diff --git a/roles/etcHosts/tasks/main.yml b/roles/etcHosts/tasks/main.yml
index a1029fa022cb7c4f8ebd1cb91927ac223ed79753..c3702d0bbaecdb715503c9adb970c8906e1400c3 100644
--- a/roles/etcHosts/tasks/main.yml
+++ b/roles/etcHosts/tasks/main.yml
@@ -12,6 +12,7 @@
shell: source /root/.bash_profile; /tmp/makehosts.py /tmp/groups {{ domain }}
delegate_to: 127.0.0.1
run_once: True
+ sudo: true
register: hosts_data
- name: write hosts file
@@ -22,3 +23,22 @@
state: present
sudo: true
with_items: hosts_data.stdout_lines
+
+- name: set hostname by sysctl
+ shell: sysctl kernel.hostname="{{ ansible_hostname }}"
+ sudo: true
+
+- name: set domainname by sysctl
+ shell: sysctl kernel.domainname="{{ domain }}"
+ sudo: true
+
+- name: set /etc/sysconfig/network on CentOS 6
+ lineinfile: dest=/etc/sysconfig/network line='HOSTNAME={{ ansible_hostname }}' regexp='^HOSTNAME'
+ sudo: true
+ when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
+
+- name: set /etc/sysctl.conf on Debian 8
+ lineinfile: dest=/etc/sysctl.conf line='kernel.domainname = {{ domain }}' regexp='^#kernel.domainname'
+ sudo: true
+ when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
+
diff --git a/roles/extra_rpms/vars/main.yml b/roles/extra_rpms/vars/main.yml
index 22aedc71b3610a8a8119092601475e96d0e13c2f..df10f44104f4a08b545af265cbefa0b3ce8338ec 100644
--- a/roles/extra_rpms/vars/main.yml
+++ b/roles/extra_rpms/vars/main.yml
@@ -16,6 +16,7 @@ pkgs:
- enchant
- eog
- evince
+ - finger
- fftw
- file-roller
- firefox
@@ -174,6 +175,7 @@ pkgs:
- python-babel
- python-dateutil
- python-devel
+ - python-ldap
- python-matplotlib
- python-nose
- python-paramiko
@@ -205,6 +207,10 @@ pkgs:
- unzip
- util-linux-ng
- uuid
+ - vim-X11
+ - vim-common
+ - vim-enhanced
+ - vim-minimal
- wacomexpresskeys
- wdaemon
- wxBase
diff --git a/roles/karaage3.1.17/handlers/main.yml b/roles/karaage3.1.17/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d6a6cfb778cf5f17c29b904dab32dfe4c4a9e0b5
--- /dev/null
+++ b/roles/karaage3.1.17/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: restart apache2
+ service: name=apache2 state=restarted
+ sudo: true
diff --git a/roles/karaage3.1.17/tasks/apacheDebian.yml b/roles/karaage3.1.17/tasks/apacheDebian.yml
index 0a08f63e7073a0e2167f69ebcf544f7069998fec..e9e69ba308bc80cfb64f068cf205ca14d646bb14 100644
--- a/roles/karaage3.1.17/tasks/apacheDebian.yml
+++ b/roles/karaage3.1.17/tasks/apacheDebian.yml
@@ -2,23 +2,32 @@
-
name: "Install Apache2"
apt: name=apache2 state=present
+ sudo: true
-
name: "Templating default-ssl site"
template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
+ sudo: true
-
name: "Templating default site"
template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
+ sudo: true
-
name: "Templating ssl configuration"
template: src=ssl.conf.j2 dest=/etc/apache2/mods-available/ssl.conf owner=www-data group=www-data
+ sudo: true
+ notify: restart apache2
-
name: "Enable ssl module"
apache2_module: state=present name=ssl
+ sudo: true
-
name: "Enable default-ssl site"
shell: a2ensite default-ssl
+ sudo: true
-
name: "Restarting Apache2"
- service: name=apache2 state=restarted
+ service: name=apache2 state=started
+ sudo: true
+
diff --git a/roles/karaage3.1.17/tasks/apacheRedHat.yml b/roles/karaage3.1.17/tasks/apacheRedHat.yml
index 6c7d2ad00d162b6df16022548f48992e3c594481..3515c7c200e7b4dd18045dcc478b2d61b535322b 100644
--- a/roles/karaage3.1.17/tasks/apacheRedHat.yml
