diff --git a/library/roles/ckan/ckan/defaults/main.yml b/library/roles/ckan/ckan/defaults/main.yml
index 2a307692..9636c34d 100644
--- a/library/roles/ckan/ckan/defaults/main.yml
+++ b/library/roles/ckan/ckan/defaults/main.yml
@@ -42,6 +42,7 @@ ckan_geoview_url: ckanext-geoview
ckan_geoview_name: resource_proxy
ckan_dcat: False
ckan_dcat_url: 'git+https://github.com/ckan/ckanext-dcat.git#egg=ckanext-dcat'
+ckan_dcat_1_0_0_url: 'git+https://github.com/ckan/ckanext-dcat.git@v1.0.0#egg=ckanext-dcat'
# dcat implement harvesters too.
# ckan_dcat_name: 'dcat dcat_rdf_harvester dcat_json_harvester dcat_json_interface'
ckan_dcat_name: 'dcat dcat_json_interface'
@@ -85,6 +86,7 @@ ckan_ga_plugin_state: '{{ ckan_plugins_state }}'
ckan_google_analytics_name: googleanalytics
ckan_google_analytics_url: 'git+https://github.com/ckan/ckanext-googleanalytics.git#egg=ckanext-googleanalytics'
ckan_google_analytics_fixed_file: 'http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-catalogue/ckan-d4science-extension/{{ ckan_version }}/ckan-default/plugins/googleanalytics/plugin.py'
+#CKANEXT-RATING
ckan_star_ratings: False
ckan_star_ratings_state: present
ckan_star_ratings_name: rating
@@ -131,7 +133,6 @@ ckan_pip_dependencies:
- 'urllib3[secure]'
- bleach
- pyOpenSSL
- - cryptography
- idna
- certifi
- xmltodict
@@ -140,6 +141,7 @@ ckan_pip_dependencies:
ckan_pip_versioned_dependencies:
- { name: 'SQLAlchemy', version: '0.9.6', state: 'present' }
+ - { name: 'cryptography', version: '2.8', state: 'present' }
#
apache_additional_packages:
diff --git a/library/roles/ckan/ckan/tasks/ckan-plugins.yml b/library/roles/ckan/ckan/tasks/ckan-plugins.yml
index 31159c71..3807f4cb 100644
--- a/library/roles/ckan/ckan/tasks/ckan-plugins.yml
+++ b/library/roles/ckan/ckan/tasks/ckan-plugins.yml
@@ -17,7 +17,7 @@
- name: Download the CKAN ckanext-harvest plugin
pip: name='{{ ckan_ckanext_harvester_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
register: ckanext_harvest_install
notify:
- Restart CKAN
@@ -26,7 +26,7 @@
- name: Download the CKAN ckanext-harvest requirements
pip: requirements={{ ckan_virtenv }}/src/ckanext-harvest/pip-requirements.txt virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
notify: Restart fetch and gather consumers
tags: [ 'ckan', 'geonetwork', 'ckan_plugins' ]
@@ -34,50 +34,60 @@
shell: . /usr/lib/ckan/default/bin/activate ; paster --plugin=ckanext-harvest harvester initdb --config={{ ckan_config_file }}
when:
- ckanext_harvest_install is changed
- - ckan_init_db_and_solr
+ - ckan_init_db_and_solr | bool
notify: Restart fetch and gather consumers
tags: [ 'ckan', 'geonetwork', 'ckan_plugins' ]
- name: Download the CKAN ckanext-spatial plugin
pip: name='{{ ckan_ckanext_spatial_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
notify: Restart CKAN
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
register: ckanext_spatial_install
tags: [ 'ckan', 'ckan_spatial', 'ckan_plugins' ]
- name: Download the CKAN ckanext-spatial requirements
pip: requirements={{ ckan_virtenv }}/src/ckanext-spatial/pip-requirements.txt virtualenv={{ ckan_virtenv }} state=present
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
tags: [ 'ckan', 'ckan_spatial', 'ckan_plugins' ]
- name: Initialize the CKAN ckanext-spatial plugin
shell: . /usr/lib/ckan/default/bin/activate ; paster --plugin=ckanext-spatial spatial initdb --config={{ ckan_config_file }}
when:
- ckanext_spatial_install is changed
- - ckan_init_db_and_solr
+ - ckan_init_db_and_solr | bool
tags: [ 'ckan', 'ckan_spatial', 'ckan_plugins' ]
- name: Download the CKAN ckanext-geoview plugin
pip: name='{{ ckan_geoview_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
notify: Restart CKAN
- when: ckan_geoview
+ when: ckan_geoview | bool
tags: [ 'ckan', 'ckan_geoview', 'ckan_plugins' ]
- - name: Download the CKAN ckanext-dcat plugin code
