From a73b69154541b213297bd1acc726ae83c90c0b0f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 16 Nov 2017 16:05:22 +0100 Subject: [PATCH 01/40] sis_geotk_dt_plugin: We must download and install both the uber jar and the plugin jar. --- .../sis_geotk_dt_plugin/defaults/main.yml | 5 ++-- smartgears/sis_geotk_dt_plugin/tasks/main.yml | 24 ++++++++++++++----- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/smartgears/sis_geotk_dt_plugin/defaults/main.yml b/smartgears/sis_geotk_dt_plugin/defaults/main.yml index fe7e0674..93bedc91 100644 --- a/smartgears/sis_geotk_dt_plugin/defaults/main.yml +++ b/smartgears/sis_geotk_dt_plugin/defaults/main.yml @@ -6,8 +6,9 @@ sis_geotk_dt_plugin_group_id : org.gcube.data.transfer sis_geotk_dt_plugin_artifact_id : '{{ sis_geotk_dt_plugin_name }}' sis_geotk_dt_plugin_version : latest sis_geotk_dt_plugin_extension: jar -sis_geotk_dt_plugin_classifier: jar-with-dependencies -sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-jar-with-dependencies.{{ sis_geotk_dt_plugin_extension }}' +sis_geotk_dt_plugin_classifier: uberjar +sis_geotk_dt_plugin_uber_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}-{{ sis_geotk_dt_plugin_classifier }}.{{ sis_geotk_dt_plugin_extension }}' +sis_geotk_dt_plugin_file: '{{ sis_geotk_dt_plugin_name }}-{{ sis_geotk_dt_plugin_version }}.{{ sis_geotk_dt_plugin_extension }}' catalina_apps_conf: - { app_name: '{{ data_trasfer_service_name }}', plugin_name: '{{ sis_geotk_dt_plugin_name }}' } diff --git a/smartgears/sis_geotk_dt_plugin/tasks/main.yml b/smartgears/sis_geotk_dt_plugin/tasks/main.yml index 4fbd92a8..d64e5ea2 100644 --- a/smartgears/sis_geotk_dt_plugin/tasks/main.yml +++ b/smartgears/sis_geotk_dt_plugin/tasks/main.yml @@ -9,24 +9,36 @@ tags: [ 'smartgears', 'sis_geotk', 'tomcat' ] - block: - - name: Create the plugin directory inside data transfer - file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory + - name: Get the Sis geotk data transfer uber plugin + maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} + register: sis_geotk_download - - name: Get the Sis geotk data transfer plugin - maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version | default(omit) }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} + - name: Get the Sis geotk data transfer uber plugin + maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} register: sis_geotk_download - name: Remove the old Sis geotk data transfer plugin file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=absent when: (sis_geotk_download | changed) + - name: Create the plugin directory inside data transfer + file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory + - name: Copy the Sis geotk data transfer plugin to its final destination copy: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ sis_geotk_dt_plugin_file }} remote_src=yes notify: Restart smartgears - - name: Unarchive the Sis geotk data transfer plugin to expose its libraries - unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no + - name: Unarchive the Sis geotk data transfer uber plugin to expose its libraries + unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no when: (sis_geotk_download | changed) + notify: Restart smartgears + + - name: Remove the Sis geotk uber jar org and META-INF directories + file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent + with_items: + - org + - 'META-INF' + notify: Restart smartgears become: True become_user: '{{ smartgears_user }}' From 098e64504199eada53cc62de777a3b45bf32d477 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 16 Nov 2017 16:24:28 +0100 Subject: [PATCH 02/40] sis_geotk_dt_plugin: use the keep_name=yes variable to keep the version name of the plugin jar. --- smartgears/sis_geotk_dt_plugin/tasks/main.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/smartgears/sis_geotk_dt_plugin/tasks/main.yml b/smartgears/sis_geotk_dt_plugin/tasks/main.yml index d64e5ea2..d196376c 100644 --- a/smartgears/sis_geotk_dt_plugin/tasks/main.yml +++ b/smartgears/sis_geotk_dt_plugin/tasks/main.yml @@ -9,10 +9,6 @@ tags: [ 'smartgears', 'sis_geotk', 'tomcat' ] - block: - - name: Get the Sis geotk data transfer uber plugin - maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} - register: sis_geotk_download - - name: Get the Sis geotk data transfer uber plugin maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} register: sis_geotk_download @@ -24,15 +20,15 @@ - name: Create the plugin directory inside data transfer file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=directory - - name: Copy the Sis geotk data transfer plugin to its final destination - copy: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ sis_geotk_dt_plugin_file }} remote_src=yes - notify: Restart smartgears - - name: Unarchive the Sis geotk data transfer uber plugin to expose its libraries unarchive: src={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/ copy=no when: (sis_geotk_download | changed) notify: Restart smartgears + - name: Get the Sis geotk data transfer uber plugin + maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes + when: (sis_geotk_download | changed) + - name: Remove the Sis geotk uber jar org and META-INF directories file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent with_items: From 14960384b2797966c8591edafedba177da52e11e Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 16 Nov 2017 16:37:36 +0100 Subject: [PATCH 03/40] sis_geotk_dt_plugin: Fix the file names in the various tasks. --- smartgears/sis_geotk_dt_plugin/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/smartgears/sis_geotk_dt_plugin/tasks/main.yml b/smartgears/sis_geotk_dt_plugin/tasks/main.yml index d196376c..e69954e7 100644 --- a/smartgears/sis_geotk_dt_plugin/tasks/main.yml +++ b/smartgears/sis_geotk_dt_plugin/tasks/main.yml @@ -10,8 +10,8 @@ - block: - name: Get the Sis geotk data transfer uber plugin - maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_file }} - register: sis_geotk_download + maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ sis_geotk_dt_plugin_uber_file }} + register: sis_geotk_download - name: Remove the old Sis geotk data transfer plugin file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} state=absent @@ -26,8 +26,7 @@ notify: Restart smartgears - name: Get the Sis geotk data transfer uber plugin - maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} classifier={{ sis_geotk_dt_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes - when: (sis_geotk_download | changed) + maven_artifact: artifact_id={{ sis_geotk_dt_plugin_name }} version={{ sis_geotk_dt_plugin_version }} group_id={{ sis_geotk_dt_plugin_group_id }} extension={{ sis_geotk_dt_plugin_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }} keep_name=yes - name: Remove the Sis geotk uber jar org and META-INF directories file: dest={{ smartgears_instance_path }}/webapps/{{ data_trasfer_service_name }}/WEB-INF/lib/plugins/{{ sis_geotk_dt_plugin_name }}/{{ item }} state=absent From 76380acdfe803da6f5201996cf8269abfbacc32f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 16 Nov 2017 20:15:16 +0100 Subject: [PATCH 04/40] shinyproxy: update the version number. --- shinyproxy/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shinyproxy/defaults/main.yml b/shinyproxy/defaults/main.yml index 4d0105f3..1452b58b 100644 --- a/shinyproxy/defaults/main.yml +++ b/shinyproxy/defaults/main.yml @@ -1,6 +1,6 @@ --- shinyproxy_install: False -shinyproxy_version: 1.0.0 +shinyproxy_version: 1.0.2 shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar' shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}' shinyproxy_app_name: shinyproxy.jar From 33fe3715b6c2548cccfdb177ef676a4fbc66ac16 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 17 Nov 2017 11:59:42 +0100 Subject: [PATCH 05/40] letsencrypt changed the TOS document. --- letsencrypt-acmetool-client/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/letsencrypt-acmetool-client/defaults/main.yml b/letsencrypt-acmetool-client/defaults/main.yml index 14951eb8..2d7da682 100644 --- a/letsencrypt-acmetool-client/defaults/main.yml +++ b/letsencrypt-acmetool-client/defaults/main.yml @@ -22,7 +22,8 @@ letsencrypt_acme_certs_dir: '{{ letsencrypt_acme_user_home }}/live/{{ ansible_fq letsencrypt_acme_services_scripts_dir: /usr/lib/acme/hooks # responses parameters -letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf' +#letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf' +letsencrypt_tos_url: 'https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' letsencrypt_acme_agree_tos: true letsencrypt_acme_rsa_key_size: 4096 letsencrypt_ocsp_must_staple: True From f1b286dbe066d4523f06531cf0305fa128fe9efb Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 17 Nov 2017 13:11:48 +0100 Subject: [PATCH 06/40] letsencrypt: add a specific tag for the user task. --- letsencrypt-acmetool-client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml index 8c17a575..d0e9ffde 100644 --- a/letsencrypt-acmetool-client/tasks/main.yml +++ b/letsencrypt-acmetool-client/tasks/main.yml @@ -28,7 +28,7 @@ - name: Create the letsencrypt acme user user: name={{ letsencrypt_acme_user }} home={{ letsencrypt_acme_user_home }} createhome=no shell=/usr/sbin/nologin system=yes when: letsencrypt_acme_install - tags: letsencrypt + tags: [ 'letsencrypt', 'letsencrypt_user' ] - name: Create the letsencrypt acme home, if it does not exist already. In a separate step because it could be already there. file: dest={{ letsencrypt_acme_user_home }} owner={{ letsencrypt_acme_user }} group={{ letsencrypt_acme_user }} state=directory recurse=yes From a4b26717eec0a00e8445c152cc2de68e42627251 Mon Sep 17 00:00:00 2001 From: Roberto Date: Fri, 17 Nov 2017 17:27:28 +0100 Subject: [PATCH 