forked from ISTI-ansible-roles/ansible-roles
Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks
This commit is contained in:
commit
732997b256
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
|
||||
new_role=$1
|
||||
|
||||
mkdir "$new_role"
|
||||
mkdir -p "${new_role}"/{defaults,tasks,files,templates,vars,meta,handlers}
|
||||
touch "${new_role}"/{defaults,tasks,vars,meta,handlers}/main.yml
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
---
|
||||
- name: Install fail2ban on ubuntu >= 14.04 and debian >= 8
|
||||
apt: pkg={{ item }} state=present
|
||||
with_items: '{{ f2b_packages }}'
|
||||
apt: pkg={{ f2b_packages }} state=present
|
||||
tags: fail2ban
|
||||
|
||||
- name: Ensure that fail2ban is enabled and running
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
---
|
||||
iptables_deb_pkgs:
|
||||
- iptables
|
||||
- iptables-persistent
|
||||
|
||||
#
|
||||
# Reference only. Check the iptables-rules.v4.j2 for the list of accepted variables
|
||||
#
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the needed iptables packages
|
||||
apt: pkg={{ item }} state=present
|
||||
with_items:
|
||||
- iptables
|
||||
- iptables-persistent
|
||||
apt: pkg={{ iptables_deb_pkgs }} state=present cache_valid_time=1800
|
||||
|
||||
- name: Create the /etc/iptables directory when needed
|
||||
file: dest=/etc/iptables state=directory owner=root group=root mode=0755
|
||||
|
|
|
@ -36,8 +36,7 @@
|
|||
tags: letsencrypt
|
||||
|
||||
- name: Install the letsencrypt acmetool package and some deps
|
||||
apt: pkg={{ item }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
|
||||
with_items: '{{ letsencrypt_acme_pkgs }}'
|
||||
apt: pkg={{ letsencrypt_acme_pkgs }} state={{ letsencrypt_acme_pkg_state }} update_cache=yes cache_valid_time=3600
|
||||
when:
|
||||
- letsencrypt_acme_install
|
||||
- letsencrypt_pkg_install
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
mono_repo_server: 'keyserver.ubuntu.com'
|
||||
mono_deb_repo_key_id: 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
|
||||
mono_deb_repo_url: 'deb https://download.mono-project.com/repo/{{ ansible_distribution | lower }} stable-{{ ansible_distribution_release }} main'
|
||||
|
||||
mono_rh_key: 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF'
|
||||
mono_rh_repo_url: 'https://download.mono-project.com/repo/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo'
|
||||
|
||||
mono_deb_prerequisites:
|
||||
- apt-transport-https
|
||||
- dirmngr
|
||||
- gnupg
|
||||
- ca-certificates
|
||||
|
||||
mono_deb_packages:
|
||||
- mono-devel
|
||||
- referenceassemblies-pcl
|
||||
- mono-xsp4
|
||||
|
||||
mono_rh_packages:
|
||||
- mono-devel
|
||||
- referenceassemblies-pcl
|
||||
- xsp
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the Mono dependencies on Deb based distributions
|
||||
apt: name={{ mono_deb_prerequisites }} state=present cache_valid_time=1800
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: mono
|
||||
|
||||
- block:
|
||||
- name: Install the deb Mono repository key
|
||||
apt_key:
|
||||
keyserver: {{ mono_repo_server }}
|
||||
id: {{ mono_deb_repo_key_id }}
|
||||
|
||||
- name: Install the deb Mono repository
|
||||
apt_repository:
|
||||
repo: '{{ mono_deb_repo_url }}'
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Install the Mono packages on Deb based distributions
|
||||
apt: name={{ mono_deb_packages }} state=present cache_valid_time=1800
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: mono
|
||||
|
||||
- block:
|
||||
- name: Install the RH Mono repository key
|
||||
rpm_key:
|
||||
state: present
|
||||
key: {{ mono_rh_key }}
|
||||
|
||||
- name: Install the RH Mono repository
|
||||
get_url:
|
||||
dest: /etc/yum.repos.d/mono-{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-stable.repo
|
||||
url: {{ mono_rh_repo_url }}
|
||||
|
||||
- name: Install the Mono packages on RH based distributions
|
||||
yum: name={{ mono_rh_packages }} state=present
|
||||
|
||||
when: ansible_distribution_file_variety != "Debian"
