Andrea Dell'Amico
41a279eff2
library/roles/ckan/defaults/main.yml: the ldap plugin wants python-ldap installed by pip.
2016-05-05 13:04:05 +02:00
Andrea Dell'Amico
39f1bbcef7
infrastructure-services/code-repo.yml: Add letsencrypt to manage the ssl certificates.
...
library/roles/nginx/templates/letsencrypt-proxy.conf.j2: Fix the nginx config, again.
2016-04-27 18:37:24 +02:00
Andrea Dell'Amico
37541e3126
d4science-ghn-cluster/roles/ckan: Handle ssl (letsencrypt).
...
library/roles/ckan: Fix the indexer cron job. Add support for running the gather and fetcher processes as daemons. Tasks to install the ldap plugin.
2016-04-27 16:45:09 +02:00
Andrea Dell'Amico
f74f453a09
library/roles/nginx/templates/letsencrypt-proxy.conf.j2: Fix the letsencrypt configuration.
2016-04-27 16:45:09 +02:00
Andrea Dell'Amico
0bff1d735f
library/roles/letsencrypt-acmetool-client/tasks/main.yml: Fix a typo. The fakecert key was not removed.
2016-04-27 16:45:09 +02:00
Andrea Dell'Amico
083d71b4d4
library/roles/nginx: letsencrypt hook and configuration for letsencrypt. See https://support.d4science.org/issues/3260 .
2016-04-22 18:55:20 +02:00
Andrea Dell'Amico
c17622a734
library/roles/apache/defaults/main.yml: set apache_letsencrypt_managed to true by default.
2016-04-22 18:27:51 +02:00
Andrea Dell'Amico
22e69a2c8e
library/roles/apache: Use a variable to decide if apache will use the letsencrypt certificates or not.
2016-04-22 18:16:45 +02:00
Andrea Dell'Amico
46b2d2cae8
library/roles/haproxy: Fixes to the letsencrypt scripts.
...
d4science-infrastructure/roles/redmine: support letsencrypt certificates on the dev redmine virtualhost.
library/roles/apache/tasks/apache-letsencrypt.yml: Support for letsencrypt (acme tool).
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Do not create the fake certificates if valid ones exist.
2016-04-22 18:03:57 +02:00
Andrea Dell'Amico
b382db3b25
d4science-infrastructure/group_vars/ldap_liferay/all.yml: Enable ssl with the use of letsencrypt certificates.
...
library/roles/haproxy/files: Fix to the acme scripts, the certificate path has become /etc/pki/haproxy/haproxy.pem.
library/roles/openldap-server/tasks/openldap_initializazion.yml: Fix the certificates initialization.
library/roles/ubuntu-deb-general/tasks/pki-basics.yml: Create a self signed certificate while waiting the letsencrypt one.
2016-04-20 15:21:19 +02:00
Andrea Dell'Amico
7581a03035
library/roles/mongodb-org/defaults/main.yml: Document the use of --setParameter newCollectionsUsePowerOf2Sizes=false
2016-04-19 19:08:41 +02:00
Andrea Dell'Amico
908e7adce4
library/roles/letsencrypt-acmetool-client/tasks/main.yml: More fixes to the tasks and the scripts. It now works correctly against haproxy.
2016-04-18 17:01:05 +02:00
Andrea Dell'Amico
bbe5258949
library/roles/letsencrypt-acmetool-client/templates/responses.j2: added the staging site to the responses template.
2016-04-17 14:20:44 +02:00
Andrea Dell'Amico
8fde6bb113
library/roles/haproxy/tasks: Fix to the letsencrypt hooks handling.
...
library/roles/letsencrypt-acmetool-client/tasks: Do not fail if the quickstart does not succeed. The web service could be not configured yet.
2016-04-16 18:48:54 +02:00
Andrea Dell'Amico
bb862c8405
library/roles/openldap-server: Support for ssl when letsencrypt is enabled using the letsencrypt-acme-tool role.
2016-04-15 20:33:23 +02:00
Andrea Dell'Amico
37ff28468e
library/roles/letsencrypt-acmetool-client/templates/cert-requirements.j2: rsa key dimension.
...
d4science-infrastructure/group_vars/ldap_liferay_dev/all.yml: openldap on ubuntu/debian is linked to gnuTLS and does not support ecdsa keys.
