roles/gpu_update/templates/nvidia.conf.j2

+# paulmc no longer needed - this was for setting user permissions to use driver
+options nvidia NVreg_DeviceFileMode=0666
+

roles/gpu_update/templates/xorg.conf.j2

+# paulmc - no longer needed, we use nvidia-xconfig to generate this based on the GPU's it finds
+# nvidia-xconfig: X configuration file generated by nvidia-xconfig
+# nvidia-xconfig:  version 340.58  (buildmeister@swio-display-x86-rhel47-09)  Fri Oct 31 17:40:05 PDT 2014
+Section "DRI"
+	Mode 0660
+	Group "vglusers"
+EndSection
+
+Section "ServerLayout"
+    Identifier     "Layout0"
+    Screen      0  "Screen0"
+    InputDevice    "Keyboard0" "CoreKeyboard"
+    InputDevice    "Mouse0" "CorePointer"
+EndSection
+
+Section "Files"
+    FontPath        "/usr/share/fonts/default/Type1"
+EndSection
+
+Section "InputDevice"
+    # generated from default
+    Identifier     "Mouse0"
+    Driver         "mouse"
+    Option         "Protocol" "auto"
+    Option         "Device" "/dev/input/mice"
+    Option         "Emulate3Buttons" "no"
+    Option         "ZAxisMapping" "4 5"
+EndSection
+
+Section "InputDevice"
+    # generated from data in "/etc/sysconfig/keyboard"
+    Identifier     "Keyboard0"
+    Driver         "kbd"
+    Option         "XkbLayout" "us"
+    Option         "XkbModel" "pc105"
+EndSection
+
+Section "Monitor"
+    Identifier     "Monitor0"
+    VendorName     "Unknown"
+    ModelName      "Unknown"
+    HorizSync       28.0 - 33.0
+    VertRefresh     43.0 - 72.0
+    Option         "DPMS"
+EndSection
+
+Section "Device"
+    Identifier     "Device0"
+    Driver         "nvidia"
+    VendorName     "NVIDIA Corporation"
+    BusID          "PCI:00:06:0"
+EndSection
+
+Section "Screen"
+    Identifier     "Screen0"
+    Device         "Device0"
+    Monitor        "Monitor0"
+    DefaultDepth    24
+    SubSection     "Display"
+        Depth       24
+    EndSubSection
+EndSection
+

roles/gpu_update/templates/xserver.j2

+# paulmc - no longer needed, we use inline changes instead
+#%PAM-1.0
+auth       sufficient	pam_rootok.so
+auth sufficient pam_permit.so
+account    required	pam_permit.so
+session    optional	pam_keyinit.so force revoke

roles/hpcid_ca/tasks/main.yml

+---
+
+- name: ensure hpcid_ca is in the authorized_keys file
+  authorized_key: user={{ ansible_user }} key="cert-authority ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfHlWGrnpirvqvUTySnoQK6ze5oIXz7cYIT+XCBeBCahlK05O38g0erBGrNWFozZwbIXnysVCibaUJqtH0JrYqmcr2NnYA0PoiTeranvaJI7pQsga1gBxfK/D4UItw5yI6V7w9efMT0zpIP8WEubQz6GFtkyiNVgFCHj3+VhLs3RslvYzb35SFcLXEDsGVQM5NdWBUgRaNRqpTPvuMcxTyPvy32wW72kwaYRQioDJFcE2WJ240M2oSsx+dhTWvI8sW1sEUI1qIDfyBPsOgsLofuSpt4ZNgJqBUTp/hW85wVpNzud6A4YJWHpZXSDMtUMYE9QL+x2fw/b26yck9ZPE/ hines@tun"