|
||||
tags: mono
|
|
@ -1,13 +1,14 @@
|
|||
---
|
||||
nextcloud_version: 13.0.4
|
||||
nextcloud_version: 15.0.5
|
||||
nextcloud_dist_filename: 'nextcloud-{{ nextcloud_version }}.tar.bz2'
|
||||
nextcloud_download_url: 'https://download.nextcloud.com/server/releases/{{ nextcloud_dist_filename }}'
|
||||
nextcloud_use_redis: True
|
||||
nextcloud_use_memcache: False
|
||||
nextcloud_web_basedir: /var/www
|
||||
nextcloud_web_root: '{{ nextcloud_web_basedir }}/nextcloud'
|
||||
nextcloud_data_dir: /srv/nextcloud/data
|
||||
nextcloud_oc_dir: /srv/nextcloud/oc_keys
|
||||
nextcloud_data_base_dir: /srv
|
||||
nextcloud_data_dir: '{{ nextcloud_data_base_dir }}/nextcloud/data'
|
||||
nextcloud_oc_dir: '{{ nextcloud_data_base_dir }}/nextcloud/oc_keys'
|
||||
nextcloud_servername: '{{ ansible_fqdn }}'
|
||||
nextcloud_servernames:
|
||||
- { webroot: '{{ nextcloud_web_root }}', id: 1, name: '{{ nextcloud_servername }}' }
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: '../../library/roles/postgresql' }
|
||||
- { role: '../../library/roles/php-fpm' }
|
||||
- { role: '../../library/roles/nginx' }
|
||||
- { role: '../../library/roles/redis', when nextcloud_use_redis }
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
get_url: url={{ nextcloud_download_url }} dest=/srv/{{ nextcloud_dist_filename }}
|
||||
|
||||
- name: Unpack the nextcloud archive
|
||||
unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ item.doc_root }} owner={{ item.user }} group={{ item.user }}
|
||||
unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ nextcloud_web_basedir }} owner={{ item.user }} group={{ item.user }}
|
||||
args:
|
||||
creates: '{{ item.doc_root }}/index.php'
|
||||
with_items: '{{ phpfpm_pools }}'
|
||||
|
|
|
@ -6,7 +6,7 @@ redis_install: True
|
|||
http_port: 80
|
||||
https_port: 443
|
||||
|
||||
php_version: 7.0
|
||||
php_version: 7.2
|
||||
phpfpm_base_dir: '/etc/php/{{ php_version }}/fpm'
|
||||
phpfpm_cli_dir: '/etc/php/{{ php_version }}/cli'
|
||||
|
||||
|
@ -16,7 +16,6 @@ php_fpm_packages:
|
|||
- 'php{{ php_version }}-json'
|
||||
- 'php{{ php_version }}-ldap'
|
||||
- 'php{{ php_version }}-{{ nextcloud_db }}'
|
||||
- 'php{{ php_version }}-mcrypt'
|
||||
- 'php{{ php_version }}-xml'
|
||||
- 'php{{ php_version }}-mbstring'
|
||||
- 'php{{ php_version }}-intl'
|
||||
|
@ -32,7 +31,7 @@ phpfpm_default_memory_limit: "512M"
|
|||
|
||||
php_global_settings:
|
||||
- { option: 'always_populate_raw_post_data', value: '-1' }
|
||||
- { option: 'allow_url_fopen', value: 'off' }
|
||||
- { option: 'allow_url_fopen', value: 'on' }
|
||||
- { option: 'max_execution_time', value: '240' }
|
||||
- { option: 'memory_limit', value: '{{ phpfpm_default_memory_limit }}' }
|
||||
- { option: 'max_input_vars', value: '1400' }
|
||||
|
|
|
@ -7,26 +7,20 @@
|
|||
tags: [ 'nginx', 'nginx_ppa' ]
|
||||
|
||||
- name: Install the nginx web server
|
||||
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
with_items:
|
||||
- nginx-full
|
||||
apt: pkg=nginx-full state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
when:
|
||||
- not nginx_use_ldap_pam_auth
|
||||
- ansible_distribution_major_version <= '14'
|
||||
tags: nginx
|
||||
|
||||
- name: Install the nginx web server if we need ldap auth via pam
|
||||
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
with_items:
|
||||
- nginx-extras
|
||||
apt: pkg=nginx-extras state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
when:
|
||||
- nginx_use_ldap_pam_auth
|
||||
- ansible_distribution_major_version <= '14'
|
||||
tags: nginx
|
||||
|
||||
- name: Install the nginx web server on Ubuntu >= 16.04
|
||||
apt: pkg={{ item }} state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
with_items:
|
||||
- nginx
|
||||
apt: pkg=nginx state={{ nginx_package_state }} update_cache=yes cache_valid_time=1800
|
||||
when: ansible_distribution_major_version >= '16'
|
||||
tags: nginx
|
||||
|
|
|
@ -7,8 +7,7 @@
|
|||
with_items: '{{ node_js_repo_urls }}'
|
||||
|
||||
- name: Install the Node.js packages
