Commit Graph

614 Commits

Author SHA1 Message Date
Andrea Dell'Amico 41a279eff2 library/roles/ckan/defaults/main.yml: the ldap plugin wants python-ldap installed by pip. 2016-05-05 13:04:05 +02:00
Andrea Dell'Amico 39f1bbcef7 infrastructure-services/code-repo.yml: Add letsencrypt to manage the ssl certificates.
library/roles/nginx/templates/letsencrypt-proxy.conf.j2: Fix the nginx config, again.
2016-04-27 18:37:24 +02:00
Andrea Dell'Amico 37541e3126 d4science-ghn-cluster/roles/ckan: Handle ssl (letsencrypt).
library/roles/ckan: Fix the indexer cron job. Add support for running the gather and fetcher processes as daemons. Tasks to install the ldap plugin.
2016-04-27 16:45:09 +02:00
Andrea Dell'Amico f74f453a09 library/roles/nginx/templates/letsencrypt-proxy.conf.j2: Fix the letsencrypt configuration. 2016-04-27 16:45:09 +02:00
Andrea Dell'Amico 0bff1d735f library/roles/letsencrypt-acmetool-client/tasks/main.yml: Fix a typo. The fakecert key was not removed. 2016-04-27 16:45:09 +02:00
Andrea Dell'Amico 083d71b4d4 library/roles/nginx: letsencrypt hook and configuration for letsencrypt. See https://support.d4science.org/issues/3260. 2016-04-22 18:55:20 +02:00
Andrea Dell'Amico c17622a734 library/roles/apache/defaults/main.yml: set apache_letsencrypt_managed to true by default. 2016-04-22 18:27:51 +02:00
Andrea Dell'Amico 22e69a2c8e library/roles/apache: Use a variable to decide if apache will use the letsencrypt certificates or not. 2016-04-22 18:16:45 +02:00
Andrea Dell'Amico 46b2d2cae8 library/roles/haproxy: Fixes to the letsencrypt scripts.
d4science-infrastructure/roles/redmine: support letsencrypt certificates on the dev redmine virtualhost.
library/roles/apache/tasks/apache-letsencrypt.yml: Support for letsencrypt (acme tool).
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Do not create the fake certificates if valid ones exist.
2016-04-22 18:03:57 +02:00
Andrea Dell'Amico b382db3b25 d4science-infrastructure/group_vars/ldap_liferay/all.yml: Enable ssl with the use of letsencrypt certificates.
library/roles/haproxy/files: Fix to the acme scripts, the certificate path has become /etc/pki/haproxy/haproxy.pem.
library/roles/openldap-server/tasks/openldap_initializazion.yml: Fix the certificates initialization.
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Create a self signed certificate while waiting the letsencrypt one.
2016-04-20 15:21:19 +02:00
Andrea Dell'Amico 7581a03035 library/roles/mongodb-org/defaults/main.yml: Document the use of --setParameter newCollectionsUsePowerOf2Sizes=false 2016-04-19 19:08:41 +02:00
Andrea Dell'Amico 908e7adce4 library/roles/letsencrypt-acmetool-client/tasks/main.yml: More fixes to the tasks and the scripts. It now works correctly against haproxy. 2016-04-18 17:01:05 +02:00
Andrea Dell'Amico bbe5258949 library/roles/letsencrypt-acmetool-client/templates/responses.j2: added the staging site to the responses template. 2016-04-17 14:20:44 +02:00
Andrea Dell'Amico 8fde6bb113 library/roles/haproxy/tasks: Fix to the letsencrypt hooks handling.
library/roles/letsencrypt-acmetool-client/tasks: Do not fail if the quickstart does not succeed. The web service could be not configured yet.
2016-04-16 18:48:54 +02:00
Andrea Dell'Amico bb862c8405 library/roles/openldap-server: Support for ssl when letsencrypt is enabled using the letsencrypt-acme-tool role. 2016-04-15 20:33:23 +02:00
Andrea Dell'Amico 37ff28468e library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2: rsa key dimension.
d4science-infrastructure/group_vars/ldap_liferay_dev/all.yml: openldap on ubuntu/debian is linked to gnuTLS and does not support ecdsa keys.