+++ b/roles/karaage3.1.17/tasks/apacheRedHat.yml
@@ -2,6 +2,7 @@
-
name: "Installing Apache"
+ sudo: true
yum: name={{ item }} state=latest
with_items:
- mod_ssl
@@ -11,9 +12,11 @@
- httpd-devel
-
name: Setting httpd.conf
+ sudo: true
replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}"
-
name: Setting ssl.conf
+ sudo: true
lineinfile: dest=/etc/httpd/conf.d/ssl.conf regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
with_items:
- { regexp : "^SSLCertificateFile", line : "SSLCertificateFile {{ x509_cert_file }}" }
@@ -21,7 +24,9 @@
- { regexp : "SSLCACertificateFile", line : "SSLCACertificateFile {{ x509_cacert_file }}" }
-
name: Templating wsgi.conf
+ sudo: true
template: src=wsgi.conf.j2 dest=/etc/httpd/conf.d/wsgi.conf owner=root group=root
-
name: Restarting Apache
+ sudo: true
service: name=httpd state=restarted
diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index 57101bed1b63a55301cfc8fffad8396aa60902e5..cc847b8006d59ae7e7ef03a6619fc01bb1559c5a 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -2,6 +2,7 @@
-
name: "Installing prerequisites Debian"
apt: name={{ item }} update_cache=yes
+ sudo: true
with_items:
- libxml2-dev
- libxslt1-dev
@@ -11,10 +12,12 @@
- ldap-utils
- python-cracklib
- git
+ - apache2-dev
when: ansible_os_family == "Debian"
-
name: "Installing prerequisites Redhat"
yum: name={{ item }} state=latest
+ sudo: true
with_items:
- libxml2-devel
- libxslt-devel
@@ -35,12 +38,21 @@
name: Install the latest pip
shell: easy_install pip
when: ansible_os_family == "RedHat"
+
-
name: "Getting Karaage from Github"
- git: repo="https://github.com/monash-merc/karaage.git" dest="/root/karaage3.1.7"
+ git: repo="https://github.com/monash-merc/karaage.git" dest="/root/karaage3.1.7" force=yes
+ sudo: true
+
+-
+ name: "Create log directory, start aoacge will have errors without it"
+ file: dest=/etc/apache2/logs state=directory
+ sudo: true
+
-
name: "Installing Karaage Dependencies"
pip: name={{ item }}
+ sudo: true
with_items:
- six
- MySQL-python
@@ -51,6 +63,7 @@
- mod_wsgi
-
name: "Restrict Django version to 1.7.8"
+ sudo: true
replace: dest=/root/karaage3.1.7/setup.py regexp="Django >= 1.7" replace="Django == 1.7.8"
-
name: "Installing Karaage from source"
@@ -58,9 +71,11 @@
args:
chdir: /root/karaage3.1.7
creates: /root/karaage3.1.7/build/bdist.linux-x86_64
+ sudo: true
-
name: "Templating Karaage settings"
template: src=settings.py.j2 dest=/etc/karaage3/settings.py owner=root group={{ apache_user }} mode=0640
+ sudo: true
-
name: "Creating karaage3 in /var directories log, lib "
file: path={{ item }} state=directory owner=root group={{ apache_user }} mode=0775
@@ -68,12 +83,15 @@
- /var/log/karaage3
- /var/lib/karaage3
- /var/cache/karaage3
+ sudo: true
-
name: "Change permissions for /var/www"
file: path=/var/www state=directory owner=root group={{ apache_user }} mode=0775
+ sudo: true
-
name: "enabling Karaage configuration"
shell: a2enconf karaage3-wsgi
+ sudo: true
when: ansible_os_family == "Debian"
-
name: "enabling Karaage configuration"
@@ -86,6 +104,7 @@
- python-kgusage
- karaage-cluster-tools
- karaage3-celery
+ sudo: true
when: ansible_os_family == "Debian"
-
name: Downloading other packages RedHat
@@ -97,12 +116,14 @@
- { repo : 'https://github.com/Karaage-Cluster/karaage-usage.git', dest : '/root/karaage-usage' }
- { repo : 'https://github.com/Karaage-Cluster/karaage-applications.git', dest : '/root/karaage-applications' }