|
||||
apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
|
||||
with_items: '{{ node_js_pkgs }}'
|
||||
apt: pkg={{ node_js_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
|
||||
|
||||
tags: [ 'nodejs', 'node_js' ]
|
||||
|
||||
|
@ -21,8 +20,7 @@
|
|||
with_items: '{{ node_js_yarn_repo_urls }}'
|
||||
|
||||
- name: Install the Node.js yarn packages
|
||||
apt: pkg={{ item }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
|
||||
with_items: '{{ node_js_yarn_pkgs }}'
|
||||
apt: pkg={{ node_js_yarn_pkgs }} state={{ node_js_pkg_state }} update_cache=True cache_valid_time=1800
|
||||
|
||||
when: node_js_yarn_install
|
||||
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
|
||||
|
@ -33,8 +31,7 @@
|
|||
with_items: '{{ node_js_yarn_repo_urls }}'
|
||||
|
||||
- name: Install the Node.js yarn packages
|
||||
apt: pkg={{ item }} state=absent update_cache=True cache_valid_time=1800
|
||||
with_items: '{{ node_js_yarn_pkgs }}'
|
||||
apt: pkg={{ node_js_yarn_pkgs }} state=absent update_cache=True cache_valid_time=1800
|
||||
|
||||
when: not node_js_yarn_install
|
||||
tags: [ 'nodejs', 'node_js', 'yarn', 'node_js_yarn' ]
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
onlyoffice_docserver_deb_repo_key: CB2DE8E5
|
||||
onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com'
|
||||
onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
|
||||
onlyoffice_docserver_deb_packages: onlyoffice-communityserver
|
||||
onlyoffice_docserver_letsencrypt_managed: True
|
||||
|
||||
onlyoffice_docserver_use_nginx_role: True
|
||||
|
||||
onlyoffice_docserver_deb_packages_dependencies:
|
||||
- libcurl3
|
||||
- libxml2
|
||||
- supervisor
|
||||
- fonts-dejavu
|
||||
- fonts-liberation
|
||||
- ttf-mscorefonts-installer
|
||||
- fonts-crosextra-carlito
|
||||
- fonts-takao-gothic
|
||||
- fonts-opensymbol
|
||||
- npm
|
||||
- nginx-extras
|
||||
|
||||
onlyoffice_docserver_packages:
|
||||
- onlyoffice-documentserver
|
||||
|
||||
onlyoffice_docserver_db_host: localhost
|
||||
onlyoffice_docserver_db_user: onlyoffice
|
||||
onlyoffice_docserver_db_name: onlyoffice
|
||||
#onlyoffice_docserver_db_pwd: 'put it into a vault file'
|
||||
|
||||
onlyoffice_docserver_redis_host: localhost
|
||||
|
||||
onlyoffice_docserver_rabbitmq_url: 'amqp://guest:guest@localhost'
|
||||
|
||||
onlyoffice_docserver_use_a_secret_key: 'true'
|
||||
#onlyoffice_docserver_secret_key: 'put it into a vault file'
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
enabled: yes
|
||||
state: reloaded
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: '../../library/roles/postgresql', when: psql_postgresql_install }
|
||||
- { role: '../../library/roles/redis' }
|
||||
- { role: '../../library/roles/rabbitmq' }
|
||||
- { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role }
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the deb OnlyOffice repository key
|
||||
apt_key:
|
||||
keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}'
|
||||
id: '{{ onlyoffice_docserver_deb_repo_key }}'
|
||||
|
||||
- name: Install the deb OnlyOffice repository
|
||||
apt_repository:
|
||||
repo: '{{ onlyoffice_docserver_deb_repo }}'
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Install the OnlyOffice document server deb dependencies
|
||||
apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
|
||||
|
||||
- name: Create some OnlyOffice directories where we will install our config files
|
||||
file: dest={{ item }} state=directory
|
||||
with_items:
|
||||
- /etc/onlyoffice/documentserver
|
||||
- /etc/onlyoffice/documentserver/nginx
|
||||
|
||||
- name: Install the OnlyOffice local configuration from a template
|
||||
template: src=local.json dest=/etc/onlyoffice/documentserver/local.json owner=root group=root mode=0444
|
||||
|
||||
- name: Install the OnlyOffice document server configuration that enables SSL
|
||||
template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
|
||||
when: onlyoffice_docserver_letsencrypt_managed
|
||||
notify: Reload nginx
|
||||
