Update to 2020-11-15 23:00

4 years ago · 8b3b10fa18
parent f270402bc3
commit 8b3b10fa18
10 changed files with 118 additions and 55 deletions
--- a/roles/lemonldap_ng/meta/main.yml
+++ b/roles/lemonldap_ng/meta/main.yml
@ -3,3 +3,5 @@ dependencies:
  - role: repo_lemonldap_ng
  - role: httpd_mod_perl
    when: llng_server == 'httpd'
  - role: mysql_server
    when: llng_db_server in ['localhost','127.0.0.1']
--- a/roles/lemonldap_ng/tasks/main.yml
+++ b/roles/lemonldap_ng/tasks/main.yml
@ -1,11 +1,14 @@
 ---
 - include_vars: "{{ item }}"
  with_first_found:
    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
    - vars/{{ ansible_distribution }}.yml
    - vars/{{ ansible_os_family }}.yml
  tags: web
 - name: Install common packages
-  yum:
+  yum: name={{ llng_common_packages }}
    name:
      - lemonldap-ng-conf
      - perl-Cache-Cache
      - lemonldap-ng-fastcgi-server
  tags: web
 - name: Install Lemonldap::NG handler
@ -14,23 +17,12 @@
  tags: web
 - name: Install Lemonldap::NG portal
-  yum:
+  yum: name={{ llng_portal_packages }}
    name:
      - python-passlib
      - lemonldap-ng-portal
      - lemonldap-ng-doc
      - lasso
      - lasso-perl
      - perl-Authen-Captcha
  when: llng_portal == True
  tags: web
 - name: Install Lemonldap::NG manager
-  yum:
+  yum: name={{ llng_manager_packages }}
    name:
      - lemonldap-ng-manager
      - lemonldap-ng-doc
      - lemonldap-ng-fr-doc
  when: llng_manager == True
  tags: web
@ -40,17 +32,15 @@
    - /var/cache/lemonldap-ng
  tags: web
- include_tasks: "{{ llng_server }}.yml"
+- include: "{{ llng_server }}.yml"
  tags: web
 - name: Deploy manager's nginx configuration
  template: src=nginx_manager.conf.j2 dest=/etc/nginx/ansible_conf.d/23-llng_manager.conf
  when: llng_manager == True and llng_server == 'nginx'
  notify: reload nginx
- import_tasks: mysql.yml
+- include: mysql.yml
  when: llng_conf_backend == 'mysql'
  tags: web
 - name: Deploy Lemonldap::NG main configuration
  template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640
--- a/roles/lemonldap_ng/tasks/mysql.yml
+++ b/roles/lemonldap_ng/tasks/mysql.yml
@ -1,28 +1,26 @@
 ---
 - name: Install needed packages
-  yum:
+  yum: name={{ llng_mysql_packages }}
-    name:
+  tags: web
      - perl-DBD-MySQL
      - MySQL-python
      - mariadb
      - perl-Apache-Session-Browseable
- import_tasks: ../includes/get_rand_pass.yml
+- when:
  vars:
    - pass_file: "/etc/lemonldap-ng/ansible_dbpass"
  when: llng_db_pass is not defined
 - set_fact: llng_db_pass={{ rand_pass }}
  when:
    - llng_db_pass is not defined
    - llng_manager or llng_portal
  block:
    - import_tasks: ../includes/get_rand_pass.yml
      vars:
        - pass_file: "/etc/lemonldap-ng/ansible_dbpass"
    - set_fact: llng_db_pass={{ rand_pass }}
  tags: web
- import_tasks: ../includes/get_rand_pass.yml
+- when: llng_handler_db_pass is not defined
  block:
    - import_tasks: ../includes/get_rand_pass.yml
      vars:
        - pass_file: "/etc/lemonldap-ng/ansible_handler_dbpass"
-  when: llng_handler_db_pass is not defined
+    - set_fact: llng_handler_db_pass={{ rand_pass }}
- set_fact: llng_handler_db_pass={{ rand_pass }}
+  tags: web
  when: llng_handler_db_pass is not defined
 - name: Create the database
  mysql_db:
@ -33,10 +31,12 @@
    encoding: utf8mb4
    collation: utf8mb4_general_ci
    state: present
  tags: web
 - name: Copy mysql schema
  copy: src=mysql_schema.sql dest=/etc/lemonldap-ng/mysql_schema.sql
  register: llng_schema
  tags: web
 - name: Inject SQL structure