- { repo : 'https://github.com/Karaage-Cluster/karaage-cluster-tools.git', dest : '/root/karaage-cluster-tools' }
+ sudo: true
when: ansible_os_family == "RedHat"
-
args:
chdir: "/root/{{ item }}"
creates: "/root/{{ item }}/build/bdist.linux-x86_64"
name: "Installing other packages RedHat"
+ sudo: true
shell: "env python setup.py install"
when: ansible_os_family == "RedHat"
with_items:
@@ -115,19 +136,45 @@
-
name: "Set Secret Key"
lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = 'imkaraage'" state=present
+ sudo: true
+
+-
+ # TODO: Fix it
+ name: "Check DB tables has been created or not"
+ shell: ls /root/.karaage_db_init
+ ignore_errors: true
+ sudo: true
+ register: karaage_db_init
+
+-
+ name: "Enable wsgi config"
+ file: src=/etc/apache2/mods-available/wsgi.conf path=/etc/apache2/mods-enabled/wsgi.conf state=link
+ sudo: true
+
+-
+ name: "Enable wsgi load"
+ file: src=/etc/apache2/mods-available/wsgi.load path=/etc/apache2/mods-enabled/wsgi.load state=link
+ sudo: true
+
-
name: " Create DB tables"
- shell: kg-manage migrate
+ shell: kg-manage migrate && touch /root/.karaage_db_init
+ sudo: true
+ when: karaage_db_init is not defined
+
-
name: "Restarting Celery"
service: name=karaage3-celery state=restarted
+ sudo: true
when: ansible_os_family == "Debian"
-
name: "Reloading apache"
service: name=apache2 state=reloaded
+ sudo: true
when: ansible_os_family == "Debian"
-
name: "Reloading apache"
service: name=httpd state=reloaded
+ sudo: true
when: ansible_os_family == "RedHat"
diff --git a/roles/karaage3.1.17/tasks/main.yml b/roles/karaage3.1.17/tasks/main.yml
index 3fb11c21787e45de3da5ff4380ccc60b8662a0e4..66d2a9b7fc01263ffe647ed8d4961bd90f63d7ec 100644
--- a/roles/karaage3.1.17/tasks/main.yml
+++ b/roles/karaage3.1.17/tasks/main.yml
@@ -5,5 +5,4 @@
when: ansible_os_family == "Debian"
- include: apacheRedHat.yml
when: ansible_os_family == 'RedHat'
- - include: mysql.yml
- include: karaage.yml
diff --git a/roles/karaage3.1.17/tasks/mysql.yml b/roles/karaage3.1.17/tasks/mysql.yml
deleted file mode 100644
index e2df0e3db90c7f569db638ed4c94b1b646bd51a9..0000000000000000000000000000000000000000
--- a/roles/karaage3.1.17/tasks/mysql.yml
+++ /dev/null
@@ -1,78 +0,0 @@
----
--
- name: "Installing MySQL Debian"
- apt: name="{{ item }}" update_cache=yes cache_valid_time=3600 state=present
- with_items:
- - python
- - python-dev
- - libmysqlclient-dev
- - python-pip
- - libapache2-mod-wsgi
- - python-mysql.connector
- - mysql-server
- - python-mysqldb
- when: ansible_os_family == "Debian"
--
- name: Installing MySQL RedHat
- yum: name="{{ item }}" state=latest
- with_items:
- - python
- - python-devel
- - mysql-devel
- - mysql-libs
- - MySQL-python
- - mysql-server
- when: ansible_os_family == "RedHat"
--
- name: "Starting MySQL"
- service: name=mysql state=started enabled=true
- when: ansible_os_family == "Debian"
-
--
- name: "Starting MySQL"
- service: name=mysqld state=started enabled=true
- when: ansible_os_family == "RedHat"
--
- name: "Templating karaage.cnf"
- template: src="karaage.cnf.j2" dest=/etc/mysql/conf.d/karaage.cnf owner=root group=root
- when: ansible_os_family == "Debian"
-
--
- name: "Adding root"
- sudo: true
- mysql_user: name=root host="{{ item }}" password="{{ mysql_root_password }}" login_user=root login_password="{{ mysql_root_password }}" check_implicit_admin=yes priv="*.*:ALL,GRANT"
- with_items:
- - "{{ ansible_hostname }}"
- - 127.0.0.1
- - ::1
- - localhost
--
- name: Setting mysql global variables