2016-04-15 20:03:05 +02:00
Andrea Dell'Amico
3085c6b817
library/roles/letsencrypt-acmetool-client/defaults/main.yml: Fix the hooks path
...
library/roles/haproxy: Scripts and tasks to add support for the acme letsencrypt tool.
2016-04-14 19:31:02 +02:00
Andrea Dell'Amico
8b31ee9e9a
library/roles/letsencrypt-acmetool-client/templates/acme-sudoers.j2: Fix the directory path.
2016-04-14 19:10:13 +02:00
Andrea Dell'Amico
3fb8d41878
library/roles/letsencrypt-acmetool-client: Letsencrypt acmetool client. Better than the original one, can run as an unprivileged user. See https://support.d4science.org/issues/3164
2016-04-14 19:08:33 +02:00
Andrea Dell'Amico
7ba50614ff
library/roles/ubuntu-deb-general/tasks/packages.yml: Install software-properties-common on Ubuntu.
2016-04-14 14:57:29 +02:00
Andrea Dell'Amico
5fc3c9964d
library/roles/letsencrypt-client: Various fixes to the scripts.
...
library/roles/haproxy: callback that manages the certificates renewal from letsencrypt. Fixes https://support.d4science.org/issues/3258
2016-04-13 19:53:35 +02:00
Andrea Dell'Amico
fd5a10b0e8
d4science-ghn-cluster/group_vars/infra_gateway_dev/infra-gateway-dev.yml: List the hostnames that will be added to the certificate request.
...
library/roles/letsencrypt-client: Some fixes.
2016-04-13 17:02:44 +02:00
Andrea Dell'Amico
0b4624e8ca
library/roles/letsencrypt-client: Create a cli.ini, provide a script that manages the certs requests and renewal, cron job to automate the certs renewal.
2016-04-12 19:40:28 +02:00
Andrea Dell'Amico
552cce1dc4
library/roles/postgresql: Scripts to regularly cleanup the WAL archives.
2016-04-08 19:24:35 +02:00
Andrea Dell'Amico
8362be052b
library/roles/ubuntu-deb-general: Create a generic directory where to store local SSL certificates.
2016-04-08 18:16:00 +02:00
Andrea Dell'Amico
1fd136d485
library/roles/letsencrypt-client: Install the official letsencrypt client. No automation for now.
...
d4science-ghn-cluster/roles/haproxy_frontend: default repository for Ubuntu.
d4science-ghn-cluster/infra-gateway.yml: Install haproxy.
2016-04-07 23:44:35 +02:00
Andrea Dell'Amico
2cd71c9e10
library/roles/haproxy: Change the default version to 1.6
2016-04-07 18:34:43 +02:00
Andrea Dell'Amico
6b13deb40b
library/roles/postgresql: First steps of a pgpool configuration that can recovery. Lots of parts are still missing.
2016-04-07 18:12:21 +02:00
Andrea Dell'Amico
29131c599f
library/roles/apache/templates: Fix the ACL rules in the server info and server status configurations.
2016-04-04 18:56:51 +02:00
Andrea Dell'Amico
c1c59a9c7b
library/roles/redmine: Ansible 2 compatibility.
2016-04-04 18:00:36 +02:00
Andrea Dell'Amico
1a685e17c8
library/roles/apache: Support for the apache info and status modules, with ACLs.
2016-04-04 17:59:59 +02:00
Andrea Dell'Amico
1476724437
library/roles/ckan/tasks/main.yml: Disable the tasks that change some python modules. Authentication against the geonetwork servers will be managed in a different way.
2016-04-01 14:41:30 +02:00
Andrea Dell'Amico
647a2d830e
library/roles/ckan: Try new modifications to make the geonetwork authentication work.
2016-04-01 02:19:26 +02:00
Andrea Dell'Amico
d97d521bdc
library/roles/nagios/tasks/nagios.yml: Fix the conditional on the task that installs the additional packages.
2016-03-31 13:41:38 +02:00
Andrea Dell'Amico
100a2db114
library/roles/ckan: defaults variables. Add the pip cache directory with the correct permissions.
2016-03-31 13:22:21 +02:00
Andrea Dell'Amico
8023613031
ckan -> library/roles/ckan
...
postgresql_extensions -> library/roles/postgresql_extensions
d4science-ghn-cluster: The ganglia, nagios and iptables roles are now dependencies of the 'common' role.