07/40] inventory/hosts.production add quota plugin host smartgears-node-upgrade.yml, smartgears-node.yml add new role for quota plugin --- .../defaults/main.yml | 11 ------- .../tasks/main.yml | 29 ------------------- smartgears/quota_se_plugin/defaults/main.yml | 11 +++++++ smartgears/quota_se_plugin/tasks/main.yml | 29 +++++++++++++++++++ 4 files changed, 40 insertions(+), 40 deletions(-) delete mode 100644 smartgears/accounting_insert_storage_se_plugin/defaults/main.yml delete mode 100644 smartgears/accounting_insert_storage_se_plugin/tasks/main.yml create mode 100644 smartgears/quota_se_plugin/defaults/main.yml create mode 100644 smartgears/quota_se_plugin/tasks/main.yml diff --git a/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml b/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml deleted file mode 100644 index 464de925..00000000 --- a/smartgears/accounting_insert_storage_se_plugin/defaults/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -accounting_insert_storage_se_plugin_install: False -accounting_insert_storage_se_plugin_upgrade: False - -accounting_insert_storage_se_plugin_name: accounting-insert-storage-se-plugin -accounting_insert_storage_se_plugin_group_id: org.gcube.accounting -accounting_insert_storage_se_plugin_version : 1.0.1-4.5.0-148393 -accounting_insert_storage_se_plugin_artifact_id: accounting-insert-storage-se-plugin -accounting_insert_storage_se_plugin_extension: jar -accounting_insert_storage_se_plugin_classifier: jar-with-dependencies -accounting_insert_storage_se_plugin_file: '{{ accounting_insert_storage_se_plugin_name }}-{{ accounting_insert_storage_se_plugin_version }}-{{ accounting_insert_storage_se_plugin_classifier }}.{{ accounting_insert_storage_se_plugin_extension }}' diff --git a/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml b/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml deleted file mode 100644 index c9d6da19..00000000 --- a/smartgears/accounting_insert_storage_se_plugin/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- block: - - name: Remove the old accounting insert storage plugin - shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar - notify: Restart smartgears - - become: True - become_user: '{{ smartgears_user }}' - when: not accounting_insert_storage_se_plugin_install - tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ] - -- block: - - name: Get the accounting insert storage plugin and install it inside the smart executor - maven_artifact: artifact_id={{ accounting_insert_storage_se_plugin_name }} version={{ accounting_insert_storage_se_plugin_version | default(omit) }} group_id={{ accounting_insert_storage_se_plugin_group_id }} extension={{ accounting_insert_storage_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ accounting_insert_storage_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }} - register: accounting_insert_storage_download - - - name: Remove the old accounting insert storage plugin - shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar - when: (accounting_insert_storage_download | changed) - - - name: Copy the accounting aggregator plugin to its final destination - copy: src={{ smartgears_downloads_dir }}/{{ accounting_insert_storage_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_storage_se_plugin_file }} remote_src=yes - notify: Restart smartgears - - become: True - become_user: '{{ smartgears_user }}' - when: accounting_insert_storage_se_plugin_install - tags: [ 'smartgears', 'accounting_insert_storage_se', 'tomcat' ] - diff --git a/smartgears/quota_se_plugin/defaults/main.yml b/smartgears/quota_se_plugin/defaults/main.yml new file mode 100644 index 00000000..60e92c21 --- /dev/null +++ b/smartgears/quota_se_plugin/defaults/main.yml @@ -0,0 +1,11 @@ +--- +quota_se_plugin_install: False +quota_se_plugin_upgrade: False + +quota_se_plugin_name: accounting-insert-storage-se-plugin +quota_se_plugin_group_id: org.gcube.accounting +quota_se_plugin_version : 1.0.1-4.5.0-148393 +quota_se_plugin_artifact_id: accounting-insert-storage-se-plugin +quota_se_plugin_extension: jar +quota_se_plugin_classifier: jar-with-dependencies +quota_se_plugin_file: '{{ quota_se_plugin_name }}-{{ quota_se_plugin_version }}-{{ quota_se_plugin_classifier }}.{{ quota_se_plugin_extension }}' diff --git a/smartgears/quota_se_plugin/tasks/main.yml b/smartgears/quota_se_plugin/tasks/main.yml new file mode 100644 index 00000000..0b806314 --- /dev/null +++ b/smartgears/quota_se_plugin/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- block: + - name: Remove the old quota plugin + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_artifact_id }}-*-jar-with-dependencies.jar + notify: Restart smartgears + + become: True + become_user: '{{ smartgears_user }}' + when: not quota_se_plugin_install + tags: [ 'smartgears', 'quota_se', 'tomcat' ] + +- block: + - name: Get the quota plugin and install it inside the smart executor + maven_artifact: artifact_id={{ quota_se_plugin_name }} version={{ quota_se_plugin_version | default(omit) }} group_id={{ quota_se_plugin_group_id }} extension={{ quota_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ quota_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }} + register: quota_storage_download + + - name: Remove the old quota plugin + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar + when: (quota_storage_download | changed) + + - name: Copy the quota plugin to its final destination + copy: src={{ smartgears_downloads_dir }}/{{ quota_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ quota_se_plugin_file }} remote_src=yes + notify: Restart smartgears + + become: True + become_user: '{{ smartgears_user }}' + when: quota_se_plugin_install + tags: [ 'smartgears', 'quota_se', 'tomcat' ] + From 2827ff5a8629601b3c1902e195b33814eadced4a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 19 Nov 2017 15:06:59 +0100 Subject: [PATCH 08/40] docker: install the python utilities needed by ansible. --- docker/meta/main.yml | 3 +++ docker/vars/main.yml | 6 ++++++ 2 files changed, 9 insertions(+) create mode 100644 docker/meta/main.yml create mode 100644 docker/vars/main.yml diff --git a/docker/meta/main.yml b/docker/meta/main.yml new file mode 100644 index 00000000..6a91b6e1 --- /dev/null +++ b/docker/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: '../../library/roles/python-env' diff --git a/docker/vars/main.yml b/docker/vars/main.yml new file mode 100644 index 00000000..4b7fefdb --- /dev/null +++ b/docker/vars/main.yml @@ -0,0 +1,6 @@ +--- +py_env_install: True +py_env_pip_pkgs: + - docker-compose + - docker-py + From 3af64a455920a96feea56897a9f1212565dd6046 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 19 Nov 2017 16:39:59 +0100 Subject: [PATCH 09/40] rename the logstash-rsyslog playbook to rsyslog-logstash. --- {logstash-rsyslog => rsyslog-logstash}/defaults/main.yml | 0 {logstash-rsyslog => rsyslog-logstash}/handlers/main.yml | 0 {logstash-rsyslog => rsyslog-logstash}/tasks/main.yml | 0 .../templates/old-rsyslog-logstash.conf.j2 | 0 .../templates/rsyslog-logstash.conf.j2 | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {logstash-rsyslog => rsyslog-logstash}/defaults/main.yml (100%) rename {logstash-rsyslog => rsyslog-logstash}/handlers/main.yml (100%) rename {logstash-rsyslog => rsyslog-logstash}/tasks/main.yml (100%) rename {logstash-rsyslog => rsyslog-logstash}/templates/old-rsyslog-logstash.conf.j2 (100%) rename {logstash-rsyslog => rsyslog-logstash}/templates/rsyslog-logstash.conf.j2 (100%) diff --git a/logstash-rsyslog/defaults/main.yml b/rsyslog-logstash/defaults/main.yml similarity index 100% rename from logstash-rsyslog/defaults/main.yml rename to rsyslog-logstash/defaults/main.yml diff --git a/logstash-rsyslog/handlers/main.yml b/rsyslog-logstash/handlers/main.yml similarity index 100% rename from logstash-rsyslog/handlers/main.yml rename to rsyslog-logstash/handlers/main.yml diff --git a/logstash-rsyslog/tasks/main.yml b/rsyslog-logstash/tasks/main.yml similarity index 100% rename from logstash-rsyslog/tasks/main.yml rename to rsyslog-logstash/tasks/main.yml diff --git a/logstash-rsyslog/templates/old-rsyslog-logstash.conf.j2 b/rsyslog-logstash/templates/old-rsyslog-logstash.conf.j2 similarity index 100% rename from logstash-rsyslog/templates/old-rsyslog-logstash.conf.j2 rename to rsyslog-logstash/templates/old-rsyslog-logstash.conf.j2 diff --git a/logstash-rsyslog/templates/rsyslog-logstash.conf.j2 b/rsyslog-logstash/templates/rsyslog-logstash.conf.j2 similarity index 100% rename from logstash-rsyslog/templates/rsyslog-logstash.conf.j2 rename to rsyslog-logstash/templates/rsyslog-logstash.conf.j2 From f543de74483c0fb3a8b948d2af138949bd1bac72 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 19 Nov 2017 16:40:43 +0100 Subject: [PATCH 10/40] Remove the role that installed the old letsencrypt client. --- letsencrypt-client/defaults/main.yml | 33 ------------ letsencrypt-client/tasks/main.yml | 50 ------------------- letsencrypt-client/templates/cli.ini.j2 | 10 ---- .../templates/letsencrypt-cert-request.sh.j2 | 45 ----------------- .../templates/letsencrypt-default.j2 | 8 --- 5 files changed, 146 deletions(-) delete mode 100644 letsencrypt-client/defaults/main.yml delete mode 100644 letsencrypt-client/tasks/main.yml delete mode 100644 letsencrypt-client/templates/cli.ini.j2 delete mode 100644 letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 delete mode 100644 letsencrypt-client/templates/letsencrypt-default.j2 diff --git a/letsencrypt-client/defaults/main.yml b/letsencrypt-client/defaults/main.yml deleted file mode 100644 index b740b07b..00000000 --- a/letsencrypt-client/defaults/main.