roles/hpcsystems/tasks/main.yml

+---
+- name: install system dependencies
+  yum: name={{ item }} state=present
+  with_items:
+    - openssl-devel
+    - openldap-devel
+    - python-pip
+    - git
+    - python-virtualenv
+  become: true
+  become_user: root
+  when: ansible_os_family == "RedHat"
+
+- name: install system dependencies
+  apt: name={{ item }} state=present
+  with_items:
+    - libssl-dev
+    - libldap2-dev
+  become: true
+  become_user: root
+  when: ansible_os_family == "Debian"
+
+- name: create install dir
+  file: name={{ item }} state=directory owner={{ ansible_user }}
+  with_items:
+   - "/usr/local/hpcsystem"
+   - "/usr/local/hpcsystem_config"
+   - "/usr/local/virtualenvs/mercpytools"
+  become: true
+  become_user: root
+
+- name: upgrade pip
+  pip:
+    virtualenv: "/usr/local/virtualenvs/mercpytools"
+    name: "pip"
+    extra_args: "--upgrade"
+
+- name: install mercpytools
+  pip:
+    virtualenv: "/usr/local/virtualenvs/mercpytools"
+    name: "git+https://gitlab.erc.monash.edu.au/hpc-team/mercpytools.git#egg=mercpytools"
+    extra_args: "--upgrade"
+
+- name: install hpcsystem
+  git:
+    repo: git@gitlab.erc.monash.edu.au:hpc-team/hpcsystem.git
+    dest: /usr/local/hpcsystem
+    accept_hostkey: True
+
+- name: install hpcsystem_config
+  git:
+    repo: git@gitlab.erc.monash.edu.au:hpc-team/m3_hpcsystem_config.git
+    dest: /usr/local/hpcsystem_config
+    accept_hostkey: True
+
+- name: cron job to check quotas
+  cron:
+    name: "Naggy quota cron job"
+    value: '/usr/local/hpcsystem/naggy_quota.sh'
+    hour: 16
+    minute: 23
+  become: true
+  become_user: root

roles/installPackage/tasks/main.yml

 ---
 - name: Pre installation
-  shell: "{{ preInstallation }}" 
-  sudo: true
+  shell: "{{ preInstallation }}"
+  become: true
   ignore_errors: true
   when: ansible_distribution == 'CentOS' and preInstallation is defined
-  
-- name: Add new repo file 
+
+- name: Add new repo file
   shell: "{{ importRepo.command }} {{ importRepo.destination }}"
-  sudo: true
+  become: true
   run_once: true
   args:
     creates: "{{ importRepo.destination }}"
   when: ansible_distribution == 'CentOS' and importRepo is defined
 
-- name: Install yum packages 
-  yum: name={{ item }} state=latest
+- name: Install yum packages
+  yum: name={{ item }} state=present
   with_items: yumPackageList
-  sudo: true
+  become: true
   when: ansible_distribution == 'CentOS' and yumPackageList is defined
 
-- name: Install yum group packages 
+- name: Install yum group packages
   shell: yum --setopt=protected_multilib=false -y groupinstall "{{ item }}"
   with_items: yumGroupPackageList
-  sudo: true
+  become: true
   when: ansible_distribution == 'CentOS' and yumGroupPackageList is defined
 
 - name: Post installation
-  shell: "{{ postInstallation }}" 
-  sudo: true
+  shell: "{{ postInstallation }}"
+  become: true
   when: ansible_distribution == 'CentOS' and postInstallation is defined
- 
-- name: conditional shell copy command 
+
+- name: conditional shell copy command
   shell: "{{ cliCopy.run }}"
-  sudo: true
+  become: true
   run_once: true
   args:
     creates: "{{ cliCopy.check }}"

roles/jasons_ssh_ca/files/server_ca.pub

+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIbQXH8ZHnl7Ht5YMuGqZ80k+nKnds+58y9VcedVeXDobsF7t6wCRe5GDov8XxYxxWbjz0H7xhx6PQYiVsn6GL0= ubuntu@sshauthz-2

roles/jasons_ssh_ca/handlers/main.yml

+---
+- include_vars: "{{ ansible_os_family }}_{{ ansible_architecture }}.yml"
+
+- name: restart ssh
+  service: name={{ sshd_name }} state=restarted
+  become: true

roles/jasons_ssh_ca/tasks/main.yml

+---
+- include_vars: "{{ ansible_os_family }}_{{ ansible_architecture }}.yml"
+
+- name: copy ca cert
+  copy: src=server_ca.pub dest=/etc/ssh/server_ca.pub owner=root group=root mode=644
+  become: true
+
+- name: edit sshd_config
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    line: TrustedUserCAKeys /etc/ssh/server_ca.pub
+    state: present
+  become: true
+  notify: restart ssh

roles/jasons_ssh_ca/vars/Debian_x86_64.yml

+sshd_name: "ssh"
+

roles/jasons_ssh_ca/vars/RedHat_x86_64.yml

+sshd_name: "sshd"
+

roles/karaage2.7/handlers/main.yml

 ---
 - name: restart apache
   service: name=apache2 state=restarted
-  sudo: true
+  become: true
 