- mysql_variables: variable={{ item.var }} value={{ item.val }} login_user=root login_password="{{ mysql_root_password }}"
- with_items:
- - { var : 'character_set_server', val : 'utf8' }
- - { var : 'storage_engine', val : 'innodb' }
- - { var : 'sql_mode', val : 'STRICT_ALL_TABLES' }
- when: ansible_os_family == "RedHat"
--
- name: "Editing my.cnf"
- lineinfile: dest=/etc/my.cnf line="{{ item }}"
- with_items:
- - '[client]'
- - 'default-character-set = utf8'
- when: ansible_os_family == "RedHat"
--
- name: "Adding Karaage Database"
- mysql_db: name=karaage state=present login_user=root login_password={{ mysql_root_password }}
--
- name: "Giving priviliges to karaage user"
- mysql_user: name=karaage password={{ karaage_sql_password }} login_user=root login_password={{ mysql_root_password }} priv=karaage.*:ALL state=present
-
--
- name: "Starting MySQL"
- service: name=mysql state=restarted
- when: ansible_os_family == "Debian"
--
- name: "Starting MySQL"
- service: name=mysqld state=restarted
- when: ansible_os_family == "RedHat"
diff --git a/roles/karaage3.1.17/tasks/prerequisitesDebian.yml b/roles/karaage3.1.17/tasks/prerequisitesDebian.yml
index 8ca53ad498ec98d4550b7481999ee73f47570113..c0517a924ae7db1a5f9039d9d33a584b59fa6a62 100644
--- a/roles/karaage3.1.17/tasks/prerequisitesDebian.yml
+++ b/roles/karaage3.1.17/tasks/prerequisitesDebian.yml
@@ -1,18 +1,24 @@
---
-
name: "Installing prereq packages"
+ sudo: true
apt: name={{ item }} update_cache=yes
with_items:
- debian-keyring
-
apt_key: "url=http://code.vpac.org/debian/vpac-debian-key.gpg state=present"
name: "Installing the VPAC Debian Archive signing key"
+ sudo: true
-
apt_repository: "repo='deb http://code.vpac.org/debian jessie main' state=present"
name: "Adding VPAC repository in the source list"
+ sudo: true
-
apt_repository: "repo='deb-src http://code.vpac.org/debian jessie main' state=present"
name: "Adding VPAC source repository"
+ sudo: true
-
apt: update_cache=yes
name: "Upgrading apt..."
+ sudo: true
+
diff --git a/roles/karaage3.1.17/templates/default-ssl.j2 b/roles/karaage3.1.17/templates/default-ssl.j2
index 10c9fd7d0ce285aad05ce1a6480b350c2fa3e09b..690c03cc63901cc0eebeb5ece72d62393fe3b373 100644
--- a/roles/karaage3.1.17/templates/default-ssl.j2
+++ b/roles/karaage3.1.17/templates/default-ssl.j2
@@ -1,6 +1,9 @@
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
+ {% if hpcidDomain is defined %}
+ ServerName {{ hpcidDomain }}
+ {% endif %}
DocumentRoot /var/www
<Directory />
@@ -39,8 +42,8 @@
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/server.crt
- SSLCertificateKeyFile /etc/ssl/private/server.key
+ SSLCertificateFile {{ x509_cert_file }}
+ SSLCertificateKeyFile {{ x509_key_file }}
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
@@ -56,8 +59,12 @@
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
+ {% if x509_cert_path is defined %}
+ SSLCACertificatePath {{ x509_cert_path }}
+ {% else %}
SSLCACertificatePath /etc/ssl/certs/
- SSLCACertificateFile /etc/ssl/certs/ca.crt
+ {% endif %}
+ SSLCACertificateFile {{ x509_cacert_file }}
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
diff --git a/roles/karaage3.1.17/templates/settings.py.j2 b/roles/karaage3.1.17/templates/settings.py.j2
index 1db75154159f1408ec150b3dba136095969865b0..9d05b119b111e3ba59308a28683e5788c1ebee9d 100644
--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -67,23 +67,32 @@ HTTP_HOST = "{{ x509_common_name }}"
