forked from ISTI-ansible-roles/ansible-roles
Merge branch 'master' of git://gitorious.research-infrastructures.eu/infrastructure-management/ansible-playbooks
This commit is contained in:
commit
b96c18c772
|
@ -7,10 +7,10 @@
|
|||
file: dest={{ r_packages_svn_base_dir }} state=directory
|
||||
|
||||
- name: Cron job that installs new R packages, if any
|
||||
cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
|
||||
cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" hour="5-0,1-2" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
|
||||
|
||||
- name: Cron job that upgrades existing R packages and installs new ones, if any
|
||||
cron: name="install new R packages" user=root cron_file=upgrade-r-packages hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
|
||||
cron: name="install new R packages" user=root cron_file=upgrade-r-packages minute="7" hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
|
||||
|
||||
when: r_packages_updater
|
||||
tags: [ 'r_software', 'r_pkg', 'r_plugins', 'r_plugins_github', 'r_cran_pkgs', 'r_github_pkgs', 'r_packages_updater' ]
|
||||
|
|
|
@ -75,7 +75,7 @@ function fail() {
|
|||
function init_env() {
|
||||
if [ -f $LOCK_FILE ] ; then
|
||||
OLDPROC=$( cat $LOCK_FILE )
|
||||
OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC )
|
||||
OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC | awk '{ print $2 }' )
|
||||
RETVAL=$?
|
||||
if [ $RETVAL -eq 0 ] ; then
|
||||
logger "update_r_packages: $OLDPROC_RUNNING"
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: '../../library/roles/python-env'
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
py_env_install: True
|
||||
py_env_pip_pkgs:
|
||||
- docker-compose
|
||||
- docker-py
|
||||
|
|
@ -1,8 +1,13 @@
|
|||
---
|
||||
joomla_dist_name: Joomla
|
||||
joomla_dist_version: 3.4.8
|
||||
joomla_major: 3
|
||||
joomla_minor: 8
|
||||
joomla_fix: 2
|
||||
joomla_dist_version: '{{ joomla_major }}.{{ joomla_minor }}.{{ joomla_fix }}'
|
||||
joomla_dist_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
|
||||
joomla_tar_url: 'https://github.com/joomla/joomla-cms/releases/download/{{ joomla_dist_version }}/{{ joomla_dist_file }}'
|
||||
joomla_download_version: '{{ joomla_major }}-{{ joomla_minor }}-{{ joomla_fix }}'
|
||||
joomla_download_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
|
||||
joomla_tar_url: 'https://downloads.joomla.org/cms/joomla{{ joomla_major }}/{{ joomla_download_version }}/{{ joomla_download_file }}?format=zip'
|
||||
joomla_download_dir: /srv/joomla
|
||||
joomla_install_dir: /var/www
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Install the joomla php prerequisites
|
||||
apt: name={{ item }} state=present
|
||||
with_items: joomla_php_prereq
|
||||
with_items: '{{ joomla_php_prereq }}'
|
||||
tags: joomla
|
||||
|
||||
- name: Ensure that the download and install dirs exist
|
||||
|
@ -12,7 +12,7 @@
|
|||
tags: joomla
|
||||
|
||||
- name: Download the joomla distribution file
|
||||
get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }}
|
||||
get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }} validate_certs=no
|
||||
register: joomla_download
|
||||
tags: joomla
|
||||
|
||||
|
@ -25,14 +25,14 @@
|
|||
shell: cp -a {{ joomla_download_dir }}/joomla-unpacked/* {{ joomla_install_dir }}/
|
||||
args:
|
||||
creates: '{{ joomla_install_dir }}/index.php'
|
||||
with_items: phpfpm_pools
|
||||
with_items: '{{ phpfpm_pools }}'
|
||||
when: ( joomla_download | changed )
|
||||
register: unpack_joomla
|
||||
tags: joomla
|
||||
|
||||
- name: Set the correct ownership of the joomla files
|
||||
file: dest={{ joomla_install_dir }} owner={{ item.user }} group={{ item.group }} recurse=yes state=directory
|
||||
with_items: phpfpm_pools
|
||||
with_items: '{{ phpfpm_pools }}'
|
||||
when: ( unpack_joomla | changed )
|
||||
tags: joomla
|
||||
|
||||
|
|
|
@ -22,7 +22,8 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fq
|
|||
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
|
||||
|
||||
# responses parameters
|
||||
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
|
||||
#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
|
||||
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
|
||||
letsencrypt_acme_agree_tos: true
|
||||
letsencrypt_acme_rsa_key_size: 4096
|
||||
letsencrypt_ocsp_must_staple: True
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
- name: Create the letsencrypt acme user
|
||||
user: name={{ letsencrypt_acme_user }} home={{ letsencrypt_acme_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
|
||||
when: letsencrypt_acme_install
|
||||
tags: letsencrypt
|
||||
tags: [ 'letsencrypt', 'letsencrypt_user' ]
|
||||
|
||||
- name: Create the letsencrypt acme home, if it does not exist already. In a separate step because it could be already there.