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -letsencrypt_install: False -letsencrypt_git_repo: 'https://github.com/letsencrypt/letsencrypt' -letsencrypt_dest_dir: /opt -letsencrypt_update_repo: True -letsencrypt_prerequisites: - - git - - bc - -letsencrypt_auto: '{{ letsencrypt_dest_dir }}/letsencrypt/letsencrypt-auto' -letsencrypt_install_path: /root/.local/share/letsencrypt -letsencrypt_config_dir: /etc/letsencrypt -letsencrypt_certs_dir: '{{ letsencrypt_config_dir }}/live/{{ ansible_fqdn }}' -# In seconds. Default 7 days -letsencrypt_renew_before: 604800 -letsencrypt_logdir: /var/log/letsencrypt -# The various services maintainers need to put the reconfigure/restart scripts there -letsencrypt_services_scripts_dir: /usr/local/lib/letsencrypt - -# cli.ini parameters -letsencrypt_rsa_key_size: 4096 -letsencrypt_email: sysadmin@example.com -letsencrypt_authenticator: standalone -letsencrypt_standalone_supp_challenges: 'http-01' -letsencrypt_agree_tos: True -letsencrypt_verbose: False -letsencrypt_text_interface: True -# The first on the list gives the name to the certs live directory. -# If it is not the machine FQDN, change the letsencrypt_cert_dir definition. -letsencrypt_domains: '{{ ansible_fqdn }} example.com example.org' -letsencrypt_renew_by_default: True -letsencrypt_standalone_port: 9999 - diff --git a/letsencrypt-client/tasks/main.yml b/letsencrypt-client/tasks/main.yml deleted file mode 100644 index 6f5b2810..00000000 --- a/letsencrypt-client/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- name: Install the letsencrypt package dependencies - apt: name={{ item }} state=present - with_items: '{{ letsencrypt_prerequisites }}' - when: letsencrypt_install - tags: letsencrypt - -- name: Get the letsencrypt client - git: repo={{ letsencrypt_git_repo }} dest={{ letsencrypt_dest_dir }}/letsencrypt update={{ letsencrypt_update_repo }} - with_items: '{{ letsencrypt_prerequisites }}' - when: letsencrypt_install - tags: letsencrypt - -- name: letsencrypt initializaztion - command: '{{ letsencrypt_auto }}' - args: - creates: '{{ letsencrypt_install_path }}/bin/letsencrypt' - when: letsencrypt_install - tags: letsencrypt - -- name: Create the letsencrypt config directory - file: dest={{ letsencrypt_config_dir }} state=directory owner=root group=root mode=0755 - when: letsencrypt_install - tags: letsencrypt - -- name: Create the letsencrypt services scripts directory - file: dest={{ letsencrypt_services_scripts_dir }} state=directory owner=root group=root mode=0755 - when: letsencrypt_install - tags: letsencrypt - -- name: Install the letsencrypt cli.ini file - template: src=cli.ini.j2 dest={{ letsencrypt_config_dir }}/cli.ini owner=root group=root mode=0640 - when: letsencrypt_install - tags: letsencrypt - -- name: Install a default file that shell scripts can include - template: src=letsencrypt-default.j2 dest=/etc/default/letsencrypt owner=root group=root mode=0644 - when: letsencrypt_install - tags: letsencrypt - -- name: Install the command that asks for the certificates and their renewal - template: src=letsencrypt-cert-request.sh.j2 dest=/usr/local/sbin/letsencrypt-cert-request owner=root group=root mode=0550 - when: letsencrypt_install - tags: letsencrypt - -- name: Install a daily cron job to renew the certificates when needed - cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/sbin/letsencrypt-cert-request > {{ letsencrypt_logdir }}/letsencrypt-cert-cron.log 2>&1" - when: letsencrypt_install - tags: letsencrypt - diff --git a/letsencrypt-client/templates/cli.ini.j2 b/letsencrypt-client/templates/cli.ini.j2 deleted file mode 100644 index 0fffec63..00000000 --- a/letsencrypt-client/templates/cli.ini.j2 +++ /dev/null @@ -1,10 +0,0 @@ -rsa-key-size = {{ letsencrypt_rsa_key_size }} -email = {{ letsencrypt_email }} -authenticator = {{ letsencrypt_authenticator }} -standalone-supported-challenges = {{ letsencrypt_standalone_supp_challenges }} -agree-tos = {{ letsencrypt_agree_tos }} -{% if letsencrypt_verbose %} -verbose = {{ letsencrypt_verbose }} -{% endif %} -text = {{ letsencrypt_text_interface }} -renew-by-default = {{ letsencrypt_renew_by_default }} diff --git a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 b/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 deleted file mode 100644 index bd57ebd8..00000000 --- a/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2 +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -RENEW_BEFORE={{ letsencrypt_renew_before }} -LETSENCRYPT_BIN={{ letsencrypt_auto }} -LE_CERT_DIR={{ letsencrypt_certs_dir }} -LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }} -LOG_DIR={{ letsencrypt_logdir }} -VALIDITY_RETVAL=0 -DOMAINS="{{ letsencrypt_domains }}" -CERT_DOMAINS_LIST= -ACTION=certonly -RETVAL=0 - -# Check if the cert file exists. If not, it is a certificate request and not a renewal. -if [ -f $LE_CERT_DIR/cert.pem ] ; then - VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem ) - VALIDITY_RETVAL=$? - if [ $VALIDITY_RETVAL -eq 0 ] ; then - echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log - exit 0 - else - ACTION=renew - fi -fi - -if [ "$ACTION" === "certonly" ] ; then - for dom in $DOMAINS ; do - CERT_DOMAINS_LIST+=" -d $dom" - done -fi - -# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now -$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1 -RETVAL=$? - -# Run the reconfiguration scripts to make the involved services load the new certificate -for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do - if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then - echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log - $LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1 - fi -done - -exit 0 - diff --git a/letsencrypt-client/templates/letsencrypt-default.j2 b/letsencrypt-client/templates/letsencrypt-default.j2 deleted file mode 100644 index 1ee49c46..00000000 --- a/letsencrypt-client/templates/letsencrypt-default.j2 +++ /dev/null @@ -1,8 +0,0 @@ -RSA_KEY_SIZE={{ letsencrypt_rsa_key_size }} -LE_EMAIL={{ letsencrypt_email }} -LE_AUTHENTICATOR={{ letsencrypt_authenticator }} -LE_STANDALONE_SUPPORTED_CHALLENGES={{ letsencrypt_standalone_supp_challenges }} -LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }} -LE_COMMAND={{ letsencrypt_auto }} -LE_CERTS_DIR={{ letsencrypt_certs_dir }} -LE_LOG_DIR={{ letsencrypt_logdir }} From 4ecc39e18fb02c367cce11426e2771c7fc388ecf Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 20 Nov 2017 19:28:25 +0100 Subject: [PATCH 11/40] Fix a warning in the acmetool role. --- letsencrypt-acmetool-client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml index d0e9ffde..22887f42 100644 --- a/letsencrypt-acmetool-client/tasks/main.yml +++ b/letsencrypt-acmetool-client/tasks/main.yml @@ -93,7 +93,7 @@ capabilities: path=/usr/bin/acmetool capability=cap_net_bind_service+ep state=absent when: - letsencrypt_acme_install - - "'{{ letsencrypt_acme_authenticator }}' != 'listener'" + - letsencrypt_acme_authenticator != 'listener' ignore_errors: True tags: letsencrypt From 94eba820ae1d0e575204511dc12e9d0095fd58ec Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 21 Nov 2017 16:43:01 +0100 Subject: [PATCH 12/40] letsencrypt: sleep for at most 1200 seconds before running the certificate renewal script. --- letsencrypt-acmetool-client/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-acmetool-client/tasks/main.yml b/letsencrypt-acmetool-client/tasks/main.yml index 22887f42..100f1d33 100644 --- a/letsencrypt-acmetool-client/tasks/main.yml +++ b/letsencrypt-acmetool-client/tasks/main.yml @@ -125,7 +125,7 @@ - name: Install a daily cron job to renew the certificates when needed become: True become_user: '{{ letsencrypt_acme_user }}' - cron: name="Letsencrypt certificate renewal" special_time=daily job="/usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" + cron: name="Letsencrypt certificate renewal" special_time=daily job="SLEEP_SECONDS=$(echo $[($RANDOM %1200)]) ; sleep ${SLEEP_SECONDS} ; /usr/local/bin/acme-cert-request > {{ letsencrypt_acme_log_dir }}/acme-cron.log 2>&1" when: letsencrypt_acme_install tags: letsencrypt From af2f3f397c955ee3212a598fe388a06256235008 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 21 Nov 2017 18:06:23 +0100 Subject: [PATCH 13/40] postgresql: Fix the letsencrypt and ssl tasks so that ssl can be disabled. --- postgresql/defaults/main.yml | 17 +++++++++----- postgresql/files/pgpool-letsencrypt-acme.sh | 2 -- .../files/postgresql-letsencrypt-acme.sh | 2 -- postgresql/tasks/main.yml | 2 -- .../tasks/pgpool-letsencrypt-acmetool.yml | 20 +++++++++++------ .../tasks/postgresql-letsencrypt-acmetool.yml | 22 ++++++++++++------- postgresql/tasks/postgresql-ssl-config.yml | 18 ++++++++++++--- 7 files changed, 54 insertions(+), 29 deletions(-) diff --git a/postgresql/defaults/main.yml b/postgresql/defaults/main.yml index 2c46becf..cde0ff4f 100644 --- a/postgresql/defaults/main.yml +++ b/postgresql/defaults/main.yml @@ -62,12 +62,19 @@ psql_autovacuum_configuration: # SSL as a special case psql_enable_ssl: False psql_force_ssl_client_connection: False -postgresql_letsencrypt_managed: True -psql_conf_ssl_parameters: +postgresql_letsencrypt_managed: '{{ psql_enable_ssl }}' +psql_ssl_privkey_global_file: '/var/lib/acme/live/{{ ansible_fqdn }}/privkey' +psql_ssl_privkey_file: /etc/pki/postgresql/postgresql.key +psql_ssl_cert_file: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' +psql_ssl_ca_file: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' +psql_conf_ssl_parameters: - { name: 'ssl', value: 'true' } - - { name: 'ssl_cert_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/cert' } - - { name: 'ssl_key_file', value: '/etc/pki/postgresql/postgresql.key' } - - { name: 'ssl_ca_file', value: '/var/lib/acme/live/{{ ansible_fqdn }}/chain' } + - { name: 'ssl_cert_file', value: '{{ psql_ssl_cert_file }}' } + - { name: 