 - name: restart postfix
   service: name=postfix state=restarted
-  sudo: true
+  become: true

roles/karaage2.7/tasks/install_via_apt.yml

@@ -6,23 +6,23 @@
 
 - name: add repo key
   shell: wget http://code.vpac.org/debian/vpac-debian-key.gpg -O - | apt-key add -
-  sudo: true
+  become: true
   when: repoConfigured|failed
 
 - name: template vpac.list
   template: src=vpac_list.j2 dest=/etc/apt/sources.list.d/vpac.list
-  sudo: true
+  become: true
   when: repoConfigured|failed
 
 - name: update cache
   apt: update_cache=true
-  sudo: true
+  become: true
   when: repoConfigured|failed
-  
+
 
 - name: install karaage
-  apt: name={{ item }} state=installed
-  sudo: true
+  apt: name={{ item }} state=present
+  become: true
   with_items:
     - karaage-admin
     - karaage-registration

roles/karaage2.7/tasks/main.yml

@@ -2,14 +2,14 @@
 - include_vars: "{{ ansible_distribution }}_{{ ansible_distribution_version }}_{{ ansible_architecture }}.yml"
 
 - name: install system packages apt
-  apt: name={{ item }} state=installed update_cache=true
-  sudo: true
+  apt: name={{ item }} state=present
+  become: true
   with_items: system_packages
   when: ansible_os_family == 'Debian'
 
 - name: install system packages yum
-  yum: name={{ item }} state=installed
-  sudo: true
+  yum: name={{ item }} state=present
+  become: true
   with_items: system_packages
   when: ansible_os_family == 'RedHat'
 
@@ -20,13 +20,13 @@
 
 - name: check kg secret key
   shell: cat /etc/karaage/global_settings.py | grep "SECRET_KEY = '.*'"
-  sudo: true
+  become: true
   ignore_errors: true
   register: kg_secret_key_set
 
 - name: set kg secret key
   shell: kg_set_secret_key
-  sudo: true
+  become: true
   when: kg_secret_key_set|failed
 
 - name: mysql db
@@ -36,61 +36,61 @@
   mysql_user: name='karaage' password={{ karaageSqlPassword }} priv=karaage.*:ALL state=present login_user=root login_password={{ sqlrootPasswd }}
 
 - name: allow public karaage registrations
-  lineinfile: 
+  lineinfile:
   args:
-    dest: /etc/karaage/registration_settings.py 
-    regexp: "#ALLOW_REGISTRATIONS" 
-    line: "ALLOW_REGISTRATIONS = True" 
+    dest: /etc/karaage/registration_settings.py
+    regexp: "#ALLOW_REGISTRATIONS"
+    line: "ALLOW_REGISTRATIONS = True"
     backrefs: yes
-  sudo: true
+  become: true
 
-# Why not template the whole of global_settings.py? 
+# Why not template the whole of global_settings.py?
 # Because I don't know what kg_set_secret_key does so I can't easily template my own secret key
 
 - name: chmod global_settings.py
-  file: 
-  args: 
+  file:
+  args:
     path: /etc/karaage/global_settings.py
     owner: root
     group: "{{ wwwgroup }}"
     mode: 0640
-  sudo: true
+  become: true
 
 - name: karaage settings db type
-  lineinfile: 
+  lineinfile:
   args:
-    dest: /etc/karaage/global_settings.py 
-    regexp: "        'ENGINE': 'django.db.backends.'," 
-    line: "        'ENGINE': 'django.db.backends.mysql'," 
+    dest: /etc/karaage/global_settings.py
+    regexp: "        'ENGINE': 'django.db.backends.',"
+    line: "        'ENGINE': 'django.db.backends.mysql',"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: karaage settings db db
-  lineinfile: 
+  lineinfile:
   args:
-    dest: /etc/karaage/global_settings.py 
-    regexp: "       'NAME': ''," 
-    line: "        'NAME': 'karaage'," 
+    dest: /etc/karaage/global_settings.py
+    regexp: "       'NAME': '',"
+    line: "        'NAME': 'karaage',"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: karaage settings db user
-  lineinfile: 
+  lineinfile:
   args:
-    dest: /etc/karaage/global_settings.py 
-    regexp: "       'USER': ''," 
-    line: "        'USER': 'karaage'," 
+    dest: /etc/karaage/global_settings.py
+    regexp: "       'USER': '',"
+    line: "        'USER': 'karaage',"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: karaage settings db password
-  lineinfile: 
+  lineinfile:
   args:
-    dest: /etc/karaage/global_settings.py 
-    regexp: "       'PASSWORD': ''," 
-    line: "        'PASSWORD': '{{ karaageSqlPassword }}'," 
+    dest: /etc/karaage/global_settings.py
+    regexp: "       'PASSWORD': '',"
+    line: "        'PASSWORD': '{{ karaageSqlPassword }}',"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap url
   lineinfile:
@@ -99,7 +99,7 @@
     regexp: "LDAP_URL = "
     line: "LDAP_URL = '{{ ldapURI }}'"
     backrefs: yes
-  sudo: true
+  become: true
 