tags: [ 'onlyoffice', 'letsencrypt', 'nginx' ]
|
||||
|
||||
- name: The OnlyOffice document server packages must be done manually, because it is interactive
|
||||
debug:
|
||||
msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
|
||||
|
||||
# - name: Install the OnlyOffice document server package
|
||||
# apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: onlyoffice
|
|
@ -0,0 +1,43 @@
|
|||
include /etc/nginx/includes/onlyoffice-http.conf;
|
||||
|
||||
## Normal HTTP host
|
||||
server {
|
||||
listen 0.0.0.0:80;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||
## Redirects all traffic to the HTTPS host
|
||||
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
|
||||
rewrite ^ https://$host$request_uri? permanent;
|
||||
}
|
||||
|
||||
#HTTP host for internal services
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
listen [::1]:80;
|
||||
server_name localhost;
|
||||
server_tokens off;
|
||||
|
||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
|
||||
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
|
||||
}
|
||||
|
||||
## HTTPS host
|
||||
server {
|
||||
listen 0.0.0.0:443 ssl http2;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
server_tokens off;
|
||||
root /usr/share/nginx/html;
|
||||
|
||||
## Strong SSL Security
|
||||
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl on;
|
||||
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
||||
# add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
|
||||
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
http_port: 80
|
||||
https_port: 443
|
||||
redis_install: True
|
||||
|
||||
psql_postgresql_install: True
|
||||
pg_use_postgresql_org_repo: True
|
||||
psql_version: 11
|
||||
pg_backup_retain_copies: 2
|
||||
|
||||
psql_db_data:
|
||||
- { name: '{{ onlyoffice_docserver_db_name }}', encoding: 'UTF8', user: '{{ onlyoffice_docserver_db_user }}', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
onlyoffice_deb_repo_key: CB2DE8E5
|
||||
onlyoffice_deb_repo_key_server: 'keyserver.ubuntu.com'
|
||||
onlyoffice_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
|
||||
onlyoffice_deb_packages: onlyoffice-communityserver
|
||||
onlyoffice_letsencrypt_managed: True
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: '../../library/roles/postgresql', when: psql_postgresql_install }
|
||||
- { role: '../../library/roles/mono' }
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the deb OnlyOffice repository key
|
||||
apt_key:
|
||||
keyserver: {{ onlyoffice_deb_repo_key_server }}
|
||||
id: {{ onlyoffice_deb_repo_key }}
|
||||
|
||||
- name: Install the deb Mono repository
|
||||
apt_repository:
|
||||
repo: '{{ onlyoffice_deb_repo }}'
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Install the Mono packages on Deb based distributions
|
||||
apt: name={{ onlyoffice_deb_packages }} state=present cache_valid_time=1800
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: onlyoffice
|
||||
|
||||
- block:
|
||||
- name: Install a letsencrypt acme hook
|
||||
template: src=onlyoffice-letsencrypt.sh dest=/usr/lib/acme/hooks/onlyoffice owner=root group=root mode=4555
|
||||
|
||||
- name: Run the letsencrypt acme hook if the certificates are not in place
|
||||
shell: /usr/lib/acme/hooks/onlyoffice
|
||||
args:
|
||||
creates: /var/www/onlyoffice/Data/certs/onlyoffice.key
|
||||
register: initialize_onlyoffice_https
|
||||
|
||||
- name: Reconfigure the OnlyOffice service for https
|
||||
shell: /var/www/onlyoffice/Tools/default-onlyoffice-ssl.sh
|
||||
when: initialize_onlyoffice_https is changed
|
||||
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'onlyoffic', 'letsencrypt' ]
|
|
@ -0,0 +1,36 @@
|
|||
#!/bin/bash
|
||||
|
||||
LE_CERTS_DIR="{{ letsencrypt_acme_certs_dir }}"
|
||||
LE_LOG_DIR=/var/log/letsencrypt
|
||||
LE_LOG_FILE=$LE_LOG_DIR/onlyoffice.log
|
||||
onlyoffice_certdir=/var/www/onlyoffice/Data/certs
|
||||
|
||||
DATE=$( date )
|
||||
|
||||
[ ! -d "$onlyoffice_certdir" ] && mkdir -p "$onlyoffice_certdir"
|
||||