|
||||
file: dest={{ letsencrypt_acme_user_home }} owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} state=directory recurse=yes
|
||||
|
@ -93,7 +93,7 @@
|
|||
capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=absent
|
||||
when:
|
||||
- letsencrypt_acme_install
|
||||
- "'{{ letsencrypt_acme_authenticator }}' != 'listener'"
|
||||
- letsencrypt_acme_authenticator != 'listener'
|
||||
ignore_errors: True
|
||||
tags: letsencrypt
|
||||
|
||||
|
@ -125,7 +125,7 @@
|
|||
- name: Install a daily cron job to renew the certificates when needed
|
||||
become: True
|
||||
become_user: '{{ letsencrypt_acme_user }}'
|
||||
cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
|
||||
cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
|
||||
when: letsencrypt_acme_install
|
||||
tags: letsencrypt
|
||||
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
---
|
||||
letsencrypt_install: False
|
||||
letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt'
|
||||
letsencrypt_dest_dir: /opt
|
||||
letsencrypt_update_repo: True
|
||||
letsencrypt_prerequisites:
|
||||
- git
|
||||
- bc
|
||||
|
||||
letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto'
|
||||
letsencrypt_install_path: /root/.local/share/letsencrypt
|
||||
letsencrypt_config_dir: /etc/letsencrypt
|
||||
letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}'
|
||||
# In seconds. Default 7 days
|
||||
letsencrypt_renew_before: 604800
|
||||
letsencrypt_logdir: /var/log/letsencrypt
|
||||
# The various services maintainers need to put the reconfigure/restart scripts there
|
||||
letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt
|
||||
|
||||
# cli.ini parameters
|
||||
letsencrypt_rsa_key_size: 4096
|
||||
letsencrypt_email: sysadmin@example.com
|
||||
letsencrypt_authenticator: standalone
|
||||
letsencrypt_standalone_supp_challenges: 'http-01'
|
||||
letsencrypt_agree_tos: True
|
||||
letsencrypt_verbose: False
|
||||
letsencrypt_text_interface: True
|
||||
# The first on the list gives the name to the certs live directory.
|
||||
# If it is not the machine FQDN, change the letsencrypt_cert_dir definition.
|
||||
letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org'
|
||||
letsencrypt_renew_by_default: True
|
||||
letsencrypt_standalone_port: 9999
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
---
|
||||
- name: Install the letsencrypt package dependencies
|
||||
apt: name={{ item }} state=present
|
||||
with_items: '{{ letsencrypt_prerequisites }}'
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Get the letsencrypt client
|
||||
git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }}
|
||||
with_items: '{{ letsencrypt_prerequisites }}'
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: letsencrypt initializaztion
|
||||
command: '{{ letsencrypt_auto }}'
|
||||
args:
|
||||
creates: '{{ letsencrypt_install_path }}/bin/letsencrypt'
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Create the letsencrypt config directory
|
||||
file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Create the letsencrypt services scripts directory
|
||||
file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Install the letsencrypt cli.ini file
|
||||
template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Install a default file that shell scripts can include
|
||||
template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Install the command that asks for the certificates and their renewal
|
||||
template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
||||
- name: Install a daily cron job to renew the certificates when needed
|
||||
cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1"
|
||||
when: letsencrypt_install
|
||||
tags: letsencrypt
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
rsa-key-size = {{ letsencrypt_rsa_key_size }}
|
||||
email = {{ letsencrypt_email }}
|
||||
authenticator = {{ letsencrypt_authenticator }}
|
||||
standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }}
|
||||
agree-tos = {{ letsencrypt_agree_tos }}
|
||||
{% if letsencrypt_verbose %}
|
||||
verbose = {{ letsencrypt_verbose }}
|
||||
{% endif %}
|
||||
text = {{ letsencrypt_text_interface }}
|
||||
renew-by-default = {{ letsencrypt_renew_by_default }}
|
|
@ -1,45 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
RENEW_BEFORE={{ letsencrypt_renew_before }}
|
||||
LETSENCRYPT_BIN={{ letsencrypt_auto }}
|
||||
LE_CERT_DIR={{ letsencrypt_certs_dir }}
|
||||
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
|
||||
LOG_DIR={{ letsencrypt_logdir }}
|
||||
VALIDITY_RETVAL=0
|
||||
DOMAINS="{{ letsencrypt_domains }}"
|
||||
CERT_DOMAINS_LIST=
|
||||
ACTION=certonly
|
||||
RETVAL=0
|
||||
|
||||
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
|
||||
if [ -f $LE_CERT_DIR/cert.pem ] ; then
|
||||
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
|
||||
VALIDITY_RETVAL=$?
|
||||
if [ $VALIDITY_RETVAL -eq 0 ] ; then
|
||||
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
|
||||
exit 0
|
||||
else
|
||||
ACTION=renew
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$ACTION" === "certonly" ] ; then
|
||||
for dom in $DOMAINS ; do
|
||||
CERT_DOMAINS_LIST+=" -d $dom"
|
||||
done
|
||||
fi
|
||||
|
||||
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
|
||||
$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
|
||||
RETVAL=$?
