
-  - 'php{{ php_version }}-mcrypt'
   - 'php{{ php_version }}-xml'
   - 'php{{ php_version }}-mbstring'
   - 'php{{ php_version }}-intl'
@@ -32,7 +31,7 @@ phpfpm_default_memory_limit: "512M"
 
 php_global_settings:
   - { option: 'always_populate_raw_post_data', value: '-1' }
-  - { option: 'allow_url_fopen', value: 'off' }
+  - { option: 'allow_url_fopen', value: 'on' }
   - { option: 'max_execution_time', value: '240' }
   - { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
   - { option: 'max_input_vars', value: '1400' }

nginx/tasks/nginx.yml

@@ -7,26 +7,20 @@
   tags: [ 'nginx', 'nginx_ppa' ]
 
 - name: Install the nginx web server
-  apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
+  apt: pkg=nginx-full state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
-  with_items:
-    - nginx-full
   when:
     - not nginx_use_ldap_pam_auth
     - ansible_distribution_major_version <= '14'
   tags: nginx
 
 - name: Install the nginx web server if we need ldap auth via pam
-  apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
+  apt: pkg=nginx-extras state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
-  with_items: 
-    - nginx-extras
   when:
     - nginx_use_ldap_pam_auth
     - ansible_distribution_major_version <= '14'
   tags: nginx
 
 - name: Install the nginx web server on Ubuntu >= 16.04
-  apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
+  apt: pkg=nginx state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
-  with_items:
-    - nginx
   when: ansible_distribution_major_version >= '16'
   tags: nginx

node_js/tasks/main.yml

@@ -7,8 +7,7 @@
     with_items: '{{ node_js_repo_urls }}'
 
   - name: Install the Node.js packages
-    apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
+    apt: pkg={{ node_js_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
-    with_items: '{{ node_js_pkgs }}'
 
   tags: [ 'nodejs', 'node_js' ]
 
@@ -21,8 +20,7 @@
     with_items: '{{ node_js_yarn_repo_urls }}'
 
   - name: Install the Node.js yarn packages
-    apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
+    apt: pkg={{ node_js_yarn_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
-    with_items: '{{ node_js_yarn_pkgs }}'
 
   when: node_js_yarn_install
   tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
@@ -33,8 +31,7 @@
     with_items: '{{ node_js_yarn_repo_urls }}'
 
   - name: Install the Node.js yarn packages
-    apt: pkg={{ item }} state=absent update_cache=True cache_valid_time=1800
+    apt: pkg={{ node_js_yarn_pkgs }} state=absent update_cache=True cache_valid_time=1800
-    with_items: '{{ node_js_yarn_pkgs }}'
 
   when: not node_js_yarn_install
   tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]

onlyoffice_docserver/defaults/main.yml

@@ -0,0 +1,36 @@
+---
+onlyoffice_docserver_deb_repo_key: CB2DE8E5
+onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_docserver_deb_packages: onlyoffice-communityserver
+onlyoffice_docserver_letsencrypt_managed: True
+
+onlyoffice_docserver_use_nginx_role: True
+
+onlyoffice_docserver_deb_packages_dependencies:
+  - libcurl3
+  - libxml2
+  - supervisor
+  - fonts-dejavu
+  - fonts-liberation
+  - ttf-mscorefonts-installer
+  - fonts-crosextra-carlito
+  - fonts-takao-gothic
+  - fonts-opensymbol
+  - npm
+  - nginx-extras
+
+onlyoffice_docserver_packages:
+  - onlyoffice-documentserver
+
+onlyoffice_docserver_db_host: localhost
+onlyoffice_docserver_db_user: onlyoffice
+onlyoffice_docserver_db_name: onlyoffice
+#onlyoffice_docserver_db_pwd: 'put it into a vault file'
+
+onlyoffice_docserver_redis_host: localhost
+
+onlyoffice_docserver_rabbitmq_url: 'amqp://guest:guest@localhost'
+
+onlyoffice_docserver_use_a_secret_key: 'true'
+#onlyoffice_docserver_secret_key: 'put it into a vault file'

onlyoffice_docserver/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Reload nginx
+  service:
+    name: nginx
+    enabled: yes
+    state: reloaded

