Skip to content
Snippets Groups Projects
Commit 90be3710 authored by Nicolas KAROLAK's avatar Nicolas KAROLAK
Browse files

simplify roles organization and renames

parent eba3e448
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 109 additions and 130 deletions
roles/monitor/defaults/main.yml roles/msmonitor/defaults/main.yml
+ 0
0
View file @ 90be3710
File moved
roles/monitor/handlers/main.yml roles/msmonitor/handlers/main.yml
+ 0
0
View file @ 90be3710
File moved
roles/msmonitor/meta/main.yml 0 → 100644
+ 7
0
View file @ 90be3710
---
dependencies:
- role: base
- role: nginx
...
roles/monitor/tasks/main.yml roles/msmonitor/tasks/main.yml
+ 2
0
View file @ 90be3710
...@@ -67,4 +67,6 @@ ...@@ -67,4 +67,6 @@
include_role: include_role:
name: ferm name: ferm
- meta: flush_handlers
... ...
roles/netcapture/defaults/main.yml
+ 6
0
View file @ 90be3710
...@@ -11,4 +11,10 @@ netcapture_hw_acceleration: false ...@@ -11,4 +11,10 @@ netcapture_hw_acceleration: false
netcapture_miris_user_pwd: "{{ lookup('password', '/tmp/passwordfile length=12 chars=ascii_letters,digits') }}" netcapture_miris_user_pwd: "{{ lookup('password', '/tmp/passwordfile length=12 chars=ascii_letters,digits') }}"
netcapture_miris_auth: true netcapture_miris_auth: true
netcapture_firewall_enabled: true
netcapture_ferm_rules_filename: netcapture
netcapture_ferm_input_rules: []
netcapture_ferm_output_rules: []
netcapture_ferm_global_settings:
... ...
roles/netcapture/meta/main.yml 0 → 100644
+ 6
0
View file @ 90be3710
---
dependencies:
- role: base
...
roles/netcapture/tasks/main.yml
+ 16
5
View file @ 90be3710
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
- name: requirements install - name: requirements install
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: name:
- apt-transport-https - apt-transport-https
- ca-certificates - ca-certificates
...@@ -10,7 +11,6 @@ ...@@ -10,7 +11,6 @@
- gnupg-agent - gnupg-agent
- lsb-release - lsb-release
- software-properties-common - software-properties-common
state: present
- name: docker repo key - name: docker repo key
apt_key: apt_key:
...@@ -26,8 +26,8 @@ ...@@ -26,8 +26,8 @@
- name: docker install - name: docker install
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: docker-ce name: docker-ce
state: present
- name: docker service - name: docker service
systemd: systemd:
...@@ -38,8 +38,8 @@ ...@@ -38,8 +38,8 @@
- name: netcapture install - name: netcapture install
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: python3-miris-netcapture name: python3-miris-netcapture
state: present
- name: netcapture config - name: netcapture config
template: template:
...@@ -67,7 +67,18 @@ ...@@ -67,7 +67,18 @@
recurse: true recurse: true
state: directory state: directory
# TODO: add fail2ban ? # FIREWALL
# TODO: add firewall
- name: firewall
when: netcapture_firewall_enabled
vars:
ferm_rules_filename: "{{ netcapture_ferm_rules_filename }}"
ferm_input_rules: "{{ netcapture_ferm_input_rules }}"
ferm_output_rules: "{{ netcapture_ferm_output_rules }}"
ferm_global_settings: "{{ netcapture_ferm_global_settings }}"
include_role:
name: ferm
- meta: flush_handlers
... ...
