diff --git a/roles/lemonldap_ng/meta/main.yml b/roles/lemonldap_ng/meta/main.yml index cb46c2d..0804708 100644 --- a/roles/lemonldap_ng/meta/main.yml +++ b/roles/lemonldap_ng/meta/main.yml @@ -3,3 +3,5 @@ dependencies: - role: repo_lemonldap_ng - role: httpd_mod_perl when: llng_server == 'httpd' + - role: mysql_server + when: llng_db_server in ['localhost','127.0.0.1'] diff --git a/roles/lemonldap_ng/tasks/main.yml b/roles/lemonldap_ng/tasks/main.yml index 0a4803c..3401ed6 100644 --- a/roles/lemonldap_ng/tasks/main.yml +++ b/roles/lemonldap_ng/tasks/main.yml @@ -1,11 +1,14 @@ --- +- include_vars: "{{ item }}" + with_first_found: + - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml + - vars/{{ ansible_distribution }}.yml + - vars/{{ ansible_os_family }}.yml + tags: web + - name: Install common packages - yum: - name: - - lemonldap-ng-conf - - perl-Cache-Cache - - lemonldap-ng-fastcgi-server + yum: name={{ llng_common_packages }} tags: web - name: Install Lemonldap::NG handler @@ -14,23 +17,12 @@ tags: web - name: Install Lemonldap::NG portal - yum: - name: - - python-passlib - - lemonldap-ng-portal - - lemonldap-ng-doc - - lasso - - lasso-perl - - perl-Authen-Captcha + yum: name={{ llng_portal_packages }} when: llng_portal == True tags: web - name: Install Lemonldap::NG manager - yum: - name: - - lemonldap-ng-manager - - lemonldap-ng-doc - - lemonldap-ng-fr-doc + yum: name={{ llng_manager_packages }} when: llng_manager == True tags: web @@ -40,17 +32,15 @@ - /var/cache/lemonldap-ng tags: web -- include_tasks: "{{ llng_server }}.yml" - tags: web +- include: "{{ llng_server }}.yml" - name: Deploy manager's nginx configuration template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf when: llng_manager == True and llng_server == 'nginx' notify: reload nginx -- import_tasks: mysql.yml +- include: mysql.yml when: llng_conf_backend == 'mysql' - tags: web - name: Deploy Lemonldap::NG main configuration template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640 diff --git a/roles/lemonldap_ng/tasks/mysql.yml b/roles/lemonldap_ng/tasks/mysql.yml index c2117e8..a7f3b7e 100644 --- a/roles/lemonldap_ng/tasks/mysql.yml +++ b/roles/lemonldap_ng/tasks/mysql.yml @@ -1,28 +1,26 @@ --- - name: Install needed packages - yum: - name: - - perl-DBD-MySQL - - MySQL-python - - mariadb - - perl-Apache-Session-Browseable + yum: name={{ llng_mysql_packages }} + tags: web -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "/etc/lemonldap-ng/ansible_dbpass" - when: llng_db_pass is not defined -- set_fact: llng_db_pass={{ rand_pass }} - when: +- when: - llng_db_pass is not defined - llng_manager or llng_portal + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "/etc/lemonldap-ng/ansible_dbpass" + - set_fact: llng_db_pass={{ rand_pass }} + tags: web -- import_tasks: ../includes/get_rand_pass.yml - vars: - - pass_file: "/etc/lemonldap-ng/ansible_handler_dbpass" - when: llng_handler_db_pass is not defined -- set_fact: llng_handler_db_pass={{ rand_pass }} - when: llng_handler_db_pass is not defined +- when: llng_handler_db_pass is not defined + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "/etc/lemonldap-ng/ansible_handler_dbpass" + - set_fact: llng_handler_db_pass={{ rand_pass }} + tags: web - name: Create the database mysql_db: @@ -33,10 +31,12 @@ encoding: utf8mb4 collation: utf8mb4_general_ci state: present + tags: web - name: Copy mysql schema copy: src=mysql_schema.sql dest=/etc/lemonldap-ng/mysql_schema.sql register: llng_schema + tags: web - name: Inject SQL structure mysql_db: @@ -47,6 +47,7 @@ login_user: sqladmin login_password: "{{ mysql_admin_pass }}" when: llng_schema.changed + tags: web - name: Create the main user mysql_user: @@ -60,7 +61,8 @@ state: present append_privs: True when: llng_portal == True or llng_manager == True - with_items: "{{ ansible_all_ipv4_addresses }}" + loop: "{{ ansible_all_ipv4_addresses }}" + tags: web - name: Create the handler user mysql_user: @@ -74,5 +76,6 @@ state: present append_privs: True when: llng_handler == True - with_items: "{{ ansible_all_ipv4_addresses }}" + loop: "{{ ansible_all_ipv4_addresses }}" + tags: web diff --git a/roles/lemonldap_ng/vars/CentOS-7.yml b/roles/lemonldap_ng/vars/CentOS-7.yml new file mode 100644 index 0000000..11709f3 --- /dev/null +++ b/roles/lemonldap_ng/vars/CentOS-7.yml @@ -0,0 +1,25 @@ +--- + +llng_common_packages: + - lemonldap-ng-conf + - perl-Cache-Cache + - lemonldap-ng-fastcgi-server + +llng_portal_packages: + - python-passlib + - lemonldap-ng-portal + - lemonldap-ng-doc + - lasso + - lasso-perl + - perl-Authen-Captcha + +llng_manager_packages: + - lemonldap-ng-manager + - lemonldap-ng-doc + - lemonldap-ng-fr-doc + +llng_mysql_packages: + - perl-DBD-MySQL + - MySQL-python + - mariadb + - perl-Apache-Session-Browseable diff --git a/roles/lemonldap_ng/vars/CentOS-8.yml b/roles/lemonldap_ng/vars/CentOS-8.yml new file mode 100644 index 0000000..dc0c38c --- /dev/null +++ b/roles/lemonldap_ng/vars/CentOS-8.yml @@ -0,0 +1,25 @@ +--- + +llng_common_packages: + - lemonldap-ng-conf + - perl-Cache-Cache + - lemonldap-ng-fastcgi-server + - python3-mysql + +llng_portal_packages: + - python3-passlib + - lemonldap-ng-portal + - lemonldap-ng-doc + - lasso + - lasso-perl + - perl-Authen-Captcha + +llng_manager_packages: + - lemonldap-ng-manager + - lemonldap-ng-doc + +llng_mysql_packages: + - perl-DBD-MySQL + - python3-mysql + - mariadb + - perl-Apache-Session-Browseable diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index 55ba843..df6a668 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,20 +1,14 @@ --- -- name: Install dehydrated client - yum: - name: - - dehydrated - - python2-dns-lexicon - when: ansible_os_family == 'RedHat' +- include_vars: "{{ item }}" + with_first_found: + - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml + - vars/{{ ansible_distribution }}.yml + - vars/{{ ansible_os_family }}.yml tags: web,ssl -- name: Install dependencies - apt: - name: - - python-pip - - python-setuptools - - curl - when: ansible_os_family == 'Debian' +- name: Install dehydrated client + package: name={{ letsencrypt_packages }} tags: web,ssl - name: Create needed directories diff --git a/roles/letsencrypt/vars/CentOS-7.yml b/roles/letsencrypt/vars/CentOS-7.yml new file mode 100644 index 0000000..972a5a6 --- /dev/null +++ b/roles/letsencrypt/vars/CentOS-7.yml @@ -0,0 +1,5 @@ +--- + +letsencrypt_packages: + - dehydrated + - python2-dns-lexicon diff --git a/roles/letsencrypt/vars/CentOS-8.yml b/roles/letsencrypt/vars/CentOS-8.yml new file mode 100644 index 0000000..287de66 --- /dev/null +++ b/roles/letsencrypt/vars/CentOS-8.yml @@ -0,0 +1,5 @@ +--- + +letsencrypt_packages: + - dehydrated + - python3-dns-lexicon diff --git a/roles/letsencrypt/vars/Debian-10.yml b/roles/letsencrypt/vars/Debian-10.yml new file mode 100644 index 0000000..4851af7 --- /dev/null +++ b/roles/letsencrypt/vars/Debian-10.yml @@ -0,0 +1,6 @@ +--- + +letsencrypt_packages: + - python-pip + - python-setuptools + - curl diff --git a/roles/sssd_ldap_auth/tasks/main.yml b/roles/sssd_ldap_auth/tasks/main.yml index 953ad43..d391225 100644 --- a/roles/sssd_ldap_auth/tasks/main.yml +++ b/roles/sssd_ldap_auth/tasks/main.yml @@ -4,8 +4,16 @@ - name: Deploy sssd config template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600 + when: sssd_config notify: restart sssd + # On el8 for example, sssd is already installed and running on a default setup + # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup) + # We can't rely on the handler, because it would only run at the end of the playbook +- name: Restart sssd if needed + service: name=sssd state=restarted + when: sssd_config.changed + - name: Ensure nsswitch is using sssd lineinfile: dest: /etc/nsswitch.conf