You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 lines
5.6 KiB
202 lines
5.6 KiB
- hosts: surveytool
|
|
become: yes
|
|
vars_files:
|
|
- vars/main.yml
|
|
- local-vars/local.yml
|
|
roles:
|
|
- { role: geerlingguy.mysql }
|
|
- { role: geerlingguy.nginx }
|
|
tasks:
|
|
- name: Install server packages
|
|
apt:
|
|
pkg:
|
|
- tomcat8
|
|
- tomcat8-admin # needed for deploy
|
|
- unzip # needed for deploy
|
|
# for monitoring
|
|
- prometheus-mysqld-exporter
|
|
# - prometheus-nginx-exporter # (not there yet)
|
|
- name: Setup Server Context
|
|
template:
|
|
src: templates/context.j2
|
|
dest: /etc/tomcat8/context.xml
|
|
owner: root
|
|
group: tomcat8
|
|
mode: '0640'
|
|
notify: Restart Tomcat
|
|
- name: Setup tomcat8/server.xml
|
|
copy:
|
|
src: templates/server.xml
|
|
dest: /etc/tomcat8/server.xml
|
|
owner: root
|
|
group: tomcat8
|
|
mode: '0640'
|
|
notify: Restart Tomcat
|
|
- name: Setup Server Users
|
|
template:
|
|
src: templates/users.j2
|
|
dest: /etc/tomcat8/tomcat-users.xml
|
|
owner: root
|
|
group: tomcat8
|
|
mode: '0640'
|
|
notify: Restart Tomcat
|
|
- name: Create CLDR dir
|
|
file:
|
|
path: /var/lib/tomcat8/cldr
|
|
state: directory
|
|
owner: tomcat8
|
|
group: tomcat8
|
|
mode: 0775
|
|
- name: Create cldr.properties
|
|
template:
|
|
dest: /var/lib/tomcat8/cldr/cldr.properties
|
|
src: templates/cldr-properties.j2
|
|
force: no
|
|
owner: tomcat8
|
|
group: tomcat8
|
|
mode: "0644"
|
|
notify: Restart Tomcat
|
|
- name: Checkout CLDR trunk
|
|
git:
|
|
repo: https://github.com/unicode-org/cldr.git
|
|
dest: /var/lib/tomcat8/cldr/cldr-trunk
|
|
force: no
|
|
update: no
|
|
version: master
|
|
# this is deep because we will need to keep updating
|
|
# it with history. It does not include LFS as that
|
|
# is not needed for the surveytool.
|
|
- name: Setup index.html
|
|
copy:
|
|
src: templates/index.html
|
|
dest: /var/www/html
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
- name: Setup reverse proxy
|
|
blockinfile:
|
|
path: /etc/nginx/sites-enabled/default
|
|
block: |
|
|
# proxy /cldr-apps/ to tomcat
|
|
location /cldr-apps/ {
|
|
rewrite ^/(.+)\._[\da-f]+_\.(js|css)$ /$1.$2 break;
|
|
allow all;
|
|
proxy_pass http://localhost:8080/cldr-apps/;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
}
|
|
marker: '# {mark} ANSIBLE MANAGED BLOCK'
|
|
insertafter: '^[\s]*server_name' # the LAST uncommented server block
|
|
notify: 'Restart Nginx'
|
|
- name: Setup surveytool user for deploy
|
|
user:
|
|
name: surveytool
|
|
shell: /bin/bash
|
|
- name: Give access to surveytool user
|
|
file:
|
|
path: /var/lib/tomcat8/cldr/cldr-trunk
|
|
owner: surveytool
|
|
recurse: yes
|
|
- name: Setup surveytool auth
|
|
authorized_key:
|
|
user: surveytool
|
|
key: '{{ surveytooldeploy.key }}'
|
|
- name: Setup deploy-to-tomcat.sh
|
|
template:
|
|
src: templates/deploy-sh.j2
|
|
dest: /usr/local/bin/deploy-to-tomcat.sh
|
|
owner: root
|
|
group: root
|
|
mode: '0755'
|
|
- name: ensure cldradmin group is there
|
|
group:
|
|
name: cldradmin
|
|
state: present
|
|
- name: ensure cldradmin user is there
|
|
user:
|
|
name: cldradmin
|
|
comment: CLDR Admin
|
|
groups:
|
|
- cldradmin
|
|
append: yes # add to the groups, do not remove
|
|
state: present
|
|
create_home: true
|
|
- name: Setup /home/cldradmin/.my.cnf
|
|
template:
|
|
src: templates/mycnf.j2
|
|
dest: /home/cldradmin/.my.cnf
|
|
owner: cldradmin
|
|
group: cldradmin
|
|
mode: '0640'
|
|
- name: make sure /home/cldradmin/.ssh/ exists
|
|
file:
|
|
path: /home/cldradmin/.ssh/
|
|
owner: cldradmin
|
|
group: cldradmin
|
|
mode: '0700'
|
|
state: directory
|
|
- name: make sure /home/cldradmin/.ssh/authorized_keys exists
|
|
file:
|
|
dest: /home/cldradmin/.ssh/authorized_keys
|
|
owner: cldradmin
|
|
group: cldradmin
|
|
mode: '0600'
|
|
state: touch #https://github.com/ansible/ansible/issues/7490#issuecomment-497373505
|
|
modification_time: preserve
|
|
access_time: preserve
|
|
- name: add cldradmin to sudoers
|
|
template:
|
|
dest: /etc/sudoers.d/55-cldradmin-users
|
|
owner: root
|
|
group: root
|
|
mode: '440'
|
|
src: templates/55-cldradmin.conf
|
|
handlers:
|
|
- name: Restart Tomcat
|
|
service:
|
|
name: tomcat8
|
|
state: restarted
|
|
- name: Restart Nginx
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- hosts: all
|
|
become: yes
|
|
roles:
|
|
- role: derJD.journald
|
|
vars:
|
|
journald_options:
|
|
SystemMaxUse: 512M #reduce logfile use
|
|
tasks:
|
|
- name: Install some packages
|
|
apt:
|
|
pkg:
|
|
# these are for convenience of the user
|
|
- mosh
|
|
- emacs-nox
|
|
- byobu
|
|
# these are for monitoring
|
|
- prometheus-node-exporter
|
|
|
|
- hosts: letsencrypt
|
|
become: yes
|
|
vars_files:
|
|
- vars/main.yml
|
|
- local-vars/local.yml
|
|
tasks:
|
|
- name: Install certbot packages
|
|
apt:
|
|
pkg:
|
|
- python3-certbot-nginx
|
|
- name: setup certbot
|
|
command: >
|
|
sudo certbot --nginx --agree-tos -m {{ certbot_admin_email }}
|
|
-d {{ inventory_hostname }} --non-interactive
|
|
--keep --redirect --uir --hsts --staple-ocsp --must-staple
|
|
args:
|
|
creates: /etc/letsencrypt/renewal/{{ inventory_hostname }}.conf
|
|
|
|
- import_playbook: backup-db-playbook.yml
|