tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git://gitorious.research-infrastructures.eu/infrastructure-management/ansible-playbooks

This commit is contained in:
daniele-pavia 2017-12-06 12:01:40 +01:00
parent 5f82399fd9 d9052c3e65
commit b96c18c772
54 changed files with 331 additions and 309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
R/tasks/r-packages-updater.yml
View File

@ -7,10 +7,10 @@
file: dest={{ r_packages_svn_base_dir }} state=directory
- name: Cron job that installs new R packages, if any
cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" hour="5-0,1-2" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present
- name: Cron job that upgrades existing R packages and installs new ones, if any
cron: name="install new R packages" user=root cron_file=upgrade-r-packages hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
cron: name="install new R packages" user=root cron_file=upgrade-r-packages minute="7" hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present
when: r_packages_updater
tags: [ 'r_software', 'r_pkg', 'r_plugins', 'r_plugins_github', 'r_cran_pkgs', 'r_github_pkgs', 'r_packages_updater' ]

2
R/templates/update_r_packages.sh.j2
View File

@ -75,7 +75,7 @@ function fail() {
function init_env() {
if [ -f $LOCK_FILE ] ; then
OLDPROC=$( cat $LOCK_FILE )
OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC )
OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC | awk '{ print $2 }' )
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
logger "update_r_packages: $OLDPROC_RUNNING"

3
docker/meta/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
dependencies:
- role: '../../library/roles/python-env'

6
docker/vars/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
py_env_install: True
py_env_pip_pkgs:
- docker-compose
- docker-py

9
joomla-org/defaults/main.yml
View File

@ -1,8 +1,13 @@
---
joomla_dist_name: Joomla
joomla_dist_version: 3.4.8
joomla_major: 3
joomla_minor: 8
joomla_fix: 2
joomla_dist_version: '{{ joomla_major }}.{{ joomla_minor }}.{{ joomla_fix }}'
joomla_dist_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
joomla_tar_url: 'https://github.com/joomla/joomla-cms/releases/download/{{ joomla_dist_version }}/{{ joomla_dist_file }}'
joomla_download_version: '{{ joomla_major }}-{{ joomla_minor }}-{{ joomla_fix }}'
joomla_download_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip'
joomla_tar_url: 'https://downloads.joomla.org/cms/joomla{{ joomla_major }}/{{ joomla_download_version }}/{{ joomla_download_file }}?format=zip'
joomla_download_dir: /srv/joomla
joomla_install_dir: /var/www

8
joomla-org/tasks/main.yml
View File

@ -1,7 +1,7 @@
---
- name: Install the joomla php prerequisites
apt: name={{ item }} state=present
with_items: joomla_php_prereq
with_items: '{{ joomla_php_prereq }}'
tags: joomla
- name: Ensure that the download and install dirs exist
@ -12,7 +12,7 @@
tags: joomla
- name: Download the joomla distribution file
get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }}
get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }} validate_certs=no
register: joomla_download
tags: joomla
@ -25,14 +25,14 @@
shell: cp -a {{ joomla_download_dir }}/joomla-unpacked/* {{ joomla_install_dir }}/
args:
creates: '{{ joomla_install_dir }}/index.php'
with_items: phpfpm_pools
with_items: '{{ phpfpm_pools }}'
when: ( joomla_download | changed )
register: unpack_joomla
tags: joomla
- name: Set the correct ownership of the joomla files
file: dest={{ joomla_install_dir }} owner={{ item.user }} group={{ item.group }} recurse=yes state=directory
with_items: phpfpm_pools
with_items: '{{ phpfpm_pools }}'
when: ( unpack_joomla | changed )
tags: joomla

3
letsencrypt-acmetool-client/defaults/main.yml
View File

@ -22,7 +22,8 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fq
letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks
# responses parameters
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'
letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
letsencrypt_acme_agree_tos: true
letsencrypt_acme_rsa_key_size: 4096
letsencrypt_ocsp_must_staple: True

6
letsencrypt-acmetool-client/tasks/main.yml
View File

@ -28,7 +28,7 @@
- name: Create the letsencrypt acme user
user: name={{ letsencrypt_acme_user }} home={{ letsencrypt_acme_user_home }} createhome=no shell=/usr/sbin/nologin system=yes
when: letsencrypt_acme_install
tags: letsencrypt
tags: [ 'letsencrypt', 'letsencrypt_user' ]
- name: Create the letsencrypt acme home, if it does not exist already. In a separate step because it could be already there.
file: dest={{ letsencrypt_acme_user_home }} owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} state=directory recurse=yes
@ -93,7 +93,7 @@
capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=absent
when:
- letsencrypt_acme_install
- "'{{ letsencrypt_acme_authenticator }}' != 'listener'"
- letsencrypt_acme_authenticator != 'listener'
ignore_errors: True
tags: letsencrypt
@ -125,7 +125,7 @@
- name: Install a daily cron job to renew the certificates when needed
become: True
become_user: '{{ letsencrypt_acme_user }}'
cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1"
when: letsencrypt_acme_install
tags: letsencrypt