 - include_vars: "roles/ldapserver/vars/main.yml"
 
@@ -110,7 +110,7 @@
     regexp: "LDAP_BASE ="
     line: "LDAP_BASE = '{{ ldapBase }}'"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap user base
   lineinfile:
@@ -119,7 +119,7 @@
     regexp: "LDAP_USER_BASE="
     line: "LDAP_USER_BASE = '{{ ldapUserBase }}'"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap group base
   lineinfile:
@@ -128,7 +128,7 @@
     regexp: "LDAP_GROUP_BASE="
     line: "LDAP_GROUP_BASE = '{{ ldapGroupBase }}'"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap admin user
   lineinfile:
@@ -137,8 +137,8 @@
     regexp: "LDAP_ADMIN_USER ="
     line: "LDAP_ADMIN_USER = '{{ ldapManager }}'"
     backrefs: yes
-  sudo: true
-  
+  become: true
+
 
 - name: ldap admin passwd
   lineinfile:
@@ -147,7 +147,7 @@
     regexp: "LDAP_ADMIN_PASSWORD ="
     line: "LDAP_ADMIN_PASSWORD = '{{ ldapManagerPassword }}'"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap use TLS CA
   lineinfile:
@@ -156,7 +156,7 @@
     regexp: "LDAP_USE_TLS ="
     line: "LDAP_USE_TLS = True"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: ldap TLS CA
   lineinfile:
@@ -165,25 +165,25 @@
     insertafter: "LDAP_USE_TLS ="
     line: "LDAP_TLS_CA = '/etc/ssl/certs/ca.crt'"
     state: present
-  sudo: true
+  become: true
 
 - name: check karaage tables exist
   shell: echo 'describe auth_user' | mysql -u karaage --password={{ karaageSqlPassword }} karaage
   ignore_errors: true
   register: karaageTablesCreated
-  
+
 - name: template ldap.conf
   template: src=ldap_conf.j2 dest=/etc/ldap/ldap.conf
-  sudo: true
+  become: true
 
 #- name: karaage sql db setup
 #  shell: kg-manage syncdb --noinput
-#  sudo: true
+#  become: true
 #  when: karaageTablesCreated|failed
 #
 #- name: karaage sql db migrate
 #  shell: yes n | kg-manage migrate --all
-#  sudo: true
+#  become: true
 #
 # I had to use syncdb --all --noinput migrate --fake then
       #  sudo vi ./dist-packages/tldap/transaction.py
@@ -193,39 +193,39 @@
 
 - name: karaage sql syncdb
   shell: kg-manage syncdb --all --noinput
-  sudo: true
+  become: true
   when: karaageTablesCreated|failed
 
 - name: karaage sql db migrate
   shell: kg-manage migrate --fake
-  sudo: true
+  become: true
   when: karaageTablesCreated|failed
 
 - name: fix up karaage transactions.py
-  lineinfile: 
+  lineinfile:
   args:
     line: import tldap.django
     insertafter: import tldap
     state: present
     dest: /usr/lib/python2.7/dist-packages/tldap/transaction.py
-  sudo: true
+  become: true
 
 - name: fix up karaage tldap/manager.py
-  lineinfile: 
+  lineinfile:
   args:
     line: import tldap.django
     insertafter: import tldap
     state: present
     dest: /usr/lib/python2.7/dist-packages/tldap/manager.py
-  sudo: true
+  become: true
 
 - name: enable ssl
   shell: a2enmod ssl
-  sudo: true
+  become: true
 
 - name: enable wsgi
   shell: a2enmod wsgi
-  sudo: true
+  become: true
 
 
 