'ssl_key_file', value: '{{ psql_ssl_privkey_path }}' } + - { name: 'ssl_ca_file', value: '{{ psql_ssl_ca_file }}' } + +psql_conf_disable_ssl_parameters: + - { name: 'ssl', value: 'false' } psql_set_shared_memory: False psql_sysctl_file: 30-postgresql-shm.conf diff --git a/postgresql/files/pgpool-letsencrypt-acme.sh b/postgresql/files/pgpool-letsencrypt-acme.sh index 3409f27e..38ac48b9 100644 --- a/postgresql/files/pgpool-letsencrypt-acme.sh +++ b/postgresql/files/pgpool-letsencrypt-acme.sh @@ -26,10 +26,8 @@ chgrp postgres ${PGPOOL2_KEYFILE} echo "Reload the pgpool2 service" >> $LE_LOG_DIR/pgpool2.log if [ -x /bin/systemctl ] ; then - sleep $RANDOM systemctl reload pgpool2 >> $LE_LOG_DIR/pgpool2.log 2>&1 else - sleep $RANDOM service pgpool2 reload >> $LE_LOG_DIR/pgpool2.log 2>&1 fi diff --git a/postgresql/files/postgresql-letsencrypt-acme.sh b/postgresql/files/postgresql-letsencrypt-acme.sh index bfacd724..a3c227ea 100644 --- a/postgresql/files/postgresql-letsencrypt-acme.sh +++ b/postgresql/files/postgresql-letsencrypt-acme.sh @@ -26,10 +26,8 @@ chgrp postgres ${POSTGRESQL_KEYFILE} echo "Restart the postgresql service" >> $LE_LOG_DIR/postgresql.log if [ -x /bin/systemctl ] ; then - sleep $RANDOM systemctl restart postgresql >> $LE_LOG_DIR/postgresql.log 2>&1 else - sleep $RANDOM service postgresql restart >> $LE_LOG_DIR/postgresql.log 2>&1 fi diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml index 91a94b02..f44fba2c 100644 --- a/postgresql/tasks/main.yml +++ b/postgresql/tasks/main.yml @@ -32,11 +32,9 @@ when: psql_pgpool_service_install - include: postgresql-letsencrypt-acmetool.yml when: - - postgresql_letsencrypt_managed - letsencrypt_acme_install is defined - include: pgpool-letsencrypt-acmetool.yml when: - - pgpool_letsencrypt_managed - letsencrypt_acme_install is defined diff --git a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml index f19b99b5..627e6e67 100644 --- a/postgresql/tasks/pgpool-letsencrypt-acmetool.yml +++ b/postgresql/tasks/pgpool-letsencrypt-acmetool.yml @@ -1,17 +1,23 @@ --- -- name: Create the acme hooks directory if it does not yet exist - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root +- block: + - name: Create the acme hooks directory if it does not yet exist + file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root + + - name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service + copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 + when: - psql_pgpool_service_install - pgpool_letsencrypt_managed - letsencrypt_acme_install tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] -- name: Install a script that fix the letsencrypt certificate for pgpool and then reloads the service - copy: src=pgpool-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/pgpool owner=root group=root mode=4555 + +- block: + - name: Remove the letsencrypt hook for pgpool + file: dest=/usr/lib/acme/hooks/pgpool state=absent + when: - psql_pgpool_service_install - - pgpool_letsencrypt_managed - - letsencrypt_acme_install + - not pgpool_letsencrypt_managed tags: [ 'postgresql', 'postgres', 'pgpool', 'letsencrypt' ] - diff --git a/postgresql/tasks/postgresql-letsencrypt-acmetool.yml b/postgresql/tasks/postgresql-letsencrypt-acmetool.yml index 2f9a3ac2..8531a461 100644 --- a/postgresql/tasks/postgresql-letsencrypt-acmetool.yml +++ b/postgresql/tasks/postgresql-letsencrypt-acmetool.yml @@ -1,15 +1,21 @@ --- -- name: Create the acme hooks directory if it does not yet exist - file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root +- block: + - name: Create the acme hooks directory if it does not yet exist + file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root + + - name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service + copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555 + when: - postgresql_letsencrypt_managed - letsencrypt_acme_install tags: [ 'postgresql', 'postgres', 'letsencrypt' ] -- name: Install a script that fix the letsencrypt certificate for postgresql and then restarts the service - copy: src=postgresql-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/postgresql owner=root group=root mode=4555 - when: - - postgresql_letsencrypt_managed - - letsencrypt_acme_install - tags: [ 'postgresql', 'postgres', 'letsencrypt' ] +- block: + - name: Remove the letsencrypt certificate hook for postgresql + file: dest=/usr/lib/acme/hooks/postgresql state=absent + + when: + - not postgresql_letsencrypt_managed + tags: [ 'postgresql', 'postgres', 'letsencrypt' ] diff --git a/postgresql/tasks/postgresql-ssl-config.yml b/postgresql/tasks/postgresql-ssl-config.yml index 4c0fba9e..d7fbfb32 100644 --- a/postgresql/tasks/postgresql-ssl-config.yml +++ b/postgresql/tasks/postgresql-ssl-config.yml @@ -1,6 +1,6 @@ --- - block: - - name: Setup ssl in the postgresql configuration + - name: Setup SSL in the postgresql configuration become: True become_user: postgres action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" @@ -11,7 +11,19 @@ file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750 - name: Create a postgres accessible ssl key file if it does not exist - copy: src=/var/lib/acme/live/{{ ansible_fqdn }}/privkey dest=/etc/pki/postgresql/postgresql.key owner=postgres group=postgres mode=0400 remote_src=True + copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True when: psql_enable_ssl - tags: [ 'postgresql', 'postgres', 'pg_conf' ] + tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ] + + +- block: + - name: Disable SSL in the postgresql configuration + become: True + become_user: postgres + action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'" + with_items: '{{ psql_conf_disable_ssl_parameters }}' + notify: Restart postgresql + + when: not psql_enable_ssl + tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ] From 861806eafd70cf72245f6e8592064fce7ff5d636 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 22 Nov 2017 17:48:35 +0100 Subject: [PATCH 14/40] tomcat: Add new variables to server.xml. See https://support.d4science.org/issues/10153. --- tomcat/defaults/main.yml | 5 +++++ tomcat/templates/tomcat-server.xml.j2 | 24 +++++++++++++++++++----- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/tomcat/defaults/main.yml b/tomcat/defaults/main.yml index 8f89f17a..1c1801e0 100644 --- a/tomcat/defaults/main.yml +++ b/tomcat/defaults/main.yml @@ -9,6 +9,7 @@ tomcat_pkgs: - libapr1 tomcat_user: tomcat7 tomcat_max_threads: 200 + tomcat_min_heap_size: 2048m tomcat_permgen_defined: True tomcat_heap_size: '{{ tomcat_min_heap_size }}' @@ -29,6 +30,10 @@ tomcat_ajp_enabled: False tomcat_ajp_port: 8009 tomcat_ajp_address: 127.0.0.1 tomcat_direct_access: False +tomcat_reverse_proxy_name_enabled: False +tomcat_reverse_proxy_name: '{{ ansible_fqdn }}' +tomcat_reverse_proxy_port: '{{ http_port | default(80) }}' +proxyName and proxyPort # There is a bug that kills tomcat after 50 days if the shutdown port is enabled # Disable the shutdown port by default #tomcat_shutdown_port: 8005 diff --git a/tomcat/templates/tomcat-server.xml.j2 b/tomcat/templates/tomcat-server.xml.j2 index 7007299c..d64761b2 100644 --- a/tomcat/templates/tomcat-server.xml.j2 +++ b/tomcat/templates/tomcat-server.xml.j2 @@ -62,8 +62,11 @@ {% if tomcat_http_enabled %} - + {% endif %} {% endif %} From 83f7276956499ae48ffa75fcdb15396db9bf723c Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 22 Nov 2017 17:49:26 +0100 Subject: [PATCH 15/40] tomcat defaults: fix a typo. --- tomcat/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tomcat/defaults/main.yml b/tomcat/defaults/main.yml index 1c1801e0..f7d67c7a 100644 --- a/tomcat/defaults/main.yml +++ b/tomcat/defaults/main.yml @@ -33,7 +33,6 @@ tomcat_direct_access: False tomcat_reverse_proxy_name_enabled: False tomcat_reverse_proxy_name: '{{ ansible_fqdn }}' tomcat_reverse_proxy_port: '{{ http_port | default(80) }}' -proxyName and proxyPort # There is a bug that kills tomcat after 50 days if the shutdown port is enabled # Disable the shutdown port by default #tomcat_shutdown_port: 8005 From 5d81cc4f57c0aaf36cb89673131df106d0f30cda Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 22 Nov 2017 18:00:27 +0100 Subject: [PATCH 16/40] tomcat multiple instances: add some variables, see https://support.d4science.org/issues/10153 --- tomcat-multiple-instances/defaults/main.yml | 4 ++++ .../templates/tomcat-server.xml.j2 | 22 ++++++++++++++++--- tomcat/templates/tomcat-server.xml.j2 | 1 + 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/tomcat-multiple-instances/defaults/main.yml b/tomcat-multiple-instances/defaults/main.yml index 65ffe372..27518624 100644 --- a/tomcat-multiple-instances/defaults/main.yml +++ b/tomcat-multiple-instances/defaults/main.yml @@ -31,6 +31,10 @@ tomcat_m_java_gc_opts: "-XX:+UseConcMarkSweepGC" # exactly one CPU chip that contains one or two cores, you should also add # the "-XX:+CMSIncrementalMode" option. #tomcat_m_other_java_opts: "-Djsse.enableSNIExtension=false" +tomcat_m_reverse_proxy_name_enabled: False +tomcat_m_reverse_proxy_name: '{{ ansible_fqdn }}' +tomcat_m_reverse_proxy_port: '{{ http_port | default(80) }}' + tomcat_m_other_java_opts: "" tomcat_m_webapps_autodeploy: False tomcat_m_webapps_unpack: False diff --git a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 index 32d71519..4b2751a6 100644 --- a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 +++ b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 @@ -38,8 +38,12 @@ {% if item.http_enabled %} - + {% endif %} {% endif %} {% if item.ajp_enabled %} {% endif %} diff --git a/tomcat/templates/tomcat-server.xml.j2 b/tomcat/templates/tomcat-server.xml.j2 index d64761b2..b3dc07d6 100644 --- a/tomcat/templates/tomcat-server.xml.j2 +++ b/tomcat/templates/tomcat-server.xml.j2 @@ -106,6 +106,7 @@ Date: Wed, 22 Nov 2017 18:21:58 +0100 Subject: [PATCH 17/40] Add a special case for varnish in the smartgears nginx template. See https://support.d4science.org/issues/10147 --- .../generic-smartgears-virtualhost.j2 | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 index a38dbabb..9774db37 100644 --- a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 +++ b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 @@ -69,6 +69,19 @@ server { {% if context != "whn-manager" %} {% if context != '' %} location /{{ context }} { + {% if varnish_install is defined and varnish_install %} + {% if varnish_listen_port is defined %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} {% if smartgears_nginx_cors_enabled %} include /etc/nginx/snippets/nginx-cors.conf; {% if nginx_cors_extended_rules %} @@ -79,6 +92,8 @@ server { {% else %} proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }}; {% endif %} + {% endif %} + {% endif %} } {% endif %} {% endif %} @@ -198,6 +213,19 @@ server { {% if context != "whn-manager" %} {% if context != '' %} location /{{ context }} { + {% if varnish_install is defined and varnish_install %} + {% if varnish_listen_port is defined %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} {% if smartgears_nginx_cors_enabled %} include /etc/nginx/snippets/nginx-cors.conf; {% if nginx_cors_extended_rules %} @@ -208,6 +236,8 @@ server { {% else %} proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }}; {% endif %} + {% endif %} + {% endif %} } {% endif %} {% endif %} From f3b2334f031c5d81755b35e88783967a546f7ca2 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 23 Nov 2017 11:59:52 +0100 Subject: [PATCH 18/40] fix a typo. --- tomcat-multiple-instances/templates/tomcat-server.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 index 4b2751a6..ed83067a 100644 --- a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 +++ b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 @@ -62,7 +62,7 @@ URIEncoding="UTF-8" bindOnInit="false" address="{{ item.http_address }}" port="{{ item.http_port }}" protocol="HTTP/1.1" maxPostSize="{{ item.max_post_size | default(104857600) }}" - {% if tomcat_m)reverse_proxy_name_enabled %} + {% if tomcat_m_reverse_proxy_name_enabled %} proxyName="{{ tomcat_m_reverse_proxy_name }}" proxyPort="{{ tomcat_m_reverse_proxy_port }}" {% endif %} From 4b798d98e1e38caba527df6bcd7cd074ffd7c3e6 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 23 Nov 2017 12:50:33 +0100 Subject: [PATCH 19/40] generic-smartgears-virtualhost: Fix a wrong if statement. --- .../templates/generic-smartgears-virtualhost.j2 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 index 9774db37..787a7b65 100644 --- a/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 +++ b/smartgears/smartgears-nginx-frontend/templates/generic-smartgears-virtualhost.j2 @@ -70,7 +70,6 @@ server { {% if context != '' %} location /{{ context }} { {% if varnish_install is defined and varnish_install %} - {% if varnish_listen_port is defined %} {% if smartgears_nginx_cors_enabled %} include /etc/nginx/snippets/nginx-cors.conf; {% if nginx_cors_extended_rules %} @@ -93,7 +92,6 @@ server { proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }}; {% endif %} {% endif %} - {% endif %} } {% endif %} {% endif %} @@ -214,7 +212,6 @@ server { {% if context != '' %} location /{{ context }} { {% if varnish_install is defined and varnish_install %} - {% if varnish_listen_port is defined %} {% if smartgears_nginx_cors_enabled %} include /etc/nginx/snippets/nginx-cors.conf; {% if nginx_cors_extended_rules %} @@ -237,7 +234,6 @@ server { proxy_pass http://127.0.0.1:{{ item.http_port }}/{{ context }}; {% endif %} {% endif %} - {% endif %} } {% endif %} {% endif %} From 874be418a05afdcb58eacc5de94106e7bb2a0a00 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 23 Nov 2017 16:54:10 +0100 Subject: [PATCH 20/40] Change the nagios network check so that it does not go critical if the docker interface is down. --- nagios/templates/common-nrpe.cfg.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nagios/templates/common-nrpe.cfg.j2 b/nagios/templates/common-nrpe.cfg.j2 index 0965f01a..338da03e 100644 --- a/nagios/templates/common-nrpe.cfg.j2 +++ b/nagios/templates/common-nrpe.cfg.j2 @@ -35,7 +35,8 @@ command[global_check_linux_raid]={{ nagios_plugins_dir }}/check_raid command[global_check_smart]={{ nagios_isti_plugdir }}/check_smart -d $ARG1$ -i $ARG2$ # Network interfaces -command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e +#command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e +command[global_net_interfaces]={{ nagios_isti_plugdir }}/check_netint.pl -K -f -e -D -S -n \(l\|eth\|p\|bond\) # Restart ntp (via handler) command[global_restart_ntp]=/usr/bin/sudo /etc/init.d/ntp start From a40456ea1cb9d58ae2a8beb444dc265cfccadb6f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 23 Nov 2017 17:48:56 +0100 Subject: [PATCH 21/40] nginx template: give the possibility to add proxy redirections without including the global proxy configurations. --- nginx/templates/nginx-virthost.j2 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nginx/templates/nginx-virthost.j2 b/nginx/templates/nginx-virthost.j2 index 709a4145..5d8ca561 100644 --- a/nginx/templates/nginx-virthost.j2 +++ b/nginx/templates/nginx-virthost.j2 @@ -27,7 +27,6 @@ server { return 301 https://{{ item.server_name }}$request_uri; } {% else %} - # This is the default for nginx on Ubuntu 14.04 root {{ item.root | default('/usr/share/nginx/html/') }}; index {{ item.index | default('index.html index.htm') }}; error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; @@ -81,7 +80,10 @@ server { {% endif %} {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} # Proxy stuff + {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} + {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; + {% endif %} {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }}; @@ -171,7 +173,10 @@ server { {% endif %} {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} # Proxy stuff + {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} + {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; + {% endif %} {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }} From 501204253adc2cab277dea9164bc0cd2be995eaa Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 23 Nov 2017 19:17:03 +0100 Subject: [PATCH 22/40] Fixed the is_exporter_se plugin to make a better use of maven_artifact. --- .../is_exporter_se_plugin/tasks/main.yml | 23 +++++++++++++++---- .../is_sweeper_se_plugin/tasks/main.yml | 2 +- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/smartgears/is_exporter_se_plugin/tasks/main.yml b/smartgears/is_exporter_se_plugin/tasks/main.yml index d8b8a99e..8147e9ef 100644 --- a/smartgears/is_exporter_se_plugin/tasks/main.yml +++ b/smartgears/is_exporter_se_plugin/tasks/main.yml @@ -1,14 +1,27 @@ --- - block: - name: Remove the old is-exporter plugin - shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/is-exporter-se-plugin-*-jar-with-dependencies.jar - when: is_exporter_se_plugin_upgrade - + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }} + notify: Restart smartgears + + become: True + become_user: '{{ smartgears_user }}' + when: not is_exporter_se_plugin_install + tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ] + + - name: Download the is-exporter plugin + maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} + register: is_exporter_plugin_download + + - name: Remove the old is-exporter plugin + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_name }}-*-{{ is_exporter_se_plugin_classifier }}.{{ is_exporter_se_plugin_extension }} + when: ( is_exporter_plugin_download | changed ) + - name: Install the is-exporter plugin inside the smart executor lib directory - maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }} + copy: src={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_exporter_se_plugin_file }} remote_src=yes force=yes notify: Restart smartgears become: True become_user: '{{ smartgears_user }}' when: is_exporter_se_plugin_install - tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ] \ No newline at end of file + tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ] diff --git a/smartgears/is_sweeper_se_plugin/tasks/main.yml b/smartgears/is_sweeper_se_plugin/tasks/main.yml index 37af278e..c2f59e1b 100644 --- a/smartgears/is_sweeper_se_plugin/tasks/main.yml +++ b/smartgears/is_sweeper_se_plugin/tasks/main.yml @@ -16,7 +16,7 @@ - name: Remove the old is-sweeper plugin shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_name }}-*-{{ is_sweeper_se_plugin_classifier }}.{{ is_sweeper_se_plugin_extension }} - when: ( is_sweeper_plugin_download ) + when: ( is_sweeper_plugin_download | changed ) - name: Install the is-sweeper plugin inside the smart executor lib directory copy: src={{ smartgears_downloads_dir }}/{{ is_sweeper_se_plugin_file }} dest={{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ is_sweeper_se_plugin_file }} remote_src=yes force=yes From 74e5c832b4b2754119ba6f50e5336ad854f8fa63 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 13:17:17 +0100 Subject: [PATCH 23/40] library/roles/smartgears/is_exporter_se_plugin/tasks/main.yml: Add a missing 'block' statement. --- smartgears/is_exporter_se_plugin/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/smartgears/is_exporter_se_plugin/tasks/main.yml b/smartgears/is_exporter_se_plugin/tasks/main.yml index 8147e9ef..75c62726 100644 --- a/smartgears/is_exporter_se_plugin/tasks/main.yml +++ b/smartgears/is_exporter_se_plugin/tasks/main.yml @@ -9,6 +9,7 @@ when: not is_exporter_se_plugin_install tags: [ 'smartgears', 'is_exporter_se', 'tomcat' ] +- block: - name: Download the is-exporter plugin maven_artifact: artifact_id={{ is_exporter_se_plugin_name }} version={{ is_exporter_se_plugin_version | default(omit) }} group_id={{ is_exporter_se_plugin_group_id }} extension={{ is_exporter_se_plugin_extension | default('war') }} repository_url={{ smartgears_global_base_url }} classifier={{ is_exporter_se_plugin_classifier }} dest={{ smartgears_downloads_dir }}/{{ is_exporter_se_plugin_file }} register: is_exporter_plugin_download From 8e536a431fb8dfc863fcf80abd687f3becb4061d Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 13:24:24 +0100 Subject: [PATCH 24/40] accounting_rstudio_se_plugin: Use 'latest' as package version and fix some wrong variables names. --- smartgears/accounting_rstudio_se_plugin/defaults/main.yml | 2 +- smartgears/accounting_rstudio_se_plugin/tasks/main.