33
letsencrypt-client/defaults/main.yml
View File

@ -1,33 +0,0 @@
---
letsencrypt_install: False
letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt'
letsencrypt_dest_dir: /opt
letsencrypt_update_repo: True
letsencrypt_prerequisites:
- git
- bc
letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto'
letsencrypt_install_path: /root/.local/share/letsencrypt
letsencrypt_config_dir: /etc/letsencrypt
letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}'
# In seconds. Default 7 days
letsencrypt_renew_before: 604800
letsencrypt_logdir: /var/log/letsencrypt
# The various services maintainers need to put the reconfigure/restart scripts there
letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt
# cli.ini parameters
letsencrypt_rsa_key_size: 4096
letsencrypt_email: sysadmin@example.com
letsencrypt_authenticator: standalone
letsencrypt_standalone_supp_challenges: 'http-01'
letsencrypt_agree_tos: True
letsencrypt_verbose: False
letsencrypt_text_interface: True
# The first on the list gives the name to the certs live directory.
# If it is not the machine FQDN, change the letsencrypt_cert_dir definition.
letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org'
letsencrypt_renew_by_default: True
letsencrypt_standalone_port: 9999

50
letsencrypt-client/tasks/main.yml
View File

@ -1,50 +0,0 @@
---
- name: Install the letsencrypt package dependencies
apt: name={{ item }} state=present
with_items: '{{ letsencrypt_prerequisites }}'
when: letsencrypt_install
tags: letsencrypt
- name: Get the letsencrypt client
git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }}
with_items: '{{ letsencrypt_prerequisites }}'
when: letsencrypt_install
tags: letsencrypt
- name: letsencrypt initializaztion
command: '{{ letsencrypt_auto }}'
args:
creates: '{{ letsencrypt_install_path }}/bin/letsencrypt'
when: letsencrypt_install
tags: letsencrypt
- name: Create the letsencrypt config directory
file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755
when: letsencrypt_install
tags: letsencrypt
- name: Create the letsencrypt services scripts directory
file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755
when: letsencrypt_install
tags: letsencrypt
- name: Install the letsencrypt cli.ini file
template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640
when: letsencrypt_install
tags: letsencrypt
- name: Install a default file that shell scripts can include
template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644
when: letsencrypt_install
tags: letsencrypt
- name: Install the command that asks for the certificates and their renewal
template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550
when: letsencrypt_install
tags: letsencrypt
- name: Install a daily cron job to renew the certificates when needed
cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1"
when: letsencrypt_install
tags: letsencrypt

10
letsencrypt-client/templates/cli.ini.j2
View File

@ -1,10 +0,0 @@
rsa-key-size = {{ letsencrypt_rsa_key_size }}
email = {{ letsencrypt_email }}
authenticator = {{ letsencrypt_authenticator }}
standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }}
agree-tos = {{ letsencrypt_agree_tos }}
{% if letsencrypt_verbose %}
verbose = {{ letsencrypt_verbose }}
{% endif %}
text = {{ letsencrypt_text_interface }}
renew-by-default = {{ letsencrypt_renew_by_default }}

45
letsencrypt-client/templates/letsencrypt-cert-request.sh.j2
View File

@ -1,45 +0,0 @@
#!/bin/bash
RENEW_BEFORE={{ letsencrypt_renew_before }}
LETSENCRYPT_BIN={{ letsencrypt_auto }}
LE_CERT_DIR={{ letsencrypt_certs_dir }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LOG_DIR={{ letsencrypt_logdir }}
VALIDITY_RETVAL=0
DOMAINS="{{ letsencrypt_domains }}"
CERT_DOMAINS_LIST=
ACTION=certonly
RETVAL=0
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
if [ -f $LE_CERT_DIR/cert.pem ] ; then
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
VALIDITY_RETVAL=$?
if [ $VALIDITY_RETVAL -eq 0 ] ; then
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
exit 0
else
ACTION=renew
fi
fi
if [ "$ACTION" === "certonly" ] ; then
for dom in $DOMAINS ; do
CERT_DOMAINS_LIST+=" -d $dom"
done
fi
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
RETVAL=$?
# Run the reconfiguration scripts to make the involved services load the new certificate
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
$LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
fi
done
exit 0

8
letsencrypt-client/templates/letsencrypt-default.j2
View File

@ -1,8 +0,0 @@
RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }}
LE_EMAIL={{ letsencrypt_email }}
LE_AUTHENTICATOR={{ letsencrypt_authenticator }}
LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LE_COMMAND={{ letsencrypt_auto }}
LE_CERTS_DIR={{ letsencrypt_certs_dir }}
LE_LOG_DIR={{ letsencrypt_logdir }}

3
nagios/templates/common-nrpe.cfg.j2
View File

@ -35,7 +35,8 @@ command[global_check_linux_raid]={{ nagios_plugins_dir }}/check_raid
command[global_check_smart]={{ nagios_isti_plugdir }}/check_smart -d $ARG1$ -i $ARG2$
# Network interfaces
command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
#command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e
command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e -D -S -n \(l\|eth\|p\|bond\)
# Restart ntp (via handler)
command[global_restart_ntp]=/usr/bin/sudo /etc/init.d/ntp start