[ ! -d "$LE_LOG_DIR" ] && mkdir "$LE_LOG_DIR"
|
||||
echo "$DATE" >> "$LE_LOG_DIR/postgresql.log"
|
||||
|
||||
if [ -f /etc/default/letsencrypt ] ; then
|
||||
. /etc/default/letsencrypt
|
||||
else
|
||||
echo "No letsencrypt default file" >> $LE_LOG_FILE
|
||||
fi
|
||||
|
||||
echo "Copy the key file" >> $LE_LOG_FILE
|
||||
cp "${LE_CERTS_DIR}/privkey" $onlyoffice_certdir/onlyoffice.key
|
||||
chmod 400 $onlyoffice_certdir/onlyoffice.key
|
||||
chown root:root $onlyoffice_certdir/onlyoffice.key
|
||||
cp "${LE_CERTS_DIR}/cert" $onlyoffice_certdir/onlyoffice.crt
|
||||
chmod 400 $onlyoffice_certdir/onlyoffice.crt
|
||||
chown root:root $onlyoffice_certdir/onlyoffice.crt
|
||||
|
||||
echo "Restart the onlyoffice service" >> $LE_LOG_FILE
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
systemctl reload nginx >> $LE_LOG_FILE 2>&1
|
||||
else
|
||||
service nginx reload >> $LE_LOG_FILE 2>&1
|
||||
fi
|
||||
echo "Done." >> $LE_LOG_FILE
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
letsencrypt_acme_install: True
|
||||
http_port: 80
|
||||
https_port: 443
|
|
@ -11,13 +11,11 @@
|
|||
tags: [ 'php', 'php_ppa' ]
|
||||
|
||||
- name: Install the php-fpm package
|
||||
apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
|
||||
with_items: '{{ php_fpm_packages }}'
|
||||
apt: pkg={{ php_fpm_packages }} state=present update_cache=yes cache_valid_time=3600
|
||||
tags: php
|
||||
|
||||
- name: Install additional php packages
|
||||
apt: pkg={{ item }} state=present update_cache=yes cache_valid_time=3600
|
||||
with_items: '{{ php_additional_packages | default([]) }}'
|
||||
apt: pkg={{ php_additional_packages | default([]) }} state=present update_cache=yes cache_valid_time=3600
|
||||
tags: php
|
||||
|
||||
- name: Set the timezone if we have one
|
||||
|
|
|
@ -1,6 +1,17 @@
|
|||
---
|
||||
postfix_enabled: True
|
||||
postfix_install_packages: True
|
||||
|
||||
postfix_relay_rh_pkgs:
|
||||
- postfix
|
||||
- cyrus-sasl-lib
|
||||
- cyrus-sasl-plain
|
||||
- cyrus-sasl-md5
|
||||
|
||||
postfix_relay_deb_pkgs:
|
||||
- postfix
|
||||
- libsasl2-2
|
||||
|
||||
# Set it to true when you want configure your machine to send email to a relay
|
||||
postfix_relay_client: False
|
||||
postfix_biff: "no"
|
||||
|
@ -15,6 +26,11 @@ postfix_smtp_tls_security_level: encrypt
|
|||
postfix_use_sasl_auth: True
|
||||
postfix_smtp_sasl_auth_enable: "yes"
|
||||
postfix_smtp_create_relay_user: True
|
||||
# Options: noanonymous, noplaintext
|
||||
postfix_smtp_sasl_security_options: noanonymous
|
||||
postfix_smtp_sasl_tls_security_options: '{{ postfix_smtp_sasl_security_options }}'
|
||||
postfix_smtp_sasl_mechanism_filter: plain, login
|
||||
|
||||
# Set it in the local rules
|
||||
#postfix_relay_host: smtp-relay.example.com
|
||||
postfix_relay_port: 587
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
|
||||
#dependencies:
|
||||
# - { role: '../../library/roles/nagios', when: nagios_enabled is defined and nagios_enabled }
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install postfix and libsas to do mail relay on deb systems
|
||||
apt: pkg={{ postfix_relay_deb_pkgs }} state=present update_cache=yes cache_valid_time=1800
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Install postfix and libsas to do mail relay
|
||||
action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
|
||||
with_items:
|
||||
- postfix
|
||||
- libsasl2-2
|
||||
- name: Install postfix and libsas to do mail relay on RH systems
|
||||
yum: pkg={{ postfix_relay_rh_pkgs }} state=present
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Remove the ssmtp package on RH systems
|
||||
yum: pkg=ssmtp state=absent
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Write the postfix main configuration file
|
||||
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
|
||||
|
@ -15,18 +20,6 @@
|
|||
template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
|
||||
notify: Restart postfix
|
||||
|
||||
- name: Install the postfix NRPE nagios check
|
||||
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