@@ -233,45 +233,45 @@
   command: ln -s /etc/karaage/kgadmin-apache.conf /etc/apache2/conf.d/karaage-admin.conf
   args:
     creates: /etc/apache2/conf.d/karaage-admin.conf
-  sudo: true
+  become: true
   notify: restart apache
 
 - name: enable karaage registration
   command: ln -s /etc/karaage/kgreg-apache.conf /etc/apache2/conf.d/karaage-registration.conf
   args:
     creates: /etc/apache2/conf.d/karaage-registration.conf
-  sudo: true
+  become: true
   notify: restart apache
 
 - name: make ssl directory
   file: name=/etc/apache2/ssl state=directory
-  sudo: true
+  become: true
 
 - name: copy ssl key
   command: cp /etc/ssl/private/server.key /etc/apache2/ssl/server.key
   args:
     creates: /etc/apache2/ssl/server.key
-  sudo: true
+  become: true
 
 - name: chmod ssl key
   file: path=/etc/apache2/ssl/server.key mode=600 owner={{ wwwuser }}
-  sudo: true
+  become: true
 
 - name: copy cert
   command: cp /etc/ssl/certs/server.crt /etc/apache2/ssl/server.pem
-  sudo: true
+  become: true
 
 - name: enable ssl
   command: ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/default-ssl
   args:
     creates: /etc/apache2/sites-enabled/default-ssl
-  sudo: true
+  become: true
   notify: restart apache
 
 
 - name: configure postfix
   template: src=main_cf.j2 dest=/etc/postfix/main.cf
-  sudo: true
+  become: true
   notify: restart postfix
 
 - name: SSL Cert Chain
@@ -281,7 +281,7 @@
     regexp: ".*#SSLCertificateChainFile.*"
     line: "        SSLCertificateChainFile    /etc/ssl/certs/ca.crt"
     backrefs: yes
-  sudo: true
+  become: true
   notify: restart apache
 
 - name: SSL Cert
@@ -291,7 +291,7 @@
     regexp: ".*SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem"
     line: "        SSLCertificateFile    /etc/apache2/ssl/server.pem"
     backrefs: yes
-  sudo: true
+  become: true
   notify: restart apache
 
 - name: SSL Key
@@ -301,5 +301,5 @@
     regexp: ".*SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key"
     line: "        SSLCertificateKeyFile /etc/apache2/ssl/server.key"
     backrefs: yes
-  sudo: true
+  become: true
   notify: restart apache

roles/karaage2.7/tasks/set_mysql_root_password.yml

@@ -2,11 +2,11 @@
 
 - name: template secure script
   template: src=set_root_passwd_sql.j2 dest=/tmp/set_root_passwd.sql mode=600 owner=root
-  sudo: true
+  become: true
 
 - name: run script
   shell: cat /tmp/set_root_passwd.sql | mysql -u root
-  sudo: true
+  become: true
   ignore_errors: true
 
 - name: test passwd set

roles/karaage2.7_noppolicy/tasks/main.yml

 ---
 - name: install defaultUnlocked mixin
   copy: dest=/usr/share/pyshared/placard/schemas/defaultUnlocked.py src=defaultUnlocked.py owner=root mode=644
-  sudo: true
+  become: true
 
 - name: link defaultUnlocked mixin
-  shell: ln -s /usr/share/pyshared/placard/schemas/defaultUnlocked.py /usr/lib/python2.7/dist-packages/placard/schemas/defaultUnlocked.py ;  ln -s /usr/share/pyshared/placard/schemas/defaultUnlocked.py /usr/lib/python2.6/dist-packages/placard/schemas/defaultUnlocked.py 
+  shell: ln -s /usr/share/pyshared/placard/schemas/defaultUnlocked.py /usr/lib/python2.7/dist-packages/placard/schemas/defaultUnlocked.py ;  ln -s /usr/share/pyshared/placard/schemas/defaultUnlocked.py /usr/lib/python2.6/dist-packages/placard/schemas/defaultUnlocked.py
   args:
     creates: /usr/lib/python2.6/dist-packages/placard/schemas/defaultUnlocked.py
-  sudo: true
+  become: true
 