7
nginx/templates/nginx-virthost.j2
View File

@ -27,7 +27,6 @@ server {
return 301 https://{{ item.server_name }}$request_uri;
}
{% else %}
# This is the default for nginx on Ubuntu 14.04
root {{ item.root | default('/usr/share/nginx/html/') }};
index {{ item.index | default('index.html index.htm') }};
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
@ -81,7 +80,10 @@ server {
{% endif %}
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
# Proxy stuff
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
{% else %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% endif %}
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }};
@ -171,7 +173,10 @@ server {
{% endif %}
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
# Proxy stuff
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
{% else %}
include /etc/nginx/snippets/nginx-proxy-params.conf;
{% endif %}
{% if item.proxy_additional_options is defined %}
{% for popt in item.proxy_additional_options %}
{{ popt }}

17
postgresql/defaults/main.yml
View File

@ -62,12 +62,19 @@ psql_autovacuum_configuration:
# SSL as a special case
psql_enable_ssl: False
psql_force_ssl_client_connection: False
postgresql_letsencrypt_managed: True
psql_conf_ssl_parameters:
postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}'
psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey'
psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key
psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert'
psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain'
psql_conf_ssl_parameters:
- { name: 'ssl', value: 'true' }
- { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' }
- { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' }
- { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' }
- { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' }
- { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_path }}' }
- { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' }
psql_conf_disable_ssl_parameters:
- { name: 'ssl', value: 'false' }
psql_set_shared_memory: False
psql_sysctl_file: 30-postgresql-shm.conf

2
postgresql/files/pgpool-letsencrypt-acme.sh
View File

@ -26,10 +26,8 @@ chgrp postgres ${PGPOOL2_KEYFILE}
echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log
if [ -x /bin/systemctl ] ; then
sleep $RANDOM
systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1
else
sleep $RANDOM
service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1
fi

14
postgresql/files/postgresql-backup.cron
View File

@ -13,7 +13,8 @@ fi
# Remote backup performed by duplicity. When active, do not run via cron
if [ -x /etc/cron.daily/duplicity_backup ] ; then
echo "duplicity backups active. Exiting" > $LOG_FILE
DATE=$( date )
echo "$DATE: duplicity backups active. Exiting" >> $LOG_FILE
exit 0
fi
@ -23,7 +24,8 @@ if [ -f /var/log/backuppc.log ] ; then
. /var/log/backuppc.log
LAST_BACKUP_TIME=$( expr $TMSTMP - $BACKUP_TIMESTAMP )
if [ $LAST_BACKUP_TIME -lt 86400 -a $BACKUP_RESULT == 'OK' ] ; then
echo "BackupPC is active, doing nothing" > $LOG_FILE
DATE=$( date )
echo "$DATE: BackupPC is active, doing nothing" >> $LOG_FILE
exit 0
fi
fi
@ -34,20 +36,22 @@ PG_RUNNING=$?
if [ $PG_BACKUP_ENABLED == 'True' ] ; then
if [ "$PG_RUNNING" -ne "0" -a "$PG_RUNNING" -ne "3" ] ; then
echo "The postgresql service is not running" > $LOG_FILE
DATE=$( date )
echo "$DATE: The postgresql service is not running" >> $LOG_FILE
exit 1
else
if [ ! -d $LOG_DIR ] ; then
mkdir -p $LOG_DIR
fi
DATE_START=$( date )
echo "$DATE_START: Starting the backup procedure" > $LOG_FILE
echo "$DATE_START: Starting the backup procedure" >> $LOG_FILE
$PG_BCK_BIN >> $LOG_FILE 2>&1
DATE_END=$( date )
echo "$DATE_END: Backup procedure finished" >> $LOG_FILE
fi
else
echo "Postgresql backups administratively disabled" > $LOG_FILE
DATE=$( date )
echo "$DATE: Postgresql backups administratively disabled" >> $LOG_FILE
fi
if [ "${USE_NAGIOS}" == "yes" ] ; then

2
postgresql/files/postgresql-letsencrypt-acme.sh
View File

@ -26,10 +26,8 @@ chgrp postgres ${POSTGRESQL_KEYFILE}
echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log
if [ -x /bin/systemctl ] ; then
sleep $RANDOM
systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1
else
sleep $RANDOM
service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1
fi

2
postgresql/tasks/main.yml
View File

@ -32,11 +32,9 @@
when: psql_pgpool_service_install
- include: postgresql-letsencrypt-acmetool.yml
when:
- postgresql_letsencrypt_managed
- letsencrypt_acme_install is defined
- include: pgpool-letsencrypt-acmetool.yml
when:
- pgpool_letsencrypt_managed
- letsencrypt_acme_install is defined