|
||||
|
||||
# Run the reconfiguration scripts to make the involved services load the new certificate
|
||||
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
|
||||
if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
|
||||
echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
|
||||
$LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }}
|
||||
LE_EMAIL={{ letsencrypt_email }}
|
||||
LE_AUTHENTICATOR={{ letsencrypt_authenticator }}
|
||||
LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }}
|
||||
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
|
||||
LE_COMMAND={{ letsencrypt_auto }}
|
||||
LE_CERTS_DIR={{ letsencrypt_certs_dir }}
|
||||
LE_LOG_DIR={{ letsencrypt_logdir }}
|
|
@ -35,7 +35,8 @@ command[global_check_linux_raid]={{ nagios_plugins_dir }}/check_raid
|
|||
command[global_check_smart]={{ nagios_isti_plugdir }}/check_smart -d $ARG1$ -i $ARG2$
|
||||
|
||||
# Network interfaces
|
||||
command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
|
||||
#command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
|
||||
command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e -D -S -n \(l\|eth\|p\|bond\)
|
||||
|
||||
# Restart ntp (via handler)
|
||||
command[global_restart_ntp]=/usr/bin/sudo /etc/init.d/ntp start
|
||||
|
|
|
@ -27,7 +27,6 @@ server {
|
|||
return 301 https://{{ item.server_name }}$request_uri;
|
||||
}
|
||||
{% else %}
|
||||
# This is the default for nginx on Ubuntu 14.04
|
||||
root {{ item.root | default('/usr/share/nginx/html/') }};
|
||||
index {{ item.index | default('index.html index.htm') }};
|
||||
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
||||
|
@ -81,7 +80,10 @@ server {
|
|||
{% endif %}
|
||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||
# Proxy stuff
|
||||
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
||||
{% else %}
|
||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||
{% endif %}
|
||||
{% if item.proxy_additional_options is defined %}
|
||||
{% for popt in item.proxy_additional_options %}
|
||||
{{ popt }};
|
||||
|
@ -171,7 +173,10 @@ server {
|
|||
{% endif %}
|
||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||
# Proxy stuff
|
||||
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
||||
{% else %}
|
||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||
{% endif %}
|
||||
{% if item.proxy_additional_options is defined %}
|
||||
{% for popt in item.proxy_additional_options %}
|
||||
{{ popt }}
|
||||
|
|
|
@ -62,12 +62,19 @@ psql_autovacuum_configuration:
|
|||
# SSL as a special case
|
||||
psql_enable_ssl: False
|
||||
psql_force_ssl_client_connection: False
|
||||
postgresql_letsencrypt_managed: True
|
||||
psql_conf_ssl_parameters:
|
||||
postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
|
||||
psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
|
||||
psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
|
||||
psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
|
||||
psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
|
||||
psql_conf_ssl_parameters:
|
||||
- { name: 'ssl', value: 'true' }
|
||||
- { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' }
|
||||
- { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' }
|
||||
- { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' }
|
||||
- { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }
|
||||
- { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_path }}' }
|
||||
- { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' }
|
||||
|
||||
psql_conf_disable_ssl_parameters:
|
||||
- { name: 'ssl', value: 'false' }
|
||||
|
||||
psql_set_shared_memory: False
|
||||
psql_sysctl_file: 30-postgresql-shm.conf
|
||||
|
|
|
@ -26,10 +26,8 @@ chgrp postgres ${PGPOOL2_KEYFILE}
|
|||
|
||||
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
sleep $RANDOM
|
||||
systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
else
|
||||
sleep $RANDOM
|
||||
service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1
|
||||
fi
|
||||
|
||||
|
|
|
@ -13,7 +13,8 @@ fi
|
|||
|
||||
# Remote backup performed by duplicity. When active, do not run via cron
|
||||
if [ -x /etc/cron.daily/duplicity_backup ] ; then
|
||||
echo "duplicity backups active. Exiting" > $LOG_FILE
|
||||
DATE=$( date )
|
||||
echo "$DATE: duplicity backups active. Exiting" >> $LOG_FILE
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
@ -23,7 +24,8 @@ if [ -f /var/log/backuppc.log ] ; then
|
|||
. /var/log/backuppc.log
|
||||
LAST_BACKUP_TIME=$( expr $TMSTMP - $BACKUP_TIMESTAMP )
|
||||
if [ $LAST_BACKUP_TIME -lt 86400 -a $BACKUP_RESULT == 'OK' ] ; then
|
||||
echo "BackupPC is active, doing nothing" > $LOG_FILE
|
||||
DATE=$( date )
|
||||
echo "$DATE: BackupPC is active, doing nothing" >> $LOG_FILE
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
@ -34,20 +36,22 @@ PG_RUNNING=$?
|
|||
|
||||
if [ $PG_BACKUP_ENABLED == 'True' ] ; then
|
||||
if [ "$PG_RUNNING" -ne "0" -a "$PG_RUNNING" -ne "3" ] ; then
|
||||
echo "The postgresql service is not running" > $LOG_FILE
|
||||
DATE=$( date )
|
||||
echo "$DATE: The postgresql service is not running" >> $LOG_FILE
|
||||
exit 1
|
||||
else
|
||||
if [ ! -d $LOG_DIR ] ; then
|
||||
mkdir -p $LOG_DIR
|
||||
fi
|
||||
DATE_START=$( date )
|
||||
echo "$DATE_START: Starting the backup procedure" > $LOG_FILE
|
||||
echo "$DATE_START: Starting the backup procedure" >> $LOG_FILE
|
||||
$PG_BCK_BIN >> $LOG_FILE 2>&1
|
||||
DATE_END=$( date )
|
||||
echo "$DATE_END: Backup procedure finished" >> $LOG_FILE
|
||||
fi
|
||||
else
|
||||
echo "Postgresql backups administratively disabled" > $LOG_FILE
|
||||
DATE=$( date )
|
||||
echo "$DATE: Postgresql backups administratively disabled" >> $LOG_FILE
|
||||
fi
|
||||
|
||||
if [ "${USE_NAGIOS}" == "yes" ] ; then
|
||||
|
|
|
@ -26,10 +26,8 @@ chgrp postgres ${POSTGRESQL_KEYFILE}
|
|||
|
||||
echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
|
||||
if [ -x /bin/systemctl ] ; then
|
||||
sleep $RANDOM
|
||||
systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
|
||||
else
|
||||
sleep $RANDOM
|
||||
