diff --git a/roles/karaage3.1.17/tasks/apacheDebian.yml b/roles/karaage3.1.17/tasks/apacheDebian.yml
index f47cad3de27cc007689cc0295428bba08c86c959..2ee1fdbb820e03f72bad26f7096f6dec62d5624f 100644
--- a/roles/karaage3.1.17/tasks/apacheDebian.yml
+++ b/roles/karaage3.1.17/tasks/apacheDebian.yml
@@ -6,9 +6,7 @@
   - apache2
   - apache2-dev
  sudo: true
--
- name: "Setting default site"
- lineinfile: dest=/etc/apache2/sites-available/000-default.conf regexp="#ServerName" line="ServerName {{ ansible_nodename }}" backrefs=yes
+
 -
  name: "Setting default-ssl site"
  lineinfile: dest=/etc/apache2/sites-available/default-ssl.conf  regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
@@ -16,6 +14,7 @@
   - { regexp : "^\\s+SSLCertificateFile", line : "		SSLCertificateFile {{ x509_cert_file }}" }
   - { regexp : "SSLCertificateKeyFile", line : "		SSLCertificateKeyFile {{ x509_key_file }}" }
   - { regexp : "SSLCACertificateFile", line : "		SSLCACertificateFile {{ x509_cacert_file }}" }
+ sudo: true
 -
  name: "Templating default-ssl site"
  template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
@@ -24,11 +23,7 @@
  name: "Templating default site"
  template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
  sudo: true
--
- name: "Templating ssl configuration"
- template: src=ssl.conf.j2 dest=/etc/apache2/mods-available/ssl.conf owner=www-data group=www-data
- sudo: true
- notify: restart apache2
+
 -
  name: "Enable ssl module"
  apache2_module: state=present name=ssl
@@ -38,6 +33,7 @@
  name: "Enable default-ssl site"
  shell: a2ensite default-ssl
  sudo: true
+ notify: restart apache2
 
 -
  name: "Starting Apache2"
diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index cc847b8006d59ae7e7ef03a6619fc01bb1559c5a..49c3578fb5e540a85d6247e832e6b80cc60cd7b5 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -133,11 +133,6 @@
     - karaage-software
     - karaage-usage
     - karaage-cluster-tools
--
- name: "Set Secret Key"
- lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = 'imkaraage'" state=present
- sudo: true
-
 -
  # TODO: Fix it
  name: "Check DB tables has been created or not"
diff --git a/roles/karaage3.1.17/templates/settings.py.j2 b/roles/karaage3.1.17/templates/settings.py.j2
index 9d05b119b111e3ba59308a28683e5788c1ebee9d..752d980be808887ac5324d6597806b3d97693b51 100644
--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -79,8 +79,8 @@ ADMINS = (
 MANAGERS = ADMINS
 
 {% if defaultProject is defined and defaultMachineCategory is defined %}
-DEFAULT_PROJECT_PID = {{ defaultProject }}
-DEFAULT_MACHINE_CATEGORY_NAME = {{ defaultMachineCategory }}
+DEFAULT_PROJECT_PID = "{{ defaultProject }}"
+DEFAULT_MACHINE_CATEGORY_NAME = "{{ defaultMachineCategory }}"
 {% endif %}
 
 # A dictionary containing the settings for all databases to be used with
@@ -168,7 +168,12 @@ LANGUAGE_CODE = 'en-au'
 
 # A secret key for a particular Django installation. This is used to provide
 # cryptographic signing, and should be set to a unique, unpredictable value.
-SECRET_KEY = ''
+{% if karaageSecretKey is defined %}
+SECRET_KEY = '{{ karaageSecretKey }}'
+{% else %}
+SECRET_KEY = 'default_ZT8VsL5CoURmUbui2hDrmEK0AwPvtR5h'
+{% endif %}
+
 
 # A data structure containing configuration information. The contents of this
 # data structure will be passed as the argument to the configuration method
diff --git a/roles/karaage3.1.17/templates/ssl.conf.j2 b/roles/karaage3.1.17/templates/ssl.conf.j2
index b9af9099757c95a2fbf3093acd1e9037882c4fea..1b2e1339b99987915ecf6957f993c24d20fa4691 100644
--- a/roles/karaage3.1.17/templates/ssl.conf.j2
+++ b/roles/karaage3.1.17/templates/ssl.conf.j2
@@ -75,7 +75,7 @@ SSLCryptoDevice builtin
 
 # General setup for the virtual host, inherited from global configuration
 #DocumentRoot "/var/www/html"
-#ServerName www.example.com:443
+ServerName {{ ansible_nodename }}.{{ ansible_domain }}:443
 
 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index 356eeef7b1972f293342b90284210df8ac6005a4..437211fad504ad1049c7dd3322ff2a61eb4fcbc7 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -98,6 +98,11 @@
   sudo: true
   when: ansible_os_family == 'RedHat' and ansible_distribution_major_version < '7'
 