20
postgresql/tasks/pgpool-letsencrypt-acmetool.yml
View File

@ -1,17 +1,23 @@
---
- name: Create the acme hooks directory if it does not yet exist
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- block:
- name: Create the acme hooks directory if it does not yet exist
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
when:
- psql_pgpool_service_install
- pgpool_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]
- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service
copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555
- block:
- name: Remove the letsencrypt hook for pgpool
file: dest=/usr/lib/acme/hooks/pgpool state=absent
when:
- psql_pgpool_service_install
- pgpool_letsencrypt_managed
- letsencrypt_acme_install
- not pgpool_letsencrypt_managed
tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ]

22
postgresql/tasks/postgresql-letsencrypt-acmetool.yml
View File

@ -1,15 +1,21 @@
---
- name: Create the acme hooks directory if it does not yet exist
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- block:
- name: Create the acme hooks directory if it does not yet exist
file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
when:
- postgresql_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service
copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555
when:
- postgresql_letsencrypt_managed
- letsencrypt_acme_install
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]
- block:
- name: Remove the letsencrypt certificate hook for postgresql
file: dest=/usr/lib/acme/hooks/postgresql state=absent
when:
- not postgresql_letsencrypt_managed
tags: [ 'postgresql', 'postgres', 'letsencrypt' ]

18
postgresql/tasks/postgresql-ssl-config.yml
View File

@ -1,6 +1,6 @@
---
- block:
- name: Setup ssl in the postgresql configuration
- name: Setup SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
@ -11,7 +11,19 @@
file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750
- name: Create a postgres accessible ssl key file if it does not exist
copy: src=/var/lib/acme/live/{{ ansible_fqdn }}/privkey dest=/etc/pki/postgresql/postgresql.key owner=postgres group=postgres mode=0400 remote_src=True
copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True
when: psql_enable_ssl
tags: [ 'postgresql', 'postgres', 'pg_conf' ]
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]
- block:
- name: Disable SSL in the postgresql configuration
become: True
become_user: postgres
action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
with_items: '{{ psql_conf_disable_ssl_parameters }}'
notify: Restart postgresql
when: not psql_enable_ssl
tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]

0
logstash-rsyslog/defaults/main.yml → rsyslog-logstash/defaults/main.yml
View File

0
logstash-rsyslog/handlers/main.yml → rsyslog-logstash/handlers/main.yml
View File

0
logstash-rsyslog/tasks/main.yml → rsyslog-logstash/tasks/main.yml
View File

0
logstash-rsyslog/templates/old-rsyslog-logstash.conf.j2 → rsyslog-logstash/templates/old-rsyslog-logstash.conf.j2
View File

0
logstash-rsyslog/templates/rsyslog-logstash.conf.j2 → rsyslog-logstash/templates/rsyslog-logstash.conf.j2
View File

2
shinyproxy/defaults/main.yml
View File

@ -1,6 +1,6 @@
---
shinyproxy_install: False
shinyproxy_version: 1.0.0
shinyproxy_version: 1.0.2
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
shinyproxy_app_name: shinyproxy.jar

11
smartgears/accounting_insert_storage_se_plugin/defaults/main.yml
View File

@ -1,11 +0,0 @@
---
accounting_insert_storage_se_plugin_install: False
accounting_insert_storage_se_plugin_upgrade: False
accounting_insert_storage_se_plugin_name: accounting-insert-storage-se-plugin
accounting_insert_storage_se_plugin_group_id: org.gcube.accounting
accounting_insert_storage_se_plugin_version : 1.0.1-4.5.0-148393
accounting_insert_storage_se_plugin_artifact_id: accounting-insert-storage-se-plugin
accounting_insert_storage_se_plugin_extension: jar
accounting_insert_storage_se_plugin_classifier: jar-with-dependencies
accounting_insert_storage_se_plugin_file: '{{ accounting_insert_storage_se_plugin_name }}-{{ accounting_insert_storage_se_plugin_version }}-{{ accounting_insert_storage_se_plugin_classifier }}.{{ accounting_insert_storage_se_plugin_extension }}'

29
smartgears/accounting_insert_storage_se_plugin/tasks/main.yml
View File

@ -1,29 +0,0 @@
---
- block:
- name: Remove the old accounting insert storage plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: not accounting_insert_storage_se_plugin_install
tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]
- block:
- name: Get the accounting insert storage plugin and install it inside the smart executor
maven_artifact: artifact_id={{ accounting_insert_storage_se_plugin_name }} version={{ accounting_insert_storage_se_plugin_version | default(omit) }} group_id={{ accounting_insert_storage_se_plugin_group_id }} extension={{ accounting_insert_storage_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ accounting_insert_storage_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }}
register: accounting_insert_storage_download
- name: Remove the old accounting insert storage plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
when: (accounting_insert_storage_download | changed)
- name: Copy the accounting aggregator plugin to its final destination
copy: src={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_file }} remote_src=yes
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: accounting_insert_storage_se_plugin_install
tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ]

2
smartgears/accounting_rstudio_se_plugin/defaults/main.yml
View File

@ -2,7 +2,7 @@
accounting_insert_rstudio_se_plugin_install: False
accounting_insert_rstudio_se_plugin_name: accounting-insert-rstudio-se-plugin
accounting_insert_rstudio_se_plugin_version: '1.0.0-4.4.0-142716'
accounting_insert_rstudio_se_plugin_version: 'latest'
accounting_insert_rstudio_se_plugin_group_id: 'org.gcube.accounting'
accounting_insert_rstudio_se_plugin_artifact_id: accounting-insert-rstudio-se-plugin
accounting_insert_rstudio_se_plugin_extension: jar