service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
|
||||
fi
|
||||
|
||||
|
|
|
@ -32,11 +32,9 @@
|
|||
when: psql_pgpool_service_install
|
||||
- include: postgresql-letsencrypt-acmetool.yml
|
||||
when:
|
||||
- postgresql_letsencrypt_managed
|
||||
- letsencrypt_acme_install is defined
|
||||
- include: pgpool-letsencrypt-acmetool.yml
|
||||
when:
|
||||
- pgpool_letsencrypt_managed
|
||||
- letsencrypt_acme_install is defined
|
||||
|
||||
|
||||
|
|
|
@ -1,17 +1,23 @@
|
|||
---
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
- block:
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
|
||||
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
|
||||
|
||||
when:
|
||||
- psql_pgpool_service_install
|
||||
- pgpool_letsencrypt_managed
|
||||
- letsencrypt_acme_install
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
|
||||
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
|
||||
|
||||
- block:
|
||||
- name: Remove the letsencrypt hook for pgpool
|
||||
file: dest=/usr/lib/acme/hooks/pgpool state=absent
|
||||
|
||||
when:
|
||||
- psql_pgpool_service_install
|
||||
- pgpool_letsencrypt_managed
|
||||
- letsencrypt_acme_install
|
||||
- not pgpool_letsencrypt_managed
|
||||
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
|
||||
|
||||
|
|
|
@ -1,15 +1,21 @@
|
|||
---
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
- block:
|
||||
- name: Create the acme hooks directory if it does not yet exist
|
||||
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
|
||||
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
|
||||
|
||||
when:
|
||||
- postgresql_letsencrypt_managed
|
||||
- letsencrypt_acme_install
|
||||
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
|
||||
|
||||
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
|
||||
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
|
||||
when:
|
||||
- postgresql_letsencrypt_managed
|
||||
- letsencrypt_acme_install
|
||||
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
|
||||
|
||||
- block:
|
||||
- name: Remove the letsencrypt certificate hook for postgresql
|
||||
file: dest=/usr/lib/acme/hooks/postgresql state=absent
|
||||
|
||||
when:
|
||||
- not postgresql_letsencrypt_managed
|
||||
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- block:
|
||||
- name: Setup ssl in the postgresql configuration
|
||||
- name: Setup SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
|
@ -11,7 +11,19 @@
|
|||
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
|
||||
|
||||
- name: Create a postgres accessible ssl key file if it does not exist
|
||||
copy: src=/var/lib/acme/live/{{ ansible_fqdn }}/privkey dest=/etc/pki/postgresql/postgresql.key owner=postgres group=postgres mode=0400 remote_src=True
|
||||
copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True
|
||||
|
||||
when: psql_enable_ssl
|
||||
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
|
||||
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
|
||||
|
||||
|
||||
- block:
|
||||
- name: Disable SSL in the postgresql configuration
|
||||
become: True
|
||||
become_user: postgres
|
||||
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
|
||||
with_items: '{{ psql_conf_disable_ssl_parameters }}'
|
||||
notify: Restart postgresql
|
||||
|
||||
when: not psql_enable_ssl
|
||||
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
shinyproxy_install: False
|
||||
shinyproxy_version: 1.0.0
|
||||
shinyproxy_version: 1.0.2
|
||||
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
|
||||
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
|
||||
shinyproxy_app_name: shinyproxy.jar
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
accounting_insert_storage_se_plugin_install: False
|
||||
accounting_insert_storage_se_plugin_upgrade: False
|
||||
|
||||
accounting_insert_storage_se_plugin_name: accounting-insert-storage-se-plugin
|
||||
accounting_insert_storage_se_plugin_group_id: org.gcube.accounting
|
||||
accounting_insert_storage_se_plugin_version : 1.0.1-4.5.0-148393
|
||||
accounting_insert_storage_se_plugin_artifact_id: accounting-insert-storage-se-plugin
|
||||
accounting_insert_storage_se_plugin_extension: jar
|
||||
accounting_insert_storage_se_plugin_classifier: jar-with-dependencies
|
||||
accounting_insert_storage_se_plugin_file: '{{ accounting_insert_storage_se_plugin_name }}-{{ accounting_insert_storage_se_plugin_version }}-{{ accounting_insert_storage_se_plugin_classifier }}.{{ accounting_insert_storage_se_plugin_extension }}'
|
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the old accounting insert storage plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: not accounting_insert_storage_se_plugin_install
|
||||
tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Get the accounting insert storage plugin and install it inside the smart executor
|
||||
maven_artifact: artifact_id={{ accounting_insert_storage_se_plugin_name }} version={{ accounting_insert_storage_se_plugin_version | default(omit) }} group_id={{ accounting_insert_storage_se_plugin_group_id }} extension={{ accounting_insert_storage_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ accounting_insert_storage_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }}
|
||||
register: accounting_insert_storage_download
|
||||
|
||||
- name: Remove the old accounting insert storage plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
|
||||
when: (accounting_insert_storage_download | changed)
|
||||
|
||||
- name: Copy the accounting aggregator plugin to its final destination
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_file }} remote_src=yes
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: accounting_insert_storage_se_plugin_install
|
||||
tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]
|
||||
|
|
@ -2,7 +2,7 @@
|
|||
accounting_insert_rstudio_se_plugin_install: False
|
||||
accounting_insert_rstudio_se_plugin_name: accounting-insert-rstudio-se-plugin
|
||||
|
||||
accounting_insert_rstudio_se_plugin_version: '1.0.0-4.4.0-142716'
|
||||
accounting_insert_rstudio_se_plugin_version: 'latest'