+- name: enable ssl centos 7
+  lineinfile: regexp="^SLAPD_URLS=" state=present line="SLAPD_URLS='ldaps:/// ldapi:/// ldap:///'" dest=/etc/sysconfig/slapd
+  sudo: true
+  when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '7'
+
 - name: start ldap
   service: name=slapd state=restarted
   sudo: true
diff --git a/roles/mysql/tasks/mysql_server.yml b/roles/mysql/tasks/mysql_server.yml
index 5fb1ce2ec919353890835ce2db9a642bacbb31ae..a226cd7295c093631c4be130e1aedbc8e814a780 100644
--- a/roles/mysql/tasks/mysql_server.yml
+++ b/roles/mysql/tasks/mysql_server.yml
@@ -61,8 +61,18 @@
   sudo: true
   when: ansible_os_family == "RedHat"
 
+- name: "Add my.cnf security"
+  lineinfile: dest=/etc/my.cnf line="{{ item }}" insertafter="symbolic-links=0"
+  with_items:
+    - 'log_warnings = 2'
+    - 'log_error = /var/log/mysql/error.log'
+  sudo: true
+  notify: Restart MySQL
+  when: ansible_os_family == "RedHat"
+
+
 - name: "Editing my.cnf"
-  lineinfile: dest=/etc/my.cnf  line="{{ item }}"
+  lineinfile: dest=/etc/my.cnf line="{{ item }}"
   with_items:
     - '[client]'
     - 'default-character-set = utf8'
diff --git a/roles/mysql/templates/mysql.cnf.j2 b/roles/mysql/templates/mysql.cnf.j2
index f32a6e4e4d854b0be3f96170136db120cf8feadc..bcfe4d87c32c8602b88dd3a11659ea5c68420eb6 100644
--- a/roles/mysql/templates/mysql.cnf.j2
+++ b/roles/mysql/templates/mysql.cnf.j2
@@ -2,6 +2,8 @@
 character_set_server=utf8
 default-storage-engine = innodb
 sql_mode = STRICT_ALL_TABLES
+log_warnings = 2
+log_error = /var/log/mysql/error.log
 
 [client]
 default-character-set = utf8
diff --git a/roles/shibboleth-sp/handlers/main.yml b/roles/shibboleth-sp/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0f9ae520be01b1ee5873911ecc1a3175a69aa21d
--- /dev/null
+++ b/roles/shibboleth-sp/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: "Restarting Apache"  
+  service: name=apache2 state=restarted
+  sudo: true
+
+- name: "Restarting shibboleth"  
+  service: name=shibd state=restarted
+  sudo: true
+
diff --git a/roles/shibboleth-sp/tasks/shibbolethConfig.yml b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
index 0d7f23aab6dfa7eafbddb94def41512b2ce73dd5..9f6baf16416904c3f7d4f8d84bbda942622f1e2f 100644
--- a/roles/shibboleth-sp/tasks/shibbolethConfig.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethConfig.yml
@@ -2,11 +2,13 @@
 -
  name: "Copying the metadata.aaf.xml and aaf-metadata-cert.pem"
  template: src="{{ item }}.j2" dest="/etc/shibboleth/{{ item }}" mode=0644
+ sudo: true
  with_items:
   - metadata.aaf.xml
   - aaf-metadata-cert.pem
 - 
   name: "Setting shibboleth2.xml sp.example.org"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -17,6 +19,7 @@
   
 - 
   name: "Setting shibboleth2.xml handlerSSL"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -26,6 +29,7 @@
 
 - 
   name: "Setting shibboleth2.xml supportContact"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -35,6 +39,7 @@
 
 - 
   name: "Enabling MetadataProvider"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -43,6 +48,7 @@
    
 - 
   name: "Enabling MetadataProvider"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -50,6 +56,7 @@
    replace: '</MetadataProvider>'
 - 
   name: "Setting shibboleth2.xml Federation URI"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -58,6 +65,7 @@
    
 - 
   name: "Setting shibboleth2.xml backingFilePath"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -66,6 +74,7 @@
    
 - 
   name: "Setting shibboleth2.xml aaf Certificate"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -74,6 +83,7 @@
    
 - 
   name: "Setting shibboleth2.xml AAF Discovery URL"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -82,6 +92,7 @@
    
 - 
   name: "Setting shibboleth2.xml Credential Resolver"
+  sudo: true
   replace: 
   args:
    dest: /etc/shibboleth/shibboleth2.xml 
@@ -90,20 +101,26 @@
 
 -
  name: "Templating attribute-map.xml"
+ sudo: true
  template:
  args:
    src: attribute-map.xml.j2
    dest: /etc/shibboleth/attribute-map.xml
+ notify:
+   - Restarting Apache
+   - Restarting shibboleth
 -
- name: "Restarting Apache"
+ name: "Starting Apache"
+ sudo: true
  service:
  args:
   name: apache2
-  state: restarted
+  state: tarted
 
 -
- name: "Restarting shibboleth"
+ name: "Starting shibboleth"
+ sudo: true
  service:
  args:
   name: shibd
-  state: restarted
+  state: tarted
diff --git a/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml b/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
index b6bdee0292243446d057c7b8afc89e4337a021ce..f9e46165096e2fb9a3d5495ce41b998e99e78fab 100644
--- a/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
+++ b/roles/shibboleth-sp/tasks/shibbolethPrerequisites.yml
@@ -1,6 +1,7 @@
 ---
 -
  name: Install base packages - Debian
+ sudo: true
  apt: name={{ item }} state=present
  with_items:
   - shibboleth-sp2-schemas