5
smartgears/accounting_rstudio_se_plugin/tasks/main.yml
View File

@ -1,7 +1,7 @@
---
- block:
- name: Remove the old accounting insert storage plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
notify: Restart smartgears
- name: Disable the cron job that calculates the home used space
@ -18,7 +18,7 @@
register: accounting_insert_rstudio_download
- name: Remove the old accounting insert storage plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }}
when: (accounting_insert_rstudio_download | changed)
- name: Copy the accounting aggregator plugin to its final destination
@ -30,6 +30,7 @@
template: src=calculate_home_space.j2 dest=/usr/local/bin/calculate_home_space mode=0755 owner=root group=root
- name: Install a cron job that calculates the home used space
become_user: root
cron: name="Calculate the home used space" special_time=hourly user=root job="/usr/local/bin/calculate_home_space >/dev/null 2>&1"
become: True

9
smartgears/ckan_connector/defaults/main.yml
View File

@ -1,9 +1,10 @@
---
ckan_connector_gcube_repository: 'gcube-staging'
ckan_connector_plugin_install: False
ckan_connector_ver: 1.1.2-4.3.0-142056
ckan_connector_ver: latest
ckan_connector_name: ckan-connector
ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.war'
ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ ckan_connector_gcube_repository }}/org/gcube/data/access/{{ ckan_connector_name }}/{{ ckan_connector_ver}}/{{ ckan_connector_filename }}'
ckan_connector_war_file: '{{ ckan_connector_name }}.war'
ckan_connector_extension: war
ckan_connector_group_id: org.gcube.data.access
ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.{{ ckan_connector_extension }}'
ckan_connector_user: ckan_connector

44
smartgears/ckan_connector/tasks/main.yml
View File

@ -1,29 +1,53 @@
---
- block:
- name: Remove the installed CKAN connector
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
notify: Restart smartgears
- name: Remove the CKAN connector fixer script
become_user: root
file: dest=/usr/local/bin/ckan-connector-fixer state=absent
become: True
become_user: '{{ smartgears_user }}'
when: not ckan_connector_plugin_install
tags: [ 'smartgears', 'ckan', 'ckan_connector', 'tomcat' ]
- block:
- name: Get the CKAN connector war file
maven_artifact: artifact_id={{ ckan_connector_name }} version={{ ckan_connector_ver }} group_id={{ ckan_connector_group_id }} extension={{ ckan_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }}
register: ckan_connector_download
- name: Remove the installed CKAN connector before upgrading
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/ckan-connector'
- '{{ smartgears_instance_path }}/webapps/ckan-connector.war'
when: smartgears_upgrade
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}'
when: ( ckan_connector_download | changed )
notify: Restart smartgears
- name: Get the CKAN connector war file
get_url: url={{ ckan_connector_url }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
- name: Create the CKAN connector webapp directory
file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=directory
when: ( ckan_connector_download | changed )
- name: Unpack the CKAN connector war file
shell: mkdir {{ smartgears_instance_path }}/webapps/ckan-connector ; cd {{ smartgears_instance_path }}/webapps/ckan-connector ; jar xf {{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }}
- name: Unarchive the CKAN connector war file
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}
args:
creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/web.xml'
creates: '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}/WEB-INF/web.xml'
notify: Restart smartgears
- name: Install the CKAN connector web.xml template
template: src=ckan-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.tpl mode=0440
- name: Install the CKAN connector fixer script
become: False
become_user: root
template: src=ckan-connector-fixer.sh.j2 dest=/usr/local/bin/ckan-connector-fixer owner=root group=root mode=0550
- name: Fix the CKAN connector web.xml
become: False
become_user: root
shell: /usr/local/bin/ckan-connector-fixer init
args:
creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.configured'

2
smartgears/fhn_manager/defaults/main.yml
View File

@ -1,7 +1,7 @@
---
fhn_manager_install: False
smart_executor_install: False
fhn_manager_version: 1.2.4-4.7.0-154701
fhn_manager_version: 1.2.4-4.8.0-154701
fhn_manager_name: fhn-manager-service
fhn_group_id: org.gcube.resources.federation
fhn_extension: war

2
smartgears/gcubeapp-setup/templates/gcube-app.xml.j2
View File

@ -4,7 +4,7 @@
<group>{{ item.webapp_group }}</group>
<version>{{ item.version }}</version>
{% if item.description is defined %}
<description> "{{ item.description }}" </description>
<description> {{ item.description }} </description>
{% endif %}
{% if item.persistence_location is defined %}
<persistence location="{{ item.persistence_location }}"/>

4
smartgears/geoserver_connector/tasks/main.yml
View File

@ -7,7 +7,7 @@
become: True
become_user: '{{ smartgears_user }}'
when: not gcube_geoserver_connector_install
tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]
- block:
- name: Get the gcube connector
@ -26,4 +26,4 @@
become: True
become_user: '{{ smartgears_user }}'
when: gcube_geoserver_connector_install
tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ]
tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ]