|
||||
accounting_insert_rstudio_se_plugin_group_id: 'org.gcube.accounting'
|
||||
accounting_insert_rstudio_se_plugin_artifact_id: accounting-insert-rstudio-se-plugin
|
||||
accounting_insert_rstudio_se_plugin_extension: jar
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the old accounting insert storage plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Disable the cron job that calculates the home used space
|
||||
|
@ -18,7 +18,7 @@
|
|||
register: accounting_insert_rstudio_download
|
||||
|
||||
- name: Remove the old accounting insert storage plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
|
||||
when: (accounting_insert_rstudio_download | changed)
|
||||
|
||||
- name: Copy the accounting aggregator plugin to its final destination
|
||||
|
@ -30,6 +30,7 @@
|
|||
template: src=calculate_home_space.j2 dest=/usr/local/bin/calculate_home_space mode=0755 owner=root group=root
|
||||
|
||||
- name: Install a cron job that calculates the home used space
|
||||
become_user: root
|
||||
cron: name="Calculate the home used space" special_time=hourly user=root job="/usr/local/bin/calculate_home_space >/dev/null 2>&1"
|
||||
|
||||
become: True
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
---
|
||||
ckan_connector_gcube_repository: 'gcube-staging'
|
||||
ckan_connector_plugin_install: False
|
||||
ckan_connector_ver: 1.1.2-4.3.0-142056
|
||||
ckan_connector_ver: latest
|
||||
ckan_connector_name: ckan-connector
|
||||
ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.war'
|
||||
ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ ckan_connector_gcube_repository }}/org/gcube/data/access/{{ ckan_connector_name }}/{{ ckan_connector_ver}}/{{ ckan_connector_filename }}'
|
||||
ckan_connector_war_file: '{{ ckan_connector_name }}.war'
|
||||
ckan_connector_extension: war
|
||||
ckan_connector_group_id: org.gcube.data.access
|
||||
ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.{{ ckan_connector_extension }}'
|
||||
|
||||
ckan_connector_user: ckan_connector
|
||||
|
|
|
@ -1,29 +1,53 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the installed CKAN connector
|
||||
file: dest={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Remove the CKAN connector fixer script
|
||||
become_user: root
|
||||
file: dest=/usr/local/bin/ckan-connector-fixer state=absent
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: not ckan_connector_plugin_install
|
||||
tags: [ 'smartgears', 'ckan', 'ckan_connector', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Get the CKAN connector war file
|
||||
maven_artifact: artifact_id={{ ckan_connector_name }} version={{ ckan_connector_ver }} group_id={{ ckan_connector_group_id }} extension={{ ckan_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }}
|
||||
register: ckan_connector_download
|
||||
|
||||
- name: Remove the installed CKAN connector before upgrading
|
||||
file: dest={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/ckan-connector'
|
||||
- '{{ smartgears_instance_path }}/webapps/ckan-connector.war'
|
||||
when: smartgears_upgrade
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
|
||||
when: ( ckan_connector_download | changed )
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Get the CKAN connector war file
|
||||
get_url: url={{ ckan_connector_url }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
|
||||
- name: Create the CKAN connector webapp directory
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=directory
|
||||
when: ( ckan_connector_download | changed )
|
||||
|
||||
- name: Unpack the CKAN connector war file
|
||||
shell: mkdir {{ smartgears_instance_path }}/webapps/ckan-connector ; cd {{ smartgears_instance_path }}/webapps/ckan-connector ; jar xf {{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
|
||||
- name: Unarchive the CKAN connector war file
|
||||
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}
|
||||
args:
|
||||
creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/web.xml'
|
||||
creates: '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}/WEB-INF/web.xml'
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Install the CKAN connector web.xml template
|
||||
template: src=ckan-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.tpl mode=0440
|
||||
|
||||
- name: Install the CKAN connector fixer script
|
||||
become: False
|
||||
become_user: root
|
||||
template: src=ckan-connector-fixer.sh.j2 dest=/usr/local/bin/ckan-connector-fixer owner=root group=root mode=0550
|
||||
|
||||
- name: Fix the CKAN connector web.xml
|
||||
become: False
|
||||
become_user: root
|
||||
shell: /usr/local/bin/ckan-connector-fixer init
|
||||
args:
|
||||
creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.configured'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
fhn_manager_install: False
|
||||
smart_executor_install: False
|
||||
fhn_manager_version: 1.2.4-4.7.0-154701
|
||||
fhn_manager_version: 1.2.4-4.8.0-154701
|
||||
fhn_manager_name: fhn-manager-service
|
||||
fhn_group_id: org.gcube.resources.federation
|
||||
fhn_extension: war
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
<group>{{ item.webapp_group }}</group>
|
||||
<version>{{ item.version }}</version>
|
||||
{% if item.description is defined %}
|
||||
<description> "{{ item.description }}" </description>
|
||||
<description> {{ item.description }} </description>
|
||||
{% endif %}
|
||||
{% if item.persistence_location is defined %}
|
||||
<persistence location="{{ item.persistence_location }}"/>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: not gcube_geoserver_connector_install
|
||||
tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
|
||||
tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Get the gcube connector
|
||||
|
@ -26,4 +26,4 @@
|
|||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: gcube_geoserver_connector_install
|
||||
tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
|
||||
tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]
|
||||
|
|
|