2016-04-15 20:03:05 +02:00
Andrea Dell'Amico 3085c6b817 library/roles/letsencrypt-acmetool-client/defaults/main.yml: Fix the hooks path
library/roles/haproxy: Scripts and tasks to add support for the acme letsencrypt tool.
2016-04-14 19:31:02 +02:00
Andrea Dell'Amico 8b31ee9e9a library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2: Fix the directory path. 2016-04-14 19:10:13 +02:00
Andrea Dell'Amico 3fb8d41878 library/roles/letsencrypt-acmetool-client: Letsencrypt acmetool client. Better than the original one, can run as an unprivileged user. See https://support.d4science.org/issues/3164 2016-04-14 19:08:33 +02:00
Andrea Dell'Amico 7ba50614ff library/roles/ubuntu-deb-general/tasks/packages.yml: Install software-properties-common on Ubuntu. 2016-04-14 14:57:29 +02:00
Andrea Dell'Amico 5fc3c9964d library/roles/letsencrypt-client: Various fixes to the scripts.
library/roles/haproxy: callback that manages the certificates renewal from letsencrypt. Fixes https://support.d4science.org/issues/3258
2016-04-13 19:53:35 +02:00
Andrea Dell'Amico fd5a10b0e8 d4science-ghn-cluster/group_vars/infra_gateway_dev/infra-gateway-dev.yml: List the hostnames that will be added to the certificate request.
library/roles/letsencrypt-client: Some fixes.
2016-04-13 17:02:44 +02:00
Andrea Dell'Amico 0b4624e8ca library/roles/letsencrypt-client: Create a cli.ini, provide a script that manages the certs requests and renewal, cron job to automate the certs renewal. 2016-04-12 19:40:28 +02:00
Andrea Dell'Amico 552cce1dc4 library/roles/postgresql: Scripts to regularly cleanup the WAL archives. 2016-04-08 19:24:35 +02:00
Andrea Dell'Amico 8362be052b library/roles/ubuntu-deb-general: Create a generic directory where to store local SSL certificates. 2016-04-08 18:16:00 +02:00
Andrea Dell'Amico 1fd136d485 library/roles/letsencrypt-client: Install the official letsencrypt client. No automation for now.
d4science-ghn-cluster/roles/haproxy_frontend: default repository for Ubuntu.
d4science-ghn-cluster/infra-gateway.yml: Install haproxy.
2016-04-07 23:44:35 +02:00
Andrea Dell'Amico 2cd71c9e10 library/roles/haproxy: Change the default version to 1.6 2016-04-07 18:34:43 +02:00
Andrea Dell'Amico 6b13deb40b library/roles/postgresql: First steps of a pgpool configuration that can recovery. Lots of parts are still missing. 2016-04-07 18:12:21 +02:00
Andrea Dell'Amico 29131c599f library/roles/apache/templates: Fix the ACL rules in the server info and server status configurations. 2016-04-04 18:56:51 +02:00
Andrea Dell'Amico c1c59a9c7b library/roles/redmine: Ansible 2 compatibility. 2016-04-04 18:00:36 +02:00
Andrea Dell'Amico 1a685e17c8 library/roles/apache: Support for the apache info and status modules, with ACLs. 2016-04-04 17:59:59 +02:00
Andrea Dell'Amico 1476724437 library/roles/ckan/tasks/main.yml: Disable the tasks that change some python modules. Authentication against the geonetwork servers will be managed in a different way. 2016-04-01 14:41:30 +02:00
Andrea Dell'Amico 647a2d830e library/roles/ckan: Try new modifications to make the geonetwork authentication work. 2016-04-01 02:19:26 +02:00
Andrea Dell'Amico d97d521bdc library/roles/nagios/tasks/nagios.yml: Fix the conditional on the task that installs the additional packages. 2016-03-31 13:41:38 +02:00
Andrea Dell'Amico 100a2db114 library/roles/ckan: defaults variables. Add the pip cache directory with the correct permissions. 2016-03-31 13:22:21 +02:00
Andrea Dell'Amico 8023613031 ckan -> library/roles/ckan
postgresql_extensions -> library/roles/postgresql_extensions
d4science-ghn-cluster: The ganglia, nagios and iptables roles are now dependencies of the 'common' role.