24
smartgears/is_exporter_se_plugin/tasks/main.yml
View File

@ -1,14 +1,28 @@
---
- block:
- name: Remove the old is-exporter plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/is-exporter-se-plugin-*-jar-with-dependencies.jar
when: is_exporter_se_plugin_upgrade
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: not is_exporter_se_plugin_install
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
- block:
- name: Download the is-exporter plugin
maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }}
register: is_exporter_plugin_download
- name: Remove the old is-exporter plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }}
when: ( is_exporter_plugin_download | changed )
- name: Install the is-exporter plugin inside the smart executor lib directory
maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }}
copy: src={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }} remote_src=yes force=yes
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: is_exporter_se_plugin_install
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]
tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ]

2
smartgears/is_sweeper_se_plugin/tasks/main.yml
View File

@ -16,7 +16,7 @@
- name: Remove the old is-sweeper plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_name }}-*-{{ is_sweeper_se_plugin_classifier }}.{{ is_sweeper_se_plugin_extension }}
when: ( is_sweeper_plugin_download )
when: ( is_sweeper_plugin_download | changed )
- name: Install the is-sweeper plugin inside the smart executor lib directory
copy: src={{ smartgears_downloads_dir }}/{{ is_sweeper_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_file }} remote_src=yes force=yes

11
smartgears/quota_se_plugin/defaults/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
quota_se_plugin_install: False
quota_se_plugin_upgrade: False
quota_se_plugin_name: accounting-insert-storage-se-plugin
quota_se_plugin_group_id: org.gcube.accounting
quota_se_plugin_version : 1.0.1-4.5.0-148393
quota_se_plugin_artifact_id: accounting-insert-storage-se-plugin
quota_se_plugin_extension: jar
quota_se_plugin_classifier: jar-with-dependencies
quota_se_plugin_file: '{{ quota_se_plugin_name }}-{{ quota_se_plugin_version }}-{{ quota_se_plugin_classifier }}.{{ quota_se_plugin_extension }}'

29
smartgears/quota_se_plugin/tasks/main.yml Normal file
View File

@ -0,0 +1,29 @@
---
- block:
- name: Remove the old quota plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_artifact_id }}-*-jar-with-dependencies.jar
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: not quota_se_plugin_install
tags: [ 'smartgears', 'quota_se', 'tomcat' ]
- block:
- name: Get the quota plugin and install it inside the smart executor
maven_artifact: artifact_id={{ quota_se_plugin_name }} version={{ quota_se_plugin_version | default(omit) }} group_id={{ quota_se_plugin_group_id }} extension={{ quota_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ quota_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }}
register: quota_storage_download
- name: Remove the old quota plugin
shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar
when: (quota_storage_download | changed)
- name: Copy the quota plugin to its final destination
copy: src={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_file }} remote_src=yes
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'
when: quota_se_plugin_install
tags: [ 'smartgears', 'quota_se', 'tomcat' ]

13
smartgears/r_connector/tasks/main.yml
View File

@ -1,10 +1,11 @@
---
- block:
- name: Remove the installed R connector before upgrading
- name: Remove the installed R connector
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
notify: Restart smartgears
- name: Remove the packages required to enable the LDAP PAM authentication
become: False
@ -32,20 +33,22 @@
register: r_connector_download
- name: Remove the installed R connector before upgrading
file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=absent
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}'
notify: Restart smartgears
when: ( r_connector_download | changed )
- name: Create the R connector webapp directory
file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=directory
when: ( r_connector_download | changed )
- name: Copy the R connector war file into the webapps directory
copy: src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }} remote_src=yes force=yes
- name: Unarchive the R connector war file
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}
args:
creates: '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml'
notify: Restart smartgears
- name: Obtain the permission to read the Rstudio secure cookie key
become_user: root

10
smartgears/resource_registry/tasks/main.yml
View File

@ -5,6 +5,7 @@
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
notify: Restart smartgears
become: True
become_user: '{{ d4science_user }}'
@ -17,17 +18,16 @@
register: resource_registry_download
- name: Remove the old resource-registry files
file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=absent
file: path={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}'
when: ( resource_registry_download | changed )
- name: Create the resource-registry working directory
file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }}
when: ( resource_registry_download | changed )
- name: Copy the resource registry war file into the webapps directory
copy: src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }} remote_src=yes force=yes
notify: Restart smartgears
- name: Unarchive the resource registry war
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} creates={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}/WEB-INF/lib
notify: Restart smartgears