# exception information. Each member of the tuple should be a tuple of (Full
# name, email address).
ADMINS = (
+{% if karaageAdminName is defined and karaageAdminEmail is defined %}
+ ('{{ karaageAdminName }}', '{{ karaageAdminEmail }}'),
+{% else %}
# ('Your Name', 'your_email@domain.com'),
+{% endif %}
)
# A tuple in the same format as ADMINS that specifies who should get broken
# link notifications when BrokenLinkEmailsMiddleware is enabled.
MANAGERS = ADMINS
+{% if defaultProject is defined and defaultMachineCategory is defined %}
+DEFAULT_PROJECT_PID = {{ defaultProject }}
+DEFAULT_MACHINE_CATEGORY_NAME = {{ defaultMachineCategory }}
+{% endif %}
+
# A dictionary containing the settings for all databases to be used with
# Django. It is a nested dictionary whose contents maps database aliases to a
# dictionary containing the options for an individual database.
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
- 'NAME': 'karaage',
- 'USER': 'karaage',
- 'PASSWORD': 'imkaraage',
- 'HOST': 'localhost',
+ 'NAME': '{{ karaageDbName }}',
+ 'USER': '{{ karaageDbUser }}',
+ 'PASSWORD': '{{ karaagePassword }}',
+ 'HOST': '{{ karaageDbHost }}',
'PORT': '',
'ATOMIC_REQUESTS': True,
}
@@ -92,7 +101,7 @@ DATABASES = {
LDAP = {
'default': {
'ENGINE': 'tldap.backend.fake_transactions',
- 'URI': 'ldaps://{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}/',
+ 'URI': '{{ ldapURI }}',
'USER': '{{ ldapManager }}',
'PASSWORD': '{{ ldapManagerPassword }}',
'REQUIRE_TLS': True,
@@ -114,8 +123,8 @@ MACHINE_CATEGORY_DATASTORES = {
'HOME_DIRECTORY': "/home/%(uid)s",
'LOCKED_SHELL': "/usr/local/sbin/locked",
'NUMBER_SCHEME': 'default',
- 'LDAP_ACCOUNT_BASE': 'ou=Accounts,dc=monash,dc=edu,dc=au',
- 'LDAP_GROUP_BASE': 'ou=Groups,dc=monash,dc=edu,dc=au',
+ 'LDAP_ACCOUNT_BASE': 'ou=Accounts,{{ ldapDomain }}',
+ 'LDAP_GROUP_BASE': 'ou=Groups,{{ ldapDomain }}',
},
],
'dummy': [
@@ -130,13 +139,13 @@ GLOBAL_DATASTORES = [
'PERSON': 'karaage.datastores.ldap_schemas.openldap_person',
'GROUP': 'karaage.datastores.ldap_schemas.openldap_person_group',
'NUMBER_SCHEME': 'global',
- 'LDAP_PERSON_BASE': 'ou=People,dc=monash,dc=edu,dc=au',
- 'LDAP_GROUP_BASE': 'ou=People_Groups,dc=monash,dc=edu,dc=au',
+ 'LDAP_PERSON_BASE': 'ou=People,{{ ldapDomain }}',
+ 'LDAP_GROUP_BASE': 'ou=Groups,{{ ldapDomain }}',
},
]
# The email address that error messages come from, such as those sent to ADMINS
# and MANAGERS.
-SERVER_EMAIL = 'karaage@example.org'
+SERVER_EMAIL = '{{ karaageAdminEmail }}'
# The host to use for sending email.
EMAIL_HOST = 'localhost'
@@ -258,7 +267,7 @@ LOGGING = {
# Users are advised to contact this address if having problems.
# This is also used as the from address in outgoing emails.
-ACCOUNTS_EMAIL = 'accounts@example.com'
+ACCOUNTS_EMAIL = '{{ karaageAdminEmail }}'