|
||||
with_items: '{{ postfix_nagios_checks }}'
|
||||
when: postfix_nagios_check
|
||||
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
|
||||
|
||||
- name: Install the postfix NRPE command configuration
|
||||
template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
|
||||
notify: Reload NRPE server
|
||||
when: postfix_nagios_check
|
||||
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
|
||||
|
||||
- name: Ensure that postfix is started and enabled
|
||||
service: name=postfix state=started enabled=yes
|
||||
when: postfix_enabled
|
||||
|
@ -39,12 +32,27 @@
|
|||
tags: postfix-relay
|
||||
|
||||
- block:
|
||||
- name: Install the postfix NRPE nagios check
|
||||
copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555
|
||||
with_items: '{{ postfix_nagios_checks }}'
|
||||
|
||||
- name: Remove postfix and libsas
|
||||
action: apt pkg={{ item }} state=absent
|
||||
with_items:
|
||||
- postfix
|
||||
- libsasl2-2
|
||||
- name: Install the postfix NRPE command configuration
|
||||
template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444
|
||||
notify: Reload NRPE server
|
||||
|
||||
when:
|
||||
- postfix_install_packages
|
||||
- postfix_nagios_check
|
||||
tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
|
||||
|
||||
- block:
|
||||
- name: Remove postfix and libsas on deb systems
|
||||
action: apt pkg={{ postfix_relay_deb_pkgs }} state=absent
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Remove postfix and libsas to do mail relay on RH systems
|
||||
yum: pkg={{ postfix_relay_rh_pkgs }} state=absent
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
when: not postfix_install_packages
|
||||
tags: postfix-relay
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
# Debian specific: Specifying a file name will cause the first
|
||||
# line of that file to be used as the name. The Debian default
|
||||
# is /etc/mailname.
|
||||
#myorigin = /etc/mailname
|
||||
|
||||
smtpd_banner = $myhostname ESMTP $mail_name
|
||||
biff = {{ postfix_biff }}
|
||||
|
||||
|
@ -45,14 +40,18 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
|
|||
myhostname = {{ ansible_fqdn }}
|
||||
alias_maps = hash:/etc/aliases
|
||||
alias_database = hash:/etc/aliases
|
||||
myorigin = /etc/mailname
|
||||
{% if domain_name is defined %}
|
||||
myorigin = {{ domain_name }}
|
||||
{% else %}
|
||||
myorigin = {{ ansible_fqdn }}
|
||||
{% endif %}
|
||||
mydestination = {{ ansible_fqdn }}, localhost
|
||||
{% if postfix_use_relay_host %}
|
||||
relayhost = {{ postfix_relay_host }}:{{ postfix_relay_port }}
|
||||
{% endif %}
|
||||
{% if not postfix_relay_server %}
|
||||
mynetworks = 127.0.0.1
|
||||
inet_interfaces = localhost, ip6-localhost
|
||||
inet_interfaces = localhost
|
||||
inet_protocols = ipv4
|
||||
{% endif %}
|
||||
mailbox_size_limit = 0
|
||||
|
@ -61,15 +60,15 @@ default_destination_concurrency_limit = {{ postfix_default_destination_concurren
|
|||
{% if postfix_use_sasl_auth %}
|
||||
smtp_sasl_auth_enable= {{ postfix_smtp_sasl_auth_enable }}
|
||||
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
|
||||
smtp_sasl_security_options = noanonymous
|
||||
smtp_sasl_tls_security_options = noanonymous
|
||||
smtp_sasl_mechanism_filter = plain, login
|
||||
smtp_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
|
||||
smtp_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
|
||||
smtp_sasl_mechanism_filter = {{ postfix_smtp_sasl_mechanism_filter }}
|
||||
{% endif %}
|
||||
{% if postfix_relay_server %}
|
||||
smtpd_sasl_path = smtpd
|
||||
smtpd_sasl_auth_enable = yes
|
||||
smtpd_sasl_security_options = noanonymous
|
||||
smtpd_sasl_tls_security_options = noanonymous
|
||||
smtpd_sasl_security_options = {{ postfix_smtp_sasl_security_options }}
|
||||
smtpd_sasl_tls_security_options = {{ postfix_smtp_sasl_tls_security_options }}
|
||||
smtpd_helo_required = yes
|
||||
mynetworks = {{ postfix_mynetworks }}
|
||||
inet_interfaces = {{ postfix_interfaces }}
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