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/smartgears/accounting_rstudio_se_plugin/defaults/main.yml b/smartgears/accounting_rstudio_se_plugin/defaults/main.yml index ec556e55..70fd4ab8 100644 --- a/smartgears/accounting_rstudio_se_plugin/defaults/main.yml +++ b/smartgears/accounting_rstudio_se_plugin/defaults/main.yml @@ -2,7 +2,7 @@ accounting_insert_rstudio_se_plugin_install: False accounting_insert_rstudio_se_plugin_name: accounting-insert-rstudio-se-plugin -accounting_insert_rstudio_se_plugin_version: '1.0.0-4.4.0-142716' +accounting_insert_rstudio_se_plugin_version: 'latest' accounting_insert_rstudio_se_plugin_group_id: 'org.gcube.accounting' accounting_insert_rstudio_se_plugin_artifact_id: accounting-insert-rstudio-se-plugin accounting_insert_rstudio_se_plugin_extension: jar diff --git a/smartgears/accounting_rstudio_se_plugin/tasks/main.yml b/smartgears/accounting_rstudio_se_plugin/tasks/main.yml index c6d73fa9..8817e633 100644 --- a/smartgears/accounting_rstudio_se_plugin/tasks/main.yml +++ b/smartgears/accounting_rstudio_se_plugin/tasks/main.yml @@ -1,7 +1,7 @@ --- - block: - name: Remove the old accounting insert storage plugin - shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }} notify: Restart smartgears - name: Disable the cron job that calculates the home used space @@ -18,7 +18,7 @@ register: accounting_insert_rstudio_download - name: Remove the old accounting insert storage plugin - shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_maven_artifact_id }}-*-jar-with-dependencies.jar + shell: rm -f {{ smartgears_instance_path }}/webapps/{{ smart_executor_name }}/WEB-INF/lib/{{ accounting_insert_rstudio_se_plugin_artifact_id }}-*-{{ accounting_insert_rstudio_se_plugin_classifier }}.{{ accounting_insert_rstudio_se_plugin_extension }} when: (accounting_insert_rstudio_download | changed) - name: Copy the accounting aggregator plugin to its final destination @@ -30,6 +30,7 @@ template: src=calculate_home_space.j2 dest=/usr/local/bin/calculate_home_space mode=0755 owner=root group=root - name: Install a cron job that calculates the home used space + become_user: root cron: name="Calculate the home used space" special_time=hourly user=root job="/usr/local/bin/calculate_home_space >/dev/null 2>&1" become: True From 694bf22832a9ba6b87a1ce35f344e755aa19406b Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 16:10:47 +0100 Subject: [PATCH 25/40] gcube-app: Remove the double quotes around the description. --- smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 index 46c73f57..a0707aac 100644 --- a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 +++ b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 @@ -4,7 +4,7 @@ {{ item.webapp_group }} {{ item.version }} {% if item.description is defined %} - "{{ item.description }}" + {{ item.description }} {% endif %} {% if item.persistence_location is defined %} From b8f7bc795a202651f647420e7ee36b5464d6db4b Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 16:45:20 +0100 Subject: [PATCH 26/40] ckan_connector: convert to maven_artifact. --- smartgears/ckan_connector/defaults/main.yml | 9 ++--- smartgears/ckan_connector/tasks/main.yml | 37 ++++++++++++++++----- 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/smartgears/ckan_connector/defaults/main.yml b/smartgears/ckan_connector/defaults/main.yml index 54518aac..d4aa4b33 100644 --- a/smartgears/ckan_connector/defaults/main.yml +++ b/smartgears/ckan_connector/defaults/main.yml @@ -1,9 +1,10 @@ --- ckan_connector_gcube_repository: 'gcube-staging' ckan_connector_plugin_install: False -ckan_connector_ver: 1.1.2-4.3.0-142056 +ckan_connector_ver: latest ckan_connector_name: ckan-connector -ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.war' -ckan_connector_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ ckan_connector_gcube_repository }}/org/gcube/data/access/{{ ckan_connector_name }}/{{ ckan_connector_ver}}/{{ ckan_connector_filename }}' -ckan_connector_war_file: '{{ ckan_connector_name }}.war' +ckan_connector_extension: war +ckan_connector_group_id: org.gcube.data.access +ckan_connector_filename: '{{ ckan_connector_name }}-{{ ckan_connector_ver }}.{{ ckan_connector_extension }}' + ckan_connector_user: ckan_connector diff --git a/smartgears/ckan_connector/tasks/main.yml b/smartgears/ckan_connector/tasks/main.yml index d61093a5..caec64bc 100644 --- a/smartgears/ckan_connector/tasks/main.yml +++ b/smartgears/ckan_connector/tasks/main.yml @@ -1,29 +1,48 @@ --- - block: - - name: Remove the installed CKAN connector before upgrading + - name: Remove the installed CKAN connector file: dest={{ item }} state=absent with_items: - - '{{ smartgears_instance_path }}/webapps/ckan-connector' - - '{{ smartgears_instance_path }}/webapps/ckan-connector.war' + - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}' + - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}' when: smartgears_upgrade + - name: Remove the CKAN connector fixer script + become_user: root + file: dest=/usr/local/bin/ckan-connector-fixer state=absent + + become: True + become_user: '{{ smartgears_user }}' + when: not ckan_connector_plugin_install + tags: [ 'smartgears', 'ckan', 'ckan_connector', 'tomcat' ] + +- block: - name: Get the CKAN connector war file - get_url: url={{ ckan_connector_url }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }} + maven_artifact: artifact_id={{ ckan_connector_name }} version={{ ckan_connector_ver }} group_id={{ ckan_connector_group_id }} extension={{ ckan_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} + register: ckan_connector_download + + - name: Remove the installed CKAN connector before upgrading + file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=absent + when: ( ckan_connector_download | changed ) + + - name: Create the CKAN connector webapp directory + file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=directory + when: ( ckan_connector_download | changed ) - - name: Unpack the CKAN connector war file - shell: mkdir {{ smartgears_instance_path }}/webapps/ckan-connector ; cd {{ smartgears_instance_path }}/webapps/ckan-connector ; jar xf {{ smartgears_instance_path }}/webapps/{{ ckan_connector_war_file }} + - name: Unarchive the CKAN connector war file + unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} args: - creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/web.xml' + creates: '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}/WEB-INF/web.xml' - name: Install the CKAN connector web.xml template template: src=ckan-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.tpl mode=0440 - name: Install the CKAN connector fixer script - become: False + become_user: root template: src=ckan-connector-fixer.sh.j2 dest=/usr/local/bin/ckan-connector-fixer owner=root group=root mode=0550 - name: Fix the CKAN connector web.xml - become: False + become_user: root shell: /usr/local/bin/ckan-connector-fixer init args: creates: '{{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.configured' From 045ebf9416cb2d5ff688469c3ffd17b8c73e9409 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 16:45:44 +0100 Subject: [PATCH 27/40] r_connector: do not put the war file inside tomcat/webapps. --- smartgears/r_connector/tasks/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/smartgears/r_connector/tasks/main.yml b/smartgears/r_connector/tasks/main.yml index 1ed477fd..83760d38 100644 --- a/smartgears/r_connector/tasks/main.yml +++ b/smartgears/r_connector/tasks/main.yml @@ -1,6 +1,6 @@ --- - block: - - name: Remove the installed R connector before upgrading + - name: Remove the installed R connector file: dest={{ item }} state=absent with_items: - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}' @@ -39,9 +39,6 @@ file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=directory when: ( r_connector_download | changed ) - - name: Copy the R connector war file into the webapps directory - copy: src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }} remote_src=yes force=yes - - name: Unarchive the R connector war file unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} args: From 478ad025f28d9096e257813e266e296a2a057f68 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 16:56:24 +0100 Subject: [PATCH 28/40] ckan-connector, r-connector, resource-registry: Remove the war file from tomcat/webapps when upgrading. --- smartgears/ckan_connector/tasks/main.yml | 9 +++++++-- smartgears/r_connector/tasks/main.yml | 8 +++++++- smartgears/resource_registry/tasks/main.yml | 10 +++++----- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/smartgears/ckan_connector/tasks/main.yml b/smartgears/ckan_connector/tasks/main.yml index caec64bc..5399c5d2 100644 --- a/smartgears/ckan_connector/tasks/main.yml +++ b/smartgears/ckan_connector/tasks/main.yml @@ -5,7 +5,7 @@ with_items: - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}' - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}' - when: smartgears_upgrade + notify: Restart smartgears - name: Remove the CKAN connector fixer script become_user: root @@ -22,8 +22,12 @@ register: ckan_connector_download - name: Remove the installed CKAN connector before upgrading - file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=absent + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}' + - '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}.