# This organisation name, used in outgoing emails.
ACCOUNTS_ORG_NAME = 'Example'
diff --git a/roles/karaage3.1.17/templates/ssl.conf.j2 b/roles/karaage3.1.17/templates/ssl.conf.j2
index 46ae7a92679ca4b7c8504b80c550f62f189b1447..b9af9099757c95a2fbf3093acd1e9037882c4fea 100644
--- a/roles/karaage3.1.17/templates/ssl.conf.j2
+++ b/roles/karaage3.1.17/templates/ssl.conf.j2
@@ -70,7 +70,8 @@ SSLCryptoDevice builtin
## SSL Virtual Host Context
##
-<VirtualHost {{ ansible_fqdn }}:443>
+### <VirtualHost {{ ansible_fqdn }}:443>
+<VirtualHost {{ ansible_nodename }}.{{ ansible_domain }}:443>
# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 86c6b1f01bb922af0fb434cd24c16747ef939f6a..356eeef7b1972f293342b90284210df8ac6005a4 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -44,6 +44,9 @@
- name: template accounts.ldif
template: src=accounts_ldif.j2 dest=/tmp/accounts.ldif
+- name: template real accounts.ldif
+ template: src=real_accounts_ldif.j2 dest=/tmp/real_accounts.ldif
+
- name: template groups.ldif
template: src=groups_ldif.j2 dest=/tmp/groups.ldif
@@ -129,6 +132,12 @@
ignore_errors: true
register: accountsConfigured
+- name: check real Accounts config
+ shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAccountBase }} -x -H ldap://localhost objectClass=*"
+ ignore_errors: true
+ register: realAccountsConfigured
+ when: ldapAccountBase is defined
+
- name: check Groups config
shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=*"
ignore_errors: true
@@ -145,7 +154,10 @@
with_items:
- ppolicy
- cosine
+ - nis
+ - inetorgperson
ignore_errors: true
+ sudo: true
when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7'
- name: initialise server ssl
@@ -180,6 +192,10 @@
shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/accounts.ldif
when: accountsConfigured|failed
+- name: add real Accounts OU
+ shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/real_accounts.ldif
+ when: realAccountsConfigured is defined and realAccountsConfigured|failed
+
- name: add Groups OU
shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
when: groupsConfigured|failed
diff --git a/roles/ldapserver/templates/real_accounts_ldif.j2 b/roles/ldapserver/templates/real_accounts_ldif.j2
new file mode 100644
index 0000000000000000000000000000000000000000..825600374ae339b3798bfd06f4fb5a1996777b1f
--- /dev/null
+++ b/roles/ldapserver/templates/real_accounts_ldif.j2
@@ -0,0 +1,2 @@
+dn: {{ ldapAccountBase }}
+objectClass: organizationalUnit
diff --git a/roles/ldapserver/vars/main.yml b/roles/ldapserver/vars/main.yml
index 38cf871d127b1287cf0811c4f34f4e4601717630..c3953ac3b4519d1c524c869bf716230d12821911 100644
--- a/roles/ldapserver/vars/main.yml
+++ b/roles/ldapserver/vars/main.yml
@@ -2,3 +2,4 @@
ldapcert: /etc/openldap/certs/ldapcert.pem
ldapkey: /etc/openldap/certs/ldapkey.pem
cacert: /etc/openldap/certs/cacert.pem
+
diff --git a/roles/mysql/handlers/main.yml b/roles/mysql/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d99e29a582d56d55b854a5a889b02bdb1218f917
--- /dev/null
+++ b/roles/mysql/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+- name: "Restart MySQL"
+ service: name=mysql state=restarted
+ sudo: true
+ when: ansible_os_family == "Debian"
+
+- name: "Restart MySQL"
+ service: name=mysqld state=restarted
+ sudo: true
+ when: ansible_os_family == "RedHat"
+
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bc39805e12f63115eb9d0d88fc9d19af77fbb8de
--- /dev/null
+++ b/roles/mysql/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+ - include: mysql_client.yml mysql_type=mysql_client
+ - include: mysql_server.yml mysql_type=mysql_server
diff --git a/roles/mysql/tasks/mysql_client.yml b/roles/mysql/tasks/mysql_client.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3c69675b3b9d74e7bdb2a975f2a364fe5901d431
--- /dev/null
+++ b/roles/mysql/tasks/mysql_client.yml
@@ -0,0 +1,18 @@
+---
+- name: "Installing MySQL Debian"
+ apt: name="{{ item }}" update_cache=yes cache_valid_time=3600 state=present