onlyoffice_docserver/meta/main.yml

@@ -0,0 +1,6 @@
+---
+dependencies:
+  - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+  - { role: '../../library/roles/redis' }
+  - { role: '../../library/roles/rabbitmq' }
+  - { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role }

onlyoffice_docserver/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- block:
+  - name: Install the deb OnlyOffice repository key
+    apt_key:
+      keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}'
+      id: '{{ onlyoffice_docserver_deb_repo_key }}'
+
+  - name: Install the deb OnlyOffice repository
+    apt_repository:
+      repo: '{{ onlyoffice_docserver_deb_repo }}'
+      state: present
+      update_cache: yes
+
+  - name: Install the OnlyOffice document server deb dependencies
+    apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
+
+  - name: Create some OnlyOffice directories where we will install our config files
+    file: dest={{ item }} state=directory
+    with_items:
+      - /etc/onlyoffice/documentserver
+      - /etc/onlyoffice/documentserver/nginx
+
+  - name: Install the OnlyOffice local configuration from a template
+    template: src=local.json dest=/etc/onlyoffice/documentserver/local.json owner=root group=root mode=0444
+
+  - name: Install the OnlyOffice document server configuration that enables SSL
+    template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
+    when: onlyoffice_docserver_letsencrypt_managed
+    notify: Reload nginx
+    tags: [ 'onlyoffice', 'letsencrypt', 'nginx' ]
+
+  - name: The OnlyOffice document server packages must be done manually, because it is interactive
+    debug:
+      msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
+
+#  - name: Install the OnlyOffice document server package
+#    apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: onlyoffice

onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf

@@ -0,0 +1,43 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+
+## Normal HTTP host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_name _;
+  server_tokens off;
+
+  include /etc/nginx/snippets/letsencrypt-proxy.conf;
+  ## Redirects all traffic to the HTTPS host
+  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+  rewrite ^ https://$host$request_uri? permanent;
+}
+
+#HTTP host for internal services
+server {
+  listen 127.0.0.1:80;
+  listen [::1]:80;
+  server_name localhost;
+  server_tokens off;
+  
+  include /etc/nginx/snippets/letsencrypt-proxy.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
+}
+
+## HTTPS host
+server {
+  listen 0.0.0.0:443 ssl http2;
+  listen [::]:443 ssl http2 default_server;
+  server_tokens off;
+  root /usr/share/nginx/html;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+  ssl on;
+  include /etc/nginx/snippets/nginx-server-ssl.conf;
+  # add_header X-Frame-Options SAMEORIGIN;
+  add_header X-Content-Type-Options nosniff;
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+
+}

onlyoffice_docserver/vars/main.yml

@@ -0,0 +1,13 @@
+---
+http_port: 80
+https_port: 443
+redis_install: True
+
+psql_postgresql_install: True
+pg_use_postgresql_org_repo: True
+psql_version: 11
+pg_backup_retain_copies: 2
+
+psql_db_data:
+  - { name: '{{ onlyoffice_docserver_db_name }}', encoding: 'UTF8', user: '{{ onlyoffice_docserver_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{  onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }
+

onlyoffice_portal/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+onlyoffice_deb_repo_key: CB2DE8E5
+onlyoffice_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_deb_packages: onlyoffice-communityserver
+onlyoffice_letsencrypt_managed: True

onlyoffice_portal/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+  - { role: '../../library/roles/mono' }

onlyoffice_portal/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- block:
+  - name: Install the deb OnlyOffice repository key
+    apt_key:
+      keyserver: {{ onlyoffice_deb_repo_key_server }}
+      id: {{ onlyoffice_deb_repo_key }}
+
+  - name: Install the deb Mono repository
+    apt_repository:
+      repo: '{{ onlyoffice_deb_repo }}'
+      state: present
+      update_cache: yes
+
+  - name: Install the Mono packages on Deb based distributions
+    apt: name={{ onlyoffice_deb_packages }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: onlyoffice
+
+- block:
+  - name: Install a letsencrypt acme hook
+    template: src=onlyoffice-letsencrypt.sh dest=/usr/lib/acme/hooks/onlyoffice owner=root group=root mode=4555
+
+  - name: Run the letsencrypt acme hook if the certificates are not in place
+    shell: /usr/lib/acme/hooks/onlyoffice
+    args:
+      creates: /var/www/onlyoffice/Data/certs/onlyoffice.key
+    register: initialize_onlyoffice_https
+
+  - name: Reconfigure the OnlyOffice service for https
+    shell: /var/www/onlyoffice/Tools/default-onlyoffice-ssl.sh
+    when: initialize_onlyoffice_https is changed
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: [ 'onlyoffic', 'letsencrypt' ]

