diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 14d4387bb068d14ef8c3a5776f4204192038f4c0..c2f7a42528a453873daff015c4693d6666f66449 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -792,10 +792,12 @@ Mail Server ----------- .. warning:: - Unfortunately, there are some issues with ``clamav-milter``, - ``clamav-daemon``, and ``clamav-freshclam`` services on Debian Jessie. Once - the role has been applied for the first time, wait for ``clamav-freshclam`` - service to update the ClamAV virus database, then restart all three services. + It may happen that the ``clamav-freshclam`` service hasn't finished + downloading the virus database before the ``clamav-daemon`` and + ``clamav-milter`` services are enabled during the initial run. If mail server + is not operational, you may need to wait for a little while for download to + finish, and then restart the ``clamav-daemon`` and ``clamav-milter`` + services. The ``mail_server`` role can be used for setting-up a complete mail server solution, which includes both SMTP and IMAP service, on destination machine. @@ -1337,6 +1339,8 @@ The role implements the following: the code and data. * Installs additional packages required for running the role (as configured). * Sets-up a dedicated Python virtual environment for website. +* Install ``futures`` package in Python virtual environment (required for + Gunicorn in combination withg Python 2.7). * Install Gunicorn in Python virtual environment. * Installs additional packages required for running the role in Python virtual environment (as configured). @@ -1414,6 +1418,14 @@ Parameters for calculating the user/group name for dedicated website user, as well as home directory of the website user (where data/code should be stored at). +**futures_version** (string, optional, ``3.0.5``) + Version of ``futures`` package to deploy in virtual environment. Required by + Gunicorn when using Python 2.7. Default version is tested with the test site. + +**gunicorn_version** (string, optional, ``19.6.0``) + Version of Gunicorn to deploy in virtual environment for running the WSGI + application. Default version is tested with the test site. + **https_tls_certificate** (string, optional, ``{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}``) X.509 certificate used for TLS for HTTPS service. The file will be stored in directory ``/etc/ssl/certs/`` under name ``{{ fqdn }}_https.pem``. @@ -1455,7 +1467,9 @@ Parameters WSGI application that should be started by Gunicorn. The format should be conformant to what the ``gunicorn`` command-line tool accepts. If the ``use_paste`` option is enabled, the value should be equal to filename of the - Python Paste ini file, located in the ``code`` sub-directory. + Python Paste ini file, located in the ``code`` sub-directory. It should be + noted that in either case the value should be specsified relative to the + ``code`` sub-directory. I.e. don't use full paths. Examples @@ -1478,6 +1492,8 @@ running a bare Django project): wsgi_application: django_example_com.wsgi:application https_tls_key: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.key') }}" https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.pem') }}" + futures_version: 3.0.5 + gunicorn_version: 19.6.0 additional_nginx_config: - comment: Use custom page for forbidden files. value: error_page 403 /static/403.html; diff --git a/roles/backup_server/meta/main.yml b/roles/backup_server/meta/main.yml index 90598b6fc11e9d24805198fcbdf242f71aa9e8d2..a8a7bb38f612001e78287e5cb3a9c67ab7134faa 100644 --- a/roles/backup_server/meta/main.yml +++ b/roles/backup_server/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - role: common \ No newline at end of file + - common \ No newline at end of file diff --git a/roles/database/meta/main.yml b/roles/database/meta/main.yml index 6c56aca1eff6528b254b2ddc0edbc2248e111cc2..75d114f94131cb9afa87ee1712ff866fd3e17a92 100644 --- a/roles/database/meta/main.yml +++ b/roles/database/meta/main.yml @@ -3,7 +3,7 @@ allow_duplicates: yes dependencies: - - role: database_server + - database_server - role: backup_client when: enable_backup backup_patterns_filename: "database_{{ db_name }}" diff --git a/roles/database_server/meta/main.yml b/roles/database_server/meta/main.yml index 90598b6fc11e9d24805198fcbdf242f71aa9e8d2..a8a7bb38f612001e78287e5cb3a9c67ab7134faa 100644 --- a/roles/database_server/meta/main.yml +++ b/roles/database_server/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - role: common \ No newline at end of file + - common \ No newline at end of file diff --git a/roles/ldap_server/meta/main.yml b/roles/ldap_server/meta/main.yml index c37877b4e08c5ba1a429fdd08d4c9818cd9a57e9..9ffb382bb271669f5b84b32a9d82e5960d6b7e1a 100644 --- a/roles/ldap_server/meta/main.yml +++ b/roles/ldap_server/meta/main.yml @@ -1,8 +1,8 @@ --- dependencies: - - role: common - - role: ldap_client + - common + - ldap_client - role: backup_client when: enable_backup backup_patterns_filename: "ldap_server" diff --git a/roles/mail_forwarder/meta/main.yml b/roles/mail_forwarder/meta/main.yml