@ -1,14 +1,28 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the old is-exporter plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/is-exporter-se-plugin-*-jar-with-dependencies.jar
|
||||
when: is_exporter_se_plugin_upgrade
|
||||
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: not is_exporter_se_plugin_install
|
||||
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Download the is-exporter plugin
|
||||
maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }}
|
||||
register: is_exporter_plugin_download
|
||||
|
||||
- name: Remove the old is-exporter plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
|
||||
when: ( is_exporter_plugin_download | changed )
|
||||
|
||||
- name: Install the is-exporter plugin inside the smart executor lib directory
|
||||
maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }}
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }} remote_src=yes force=yes
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: is_exporter_se_plugin_install
|
||||
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
|
||||
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
- name: Remove the old is-sweeper plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_name }}-*-{{ is_sweeper_se_plugin_classifier }}.{{ is_sweeper_se_plugin_extension }}
|
||||
when: ( is_sweeper_plugin_download )
|
||||
when: ( is_sweeper_plugin_download | changed )
|
||||
|
||||
- name: Install the is-sweeper plugin inside the smart executor lib directory
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ is_sweeper_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_file }} remote_src=yes force=yes
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
quota_se_plugin_install: False
|
||||
quota_se_plugin_upgrade: False
|
||||
|
||||
quota_se_plugin_name: accounting-insert-storage-se-plugin
|
||||
quota_se_plugin_group_id: org.gcube.accounting
|
||||
quota_se_plugin_version : 1.0.1-4.5.0-148393
|
||||
quota_se_plugin_artifact_id: accounting-insert-storage-se-plugin
|
||||
quota_se_plugin_extension: jar
|
||||
quota_se_plugin_classifier: jar-with-dependencies
|
||||
quota_se_plugin_file: '{{ quota_se_plugin_name }}-{{ quota_se_plugin_version }}-{{ quota_se_plugin_classifier }}.{{ quota_se_plugin_extension }}'
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the old quota plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_artifact_id }}-*-jar-with-dependencies.jar
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: not quota_se_plugin_install
|
||||
tags: [ 'smartgears', 'quota_se', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Get the quota plugin and install it inside the smart executor
|
||||
maven_artifact: artifact_id={{ quota_se_plugin_name }} version={{ quota_se_plugin_version | default(omit) }} group_id={{ quota_se_plugin_group_id }} extension={{ quota_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ quota_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }}
|
||||
register: quota_storage_download
|
||||
|
||||
- name: Remove the old quota plugin
|
||||
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
|
||||
when: (quota_storage_download | changed)
|
||||
|
||||
- name: Copy the quota plugin to its final destination
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_file }} remote_src=yes
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
when: quota_se_plugin_install
|
||||
tags: [ 'smartgears', 'quota_se', 'tomcat' ]
|
||||
|
|
@ -1,10 +1,11 @@
|
|||
---
|
||||
- block:
|
||||
- name: Remove the installed R connector before upgrading
|
||||
- name: Remove the installed R connector
|
||||
file: dest={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Remove the packages required to enable the LDAP PAM authentication
|
||||
become: False
|
||||
|
@ -32,20 +33,22 @@
|
|||
register: r_connector_download
|
||||
|
||||
- name: Remove the installed R connector before upgrading
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=absent
|
||||
file: dest={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
|
||||
notify: Restart smartgears
|
||||
when: ( r_connector_download | changed )
|
||||
|
||||
- name: Create the R connector webapp directory
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=directory
|
||||
when: ( r_connector_download | changed )
|
||||
|
||||
- name: Copy the R connector war file into the webapps directory
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }} remote_src=yes force=yes
|
||||
|
||||
- name: Unarchive the R connector war file
|
||||
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}
|
||||
args:
|
||||
creates: '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml'
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Obtain the permission to read the Rstudio secure cookie key
|
||||
become_user: root
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ d4science_user }}'
|
||||
|
@ -17,17 +18,16 @@
|
|||
register: resource_registry_download
|
||||
|
||||
- name: Remove the old resource-registry files
|
||||
file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=absent
|
||||
file: path={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
|
||||
when: ( resource_registry_download | changed )
|
||||
|
||||
- name: Create the resource-registry working directory
|
||||
file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }}
|
||||
when: ( resource_registry_download | changed )
|
||||
|
||||
- name: Copy the resource registry war file into the webapps directory
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }} remote_src=yes force=yes
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Unarchive the resource registry war
|
||||
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} creates={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}/WEB-INF/lib
|
||||
notify: Restart smartgears
|
||||
|
|
|
@ -6,8 +6,9 @@ sis_geotk_dt_plugin_group_id : org.gcube.data.transfer
|
|||
sis_geotk_dt_plugin_artifact_id : '{{ sis_geotk_dt_plugin_name }}'
|
||||
sis_geotk_dt_plugin_version : latest
|
||||
sis_geotk_dt_plugin_extension: jar
|
||||
sis_geotk_dt_plugin_classifier: jar-with-dependencies
|
||||
sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-jar-with-dependencies.{{ sis_geotk_dt_plugin_extension }}'
|
||||
sis_geotk_dt_plugin_classifier: uberjar
|
||||
sis_geotk_dt_plugin_uber_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-{{ sis_geotk_dt_plugin_classifier }}.{{ sis_geotk_dt_plugin_extension }}'
|
||||
sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}.{{ sis_geotk_dt_plugin_extension }}'
|
||||
|
||||
catalina_apps_conf:
|
||||
- { app_name: '{{ data_trasfer_service_name }}', plugin_name: '{{ sis_geotk_dt_plugin_name }}' }
|
||||
|
|
|
@ -9,24 +9,31 @@
|
|||
tags: [ 'smartgears', 'sis_geotk', 'tomcat' ]
|
||||
|
||||
- block:
|
||||
- name: Create the plugin directory inside data transfer
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
|
||||
|
||||
- name: Get the Sis geotk data transfer plugin
|
||||
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version | default(omit) }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }}
|
||||
register: sis_geotk_download
|
||||
- name: Get the Sis geotk data transfer uber plugin
|
||||
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }}
|
||||
register: sis_geotk_download
|
||||
|
||||
- name: Remove the old Sis geotk data transfer plugin
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=absent
|
||||
when: (sis_geotk_download | changed)
|
||||
|
||||
- name: Copy the Sis geotk data transfer plugin to its final destination
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ sis_geotk_dt_plugin_file }} remote_src=yes
|
||||
- name: Create the plugin directory inside data transfer
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
|
||||
|
||||
- name: Unarchive the Sis geotk data transfer uber plugin to expose its libraries
|
||||
unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
|
||||
when: (sis_geotk_download | changed)
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Unarchive the Sis geotk data transfer plugin to expose its libraries
|
||||
unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
|
||||
when: (sis_geotk_download | changed)
|
||||
- name: Get the Sis geotk data transfer uber plugin
|
||||
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes
|
||||
|
||||
- name: Remove the Sis geotk uber jar org and META-INF directories
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent
|
||||
with_items:
|
||||
- org
|
||||
- 'META-INF'
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ smartgears_user }}'
|
||||
|
|
|
@ -69,6 +69,18 @@ server {
|
|||
{% if context != "whn-manager" %}
|
||||
{% if context != '' %}
|
||||
location /{{ context }} {
|
||||
{% if varnish_install is defined and varnish_install %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
|
@ -79,6 +91,7 @@ server {
|
|||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
@ -198,6 +211,18 @@ server {
|
|||
{% if context != "whn-manager" %}
|
||||
{% if context != '' %}
|
||||
location /{{ context }} {
|
||||
{% if varnish_install is defined and varnish_install %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if smartgears_nginx_cors_enabled %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% if nginx_cors_extended_rules %}
|
||||
|
@ -208,6 +233,7 @@ server {
|
|||
{% else %}
|
||||
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -56,6 +56,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
|
|||
smartgears_log_use_timesize_appender: True
|
||||
smartgears_loglevel: WARN
|
||||
smartgears_dataanalysis_loglevel: DEBUG
|
||||
smartgears_dataanalysis_log_max_history: 90
|
||||
smartgears_log_max_history: 30
|
||||
smartgears_log_max_file_size: 10MB
|
||||
smartgears_log_total_file_cap: 2GB
|
||||
|
|
|
@ -72,7 +72,7 @@
|
|||
{% if smartgears_log_use_timesize_appender %}
|
||||
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
|
||||
<fileNamePattern>{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
|
||||
<maxHistory>{{ smartgears_log_max_history }}</maxHistory>
|
||||
<maxHistory>{{ smartgears_dataanalysis_log_max_history }}</maxHistory>
|
||||
<maxFileSize>{{ smartgears_log_max_file_size }}</maxFileSize>
|
||||
<totalSizeCap>{{ smartgears_log_total_file_cap }}</totalSizeCap>
|
||||
</rollingPolicy>
|
||||
|
@ -80,7 +80,7 @@
|
|||
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
|
||||
<maxFileSize>{{ smartgears_log_max_file_size }}</maxFileSize>
|
||||
<fileNamePattern>{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.log</fileNamePattern>
|
||||
<maxHistory>{{ smartgears_log_max_history }}</maxHistory>
|
||||
<maxHistory>{{ smartgears_dataanalysis_log_max_history }}</maxHistory>
|
||||
</rollingPolicy>
|
||||
{% endif %}
|
||||
</appender>
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
|
||||
notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ d4science_user }}'
|
||||
|
@ -14,6 +15,15 @@
|
|||
- block:
|
||||
- name: Get the social-networking-library-ws war
|
||||
maven_artifact: artifact_id={{ social_networking_library_ws_name }} version={{ social_networking_library_ws_version | default(omit) }} group_id={{ social_networking_library_ws_group_id }} extension={{ social_networking_library_ws_extension | default('war') }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }}
|
||||
register: social_networking_library_ws_download
|
||||
|
||||
- name: Remove the old social-networking-library-ws files when upgrading
|
||||
file: path={{ item }} state=absent
|
||||
with_items:
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
|
||||
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
|
||||
when: ( social_networking_library_ws_download | changed )
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Copy the social_networking_library_ws war into the tomcat webapps dir
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }} dest={{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }} remote_src=yes force=yes
|
||||
|
|
|
@ -31,6 +31,10 @@ tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC"
|
|||
# exactly one CPU chip that contains one or two cores, you should also add
|
||||
# the "-XX:+CMSIncrementalMode" option.
|
||||