 - name: configure ldap mixins 1
-  lineinfile:  
+  lineinfile:
   args:
-    dest: /etc/karaage/ldap_schemas.py 
+    dest: /etc/karaage/ldap_schemas.py
     regexp: 'from placard.schemas.pwdpolicy import pwdPolicyMixin'
-    line: "from placard.schemas.defaultUnlocked import defaultUnlockedMixin" 
+    line: "from placard.schemas.defaultUnlocked import defaultUnlockedMixin"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: configure ldap mixins 2
-  lineinfile:  
+  lineinfile:
   args:
-    dest: /etc/karaage/ldap_schemas.py 
+    dest: /etc/karaage/ldap_schemas.py
     regexp: '    mixin_list = \[ common.personMixin, pwdPolicyMixin, kPersonMixin \]'
     line: "    mixin_list = [ common.personMixin, defaultUnlockedMixin, kPersonMixin ]"
     backrefs: yes
-  sudo: true
+  become: true
 
 - name: configure ldap mixins 3
-  lineinfile:  
+  lineinfile:
   args:
-    dest: /etc/karaage/ldap_schemas.py 
+    dest: /etc/karaage/ldap_schemas.py
     regexp: 'class person\(rfc.person, rfc.organizationalPerson, rfc.inetOrgPerson, rfc.pwdPolicy, common.baseMixin\):'
     line: "class person(rfc.person, rfc.organizationalPerson, rfc.inetOrgPerson, common.baseMixin):"
     backrefs: yes
-  sudo: true
+  become: true

roles/karaage3.1.17/handlers/main.yml

+---
+- name: restart apache2
+  service: name=apache2 state=restarted
+  become: true
+
+- name: restart postfix
+  service: name=postfix state=restarted
+  become: true