onlyoffice_portal/templates/onlyoffice-letsencrypt.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+LE_CERTS_DIR="{{ letsencrypt_acme_certs_dir }}"
+LE_LOG_DIR=/var/log/letsencrypt
+LE_LOG_FILE=$LE_LOG_DIR/onlyoffice.log
+onlyoffice_certdir=/var/www/onlyoffice/Data/certs
+
+DATE=$( date )
+
+[ ! -d "$onlyoffice_certdir" ] && mkdir -p "$onlyoffice_certdir"
+[ ! -d "$LE_LOG_DIR" ] && mkdir "$LE_LOG_DIR"
+echo "$DATE" >> "$LE_LOG_DIR/postgresql.log"
+
+if [ -f /etc/default/letsencrypt ] ; then
+    . /etc/default/letsencrypt
+else
+    echo "No letsencrypt default file" >> $LE_LOG_FILE
+fi
+
+echo "Copy the key file" >> $LE_LOG_FILE
+cp "${LE_CERTS_DIR}/privkey"  $onlyoffice_certdir/onlyoffice.key
+chmod 400 $onlyoffice_certdir/onlyoffice.key
+chown root:root $onlyoffice_certdir/onlyoffice.key
+cp "${LE_CERTS_DIR}/cert"  $onlyoffice_certdir/onlyoffice.crt
+chmod 400 $onlyoffice_certdir/onlyoffice.crt
+chown root:root $onlyoffice_certdir/onlyoffice.crt
+
+echo "Restart the onlyoffice service" >> $LE_LOG_FILE
+if [ -x /bin/systemctl ] ; then
+    systemctl reload nginx >> $LE_LOG_FILE 2>&1
+else
+    service nginx reload >> $LE_LOG_FILE 2>&1
+fi
+echo "Done." >> $LE_LOG_FILE
+
+exit 0

onlyoffice_portal/vars/main.yml

@@ -0,0 +1,4 @@
+---
+letsencrypt_acme_install: True
+http_port: 80
+https_port: 443

php-fpm/tasks/main.yml

@@ -11,13 +11,11 @@
   tags: [ 'php', 'php_ppa' ]
 
 - name: Install the php-fpm package
-  apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
+  apt: pkg={{ php_fpm_packages }} state=present update_cache=yes cache_valid_time=3600
-  with_items: '{{ php_fpm_packages }}'
   tags: php
 
 - name: Install additional php packages
-  apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
+  apt: pkg={{ php_additional_packages | default([]) }} state=present update_cache=yes cache_valid_time=3600
-  with_items: '{{ php_additional_packages | default([]) }}'
   tags: php
 
 - name: Set the timezone if we have one

postfix-relay/defaults/main.yml

@@ -1,6 +1,17 @@
 ---
 postfix_enabled: True
 postfix_install_packages: True
+
+postfix_relay_rh_pkgs:
+  - postfix
+  - cyrus-sasl-lib
+  - cyrus-sasl-plain
+  - cyrus-sasl-md5
+
+postfix_relay_deb_pkgs:
+  - postfix
+  - libsasl2-2
+
 # Set it to true when you want configure your machine to send email to a relay
 postfix_relay_client: False
 postfix_biff: "no"
@@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
 postfix_use_sasl_auth: True
 postfix_smtp_sasl_auth_enable: "yes"
 postfix_smtp_create_relay_user: True
+# Options: noanonymous, noplaintext
+postfix_smtp_sasl_security_options: noanonymous
+postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
+postfix_smtp_sasl_mechanism_filter: plain, login
+
 # Set it in the local rules
 #postfix_relay_host: smtp-relay.example.com
 postfix_relay_port: 587

postfix-relay/meta/main.yml

@@ -1,3 +1,3 @@
 ---
-dependencies:
+#dependencies:
-  - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
+#  - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }

postfix-relay/tasks/smtp-common-packages.yml

@@ -1,11 +1,16 @@
 ---
 - block:
+    - name: Install postfix and libsas to do mail relay on deb systems
+      apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
+      when: ansible_distribution_file_variety == "Debian"
 
-    - name: Install postfix and libsas to do mail relay
+    - name: Install postfix and libsas to do mail relay on RH systems
-      action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
+      yum: pkg={{ postfix_relay_rh_pkgs }} state=present
-      with_items:
+      when: ansible_distribution_file_variety == "RedHat"
-        - postfix
+
-        - libsasl2-2
+    - name: Remove the ssmtp package on RH systems
+      yum: pkg=ssmtp state=absent
+      when: ansible_distribution_file_variety == "RedHat"
 
     - name: Write the postfix main configuration file
       template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
@@ -15,18 +20,6 @@
       template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
       notify: Restart postfix
 
-    - name: Install the postfix NRPE nagios check
-      copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }}  owner=root group=nagios mode=0555
-      with_items: '{{ postfix_nagios_checks }}'
-      when: postfix_nagios_check
-      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
-    - name: Install the postfix NRPE command configuration
-      template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg  owner=root group=root mode=0444
-      notify: Reload NRPE server
-      when: postfix_nagios_check
-      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
-
     - name: Ensure that postfix is started and enabled
       service: name=postfix state=started enabled=yes
       when: postfix_enabled
@@ -39,12 +32,27 @@
   tags: postfix-relay 
 
 - block:
+    - name: Install the postfix NRPE nagios check
+      copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }}  owner=root group=nagios mode=0555
+      with_items: '{{ postfix_nagios_checks }}'
 
-    - name: Remove postfix and libsas
+    - name: Install the postfix NRPE command configuration
-      action: apt pkg={{ item }} state=absent
+      template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg  owner=root group=root mode=0444
-      with_items:
+      notify: Reload NRPE server
-        - postfix
+
-        - libsasl2-2
+  when:
+    - postfix_install_packages
+    - postfix_nagios_check
+  tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
+
+- block:
+    - name: Remove postfix and libsas on deb systems
+      action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
+      when: ansible_distribution_file_variety == "Debian"
+
+    - name: Remove postfix and libsas to do mail relay on RH systems
+      yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
+      when: ansible_distribution_file_variety == "RedHat"
 
   when: not postfix_install_packages
   tags: postfix-relay 

postfix-relay/templates/main.cf.j2

@@ -1,8 +1,3 @@
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
 smtpd_banner = $myhostname ESMTP $mail_name
 biff = {{ postfix_biff }}
 
@@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 myhostname = {{ ansible_fqdn }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
+{% if domain_name is defined %}
+myorigin = {{ domain_name }}
+{% else %}
+myorigin = {{ ansible_fqdn }}
+{% endif %}
 mydestination = {{ ansible_fqdn }}, localhost
 {% if postfix_use_relay_host %}
 relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
 {% endif %}
 {% if not postfix_relay_server %}
 mynetworks = 127.0.0.1
-inet_interfaces = localhost, ip6-localhost
+inet_interfaces = localhost
 inet_protocols = ipv4
 {% endif %}
 mailbox_size_limit = 0
@@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
 {% if postfix_use_sasl_auth %}
 smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_sasl_security_options = noanonymous
+smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
-smtp_sasl_tls_security_options = noanonymous
+smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
-smtp_sasl_mechanism_filter = plain, login
+smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
 {% endif %}
 {% if postfix_relay_server %}
 smtpd_sasl_path = smtpd
 smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous
+smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
-smtpd_sasl_tls_security_options = noanonymous
+smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
 smtpd_helo_required = yes
 mynetworks = {{ postfix_mynetworks }}
 inet_interfaces = {{ postfix_interfaces }}

postgresql/tasks/packages.yml

@@ -1,12 +1,11 @@
 ---
-- name: install the postgresql packages
+- block: 
-  apt: pkg={{ item }} state={{ psql_pkg_state }}
+  - name: Install the packages that ansible needs to manage the postgresql users and databases
-  with_items: '{{ postgresql_pkgs }}'
+    apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }}
-  notify: Restart postgresql
+
-  tags: [ 'postgresql', 'postgres' ]
+  - name: install the postgresql packages
-
+    apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }}
-- name: Install the packages that ansible needs to manage the postgresql users and databases
+    notify: Restart postgresql
-  apt: pkg={{ item }} state={{ psql_pkg_state }}
+
-  with_items: '{{ psql_ansible_needed_pkgs }}'
   tags: [ 'postgresql', 'postgres' ]
 