2016-03-26 17:06:06 +01:00
Andrea Dell'Amico 1dfc4a8a79 dnet-openaire/mongodb.yml: Migrate to version 3.2 from 2.4.
library/roles/mongodb-org-3.2: Support to upgrade from version 3.0. Fix the repo installation.
library/roles/mongodb-org-3/tasks/mongodb.yml: Fix the repository installation.
library/roles/mongodb-org/tasks/mongodb.yml: Fix the repository installation.
library/roles/mongodb/tasks/main.yml: Fix the repository installation.
2016-03-25 18:04:45 +01:00
Andrea Dell'Amico 52f5f22c76 library/roles/gitblit: Startup service, sleep during restart otherwise the start part fails silently, ldap authentication in gitblit.properties. 2016-03-25 17:33:35 +01:00
Andrea Dell'Amico 58e2b19ece library/roles/gitblit: Setup the service script and the main properties template. 2016-03-24 19:36:26 +01:00
Andrea Dell'Amico d8d226a5f2 library/roles/mongodb-org/tasks/mongodb.yml: Some cleanup. 2016-03-24 19:35:34 +01:00
Andrea Dell'Amico 2b451cdda2 library/roles/mongodb-org-3: Better templating. Pass additional parameters with /etc/default/mongod. Removed the old configuration templates. 2016-03-24 19:34:19 +01:00
Andrea Dell'Amico 3428052604 library/roles/mongodb-org/defaults/main.yml: /etc/default/mongod is now a template.
dnet-openaire/inventory/hosts: node7.t.openaire is not used anymore.
dnet-openaire/inventory/hosts.stdl: The project ended.
2016-03-24 15:41:14 +01:00
Andrea Dell'Amico 04c07fa3a4 infrastructure-services/roles/nginx-frontend/templates/code-repo.d4science.org-virtualhost.j2: Virtualhost to proxy gitblit and gerrit.
library/roles/gitblit: More gitblit configuration setup.
library/roles/postgresql/tasks/manage_pg_db.yml: disable the task that manages extensions. The conditional cannot work.
2016-03-24 11:54:19 +01:00
Andrea Dell'Amico 24e7fe23e7 library/roles/mongodb-org-3.2, library/roles/mongodb-org-3: Enable ganglia authentication against mongo.
d4science-ghn-cluster/group_vars/mongo_cluster_prod/ganglia.yml: Enable authentication.
2016-03-21 18:38:45 +01:00
Andrea Dell'Amico 4067c73b99 library/roles/mysql/templates/mysql-backup.cron.j2, library/roles/postgresql/files/postgresql-backup.cron: do not perform backups if backuppc is running successfully. 2016-03-21 14:40:56 +01:00
Andrea Dell'Amico 3c615980ef library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2, library/roles/tomcat/templates/tomcat-server.xml.j2: Support the x-forwarded-for header in the access_log configuration. 2016-03-18 18:18:49 +01:00
Andrea Dell'Amico 0065b6a1b0 d4science-ghn-cluster/roles/nginx-frontend/templates/dataminer1-d-d4s.d4science.org-virtualhost.j2: Modify the log format to be http compliant.
library/roles/mysql/tasks/manage_my_db.yml: Manage additional grant privileges.
library/vars/isti-global.yml: Add the IP of analytics.d4science.org.
2016-03-18 17:01:13 +01:00
Andrea Dell'Amico c84512a4f0 library/roles/mysql: Ansible 2 compatibility. Manage a different data directory.
library/roles/php-fpm: Ansible 2 compatibility.
library/roles/piwik: Install and configure a piwik instance.
infrastructure-services: Install a piwik instance as analytics.d4science.org.
2016-03-17 21:35:04 +01:00
Andrea Dell'Amico 600b8eb864 cm, infrastructure-services, library/roles/ansible_ppa: Fix the ansible configuration parameters. 2016-03-15 20:53:47 +01:00
Andrea Dell'Amico eb23e1d714 infrastructure-services: Same ganglia cluster for all.
infrastructure-services/roles/shell_servers: Install the foreman callback for ansible.
library/roles/ansible_ppa, library/roles/nagios: Ansible 2 compatibility fixes.
2016-03-15 20:25:54 +01:00