index 90598b6fc11e9d24805198fcbdf242f71aa9e8d2..a8a7bb38f612001e78287e5cb3a9c67ab7134faa 100644 --- a/roles/mail_forwarder/meta/main.yml +++ b/roles/mail_forwarder/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - role: common \ No newline at end of file + - common \ No newline at end of file diff --git a/roles/mail_server/meta/main.yml b/roles/mail_server/meta/main.yml index 31d73cc96a5dd02fefdd436ded28b0343a901815..5f0c45832f004f5a8dac8289e9927bd71fe41d10 100644 --- a/roles/mail_server/meta/main.yml +++ b/roles/mail_server/meta/main.yml @@ -1,7 +1,7 @@ --- dependencies: - - role: common + - common - role: backup_client when: enable_backup backup_patterns_filename: "mail_server" diff --git a/roles/mail_server/tasks/main.yml b/roles/mail_server/tasks/main.yml index beac798a7bc9ff859879362bd3a930943d2494b0..f764bb54819d98488c147af23a638d28c9a4426d 100644 --- a/roles/mail_server/tasks/main.yml +++ b/roles/mail_server/tasks/main.yml @@ -134,11 +134,19 @@ - postfix - dovecot -- name: Enable ClamAV service +- name: Enable ClamAV database update service (freshclam) + service: name=clamav-freshclam state=started + +- name: Wait for ClamAV database to be available (up to 10 minutes) + wait_for: path="{{ item }}" timeout=600 + with_items: + - "/var/lib/clamav/daily.cvd" + - "/var/lib/clamav/main.cvd" + +- name: Enable ClamAV daemon and milter services service: name="{{ item }}" state=started with_items: - clamav-daemon - - clamav-freshclam - clamav-milter - name: Enable Postfix service diff --git a/roles/php_website/meta/main.yml b/roles/php_website/meta/main.yml index 551f9556c5c02414cd1c0ff22d47701543c176b5..03b67dbf3f2338a4466949809256ab69408e7e55 100644 --- a/roles/php_website/meta/main.yml +++ b/roles/php_website/meta/main.yml @@ -3,5 +3,5 @@ allow_duplicates: yes dependencies: - - role: common - - role: web_server \ No newline at end of file + - common + - web_server \ No newline at end of file diff --git a/roles/web_server/meta/main.yml b/roles/web_server/meta/main.yml index 90598b6fc11e9d24805198fcbdf242f71aa9e8d2..a8a7bb38f612001e78287e5cb3a9c67ab7134faa 100644 --- a/roles/web_server/meta/main.yml +++ b/roles/web_server/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - - role: common \ No newline at end of file + - common \ No newline at end of file diff --git a/roles/wsgi_website/defaults/main.yml b/roles/wsgi_website/defaults/main.yml index f7f74d3d4ad31b111f24333494721866a07b3af4..892275b9e5cb3d40ebed15954a0b8188604ebe25 100644 --- a/roles/wsgi_website/defaults/main.yml +++ b/roles/wsgi_website/defaults/main.yml @@ -10,3 +10,5 @@ virtualenv_packages: [] admin: "web-{{ fqdn | replace('.', '_') }}" https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}" https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}" +gunicorn_version: "19.6.0" +futures_version: "3.0.5" \ No newline at end of file diff --git a/roles/wsgi_website/meta/main.yml b/roles/wsgi_website/meta/main.yml index 551f9556c5c02414cd1c0ff22d47701543c176b5..03b67dbf3f2338a4466949809256ab69408e7e55 100644 --- a/roles/wsgi_website/meta/main.yml +++ b/roles/wsgi_website/meta/main.yml @@ -3,5 +3,5 @@ allow_duplicates: yes dependencies: - - role: common - - role: web_server \ No newline at end of file + - common + - web_server \ No newline at end of file diff --git a/roles/wsgi_website/tasks/main.yml b/roles/wsgi_website/tasks/main.yml index 0ad1ec17944babec3c35733dcae8f050f57a2c50..78ef7b44dab6cae9da131569de0fff85df613952 100644 --- a/roles/wsgi_website/tasks/main.yml +++ b/roles/wsgi_website/tasks/main.yml @@ -33,7 +33,7 @@ - name: Create Python virtual environment sudo_user: "{{ admin }}" - command: /usr/bin/virtualenv "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate" + command: /usr/bin/virtualenv --prompt "({{ fqdn }})" "{{ home }}/virtualenv" creates="{{ home }}/virtualenv/bin/activate" - name: Configure project directory for the Python virtual environment template: src="venv_project.j2" dest="{{ home }}/virtualenv/.project" @@ -51,9 +51,13 @@ template: src="venv_exec.j2" dest="{{ home }}/virtualenv/bin/exec" owner="{{ admin }}" group="{{ user }}" mode="750" +- name: Install futures package for use with Gunicorn thread workers + sudo_user: "{{ admin }}" + pip: name=futures version="{{ futures_version }}" state=present virtualenv="{{ home }}/virtualenv" + - name: Install Gunicorn in Python virtual environment sudo_user: "{{ admin }}" - pip: name=gunicorn state=present virtualenv="{{ home }}/virtualenv" + pip: name=gunicorn version="{{ gunicorn_version }}" state=present virtualenv="{{ home }}/virtualenv" - name: Install additional packages in Python virtual environment sudo_user: "{{ admin }}" diff --git a/roles/xmpp_server/meta/main.yml b/roles/xmpp_server/meta/main.yml index bd65ddc9beba9b4ff4b732e06fe319aace17e8b2..e5f94f13343b0c0e5a3b202e99ec6fbab8fe4a3e 100644 --- a/roles/xmpp_server/meta/main.yml +++ b/roles/xmpp_server/meta/main.yml @@ -1,7 +1,7 @@ --- dependencies: - - role: common + - common - role: backup_client when: enable_backup backup_patterns_filename: "xmpp_server"