postgresql/tasks/pgpool-ii.yml

@@ -1,8 +1,7 @@
 ---
 - block:
     - name: Install the pgpool package
-      apt: name={{ item }} state={{ psql_pgpool_pkg_state }}
+      apt: name={{ pgpool_pkgs }} state={{ psql_pgpool_pkg_state }} cache_valid_time=1800
-      with_items: '{{ pgpool_pkgs }}'
 
     - name: Configure pcp
       #template: src=pcp.conf.j2 dest=/etc/pgpool2/pcp.conf owner=root group=postgres mode=0640
@@ -59,8 +58,7 @@
       service: name=pgpool2 state=stopped enabled=no
 
     - name: Install the pgpool packages
-      apt: name={{ item }} state=absent
+      apt: name={{ pgpool_pkgs }} state=absent
-      with_items: '{{ pgpool_pkgs }}'
 
     - name: Remove the pgpool failover sudoers file
       file: dest=/etc/sudoers.d/pgpool-wd state=absent

postgresql/tasks/postgis.yml

@@ -1,7 +1,6 @@
 ---
 - name: install the postgresql GIS packages
-  apt: pkg={{ item }} state={{ psql_pkg_state }}
+  apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }}
-  with_items: '{{ postgres_gis_pkgs }}'
   notify: Restart postgresql
   tags: [ 'postgresql', 'postgres', 'postgis' ]
 

postgresql/tasks/postgres_pgpool.yml

@@ -1,7 +1,6 @@
 ---
 - name: Install the packages needed by postgres when running behind a pgpool server
-  apt: pkg={{ item }} state={{ psql_pkg_state }}
+  apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }}
-  with_items: '{{ postgresql_pgpool_pkgs }}'
   when: psql_pgpool_install
   notify: Restart postgresql
   tags: [ 'postgresql', 'postgres', 'pgpool' ]

postgresql/tasks/postgresql-config.yml

@@ -1,14 +1,31 @@
 ---
-- name: Create the postgresql data directory if it is not in the default place
+- block: 
-  file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
+  - name: Check if the new postgresql data directory exists
-  when: psql_use_alternate_data_dir
+    stat: path={{ psql_data_dir }}
-  tags: [ 'postgresql', 'postgres', 'pg_conf' ]
+    register: postgresql_data_dir
+
+  - name: Stop the postgresql service while reconfiguring the data directory
+    service: name=postgresql state=stopped
+    when: postgresql_data_dir.stat.isdir is not defined
+
+  - name: Create the postgresql data directory if it is not in the default place
+    file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
+
+  - name: Set the postgresql data dir if it is different from the default
+    become: True
+    become_user: postgres
+    action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
+
+  - name: Copy the postgresql data directory into the new place
+    shell: '[ "/var/lib/postgresql/{{ psql_version }}/main" != "{{ psql_data_dir }}" ] && cp -a /var/lib/postgresql/{{ psql_version }}/main/* {{ psql_data_dir }}'
+    args:
+      creates: '{{ psql_data_dir }}/main/base'
+    when: postgresql_data_dir.stat.isdir is not defined
+
+  - name: Start the postgresql service that will use the new data directory
+    service: name=postgresql state=started 
+    when: postgresql_data_dir.stat.isdir is not defined
 
-- name: Set the postgresql data dir if it is different from the default
-  become: True
-  become_user: postgres
-  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
-  notify: Restart postgresql
   when: psql_use_alternate_data_dir
   tags: [ 'postgresql', 'postgres', 'pg_conf' ]
 

rabbitmq/defaults/main.yml

@@ -6,13 +6,15 @@ rabbitmq_pkg_state: present
 rabbitmq_server_pkg:
   - rabbitmq-server
 
-rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp,webmachine'
+rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp'
 
 rabbitmq_disabled_plugins: ''
 
 rabbitmq_default_f: /etc/default/rabbitmq-server
 rabbitmq_fileno: 4096
 rabbitmq_admin_u: r_admin
+#rabbitmq_admin_pwd: use a vault file
+
 #
 # See http://www.rabbitmq.com/networking.html
 # 4369 (epmd), 25672 (Erlang distribution)

rabbitmq/tasks/main.yml

@@ -7,8 +7,7 @@
       apt_repository: repo='{{ rabbitmq_repo }}' state=present
 
     - name: Install the rabbitMQ package
-      apt: pkg={{ item }} state={{ rabbitmq_pkg_state }} update_cache=yes
+      apt: pkg={{ rabbitmq_server_pkg }} state={{ rabbitmq_pkg_state }} update_cache=yes
-      with_items: '{{ rabbitmq_server_pkg }}'
 
     - name: Set the rabbitMQ max files
       lineinfile: name={{ rabbitmq_default_f }} regexp="^ulimit" line="ulimit -n {{ rabbitmq_fileno }}"
@@ -18,7 +17,7 @@
       rabbitmq_plugin: names={{ rabbitmq_enabled_plugins }} state=enabled
   
     - name: Disable some rabbitMQ plugins
-      rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default('') }} state=disabled
+      rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default([]) }} state=disabled
 
     - name: Create an admin user
       rabbitmq_user: user={{ rabbitmq_admin_u }} password={{ rabbitmq_admin_pwd | default('changemeASAP') }} tags=administrator vhost=/ configure_priv=.* read_priv=.* write_priv=.* state=present

redis/tasks/main.yml

@@ -4,8 +4,7 @@
       apt_repository: repo='{{ redis_ppa_repo }}' update_cache=yes
 
     - name: Install the Redis packages
-      apt: name={{ item }} state={{ redis_pkg_state }} cache_valid_time=1800
+      apt: name={{ redis_server_pkg }} state={{ redis_pkg_state }} cache_valid_time=1800
-      with_items: '{{ redis_server_pkg }}'
 
     - name: Install the Redis configuration
       template: src={{ item }}.j2 dest=/etc/redis/{{ item }} owner=redis group=redis mode=0440
@@ -29,8 +28,7 @@
       service: name=redis-server state=stopped enabled=no
 
     - name: Remove the Redis packages
-      apt: name={{ item }} state=absent
+      apt: name={{ redis_server_pkg }} state=absent
-      with_items: '{{ redis_server_pkg }}'
 
     - name: Remove the Redis PPA
       apt_repository: repo='{{ redis_ppa_repo }}' state=absent update_cache=yes

smartgears/dataminer-service/meta/main.yml

@@ -0,0 +1,11 @@
+---
+dependencies:
+  - { role: ../../library/roles/smartgears/smartgears-service }
+  - { role: ../../library/roles/smartgears/dataminer_app }
+  - { role: ../../library/roles/conda, when: dataminer_conda_install }
+  - { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
+  - { role: ../../library/roles/python3-env, when: py3_env_install }
+  - { role: ../../library/roles/pandoc }
+  - { role: ../../library/roles/octave, when: octave_install }
+  - { role: ../../library/roles/ubuntugis, when: ubuntugis_repo_install }
+  - { role: ../../library/roles/R, when: r_install }

smartgears/dataminer_app/meta/main.yml

@@ -1,6 +0,0 @@
----
-dependencies:
-  - { role: ../../library/roles/smartgears/smartgears-service }
-  - { role: ../../library/roles/conda, when: dataminer_conda_install }
-  - { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
-  - { role: ../../library/roles/python3-env, when: py3_env_install }

smartgears/smartgears-service/meta/main.yml

@@ -1,5 +1,6 @@
 ---
 dependencies:
+  - role: '../../library/roles/tomcat-multiple-instances'
   - { role: '../../library/roles/smartgears/smartgears' }
   - { role: '../../library/roles/smartgears/smartgears-nginx-frontend', when: setup_nginx is defined and setup_nginx }
   - { role: '../../library/roles/smartgears/resource_updater', when: resource_updater_install is defined }

smartgears/smartgears/meta/main.yml

@@ -1,3 +1,3 @@
 ---
-dependencies:
+#dependencies:
-  - role: '../../library/roles/tomcat-multiple-instances'
+#  - role: '../../library/roles/tomcat-multiple-instances'