5
smartgears/sis_geotk_dt_plugin/defaults/main.yml
View File

@ -6,8 +6,9 @@ sis_geotk_dt_plugin_group_id : org.gcube.data.transfer
sis_geotk_dt_plugin_artifact_id : '{{ sis_geotk_dt_plugin_name }}'
sis_geotk_dt_plugin_version : latest
sis_geotk_dt_plugin_extension: jar
sis_geotk_dt_plugin_classifier: jar-with-dependencies
sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-jar-with-dependencies.{{ sis_geotk_dt_plugin_extension }}'
sis_geotk_dt_plugin_classifier: uberjar
sis_geotk_dt_plugin_uber_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-{{ sis_geotk_dt_plugin_classifier }}.{{ sis_geotk_dt_plugin_extension }}'
sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}.{{ sis_geotk_dt_plugin_extension }}'
catalina_apps_conf:
- { app_name: '{{ data_trasfer_service_name }}', plugin_name: '{{ sis_geotk_dt_plugin_name }}' }

29
smartgears/sis_geotk_dt_plugin/tasks/main.yml
View File

@ -9,24 +9,31 @@
tags: [ 'smartgears', 'sis_geotk', 'tomcat' ]
- block:
- name: Create the plugin directory inside data transfer
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
- name: Get the Sis geotk data transfer plugin
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version | default(omit) }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }}
register: sis_geotk_download
- name: Get the Sis geotk data transfer uber plugin
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }}
register: sis_geotk_download
- name: Remove the old Sis geotk data transfer plugin
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=absent
when: (sis_geotk_download | changed)
- name: Copy the Sis geotk data transfer plugin to its final destination
copy: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ sis_geotk_dt_plugin_file }} remote_src=yes
- name: Create the plugin directory inside data transfer
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory
- name: Unarchive the Sis geotk data transfer uber plugin to expose its libraries
unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
when: (sis_geotk_download | changed)
notify: Restart smartgears
- name: Unarchive the Sis geotk data transfer plugin to expose its libraries
unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no
when: (sis_geotk_download | changed)
- name: Get the Sis geotk data transfer uber plugin
maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes
- name: Remove the Sis geotk uber jar org and META-INF directories
file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent
with_items:
- org
- 'META-INF'
notify: Restart smartgears
become: True
become_user: '{{ smartgears_user }}'

26
smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2
View File

@ -69,6 +69,18 @@ server {
{% if context != "whn-manager" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
@ -79,6 +91,7 @@ server {
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}
@ -198,6 +211,18 @@ server {
{% if context != "whn-manager" %}
{% if context != '' %}
location /{{ context }} {
{% if varnish_install is defined and varnish_install %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }};
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }};
{% endif %}
{% else %}
{% if smartgears_nginx_cors_enabled %}
include /etc/nginx/snippets/nginx-cors.conf;
{% if nginx_cors_extended_rules %}
@ -208,6 +233,7 @@ server {
{% else %}
proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }};
{% endif %}
{% endif %}
}
{% endif %}
{% endif %}

1
smartgears/smartgears/defaults/main.yml
View File

@ -56,6 +56,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
smartgears_log_use_timesize_appender: True
smartgears_loglevel: WARN
smartgears_dataanalysis_loglevel: DEBUG
smartgears_dataanalysis_log_max_history: 90
smartgears_log_max_history: 30
smartgears_log_max_file_size: 10MB
smartgears_log_total_file_cap: 2GB

4
smartgears/smartgears/templates/logback.xml.j2
View File

@ -72,7 +72,7 @@
{% if smartgears_log_use_timesize_appender %}
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
<maxHistory>{{ smartgears_log_max_history }}</maxHistory>
<maxHistory>{{ smartgears_dataanalysis_log_max_history }}</maxHistory>
<maxFileSize>{{ smartgears_log_max_file_size }}</maxFileSize>
<totalSizeCap>{{ smartgears_log_total_file_cap }}</totalSizeCap>
</rollingPolicy>
@ -80,7 +80,7 @@
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<maxFileSize>{{ smartgears_log_max_file_size }}</maxFileSize>
<fileNamePattern>{{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>{{ smartgears_log_max_history }}</maxHistory>
<maxHistory>{{ smartgears_dataanalysis_log_max_history }}</maxHistory>
</rollingPolicy>
{% endif %}
</appender>

10
smartgears/social-networking-library-ws/tasks/main.yml
View File

@ -5,6 +5,7 @@
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
notify: Restart smartgears
become: True
become_user: '{{ d4science_user }}'
@ -14,6 +15,15 @@
- block:
- name: Get the social-networking-library-ws war
maven_artifact: artifact_id={{ social_networking_library_ws_name }} version={{ social_networking_library_ws_version | default(omit) }} group_id={{ social_networking_library_ws_group_id }} extension={{ social_networking_library_ws_extension | default('war') }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }}
register: social_networking_library_ws_download
- name: Remove the old social-networking-library-ws files when upgrading
file: path={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}'
- '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}'
when: ( social_networking_library_ws_download | changed )
notify: Restart smartgears
- name: Copy the social_networking_library_ws war into the tomcat webapps dir
copy: src={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }} dest={{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }} remote_src=yes force=yes

4
tomcat-multiple-instances/defaults/main.yml
View File

@ -31,6 +31,10 @@ tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC"
# exactly one CPU chip that contains one or two cores, you should also add
# the "-XX:+CMSIncrementalMode" option.
#tomcat_m_other_java_opts: "-Djsse.enableSNIExtension=false"
tomcat_m_reverse_proxy_name_enabled: False
tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}'
tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}'
tomcat_m_other_java_opts: ""
tomcat_m_webapps_autodeploy: False
tomcat_m_webapps_unpack: False