- name: install the postgresql packages
|
||||
apt: pkg={{ item }} state={{ psql_pkg_state }}
|
||||
with_items: '{{ postgresql_pkgs }}'
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
- block:
|
||||
- name: Install the packages that ansible needs to manage the postgresql users and databases
|
||||
apt: pkg={{ item }} state={{ psql_pkg_state }}
|
||||
with_items: '{{ psql_ansible_needed_pkgs }}'
|
||||
apt: pkg={{ psql_ansible_needed_pkgs }} state={{ psql_pkg_state }}
|
||||
|
||||
- name: install the postgresql packages
|
||||
apt: pkg={{ postgresql_pkgs }} state={{ psql_pkg_state }}
|
||||
notify: Restart postgresql
|
||||
|
||||
tags: [ 'postgresql', 'postgres' ]
|
||||
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the pgpool package
|
||||
apt: name={{ item }} state={{ psql_pgpool_pkg_state }}
|
||||
with_items: '{{ pgpool_pkgs }}'
|
||||
apt: name={{ pgpool_pkgs }} state={{ psql_pgpool_pkg_state }} cache_valid_time=1800
|
||||
|
||||
- name: Configure pcp
|
||||
#template: src=pcp.conf.j2 dest=/etc/pgpool2/pcp.conf owner=root group=postgres mode=0640
|
||||
|
@ -59,8 +58,7 @@
|
|||
service: name=pgpool2 state=stopped enabled=no
|
||||
|
||||
- name: Install the pgpool packages
|
||||
apt: name={{ item }} state=absent
|
||||
with_items: '{{ pgpool_pkgs }}'
|
||||
apt: name={{ pgpool_pkgs }} state=absent
|
||||
|
||||
- name: Remove the pgpool failover sudoers file
|
||||
file: dest=/etc/sudoers.d/pgpool-wd state=absent
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
---
|
||||
- name: install the postgresql GIS packages
|
||||
apt: pkg={{ item }} state={{ psql_pkg_state }}
|
||||
with_items: '{{ postgres_gis_pkgs }}'
|
||||
apt: pkg={{ postgres_gis_pkgs }} state={{ psql_pkg_state }}
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'postgis' ]
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
---
|
||||
- name: Install the packages needed by postgres when running behind a pgpool server
|
||||
apt: pkg={{ item }} state={{ psql_pkg_state }}
|
||||
with_items: '{{ postgresql_pgpool_pkgs }}'
|
||||
apt: pkg={{ postgresql_pgpool_pkgs }} state={{ psql_pkg_state }}
|
||||
when: psql_pgpool_install
|
||||
notify: Restart postgresql
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool' ]
|
||||
|
|
|
@ -1,14 +1,31 @@
|
|||
---
|
||||
- block:
|
||||
- name: Check if the new postgresql data directory exists
|
||||
stat: path={{ psql_data_dir }}
|
||||
register: postgresql_data_dir
|
||||
|
||||
- name: Stop the postgresql service while reconfiguring the data directory
|
||||
service: name=postgresql state=stopped
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Create the postgresql data directory if it is not in the default place
|
||||
file: dest={{ psql_data_dir }} owner=postgres group=postgres mode=700 recurse=yes state=directory
|
||||
when: psql_use_alternate_data_dir
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
- name: Set the postgresql data dir if it is different from the default
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path={{ psql_conf_dir }}/postgresql.conf key=data_directory value="'{{ psql_data_dir }}'"
|
||||
notify: Restart postgresql
|
||||
|
||||
- name: Copy the postgresql data directory into the new place
|
||||
shell: '[ "/var/lib/postgresql/{{ psql_version }}/main" != "{{ psql_data_dir }}" ] && cp -a /var/lib/postgresql/{{ psql_version }}/main/* {{ psql_data_dir }}'
|
||||
args:
|
||||
creates: '{{ psql_data_dir }}/main/base'
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
- name: Start the postgresql service that will use the new data directory
|
||||
service: name=postgresql state=started
|
||||
when: postgresql_data_dir.stat.isdir is not defined
|
||||
|
||||
when: psql_use_alternate_data_dir
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
|
||||
|
|
|
@ -6,13 +6,15 @@ rabbitmq_pkg_state: present
|
|||
rabbitmq_server_pkg:
|
||||
- rabbitmq-server
|
||||
|
||||
rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp,webmachine'
|
||||