  mysql_db:
@ -47,6 +47,7 @@
    login_user: sqladmin
    login_password: "{{ mysql_admin_pass }}"
  when: llng_schema.changed
  tags: web
 - name: Create the main user
  mysql_user:
@ -60,7 +61,8 @@
    state: present
    append_privs: True
  when: llng_portal == True or llng_manager == True
-  with_items: "{{ ansible_all_ipv4_addresses }}"
+  loop: "{{ ansible_all_ipv4_addresses }}"
  tags: web
 - name: Create the handler user
  mysql_user:
@ -74,5 +76,6 @@
    state: present
    append_privs: True
  when: llng_handler == True
-  with_items: "{{ ansible_all_ipv4_addresses }}"
+  loop: "{{ ansible_all_ipv4_addresses }}"
  tags: web
--- a/roles/lemonldap_ng/vars/CentOS-7.yml
+++ b/roles/lemonldap_ng/vars/CentOS-7.yml
@ -0,0 +1,25 @@
 ---
 llng_common_packages:
  - lemonldap-ng-conf
  - perl-Cache-Cache
  - lemonldap-ng-fastcgi-server
 llng_portal_packages:
  - python-passlib
  - lemonldap-ng-portal
  - lemonldap-ng-doc
  - lasso
  - lasso-perl
  - perl-Authen-Captcha
 llng_manager_packages:
  - lemonldap-ng-manager
  - lemonldap-ng-doc
  - lemonldap-ng-fr-doc
 llng_mysql_packages:
  - perl-DBD-MySQL
  - MySQL-python
  - mariadb
  - perl-Apache-Session-Browseable
--- a/roles/lemonldap_ng/vars/CentOS-8.yml
+++ b/roles/lemonldap_ng/vars/CentOS-8.yml
@ -0,0 +1,25 @@
 ---
 llng_common_packages:
  - lemonldap-ng-conf
  - perl-Cache-Cache
  - lemonldap-ng-fastcgi-server
  - python3-mysql
 llng_portal_packages:
  - python3-passlib
  - lemonldap-ng-portal
  - lemonldap-ng-doc
  - lasso
  - lasso-perl
  - perl-Authen-Captcha
 llng_manager_packages:
  - lemonldap-ng-manager
  - lemonldap-ng-doc
 llng_mysql_packages:
  - perl-DBD-MySQL
  - python3-mysql
  - mariadb
  - perl-Apache-Session-Browseable
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@ -1,20 +1,14 @@
 ---
- name: Install dehydrated client
+- include_vars: "{{ item }}"
-  yum:
+  with_first_found:
-    name:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
-      - dehydrated
+    - vars/{{ ansible_distribution }}.yml
-      - python2-dns-lexicon
+    - vars/{{ ansible_os_family }}.yml
  when: ansible_os_family == 'RedHat'
  tags: web,ssl
- name: Install dependencies
+- name: Install dehydrated client
-  apt:
+  package: name={{ letsencrypt_packages }}
    name:
      - python-pip
      - python-setuptools
      - curl
  when: ansible_os_family == 'Debian'
  tags: web,ssl
 - name: Create needed directories
--- a/roles/letsencrypt/vars/CentOS-7.yml
+++ b/roles/letsencrypt/vars/CentOS-7.yml
@ -0,0 +1,5 @@
 ---
 letsencrypt_packages:
  - dehydrated
  - python2-dns-lexicon
--- a/roles/letsencrypt/vars/CentOS-8.yml
+++ b/roles/letsencrypt/vars/CentOS-8.yml
@ -0,0 +1,5 @@
 ---
 letsencrypt_packages:
  - dehydrated
  - python3-dns-lexicon
--- a/roles/letsencrypt/vars/Debian-10.yml
+++ b/roles/letsencrypt/vars/Debian-10.yml
@ -0,0 +1,6 @@
 ---
 letsencrypt_packages:
  - python-pip
  - python-setuptools
  - curl
--- a/roles/sssd_ldap_auth/tasks/main.yml
+++ b/roles/sssd_ldap_auth/tasks/main.yml
@ -4,8 +4,16 @@
 - name: Deploy sssd config
  template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
  when: sssd_config
  notify: restart sssd
  # On el8 for example, sssd is already installed and running on a default setup
  # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
  # We can't rely on the handler, because it would only run at the end of the playbook
 - name: Restart sssd if needed
  service: name=sssd state=restarted
  when: sssd_config.changed
 - name: Ensure nsswitch is using sssd
  lineinfile:
    dest: /etc/nsswitch.conf