26
tomcat-multiple-instances/templates/tomcat-server.xml.j2
View File

@ -38,8 +38,12 @@
<Service name="Catalina">
{% if item.http_enabled %}
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="{{ item.max_threads }}" minSpareThreads="10"/>
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
maxThreads="{{ item.max_threads }}"
minSpareThreads="10"
/>
{% endif %}
<!-- A "Connector" represents an endpoint by which requests are received
@ -53,20 +57,32 @@
<!-- A http "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
enableLookups="false"
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
maxThreads="{{ item.max_threads }}" connectionTimeout="60000"
URIEncoding="UTF-8" bindOnInit="false" address="{{ item.http_address }}"
port="{{ item.http_port }}" protocol="HTTP/1.1"
maxPostSize="{{ item.max_post_size | default(104857600) }}"
redirectPort="8443" />
{% if tomcat_m_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_m_reverse_proxy_name }}"
proxyPort="{{ tomcat_m_reverse_proxy_port }}"
{% endif %}
/>
{% endif %}
{% if item.ajp_enabled %}
<!-- Define an AJP 1.3 Connector on port {{ tomcat_ajp_port }} -->
<Connector port="{{ item.ajp_port }}" protocol="AJP/1.3" redirectPort="8443"
enableLookups="false" address="{{ item.ajp_address }}"
<Connector port="{{ item.ajp_port }}" protocol="AJP/1.3"
enableLookups="false"
address="{{ item.ajp_address }}"
URIEncoding="UTF-8"
maxQueueSize="{{ item.max_queue_size | default(32767) }}"
maxThreads="{{ item.max_threads }}"
connectionTimeout="60000"
maxPostSize="{{ item.max_post_size | default(104857600) }}"
{% if tomcat_m_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_m_reverse_proxy_name }}"
proxyPort="{{ tomcat_m_reverse_proxy_port }}"
{% endif %}
URIEncoding="UTF-8" bindOnInit="false" />
{% endif %}

4
tomcat/defaults/main.yml
View File

@ -9,6 +9,7 @@ tomcat_pkgs:
- libapr1
tomcat_user: tomcat7
tomcat_max_threads: 200
tomcat_min_heap_size: 2048m
tomcat_permgen_defined: True
tomcat_heap_size: '{{ tomcat_min_heap_size }}'
@ -29,6 +30,9 @@ tomcat_ajp_enabled: False
tomcat_ajp_port: 8009
tomcat_ajp_address: 127.0.0.1
tomcat_direct_access: False
tomcat_reverse_proxy_name_enabled: False
tomcat_reverse_proxy_name: '{{ ansible_fqdn }}'
tomcat_reverse_proxy_port: '{{ http_port | default(80) }}'
# There is a bug that kills tomcat after 50 days if the shutdown port is enabled
# Disable the shutdown port by default
#tomcat_shutdown_port: 8005

38
tomcat/templates/tomcat-server.xml.j2
View File

@ -62,8 +62,11 @@
{% if tomcat_http_enabled %}
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="{{ tomcat_max_threads }}" minSpareThreads="10"/>
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
maxThreads="{{ tomcat_max_threads }}"
minSpareThreads="10"/>
{% endif %}
<!-- A "Connector" represents an endpoint by which requests are received
@ -76,29 +79,32 @@
{% if tomcat_http_enabled %}
<!-- A http "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
enableLookups="false" maxPostSize="{{ tomcat_max_post_size }}"
enableLookups="false"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
maxThreads="{{ tomcat_max_threads }}" connectionTimeout="60000"
URIEncoding="UTF-8" bindOnInit="false" address="{{ tomcat_http_address }}"
port="{{ tomcat_http_port }}" protocol="HTTP/1.1"
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
redirectPort="8443" />
{% if tomcat_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_reverse_proxy_name }}"
proxyPort="{{ tomcat_reverse_proxy_port }}"
{% endif %}
/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
{% endif %}
{% if tomcat_ajp_enabled %}
<!-- Define an AJP 1.3 Connector on port {{ tomcat_ajp_port }} -->
<Connector port="{{ tomcat_ajp_port }}" protocol="AJP/1.3" redirectPort="8443"
enableLookups="false" address="{{ tomcat_ajp_address }}" maxPostSize="{{ tomcat_max_post_size }}"
maxThreads="{{ tomcat_max_threads }}" connectionTimeout="60000"
<Connector port="{{ tomcat_ajp_port }}" protocol="AJP/1.3"
enableLookups="false" address="{{ tomcat_ajp_address }}"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
URIEncoding="UTF-8"
maxThreads="{{ tomcat_max_threads }}"
connectionTimeout="60000"
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
{% if tomcat_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_reverse_proxy_name }}"
proxyPort="{{ tomcat_reverse_proxy_port }}"
{% endif %}
URIEncoding="UTF-8" bindOnInit="false" />
{% endif %}