+ with_items:
+ - python
+ - mysql-client
+ sudo: true
+ when: ansible_os_family == "Debian"
+
+- name: Installing MySQL RedHat
+ yum: name="{{ item }}" state=latest
+ with_items:
+ - python
+ - mysql
+ - mysql-connector-odbc
+ - MySQL-python
+ sudo: true
+ when: ansible_os_family == "RedHat"
diff --git a/roles/mysql/tasks/mysql_server.yml b/roles/mysql/tasks/mysql_server.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5fb1ce2ec919353890835ce2db9a642bacbb31ae
--- /dev/null
+++ b/roles/mysql/tasks/mysql_server.yml
@@ -0,0 +1,79 @@
+---
+- name: "Installing MySQL Debian"
+ apt: name="{{ item }}" update_cache=yes cache_valid_time=3600 state=present
+ with_items:
+ - python
+ - python-dev
+ - libmysqlclient-dev
+ - python-pip
+ - libapache2-mod-wsgi
+ - python-mysql.connector
+ - mysql-server
+ - python-mysqldb
+ sudo: true
+ when: ansible_os_family == "Debian"
+
+- name: Installing MySQL RedHat
+ yum: name="{{ item }}" state=latest
+ with_items:
+ - python
+ - python-devel
+ - mysql-devel
+ - mysql-libs
+ - MySQL-python
+ - mysql-server
+ sudo: true
+ when: ansible_os_family == "RedHat"
+
+- name: "Starting MySQL"
+ service: name=mysql state=started enabled=true
+ sudo: true
+ when: ansible_os_family == "Debian"
+
+- name: "Starting MySQL"
+ service: name=mysqld state=started enabled=true
+ sudo: true
+ when: ansible_os_family == "RedHat"
+
+- name: make sure mysql conf directory exists
+ file: dest=/etc/mysql/conf.d state=directory
+ sudo: true
+
+- name: "Templating mysql configure file"
+ template: src="mysql.cnf.j2" dest=/etc/mysql/conf.d/{{ mysql_config_file_name }}.cnf owner=root group=root
+ sudo: true
+
+- name: "Adding root"
+ sudo: true
+ mysql_user: name=root host="{{ item }}" password="{{ mysql_root_password }}" login_user=root login_password="{{ mysql_root_password }}" check_implicit_admin=yes priv="*.*:ALL,GRANT"
+ with_items:
+ - "{{ ansible_hostname }}"
+ - 127.0.0.1
+ - ::1
+ - localhost
+
+- name: Setting mysql global variables
+ mysql_variables: variable={{ item.var }} value={{ item.val }} login_user=root login_password="{{ mysql_root_password }}"
+ with_items:
+ - { var : 'character_set_server', val : 'utf8' }
+ - { var : 'storage_engine', val : 'innodb' }
+ - { var : 'sql_mode', val : 'STRICT_ALL_TABLES' }
+ sudo: true
+ when: ansible_os_family == "RedHat"
+
+- name: "Editing my.cnf"
+ lineinfile: dest=/etc/my.cnf line="{{ item }}"
+ with_items:
+ - '[client]'
+ - 'default-character-set = utf8'
+ - 'log_warnings = 2'
+ - 'log_error = /var/log/mysql/error.log'
+ sudo: true
+ notify: Restart MySQL
+ when: ansible_os_family == "RedHat"
+
+- name: "Adding user database"
+ mysql_db: name={{ mysql_user_db_name }} state=present login_user=root login_password={{ mysql_root_password }}
+
+- name: "Giving priviliges to user"
+ mysql_user: name={{ mysql_user_name }} host={{ mysql_user_host }} password={{ mysql_user_password }} login_user=root login_password={{ mysql_root_password }} priv={{ mysql_user_name }}.*:ALL state=present
diff --git a/roles/mysql/templates/mysql.cnf.j2 b/roles/mysql/templates/mysql.cnf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..f32a6e4e4d854b0be3f96170136db120cf8feadc
--- /dev/null
+++ b/roles/mysql/templates/mysql.cnf.j2
@@ -0,0 +1,7 @@
+[mysqld]
+character_set_server=utf8
+default-storage-engine = innodb
+sql_mode = STRICT_ALL_TABLES
+
+[client]
+default-character-set = utf8
diff --git a/roles/mysql/vars/readme.txt b/roles/mysql/vars/readme.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a17f539ae37d149078df23444a80a1c00d611cb1
--- /dev/null
+++ b/roles/mysql/vars/readme.txt
@@ -0,0 +1,10 @@
+# Select one of mysql installation type for mysql_client or mysql_client
+mysql_type: mysql_client | mysql_server
+
+mysql_user_db_name: "my_database"
+mysql_user_name: "my_database"
+mysql_user_host: "localhost"
+mysql_config_file_name: "mysql_config"
+mysql_root_password: "secret"
+mysql_user_password: "secret"
+