{{ ckan_connector_extension }}' when: ( ckan_connector_download | changed ) + notify: Restart smartgears - name: Create the CKAN connector webapp directory file: dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} state=directory @@ -33,6 +37,7 @@ unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ ckan_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }} args: creates: '{{ smartgears_instance_path }}/webapps/{{ ckan_connector_name }}/WEB-INF/web.xml' + notify: Restart smartgears - name: Install the CKAN connector web.xml template template: src=ckan-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/ckan-connector/WEB-INF/.web.xml.tpl mode=0440 diff --git a/smartgears/r_connector/tasks/main.yml b/smartgears/r_connector/tasks/main.yml index 83760d38..1d936a6a 100644 --- a/smartgears/r_connector/tasks/main.yml +++ b/smartgears/r_connector/tasks/main.yml @@ -24,6 +24,7 @@ become: True become_user: '{{ smartgears_user }}' when: not r_connector_install + notify: Restart smartgears tags: [ 'smartgears', 'r_connector', 'tomcat' ] - block: @@ -32,7 +33,11 @@ register: r_connector_download - name: Remove the installed R connector before upgrading - file: dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} state=absent + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}' + - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}' + notify: Restart smartgears when: ( r_connector_download | changed ) - name: Create the R connector webapp directory @@ -43,6 +48,7 @@ unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ r_connector_filename }} dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }} args: creates: '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml' + notify: Restart smartgears - name: Obtain the permission to read the Rstudio secure cookie key become_user: root diff --git a/smartgears/resource_registry/tasks/main.yml b/smartgears/resource_registry/tasks/main.yml index a369223f..b8ed65bb 100644 --- a/smartgears/resource_registry/tasks/main.yml +++ b/smartgears/resource_registry/tasks/main.yml @@ -5,6 +5,7 @@ with_items: - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}' - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}' + notify: Restart smartgears become: True become_user: '{{ d4science_user }}' @@ -17,17 +18,16 @@ register: resource_registry_download - name: Remove the old resource-registry files - file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=absent + file: path={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}' + - '{{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }}' when: ( resource_registry_download | changed ) - name: Create the resource-registry working directory file: path={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} state=directory owner={{ smartgears_user }} group={{ smartgears_user }} when: ( resource_registry_download | changed ) - - name: Copy the resource registry war file into the webapps directory - copy: src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}.{{ resource_registry_extension }} remote_src=yes force=yes - notify: Restart smartgears - - name: Unarchive the resource registry war unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ resource_registry_file }} dest={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }} creates={{ smartgears_instance_path }}/webapps/{{ resource_registry_name }}/WEB-INF/lib notify: Restart smartgears From c0f06f440ac43d0f879f44c41f9ef5e922b9be4a Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 16:59:23 +0100 Subject: [PATCH 29/40] r-connector: move the notify directive in the correct place. --- smartgears/r_connector/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/r_connector/tasks/main.yml b/smartgears/r_connector/tasks/main.yml index 1d936a6a..bb181cab 100644 --- a/smartgears/r_connector/tasks/main.yml +++ b/smartgears/r_connector/tasks/main.yml @@ -5,6 +5,7 @@ with_items: - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}' - '{{ smartgears_instance_path }}/webapps/{{ r_connector_name }}.{{ r_connector_extension }}' + notify: Restart smartgears - name: Remove the packages required to enable the LDAP PAM authentication become: False @@ -24,7 +25,6 @@ become: True become_user: '{{ smartgears_user }}' when: not r_connector_install - notify: Restart smartgears tags: [ 'smartgears', 'r_connector', 'tomcat' ] - block: From 39cf54e24a808537b33c8867aee58bf2b7aecb4f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 17:11:24 +0100 Subject: [PATCH 30/40] social-networking-library-ws: better use of maven_artifact. --- smartgears/social-networking-library-ws/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/smartgears/social-networking-library-ws/tasks/main.yml b/smartgears/social-networking-library-ws/tasks/main.yml index 6877b833..075d2562 100644 --- a/smartgears/social-networking-library-ws/tasks/main.yml +++ b/smartgears/social-networking-library-ws/tasks/main.yml @@ -5,6 +5,7 @@ with_items: - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}' - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}' + notify: Restart smartgears become: True become_user: '{{ d4science_user }}' @@ -14,6 +15,15 @@ - block: - name: Get the social-networking-library-ws war maven_artifact: artifact_id={{ social_networking_library_ws_name }} version={{ social_networking_library_ws_version | default(omit) }} group_id={{ social_networking_library_ws_group_id }} extension={{ social_networking_library_ws_extension | default('war') }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }} + register: social_networking_library_ws_download + + - name: Remove the old social-networking-library-ws files when upgrading + file: path={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}' + - '{{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }}' + when: ( social_networking_library_ws_download | changed ) + notify: Restart smartgears - name: Copy the social_networking_library_ws war into the tomcat webapps dir copy: src={{ smartgears_downloads_dir }}/{{ social_networking_library_ws_file }} dest={{ smartgears_instance_path }}/webapps/{{ social_networking_library_ws_name }}.{{ social_networking_library_ws_extension }} remote_src=yes force=yes From aaf93fdf2c225d34059eb9c6855481e2e69af4b4 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 24 Nov 2017 17:53:31 +0100 Subject: [PATCH 31/40] gcube-app.xml.j2: change 'persistence' with 'local-persistence'. That's controversial, I'm going to open a ticket about it. --- smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 index a0707aac..c83c8224 100644 --- a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 +++ b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 @@ -7,7 +7,7 @@ {{ item.description }} {% endif %} {% if item.persistence_location is defined %} - + {% endif %} {% if item.exclude_handlers is defined %} {% for eh in item.exclude_handlers %} From 23ccb5f29b62bb086dc2eb78c4676225624f50ff Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 27 Nov 2017 18:05:18 +0100 Subject: [PATCH 32/40] gcube-app.xml: the persistence location lable is 'persistence' by default, but can be changed if we want it different. See https://support.d4science.org/issues/10444 --- smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 index c83c8224..5e417252 100644 --- a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 +++ b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 @@ -7,7 +7,7 @@ {{ item.description }} {% endif %} {% if item.persistence_location is defined %} - + <{{ item.persistence_label | default ('persistence') }} location="{{ item.persistence_location }}"/> {% endif %} {% if item.exclude_handlers is defined %} {% for eh in item.exclude_handlers %} From e25582c61e7cdb33bfeef27dcb6d73bc680bf11b Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 28 Nov 2017 13:08:13 +0100 Subject: [PATCH 33/40] Revert the gcube-app workaround, the real problem was found. --- smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 index 5e417252..a0707aac 100644 --- a/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 +++ b/smartgears/gcubeapp-setup/templates/gcube-app.xml.j2 @@ -7,7 +7,7 @@ {{ item.description }} {% endif %} {% if item.persistence_location is defined %} - <{{ item.persistence_label | default ('persistence') }} location="{{ item.persistence_location }}"/> + {% endif %} {% if item.exclude_handlers is defined %} {% for eh in item.exclude_handlers %} From b4a9e1e582e12d36db51a78b2f4207777fbc1990 Mon Sep 17 00:00:00 2001 From: Roberto Date: Wed, 29 Nov 2017 11:18:24 +0100 Subject: [PATCH 34/40] group_vars/dataminer_prototypes_ghost/dataminer_prototypes_ghost.yml add new scope ../library/roles/smartgears/fhn_manager/defaults/main.yml update service version --- smartgears/fhn_manager/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/smartgears/fhn_manager/defaults/main.yml b/smartgears/fhn_manager/defaults/main.yml index 74a68289..45a2b7ab 100644 --- a/smartgears/fhn_manager/defaults/main.yml +++ b/smartgears/fhn_manager/defaults/main.yml @@ -1,7 +1,7 @@ --- fhn_manager_install: False smart_executor_install: False -fhn_manager_version: 1.2.4-4.7.0-154701 +fhn_manager_version: 1.2.4-4.8.0-154701 fhn_manager_name: fhn-manager-service fhn_group_id: org.gcube.resources.federation fhn_extension: war From e07f621b4c9dfd2c3c7521ce0b61c00537d36770 Mon Sep 17 00:00:00 2001 From: "tommaso.piccioli" Date: Wed, 29 Nov 2017 12:39:18 +0100 Subject: [PATCH 35/40] crontab postgres dump log enhanced --- postgresql/files/postgresql-backup.cron | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/postgresql/files/postgresql-backup.cron b/postgresql/files/postgresql-backup.cron index bd7ed0d4..e7972984 100755 --- a/postgresql/files/postgresql-backup.cron +++ b/postgresql/files/postgresql-backup.cron @@ -13,7 +13,8 @@ fi # Remote backup performed by duplicity. When active, do not run via cron if [ -x /etc/cron.daily/duplicity_backup ] ; then - echo "duplicity backups active. Exiting" > $LOG_FILE + DATE=$( date ) + echo "$DATE: duplicity backups active. Exiting" >> $LOG_FILE exit 0 fi @@ -23,7 +24,8 @@ if [ -f /var/log/backuppc.log ] ; then . /var/log/backuppc.log LAST_BACKUP_TIME=$( expr $TMSTMP - $BACKUP_TIMESTAMP ) if [ $LAST_BACKUP_TIME -lt 86400 -a $BACKUP_RESULT == 'OK' ] ; then - echo "BackupPC is active, doing nothing" > $LOG_FILE + DATE=$( date ) + echo "$DATE: BackupPC is active, doing nothing" >> $LOG_FILE exit 0 fi fi @@ -34,20 +36,22 @@ PG_RUNNING=$? if [ $PG_BACKUP_ENABLED == 'True' ] ; then if [ "$PG_RUNNING" -ne "0" -a "$PG_RUNNING" -ne "3" ] ; then - echo "The postgresql service is not running" > $LOG_FILE + DATE=$( date ) + echo "$DATE: The postgresql service is not running" >> $LOG_FILE exit 1 else if [ ! -d $LOG_DIR ] ; then mkdir -p $LOG_DIR fi DATE_START=$( date ) - echo "$DATE_START: Starting the backup procedure" > $LOG_FILE + echo "$DATE_START: Starting the backup procedure" >> $LOG_FILE $PG_BCK_BIN >> $LOG_FILE 2>&1 DATE_END=$( date ) echo "$DATE_END: Backup procedure finished" >> $LOG_FILE fi else - echo "Postgresql backups administratively disabled" > $LOG_FILE + DATE=$( date ) + echo "$DATE: Postgresql backups administratively disabled" >> $LOG_FILE fi if [ "${USE_NAGIOS}" == "yes" ] ; then From 72920a984843359933fa37ff550e611fc61881eb Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 29 Nov 2017 15:34:21 +0100 Subject: [PATCH 36/40] geoserver connector: fix the tags. --- smartgears/geoserver_connector/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/smartgears/geoserver_connector/tasks/main.yml b/smartgears/geoserver_connector/tasks/main.yml index 674b8265..6821a682 100644 --- a/smartgears/geoserver_connector/tasks/main.yml +++ b/smartgears/geoserver_connector/tasks/main.yml @@ -7,7 +7,7 @@ become: True become_user: '{{ smartgears_user }}' when: not gcube_geoserver_connector_install - tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ] + tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ] - block: - name: Get the gcube connector @@ -26,4 +26,4 @@ become: True become_user: '{{ smartgears_user }}' when: gcube_geoserver_connector_install - tags: [ 'smartgears', 'ckan', 'gcube_geoserver_connector', 'tomcat' ] + tags: [ 'smartgears', 'geoserver', 'gcube_geoserver_connector', 'tomcat' ] From 78b6d12e5c2e5d12191b18755048ffd52efb0959 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 29 Nov 2017 15:46:10 +0100 Subject: [PATCH 37/40] increase the dataminer log history to 90 days by default --- smartgears/smartgears/defaults/main.yml | 1 + smartgears/smartgears/templates/logback.xml.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index ea281daf..c50fa608 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -56,6 +56,7 @@ smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_log_use_timesize_appender: True smartgears_loglevel: WARN smartgears_dataanalysis_loglevel: DEBUG +smartgears_dataanalysis_log_max_history: 90 smartgears_log_max_history: 30 smartgears_log_max_file_size: 10MB smartgears_log_total_file_cap: 2GB diff --git a/smartgears/smartgears/templates/logback.xml.j2 b/smartgears/smartgears/templates/logback.xml.j2 index 9f822160..7e479331 100644 --- a/smartgears/smartgears/templates/logback.xml.j2 +++ b/smartgears/smartgears/templates/logback.xml.j2 @@ -72,7 +72,7 @@ {% if smartgears_log_use_timesize_appender %} {{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.%i.log - {{ smartgears_log_max_history }} + {{ smartgears_dataanalysis_log_max_history }} {{ smartgears_log_max_file_size }} {{ smartgears_log_total_file_cap }} @@ -80,7 +80,7 @@ {{ smartgears_log_max_file_size }} {{ smartgears_log_dir }}/analysis.%d{yyyy-MM-dd}.log - {{ smartgears_log_max_history }} + {{ smartgears_dataanalysis_log_max_history }} {% endif %} From c143bd9e8e178f0c340742fc5af1a5ab64419d99 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 29 Nov 2017 19:55:35 +0100 Subject: [PATCH 38/40] joomla role: ansible 2.x compatibility. Install the newest version. --- joomla-org/defaults/main.yml | 9 +++++++-- joomla-org/tasks/main.yml | 8 ++++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/joomla-org/defaults/main.yml b/joomla-org/defaults/main.yml index aaf98f28..cbf36b5d 100644 --- a/joomla-org/defaults/main.yml +++ b/joomla-org/defaults/main.yml @@ -1,8 +1,13 @@ --- joomla_dist_name: Joomla -joomla_dist_version: 3.4.8 +joomla_major: 3 +joomla_minor: 8 +joomla_fix: 2 +joomla_dist_version: '{{ joomla_major }}.{{ joomla_minor }}.{{ joomla_fix }}' joomla_dist_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip' -joomla_tar_url: 'https://github.com/joomla/joomla-cms/releases/download/{{ joomla_dist_version }}/{{ joomla_dist_file }}' +joomla_download_version: '{{ joomla_major }}-{{ joomla_minor }}-{{ joomla_fix }}' +joomla_download_file: '{{ joomla_dist_name }}_{{ joomla_dist_version }}-Stable-Full_Package.zip' +joomla_tar_url: 'https://downloads.joomla.org/cms/joomla{{ joomla_major }}/{{ joomla_download_version }}/{{ joomla_download_file }}?format=zip' joomla_download_dir: /srv/joomla joomla_install_dir: /var/www diff --git a/joomla-org/tasks/main.yml b/joomla-org/tasks/main.yml index 03cecb4d..1a42478c 100644 --- a/joomla-org/tasks/main.yml +++ b/joomla-org/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Install the joomla php prerequisites apt: name={{ item }} state=present - with_items: joomla_php_prereq + with_items: '{{ joomla_php_prereq }}' tags: joomla - name: Ensure that the download and install dirs exist @@ -12,7 +12,7 @@ tags: joomla - name: Download the joomla distribution file - get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }} + get_url: url={{ joomla_tar_url }} dest={{ joomla_download_dir }} validate_certs=no register: joomla_download tags: joomla @@ -25,14 +25,14 @@ shell: cp -a {{ joomla_download_dir }}/joomla-unpacked/* {{ joomla_install_dir }}/ args: creates: '{{ joomla_install_dir }}/index.php' - with_items: phpfpm_pools + with_items: '{{ phpfpm_pools }}' when: ( joomla_download | changed ) register: unpack_joomla tags: joomla - name: Set the correct ownership of the joomla files file: dest={{ joomla_install_dir }} owner={{ item.user }} group={{ item.group }} recurse=yes state=directory - with_items: phpfpm_pools + with_items: '{{ phpfpm_pools }}' when: ( unpack_joomla | changed ) tags: joomla From a1a294669e13a0dee28c6139034a96d2abea41c1 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 1 Dec 2017 15:46:42 +0100 Subject: [PATCH 39/40] R packages updater: do not overlap the upgrade and install runs. Fix the job that kills old instances. --- R/tasks/r-packages-updater.yml | 4 ++-- R/templates/update_r_packages.sh.j2 | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/R/tasks/r-packages-updater.yml b/R/tasks/r-packages-updater.yml index 2f09fd98..942e59b8 100644 --- a/R/tasks/r-packages-updater.yml +++ b/R/tasks/r-packages-updater.yml @@ -7,10 +7,10 @@ file: dest={{ r_packages_svn_base_dir }} state=directory - name: Cron job that installs new R packages, if any - cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present + cron: name="install new R packages" user=root cron_file=install-r-packages minute="*/10" hour="5-0,1-2" job="/usr/local/bin/update_r_packages install >/var/log/install_r_packages 2>&1" state=present - name: Cron job that upgrades existing R packages and installs new ones, if any - cron: name="install new R packages" user=root cron_file=upgrade-r-packages hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present + cron: name="install new R packages" user=root cron_file=upgrade-r-packages minute="7" hour="3" job="/usr/local/bin/update_r_packages upgrade >/var/log/update_r_packages 2>&1" state=present when: r_packages_updater tags: [ 'r_software', 'r_pkg', 'r_plugins', 'r_plugins_github', 'r_cran_pkgs', 'r_github_pkgs', 'r_packages_updater' ] diff --git a/R/templates/update_r_packages.sh.j2 b/R/templates/update_r_packages.sh.j2 index 91e42ba7..4964943c 100644 --- a/R/templates/update_r_packages.sh.j2 +++ b/R/templates/update_r_packages.sh.j2 @@ -75,7 +75,7 @@ function fail() { function init_env() { if [ -f $LOCK_FILE ] ; then OLDPROC=$( cat $LOCK_FILE ) - OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC ) + OLDPROC_RUNNING=$( ps auwwx | grep -v grep | grep $OLDPROC | awk '{ print $2 }' ) RETVAL=$? if [ $RETVAL -eq 0 ] ; then logger "update_r_packages: $OLDPROC_RUNNING" From d9052c3e65cad0bde70d3e6c404a8a19d5569ec8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 1 Dec 2017 18:34:08 +0100 Subject: [PATCH 40/40] Remove the redirections to the 8443 port from the tomcat server.xml templates. We do not configure ssl on tomcat directly, we use a reverse proxy. --- .../templates/tomcat-server.xml.j2 | 4 ++-- tomcat/templates/tomcat-server.xml.j2 | 13 ++----------- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 index ed83067a..af880bf7 100644 --- a/tomcat-multiple-instances/templates/tomcat-server.xml.j2 +++ b/tomcat-multiple-instances/templates/tomcat-server.xml.j2 @@ -66,12 +66,12 @@ proxyName="{{ tomcat_m_reverse_proxy_name }}" proxyPort="{{ tomcat_m_reverse_proxy_port }}" {% endif %} - redirectPort="8443" /> + /> {% endif %} {% if item.ajp_enabled %} - + /> - - {% endif %} {% if tomcat_ajp_enabled %} -