+ - name: Download the latest version of the CKAN ckanext-dcat plugin code on CKAN version >= 2.8
pip: name={{ ckan_dcat_url }} virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_dcat
+ when:
+ - ckan_dcat | bool
+ - ckan_version is version_compare('2.8', '>=')
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_dcat', 'ckan_plugins' ]
+
+ - name: Download the CKAN ckanext-dcat plugin code. Stick to version 1.0.0 on CKAN < 2.8
+ pip: name={{ ckan_dcat_1_0_0_url }} virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
+ when:
+ - ckan_dcat | bool
+ - ckan_version is version_compare('2.8', '<')
notify: Restart CKAN
tags: [ 'ckan', 'ckan_dcat', 'ckan_plugins' ]
- name: Download the CKAN ckanext-dcat requirements
pip: requirements={{ ckan_virtenv }}/src/ckanext-dcat/requirements.txt virtualenv={{ ckan_virtenv }} state=present
- when: ckan_dcat
+ when: ckan_dcat | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_dcat', 'ckan_plugins' ]
- name: Download the CKAN Geonetwork plugin code
git: repo={{ ckan_geonetwork_harvester_url }} dest=/usr/lib/ckan/default/src/ckanext-geonetwork force=yes update={{ ckan_git_plugins_state }}
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
register: install_geonetwork_harvester
tags: [ 'ckan', 'ckan_geonetwork', 'ckan_plugins' ]
@@ -89,41 +99,51 @@
- name: Install the script that updates the tracking data
template: src=tracker_update.sh.j2 dest={{ ckan_virtenv }}/bin/tracker_update owner={{ ckan_shell_user }} group={{ ckan_shell_user }} mode=0555
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
tags: [ 'ckan', 'ckan_geonetwork', 'ckan_plugins', 'tracker' ]
- name: Install the cron job that runs the tracker update script
cron: name="tracker update" minute="0" hour="3" job="{{ ckan_virtenv }}/bin/tracker_update > {{ ckan_logdir }}/tracker_update.log 2>&1" user={{ ckan_shell_user }}
- when: ckan_geonetwork_harvester
+ when: ckan_geonetwork_harvester | bool
tags: [ 'ckan', 'ckan_geonetwork', 'ckan_plugins', 'tracker' ]
- name: Download the CKAN PDF viewer plugin
pip: name='{{ ckan_ckanext_pdfview_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
- when: ckan_pdfview
+ when: ckan_pdfview | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_pdfview', 'ckan_plugins' ]
- - name: Download the CKAN Privatedatasets extension
+ - name: Download the CKAN Privatedatasets extension for CKAN 2.8
pip: name='{{ ckan_privatedatasets_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
- when: ckan_privatedatasets
+ when:
+ - ckan_privatedatasets | bool
+ - ckan_version is version_compare('2.8', '>=')
notify: Restart CKAN
tags: [ 'ckan', 'ckan_privdatasets', 'ckan_plugins' ]
-
+
+ - name: Download the CKAN Privatedatasets extension for CKAN 2.6
+ pip: name='{{ ckan_privatedatasets_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} version=0.2.19
+ when:
+ - ckan_privatedatasets | bool
+ - ckan_version is version_compare('2.8', '<')
+ notify: Restart CKAN
+ tags: [ 'ckan', 'ckan_privdatasets', 'ckan_plugins' ]
+
- name: Download the CKAN hierarchy plugin code
pip: name='{{ ckan_hierarchy_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_hierarchy
+ when: ckan_hierarchy | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_hierarchy', 'ckan_plugins' ]
- name: Download the CKAN pages plugin code
pip: name='{{ ckan_pages_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_pages
+ when: ckan_pages | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_pages', 'ckan_plugins' ]
- name: Download the CKAN LDAP plugin code
git: repo={{ ckan_ldap_url }} dest=/usr/lib/ckan/default/src/ckanext-ldap force=yes update={{ ckan_git_plugins_state }}
- when: ckan_ldap
+ when: ckan_ldap | bool
register: install_ldap_plugin
tags: [ 'ckan', 'ckan_ldap', 'ckan_plugins' ]
@@ -135,7 +155,7 @@
- name: Download the CKAN LIRE plugin code
git: repo={{ ckan_ckanext_lire_url }} dest={{ ckan_virtenv }}/src/ckanext-lire force=yes update={{ ckan_git_plugins_state }}