roles/karaage3.1.17/tasks/karaage.yml

+---
+-
+ name: "Installing prerequisites Debian"
+ apt: name={{ item }} update_cache=yes
+ become: true
+ with_items:
+  - libxml2-dev
+  - libxslt1-dev
+  - python-lxml
+  - libcrack2-dev
+  - csstidy
+  - ldap-utils
+  - python-cracklib
+  - git
+  - apache2-dev
+  - python-mysqldb
+  - python-pip
+  - python-pyasn1
+  - libapache2-mod-wsgi
+  - gcc
+  - libmysqlclient-dev
+  - python-dev
+  - python-matplotlib
+  - python-numpy
+ when: ansible_os_family == "Debian"
+
+-
+ name: "Installing prerequisites Redhat"
+ yum: name={{ item }} state=present
+ become: true
+ with_items:
+  - libxml2-devel
+  - libxslt-devel
+  - python-lxml
+  - openldap-clients
+  - cracklib-python
+  - git
+  - gcc
+  - gcc-c++
+  - gcc-gfortran
+  - freetype-devel
+  - libpng-devel
+  - lapack-devel
+  - blas-devel
+  - libffi-devel
+ when: ansible_os_family == "RedHat"
+     #-
+     # name: Install the latest pip
+     # shell: easy_install pip
+     # when: ansible_os_family == "RedHat"
+
+-
+ name: "Getting Karaage from Github"
+ git: repo="https://github.com/monash-merc/karaage.git" dest="/root/karaage3.1.7" force=yes
+ become: true
+
+- name: Copy dependence file
+  copy: src=files/requirements.txt dest=/tmp/requirements.txt mode=644
+
+- name: "Installing Karaage Dependencies"
+  pip: requirements=/tmp/requirements.txt
+  become: true
+-
+ name: "Restrict Django version to 1.7.8"
+ become: true
+ replace: dest=/root/karaage3.1.7/setup.py regexp="Django >= 1.7" replace="Django == 1.7.8"
+-
+ name: "Installing Karaage from source"
+ shell: "env python setup.py install"
+ args:
+  chdir: /root/karaage3.1.7
+  creates: /root/karaage3.1.7/build/bdist.linux-x86_64
+ become: true
+-
+ name: "Templating Karaage settings"
+ template: src=settings.py.j2 dest=/etc/karaage3/settings.py owner=root group={{ apache_user }} mode=0640
+ become: true
+-
+ name: "Templating project conf"
+ template: src=kginit.conf.j2 dest=/etc/karaage3/kginit.conf owner=root group={{ apache_user }} mode=0640
+ become: true
+-
+ name: "Templating project init script"
+ template: src=kg_init.j2 dest=/usr/bin/kg_init owner=root mode=755
+ become: true
+-
+ name: "Templating adding admin role script"
+ template: src=kg_add_admin.j2 dest=/usr/bin/kg_add_admin owner=root mode=755
+ become: true
+-
+ name: "Creating karaage3 in /var directories log, lib "
+ file: path={{ item }} state=directory owner=root group={{ apache_user }} mode=0775
+ with_items:
+  - /var/log/karaage3
+  - /var/lib/karaage3
+  - /var/cache/karaage3
+ become: true
+
+- name: install karaage3-wsgi.conf
+  template: src=karaage3-wsgi.conf.j2 dest=/etc/apache2/conf-available/karaage3-wsgi.conf
+  become: true
+
+- name: install karaage3-wsgi.conf
+  template: src=index.html.j2 dest=/var/www/index.html
+  become: true
+
+- name: install karaage3-wsgi.conf
+  template: src=kg-idps.j2 dest=/usr/bin/kg-idps mode=755
+  become: true
+
+- name: install shibboleth cache file
+  template: src="files/{{ shibboleth_deploy }}_metadata.aaf.xml.j2" dest=/tmp/metadata.aaf.xml
+
+-
+ name: "enabling Karaage configuration"
+ shell: a2enconf karaage3-wsgi
+ become: true
+ when: ansible_os_family == "Debian"
+-
+ name: "enabling Karaage configuration"
+ shell: cp -rvpf /root/karaage3.1.7/conf/karaage3-wsgi.conf /etc/httpd/conf.d/karaage3-wsgi.conf
+ become: true
+ when: ansible_os_family == "RedHat"
+
+
+-
+ name: "Set Secret Key"
+ lineinfile: dest=/etc/karaage3/settings.py regexp="SECRET_KEY = ''" line="SECRET_KEY = '{{ karaageSecretKey }}'" state=present
+ become: true
+
+-
+ name: "Check karaage DB has been initialized or not"
+ shell: mysql -h {{ karaageDbHost }}  -u {{ karaageDbName }} --password={{ karaagePassword }} -Bse 'use karaage; show tables;' | wc -l
+ register: karaage_db_init
+
+- name: enable wsgi
+  shell: a2enmod wsgi
+  become: true
+
+- name: enable shibboleth
+  shell: a2enmod shib2
+  become: true
+
+-
+ name: " Create DB tables"
+ shell: kg-manage migrate
+ become: true
+ when: karaage_db_init.stdout.find("0") == 0
+
+-
+ name: "Create IDP institutes (disable it as cache is not available)"
+ shell: kg-idps /tmp/metadata.aaf.xml
+ become: true
+ when: karaage_db_init.stdout.find("0") == 0
+
+-
+ name: "Create projects"
+ shell: kg_init /etc/karaage3/kginit.conf {{ admin_password }}
+ become: true
+ when: karaage_db_init.stdout.find("0") == 0
+
+- name: install postfix
+  apt: name=postfix state=present
+  become: true
+
+- name: configure postfix
+  template: src=main_cf.j2 dest=/etc/postfix/main.cf
+  become: true
+  notify: restart postfix
+
+-
+ name: "Reloading apache"
+ service: name=apache2 state=reloaded
+ become: true
+ when: ansible_os_family == "Debian"
+
+-
+ name: "Reloading apache"
+ service: name=httpd state=reloaded
+ become: true
+ when: ansible_os_family == "RedHat"
+
+- name: "Start cron job for creating idps"
+  cron: name=idps job=/usr/bin/kg-idps user=root day=*/1 state=present
+  become: true
+
+-
+ name: "Templating username list"
+ template: src=files/{{ item }} dest=/{{ user_id_file_dir }}/{{ item }}
+ with_items: user_id_file
+ become: true
+ when: user_id_file is defined and user_id_file_dir is defined
+

roles/karaage3.1.17/tasks/main.yml

+---
+
+ - name: "Copying the ldap ca cert file"
+   template: src="files/{{ ldap_TLSCARoot }}" dest="/etc/apache2/ssl/certs/ldap_ca.cert.pem" mode=0644
+   become: true
+   when: apache_cert_file is defined
+
+ - include: prerequisitesDebian.yml
+   when: ansible_os_family == "Debian"
+ - include: karaage.yml

roles/karaage3.1.17/tasks/prerequisitesDebian.yml

+---
+-
+  name: "Installing prereq packages"
+  become: true
+  apt: name={{ item }} update_cache=yes
+  with_items:
+   - debian-keyring
+-
+  apt: update_cache=yes
+  name: "Upgrading apt..."
+  become: true
+