rabbitmq_enabled_plugins: 'amqp_client,rabbitmq_amqp1_0,rabbitmq_management,rabbitmq_management_agent,rabbitmq_management_visualiser,rabbitmq_mqtt,rabbitmq_stomp'
|
||||
|
||||
rabbitmq_disabled_plugins: ''
|
||||
|
||||
rabbitmq_default_f: /etc/default/rabbitmq-server
|
||||
rabbitmq_fileno: 4096
|
||||
rabbitmq_admin_u: r_admin
|
||||
#rabbitmq_admin_pwd: use a vault file
|
||||
|
||||
#
|
||||
# See http://www.rabbitmq.com/networking.html
|
||||
# 4369 (epmd), 25672 (Erlang distribution)
|
||||
|
|
|
@ -7,8 +7,7 @@
|
|||
apt_repository: repo='{{ rabbitmq_repo }}' state=present
|
||||
|
||||
- name: Install the rabbitMQ package
|
||||
apt: pkg={{ item }} state={{ rabbitmq_pkg_state }} update_cache=yes
|
||||
with_items: '{{ rabbitmq_server_pkg }}'
|
||||
apt: pkg={{ rabbitmq_server_pkg }} state={{ rabbitmq_pkg_state }} update_cache=yes
|
||||
|
||||
- name: Set the rabbitMQ max files
|
||||
lineinfile: name={{ rabbitmq_default_f }} regexp="^ulimit" line="ulimit -n {{ rabbitmq_fileno }}"
|
||||
|
@ -18,7 +17,7 @@
|
|||
rabbitmq_plugin: names={{ rabbitmq_enabled_plugins }} state=enabled
|
||||
|
||||
- name: Disable some rabbitMQ plugins
|
||||
rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default('') }} state=disabled
|
||||
rabbitmq_plugin: names={{ rabbitmq_disabled_plugins | default([]) }} state=disabled
|
||||
|
||||
- name: Create an admin user
|
||||
rabbitmq_user: user={{ rabbitmq_admin_u }} password={{ rabbitmq_admin_pwd | default('changemeASAP') }} tags=administrator vhost=/ configure_priv=.* read_priv=.* write_priv=.* state=present
|
||||
|
|
|
@ -4,8 +4,7 @@
|
|||
apt_repository: repo='{{ redis_ppa_repo }}' update_cache=yes
|
||||
|
||||
- name: Install the Redis packages
|
||||
apt: name={{ item }} state={{ redis_pkg_state }} cache_valid_time=1800
|
||||
with_items: '{{ redis_server_pkg }}'
|
||||
apt: name={{ redis_server_pkg }} state={{ redis_pkg_state }} cache_valid_time=1800
|
||||
|
||||
- name: Install the Redis configuration
|
||||
template: src={{ item }}.j2 dest=/etc/redis/{{ item }} owner=redis group=redis mode=0440
|
||||
|
@ -29,8 +28,7 @@
|
|||
service: name=redis-server state=stopped enabled=no
|
||||
|
||||
- name: Remove the Redis packages
|
||||
apt: name={{ item }} state=absent
|
||||
with_items: '{{ redis_server_pkg }}'
|
||||
apt: name={{ redis_server_pkg }} state=absent
|
||||
|
||||
- name: Remove the Redis PPA
|
||||
apt_repository: repo='{{ redis_ppa_repo }}' state=absent update_cache=yes
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: ../../library/roles/smartgears/smartgears-service }
|
||||
- { role: ../../library/roles/smartgears/dataminer_app }
|
||||
- { role: ../../library/roles/conda, when: dataminer_conda_install }
|
||||
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
|
||||
- { role: ../../library/roles/python3-env, when: py3_env_install }
|
||||
- { role: ../../library/roles/pandoc }
|
||||
- { role: ../../library/roles/octave, when: octave_install }
|
||||
- { role: ../../library/roles/ubuntugis, when: ubuntugis_repo_install }
|
||||
- { role: ../../library/roles/R, when: r_install }
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: ../../library/roles/smartgears/smartgears-service }
|
||||
- { role: ../../library/roles/conda, when: dataminer_conda_install }
|
||||
- { role: ../../library/roles/hdf5, when: dataminer_hdf5 }
|
||||
- { role: ../../library/roles/python3-env, when: py3_env_install }
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: '../../library/roles/tomcat-multiple-instances'
|
||||
- { role: '../../library/roles/smartgears/smartgears' }
|
||||
- { role: '../../library/roles/smartgears/smartgears-nginx-frontend', when: setup_nginx is defined and setup_nginx }
|
||||
- { role: '../../library/roles/smartgears/resource_updater', when: resource_updater_install is defined }
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: '../../library/roles/tomcat-multiple-instances'
|
||||
#dependencies:
|
||||
# - role: '../../library/roles/tomcat-multiple-instances'
|
||||
|
|
Loading…
Reference in New Issue