roles/network/defaults/main.yml
+ 4
4
View file @ 90be3710
...@@ -8,11 +8,11 @@ network_packages: ...@@ -8,11 +8,11 @@ network_packages:
- network-manager - network-manager
- python3-dbus - python3-dbus
network_ip: "{{ lookup('env', 'NETWORK_IP') | ipaddr }}" network_ip: "{{ envsetup_network_ip | d() }}"
network_mask: "{{ lookup('env', 'NETWORK_MASK') }}" network_mask: "{{ envsetup_network_mask | d() }}"
network_ip_mask: "{{ network_ip }}/{{ network_mask }}" network_ip_mask: "{{ network_ip }}/{{ network_mask }}"
network_ip_mask_cidr: "{{ network_ip_mask | ipaddr }}" network_ip_mask_cidr: "{{ network_ip_mask | ipaddr }}"
network_gateway: "{{ lookup('env', 'NETWORK_GATEWAY') | ipaddr }}" network_gateway: "{{ envsetup_network_gateway | d() }}"
network_dns: "{{ lookup('env', 'NETWORK_DNS').split(',') | ipaddr }}" network_dns: "{{ envsetup_network_dns.split(',') | d() }}"
... ...
roles/network/tasks/main.yml
+ 1
11
View file @ 90be3710
...@@ -9,20 +9,10 @@ ...@@ -9,20 +9,10 @@
- network_dns | d(false) - network_dns | d(false)
block: block:
# Was needed when using ifupdown but probably not with network-manager
# - name: prevent dhclient to erase dns config
# copy:
# dest: /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
# mode: 0755
# content: |
# #!/bin/sh
# make_resolv_conf() {
# :
# }
- name: packages - name: packages
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: "{{ network_packages }}" name: "{{ network_packages }}"
state: present state: present
......
roles/nginx/defaults/main.yml
+ 0
2
View file @ 90be3710
...@@ -5,8 +5,6 @@ nginx_packages: ...@@ -5,8 +5,6 @@ nginx_packages:
- uwsgi - uwsgi
- uwsgi-plugin-python3 - uwsgi-plugin-python3
nginx_server_name:
nginx_ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem nginx_ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
nginx_ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key nginx_ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key
......
roles/nginx/handlers/main.yml
+ 1
1
View file @ 90be3710
--- ---
- name: restart nginx - name: restart nginx
service: systemd:
name: nginx name: nginx
state: restarted state: restarted
......
roles/nginx/tasks/_certs.yml deleted 100644 → 0
+ 0
41
View file @ eba3e448
---
- name: nginx check old ssl conf exists
register: nginx_old_ssl_conf
stat:
path: /etc/nginx/conf.d/ssl.conf
- name: nginx migrate old ssl certificate conf
when: nginx_old_ssl_conf.stat.exists
notify: restart nginx
loop:
- grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
- mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
command: "{{ item }}"
- name: nginx check ssl cert conf exists
register: nginx_ssl_cert_conf
stat:
path: /etc/nginx/conf.d/ssl_certificate.conf
- name: nginx update ssl certificate conf
when:
- nginx_ssl_cert_conf.stat.exists
- nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
notify: restart nginx
lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
line: 'ssl_certificate {{ nginx_ssl_certificate }};'
- name: nginx update ssl certificate key conf
when:
- nginx_ssl_cert_conf.stat.exists
- nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
notify: restart nginx
lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
...
roles/nginx/tasks/_config.yml deleted 100644 → 0
+ 0
12
View file @ eba3e448
---
- name: nginx remove default vhost
notify: restart nginx
loop:
- /etc/nginx/sites-enabled/default
- /etc/nginx/sites-enabled/default.conf
file:
path: "{{ item }}"
state: absent
...
roles/nginx/tasks/_install.yml deleted 100644 → 0
+ 0
16
View file @ eba3e448
---
- name: remove apache
apt:
force_apt_get: true
name: apache2
state: absent
- name: nginx install
apt:
force_apt_get: true
install_recommends: false
name: "{{ nginx_packages }}"
state: present
...