#tomcat_m_other_java_opts: "-Djsse.enableSNIExtension=false"
|
||||
tomcat_m_reverse_proxy_name_enabled: False
|
||||
tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}'
|
||||
tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}'
|
||||
|
||||
tomcat_m_other_java_opts: ""
|
||||
tomcat_m_webapps_autodeploy: False
|
||||
tomcat_m_webapps_unpack: False
|
||||
|
|
|
@ -38,8 +38,12 @@
|
|||
<Service name="Catalina">
|
||||
|
||||
{% if item.http_enabled %}
|
||||
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
||||
maxThreads="{{ item.max_threads }}" minSpareThreads="10"/>
|
||||
<Executor name="tomcatThreadPool"
|
||||
namePrefix="catalina-exec-"
|
||||
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
|
||||
maxThreads="{{ item.max_threads }}"
|
||||
minSpareThreads="10"
|
||||
/>
|
||||
{% endif %}
|
||||
|
||||
<!-- A "Connector" represents an endpoint by which requests are received
|
||||
|
@ -53,20 +57,32 @@
|
|||
<!-- A http "Connector" using the shared thread pool-->
|
||||
<Connector executor="tomcatThreadPool"
|
||||
enableLookups="false"
|
||||
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
|
||||
maxThreads="{{ item.max_threads }}" connectionTimeout="60000"
|
||||
URIEncoding="UTF-8" bindOnInit="false" address="{{ item.http_address }}"
|
||||
port="{{ item.http_port }}" protocol="HTTP/1.1"
|
||||
maxPostSize="{{ item.max_post_size | default(104857600) }}"
|
||||
redirectPort="8443" />
|
||||
{% if tomcat_m_reverse_proxy_name_enabled %}
|
||||
proxyName="{{ tomcat_m_reverse_proxy_name }}"
|
||||
proxyPort="{{ tomcat_m_reverse_proxy_port }}"
|
||||
{% endif %}
|
||||
/>
|
||||
{% endif %}
|
||||
|
||||
{% if item.ajp_enabled %}
|
||||
<!-- Define an AJP 1.3 Connector on port {{ tomcat_ajp_port }} -->
|
||||
<Connector port="{{ item.ajp_port }}" protocol="AJP/1.3" redirectPort="8443"
|
||||
enableLookups="false" address="{{ item.ajp_address }}"
|
||||
<Connector port="{{ item.ajp_port }}" protocol="AJP/1.3"
|
||||
enableLookups="false"
|
||||
address="{{ item.ajp_address }}"
|
||||
URIEncoding="UTF-8"
|
||||
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
|
||||
maxThreads="{{ item.max_threads }}"
|
||||
connectionTimeout="60000"
|
||||
maxPostSize="{{ item.max_post_size | default(104857600) }}"
|
||||
{% if tomcat_m_reverse_proxy_name_enabled %}
|
||||
proxyName="{{ tomcat_m_reverse_proxy_name }}"
|
||||
proxyPort="{{ tomcat_m_reverse_proxy_port }}"
|
||||
{% endif %}
|
||||
URIEncoding="UTF-8" bindOnInit="false" />
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@ tomcat_pkgs:
|
|||
- libapr1
|
||||
tomcat_user: tomcat7
|
||||
tomcat_max_threads: 200
|
||||
|
||||
tomcat_min_heap_size: 2048m
|
||||
tomcat_permgen_defined: True
|
||||
tomcat_heap_size: '{{ tomcat_min_heap_size }}'
|
||||
|
@ -29,6 +30,9 @@ tomcat_ajp_enabled: False
|
|||
tomcat_ajp_port: 8009
|
||||
tomcat_ajp_address: 127.0.0.1
|
||||
tomcat_direct_access: False
|
||||
tomcat_reverse_proxy_name_enabled: False
|
||||
tomcat_reverse_proxy_name: '{{ ansible_fqdn }}'
|
||||
tomcat_reverse_proxy_port: '{{ http_port | default(80) }}'
|
||||
# There is a bug that kills tomcat after 50 days if the shutdown port is enabled
|
||||
# Disable the shutdown port by default
|
||||
#tomcat_shutdown_port: 8005
|
||||
|
|
|
@ -62,8 +62,11 @@
|
|||
|
||||
{% if tomcat_http_enabled %}
|
||||
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
|
||||
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
||||
maxThreads="{{ tomcat_max_threads }}" minSpareThreads="10"/>
|
||||
<Executor name="tomcatThreadPool"
|
||||
namePrefix="catalina-exec-"
|
||||
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
|
||||
maxThreads="{{ tomcat_max_threads }}"
|
||||
minSpareThreads="10"/>
|
||||
{% endif %}
|
||||
|
||||
<!-- A "Connector" represents an endpoint by which requests are received
|
||||
|
@ -76,29 +79,32 @@
|
|||
{% if tomcat_http_enabled %}
|
||||
<!-- A http "Connector" using the shared thread pool-->
|
||||
<Connector executor="tomcatThreadPool"
|
||||
enableLookups="false" maxPostSize="{{ tomcat_max_post_size }}"
|
||||
enableLookups="false"
|
||||
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
|
||||
maxThreads="{{ tomcat_max_threads }}" connectionTimeout="60000"
|
||||
URIEncoding="UTF-8" bindOnInit="false" address="{{ tomcat_http_address }}"
|
||||
port="{{ tomcat_http_port }}" protocol="HTTP/1.1"
|
||||
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
|
||||
redirectPort="8443" />
|
||||
{% if tomcat_reverse_proxy_name_enabled %}
|
||||
proxyName="{{ tomcat_reverse_proxy_name }}"
|
||||
proxyPort="{{ tomcat_reverse_proxy_port }}"
|
||||
{% endif %}
|
||||
/>
|
||||
|
||||
<!-- Define a SSL HTTP/1.1 Connector on port 8443
|
||||
This connector uses the JSSE configuration, when using APR, the
|
||||
connector should be using the OpenSSL style configuration
|
||||
described in the APR documentation -->
|
||||
<!--
|
||||
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
|
||||
maxThreads="150" scheme="https" secure="true"
|
||||
clientAuth="false" sslProtocol="TLS" />
|
||||
-->
|
||||
{% endif %}
|
||||
{% if tomcat_ajp_enabled %}
|
||||
<!-- Define an AJP 1.3 Connector on port {{ tomcat_ajp_port }} -->
|
||||
<Connector port="{{ tomcat_ajp_port }}" protocol="AJP/1.3" redirectPort="8443"
|
||||
enableLookups="false" address="{{ tomcat_ajp_address }}" maxPostSize="{{ tomcat_max_post_size }}"
|
||||
maxThreads="{{ tomcat_max_threads }}" connectionTimeout="60000"
|
||||
<Connector port="{{ tomcat_ajp_port }}" protocol="AJP/1.3"
|
||||
enableLookups="false" address="{{ tomcat_ajp_address }}"
|
||||
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
|
||||
URIEncoding="UTF-8"
|
||||
maxThreads="{{ tomcat_max_threads }}"
|
||||
connectionTimeout="60000"
|
||||
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
|
||||
{% if tomcat_reverse_proxy_name_enabled %}
|
||||
proxyName="{{ tomcat_reverse_proxy_name }}"
|
||||
proxyPort="{{ tomcat_reverse_proxy_port }}"
|
||||
{% endif %}
|
||||
URIEncoding="UTF-8" bindOnInit="false" />
|
||||
{% endif %}
|
||||
|
||||
|
|
Loading…
Reference in New Issue