- when: ckan_ckanext_lire
+ when: ckan_ckanext_lir | boole
register: install_lire_plugin
tags: [ 'ckan', 'ckan_lire', 'ckan_plugins' ]
@@ -147,19 +167,19 @@
- name: Download the CKAN OAI-PMH plugin
pip: name='{{ ckan_oai_pmh_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_oai_pmh
+ when: ckan_oai_pmh | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_oai_pmh', 'ckan_plugins' ]
- name: Download the CKAN google analytics plugin python requirements
pip: name='genshi' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }}
- when: ckan_google_analytics
+ when: ckan_google_analytics | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_google_analytics', 'ckan_plugins' ]
- name: Download the CKAN google analytics plugin
pip: name='{{ ckan_google_analytics_url }}' virtualenv={{ ckan_virtenv }} editable=true state={{ ckan_ga_plugin_state }}
- when: ckan_google_analytics
+ when: ckan_google_analytics | bool
register: install_ckan_google_analytics
notify: Restart CKAN
tags: [ 'ckan', 'ckan_google_analytics', 'ckan_plugins' ]
@@ -172,7 +192,7 @@
- name: Download the CKAN google analytics reports plugin
pip: name='{{ ckan_ga_reports_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_ga_reports
+ when: ckan_ga_reports | bool
register: install_ckan_ga_reports
tags: [ 'ckan', 'ckan_google_analytics', 'ckan_ga_reports', 'ckan_plugins' ]
@@ -180,14 +200,14 @@
shell: . /usr/lib/ckan/default/bin/activate ; cd /usr/lib/ckan/default/src/ckanext-ga-report ; paster initdb --config={{ ckan_config_file }}
when:
- install_ckan_ga_reports is changed
- - ckan_init_db_and_solr
+ - ckan_init_db_and_solr | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_google_analytics', 'ckan_ga_reports', 'ckan_plugins' ]
- name: Download the CKAN star ratings plugin
pip: name='{{ ckan_star_ratings_url }}' virtualenv={{ ckan_virtenv }} editable=true state={{ ckan_star_ratings_state }}
notify: Restart CKAN
- when: ckan_star_ratings
+ when: ckan_star_ratings | bool
register: install_ckan_star_ratings
tags: [ 'ckan', 'ckan_star_ratings', 'ckan_plugins' ]
@@ -196,24 +216,24 @@
notify: Restart CKAN
when:
- install_ckan_star_ratings is changed
- - ckan_star_ratings
+ - ckan_star_ratings | bool
tags: [ 'ckan', 'ckan_star_ratings', 'ckan_plugins' ]
- name: Install the CKAN profiler plugin
pip: name='{{ ckan_profiler_url }}' virtualenv={{ ckan_virtenv }} state={{ ckan_plugins_state }} editable=True
- when: ckan_profiler
+ when: ckan_profiler | bool
notify: Restart CKAN
tags: [ 'ckan', 'ckan_profiler', 'ckan_plugins' ]
- name: Create the profiler plugin log directory
become_user: root
file: dest=/var/log/ckan-profiler owner=www-data group=www-data state=directory
- when: ckan_profiler
+ when: ckan_profiler | bool
tags: [ 'ckan', 'ckan_profiler', 'ckan_plugins' ]
- name: Download the CKAN-DATESEARCH plugin code
git: repo={{ ckan_datesearch_url }} dest=/usr/lib/ckan/default/src/ckanext-datesearch force=yes update={{ ckan_git_plugins_state }}
- when: ckan_datesearch
+ when: ckan_datesearch | bool
register: install_datesearch_plugin
tags: [ 'ckan', 'ckan_datesearch', 'ckan_plugins' ]
diff --git a/library/roles/nginx/templates/nginx-server-ssl.conf.j2 b/library/roles/nginx/templates/nginx-server-ssl.conf.j2
index 6511d8bd..f09f52e4 100644
--- a/library/roles/nginx/templates/nginx-server-ssl.conf.j2
+++ b/library/roles/nginx/templates/nginx-server-ssl.conf.j2
@@ -23,7 +23,7 @@ ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
{% else %}
ssl_protocols TLSv1.1 TLSv1.2;
{% endif %}
-ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
ssl_prefer_server_ciphers off;
{% endif %}
{% if nginx_ssl_level == 'modern' %}
@@ -34,7 +34,7 @@ ssl_protocols TLSv1.2 TLSv1.3;
{% else %}
ssl_protocols TLSv1.2;
{% endif %}
-ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
{% endif %}
{% if ansible_distribution_version is version_compare('14.04', '>=') %}