roles/nginx/tasks/main.yml
+ 54
9
View file @ 90be3710
--- ---
- include_tasks: _install.yml - name: nginx install
- include_tasks: _config.yml apt:
- include_tasks: _certs.yml force_apt_get: true
install_recommends: false
- name: ensure nginx is running name: "{{ nginx_packages }}"
service: state: present
name: nginx
enabled: true - name: nginx remove default vhost
state: started notify: restart nginx
loop:
- /etc/nginx/sites-enabled/default
- /etc/nginx/sites-enabled/default.conf
file:
path: "{{ item }}"
state: absent
- name: nginx check old ssl conf exists
register: nginx_old_ssl_conf
stat:
path: /etc/nginx/conf.d/ssl.conf
- name: nginx migrate old ssl certificate conf
when: nginx_old_ssl_conf.stat.exists
notify: restart nginx
loop:
- grep ssl_certificate /etc/nginx/conf.d/ssl.conf > /etc/nginx/conf.d/ssl_certificate.conf
- mv /etc/nginx/conf.d/ssl.conf /etc/nginx/conf.d/ssl.conf.old
command:
cmd: "{{ item }}"
- name: nginx check ssl cert conf exists
register: nginx_ssl_cert_conf
stat:
path: /etc/nginx/conf.d/ssl_certificate.conf
- name: nginx update ssl certificate conf
when:
- nginx_ssl_cert_conf.stat.exists
- nginx_ssl_certificate != "/etc/ssl/certs/ssl-cert-snakeoil.pem"
notify: restart nginx
lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
line: 'ssl_certificate {{ nginx_ssl_certificate }};'
- name: nginx update ssl certificate key conf
when:
- nginx_ssl_cert_conf.stat.exists
- nginx_ssl_certificate_key != "/etc/ssl/private/ssl-cert-snakeoil.key"
notify: restart nginx
lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
line: 'ssl_certificate_key {{ nginx_ssl_certificate_key }};'
... ...
roles/postgres/tasks/main.yml
+ 2
14
View file @ 90be3710
--- ---
- name: ansible postgresql requirements install - name: ansible postgresql requirements install
when:
- postgres_host == "127.0.0.1" or postgres_host == "localhost"
- postgres_port == "5432"
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false install_recommends: false
name: python3-psycopg2 name: python3-psycopg2
state: present
- name: postgresql install - name: postgresql install
when:
- postgres_host == "127.0.0.1" or postgres_host == "localhost"
- postgres_port == "5432"
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false install_recommends: false
name: postgresql name: postgresql
state: present
- name: ensure postgresql is running - name: ensure postgresql is running
when:
- postgres_host == "127.0.0.1" or postgres_host == "localhost"
- postgres_port == "5432"
service: service:
name: postgresql name: postgresql
state: started state: started
- name: postgresql set superuser password - name: postgresql set superuser password
when:
- postgres_host == "127.0.0.1" or postgres_host == "localhost"
- postgres_port == "5432"
become: true become: true
become_user: postgres become_user: postgres
postgresql_user: postgresql_user:
...@@ -50,4 +36,6 @@ ...@@ -50,4 +36,6 @@
include_role: include_role:
name: ferm name: ferm
- meta: flush_handlers
... ...
roles/proxy/tasks/main.yml
+ 1
1
View file @ 90be3710
...@@ -39,8 +39,8 @@ ...@@ -39,8 +39,8 @@
- name: install git - name: install git
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: git name: git
state: present
- name: git - name: git
loop: loop:
......
roles/python/tasks/main.yml deleted 100644 → 0
+ 0
13
View file @ eba3e448
---
- name: install python3
register: python_install
changed_when:
- "'doing' in python_install.stdout_lines"
- "'pass' not in python_install.stdout_lines"
loop:
- command -v python3 || ( command -v yum && echo doing && yum install -y epel-release && yum install -y python36 ) || echo pass
- command -v python3 || ( command -v apt && echo doing && apt update && apt install -y python3-minimal python3-apt ) || echo pass
raw: "{{ item }}"
...
roles/wowza/meta/main.yml 0 → 100644
+ 6
0
View file @ 90be3710
---
dependencies:
- role: base
...
roles/wowza/tasks/main.yml
+ 3
1
View file @ 90be3710
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
- name: install wowza requirements - name: install wowza requirements
apt: apt:
force_apt_get: true force_apt_get: true
install_recommends: false
name: "{{ wowza_requirements }}" name: "{{ wowza_requirements }}"
state: "present"
- name: install wowza - name: install wowza
apt: apt:
...@@ -119,4 +119,6 @@ ...@@ -119,4 +119,6 @@
include_role: include_role:
name: ferm name: ferm
- meta: flush_handlers
... ...
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment