majic-ansible-roles Changeset

Changeset - e4a0f78340ef

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 7 years ago 2017-08-09 09:36:07
branko@majic.rs

MAR-114: Updated task syntax for bootstrap, preseed and xmpp roles:

- Updated web_server, php_website, and wsgi_website roles.
- Added and removed quoting where it makes sense.
- Switched to using expanded syntax (instead of one-liners).
- Updated ordering of arguments in task definitions.

5 files changed with 90 insertions and 31 deletions:

roles/bootstrap/handlers/main.yml

roles/bootstrap/tasks/main.yml

roles/preseed/tasks/main.yml

roles/xmpp_server/handlers/main.yml

roles/xmpp_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/bootstrap/handlers/main.yml

➞

Show inline comments

---

roles/bootstrap/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install sudo
   apt: name=sudo state=installed
   apt:
     name: sudo
     state: installed
 - name: Set-up the Ansible group
   group: name=ansible system=yes
   group:
     name: ansible
     system: yes
 - name: Set-up the Ansible user
   user: name=ansible system=yes group=ansible shell=/bin/bash
   user:
     name: ansible
     system: yes
     group: ansible
     shell: /bin/bash
 - name: Set-up authorized key for the Ansible user
   authorized_key: user=ansible key="{{ ansible_key }}"
   authorized_key:
     user: ansible
     key: "{{ ansible_key }}"
 - name: Set-up password-less sudo for the ansible user
   copy: src=ansible_sudo dest=/etc/sudoers.d/ansible mode=0640 owner=root group=root
   copy:
     src: "ansible_sudo"
     dest: "/etc/sudoers.d/ansible"
     mode: 0640
     owner: root
     group: root
 - name: Revoke rights for Ansible user to log-in as root to server via ssh
   authorized_key: user=root key="{{ ansible_key }}" state=absent
   authorized_key:
     user: root
     key: "{{ ansible_key }}"
     state: absent
 - name: Explicitly run all handlers
   include: ../handlers/main.yml
-  when: "handlers | default(False) | bool() == True"
+  when: "handlers | default(False) | bool() : :  True"
   tags:
     - handlers

roles/preseed/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directory for storing preseed configurations
   file: path="{{ preseed_directory }}" mode=0750 state=directory
   file:
     path: "{{ preseed_directory }}"
     mode: 0750
     state: directory
 - name: Create preseed configuration file
   template: src="preseed-jessie.cfg.j2" dest="{{ preseed_directory }}/{{ item }}.cfg"
             mode=0640
   with_items: "{{ groups['all'] }}"
   template:
     src: "preseed-jessie.cfg.j2"
     dest: "{{ preseed_directory }}/{{ item }}.cfg"
     mode: 0640
   when: item != "localhost"
   with_items: "{{ groups['all'] }}"
 - name: Explicitly run all handlers
   include: ../handlers/main.yml

roles/xmpp_server/handlers/main.yml

➞

Show inline comments

 ---
 - name: Restart Prosody
   service: name=prosody state=restarted
@@ \ No newline at end of file @@
   service:
     name: prosody
     state: restarted

roles/xmpp_server/tasks/main.yml

➞

Show inline comments

 ---
 - name: Install Python apt bindings
   apt: name=python-apt
   apt:
     name: python-apt
 - name: Add Prosody repository apt key
   apt_key:
@@ @@ -9,27 +10,38 @@ @@
     state: present
 - name: Add Prosody repository
   apt_repository: repo="deb http://packages.prosody.im/debian jessie main" state=present
   apt_repository:
     repo: "deb http://packages.prosody.im/debian jessie main"
     state: present
 - name: Install Lua Sec library (needed for TLS)
   apt: name=lua-sec state=installed
   apt:
     name: lua-sec
     state: installed
 - name: Install Lua LDAP library
   apt: name=lua-ldap state=installed
   apt:
     name: lua-ldap
     state: installed
 - name: Install Prosody
   apt: name=prosody state=installed
   apt:
     name: prosody
     state: installed
 - name: Allow Prosody user to traverse the directory with TLS private keys
   user: name=prosody append=yes groups=ssl-cert
   user:
     name: prosody
     append: yes
     groups: ssl-cert
 - name: Deploy XMPP TLS private key
   copy:
     dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
     content: "{{ xmpp_tls_key }}"
     mode: 0640
     owner: root
     group: prosody
     mode: 0640
   notify:
     - Restart Prosody
@@ @@ -37,30 +49,44 @@ @@
   copy:
     dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
     content: "{{ xmpp_tls_certificate }}"
     mode: 0644
     owner: root
     group: root
     mode: 0644
   notify:
     - Restart Prosody
 - name: Deploy configuration file for checking certificate validity via cron
   copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
         owner=root group=root mode=0644
   copy:
     content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
     dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
     owner: root
     group: root
     mode: 0644
 - name: Set-up directory for storing additional Prosody modules
   file: path=/usr/local/lib/prosody/modules/ state=directory mode=0755 owner=root group=root
   file:
     path: "/usr/local/lib/prosody/modules/"
     state: directory
     owner: root
     group: root
     mode: 0755
 - name: Deploy the Prosody mod_auth_ldap module
   get_url: url=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
            dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua
   get_url:
     url: "https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua"
     dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
 - name: Set-up file permissions for the Prosody mod_auth_ldap module
   file: dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua owner=root group=root mode=0644
   file:
     dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
     owner: root
     group: root
     mode: 0644
 - name: Deploy Prosody configuration file
   template:
     src: prosody.cfg.lua.j2
     dest: /etc/prosody/prosody.cfg.lua
     src: "prosody.cfg.lua.j2"
     dest: "/etc/prosody/prosody.cfg.lua"
     owner: root
     group: prosody
     mode: 0640
@@ @@ -68,15 +94,22 @@ @@
     - Restart Prosody
 - name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
   command: rcconf -on prosody
+  command: "rcconf -on prosody"
   register: result
   changed_when: result.stderr == ""
 - name: Enable and start Prosody service
   service: name=prosody state=started
   service:
     name: prosody
     state: started
 - name: Deploy firewall configuration for XMPP server
   copy: src="ferm_xmpp.conf" dest="/etc/ferm/conf.d/30-xmpp.conf" owner=root group=root mode=0640
   copy:
     src: "ferm_xmpp.conf"
     dest: "/etc/ferm/conf.d/30-xmpp.conf"
     owner: root
     group: root
     mode: 0640
   notify:
     - Restart ferm

0 comments (0 inline, 0 general)