2016-03-26 17:06:06 +01:00
Andrea Dell'Amico
1dfc4a8a79
dnet-openaire/mongodb.yml: Migrate to version 3.2 from 2.4.
...
library/roles/mongodb-org-3.2: Support to upgrade from version 3.0. Fix the repo installation.
library/roles/mongodb-org-3/tasks/mongodb.yml: Fix the repository installation.
library/roles/mongodb-org/tasks/mongodb.yml: Fix the repository installation.
library/roles/mongodb/tasks/main.yml: Fix the repository installation.
2016-03-25 18:04:45 +01:00
Andrea Dell'Amico
52f5f22c76
library/roles/gitblit: Startup service, sleep during restart otherwise the start part fails silently, ldap authentication in gitblit.properties.
2016-03-25 17:33:35 +01:00
Andrea Dell'Amico
58e2b19ece
library/roles/gitblit: Setup the service script and the main properties template.
2016-03-24 19:36:26 +01:00
Andrea Dell'Amico
d8d226a5f2
library/roles/mongodb-org/tasks/mongodb.yml: Some cleanup.
2016-03-24 19:35:34 +01:00
Andrea Dell'Amico
2b451cdda2
library/roles/mongodb-org-3: Better templating. Pass additional parameters with /etc/default/mongod. Removed the old configuration templates.
2016-03-24 19:34:19 +01:00
Andrea Dell'Amico
3428052604
library/roles/mongodb-org/defaults/main.yml: /etc/default/mongod is now a template.
...
dnet-openaire/inventory/hosts: node7.t.openaire is not used anymore.
dnet-openaire/inventory/hosts.stdl: The project ended.
2016-03-24 15:41:14 +01:00
Andrea Dell'Amico
04c07fa3a4
infrastructure-services/roles/nginx-frontend/templates/code-repo.d4science.org-virtualhost.j2: Virtualhost to proxy gitblit and gerrit.
...
library/roles/gitblit: More gitblit configuration setup.
library/roles/postgresql/tasks/manage_pg_db.yml: disable the task that manages extensions. The conditional cannot work.
2016-03-24 11:54:19 +01:00
Andrea Dell'Amico
24e7fe23e7
library/roles/mongodb-org-3.2, library/roles/mongodb-org-3: Enable ganglia authentication against mongo.
...
d4science-ghn-cluster/group_vars/mongo_cluster_prod/ganglia.yml: Enable authentication.
2016-03-21 18:38:45 +01:00
Andrea Dell'Amico
4067c73b99
library/roles/mysql/templates/mysql-backup.cron.j2, library/roles/postgresql/files/postgresql-backup.cron: do not perform backups if backuppc is running successfully.
2016-03-21 14:40:56 +01:00
Andrea Dell'Amico
3c615980ef
library/roles/tomcat-multiple-instances/templates/tomcat-server.xml.j2, library/roles/tomcat/templates/tomcat-server.xml.j2: Support the x-forwarded-for header in the access_log configuration.
2016-03-18 18:18:49 +01:00
Andrea Dell'Amico
0065b6a1b0
d4science-ghn-cluster/roles/nginx-frontend/templates/dataminer1-d-d4s.d4science.org-virtualhost.j2: Modify the log format to be http compliant.
...
library/roles/mysql/tasks/manage_my_db.yml: Manage additional grant privileges.
library/vars/isti-global.yml: Add the IP of analytics.d4science.org.
2016-03-18 17:01:13 +01:00
Andrea Dell'Amico
c84512a4f0
library/roles/mysql: Ansible 2 compatibility. Manage a different data directory.
...
library/roles/php-fpm: Ansible 2 compatibility.
library/roles/piwik: Install and configure a piwik instance.
infrastructure-services: Install a piwik instance as analytics.d4science.org.
2016-03-17 21:35:04 +01:00
Andrea Dell'Amico
600b8eb864
cm, infrastructure-services, library/roles/ansible_ppa: Fix the ansible configuration parameters.
2016-03-15 20:53:47 +01:00
Andrea Dell'Amico
eb23e1d714
infrastructure-services: Same ganglia cluster for all.
...
infrastructure-services/roles/shell_servers: Install the foreman callback for ansible.
library/roles/ansible_ppa, library/roles/nagios: Ansible 2 compatibility fixes.
2016-03-15 20:25:54 +01:00